1. 15 Apr, 2019 4 commits
    • Brian Foster's avatar
      xfs: don't account extra agfl blocks as available · 1ca89fbc
      Brian Foster authored
      The block allocation AG selection code has parameters that allow a
      caller to perform multiple allocations from a single AG and
      transaction (under certain conditions). The parameters specify the
      total block allocation count required by the transaction and the AG
      selection code selects and locks an AG that will be able to satisfy
      the overall requirement. If the available block accounting
      calculation turns out to be inaccurate and a subsequent allocation
      call fails with -ENOSPC, the resulting transaction cancel leads to
      filesystem shutdown because the transaction is dirty.
      
      This exact problem can be reproduced with a highly parallel space
      consumer and fsstress workload running long enough to a large
      filesystem against -ENOSPC conditions. A bmbt block allocation
      request made for inode extent to bmap format conversion after an
      extent allocation is expected to be satisfied by the same AG and the
      same transaction as the extent allocation. The bmbt block allocation
      fails, however, because the block availability of the AG has changed
      since the AG was selected (outside of the blocks used for the extent
      itself).
      
      The inconsistent block availability calculation is caused by the
      deferred block freeing behavior of the AGFL. This immediately
      removes extra blocks from the AGFL to free up AGFL slots, but rather
      than immediately freeing such blocks as was done in the past, the
      block free is deferred such that said blocks are not available for
      allocation until the current transaction commits. The AG selection
      logic currently considers all AGFL blocks as available and executes
      shortly before any extra AGFL blocks are freed. This means the block
      availability of the current AG can change before the first
      allocation even occurs, but in practice a failure is more likely to
      manifest via a subsequent allocation because extent allocation
      usually has a contiguity requirement larger than a single block that
      can't be satisfied from the AGFL.
      
      In general, XFS prefers operational robustness to absolute
      allocation efficiency. In other words, we prefer to return -ENOSPC
      slightly earlier at the expense of not being able to allocate every
      last block in an AG to avoid this kind of problem. As such, update
      the AG block availability calculation to consider extra AGFL blocks
      as unavailable since they are immediately removed following the
      calculation and will not become available until the current
      transaction commits.
      Signed-off-by: default avatarBrian Foster <bfoster@redhat.com>
      Reviewed-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      1ca89fbc
    • Brian Foster's avatar
      xfs: shutdown after buf release in iflush cluster abort path · 22fedd80
      Brian Foster authored
      If xfs_iflush_cluster() fails due to corruption, the error path
      issues a shutdown and simulates an I/O completion to release the
      buffer. This code has a couple small problems. First, the shutdown
      sequence can issue a synchronous log force, which is unsafe to do
      with buffer locks held. Second, the simulated I/O completion does not
      guarantee the buffer is async and thus is unlocked and released.
      
      For example, if the last operation on the buffer was a read off disk
      prior to the corruption event, XBF_ASYNC is not set and the buffer
      is left locked and held upon return. This results in a memory leak
      as shown by the following message on module unload:
      
       BUG xfs_buf (...): Objects remaining in xfs_buf on __kmem_cache_shutdown()
      
      Fix both of these problems by setting XBF_ASYNC on the buffer prior
      to the simulated I/O error and performing the shutdown immediately
      after ioend processing when the buffer has been released.
      Signed-off-by: default avatarBrian Foster <bfoster@redhat.com>
      Reviewed-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      22fedd80
    • Brian Foster's avatar
      xfs: wake commit waiters on CIL abort before log item abort · 545aa41f
      Brian Foster authored
      XFS shutdown deadlocks have been reproduced by fstest generic/475.
      The deadlock signature involves log I/O completion running error
      handling to abort logged items and waiting for an inode cluster
      buffer lock in the buffer item unpin handler. The buffer lock is
      held by xfsaild attempting to flush an inode. The buffer happens to
      be pinned and so xfs_iflush() triggers an async log force to begin
      work required to get it unpinned. The log force is blocked waiting
      on the commit completion, which never occurs and thus leaves the
      filesystem deadlocked.
      
      The root problem is that aborted log I/O completion pots commit
      completion behind callback completion, which is unexpected for async
      log forces. Under normal running conditions, an async log force
      returns to the caller once the CIL ctx has been formatted/submitted
      and the commit completion event triggered at the tail end of
      xlog_cil_push(). If the filesystem has shutdown, however, we rely on
      xlog_cil_committed() to trigger the completion event and it happens
      to do so after running log item unpin callbacks. This makes it
      unsafe to invoke an async log force from contexts that hold locks
      that might also be required in log completion processing.
      
      To address this problem, wake commit completion waiters before
      aborting log items in the log I/O completion handler. This ensures
      that an async log force will not deadlock on held locks if the
      filesystem happens to shutdown. Note that it is still unsafe to
      issue a sync log force while holding such locks because a sync log
      force explicitly waits on the force completion, which occurs after
      log I/O completion processing.
      Signed-off-by: default avatarBrian Foster <bfoster@redhat.com>
      Reviewed-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      545aa41f
    • Brian Foster's avatar
      xfs: fix use after free in buf log item unlock assert · 4d09807f
      Brian Foster authored
      The xfs_buf_log_item ->iop_unlock() callback asserts that the buffer
      is unlocked when either non-stale or aborted. This assert occurs
      after the bli refcount has been dropped and the log item potentially
      freed. The aborted check is thus a potential use after free. This
      problem has been reproduced with KASAN enabled via generic/475.
      
      Fix up xfs_buf_item_unlock() to query aborted state before the bli
      reference is dropped to prevent a potential use after free.
      Signed-off-by: default avatarBrian Foster <bfoster@redhat.com>
      Reviewed-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      4d09807f
  2. 14 Apr, 2019 6 commits
    • Linus Torvalds's avatar
      Linux 5.1-rc5 · dc4060a5
      Linus Torvalds authored
      dc4060a5
    • Linus Torvalds's avatar
      Merge branch 'page-refs' (page ref overflow) · 6b3a7077
      Linus Torvalds authored
      Merge page ref overflow branch.
      
      Jann Horn reported that he can overflow the page ref count with
      sufficient memory (and a filesystem that is intentionally extremely
      slow).
      
      Admittedly it's not exactly easy.  To have more than four billion
      references to a page requires a minimum of 32GB of kernel memory just
      for the pointers to the pages, much less any metadata to keep track of
      those pointers.  Jann needed a total of 140GB of memory and a specially
      crafted filesystem that leaves all reads pending (in order to not ever
      free the page references and just keep adding more).
      
      Still, we have a fairly straightforward way to limit the two obvious
      user-controllable sources of page references: direct-IO like page
      references gotten through get_user_pages(), and the splice pipe page
      duplication.  So let's just do that.
      
      * branch page-refs:
        fs: prevent page refcount overflow in pipe_buf_get
        mm: prevent get_user_pages() from overflowing page refcount
        mm: add 'try_get_page()' helper function
        mm: make page ref count overflow check tighter and more explicit
      6b3a7077
    • Matthew Wilcox's avatar
      fs: prevent page refcount overflow in pipe_buf_get · 15fab63e
      Matthew Wilcox authored
      Change pipe_buf_get() to return a bool indicating whether it succeeded
      in raising the refcount of the page (if the thing in the pipe is a page).
      This removes another mechanism for overflowing the page refcount.  All
      callers converted to handle a failure.
      Reported-by: default avatarJann Horn <jannh@google.com>
      Signed-off-by: default avatarMatthew Wilcox <willy@infradead.org>
      Cc: stable@kernel.org
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      15fab63e
    • Linus Torvalds's avatar
      mm: prevent get_user_pages() from overflowing page refcount · 8fde12ca
      Linus Torvalds authored
      If the page refcount wraps around past zero, it will be freed while
      there are still four billion references to it.  One of the possible
      avenues for an attacker to try to make this happen is by doing direct IO
      on a page multiple times.  This patch makes get_user_pages() refuse to
      take a new page reference if there are already more than two billion
      references to the page.
      Reported-by: default avatarJann Horn <jannh@google.com>
      Acked-by: default avatarMatthew Wilcox <willy@infradead.org>
      Cc: stable@kernel.org
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8fde12ca
    • Linus Torvalds's avatar
      mm: add 'try_get_page()' helper function · 88b1a17d
      Linus Torvalds authored
      This is the same as the traditional 'get_page()' function, but instead
      of unconditionally incrementing the reference count of the page, it only
      does so if the count was "safe".  It returns whether the reference count
      was incremented (and is marked __must_check, since the caller obviously
      has to be aware of it).
      
      Also like 'get_page()', you can't use this function unless you already
      had a reference to the page.  The intent is that you can use this
      exactly like get_page(), but in situations where you want to limit the
      maximum reference count.
      
      The code currently does an unconditional WARN_ON_ONCE() if we ever hit
      the reference count issues (either zero or negative), as a notification
      that the conditional non-increment actually happened.
      
      NOTE! The count access for the "safety" check is inherently racy, but
      that doesn't matter since the buffer we use is basically half the range
      of the reference count (ie we look at the sign of the count).
      Acked-by: default avatarMatthew Wilcox <willy@infradead.org>
      Cc: Jann Horn <jannh@google.com>
      Cc: stable@kernel.org
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      88b1a17d
    • Linus Torvalds's avatar
      mm: make page ref count overflow check tighter and more explicit · f958d7b5
      Linus Torvalds authored
      We have a VM_BUG_ON() to check that the page reference count doesn't
      underflow (or get close to overflow) by checking the sign of the count.
      
      That's all fine, but we actually want to allow people to use a "get page
      ref unless it's already very high" helper function, and we want that one
      to use the sign of the page ref (without triggering this VM_BUG_ON).
      
      Change the VM_BUG_ON to only check for small underflows (or _very_ close
      to overflowing), and ignore overflows which have strayed into negative
      territory.
      Acked-by: default avatarMatthew Wilcox <willy@infradead.org>
      Cc: Jann Horn <jannh@google.com>
      Cc: stable@kernel.org
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      f958d7b5
  3. 13 Apr, 2019 14 commits
  4. 12 Apr, 2019 15 commits
    • Leonard Crestez's avatar
      clk: imx: Fix PLL_1416X not rounding rates · f89b9e1b
      Leonard Crestez authored
      Code which initializes the "clk_init_data.ops" checks pll->rate_table
      before that field is ever assigned to so it always picks
      "clk_pll1416x_min_ops".
      
      This breaks dynamic rate rounding for features such as cpufreq.
      
      Fix by checking pll_clk->rate_table instead, here pll_clk refers to
      the constant initialization data coming from per-soc clk driver.
      Signed-off-by: default avatarLeonard Crestez <leonard.crestez@nxp.com>
      Fixes: 8646d4dc ("clk: imx: Add PLLs driver for imx8mm soc")
      Signed-off-by: default avatarStephen Boyd <sboyd@kernel.org>
      f89b9e1b
    • Weiyi Lu's avatar
      clk: mediatek: fix clk-gate flag setting · b3cf181c
      Weiyi Lu authored
      CLK_SET_RATE_PARENT would be dropped.
      Merge two flag setting together to correct the error.
      
      Fixes: 5a1cc4c2 ("clk: mediatek: Add flags to mtk_gate")
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarWeiyi Lu <weiyi.lu@mediatek.com>
      Reviewed-by: default avatarMatthias Brugger <matthias.bgg@gmail.com>
      Signed-off-by: default avatarStephen Boyd <sboyd@kernel.org>
      b3cf181c
    • Linus Torvalds's avatar
      Merge tag 'dma-mapping-5.1-1' of git://git.infradead.org/users/hch/dma-mapping · 8ee15f32
      Linus Torvalds authored
      Pull dma-mapping fixes from Christoph Hellwig:
       "Fix a sparc64 sun4v_pci regression introduced in this merged window,
        and a dma-debug stracktrace regression from the big refactor last
        merge window"
      
      * tag 'dma-mapping-5.1-1' of git://git.infradead.org/users/hch/dma-mapping:
        dma-debug: only skip one stackframe entry
        sparc64/pci_sun4v: fix ATU checks for large DMA masks
      8ee15f32
    • Linus Torvalds's avatar
      Merge tag 'iommu-fix-v5.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu · 4876191c
      Linus Torvalds authored
      Pull IOMMU fix from Joerg Roedel:
       "Fix an AMD IOMMU issue where the driver didn't correctly setup the
        exclusion range in the hardware registers, resulting in exclusion
        ranges being one page too big.
      
        This can cause data corruption of the address of that last page is
        used by DMA operations"
      
      * tag 'iommu-fix-v5.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
        iommu/amd: Set exclusion range correctly
      4876191c
    • Linus Torvalds's avatar
      Merge tag 'clang-format-for-linus-v5.1-rc5' of git://github.com/ojeda/linux · 8e72d95d
      Linus Torvalds authored
      Pull clang-format update from Miguel Ojeda:
       "The usual roughly-per-release .clang-format macro list update"
      
      * tag 'clang-format-for-linus-v5.1-rc5' of git://github.com/ojeda/linux:
        clang-format: Update with the latest for_each macro list
      8e72d95d
    • Linus Torvalds's avatar
      Merge tag 'mmc-v5.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc · ea951a94
      Linus Torvalds authored
      Pull MMC host fixes from Ulf Hansson:
      
       - alcor: Stabilize data write requests
      
       - sdhci-omap: Fix command error path during tuning
      
      * tag 'mmc-v5.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
        mmc: sdhci-omap: Don't finish_mrq() on a command error during tuning
        mmc: alcor: don't write data before command has completed
      ea951a94
    • Linus Torvalds's avatar
      Merge tag 'sound-5.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 372686e6
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "Well, this one became unpleasantly larger than previous pull requests,
        but it's a kind of usual pattern: now it contains a collection of ASoC
        fixes, and nothing to worry too much.
      
        The fixes for ASoC core (DAPM, DPCM, topology) are all small and just
        covering corner cases. The rest changes are driver-specific, many of
        which are for x86 platforms and new drivers like STM32, in addition to
        the usual fixups for HD-audio"
      
      * tag 'sound-5.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (66 commits)
        ASoC: wcd9335: Fix missing regmap requirement
        ALSA: hda: Fix racy display power access
        ASoC: pcm: fix error handling when try_module_get() fails.
        ASoC: stm32: sai: fix master clock management
        ASoC: Intel: kbl: fix wrong number of channels
        ALSA: hda - Add two more machines to the power_save_blacklist
        ASoC: pcm: update module refcount if module_get_upon_open is set
        ASoC: core: conditionally increase module refcount on component open
        ASoC: stm32: fix sai driver name initialisation
        ASoC: topology: Use the correct dobj to free enum control values and texts
        ALSA: seq: Fix OOB-reads from strlcpy
        ASoC: intel: skylake: add remove() callback for component driver
        ASoC: cs35l35: Disable regulators on driver removal
        ALSA: xen-front: Do not use stream buffer size before it is set
        ASoC: rockchip: pdm: change dma burst to 8
        ASoC: rockchip: pdm: fix regmap_ops hang issue
        ASoC: simple-card: don't select DPCM via simple-audio-card
        ASoC: audio-graph-card: don't select DPCM via audio-graph-card
        ASoC: tlv320aic32x4: Change author's name
        ALSA: hda/realtek - Add quirk for Tuxedo XC 1509
        ...
      372686e6
    • Linus Torvalds's avatar
      Merge tag 'acpi-5.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · f2a73469
      Linus Torvalds authored
      Pull ACPI fix from Rafael Wysocki:
       "Fix an ACPICA issue introduced during the 4.20 development cycle and
        causing some systems to crash because of leftover operation region
        data still maintained after the operation region in question has gone
        away (Erik Schmauss)"
      
      * tag 'acpi-5.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        ACPICA: Namespace: remove address node from global list after method termination
      f2a73469
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2019-04-12' of git://anongit.freedesktop.org/drm/drm · 58890f31
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Fixes across the driver spectrum this week, the mediatek fbdev support
        might be a bit late for this round, but I looked over it and it's not
        very large and seems like a useful feature for them.
      
        Otherwise the main thing is a regression fix for i915 5.0 bug that
        caused black screens on a bunch of Dell XPS 15s I think, I know at
        least Fedora is waiting for this to land, and the udl fix is also for
        a regression since 5.0 where unplugging the device would end badly.
      
        core:
         - make atomic hooks optional
      
        i915:
         - Revert a 5.0 regression where some eDP panels stopped working
         - DSI related fixes for platforms up to IceLake
         - GVT (regression fix, warning fix, use-after free fix)
      
        amdgpu:
         - Cursor fixes
         - missing PCI ID fix for KFD
         - XGMI fix
         - shadow buffer handling after reset fix
      
        udl:
         - fix unplugging device crashes.
      
        mediatek:
         - stabilise MT2701 HDMI support
         - fbdev support
      
        tegra:
         - fix for build regression in rc1.
      
        sun4i:
         - Allwinner A6 max freq improvements
         - null ptr deref fix
      
        dw-hdmi:
         - SCDC configuration improvements
      
        omap:
         - CEC clock management policy fix"
      
      * tag 'drm-fixes-2019-04-12' of git://anongit.freedesktop.org/drm/drm: (32 commits)
        gpu: host1x: Fix compile error when IOMMU API is not available
        drm/i915/gvt: Roundup fb->height into tile's height at calucation fb->size
        drm/i915/dp: revert back to max link rate and lane count on eDP
        drm/i915/icl: Fix port disable sequence for mipi-dsi
        drm/i915/icl: Ungate ddi clocks before IO enable
        drm/mediatek: no change parent rate in round_rate() for MT2701 hdmi phy
        drm/mediatek: using new factor for tvdpll for MT2701 hdmi phy
        drm/mediatek: remove flag CLK_SET_RATE_PARENT for MT2701 hdmi phy
        drm/mediatek: make implementation of recalc_rate() for MT2701 hdmi phy
        drm/mediatek: fix the rate and divder of hdmi phy for MT2701
        drm/mediatek: fix possible object reference leak
        drm/i915: Get power refs in encoder->get_power_domains()
        drm/i915: Fix pipe_bpp readout for BXT/GLK DSI
        drm/amd/display: Fix negative cursor pos programming (v2)
        drm/sun4i: tcon top: Fix NULL/invalid pointer dereference in sun8i_tcon_top_un/bind
        drm/udl: add a release method and delay modeset teardown
        drm/i915/gvt: Prevent use-after-free in ppgtt_free_all_spt()
        drm/i915/gvt: Annotate iomem usage
        drm/sun4i: DW HDMI: Lower max. supported rate for H6
        Revert "Documentation/gpu/meson: Remove link to meson_canvas.c"
        ...
      58890f31
    • Will Deacon's avatar
      arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value · 045afc24
      Will Deacon authored
      Rather embarrassingly, our futex() FUTEX_WAKE_OP implementation doesn't
      explicitly set the return value on the non-faulting path and instead
      leaves it holding the result of the underlying atomic operation. This
      means that any FUTEX_WAKE_OP atomic operation which computes a non-zero
      value will be reported as having failed. Regrettably, I wrote the buggy
      code back in 2011 and it was upstreamed as part of the initial arm64
      support in 2012.
      
      The reasons we appear to get away with this are:
      
        1. FUTEX_WAKE_OP is rarely used and therefore doesn't appear to get
           exercised by futex() test applications
      
        2. If the result of the atomic operation is zero, the system call
           behaves correctly
      
        3. Prior to version 2.25, the only operation used by GLIBC set the
           futex to zero, and therefore worked as expected. From 2.25 onwards,
           FUTEX_WAKE_OP is not used by GLIBC at all.
      
      Fix the implementation by ensuring that the return value is either 0
      to indicate that the atomic operation completed successfully, or -EFAULT
      if we encountered a fault when accessing the user mapping.
      
      Cc: <stable@kernel.org>
      Fixes: 6170a974 ("arm64: Atomic operations")
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      045afc24
    • Joerg Roedel's avatar
      iommu/amd: Set exclusion range correctly · 3c677d20
      Joerg Roedel authored
      The exlcusion range limit register needs to contain the
      base-address of the last page that is part of the range, as
      bits 0-11 of this register are treated as 0xfff by the
      hardware for comparisons.
      
      So correctly set the exclusion range in the hardware to the
      last page which is _in_ the range.
      
      Fixes: b2026aa2 ('x86, AMD IOMMU: add functions for programming IOMMU MMIO space')
      Signed-off-by: default avatarJoerg Roedel <jroedel@suse.de>
      3c677d20
    • Miguel Ojeda's avatar
      clang-format: Update with the latest for_each macro list · f16628d6
      Miguel Ojeda authored
      Re-run the shell fragment that generated the original list now that
      there are two dozens of new entries after v5.1's merge window.
      Signed-off-by: default avatarMiguel Ojeda <miguel.ojeda.sandonis@gmail.com>
      f16628d6
    • Peter Zijlstra's avatar
      perf/core: Fix perf_event_disable_inatomic() race · 1d54ad94
      Peter Zijlstra authored
      Thomas-Mich Richter reported he triggered a WARN()ing from event_function_local()
      on his s390. The problem boils down to:
      
      	CPU-A				CPU-B
      
      	perf_event_overflow()
      	  perf_event_disable_inatomic()
      	    @pending_disable = 1
      	    irq_work_queue();
      
      	sched-out
      	  event_sched_out()
      	    @pending_disable = 0
      
      					sched-in
      					perf_event_overflow()
      					  perf_event_disable_inatomic()
      					    @pending_disable = 1;
      					    irq_work_queue(); // FAILS
      
      	irq_work_run()
      	  perf_pending_event()
      	    if (@pending_disable)
      	      perf_event_disable_local(); // WHOOPS
      
      The problem exists in generic, but s390 is particularly sensitive
      because it doesn't implement arch_irq_work_raise(), nor does it call
      irq_work_run() from it's PMU interrupt handler (nor would that be
      sufficient in this case, because s390 also generates
      perf_event_overflow() from pmu::stop). Add to that the fact that s390
      is a virtual architecture and (virtual) CPU-A can stall long enough
      for the above race to happen, even if it would self-IPI.
      
      Adding a irq_work_sync() to event_sched_in() would work for all hardare
      PMUs that properly use irq_work_run() but fails for software PMUs.
      
      Instead encode the CPU number in @pending_disable, such that we can
      tell which CPU requested the disable. This then allows us to detect
      the above scenario and even redirect the IPI to make up for the failed
      queue.
      Reported-by: default avatarThomas-Mich Richter <tmricht@linux.ibm.com>
      Tested-by: default avatarThomas Richter <tmricht@linux.ibm.com>
      Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Acked-by: default avatarMark Rutland <mark.rutland@arm.com>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
      Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
      Cc: Hendrik Brueckner <brueckner@linux.ibm.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      1d54ad94
    • Dave Airlie's avatar
      Merge tag 'drm-intel-fixes-2019-04-11' of... · 788f07eb
      Dave Airlie authored
      Merge tag 'drm-intel-fixes-2019-04-11' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
      
      - Revert back to max link rate and lane count on eDP.
      - DSI related fixes for all platforms including Ice Lake.
      - GVT Fixes including one vGPU display plane size regression fix,
      one for preventing use-after-free in ppgtt shadow free function,
      and another warning fix for iomem access annotation.
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Rodrigo Vivi <rodrigo.vivi@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20190411235832.GA6476@intel.com
      788f07eb
    • Jason Yan's avatar
      block: fix the return errno for direct IO · a89afe58
      Jason Yan authored
      If the last bio returned is not dio->bio, the status of the bio will
      not assigned to dio->bio if it is error. This will cause the whole IO
      status wrong.
      
          ksoftirqd/21-117   [021] ..s.  4017.966090:   8,0    C   N 4883648 [0]
                <idle>-0     [018] ..s.  4017.970888:   8,0    C  WS 4924800 + 1024 [0]
                <idle>-0     [018] ..s.  4017.970909:   8,0    D  WS 4935424 + 1024 [<idle>]
                <idle>-0     [018] ..s.  4017.970924:   8,0    D  WS 4936448 + 321 [<idle>]
          ksoftirqd/21-117   [021] ..s.  4017.995033:   8,0    C   R 4883648 + 336 [65475]
          ksoftirqd/21-117   [021] d.s.  4018.001988: myprobe1: (blkdev_bio_end_io+0x0/0x168) bi_status=7
          ksoftirqd/21-117   [021] d.s.  4018.001992: myprobe: (aio_complete_rw+0x0/0x148) x0=0xffff802f2595ad80 res=0x12a000 res2=0x0
      
      We always have to assign bio->bi_status to dio->bio.bi_status because we
      will only check dio->bio.bi_status when we return the whole IO to
      the upper layer.
      
      Fixes: 542ff7bf ("block: new direct I/O implementation")
      Cc: stable@vger.kernel.org
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Jens Axboe <axboe@kernel.dk>
      Reviewed-by: default avatarMing Lei <ming.lei@redhat.com>
      Signed-off-by: default avatarJason Yan <yanaijie@huawei.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      a89afe58
  5. 11 Apr, 2019 1 commit