1. 20 Mar, 2021 3 commits
    • Linus Torvalds's avatar
      Merge tag 'zonefs-5.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/zonefs · 1c273e10
      Linus Torvalds authored
      Pull zonefs fixes from Damien Le Moal:
      
       - fix inode write open reference count (Chao)
      
       - Fix wrong write offset for asynchronous O_APPEND writes (me)
      
       - Prevent use of sequential zone file as swap files (me)
      
      * tag 'zonefs-5.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/zonefs:
        zonefs: fix to update .i_wr_refcnt correctly in zonefs_open_zone()
        zonefs: Fix O_APPEND async write handling
        zonefs: prevent use of seq files as swap file
      1c273e10
    • Linus Torvalds's avatar
      Merge tag 'block-5.12-2021-03-19' of git://git.kernel.dk/linux-block · d626c692
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "Just an NVMe pull request this week:
      
         - fix tag allocation for keep alive
      
         - fix a unit mismatch for the Write Zeroes limits
      
         - various TCP transport fixes (Sagi Grimberg, Elad Grupi)
      
         - fix iosqes and iocqes validation for discovery controllers (Sagi Grimberg)"
      
      * tag 'block-5.12-2021-03-19' of git://git.kernel.dk/linux-block:
        nvmet-tcp: fix kmap leak when data digest in use
        nvmet: don't check iosqes,iocqes for discovery controllers
        nvme-rdma: fix possible hang when failing to set io queues
        nvme-tcp: fix possible hang when failing to set io queues
        nvme-tcp: fix misuse of __smp_processor_id with preemption enabled
        nvme-tcp: fix a NULL deref when receiving a 0-length r2t PDU
        nvme: fix Write Zeroes limitations
        nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT
        nvme: merge nvme_keep_alive into nvme_keep_alive_work
        nvme-fabrics: only reserve a single tag
      d626c692
    • Linus Torvalds's avatar
      Merge tag 'io_uring-5.12-2021-03-19' of git://git.kernel.dk/linux-block · 0ada2dad
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
       "Quieter week this time, which was both expected and desired. About
        half of the below is fixes for this release, the other half are just
        fixes in general. In detail:
      
         - Fix the freezing of IO threads, by making the freezer not send them
           fake signals. Make them freezable by default.
      
         - Like we did for personalities, move the buffer IDR to xarray. Kills
           some code and avoids a use-after-free on teardown.
      
         - SQPOLL cleanups and fixes (Pavel)
      
         - Fix linked timeout race (Pavel)
      
         - Fix potential completion post use-after-free (Pavel)
      
         - Cleanup and move internal structures outside of general kernel view
           (Stefan)
      
         - Use MSG_SIGNAL for send/recv from io_uring (Stefan)"
      
      * tag 'io_uring-5.12-2021-03-19' of git://git.kernel.dk/linux-block:
        io_uring: don't leak creds on SQO attach error
        io_uring: use typesafe pointers in io_uring_task
        io_uring: remove structures from include/linux/io_uring.h
        io_uring: imply MSG_NOSIGNAL for send[msg]()/recv[msg]() calls
        io_uring: fix sqpoll cancellation via task_work
        io_uring: add generic callback_head helpers
        io_uring: fix concurrent parking
        io_uring: halt SQO submission on ctx exit
        io_uring: replace sqd rw_semaphore with mutex
        io_uring: fix complete_post use ctx after free
        io_uring: fix ->flags races by linked timeouts
        io_uring: convert io_buffer_idr to XArray
        io_uring: allow IO worker threads to be frozen
        kernel: freezer should treat PF_IO_WORKER like PF_KTHREAD for freezing
      0ada2dad
  2. 19 Mar, 2021 16 commits
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · ecd8ee7f
      Linus Torvalds authored
      Pull kvm fixes from Paolo Bonzini:
       "Fixes for kvm on x86:
      
         - new selftests
      
         - fixes for migration with HyperV re-enlightenment enabled
      
         - fix RCU/SRCU usage
      
         - fixes for local_irq_restore misuse false positive"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        documentation/kvm: additional explanations on KVM_SET_BOOT_CPU_ID
        x86/kvm: Fix broken irq restoration in kvm_wait
        KVM: X86: Fix missing local pCPU when executing wbinvd on all dirty pCPUs
        KVM: x86: Protect userspace MSR filter with SRCU, and set atomically-ish
        selftests: kvm: add set_boot_cpu_id test
        selftests: kvm: add _vm_ioctl
        selftests: kvm: add get_msr_index_features
        selftests: kvm: Add basic Hyper-V clocksources tests
        KVM: x86: hyper-v: Don't touch TSC page values when guest opted for re-enlightenment
        KVM: x86: hyper-v: Track Hyper-V TSC page status
        KVM: x86: hyper-v: Prevent using not-yet-updated TSC page by secondary CPUs
        KVM: x86: hyper-v: Limit guest to writing zero to HV_X64_MSR_TSC_EMULATION_STATUS
        KVM: x86/mmu: Store the address space ID in the TDP iterator
        KVM: x86/mmu: Factor out tdp_iter_return_to_root
        KVM: x86/mmu: Fix RCU usage when atomically zapping SPTEs
        KVM: x86/mmu: Fix RCU usage in handle_removed_tdp_mmu_page
      ecd8ee7f
    • Linus Torvalds's avatar
      Merge tag 'gpio-fixes-for-v5.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux · 3149860d
      Linus Torvalds authored
      Pull gpio fixes from Bartosz Golaszewski:
       "Two fixes for the GPIO subsystem. Both address issues in the core GPIO
        code:
      
         - fix the return value in error path in gpiolib_dev_init()
      
         - fix the 'gpio-line-names' property handling correctly this time"
      
      * tag 'gpio-fixes-for-v5.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
        gpiolib: Assign fwnode to parent's if no primary one provided
        gpiolib: Fix error return code in gpiolib_dev_init()
      3149860d
    • Linus Torvalds's avatar
      Merge tag 's390-5.12-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · 6bfea141
      Linus Torvalds authored
      Pull s390 updates from Heiko Carstens:
      
       - disable preemption when accessing local per-cpu variables in the new
         counter set driver
      
       - fix by a factor of four increased steal time due to missing
         cputime_to_nsecs() conversion
      
       - fix PCI device structure leak
      
      * tag 's390-5.12-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390/pci: fix leak of PCI device structure
        s390/vtime: fix increased steal time accounting
        s390/cpumf: disable preemption when accessing per-cpu variable
      6bfea141
    • Linus Torvalds's avatar
      Merge tag 'trace-v5.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · 278924cb
      Linus Torvalds authored
      Pull workqueue tracing fix from Steven Rostedt:
       "Fix workqueue trace event unsafe string reference
      
        After adding a verifier to test all strings printed in trace events to
        make sure they either point to a string on the ring buffer, or to read
        only core kernel memory, it triggered on a workqueue trace event. The
        trace event workqueue_queue_work references the allocated name of the
        workqueue in the output. If the workqueue is freed before the trace is
        read, then the trace will dereference freed memory.
      
        Update the trace event to use the __string(), __assign_str(), and
        __get_str() helpers to handle such cases"
      
      * tag 'trace-v5.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        workqueue/tracing: Copy workqueue name to buffer in trace event
      278924cb
    • Linus Torvalds's avatar
      Merge tag 'pm-5.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · ec857209
      Linus Torvalds authored
      Pull power management fixes from Rafael Wysocki:
       "Revert two problematic commits.
      
        Specifics:
      
         - Revert ACPI PM commit that attempted to improve reboot handling on
           some systems, but it caused other systems to panic() during reboot
           (Josef Bacik)
      
         - Revert PM-runtime commit that attempted to improve the handling of
           suppliers during PM-runtime suspend of a consumer device, but it
           introduced a race condition potentially leading to unexpected
           behavior (Rafael Wysocki)"
      
      * tag 'pm-5.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        Revert "PM: runtime: Update device status before letting suppliers suspend"
        Revert "PM: ACPI: reboot: Use S5 for reboot"
      ec857209
    • Linus Torvalds's avatar
      Merge tag 'iommu-fixes-v5.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu · 65a10374
      Linus Torvalds authored
      Pull iommu fixes from Joerg Roedel:
      
       - Three AMD IOMMU patches to fix a boot crash on AMD Stoney systems and
         every other AMD IOMMU system booted with 'amd_iommu=off'.
      
         This is a v5.11 regression.
      
       - A Fix for the Tegra IOMMU driver to make sure it detects all IOMMUs
      
      * tag 'iommu-fixes-v5.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
        iommu/tegra-smmu: Make tegra_smmu_probe_device() to handle all IOMMU phandles
        iommu/amd: Keep track of amd_iommu_irq_remap state
        iommu/amd: Don't call early_amd_iommu_init() when AMD IOMMU is disabled
        iommu/amd: Move Stoney Ridge check to detect_ivrs()
      65a10374
    • Linus Torvalds's avatar
      Merge tag 'sound-5.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 769e155c
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "The majority of changes are various ASoC device/platform-specific
        small fixes (including a removal of stale file) while the only common
        change is a clk management fix in ASoC simple-card driver.
      
        The rest are the usual HD-audio quirks"
      
      * tag 'sound-5.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (44 commits)
        ALSA: usb-audio: Fix unintentional sign extension issue
        ALSA: hda/realtek: fix mute/micmute LEDs for HP 850 G8
        ASoC: dt-bindings: fsl_spdif: Add compatible string for new platforms
        ASoC: rt711: add snd_soc_component remove callback
        ASoC: rt5659: Update MCLK rate in set_sysclk()
        ASoC: simple-card-utils: Do not handle device clock
        ALSA: hda/realtek: fix mute/micmute LEDs for HP 440 G8
        ALSA: hda/realtek: fix mute/micmute LEDs for HP 840 G8
        ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro
        ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air
        ASoC: mediatek: mt8192: fix tdm out data is valid on rising edge
        ALSA: dice: fix null pointer dereference when node is disconnected
        ALSA: hda: generic: Fix the micmute led init state
        ASoC: qcom: lpass-cpu: Fix lpass dai ids parse
        spi: cadence: set cqspi to the driver_data field of struct device
        ASoC: SOF: intel: fix wrong poll bits in dsp power down
        ASoC: codecs: wcd934x: add a sanity check in set channel map
        ASoC: qcom: sdm845: Fix array out of range on rx slim channels
        ASoC: qcom: sdm845: Fix array out of bounds access
        ASoC: remove remnants of sirf prima/atlas audio codec
        ...
      769e155c
    • Rafael J. Wysocki's avatar
      Merge branch 'pm-core' · 49cb71a7
      Rafael J. Wysocki authored
      * pm-core:
        Revert "PM: runtime: Update device status before letting suppliers suspend"
      49cb71a7
    • Rafael J. Wysocki's avatar
      Revert "PM: runtime: Update device status before letting suppliers suspend" · 0cab893f
      Rafael J. Wysocki authored
      Revert commit 44cc89f7 ("PM: runtime: Update device status
      before letting suppliers suspend") that introduced a race condition
      into __rpm_callback() which allowed a concurrent rpm_resume() to
      run and resume the device prematurely after its status had been
      changed to RPM_SUSPENDED by __rpm_callback().
      
      Fixes: 44cc89f7 ("PM: runtime: Update device status before letting suppliers suspend")
      Link: https://lore.kernel.org/linux-pm/24dfb6fc-5d54-6ee2-9195-26428b7ecf8a@intel.com/Reported-by: default avatarAdrian Hunter <adrian.hunter@intel.com>
      Cc: 4.10+ <stable@vger.kernel.org> # 4.10+
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      Reviewed-by: default avatarUlf Hansson <ulf.hansson@linaro.org>
      0cab893f
    • Jens Axboe's avatar
      Merge tag 'nvme-5.12-20210319' of git://git.infradead.org/nvme into block-5.12 · d38b4d28
      Jens Axboe authored
      Pull NVMe updates from Christoph:
      
      "nvme fixes for 5.12
      
       - fix tag allocation for keep alive
       - fix a unit mismatch for the Write Zeroes limits
       - various TCP transport fixes (Sagi Grimberg, Elad Grupi)
       - fix iosqes and iocqes validation for discovery controllers (Sagi Grimberg)"
      
      * tag 'nvme-5.12-20210319' of git://git.infradead.org/nvme:
        nvmet-tcp: fix kmap leak when data digest in use
        nvmet: don't check iosqes,iocqes for discovery controllers
        nvme-rdma: fix possible hang when failing to set io queues
        nvme-tcp: fix possible hang when failing to set io queues
        nvme-tcp: fix misuse of __smp_processor_id with preemption enabled
        nvme-tcp: fix a NULL deref when receiving a 0-length r2t PDU
        nvme: fix Write Zeroes limitations
        nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT
        nvme: merge nvme_keep_alive into nvme_keep_alive_work
        nvme-fabrics: only reserve a single tag
      d38b4d28
    • Emanuele Giuseppe Esposito's avatar
      documentation/kvm: additional explanations on KVM_SET_BOOT_CPU_ID · 9ce3746d
      Emanuele Giuseppe Esposito authored
      The ioctl KVM_SET_BOOT_CPU_ID fails when called after vcpu creation.
      Add this explanation in the documentation.
      Signed-off-by: default avatarEmanuele Giuseppe Esposito <eesposit@redhat.com>
      Message-Id: <20210319091650.11967-1-eesposit@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      9ce3746d
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2021-03-19' of git://anongit.freedesktop.org/drm/drm · 8b12a62a
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Regular fixes pull, pretty small set of fixes, a couple of i915 and
        amdgpu, one ttm, one nouveau and one omap. Probably smaller than usual
        for this time, so we'll see if something pops up next week or if this
        will continue to stay small.
      
        Summary:
      
        ttm:
         - Make ttm_bo_unpin() not wraparound on too many unpins
      
        omap:
         - Fix coccicheck warning in omap
      
        amdgpu:
         - DCN 3.0 gamma fixes
         - DCN 2.1 corrupt screen fix
      
        i915:
         - Workaround async flip + VT-d frame corruption on HSW/BDW
         - Fix NMI watchdog crash due to uninitialized OA buffer use on gen12+
      
        nouveau:
         - workaround oops with bo syncing"
      
      * tag 'drm-fixes-2021-03-19' of git://anongit.freedesktop.org/drm/drm:
        nouveau: Skip unvailable ttm page entries
        drm/amd/display: Remove MPC gamut remap logic for DCN30
        drm/amd/display: Correct algorithm for reversed gamma
        drm/omap: dsi: fix unsigned expression compared with zero
        i915/perf: Start hrtimer only if sampling the OA buffer
        drm/i915: Workaround async flip + VT-d corruption on HSW/BDW
        drm/amd/display: Copy over soc values before bounding box creation
        drm/ttm: make ttm_bo_unpin more defensive
      8b12a62a
    • Tobias Klausmann's avatar
      nouveau: Skip unvailable ttm page entries · e94c55b8
      Tobias Klausmann authored
      Starting with commit f295c8cf
      ("drm/nouveau: fix dma syncing warning with debugging on.")
      the following oops occures:
      
         BUG: kernel NULL pointer dereference, address: 0000000000000000
         #PF: supervisor read access in kernel mode
         #PF: error_code(0x0000) - not-present page
         PGD 0 P4D 0
         Oops: 0000 [#1] PREEMPT SMP PTI
         CPU: 6 PID: 1013 Comm: Xorg.bin Tainted: G E     5.11.0-desktop-rc0+ #2
         Hardware name: Acer Aspire VN7-593G/Pluto_KLS, BIOS V1.11 08/01/2018
         RIP: 0010:nouveau_bo_sync_for_device+0x40/0xb0 [nouveau]
         Call Trace:
          nouveau_bo_validate+0x5d/0x80 [nouveau]
          nouveau_gem_ioctl_pushbuf+0x662/0x1120 [nouveau]
          ? nouveau_gem_ioctl_new+0xf0/0xf0 [nouveau]
          drm_ioctl_kernel+0xa6/0xf0 [drm]
          drm_ioctl+0x1f4/0x3a0 [drm]
          ? nouveau_gem_ioctl_new+0xf0/0xf0 [nouveau]
          nouveau_drm_ioctl+0x50/0xa0 [nouveau]
          __x64_sys_ioctl+0x7e/0xb0
          do_syscall_64+0x33/0x80
          entry_SYSCALL_64_after_hwframe+0x44/0xae
         ---[ end trace ccfb1e7f4064374f ]---
         RIP: 0010:nouveau_bo_sync_for_device+0x40/0xb0 [nouveau]
      
      The underlying problem is not introduced by the commit, yet it uncovered the
      underlying issue. The cited commit relies on valid pages. This is not given for
      due to some bugs. For now, just warn and work around the issue by just ignoring
      the bad ttm objects.
      Below is some debug info gathered while debugging this issue:
      
      nouveau 0000:01:00.0: DRM: ttm_dma->num_pages: 2048
      nouveau 0000:01:00.0: DRM: ttm_dma->pages is NULL
      nouveau 0000:01:00.0: DRM: ttm_dma: 00000000e96058e7
      nouveau 0000:01:00.0: DRM: ttm_dma->page_flags:
      nouveau 0000:01:00.0: DRM: ttm_dma:   Populated: 1
      nouveau 0000:01:00.0: DRM: ttm_dma:   No Retry: 0
      nouveau 0000:01:00.0: DRM: ttm_dma:   SG: 256
      nouveau 0000:01:00.0: DRM: ttm_dma:   Zero Alloc: 0
      nouveau 0000:01:00.0: DRM: ttm_dma:   Swapped: 0
      Signed-off-by: default avatarTobias Klausmann <tobias.klausmann@freenet.de>
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20210313222159.3346-1-tobias.klausmann@freenet.de
      e94c55b8
    • Dave Airlie's avatar
      Merge tag 'drm-intel-fixes-2021-03-18' of... · 0677170b
      Dave Airlie authored
      Merge tag 'drm-intel-fixes-2021-03-18' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
      
      drm/i915 fixes for v5.12-rc4:
      - Workaround async flip + VT-d frame corruption on HSW/BDW
      - Fix NMI watchdog crash due to uninitialized OA buffer use on gen12+
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      From: Jani Nikula <jani.nikula@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/87blbg8y5t.fsf@intel.com
      0677170b
    • Dave Airlie's avatar
      Merge tag 'amd-drm-fixes-5.12-2021-03-18' of... · a97fdabc
      Dave Airlie authored
      Merge tag 'amd-drm-fixes-5.12-2021-03-18' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes
      
      amdgpu:
      - DCN 3.0 gamma fixes
      - DCN 2.1 corrupt screen fix
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      From: Alex Deucher <alexander.deucher@amd.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20210318042858.3810-1-alexander.deucher@amd.com
      a97fdabc
    • Dave Airlie's avatar
      Merge tag 'drm-misc-fixes-2021-03-18' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes · db3f0d8e
      Dave Airlie authored
      drm-misc-fixes for v5.12-rc4:
      - Make ttm_bo_unpin() not wraparound on too many unpins.
      - Fix coccicheck warning in omap.
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/a0e13bbb-6ba6-ff24-4db8-0e02e605de18@linux.intel.com
      db3f0d8e
  3. 18 Mar, 2021 21 commits
    • Linus Torvalds's avatar
      Merge tag 'for-5.12-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · 81aa0968
      Linus Torvalds authored
      Pull btrfs fixes from David Sterba:
       "There are still regressions being found and fixed in the zoned mode
        and subpage code, the rest are fixes for bugs reported by users.
      
        Regressions:
      
         - subpage block support:
            - readahead works on the proper block size
            - fix last page zeroing
      
         - zoned mode:
            - linked list corruption for tree log
      
        Fixes:
      
         - qgroup leak after falloc failure
      
         - tree mod log and backref resolving:
            - extent buffer cloning race when resolving backrefs
            - pin deleted leaves with active tree mod log users
      
         - drop debugging flag from slab cache"
      
      * tag 'for-5.12-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        btrfs: always pin deleted leaves when there are active tree mod log users
        btrfs: fix race when cloning extent buffer during rewind of an old root
        btrfs: fix slab cache flags for free space tree bitmap
        btrfs: subpage: make readahead work properly
        btrfs: subpage: fix wild pointer access during metadata read failure
        btrfs: zoned: fix linked list corruption after log root tree allocation failure
        btrfs: fix qgroup data rsv leak caused by falloc failure
        btrfs: track qgroup released data in own variable in insert_prealloc_file_extent
        btrfs: fix wrong offset to zero out range beyond i_size
      81aa0968
    • Linus Torvalds's avatar
      Merge tag 'vfio-v5.12-rc4' of git://github.com/awilliam/linux-vfio · dc033799
      Linus Torvalds authored
      Pull VFIO fixes from Alex Williamson:
      
       - Fix 32-bit issue with new unmap-all flag (Steve Sistare)
      
       - Various Kconfig changes for better coverage (Jason Gunthorpe)
      
       - Fix to batch pinning support (Daniel Jordan)
      
      * tag 'vfio-v5.12-rc4' of git://github.com/awilliam/linux-vfio:
        vfio/type1: fix vaddr_get_pfns() return in vfio_pin_page_external()
        vfio: Depend on MMU
        ARM: amba: Allow some ARM_AMBA users to compile with COMPILE_TEST
        vfio-platform: Add COMPILE_TEST to VFIO_PLATFORM
        vfio: IOMMU_API should be selected
        vfio/type1: fix unmap all on ILP32
      dc033799
    • Linus Torvalds's avatar
      Merge tag 'xfs-5.12-fixes-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · c73891c9
      Linus Torvalds authored
      Pull xfs fixes from Darrick Wong:
       "A couple of minor corrections for the new idmapping functionality, and
        a fix for a theoretical hang that could occur if we decide to abort a
        mount after dirtying the quota inodes.
      
        Summary:
      
         - Fix quota accounting on creat() when id mapping is enabled
      
         - Actually reclaim dirty quota inodes when mount fails
      
         - Typo fixes for documentation
      
         - Restrict both bulkstat calls on idmapped/namespaced mounts"
      
      * tag 'xfs-5.12-fixes-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        xfs: also reject BULKSTAT_SINGLE in a mount user namespace
        docs: ABI: Fix the spelling oustanding to outstanding in the file sysfs-fs-xfs
        xfs: force log and push AIL to clear pinned inodes when aborting mount
        xfs: fix quota accounting when a mount is idmapped
      c73891c9
    • Linus Torvalds's avatar
      Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost · bf152b0b
      Linus Torvalds authored
      Pull virtio fixes from Michael Tsirkin:
       "Some fixes and cleanups all over the place"
      
      * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
        vhost-vdpa: set v->config_ctx to NULL if eventfd_ctx_fdget() fails
        vhost-vdpa: fix use-after-free of v->config_ctx
        vhost: Fix vhost_vq_reset()
        vhost_vdpa: fix the missing irq_bypass_unregister_producer() invocation
        vdpa_sim: Skip typecasting from void*
        virtio: remove export for virtio_config_{enable, disable}
        virtio-mmio: Use to_virtio_mmio_device() to simply code
        vdpa: set the virtqueue num during register
      bf152b0b
    • Wanpeng Li's avatar
      x86/kvm: Fix broken irq restoration in kvm_wait · f4e61f0c
      Wanpeng Li authored
      After commit 997acaf6 (lockdep: report broken irq restoration), the guest
      splatting below during boot:
      
       raw_local_irq_restore() called with IRQs enabled
       WARNING: CPU: 1 PID: 169 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x26/0x30
       Modules linked in: hid_generic usbhid hid
       CPU: 1 PID: 169 Comm: systemd-udevd Not tainted 5.11.0+ #25
       RIP: 0010:warn_bogus_irq_restore+0x26/0x30
       Call Trace:
        kvm_wait+0x76/0x90
        __pv_queued_spin_lock_slowpath+0x285/0x2e0
        do_raw_spin_lock+0xc9/0xd0
        _raw_spin_lock+0x59/0x70
        lockref_get_not_dead+0xf/0x50
        __legitimize_path+0x31/0x60
        legitimize_root+0x37/0x50
        try_to_unlazy_next+0x7f/0x1d0
        lookup_fast+0xb0/0x170
        path_openat+0x165/0x9b0
        do_filp_open+0x99/0x110
        do_sys_openat2+0x1f1/0x2e0
        do_sys_open+0x5c/0x80
        __x64_sys_open+0x21/0x30
        do_syscall_64+0x32/0x50
        entry_SYSCALL_64_after_hwframe+0x44/0xae
      
      The new consistency checking,  expects local_irq_save() and
      local_irq_restore() to be paired and sanely nested, and therefore expects
      local_irq_restore() to be called with irqs disabled.
      The irqflags handling in kvm_wait() which ends up doing:
      
      	local_irq_save(flags);
      	safe_halt();
      	local_irq_restore(flags);
      
      instead triggers it.  This patch fixes it by using
      local_irq_disable()/enable() directly.
      
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Reported-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Signed-off-by: default avatarWanpeng Li <wanpengli@tencent.com>
      Message-Id: <1615791328-2735-1-git-send-email-wanpengli@tencent.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      f4e61f0c
    • Wanpeng Li's avatar
      KVM: X86: Fix missing local pCPU when executing wbinvd on all dirty pCPUs · c2162e13
      Wanpeng Li authored
      In order to deal with noncoherent DMA, we should execute wbinvd on
      all dirty pCPUs when guest wbinvd exits to maintain data consistency.
      smp_call_function_many() does not execute the provided function on the
      local core, therefore replace it by on_each_cpu_mask().
      Reported-by: default avatarNadav Amit <namit@vmware.com>
      Cc: Nadav Amit <namit@vmware.com>
      Signed-off-by: default avatarWanpeng Li <wanpengli@tencent.com>
      Message-Id: <1615517151-7465-1-git-send-email-wanpengli@tencent.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      c2162e13
    • Sean Christopherson's avatar
      KVM: x86: Protect userspace MSR filter with SRCU, and set atomically-ish · b318e8de
      Sean Christopherson authored
      Fix a plethora of issues with MSR filtering by installing the resulting
      filter as an atomic bundle instead of updating the live filter one range
      at a time.  The KVM_X86_SET_MSR_FILTER ioctl() isn't truly atomic, as
      the hardware MSR bitmaps won't be updated until the next VM-Enter, but
      the relevant software struct is atomically updated, which is what KVM
      really needs.
      
      Similar to the approach used for modifying memslots, make arch.msr_filter
      a SRCU-protected pointer, do all the work configuring the new filter
      outside of kvm->lock, and then acquire kvm->lock only when the new filter
      has been vetted and created.  That way vCPU readers either see the old
      filter or the new filter in their entirety, not some half-baked state.
      
      Yuan Yao pointed out a use-after-free in ksm_msr_allowed() due to a
      TOCTOU bug, but that's just the tip of the iceberg...
      
        - Nothing is __rcu annotated, making it nigh impossible to audit the
          code for correctness.
        - kvm_add_msr_filter() has an unpaired smp_wmb().  Violation of kernel
          coding style aside, the lack of a smb_rmb() anywhere casts all code
          into doubt.
        - kvm_clear_msr_filter() has a double free TOCTOU bug, as it grabs
          count before taking the lock.
        - kvm_clear_msr_filter() also has memory leak due to the same TOCTOU bug.
      
      The entire approach of updating the live filter is also flawed.  While
      installing a new filter is inherently racy if vCPUs are running, fixing
      the above issues also makes it trivial to ensure certain behavior is
      deterministic, e.g. KVM can provide deterministic behavior for MSRs with
      identical settings in the old and new filters.  An atomic update of the
      filter also prevents KVM from getting into a half-baked state, e.g. if
      installing a filter fails, the existing approach would leave the filter
      in a half-baked state, having already committed whatever bits of the
      filter were already processed.
      
      [*] https://lkml.kernel.org/r/20210312083157.25403-1-yaoyuan0329os@gmail.com
      
      Fixes: 1a155254 ("KVM: x86: Introduce MSR filtering")
      Cc: stable@vger.kernel.org
      Cc: Alexander Graf <graf@amazon.com>
      Reported-by: default avatarYuan Yao <yaoyuan0329os@gmail.com>
      Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
      Message-Id: <20210316184436.2544875-2-seanjc@google.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      b318e8de
    • Emanuele Giuseppe Esposito's avatar
      selftests: kvm: add set_boot_cpu_id test · 3df22524
      Emanuele Giuseppe Esposito authored
      Test for the KVM_SET_BOOT_CPU_ID ioctl.
      Check that it correctly allows to change the BSP vcpu.
      Signed-off-by: default avatarEmanuele Giuseppe Esposito <eesposit@redhat.com>
      Message-Id: <20210318151624.490861-2-eesposit@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      3df22524
    • Emanuele Giuseppe Esposito's avatar
      selftests: kvm: add _vm_ioctl · e2c12909
      Emanuele Giuseppe Esposito authored
      As in kvm_ioctl and _kvm_ioctl, add
      the respective _vm_ioctl for vm_ioctl.
      
      _vm_ioctl invokes an ioctl using the vm fd,
      leaving the caller to test the result.
      Signed-off-by: default avatarEmanuele Giuseppe Esposito <eesposit@redhat.com>
      Message-Id: <20210318151624.490861-1-eesposit@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      e2c12909
    • Linus Torvalds's avatar
      Merge branch 'iomap-5.12-fixes' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · 8ff0f3bf
      Linus Torvalds authored
      Pull iomap fix from Darrick Wong:
       "A single fix to the iomap code which fixes some drama when someone
        gives us a {de,ma}liciously fragmented swap file"
      
      * 'iomap-5.12-fixes' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate
      8ff0f3bf
    • Emanuele Giuseppe Esposito's avatar
      selftests: kvm: add get_msr_index_features · 77a3aa26
      Emanuele Giuseppe Esposito authored
      Test the KVM_GET_MSR_FEATURE_INDEX_LIST
      and KVM_GET_MSR_INDEX_LIST ioctls.
      Signed-off-by: default avatarEmanuele Giuseppe Esposito <eesposit@redhat.com>
      Message-Id: <20210318145629.486450-1-eesposit@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      77a3aa26
    • Steven Rostedt (VMware)'s avatar
      workqueue/tracing: Copy workqueue name to buffer in trace event · 83b62687
      Steven Rostedt (VMware) authored
      The trace event "workqueue_queue_work" references an unsafe string in
      dereferencing the name of the workqueue. As the name is allocated, it
      could later be freed, and the pointer to that string could stay on the
      tracing buffer. If the trace buffer is read after the string is freed, it
      will reference an unsafe pointer.
      
      I added a new verifier to make sure that all strings referenced in the
      output of the trace buffer is safe to read and this triggered on the
      workqueue_queue_work trace event:
      
      workqueue_queue_work: work struct=00000000b2b235c7 function=gc_worker workqueue=(0xffff888100051160:events_power_efficient)[UNSAFE-MEMORY] req_cpu=256 cpu=1
      workqueue_queue_work: work struct=00000000c344caec function=flush_to_ldisc workqueue=(0xffff888100054d60:events_unbound)[UNSAFE-MEMORY] req_cpu=256 cpu=4294967295
      workqueue_queue_work: work struct=00000000b2b235c7 function=gc_worker workqueue=(0xffff888100051160:events_power_efficient)[UNSAFE-MEMORY] req_cpu=256 cpu=1
      workqueue_queue_work: work struct=000000000b238b3f function=vmstat_update workqueue=(0xffff8881000c3760:mm_percpu_wq)[UNSAFE-MEMORY] req_cpu=1 cpu=1
      
      Also, if this event is read via a user space application like perf or
      trace-cmd, the name would only be an address and useless information:
      
      workqueue_queue_work: work struct=0xffff953f80b4b918 function=disk_events_workfn workqueue=ffff953f8005d378 req_cpu=8192 cpu=5
      
      Cc: Zqiang <qiang.zhang@windriver.com>
      Cc: Tejun Heo <tj@kernel.org>
      Fixes: 7bf9c4a8 ("workqueue: tracing the name of the workqueue instead of it's address")
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      83b62687
    • Josef Bacik's avatar
      Revert "PM: ACPI: reboot: Use S5 for reboot" · 9d3fcb28
      Josef Bacik authored
      This reverts commit d60cd063.
      
      This patch causes a panic when rebooting my Dell Poweredge r440.  I do
      not have the full panic log as it's lost at that stage of the reboot and
      I do not have a serial console.  Reverting this patch makes my system
      able to reboot again.
      Signed-off-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      9d3fcb28
    • Pavel Begunkov's avatar
      io_uring: don't leak creds on SQO attach error · de75a3d3
      Pavel Begunkov authored
      Attaching to already dead/dying SQPOLL task is disallowed in
      io_sq_offload_create(), but cleanup is hand coded by calling
      io_put_sq_data()/etc., that miss to put ctx->sq_creds.
      
      Defer everything to error-path io_sq_thread_finish(), adding
      ctx->sqd_list in the error case as well as finish will handle it.
      Signed-off-by: default avatarPavel Begunkov <asml.silence@gmail.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      de75a3d3
    • Stefan Metzmacher's avatar
    • Stefan Metzmacher's avatar
    • Stefan Metzmacher's avatar
      76cd979f
    • Vitaly Kuznetsov's avatar
      selftests: kvm: Add basic Hyper-V clocksources tests · 2c7f76b4
      Vitaly Kuznetsov authored
      Introduce a new selftest for Hyper-V clocksources (MSR-based reference TSC
      and TSC page). As a starting point, test the following:
      1) Reference TSC is 1Ghz clock.
      2) Reference TSC and TSC page give the same reading.
      3) TSC page gets updated upon KVM_SET_CLOCK call.
      4) TSC page does not get updated when guest opted for reenlightenment.
      5) Disabled TSC page doesn't get updated.
      Signed-off-by: default avatarVitaly Kuznetsov <vkuznets@redhat.com>
      Message-Id: <20210318140949.1065740-1-vkuznets@redhat.com>
      [Add a host-side test using TSC + KVM_GET_MSR too. - Paolo]
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      2c7f76b4
    • Colin Ian King's avatar
      ALSA: usb-audio: Fix unintentional sign extension issue · 50b1affc
      Colin Ian King authored
      The shifting of the u8 integer device by 24 bits to the left will
      be promoted to a 32 bit signed int and then sign-extended to a
      64 bit unsigned long. In the event that the top bit of device is
      set then all then all the upper 32 bits of the unsigned long will
      end up as also being set because of the sign-extension. Fix this
      by casting device to an unsigned long before the shift.
      
      Addresses-Coverity: ("Unintended sign extension")
      Fixes: a07df82c ("ALSA: usb-audio: Add DJM750 to Pioneer mixer quirk")
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Link: https://lore.kernel.org/r/20210318132008.15266-1-colin.king@canonical.comSigned-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      50b1affc
    • Takashi Iwai's avatar
      Merge tag 'asoc-fix-v5.12-rc2' of... · f4df9ee6
      Takashi Iwai authored
      Merge tag 'asoc-fix-v5.12-rc2' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
      
      ASoC: Fixes for v5.12
      
      Quite a lot of mostly platform specific fixes here, the only one which
      is generic is a fix for regressions on devices with more complex
      clocking support with simple-card.  There's also a few new device IDs
      and platform quirks.
      f4df9ee6
    • Vitaly Kuznetsov's avatar
      KVM: x86: hyper-v: Don't touch TSC page values when guest opted for re-enlightenment · 0469f2f7
      Vitaly Kuznetsov authored
      When guest opts for re-enlightenment notifications upon migration, it is
      in its right to assume that TSC page values never change (as they're only
      supposed to change upon migration and the host has to keep things as they
      are before it receives confirmation from the guest). This is mostly true
      until the guest is migrated somewhere. KVM userspace (e.g. QEMU) will
      trigger masterclock update by writing to HV_X64_MSR_REFERENCE_TSC, by
      calling KVM_SET_CLOCK,... and as TSC value and kvmclock reading drift
      apart (even slightly), the update causes TSC page values to change.
      
      The issue at hand is that when Hyper-V is migrated, it uses stale (cached)
      TSC page values to compute the difference between its own clocksource
      (provided by KVM) and its guests' TSC pages to program synthetic timers
      and in some cases, when TSC page is updated, this puts all stimer
      expirations in the past. This, in its turn, causes an interrupt storm
      and L2 guests not making much forward progress.
      
      Note, KVM doesn't fully implement re-enlightenment notification. Basically,
      the support for reenlightenment MSRs is just a stub and userspace is only
      expected to expose the feature when TSC scaling on the expected destination
      hosts is available. With TSC scaling, no real re-enlightenment is needed
      as TSC frequency doesn't change. With TSC scaling becoming ubiquitous, it
      likely makes little sense to fully implement re-enlightenment in KVM.
      
      Prevent TSC page from being updated after migration. In case it's not the
      guest who's initiating the change and when TSC page is already enabled,
      just keep it as it is: TSC value is supposed to be preserved across
      migration and TSC frequency can't change with re-enlightenment enabled.
      The guest is doomed anyway if any of this is not true.
      Signed-off-by: default avatarVitaly Kuznetsov <vkuznets@redhat.com>
      Message-Id: <20210316143736.964151-5-vkuznets@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      0469f2f7