LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH 4.19 000/118] 4.19.51-stable review
@ 2019-06-13  8:32 Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 001/118] rapidio: fix a NULL pointer dereference when create_workqueue() fails Greg Kroah-Hartman
                   ` (122 more replies)
  0 siblings, 123 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
	ben.hutchings, lkft-triage, stable

This is the start of the stable review cycle for the 4.19.51 release.
There are 118 patches in this series, all will be posted as a response
to this one.  If anyone has any issues with these being applied, please
let me know.

Responses should be made by Sat 15 Jun 2019 07:54:44 AM UTC.
Anything received after that time might be too late.

The whole patch series can be found in one patch at:
	https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.51-rc1.gz
or in the git tree and branch at:
	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
and the diffstat can be found below.

thanks,

greg k-h

-------------
Pseudo-Shortlog of commits:

Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Linux 4.19.51-rc1

Helen Koike <helen.koike@collabora.com>
    drm/vc4: fix fb references in async update

Amir Goldstein <amir73il@gmail.com>
    ovl: support stacked SEEK_HOLE/SEEK_DATA

Jiufei Xue <jiufei.xue@linux.alibaba.com>
    ovl: check the capability before cred overridden

Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Revert "drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3)"

Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections"

Dennis Zhou <dennis@kernel.org>
    percpu: do not search past bitmap when allocating an area

Andrey Smirnov <andrew.smirnov@gmail.com>
    gpio: vf610: Do not share irq_chip

Takeshi Kihara <takeshi.kihara.df@renesas.com>
    soc: renesas: Identify R-Car M3-W ES1.3

Hans de Goede <hdegoede@redhat.com>
    usb: typec: fusb302: Check vconn is off when we start toggling

Marek Szyprowski <m.szyprowski@samsung.com>
    ARM: exynos: Fix undefined instruction during Exynos5422 resume

Phong Hoang <phong.hoang.wz@renesas.com>
    pwm: Fix deadlock warning when removing PWM device

Krzysztof Kozlowski <krzk@kernel.org>
    ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa

Christoph Vogtländer <c.vogtlaender@sigma-surface-science.com>
    pwm: tiehrpwm: Update shadow register for disabling PWMs

Andy Shevchenko <andriy.shevchenko@linux.intel.com>
    dmaengine: idma64: Use actual device for DMA transfers

Brett Creeley <brett.creeley@intel.com>
    ice: Add missing case in print_link_msg for printing flow control

Tony Lindgren <tony@atomide.com>
    gpio: gpio-omap: add check for off wake capable gpios

Kangjie Lu <kjlu@umn.edu>
    PCI: xilinx: Check for __get_free_pages() failure

Paolo Valente <paolo.valente@linaro.org>
    block, bfq: increase idling for weight-raised queues

Kangjie Lu <kjlu@umn.edu>
    video: imsttfb: fix potential NULL pointer dereferences

Kangjie Lu <kjlu@umn.edu>
    video: hgafb: fix potential NULL pointer dereference

Giridhar Malavali <gmalavali@marvell.com>
    scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags

Marek Vasut <marek.vasut+renesas@gmail.com>
    PCI: rcar: Fix 64bit MSI message address handling

Kangjie Lu <kjlu@umn.edu>
    PCI: rcar: Fix a potential NULL pointer dereference

Peng Li <lipeng321@huawei.com>
    net: hns3: return 0 and print warning when hit duplicate MAC

Sven Van Asbroeck <thesven73@gmail.com>
    power: supply: max14656: fix potential use-before-alloc

Junxiao Chang <junxiao.chang@intel.com>
    platform/x86: intel_pmc_ipc: adding error handling

Kabir Sahane <x0153567@ti.com>
    ARM: OMAP2+: pm33xx-core: Do not Turn OFF CEFUSE as PPA may be using it

Takashi Iwai <tiwai@suse.de>
    ALSA: seq: Protect in-kernel ioctl calls with mutex

Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
    drm/amd/display: Use plane->color_space for dpp if specified

Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
    PCI: rpadlpar: Fix leaked device_node references in add/remove paths

Andrey Smirnov <andrew.smirnov@gmail.com>
    ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA

Andrey Smirnov <andrew.smirnov@gmail.com>
    ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA

Andrey Smirnov <andrew.smirnov@gmail.com>
    ARM: dts: imx6ul: Specify IMX6UL_CLK_IPG as "ipg" clock to SDMA

Andrey Smirnov <andrew.smirnov@gmail.com>
    ARM: dts: imx7d: Specify IMX7D_CLK_IPG as "ipg" clock to SDMA

Andrey Smirnov <andrew.smirnov@gmail.com>
    ARM: dts: imx6sll: Specify IMX6SLL_CLK_IPG as "ipg" clock to SDMA

Andrey Smirnov <andrew.smirnov@gmail.com>
    ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA

Andrey Smirnov <andrew.smirnov@gmail.com>
    ARM: dts: imx53: Specify IMX5_CLK_IPG as "ahb" clock to SDMA

Andrey Smirnov <andrew.smirnov@gmail.com>
    ARM: dts: imx50: Specify IMX5_CLK_IPG as "ahb" clock to SDMA

Andrey Smirnov <andrew.smirnov@gmail.com>
    ARM: dts: imx51: Specify IMX5_CLK_IPG as "ahb" clock to SDMA

Douglas Anderson <dianders@chromium.org>
    soc: rockchip: Set the proper PWM for rk3288

Douglas Anderson <dianders@chromium.org>
    clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288

Nathan Chancellor <natechancellor@gmail.com>
    soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher

Kishon Vijay Abraham I <kishon@ti.com>
    PCI: keystone: Prevent ARM32 specific code to be compiled for ARM64

Enrico Granata <egranata@chromium.org>
    platform/chrome: cros_ec_proto: check for NULL transfer function

Adam Ludkiewicz <adam.ludkiewicz@intel.com>
    i40e: Queues are reserved despite "Invalid argument" error

Wenwen Wang <wang6495@umn.edu>
    x86/PCI: Fix PCI IRQ routing table memory leak

Mika Westerberg <mika.westerberg@linux.intel.com>
    net: thunderbolt: Unregister ThunderboltIP protocol handler when suspending

Wesley Sheng <wesley.sheng@microchip.com>
    switchtec: Fix unintended mask of MRPC event

Will Deacon <will.deacon@arm.com>
    iommu/arm-smmu-v3: Don't disable SMMU in kdump kernel

Farhan Ali <alifm@linux.ibm.com>
    vfio: Fix WARNING "do not call blocking ops when !TASK_RUNNING"

Arnd Bergmann <arnd@arndb.de>
    nfsd: avoid uninitialized variable warning

J. Bruce Fields <bfields@redhat.com>
    nfsd: allow fh_want_write to be called twice

Kirill Smelkov <kirr@nexedi.com>
    fuse: retrieve: cap requested size to negotiated max_write

Chen-Yu Tsai <wens@csie.org>
    nvmem: sunxi_sid: Support SID on A83T and H5

Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
    nvmem: core: fix read buffer in place

Takashi Iwai <tiwai@suse.de>
    ALSA: hda - Register irq handler after the chip initialization

Taehee Yoo <ap420073@gmail.com>
    netfilter: nf_flow_table: fix netdev refcnt leak

Taehee Yoo <ap420073@gmail.com>
    netfilter: nf_flow_table: check ttl value in flow offload data path

Keith Busch <keith.busch@intel.com>
    nvme-pci: shutdown on timeout during deletion

Keith Busch <keith.busch@intel.com>
    nvme-pci: unquiesce admin queue on shutdown

Kishon Vijay Abraham I <kishon@ti.com>
    PCI: designware-ep: Use aligned ATU window for raising MSI interrupts

Kishon Vijay Abraham I <kishon@ti.com>
    misc: pci_endpoint_test: Fix test_reg_bar to be updated in pci_endpoint_test

Lu Baolu <baolu.lu@linux.intel.com>
    iommu/vt-d: Set intel_iommu_gfx_mapped correctly

Ming Lei <ming.lei@redhat.com>
    blk-mq: move cancel of requeue_work into blk_mq_release

Vladimir Zapolskiy <vz@mleia.com>
    watchdog: fix compile time error of pretimeout governors

Georg Hofmann <georg@hofmannsweb.com>
    watchdog: imx2_wdt: Fix set_timeout for big timeout values

Florian Westphal <fw@strlen.de>
    netfilter: nf_tables: fix base chain stat rcu_dereference usage

Serge Semin <fancer.lancer@gmail.com>
    mips: Make sure dt memory regions are valid

Jakub Jankowski <shasta@toxcorp.com>
    netfilter: nf_conntrack_h323: restore boundary check correctness

Taehee Yoo <ap420073@gmail.com>
    netfilter: nf_flow_table: fix missing error check for rhashtable_insert_fast

Ludovic Barre <ludovic.barre@st.com>
    mmc: mmci: Prevent polling for busy detection in IRQ context

Amir Goldstein <amir73il@gmail.com>
    ovl: do not generate duplicate fsnotify events for "fake" path

Jisheng Zhang <Jisheng.Zhang@synaptics.com>
    PCI: dwc: Free MSI IRQ page in dw_pcie_free_msi()

Jisheng Zhang <Jisheng.Zhang@synaptics.com>
    PCI: dwc: Free MSI in dw_pcie_host_init() error path

Maciej Żenczykowski <maze@google.com>
    uml: fix a boot splat wrt use of cpu_all_mask

YueHaibing <yuehaibing@huawei.com>
    configfs: fix possible use-after-free in configfs_register_group

John Sperbeck <jsperbeck@google.com>
    percpu: remove spurious lock dependency between percpu and sched

Chao Yu <yuchao0@huawei.com>
    f2fs: fix to do checksum even if inode page is uptodate

Chao Yu <yuchao0@huawei.com>
    f2fs: fix to do sanity check on valid block count of segment

Chao Yu <yuchao0@huawei.com>
    f2fs: fix to use inline space only if inline_xattr is enable

Chao Yu <yuchao0@huawei.com>
    f2fs: fix to avoid panic in dec_valid_block_count()

Chao Yu <yuchao0@huawei.com>
    f2fs: fix to clear dirty inode in error path of f2fs_iget()

Chao Yu <yuchao0@huawei.com>
    f2fs: fix to do sanity check on free nid

Chao Yu <yuchao0@huawei.com>
    f2fs: fix to avoid panic in f2fs_remove_inode_page()

Chao Yu <yuchao0@huawei.com>
    f2fs: fix to avoid panic in f2fs_inplace_write_data()

Chao Yu <yuchao0@huawei.com>
    f2fs: fix to avoid panic in do_recover_data()

Miroslav Lichvar <mlichvar@redhat.com>
    ntp: Allow TAI-UTC offset to be set to zero

Fabien Dessenne <fabien.dessenne@st.com>
    mailbox: stm32-ipcc: check invalid irq

Martin Blumenstingl <martin.blumenstingl@googlemail.com>
    pwm: meson: Use the spin-lock only to protect register modifications

Michael Ellerman <mpe@ellerman.id.au>
    EDAC/mpc85xx: Prevent building as a module

Krzesimir Nowak <krzesimir@kinvolk.io>
    bpf: fix undefined behavior in narrow load handling

Ben Skeggs <bskeggs@redhat.com>
    drm/nouveau/kms/gv100-: fix spurious window immediate interlocks

Josh Poimboeuf <jpoimboe@redhat.com>
    objtool: Don't use ignore flag for fake jumps

Matt Redfearn <matt.redfearn@thinci.com>
    drm/bridge: adv7511: Fix low refresh rate selection

Ben Skeggs <bskeggs@redhat.com>
    drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() mthd when encoders change

Stephane Eranian <eranian@google.com>
    perf/x86/intel: Allow PEBS multi-entry in watermark mode

Tony Lindgren <tony@atomide.com>
    mfd: twl6040: Fix device init errors for ACCCTL register

Ben Skeggs <bskeggs@redhat.com>
    drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration

Binbin Wu <binbin.wu@intel.com>
    mfd: intel-lpss: Set the device in reset state when init

Daniel Gomez <dagmcr@gmail.com>
    mfd: tps65912-spi: Add missing of table registration

Amit Kucheria <amit.kucheria@linaro.org>
    drivers: thermal: tsens: Don't print error message on -EPROBE_DEFER

Jiada Wang <jiada_wang@mentor.com>
    thermal: rcar_gen3_thermal: disable interrupt in .remove

Cyrill Gorcunov <gorcunov@gmail.com>
    kernel/sys.c: prctl: fix false positive in validate_prctl_map()

Qian Cai <cai@lca.pw>
    mm/slab.c: fix an infinite loop in leaks_show()

Yue Hu <huyue2@yulong.com>
    mm/cma_debug.c: fix the break condition in cma_maxchunk_get()

Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
    mm: page_mkclean vs MADV_DONTNEED race

Yue Hu <huyue2@yulong.com>
    mm/cma.c: fix the bitmap status to show failed allocation reason

Christoph Hellwig <hch@lst.de>
    initramfs: free initrd memory if opening /initrd.image fails

Yue Hu <huyue2@yulong.com>
    mm/cma.c: fix crash on CMA allocation if bitmap allocation fails

Linxu Fang <fanglinxu@huawei.com>
    mem-hotplug: fix node spanned pages when we have a node with only ZONE_MOVABLE

Mike Kravetz <mike.kravetz@oracle.com>
    hugetlbfs: on restore reserve error path retain subpool reservation

Jérôme Glisse <jglisse@redhat.com>
    mm/hmm: select mmu notifier when selecting HMM

Arnd Bergmann <arnd@arndb.de>
    ARM: prevent tracing IPI_CPU_BACKTRACE

Guenter Roeck <linux@roeck-us.net>
    drm/pl111: Initialize clock spinlock early

Li Rongqing <lirongqing@baidu.com>
    ipc: prevent lockup on alloc_msg and free_msg

Christian Brauner <christian@brauner.io>
    sysctl: return -EINVAL if val violates minmax

Hou Tao <houtao1@huawei.com>
    fs/fat/file.c: issue flush after the writeback of FAT

Kangjie Lu <kjlu@umn.edu>
    rapidio: fix a NULL pointer dereference when create_workqueue() fails


-------------

Diffstat:

 Makefile                                           |   4 +-
 arch/arm/boot/dts/exynos5420-arndale-octa.dts      |   2 +
 arch/arm/boot/dts/imx50.dtsi                       |   2 +-
 arch/arm/boot/dts/imx51.dtsi                       |   2 +-
 arch/arm/boot/dts/imx53.dtsi                       |   2 +-
 arch/arm/boot/dts/imx6qdl.dtsi                     |   2 +-
 arch/arm/boot/dts/imx6sl.dtsi                      |   2 +-
 arch/arm/boot/dts/imx6sll.dtsi                     |   2 +-
 arch/arm/boot/dts/imx6sx.dtsi                      |   2 +-
 arch/arm/boot/dts/imx6ul.dtsi                      |   2 +-
 arch/arm/boot/dts/imx7s.dtsi                       |   4 +-
 arch/arm/include/asm/hardirq.h                     |   1 +
 arch/arm/kernel/smp.c                              |   6 +-
 arch/arm/mach-exynos/suspend.c                     |  19 +++
 arch/arm/mach-omap2/pm33xx-core.c                  |   8 +-
 arch/mips/kernel/prom.c                            |  14 ++-
 arch/um/kernel/time.c                              |   2 +-
 arch/x86/events/intel/core.c                       |   2 +-
 arch/x86/pci/irq.c                                 |  10 +-
 block/bfq-iosched.c                                |   2 +
 block/blk-core.c                                   |   1 -
 block/blk-mq.c                                     |   2 +
 drivers/clk/rockchip/clk-rk3288.c                  |  11 ++
 drivers/dma/idma64.c                               |   6 +-
 drivers/dma/idma64.h                               |   2 +
 drivers/edac/Kconfig                               |   4 +-
 drivers/gpio/gpio-omap.c                           |  25 ++--
 drivers/gpio/gpio-vf610.c                          |  26 ++---
 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_dpp.c   |   6 +-
 .../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c  |   2 +-
 drivers/gpu/drm/bridge/adv7511/adv7511_drv.c       |   6 +-
 drivers/gpu/drm/nouveau/Kconfig                    |  13 +--
 drivers/gpu/drm/nouveau/dispnv50/disp.h            |   1 +
 drivers/gpu/drm/nouveau/dispnv50/head.c            |   2 +-
 drivers/gpu/drm/nouveau/dispnv50/wimmc37b.c        |   1 +
 drivers/gpu/drm/nouveau/dispnv50/wndw.c            |   2 +-
 drivers/gpu/drm/nouveau/nouveau_drm.c              |   7 +-
 drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c      |  11 +-
 drivers/gpu/drm/pl111/pl111_display.c              |   5 +-
 drivers/gpu/drm/vc4/vc4_plane.c                    |   1 +
 drivers/iommu/arm-smmu-v3.c                        |  10 +-
 drivers/iommu/intel-iommu.c                        |   7 +-
 drivers/mailbox/stm32-ipcc.c                       |  13 ++-
 drivers/mfd/intel-lpss.c                           |   3 +
 drivers/mfd/tps65912-spi.c                         |   1 +
 drivers/mfd/twl6040.c                              |  13 ++-
 drivers/misc/pci_endpoint_test.c                   |   1 +
 drivers/mmc/host/mmci.c                            |   5 +-
 .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c    |   7 +-
 drivers/net/ethernet/intel/i40e/i40e_main.c        |   3 +
 drivers/net/ethernet/intel/ice/ice_main.c          |   3 +
 drivers/net/thunderbolt.c                          |   3 +
 drivers/nvme/host/pci.c                            |  10 +-
 drivers/nvmem/core.c                               |  15 ++-
 drivers/nvmem/sunxi_sid.c                          |   2 +
 drivers/pci/controller/dwc/pci-keystone.c          |   4 +
 drivers/pci/controller/dwc/pcie-designware-ep.c    |   7 +-
 drivers/pci/controller/dwc/pcie-designware-host.c  |  21 ++--
 drivers/pci/controller/dwc/pcie-designware.h       |   1 +
 drivers/pci/controller/pcie-rcar.c                 |  10 +-
 drivers/pci/controller/pcie-xilinx.c               |  12 +-
 drivers/pci/hotplug/rpadlpar_core.c                |   4 +
 drivers/pci/switch/switchtec.c                     |   3 +-
 drivers/platform/chrome/cros_ec_proto.c            |  11 ++
 drivers/platform/x86/intel_pmc_ipc.c               |   6 +-
 drivers/power/supply/max14656_charger_detector.c   |  14 +--
 drivers/pwm/core.c                                 |  10 +-
 drivers/pwm/pwm-meson.c                            |  25 ++--
 drivers/pwm/pwm-tiehrpwm.c                         |   2 +
 drivers/pwm/sysfs.c                                |  14 +--
 drivers/rapidio/rio_cm.c                           |   8 ++
 drivers/scsi/qla2xxx/qla_gs.c                      |   3 +
 drivers/soc/mediatek/mtk-pmic-wrap.c               |   2 +-
 drivers/soc/renesas/renesas-soc.c                  |   3 +
 drivers/soc/rockchip/grf.c                         |   2 +
 drivers/spi/spi-pxa2xx.c                           |   7 +-
 drivers/thermal/qcom/tsens.c                       |   3 +-
 drivers/thermal/rcar_gen3_thermal.c                |   3 +
 drivers/tty/serial/8250/8250_dw.c                  |   4 +-
 drivers/usb/typec/fusb302/fusb302.c                |   2 +
 drivers/vfio/vfio.c                                |  30 ++---
 drivers/video/fbdev/hgafb.c                        |   2 +
 drivers/video/fbdev/imsttfb.c                      |   5 +
 drivers/watchdog/Kconfig                           |   1 +
 drivers/watchdog/imx2_wdt.c                        |   4 +-
 fs/configfs/dir.c                                  |  17 ++-
 fs/dax.c                                           |   2 +-
 fs/f2fs/f2fs.h                                     |  16 ++-
 fs/f2fs/inode.c                                    |   5 +-
 fs/f2fs/node.c                                     |  20 +++-
 fs/f2fs/recovery.c                                 |  10 +-
 fs/f2fs/segment.c                                  |   9 +-
 fs/f2fs/segment.h                                  |   3 +-
 fs/fat/file.c                                      |  11 +-
 fs/fuse/dev.c                                      |   2 +-
 fs/nfsd/nfs4xdr.c                                  |   4 +
 fs/nfsd/vfs.h                                      |   5 +-
 fs/overlayfs/file.c                                | 130 +++++++++++++++++----
 include/linux/pwm.h                                |   5 -
 include/net/bluetooth/hci_core.h                   |   3 -
 init/initramfs.c                                   |  14 +--
 ipc/mqueue.c                                       |  10 +-
 ipc/msgutil.c                                      |   6 +
 kernel/bpf/verifier.c                              |   2 +-
 kernel/sys.c                                       |   2 +-
 kernel/sysctl.c                                    |   6 +-
 kernel/time/ntp.c                                  |   2 +-
 mm/Kconfig                                         |   2 +-
 mm/cma.c                                           |  23 ++--
 mm/cma_debug.c                                     |   2 +-
 mm/hugetlb.c                                       |  21 +++-
 mm/page_alloc.c                                    |   6 +-
 mm/percpu.c                                        |   9 +-
 mm/rmap.c                                          |   2 +-
 mm/slab.c                                          |   6 +-
 net/bluetooth/hci_conn.c                           |   8 --
 net/netfilter/nf_conntrack_h323_asn1.c             |   2 +-
 net/netfilter/nf_flow_table_core.c                 |  25 ++--
 net/netfilter/nf_flow_table_ip.c                   |   6 +
 net/netfilter/nf_tables_api.c                      |   9 +-
 net/netfilter/nft_flow_offload.c                   |   1 +
 sound/core/seq/seq_clientmgr.c                     |   9 +-
 sound/pci/hda/hda_intel.c                          |   6 +-
 tools/objtool/check.c                              |   8 +-
 124 files changed, 668 insertions(+), 304 deletions(-)



^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 001/118] rapidio: fix a NULL pointer dereference when create_workqueue() fails
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 002/118] fs/fat/file.c: issue flush after the writeback of FAT Greg Kroah-Hartman
                   ` (121 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Kangjie Lu, Alexandre Bounine,
	Matt Porter, Andrew Morton, Linus Torvalds, Sasha Levin

[ Upstream commit 23015b22e47c5409620b1726a677d69e5cd032ba ]

In case create_workqueue fails, the fix releases resources and returns
-ENOMEM to avoid NULL pointer dereference.

Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Acked-by: Alexandre Bounine <alex.bou9@gmail.com>
Cc: Matt Porter <mporter@kernel.crashing.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/rapidio/rio_cm.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/drivers/rapidio/rio_cm.c b/drivers/rapidio/rio_cm.c
index bad0e0ea4f30..ef989a15aefc 100644
--- a/drivers/rapidio/rio_cm.c
+++ b/drivers/rapidio/rio_cm.c
@@ -2145,6 +2145,14 @@ static int riocm_add_mport(struct device *dev,
 	mutex_init(&cm->rx_lock);
 	riocm_rx_fill(cm, RIOCM_RX_RING_SIZE);
 	cm->rx_wq = create_workqueue(DRV_NAME "/rxq");
+	if (!cm->rx_wq) {
+		riocm_error("failed to allocate IBMBOX_%d on %s",
+			    cmbox, mport->name);
+		rio_release_outb_mbox(mport, cmbox);
+		kfree(cm);
+		return -ENOMEM;
+	}
+
 	INIT_WORK(&cm->rx_work, rio_ibmsg_handler);
 
 	cm->tx_slot = 0;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 002/118] fs/fat/file.c: issue flush after the writeback of FAT
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 001/118] rapidio: fix a NULL pointer dereference when create_workqueue() fails Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 003/118] sysctl: return -EINVAL if val violates minmax Greg Kroah-Hartman
                   ` (120 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hou Tao, OGAWA Hirofumi, Al Viro,
	Jan Kara, Andrew Morton, Linus Torvalds, Sasha Levin

[ Upstream commit bd8309de0d60838eef6fb575b0c4c7e95841cf73 ]

fsync() needs to make sure the data & meta-data of file are persistent
after the return of fsync(), even when a power-failure occurs later.  In
the case of fat-fs, the FAT belongs to the meta-data of file, so we need
to issue a flush after the writeback of FAT instead before.

Also bail out early when any stage of fsync fails.

Link: http://lkml.kernel.org/r/20190409030158.136316-1-houtao1@huawei.com
Signed-off-by: Hou Tao <houtao1@huawei.com>
Acked-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Jan Kara <jack@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/fat/file.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/fs/fat/file.c b/fs/fat/file.c
index 4f3d72fb1e60..f86ea08bd6ce 100644
--- a/fs/fat/file.c
+++ b/fs/fat/file.c
@@ -193,12 +193,17 @@ static int fat_file_release(struct inode *inode, struct file *filp)
 int fat_file_fsync(struct file *filp, loff_t start, loff_t end, int datasync)
 {
 	struct inode *inode = filp->f_mapping->host;
-	int res, err;
+	int err;
+
+	err = __generic_file_fsync(filp, start, end, datasync);
+	if (err)
+		return err;
 
-	res = generic_file_fsync(filp, start, end, datasync);
 	err = sync_mapping_buffers(MSDOS_SB(inode->i_sb)->fat_inode->i_mapping);
+	if (err)
+		return err;
 
-	return res ? res : err;
+	return blkdev_issue_flush(inode->i_sb->s_bdev, GFP_KERNEL, NULL);
 }
 
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 003/118] sysctl: return -EINVAL if val violates minmax
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 001/118] rapidio: fix a NULL pointer dereference when create_workqueue() fails Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 002/118] fs/fat/file.c: issue flush after the writeback of FAT Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 004/118] ipc: prevent lockup on alloc_msg and free_msg Greg Kroah-Hartman
                   ` (119 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christian Brauner, Luis Chamberlain,
	Kees Cook, Alexey Dobriyan, Al Viro, Dominik Brodowski,
	Eric W. Biederman, Joe Lawrence, Waiman Long, Andrew Morton,
	Linus Torvalds, Sasha Levin

[ Upstream commit e260ad01f0aa9e96b5386d5cd7184afd949dc457 ]

Currently when userspace gives us a values that overflow e.g.  file-max
and other callers of __do_proc_doulongvec_minmax() we simply ignore the
new value and leave the current value untouched.

This can be problematic as it gives the illusion that the limit has
indeed be bumped when in fact it failed.  This commit makes sure to
return EINVAL when an overflow is detected.  Please note that this is a
userspace facing change.

Link: http://lkml.kernel.org/r/20190210203943.8227-4-christian@brauner.io
Signed-off-by: Christian Brauner <christian@brauner.io>
Acked-by: Luis Chamberlain <mcgrof@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Joe Lawrence <joe.lawrence@redhat.com>
Cc: Waiman Long <longman@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/sysctl.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 9a85c7ae7362..f8576509c7be 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -2791,8 +2791,10 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
 			if (neg)
 				continue;
 			val = convmul * val / convdiv;
-			if ((min && val < *min) || (max && val > *max))
-				continue;
+			if ((min && val < *min) || (max && val > *max)) {
+				err = -EINVAL;
+				break;
+			}
 			*i = val;
 		} else {
 			val = convdiv * (*i) / convmul;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 004/118] ipc: prevent lockup on alloc_msg and free_msg
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (2 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 003/118] sysctl: return -EINVAL if val violates minmax Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 005/118] drm/pl111: Initialize clock spinlock early Greg Kroah-Hartman
                   ` (118 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Li RongQing, Zhang Yu,
	Davidlohr Bueso, Manfred Spraul, Arnd Bergmann, Andrew Morton,
	Linus Torvalds, Sasha Levin

[ Upstream commit d6a2946a88f524a47cc9b79279667137899db807 ]

msgctl10 of ltp triggers the following lockup When CONFIG_KASAN is
enabled on large memory SMP systems, the pages initialization can take a
long time, if msgctl10 requests a huge block memory, and it will block
rcu scheduler, so release cpu actively.

After adding schedule() in free_msg, free_msg can not be called when
holding spinlock, so adding msg to a tmp list, and free it out of
spinlock

  rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
  rcu:     Tasks blocked on level-1 rcu_node (CPUs 16-31): P32505
  rcu:     Tasks blocked on level-1 rcu_node (CPUs 48-63): P34978
  rcu:     (detected by 11, t=35024 jiffies, g=44237529, q=16542267)
  msgctl10        R  running task    21608 32505   2794 0x00000082
  Call Trace:
   preempt_schedule_irq+0x4c/0xb0
   retint_kernel+0x1b/0x2d
  RIP: 0010:__is_insn_slot_addr+0xfb/0x250
  Code: 82 1d 00 48 8b 9b 90 00 00 00 4c 89 f7 49 c1 ee 03 e8 59 83 1d 00 48 b8 00 00 00 00 00 fc ff df 4c 39 eb 48 89 9d 58 ff ff ff <41> c6 04 06 f8 74 66 4c 8d 75 98 4c 89 f1 48 c1 e9 03 48 01 c8 48
  RSP: 0018:ffff88bce041f758 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
  RAX: dffffc0000000000 RBX: ffffffff8471bc50 RCX: ffffffff828a2a57
  RDX: dffffc0000000000 RSI: dffffc0000000000 RDI: ffff88bce041f780
  RBP: ffff88bce041f828 R08: ffffed15f3f4c5b3 R09: ffffed15f3f4c5b3
  R10: 0000000000000001 R11: ffffed15f3f4c5b2 R12: 000000318aee9b73
  R13: ffffffff8471bc50 R14: 1ffff1179c083ef0 R15: 1ffff1179c083eec
   kernel_text_address+0xc1/0x100
   __kernel_text_address+0xe/0x30
   unwind_get_return_address+0x2f/0x50
   __save_stack_trace+0x92/0x100
   create_object+0x380/0x650
   __kmalloc+0x14c/0x2b0
   load_msg+0x38/0x1a0
   do_msgsnd+0x19e/0xcf0
   do_syscall_64+0x117/0x400
   entry_SYSCALL_64_after_hwframe+0x49/0xbe

  rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
  rcu:     Tasks blocked on level-1 rcu_node (CPUs 0-15): P32170
  rcu:     (detected by 14, t=35016 jiffies, g=44237525, q=12423063)
  msgctl10        R  running task    21608 32170  32155 0x00000082
  Call Trace:
   preempt_schedule_irq+0x4c/0xb0
   retint_kernel+0x1b/0x2d
  RIP: 0010:lock_acquire+0x4d/0x340
  Code: 48 81 ec c0 00 00 00 45 89 c6 4d 89 cf 48 8d 6c 24 20 48 89 3c 24 48 8d bb e4 0c 00 00 89 74 24 0c 48 c7 44 24 20 b3 8a b5 41 <48> c1 ed 03 48 c7 44 24 28 b4 25 18 84 48 c7 44 24 30 d0 54 7a 82
  RSP: 0018:ffff88af83417738 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13
  RAX: dffffc0000000000 RBX: ffff88bd335f3080 RCX: 0000000000000002
  RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88bd335f3d64
  RBP: ffff88af83417758 R08: 0000000000000000 R09: 0000000000000000
  R10: 0000000000000001 R11: ffffed13f3f745b2 R12: 0000000000000000
  R13: 0000000000000002 R14: 0000000000000000 R15: 0000000000000000
   is_bpf_text_address+0x32/0xe0
   kernel_text_address+0xec/0x100
   __kernel_text_address+0xe/0x30
   unwind_get_return_address+0x2f/0x50
   __save_stack_trace+0x92/0x100
   save_stack+0x32/0xb0
   __kasan_slab_free+0x130/0x180
   kfree+0xfa/0x2d0
   free_msg+0x24/0x50
   do_msgrcv+0x508/0xe60
   do_syscall_64+0x117/0x400
   entry_SYSCALL_64_after_hwframe+0x49/0xbe

Davidlohr said:
 "So after releasing the lock, the msg rbtree/list is empty and new
  calls will not see those in the newly populated tmp_msg list, and
  therefore they cannot access the delayed msg freeing pointers, which
  is good. Also the fact that the node_cache is now freed before the
  actual messages seems to be harmless as this is wanted for
  msg_insert() avoiding GFP_ATOMIC allocations, and after releasing the
  info->lock the thing is freed anyway so it should not change things"

Link: http://lkml.kernel.org/r/1552029161-4957-1-git-send-email-lirongqing@baidu.com
Signed-off-by: Li RongQing <lirongqing@baidu.com>
Signed-off-by: Zhang Yu <zhangyu31@baidu.com>
Reviewed-by: Davidlohr Bueso <dbueso@suse.de>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 ipc/mqueue.c  | 10 ++++++++--
 ipc/msgutil.c |  6 ++++++
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index c0d58f390c3b..bce7af1546d9 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -391,7 +391,8 @@ static void mqueue_evict_inode(struct inode *inode)
 	struct user_struct *user;
 	unsigned long mq_bytes, mq_treesize;
 	struct ipc_namespace *ipc_ns;
-	struct msg_msg *msg;
+	struct msg_msg *msg, *nmsg;
+	LIST_HEAD(tmp_msg);
 
 	clear_inode(inode);
 
@@ -402,10 +403,15 @@ static void mqueue_evict_inode(struct inode *inode)
 	info = MQUEUE_I(inode);
 	spin_lock(&info->lock);
 	while ((msg = msg_get(info)) != NULL)
-		free_msg(msg);
+		list_add_tail(&msg->m_list, &tmp_msg);
 	kfree(info->node_cache);
 	spin_unlock(&info->lock);
 
+	list_for_each_entry_safe(msg, nmsg, &tmp_msg, m_list) {
+		list_del(&msg->m_list);
+		free_msg(msg);
+	}
+
 	/* Total amount of bytes accounted for the mqueue */
 	mq_treesize = info->attr.mq_maxmsg * sizeof(struct msg_msg) +
 		min_t(unsigned int, info->attr.mq_maxmsg, MQ_PRIO_MAX) *
diff --git a/ipc/msgutil.c b/ipc/msgutil.c
index 84598025a6ad..e65593742e2b 100644
--- a/ipc/msgutil.c
+++ b/ipc/msgutil.c
@@ -18,6 +18,7 @@
 #include <linux/utsname.h>
 #include <linux/proc_ns.h>
 #include <linux/uaccess.h>
+#include <linux/sched.h>
 
 #include "util.h"
 
@@ -64,6 +65,9 @@ static struct msg_msg *alloc_msg(size_t len)
 	pseg = &msg->next;
 	while (len > 0) {
 		struct msg_msgseg *seg;
+
+		cond_resched();
+
 		alen = min(len, DATALEN_SEG);
 		seg = kmalloc(sizeof(*seg) + alen, GFP_KERNEL_ACCOUNT);
 		if (seg == NULL)
@@ -176,6 +180,8 @@ void free_msg(struct msg_msg *msg)
 	kfree(msg);
 	while (seg != NULL) {
 		struct msg_msgseg *tmp = seg->next;
+
+		cond_resched();
 		kfree(seg);
 		seg = tmp;
 	}
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 005/118] drm/pl111: Initialize clock spinlock early
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (3 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 004/118] ipc: prevent lockup on alloc_msg and free_msg Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 006/118] ARM: prevent tracing IPI_CPU_BACKTRACE Greg Kroah-Hartman
                   ` (117 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Linus Walleij, Guenter Roeck, Sasha Levin

[ Upstream commit 3e01ae2612bdd7975c74ec7123d7f8f5e6eed795 ]

The following warning is seen on systems with broken clock divider.

INFO: trying to register non-static key.
the code is fine but needs lockdep annotation.
turning off the locking correctness validator.
CPU: 0 PID: 1 Comm: swapper Not tainted 5.1.0-09698-g1fb3b52 #1
Hardware name: ARM Integrator/CP (Device Tree)
[<c0011be8>] (unwind_backtrace) from [<c000ebb8>] (show_stack+0x10/0x18)
[<c000ebb8>] (show_stack) from [<c07d3fd0>] (dump_stack+0x18/0x24)
[<c07d3fd0>] (dump_stack) from [<c0060d48>] (register_lock_class+0x674/0x6f8)
[<c0060d48>] (register_lock_class) from [<c005de2c>]
	(__lock_acquire+0x68/0x2128)
[<c005de2c>] (__lock_acquire) from [<c0060408>] (lock_acquire+0x110/0x21c)
[<c0060408>] (lock_acquire) from [<c07f755c>] (_raw_spin_lock+0x34/0x48)
[<c07f755c>] (_raw_spin_lock) from [<c0536c8c>]
	(pl111_display_enable+0xf8/0x5fc)
[<c0536c8c>] (pl111_display_enable) from [<c0502f54>]
	(drm_atomic_helper_commit_modeset_enables+0x1ec/0x244)

Since commit eedd6033b4c8 ("drm/pl111: Support variants with broken clock
divider"), the spinlock is not initialized if the clock divider is broken.
Initialize it earlier to fix the problem.

Fixes: eedd6033b4c8 ("drm/pl111: Support variants with broken clock divider")
Cc: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/1557758781-23586-1-git-send-email-linux@roeck-us.net
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/pl111/pl111_display.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/pl111/pl111_display.c b/drivers/gpu/drm/pl111/pl111_display.c
index 754f6b25f265..6d9f78612dee 100644
--- a/drivers/gpu/drm/pl111/pl111_display.c
+++ b/drivers/gpu/drm/pl111/pl111_display.c
@@ -531,14 +531,15 @@ pl111_init_clock_divider(struct drm_device *drm)
 		dev_err(drm->dev, "CLCD: unable to get clcdclk.\n");
 		return PTR_ERR(parent);
 	}
+
+	spin_lock_init(&priv->tim2_lock);
+
 	/* If the clock divider is broken, use the parent directly */
 	if (priv->variant->broken_clockdivider) {
 		priv->clk = parent;
 		return 0;
 	}
 	parent_name = __clk_get_name(parent);
-
-	spin_lock_init(&priv->tim2_lock);
 	div->init = &init;
 
 	ret = devm_clk_hw_register(drm->dev, div);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 006/118] ARM: prevent tracing IPI_CPU_BACKTRACE
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (4 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 005/118] drm/pl111: Initialize clock spinlock early Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 007/118] mm/hmm: select mmu notifier when selecting HMM Greg Kroah-Hartman
                   ` (116 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Masahiro Yamada,
	Heiko Carstens, Ingo Molnar, Christophe Leroy, Mathieu Malaterre,
	H. Peter Anvin, Thomas Gleixner, Benjamin Herrenschmidt,
	Paul Mackerras, Ralf Baechle, Stefan Agner, Boris Brezillon,
	Miquel Raynal, Richard Weinberger, David Woodhouse, Brian Norris,
	Marek Vasut, Russell King, Borislav Petkov, Mark Rutland,
	Andrew Morton, Linus Torvalds, Sasha Levin

[ Upstream commit be167862ae7dd85c56d385209a4890678e1b0488 ]

Patch series "compiler: allow all arches to enable
CONFIG_OPTIMIZE_INLINING", v3.

This patch (of 11):

When function tracing for IPIs is enabled, we get a warning for an
overflow of the ipi_types array with the IPI_CPU_BACKTRACE type as
triggered by raise_nmi():

  arch/arm/kernel/smp.c: In function 'raise_nmi':
  arch/arm/kernel/smp.c:489:2: error: array subscript is above array bounds [-Werror=array-bounds]
    trace_ipi_raise(target, ipi_types[ipinr]);

This is a correct warning as we actually overflow the array here.

This patch raise_nmi() to call __smp_cross_call() instead of
smp_cross_call(), to avoid calling into ftrace.  For clarification, I'm
also adding a two new code comments describing how this one is special.

The warning appears to have shown up after commit e7273ff49acf ("ARM:
8488/1: Make IPI_CPU_BACKTRACE a "non-secure" SGI"), which changed the
number assignment from '15' to '8', but as far as I can tell has existed
since the IPI tracepoints were first introduced.  If we decide to
backport this patch to stable kernels, we probably need to backport
e7273ff49acf as well.

[yamada.masahiro@socionext.com: rebase on v5.1-rc1]
Link: http://lkml.kernel.org/r/20190423034959.13525-2-yamada.masahiro@socionext.com
Fixes: e7273ff49acf ("ARM: 8488/1: Make IPI_CPU_BACKTRACE a "non-secure" SGI")
Fixes: 365ec7b17327 ("ARM: add IPI tracepoints") # v3.17
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Christophe Leroy <christophe.leroy@c-s.fr>
Cc: Mathieu Malaterre <malat@debian.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Stefan Agner <stefan@agner.ch>
Cc: Boris Brezillon <bbrezillon@kernel.org>
Cc: Miquel Raynal <miquel.raynal@bootlin.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Brian Norris <computersforpeace@gmail.com>
Cc: Marek Vasut <marek.vasut@gmail.com>
Cc: Russell King <rmk+kernel@arm.linux.org.uk>
Cc: Borislav Petkov <bp@suse.de>
Cc: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/include/asm/hardirq.h | 1 +
 arch/arm/kernel/smp.c          | 6 +++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/arch/arm/include/asm/hardirq.h b/arch/arm/include/asm/hardirq.h
index cba23eaa6072..7a88f160b1fb 100644
--- a/arch/arm/include/asm/hardirq.h
+++ b/arch/arm/include/asm/hardirq.h
@@ -6,6 +6,7 @@
 #include <linux/threads.h>
 #include <asm/irq.h>
 
+/* number of IPIS _not_ including IPI_CPU_BACKTRACE */
 #define NR_IPI	7
 
 typedef struct {
diff --git a/arch/arm/kernel/smp.c b/arch/arm/kernel/smp.c
index a3ce7c5365fa..bada66ef4419 100644
--- a/arch/arm/kernel/smp.c
+++ b/arch/arm/kernel/smp.c
@@ -76,6 +76,10 @@ enum ipi_msg_type {
 	IPI_CPU_STOP,
 	IPI_IRQ_WORK,
 	IPI_COMPLETION,
+	/*
+	 * CPU_BACKTRACE is special and not included in NR_IPI
+	 * or tracable with trace_ipi_*
+	 */
 	IPI_CPU_BACKTRACE,
 	/*
 	 * SGI8-15 can be reserved by secure firmware, and thus may
@@ -803,7 +807,7 @@ core_initcall(register_cpufreq_notifier);
 
 static void raise_nmi(cpumask_t *mask)
 {
-	smp_cross_call(mask, IPI_CPU_BACKTRACE);
+	__smp_cross_call(mask, IPI_CPU_BACKTRACE);
 }
 
 void arch_trigger_cpumask_backtrace(const cpumask_t *mask, bool exclude_self)
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 007/118] mm/hmm: select mmu notifier when selecting HMM
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (5 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 006/118] ARM: prevent tracing IPI_CPU_BACKTRACE Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 008/118] hugetlbfs: on restore reserve error path retain subpool reservation Greg Kroah-Hartman
                   ` (115 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jérôme Glisse,
	Balbir Singh, Ralph Campbell, John Hubbard, Dan Williams,
	Arnd Bergmann, Dan Carpenter, Ira Weiny, Matthew Wilcox,
	Souptick Joarder, Andrew Morton, Linus Torvalds, Sasha Levin

[ Upstream commit 734fb89968900b5c5f8edd5038bd4cdeab8c61d2 ]

To avoid random config build issue, select mmu notifier when HMM is
selected.  In any cases when HMM get selected it will be by users that
will also wants the mmu notifier.

Link: http://lkml.kernel.org/r/20190403193318.16478-2-jglisse@redhat.com
Signed-off-by: Jérôme Glisse <jglisse@redhat.com>
Acked-by: Balbir Singh <bsingharora@gmail.com>
Cc: Ralph Campbell <rcampbell@nvidia.com>
Cc: John Hubbard <jhubbard@nvidia.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Ira Weiny <ira.weiny@intel.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Souptick Joarder <jrdr.linux@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 mm/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/Kconfig b/mm/Kconfig
index de64ea658716..b457e94ae618 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
@@ -700,12 +700,12 @@ config DEV_PAGEMAP_OPS
 
 config HMM
 	bool
+	select MMU_NOTIFIER
 	select MIGRATE_VMA_HELPER
 
 config HMM_MIRROR
 	bool "HMM mirror CPU page table into a device page table"
 	depends on ARCH_HAS_HMM
-	select MMU_NOTIFIER
 	select HMM
 	help
 	  Select HMM_MIRROR if you want to mirror range of the CPU page table of a
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 008/118] hugetlbfs: on restore reserve error path retain subpool reservation
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (6 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 007/118] mm/hmm: select mmu notifier when selecting HMM Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 009/118] mem-hotplug: fix node spanned pages when we have a node with only ZONE_MOVABLE Greg Kroah-Hartman
                   ` (114 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Mike Kravetz, Naoya Horiguchi,
	Davidlohr Bueso, Joonsoo Kim, Michal Hocko, Kirill A . Shutemov,
	Andrew Morton, Linus Torvalds, Sasha Levin

[ Upstream commit 0919e1b69ab459e06df45d3ba6658d281962db80 ]

When a huge page is allocated, PagePrivate() is set if the allocation
consumed a reservation.  When freeing a huge page, PagePrivate is checked.
If set, it indicates the reservation should be restored.  PagePrivate
being set at free huge page time mostly happens on error paths.

When huge page reservations are created, a check is made to determine if
the mapping is associated with an explicitly mounted filesystem.  If so,
pages are also reserved within the filesystem.  The default action when
freeing a huge page is to decrement the usage count in any associated
explicitly mounted filesystem.  However, if the reservation is to be
restored the reservation/use count within the filesystem should not be
decrementd.  Otherwise, a subsequent page allocation and free for the same
mapping location will cause the file filesystem usage to go 'negative'.

Filesystem                         Size  Used Avail Use% Mounted on
nodev                              4.0G -4.0M  4.1G    - /opt/hugepool

To fix, when freeing a huge page do not adjust filesystem usage if
PagePrivate() is set to indicate the reservation should be restored.

I did not cc stable as the problem has been around since reserves were
added to hugetlbfs and nobody has noticed.

Link: http://lkml.kernel.org/r/20190328234704.27083-2-mike.kravetz@oracle.com
Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
Reviewed-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 mm/hugetlb.c | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index 0bbb033d7d8c..65179513c2b2 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -1256,12 +1256,23 @@ void free_huge_page(struct page *page)
 	ClearPagePrivate(page);
 
 	/*
-	 * A return code of zero implies that the subpool will be under its
-	 * minimum size if the reservation is not restored after page is free.
-	 * Therefore, force restore_reserve operation.
+	 * If PagePrivate() was set on page, page allocation consumed a
+	 * reservation.  If the page was associated with a subpool, there
+	 * would have been a page reserved in the subpool before allocation
+	 * via hugepage_subpool_get_pages().  Since we are 'restoring' the
+	 * reservtion, do not call hugepage_subpool_put_pages() as this will
+	 * remove the reserved page from the subpool.
 	 */
-	if (hugepage_subpool_put_pages(spool, 1) == 0)
-		restore_reserve = true;
+	if (!restore_reserve) {
+		/*
+		 * A return code of zero implies that the subpool will be
+		 * under its minimum size if the reservation is not restored
+		 * after page is free.  Therefore, force restore_reserve
+		 * operation.
+		 */
+		if (hugepage_subpool_put_pages(spool, 1) == 0)
+			restore_reserve = true;
+	}
 
 	spin_lock(&hugetlb_lock);
 	clear_page_huge_active(page);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 009/118] mem-hotplug: fix node spanned pages when we have a node with only ZONE_MOVABLE
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (7 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 008/118] hugetlbfs: on restore reserve error path retain subpool reservation Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 010/118] mm/cma.c: fix crash on CMA allocation if bitmap allocation fails Greg Kroah-Hartman
                   ` (113 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Linxu Fang, Taku Izumi, Xishi Qiu,
	Michal Hocko, Vlastimil Babka, Pavel Tatashin, Oscar Salvador,
	Andrew Morton, Linus Torvalds, Sasha Levin

[ Upstream commit 299c83dce9ea3a79bb4b5511d2cb996b6b8e5111 ]

342332e6a925 ("mm/page_alloc.c: introduce kernelcore=mirror option") and
later patches rewrote the calculation of node spanned pages.

e506b99696a2 ("mem-hotplug: fix node spanned pages when we have a movable
node"), but the current code still has problems,

When we have a node with only zone_movable and the node id is not zero,
the size of node spanned pages is double added.

That's because we have an empty normal zone, and zone_start_pfn or
zone_end_pfn is not between arch_zone_lowest_possible_pfn and
arch_zone_highest_possible_pfn, so we need to use clamp to constrain the
range just like the commit <96e907d13602> (bootmem: Reimplement
__absent_pages_in_range() using for_each_mem_pfn_range()).

e.g.
Zone ranges:
  DMA      [mem 0x0000000000001000-0x0000000000ffffff]
  DMA32    [mem 0x0000000001000000-0x00000000ffffffff]
  Normal   [mem 0x0000000100000000-0x000000023fffffff]
Movable zone start for each node
  Node 0: 0x0000000100000000
  Node 1: 0x0000000140000000
Early memory node ranges
  node   0: [mem 0x0000000000001000-0x000000000009efff]
  node   0: [mem 0x0000000000100000-0x00000000bffdffff]
  node   0: [mem 0x0000000100000000-0x000000013fffffff]
  node   1: [mem 0x0000000140000000-0x000000023fffffff]

node 0 DMA	spanned:0xfff   present:0xf9e   absent:0x61
node 0 DMA32	spanned:0xff000 present:0xbefe0	absent:0x40020
node 0 Normal	spanned:0	present:0	absent:0
node 0 Movable	spanned:0x40000 present:0x40000 absent:0
On node 0 totalpages(node_present_pages): 1048446
node_spanned_pages:1310719
node 1 DMA	spanned:0	    present:0		absent:0
node 1 DMA32	spanned:0	    present:0		absent:0
node 1 Normal	spanned:0x100000    present:0x100000	absent:0
node 1 Movable	spanned:0x100000    present:0x100000	absent:0
On node 1 totalpages(node_present_pages): 2097152
node_spanned_pages:2097152
Memory: 6967796K/12582392K available (16388K kernel code, 3686K rwdata,
4468K rodata, 2160K init, 10444K bss, 5614596K reserved, 0K
cma-reserved)

It shows that the current memory of node 1 is double added.
After this patch, the problem is fixed.

node 0 DMA	spanned:0xfff   present:0xf9e   absent:0x61
node 0 DMA32	spanned:0xff000 present:0xbefe0	absent:0x40020
node 0 Normal	spanned:0	present:0	absent:0
node 0 Movable	spanned:0x40000 present:0x40000 absent:0
On node 0 totalpages(node_present_pages): 1048446
node_spanned_pages:1310719
node 1 DMA	spanned:0	    present:0		absent:0
node 1 DMA32	spanned:0	    present:0		absent:0
node 1 Normal	spanned:0	    present:0		absent:0
node 1 Movable	spanned:0x100000    present:0x100000	absent:0
On node 1 totalpages(node_present_pages): 1048576
node_spanned_pages:1048576
memory: 6967796K/8388088K available (16388K kernel code, 3686K rwdata,
4468K rodata, 2160K init, 10444K bss, 1420292K reserved, 0K
cma-reserved)

Link: http://lkml.kernel.org/r/1554178276-10372-1-git-send-email-fanglinxu@huawei.com
Signed-off-by: Linxu Fang <fanglinxu@huawei.com>
Cc: Taku Izumi <izumi.taku@jp.fujitsu.com>
Cc: Xishi Qiu <qiuxishi@huawei.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Pavel Tatashin <pavel.tatashin@microsoft.com>
Cc: Oscar Salvador <osalvador@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 mm/page_alloc.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index 8e6932a140b8..2d04bd2e1ced 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -5937,13 +5937,15 @@ static unsigned long __meminit zone_spanned_pages_in_node(int nid,
 					unsigned long *zone_end_pfn,
 					unsigned long *ignored)
 {
+	unsigned long zone_low = arch_zone_lowest_possible_pfn[zone_type];
+	unsigned long zone_high = arch_zone_highest_possible_pfn[zone_type];
 	/* When hotadd a new node from cpu_up(), the node should be empty */
 	if (!node_start_pfn && !node_end_pfn)
 		return 0;
 
 	/* Get the start and end of the zone */
-	*zone_start_pfn = arch_zone_lowest_possible_pfn[zone_type];
-	*zone_end_pfn = arch_zone_highest_possible_pfn[zone_type];
+	*zone_start_pfn = clamp(node_start_pfn, zone_low, zone_high);
+	*zone_end_pfn = clamp(node_end_pfn, zone_low, zone_high);
 	adjust_zone_range_for_zone_movable(nid, zone_type,
 				node_start_pfn, node_end_pfn,
 				zone_start_pfn, zone_end_pfn);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 010/118] mm/cma.c: fix crash on CMA allocation if bitmap allocation fails
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (8 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 009/118] mem-hotplug: fix node spanned pages when we have a node with only ZONE_MOVABLE Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 011/118] initramfs: free initrd memory if opening /initrd.image fails Greg Kroah-Hartman
                   ` (112 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Yue Hu, Anshuman Khandual,
	Joonsoo Kim, Laura Abbott, Mike Rapoport, Randy Dunlap,
	Andrew Morton, Linus Torvalds, Sasha Levin

[ Upstream commit 1df3a339074e31db95c4790ea9236874b13ccd87 ]

f022d8cb7ec7 ("mm: cma: Don't crash on allocation if CMA area can't be
activated") fixes the crash issue when activation fails via setting
cma->count as 0, same logic exists if bitmap allocation fails.

Link: http://lkml.kernel.org/r/20190325081309.6004-1-zbestahu@gmail.com
Signed-off-by: Yue Hu <huyue2@yulong.com>
Reviewed-by: Anshuman Khandual <anshuman.khandual@arm.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Laura Abbott <labbott@redhat.com>
Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 mm/cma.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/mm/cma.c b/mm/cma.c
index bfe9f5397165..6ce6e22f82d9 100644
--- a/mm/cma.c
+++ b/mm/cma.c
@@ -106,8 +106,10 @@ static int __init cma_activate_area(struct cma *cma)
 
 	cma->bitmap = kzalloc(bitmap_size, GFP_KERNEL);
 
-	if (!cma->bitmap)
+	if (!cma->bitmap) {
+		cma->count = 0;
 		return -ENOMEM;
+	}
 
 	WARN_ON_ONCE(!pfn_valid(pfn));
 	zone = page_zone(pfn_to_page(pfn));
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 011/118] initramfs: free initrd memory if opening /initrd.image fails
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (9 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 010/118] mm/cma.c: fix crash on CMA allocation if bitmap allocation fails Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 012/118] mm/cma.c: fix the bitmap status to show failed allocation reason Greg Kroah-Hartman
                   ` (111 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Steven Price,
	Mike Rapoport, Alexander Viro, Russell King, Will Deacon,
	Guan Xuetao, Andrew Morton, Linus Torvalds, Sasha Levin,
	Catalin Marinas, Geert Uytterhoeven

[ Upstream commit 54c7a8916a887f357088f99e9c3a7720cd57d2c8 ]

Patch series "initramfs tidyups".

I've spent some time chasing down behavior in initramfs and found
plenty of opportunity to improve the code.  A first stab on that is
contained in this series.

This patch (of 7):

We free the initrd memory for all successful or error cases except for the
case where opening /initrd.image fails, which looks like an oversight.

Steven said:

: This also changes the behaviour when CONFIG_INITRAMFS_FORCE is enabled
: - specifically it means that the initrd is freed (previously it was
: ignored and never freed).  But that seems like reasonable behaviour and
: the previous behaviour looks like another oversight.

Link: http://lkml.kernel.org/r/20190213174621.29297-3-hch@lst.de
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Steven Price <steven.price@arm.com>
Acked-by: Mike Rapoport <rppt@linux.ibm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>	[arm64]
Cc: Geert Uytterhoeven <geert@linux-m68k.org>	[m68k]
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Russell King <linux@armlinux.org.uk>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Guan Xuetao <gxt@pku.edu.cn>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 init/initramfs.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/init/initramfs.c b/init/initramfs.c
index f6f4a1e4cd54..cd5fb00fcb54 100644
--- a/init/initramfs.c
+++ b/init/initramfs.c
@@ -612,13 +612,12 @@ static int __init populate_rootfs(void)
 		printk(KERN_INFO "Trying to unpack rootfs image as initramfs...\n");
 		err = unpack_to_rootfs((char *)initrd_start,
 			initrd_end - initrd_start);
-		if (!err) {
-			free_initrd();
+		if (!err)
 			goto done;
-		} else {
-			clean_rootfs();
-			unpack_to_rootfs(__initramfs_start, __initramfs_size);
-		}
+
+		clean_rootfs();
+		unpack_to_rootfs(__initramfs_start, __initramfs_size);
+
 		printk(KERN_INFO "rootfs image is not initramfs (%s)"
 				"; looks like an initrd\n", err);
 		fd = ksys_open("/initrd.image",
@@ -632,7 +631,6 @@ static int __init populate_rootfs(void)
 				       written, initrd_end - initrd_start);
 
 			ksys_close(fd);
-			free_initrd();
 		}
 	done:
 		/* empty statement */;
@@ -642,9 +640,9 @@ static int __init populate_rootfs(void)
 			initrd_end - initrd_start);
 		if (err)
 			printk(KERN_EMERG "Initramfs unpacking failed: %s\n", err);
-		free_initrd();
 #endif
 	}
+	free_initrd();
 	flush_delayed_fput();
 	/*
 	 * Try loading default modules from initramfs.  This gives
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 012/118] mm/cma.c: fix the bitmap status to show failed allocation reason
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (10 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 011/118] initramfs: free initrd memory if opening /initrd.image fails Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 013/118] mm: page_mkclean vs MADV_DONTNEED race Greg Kroah-Hartman
                   ` (110 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Yue Hu, Andrew Morton, Joonsoo Kim,
	Ingo Molnar, Vlastimil Babka, Mike Rapoport, Randy Dunlap,
	Laura Abbott, Linus Torvalds, Sasha Levin

[ Upstream commit 2b59e01a3aa665f751d1410b99fae9336bd424e1 ]

Currently one bit in cma bitmap represents number of pages rather than
one page, cma->count means cma size in pages. So to find available pages
via find_next_zero_bit()/find_next_bit() we should use cma size not in
pages but in bits although current free pages number is correct due to
zero value of order_per_bit. Once order_per_bit is changed the bitmap
status will be incorrect.

The size input in cma_debug_show_areas() is not correct.  It will
affect the available pages at some position to debug the failure issue.

This is an example with order_per_bit = 1

Before this change:
[    4.120060] cma: number of available pages: 1@93+4@108+7@121+7@137+7@153+7@169+7@185+7@201+3@213+3@221+3@229+3@237+3@245+3@253+3@261+3@269+3@277+3@285+3@293+3@301+3@309+3@317+3@325+19@333+15@369+512@512=> 638 free of 1024 total pages

After this change:
[    4.143234] cma: number of available pages: 2@93+8@108+14@121+14@137+14@153+14@169+14@185+14@201+6@213+6@221+6@229+6@237+6@245+6@253+6@261+6@269+6@277+6@285+6@293+6@301+6@309+6@317+6@325+38@333+30@369=> 252 free of 1024 total pages

Obviously the bitmap status before is incorrect.

Link: http://lkml.kernel.org/r/20190320060829.9144-1-zbestahu@gmail.com
Signed-off-by: Yue Hu <huyue2@yulong.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Laura Abbott <labbott@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 mm/cma.c | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/mm/cma.c b/mm/cma.c
index 6ce6e22f82d9..476dfe13a701 100644
--- a/mm/cma.c
+++ b/mm/cma.c
@@ -371,23 +371,26 @@ err:
 #ifdef CONFIG_CMA_DEBUG
 static void cma_debug_show_areas(struct cma *cma)
 {
-	unsigned long next_zero_bit, next_set_bit;
+	unsigned long next_zero_bit, next_set_bit, nr_zero;
 	unsigned long start = 0;
-	unsigned int nr_zero, nr_total = 0;
+	unsigned long nr_part, nr_total = 0;
+	unsigned long nbits = cma_bitmap_maxno(cma);
 
 	mutex_lock(&cma->lock);
 	pr_info("number of available pages: ");
 	for (;;) {
-		next_zero_bit = find_next_zero_bit(cma->bitmap, cma->count, start);
-		if (next_zero_bit >= cma->count)
+		next_zero_bit = find_next_zero_bit(cma->bitmap, nbits, start);
+		if (next_zero_bit >= nbits)
 			break;
-		next_set_bit = find_next_bit(cma->bitmap, cma->count, next_zero_bit);
+		next_set_bit = find_next_bit(cma->bitmap, nbits, next_zero_bit);
 		nr_zero = next_set_bit - next_zero_bit;
-		pr_cont("%s%u@%lu", nr_total ? "+" : "", nr_zero, next_zero_bit);
-		nr_total += nr_zero;
+		nr_part = nr_zero << cma->order_per_bit;
+		pr_cont("%s%lu@%lu", nr_total ? "+" : "", nr_part,
+			next_zero_bit);
+		nr_total += nr_part;
 		start = next_zero_bit + nr_zero;
 	}
-	pr_cont("=> %u free of %lu total pages\n", nr_total, cma->count);
+	pr_cont("=> %lu free of %lu total pages\n", nr_total, cma->count);
 	mutex_unlock(&cma->lock);
 }
 #else
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 013/118] mm: page_mkclean vs MADV_DONTNEED race
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (11 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 012/118] mm/cma.c: fix the bitmap status to show failed allocation reason Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 014/118] mm/cma_debug.c: fix the break condition in cma_maxchunk_get() Greg Kroah-Hartman
                   ` (109 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Aneesh Kumar K.V, Andrew Morton,
	Dan Williams, Kirill A . Shutemov, Andrea Arcangeli,
	Linus Torvalds, Sasha Levin

[ Upstream commit 024eee0e83f0df52317be607ca521e0fc572aa07 ]

MADV_DONTNEED is handled with mmap_sem taken in read mode.  We call
page_mkclean without holding mmap_sem.

MADV_DONTNEED implies that pages in the region are unmapped and subsequent
access to the pages in that range is handled as a new page fault.  This
implies that if we don't have parallel access to the region when
MADV_DONTNEED is run we expect those range to be unallocated.

w.r.t page_mkclean() we need to make sure that we don't break the
MADV_DONTNEED semantics.  MADV_DONTNEED check for pmd_none without holding
pmd_lock.  This implies we skip the pmd if we temporarily mark pmd none.
Avoid doing that while marking the page clean.

Keep the sequence same for dax too even though we don't support
MADV_DONTNEED for dax mapping

The bug was noticed by code review and I didn't observe any failures w.r.t
test run.  This is similar to

commit 58ceeb6bec86d9140f9d91d71a710e963523d063
Author: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Date:   Thu Apr 13 14:56:26 2017 -0700

    thp: fix MADV_DONTNEED vs. MADV_FREE race

commit ced108037c2aa542b3ed8b7afd1576064ad1362a
Author: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Date:   Thu Apr 13 14:56:20 2017 -0700

    thp: fix MADV_DONTNEED vs. numa balancing race

Link: http://lkml.kernel.org/r/20190321040610.14226-1-aneesh.kumar@linux.ibm.com
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc:"Kirill A . Shutemov" <kirill@shutemov.name>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/dax.c  | 2 +-
 mm/rmap.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/dax.c b/fs/dax.c
index 004c8ac1117c..75a289c31c7e 100644
--- a/fs/dax.c
+++ b/fs/dax.c
@@ -908,7 +908,7 @@ static void dax_mapping_entry_mkclean(struct address_space *mapping,
 				goto unlock_pmd;
 
 			flush_cache_page(vma, address, pfn);
-			pmd = pmdp_huge_clear_flush(vma, address, pmdp);
+			pmd = pmdp_invalidate(vma, address, pmdp);
 			pmd = pmd_wrprotect(pmd);
 			pmd = pmd_mkclean(pmd);
 			set_pmd_at(vma->vm_mm, address, pmdp, pmd);
diff --git a/mm/rmap.c b/mm/rmap.c
index 85b7f9423352..f048c2651954 100644
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -926,7 +926,7 @@ static bool page_mkclean_one(struct page *page, struct vm_area_struct *vma,
 				continue;
 
 			flush_cache_page(vma, address, page_to_pfn(page));
-			entry = pmdp_huge_clear_flush(vma, address, pmd);
+			entry = pmdp_invalidate(vma, address, pmd);
 			entry = pmd_wrprotect(entry);
 			entry = pmd_mkclean(entry);
 			set_pmd_at(vma->vm_mm, address, pmd, entry);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 014/118] mm/cma_debug.c: fix the break condition in cma_maxchunk_get()
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (12 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 013/118] mm: page_mkclean vs MADV_DONTNEED race Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 015/118] mm/slab.c: fix an infinite loop in leaks_show() Greg Kroah-Hartman
                   ` (108 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Yue Hu, Andrew Morton, Michal Hocko,
	Joe Perches, David Rientjes, Dmitry Safonov, Joonsoo Kim,
	Linus Torvalds, Sasha Levin

[ Upstream commit f0fd50504a54f5548eb666dc16ddf8394e44e4b7 ]

If not find zero bit in find_next_zero_bit(), it will return the size
parameter passed in, so the start bit should be compared with bitmap_maxno
rather than cma->count.  Although getting maxchunk is working fine due to
zero value of order_per_bit currently, the operation will be stuck if
order_per_bit is set as non-zero.

Link: http://lkml.kernel.org/r/20190319092734.276-1-zbestahu@gmail.com
Signed-off-by: Yue Hu <huyue2@yulong.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Joe Perches <joe@perches.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Dmitry Safonov <d.safonov@partner.samsung.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 mm/cma_debug.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/cma_debug.c b/mm/cma_debug.c
index ad6723e9d110..3e0415076cc9 100644
--- a/mm/cma_debug.c
+++ b/mm/cma_debug.c
@@ -58,7 +58,7 @@ static int cma_maxchunk_get(void *data, u64 *val)
 	mutex_lock(&cma->lock);
 	for (;;) {
 		start = find_next_zero_bit(cma->bitmap, bitmap_maxno, end);
-		if (start >= cma->count)
+		if (start >= bitmap_maxno)
 			break;
 		end = find_next_bit(cma->bitmap, bitmap_maxno, start);
 		maxchunk = max(end - start, maxchunk);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 015/118] mm/slab.c: fix an infinite loop in leaks_show()
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (13 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 014/118] mm/cma_debug.c: fix the break condition in cma_maxchunk_get() Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 016/118] kernel/sys.c: prctl: fix false positive in validate_prctl_map() Greg Kroah-Hartman
                   ` (107 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Qian Cai, Andrew Morton,
	Vlastimil Babka, Christoph Lameter, Pekka Enberg, David Rientjes,
	Joonsoo Kim, Linus Torvalds, Sasha Levin

[ Upstream commit 745e10146c31b1c6ed3326286704ae251b17f663 ]

"cat /proc/slab_allocators" could hang forever on SMP machines with
kmemleak or object debugging enabled due to other CPUs running do_drain()
will keep making kmemleak_object or debug_objects_cache dirty and unable
to escape the first loop in leaks_show(),

do {
	set_store_user_clean(cachep);
	drain_cpu_caches(cachep);
	...

} while (!is_store_user_clean(cachep));

For example,

do_drain
  slabs_destroy
    slab_destroy
      kmem_cache_free
        __cache_free
          ___cache_free
            kmemleak_free_recursive
              delete_object_full
                __delete_object
                  put_object
                    free_object_rcu
                      kmem_cache_free
                        cache_free_debugcheck --> dirty kmemleak_object

One approach is to check cachep->name and skip both kmemleak_object and
debug_objects_cache in leaks_show().  The other is to set store_user_clean
after drain_cpu_caches() which leaves a small window between
drain_cpu_caches() and set_store_user_clean() where per-CPU caches could
be dirty again lead to slightly wrong information has been stored but
could also speed up things significantly which sounds like a good
compromise.  For example,

 # cat /proc/slab_allocators
 0m42.778s # 1st approach
 0m0.737s  # 2nd approach

[akpm@linux-foundation.org: tweak comment]
Link: http://lkml.kernel.org/r/20190411032635.10325-1-cai@lca.pw
Fixes: d31676dfde25 ("mm/slab: alternative implementation for DEBUG_SLAB_LEAK")
Signed-off-by: Qian Cai <cai@lca.pw>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 mm/slab.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/mm/slab.c b/mm/slab.c
index 018d32496e8d..46f21e73db2f 100644
--- a/mm/slab.c
+++ b/mm/slab.c
@@ -4326,8 +4326,12 @@ static int leaks_show(struct seq_file *m, void *p)
 	 * whole processing.
 	 */
 	do {
-		set_store_user_clean(cachep);
 		drain_cpu_caches(cachep);
+		/*
+		 * drain_cpu_caches() could make kmemleak_object and
+		 * debug_objects_cache dirty, so reset afterwards.
+		 */
+		set_store_user_clean(cachep);
 
 		x[1] = 0;
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 016/118] kernel/sys.c: prctl: fix false positive in validate_prctl_map()
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (14 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 015/118] mm/slab.c: fix an infinite loop in leaks_show() Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 017/118] thermal: rcar_gen3_thermal: disable interrupt in .remove Greg Kroah-Hartman
                   ` (106 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Cyrill Gorcunov, Andrey Vagin,
	Dmitry Safonov, Pavel Emelyanov, Andrew Morton, Linus Torvalds,
	Sasha Levin

[ Upstream commit a9e73998f9d705c94a8dca9687633adc0f24a19a ]

While validating new map we require the @start_data to be strictly less
than @end_data, which is fine for regular applications (this is why this
nit didn't trigger for that long).  These members are set from executable
loaders such as elf handers, still it is pretty valid to have a loadable
data section with zero size in file, in such case the start_data is equal
to end_data once kernel loader finishes.

As a result when we're trying to restore such programs the procedure fails
and the kernel returns -EINVAL.  From the image dump of a program:

 | "mm_start_code": "0x400000",
 | "mm_end_code": "0x8f5fb4",
 | "mm_start_data": "0xf1bfb0",
 | "mm_end_data": "0xf1bfb0",

Thus we need to change validate_prctl_map from strictly less to less or
equal operator use.

Link: http://lkml.kernel.org/r/20190408143554.GY1421@uranus.lan
Fixes: f606b77f1a9e3 ("prctl: PR_SET_MM -- introduce PR_SET_MM_MAP operation")
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Cc: Andrey Vagin <avagin@gmail.com>
Cc: Dmitry Safonov <0x7f454c46@gmail.com>
Cc: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/sys.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/sys.c b/kernel/sys.c
index 123bd73046ec..096932a45046 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -1919,7 +1919,7 @@ static int validate_prctl_map(struct prctl_mm_map *prctl_map)
 	((unsigned long)prctl_map->__m1 __op				\
 	 (unsigned long)prctl_map->__m2) ? 0 : -EINVAL
 	error  = __prctl_check_order(start_code, <, end_code);
-	error |= __prctl_check_order(start_data, <, end_data);
+	error |= __prctl_check_order(start_data,<=, end_data);
 	error |= __prctl_check_order(start_brk, <=, brk);
 	error |= __prctl_check_order(arg_start, <=, arg_end);
 	error |= __prctl_check_order(env_start, <=, env_end);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 017/118] thermal: rcar_gen3_thermal: disable interrupt in .remove
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (15 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 016/118] kernel/sys.c: prctl: fix false positive in validate_prctl_map() Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-16 19:41   ` Pavel Machek
  2019-06-13  8:32 ` [PATCH 4.19 018/118] drivers: thermal: tsens: Dont print error message on -EPROBE_DEFER Greg Kroah-Hartman
                   ` (105 subsequent siblings)
  122 siblings, 1 reply; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jiada Wang, Simon Horman,
	Daniel Lezcano, Eduardo Valentin, Sasha Levin

[ Upstream commit 63f55fcea50c25ae5ad45af92d08dae3b84534c2 ]

Currently IRQ remains enabled after .remove, later if device is probed,
IRQ is requested before .thermal_init, this may cause IRQ function be
called before device is initialized.

this patch disables interrupt in .remove, to ensure irq function
only be called after device is fully initialized.

Signed-off-by: Jiada Wang <jiada_wang@mentor.com>
Reviewed-by: Simon Horman <horms+renesas@verge.net.au>
Reviewed-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Eduardo Valentin <edubezval@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/thermal/rcar_gen3_thermal.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/thermal/rcar_gen3_thermal.c b/drivers/thermal/rcar_gen3_thermal.c
index 7aed5337bdd3..704c8ad045bb 100644
--- a/drivers/thermal/rcar_gen3_thermal.c
+++ b/drivers/thermal/rcar_gen3_thermal.c
@@ -328,6 +328,9 @@ MODULE_DEVICE_TABLE(of, rcar_gen3_thermal_dt_ids);
 static int rcar_gen3_thermal_remove(struct platform_device *pdev)
 {
 	struct device *dev = &pdev->dev;
+	struct rcar_gen3_thermal_priv *priv = dev_get_drvdata(dev);
+
+	rcar_thermal_irq_set(priv, false);
 
 	pm_runtime_put(dev);
 	pm_runtime_disable(dev);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 018/118] drivers: thermal: tsens: Dont print error message on -EPROBE_DEFER
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (16 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 017/118] thermal: rcar_gen3_thermal: disable interrupt in .remove Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 019/118] mfd: tps65912-spi: Add missing of table registration Greg Kroah-Hartman
                   ` (104 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Amit Kucheria, Eduardo Valentin, Sasha Levin

[ Upstream commit fc7d18cf6a923cde7f5e7ba2c1105bb106d3e29a ]

We print a calibration failure message on -EPROBE_DEFER from
nvmem/qfprom as follows:
[    3.003090] qcom-tsens 4a9000.thermal-sensor: version: 1.4
[    3.005376] qcom-tsens 4a9000.thermal-sensor: tsens calibration failed
[    3.113248] qcom-tsens 4a9000.thermal-sensor: version: 1.4

This confuses people when, in fact, calibration succeeds later when
nvmem/qfprom device is available. Don't print this message on a
-EPROBE_DEFER.

Signed-off-by: Amit Kucheria <amit.kucheria@linaro.org>
Signed-off-by: Eduardo Valentin <edubezval@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/thermal/qcom/tsens.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/thermal/qcom/tsens.c b/drivers/thermal/qcom/tsens.c
index a2c9bfae3d86..b139713289a4 100644
--- a/drivers/thermal/qcom/tsens.c
+++ b/drivers/thermal/qcom/tsens.c
@@ -171,7 +171,8 @@ static int tsens_probe(struct platform_device *pdev)
 	if (tmdev->ops->calibrate) {
 		ret = tmdev->ops->calibrate(tmdev);
 		if (ret < 0) {
-			dev_err(dev, "tsens calibration failed\n");
+			if (ret != -EPROBE_DEFER)
+				dev_err(dev, "tsens calibration failed\n");
 			return ret;
 		}
 	}
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 019/118] mfd: tps65912-spi: Add missing of table registration
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (17 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 018/118] drivers: thermal: tsens: Dont print error message on -EPROBE_DEFER Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 020/118] mfd: intel-lpss: Set the device in reset state when init Greg Kroah-Hartman
                   ` (103 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Javier Martinez Canillas,
	Daniel Gomez, Lee Jones, Sasha Levin

[ Upstream commit 9e364e87ad7f2c636276c773d718cda29d62b741 ]

MODULE_DEVICE_TABLE(of, <of_match_table> should be called to complete DT
OF mathing mechanism and register it.

Before this patch:
modinfo drivers/mfd/tps65912-spi.ko | grep alias
alias:          spi:tps65912

After this patch:
modinfo drivers/mfd/tps65912-spi.ko | grep alias
alias:          of:N*T*Cti,tps65912C*
alias:          of:N*T*Cti,tps65912
alias:          spi:tps65912

Reported-by: Javier Martinez Canillas <javier@dowhile0.org>
Signed-off-by: Daniel Gomez <dagmcr@gmail.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/mfd/tps65912-spi.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/mfd/tps65912-spi.c b/drivers/mfd/tps65912-spi.c
index 3bd75061f777..f78be039e463 100644
--- a/drivers/mfd/tps65912-spi.c
+++ b/drivers/mfd/tps65912-spi.c
@@ -27,6 +27,7 @@ static const struct of_device_id tps65912_spi_of_match_table[] = {
 	{ .compatible = "ti,tps65912", },
 	{ /* sentinel */ }
 };
+MODULE_DEVICE_TABLE(of, tps65912_spi_of_match_table);
 
 static int tps65912_spi_probe(struct spi_device *spi)
 {
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 020/118] mfd: intel-lpss: Set the device in reset state when init
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (18 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 019/118] mfd: tps65912-spi: Add missing of table registration Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 021/118] drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration Greg Kroah-Hartman
                   ` (102 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Binbin Wu, Mika Westerberg,
	Andy Shevchenko, Lee Jones, Sasha Levin

[ Upstream commit dad06532292d77f37fbe831a02948a593500f682 ]

In virtualized setup, when system reboots due to warm
reset interrupt storm is seen.

Call Trace:
<IRQ>
dump_stack+0x70/0xa5
__report_bad_irq+0x2e/0xc0
note_interrupt+0x248/0x290
? add_interrupt_randomness+0x30/0x220
handle_irq_event_percpu+0x54/0x80
handle_irq_event+0x39/0x60
handle_fasteoi_irq+0x91/0x150
handle_irq+0x108/0x180
do_IRQ+0x52/0xf0
common_interrupt+0xf/0xf
</IRQ>
RIP: 0033:0x76fc2cfabc1d
Code: 24 28 bf 03 00 00 00 31 c0 48 8d 35 63 77 0e 00 48 8d 15 2e
94 0e 00 4c 89 f9 49 89 d9 4c 89 d3 e8 b8 e2 01 00 48 8b 54 24 18
<48> 89 ef 48 89 de 4c 89 e1 e8 d5 97 01 00 84 c0 74 2d 48 8b 04
24
RSP: 002b:00007ffd247c1fc0 EFLAGS: 00000293 ORIG_RAX: ffffffffffffffda
RAX: 0000000000000000 RBX: 00007ffd247c1ff0 RCX: 000000000003d3ce
RDX: 0000000000000000 RSI: 00007ffd247c1ff0 RDI: 000076fc2cbb6010
RBP: 000076fc2cded010 R08: 00007ffd247c2210 R09: 00007ffd247c22a0
R10: 000076fc29465470 R11: 0000000000000000 R12: 00007ffd247c1fc0
R13: 000076fc2ce8e470 R14: 000076fc27ec9960 R15: 0000000000000414
handlers:
[<000000000d3fa913>] idma64_irq
Disabling IRQ #27

To avoid interrupt storm, set the device in reset state
before bringing out the device from reset state.

Changelog v2:
- correct the subject line by adding "mfd: "

Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/mfd/intel-lpss.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/mfd/intel-lpss.c b/drivers/mfd/intel-lpss.c
index 50bffc3382d7..ff3fba16e735 100644
--- a/drivers/mfd/intel-lpss.c
+++ b/drivers/mfd/intel-lpss.c
@@ -273,6 +273,9 @@ static void intel_lpss_init_dev(const struct intel_lpss *lpss)
 {
 	u32 value = LPSS_PRIV_SSP_REG_DIS_DMA_FIN;
 
+	/* Set the device in reset state */
+	writel(0, lpss->priv + LPSS_PRIV_RESETS);
+
 	intel_lpss_deassert_reset(lpss);
 
 	intel_lpss_set_remap_addr(lpss);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 021/118] drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (19 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 020/118] mfd: intel-lpss: Set the device in reset state when init Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 022/118] mfd: twl6040: Fix device init errors for ACCCTL register Greg Kroah-Hartman
                   ` (101 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ben Skeggs, Sasha Levin

[ Upstream commit 13d03e9daf70dab032c03dc172e75bb98ad899c4 ]

Where possible, we want the failsafe link configuration (one which won't
hang the OR during modeset because of not enough bandwidth for the mode)
to also be supported by the sink.

This prevents "link rate unsupported by sink" messages when link training
fails.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c b/drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c
index 5f301e632599..818d21bd28d3 100644
--- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c
+++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c
@@ -365,8 +365,15 @@ nvkm_dp_train(struct nvkm_dp *dp, u32 dataKBps)
 	 * and it's better to have a failed modeset than that.
 	 */
 	for (cfg = nvkm_dp_rates; cfg->rate; cfg++) {
-		if (cfg->nr <= outp_nr && cfg->nr <= outp_bw)
-			failsafe = cfg;
+		if (cfg->nr <= outp_nr && cfg->nr <= outp_bw) {
+			/* Try to respect sink limits too when selecting
+			 * lowest link configuration.
+			 */
+			if (!failsafe ||
+			    (cfg->nr <= sink_nr && cfg->bw <= sink_bw))
+				failsafe = cfg;
+		}
+
 		if (failsafe && cfg[1].rate < dataKBps)
 			break;
 	}
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 022/118] mfd: twl6040: Fix device init errors for ACCCTL register
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (20 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 021/118] drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 023/118] perf/x86/intel: Allow PEBS multi-entry in watermark mode Greg Kroah-Hartman
                   ` (100 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Tony Lindgren, Peter Ujfalusi,
	Lee Jones, Sasha Levin

[ Upstream commit 48171d0ea7caccf21c9ee3ae75eb370f2a756062 ]

I noticed that we can get a -EREMOTEIO errors on at least omap4 duovero:

twl6040 0-004b: Failed to write 2d = 19: -121

And then any following register access will produce errors.

There 2d offset above is register ACCCTL that gets written on twl6040
powerup. With error checking added to the related regcache_sync() call,
the -EREMOTEIO error is reproducable on twl6040 powerup at least
duovero.

To fix the error, we need to wait until twl6040 is accessible after the
powerup. Based on tests on omap4 duovero, we need to wait over 8ms after
powerup before register write will complete without failures. Let's also
make sure we warn about possible errors too.

Note that we have twl6040_patch[] reg_sequence with the ACCCTL register
configuration and regcache_sync() will write the new value to ACCCTL.

Signed-off-by: Tony Lindgren <tony@atomide.com>
Acked-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/mfd/twl6040.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/drivers/mfd/twl6040.c b/drivers/mfd/twl6040.c
index dd19f17a1b63..2b8c479dbfa6 100644
--- a/drivers/mfd/twl6040.c
+++ b/drivers/mfd/twl6040.c
@@ -322,8 +322,19 @@ int twl6040_power(struct twl6040 *twl6040, int on)
 			}
 		}
 
+		/*
+		 * Register access can produce errors after power-up unless we
+		 * wait at least 8ms based on measurements on duovero.
+		 */
+		usleep_range(10000, 12000);
+
 		/* Sync with the HW */
-		regcache_sync(twl6040->regmap);
+		ret = regcache_sync(twl6040->regmap);
+		if (ret) {
+			dev_err(twl6040->dev, "Failed to sync with the HW: %i\n",
+				ret);
+			goto out;
+		}
 
 		/* Default PLL configuration after power up */
 		twl6040->pll = TWL6040_SYSCLK_SEL_LPPLL;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 023/118] perf/x86/intel: Allow PEBS multi-entry in watermark mode
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (21 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 022/118] mfd: twl6040: Fix device init errors for ACCCTL register Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 024/118] drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() mthd when encoders change Greg Kroah-Hartman
                   ` (99 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Stephane Eranian, Linus Torvalds,
	Peter Zijlstra, Thomas Gleixner, jolsa, kan.liang,
	vincent.weaver, Ingo Molnar, Sasha Levin

[ Upstream commit c7a286577d7592720c2f179aadfb325a1ff48c95 ]

This patch fixes a restriction/bug introduced by:

   583feb08e7f7 ("perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS")

The original patch prevented using multi-entry PEBS when wakeup_events != 0.
However given that wakeup_events is part of a union with wakeup_watermark, it
means that in watermark mode, PEBS multi-entry is also disabled which is not the
intent. This patch fixes this by checking is watermark mode is enabled.

Signed-off-by: Stephane Eranian <eranian@google.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: jolsa@redhat.com
Cc: kan.liang@intel.com
Cc: vincent.weaver@maine.edu
Fixes: 583feb08e7f7 ("perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS")
Link: http://lkml.kernel.org/r/20190514003400.224340-1-eranian@google.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/x86/events/intel/core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c
index 09c53bcbd497..c8b0bf2b0d5e 100644
--- a/arch/x86/events/intel/core.c
+++ b/arch/x86/events/intel/core.c
@@ -3072,7 +3072,7 @@ static int intel_pmu_hw_config(struct perf_event *event)
 		return ret;
 
 	if (event->attr.precise_ip) {
-		if (!(event->attr.freq || event->attr.wakeup_events)) {
+		if (!(event->attr.freq || (event->attr.wakeup_events && !event->attr.watermark))) {
 			event->hw.flags |= PERF_X86_EVENT_AUTO_RELOAD;
 			if (!(event->attr.sample_type &
 			      ~intel_pmu_large_pebs_flags(event)))
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 024/118] drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() mthd when encoders change
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (22 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 023/118] perf/x86/intel: Allow PEBS multi-entry in watermark mode Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 025/118] drm/bridge: adv7511: Fix low refresh rate selection Greg Kroah-Hartman
                   ` (98 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Lyude Paul, Ben Skeggs, Sasha Levin

[ Upstream commit a0b694d0af21c9993d1a39a75fd814bd48bf7eb4 ]

HW has error checks in place which check that pixel depth is explicitly
provided on DP, while HDMI has a "default" setting that we use.

In multi-display configurations with identical modelines, but different
protocols (HDMI + DP, in this case), it was possible for the DP head to
get swapped to the head which previously drove the HDMI output, without
updating HeadSetControlOutputResource(), triggering the error check and
hanging the core update.

Reported-by: Lyude Paul <lyude@redhat.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/nouveau/dispnv50/head.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/nouveau/dispnv50/head.c b/drivers/gpu/drm/nouveau/dispnv50/head.c
index 4f57e5379796..d81a99bb2ac3 100644
--- a/drivers/gpu/drm/nouveau/dispnv50/head.c
+++ b/drivers/gpu/drm/nouveau/dispnv50/head.c
@@ -306,7 +306,7 @@ nv50_head_atomic_check(struct drm_crtc *crtc, struct drm_crtc_state *state)
 			asyh->set.or = head->func->or != NULL;
 		}
 
-		if (asyh->state.mode_changed)
+		if (asyh->state.mode_changed || asyh->state.connectors_changed)
 			nv50_head_atomic_check_mode(head, asyh);
 
 		if (asyh->state.color_mgmt_changed ||
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 025/118] drm/bridge: adv7511: Fix low refresh rate selection
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (23 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 024/118] drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() mthd when encoders change Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 026/118] objtool: Dont use ignore flag for fake jumps Greg Kroah-Hartman
                   ` (97 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Laurent Pinchart, Matt Redfearn,
	Sean Paul, Sasha Levin

[ Upstream commit 67793bd3b3948dc8c8384b6430e036a30a0ecb43 ]

The driver currently sets register 0xfb (Low Refresh Rate) based on the
value of mode->vrefresh. Firstly, this field is specified to be in Hz,
but the magic numbers used by the code are Hz * 1000. This essentially
leads to the low refresh rate always being set to 0x01, since the
vrefresh value will always be less than 24000. Fix the magic numbers to
be in Hz.
Secondly, according to the comment in drm_modes.h, the field is not
supposed to be used in a functional way anyway. Instead, use the helper
function drm_mode_vrefresh().

Fixes: 9c8af882bf12 ("drm: Add adv7511 encoder driver")
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Matt Redfearn <matt.redfearn@thinci.com>
Signed-off-by: Sean Paul <seanpaul@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20190424132210.26338-1-matt.redfearn@thinci.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c b/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
index 85c2d407a52e..e7ddd3e3db92 100644
--- a/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
+++ b/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
@@ -747,11 +747,11 @@ static void adv7511_mode_set(struct adv7511 *adv7511,
 			vsync_polarity = 1;
 	}
 
-	if (mode->vrefresh <= 24000)
+	if (drm_mode_vrefresh(mode) <= 24)
 		low_refresh_rate = ADV7511_LOW_REFRESH_RATE_24HZ;
-	else if (mode->vrefresh <= 25000)
+	else if (drm_mode_vrefresh(mode) <= 25)
 		low_refresh_rate = ADV7511_LOW_REFRESH_RATE_25HZ;
-	else if (mode->vrefresh <= 30000)
+	else if (drm_mode_vrefresh(mode) <= 30)
 		low_refresh_rate = ADV7511_LOW_REFRESH_RATE_30HZ;
 	else
 		low_refresh_rate = ADV7511_LOW_REFRESH_RATE_NONE;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 026/118] objtool: Dont use ignore flag for fake jumps
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (24 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 025/118] drm/bridge: adv7511: Fix low refresh rate selection Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 027/118] drm/nouveau/kms/gv100-: fix spurious window immediate interlocks Greg Kroah-Hartman
                   ` (96 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Josh Poimboeuf, Linus Torvalds,
	Peter Zijlstra, Thomas Gleixner, Ingo Molnar, Sasha Levin

[ Upstream commit e6da9567959e164f82bc81967e0d5b10dee870b4 ]

The ignore flag is set on fake jumps in order to keep
add_jump_destinations() from setting their jump_dest, since it already
got set when the fake jump was created.

But using the ignore flag is a bit of a hack.  It's normally used to
skip validation of an instruction, which doesn't really make sense for
fake jumps.

Also, after the next patch, using the ignore flag for fake jumps can
trigger a false "why am I validating an ignored function?" warning.

Instead just add an explicit check in add_jump_destinations() to skip
fake jumps.

Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/71abc072ff48b2feccc197723a9c52859476c068.1557766718.git.jpoimboe@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/objtool/check.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/tools/objtool/check.c b/tools/objtool/check.c
index 46be34576620..02a47e365e52 100644
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -28,6 +28,8 @@
 #include <linux/hashtable.h>
 #include <linux/kernel.h>
 
+#define FAKE_JUMP_OFFSET -1
+
 struct alternative {
 	struct list_head list;
 	struct instruction *insn;
@@ -501,7 +503,7 @@ static int add_jump_destinations(struct objtool_file *file)
 		    insn->type != INSN_JUMP_UNCONDITIONAL)
 			continue;
 
-		if (insn->ignore)
+		if (insn->ignore || insn->offset == FAKE_JUMP_OFFSET)
 			continue;
 
 		rela = find_rela_by_dest_range(insn->sec, insn->offset,
@@ -670,10 +672,10 @@ static int handle_group_alt(struct objtool_file *file,
 		clear_insn_state(&fake_jump->state);
 
 		fake_jump->sec = special_alt->new_sec;
-		fake_jump->offset = -1;
+		fake_jump->offset = FAKE_JUMP_OFFSET;
 		fake_jump->type = INSN_JUMP_UNCONDITIONAL;
 		fake_jump->jump_dest = list_next_entry(last_orig_insn, list);
-		fake_jump->ignore = true;
+		fake_jump->func = orig_insn->func;
 	}
 
 	if (!special_alt->new_len) {
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 027/118] drm/nouveau/kms/gv100-: fix spurious window immediate interlocks
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (25 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 026/118] objtool: Dont use ignore flag for fake jumps Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 028/118] bpf: fix undefined behavior in narrow load handling Greg Kroah-Hartman
                   ` (95 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Lyude Paul, Ben Skeggs, Sasha Levin

[ Upstream commit d2434e4d942c32cadcbdbcd32c58f35098f3b604 ]

Cursor position updates were accidentally causing us to attempt to interlock
window with window immediate, and without a matching window immediate update,
NVDisplay could hang forever in some circumstances.

Fixes suspend/resume on (at least) Quadro RTX4000 (TU104).

Reported-by: Lyude Paul <lyude@redhat.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/nouveau/dispnv50/disp.h     | 1 +
 drivers/gpu/drm/nouveau/dispnv50/wimmc37b.c | 1 +
 drivers/gpu/drm/nouveau/dispnv50/wndw.c     | 2 +-
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.h b/drivers/gpu/drm/nouveau/dispnv50/disp.h
index e48c5eb35b49..66c125a6b0b3 100644
--- a/drivers/gpu/drm/nouveau/dispnv50/disp.h
+++ b/drivers/gpu/drm/nouveau/dispnv50/disp.h
@@ -41,6 +41,7 @@ struct nv50_disp_interlock {
 		NV50_DISP_INTERLOCK__SIZE
 	} type;
 	u32 data;
+	u32 wimm;
 };
 
 void corec37d_ntfy_init(struct nouveau_bo *, u32);
diff --git a/drivers/gpu/drm/nouveau/dispnv50/wimmc37b.c b/drivers/gpu/drm/nouveau/dispnv50/wimmc37b.c
index 9103b8494279..f7dbd965e4e7 100644
--- a/drivers/gpu/drm/nouveau/dispnv50/wimmc37b.c
+++ b/drivers/gpu/drm/nouveau/dispnv50/wimmc37b.c
@@ -75,6 +75,7 @@ wimmc37b_init_(const struct nv50_wimm_func *func, struct nouveau_drm *drm,
 		return ret;
 	}
 
+	wndw->interlock.wimm = wndw->interlock.data;
 	wndw->immd = func;
 	return 0;
 }
diff --git a/drivers/gpu/drm/nouveau/dispnv50/wndw.c b/drivers/gpu/drm/nouveau/dispnv50/wndw.c
index 2187922e8dc2..b3db4553098d 100644
--- a/drivers/gpu/drm/nouveau/dispnv50/wndw.c
+++ b/drivers/gpu/drm/nouveau/dispnv50/wndw.c
@@ -151,7 +151,7 @@ nv50_wndw_flush_set(struct nv50_wndw *wndw, u32 *interlock,
 	if (asyw->set.point) {
 		if (asyw->set.point = false, asyw->set.mask)
 			interlock[wndw->interlock.type] |= wndw->interlock.data;
-		interlock[NV50_DISP_INTERLOCK_WIMM] |= wndw->interlock.data;
+		interlock[NV50_DISP_INTERLOCK_WIMM] |= wndw->interlock.wimm;
 
 		wndw->immd->point(wndw, asyw);
 		wndw->immd->update(wndw, interlock);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 028/118] bpf: fix undefined behavior in narrow load handling
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (26 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 027/118] drm/nouveau/kms/gv100-: fix spurious window immediate interlocks Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 029/118] EDAC/mpc85xx: Prevent building as a module Greg Kroah-Hartman
                   ` (94 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Alban Crequy,
	Iago López Galeiras, Krzesimir Nowak, Yonghong Song,
	Daniel Borkmann, Sasha Levin

[ Upstream commit e2f7fc0ac6957cabff4cecf6c721979b571af208 ]

Commit 31fd85816dbe ("bpf: permits narrower load from bpf program
context fields") made the verifier add AND instructions to clear the
unwanted bits with a mask when doing a narrow load. The mask is
computed with

  (1 << size * 8) - 1

where "size" is the size of the narrow load. When doing a 4 byte load
of a an 8 byte field the verifier shifts the literal 1 by 32 places to
the left. This results in an overflow of a signed integer, which is an
undefined behavior. Typically, the computed mask was zero, so the
result of the narrow load ended up being zero too.

Cast the literal to long long to avoid overflows. Note that narrow
load of the 4 byte fields does not have the undefined behavior,
because the load size can only be either 1 or 2 bytes, so shifting 1
by 8 or 16 places will not overflow it. And reading 4 bytes would not
be a narrow load of a 4 bytes field.

Fixes: 31fd85816dbe ("bpf: permits narrower load from bpf program context fields")
Reviewed-by: Alban Crequy <alban@kinvolk.io>
Reviewed-by: Iago López Galeiras <iago@kinvolk.io>
Signed-off-by: Krzesimir Nowak <krzesimir@kinvolk.io>
Cc: Yonghong Song <yhs@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/bpf/verifier.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index acc2305ad895..d3580a68dbef 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -5743,7 +5743,7 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env)
 									insn->dst_reg,
 									shift);
 				insn_buf[cnt++] = BPF_ALU64_IMM(BPF_AND, insn->dst_reg,
-								(1 << size * 8) - 1);
+								(1ULL << size * 8) - 1);
 			}
 		}
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 029/118] EDAC/mpc85xx: Prevent building as a module
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (27 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 028/118] bpf: fix undefined behavior in narrow load handling Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 030/118] pwm: meson: Use the spin-lock only to protect register modifications Greg Kroah-Hartman
                   ` (93 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Michael Ellerman, Borislav Petkov,
	Johannes Thumshirn, James Morse, Mauro Carvalho Chehab,
	linux-edac, linuxppc-dev, morbidrsa, Sasha Levin

[ Upstream commit 2b8358a951b1e2a534a54924cd8245e58a1c5fb8 ]

The mpc85xx EDAC driver can be configured as a module but then fails to
build because it uses two unexported symbols:

  ERROR: ".pci_find_hose_for_OF_device" [drivers/edac/mpc85xx_edac_mod.ko] undefined!
  ERROR: ".early_find_capability" [drivers/edac/mpc85xx_edac_mod.ko] undefined!

We don't want to export those symbols just for this driver, so make the
driver only configurable as a built-in.

This seems to have been broken since at least

  c92132f59806 ("edac/85xx: Add PCIe error interrupt edac support")

(Nov 2013).

 [ bp: make it depend on EDAC=y so that the EDAC core doesn't get built
   as a module. ]

Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Johannes Thumshirn <jth@kernel.org>
Cc: James Morse <james.morse@arm.com>
Cc: Mauro Carvalho Chehab <mchehab@kernel.org>
Cc: linux-edac <linux-edac@vger.kernel.org>
Cc: linuxppc-dev@ozlabs.org
Cc: morbidrsa@gmail.com
Link: https://lkml.kernel.org/r/20190502141941.12927-1-mpe@ellerman.id.au
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/edac/Kconfig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/edac/Kconfig b/drivers/edac/Kconfig
index 57304b2e989f..b00cc03ad6b6 100644
--- a/drivers/edac/Kconfig
+++ b/drivers/edac/Kconfig
@@ -250,8 +250,8 @@ config EDAC_PND2
 	  micro-server but may appear on others in the future.
 
 config EDAC_MPC85XX
-	tristate "Freescale MPC83xx / MPC85xx"
-	depends on FSL_SOC
+	bool "Freescale MPC83xx / MPC85xx"
+	depends on FSL_SOC && EDAC=y
 	help
 	  Support for error detection and correction on the Freescale
 	  MPC8349, MPC8560, MPC8540, MPC8548, T4240
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 030/118] pwm: meson: Use the spin-lock only to protect register modifications
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (28 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 029/118] EDAC/mpc85xx: Prevent building as a module Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 031/118] mailbox: stm32-ipcc: check invalid irq Greg Kroah-Hartman
                   ` (92 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Martin Blumenstingl,
	Uwe Kleine-König, Neil Armstrong, Thierry Reding,
	Sasha Levin

[ Upstream commit f173747fffdf037c791405ab4f1ec0eb392fc48e ]

Holding the spin-lock for all of the code in meson_pwm_apply() can
result in a "BUG: scheduling while atomic". This can happen because
clk_get_rate() (which is called from meson_pwm_calc()) may sleep.
Only hold the spin-lock when modifying registers to solve this.

The reason why we need a spin-lock in the driver is because the
REG_MISC_AB register is shared between the two channels provided by one
PWM controller. The only functions where REG_MISC_AB is modified are
meson_pwm_enable() and meson_pwm_disable() so the register reads/writes
in there need to be protected by the spin-lock.

The original code also used the spin-lock to protect the values in
struct meson_pwm_channel. This could be necessary if two consumers can
use the same PWM channel. However, PWM core doesn't allow this so we
don't need to protect the values in struct meson_pwm_channel with a
lock.

Fixes: 211ed630753d2f ("pwm: Add support for Meson PWM Controller")
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Reviewed-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Reviewed-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Thierry Reding <thierry.reding@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pwm/pwm-meson.c | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/drivers/pwm/pwm-meson.c b/drivers/pwm/pwm-meson.c
index c1ed641b3e26..f6e738ad7bd9 100644
--- a/drivers/pwm/pwm-meson.c
+++ b/drivers/pwm/pwm-meson.c
@@ -111,6 +111,10 @@ struct meson_pwm {
 	const struct meson_pwm_data *data;
 	void __iomem *base;
 	u8 inverter_mask;
+	/*
+	 * Protects register (write) access to the REG_MISC_AB register
+	 * that is shared between the two PWMs.
+	 */
 	spinlock_t lock;
 };
 
@@ -235,6 +239,7 @@ static void meson_pwm_enable(struct meson_pwm *meson,
 {
 	u32 value, clk_shift, clk_enable, enable;
 	unsigned int offset;
+	unsigned long flags;
 
 	switch (id) {
 	case 0:
@@ -255,6 +260,8 @@ static void meson_pwm_enable(struct meson_pwm *meson,
 		return;
 	}
 
+	spin_lock_irqsave(&meson->lock, flags);
+
 	value = readl(meson->base + REG_MISC_AB);
 	value &= ~(MISC_CLK_DIV_MASK << clk_shift);
 	value |= channel->pre_div << clk_shift;
@@ -267,11 +274,14 @@ static void meson_pwm_enable(struct meson_pwm *meson,
 	value = readl(meson->base + REG_MISC_AB);
 	value |= enable;
 	writel(value, meson->base + REG_MISC_AB);
+
+	spin_unlock_irqrestore(&meson->lock, flags);
 }
 
 static void meson_pwm_disable(struct meson_pwm *meson, unsigned int id)
 {
 	u32 value, enable;
+	unsigned long flags;
 
 	switch (id) {
 	case 0:
@@ -286,9 +296,13 @@ static void meson_pwm_disable(struct meson_pwm *meson, unsigned int id)
 		return;
 	}
 
+	spin_lock_irqsave(&meson->lock, flags);
+
 	value = readl(meson->base + REG_MISC_AB);
 	value &= ~enable;
 	writel(value, meson->base + REG_MISC_AB);
+
+	spin_unlock_irqrestore(&meson->lock, flags);
 }
 
 static int meson_pwm_apply(struct pwm_chip *chip, struct pwm_device *pwm,
@@ -296,19 +310,16 @@ static int meson_pwm_apply(struct pwm_chip *chip, struct pwm_device *pwm,
 {
 	struct meson_pwm_channel *channel = pwm_get_chip_data(pwm);
 	struct meson_pwm *meson = to_meson_pwm(chip);
-	unsigned long flags;
 	int err = 0;
 
 	if (!state)
 		return -EINVAL;
 
-	spin_lock_irqsave(&meson->lock, flags);
-
 	if (!state->enabled) {
 		meson_pwm_disable(meson, pwm->hwpwm);
 		channel->state.enabled = false;
 
-		goto unlock;
+		return 0;
 	}
 
 	if (state->period != channel->state.period ||
@@ -329,7 +340,7 @@ static int meson_pwm_apply(struct pwm_chip *chip, struct pwm_device *pwm,
 		err = meson_pwm_calc(meson, channel, pwm->hwpwm,
 				     state->duty_cycle, state->period);
 		if (err < 0)
-			goto unlock;
+			return err;
 
 		channel->state.polarity = state->polarity;
 		channel->state.period = state->period;
@@ -341,9 +352,7 @@ static int meson_pwm_apply(struct pwm_chip *chip, struct pwm_device *pwm,
 		channel->state.enabled = true;
 	}
 
-unlock:
-	spin_unlock_irqrestore(&meson->lock, flags);
-	return err;
+	return 0;
 }
 
 static void meson_pwm_get_state(struct pwm_chip *chip, struct pwm_device *pwm,
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 031/118] mailbox: stm32-ipcc: check invalid irq
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (29 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 030/118] pwm: meson: Use the spin-lock only to protect register modifications Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 032/118] ntp: Allow TAI-UTC offset to be set to zero Greg Kroah-Hartman
                   ` (91 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Fabien Dessenne, Jassi Brar, Sasha Levin

[ Upstream commit 68a1c8485cf83734d4da9d81cd3b5d2ae7c0339b ]

On failure of_irq_get() returns a negative value or zero, which is
not handled as an error in the existing implementation.
Instead of using this API, use platform_get_irq() that returns
exclusively a negative value on failure.
Also, do not output an error log in case of defer probe error.

Signed-off-by: Fabien Dessenne <fabien.dessenne@st.com>
Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/mailbox/stm32-ipcc.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/drivers/mailbox/stm32-ipcc.c b/drivers/mailbox/stm32-ipcc.c
index 533b0da5235d..ca1f993c0de3 100644
--- a/drivers/mailbox/stm32-ipcc.c
+++ b/drivers/mailbox/stm32-ipcc.c
@@ -8,9 +8,9 @@
 #include <linux/bitfield.h>
 #include <linux/clk.h>
 #include <linux/interrupt.h>
+#include <linux/io.h>
 #include <linux/mailbox_controller.h>
 #include <linux/module.h>
-#include <linux/of_irq.h>
 #include <linux/platform_device.h>
 #include <linux/pm_wakeirq.h>
 
@@ -240,9 +240,11 @@ static int stm32_ipcc_probe(struct platform_device *pdev)
 
 	/* irq */
 	for (i = 0; i < IPCC_IRQ_NUM; i++) {
-		ipcc->irqs[i] = of_irq_get_byname(dev->of_node, irq_name[i]);
+		ipcc->irqs[i] = platform_get_irq_byname(pdev, irq_name[i]);
 		if (ipcc->irqs[i] < 0) {
-			dev_err(dev, "no IRQ specified %s\n", irq_name[i]);
+			if (ipcc->irqs[i] != -EPROBE_DEFER)
+				dev_err(dev, "no IRQ specified %s\n",
+					irq_name[i]);
 			ret = ipcc->irqs[i];
 			goto err_clk;
 		}
@@ -263,9 +265,10 @@ static int stm32_ipcc_probe(struct platform_device *pdev)
 
 	/* wakeup */
 	if (of_property_read_bool(np, "wakeup-source")) {
-		ipcc->wkp = of_irq_get_byname(dev->of_node, "wakeup");
+		ipcc->wkp = platform_get_irq_byname(pdev, "wakeup");
 		if (ipcc->wkp < 0) {
-			dev_err(dev, "could not get wakeup IRQ\n");
+			if (ipcc->wkp != -EPROBE_DEFER)
+				dev_err(dev, "could not get wakeup IRQ\n");
 			ret = ipcc->wkp;
 			goto err_clk;
 		}
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 032/118] ntp: Allow TAI-UTC offset to be set to zero
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (30 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 031/118] mailbox: stm32-ipcc: check invalid irq Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 033/118] f2fs: fix to avoid panic in do_recover_data() Greg Kroah-Hartman
                   ` (90 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ondrej Mosnacek, Miroslav Lichvar,
	Thomas Gleixner, John Stultz, Richard Cochran, Prarit Bhargava,
	Sasha Levin

[ Upstream commit fdc6bae940ee9eb869e493990540098b8c0fd6ab ]

The ADJ_TAI adjtimex mode sets the TAI-UTC offset of the system clock.
It is typically set by NTP/PTP implementations and it is automatically
updated by the kernel on leap seconds. The initial value is zero (which
applications may interpret as unknown), but this value cannot be set by
adjtimex. This limitation seems to go back to the original "nanokernel"
implementation by David Mills.

Change the ADJ_TAI check to accept zero as a valid TAI-UTC offset in
order to allow setting it back to the initial value.

Fixes: 153b5d054ac2 ("ntp: support for TAI")
Suggested-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: John Stultz <john.stultz@linaro.org>
Cc: Richard Cochran <richardcochran@gmail.com>
Cc: Prarit Bhargava <prarit@redhat.com>
Link: https://lkml.kernel.org/r/20190417084833.7401-1-mlichvar@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/time/ntp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c
index c5e0cba3b39c..6b23cd584295 100644
--- a/kernel/time/ntp.c
+++ b/kernel/time/ntp.c
@@ -698,7 +698,7 @@ static inline void process_adjtimex_modes(const struct timex *txc, s32 *time_tai
 		time_constant = max(time_constant, 0l);
 	}
 
-	if (txc->modes & ADJ_TAI && txc->constant > 0)
+	if (txc->modes & ADJ_TAI && txc->constant >= 0)
 		*time_tai = txc->constant;
 
 	if (txc->modes & ADJ_OFFSET)
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 033/118] f2fs: fix to avoid panic in do_recover_data()
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (31 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 032/118] ntp: Allow TAI-UTC offset to be set to zero Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 034/118] f2fs: fix to avoid panic in f2fs_inplace_write_data() Greg Kroah-Hartman
                   ` (89 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim, Sasha Levin

[ Upstream commit 22d61e286e2d9097dae36f75ed48801056b77cac ]

As Jungyeon reported in bugzilla:

https://bugzilla.kernel.org/show_bug.cgi?id=203227

- Overview
When mounting the attached crafted image, following errors are reported.
Additionally, it hangs on sync after trying to mount it.

The image is intentionally fuzzed from a normal f2fs image for testing.
Compile options for F2FS are as follows.
CONFIG_F2FS_FS=y
CONFIG_F2FS_STAT_FS=y
CONFIG_F2FS_FS_XATTR=y
CONFIG_F2FS_FS_POSIX_ACL=y
CONFIG_F2FS_CHECK_FS=y

- Reproduces
mkdir test
mount -t f2fs tmp.img test
sync

- Messages
 kernel BUG at fs/f2fs/recovery.c:549!
 RIP: 0010:recover_data+0x167a/0x1780
 Call Trace:
  f2fs_recover_fsync_data+0x613/0x710
  f2fs_fill_super+0x1043/0x1aa0
  mount_bdev+0x16d/0x1a0
  mount_fs+0x4a/0x170
  vfs_kern_mount+0x5d/0x100
  do_mount+0x200/0xcf0
  ksys_mount+0x79/0xc0
  __x64_sys_mount+0x1c/0x20
  do_syscall_64+0x43/0xf0
  entry_SYSCALL_64_after_hwframe+0x44/0xa9

During recovery, if ofs_of_node is inconsistent in between recovered
node page and original checkpointed node page, let's just fail recovery
instead of making kernel panic.

Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/f2fs/recovery.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/fs/f2fs/recovery.c b/fs/f2fs/recovery.c
index ae0e5f2e67b4..bf5c5f4fa77e 100644
--- a/fs/f2fs/recovery.c
+++ b/fs/f2fs/recovery.c
@@ -485,7 +485,15 @@ retry_dn:
 		goto err;
 
 	f2fs_bug_on(sbi, ni.ino != ino_of_node(page));
-	f2fs_bug_on(sbi, ofs_of_node(dn.node_page) != ofs_of_node(page));
+
+	if (ofs_of_node(dn.node_page) != ofs_of_node(page)) {
+		f2fs_msg(sbi->sb, KERN_WARNING,
+			"Inconsistent ofs_of_node, ino:%lu, ofs:%u, %u",
+			inode->i_ino, ofs_of_node(dn.node_page),
+			ofs_of_node(page));
+		err = -EFAULT;
+		goto err;
+	}
 
 	for (; start < end; start++, dn.ofs_in_node++) {
 		block_t src, dest;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 034/118] f2fs: fix to avoid panic in f2fs_inplace_write_data()
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (32 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 033/118] f2fs: fix to avoid panic in do_recover_data() Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-16 19:54   ` Pavel Machek
  2019-06-13  8:32 ` [PATCH 4.19 035/118] f2fs: fix to avoid panic in f2fs_remove_inode_page() Greg Kroah-Hartman
                   ` (88 subsequent siblings)
  122 siblings, 1 reply; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim, Sasha Levin

[ Upstream commit 05573d6ccf702df549a7bdeabef31e4753df1a90 ]

As Jungyeon reported in bugzilla:

https://bugzilla.kernel.org/show_bug.cgi?id=203239

- Overview
When mounting the attached crafted image and running program, following errors are reported.
Additionally, it hangs on sync after running program.

The image is intentionally fuzzed from a normal f2fs image for testing.
Compile options for F2FS are as follows.
CONFIG_F2FS_FS=y
CONFIG_F2FS_STAT_FS=y
CONFIG_F2FS_FS_XATTR=y
CONFIG_F2FS_FS_POSIX_ACL=y
CONFIG_F2FS_CHECK_FS=y

- Reproduces
cc poc_15.c
./run.sh f2fs
sync

- Kernel messages
 ------------[ cut here ]------------
 kernel BUG at fs/f2fs/segment.c:3162!
 RIP: 0010:f2fs_inplace_write_data+0x12d/0x160
 Call Trace:
  f2fs_do_write_data_page+0x3c1/0x820
  __write_data_page+0x156/0x720
  f2fs_write_cache_pages+0x20d/0x460
  f2fs_write_data_pages+0x1b4/0x300
  do_writepages+0x15/0x60
  __filemap_fdatawrite_range+0x7c/0xb0
  file_write_and_wait_range+0x2c/0x80
  f2fs_do_sync_file+0x102/0x810
  do_fsync+0x33/0x60
  __x64_sys_fsync+0xb/0x10
  do_syscall_64+0x43/0xf0
  entry_SYSCALL_64_after_hwframe+0x44/0xa9

The reason is f2fs_inplace_write_data() will trigger kernel panic due
to data block locates in node type segment.

To avoid panic, let's just return error code and set SBI_NEED_FSCK to
give a hint to fsck for latter repairing.

Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/f2fs/segment.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
index 03fa2c4d3d79..8fc3edb6760c 100644
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -3069,13 +3069,18 @@ int f2fs_inplace_write_data(struct f2fs_io_info *fio)
 {
 	int err;
 	struct f2fs_sb_info *sbi = fio->sbi;
+	unsigned int segno;
 
 	fio->new_blkaddr = fio->old_blkaddr;
 	/* i/o temperature is needed for passing down write hints */
 	__get_segment_type(fio);
 
-	f2fs_bug_on(sbi, !IS_DATASEG(get_seg_entry(sbi,
-			GET_SEGNO(sbi, fio->new_blkaddr))->type));
+	segno = GET_SEGNO(sbi, fio->new_blkaddr);
+
+	if (!IS_DATASEG(get_seg_entry(sbi, segno)->type)) {
+		set_sbi_flag(sbi, SBI_NEED_FSCK);
+		return -EFAULT;
+	}
 
 	stat_inc_inplace_blocks(fio->sbi);
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 035/118] f2fs: fix to avoid panic in f2fs_remove_inode_page()
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (33 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 034/118] f2fs: fix to avoid panic in f2fs_inplace_write_data() Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 036/118] f2fs: fix to do sanity check on free nid Greg Kroah-Hartman
                   ` (87 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim, Sasha Levin

[ Upstream commit 8b6810f8acfe429fde7c7dad4714692cc5f75651 ]

As Jungyeon reported in bugzilla:

https://bugzilla.kernel.org/show_bug.cgi?id=203219

- Overview
When mounting the attached crafted image and running program, I got this error.
Additionally, it hangs on sync after running the program.

The image is intentionally fuzzed from a normal f2fs image for testing and I enabled option CONFIG_F2FS_CHECK_FS on.

- Reproduces
cc poc_06.c
mkdir test
mount -t f2fs tmp.img test
cp a.out test
cd test
sudo ./a.out
sync

- Messages
 kernel BUG at fs/f2fs/node.c:1183!
 RIP: 0010:f2fs_remove_inode_page+0x294/0x2d0
 Call Trace:
  f2fs_evict_inode+0x2a3/0x3a0
  evict+0xba/0x180
  __dentry_kill+0xbe/0x160
  dentry_kill+0x46/0x180
  dput+0xbb/0x100
  do_renameat2+0x3c9/0x550
  __x64_sys_rename+0x17/0x20
  do_syscall_64+0x43/0xf0
  entry_SYSCALL_64_after_hwframe+0x44/0xa9

The reason is f2fs_remove_inode_page() will trigger kernel panic due to
inconsistent i_blocks value of inode.

To avoid panic, let's just print debug message and set SBI_NEED_FSCK to
give a hint to fsck for latter repairing of potential image corruption.

Signed-off-by: Chao Yu <yuchao0@huawei.com>
[Jaegeuk Kim: fix build warning and add unlikely]
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/f2fs/node.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c
index 19a0d83aae65..807a77518a49 100644
--- a/fs/f2fs/node.c
+++ b/fs/f2fs/node.c
@@ -1180,8 +1180,14 @@ int f2fs_remove_inode_page(struct inode *inode)
 		f2fs_put_dnode(&dn);
 		return -EIO;
 	}
-	f2fs_bug_on(F2FS_I_SB(inode),
-			inode->i_blocks != 0 && inode->i_blocks != 8);
+
+	if (unlikely(inode->i_blocks != 0 && inode->i_blocks != 8)) {
+		f2fs_msg(F2FS_I_SB(inode)->sb, KERN_WARNING,
+			"Inconsistent i_blocks, ino:%lu, iblocks:%llu",
+			inode->i_ino,
+			(unsigned long long)inode->i_blocks);
+		set_sbi_flag(F2FS_I_SB(inode), SBI_NEED_FSCK);
+	}
 
 	/* will put inode & node pages */
 	err = truncate_node(&dn);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 036/118] f2fs: fix to do sanity check on free nid
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (34 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 035/118] f2fs: fix to avoid panic in f2fs_remove_inode_page() Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 037/118] f2fs: fix to clear dirty inode in error path of f2fs_iget() Greg Kroah-Hartman
                   ` (86 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim, Sasha Levin

[ Upstream commit 626bcf2b7ce87211dba565f2bfa7842ba5be5c1b ]

As Jungyeon reported in bugzilla:

https://bugzilla.kernel.org/show_bug.cgi?id=203225

- Overview
When mounting the attached crafted image and unmounting it, following errors are reported.
Additionally, it hangs on sync after unmounting.

The image is intentionally fuzzed from a normal f2fs image for testing.
Compile options for F2FS are as follows.
CONFIG_F2FS_FS=y
CONFIG_F2FS_STAT_FS=y
CONFIG_F2FS_FS_XATTR=y
CONFIG_F2FS_FS_POSIX_ACL=y
CONFIG_F2FS_CHECK_FS=y

- Reproduces
mkdir test
mount -t f2fs tmp.img test
touch test/t
umount test
sync

- Messages
 kernel BUG at fs/f2fs/node.c:3073!
 RIP: 0010:f2fs_destroy_node_manager+0x2f0/0x300
 Call Trace:
  f2fs_put_super+0xf4/0x270
  generic_shutdown_super+0x62/0x110
  kill_block_super+0x1c/0x50
  kill_f2fs_super+0xad/0xd0
  deactivate_locked_super+0x35/0x60
  cleanup_mnt+0x36/0x70
  task_work_run+0x75/0x90
  exit_to_usermode_loop+0x93/0xa0
  do_syscall_64+0xba/0xf0
  entry_SYSCALL_64_after_hwframe+0x44/0xa9
 RIP: 0010:f2fs_destroy_node_manager+0x2f0/0x300

NAT table is corrupted, so reserved meta/node inode ids were added into
free list incorrectly, during file creation, since reserved id has cached
in inode hash, so it fails the creation and preallocated nid can not be
released later, result in kernel panic.

To fix this issue, let's do nid boundary check during free nid loading.

Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/f2fs/node.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c
index 807a77518a49..34c3f732601c 100644
--- a/fs/f2fs/node.c
+++ b/fs/f2fs/node.c
@@ -2079,6 +2079,9 @@ static bool add_free_nid(struct f2fs_sb_info *sbi,
 	if (unlikely(nid == 0))
 		return false;
 
+	if (unlikely(f2fs_check_nid_range(sbi, nid)))
+		return false;
+
 	i = f2fs_kmem_cache_alloc(free_nid_slab, GFP_NOFS);
 	i->nid = nid;
 	i->state = FREE_NID;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 037/118] f2fs: fix to clear dirty inode in error path of f2fs_iget()
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (35 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 036/118] f2fs: fix to do sanity check on free nid Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 038/118] f2fs: fix to avoid panic in dec_valid_block_count() Greg Kroah-Hartman
                   ` (85 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim, Sasha Levin

[ Upstream commit 546d22f070d64a7b96f57c93333772085d3a5e6d ]

As Jungyeon reported in bugzilla:

https://bugzilla.kernel.org/show_bug.cgi?id=203217

- Overview
When mounting the attached crafted image and running program, I got this error.
Additionally, it hangs on sync after running the program.

The image is intentionally fuzzed from a normal f2fs image for testing and I enabled option CONFIG_F2FS_CHECK_FS on.

- Reproduces
cc poc_test_05.c
mkdir test
mount -t f2fs tmp.img test
sudo ./a.out
sync

- Messages
 kernel BUG at fs/f2fs/inode.c:707!
 RIP: 0010:f2fs_evict_inode+0x33f/0x3a0
 Call Trace:
  evict+0xba/0x180
  f2fs_iget+0x598/0xdf0
  f2fs_lookup+0x136/0x320
  __lookup_slow+0x92/0x140
  lookup_slow+0x30/0x50
  walk_component+0x1c1/0x350
  path_lookupat+0x62/0x200
  filename_lookup+0xb3/0x1a0
  do_readlinkat+0x56/0x110
  __x64_sys_readlink+0x16/0x20
  do_syscall_64+0x43/0xf0
  entry_SYSCALL_64_after_hwframe+0x44/0xa9

During inode loading, __recover_inline_status() can recovery inode status
and set inode dirty, once we failed in following process, it will fail
the check in f2fs_evict_inode, result in trigger BUG_ON().

Let's clear dirty inode in error path of f2fs_iget() to avoid panic.

Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/f2fs/inode.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c
index dd608b819a3c..fae9570e6860 100644
--- a/fs/f2fs/inode.c
+++ b/fs/f2fs/inode.c
@@ -476,6 +476,7 @@ make_now:
 	return inode;
 
 bad_inode:
+	f2fs_inode_synced(inode);
 	iget_failed(inode);
 	trace_f2fs_iget_exit(inode, ret);
 	return ERR_PTR(ret);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 038/118] f2fs: fix to avoid panic in dec_valid_block_count()
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (36 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 037/118] f2fs: fix to clear dirty inode in error path of f2fs_iget() Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 039/118] f2fs: fix to use inline space only if inline_xattr is enable Greg Kroah-Hartman
                   ` (84 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim, Sasha Levin

[ Upstream commit 5e159cd349bf3a31fb7e35c23a93308eb30f4f71 ]

As Jungyeon reported in bugzilla:

https://bugzilla.kernel.org/show_bug.cgi?id=203209

- Overview
When mounting the attached crafted image and running program, I got this error.
Additionally, it hangs on sync after the this script.

The image is intentionally fuzzed from a normal f2fs image for testing and I enabled option CONFIG_F2FS_CHECK_FS on.

- Reproduces
cc poc_01.c
./run.sh f2fs
sync

 kernel BUG at fs/f2fs/f2fs.h:1788!
 RIP: 0010:f2fs_truncate_data_blocks_range+0x342/0x350
 Call Trace:
  f2fs_truncate_blocks+0x36d/0x3c0
  f2fs_truncate+0x88/0x110
  f2fs_setattr+0x3e1/0x460
  notify_change+0x2da/0x400
  do_truncate+0x6d/0xb0
  do_sys_ftruncate+0xf1/0x160
  do_syscall_64+0x43/0xf0
  entry_SYSCALL_64_after_hwframe+0x44/0xa9

The reason is dec_valid_block_count() will trigger kernel panic due to
inconsistent count in between inode.i_blocks and actual block.

To avoid panic, let's just print debug message and set SBI_NEED_FSCK to
give a hint to fsck for latter repairing.

Signed-off-by: Chao Yu <yuchao0@huawei.com>
[Jaegeuk Kim: fix build warning and add unlikely]
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/f2fs/f2fs.h | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index a4b6eacf22ea..64f970cca1b4 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -1744,6 +1744,7 @@ enospc:
 	return -ENOSPC;
 }
 
+void f2fs_msg(struct super_block *sb, const char *level, const char *fmt, ...);
 static inline void dec_valid_block_count(struct f2fs_sb_info *sbi,
 						struct inode *inode,
 						block_t count)
@@ -1752,13 +1753,21 @@ static inline void dec_valid_block_count(struct f2fs_sb_info *sbi,
 
 	spin_lock(&sbi->stat_lock);
 	f2fs_bug_on(sbi, sbi->total_valid_block_count < (block_t) count);
-	f2fs_bug_on(sbi, inode->i_blocks < sectors);
 	sbi->total_valid_block_count -= (block_t)count;
 	if (sbi->reserved_blocks &&
 		sbi->current_reserved_blocks < sbi->reserved_blocks)
 		sbi->current_reserved_blocks = min(sbi->reserved_blocks,
 					sbi->current_reserved_blocks + count);
 	spin_unlock(&sbi->stat_lock);
+	if (unlikely(inode->i_blocks < sectors)) {
+		f2fs_msg(sbi->sb, KERN_WARNING,
+			"Inconsistent i_blocks, ino:%lu, iblocks:%llu, sectors:%llu",
+			inode->i_ino,
+			(unsigned long long)inode->i_blocks,
+			(unsigned long long)sectors);
+		set_sbi_flag(sbi, SBI_NEED_FSCK);
+		return;
+	}
 	f2fs_i_blocks_write(inode, count, false, true);
 }
 
@@ -2727,7 +2736,6 @@ static inline void f2fs_update_iostat(struct f2fs_sb_info *sbi,
 
 bool f2fs_is_valid_blkaddr(struct f2fs_sb_info *sbi,
 					block_t blkaddr, int type);
-void f2fs_msg(struct super_block *sb, const char *level, const char *fmt, ...);
 static inline void verify_blkaddr(struct f2fs_sb_info *sbi,
 					block_t blkaddr, int type)
 {
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 039/118] f2fs: fix to use inline space only if inline_xattr is enable
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (37 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 038/118] f2fs: fix to avoid panic in dec_valid_block_count() Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 040/118] f2fs: fix to do sanity check on valid block count of segment Greg Kroah-Hartman
                   ` (83 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim, Sasha Levin

[ Upstream commit 622927f3b8809206f6da54a6a7ed4df1a7770fce ]

With below mkfs and mount option:

MKFS_OPTIONS  -- -O extra_attr -O project_quota -O inode_checksum -O flexible_inline_xattr -O inode_crtime -f
MOUNT_OPTIONS -- -o noinline_xattr

We may miss xattr data with below testcase:
- mkdir dir
- setfattr -n "user.name" -v 0 dir
- for ((i = 0; i < 190; i++)) do touch dir/$i; done
- umount
- mount
- getfattr -n "user.name" dir

user.name: No such attribute

The root cause is that we persist xattr data into reserved inline xattr
space, even if inline_xattr is not enable in inline directory inode, after
inline dentry conversion, reserved space no longer exists, so that xattr
data missed.

Let's use inline xattr space only if inline_xattr flag is set on inode
to fix this iusse.

Fixes: 6afc662e68b5 ("f2fs: support flexible inline xattr size")
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/f2fs/f2fs.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index 64f970cca1b4..44ea7ac69ef4 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -2497,7 +2497,9 @@ static inline void *inline_xattr_addr(struct inode *inode, struct page *page)
 
 static inline int inline_xattr_size(struct inode *inode)
 {
-	return get_inline_xattr_addrs(inode) * sizeof(__le32);
+	if (f2fs_has_inline_xattr(inode))
+		return get_inline_xattr_addrs(inode) * sizeof(__le32);
+	return 0;
 }
 
 static inline int f2fs_has_inline_data(struct inode *inode)
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 040/118] f2fs: fix to do sanity check on valid block count of segment
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (38 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 039/118] f2fs: fix to use inline space only if inline_xattr is enable Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:32 ` [PATCH 4.19 041/118] f2fs: fix to do checksum even if inode page is uptodate Greg Kroah-Hartman
                   ` (82 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim, Sasha Levin

[ Upstream commit e95bcdb2fefa129f37bd9035af1d234ca92ee4ef ]

As Jungyeon reported in bugzilla:

https://bugzilla.kernel.org/show_bug.cgi?id=203233

- Overview
When mounting the attached crafted image and running program, following errors are reported.
Additionally, it hangs on sync after running program.

The image is intentionally fuzzed from a normal f2fs image for testing.
Compile options for F2FS are as follows.
CONFIG_F2FS_FS=y
CONFIG_F2FS_STAT_FS=y
CONFIG_F2FS_FS_XATTR=y
CONFIG_F2FS_FS_POSIX_ACL=y
CONFIG_F2FS_CHECK_FS=y

- Reproduces
cc poc_13.c
mkdir test
mount -t f2fs tmp.img test
cp a.out test
cd test
sudo ./a.out
sync

- Kernel messages
 F2FS-fs (sdb): Bitmap was wrongly set, blk:4608
 kernel BUG at fs/f2fs/segment.c:2102!
 RIP: 0010:update_sit_entry+0x394/0x410
 Call Trace:
  f2fs_allocate_data_block+0x16f/0x660
  do_write_page+0x62/0x170
  f2fs_do_write_node_page+0x33/0xa0
  __write_node_page+0x270/0x4e0
  f2fs_sync_node_pages+0x5df/0x670
  f2fs_write_checkpoint+0x372/0x1400
  f2fs_sync_fs+0xa3/0x130
  f2fs_do_sync_file+0x1a6/0x810
  do_fsync+0x33/0x60
  __x64_sys_fsync+0xb/0x10
  do_syscall_64+0x43/0xf0
  entry_SYSCALL_64_after_hwframe+0x44/0xa9

sit.vblocks and sum valid block count in sit.valid_map may be
inconsistent, segment w/ zero vblocks will be treated as free
segment, while allocating in free segment, we may allocate a
free block, if its bitmap is valid previously, it can cause
kernel crash due to bitmap verification failure.

Anyway, to avoid further serious metadata inconsistence and
corruption, it is necessary and worth to detect SIT
inconsistence. So let's enable check_block_count() to verify
vblocks and valid_map all the time rather than do it only
CONFIG_F2FS_CHECK_FS is enabled.

Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/f2fs/segment.h | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/fs/f2fs/segment.h b/fs/f2fs/segment.h
index b3d9e317ff0c..5079532cb176 100644
--- a/fs/f2fs/segment.h
+++ b/fs/f2fs/segment.h
@@ -660,7 +660,6 @@ static inline void verify_block_addr(struct f2fs_io_info *fio, block_t blk_addr)
 static inline int check_block_count(struct f2fs_sb_info *sbi,
 		int segno, struct f2fs_sit_entry *raw_sit)
 {
-#ifdef CONFIG_F2FS_CHECK_FS
 	bool is_valid  = test_bit_le(0, raw_sit->valid_map) ? true : false;
 	int valid_blocks = 0;
 	int cur_pos = 0, next_pos;
@@ -687,7 +686,7 @@ static inline int check_block_count(struct f2fs_sb_info *sbi,
 		set_sbi_flag(sbi, SBI_NEED_FSCK);
 		return -EINVAL;
 	}
-#endif
+
 	/* check segment usage, and check boundary of a given segment number */
 	if (unlikely(GET_SIT_VBLOCKS(raw_sit) > sbi->blocks_per_seg
 					|| segno > TOTAL_SEGS(sbi) - 1)) {
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 041/118] f2fs: fix to do checksum even if inode page is uptodate
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (39 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 040/118] f2fs: fix to do sanity check on valid block count of segment Greg Kroah-Hartman
@ 2019-06-13  8:32 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 042/118] percpu: remove spurious lock dependency between percpu and sched Greg Kroah-Hartman
                   ` (81 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:32 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim, Sasha Levin

[ Upstream commit b42b179bda9ff11075a6fc2bac4d9e400513679a ]

As Jungyeon reported in bugzilla:

https://bugzilla.kernel.org/show_bug.cgi?id=203221

- Overview
When mounting the attached crafted image and running program, this error is reported.

The image is intentionally fuzzed from a normal f2fs image for testing and I enabled option CONFIG_F2FS_CHECK_FS on.

- Reproduces
cc poc_07.c
mkdir test
mount -t f2fs tmp.img test
cp a.out test
cd test
sudo ./a.out

- Messages
 kernel BUG at fs/f2fs/node.c:1279!
 RIP: 0010:read_node_page+0xcf/0xf0
 Call Trace:
  __get_node_page+0x6b/0x2f0
  f2fs_iget+0x8f/0xdf0
  f2fs_lookup+0x136/0x320
  __lookup_slow+0x92/0x140
  lookup_slow+0x30/0x50
  walk_component+0x1c1/0x350
  path_lookupat+0x62/0x200
  filename_lookup+0xb3/0x1a0
  do_fchmodat+0x3e/0xa0
  __x64_sys_chmod+0x12/0x20
  do_syscall_64+0x43/0xf0
  entry_SYSCALL_64_after_hwframe+0x44/0xa9

On below paths, we can have opportunity to readahead inode page
- gc_node_segment -> f2fs_ra_node_page
- gc_data_segment -> f2fs_ra_node_page
- f2fs_fill_dentries -> f2fs_ra_node_page

Unlike synchronized read, on readahead path, we can set page uptodate
before verifying page's checksum, then read_node_page() will trigger
kernel panic once it encounters a uptodated page w/ incorrect checksum.

So considering readahead scenario, we have to do checksum each time
when loading inode page even if it is uptodated.

Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/f2fs/inode.c | 4 ++--
 fs/f2fs/node.c  | 7 ++++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c
index fae9570e6860..0f31df01e36c 100644
--- a/fs/f2fs/inode.c
+++ b/fs/f2fs/inode.c
@@ -179,8 +179,8 @@ bool f2fs_inode_chksum_verify(struct f2fs_sb_info *sbi, struct page *page)
 
 	if (provided != calculated)
 		f2fs_msg(sbi->sb, KERN_WARNING,
-			"checksum invalid, ino = %x, %x vs. %x",
-			ino_of_node(page), provided, calculated);
+			"checksum invalid, nid = %lu, ino_of_node = %x, %x vs. %x",
+			page->index, ino_of_node(page), provided, calculated);
 
 	return provided == calculated;
 }
diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c
index 34c3f732601c..e2d9edad758c 100644
--- a/fs/f2fs/node.c
+++ b/fs/f2fs/node.c
@@ -1282,9 +1282,10 @@ static int read_node_page(struct page *page, int op_flags)
 	int err;
 
 	if (PageUptodate(page)) {
-#ifdef CONFIG_F2FS_CHECK_FS
-		f2fs_bug_on(sbi, !f2fs_inode_chksum_verify(sbi, page));
-#endif
+		if (!f2fs_inode_chksum_verify(sbi, page)) {
+			ClearPageUptodate(page);
+			return -EBADMSG;
+		}
 		return LOCKED_PAGE;
 	}
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 042/118] percpu: remove spurious lock dependency between percpu and sched
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (40 preceding siblings ...)
  2019-06-13  8:32 ` [PATCH 4.19 041/118] f2fs: fix to do checksum even if inode page is uptodate Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 043/118] configfs: fix possible use-after-free in configfs_register_group Greg Kroah-Hartman
                   ` (80 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, John Sperbeck, Dennis Zhou, Sasha Levin

[ Upstream commit 198790d9a3aeaef5792d33a560020861126edc22 ]

In free_percpu() we sometimes call pcpu_schedule_balance_work() to
queue a work item (which does a wakeup) while holding pcpu_lock.
This creates an unnecessary lock dependency between pcpu_lock and
the scheduler's pi_lock.  There are other places where we call
pcpu_schedule_balance_work() without hold pcpu_lock, and this case
doesn't need to be different.

Moving the call outside the lock prevents the following lockdep splat
when running tools/testing/selftests/bpf/{test_maps,test_progs} in
sequence with lockdep enabled:

======================================================
WARNING: possible circular locking dependency detected
5.1.0-dbg-DEV #1 Not tainted
------------------------------------------------------
kworker/23:255/18872 is trying to acquire lock:
000000000bc79290 (&(&pool->lock)->rlock){-.-.}, at: __queue_work+0xb2/0x520

but task is already holding lock:
00000000e3e7a6aa (pcpu_lock){..-.}, at: free_percpu+0x36/0x260

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #4 (pcpu_lock){..-.}:
       lock_acquire+0x9e/0x180
       _raw_spin_lock_irqsave+0x3a/0x50
       pcpu_alloc+0xfa/0x780
       __alloc_percpu_gfp+0x12/0x20
       alloc_htab_elem+0x184/0x2b0
       __htab_percpu_map_update_elem+0x252/0x290
       bpf_percpu_hash_update+0x7c/0x130
       __do_sys_bpf+0x1912/0x1be0
       __x64_sys_bpf+0x1a/0x20
       do_syscall_64+0x59/0x400
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #3 (&htab->buckets[i].lock){....}:
       lock_acquire+0x9e/0x180
       _raw_spin_lock_irqsave+0x3a/0x50
       htab_map_update_elem+0x1af/0x3a0

-> #2 (&rq->lock){-.-.}:
       lock_acquire+0x9e/0x180
       _raw_spin_lock+0x2f/0x40
       task_fork_fair+0x37/0x160
       sched_fork+0x211/0x310
       copy_process.part.43+0x7b1/0x2160
       _do_fork+0xda/0x6b0
       kernel_thread+0x29/0x30
       rest_init+0x22/0x260
       arch_call_rest_init+0xe/0x10
       start_kernel+0x4fd/0x520
       x86_64_start_reservations+0x24/0x26
       x86_64_start_kernel+0x6f/0x72
       secondary_startup_64+0xa4/0xb0

-> #1 (&p->pi_lock){-.-.}:
       lock_acquire+0x9e/0x180
       _raw_spin_lock_irqsave+0x3a/0x50
       try_to_wake_up+0x41/0x600
       wake_up_process+0x15/0x20
       create_worker+0x16b/0x1e0
       workqueue_init+0x279/0x2ee
       kernel_init_freeable+0xf7/0x288
       kernel_init+0xf/0x180
       ret_from_fork+0x24/0x30

-> #0 (&(&pool->lock)->rlock){-.-.}:
       __lock_acquire+0x101f/0x12a0
       lock_acquire+0x9e/0x180
       _raw_spin_lock+0x2f/0x40
       __queue_work+0xb2/0x520
       queue_work_on+0x38/0x80
       free_percpu+0x221/0x260
       pcpu_freelist_destroy+0x11/0x20
       stack_map_free+0x2a/0x40
       bpf_map_free_deferred+0x3c/0x50
       process_one_work+0x1f7/0x580
       worker_thread+0x54/0x410
       kthread+0x10f/0x150
       ret_from_fork+0x24/0x30

other info that might help us debug this:

Chain exists of:
  &(&pool->lock)->rlock --> &htab->buckets[i].lock --> pcpu_lock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(pcpu_lock);
                               lock(&htab->buckets[i].lock);
                               lock(pcpu_lock);
  lock(&(&pool->lock)->rlock);

 *** DEADLOCK ***

3 locks held by kworker/23:255/18872:
 #0: 00000000b36a6e16 ((wq_completion)events){+.+.},
     at: process_one_work+0x17a/0x580
 #1: 00000000dfd966f0 ((work_completion)(&map->work)){+.+.},
     at: process_one_work+0x17a/0x580
 #2: 00000000e3e7a6aa (pcpu_lock){..-.},
     at: free_percpu+0x36/0x260

stack backtrace:
CPU: 23 PID: 18872 Comm: kworker/23:255 Not tainted 5.1.0-dbg-DEV #1
Hardware name: ...
Workqueue: events bpf_map_free_deferred
Call Trace:
 dump_stack+0x67/0x95
 print_circular_bug.isra.38+0x1c6/0x220
 check_prev_add.constprop.50+0x9f6/0xd20
 __lock_acquire+0x101f/0x12a0
 lock_acquire+0x9e/0x180
 _raw_spin_lock+0x2f/0x40
 __queue_work+0xb2/0x520
 queue_work_on+0x38/0x80
 free_percpu+0x221/0x260
 pcpu_freelist_destroy+0x11/0x20
 stack_map_free+0x2a/0x40
 bpf_map_free_deferred+0x3c/0x50
 process_one_work+0x1f7/0x580
 worker_thread+0x54/0x410
 kthread+0x10f/0x150
 ret_from_fork+0x24/0x30

Signed-off-by: John Sperbeck <jsperbeck@google.com>
Signed-off-by: Dennis Zhou <dennis@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 mm/percpu.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/mm/percpu.c b/mm/percpu.c
index 41e58f3d8fbf..c66149ce1fe6 100644
--- a/mm/percpu.c
+++ b/mm/percpu.c
@@ -1721,6 +1721,7 @@ void free_percpu(void __percpu *ptr)
 	struct pcpu_chunk *chunk;
 	unsigned long flags;
 	int off;
+	bool need_balance = false;
 
 	if (!ptr)
 		return;
@@ -1742,7 +1743,7 @@ void free_percpu(void __percpu *ptr)
 
 		list_for_each_entry(pos, &pcpu_slot[pcpu_nr_slots - 1], list)
 			if (pos != chunk) {
-				pcpu_schedule_balance_work();
+				need_balance = true;
 				break;
 			}
 	}
@@ -1750,6 +1751,9 @@ void free_percpu(void __percpu *ptr)
 	trace_percpu_free_percpu(chunk->base_addr, off, ptr);
 
 	spin_unlock_irqrestore(&pcpu_lock, flags);
+
+	if (need_balance)
+		pcpu_schedule_balance_work();
 }
 EXPORT_SYMBOL_GPL(free_percpu);
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 043/118] configfs: fix possible use-after-free in configfs_register_group
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (41 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 042/118] percpu: remove spurious lock dependency between percpu and sched Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 044/118] uml: fix a boot splat wrt use of cpu_all_mask Greg Kroah-Hartman
                   ` (79 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hulk Robot, YueHaibing,
	Christoph Hellwig, Sasha Levin

[ Upstream commit 35399f87e271f7cf3048eab00a421a6519ac8441 ]

In configfs_register_group(), if create_default_group() failed, we
forget to unlink the group. It will left a invalid item in the parent list,
which may trigger the use-after-free issue seen below:

BUG: KASAN: use-after-free in __list_add_valid+0xd4/0xe0 lib/list_debug.c:26
Read of size 8 at addr ffff8881ef61ae20 by task syz-executor.0/5996

CPU: 1 PID: 5996 Comm: syz-executor.0 Tainted: G         C        5.0.0+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xa9/0x10e lib/dump_stack.c:113
 print_address_description+0x65/0x270 mm/kasan/report.c:187
 kasan_report+0x149/0x18d mm/kasan/report.c:317
 __list_add_valid+0xd4/0xe0 lib/list_debug.c:26
 __list_add include/linux/list.h:60 [inline]
 list_add_tail include/linux/list.h:93 [inline]
 link_obj+0xb0/0x190 fs/configfs/dir.c:759
 link_group+0x1c/0x130 fs/configfs/dir.c:784
 configfs_register_group+0x56/0x1e0 fs/configfs/dir.c:1751
 configfs_register_default_group+0x72/0xc0 fs/configfs/dir.c:1834
 ? 0xffffffffc1be0000
 iio_sw_trigger_init+0x23/0x1000 [industrialio_sw_trigger]
 do_one_initcall+0xbc/0x47d init/main.c:887
 do_init_module+0x1b5/0x547 kernel/module.c:3456
 load_module+0x6405/0x8c10 kernel/module.c:3804
 __do_sys_finit_module+0x162/0x190 kernel/module.c:3898
 do_syscall_64+0x9f/0x450 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x462e99
Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f494ecbcc58 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000462e99
RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003
RBP: 00007f494ecbcc70 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f494ecbd6bc
R13: 00000000004bcefa R14: 00000000006f6fb0 R15: 0000000000000004

Allocated by task 5987:
 set_track mm/kasan/common.c:87 [inline]
 __kasan_kmalloc.constprop.3+0xa0/0xd0 mm/kasan/common.c:497
 kmalloc include/linux/slab.h:545 [inline]
 kzalloc include/linux/slab.h:740 [inline]
 configfs_register_default_group+0x4c/0xc0 fs/configfs/dir.c:1829
 0xffffffffc1bd0023
 do_one_initcall+0xbc/0x47d init/main.c:887
 do_init_module+0x1b5/0x547 kernel/module.c:3456
 load_module+0x6405/0x8c10 kernel/module.c:3804
 __do_sys_finit_module+0x162/0x190 kernel/module.c:3898
 do_syscall_64+0x9f/0x450 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Freed by task 5987:
 set_track mm/kasan/common.c:87 [inline]
 __kasan_slab_free+0x130/0x180 mm/kasan/common.c:459
 slab_free_hook mm/slub.c:1429 [inline]
 slab_free_freelist_hook mm/slub.c:1456 [inline]
 slab_free mm/slub.c:3003 [inline]
 kfree+0xe1/0x270 mm/slub.c:3955
 configfs_register_default_group+0x9a/0xc0 fs/configfs/dir.c:1836
 0xffffffffc1bd0023
 do_one_initcall+0xbc/0x47d init/main.c:887
 do_init_module+0x1b5/0x547 kernel/module.c:3456
 load_module+0x6405/0x8c10 kernel/module.c:3804
 __do_sys_finit_module+0x162/0x190 kernel/module.c:3898
 do_syscall_64+0x9f/0x450 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

The buggy address belongs to the object at ffff8881ef61ae00
 which belongs to the cache kmalloc-192 of size 192
The buggy address is located 32 bytes inside of
 192-byte region [ffff8881ef61ae00, ffff8881ef61aec0)
The buggy address belongs to the page:
page:ffffea0007bd8680 count:1 mapcount:0 mapping:ffff8881f6c03000 index:0xffff8881ef61a700
flags: 0x2fffc0000000200(slab)
raw: 02fffc0000000200 ffffea0007ca4740 0000000500000005 ffff8881f6c03000
raw: ffff8881ef61a700 000000008010000c 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff8881ef61ad00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8881ef61ad80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
>ffff8881ef61ae00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                               ^
 ffff8881ef61ae80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
 ffff8881ef61af00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb

Fixes: 5cf6a51e6062 ("configfs: allow dynamic group creation")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/configfs/dir.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/fs/configfs/dir.c b/fs/configfs/dir.c
index 39843fa7e11b..920d350df37b 100644
--- a/fs/configfs/dir.c
+++ b/fs/configfs/dir.c
@@ -1755,12 +1755,19 @@ int configfs_register_group(struct config_group *parent_group,
 
 	inode_lock_nested(d_inode(parent), I_MUTEX_PARENT);
 	ret = create_default_group(parent_group, group);
-	if (!ret) {
-		spin_lock(&configfs_dirent_lock);
-		configfs_dir_set_ready(group->cg_item.ci_dentry->d_fsdata);
-		spin_unlock(&configfs_dirent_lock);
-	}
+	if (ret)
+		goto err_out;
+
+	spin_lock(&configfs_dirent_lock);
+	configfs_dir_set_ready(group->cg_item.ci_dentry->d_fsdata);
+	spin_unlock(&configfs_dirent_lock);
+	inode_unlock(d_inode(parent));
+	return 0;
+err_out:
 	inode_unlock(d_inode(parent));
+	mutex_lock(&subsys->su_mutex);
+	unlink_group(group);
+	mutex_unlock(&subsys->su_mutex);
 	return ret;
 }
 EXPORT_SYMBOL(configfs_register_group);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 044/118] uml: fix a boot splat wrt use of cpu_all_mask
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (42 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 043/118] configfs: fix possible use-after-free in configfs_register_group Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 045/118] PCI: dwc: Free MSI in dw_pcie_host_init() error path Greg Kroah-Hartman
                   ` (78 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Maciej Żenczykowski, Jeff Dike,
	Richard Weinberger, Anton Ivanov, linux-um, Sasha Levin

[ Upstream commit 689a58605b63173acb0a8cf954af6a8f60440c93 ]

Memory: 509108K/542612K available (3835K kernel code, 919K rwdata, 1028K rodata, 129K init, 211K bss, 33504K reserved, 0K cma-reserved)
NR_IRQS: 15
clocksource: timer: mask: 0xffffffffffffffff max_cycles: 0x1cd42e205, max_idle_ns: 881590404426 ns
------------[ cut here ]------------
WARNING: CPU: 0 PID: 0 at kernel/time/clockevents.c:458 clockevents_register_device+0x72/0x140
posix-timer cpumask == cpu_all_mask, using cpu_possible_mask instead
Modules linked in:
CPU: 0 PID: 0 Comm: swapper Not tainted 5.1.0-rc4-00048-ged79cc87302b #4
Stack:
 604ebda0 603c5370 604ebe20 6046fd17
 00000000 6006fcbb 604ebdb0 603c53b5
 604ebe10 6003bfc4 604ebdd0 9000001ca
Call Trace:
 [<6006fcbb>] ? printk+0x0/0x94
 [<60083160>] ? clockevents_register_device+0x72/0x140
 [<6001f16e>] show_stack+0x13b/0x155
 [<603c5370>] ? dump_stack_print_info+0xe2/0xeb
 [<6006fcbb>] ? printk+0x0/0x94
 [<603c53b5>] dump_stack+0x2a/0x2c
 [<6003bfc4>] __warn+0x10e/0x13e
 [<60070320>] ? vprintk_func+0xc8/0xcf
 [<60030fd6>] ? block_signals+0x0/0x16
 [<6006fcbb>] ? printk+0x0/0x94
 [<6003c08b>] warn_slowpath_fmt+0x97/0x99
 [<600311a1>] ? set_signals+0x0/0x3f
 [<6003bff4>] ? warn_slowpath_fmt+0x0/0x99
 [<600842cb>] ? tick_oneshot_mode_active+0x44/0x4f
 [<60030fd6>] ? block_signals+0x0/0x16
 [<6006fcbb>] ? printk+0x0/0x94
 [<6007d2d5>] ? __clocksource_select+0x20/0x1b1
 [<60030fd6>] ? block_signals+0x0/0x16
 [<6006fcbb>] ? printk+0x0/0x94
 [<60083160>] clockevents_register_device+0x72/0x140
 [<60031192>] ? get_signals+0x0/0xf
 [<60030fd6>] ? block_signals+0x0/0x16
 [<6006fcbb>] ? printk+0x0/0x94
 [<60002eec>] um_timer_setup+0xc8/0xca
 [<60001b59>] start_kernel+0x47f/0x57e
 [<600035bc>] start_kernel_proc+0x49/0x4d
 [<6006c483>] ? kmsg_dump_register+0x82/0x8a
 [<6001de62>] new_thread_handler+0x81/0xb2
 [<60003571>] ? kmsg_dumper_stdout_init+0x1a/0x1c
 [<60020c75>] uml_finishsetup+0x54/0x59

random: get_random_bytes called from init_oops_id+0x27/0x34 with crng_init=0
---[ end trace 00173d0117a88acb ]---
Calibrating delay loop... 6941.90 BogoMIPS (lpj=34709504)

Signed-off-by: Maciej Żenczykowski <maze@google.com>
Cc: Jeff Dike <jdike@addtoit.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: Anton Ivanov <anton.ivanov@cambridgegreys.com>
Cc: linux-um@lists.infradead.org
Cc: linux-kernel@vger.kernel.org

Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/um/kernel/time.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/um/kernel/time.c b/arch/um/kernel/time.c
index 052de4c8acb2..0c572a48158e 100644
--- a/arch/um/kernel/time.c
+++ b/arch/um/kernel/time.c
@@ -56,7 +56,7 @@ static int itimer_one_shot(struct clock_event_device *evt)
 static struct clock_event_device timer_clockevent = {
 	.name			= "posix-timer",
 	.rating			= 250,
-	.cpumask		= cpu_all_mask,
+	.cpumask		= cpu_possible_mask,
 	.features		= CLOCK_EVT_FEAT_PERIODIC |
 				  CLOCK_EVT_FEAT_ONESHOT,
 	.set_state_shutdown	= itimer_shutdown,
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 045/118] PCI: dwc: Free MSI in dw_pcie_host_init() error path
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (43 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 044/118] uml: fix a boot splat wrt use of cpu_all_mask Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 046/118] PCI: dwc: Free MSI IRQ page in dw_pcie_free_msi() Greg Kroah-Hartman
                   ` (77 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jisheng Zhang, Lorenzo Pieralisi,
	Bjorn Helgaas, Gustavo Pimentel, Sasha Levin

[ Upstream commit 9e2b5de5604a6ff2626c51e77014d92c9299722c ]

If we ever did MSI-related initializations, we need to call
dw_pcie_free_msi() in the error code path.

Remove the IS_ENABLED(CONFIG_PCI_MSI) check for MSI init because
pci_msi_enabled() already has a stub for !CONFIG_PCI_MSI.

Signed-off-by: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Gustavo Pimentel <gustavo.pimentel@synopsys.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pci/controller/dwc/pcie-designware-host.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/drivers/pci/controller/dwc/pcie-designware-host.c b/drivers/pci/controller/dwc/pcie-designware-host.c
index b56e22262a77..4eedb2c54ab3 100644
--- a/drivers/pci/controller/dwc/pcie-designware-host.c
+++ b/drivers/pci/controller/dwc/pcie-designware-host.c
@@ -439,7 +439,7 @@ int dw_pcie_host_init(struct pcie_port *pp)
 	if (ret)
 		pci->num_viewport = 2;
 
-	if (IS_ENABLED(CONFIG_PCI_MSI) && pci_msi_enabled()) {
+	if (pci_msi_enabled()) {
 		/*
 		 * If a specific SoC driver needs to change the
 		 * default number of vectors, it needs to implement
@@ -477,7 +477,7 @@ int dw_pcie_host_init(struct pcie_port *pp)
 	if (pp->ops->host_init) {
 		ret = pp->ops->host_init(pp);
 		if (ret)
-			goto error;
+			goto err_free_msi;
 	}
 
 	pp->root_bus_nr = pp->busn->start;
@@ -491,7 +491,7 @@ int dw_pcie_host_init(struct pcie_port *pp)
 
 	ret = pci_scan_root_bus_bridge(bridge);
 	if (ret)
-		goto error;
+		goto err_free_msi;
 
 	bus = bridge->bus;
 
@@ -507,6 +507,9 @@ int dw_pcie_host_init(struct pcie_port *pp)
 	pci_bus_add_devices(bus);
 	return 0;
 
+err_free_msi:
+	if (pci_msi_enabled() && !pp->ops->msi_host_init)
+		dw_pcie_free_msi(pp);
 error:
 	pci_free_host_bridge(bridge);
 	return ret;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 046/118] PCI: dwc: Free MSI IRQ page in dw_pcie_free_msi()
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (44 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 045/118] PCI: dwc: Free MSI in dw_pcie_host_init() error path Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 047/118] ovl: do not generate duplicate fsnotify events for "fake" path Greg Kroah-Hartman
                   ` (76 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jisheng Zhang, Lorenzo Pieralisi,
	Bjorn Helgaas, Gustavo Pimentel, Sasha Levin

[ Upstream commit dc69a3d567941784c3d00e1d0834582b42b0b3e7 ]

To avoid a memory leak, free the page allocated for MSI IRQ in
dw_pcie_free_msi().

Signed-off-by: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Gustavo Pimentel <gustavo.pimentel@synopsys.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pci/controller/dwc/pcie-designware-host.c | 12 ++++++++----
 drivers/pci/controller/dwc/pcie-designware.h      |  1 +
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/drivers/pci/controller/dwc/pcie-designware-host.c b/drivers/pci/controller/dwc/pcie-designware-host.c
index 4eedb2c54ab3..acd50920c2ff 100644
--- a/drivers/pci/controller/dwc/pcie-designware-host.c
+++ b/drivers/pci/controller/dwc/pcie-designware-host.c
@@ -303,20 +303,24 @@ void dw_pcie_free_msi(struct pcie_port *pp)
 
 	irq_domain_remove(pp->msi_domain);
 	irq_domain_remove(pp->irq_domain);
+
+	if (pp->msi_page)
+		__free_page(pp->msi_page);
 }
 
 void dw_pcie_msi_init(struct pcie_port *pp)
 {
 	struct dw_pcie *pci = to_dw_pcie_from_pp(pp);
 	struct device *dev = pci->dev;
-	struct page *page;
 	u64 msi_target;
 
-	page = alloc_page(GFP_KERNEL);
-	pp->msi_data = dma_map_page(dev, page, 0, PAGE_SIZE, DMA_FROM_DEVICE);
+	pp->msi_page = alloc_page(GFP_KERNEL);
+	pp->msi_data = dma_map_page(dev, pp->msi_page, 0, PAGE_SIZE,
+				    DMA_FROM_DEVICE);
 	if (dma_mapping_error(dev, pp->msi_data)) {
 		dev_err(dev, "Failed to map MSI data\n");
-		__free_page(page);
+		__free_page(pp->msi_page);
+		pp->msi_page = NULL;
 		return;
 	}
 	msi_target = (u64)pp->msi_data;
diff --git a/drivers/pci/controller/dwc/pcie-designware.h b/drivers/pci/controller/dwc/pcie-designware.h
index 9f1a5e399b70..14dcf6646699 100644
--- a/drivers/pci/controller/dwc/pcie-designware.h
+++ b/drivers/pci/controller/dwc/pcie-designware.h
@@ -164,6 +164,7 @@ struct pcie_port {
 	struct irq_domain	*irq_domain;
 	struct irq_domain	*msi_domain;
 	dma_addr_t		msi_data;
+	struct page		*msi_page;
 	u32			num_vectors;
 	u32			irq_status[MAX_MSI_CTRLS];
 	raw_spinlock_t		lock;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 047/118] ovl: do not generate duplicate fsnotify events for "fake" path
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (45 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 046/118] PCI: dwc: Free MSI IRQ page in dw_pcie_free_msi() Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 048/118] mmc: mmci: Prevent polling for busy detection in IRQ context Greg Kroah-Hartman
                   ` (75 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Murphy Zhou, Amir Goldstein,
	Miklos Szeredi, Sasha Levin

[ Upstream commit d989903058a83e8536cc7aadf9256a47d5c173fe ]

Overlayfs "fake" path is used for stacked file operations on underlying
files.  Operations on files with "fake" path must not generate fsnotify
events with path data, because those events have already been generated at
overlayfs layer and because the reported event->fd for fanotify marks on
underlying inode/filesystem will have the wrong path (the overlayfs path).

Link: https://lore.kernel.org/linux-fsdevel/20190423065024.12695-1-jencce.kernel@gmail.com/
Reported-by: Murphy Zhou <jencce.kernel@gmail.com>
Fixes: d1d04ef8572b ("ovl: stack file ops")
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/overlayfs/file.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c
index 0c810f20f778..2c993937b784 100644
--- a/fs/overlayfs/file.c
+++ b/fs/overlayfs/file.c
@@ -29,10 +29,11 @@ static struct file *ovl_open_realfile(const struct file *file,
 	struct inode *inode = file_inode(file);
 	struct file *realfile;
 	const struct cred *old_cred;
+	int flags = file->f_flags | O_NOATIME | FMODE_NONOTIFY;
 
 	old_cred = ovl_override_creds(inode->i_sb);
-	realfile = open_with_fake_path(&file->f_path, file->f_flags | O_NOATIME,
-				       realinode, current_cred());
+	realfile = open_with_fake_path(&file->f_path, flags, realinode,
+				       current_cred());
 	revert_creds(old_cred);
 
 	pr_debug("open(%p[%pD2/%c], 0%o) -> (%p, 0%o)\n",
@@ -50,7 +51,7 @@ static int ovl_change_flags(struct file *file, unsigned int flags)
 	int err;
 
 	/* No atime modificaton on underlying */
-	flags |= O_NOATIME;
+	flags |= O_NOATIME | FMODE_NONOTIFY;
 
 	/* If some flag changed that cannot be changed then something's amiss */
 	if (WARN_ON((file->f_flags ^ flags) & ~OVL_SETFL_MASK))
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 048/118] mmc: mmci: Prevent polling for busy detection in IRQ context
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (46 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 047/118] ovl: do not generate duplicate fsnotify events for "fake" path Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 049/118] netfilter: nf_flow_table: fix missing error check for rhashtable_insert_fast Greg Kroah-Hartman
                   ` (74 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ludovic Barre, Ulf Hansson, Sasha Levin

[ Upstream commit 8520ce1e17799b220ff421d4f39438c9c572ade3 ]

The IRQ handler, mmci_irq(), loops until all status bits have been cleared.
However, the status bit signaling busy in variant->busy_detect_flag, may be
set even if busy detection isn't monitored for the current request.

This may be the case for the CMD11 when switching the I/O voltage, which
leads to that mmci_irq() busy loops in IRQ context. Fix this problem, by
clearing the status bit for busy, before continuing to validate the
condition for the loop. This is safe, because the busy status detection has
already been taken care of by mmci_cmd_irq().

Signed-off-by: Ludovic Barre <ludovic.barre@st.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/mmc/host/mmci.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/mmc/host/mmci.c b/drivers/mmc/host/mmci.c
index 1841d250e9e2..eb1a65cb878f 100644
--- a/drivers/mmc/host/mmci.c
+++ b/drivers/mmc/host/mmci.c
@@ -1295,9 +1295,10 @@ static irqreturn_t mmci_irq(int irq, void *dev_id)
 		}
 
 		/*
-		 * Don't poll for busy completion in irq context.
+		 * Busy detection has been handled by mmci_cmd_irq() above.
+		 * Clear the status bit to prevent polling in IRQ context.
 		 */
-		if (host->variant->busy_detect && host->busy_status)
+		if (host->variant->busy_detect_flag)
 			status &= ~host->variant->busy_detect_flag;
 
 		ret = 1;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 049/118] netfilter: nf_flow_table: fix missing error check for rhashtable_insert_fast
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (47 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 048/118] mmc: mmci: Prevent polling for busy detection in IRQ context Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 050/118] netfilter: nf_conntrack_h323: restore boundary check correctness Greg Kroah-Hartman
                   ` (73 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Taehee Yoo, Pablo Neira Ayuso, Sasha Levin

[ Upstream commit 43c8f131184faf20c07221f3e09724611c6525d8 ]

rhashtable_insert_fast() may return an error value when memory
allocation fails, but flow_offload_add() does not check for errors.
This patch just adds missing error checking.

Fixes: ac2a66665e23 ("netfilter: add generic flow table infrastructure")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/netfilter/nf_flow_table_core.c | 25 ++++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c
index e1537ace2b90..5df7486bb416 100644
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -185,14 +185,25 @@ static const struct rhashtable_params nf_flow_offload_rhash_params = {
 
 int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow)
 {
-	flow->timeout = (u32)jiffies;
+	int err;
 
-	rhashtable_insert_fast(&flow_table->rhashtable,
-			       &flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].node,
-			       nf_flow_offload_rhash_params);
-	rhashtable_insert_fast(&flow_table->rhashtable,
-			       &flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].node,
-			       nf_flow_offload_rhash_params);
+	err = rhashtable_insert_fast(&flow_table->rhashtable,
+				     &flow->tuplehash[0].node,
+				     nf_flow_offload_rhash_params);
+	if (err < 0)
+		return err;
+
+	err = rhashtable_insert_fast(&flow_table->rhashtable,
+				     &flow->tuplehash[1].node,
+				     nf_flow_offload_rhash_params);
+	if (err < 0) {
+		rhashtable_remove_fast(&flow_table->rhashtable,
+				       &flow->tuplehash[0].node,
+				       nf_flow_offload_rhash_params);
+		return err;
+	}
+
+	flow->timeout = (u32)jiffies;
 	return 0;
 }
 EXPORT_SYMBOL_GPL(flow_offload_add);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 050/118] netfilter: nf_conntrack_h323: restore boundary check correctness
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (48 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 049/118] netfilter: nf_flow_table: fix missing error check for rhashtable_insert_fast Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 051/118] mips: Make sure dt memory regions are valid Greg Kroah-Hartman
                   ` (72 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jakub Jankowski, Pablo Neira Ayuso,
	Sasha Levin

[ Upstream commit f5e85ce8e733c2547827f6268136b70b802eabdb ]

Since commit bc7d811ace4a ("netfilter: nf_ct_h323: Convert
CHECK_BOUND macro to function"), NAT traversal for H.323
doesn't work, failing to parse H323-UserInformation.
nf_h323_error_boundary() compares contents of the bitstring,
not the addresses, preventing valid H.323 packets from being
conntrack'd.

This looks like an oversight from when CHECK_BOUND macro was
converted to a function.

To fix it, stop dereferencing bs->cur and bs->end.

Fixes: bc7d811ace4a ("netfilter: nf_ct_h323: Convert CHECK_BOUND macro to function")
Signed-off-by: Jakub Jankowski <shasta@toxcorp.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/netfilter/nf_conntrack_h323_asn1.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/netfilter/nf_conntrack_h323_asn1.c b/net/netfilter/nf_conntrack_h323_asn1.c
index 1601275efe2d..4c2ef42e189c 100644
--- a/net/netfilter/nf_conntrack_h323_asn1.c
+++ b/net/netfilter/nf_conntrack_h323_asn1.c
@@ -172,7 +172,7 @@ static int nf_h323_error_boundary(struct bitstr *bs, size_t bytes, size_t bits)
 	if (bits % BITS_PER_BYTE > 0)
 		bytes++;
 
-	if (*bs->cur + bytes > *bs->end)
+	if (bs->cur + bytes > bs->end)
 		return 1;
 
 	return 0;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 051/118] mips: Make sure dt memory regions are valid
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (49 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 050/118] netfilter: nf_conntrack_h323: restore boundary check correctness Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 052/118] netfilter: nf_tables: fix base chain stat rcu_dereference usage Greg Kroah-Hartman
                   ` (71 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Serge Semin, Paul Burton,
	Ralf Baechle, James Hogan, Mike Rapoport, Andrew Morton,
	Michal Hocko, Thomas Bogendoerfer, Huacai Chen, Stefan Agner,
	Stephen Rothwell, Alexandre Belloni, Juergen Gross, Serge Semin,
	linux-mips, Sasha Levin

[ Upstream commit 93fa5b280761a4dbb14c5330f260380385ab2b49 ]

There are situations when memory regions coming from dts may be
too big for the platform physical address space. This especially
concerns XPA-capable systems. Bootloader may determine more than 4GB
memory available and pass it to the kernel over dts memory node, while
kernel is built without XPA/64BIT support. In this case the region
may either simply be truncated by add_memory_region() method
or by u64->phys_addr_t type casting. But in worst case the method
can even drop the memory region if it exceeds PHYS_ADDR_MAX size.
So lets make sure the retrieved from dts memory regions are valid,
and if some of them aren't, just manually truncate them with a warning
printed out.

Signed-off-by: Serge Semin <fancer.lancer@gmail.com>
Signed-off-by: Paul Burton <paul.burton@mips.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: James Hogan <jhogan@kernel.org>
Cc: Mike Rapoport <rppt@linux.ibm.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Thomas Bogendoerfer <tbogendoerfer@suse.de>
Cc: Huacai Chen <chenhc@lemote.com>
Cc: Stefan Agner <stefan@agner.ch>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: Alexandre Belloni <alexandre.belloni@bootlin.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Serge Semin <Sergey.Semin@t-platforms.ru>
Cc: linux-mips@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/mips/kernel/prom.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/arch/mips/kernel/prom.c b/arch/mips/kernel/prom.c
index 89950b7bf536..bdaf3536241a 100644
--- a/arch/mips/kernel/prom.c
+++ b/arch/mips/kernel/prom.c
@@ -41,7 +41,19 @@ char *mips_get_machine_name(void)
 #ifdef CONFIG_USE_OF
 void __init early_init_dt_add_memory_arch(u64 base, u64 size)
 {
-	return add_memory_region(base, size, BOOT_MEM_RAM);
+	if (base >= PHYS_ADDR_MAX) {
+		pr_warn("Trying to add an invalid memory region, skipped\n");
+		return;
+	}
+
+	/* Truncate the passed memory region instead of type casting */
+	if (base + size - 1 >= PHYS_ADDR_MAX || base + size < base) {
+		pr_warn("Truncate memory region %llx @ %llx to size %llx\n",
+			size, base, PHYS_ADDR_MAX - base);
+		size = PHYS_ADDR_MAX - base;
+	}
+
+	add_memory_region(base, size, BOOT_MEM_RAM);
 }
 
 int __init early_init_dt_reserve_memory_arch(phys_addr_t base,
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 052/118] netfilter: nf_tables: fix base chain stat rcu_dereference usage
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (50 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 051/118] mips: Make sure dt memory regions are valid Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 053/118] watchdog: imx2_wdt: Fix set_timeout for big timeout values Greg Kroah-Hartman
                   ` (70 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Florian Westphal, Pablo Neira Ayuso,
	Sasha Levin

[ Upstream commit edbd82c5fba009f68d20b5db585be1e667c605f6 ]

Following splat gets triggered when nfnetlink monitor is running while
xtables-nft selftests are running:

net/netfilter/nf_tables_api.c:1272 suspicious rcu_dereference_check() usage!
other info that might help us debug this:

1 lock held by xtables-nft-mul/27006:
 #0: 00000000e0f85be9 (&net->nft.commit_mutex){+.+.}, at: nf_tables_valid_genid+0x1a/0x50
Call Trace:
 nf_tables_fill_chain_info.isra.45+0x6cc/0x6e0
 nf_tables_chain_notify+0xf8/0x1a0
 nf_tables_commit+0x165c/0x1740

nf_tables_fill_chain_info() can be called both from dumps (rcu read locked)
or from the transaction path if a userspace process subscribed to nftables
notifications.

In the 'table dump' case, rcu_access_pointer() cannot be used: We do not
hold transaction mutex so the pointer can be NULLed right after the check.
Just unconditionally fetch the value, then have the helper return
immediately if its NULL.

In the notification case we don't hold the rcu read lock, but updates are
prevented due to transaction mutex. Use rcu_dereference_check() to make lockdep
aware of this.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/netfilter/nf_tables_api.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index ebfcfe1dcbdb..29ff59dd99ac 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1142,6 +1142,9 @@ static int nft_dump_stats(struct sk_buff *skb, struct nft_stats __percpu *stats)
 	u64 pkts, bytes;
 	int cpu;
 
+	if (!stats)
+		return 0;
+
 	memset(&total, 0, sizeof(total));
 	for_each_possible_cpu(cpu) {
 		cpu_stats = per_cpu_ptr(stats, cpu);
@@ -1199,6 +1202,7 @@ static int nf_tables_fill_chain_info(struct sk_buff *skb, struct net *net,
 	if (nft_is_base_chain(chain)) {
 		const struct nft_base_chain *basechain = nft_base_chain(chain);
 		const struct nf_hook_ops *ops = &basechain->ops;
+		struct nft_stats __percpu *stats;
 		struct nlattr *nest;
 
 		nest = nla_nest_start(skb, NFTA_CHAIN_HOOK);
@@ -1220,8 +1224,9 @@ static int nf_tables_fill_chain_info(struct sk_buff *skb, struct net *net,
 		if (nla_put_string(skb, NFTA_CHAIN_TYPE, basechain->type->name))
 			goto nla_put_failure;
 
-		if (rcu_access_pointer(basechain->stats) &&
-		    nft_dump_stats(skb, rcu_dereference(basechain->stats)))
+		stats = rcu_dereference_check(basechain->stats,
+					      lockdep_commit_lock_is_held(net));
+		if (nft_dump_stats(skb, stats))
 			goto nla_put_failure;
 	}
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 053/118] watchdog: imx2_wdt: Fix set_timeout for big timeout values
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (51 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 052/118] netfilter: nf_tables: fix base chain stat rcu_dereference usage Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 054/118] watchdog: fix compile time error of pretimeout governors Greg Kroah-Hartman
                   ` (69 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Georg Hofmann, Guenter Roeck,
	Wim Van Sebroeck, Sasha Levin

[ Upstream commit b07e228eee69601addba98b47b1a3850569e5013 ]

The documentated behavior is: if max_hw_heartbeat_ms is implemented, the
minimum of the set_timeout argument and max_hw_heartbeat_ms should be used.
This patch implements this behavior.
Previously only the first 7bits were used and the input argument was
returned.

Signed-off-by: Georg Hofmann <georg@hofmannsweb.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@linux-watchdog.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/watchdog/imx2_wdt.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/watchdog/imx2_wdt.c b/drivers/watchdog/imx2_wdt.c
index 2b52514eaa86..7e7bdcbbc741 100644
--- a/drivers/watchdog/imx2_wdt.c
+++ b/drivers/watchdog/imx2_wdt.c
@@ -178,8 +178,10 @@ static void __imx2_wdt_set_timeout(struct watchdog_device *wdog,
 static int imx2_wdt_set_timeout(struct watchdog_device *wdog,
 				unsigned int new_timeout)
 {
-	__imx2_wdt_set_timeout(wdog, new_timeout);
+	unsigned int actual;
 
+	actual = min(new_timeout, wdog->max_hw_heartbeat_ms * 1000);
+	__imx2_wdt_set_timeout(wdog, actual);
 	wdog->timeout = new_timeout;
 	return 0;
 }
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 054/118] watchdog: fix compile time error of pretimeout governors
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (52 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 053/118] watchdog: imx2_wdt: Fix set_timeout for big timeout values Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 055/118] blk-mq: move cancel of requeue_work into blk_mq_release Greg Kroah-Hartman
                   ` (68 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Kuo, Hsuan-Chi, Vladimir Zapolskiy,
	Guenter Roeck, Wim Van Sebroeck, Sasha Levin

[ Upstream commit a223770bfa7b6647f3a70983257bd89f9cafce46 ]

CONFIG_WATCHDOG_PRETIMEOUT_GOV build symbol adds watchdog_pretimeout.o
object to watchdog.o, the latter is compiled only if CONFIG_WATCHDOG_CORE
is selected, so it rightfully makes sense to add it as a dependency.

The change fixes the next compilation errors, if CONFIG_WATCHDOG_CORE=n
and CONFIG_WATCHDOG_PRETIMEOUT_GOV=y are selected:

  drivers/watchdog/pretimeout_noop.o: In function `watchdog_gov_noop_register':
  drivers/watchdog/pretimeout_noop.c:35: undefined reference to `watchdog_register_governor'
  drivers/watchdog/pretimeout_noop.o: In function `watchdog_gov_noop_unregister':
  drivers/watchdog/pretimeout_noop.c:40: undefined reference to `watchdog_unregister_governor'

  drivers/watchdog/pretimeout_panic.o: In function `watchdog_gov_panic_register':
  drivers/watchdog/pretimeout_panic.c:35: undefined reference to `watchdog_register_governor'
  drivers/watchdog/pretimeout_panic.o: In function `watchdog_gov_panic_unregister':
  drivers/watchdog/pretimeout_panic.c:40: undefined reference to `watchdog_unregister_governor'

Reported-by: Kuo, Hsuan-Chi <hckuo2@illinois.edu>
Fixes: ff84136cb6a4 ("watchdog: add watchdog pretimeout governor framework")
Signed-off-by: Vladimir Zapolskiy <vz@mleia.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@linux-watchdog.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/watchdog/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/watchdog/Kconfig b/drivers/watchdog/Kconfig
index 8c9ea3cd9c60..b7914eb6a04b 100644
--- a/drivers/watchdog/Kconfig
+++ b/drivers/watchdog/Kconfig
@@ -1967,6 +1967,7 @@ comment "Watchdog Pretimeout Governors"
 
 config WATCHDOG_PRETIMEOUT_GOV
 	bool "Enable watchdog pretimeout governors"
+	depends on WATCHDOG_CORE
 	help
 	  The option allows to select watchdog pretimeout governors.
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 055/118] blk-mq: move cancel of requeue_work into blk_mq_release
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (53 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 054/118] watchdog: fix compile time error of pretimeout governors Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 056/118] iommu/vt-d: Set intel_iommu_gfx_mapped correctly Greg Kroah-Hartman
                   ` (67 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Dongli Zhang, James Smart,
	Bart Van Assche, Bart Van Assche, Johannes Thumshirn,
	Hannes Reinecke, Christoph Hellwig, Ming Lei, Jens Axboe,
	Sasha Levin, linux-scsi, Martin K . Petersen,
	James E . J . Bottomley

[ Upstream commit fbc2a15e3433058582e5635aabe48a3011a644a8 ]

With holding queue's kobject refcount, it is safe for driver
to schedule requeue. However, blk_mq_kick_requeue_list() may
be called after blk_sync_queue() is done because of concurrent
requeue activities, then requeue work may not be completed when
freeing queue, and kernel oops is triggered.

So moving the cancel of requeue_work into blk_mq_release() for
avoiding race between requeue and freeing queue.

Cc: Dongli Zhang <dongli.zhang@oracle.com>
Cc: James Smart <james.smart@broadcom.com>
Cc: Bart Van Assche <bart.vanassche@wdc.com>
Cc: linux-scsi@vger.kernel.org,
Cc: Martin K . Petersen <martin.petersen@oracle.com>,
Cc: Christoph Hellwig <hch@lst.de>,
Cc: James E . J . Bottomley <jejb@linux.vnet.ibm.com>,
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Tested-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 block/blk-core.c | 1 -
 block/blk-mq.c   | 2 ++
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/block/blk-core.c b/block/blk-core.c
index 33488b1426b7..6eed5d84c2ef 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -411,7 +411,6 @@ void blk_sync_queue(struct request_queue *q)
 		struct blk_mq_hw_ctx *hctx;
 		int i;
 
-		cancel_delayed_work_sync(&q->requeue_work);
 		queue_for_each_hw_ctx(q, hctx, i)
 			cancel_delayed_work_sync(&hctx->run_work);
 	} else {
diff --git a/block/blk-mq.c b/block/blk-mq.c
index 4e563ee462cb..70d839b9c3b0 100644
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -2465,6 +2465,8 @@ void blk_mq_release(struct request_queue *q)
 	struct blk_mq_hw_ctx *hctx;
 	unsigned int i;
 
+	cancel_delayed_work_sync(&q->requeue_work);
+
 	/* hctx kobj stays in hctx */
 	queue_for_each_hw_ctx(q, hctx, i) {
 		if (!hctx)
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 056/118] iommu/vt-d: Set intel_iommu_gfx_mapped correctly
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (54 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 055/118] blk-mq: move cancel of requeue_work into blk_mq_release Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 057/118] misc: pci_endpoint_test: Fix test_reg_bar to be updated in pci_endpoint_test Greg Kroah-Hartman
                   ` (66 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ashok Raj, Jacob Pan, Kevin Tian,
	Zhenyu Wang, Lu Baolu, Joerg Roedel, Sasha Levin

[ Upstream commit cf1ec4539a50bdfe688caad4615ca47646884316 ]

The intel_iommu_gfx_mapped flag is exported by the Intel
IOMMU driver to indicate whether an IOMMU is used for the
graphic device. In a virtualized IOMMU environment (e.g.
QEMU), an include-all IOMMU is used for graphic device.
This flag is found to be clear even the IOMMU is used.

Cc: Ashok Raj <ashok.raj@intel.com>
Cc: Jacob Pan <jacob.jun.pan@linux.intel.com>
Cc: Kevin Tian <kevin.tian@intel.com>
Reported-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Fixes: c0771df8d5297 ("intel-iommu: Export a flag indicating that the IOMMU is used for iGFX.")
Suggested-by: Kevin Tian <kevin.tian@intel.com>
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/iommu/intel-iommu.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
index 603bf5233a99..c1439019dd12 100644
--- a/drivers/iommu/intel-iommu.c
+++ b/drivers/iommu/intel-iommu.c
@@ -4033,9 +4033,7 @@ static void __init init_no_remapping_devices(void)
 
 		/* This IOMMU has *only* gfx devices. Either bypass it or
 		   set the gfx_mapped flag, as appropriate */
-		if (dmar_map_gfx) {
-			intel_iommu_gfx_mapped = 1;
-		} else {
+		if (!dmar_map_gfx) {
 			drhd->ignored = 1;
 			for_each_active_dev_scope(drhd->devices,
 						  drhd->devices_cnt, i, dev)
@@ -4831,6 +4829,9 @@ int __init intel_iommu_init(void)
 		goto out_free_reserved_range;
 	}
 
+	if (dmar_map_gfx)
+		intel_iommu_gfx_mapped = 1;
+
 	init_no_remapping_devices();
 
 	ret = init_dmars();
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 057/118] misc: pci_endpoint_test: Fix test_reg_bar to be updated in pci_endpoint_test
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (55 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 056/118] iommu/vt-d: Set intel_iommu_gfx_mapped correctly Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 058/118] PCI: designware-ep: Use aligned ATU window for raising MSI interrupts Greg Kroah-Hartman
                   ` (65 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Kishon Vijay Abraham I,
	Lorenzo Pieralisi, Sasha Levin

[ Upstream commit 8f220664570e755946db1282f48e07f26e1f2cb4 ]

commit 834b90519925 ("misc: pci_endpoint_test: Add support for
PCI_ENDPOINT_TEST regs to be mapped to any BAR") while adding
test_reg_bar in order to map PCI_ENDPOINT_TEST regs to be mapped to any
BAR failed to update test_reg_bar in pci_endpoint_test, resulting in
test_reg_bar having invalid value when used outside probe.

Fix it.

Fixes: 834b90519925 ("misc: pci_endpoint_test: Add support for PCI_ENDPOINT_TEST regs to be mapped to any BAR")
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/misc/pci_endpoint_test.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/misc/pci_endpoint_test.c b/drivers/misc/pci_endpoint_test.c
index 896e2df9400f..fd33a3b9c66f 100644
--- a/drivers/misc/pci_endpoint_test.c
+++ b/drivers/misc/pci_endpoint_test.c
@@ -662,6 +662,7 @@ static int pci_endpoint_test_probe(struct pci_dev *pdev,
 	data = (struct pci_endpoint_test_data *)ent->driver_data;
 	if (data) {
 		test_reg_bar = data->test_reg_bar;
+		test->test_reg_bar = test_reg_bar;
 		test->alignment = data->alignment;
 		irq_type = data->irq_type;
 	}
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 058/118] PCI: designware-ep: Use aligned ATU window for raising MSI interrupts
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (56 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 057/118] misc: pci_endpoint_test: Fix test_reg_bar to be updated in pci_endpoint_test Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-16 20:00   ` Pavel Machek
  2019-06-13  8:33 ` [PATCH 4.19 059/118] nvme-pci: unquiesce admin queue on shutdown Greg Kroah-Hartman
                   ` (64 subsequent siblings)
  122 siblings, 1 reply; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Kishon Vijay Abraham I,
	Lorenzo Pieralisi, Sasha Levin

[ Upstream commit 6b7330303a8186fb211357e6d379237fe9d2ece1 ]

Certain platforms like K2G reguires the outbound ATU window to be
aligned. The alignment size is already present in mem->page_size.
Use the alignment size present in mem->page_size to configure an
aligned ATU window. In order to raise an interrupt, CPU has to write
to address offset from the start of the window unlike before where
writes were always to the beginning of the ATU window.

Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pci/controller/dwc/pcie-designware-ep.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/drivers/pci/controller/dwc/pcie-designware-ep.c b/drivers/pci/controller/dwc/pcie-designware-ep.c
index de8635af4cde..739d97080d3b 100644
--- a/drivers/pci/controller/dwc/pcie-designware-ep.c
+++ b/drivers/pci/controller/dwc/pcie-designware-ep.c
@@ -385,6 +385,7 @@ int dw_pcie_ep_raise_msi_irq(struct dw_pcie_ep *ep, u8 func_no,
 {
 	struct dw_pcie *pci = to_dw_pcie_from_ep(ep);
 	struct pci_epc *epc = ep->epc;
+	unsigned int aligned_offset;
 	u16 msg_ctrl, msg_data;
 	u32 msg_addr_lower, msg_addr_upper, reg;
 	u64 msg_addr;
@@ -410,13 +411,15 @@ int dw_pcie_ep_raise_msi_irq(struct dw_pcie_ep *ep, u8 func_no,
 		reg = ep->msi_cap + PCI_MSI_DATA_32;
 		msg_data = dw_pcie_readw_dbi(pci, reg);
 	}
-	msg_addr = ((u64) msg_addr_upper) << 32 | msg_addr_lower;
+	aligned_offset = msg_addr_lower & (epc->mem->page_size - 1);
+	msg_addr = ((u64)msg_addr_upper) << 32 |
+			(msg_addr_lower & ~aligned_offset);
 	ret = dw_pcie_ep_map_addr(epc, func_no, ep->msi_mem_phys, msg_addr,
 				  epc->mem->page_size);
 	if (ret)
 		return ret;
 
-	writel(msg_data | (interrupt_num - 1), ep->msi_mem);
+	writel(msg_data | (interrupt_num - 1), ep->msi_mem + aligned_offset);
 
 	dw_pcie_ep_unmap_addr(epc, func_no, ep->msi_mem_phys);
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 059/118] nvme-pci: unquiesce admin queue on shutdown
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (57 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 058/118] PCI: designware-ep: Use aligned ATU window for raising MSI interrupts Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 060/118] nvme-pci: shutdown on timeout during deletion Greg Kroah-Hartman
                   ` (63 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Yufen Yu, Keith Busch,
	Christoph Hellwig, Sasha Levin

[ Upstream commit c8e9e9b7646ebe1c5066ddc420d7630876277eb4 ]

Just like IO queues, the admin queue also will not be restarted after a
controller shutdown. Unquiesce this queue so that we do not block
request dispatch on a permanently disabled controller.

Reported-by: Yufen Yu <yuyufen@huawei.com>
Signed-off-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/nvme/host/pci.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c
index 7b9ef8e734e7..377f6fff420d 100644
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -2187,8 +2187,11 @@ static void nvme_dev_disable(struct nvme_dev *dev, bool shutdown)
 	 * must flush all entered requests to their failed completion to avoid
 	 * deadlocking blk-mq hot-cpu notifier.
 	 */
-	if (shutdown)
+	if (shutdown) {
 		nvme_start_queues(&dev->ctrl);
+		if (dev->ctrl.admin_q && !blk_queue_dying(dev->ctrl.admin_q))
+			blk_mq_unquiesce_queue(dev->ctrl.admin_q);
+	}
 	mutex_unlock(&dev->shutdown_lock);
 }
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 060/118] nvme-pci: shutdown on timeout during deletion
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (58 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 059/118] nvme-pci: unquiesce admin queue on shutdown Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-16 19:57   ` Pavel Machek
  2019-06-13  8:33 ` [PATCH 4.19 061/118] netfilter: nf_flow_table: check ttl value in flow offload data path Greg Kroah-Hartman
                   ` (62 subsequent siblings)
  122 siblings, 1 reply; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Yufen Yu, Keith Busch,
	Christoph Hellwig, Sasha Levin

[ Upstream commit 9dc1a38ef1925d23c2933c5867df816386d92ff8 ]

We do not restart a controller in a deleting state for timeout errors.
When in this state, unblock potential request dispatchers with failed
completions by shutting down the controller on timeout detection.

Reported-by: Yufen Yu <yuyufen@huawei.com>
Signed-off-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/nvme/host/pci.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c
index 377f6fff420d..c8eeecc58115 100644
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -1132,6 +1132,7 @@ static enum blk_eh_timer_return nvme_timeout(struct request *req, bool reserved)
 	struct nvme_dev *dev = nvmeq->dev;
 	struct request *abort_req;
 	struct nvme_command cmd;
+	bool shutdown = false;
 	u32 csts = readl(dev->bar + NVME_REG_CSTS);
 
 	/* If PCI error recovery process is happening, we cannot reset or
@@ -1168,12 +1169,14 @@ static enum blk_eh_timer_return nvme_timeout(struct request *req, bool reserved)
 	 * shutdown, so we return BLK_EH_DONE.
 	 */
 	switch (dev->ctrl.state) {
+	case NVME_CTRL_DELETING:
+		shutdown = true;
 	case NVME_CTRL_CONNECTING:
 	case NVME_CTRL_RESETTING:
 		dev_warn_ratelimited(dev->ctrl.device,
 			 "I/O %d QID %d timeout, disable controller\n",
 			 req->tag, nvmeq->qid);
-		nvme_dev_disable(dev, false);
+		nvme_dev_disable(dev, shutdown);
 		nvme_req(req)->flags |= NVME_REQ_CANCELLED;
 		return BLK_EH_DONE;
 	default:
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 061/118] netfilter: nf_flow_table: check ttl value in flow offload data path
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (59 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 060/118] nvme-pci: shutdown on timeout during deletion Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 062/118] netfilter: nf_flow_table: fix netdev refcnt leak Greg Kroah-Hartman
                   ` (61 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Taehee Yoo, Pablo Neira Ayuso, Sasha Levin

[ Upstream commit 33cc3c0cfa64c86b6c4bbee86997aea638534931 ]

nf_flow_offload_ip_hook() and nf_flow_offload_ipv6_hook() do not check
ttl value. So, ttl value overflow may occur.

Fixes: 97add9f0d66d ("netfilter: flow table support for IPv4")
Fixes: 0995210753a2 ("netfilter: flow table support for IPv6")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/netfilter/nf_flow_table_ip.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c
index 15ed91309992..129e9ec99ec9 100644
--- a/net/netfilter/nf_flow_table_ip.c
+++ b/net/netfilter/nf_flow_table_ip.c
@@ -181,6 +181,9 @@ static int nf_flow_tuple_ip(struct sk_buff *skb, const struct net_device *dev,
 	    iph->protocol != IPPROTO_UDP)
 		return -1;
 
+	if (iph->ttl <= 1)
+		return -1;
+
 	thoff = iph->ihl * 4;
 	if (!pskb_may_pull(skb, thoff + sizeof(*ports)))
 		return -1;
@@ -412,6 +415,9 @@ static int nf_flow_tuple_ipv6(struct sk_buff *skb, const struct net_device *dev,
 	    ip6h->nexthdr != IPPROTO_UDP)
 		return -1;
 
+	if (ip6h->hop_limit <= 1)
+		return -1;
+
 	thoff = sizeof(*ip6h);
 	if (!pskb_may_pull(skb, thoff + sizeof(*ports)))
 		return -1;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 062/118] netfilter: nf_flow_table: fix netdev refcnt leak
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (60 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 061/118] netfilter: nf_flow_table: check ttl value in flow offload data path Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 063/118] ALSA: hda - Register irq handler after the chip initialization Greg Kroah-Hartman
                   ` (60 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Taehee Yoo, Pablo Neira Ayuso, Sasha Levin

[ Upstream commit 26a302afbe328ecb7507cae2035d938e6635131b ]

flow_offload_alloc() calls nf_route() to get a dst_entry. Internally,
nf_route() calls ip_route_output_key() that allocates a dst_entry and
holds it. So, a dst_entry should be released by dst_release() if
nf_route() is successful.

Otherwise, netns exit routine cannot be finished and the following
message is printed:

[  257.490952] unregister_netdevice: waiting for lo to become free. Usage count = 1

Fixes: ac2a66665e23 ("netfilter: add generic flow table infrastructure")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/netfilter/nft_flow_offload.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c
index 436cc14cfc59..7f85af4c40ff 100644
--- a/net/netfilter/nft_flow_offload.c
+++ b/net/netfilter/nft_flow_offload.c
@@ -113,6 +113,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr,
 	if (ret < 0)
 		goto err_flow_add;
 
+	dst_release(route.tuple[!dir].dst);
 	return;
 
 err_flow_add:
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 063/118] ALSA: hda - Register irq handler after the chip initialization
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (61 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 062/118] netfilter: nf_flow_table: fix netdev refcnt leak Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 064/118] nvmem: core: fix read buffer in place Greg Kroah-Hartman
                   ` (59 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Liwei Song, Takashi Iwai, Sasha Levin

[ Upstream commit f495222e28275222ab6fd93813bd3d462e16d340 ]

Currently the IRQ handler in HD-audio controller driver is registered
before the chip initialization.  That is, we have some window opened
between the azx_acquire_irq() call and the CORB/RIRB setup.  If an
interrupt is triggered in this small window, the IRQ handler may
access to the uninitialized RIRB buffer, which leads to a NULL
dereference Oops.

This is usually no big problem since most of Intel chips do register
the IRQ via MSI, and we've already fixed the order of the IRQ
enablement and the CORB/RIRB setup in the former commit b61749a89f82
("sound: enable interrupt after dma buffer initialization"), hence the
IRQ won't be triggered in that room.  However, some platforms use a
shared IRQ, and this may allow the IRQ trigger by another source.

Another possibility is the kdump environment: a stale interrupt might
be present in there, the IRQ handler can be falsely triggered as well.

For covering this small race, let's move the azx_acquire_irq() call
after hda_intel_init_chip() call.  Although this is a bit radical
change, it can cover more widely than checking the CORB/RIRB setup
locally in the callee side.

Reported-by: Liwei Song <liwei.song@windriver.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 sound/pci/hda/hda_intel.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
index 9bc8a7cb40ea..45bf89ed31de 100644
--- a/sound/pci/hda/hda_intel.c
+++ b/sound/pci/hda/hda_intel.c
@@ -1883,9 +1883,6 @@ static int azx_first_init(struct azx *chip)
 			chip->msi = 0;
 	}
 
-	if (azx_acquire_irq(chip, 0) < 0)
-		return -EBUSY;
-
 	pci_set_master(pci);
 	synchronize_irq(bus->irq);
 
@@ -2000,6 +1997,9 @@ static int azx_first_init(struct azx *chip)
 		return -ENODEV;
 	}
 
+	if (azx_acquire_irq(chip, 0) < 0)
+		return -EBUSY;
+
 	strcpy(card->driver, "HDA-Intel");
 	strlcpy(card->shortname, driver_short_names[chip->driver_type],
 		sizeof(card->shortname));
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 064/118] nvmem: core: fix read buffer in place
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (62 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 063/118] ALSA: hda - Register irq handler after the chip initialization Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 065/118] nvmem: sunxi_sid: Support SID on A83T and H5 Greg Kroah-Hartman
                   ` (58 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jorge Ramirez-Ortiz,
	Srinivas Kandagatla, Sasha Levin

[ Upstream commit 2fe518fecb3a4727393be286db9804cd82ee2d91 ]

When the bit_offset in the cell is zero, the pointer to the msb will
not be properly initialized (ie, will still be pointing to the first
byte in the buffer).

This being the case, if there are bits to clear in the msb, those will
be left untouched while the mask will incorrectly clear bit positions
on the first byte.

This commit also makes sure that any byte unused in the cell is
cleared.

Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/nvmem/core.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
index 7c530c88b3fb..99de51e87f7f 100644
--- a/drivers/nvmem/core.c
+++ b/drivers/nvmem/core.c
@@ -1028,7 +1028,7 @@ EXPORT_SYMBOL_GPL(nvmem_cell_put);
 static void nvmem_shift_read_buffer_in_place(struct nvmem_cell *cell, void *buf)
 {
 	u8 *p, *b;
-	int i, bit_offset = cell->bit_offset;
+	int i, extra, bit_offset = cell->bit_offset;
 
 	p = b = buf;
 	if (bit_offset) {
@@ -1043,11 +1043,16 @@ static void nvmem_shift_read_buffer_in_place(struct nvmem_cell *cell, void *buf)
 			p = b;
 			*b++ >>= bit_offset;
 		}
-
-		/* result fits in less bytes */
-		if (cell->bytes != DIV_ROUND_UP(cell->nbits, BITS_PER_BYTE))
-			*p-- = 0;
+	} else {
+		/* point to the msb */
+		p += cell->bytes - 1;
 	}
+
+	/* result fits in less bytes */
+	extra = cell->bytes - DIV_ROUND_UP(cell->nbits, BITS_PER_BYTE);
+	while (--extra >= 0)
+		*p-- = 0;
+
 	/* clear msb bits if any leftover in the last byte */
 	*p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);
 }
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 065/118] nvmem: sunxi_sid: Support SID on A83T and H5
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (63 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 064/118] nvmem: core: fix read buffer in place Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 066/118] fuse: retrieve: cap requested size to negotiated max_write Greg Kroah-Hartman
                   ` (57 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Chen-Yu Tsai, Maxime Ripard,
	Srinivas Kandagatla, Sasha Levin

[ Upstream commit da75b8909756160b8e785104ba421a20b756c975 ]

The device tree binding already lists compatible strings for these two
SoCs. They don't have the defect as seen on the H3, and the size and
register layout is the same as the A64. Furthermore, the driver does
not include nvmem cell definitions.

Add support for these two compatible strings, re-using the config for
the A64.

Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Acked-by: Maxime Ripard <maxime.ripard@bootlin.com>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/nvmem/sunxi_sid.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/nvmem/sunxi_sid.c b/drivers/nvmem/sunxi_sid.c
index d020f89248fd..69f8e972e29c 100644
--- a/drivers/nvmem/sunxi_sid.c
+++ b/drivers/nvmem/sunxi_sid.c
@@ -235,8 +235,10 @@ static const struct sunxi_sid_cfg sun50i_a64_cfg = {
 static const struct of_device_id sunxi_sid_of_match[] = {
 	{ .compatible = "allwinner,sun4i-a10-sid", .data = &sun4i_a10_cfg },
 	{ .compatible = "allwinner,sun7i-a20-sid", .data = &sun7i_a20_cfg },
+	{ .compatible = "allwinner,sun8i-a83t-sid", .data = &sun50i_a64_cfg },
 	{ .compatible = "allwinner,sun8i-h3-sid", .data = &sun8i_h3_cfg },
 	{ .compatible = "allwinner,sun50i-a64-sid", .data = &sun50i_a64_cfg },
+	{ .compatible = "allwinner,sun50i-h5-sid", .data = &sun50i_a64_cfg },
 	{/* sentinel */},
 };
 MODULE_DEVICE_TABLE(of, sunxi_sid_of_match);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 066/118] fuse: retrieve: cap requested size to negotiated max_write
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (64 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 065/118] nvmem: sunxi_sid: Support SID on A83T and H5 Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 067/118] nfsd: allow fh_want_write to be called twice Greg Kroah-Hartman
                   ` (56 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Kirill Smelkov, Han-Wen Nienhuys,
	Jakob Unterwurzacher, Miklos Szeredi, Sasha Levin

[ Upstream commit 7640682e67b33cab8628729afec8ca92b851394f ]

FUSE filesystem server and kernel client negotiate during initialization
phase, what should be the maximum write size the client will ever issue.
Correspondingly the filesystem server then queues sys_read calls to read
requests with buffer capacity large enough to carry request header + that
max_write bytes. A filesystem server is free to set its max_write in
anywhere in the range between [1*page, fc->max_pages*page]. In particular
go-fuse[2] sets max_write by default as 64K, wheres default fc->max_pages
corresponds to 128K. Libfuse also allows users to configure max_write, but
by default presets it to possible maximum.

If max_write is < fc->max_pages*page, and in NOTIFY_RETRIEVE handler we
allow to retrieve more than max_write bytes, corresponding prepared
NOTIFY_REPLY will be thrown away by fuse_dev_do_read, because the
filesystem server, in full correspondence with server/client contract, will
be only queuing sys_read with ~max_write buffer capacity, and
fuse_dev_do_read throws away requests that cannot fit into server request
buffer. In turn the filesystem server could get stuck waiting indefinitely
for NOTIFY_REPLY since NOTIFY_RETRIEVE handler returned OK which is
understood by clients as that NOTIFY_REPLY was queued and will be sent
back.

Cap requested size to negotiate max_write to avoid the problem.  This
aligns with the way NOTIFY_RETRIEVE handler works, which already
unconditionally caps requested retrieve size to fuse_conn->max_pages.  This
way it should not hurt NOTIFY_RETRIEVE semantic if we return less data than
was originally requested.

Please see [1] for context where the problem of stuck filesystem was hit
for real, how the situation was traced and for more involving patch that
did not make it into the tree.

[1] https://marc.info/?l=linux-fsdevel&m=155057023600853&w=2
[2] https://github.com/hanwen/go-fuse

Signed-off-by: Kirill Smelkov <kirr@nexedi.com>
Cc: Han-Wen Nienhuys <hanwen@google.com>
Cc: Jakob Unterwurzacher <jakobunt@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/fuse/dev.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -1681,7 +1681,7 @@ static int fuse_retrieve(struct fuse_con
 	offset = outarg->offset & ~PAGE_MASK;
 	file_size = i_size_read(inode);
 
-	num = outarg->size;
+	num = min(outarg->size, fc->max_write);
 	if (outarg->offset > file_size)
 		num = 0;
 	else if (outarg->offset + num > file_size)



^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 067/118] nfsd: allow fh_want_write to be called twice
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (65 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 066/118] fuse: retrieve: cap requested size to negotiated max_write Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 068/118] nfsd: avoid uninitialized variable warning Greg Kroah-Hartman
                   ` (55 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, J. Bruce Fields, Sasha Levin

[ Upstream commit 0b8f62625dc309651d0efcb6a6247c933acd8b45 ]

A fuzzer recently triggered lockdep warnings about potential sb_writers
deadlocks caused by fh_want_write().

Looks like we aren't careful to pair each fh_want_write() with an
fh_drop_write().

It's not normally a problem since fh_put() will call fh_drop_write() for
us.  And was OK for NFSv3 where we'd do one operation that might call
fh_want_write(), and then put the filehandle.

But an NFSv4 protocol fuzzer can do weird things like call unlink twice
in a compound, and then we get into trouble.

I'm a little worried about this approach of just leaving everything to
fh_put().  But I think there are probably a lot of
fh_want_write()/fh_drop_write() imbalances so for now I think we need it
to be more forgiving.

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/nfsd/vfs.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fs/nfsd/vfs.h b/fs/nfsd/vfs.h
index a7e107309f76..db351247892d 100644
--- a/fs/nfsd/vfs.h
+++ b/fs/nfsd/vfs.h
@@ -120,8 +120,11 @@ void		nfsd_put_raparams(struct file *file, struct raparms *ra);
 
 static inline int fh_want_write(struct svc_fh *fh)
 {
-	int ret = mnt_want_write(fh->fh_export->ex_path.mnt);
+	int ret;
 
+	if (fh->fh_want_write)
+		return 0;
+	ret = mnt_want_write(fh->fh_export->ex_path.mnt);
 	if (!ret)
 		fh->fh_want_write = true;
 	return ret;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 068/118] nfsd: avoid uninitialized variable warning
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (66 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 067/118] nfsd: allow fh_want_write to be called twice Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 069/118] vfio: Fix WARNING "do not call blocking ops when !TASK_RUNNING" Greg Kroah-Hartman
                   ` (54 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, J. Bruce Fields, Sasha Levin

[ Upstream commit 0ab88ca4bcf18ba21058d8f19220f60afe0d34d8 ]

clang warns that 'contextlen' may be accessed without an initialization:

fs/nfsd/nfs4xdr.c:2911:9: error: variable 'contextlen' is uninitialized when used here [-Werror,-Wuninitialized]
                                                                contextlen);
                                                                ^~~~~~~~~~
fs/nfsd/nfs4xdr.c:2424:16: note: initialize the variable 'contextlen' to silence this warning
        int contextlen;
                      ^
                       = 0

Presumably this cannot happen, as FATTR4_WORD2_SECURITY_LABEL is
set if CONFIG_NFSD_V4_SECURITY_LABEL is enabled.
Adding another #ifdef like the other two in this function
avoids the warning.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/nfsd/nfs4xdr.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index 418fa9c78186..db0beefe65ec 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -2413,8 +2413,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
 	__be32 status;
 	int err;
 	struct nfs4_acl *acl = NULL;
+#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
 	void *context = NULL;
 	int contextlen;
+#endif
 	bool contextsupport = false;
 	struct nfsd4_compoundres *resp = rqstp->rq_resp;
 	u32 minorversion = resp->cstate.minorversion;
@@ -2899,12 +2901,14 @@ out_acl:
 			*p++ = cpu_to_be32(NFS4_CHANGE_TYPE_IS_TIME_METADATA);
 	}
 
+#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
 	if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) {
 		status = nfsd4_encode_security_label(xdr, rqstp, context,
 								contextlen);
 		if (status)
 			goto out;
 	}
+#endif
 
 	attrlen = htonl(xdr->buf->len - attrlen_offset - 4);
 	write_bytes_to_xdr_buf(xdr->buf, attrlen_offset, &attrlen, 4);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 069/118] vfio: Fix WARNING "do not call blocking ops when !TASK_RUNNING"
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (67 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 068/118] nfsd: avoid uninitialized variable warning Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 070/118] iommu/arm-smmu-v3: Dont disable SMMU in kdump kernel Greg Kroah-Hartman
                   ` (53 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Farhan Ali, Alex Williamson, Sasha Levin

[ Upstream commit 41be3e2618174fdf3361e49e64f2bf530f40c6b0 ]

vfio_dev_present() which is the condition to
wait_event_interruptible_timeout(), will call vfio_group_get_device
and try to acquire the mutex group->device_lock.

wait_event_interruptible_timeout() will set the state of the current
task to TASK_INTERRUPTIBLE, before doing the condition check. This
means that we will try to acquire the mutex while already in a
sleeping state. The scheduler warns us by giving the following
warning:

[ 4050.264464] ------------[ cut here ]------------
[ 4050.264508] do not call blocking ops when !TASK_RUNNING; state=1 set at [<00000000b33c00e2>] prepare_to_wait_event+0x14a/0x188
[ 4050.264529] WARNING: CPU: 12 PID: 35924 at kernel/sched/core.c:6112 __might_sleep+0x76/0x90
....

 4050.264756] Call Trace:
[ 4050.264765] ([<000000000017bbaa>] __might_sleep+0x72/0x90)
[ 4050.264774]  [<0000000000b97edc>] __mutex_lock+0x44/0x8c0
[ 4050.264782]  [<0000000000b9878a>] mutex_lock_nested+0x32/0x40
[ 4050.264793]  [<000003ff800d7abe>] vfio_group_get_device+0x36/0xa8 [vfio]
[ 4050.264803]  [<000003ff800d87c0>] vfio_del_group_dev+0x238/0x378 [vfio]
[ 4050.264813]  [<000003ff8015f67c>] mdev_remove+0x3c/0x68 [mdev]
[ 4050.264825]  [<00000000008e01b0>] device_release_driver_internal+0x168/0x268
[ 4050.264834]  [<00000000008de692>] bus_remove_device+0x162/0x190
[ 4050.264843]  [<00000000008daf42>] device_del+0x1e2/0x368
[ 4050.264851]  [<00000000008db12c>] device_unregister+0x64/0x88
[ 4050.264862]  [<000003ff8015ed84>] mdev_device_remove+0xec/0x130 [mdev]
[ 4050.264872]  [<000003ff8015f074>] remove_store+0x6c/0xa8 [mdev]
[ 4050.264881]  [<000000000046f494>] kernfs_fop_write+0x14c/0x1f8
[ 4050.264890]  [<00000000003c1530>] __vfs_write+0x38/0x1a8
[ 4050.264899]  [<00000000003c187c>] vfs_write+0xb4/0x198
[ 4050.264908]  [<00000000003c1af2>] ksys_write+0x5a/0xb0
[ 4050.264916]  [<0000000000b9e270>] system_call+0xdc/0x2d8
[ 4050.264925] 4 locks held by sh/35924:
[ 4050.264933]  #0: 000000001ef90325 (sb_writers#4){.+.+}, at: vfs_write+0x9e/0x198
[ 4050.264948]  #1: 000000005c1ab0b3 (&of->mutex){+.+.}, at: kernfs_fop_write+0x1cc/0x1f8
[ 4050.264963]  #2: 0000000034831ab8 (kn->count#297){++++}, at: kernfs_remove_self+0x12e/0x150
[ 4050.264979]  #3: 00000000e152484f (&dev->mutex){....}, at: device_release_driver_internal+0x5c/0x268
[ 4050.264993] Last Breaking-Event-Address:
[ 4050.265002]  [<000000000017bbaa>] __might_sleep+0x72/0x90
[ 4050.265010] irq event stamp: 7039
[ 4050.265020] hardirqs last  enabled at (7047): [<00000000001cee7a>] console_unlock+0x6d2/0x740
[ 4050.265029] hardirqs last disabled at (7054): [<00000000001ce87e>] console_unlock+0xd6/0x740
[ 4050.265040] softirqs last  enabled at (6416): [<0000000000b8fe26>] __udelay+0xb6/0x100
[ 4050.265049] softirqs last disabled at (6415): [<0000000000b8fe06>] __udelay+0x96/0x100
[ 4050.265057] ---[ end trace d04a07d39d99a9f9 ]---

Let's fix this as described in the article
https://lwn.net/Articles/628628/.

Signed-off-by: Farhan Ali <alifm@linux.ibm.com>
[remove now redundant vfio_dev_present()]
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/vfio/vfio.c | 30 ++++++++++--------------------
 1 file changed, 10 insertions(+), 20 deletions(-)

diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c
index 64833879f75d..7a386fb30bf1 100644
--- a/drivers/vfio/vfio.c
+++ b/drivers/vfio/vfio.c
@@ -34,6 +34,7 @@
 #include <linux/uaccess.h>
 #include <linux/vfio.h>
 #include <linux/wait.h>
+#include <linux/sched/signal.h>
 
 #define DRIVER_VERSION	"0.3"
 #define DRIVER_AUTHOR	"Alex Williamson <alex.williamson@redhat.com>"
@@ -904,30 +905,17 @@ void *vfio_device_data(struct vfio_device *device)
 }
 EXPORT_SYMBOL_GPL(vfio_device_data);
 
-/* Given a referenced group, check if it contains the device */
-static bool vfio_dev_present(struct vfio_group *group, struct device *dev)
-{
-	struct vfio_device *device;
-
-	device = vfio_group_get_device(group, dev);
-	if (!device)
-		return false;
-
-	vfio_device_put(device);
-	return true;
-}
-
 /*
  * Decrement the device reference count and wait for the device to be
  * removed.  Open file descriptors for the device... */
 void *vfio_del_group_dev(struct device *dev)
 {
+	DEFINE_WAIT_FUNC(wait, woken_wake_function);
 	struct vfio_device *device = dev_get_drvdata(dev);
 	struct vfio_group *group = device->group;
 	void *device_data = device->device_data;
 	struct vfio_unbound_dev *unbound;
 	unsigned int i = 0;
-	long ret;
 	bool interrupted = false;
 
 	/*
@@ -964,6 +952,8 @@ void *vfio_del_group_dev(struct device *dev)
 	 * interval with counter to allow the driver to take escalating
 	 * measures to release the device if it has the ability to do so.
 	 */
+	add_wait_queue(&vfio.release_q, &wait);
+
 	do {
 		device = vfio_group_get_device(group, dev);
 		if (!device)
@@ -975,12 +965,10 @@ void *vfio_del_group_dev(struct device *dev)
 		vfio_device_put(device);
 
 		if (interrupted) {
-			ret = wait_event_timeout(vfio.release_q,
-					!vfio_dev_present(group, dev), HZ * 10);
+			wait_woken(&wait, TASK_UNINTERRUPTIBLE, HZ * 10);
 		} else {
-			ret = wait_event_interruptible_timeout(vfio.release_q,
-					!vfio_dev_present(group, dev), HZ * 10);
-			if (ret == -ERESTARTSYS) {
+			wait_woken(&wait, TASK_INTERRUPTIBLE, HZ * 10);
+			if (signal_pending(current)) {
 				interrupted = true;
 				dev_warn(dev,
 					 "Device is currently in use, task"
@@ -989,8 +977,10 @@ void *vfio_del_group_dev(struct device *dev)
 					 current->comm, task_pid_nr(current));
 			}
 		}
-	} while (ret <= 0);
 
+	} while (1);
+
+	remove_wait_queue(&vfio.release_q, &wait);
 	/*
 	 * In order to support multiple devices per group, devices can be
 	 * plucked from the group while other devices in the group are still
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 070/118] iommu/arm-smmu-v3: Dont disable SMMU in kdump kernel
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (68 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 069/118] vfio: Fix WARNING "do not call blocking ops when !TASK_RUNNING" Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-16 19:42   ` Pavel Machek
  2019-06-13  8:33 ` [PATCH 4.19 071/118] switchtec: Fix unintended mask of MRPC event Greg Kroah-Hartman
                   ` (52 subsequent siblings)
  122 siblings, 1 reply; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Leizhen (ThunderTown),
	Bhupesh Sharma, Will Deacon, Sasha Levin

[ Upstream commit 3f54c447df34ff9efac7809a4a80fd3208efc619 ]

Disabling the SMMU when probing from within a kdump kernel so that all
incoming transactions are terminated can prevent the core of the crashed
kernel from being transferred off the machine if all I/O devices are
behind the SMMU.

Instead, continue to probe the SMMU after it is disabled so that we can
reinitialise it entirely and re-attach the DMA masters as they are reset.
Since the kdump kernel may not have drivers for all of the active DMA
masters, we suppress fault reporting to avoid spamming the console and
swamping the IRQ threads.

Reported-by: "Leizhen (ThunderTown)" <thunder.leizhen@huawei.com>
Tested-by: "Leizhen (ThunderTown)" <thunder.leizhen@huawei.com>
Tested-by: Bhupesh Sharma <bhsharma@redhat.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/iommu/arm-smmu-v3.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/drivers/iommu/arm-smmu-v3.c b/drivers/iommu/arm-smmu-v3.c
index 9ae3678844eb..40fbf20d69e5 100644
--- a/drivers/iommu/arm-smmu-v3.c
+++ b/drivers/iommu/arm-smmu-v3.c
@@ -2414,13 +2414,9 @@ static int arm_smmu_device_reset(struct arm_smmu_device *smmu, bool bypass)
 	/* Clear CR0 and sync (disables SMMU and queue processing) */
 	reg = readl_relaxed(smmu->base + ARM_SMMU_CR0);
 	if (reg & CR0_SMMUEN) {
-		if (is_kdump_kernel()) {
-			arm_smmu_update_gbpa(smmu, GBPA_ABORT, 0);
-			arm_smmu_device_disable(smmu);
-			return -EBUSY;
-		}
-
 		dev_warn(smmu->dev, "SMMU currently enabled! Resetting...\n");
+		WARN_ON(is_kdump_kernel() && !disable_bypass);
+		arm_smmu_update_gbpa(smmu, GBPA_ABORT, 0);
 	}
 
 	ret = arm_smmu_device_disable(smmu);
@@ -2513,6 +2509,8 @@ static int arm_smmu_device_reset(struct arm_smmu_device *smmu, bool bypass)
 		return ret;
 	}
 
+	if (is_kdump_kernel())
+		enables &= ~(CR0_EVTQEN | CR0_PRIQEN);
 
 	/* Enable the SMMU interface, or ensure bypass */
 	if (!bypass || disable_bypass) {
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 071/118] switchtec: Fix unintended mask of MRPC event
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (69 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 070/118] iommu/arm-smmu-v3: Dont disable SMMU in kdump kernel Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 072/118] net: thunderbolt: Unregister ThunderboltIP protocol handler when suspending Greg Kroah-Hartman
                   ` (51 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Wesley Sheng, Bjorn Helgaas,
	Logan Gunthorpe, Sasha Levin

[ Upstream commit 083c1b5e50b701899dc32445efa8b153685260d5 ]

When running application tool switchtec-user's `firmware update` and `event
wait` commands concurrently, sometimes the firmware update speed reduced
significantly.

It is because when the MRPC event happened after MRPC event occurrence
check but before the event mask loop reaches its header register in event
ISR, the MRPC event would be masked unintentionally.  Since there's no
chance to enable it again except for a module reload, all the following
MRPC execution completion checks time out.

Fix this bug by skipping the mask operation for MRPC event in event ISR,
same as what we already do for LINK event.

Fixes: 52eabba5bcdb ("switchtec: Add IOCTLs to the Switchtec driver")
Signed-off-by: Wesley Sheng <wesley.sheng@microchip.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Logan Gunthorpe <logang@deltatee.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pci/switch/switchtec.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/pci/switch/switchtec.c b/drivers/pci/switch/switchtec.c
index 37d0c15c9eeb..72db2e0ebced 100644
--- a/drivers/pci/switch/switchtec.c
+++ b/drivers/pci/switch/switchtec.c
@@ -1116,7 +1116,8 @@ static int mask_event(struct switchtec_dev *stdev, int eid, int idx)
 	if (!(hdr & SWITCHTEC_EVENT_OCCURRED && hdr & SWITCHTEC_EVENT_EN_IRQ))
 		return 0;
 
-	if (eid == SWITCHTEC_IOCTL_EVENT_LINK_STATE)
+	if (eid == SWITCHTEC_IOCTL_EVENT_LINK_STATE ||
+	    eid == SWITCHTEC_IOCTL_EVENT_MRPC_COMP)
 		return 0;
 
 	dev_dbg(&stdev->dev, "%s: %d %d %x\n", __func__, eid, idx, hdr);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 072/118] net: thunderbolt: Unregister ThunderboltIP protocol handler when suspending
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (70 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 071/118] switchtec: Fix unintended mask of MRPC event Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 073/118] x86/PCI: Fix PCI IRQ routing table memory leak Greg Kroah-Hartman
                   ` (50 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Mika Westerberg, David S. Miller,
	Sasha Levin

[ Upstream commit 9872760eb7b1d4f6066ad8b560714a5d0a728fdb ]

The XDomain protocol messages may start as soon as Thunderbolt control
channel is started. This means that if the other host starts sending
ThunderboltIP packets early enough they will be passed to the network
driver which then gets confused because its resume hook is not called
yet.

Fix this by unregistering the ThunderboltIP protocol handler when
suspending and registering it back on resume.

Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/thunderbolt.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/net/thunderbolt.c b/drivers/net/thunderbolt.c
index e0d6760f3219..4b5af2413970 100644
--- a/drivers/net/thunderbolt.c
+++ b/drivers/net/thunderbolt.c
@@ -1285,6 +1285,7 @@ static int __maybe_unused tbnet_suspend(struct device *dev)
 		tbnet_tear_down(net, true);
 	}
 
+	tb_unregister_protocol_handler(&net->handler);
 	return 0;
 }
 
@@ -1293,6 +1294,8 @@ static int __maybe_unused tbnet_resume(struct device *dev)
 	struct tb_service *svc = tb_to_service(dev);
 	struct tbnet *net = tb_service_get_drvdata(svc);
 
+	tb_register_protocol_handler(&net->handler);
+
 	netif_carrier_off(net->dev);
 	if (netif_running(net->dev)) {
 		netif_device_attach(net->dev);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 073/118] x86/PCI: Fix PCI IRQ routing table memory leak
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (71 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 072/118] net: thunderbolt: Unregister ThunderboltIP protocol handler when suspending Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 074/118] i40e: Queues are reserved despite "Invalid argument" error Greg Kroah-Hartman
                   ` (49 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Wenwen Wang, Bjorn Helgaas,
	Ingo Molnar, Thomas Gleixner, Sasha Levin

[ Upstream commit ea094d53580f40c2124cef3d072b73b2425e7bfd ]

In pcibios_irq_init(), the PCI IRQ routing table 'pirq_table' is first
found through pirq_find_routing_table().  If the table is not found and
CONFIG_PCI_BIOS is defined, the table is then allocated in
pcibios_get_irq_routing_table() using kmalloc().  Later, if the I/O APIC is
used, this table is actually not used.  In that case, the allocated table
is not freed, which is a memory leak.

Free the allocated table if it is not used.

Signed-off-by: Wenwen Wang <wang6495@umn.edu>
[bhelgaas: added Ingo's reviewed-by, since the only change since v1 was to
use the irq_routing_table local variable name he suggested]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/x86/pci/irq.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/arch/x86/pci/irq.c b/arch/x86/pci/irq.c
index 52e55108404e..d3a73f9335e1 100644
--- a/arch/x86/pci/irq.c
+++ b/arch/x86/pci/irq.c
@@ -1119,6 +1119,8 @@ static const struct dmi_system_id pciirq_dmi_table[] __initconst = {
 
 void __init pcibios_irq_init(void)
 {
+	struct irq_routing_table *rtable = NULL;
+
 	DBG(KERN_DEBUG "PCI: IRQ init\n");
 
 	if (raw_pci_ops == NULL)
@@ -1129,8 +1131,10 @@ void __init pcibios_irq_init(void)
 	pirq_table = pirq_find_routing_table();
 
 #ifdef CONFIG_PCI_BIOS
-	if (!pirq_table && (pci_probe & PCI_BIOS_IRQ_SCAN))
+	if (!pirq_table && (pci_probe & PCI_BIOS_IRQ_SCAN)) {
 		pirq_table = pcibios_get_irq_routing_table();
+		rtable = pirq_table;
+	}
 #endif
 	if (pirq_table) {
 		pirq_peer_trick();
@@ -1145,8 +1149,10 @@ void __init pcibios_irq_init(void)
 		 * If we're using the I/O APIC, avoid using the PCI IRQ
 		 * routing table
 		 */
-		if (io_apic_assign_pci_irqs)
+		if (io_apic_assign_pci_irqs) {
+			kfree(rtable);
 			pirq_table = NULL;
+		}
 	}
 
 	x86_init.pci.fixup_irqs();
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 074/118] i40e: Queues are reserved despite "Invalid argument" error
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (72 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 073/118] x86/PCI: Fix PCI IRQ routing table memory leak Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 075/118] platform/chrome: cros_ec_proto: check for NULL transfer function Greg Kroah-Hartman
                   ` (48 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Adam Ludkiewicz, Andrew Bowers,
	Jeff Kirsher, Sasha Levin

[ Upstream commit 3e957b377bf4262aec2dd424f28ece94e36814d4 ]

Added a new local variable in the i40e_setup_tc function named
old_queue_pairs so num_queue_pairs can be restored to the correct
value in case configuring queue channels fails. Additionally, moved
the exit label in the i40e_setup_tc function so the if (need_reset)
block can be executed.
Also, fixed data packing in the i40e_setup_tc function.

Signed-off-by: Adam Ludkiewicz <adam.ludkiewicz@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/intel/i40e/i40e_main.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c
index df8808cd7e11..4e04985fb430 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_main.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
@@ -6758,10 +6758,12 @@ static int i40e_setup_tc(struct net_device *netdev, void *type_data)
 	struct i40e_pf *pf = vsi->back;
 	u8 enabled_tc = 0, num_tc, hw;
 	bool need_reset = false;
+	int old_queue_pairs;
 	int ret = -EINVAL;
 	u16 mode;
 	int i;
 
+	old_queue_pairs = vsi->num_queue_pairs;
 	num_tc = mqprio_qopt->qopt.num_tc;
 	hw = mqprio_qopt->qopt.hw;
 	mode = mqprio_qopt->mode;
@@ -6862,6 +6864,7 @@ config_tc:
 		}
 		ret = i40e_configure_queue_channels(vsi);
 		if (ret) {
+			vsi->num_queue_pairs = old_queue_pairs;
 			netdev_info(netdev,
 				    "Failed configuring queue channels\n");
 			need_reset = true;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 075/118] platform/chrome: cros_ec_proto: check for NULL transfer function
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (73 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 074/118] i40e: Queues are reserved despite "Invalid argument" error Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 076/118] PCI: keystone: Prevent ARM32 specific code to be compiled for ARM64 Greg Kroah-Hartman
                   ` (47 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Enrico Granata, Jett Rink,
	Enric Balletbo i Serra, Sasha Levin

[ Upstream commit 94d4e7af14a1170e34cf082d92e4c02de9e9fb88 ]

As new transfer mechanisms are added to the EC codebase, they may
not support v2 of the EC protocol.

If the v3 initial handshake transfer fails, the kernel will try
and call cmd_xfer as a fallback. If v2 is not supported, cmd_xfer
will be NULL, and the code will end up causing a kernel panic.

Add a check for NULL before calling the transfer function, along
with a helpful comment explaining how one might end up in this
situation.

Signed-off-by: Enrico Granata <egranata@chromium.org>
Reviewed-by: Jett Rink <jettrink@chromium.org>
Signed-off-by: Enric Balletbo i Serra <enric.balletbo@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/platform/chrome/cros_ec_proto.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/drivers/platform/chrome/cros_ec_proto.c b/drivers/platform/chrome/cros_ec_proto.c
index e5d5b1adb5a9..ac784ac66ac3 100644
--- a/drivers/platform/chrome/cros_ec_proto.c
+++ b/drivers/platform/chrome/cros_ec_proto.c
@@ -67,6 +67,17 @@ static int send_command(struct cros_ec_device *ec_dev,
 	else
 		xfer_fxn = ec_dev->cmd_xfer;
 
+	if (!xfer_fxn) {
+		/*
+		 * This error can happen if a communication error happened and
+		 * the EC is trying to use protocol v2, on an underlying
+		 * communication mechanism that does not support v2.
+		 */
+		dev_err_once(ec_dev->dev,
+			     "missing EC transfer API, cannot send command\n");
+		return -EIO;
+	}
+
 	ret = (*xfer_fxn)(ec_dev, msg);
 	if (msg->result == EC_RES_IN_PROGRESS) {
 		int i;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 076/118] PCI: keystone: Prevent ARM32 specific code to be compiled for ARM64
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (74 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 075/118] platform/chrome: cros_ec_proto: check for NULL transfer function Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 077/118] soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher Greg Kroah-Hartman
                   ` (46 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Kishon Vijay Abraham I,
	Lorenzo Pieralisi, Sasha Levin

[ Upstream commit f316a2b53cd7f37963ae20ec7072eb27a349a4ce ]

hook_fault_code() is an ARM32 specific API for hooking into data abort.

AM65X platforms (that integrate ARM v8 cores and select CONFIG_ARM64 as
arch) rely on pci-keystone.c but on them the enumeration of a
non-present BDF does not trigger a bus error, so the fixup exception
provided by calling hook_fault_code() is not needed and can be guarded
with CONFIG_ARM.

Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
[lorenzo.pieralisi@arm.com: commit log]
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pci/controller/dwc/pci-keystone.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/pci/controller/dwc/pci-keystone.c b/drivers/pci/controller/dwc/pci-keystone.c
index e88bd221fffe..5e199e7d2d4f 100644
--- a/drivers/pci/controller/dwc/pci-keystone.c
+++ b/drivers/pci/controller/dwc/pci-keystone.c
@@ -237,6 +237,7 @@ static void ks_pcie_setup_interrupts(struct keystone_pcie *ks_pcie)
 		ks_dw_pcie_enable_error_irq(ks_pcie);
 }
 
+#ifdef CONFIG_ARM
 /*
  * When a PCI device does not exist during config cycles, keystone host gets a
  * bus error instead of returning 0xffffffff. This handler always returns 0
@@ -256,6 +257,7 @@ static int keystone_pcie_fault(unsigned long addr, unsigned int fsr,
 
 	return 0;
 }
+#endif
 
 static int __init ks_pcie_host_init(struct pcie_port *pp)
 {
@@ -279,12 +281,14 @@ static int __init ks_pcie_host_init(struct pcie_port *pp)
 	val |= BIT(12);
 	writel(val, pci->dbi_base + PCIE_CAP_BASE + PCI_EXP_DEVCTL);
 
+#ifdef CONFIG_ARM
 	/*
 	 * PCIe access errors that result into OCP errors are caught by ARM as
 	 * "External aborts"
 	 */
 	hook_fault_code(17, keystone_pcie_fault, SIGBUS, 0,
 			"Asynchronous external abort");
+#endif
 
 	return 0;
 }
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 077/118] soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (75 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 076/118] PCI: keystone: Prevent ARM32 specific code to be compiled for ARM64 Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 078/118] clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 Greg Kroah-Hartman
                   ` (45 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Nathan Chancellor, Nick Desaulniers,
	Arnd Bergmann, Matthias Brugger, Sasha Levin

[ Upstream commit 89e28da82836530f1ac7a3a32fecc31f22d79b3e ]

When building with -Wsometimes-uninitialized, Clang warns:

drivers/soc/mediatek/mtk-pmic-wrap.c:1358:6: error: variable 'rdata' is
used uninitialized whenever '||' condition is true
[-Werror,-Wsometimes-uninitialized]

If pwrap_write returns non-zero, pwrap_read will not be called to
initialize rdata, meaning that we will use some random uninitialized
stack value in our print statement. Zero initialize rdata in case this
happens.

Link: https://github.com/ClangBuiltLinux/linux/issues/401
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Matthias Brugger <matthias.bgg@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/soc/mediatek/mtk-pmic-wrap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/soc/mediatek/mtk-pmic-wrap.c b/drivers/soc/mediatek/mtk-pmic-wrap.c
index 4e931fdf4d09..011a40b5fb49 100644
--- a/drivers/soc/mediatek/mtk-pmic-wrap.c
+++ b/drivers/soc/mediatek/mtk-pmic-wrap.c
@@ -1104,7 +1104,7 @@ static bool pwrap_is_pmic_cipher_ready(struct pmic_wrapper *wrp)
 static int pwrap_init_cipher(struct pmic_wrapper *wrp)
 {
 	int ret;
-	u32 rdata;
+	u32 rdata = 0;
 
 	pwrap_writel(wrp, 0x1, PWRAP_CIPHER_SWRST);
 	pwrap_writel(wrp, 0x0, PWRAP_CIPHER_SWRST);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 078/118] clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (76 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 077/118] soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 079/118] soc: rockchip: Set the proper PWM for rk3288 Greg Kroah-Hartman
                   ` (44 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Douglas Anderson, Elaine Zhang,
	Heiko Stuebner, Sasha Levin

[ Upstream commit 57a20248ef3e429dc822f0774bc4e00136c46c83 ]

Experimentally it can be seen that going into deep sleep (specifically
setting PMU_CLR_DMA and PMU_CLR_BUS in RK3288_PMU_PWRMODE_CON1)
appears to fail unless "aclk_dmac1" is on.  The failure is that the
system never signals that it made it into suspend on the GLOBAL_PWROFF
pin and it just hangs.

NOTE that it's confirmed that it's the actual suspend that fails, not
one of the earlier calls to read/write registers.  Specifically if you
comment out the "PMU_GLOBAL_INT_DISABLE" setting in
rk3288_slp_mode_set() and then comment out the "cpu_do_idle()" call in
rockchip_lpmode_enter() then you can exercise the whole suspend path
without any crashing.

This is currently not a problem with suspend upstream because there is
no current way to exercise the deep suspend code.  However, anyone
trying to make it work will run into this issue.

This was not a problem on shipping rk3288-based Chromebooks because
those devices all ran on an old kernel based on 3.14.  On that kernel
"aclk_dmac1" appears to be left on all the time.

There are several ways to skin this problem.

A) We could add "aclk_dmac1" to the list of critical clocks and that
apperas to work, but presumably that wastes power.

B) We could keep a list of "struct clk" objects to enable at suspend
time in clk-rk3288.c and use the standard clock APIs.

C) We could make the rk3288-pmu driver keep a list of clocks to enable
at suspend time.  Presumably this would require a dts and bindings
change.

D) We could just whack the clock on in the existing syscore suspend
function where we whack a bunch of other clocks.  This is particularly
easy because we know for sure that the clock's only parent
("aclk_cpu") is a critical clock so we don't need to do anything more
than ungate it.

In this case I have chosen D) because it seemed like the least work,
but any of the other options would presumably also work fine.

Signed-off-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Elaine Zhang <zhangqing@rock-chips.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/clk/rockchip/clk-rk3288.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/drivers/clk/rockchip/clk-rk3288.c b/drivers/clk/rockchip/clk-rk3288.c
index 64191694ff6e..9cfdbea493bb 100644
--- a/drivers/clk/rockchip/clk-rk3288.c
+++ b/drivers/clk/rockchip/clk-rk3288.c
@@ -835,6 +835,9 @@ static const int rk3288_saved_cru_reg_ids[] = {
 	RK3288_CLKSEL_CON(10),
 	RK3288_CLKSEL_CON(33),
 	RK3288_CLKSEL_CON(37),
+
+	/* We turn aclk_dmac1 on for suspend; this will restore it */
+	RK3288_CLKGATE_CON(10),
 };
 
 static u32 rk3288_saved_cru_regs[ARRAY_SIZE(rk3288_saved_cru_reg_ids)];
@@ -850,6 +853,14 @@ static int rk3288_clk_suspend(void)
 				readl_relaxed(rk3288_cru_base + reg_id);
 	}
 
+	/*
+	 * Going into deep sleep (specifically setting PMU_CLR_DMA in
+	 * RK3288_PMU_PWRMODE_CON1) appears to fail unless
+	 * "aclk_dmac1" is on.
+	 */
+	writel_relaxed(1 << (12 + 16),
+		       rk3288_cru_base + RK3288_CLKGATE_CON(10));
+
 	/*
 	 * Switch PLLs other than DPLL (for SDRAM) to slow mode to
 	 * avoid crashes on resume. The Mask ROM on the system will
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 079/118] soc: rockchip: Set the proper PWM for rk3288
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (77 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 078/118] clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 080/118] ARM: dts: imx51: Specify IMX5_CLK_IPG as "ahb" clock to SDMA Greg Kroah-Hartman
                   ` (43 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Douglas Anderson, Heiko Stuebner,
	Sasha Levin

[ Upstream commit bbdc00a7de24cc90315b1775fb74841373fe12f7 ]

The rk3288 SoC has two PWM implementations available, the "old"
implementation and the "new" one.  You can switch between the two of
them by flipping a bit in the grf.

The "old" implementation is the default at chip power up but isn't the
one that's officially supposed to be used.  ...and, in fact, the
driver that gets selected in Linux using the rk3288 device tree only
supports the "new" implementation.

Long ago I tried to get a switch to the right IP block landed in the
PWM driver (search for "rk3288: Switch to use the proper PWM IP") but
that got rejected.  In the mean time the grf has grown a full-fledged
driver that already sets other random bits like this.  That means we
can now get the fix landed.

For those wondering how things could have possibly worked for the last
4.5 years, folks have mostly been relying on the bootloader to set
this bit.  ...but occasionally folks have pointed back to my old patch
series [1] in downstream kernels.

[1] https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1391597.html

Signed-off-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/soc/rockchip/grf.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/soc/rockchip/grf.c b/drivers/soc/rockchip/grf.c
index 96882ffde67e..3b81e1d75a97 100644
--- a/drivers/soc/rockchip/grf.c
+++ b/drivers/soc/rockchip/grf.c
@@ -66,9 +66,11 @@ static const struct rockchip_grf_info rk3228_grf __initconst = {
 };
 
 #define RK3288_GRF_SOC_CON0		0x244
+#define RK3288_GRF_SOC_CON2		0x24c
 
 static const struct rockchip_grf_value rk3288_defaults[] __initconst = {
 	{ "jtag switching", RK3288_GRF_SOC_CON0, HIWORD_UPDATE(0, 1, 12) },
+	{ "pwm select", RK3288_GRF_SOC_CON2, HIWORD_UPDATE(1, 1, 0) },
 };
 
 static const struct rockchip_grf_info rk3288_grf __initconst = {
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 080/118] ARM: dts: imx51: Specify IMX5_CLK_IPG as "ahb" clock to SDMA
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (78 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 079/118] soc: rockchip: Set the proper PWM for rk3288 Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-15 20:05   ` Pavel Machek
  2019-06-13  8:33 ` [PATCH 4.19 081/118] ARM: dts: imx50: " Greg Kroah-Hartman
                   ` (42 subsequent siblings)
  122 siblings, 1 reply; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Andrey Smirnov,
	Angus Ainslie (Purism),
	Chris Healy, Lucas Stach, Fabio Estevam, Shawn Guo,
	linux-arm-kernel, Sasha Levin

[ Upstream commit 918bbde8085ae147a43dcb491953e0dd8f3e9d6a ]

Since 25aaa75df1e6 SDMA driver uses clock rates of "ipg" and "ahb"
clock to determine if it needs to configure the IP block as operating
at 1:1 or 1:2 clock ratio (ACR bit in SDMAARM_CONFIG). Specifying both
clocks as IMX5_CLK_SDMA results in driver incorrectly thinking that
ratio is 1:1 which results in broken SDMA funtionality. Fix the code
to specify IMX5_CLK_AHB as "ahb" clock for SDMA, to avoid detecting
incorrect clock ratio.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Angus Ainslie (Purism) <angus@akkea.ca>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Shawn Guo <shawnguo@kernel.org>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/boot/dts/imx51.dtsi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm/boot/dts/imx51.dtsi b/arch/arm/boot/dts/imx51.dtsi
index 5c4ba91e43ba..ef2abc097843 100644
--- a/arch/arm/boot/dts/imx51.dtsi
+++ b/arch/arm/boot/dts/imx51.dtsi
@@ -481,7 +481,7 @@
 				reg = <0x83fb0000 0x4000>;
 				interrupts = <6>;
 				clocks = <&clks IMX5_CLK_SDMA_GATE>,
-					 <&clks IMX5_CLK_SDMA_GATE>;
+					 <&clks IMX5_CLK_AHB>;
 				clock-names = "ipg", "ahb";
 				#dma-cells = <3>;
 				fsl,sdma-ram-script-name = "imx/sdma/sdma-imx51.bin";
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 081/118] ARM: dts: imx50: Specify IMX5_CLK_IPG as "ahb" clock to SDMA
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (79 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 080/118] ARM: dts: imx51: Specify IMX5_CLK_IPG as "ahb" clock to SDMA Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 082/118] ARM: dts: imx53: " Greg Kroah-Hartman
                   ` (41 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Andrey Smirnov,
	Angus Ainslie (Purism),
	Chris Healy, Lucas Stach, Fabio Estevam, Shawn Guo,
	linux-arm-kernel, Sasha Levin

[ Upstream commit b7b4fda2636296471e29b78c2aa9535d7bedb7a0 ]

Since 25aaa75df1e6 SDMA driver uses clock rates of "ipg" and "ahb"
clock to determine if it needs to configure the IP block as operating
at 1:1 or 1:2 clock ratio (ACR bit in SDMAARM_CONFIG). Specifying both
clocks as IMX5_CLK_SDMA results in driver incorrectly thinking that
ratio is 1:1 which results in broken SDMA funtionality. Fix the code
to specify IMX5_CLK_AHB as "ahb" clock for SDMA, to avoid detecting
incorrect clock ratio.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Angus Ainslie (Purism) <angus@akkea.ca>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Shawn Guo <shawnguo@kernel.org>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/boot/dts/imx50.dtsi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm/boot/dts/imx50.dtsi b/arch/arm/boot/dts/imx50.dtsi
index 7fae2ffb76fe..ab522c2da6df 100644
--- a/arch/arm/boot/dts/imx50.dtsi
+++ b/arch/arm/boot/dts/imx50.dtsi
@@ -420,7 +420,7 @@
 				reg = <0x63fb0000 0x4000>;
 				interrupts = <6>;
 				clocks = <&clks IMX5_CLK_SDMA_GATE>,
-					 <&clks IMX5_CLK_SDMA_GATE>;
+					 <&clks IMX5_CLK_AHB>;
 				clock-names = "ipg", "ahb";
 				#dma-cells = <3>;
 				fsl,sdma-ram-script-name = "imx/sdma/sdma-imx50.bin";
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 082/118] ARM: dts: imx53: Specify IMX5_CLK_IPG as "ahb" clock to SDMA
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (80 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 081/118] ARM: dts: imx50: " Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 083/118] ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG " Greg Kroah-Hartman
                   ` (40 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Andrey Smirnov,
	Angus Ainslie (Purism),
	Chris Healy, Lucas Stach, Fabio Estevam, Shawn Guo,
	linux-arm-kernel, Sasha Levin

[ Upstream commit 28c168018e0902c67eb9c60d0fc4c8aa166c4efe ]

Since 25aaa75df1e6 SDMA driver uses clock rates of "ipg" and "ahb"
clock to determine if it needs to configure the IP block as operating
at 1:1 or 1:2 clock ratio (ACR bit in SDMAARM_CONFIG). Specifying both
clocks as IMX5_CLK_SDMA results in driver incorrectly thinking that
ratio is 1:1 which results in broken SDMA funtionality. Fix the code
to specify IMX5_CLK_AHB as "ahb" clock for SDMA, to avoid detecting
incorrect clock ratio.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Angus Ainslie (Purism) <angus@akkea.ca>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Shawn Guo <shawnguo@kernel.org>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/boot/dts/imx53.dtsi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm/boot/dts/imx53.dtsi b/arch/arm/boot/dts/imx53.dtsi
index 6386185ae234..b6b0818343c4 100644
--- a/arch/arm/boot/dts/imx53.dtsi
+++ b/arch/arm/boot/dts/imx53.dtsi
@@ -701,7 +701,7 @@
 				reg = <0x63fb0000 0x4000>;
 				interrupts = <6>;
 				clocks = <&clks IMX5_CLK_SDMA_GATE>,
-					 <&clks IMX5_CLK_SDMA_GATE>;
+					 <&clks IMX5_CLK_AHB>;
 				clock-names = "ipg", "ahb";
 				#dma-cells = <3>;
 				fsl,sdma-ram-script-name = "imx/sdma/sdma-imx53.bin";
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 083/118] ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (81 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 082/118] ARM: dts: imx53: " Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 084/118] ARM: dts: imx6sll: Specify IMX6SLL_CLK_IPG as "ipg" " Greg Kroah-Hartman
                   ` (39 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Andrey Smirnov,
	Angus Ainslie (Purism),
	Chris Healy, Lucas Stach, Fabio Estevam, Shawn Guo,
	linux-arm-kernel, Sasha Levin

[ Upstream commit cc839d0f8c284fcb7591780b568f13415bbb737c ]

Since 25aaa75df1e6 SDMA driver uses clock rates of "ipg" and "ahb"
clock to determine if it needs to configure the IP block as operating
at 1:1 or 1:2 clock ratio (ACR bit in SDMAARM_CONFIG). Specifying both
clocks as IMX6SL_CLK_SDMA results in driver incorrectly thinking that
ratio is 1:1 which results in broken SDMA funtionality. Fix the code
to specify IMX6SL_CLK_AHB as "ahb" clock for SDMA, to avoid detecting
incorrect clock ratio.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Angus Ainslie (Purism) <angus@akkea.ca>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Shawn Guo <shawnguo@kernel.org>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/boot/dts/imx6sl.dtsi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm/boot/dts/imx6sl.dtsi b/arch/arm/boot/dts/imx6sl.dtsi
index 7a4f5dace902..2fa88c6f1882 100644
--- a/arch/arm/boot/dts/imx6sl.dtsi
+++ b/arch/arm/boot/dts/imx6sl.dtsi
@@ -739,7 +739,7 @@
 				reg = <0x020ec000 0x4000>;
 				interrupts = <0 2 IRQ_TYPE_LEVEL_HIGH>;
 				clocks = <&clks IMX6SL_CLK_SDMA>,
-					 <&clks IMX6SL_CLK_SDMA>;
+					 <&clks IMX6SL_CLK_AHB>;
 				clock-names = "ipg", "ahb";
 				#dma-cells = <3>;
 				/* imx6sl reuses imx6q sdma firmware */
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 084/118] ARM: dts: imx6sll: Specify IMX6SLL_CLK_IPG as "ipg" clock to SDMA
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (82 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 083/118] ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG " Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 085/118] ARM: dts: imx7d: Specify IMX7D_CLK_IPG " Greg Kroah-Hartman
                   ` (38 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Andrey Smirnov,
	Angus Ainslie (Purism),
	Chris Healy, Lucas Stach, Fabio Estevam, Shawn Guo,
	linux-arm-kernel, Sasha Levin

[ Upstream commit c5ed5daa65d5f665e666b76c3dbfa503066defde ]

Since 25aaa75df1e6 SDMA driver uses clock rates of "ipg" and "ahb"
clock to determine if it needs to configure the IP block as operating
at 1:1 or 1:2 clock ratio (ACR bit in SDMAARM_CONFIG). Specifying both
clocks as IMX6SLL_CLK_SDMA result in driver incorrectly thinking that
ratio is 1:1 which results in broken SDMA funtionality. Fix the code
to specify IMX6SLL_CLK_IPG as "ipg" clock for SDMA, to avoid detecting
incorrect clock ratio.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Angus Ainslie (Purism) <angus@akkea.ca>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Shawn Guo <shawnguo@kernel.org>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/boot/dts/imx6sll.dtsi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm/boot/dts/imx6sll.dtsi b/arch/arm/boot/dts/imx6sll.dtsi
index 3e6ffaf5f104..7c7d5c47578e 100644
--- a/arch/arm/boot/dts/imx6sll.dtsi
+++ b/arch/arm/boot/dts/imx6sll.dtsi
@@ -591,7 +591,7 @@
 				compatible = "fsl,imx6sll-sdma", "fsl,imx35-sdma";
 				reg = <0x020ec000 0x4000>;
 				interrupts = <GIC_SPI 2 IRQ_TYPE_LEVEL_HIGH>;
-				clocks = <&clks IMX6SLL_CLK_SDMA>,
+				clocks = <&clks IMX6SLL_CLK_IPG>,
 					 <&clks IMX6SLL_CLK_SDMA>;
 				clock-names = "ipg", "ahb";
 				#dma-cells = <3>;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 085/118] ARM: dts: imx7d: Specify IMX7D_CLK_IPG as "ipg" clock to SDMA
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (83 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 084/118] ARM: dts: imx6sll: Specify IMX6SLL_CLK_IPG as "ipg" " Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 086/118] ARM: dts: imx6ul: Specify IMX6UL_CLK_IPG " Greg Kroah-Hartman
                   ` (37 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Andrey Smirnov,
	Angus Ainslie (Purism),
	Chris Healy, Lucas Stach, Fabio Estevam, Shawn Guo,
	linux-arm-kernel, Sasha Levin

[ Upstream commit 412b032a1dc72fc9d1c258800355efa6671b6315 ]

Since 25aaa75df1e6 SDMA driver uses clock rates of "ipg" and "ahb"
clock to determine if it needs to configure the IP block as operating
at 1:1 or 1:2 clock ratio (ACR bit in SDMAARM_CONFIG). Specifying both
clocks as IMX7D_CLK_SDMA results in driver incorrectly thinking that
ratio is 1:1 which results in broken SDMA funtionality. Fix the code
to specify IMX7D_CLK_IPG as "ipg" clock for SDMA, to avoid detecting
incorrect clock ratio.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Angus Ainslie (Purism) <angus@akkea.ca>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Shawn Guo <shawnguo@kernel.org>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/boot/dts/imx7s.dtsi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/arm/boot/dts/imx7s.dtsi b/arch/arm/boot/dts/imx7s.dtsi
index a052198f6e96..a7f697b0290f 100644
--- a/arch/arm/boot/dts/imx7s.dtsi
+++ b/arch/arm/boot/dts/imx7s.dtsi
@@ -1050,8 +1050,8 @@
 				compatible = "fsl,imx7d-sdma", "fsl,imx35-sdma";
 				reg = <0x30bd0000 0x10000>;
 				interrupts = <GIC_SPI 2 IRQ_TYPE_LEVEL_HIGH>;
-				clocks = <&clks IMX7D_SDMA_CORE_CLK>,
-					 <&clks IMX7D_AHB_CHANNEL_ROOT_CLK>;
+				clocks = <&clks IMX7D_IPG_ROOT_CLK>,
+					 <&clks IMX7D_SDMA_CORE_CLK>;
 				clock-names = "ipg", "ahb";
 				#dma-cells = <3>;
 				fsl,sdma-ram-script-name = "imx/sdma/sdma-imx7d.bin";
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 086/118] ARM: dts: imx6ul: Specify IMX6UL_CLK_IPG as "ipg" clock to SDMA
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (84 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 085/118] ARM: dts: imx7d: Specify IMX7D_CLK_IPG " Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 087/118] ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG " Greg Kroah-Hartman
                   ` (36 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Andrey Smirnov,
	Angus Ainslie (Purism),
	Chris Healy, Lucas Stach, Fabio Estevam, Shawn Guo,
	linux-arm-kernel, Sasha Levin

[ Upstream commit 7b3132ecefdd1fcdf6b86e62021d0e55ea8034db ]

Since 25aaa75df1e6 SDMA driver uses clock rates of "ipg" and "ahb"
clock to determine if it needs to configure the IP block as operating
at 1:1 or 1:2 clock ratio (ACR bit in SDMAARM_CONFIG). Specifying both
clocks as IMX6UL_CLK_SDMA results in driver incorrectly thinking that
ratio is 1:1 which results in broken SDMA funtionality. Fix the code
to specify IMX6UL_CLK_IPG as "ipg" clock for SDMA, to avoid detecting
incorrect clock ratio.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Angus Ainslie (Purism) <angus@akkea.ca>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Shawn Guo <shawnguo@kernel.org>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/boot/dts/imx6ul.dtsi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm/boot/dts/imx6ul.dtsi b/arch/arm/boot/dts/imx6ul.dtsi
index 6dc0b569acdf..2366f093cc76 100644
--- a/arch/arm/boot/dts/imx6ul.dtsi
+++ b/arch/arm/boot/dts/imx6ul.dtsi
@@ -707,7 +707,7 @@
 					     "fsl,imx35-sdma";
 				reg = <0x020ec000 0x4000>;
 				interrupts = <GIC_SPI 2 IRQ_TYPE_LEVEL_HIGH>;
-				clocks = <&clks IMX6UL_CLK_SDMA>,
+				clocks = <&clks IMX6UL_CLK_IPG>,
 					 <&clks IMX6UL_CLK_SDMA>;
 				clock-names = "ipg", "ahb";
 				#dma-cells = <3>;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 087/118] ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (85 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 086/118] ARM: dts: imx6ul: Specify IMX6UL_CLK_IPG " Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 088/118] ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG " Greg Kroah-Hartman
                   ` (35 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Andrey Smirnov,
	Angus Ainslie (Purism),
	Chris Healy, Lucas Stach, Fabio Estevam, Shawn Guo,
	linux-arm-kernel, Sasha Levin

[ Upstream commit 8979117765c19edc3b01cc0ef853537bf93eea4b ]

Since 25aaa75df1e6 SDMA driver uses clock rates of "ipg" and "ahb"
clock to determine if it needs to configure the IP block as operating
at 1:1 or 1:2 clock ratio (ACR bit in SDMAARM_CONFIG). Specifying both
clocks as IMX6SX_CLK_SDMA results in driver incorrectly thinking that
ratio is 1:1 which results in broken SDMA funtionality. Fix the code
to specify IMX6SX_CLK_IPG as "ipg" clock for SDMA, to avoid detecting
incorrect clock ratio.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Angus Ainslie (Purism) <angus@akkea.ca>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Shawn Guo <shawnguo@kernel.org>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/boot/dts/imx6sx.dtsi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm/boot/dts/imx6sx.dtsi b/arch/arm/boot/dts/imx6sx.dtsi
index 50083cecc6c9..7b62e6fb47eb 100644
--- a/arch/arm/boot/dts/imx6sx.dtsi
+++ b/arch/arm/boot/dts/imx6sx.dtsi
@@ -803,7 +803,7 @@
 				compatible = "fsl,imx6sx-sdma", "fsl,imx6q-sdma";
 				reg = <0x020ec000 0x4000>;
 				interrupts = <GIC_SPI 2 IRQ_TYPE_LEVEL_HIGH>;
-				clocks = <&clks IMX6SX_CLK_SDMA>,
+				clocks = <&clks IMX6SX_CLK_IPG>,
 					 <&clks IMX6SX_CLK_SDMA>;
 				clock-names = "ipg", "ahb";
 				#dma-cells = <3>;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 088/118] ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (86 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 087/118] ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG " Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 089/118] PCI: rpadlpar: Fix leaked device_node references in add/remove paths Greg Kroah-Hartman
                   ` (34 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Andrey Smirnov, Lucas Stach,
	Angus Ainslie (Purism),
	Chris Healy, Fabio Estevam, Shawn Guo, linux-arm-kernel,
	Adam Ford, Sasha Levin

[ Upstream commit b14c872eebc501b9640b04f4a152df51d6eaf2fc ]

Since 25aaa75df1e6 SDMA driver uses clock rates of "ipg" and "ahb"
clock to determine if it needs to configure the IP block as operating
at 1:1 or 1:2 clock ratio (ACR bit in SDMAARM_CONFIG). Specifying both
clocks as IMX6QDL_CLK_SDMA results in driver incorrectly thinking that
ratio is 1:1 which results in broken SDMA funtionality(this at least
breaks RAVE SP serdev driver on RDU2). Fix the code to specify
IMX6QDL_CLK_IPG as "ipg" clock for SDMA, to avoid detecting incorrect
clock ratio.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Reviewed-by: Lucas Stach <l.stach@pengutronix.de>
Cc: Angus Ainslie (Purism) <angus@akkea.ca>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Shawn Guo <shawnguo@kernel.org>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org
Tested-by: Adam Ford <aford173@gmail.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/boot/dts/imx6qdl.dtsi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm/boot/dts/imx6qdl.dtsi b/arch/arm/boot/dts/imx6qdl.dtsi
index 61d2d26afbf4..00d44a60972f 100644
--- a/arch/arm/boot/dts/imx6qdl.dtsi
+++ b/arch/arm/boot/dts/imx6qdl.dtsi
@@ -905,7 +905,7 @@
 				compatible = "fsl,imx6q-sdma", "fsl,imx35-sdma";
 				reg = <0x020ec000 0x4000>;
 				interrupts = <0 2 IRQ_TYPE_LEVEL_HIGH>;
-				clocks = <&clks IMX6QDL_CLK_SDMA>,
+				clocks = <&clks IMX6QDL_CLK_IPG>,
 					 <&clks IMX6QDL_CLK_SDMA>;
 				clock-names = "ipg", "ahb";
 				#dma-cells = <3>;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 089/118] PCI: rpadlpar: Fix leaked device_node references in add/remove paths
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (87 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 088/118] ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG " Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 090/118] drm/amd/display: Use plane->color_space for dpp if specified Greg Kroah-Hartman
                   ` (33 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Tyrel Datwyler, Bjorn Helgaas, Sasha Levin

[ Upstream commit fb26228bfc4ce3951544848555c0278e2832e618 ]

The find_dlpar_node() helper returns a device node with its reference
incremented.  Both the add and remove paths use this helper for find the
appropriate node, but fail to release the reference when done.

Annotate the find_dlpar_node() helper with a comment about the incremented
reference count and call of_node_put() on the obtained device_node in the
add and remove paths.  Also, fixup a reference leak in the find_vio_slot()
helper where we fail to call of_node_put() on the vdevice node after we
iterate over its children.

Signed-off-by: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pci/hotplug/rpadlpar_core.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/pci/hotplug/rpadlpar_core.c b/drivers/pci/hotplug/rpadlpar_core.c
index e2356a9c7088..182f9e3443ee 100644
--- a/drivers/pci/hotplug/rpadlpar_core.c
+++ b/drivers/pci/hotplug/rpadlpar_core.c
@@ -51,6 +51,7 @@ static struct device_node *find_vio_slot_node(char *drc_name)
 		if (rc == 0)
 			break;
 	}
+	of_node_put(parent);
 
 	return dn;
 }
@@ -71,6 +72,7 @@ static struct device_node *find_php_slot_pci_node(char *drc_name,
 	return np;
 }
 
+/* Returns a device_node with its reference count incremented */
 static struct device_node *find_dlpar_node(char *drc_name, int *node_type)
 {
 	struct device_node *dn;
@@ -306,6 +308,7 @@ int dlpar_add_slot(char *drc_name)
 			rc = dlpar_add_phb(drc_name, dn);
 			break;
 	}
+	of_node_put(dn);
 
 	printk(KERN_INFO "%s: slot %s added\n", DLPAR_MODULE_NAME, drc_name);
 exit:
@@ -439,6 +442,7 @@ int dlpar_remove_slot(char *drc_name)
 			rc = dlpar_remove_pci_slot(drc_name, dn);
 			break;
 	}
+	of_node_put(dn);
 	vm_unmap_aliases();
 
 	printk(KERN_INFO "%s: slot %s removed\n", DLPAR_MODULE_NAME, drc_name);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 090/118] drm/amd/display: Use plane->color_space for dpp if specified
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (88 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 089/118] PCI: rpadlpar: Fix leaked device_node references in add/remove paths Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 091/118] ALSA: seq: Protect in-kernel ioctl calls with mutex Greg Kroah-Hartman
                   ` (32 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Nicholas Kazlauskas, Sun peng Li,
	Aric Cyr, Leo Li, Alex Deucher, Sasha Levin

[ Upstream commit a1e07ba89d49581471d64c48152dbe03b42bd025 ]

[Why]
The input color space for the plane was previously ignored even if it
was set.

If a limited range YUV format was given to DC then the
wrong color transformation matrix was being used since DC assumed that
it was full range instead.

[How]
Respect the given color_space format for the plane if it isn't
COLOR_SPACE_UNKNOWN. Otherwise, use the implicit default since DM
didn't specify.

Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
Reviewed-by: Sun peng Li <Sunpeng.Li@amd.com>
Acked-by: Aric Cyr <Aric.Cyr@amd.com>
Acked-by: Leo Li <sunpeng.li@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_dpp.c          | 6 +++++-
 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_dpp.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_dpp.c
index bf8b68f8db4f..bce5741f2952 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_dpp.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_dpp.c
@@ -388,6 +388,10 @@ void dpp1_cnv_setup (
 	default:
 		break;
 	}
+
+	/* Set default color space based on format if none is given. */
+	color_space = input_color_space ? input_color_space : color_space;
+
 	REG_SET(CNVC_SURFACE_PIXEL_FORMAT, 0,
 			CNVC_SURFACE_PIXEL_FORMAT, pixel_format);
 	REG_UPDATE(FORMAT_CONTROL, FORMAT_CONTROL__ALPHA_EN, alpha_en);
@@ -399,7 +403,7 @@ void dpp1_cnv_setup (
 		for (i = 0; i < 12; i++)
 			tbl_entry.regval[i] = input_csc_color_matrix.matrix[i];
 
-		tbl_entry.color_space = input_color_space;
+		tbl_entry.color_space = color_space;
 
 		if (color_space >= COLOR_SPACE_YCBCR601)
 			select = INPUT_CSC_SELECT_ICSC;
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
index a0355709abd1..7736ef123e9b 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
@@ -1890,7 +1890,7 @@ static void update_dpp(struct dpp *dpp, struct dc_plane_state *plane_state)
 			plane_state->format,
 			EXPANSION_MODE_ZERO,
 			plane_state->input_csc_color_matrix,
-			COLOR_SPACE_YCBCR601_LIMITED);
+			plane_state->color_space);
 
 	//set scale and bias registers
 	build_prescale_params(&bns_params, plane_state);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 091/118] ALSA: seq: Protect in-kernel ioctl calls with mutex
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (89 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 090/118] drm/amd/display: Use plane->color_space for dpp if specified Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 092/118] ARM: OMAP2+: pm33xx-core: Do not Turn OFF CEFUSE as PPA may be using it Greg Kroah-Hartman
                   ` (31 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, syzbot+e4c8abb920efa77bace9,
	Takashi Iwai, Sasha Levin

[ Upstream commit feb689025fbb6f0aa6297d3ddf97de945ea4ad32 ]

ALSA OSS sequencer calls the ioctl function indirectly via
snd_seq_kernel_client_ctl().  While we already applied the protection
against races between the normal ioctls and writes via the client's
ioctl_mutex, this code path was left untouched.  And this seems to be
the cause of still remaining some rare UAF as spontaneously triggered
by syzkaller.

For the sake of robustness, wrap the ioctl_mutex also for the call via
snd_seq_kernel_client_ctl(), too.

Reported-by: syzbot+e4c8abb920efa77bace9@syzkaller.appspotmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 sound/core/seq/seq_clientmgr.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c
index b55cb96d1fed..40ae8f67efde 100644
--- a/sound/core/seq/seq_clientmgr.c
+++ b/sound/core/seq/seq_clientmgr.c
@@ -2343,14 +2343,19 @@ int snd_seq_kernel_client_ctl(int clientid, unsigned int cmd, void *arg)
 {
 	const struct ioctl_handler *handler;
 	struct snd_seq_client *client;
+	int err;
 
 	client = clientptr(clientid);
 	if (client == NULL)
 		return -ENXIO;
 
 	for (handler = ioctl_handlers; handler->cmd > 0; ++handler) {
-		if (handler->cmd == cmd)
-			return handler->func(client, arg);
+		if (handler->cmd == cmd) {
+			mutex_lock(&client->ioctl_mutex);
+			err = handler->func(client, arg);
+			mutex_unlock(&client->ioctl_mutex);
+			return err;
+		}
 	}
 
 	pr_debug("ALSA: seq unknown ioctl() 0x%x (type='%c', number=0x%02x)\n",
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 092/118] ARM: OMAP2+: pm33xx-core: Do not Turn OFF CEFUSE as PPA may be using it
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (90 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 091/118] ALSA: seq: Protect in-kernel ioctl calls with mutex Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 093/118] platform/x86: intel_pmc_ipc: adding error handling Greg Kroah-Hartman
                   ` (30 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Kabir Sahane, Andrew F. Davis,
	Tony Lindgren, Sasha Levin

[ Upstream commit 72aff4ecf1cb85a3c6e6b42ccbda0bc631b090b3 ]

This area is used to store keys by HSPPA in case of AM438x SOC. Leave it
active.

Signed-off-by: Kabir Sahane <x0153567@ti.com>
Signed-off-by: Andrew F. Davis <afd@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/mach-omap2/pm33xx-core.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/arch/arm/mach-omap2/pm33xx-core.c b/arch/arm/mach-omap2/pm33xx-core.c
index f4971e4a86b2..ca7026958d42 100644
--- a/arch/arm/mach-omap2/pm33xx-core.c
+++ b/arch/arm/mach-omap2/pm33xx-core.c
@@ -51,10 +51,12 @@ static int amx3_common_init(void)
 
 	/* CEFUSE domain can be turned off post bootup */
 	cefuse_pwrdm = pwrdm_lookup("cefuse_pwrdm");
-	if (cefuse_pwrdm)
-		omap_set_pwrdm_state(cefuse_pwrdm, PWRDM_POWER_OFF);
-	else
+	if (!cefuse_pwrdm)
 		pr_err("PM: Failed to get cefuse_pwrdm\n");
+	else if (omap_type() != OMAP2_DEVICE_TYPE_GP)
+		pr_info("PM: Leaving EFUSE power domain active\n");
+	else
+		omap_set_pwrdm_state(cefuse_pwrdm, PWRDM_POWER_OFF);
 
 	return 0;
 }
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 093/118] platform/x86: intel_pmc_ipc: adding error handling
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (91 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 092/118] ARM: OMAP2+: pm33xx-core: Do not Turn OFF CEFUSE as PPA may be using it Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 094/118] power: supply: max14656: fix potential use-before-alloc Greg Kroah-Hartman
                   ` (29 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Junxiao Chang, Andy Shevchenko, Sasha Levin

[ Upstream commit e61985d0550df8c2078310202aaad9b41049c36c ]

If punit or telemetry device initialization fails, pmc driver should
unregister and return failure.

This change is to fix a kernel panic when removing kernel module
intel_pmc_ipc.

Fixes: 48c1917088ba ("platform:x86: Add Intel telemetry platform device")
Signed-off-by: Junxiao Chang <junxiao.chang@intel.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/platform/x86/intel_pmc_ipc.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/platform/x86/intel_pmc_ipc.c b/drivers/platform/x86/intel_pmc_ipc.c
index e7edc8c63936..4ad9d127f2f5 100644
--- a/drivers/platform/x86/intel_pmc_ipc.c
+++ b/drivers/platform/x86/intel_pmc_ipc.c
@@ -776,13 +776,17 @@ static int ipc_create_pmc_devices(void)
 	if (ret) {
 		dev_err(ipcdev.dev, "Failed to add punit platform device\n");
 		platform_device_unregister(ipcdev.tco_dev);
+		return ret;
 	}
 
 	if (!ipcdev.telem_res_inval) {
 		ret = ipc_create_telemetry_device();
-		if (ret)
+		if (ret) {
 			dev_warn(ipcdev.dev,
 				"Failed to add telemetry platform device\n");
+			platform_device_unregister(ipcdev.punit_dev);
+			platform_device_unregister(ipcdev.tco_dev);
+		}
 	}
 
 	return ret;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 094/118] power: supply: max14656: fix potential use-before-alloc
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (92 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 093/118] platform/x86: intel_pmc_ipc: adding error handling Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 095/118] net: hns3: return 0 and print warning when hit duplicate MAC Greg Kroah-Hartman
                   ` (28 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Alexander Kurz, Sven Van Asbroeck,
	Sebastian Reichel, Sasha Levin

[ Upstream commit 0cd0e49711556d2331a06b1117b68dd786cb54d2 ]

Call order on probe():
- max14656_hw_init() enables interrupts on the chip
- devm_request_irq() starts processing interrupts, isr
  could be called immediately
-    isr: schedules delayed work (irq_work)
-    irq_work: calls power_supply_changed()
- devm_power_supply_register() registers the power supply

Depending on timing, it's possible that power_supply_changed()
is called on an unregistered power supply structure.

Fix by registering the power supply before requesting the irq.

Cc: Alexander Kurz <akurz@blala.de>
Signed-off-by: Sven Van Asbroeck <TheSven73@gmail.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/power/supply/max14656_charger_detector.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/drivers/power/supply/max14656_charger_detector.c b/drivers/power/supply/max14656_charger_detector.c
index b91b1d2999dc..d19307f791c6 100644
--- a/drivers/power/supply/max14656_charger_detector.c
+++ b/drivers/power/supply/max14656_charger_detector.c
@@ -280,6 +280,13 @@ static int max14656_probe(struct i2c_client *client,
 
 	INIT_DELAYED_WORK(&chip->irq_work, max14656_irq_worker);
 
+	chip->detect_psy = devm_power_supply_register(dev,
+		       &chip->psy_desc, &psy_cfg);
+	if (IS_ERR(chip->detect_psy)) {
+		dev_err(dev, "power_supply_register failed\n");
+		return -EINVAL;
+	}
+
 	ret = devm_request_irq(dev, chip->irq, max14656_irq,
 			       IRQF_TRIGGER_FALLING,
 			       MAX14656_NAME, chip);
@@ -289,13 +296,6 @@ static int max14656_probe(struct i2c_client *client,
 	}
 	enable_irq_wake(chip->irq);
 
-	chip->detect_psy = devm_power_supply_register(dev,
-		       &chip->psy_desc, &psy_cfg);
-	if (IS_ERR(chip->detect_psy)) {
-		dev_err(dev, "power_supply_register failed\n");
-		return -EINVAL;
-	}
-
 	schedule_delayed_work(&chip->irq_work, msecs_to_jiffies(2000));
 
 	return 0;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 095/118] net: hns3: return 0 and print warning when hit duplicate MAC
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (93 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 094/118] power: supply: max14656: fix potential use-before-alloc Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 096/118] PCI: rcar: Fix a potential NULL pointer dereference Greg Kroah-Hartman
                   ` (27 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Peng Li, Huazhong Tan,
	David S. Miller, Sasha Levin

[ Upstream commit 72110b567479f0282489a9b3747e76d8c67d75f5 ]

When set 2 same MAC to different function of one port, IMP
will return error as the later one may modify the origin one.
This will cause bond fail for 2 VFs of one port.

Driver just print warning and return 0 with this patch, so
if set same MAC address, it will return 0 but do not really
configure HW.

Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
index 340baf6a470c..4648c6a9d9e8 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
@@ -4300,8 +4300,11 @@ int hclge_add_uc_addr_common(struct hclge_vport *vport,
 		return hclge_add_mac_vlan_tbl(vport, &req, NULL);
 
 	/* check if we just hit the duplicate */
-	if (!ret)
-		ret = -EINVAL;
+	if (!ret) {
+		dev_warn(&hdev->pdev->dev, "VF %d mac(%pM) exists\n",
+			 vport->vport_id, addr);
+		return 0;
+	}
 
 	dev_err(&hdev->pdev->dev,
 		"PF failed to add unicast entry(%pM) in the MAC table\n",
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 096/118] PCI: rcar: Fix a potential NULL pointer dereference
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (94 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 095/118] net: hns3: return 0 and print warning when hit duplicate MAC Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 097/118] PCI: rcar: Fix 64bit MSI message address handling Greg Kroah-Hartman
                   ` (26 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Kangjie Lu, Lorenzo Pieralisi,
	Ulrich Hecht, Geert Uytterhoeven, Simon Horman, Sasha Levin

[ Upstream commit f0d14edd2ba43b995bef4dd5da5ffe0ae19321a1 ]

In case __get_free_pages() fails and returns NULL, fix the return
value to -ENOMEM and release resources to avoid dereferencing a
NULL pointer.

Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Reviewed-by: Ulrich Hecht <uli+renesas@fpond.eu>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Simon Horman <horms+renesas@verge.net.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pci/controller/pcie-rcar.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/pci/controller/pcie-rcar.c b/drivers/pci/controller/pcie-rcar.c
index 6a4e435bd35f..765c39911c0c 100644
--- a/drivers/pci/controller/pcie-rcar.c
+++ b/drivers/pci/controller/pcie-rcar.c
@@ -931,6 +931,10 @@ static int rcar_pcie_enable_msi(struct rcar_pcie *pcie)
 
 	/* setup MSI data target */
 	msi->pages = __get_free_pages(GFP_KERNEL, 0);
+	if (!msi->pages) {
+		err = -ENOMEM;
+		goto err;
+	}
 	base = virt_to_phys((void *)msi->pages);
 
 	rcar_pci_write_reg(pcie, base | MSIFE, PCIEMSIALR);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 097/118] PCI: rcar: Fix 64bit MSI message address handling
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (95 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 096/118] PCI: rcar: Fix a potential NULL pointer dereference Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 098/118] scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags Greg Kroah-Hartman
                   ` (25 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Marek Vasut, Lorenzo Pieralisi,
	Simon Horman, Geert Uytterhoeven, Phil Edworthy, Wolfram Sang,
	linux-renesas-soc, Sasha Levin

[ Upstream commit 954b4b752a4c4e963b017ed8cef4c453c5ed308d ]

The MSI message address in the RC address space can be 64 bit. The
R-Car PCIe RC supports such a 64bit MSI message address as well.
The code currently uses virt_to_phys(__get_free_pages()) to obtain
a reserved page for the MSI message address, and the return value
of which can be a 64 bit physical address on 64 bit system.

However, the driver only programs PCIEMSIALR register with the bottom
32 bits of the virt_to_phys(__get_free_pages()) return value and does
not program the top 32 bits into PCIEMSIAUR, but rather programs the
PCIEMSIAUR register with 0x0. This worked fine on older 32 bit R-Car
SoCs, however may fail on new 64 bit R-Car SoCs.

Since from a PCIe controller perspective, an inbound MSI is a memory
write to a special address (in case of this controller, defined by
the value in PCIEMSIAUR:PCIEMSIALR), which triggers an interrupt, but
never hits the DRAM _and_ because allocation of an MSI by a PCIe card
driver obtains the MSI message address by reading PCIEMSIAUR:PCIEMSIALR
in rcar_msi_setup_irqs(), incorrectly programmed PCIEMSIAUR cannot
cause memory corruption or other issues.

There is however the possibility that if virt_to_phys(__get_free_pages())
returned address above the 32bit boundary _and_ PCIEMSIAUR was programmed
to 0x0 _and_ if the system had physical RAM at the address matching the
value of PCIEMSIALR, a PCIe card driver could allocate a buffer with a
physical address matching the value of PCIEMSIALR and a remote write to
such a buffer by a PCIe card would trigger a spurious MSI.

Fixes: e015f88c368d ("PCI: rcar: Add support for R-Car H3 to pcie-rcar")
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Reviewed-by: Simon Horman <horms+renesas@verge.net.au>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Cc: Geert Uytterhoeven <geert+renesas@glider.be>
Cc: Phil Edworthy <phil.edworthy@renesas.com>
Cc: Simon Horman <horms+renesas@verge.net.au>
Cc: Wolfram Sang <wsa@the-dreams.de>
Cc: linux-renesas-soc@vger.kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pci/controller/pcie-rcar.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/pci/controller/pcie-rcar.c b/drivers/pci/controller/pcie-rcar.c
index 765c39911c0c..9b9c677ad3a0 100644
--- a/drivers/pci/controller/pcie-rcar.c
+++ b/drivers/pci/controller/pcie-rcar.c
@@ -892,7 +892,7 @@ static int rcar_pcie_enable_msi(struct rcar_pcie *pcie)
 {
 	struct device *dev = pcie->dev;
 	struct rcar_msi *msi = &pcie->msi;
-	unsigned long base;
+	phys_addr_t base;
 	int err, i;
 
 	mutex_init(&msi->lock);
@@ -937,8 +937,8 @@ static int rcar_pcie_enable_msi(struct rcar_pcie *pcie)
 	}
 	base = virt_to_phys((void *)msi->pages);
 
-	rcar_pci_write_reg(pcie, base | MSIFE, PCIEMSIALR);
-	rcar_pci_write_reg(pcie, 0, PCIEMSIAUR);
+	rcar_pci_write_reg(pcie, lower_32_bits(base) | MSIFE, PCIEMSIALR);
+	rcar_pci_write_reg(pcie, upper_32_bits(base), PCIEMSIAUR);
 
 	/* enable all MSI interrupts */
 	rcar_pci_write_reg(pcie, 0xffffffff, PCIEMSIIER);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 098/118] scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (96 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 097/118] PCI: rcar: Fix 64bit MSI message address handling Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 099/118] video: hgafb: fix potential NULL pointer dereference Greg Kroah-Hartman
                   ` (24 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Giridhar Malavali, Himanshu Madhani,
	Martin K. Petersen, Sasha Levin

[ Upstream commit 0257eda08e806b82ee1fc90ef73583b6f022845c ]

Driver maintains state machine for processing and completing switch
commands. This patch resets FCF_ASYNC_{SENT|ACTIVE} flag to indicate if the
previous command is active or sent, in order for next GPSC command to
advance the state machine.

[mkp: commit desc typo]

Signed-off-by: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/scsi/qla2xxx/qla_gs.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/scsi/qla2xxx/qla_gs.c b/drivers/scsi/qla2xxx/qla_gs.c
index de3f2a097451..1f1a05a90d3d 100644
--- a/drivers/scsi/qla2xxx/qla_gs.c
+++ b/drivers/scsi/qla2xxx/qla_gs.c
@@ -3261,6 +3261,8 @@ static void qla24xx_async_gpsc_sp_done(void *s, int res)
 	    "Async done-%s res %x, WWPN %8phC \n",
 	    sp->name, res, fcport->port_name);
 
+	fcport->flags &= ~(FCF_ASYNC_SENT | FCF_ASYNC_ACTIVE);
+
 	if (res == QLA_FUNCTION_TIMEOUT)
 		return;
 
@@ -4604,6 +4606,7 @@ int qla24xx_async_gnnid(scsi_qla_host_t *vha, fc_port_t *fcport)
 
 done_free_sp:
 	sp->free(sp);
+	fcport->flags &= ~FCF_ASYNC_SENT;
 done:
 	return rval;
 }
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 099/118] video: hgafb: fix potential NULL pointer dereference
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (97 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 098/118] scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 100/118] video: imsttfb: fix potential NULL pointer dereferences Greg Kroah-Hartman
                   ` (23 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Kangjie Lu, Aditya Pakki,
	Ferenc Bakonyi, Bartlomiej Zolnierkiewicz, Sasha Levin

[ Upstream commit ec7f6aad57ad29e4e66cc2e18e1e1599ddb02542 ]

When ioremap fails, hga_vram should not be dereferenced. The fix
check the failure to avoid NULL pointer dereference.

Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Cc: Aditya Pakki <pakki001@umn.edu>
Cc: Ferenc Bakonyi <fero@drama.obuda.kando.hu>
[b.zolnierkie: minor patch summary fixup]
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/video/fbdev/hgafb.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/video/fbdev/hgafb.c b/drivers/video/fbdev/hgafb.c
index 463028543173..59e1cae57948 100644
--- a/drivers/video/fbdev/hgafb.c
+++ b/drivers/video/fbdev/hgafb.c
@@ -285,6 +285,8 @@ static int hga_card_detect(void)
 	hga_vram_len  = 0x08000;
 
 	hga_vram = ioremap(0xb0000, hga_vram_len);
+	if (!hga_vram)
+		goto error;
 
 	if (request_region(0x3b0, 12, "hgafb"))
 		release_io_ports = 1;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 100/118] video: imsttfb: fix potential NULL pointer dereferences
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (98 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 099/118] video: hgafb: fix potential NULL pointer dereference Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:33 ` [PATCH 4.19 101/118] block, bfq: increase idling for weight-raised queues Greg Kroah-Hartman
                   ` (22 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Kangjie Lu, Aditya Pakki, Finn Thain,
	Rob Herring, Bartlomiej Zolnierkiewicz, Sasha Levin

[ Upstream commit 1d84353d205a953e2381044953b7fa31c8c9702d ]

In case ioremap fails, the fix releases resources and returns
-ENOMEM to avoid NULL pointer dereferences.

Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Cc: Aditya Pakki <pakki001@umn.edu>
Cc: Finn Thain <fthain@telegraphics.com.au>
Cc: Rob Herring <robh@kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[b.zolnierkie: minor patch summary fixup]
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/video/fbdev/imsttfb.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/video/fbdev/imsttfb.c b/drivers/video/fbdev/imsttfb.c
index ecdcf358ad5e..ffcf553719a3 100644
--- a/drivers/video/fbdev/imsttfb.c
+++ b/drivers/video/fbdev/imsttfb.c
@@ -1516,6 +1516,11 @@ static int imsttfb_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
 	info->fix.smem_start = addr;
 	info->screen_base = (__u8 *)ioremap(addr, par->ramdac == IBM ?
 					    0x400000 : 0x800000);
+	if (!info->screen_base) {
+		release_mem_region(addr, size);
+		framebuffer_release(info);
+		return -ENOMEM;
+	}
 	info->fix.mmio_start = addr + 0x800000;
 	par->dc_regs = ioremap(addr + 0x800000, 0x1000);
 	par->cmap_regs_phys = addr + 0x840000;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 101/118] block, bfq: increase idling for weight-raised queues
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (99 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 100/118] video: imsttfb: fix potential NULL pointer dereferences Greg Kroah-Hartman
@ 2019-06-13  8:33 ` Greg Kroah-Hartman
  2019-06-13  8:34 ` [PATCH 4.19 102/118] PCI: xilinx: Check for __get_free_pages() failure Greg Kroah-Hartman
                   ` (21 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Holger Hoffstätte,
	Oleksandr Natalenko, Paolo Valente, Jens Axboe, Sasha Levin

[ Upstream commit 778c02a236a8728bb992de10ed1f12c0be5b7b0e ]

If a sync bfq_queue has a higher weight than some other queue, and
remains temporarily empty while in service, then, to preserve the
bandwidth share of the queue, it is necessary to plug I/O dispatching
until a new request arrives for the queue. In addition, a timeout
needs to be set, to avoid waiting for ever if the process associated
with the queue has actually finished its I/O.

Even with the above timeout, the device is however not fed with new
I/O for a while, if the process has finished its I/O. If this happens
often, then throughput drops and latencies grow. For this reason, the
timeout is kept rather low: 8 ms is the current default.

Unfortunately, such a low value may cause, on the opposite end, a
violation of bandwidth guarantees for a process that happens to issue
new I/O too late. The higher the system load, the higher the
probability that this happens to some process. This is a problem in
scenarios where service guarantees matter more than throughput. One
important case are weight-raised queues, which need to be granted a
very high fraction of the bandwidth.

To address this issue, this commit lower-bounds the plugging timeout
for weight-raised queues to 20 ms. This simple change provides
relevant benefits. For example, on a PLEXTOR PX-256M5S, with which
gnome-terminal starts in 0.6 seconds if there is no other I/O in
progress, the same applications starts in
- 0.8 seconds, instead of 1.2 seconds, if ten files are being read
  sequentially in parallel
- 1 second, instead of 2 seconds, if, in parallel, five files are
  being read sequentially, and five more files are being written
  sequentially

Tested-by: Holger Hoffstätte <holger@applied-asynchrony.com>
Tested-by: Oleksandr Natalenko <oleksandr@natalenko.name>
Signed-off-by: Paolo Valente <paolo.valente@linaro.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 block/bfq-iosched.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c
index 15e8c9955b79..6bb397995610 100644
--- a/block/bfq-iosched.c
+++ b/block/bfq-iosched.c
@@ -2509,6 +2509,8 @@ static void bfq_arm_slice_timer(struct bfq_data *bfqd)
 	if (BFQQ_SEEKY(bfqq) && bfqq->wr_coeff == 1 &&
 	    bfq_symmetric_scenario(bfqd))
 		sl = min_t(u64, sl, BFQ_MIN_TT);
+	else if (bfqq->wr_coeff > 1)
+		sl = max_t(u32, sl, 20ULL * NSEC_PER_MSEC);
 
 	bfqd->last_idling_start = ktime_get();
 	hrtimer_start(&bfqd->idle_slice_timer, ns_to_ktime(sl),
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 102/118] PCI: xilinx: Check for __get_free_pages() failure
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (100 preceding siblings ...)
  2019-06-13  8:33 ` [PATCH 4.19 101/118] block, bfq: increase idling for weight-raised queues Greg Kroah-Hartman
@ 2019-06-13  8:34 ` Greg Kroah-Hartman
  2019-06-13  8:34 ` [PATCH 4.19 103/118] gpio: gpio-omap: add check for off wake capable gpios Greg Kroah-Hartman
                   ` (20 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:34 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Kangjie Lu, Lorenzo Pieralisi,
	Steven Price, Mukesh Ojha, Sasha Levin

[ Upstream commit 699ca30162686bf305cdf94861be02eb0cf9bda2 ]

If __get_free_pages() fails, return -ENOMEM to avoid a NULL pointer
dereference.

Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Reviewed-by: Steven Price <steven.price@arm.com>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pci/controller/pcie-xilinx.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/drivers/pci/controller/pcie-xilinx.c b/drivers/pci/controller/pcie-xilinx.c
index 7b1389d8e2a5..ea48cba5480b 100644
--- a/drivers/pci/controller/pcie-xilinx.c
+++ b/drivers/pci/controller/pcie-xilinx.c
@@ -336,14 +336,19 @@ static const struct irq_domain_ops msi_domain_ops = {
  * xilinx_pcie_enable_msi - Enable MSI support
  * @port: PCIe port information
  */
-static void xilinx_pcie_enable_msi(struct xilinx_pcie_port *port)
+static int xilinx_pcie_enable_msi(struct xilinx_pcie_port *port)
 {
 	phys_addr_t msg_addr;
 
 	port->msi_pages = __get_free_pages(GFP_KERNEL, 0);
+	if (!port->msi_pages)
+		return -ENOMEM;
+
 	msg_addr = virt_to_phys((void *)port->msi_pages);
 	pcie_write(port, 0x0, XILINX_PCIE_REG_MSIBASE1);
 	pcie_write(port, msg_addr, XILINX_PCIE_REG_MSIBASE2);
+
+	return 0;
 }
 
 /* INTx Functions */
@@ -498,6 +503,7 @@ static int xilinx_pcie_init_irq_domain(struct xilinx_pcie_port *port)
 	struct device *dev = port->dev;
 	struct device_node *node = dev->of_node;
 	struct device_node *pcie_intc_node;
+	int ret;
 
 	/* Setup INTx */
 	pcie_intc_node = of_get_next_child(node, NULL);
@@ -526,7 +532,9 @@ static int xilinx_pcie_init_irq_domain(struct xilinx_pcie_port *port)
 			return -ENODEV;
 		}
 
-		xilinx_pcie_enable_msi(port);
+		ret = xilinx_pcie_enable_msi(port);
+		if (ret)
+			return ret;
 	}
 
 	return 0;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 103/118] gpio: gpio-omap: add check for off wake capable gpios
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (101 preceding siblings ...)
  2019-06-13  8:34 ` [PATCH 4.19 102/118] PCI: xilinx: Check for __get_free_pages() failure Greg Kroah-Hartman
@ 2019-06-13  8:34 ` Greg Kroah-Hartman
  2019-06-13  8:34 ` [PATCH 4.19 104/118] ice: Add missing case in print_link_msg for printing flow control Greg Kroah-Hartman
                   ` (19 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:34 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Aaro Koskinen, Grygorii Strashko,
	Keerthy, Peter Ujfalusi, Russell King, Tero Kristo,
	Tony Lindgren, Bartosz Golaszewski, Sasha Levin

[ Upstream commit da38ef3ed10a09248e13ae16530c2c6d448dc47d ]

We are currently assuming all GPIOs are non-wakeup capable GPIOs as we
not configuring the bank->non_wakeup_gpios like we used to earlier with
platform_data.

Let's add omap_gpio_is_off_wakeup_capable() to make the handling clearer
while considering that later patches may want to configure SoC specific
bank->non_wakeup_gpios for the GPIOs in wakeup domain.

Cc: Aaro Koskinen <aaro.koskinen@iki.fi>
Cc: Grygorii Strashko <grygorii.strashko@ti.com>
Cc: Keerthy <j-keerthy@ti.com>
Cc: Peter Ujfalusi <peter.ujfalusi@ti.com>
Cc: Russell King <rmk+kernel@armlinux.org.uk>
Cc: Tero Kristo <t-kristo@ti.com>
Reported-by: Grygorii Strashko <grygorii.strashko@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpio/gpio-omap.c | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/drivers/gpio/gpio-omap.c b/drivers/gpio/gpio-omap.c
index 6c1acf642c8e..6fa430d98517 100644
--- a/drivers/gpio/gpio-omap.c
+++ b/drivers/gpio/gpio-omap.c
@@ -343,6 +343,22 @@ static void omap_clear_gpio_debounce(struct gpio_bank *bank, unsigned offset)
 	}
 }
 
+/*
+ * Off mode wake-up capable GPIOs in bank(s) that are in the wakeup domain.
+ * See TRM section for GPIO for "Wake-Up Generation" for the list of GPIOs
+ * in wakeup domain. If bank->non_wakeup_gpios is not configured, assume none
+ * are capable waking up the system from off mode.
+ */
+static bool omap_gpio_is_off_wakeup_capable(struct gpio_bank *bank, u32 gpio_mask)
+{
+	u32 no_wake = bank->non_wakeup_gpios;
+
+	if (no_wake)
+		return !!(~no_wake & gpio_mask);
+
+	return false;
+}
+
 static inline void omap_set_gpio_trigger(struct gpio_bank *bank, int gpio,
 						unsigned trigger)
 {
@@ -374,13 +390,7 @@ static inline void omap_set_gpio_trigger(struct gpio_bank *bank, int gpio,
 	}
 
 	/* This part needs to be executed always for OMAP{34xx, 44xx} */
-	if (!bank->regs->irqctrl) {
-		/* On omap24xx proceed only when valid GPIO bit is set */
-		if (bank->non_wakeup_gpios) {
-			if (!(bank->non_wakeup_gpios & gpio_bit))
-				goto exit;
-		}
-
+	if (!bank->regs->irqctrl && !omap_gpio_is_off_wakeup_capable(bank, gpio)) {
 		/*
 		 * Log the edge gpio and manually trigger the IRQ
 		 * after resume if the input level changes
@@ -393,7 +403,6 @@ static inline void omap_set_gpio_trigger(struct gpio_bank *bank, int gpio,
 			bank->enabled_non_wakeup_gpios &= ~gpio_bit;
 	}
 
-exit:
 	bank->level_mask =
 		readl_relaxed(bank->base + bank->regs->leveldetect0) |
 		readl_relaxed(bank->base + bank->regs->leveldetect1);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 104/118] ice: Add missing case in print_link_msg for printing flow control
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (102 preceding siblings ...)
  2019-06-13  8:34 ` [PATCH 4.19 103/118] gpio: gpio-omap: add check for off wake capable gpios Greg Kroah-Hartman
@ 2019-06-13  8:34 ` Greg Kroah-Hartman
  2019-06-13  8:34 ` [PATCH 4.19 105/118] dmaengine: idma64: Use actual device for DMA transfers Greg Kroah-Hartman
                   ` (18 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:34 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Brett Creeley,
	Anirudh Venkataramanan, Andrew Bowers, Jeff Kirsher, Sasha Levin

[ Upstream commit 203a068ac9e2722e4d118116acaa3a5586f9468a ]

Currently we aren't checking for the ICE_FC_NONE case for the current
flow control mode. This is causing "Unknown" to be printed for the
current flow control method if flow control is disabled. Fix this by
adding the case for ICE_FC_NONE to print "None".

Signed-off-by: Brett Creeley <brett.creeley@intel.com>
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/intel/ice/ice_main.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/net/ethernet/intel/ice/ice_main.c b/drivers/net/ethernet/intel/ice/ice_main.c
index db1543bca701..875f97aba6e0 100644
--- a/drivers/net/ethernet/intel/ice/ice_main.c
+++ b/drivers/net/ethernet/intel/ice/ice_main.c
@@ -652,6 +652,9 @@ void ice_print_link_msg(struct ice_vsi *vsi, bool isup)
 	case ICE_FC_RX_PAUSE:
 		fc = "RX";
 		break;
+	case ICE_FC_NONE:
+		fc = "None";
+		break;
 	default:
 		fc = "Unknown";
 		break;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 105/118] dmaengine: idma64: Use actual device for DMA transfers
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (103 preceding siblings ...)
  2019-06-13  8:34 ` [PATCH 4.19 104/118] ice: Add missing case in print_link_msg for printing flow control Greg Kroah-Hartman
@ 2019-06-13  8:34 ` Greg Kroah-Hartman
  2019-06-13  8:34 ` [PATCH 4.19 106/118] pwm: tiehrpwm: Update shadow register for disabling PWMs Greg Kroah-Hartman
                   ` (17 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:34 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Mark Brown,
	Vinod Koul, Sasha Levin

[ Upstream commit 5ba846b1ee0792f5a596b9b0b86d6e8cdebfab06 ]

Intel IOMMU, when enabled, tries to find the domain of the device,
assuming it's a PCI one, during DMA operations, such as mapping or
unmapping. Since we are splitting the actual PCI device to couple of
children via MFD framework (see drivers/mfd/intel-lpss.c for details),
the DMA device appears to be a platform one, and thus not an actual one
that performs DMA. In a such situation IOMMU can't find or allocate
a proper domain for its operations. As a result, all DMA operations are
failed.

In order to fix this, supply parent of the platform device
to the DMA engine framework and fix filter functions accordingly.

We may rely on the fact that parent is a real PCI device, because no
other configuration is present in the wild.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Mark Brown <broonie@kernel.org>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> [for tty parts]
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/dma/idma64.c              | 6 ++++--
 drivers/dma/idma64.h              | 2 ++
 drivers/spi/spi-pxa2xx.c          | 7 +------
 drivers/tty/serial/8250/8250_dw.c | 4 ++--
 4 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/drivers/dma/idma64.c b/drivers/dma/idma64.c
index 1fbf9cb9b742..89c5e5b46068 100644
--- a/drivers/dma/idma64.c
+++ b/drivers/dma/idma64.c
@@ -597,7 +597,7 @@ static int idma64_probe(struct idma64_chip *chip)
 	idma64->dma.directions = BIT(DMA_DEV_TO_MEM) | BIT(DMA_MEM_TO_DEV);
 	idma64->dma.residue_granularity = DMA_RESIDUE_GRANULARITY_BURST;
 
-	idma64->dma.dev = chip->dev;
+	idma64->dma.dev = chip->sysdev;
 
 	dma_set_max_seg_size(idma64->dma.dev, IDMA64C_CTLH_BLOCK_TS_MASK);
 
@@ -637,6 +637,7 @@ static int idma64_platform_probe(struct platform_device *pdev)
 {
 	struct idma64_chip *chip;
 	struct device *dev = &pdev->dev;
+	struct device *sysdev = dev->parent;
 	struct resource *mem;
 	int ret;
 
@@ -653,11 +654,12 @@ static int idma64_platform_probe(struct platform_device *pdev)
 	if (IS_ERR(chip->regs))
 		return PTR_ERR(chip->regs);
 
-	ret = dma_coerce_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(64));
+	ret = dma_coerce_mask_and_coherent(sysdev, DMA_BIT_MASK(64));
 	if (ret)
 		return ret;
 
 	chip->dev = dev;
+	chip->sysdev = sysdev;
 
 	ret = idma64_probe(chip);
 	if (ret)
diff --git a/drivers/dma/idma64.h b/drivers/dma/idma64.h
index 6b816878e5e7..baa32e1425de 100644
--- a/drivers/dma/idma64.h
+++ b/drivers/dma/idma64.h
@@ -216,12 +216,14 @@ static inline void idma64_writel(struct idma64 *idma64, int offset, u32 value)
 /**
  * struct idma64_chip - representation of iDMA 64-bit controller hardware
  * @dev:		struct device of the DMA controller
+ * @sysdev:		struct device of the physical device that does DMA
  * @irq:		irq line
  * @regs:		memory mapped I/O space
  * @idma64:		struct idma64 that is filed by idma64_probe()
  */
 struct idma64_chip {
 	struct device	*dev;
+	struct device	*sysdev;
 	int		irq;
 	void __iomem	*regs;
 	struct idma64	*idma64;
diff --git a/drivers/spi/spi-pxa2xx.c b/drivers/spi/spi-pxa2xx.c
index 729be74621e3..f41333817c50 100644
--- a/drivers/spi/spi-pxa2xx.c
+++ b/drivers/spi/spi-pxa2xx.c
@@ -1416,12 +1416,7 @@ static const struct pci_device_id pxa2xx_spi_pci_compound_match[] = {
 
 static bool pxa2xx_spi_idma_filter(struct dma_chan *chan, void *param)
 {
-	struct device *dev = param;
-
-	if (dev != chan->device->dev->parent)
-		return false;
-
-	return true;
+	return param == chan->device->dev;
 }
 
 static struct pxa2xx_spi_master *
diff --git a/drivers/tty/serial/8250/8250_dw.c b/drivers/tty/serial/8250/8250_dw.c
index d31b975dd3fd..284e8d052fc3 100644
--- a/drivers/tty/serial/8250/8250_dw.c
+++ b/drivers/tty/serial/8250/8250_dw.c
@@ -365,7 +365,7 @@ static bool dw8250_fallback_dma_filter(struct dma_chan *chan, void *param)
 
 static bool dw8250_idma_filter(struct dma_chan *chan, void *param)
 {
-	return param == chan->device->dev->parent;
+	return param == chan->device->dev;
 }
 
 /*
@@ -434,7 +434,7 @@ static void dw8250_quirks(struct uart_port *p, struct dw8250_data *data)
 		data->uart_16550_compatible = true;
 	}
 
-	/* Platforms with iDMA */
+	/* Platforms with iDMA 64-bit */
 	if (platform_get_resource_byname(to_platform_device(p->dev),
 					 IORESOURCE_MEM, "lpss_priv")) {
 		data->dma.rx_param = p->dev->parent;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 106/118] pwm: tiehrpwm: Update shadow register for disabling PWMs
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (104 preceding siblings ...)
  2019-06-13  8:34 ` [PATCH 4.19 105/118] dmaengine: idma64: Use actual device for DMA transfers Greg Kroah-Hartman
@ 2019-06-13  8:34 ` Greg Kroah-Hartman
  2019-06-13  8:34 ` [PATCH 4.19 107/118] ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa Greg Kroah-Hartman
                   ` (16 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:34 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christoph Vogtländer,
	Vignesh Raghavendra, Thierry Reding, Sasha Levin

[ Upstream commit b00ef53053191d3025c15e8041699f8c9d132daf ]

It must be made sure that immediate mode is not already set, when
modifying shadow register value in ehrpwm_pwm_disable(). Otherwise
modifications to the action-qualifier continuous S/W force
register(AQSFRC) will be done in the active register.
This may happen when both channels are being disabled. In this case,
only the first channel state will be recorded as disabled in the shadow
register. Later, when enabling the first channel again, the second
channel would be enabled as well. Setting RLDCSF to zero, first, ensures
that the shadow register is updated as desired.

Fixes: 38dabd91ff0b ("pwm: tiehrpwm: Fix disabling of output of PWMs")
Signed-off-by: Christoph Vogtländer <c.vogtlaender@sigma-surface-science.com>
[vigneshr@ti.com: Improve commit message]
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Thierry Reding <thierry.reding@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pwm/pwm-tiehrpwm.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/pwm/pwm-tiehrpwm.c b/drivers/pwm/pwm-tiehrpwm.c
index f7b8a86fa5c5..ad4a40c0f27c 100644
--- a/drivers/pwm/pwm-tiehrpwm.c
+++ b/drivers/pwm/pwm-tiehrpwm.c
@@ -382,6 +382,8 @@ static void ehrpwm_pwm_disable(struct pwm_chip *chip, struct pwm_device *pwm)
 	}
 
 	/* Update shadow register first before modifying active register */
+	ehrpwm_modify(pc->mmio_base, AQSFRC, AQSFRC_RLDCSF_MASK,
+		      AQSFRC_RLDCSF_ZRO);
 	ehrpwm_modify(pc->mmio_base, AQCSFRC, aqcsfrc_mask, aqcsfrc_val);
 	/*
 	 * Changes to immediate action on Action Qualifier. This puts
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 107/118] ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (105 preceding siblings ...)
  2019-06-13  8:34 ` [PATCH 4.19 106/118] pwm: tiehrpwm: Update shadow register for disabling PWMs Greg Kroah-Hartman
@ 2019-06-13  8:34 ` Greg Kroah-Hartman
  2019-06-13  8:34 ` [PATCH 4.19 108/118] pwm: Fix deadlock warning when removing PWM device Greg Kroah-Hartman
                   ` (15 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:34 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Sasha Levin

[ Upstream commit 5ab99cf7d5e96e3b727c30e7a8524c976bd3723d ]

The PVDD_APIO_1V8 (LDO2) and PVDD_ABB_1V8 (LDO8) regulators were turned
off by Linux kernel as unused.  However they supply critical parts of
SoC so they should be always on:

1. PVDD_APIO_1V8 supplies SYS pins (gpx[0-3], PSHOLD), HDMI level shift,
   RTC, VDD1_12 (DRAM internal 1.8 V logic), pull-up for PMIC interrupt
   lines, TTL/UARTR level shift, reset pins and SW-TACT1 button.
   It also supplies unused blocks like VDDQ_SRAM (for SROM controller) and
   VDDQ_GPIO (gpm7, gpy7).
   The LDO2 cannot be turned off (S2MPS11 keeps it on anyway) so
   marking it "always-on" only reflects its real status.

2. PVDD_ABB_1V8 supplies Adaptive Body Bias Generator for ARM cores,
   memory and Mali (G3D).

Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/boot/dts/exynos5420-arndale-octa.dts | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/arch/arm/boot/dts/exynos5420-arndale-octa.dts b/arch/arm/boot/dts/exynos5420-arndale-octa.dts
index cdda614e417e..a370857beac0 100644
--- a/arch/arm/boot/dts/exynos5420-arndale-octa.dts
+++ b/arch/arm/boot/dts/exynos5420-arndale-octa.dts
@@ -106,6 +106,7 @@
 				regulator-name = "PVDD_APIO_1V8";
 				regulator-min-microvolt = <1800000>;
 				regulator-max-microvolt = <1800000>;
+				regulator-always-on;
 			};
 
 			ldo3_reg: LDO3 {
@@ -144,6 +145,7 @@
 				regulator-name = "PVDD_ABB_1V8";
 				regulator-min-microvolt = <1800000>;
 				regulator-max-microvolt = <1800000>;
+				regulator-always-on;
 			};
 
 			ldo9_reg: LDO9 {
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 108/118] pwm: Fix deadlock warning when removing PWM device
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (106 preceding siblings ...)
  2019-06-13  8:34 ` [PATCH 4.19 107/118] ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa Greg Kroah-Hartman
@ 2019-06-13  8:34 ` Greg Kroah-Hartman
  2019-06-13  8:34 ` [PATCH 4.19 109/118] ARM: exynos: Fix undefined instruction during Exynos5422 resume Greg Kroah-Hartman
                   ` (14 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:34 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Phong Hoang, Yoshihiro Shimoda,
	Hoan Nguyen An, Geert Uytterhoeven, Simon Horman,
	Uwe Kleine-König, Thierry Reding, Sasha Levin

[ Upstream commit 347ab9480313737c0f1aaa08e8f2e1a791235535 ]

This patch fixes deadlock warning if removing PWM device
when CONFIG_PROVE_LOCKING is enabled.

This issue can be reproceduced by the following steps on
the R-Car H3 Salvator-X board if the backlight is disabled:

 # cd /sys/class/pwm/pwmchip0
 # echo 0 > export
 # ls
 device  export  npwm  power  pwm0  subsystem  uevent  unexport
 # cd device/driver
 # ls
 bind  e6e31000.pwm  uevent  unbind
 # echo e6e31000.pwm > unbind

[   87.659974] ======================================================
[   87.666149] WARNING: possible circular locking dependency detected
[   87.672327] 5.0.0 #7 Not tainted
[   87.675549] ------------------------------------------------------
[   87.681723] bash/2986 is trying to acquire lock:
[   87.686337] 000000005ea0e178 (kn->count#58){++++}, at: kernfs_remove_by_name_ns+0x50/0xa0
[   87.694528]
[   87.694528] but task is already holding lock:
[   87.700353] 000000006313b17c (pwm_lock){+.+.}, at: pwmchip_remove+0x28/0x13c
[   87.707405]
[   87.707405] which lock already depends on the new lock.
[   87.707405]
[   87.715574]
[   87.715574] the existing dependency chain (in reverse order) is:
[   87.723048]
[   87.723048] -> #1 (pwm_lock){+.+.}:
[   87.728017]        __mutex_lock+0x70/0x7e4
[   87.732108]        mutex_lock_nested+0x1c/0x24
[   87.736547]        pwm_request_from_chip.part.6+0x34/0x74
[   87.741940]        pwm_request_from_chip+0x20/0x40
[   87.746725]        export_store+0x6c/0x1f4
[   87.750820]        dev_attr_store+0x18/0x28
[   87.754998]        sysfs_kf_write+0x54/0x64
[   87.759175]        kernfs_fop_write+0xe4/0x1e8
[   87.763615]        __vfs_write+0x40/0x184
[   87.767619]        vfs_write+0xa8/0x19c
[   87.771448]        ksys_write+0x58/0xbc
[   87.775278]        __arm64_sys_write+0x18/0x20
[   87.779721]        el0_svc_common+0xd0/0x124
[   87.783986]        el0_svc_compat_handler+0x1c/0x24
[   87.788858]        el0_svc_compat+0x8/0x18
[   87.792947]
[   87.792947] -> #0 (kn->count#58){++++}:
[   87.798260]        lock_acquire+0xc4/0x22c
[   87.802353]        __kernfs_remove+0x258/0x2c4
[   87.806790]        kernfs_remove_by_name_ns+0x50/0xa0
[   87.811836]        remove_files.isra.1+0x38/0x78
[   87.816447]        sysfs_remove_group+0x48/0x98
[   87.820971]        sysfs_remove_groups+0x34/0x4c
[   87.825583]        device_remove_attrs+0x6c/0x7c
[   87.830197]        device_del+0x11c/0x33c
[   87.834201]        device_unregister+0x14/0x2c
[   87.838638]        pwmchip_sysfs_unexport+0x40/0x4c
[   87.843509]        pwmchip_remove+0xf4/0x13c
[   87.847773]        rcar_pwm_remove+0x28/0x34
[   87.852039]        platform_drv_remove+0x24/0x64
[   87.856651]        device_release_driver_internal+0x18c/0x21c
[   87.862391]        device_release_driver+0x14/0x1c
[   87.867175]        unbind_store+0xe0/0x124
[   87.871265]        drv_attr_store+0x20/0x30
[   87.875442]        sysfs_kf_write+0x54/0x64
[   87.879618]        kernfs_fop_write+0xe4/0x1e8
[   87.884055]        __vfs_write+0x40/0x184
[   87.888057]        vfs_write+0xa8/0x19c
[   87.891887]        ksys_write+0x58/0xbc
[   87.895716]        __arm64_sys_write+0x18/0x20
[   87.900154]        el0_svc_common+0xd0/0x124
[   87.904417]        el0_svc_compat_handler+0x1c/0x24
[   87.909289]        el0_svc_compat+0x8/0x18
[   87.913378]
[   87.913378] other info that might help us debug this:
[   87.913378]
[   87.921374]  Possible unsafe locking scenario:
[   87.921374]
[   87.927286]        CPU0                    CPU1
[   87.931808]        ----                    ----
[   87.936331]   lock(pwm_lock);
[   87.939293]                                lock(kn->count#58);
[   87.945120]                                lock(pwm_lock);
[   87.950599]   lock(kn->count#58);
[   87.953908]
[   87.953908]  *** DEADLOCK ***
[   87.953908]
[   87.959821] 4 locks held by bash/2986:
[   87.963563]  #0: 00000000ace7bc30 (sb_writers#6){.+.+}, at: vfs_write+0x188/0x19c
[   87.971044]  #1: 00000000287991b2 (&of->mutex){+.+.}, at: kernfs_fop_write+0xb4/0x1e8
[   87.978872]  #2: 00000000f739d016 (&dev->mutex){....}, at: device_release_driver_internal+0x40/0x21c
[   87.988001]  #3: 000000006313b17c (pwm_lock){+.+.}, at: pwmchip_remove+0x28/0x13c
[   87.995481]
[   87.995481] stack backtrace:
[   87.999836] CPU: 0 PID: 2986 Comm: bash Not tainted 5.0.0 #7
[   88.005489] Hardware name: Renesas Salvator-X board based on r8a7795 ES1.x (DT)
[   88.012791] Call trace:
[   88.015235]  dump_backtrace+0x0/0x190
[   88.018891]  show_stack+0x14/0x1c
[   88.022204]  dump_stack+0xb0/0xec
[   88.025514]  print_circular_bug.isra.32+0x1d0/0x2e0
[   88.030385]  __lock_acquire+0x1318/0x1864
[   88.034388]  lock_acquire+0xc4/0x22c
[   88.037958]  __kernfs_remove+0x258/0x2c4
[   88.041874]  kernfs_remove_by_name_ns+0x50/0xa0
[   88.046398]  remove_files.isra.1+0x38/0x78
[   88.050487]  sysfs_remove_group+0x48/0x98
[   88.054490]  sysfs_remove_groups+0x34/0x4c
[   88.058580]  device_remove_attrs+0x6c/0x7c
[   88.062671]  device_del+0x11c/0x33c
[   88.066154]  device_unregister+0x14/0x2c
[   88.070070]  pwmchip_sysfs_unexport+0x40/0x4c
[   88.074421]  pwmchip_remove+0xf4/0x13c
[   88.078163]  rcar_pwm_remove+0x28/0x34
[   88.081906]  platform_drv_remove+0x24/0x64
[   88.085996]  device_release_driver_internal+0x18c/0x21c
[   88.091215]  device_release_driver+0x14/0x1c
[   88.095478]  unbind_store+0xe0/0x124
[   88.099048]  drv_attr_store+0x20/0x30
[   88.102704]  sysfs_kf_write+0x54/0x64
[   88.106359]  kernfs_fop_write+0xe4/0x1e8
[   88.110275]  __vfs_write+0x40/0x184
[   88.113757]  vfs_write+0xa8/0x19c
[   88.117065]  ksys_write+0x58/0xbc
[   88.120374]  __arm64_sys_write+0x18/0x20
[   88.124291]  el0_svc_common+0xd0/0x124
[   88.128034]  el0_svc_compat_handler+0x1c/0x24
[   88.132384]  el0_svc_compat+0x8/0x18

The sysfs unexport in pwmchip_remove() is completely asymmetric
to what we do in pwmchip_add_with_polarity() and commit 0733424c9ba9
("pwm: Unexport children before chip removal") is a strong indication
that this was wrong to begin with. We should just move
pwmchip_sysfs_unexport() where it belongs, which is right after
pwmchip_sysfs_unexport_children(). In that case, we do not need
separate functions anymore either.

We also really want to remove sysfs irrespective of whether or not
the chip will be removed as a result of pwmchip_remove(). We can only
assume that the driver will be gone after that, so we shouldn't leave
any dangling sysfs files around.

This warning disappears if we move pwmchip_sysfs_unexport() to
the top of pwmchip_remove(), pwmchip_sysfs_unexport_children().
That way it is also outside of the pwm_lock section, which indeed
doesn't seem to be needed.

Moving the pwmchip_sysfs_export() call outside of that section also
seems fine and it'd be perfectly symmetric with pwmchip_remove() again.

So, this patch fixes them.

Signed-off-by: Phong Hoang <phong.hoang.wz@renesas.com>
[shimoda: revise the commit log and code]
Fixes: 76abbdde2d95 ("pwm: Add sysfs interface")
Fixes: 0733424c9ba9 ("pwm: Unexport children before chip removal")
Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Tested-by: Hoan Nguyen An <na-hoan@jinso.co.jp>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Simon Horman <horms+renesas@verge.net.au>
Reviewed-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Thierry Reding <thierry.reding@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pwm/core.c  | 10 +++++-----
 drivers/pwm/sysfs.c | 14 +-------------
 include/linux/pwm.h |  5 -----
 3 files changed, 6 insertions(+), 23 deletions(-)

diff --git a/drivers/pwm/core.c b/drivers/pwm/core.c
index 1581f6ab1b1f..c45e5719ba17 100644
--- a/drivers/pwm/core.c
+++ b/drivers/pwm/core.c
@@ -311,10 +311,12 @@ int pwmchip_add_with_polarity(struct pwm_chip *chip,
 	if (IS_ENABLED(CONFIG_OF))
 		of_pwmchip_add(chip);
 
-	pwmchip_sysfs_export(chip);
-
 out:
 	mutex_unlock(&pwm_lock);
+
+	if (!ret)
+		pwmchip_sysfs_export(chip);
+
 	return ret;
 }
 EXPORT_SYMBOL_GPL(pwmchip_add_with_polarity);
@@ -348,7 +350,7 @@ int pwmchip_remove(struct pwm_chip *chip)
 	unsigned int i;
 	int ret = 0;
 
-	pwmchip_sysfs_unexport_children(chip);
+	pwmchip_sysfs_unexport(chip);
 
 	mutex_lock(&pwm_lock);
 
@@ -368,8 +370,6 @@ int pwmchip_remove(struct pwm_chip *chip)
 
 	free_pwms(chip);
 
-	pwmchip_sysfs_unexport(chip);
-
 out:
 	mutex_unlock(&pwm_lock);
 	return ret;
diff --git a/drivers/pwm/sysfs.c b/drivers/pwm/sysfs.c
index 7c71cdb8a9d8..1c64fd8e9234 100644
--- a/drivers/pwm/sysfs.c
+++ b/drivers/pwm/sysfs.c
@@ -399,19 +399,6 @@ void pwmchip_sysfs_export(struct pwm_chip *chip)
 }
 
 void pwmchip_sysfs_unexport(struct pwm_chip *chip)
-{
-	struct device *parent;
-
-	parent = class_find_device(&pwm_class, NULL, chip,
-				   pwmchip_sysfs_match);
-	if (parent) {
-		/* for class_find_device() */
-		put_device(parent);
-		device_unregister(parent);
-	}
-}
-
-void pwmchip_sysfs_unexport_children(struct pwm_chip *chip)
 {
 	struct device *parent;
 	unsigned int i;
@@ -429,6 +416,7 @@ void pwmchip_sysfs_unexport_children(struct pwm_chip *chip)
 	}
 
 	put_device(parent);
+	device_unregister(parent);
 }
 
 static int __init pwm_sysfs_init(void)
diff --git a/include/linux/pwm.h b/include/linux/pwm.h
index 56518adc31dd..bd7d611d63e9 100644
--- a/include/linux/pwm.h
+++ b/include/linux/pwm.h
@@ -639,7 +639,6 @@ static inline void pwm_remove_table(struct pwm_lookup *table, size_t num)
 #ifdef CONFIG_PWM_SYSFS
 void pwmchip_sysfs_export(struct pwm_chip *chip);
 void pwmchip_sysfs_unexport(struct pwm_chip *chip);
-void pwmchip_sysfs_unexport_children(struct pwm_chip *chip);
 #else
 static inline void pwmchip_sysfs_export(struct pwm_chip *chip)
 {
@@ -648,10 +647,6 @@ static inline void pwmchip_sysfs_export(struct pwm_chip *chip)
 static inline void pwmchip_sysfs_unexport(struct pwm_chip *chip)
 {
 }
-
-static inline void pwmchip_sysfs_unexport_children(struct pwm_chip *chip)
-{
-}
 #endif /* CONFIG_PWM_SYSFS */
 
 #endif /* __LINUX_PWM_H */
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 109/118] ARM: exynos: Fix undefined instruction during Exynos5422 resume
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (107 preceding siblings ...)
  2019-06-13  8:34 ` [PATCH 4.19 108/118] pwm: Fix deadlock warning when removing PWM device Greg Kroah-Hartman
@ 2019-06-13  8:34 ` Greg Kroah-Hartman
  2019-06-13  8:34 ` [PATCH 4.19 110/118] usb: typec: fusb302: Check vconn is off when we start toggling Greg Kroah-Hartman
                   ` (13 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:34 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Marek Szyprowski,
	Krzysztof Kozlowski, Sasha Levin

[ Upstream commit 4d8e3e951a856777720272ce27f2c738a3eeef8c ]

During early system resume on Exynos5422 with performance counters enabled
the following kernel oops happens:

    Internal error: Oops - undefined instruction: 0 [#1] PREEMPT SMP ARM
    Modules linked in:
    CPU: 0 PID: 1433 Comm: bash Tainted: G        W         5.0.0-rc5-next-20190208-00023-gd5fb5a8a13e6-dirty #5480
    Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
    ...
    Flags: nZCv  IRQs off  FIQs off  Mode SVC_32  ISA ARM  Segment none
    Control: 10c5387d  Table: 4451006a  DAC: 00000051
    Process bash (pid: 1433, stack limit = 0xb7e0e22f)
    ...
    (reset_ctrl_regs) from [<c0112ad0>] (dbg_cpu_pm_notify+0x1c/0x24)
    (dbg_cpu_pm_notify) from [<c014c840>] (notifier_call_chain+0x44/0x84)
    (notifier_call_chain) from [<c014cbc0>] (__atomic_notifier_call_chain+0x7c/0x128)
    (__atomic_notifier_call_chain) from [<c01ffaac>] (cpu_pm_notify+0x30/0x54)
    (cpu_pm_notify) from [<c055116c>] (syscore_resume+0x98/0x3f4)
    (syscore_resume) from [<c0189350>] (suspend_devices_and_enter+0x97c/0xe74)
    (suspend_devices_and_enter) from [<c0189fb8>] (pm_suspend+0x770/0xc04)
    (pm_suspend) from [<c0187740>] (state_store+0x6c/0xcc)
    (state_store) from [<c09fa698>] (kobj_attr_store+0x14/0x20)
    (kobj_attr_store) from [<c030159c>] (sysfs_kf_write+0x4c/0x50)
    (sysfs_kf_write) from [<c0300620>] (kernfs_fop_write+0xfc/0x1e0)
    (kernfs_fop_write) from [<c0282be8>] (__vfs_write+0x2c/0x160)
    (__vfs_write) from [<c0282ea4>] (vfs_write+0xa4/0x16c)
    (vfs_write) from [<c0283080>] (ksys_write+0x40/0x8c)
    (ksys_write) from [<c0101000>] (ret_fast_syscall+0x0/0x28)

Undefined instruction is triggered during CP14 reset, because bits: #16
(Secure privileged invasive debug disabled) and #17 (Secure privileged
noninvasive debug disable) are set in DSCR. Those bits depend on SPNIDEN
and SPIDEN lines, which are provided by Secure JTAG hardware block. That
block in turn is powered from cluster 0 (big/Eagle), but the Exynos5422
boots on cluster 1 (LITTLE/KFC).

To fix this issue it is enough to turn on the power on the cluster 0 for
a while. This lets the Secure JTAG block to propagate the needed signals
to LITTLE/KFC cores and change their DSCR.

Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/mach-exynos/suspend.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/arch/arm/mach-exynos/suspend.c b/arch/arm/mach-exynos/suspend.c
index b1fe53e8b460..088c34e99b02 100644
--- a/arch/arm/mach-exynos/suspend.c
+++ b/arch/arm/mach-exynos/suspend.c
@@ -434,8 +434,27 @@ early_wakeup:
 
 static void exynos5420_prepare_pm_resume(void)
 {
+	unsigned int mpidr, cluster;
+
+	mpidr = read_cpuid_mpidr();
+	cluster = MPIDR_AFFINITY_LEVEL(mpidr, 1);
+
 	if (IS_ENABLED(CONFIG_EXYNOS5420_MCPM))
 		WARN_ON(mcpm_cpu_powered_up());
+
+	if (IS_ENABLED(CONFIG_HW_PERF_EVENTS) && cluster != 0) {
+		/*
+		 * When system is resumed on the LITTLE/KFC core (cluster 1),
+		 * the DSCR is not properly updated until the power is turned
+		 * on also for the cluster 0. Enable it for a while to
+		 * propagate the SPNIDEN and SPIDEN signals from Secure JTAG
+		 * block and avoid undefined instruction issue on CP14 reset.
+		 */
+		pmu_raw_writel(S5P_CORE_LOCAL_PWR_EN,
+				EXYNOS_COMMON_CONFIGURATION(0));
+		pmu_raw_writel(0,
+				EXYNOS_COMMON_CONFIGURATION(0));
+	}
 }
 
 static void exynos5420_pm_resume(void)
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 110/118] usb: typec: fusb302: Check vconn is off when we start toggling
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (108 preceding siblings ...)
  2019-06-13  8:34 ` [PATCH 4.19 109/118] ARM: exynos: Fix undefined instruction during Exynos5422 resume Greg Kroah-Hartman
@ 2019-06-13  8:34 ` Greg Kroah-Hartman
  2019-06-13  8:34 ` [PATCH 4.19 111/118] soc: renesas: Identify R-Car M3-W ES1.3 Greg Kroah-Hartman
                   ` (12 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:34 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hans de Goede, Heikki Krogerus,
	Guenter Roeck, Sasha Levin

[ Upstream commit 32a155b1a83d6659e2272e8e1eec199667b1897e ]

The datasheet says the vconn MUST be off when we start toggling. The
tcpm.c state-machine is responsible to make sure vconn is off, but lets
add a WARN to catch any cases where vconn is not off for some reason.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/usb/typec/fusb302/fusb302.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/usb/typec/fusb302/fusb302.c b/drivers/usb/typec/fusb302/fusb302.c
index 82bed9810be6..62a0060d39d8 100644
--- a/drivers/usb/typec/fusb302/fusb302.c
+++ b/drivers/usb/typec/fusb302/fusb302.c
@@ -641,6 +641,8 @@ static int fusb302_set_toggling(struct fusb302_chip *chip,
 			return ret;
 		chip->intr_togdone = false;
 	} else {
+		/* Datasheet says vconn MUST be off when toggling */
+		WARN(chip->vconn_on, "Vconn is on during toggle start");
 		/* unmask TOGDONE interrupt */
 		ret = fusb302_i2c_clear_bits(chip, FUSB_REG_MASKA,
 					     FUSB_REG_MASKA_TOGDONE);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 111/118] soc: renesas: Identify R-Car M3-W ES1.3
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (109 preceding siblings ...)
  2019-06-13  8:34 ` [PATCH 4.19 110/118] usb: typec: fusb302: Check vconn is off when we start toggling Greg Kroah-Hartman
@ 2019-06-13  8:34 ` Greg Kroah-Hartman
  2019-06-13  8:34 ` [PATCH 4.19 112/118] gpio: vf610: Do not share irq_chip Greg Kroah-Hartman
                   ` (11 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:34 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Takeshi Kihara, Geert Uytterhoeven,
	Simon Horman, Sasha Levin

[ Upstream commit 15160f6de0bba712fcea078c5ac7571fe33fcd5d ]

The Product Register of R-Car M3-W ES1.3 incorrectly identifies the SoC
revision as ES2.1. Add a workaround to fix this.

Signed-off-by: Takeshi Kihara <takeshi.kihara.df@renesas.com>
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Simon Horman <horms+renesas@verge.net.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/soc/renesas/renesas-soc.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/soc/renesas/renesas-soc.c b/drivers/soc/renesas/renesas-soc.c
index d44d0e687ab8..2a43d6e99962 100644
--- a/drivers/soc/renesas/renesas-soc.c
+++ b/drivers/soc/renesas/renesas-soc.c
@@ -285,6 +285,9 @@ static int __init renesas_soc_init(void)
 		/* R-Car M3-W ES1.1 incorrectly identifies as ES2.0 */
 		if ((product & 0x7fff) == 0x5210)
 			product ^= 0x11;
+		/* R-Car M3-W ES1.3 incorrectly identifies as ES2.1 */
+		if ((product & 0x7fff) == 0x5211)
+			product ^= 0x12;
 		if (soc->id && ((product >> 8) & 0xff) != soc->id) {
 			pr_warn("SoC mismatch (product = 0x%x)\n", product);
 			return -ENODEV;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 112/118] gpio: vf610: Do not share irq_chip
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (110 preceding siblings ...)
  2019-06-13  8:34 ` [PATCH 4.19 111/118] soc: renesas: Identify R-Car M3-W ES1.3 Greg Kroah-Hartman
@ 2019-06-13  8:34 ` Greg Kroah-Hartman
  2019-06-13  8:34 ` [PATCH 4.19 113/118] percpu: do not search past bitmap when allocating an area Greg Kroah-Hartman
                   ` (10 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:34 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Andrey Smirnov, Linus Walleij,
	Bartosz Golaszewski, Chris Healy, Andrew Lunn, Heiner Kallweit,
	Fabio Estevam, linux-gpio, linux-imx, Sasha Levin

[ Upstream commit 338aa10750ba24d04beeaf5dc5efc032e5cf343f ]

Fix the warning produced by gpiochip_set_irq_hooks() by allocating a
dedicated IRQ chip per GPIO chip/port.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Cc: Chris Healy <cphealy@gmail.com>
Cc: Andrew Lunn <andrew@lunn.ch>
Cc: Heiner Kallweit <hkallweit1@gmail.com>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: linux-gpio@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: linux-imx@nxp.com
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpio/gpio-vf610.c | 26 ++++++++++++--------------
 1 file changed, 12 insertions(+), 14 deletions(-)

diff --git a/drivers/gpio/gpio-vf610.c b/drivers/gpio/gpio-vf610.c
index 7e09ce75ffb2..a9cb5571de54 100644
--- a/drivers/gpio/gpio-vf610.c
+++ b/drivers/gpio/gpio-vf610.c
@@ -37,6 +37,7 @@ struct fsl_gpio_soc_data {
 
 struct vf610_gpio_port {
 	struct gpio_chip gc;
+	struct irq_chip ic;
 	void __iomem *base;
 	void __iomem *gpio_base;
 	const struct fsl_gpio_soc_data *sdata;
@@ -66,8 +67,6 @@ struct vf610_gpio_port {
 #define PORT_INT_EITHER_EDGE	0xb
 #define PORT_INT_LOGIC_ONE	0xc
 
-static struct irq_chip vf610_gpio_irq_chip;
-
 static const struct fsl_gpio_soc_data imx_data = {
 	.have_paddr = true,
 };
@@ -243,15 +242,6 @@ static int vf610_gpio_irq_set_wake(struct irq_data *d, u32 enable)
 	return 0;
 }
 
-static struct irq_chip vf610_gpio_irq_chip = {
-	.name		= "gpio-vf610",
-	.irq_ack	= vf610_gpio_irq_ack,
-	.irq_mask	= vf610_gpio_irq_mask,
-	.irq_unmask	= vf610_gpio_irq_unmask,
-	.irq_set_type	= vf610_gpio_irq_set_type,
-	.irq_set_wake	= vf610_gpio_irq_set_wake,
-};
-
 static int vf610_gpio_probe(struct platform_device *pdev)
 {
 	struct device *dev = &pdev->dev;
@@ -259,6 +249,7 @@ static int vf610_gpio_probe(struct platform_device *pdev)
 	struct vf610_gpio_port *port;
 	struct resource *iores;
 	struct gpio_chip *gc;
+	struct irq_chip *ic;
 	int i;
 	int ret;
 
@@ -295,6 +286,14 @@ static int vf610_gpio_probe(struct platform_device *pdev)
 	gc->direction_output = vf610_gpio_direction_output;
 	gc->set = vf610_gpio_set;
 
+	ic = &port->ic;
+	ic->name = "gpio-vf610";
+	ic->irq_ack = vf610_gpio_irq_ack;
+	ic->irq_mask = vf610_gpio_irq_mask;
+	ic->irq_unmask = vf610_gpio_irq_unmask;
+	ic->irq_set_type = vf610_gpio_irq_set_type;
+	ic->irq_set_wake = vf610_gpio_irq_set_wake;
+
 	ret = gpiochip_add_data(gc, port);
 	if (ret < 0)
 		return ret;
@@ -306,14 +305,13 @@ static int vf610_gpio_probe(struct platform_device *pdev)
 	/* Clear the interrupt status register for all GPIO's */
 	vf610_gpio_writel(~0, port->base + PORT_ISFR);
 
-	ret = gpiochip_irqchip_add(gc, &vf610_gpio_irq_chip, 0,
-				   handle_edge_irq, IRQ_TYPE_NONE);
+	ret = gpiochip_irqchip_add(gc, ic, 0, handle_edge_irq, IRQ_TYPE_NONE);
 	if (ret) {
 		dev_err(dev, "failed to add irqchip\n");
 		gpiochip_remove(gc);
 		return ret;
 	}
-	gpiochip_set_chained_irqchip(gc, &vf610_gpio_irq_chip, port->irq,
+	gpiochip_set_chained_irqchip(gc, ic, port->irq,
 				     vf610_gpio_irq_handler);
 
 	return 0;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 113/118] percpu: do not search past bitmap when allocating an area
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (111 preceding siblings ...)
  2019-06-13  8:34 ` [PATCH 4.19 112/118] gpio: vf610: Do not share irq_chip Greg Kroah-Hartman
@ 2019-06-13  8:34 ` Greg Kroah-Hartman
  2019-06-13  8:34 ` [PATCH 4.19 114/118] Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections" Greg Kroah-Hartman
                   ` (9 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:34 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Dennis Zhou, Peng Fan, Sasha Levin

[ Upstream commit 8c43004af01635cc9fbb11031d070e5e0d327ef2 ]

pcpu_find_block_fit() guarantees that a fit is found within
PCPU_BITMAP_BLOCK_BITS. Iteration is used to determine the first fit as
it compares against the block's contig_hint. This can lead to
incorrectly scanning past the end of the bitmap. The behavior was okay
given the check after for bit_off >= end and the correctness of the
hints from pcpu_find_block_fit().

This patch fixes this by bounding the end offset by the number of bits
in a chunk.

Signed-off-by: Dennis Zhou <dennis@kernel.org>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 mm/percpu.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/mm/percpu.c b/mm/percpu.c
index c66149ce1fe6..ff76fa0b7528 100644
--- a/mm/percpu.c
+++ b/mm/percpu.c
@@ -988,7 +988,8 @@ static int pcpu_alloc_area(struct pcpu_chunk *chunk, int alloc_bits,
 	/*
 	 * Search to find a fit.
 	 */
-	end = start + alloc_bits + PCPU_BITMAP_BLOCK_BITS;
+	end = min_t(int, start + alloc_bits + PCPU_BITMAP_BLOCK_BITS,
+		    pcpu_chunk_map_bits(chunk));
 	bit_off = bitmap_find_next_zero_area(chunk->alloc_map, end, start,
 					     alloc_bits, align_mask);
 	if (bit_off >= end)
-- 
2.20.1




^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 114/118] Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections"
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (112 preceding siblings ...)
  2019-06-13  8:34 ` [PATCH 4.19 113/118] percpu: do not search past bitmap when allocating an area Greg Kroah-Hartman
@ 2019-06-13  8:34 ` Greg Kroah-Hartman
  2019-06-13  8:34 ` [PATCH 4.19 115/118] Revert "drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3)" Greg Kroah-Hartman
                   ` (8 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:34 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Vasily Khoruzhick, Hans de Goede,
	Jeremy Cline, Marcel Holtmann, Johan Hedberg

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

This reverts commit 38f092c41cebaff589e88cc22686b289a6840559 which is
commit d5bb334a8e171b262e48f378bd2096c0ea458265 upstream.

Lots of people have reported issues with this patch, and as there does
not seem to be a fix going into Linus's kernel tree any time soon,
revert the commit in the stable trees so as to get people's machines
working properly again.

Reported-by: Vasily Khoruzhick <anarsoul@gmail.com>
Reported-by: Hans de Goede <hdegoede@redhat.com>
Cc: Jeremy Cline <jeremy@jcline.org>
Cc: Marcel Holtmann <marcel@holtmann.org>
Cc: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 include/net/bluetooth/hci_core.h |    3 ---
 net/bluetooth/hci_conn.c         |    8 --------
 2 files changed, 11 deletions(-)

--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -182,9 +182,6 @@ struct adv_info {
 
 #define HCI_MAX_SHORT_NAME_LENGTH	10
 
-/* Min encryption key size to match with SMP */
-#define HCI_MIN_ENC_KEY_SIZE		7
-
 /* Default LE RPA expiry time, 15 minutes */
 #define HCI_DEFAULT_RPA_TIMEOUT		(15 * 60)
 
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -1276,14 +1276,6 @@ int hci_conn_check_link_mode(struct hci_
 	    !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
 		return 0;
 
-	/* The minimum encryption key size needs to be enforced by the
-	 * host stack before establishing any L2CAP connections. The
-	 * specification in theory allows a minimum of 1, but to align
-	 * BR/EDR and LE transports, a minimum of 7 is chosen.
-	 */
-	if (conn->enc_key_size < HCI_MIN_ENC_KEY_SIZE)
-		return 0;
-
 	return 1;
 }
 



^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 115/118] Revert "drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3)"
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (113 preceding siblings ...)
  2019-06-13  8:34 ` [PATCH 4.19 114/118] Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections" Greg Kroah-Hartman
@ 2019-06-13  8:34 ` Greg Kroah-Hartman
  2019-06-13  8:34 ` [PATCH 4.19 116/118] ovl: check the capability before cred overridden Greg Kroah-Hartman
                   ` (7 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:34 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sven Joachim, Daniel Vetter,
	Dave Airlie, Thomas Backlund

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

This reverts commit 610382337557bd2057d9b47f996af0b6ff827a2b which is
commit b30a43ac7132cdda833ac4b13dd1ebd35ace14b7 upstream.

Sven reports:
	Commit 1e07d63749 ("drm/nouveau: add kconfig option to turn off nouveau
	legacy contexts. (v3)") has caused a build failure for me when I
	actually tried that option (CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=n):

	,----
	| Kernel: arch/x86/boot/bzImage is ready  (#1)
	|   Building modules, stage 2.
	|   MODPOST 290 modules
	| ERROR: "drm_legacy_mmap" [drivers/gpu/drm/nouveau/nouveau.ko] undefined!
	| scripts/Makefile.modpost:91: recipe for target '__modpost' failed
	`----

	Upstream does not have that problem, as commit bed2dd8421 ("drm/ttm:
	Quick-test mmap offset in ttm_bo_mmap()") has removed the use of
	drm_legacy_mmap from nouveau_ttm.c.  Unfortunately that commit does not
	apply in 5.1.9.

The ensuing discussion proposed a number of one-off patches, but no
solid agreement was made, so just revert the commit for now to get
people's systems building again.

Reported-by: Sven Joachim <svenjoac@gmx.de>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Dave Airlie <airlied@redhat.com>
Cc: Thomas Backlund <tmb@mageia.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/gpu/drm/nouveau/Kconfig       |   13 +------------
 drivers/gpu/drm/nouveau/nouveau_drm.c |    7 ++-----
 2 files changed, 3 insertions(+), 17 deletions(-)

--- a/drivers/gpu/drm/nouveau/Kconfig
+++ b/drivers/gpu/drm/nouveau/Kconfig
@@ -16,20 +16,9 @@ config DRM_NOUVEAU
 	select INPUT if ACPI && X86
 	select THERMAL if ACPI && X86
 	select ACPI_VIDEO if ACPI && X86
-	help
-	  Choose this option for open-source NVIDIA support.
-
-config NOUVEAU_LEGACY_CTX_SUPPORT
-	bool "Nouveau legacy context support"
-	depends on DRM_NOUVEAU
 	select DRM_VM
-	default y
 	help
-	  There was a version of the nouveau DDX that relied on legacy
-	  ctx ioctls not erroring out. But that was back in time a long
-	  ways, so offer a way to disable it now. For uapi compat with
-	  old nouveau ddx this should be on by default, but modern distros
-	  should consider turning it off.
+	  Choose this option for open-source NVIDIA support.
 
 config NOUVEAU_PLATFORM_DRIVER
 	bool "Nouveau (NVIDIA) SoC GPUs"
--- a/drivers/gpu/drm/nouveau/nouveau_drm.c
+++ b/drivers/gpu/drm/nouveau/nouveau_drm.c
@@ -1015,11 +1015,8 @@ nouveau_driver_fops = {
 static struct drm_driver
 driver_stub = {
 	.driver_features =
-		DRIVER_GEM | DRIVER_MODESET | DRIVER_PRIME | DRIVER_RENDER
-#if defined(CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT)
-		| DRIVER_KMS_LEGACY_CONTEXT
-#endif
-		,
+		DRIVER_GEM | DRIVER_MODESET | DRIVER_PRIME | DRIVER_RENDER |
+		DRIVER_KMS_LEGACY_CONTEXT,
 
 	.load = nouveau_drm_load,
 	.unload = nouveau_drm_unload,



^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 116/118] ovl: check the capability before cred overridden
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (114 preceding siblings ...)
  2019-06-13  8:34 ` [PATCH 4.19 115/118] Revert "drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3)" Greg Kroah-Hartman
@ 2019-06-13  8:34 ` Greg Kroah-Hartman
  2019-06-13  8:34 ` [PATCH 4.19 117/118] ovl: support stacked SEEK_HOLE/SEEK_DATA Greg Kroah-Hartman
                   ` (6 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:34 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jiufei Xue, Miklos Szeredi, Amir Goldstein

From: Jiufei Xue <jiufei.xue@linux.alibaba.com>

commit 98487de318a6f33312471ae1e2afa16fbf8361fe upstream.

We found that it return success when we set IMMUTABLE_FL flag to a file in
docker even though the docker didn't have the capability
CAP_LINUX_IMMUTABLE.

The commit d1d04ef8572b ("ovl: stack file ops") and dab5ca8fd9dd ("ovl: add
lsattr/chattr support") implemented chattr operations on a regular overlay
file. ovl_real_ioctl() overridden the current process's subjective
credentials with ofs->creator_cred which have the capability
CAP_LINUX_IMMUTABLE so that it will return success in
vfs_ioctl()->cap_capable().

Fix this by checking the capability before cred overridden. And here we
only care about APPEND_FL and IMMUTABLE_FL, so get these information from
inode.

[SzM: move check and call to underlying fs inside inode locked region to
prevent two such calls from racing with each other]

Signed-off-by: Jiufei Xue <jiufei.xue@linux.alibaba.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Cc: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/overlayfs/file.c |   79 ++++++++++++++++++++++++++++++++++++++++------------
 1 file changed, 61 insertions(+), 18 deletions(-)

--- a/fs/overlayfs/file.c
+++ b/fs/overlayfs/file.c
@@ -11,6 +11,7 @@
 #include <linux/mount.h>
 #include <linux/xattr.h>
 #include <linux/uio.h>
+#include <linux/uaccess.h>
 #include "overlayfs.h"
 
 static char ovl_whatisit(struct inode *inode, struct inode *realinode)
@@ -372,10 +373,68 @@ static long ovl_real_ioctl(struct file *
 	return ret;
 }
 
-static long ovl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
+static unsigned int ovl_get_inode_flags(struct inode *inode)
+{
+	unsigned int flags = READ_ONCE(inode->i_flags);
+	unsigned int ovl_iflags = 0;
+
+	if (flags & S_SYNC)
+		ovl_iflags |= FS_SYNC_FL;
+	if (flags & S_APPEND)
+		ovl_iflags |= FS_APPEND_FL;
+	if (flags & S_IMMUTABLE)
+		ovl_iflags |= FS_IMMUTABLE_FL;
+	if (flags & S_NOATIME)
+		ovl_iflags |= FS_NOATIME_FL;
+
+	return ovl_iflags;
+}
+
+static long ovl_ioctl_set_flags(struct file *file, unsigned long arg)
 {
 	long ret;
 	struct inode *inode = file_inode(file);
+	unsigned int flags;
+	unsigned int old_flags;
+
+	if (!inode_owner_or_capable(inode))
+		return -EACCES;
+
+	if (get_user(flags, (int __user *) arg))
+		return -EFAULT;
+
+	ret = mnt_want_write_file(file);
+	if (ret)
+		return ret;
+
+	inode_lock(inode);
+
+	/* Check the capability before cred override */
+	ret = -EPERM;
+	old_flags = ovl_get_inode_flags(inode);
+	if (((flags ^ old_flags) & (FS_APPEND_FL | FS_IMMUTABLE_FL)) &&
+	    !capable(CAP_LINUX_IMMUTABLE))
+		goto unlock;
+
+	ret = ovl_maybe_copy_up(file_dentry(file), O_WRONLY);
+	if (ret)
+		goto unlock;
+
+	ret = ovl_real_ioctl(file, FS_IOC_SETFLAGS, arg);
+
+	ovl_copyflags(ovl_inode_real(inode), inode);
+unlock:
+	inode_unlock(inode);
+
+	mnt_drop_write_file(file);
+
+	return ret;
+
+}
+
+static long ovl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
+{
+	long ret;
 
 	switch (cmd) {
 	case FS_IOC_GETFLAGS:
@@ -383,23 +442,7 @@ static long ovl_ioctl(struct file *file,
 		break;
 
 	case FS_IOC_SETFLAGS:
-		if (!inode_owner_or_capable(inode))
-			return -EACCES;
-
-		ret = mnt_want_write_file(file);
-		if (ret)
-			return ret;
-
-		ret = ovl_maybe_copy_up(file_dentry(file), O_WRONLY);
-		if (!ret) {
-			ret = ovl_real_ioctl(file, cmd, arg);
-
-			inode_lock(inode);
-			ovl_copyflags(ovl_inode_real(inode), inode);
-			inode_unlock(inode);
-		}
-
-		mnt_drop_write_file(file);
+		ret = ovl_ioctl_set_flags(file, arg);
 		break;
 
 	default:



^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 117/118] ovl: support stacked SEEK_HOLE/SEEK_DATA
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (115 preceding siblings ...)
  2019-06-13  8:34 ` [PATCH 4.19 116/118] ovl: check the capability before cred overridden Greg Kroah-Hartman
@ 2019-06-13  8:34 ` Greg Kroah-Hartman
  2019-06-16 19:59   ` Pavel Machek
  2019-06-13  8:34 ` [PATCH 4.19 118/118] drm/vc4: fix fb references in async update Greg Kroah-Hartman
                   ` (5 subsequent siblings)
  122 siblings, 1 reply; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:34 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Eddie Horng, Amir Goldstein, Miklos Szeredi

From: Amir Goldstein <amir73il@gmail.com>

commit 9e46b840c7053b5f7a245e98cd239b60d189a96c upstream.

Overlay file f_pos is the master copy that is preserved
through copy up and modified on read/write, but only real
fs knows how to SEEK_HOLE/SEEK_DATA and real fs may impose
limitations that are more strict than ->s_maxbytes for specific
files, so we use the real file to perform seeks.

We do not call real fs for SEEK_CUR:0 query and for SEEK_SET:0
requests.

Fixes: d1d04ef8572b ("ovl: stack file ops")
Reported-by: Eddie Horng <eddiehorng.tw@gmail.com>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/overlayfs/file.c |   44 ++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 40 insertions(+), 4 deletions(-)

--- a/fs/overlayfs/file.c
+++ b/fs/overlayfs/file.c
@@ -146,11 +146,47 @@ static int ovl_release(struct inode *ino
 
 static loff_t ovl_llseek(struct file *file, loff_t offset, int whence)
 {
-	struct inode *realinode = ovl_inode_real(file_inode(file));
+	struct inode *inode = file_inode(file);
+	struct fd real;
+	const struct cred *old_cred;
+	ssize_t ret;
 
-	return generic_file_llseek_size(file, offset, whence,
-					realinode->i_sb->s_maxbytes,
-					i_size_read(realinode));
+	/*
+	 * The two special cases below do not need to involve real fs,
+	 * so we can optimizing concurrent callers.
+	 */
+	if (offset == 0) {
+		if (whence == SEEK_CUR)
+			return file->f_pos;
+
+		if (whence == SEEK_SET)
+			return vfs_setpos(file, 0, 0);
+	}
+
+	ret = ovl_real_fdget(file, &real);
+	if (ret)
+		return ret;
+
+	/*
+	 * Overlay file f_pos is the master copy that is preserved
+	 * through copy up and modified on read/write, but only real
+	 * fs knows how to SEEK_HOLE/SEEK_DATA and real fs may impose
+	 * limitations that are more strict than ->s_maxbytes for specific
+	 * files, so we use the real file to perform seeks.
+	 */
+	inode_lock(inode);
+	real.file->f_pos = file->f_pos;
+
+	old_cred = ovl_override_creds(inode->i_sb);
+	ret = vfs_llseek(real.file, offset, whence);
+	revert_creds(old_cred);
+
+	file->f_pos = real.file->f_pos;
+	inode_unlock(inode);
+
+	fdput(real);
+
+	return ret;
 }
 
 static void ovl_file_accessed(struct file *file)



^ permalink raw reply	[flat|nested] 133+ messages in thread

* [PATCH 4.19 118/118] drm/vc4: fix fb references in async update
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (116 preceding siblings ...)
  2019-06-13  8:34 ` [PATCH 4.19 117/118] ovl: support stacked SEEK_HOLE/SEEK_DATA Greg Kroah-Hartman
@ 2019-06-13  8:34 ` Greg Kroah-Hartman
  2019-06-13 13:30 ` [PATCH 4.19 000/118] 4.19.51-stable review kernelci.org bot
                   ` (4 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Greg Kroah-Hartman @ 2019-06-13  8:34 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Boris Brezillon, Helen Koike

From: Helen Koike <helen.koike@collabora.com>

commit c16b85559dcfb5a348cc085a7b4c75ed49b05e2c upstream.

Async update callbacks are expected to set the old_fb in the new_state
so prepare/cleanup framebuffers are balanced.

Calling drm_atomic_set_fb_for_plane() (which gets a reference of the new
fb and put the old fb) is not required, as it's taken care by
drm_mode_cursor_universal() when calling drm_atomic_helper_update_plane().

Cc: <stable@vger.kernel.org> # v4.19+
Fixes: 539c320bfa97 ("drm/vc4: update cursors asynchronously through atomic")
Suggested-by: Boris Brezillon <boris.brezillon@collabora.com>
Signed-off-by: Helen Koike <helen.koike@collabora.com>
Reviewed-by: Boris Brezillon <boris.brezillon@collabora.com>
Signed-off-by: Boris Brezillon <boris.brezillon@collabora.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190603165610.24614-5-helen.koike@collabora.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/vc4/vc4_plane.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/gpu/drm/vc4/vc4_plane.c
+++ b/drivers/gpu/drm/vc4/vc4_plane.c
@@ -818,6 +818,7 @@ static void vc4_plane_atomic_async_updat
 		drm_atomic_set_fb_for_plane(plane->state, state->fb);
 	}
 
+	swap(plane->state->fb, state->fb);
 	/* Set the cursor's position on the screen.  This is the
 	 * expected change from the drm_mode_cursor_universal()
 	 * helper.



^ permalink raw reply	[flat|nested] 133+ messages in thread

* Re: [PATCH 4.19 000/118] 4.19.51-stable review
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (117 preceding siblings ...)
  2019-06-13  8:34 ` [PATCH 4.19 118/118] drm/vc4: fix fb references in async update Greg Kroah-Hartman
@ 2019-06-13 13:30 ` kernelci.org bot
  2019-06-13 18:33 ` Naresh Kamboju
                   ` (3 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: kernelci.org bot @ 2019-06-13 13:30 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
	ben.hutchings, lkft-triage, stable

stable-rc/linux-4.19.y boot: 123 boots: 0 failed, 122 passed with 1 untried/unknown (v4.19.50-119-g94ea812871ce)

Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.19.y/kernel/v4.19.50-119-g94ea812871ce/
Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.19.y/kernel/v4.19.50-119-g94ea812871ce/

Tree: stable-rc
Branch: linux-4.19.y
Git Describe: v4.19.50-119-g94ea812871ce
Git Commit: 94ea812871ceac0a190ded80c3272a779dfb101e
Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
Tested: 69 unique boards, 24 SoC families, 15 builds out of 206

---
For more info write to <info@kernelci.org>

^ permalink raw reply	[flat|nested] 133+ messages in thread

* Re: [PATCH 4.19 000/118] 4.19.51-stable review
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (118 preceding siblings ...)
  2019-06-13 13:30 ` [PATCH 4.19 000/118] 4.19.51-stable review kernelci.org bot
@ 2019-06-13 18:33 ` Naresh Kamboju
  2019-06-13 20:02 ` Guenter Roeck
                   ` (2 subsequent siblings)
  122 siblings, 0 replies; 133+ messages in thread
From: Naresh Kamboju @ 2019-06-13 18:33 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: open list, Shuah Khan, patches, lkft-triage, Ben Hutchings,
	linux- stable, Andrew Morton, Linus Torvalds, Guenter Roeck

On Thu, 13 Jun 2019 at 14:09, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 4.19.51 release.
> There are 118 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat 15 Jun 2019 07:54:44 AM UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
>         https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.51-rc1.gz
> or in the git tree and branch at:
>         git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h

Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.

Summary
------------------------------------------------------------------------

kernel: 4.19.51-rc2
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-4.19.y
git commit: c6c7a311e997d044523cae077b58b1849cb8858f
git describe: v4.19.50-119-gc6c7a311e997
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-4.19-oe/build/v4.19.50-119-gc6c7a311e997

No regressions (compared to build v4.19.49-53-g768292d05361)

No fixes (compared to build v4.19.49-53-g768292d05361)

Ran 24778 total tests in the following environments and test suites.

Environments
--------------
- dragonboard-410c - arm64
- hi6220-hikey - arm64
- i386
- juno-r2 - arm64
- qemu_arm
- qemu_arm64
- qemu_i386
- qemu_x86_64
- x15 - arm
- x86_64

Test Suites
-----------
* build
* install-android-platform-tools-r2600
* kselftest
* libgpiod
* libhugetlbfs
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-containers-tests
* ltp-cpuhotplug-tests
* ltp-cve-tests
* ltp-dio-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* ltp-nptl-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-syscalls-tests
* ltp-timers-tests
* perf
* spectre-meltdown-checker-test
* v4l2-compliance
* network-basic-tests
* ltp-open-posix-tests
* kvm-unit-tests
* kselftest-vsyscall-mode-native
* kselftest-vsyscall-mode-none

-- 
Linaro LKFT
https://lkft.linaro.org

^ permalink raw reply	[flat|nested] 133+ messages in thread

* Re: [PATCH 4.19 000/118] 4.19.51-stable review
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (119 preceding siblings ...)
  2019-06-13 18:33 ` Naresh Kamboju
@ 2019-06-13 20:02 ` Guenter Roeck
  2019-06-14  2:37 ` shuah
  2019-06-14 10:29 ` Jon Hunter
  122 siblings, 0 replies; 133+ messages in thread
From: Guenter Roeck @ 2019-06-13 20:02 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: torvalds, akpm, shuah, patches, ben.hutchings, lkft-triage, stable

On 6/13/19 1:32 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.51 release.
> There are 118 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Sat 15 Jun 2019 07:54:44 AM UTC.
> Anything received after that time might be too late.
> 

Build results:
	total: 156 pass: 156 fail: 0
Qemu test results:
	total: 354 pass: 354 fail: 0

Guenter

^ permalink raw reply	[flat|nested] 133+ messages in thread

* Re: [PATCH 4.19 000/118] 4.19.51-stable review
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (120 preceding siblings ...)
  2019-06-13 20:02 ` Guenter Roeck
@ 2019-06-14  2:37 ` shuah
  2019-06-14 10:29 ` Jon Hunter
  122 siblings, 0 replies; 133+ messages in thread
From: shuah @ 2019-06-14  2:37 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: torvalds, akpm, linux, patches, ben.hutchings, lkft-triage,
	stable, shuah

On 6/13/19 2:32 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.51 release.
> There are 118 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Sat 15 Jun 2019 07:54:44 AM UTC.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.51-rc1.gz
> or in the git tree and branch at:
> 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h
> 

Compiled and booted on my test system. No dmesg regressions.

thanks,
-- Shuah


^ permalink raw reply	[flat|nested] 133+ messages in thread

* Re: [PATCH 4.19 000/118] 4.19.51-stable review
  2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
                   ` (121 preceding siblings ...)
  2019-06-14  2:37 ` shuah
@ 2019-06-14 10:29 ` Jon Hunter
  122 siblings, 0 replies; 133+ messages in thread
From: Jon Hunter @ 2019-06-14 10:29 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: torvalds, akpm, linux, shuah, patches, ben.hutchings,
	lkft-triage, stable


On 13/06/2019 09:32, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.51 release.
> There are 118 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Sat 15 Jun 2019 07:54:44 AM UTC.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.51-rc1.gz
> or in the git tree and branch at:
> 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h

All tests are passing for Tegra ...

Test results for stable-v4.19:
    12 builds:	12 pass, 0 fail
    22 boots:	22 pass, 0 fail
    32 tests:	32 pass, 0 fail

Linux version:	4.19.51-rc2-gc6c7a311e997
Boards tested:	tegra124-jetson-tk1, tegra186-p2771-0000,
                tegra194-p2972-0000, tegra20-ventana,
                tegra210-p2371-2180, tegra30-cardhu-a04

Cheers
Jon

-- 
nvpublic

^ permalink raw reply	[flat|nested] 133+ messages in thread

* Re: [PATCH 4.19 080/118] ARM: dts: imx51: Specify IMX5_CLK_IPG as "ahb" clock to SDMA
  2019-06-13  8:33 ` [PATCH 4.19 080/118] ARM: dts: imx51: Specify IMX5_CLK_IPG as "ahb" clock to SDMA Greg Kroah-Hartman
@ 2019-06-15 20:05   ` Pavel Machek
  0 siblings, 0 replies; 133+ messages in thread
From: Pavel Machek @ 2019-06-15 20:05 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, stable, Andrey Smirnov, Angus Ainslie (Purism),
	Chris Healy, Lucas Stach, Fabio Estevam, Shawn Guo,
	linux-arm-kernel, Sasha Levin

[-- Attachment #1: Type: text/plain, Size: 785 bytes --]

Hi!

> [ Upstream commit 918bbde8085ae147a43dcb491953e0dd8f3e9d6a ]
> 
> Since 25aaa75df1e6 SDMA driver uses clock rates of "ipg" and "ahb"
> clock to determine if it needs to configure the IP block as operating
> at 1:1 or 1:2 clock ratio (ACR bit in SDMAARM_CONFIG). Specifying both
> clocks as IMX5_CLK_SDMA results in driver incorrectly thinking that
> ratio is 1:1 which results in broken SDMA funtionality. Fix the code
> to specify IMX5_CLK_AHB as "ahb" clock for SDMA, to avoid detecting
> incorrect clock ratio.

I don't see 25aaa75df1e6 commit in stable-4.19.y branch. Is that intentional?

Best regards,
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

^ permalink raw reply	[flat|nested] 133+ messages in thread

* Re: [PATCH 4.19 017/118] thermal: rcar_gen3_thermal: disable interrupt in .remove
  2019-06-13  8:32 ` [PATCH 4.19 017/118] thermal: rcar_gen3_thermal: disable interrupt in .remove Greg Kroah-Hartman
@ 2019-06-16 19:41   ` Pavel Machek
  0 siblings, 0 replies; 133+ messages in thread
From: Pavel Machek @ 2019-06-16 19:41 UTC (permalink / raw)
  To: pavel
  Cc: linux-kernel, Jiada Wang, Simon Horman, Daniel Lezcano,
	Eduardo Valentin, Sasha Levin

[-- Attachment #1: Type: text/plain, Size: 1277 bytes --]

Hi!

stable removed from cc.


On Thu 2019-06-13 10:32:35, Greg Kroah-Hartman wrote:
> [ Upstream commit 63f55fcea50c25ae5ad45af92d08dae3b84534c2 ]
> 
> Currently IRQ remains enabled after .remove, later if device is probed,
> IRQ is requested before .thermal_init, this may cause IRQ function be
> called before device is initialized.
> 
> this patch disables interrupt in .remove, to ensure irq function
> only be called after device is fully initialized.

Well, I guess this fixes your problem, but it does not seem like a
correct fix.

Could .init be reordered so that you initialize hardware, first, and
only then request irq? That should solve the problem in a reliable
way.

Thanks,

								Pavel

> +++ b/drivers/thermal/rcar_gen3_thermal.c
> @@ -328,6 +328,9 @@ MODULE_DEVICE_TABLE(of, rcar_gen3_thermal_dt_ids);
>  static int rcar_gen3_thermal_remove(struct platform_device *pdev)
>  {
>  	struct device *dev = &pdev->dev;
> +	struct rcar_gen3_thermal_priv *priv = dev_get_drvdata(dev);
> +
> +	rcar_thermal_irq_set(priv, false);
>  
>  	pm_runtime_put(dev);
>  	pm_runtime_disable(dev);

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

^ permalink raw reply	[flat|nested] 133+ messages in thread

* Re: [PATCH 4.19 070/118] iommu/arm-smmu-v3: Dont disable SMMU in kdump kernel
  2019-06-13  8:33 ` [PATCH 4.19 070/118] iommu/arm-smmu-v3: Dont disable SMMU in kdump kernel Greg Kroah-Hartman
@ 2019-06-16 19:42   ` Pavel Machek
  2019-06-16 20:06     ` Will Deacon
  0 siblings, 1 reply; 133+ messages in thread
From: Pavel Machek @ 2019-06-16 19:42 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, stable, Leizhen (ThunderTown),
	Bhupesh Sharma, Will Deacon, Sasha Levin

[-- Attachment #1: Type: text/plain, Size: 1536 bytes --]

Hi!

> [ Upstream commit 3f54c447df34ff9efac7809a4a80fd3208efc619 ]
> 
> Disabling the SMMU when probing from within a kdump kernel so that all
> incoming transactions are terminated can prevent the core of the crashed
> kernel from being transferred off the machine if all I/O devices are
> behind the SMMU.
> 
> Instead, continue to probe the SMMU after it is disabled so that we can
> reinitialise it entirely and re-attach the DMA masters as they are reset.
> Since the kdump kernel may not have drivers for all of the active DMA
> masters, we suppress fault reporting to avoid spamming the console and
> swamping the IRQ threads.

> +++ b/drivers/iommu/arm-smmu-v3.c
> @@ -2414,13 +2414,9 @@ static int arm_smmu_device_reset(struct arm_smmu_device *smmu, bool bypass)
>  	/* Clear CR0 and sync (disables SMMU and queue processing) */
>  	reg = readl_relaxed(smmu->base + ARM_SMMU_CR0);
>  	if (reg & CR0_SMMUEN) {
> -		if (is_kdump_kernel()) {
> -			arm_smmu_update_gbpa(smmu, GBPA_ABORT, 0);
> -			arm_smmu_device_disable(smmu);
> -			return -EBUSY;
> -		}
> -
>  		dev_warn(smmu->dev, "SMMU currently enabled! Resetting...\n");
> +		WARN_ON(is_kdump_kernel() && !disable_bypass);
> +		arm_smmu_update_gbpa(smmu, GBPA_ABORT, 0);
>  	}
>

This changes behaviour in !is_kdump_kernel() case. Is that
ok/intended?

Best regards,
     								Pavel
								
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

^ permalink raw reply	[flat|nested] 133+ messages in thread

* Re: [PATCH 4.19 034/118] f2fs: fix to avoid panic in f2fs_inplace_write_data()
  2019-06-13  8:32 ` [PATCH 4.19 034/118] f2fs: fix to avoid panic in f2fs_inplace_write_data() Greg Kroah-Hartman
@ 2019-06-16 19:54   ` Pavel Machek
  2019-06-18  7:01     ` Chao Yu
  0 siblings, 1 reply; 133+ messages in thread
From: Pavel Machek @ 2019-06-16 19:54 UTC (permalink / raw)
  To: pavel; +Cc: linux-kernel, Chao Yu, Jaegeuk Kim, Sasha Levin

[-- Attachment #1: Type: text/plain, Size: 1700 bytes --]

Hi!

> [ Upstream commit 05573d6ccf702df549a7bdeabef31e4753df1a90 ]
> 
> As Jungyeon reported in bugzilla:
> 
> https://bugzilla.kernel.org/show_bug.cgi?id=203239
> 
> - Overview
> When mounting the attached crafted image and running program, following errors are reported.
> Additionally, it hangs on sync after running program.
> 
> The image is intentionally fuzzed from a normal f2fs image for testing.
> Compile options for F2FS are as follows.
> CONFIG_F2FS_FS=y
...
> The reason is f2fs_inplace_write_data() will trigger kernel panic due
> to data block locates in node type segment.
> 
> To avoid panic, let's just return error code and set SBI_NEED_FSCK to
> give a hint to fsck for latter repairing.

> index 03fa2c4d3d79..8fc3edb6760c 100644
> --- a/fs/f2fs/segment.c
> +++ b/fs/f2fs/segment.c
> @@ -3069,13 +3069,18 @@ int f2fs_inplace_write_data(struct f2fs_io_info *fio)
>  {
>  	int err;
>  	struct f2fs_sb_info *sbi = fio->sbi;
> +	unsigned int segno;
>  
>  	fio->new_blkaddr = fio->old_blkaddr;
>  	/* i/o temperature is needed for passing down write hints */
>  	__get_segment_type(fio);
>  
> -	f2fs_bug_on(sbi, !IS_DATASEG(get_seg_entry(sbi,
> -			GET_SEGNO(sbi, fio->new_blkaddr))->type));
> +	segno = GET_SEGNO(sbi, fio->new_blkaddr);
> +
> +	if (!IS_DATASEG(get_seg_entry(sbi, segno)->type)) {
> +		set_sbi_flag(sbi, SBI_NEED_FSCK);
> +		return -EFAULT;
> +	}
>  

Would it make sense to print some kind of debug message, as we do in
the other error cases?

Best regards,
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

^ permalink raw reply	[flat|nested] 133+ messages in thread

* Re: [PATCH 4.19 060/118] nvme-pci: shutdown on timeout during deletion
  2019-06-13  8:33 ` [PATCH 4.19 060/118] nvme-pci: shutdown on timeout during deletion Greg Kroah-Hartman
@ 2019-06-16 19:57   ` Pavel Machek
  0 siblings, 0 replies; 133+ messages in thread
From: Pavel Machek @ 2019-06-16 19:57 UTC (permalink / raw)
  To: pavel; +Cc: linux-kernel, Yufen Yu, Keith Busch, Christoph Hellwig, Sasha Levin

[-- Attachment #1: Type: text/plain, Size: 1455 bytes --]


On Thu 2019-06-13 10:33:18, Greg Kroah-Hartman wrote:
> [ Upstream commit 9dc1a38ef1925d23c2933c5867df816386d92ff8 ]
> 
> We do not restart a controller in a deleting state for timeout errors.
> When in this state, unblock potential request dispatchers with failed
> completions by shutting down the controller on timeout detection.
> 
> 
> diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c
> index 377f6fff420d..c8eeecc58115 100644
> --- a/drivers/nvme/host/pci.c
> +++ b/drivers/nvme/host/pci.c
> @@ -1132,6 +1132,7 @@ static enum blk_eh_timer_return nvme_timeout(struct request *req, bool reserved)
>  	struct nvme_dev *dev = nvmeq->dev;
>  	struct request *abort_req;
>  	struct nvme_command cmd;
> +	bool shutdown = false;
>  	u32 csts = readl(dev->bar + NVME_REG_CSTS);
>  
>  	/* If PCI error recovery process is happening, we cannot reset or
> @@ -1168,12 +1169,14 @@ static enum blk_eh_timer_return nvme_timeout(struct request *req, bool reserved)
>  	 * shutdown, so we return BLK_EH_DONE.
>  	 */
>  	switch (dev->ctrl.state) {
> +	case NVME_CTRL_DELETING:
> +		shutdown = true;
>  	case NVME_CTRL_CONNECTING:
>  	case NVME_CTRL_RESETTING:

Would it make sense to add /* fallthrough */ comment to indicate it is
intentional?

Best regards,
										Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

^ permalink raw reply	[flat|nested] 133+ messages in thread

* Re: [PATCH 4.19 117/118] ovl: support stacked SEEK_HOLE/SEEK_DATA
  2019-06-13  8:34 ` [PATCH 4.19 117/118] ovl: support stacked SEEK_HOLE/SEEK_DATA Greg Kroah-Hartman
@ 2019-06-16 19:59   ` Pavel Machek
  0 siblings, 0 replies; 133+ messages in thread
From: Pavel Machek @ 2019-06-16 19:59 UTC (permalink / raw)
  To: pavel; +Cc: linux-kernel, Eddie Horng, Amir Goldstein, Miklos Szeredi

[-- Attachment #1: Type: text/plain, Size: 1026 bytes --]

Hi!

> ---
>  fs/overlayfs/file.c |   44 ++++++++++++++++++++++++++++++++++++++++----
>  1 file changed, 40 insertions(+), 4 deletions(-)
> 
> --- a/fs/overlayfs/file.c
> +++ b/fs/overlayfs/file.c
> @@ -146,11 +146,47 @@ static int ovl_release(struct inode *ino
>  
>  static loff_t ovl_llseek(struct file *file, loff_t offset, int whence)
>  {
> -	struct inode *realinode = ovl_inode_real(file_inode(file));
> +	struct inode *inode = file_inode(file);
> +	struct fd real;
> +	const struct cred *old_cred;
> +	ssize_t ret;
>  
> -	return generic_file_llseek_size(file, offset, whence,
> -					realinode->i_sb->s_maxbytes,
> -					i_size_read(realinode));
> +	/*
> +	 * The two special cases below do not need to involve real fs,
> +	 * so we can optimizing concurrent callers.
> +	 */

AFAICT correct english is "optimize".

Thanks,
								Pavel
								
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

^ permalink raw reply	[flat|nested] 133+ messages in thread

* Re: [PATCH 4.19 058/118] PCI: designware-ep: Use aligned ATU window for raising MSI interrupts
  2019-06-13  8:33 ` [PATCH 4.19 058/118] PCI: designware-ep: Use aligned ATU window for raising MSI interrupts Greg Kroah-Hartman
@ 2019-06-16 20:00   ` Pavel Machek
  0 siblings, 0 replies; 133+ messages in thread
From: Pavel Machek @ 2019-06-16 20:00 UTC (permalink / raw)
  To: pavel
  Cc: linux-kernel, Kishon Vijay Abraham I, Lorenzo Pieralisi, Sasha Levin

[-- Attachment #1: Type: text/plain, Size: 1264 bytes --]

Hi!

> diff --git a/drivers/pci/controller/dwc/pcie-designware-ep.c b/drivers/pci/controller/dwc/pcie-designware-ep.c
> index de8635af4cde..739d97080d3b 100644
> --- a/drivers/pci/controller/dwc/pcie-designware-ep.c
> +++ b/drivers/pci/controller/dwc/pcie-designware-ep.c
> @@ -385,6 +385,7 @@ int dw_pcie_ep_raise_msi_irq(struct dw_pcie_ep *ep, u8 func_no,
>  {
>  	struct dw_pcie *pci = to_dw_pcie_from_ep(ep);
>  	struct pci_epc *epc = ep->epc;
> +	unsigned int aligned_offset;
>  	u16 msg_ctrl, msg_data;
>  	u32 msg_addr_lower, msg_addr_upper, reg;
>  	u64 msg_addr;
> @@ -410,13 +411,15 @@ int dw_pcie_ep_raise_msi_irq(struct dw_pcie_ep *ep, u8 func_no,
>  		reg = ep->msi_cap + PCI_MSI_DATA_32;
>  		msg_data = dw_pcie_readw_dbi(pci, reg);
>  	}
> -	msg_addr = ((u64) msg_addr_upper) << 32 | msg_addr_lower;
> +	aligned_offset = msg_addr_lower & (epc->mem->page_size - 1);
> +	msg_addr = ((u64)msg_addr_upper) << 32 |
> +			(msg_addr_lower & ~aligned_offset);

This warks but is really... interesting code.

would (msg_addr_lower - aligned_offset) make more sense?

Thanks,
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

^ permalink raw reply	[flat|nested] 133+ messages in thread

* Re: [PATCH 4.19 070/118] iommu/arm-smmu-v3: Dont disable SMMU in kdump kernel
  2019-06-16 19:42   ` Pavel Machek
@ 2019-06-16 20:06     ` Will Deacon
  0 siblings, 0 replies; 133+ messages in thread
From: Will Deacon @ 2019-06-16 20:06 UTC (permalink / raw)
  To: Pavel Machek
  Cc: Greg Kroah-Hartman, linux-kernel, stable, Leizhen (ThunderTown),
	Bhupesh Sharma, Will Deacon, Sasha Levin

[FYI: This was in my spam folder. I'll reserve judgement on whether that's
the right decision.]

On Sun, Jun 16, 2019 at 09:42:36PM +0200, Pavel Machek wrote:
> > [ Upstream commit 3f54c447df34ff9efac7809a4a80fd3208efc619 ]
> > 
> > Disabling the SMMU when probing from within a kdump kernel so that all
> > incoming transactions are terminated can prevent the core of the crashed
> > kernel from being transferred off the machine if all I/O devices are
> > behind the SMMU.
> > 
> > Instead, continue to probe the SMMU after it is disabled so that we can
> > reinitialise it entirely and re-attach the DMA masters as they are reset.
> > Since the kdump kernel may not have drivers for all of the active DMA
> > masters, we suppress fault reporting to avoid spamming the console and
> > swamping the IRQ threads.
> 
> > +++ b/drivers/iommu/arm-smmu-v3.c
> > @@ -2414,13 +2414,9 @@ static int arm_smmu_device_reset(struct arm_smmu_device *smmu, bool bypass)
> >  	/* Clear CR0 and sync (disables SMMU and queue processing) */
> >  	reg = readl_relaxed(smmu->base + ARM_SMMU_CR0);
> >  	if (reg & CR0_SMMUEN) {
> > -		if (is_kdump_kernel()) {
> > -			arm_smmu_update_gbpa(smmu, GBPA_ABORT, 0);
> > -			arm_smmu_device_disable(smmu);
> > -			return -EBUSY;
> > -		}
> > -
> >  		dev_warn(smmu->dev, "SMMU currently enabled! Resetting...\n");
> > +		WARN_ON(is_kdump_kernel() && !disable_bypass);
> > +		arm_smmu_update_gbpa(smmu, GBPA_ABORT, 0);
> >  	}
> >
> 
> This changes behaviour in !is_kdump_kernel() case. Is that
> ok/intended?

Yes, that's intentional. If we find the SMMU in an enabled state, it's
probably a good idea to configure it to abort all transactions before
disabling it, otherwise virtual addresses suddenly become physical addresses
and we could corrupt random memory. However, I don't think I've ever seen
this happen outside of kdump so it's admittedly a bit of a theoretical
scenario.

Regardless, patches to -stable should probably match their upstream
counterparts so even if this was an issue, I don't think this is the right
place to discuss it.

Will

^ permalink raw reply	[flat|nested] 133+ messages in thread

* Re: [PATCH 4.19 034/118] f2fs: fix to avoid panic in f2fs_inplace_write_data()
  2019-06-16 19:54   ` Pavel Machek
@ 2019-06-18  7:01     ` Chao Yu
  0 siblings, 0 replies; 133+ messages in thread
From: Chao Yu @ 2019-06-18  7:01 UTC (permalink / raw)
  To: Pavel Machek; +Cc: linux-kernel, Jaegeuk Kim, Sasha Levin

Hi Pavel,

On 2019/6/17 3:54, Pavel Machek wrote:
> Hi!
> 
>> [ Upstream commit 05573d6ccf702df549a7bdeabef31e4753df1a90 ]
>>
>> As Jungyeon reported in bugzilla:
>>
>> https://bugzilla.kernel.org/show_bug.cgi?id=203239
>>
>> - Overview
>> When mounting the attached crafted image and running program, following errors are reported.
>> Additionally, it hangs on sync after running program.
>>
>> The image is intentionally fuzzed from a normal f2fs image for testing.
>> Compile options for F2FS are as follows.
>> CONFIG_F2FS_FS=y
> ...
>> The reason is f2fs_inplace_write_data() will trigger kernel panic due
>> to data block locates in node type segment.
>>
>> To avoid panic, let's just return error code and set SBI_NEED_FSCK to
>> give a hint to fsck for latter repairing.
> 
>> index 03fa2c4d3d79..8fc3edb6760c 100644
>> --- a/fs/f2fs/segment.c
>> +++ b/fs/f2fs/segment.c
>> @@ -3069,13 +3069,18 @@ int f2fs_inplace_write_data(struct f2fs_io_info *fio)
>>  {
>>  	int err;
>>  	struct f2fs_sb_info *sbi = fio->sbi;
>> +	unsigned int segno;
>>  
>>  	fio->new_blkaddr = fio->old_blkaddr;
>>  	/* i/o temperature is needed for passing down write hints */
>>  	__get_segment_type(fio);
>>  
>> -	f2fs_bug_on(sbi, !IS_DATASEG(get_seg_entry(sbi,
>> -			GET_SEGNO(sbi, fio->new_blkaddr))->type));
>> +	segno = GET_SEGNO(sbi, fio->new_blkaddr);
>> +
>> +	if (!IS_DATASEG(get_seg_entry(sbi, segno)->type)) {
>> +		set_sbi_flag(sbi, SBI_NEED_FSCK);
>> +		return -EFAULT;
>> +	}
>>  
> 
> Would it make sense to print some kind of debug message, as we do in
> the other error cases?

Although it's corner case, I think it will be better to do that, let me add it
in another patch.

Thanks for reminding. :)

Thanks,

> 
> Best regards,
> 									Pavel
> 

^ permalink raw reply	[flat|nested] 133+ messages in thread

end of thread, other threads:[~2019-06-18  7:01 UTC | newest]

Thread overview: 133+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-06-13  8:32 [PATCH 4.19 000/118] 4.19.51-stable review Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 001/118] rapidio: fix a NULL pointer dereference when create_workqueue() fails Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 002/118] fs/fat/file.c: issue flush after the writeback of FAT Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 003/118] sysctl: return -EINVAL if val violates minmax Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 004/118] ipc: prevent lockup on alloc_msg and free_msg Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 005/118] drm/pl111: Initialize clock spinlock early Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 006/118] ARM: prevent tracing IPI_CPU_BACKTRACE Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 007/118] mm/hmm: select mmu notifier when selecting HMM Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 008/118] hugetlbfs: on restore reserve error path retain subpool reservation Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 009/118] mem-hotplug: fix node spanned pages when we have a node with only ZONE_MOVABLE Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 010/118] mm/cma.c: fix crash on CMA allocation if bitmap allocation fails Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 011/118] initramfs: free initrd memory if opening /initrd.image fails Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 012/118] mm/cma.c: fix the bitmap status to show failed allocation reason Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 013/118] mm: page_mkclean vs MADV_DONTNEED race Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 014/118] mm/cma_debug.c: fix the break condition in cma_maxchunk_get() Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 015/118] mm/slab.c: fix an infinite loop in leaks_show() Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 016/118] kernel/sys.c: prctl: fix false positive in validate_prctl_map() Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 017/118] thermal: rcar_gen3_thermal: disable interrupt in .remove Greg Kroah-Hartman
2019-06-16 19:41   ` Pavel Machek
2019-06-13  8:32 ` [PATCH 4.19 018/118] drivers: thermal: tsens: Dont print error message on -EPROBE_DEFER Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 019/118] mfd: tps65912-spi: Add missing of table registration Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 020/118] mfd: intel-lpss: Set the device in reset state when init Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 021/118] drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 022/118] mfd: twl6040: Fix device init errors for ACCCTL register Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 023/118] perf/x86/intel: Allow PEBS multi-entry in watermark mode Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 024/118] drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() mthd when encoders change Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 025/118] drm/bridge: adv7511: Fix low refresh rate selection Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 026/118] objtool: Dont use ignore flag for fake jumps Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 027/118] drm/nouveau/kms/gv100-: fix spurious window immediate interlocks Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 028/118] bpf: fix undefined behavior in narrow load handling Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 029/118] EDAC/mpc85xx: Prevent building as a module Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 030/118] pwm: meson: Use the spin-lock only to protect register modifications Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 031/118] mailbox: stm32-ipcc: check invalid irq Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 032/118] ntp: Allow TAI-UTC offset to be set to zero Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 033/118] f2fs: fix to avoid panic in do_recover_data() Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 034/118] f2fs: fix to avoid panic in f2fs_inplace_write_data() Greg Kroah-Hartman
2019-06-16 19:54   ` Pavel Machek
2019-06-18  7:01     ` Chao Yu
2019-06-13  8:32 ` [PATCH 4.19 035/118] f2fs: fix to avoid panic in f2fs_remove_inode_page() Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 036/118] f2fs: fix to do sanity check on free nid Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 037/118] f2fs: fix to clear dirty inode in error path of f2fs_iget() Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 038/118] f2fs: fix to avoid panic in dec_valid_block_count() Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 039/118] f2fs: fix to use inline space only if inline_xattr is enable Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 040/118] f2fs: fix to do sanity check on valid block count of segment Greg Kroah-Hartman
2019-06-13  8:32 ` [PATCH 4.19 041/118] f2fs: fix to do checksum even if inode page is uptodate Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 042/118] percpu: remove spurious lock dependency between percpu and sched Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 043/118] configfs: fix possible use-after-free in configfs_register_group Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 044/118] uml: fix a boot splat wrt use of cpu_all_mask Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 045/118] PCI: dwc: Free MSI in dw_pcie_host_init() error path Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 046/118] PCI: dwc: Free MSI IRQ page in dw_pcie_free_msi() Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 047/118] ovl: do not generate duplicate fsnotify events for "fake" path Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 048/118] mmc: mmci: Prevent polling for busy detection in IRQ context Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 049/118] netfilter: nf_flow_table: fix missing error check for rhashtable_insert_fast Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 050/118] netfilter: nf_conntrack_h323: restore boundary check correctness Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 051/118] mips: Make sure dt memory regions are valid Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 052/118] netfilter: nf_tables: fix base chain stat rcu_dereference usage Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 053/118] watchdog: imx2_wdt: Fix set_timeout for big timeout values Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 054/118] watchdog: fix compile time error of pretimeout governors Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 055/118] blk-mq: move cancel of requeue_work into blk_mq_release Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 056/118] iommu/vt-d: Set intel_iommu_gfx_mapped correctly Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 057/118] misc: pci_endpoint_test: Fix test_reg_bar to be updated in pci_endpoint_test Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 058/118] PCI: designware-ep: Use aligned ATU window for raising MSI interrupts Greg Kroah-Hartman
2019-06-16 20:00   ` Pavel Machek
2019-06-13  8:33 ` [PATCH 4.19 059/118] nvme-pci: unquiesce admin queue on shutdown Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 060/118] nvme-pci: shutdown on timeout during deletion Greg Kroah-Hartman
2019-06-16 19:57   ` Pavel Machek
2019-06-13  8:33 ` [PATCH 4.19 061/118] netfilter: nf_flow_table: check ttl value in flow offload data path Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 062/118] netfilter: nf_flow_table: fix netdev refcnt leak Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 063/118] ALSA: hda - Register irq handler after the chip initialization Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 064/118] nvmem: core: fix read buffer in place Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 065/118] nvmem: sunxi_sid: Support SID on A83T and H5 Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 066/118] fuse: retrieve: cap requested size to negotiated max_write Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 067/118] nfsd: allow fh_want_write to be called twice Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 068/118] nfsd: avoid uninitialized variable warning Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 069/118] vfio: Fix WARNING "do not call blocking ops when !TASK_RUNNING" Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 070/118] iommu/arm-smmu-v3: Dont disable SMMU in kdump kernel Greg Kroah-Hartman
2019-06-16 19:42   ` Pavel Machek
2019-06-16 20:06     ` Will Deacon
2019-06-13  8:33 ` [PATCH 4.19 071/118] switchtec: Fix unintended mask of MRPC event Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 072/118] net: thunderbolt: Unregister ThunderboltIP protocol handler when suspending Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 073/118] x86/PCI: Fix PCI IRQ routing table memory leak Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 074/118] i40e: Queues are reserved despite "Invalid argument" error Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 075/118] platform/chrome: cros_ec_proto: check for NULL transfer function Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 076/118] PCI: keystone: Prevent ARM32 specific code to be compiled for ARM64 Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 077/118] soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 078/118] clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 079/118] soc: rockchip: Set the proper PWM for rk3288 Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 080/118] ARM: dts: imx51: Specify IMX5_CLK_IPG as "ahb" clock to SDMA Greg Kroah-Hartman
2019-06-15 20:05   ` Pavel Machek
2019-06-13  8:33 ` [PATCH 4.19 081/118] ARM: dts: imx50: " Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 082/118] ARM: dts: imx53: " Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 083/118] ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG " Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 084/118] ARM: dts: imx6sll: Specify IMX6SLL_CLK_IPG as "ipg" " Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 085/118] ARM: dts: imx7d: Specify IMX7D_CLK_IPG " Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 086/118] ARM: dts: imx6ul: Specify IMX6UL_CLK_IPG " Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 087/118] ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG " Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 088/118] ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG " Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 089/118] PCI: rpadlpar: Fix leaked device_node references in add/remove paths Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 090/118] drm/amd/display: Use plane->color_space for dpp if specified Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 091/118] ALSA: seq: Protect in-kernel ioctl calls with mutex Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 092/118] ARM: OMAP2+: pm33xx-core: Do not Turn OFF CEFUSE as PPA may be using it Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 093/118] platform/x86: intel_pmc_ipc: adding error handling Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 094/118] power: supply: max14656: fix potential use-before-alloc Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 095/118] net: hns3: return 0 and print warning when hit duplicate MAC Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 096/118] PCI: rcar: Fix a potential NULL pointer dereference Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 097/118] PCI: rcar: Fix 64bit MSI message address handling Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 098/118] scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 099/118] video: hgafb: fix potential NULL pointer dereference Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 100/118] video: imsttfb: fix potential NULL pointer dereferences Greg Kroah-Hartman
2019-06-13  8:33 ` [PATCH 4.19 101/118] block, bfq: increase idling for weight-raised queues Greg Kroah-Hartman
2019-06-13  8:34 ` [PATCH 4.19 102/118] PCI: xilinx: Check for __get_free_pages() failure Greg Kroah-Hartman
2019-06-13  8:34 ` [PATCH 4.19 103/118] gpio: gpio-omap: add check for off wake capable gpios Greg Kroah-Hartman
2019-06-13  8:34 ` [PATCH 4.19 104/118] ice: Add missing case in print_link_msg for printing flow control Greg Kroah-Hartman
2019-06-13  8:34 ` [PATCH 4.19 105/118] dmaengine: idma64: Use actual device for DMA transfers Greg Kroah-Hartman
2019-06-13  8:34 ` [PATCH 4.19 106/118] pwm: tiehrpwm: Update shadow register for disabling PWMs Greg Kroah-Hartman
2019-06-13  8:34 ` [PATCH 4.19 107/118] ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa Greg Kroah-Hartman
2019-06-13  8:34 ` [PATCH 4.19 108/118] pwm: Fix deadlock warning when removing PWM device Greg Kroah-Hartman
2019-06-13  8:34 ` [PATCH 4.19 109/118] ARM: exynos: Fix undefined instruction during Exynos5422 resume Greg Kroah-Hartman
2019-06-13  8:34 ` [PATCH 4.19 110/118] usb: typec: fusb302: Check vconn is off when we start toggling Greg Kroah-Hartman
2019-06-13  8:34 ` [PATCH 4.19 111/118] soc: renesas: Identify R-Car M3-W ES1.3 Greg Kroah-Hartman
2019-06-13  8:34 ` [PATCH 4.19 112/118] gpio: vf610: Do not share irq_chip Greg Kroah-Hartman
2019-06-13  8:34 ` [PATCH 4.19 113/118] percpu: do not search past bitmap when allocating an area Greg Kroah-Hartman
2019-06-13  8:34 ` [PATCH 4.19 114/118] Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections" Greg Kroah-Hartman
2019-06-13  8:34 ` [PATCH 4.19 115/118] Revert "drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3)" Greg Kroah-Hartman
2019-06-13  8:34 ` [PATCH 4.19 116/118] ovl: check the capability before cred overridden Greg Kroah-Hartman
2019-06-13  8:34 ` [PATCH 4.19 117/118] ovl: support stacked SEEK_HOLE/SEEK_DATA Greg Kroah-Hartman
2019-06-16 19:59   ` Pavel Machek
2019-06-13  8:34 ` [PATCH 4.19 118/118] drm/vc4: fix fb references in async update Greg Kroah-Hartman
2019-06-13 13:30 ` [PATCH 4.19 000/118] 4.19.51-stable review kernelci.org bot
2019-06-13 18:33 ` Naresh Kamboju
2019-06-13 20:02 ` Guenter Roeck
2019-06-14  2:37 ` shuah
2019-06-14 10:29 ` Jon Hunter

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).