1. 05 Aug, 2021 7 commits
    • Linus Torvalds's avatar
      Merge tag 'trace-v5.14-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · 3c3e9027
      Linus Torvalds authored
      Pull tracing fixes from Steven Rostedt:
       "Various tracing fixes:
      
         - Fix NULL pointer dereference caused by an error path
      
         - Give histogram calculation fields a size, otherwise it breaks
           synthetic creation based on them.
      
         - Reject strings being used for number calculations.
      
         - Fix recordmcount.pl warning on llvm building RISC-V allmodconfig
      
         - Fix the draw_functrace.py script to handle the new trace output
      
         - Fix warning of smp_processor_id() in preemptible code"
      
      * tag 'trace-v5.14-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        tracing: Quiet smp_processor_id() use in preemptable warning in hwlat
        scripts/tracing: fix the bug that can't parse raw_trace_func
        scripts/recordmcount.pl: Remove check_objcopy() and $can_use_local
        tracing: Reject string operand in the histogram expression
        tracing / histogram: Give calculation hist_fields a size
        tracing: Fix NULL pointer dereference in start_creating
      3c3e9027
    • Linus Torvalds's avatar
      Merge tag 's390-5.14-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · 130951bb
      Linus Torvalds authored
      Pull s390 fixes from Heiko Carstens:
      
       - fix zstd build for -march=z900 (undefined reference to __clzdi2)
      
       - add missing .got.plts to vdso linker scripts to fix kpatch build
         errors
      
       - update defconfigs
      
      * tag 's390-5.14-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390: update defconfigs
        s390/boot: fix zstd build for -march=z900
        s390/vdso: add .got.plt in vdso linker script
      130951bb
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 97fcc07b
      Linus Torvalds authored
      Pull kvm fixes from Paolo Bonzini:
       "Mostly bugfixes; plus, support for XMM arguments to Hyper-V hypercalls
        now obeys KVM_CAP_HYPERV_ENFORCE_CPUID.
      
        Both the XMM arguments feature and KVM_CAP_HYPERV_ENFORCE_CPUID are
        new in 5.14, and each did not know of the other"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds
        KVM: selftests: fix hyperv_clock test
        KVM: SVM: improve the code readability for ASID management
        KVM: SVM: Fix off-by-one indexing when nullifying last used SEV VMCB
        KVM: Do not leak memory for duplicate debugfs directories
        KVM: selftests: Test access to XMM fast hypercalls
        KVM: x86: hyper-v: Check if guest is allowed to use XMM registers for hypercall input
        KVM: x86: Introduce trace_kvm_hv_hypercall_done()
        KVM: x86: hyper-v: Check access to hypercall before reading XMM registers
        KVM: x86: accept userspace interrupt only if no event is injected
      97fcc07b
    • Linus Torvalds's avatar
      Merge branch 'pcmcia-next' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/linux · 611ffd8a
      Linus Torvalds authored
      Pull pcmcia fix from Dominik Brodowski:
       "Zheyu Ma found and fixed a null pointer dereference bug in the device
        driver for the i82092 card reader"
      
      * 'pcmcia-next' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/linux:
        pcmcia: i82092: fix a null pointer dereference bug
      611ffd8a
    • Alex Xu (Hello71)'s avatar
      pipe: increase minimum default pipe size to 2 pages · 46c4c9d1
      Alex Xu (Hello71) authored
      This program always prints 4096 and hangs before the patch, and always
      prints 8192 and exits successfully after:
      
        int main()
        {
            int pipefd[2];
            for (int i = 0; i < 1025; i++)
                if (pipe(pipefd) == -1)
                    return 1;
            size_t bufsz = fcntl(pipefd[1], F_GETPIPE_SZ);
            printf("%zd\n", bufsz);
            char *buf = calloc(bufsz, 1);
            write(pipefd[1], buf, bufsz);
            read(pipefd[0], buf, bufsz-1);
            write(pipefd[1], buf, 1);
        }
      
      Note that you may need to increase your RLIMIT_NOFILE before running the
      program.
      
      Fixes: 759c0114 ("pipe: limit the per-user amount of pages allocated in pipes")
      Cc: <stable@vger.kernel.org>
      Link: https://lore.kernel.org/lkml/1628086770.5rn8p04n6j.none@localhost/
      Link: https://lore.kernel.org/lkml/1628127094.lxxn016tj7.none@localhost/Signed-off-by: default avatarAlex Xu (Hello71) <alex_y_xu@yahoo.ca>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      46c4c9d1
    • Steven Rostedt (VMware)'s avatar
      tracing: Quiet smp_processor_id() use in preemptable warning in hwlat · 51397dc6
      Steven Rostedt (VMware) authored
      The hardware latency detector (hwlat) has a mode that it runs one thread
      across CPUs. The logic to move from the currently running CPU to the next
      one in the list does a smp_processor_id() to find where it currently is.
      Unfortunately, it's done with preemption enabled, and this triggers a
      warning for using smp_processor_id() in a preempt enabled section.
      
      As it is only using smp_processor_id() to get information on where it
      currently is in order to simply move it to the next CPU, it doesn't really
      care if it got moved in the mean time. It will simply balance out later if
      such a case arises.
      
      Switch smp_processor_id() to raw_smp_processor_id() to quiet that warning.
      
      Link: https://lkml.kernel.org/r/20210804141848.79edadc0@oasis.local.homeAcked-by: default avatarDaniel Bristot de Oliveira <bristot@redhat.com>
      Fixes: 8fa826b7 ("trace/hwlat: Implement the mode config option")
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      51397dc6
    • Sean Christopherson's avatar
      KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds · d5aaad6f
      Sean Christopherson authored
      Take a signed 'long' instead of an 'unsigned long' for the number of
      pages to add/subtract to the total number of pages used by the MMU.  This
      fixes a zero-extension bug on 32-bit kernels that effectively corrupts
      the per-cpu counter used by the shrinker.
      
      Per-cpu counters take a signed 64-bit value on both 32-bit and 64-bit
      kernels, whereas kvm_mod_used_mmu_pages() takes an unsigned long and thus
      an unsigned 32-bit value on 32-bit kernels.  As a result, the value used
      to adjust the per-cpu counter is zero-extended (unsigned -> signed), not
      sign-extended (signed -> signed), and so KVM's intended -1 gets morphed to
      4294967295 and effectively corrupts the counter.
      
      This was found by a staggering amount of sheer dumb luck when running
      kvm-unit-tests on a 32-bit KVM build.  The shrinker just happened to kick
      in while running tests and do_shrink_slab() logged an error about trying
      to free a negative number of objects.  The truly lucky part is that the
      kernel just happened to be a slightly stale build, as the shrinker no
      longer yells about negative objects as of commit 18bb473e ("mm:
      vmscan: shrink deferred objects proportional to priority").
      
       vmscan: shrink_slab: mmu_shrink_scan+0x0/0x210 [kvm] negative objects to delete nr=-858993460
      
      Fixes: bc8a3d89 ("kvm: mmu: Fix overflow on kvm mmu page limit calculation")
      Cc: stable@vger.kernel.org
      Cc: Ben Gardon <bgardon@google.com>
      Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
      Message-Id: <20210804214609.1096003-1-seanjc@google.com>
      Reviewed-by: default avatarJim Mattson <jmattson@google.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      d5aaad6f
  2. 04 Aug, 2021 10 commits
    • Hui Su's avatar
      scripts/tracing: fix the bug that can't parse raw_trace_func · 1c0cec64
      Hui Su authored
      Since commit 77271ce4 ("tracing: Add irq, preempt-count and need resched info
      to default trace output"), the default trace output format has been changed to:
                <idle>-0       [009] d.h. 22420.068695: _raw_spin_lock_irqsave <-hrtimer_interrupt
                <idle>-0       [000] ..s. 22420.068695: _nohz_idle_balance <-run_rebalance_domains
                <idle>-0       [011] d.h. 22420.068695: account_process_tick <-update_process_times
      
      origin trace output format:(before v3.2.0)
           # tracer: nop
           #
           #           TASK-PID    CPU#    TIMESTAMP  FUNCTION
           #              | |       |          |         |
                migration/0-6     [000]    50.025810: rcu_note_context_switch <-__schedule
                migration/0-6     [000]    50.025812: trace_rcu_utilization <-rcu_note_context_switch
                migration/0-6     [000]    50.025813: rcu_sched_qs <-rcu_note_context_switch
                migration/0-6     [000]    50.025815: rcu_preempt_qs <-rcu_note_context_switch
                migration/0-6     [000]    50.025817: trace_rcu_utilization <-rcu_note_context_switch
                migration/0-6     [000]    50.025818: debug_lockdep_rcu_enabled <-__schedule
                migration/0-6     [000]    50.025820: debug_lockdep_rcu_enabled <-__schedule
      
      The draw_functrace.py(introduced in v2.6.28) can't parse the new version format trace_func,
      So we need modify draw_functrace.py to adapt the new version trace output format.
      
      Link: https://lkml.kernel.org/r/20210611022107.608787-1-suhui@zeku.com
      
      Cc: stable@vger.kernel.org
      Fixes: 77271ce4 tracing: Add irq, preempt-count and need resched info to default trace output
      Signed-off-by: default avatarHui Su <suhui@zeku.com>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      1c0cec64
    • Nathan Chancellor's avatar
      scripts/recordmcount.pl: Remove check_objcopy() and $can_use_local · b18b851b
      Nathan Chancellor authored
      When building ARCH=riscv allmodconfig with llvm-objcopy, the objcopy
      version warning from this script appears:
      
      WARNING: could not find objcopy version or version is less than 2.17.
              Local function references are disabled.
      
      The check_objcopy() function in scripts/recordmcount.pl is set up to
      parse GNU objcopy's version string, not llvm-objcopy's, which triggers
      the warning.
      
      Commit 799c4341 ("kbuild: thin archives make default for all archs")
      made binutils 2.20 mandatory and commit ba64beb1 ("kbuild: check the
      minimum assembler version in Kconfig") enforces this at configuration
      time so just remove check_objcopy() and $can_use_local instead, assuming
      --globalize-symbol is always available.
      
      llvm-objcopy has supported --globalize-symbol since LLVM 7.0.0 in 2018
      and the minimum version for building the kernel with LLVM is 10.0.1 so
      there is no issue introduced:
      
      Link: https://github.com/llvm/llvm-project/commit/ee5be798dae30d5f9414b01f76ff807edbc881aa
      Link: https://lkml.kernel.org/r/20210802210307.3202472-1-nathan@kernel.orgReviewed-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      Signed-off-by: default avatarNathan Chancellor <nathan@kernel.org>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      b18b851b
    • Masami Hiramatsu's avatar
      tracing: Reject string operand in the histogram expression · a9d10ca4
      Masami Hiramatsu authored
      Since the string type can not be the target of the addition / subtraction
      operation, it must be rejected. Without this fix, the string type silently
      converted to digits.
      
      Link: https://lkml.kernel.org/r/162742654278.290973.1523000673366456634.stgit@devnote2
      
      Cc: stable@vger.kernel.org
      Fixes: 100719dc ("tracing: Add simple expression support to hist triggers")
      Signed-off-by: default avatarMasami Hiramatsu <mhiramat@kernel.org>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      a9d10ca4
    • Steven Rostedt (VMware)'s avatar
      tracing / histogram: Give calculation hist_fields a size · 2c05caa7
      Steven Rostedt (VMware) authored
      When working on my user space applications, I found a bug in the synthetic
      event code where the automated synthetic event field was not matching the
      event field calculation it was attached to. Looking deeper into it, it was
      because the calculation hist_field was not given a size.
      
      The synthetic event fields are matched to their hist_fields either by
      having the field have an identical string type, or if that does not match,
      then the size and signed values are used to match the fields.
      
      The problem arose when I tried to match a calculation where the fields
      were "unsigned int". My tool created a synthetic event of type "u32". But
      it failed to match. The string was:
      
        diff=field1-field2:onmatch(event).trace(synth,$diff)
      
      Adding debugging into the kernel, I found that the size of "diff" was 0.
      And since it was given "unsigned int" as a type, the histogram fallback
      code used size and signed. The signed matched, but the size of u32 (4) did
      not match zero, and the event failed to be created.
      
      This can be worse if the field you want to match is not one of the
      acceptable fields for a synthetic event. As event fields can have any type
      that is supported in Linux, this can cause an issue. For example, if a
      type is an enum. Then there's no way to use that with any calculations.
      
      Have the calculation field simply take on the size of what it is
      calculating.
      
      Link: https://lkml.kernel.org/r/20210730171951.59c7743f@oasis.local.home
      
      Cc: Tom Zanussi <zanussi@kernel.org>
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: stable@vger.kernel.org
      Fixes: 100719dc ("tracing: Add simple expression support to hist triggers")
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      2c05caa7
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 251a1524
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Seven fixes, five in drivers.
      
        The two core changes are a trivial warning removal in scsi_scan.c and
        a change to rescan for capacity when a device makes a user induced
        (via a write to the state variable) offline->running transition to fix
        issues with device mapper"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: core: Fix capacity set to zero after offlinining device
        scsi: sr: Return correct event when media event code is 3
        scsi: ibmvfc: Fix command state accounting and stale response detection
        scsi: core: Avoid printing an error if target_alloc() returns -ENXIO
        scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
        scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry()
        scsi: pm80xx: Fix TMF task completion race condition
      251a1524
    • Linus Torvalds's avatar
      Merge tag 'gpio-updates-for-v5.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux · 0c2e31d2
      Linus Torvalds authored
      Pull gpio fixes from Bartosz Golaszewski:
      
       - revert a patch intruducing breakage in interrupt handling in
         gpio-mpc8xxx
      
       - correctly handle missing IRQs in gpio-tqmx86 by really making them
         optional
      
      * tag 'gpio-updates-for-v5.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
        gpio: tqmx86: really make IRQ optional
        Revert "gpio: mpc8xxx: change the gpio interrupt flags."
      0c2e31d2
    • Maxim Levitsky's avatar
      KVM: selftests: fix hyperv_clock test · 13c2c3cf
      Maxim Levitsky authored
      The test was mistakenly using addr_gpa2hva on a gva and that happened
      to work accidentally.  Commit 106a2e76 ("KVM: selftests: Lower the
      min virtual address for misc page allocations") revealed this bug.
      
      Fixes: 2c7f76b4 ("selftests: kvm: Add basic Hyper-V clocksources tests", 2021-03-18)
      Signed-off-by: default avatarMaxim Levitsky <mlevitsk@redhat.com>
      Message-Id: <20210804112057.409498-1-mlevitsk@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      13c2c3cf
    • Mingwei Zhang's avatar
      KVM: SVM: improve the code readability for ASID management · bb2baeb2
      Mingwei Zhang authored
      KVM SEV code uses bitmaps to manage ASID states. ASID 0 was always skipped
      because it is never used by VM. Thus, in existing code, ASID value and its
      bitmap postion always has an 'offset-by-1' relationship.
      
      Both SEV and SEV-ES shares the ASID space, thus KVM uses a dynamic range
      [min_asid, max_asid] to handle SEV and SEV-ES ASIDs separately.
      
      Existing code mixes the usage of ASID value and its bitmap position by
      using the same variable called 'min_asid'.
      
      Fix the min_asid usage: ensure that its usage is consistent with its name;
      allocate extra size for ASID 0 to ensure that each ASID has the same value
      with its bitmap position. Add comments on ASID bitmap allocation to clarify
      the size change.
      Signed-off-by: default avatarMingwei Zhang <mizhang@google.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Marc Orr <marcorr@google.com>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Alper Gun <alpergun@google.com>
      Cc: Dionna Glaze <dionnaglaze@google.com>
      Cc: Sean Christopherson <seanjc@google.com>
      Cc: Vipin Sharma <vipinsh@google.com>
      Cc: Peter Gonda <pgonda@google.com>
      Cc: Joerg Roedel <joro@8bytes.org>
      Message-Id: <20210802180903.159381-1-mizhang@google.com>
      [Fix up sev_asid_free to also index by ASID, as suggested by Sean
       Christopherson, and use nr_asids in sev_cpu_init. - Paolo]
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      bb2baeb2
    • Sean Christopherson's avatar
      KVM: SVM: Fix off-by-one indexing when nullifying last used SEV VMCB · 179c6c27
      Sean Christopherson authored
      Use the raw ASID, not ASID-1, when nullifying the last used VMCB when
      freeing an SEV ASID.  The consumer, pre_sev_run(), indexes the array by
      the raw ASID, thus KVM could get a false negative when checking for a
      different VMCB if KVM manages to reallocate the same ASID+VMCB combo for
      a new VM.
      
      Note, this cannot cause a functional issue _in the current code_, as
      pre_sev_run() also checks which pCPU last did VMRUN for the vCPU, and
      last_vmentry_cpu is initialized to -1 during vCPU creation, i.e. is
      guaranteed to mismatch on the first VMRUN.  However, prior to commit
      8a14fe4f ("kvm: x86: Move last_cpu into kvm_vcpu_arch as
      last_vmentry_cpu"), SVM tracked pCPU on its own and zero-initialized the
      last_cpu variable.  Thus it's theoretically possible that older versions
      of KVM could miss a TLB flush if the first VMRUN is on pCPU0 and the ASID
      and VMCB exactly match those of a prior VM.
      
      Fixes: 70cd94e6 ("KVM: SVM: VMRUN should use associated ASID when SEV is enabled")
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Brijesh Singh <brijesh.singh@amd.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      179c6c27
    • Paolo Bonzini's avatar
      KVM: Do not leak memory for duplicate debugfs directories · 85cd39af
      Paolo Bonzini authored
      KVM creates a debugfs directory for each VM in order to store statistics
      about the virtual machine.  The directory name is built from the process
      pid and a VM fd.  While generally unique, it is possible to keep a
      file descriptor alive in a way that causes duplicate directories, which
      manifests as these messages:
      
        [  471.846235] debugfs: Directory '20245-4' with parent 'kvm' already present!
      
      Even though this should not happen in practice, it is more or less
      expected in the case of KVM for testcases that call KVM_CREATE_VM and
      close the resulting file descriptor repeatedly and in parallel.
      
      When this happens, debugfs_create_dir() returns an error but
      kvm_create_vm_debugfs() goes on to allocate stat data structs which are
      later leaked.  The slow memory leak was spotted by syzkaller, where it
      caused OOM reports.
      
      Since the issue only affects debugfs, do a lookup before calling
      debugfs_create_dir, so that the message is downgraded and rate-limited.
      While at it, ensure kvm->debugfs_dentry is NULL rather than an error
      if it is not created.  This fixes kvm_destroy_vm_debugfs, which was not
      checking IS_ERR_OR_NULL correctly.
      
      Cc: stable@vger.kernel.org
      Fixes: 536a6f88 ("KVM: Create debugfs dir and stat files for each VM")
      Reported-by: default avatarAlexey Kardashevskiy <aik@ozlabs.ru>
      Suggested-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Acked-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      85cd39af
  3. 03 Aug, 2021 7 commits
  4. 02 Aug, 2021 2 commits
  5. 01 Aug, 2021 3 commits
    • Linus Torvalds's avatar
      Merge tag 'perf-tools-fixes-for-v5.14-2021-08-01' of... · d4affd6b
      Linus Torvalds authored
      Merge tag 'perf-tools-fixes-for-v5.14-2021-08-01' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux
      
      Pull perf tools fixes from Arnaldo Carvalho de Melo:
      
       - Revert "perf map: Fix dso->nsinfo refcounting", this makes 'perf top'
         abort, uncovering a design flaw on how namespace information is kept.
         The fix for that is more than we can do right now, leave it for the
         next merge window.
      
       - Split --dump-raw-trace by AUX records for ARM's CoreSight, fixing up
         the decoding of some records.
      
       - Fix PMU alias matching.
      
      Thanks to James Clark and John Garry for these fixes.
      
      * tag 'perf-tools-fixes-for-v5.14-2021-08-01' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
        Revert "perf map: Fix dso->nsinfo refcounting"
        perf pmu: Fix alias matching
        perf cs-etm: Split --dump-raw-trace by AUX records
      d4affd6b
    • Linus Torvalds's avatar
      Merge tag 'powerpc-5.14-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · c82357a7
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
      
       - Don't use r30 in VDSO code, to avoid breaking existing Go lang
         programs.
      
       - Change an export symbol to allow non-GPL modules to use spinlocks
         again.
      
      Thanks to Paul Menzel, and Srikar Dronamraju.
      
      * tag 'powerpc-5.14-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/vdso: Don't use r30 to avoid breaking Go lang
        powerpc/pseries: Fix regression while building external modules
      c82357a7
    • Linus Torvalds's avatar
      Merge tag 'xfs-5.14-fixes-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · aa660326
      Linus Torvalds authored
      Pull xfs fixes from Darrick Wong:
       "This contains a bunch of bug fixes in XFS.
      
        Dave and I have been busy the last couple of weeks to find and fix as
        many log recovery bugs as we can find; here are the results so far. Go
        fstests -g recoveryloop! ;)
      
         - Fix a number of coordination bugs relating to cache flushes for
           metadata writeback, cache flushes for multi-buffer log writes, and
           FUA writes for single-buffer log writes
      
         - Fix a bug with incorrect replay of attr3 blocks
      
         - Fix unnecessary stalls when flushing logs to disk
      
         - Fix spoofing problems when recovering realtime bitmap blocks"
      
      * tag 'xfs-5.14-fixes-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        xfs: prevent spoofing of rtbitmap blocks when recovering buffers
        xfs: limit iclog tail updates
        xfs: need to see iclog flags in tracing
        xfs: Enforce attr3 buffer recovery order
        xfs: logging the on disk inode LSN can make it go backwards
        xfs: avoid unnecessary waits in xfs_log_force_lsn()
        xfs: log forces imply data device cache flushes
        xfs: factor out forced iclog flushes
        xfs: fix ordering violation between cache flushes and tail updates
        xfs: fold __xlog_state_release_iclog into xlog_state_release_iclog
        xfs: external logs need to flush data device
        xfs: flush data dev on external log write
      aa660326
  6. 31 Jul, 2021 2 commits
    • Linus Torvalds's avatar
      Merge tag '5.14-rc3-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 · f3438b4c
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "Three cifs/smb3 fixes, including two for stable, and a fix for an
        fallocate problem noticed by Clang"
      
      * tag '5.14-rc3-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: add missing parsing of backupuid
        smb3: rc uninitialized in one fallocate path
        SMB3: fix readpage for large swap cache
      f3438b4c
    • Brian Norris's avatar
      clk: fix leak on devm_clk_bulk_get_all() unwind · f828b0bc
      Brian Norris authored
      clk_bulk_get_all() allocates an array of struct clk_bulk data for us
      (unlike clk_bulk_get()), so we need to free it. Let's use the
      clk_bulk_put_all() helper.
      
      kmemleak complains, on an RK3399 Gru/Kevin system:
      
      unreferenced object 0xffffff80045def00 (size 128):
        comm "swapper/0", pid 1, jiffies 4294667682 (age 86.394s)
        hex dump (first 32 bytes):
          44 32 60 fe fe ff ff ff 00 00 00 00 00 00 00 00  D2`.............
          48 32 60 fe fe ff ff ff 00 00 00 00 00 00 00 00  H2`.............
        backtrace:
          [<00000000742860d6>] __kmalloc+0x22c/0x39c
          [<00000000b0493f2c>] clk_bulk_get_all+0x64/0x188
          [<00000000325f5900>] devm_clk_bulk_get_all+0x58/0xa8
          [<00000000175b9bc5>] dwc3_probe+0x8ac/0xb5c
          [<000000009169e2f9>] platform_drv_probe+0x9c/0xbc
          [<000000005c51e2ee>] really_probe+0x13c/0x378
          [<00000000c47b1f24>] driver_probe_device+0x84/0xc0
          [<00000000f870fcfb>] __device_attach_driver+0x94/0xb0
          [<000000004d1b92ae>] bus_for_each_drv+0x8c/0xd8
          [<00000000481d60c3>] __device_attach+0xc4/0x150
          [<00000000a163bd36>] device_initial_probe+0x1c/0x28
          [<00000000accb6bad>] bus_probe_device+0x3c/0x9c
          [<000000001a199f89>] device_add+0x218/0x3cc
          [<000000001bd84952>] of_device_add+0x40/0x50
          [<000000009c658c29>] of_platform_device_create_pdata+0xac/0x100
          [<0000000021c69ba4>] of_platform_bus_create+0x190/0x224
      
      Fixes: f08c2e28 ("clk: add managed version of clk_bulk_get_all")
      Cc: Dong Aisheng <aisheng.dong@nxp.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarBrian Norris <briannorris@chromium.org>
      Link: https://lore.kernel.org/r/20210731025950.2238582-1-briannorris@chromium.orgSigned-off-by: default avatarStephen Boyd <sboyd@kernel.org>
      f828b0bc
  7. 30 Jul, 2021 9 commits
    • Linus Torvalds's avatar
      Merge tag 'net-5.14-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · c7d10223
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Networking fixes for 5.14-rc4, including fixes from bpf, can, WiFi
        (mac80211) and netfilter trees.
      
        Current release - regressions:
      
         - mac80211: fix starting aggregation sessions on mesh interfaces
      
        Current release - new code bugs:
      
         - sctp: send pmtu probe only if packet loss in Search Complete state
      
         - bnxt_en: add missing periodic PHC overflow check
      
         - devlink: fix phys_port_name of virtual port and merge error
      
         - hns3: change the method of obtaining default ptp cycle
      
         - can: mcba_usb_start(): add missing urb->transfer_dma initialization
      
        Previous releases - regressions:
      
         - set true network header for ECN decapsulation
      
         - mlx5e: RX, avoid possible data corruption w/ relaxed ordering and
           LRO
      
         - phy: re-add check for PHY_BRCM_DIS_TXCRXC_NOENRGY on the BCM54811
           PHY
      
         - sctp: fix return value check in __sctp_rcv_asconf_lookup
      
        Previous releases - always broken:
      
         - bpf:
             - more spectre corner case fixes, introduce a BPF nospec
               instruction for mitigating Spectre v4
             - fix OOB read when printing XDP link fdinfo
             - sockmap: fix cleanup related races
      
         - mac80211: fix enabling 4-address mode on a sta vif after assoc
      
         - can:
             - raw: raw_setsockopt(): fix raw_rcv panic for sock UAF
             - j1939: j1939_session_deactivate(): clarify lifetime of session
               object, avoid UAF
             - fix number of identical memory leaks in USB drivers
      
         - tipc:
             - do not blindly write skb_shinfo frags when doing decryption
             - fix sleeping in tipc accept routine"
      
      * tag 'net-5.14-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (91 commits)
        gve: Update MAINTAINERS list
        can: esd_usb2: fix memory leak
        can: ems_usb: fix memory leak
        can: usb_8dev: fix memory leak
        can: mcba_usb_start(): add missing urb->transfer_dma initialization
        can: hi311x: fix a signedness bug in hi3110_cmd()
        MAINTAINERS: add Yasushi SHOJI as reviewer for the Microchip CAN BUS Analyzer Tool driver
        bpf: Fix leakage due to insufficient speculative store bypass mitigation
        bpf: Introduce BPF nospec instruction for mitigating Spectre v4
        sis900: Fix missing pci_disable_device() in probe and remove
        net: let flow have same hash in two directions
        nfc: nfcsim: fix use after free during module unload
        tulip: windbond-840: Fix missing pci_disable_device() in probe and remove
        sctp: fix return value check in __sctp_rcv_asconf_lookup
        nfc: s3fwrn5: fix undefined parameter values in dev_err()
        net/mlx5: Fix mlx5_vport_tbl_attr chain from u16 to u32
        net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev()
        net/mlx5: Unload device upon firmware fatal error
        net/mlx5e: Fix page allocation failure for ptp-RQ over SF
        net/mlx5e: Fix page allocation failure for trap-RQ over SF
        ...
      c7d10223
    • Linus Torvalds's avatar
      Merge tag 'acpi-5.14-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · e1dab4c0
      Linus Torvalds authored
      Pull ACPI fixes from Rafael Wysocki:
       "These revert a recent IRQ resources handling modification that turned
        out to be problematic, fix suspend-to-idle handling on AMD platforms
        to take upcoming systems into account properly and fix the retrieval
        of the DPTF attributes of the PCH FIVR.
      
        Specifics:
      
         - Revert recent change of the ACPI IRQ resources handling that
           attempted to improve the ACPI IRQ override selection logic, but
           introduced serious regressions on some systems (Hui Wang).
      
         - Fix up quirks for AMD platforms in the suspend-to-idle support code
           so as to take upcoming systems using uPEP HID AMDI007 into account
           as appropriate (Mario Limonciello).
      
         - Fix the code retrieving DPTF attributes of the PCH FIVR so that it
           agrees on the return data type with the ACPI control method
           evaluated for this purpose (Srinivas Pandruvada)"
      
      * tag 'acpi-5.14-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        ACPI: DPTF: Fix reading of attributes
        Revert "ACPI: resources: Add checks for ACPI IRQ override"
        ACPI: PM: Add support for upcoming AMD uPEP HID AMDI007
      e1dab4c0
    • Kamal Agrawal's avatar
      tracing: Fix NULL pointer dereference in start_creating · ff41c28c
      Kamal Agrawal authored
      The event_trace_add_tracer() can fail. In this case, it leads to a crash
      in start_creating with below call stack. Handle the error scenario
      properly in trace_array_create_dir.
      
      Call trace:
      down_write+0x7c/0x204
      start_creating.25017+0x6c/0x194
      tracefs_create_file+0xc4/0x2b4
      init_tracer_tracefs+0x5c/0x940
      trace_array_create_dir+0x58/0xb4
      trace_array_create+0x1bc/0x2b8
      trace_array_get_by_name+0xdc/0x18c
      
      Link: https://lkml.kernel.org/r/1627651386-21315-1-git-send-email-kamaagra@codeaurora.org
      
      Cc: stable@vger.kernel.org
      Fixes: 4114fbfd ("tracing: Enable creating new instance early boot")
      Signed-off-by: default avatarKamal Agrawal <kamaagra@codeaurora.org>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      ff41c28c
    • Linus Torvalds's avatar
      pipe: make pipe writes always wake up readers · 3a34b13a
      Linus Torvalds authored
      Since commit 1b6b26ae ("pipe: fix and clarify pipe write wakeup
      logic") we have sanitized the pipe write logic, and would only try to
      wake up readers if they needed it.
      
      In particular, if the pipe already had data in it before the write,
      there was no point in trying to wake up a reader, since any existing
      readers must have been aware of the pre-existing data already.  Doing
      extraneous wakeups will only cause potential thundering herd problems.
      
      However, it turns out that some Android libraries have misused the EPOLL
      interface, and expected "edge triggered" be to "any new write will
      trigger it".  Even if there was no edge in sight.
      
      Quoting Sandeep Patil:
       "The commit 1b6b26ae ('pipe: fix and clarify pipe write wakeup
        logic') changed pipe write logic to wakeup readers only if the pipe
        was empty at the time of write. However, there are libraries that
        relied upon the older behavior for notification scheme similar to
        what's described in [1]
      
        One such library 'realm-core'[2] is used by numerous Android
        applications. The library uses a similar notification mechanism as GNU
        Make but it never drains the pipe until it is full. When Android moved
        to v5.10 kernel, all applications using this library stopped working.
      
        The library has since been fixed[3] but it will be a while before all
        applications incorporate the updated library"
      
      Our regression rule for the kernel is that if applications break from
      new behavior, it's a regression, even if it was because the application
      did something patently wrong.  Also note the original report [4] by
      Michal Kerrisk about a test for this epoll behavior - but at that point
      we didn't know of any actual broken use case.
      
      So add the extraneous wakeup, to approximate the old behavior.
      
      [ I say "approximate", because the exact old behavior was to do a wakeup
        not for each write(), but for each pipe buffer chunk that was filled
        in. The behavior introduced by this change is not that - this is just
        "every write will cause a wakeup, whether necessary or not", which
        seems to be sufficient for the broken library use. ]
      
      It's worth noting that this adds the extraneous wakeup only for the
      write side, while the read side still considers the "edge" to be purely
      about reading enough from the pipe to allow further writes.
      
      See commit f467a6a6 ("pipe: fix and clarify pipe read wakeup logic")
      for the pipe read case, which remains that "only wake up if the pipe was
      full, and we read something from it".
      
      Link: https://lore.kernel.org/lkml/CAHk-=wjeG0q1vgzu4iJhW5juPkTsjTYmiqiMUYAebWW+0bam6w@mail.gmail.com/ [1]
      Link: https://github.com/realm/realm-core [2]
      Link: https://github.com/realm/realm-core/issues/4666 [3]
      Link: https://lore.kernel.org/lkml/CAKgNAkjMBGeAwF=2MKK758BhxvW58wYTgYKB2V-gY1PwXxrH+Q@mail.gmail.com/ [4]
      Link: https://lore.kernel.org/lkml/20210729222635.2937453-1-sspatil@android.com/Reported-by: default avatarSandeep Patil <sspatil@android.com>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      3a34b13a
    • Arnaldo Carvalho de Melo's avatar
      Revert "perf map: Fix dso->nsinfo refcounting" · 9bac1bd6
      Arnaldo Carvalho de Melo authored
      This makes 'perf top' abort in some cases, and the right fix will
      involve surgery that is too much to do at this stage, so revert for now
      and fix it in the next merge window.
      
      This reverts commit 2d6b74ba.
      
      Cc: Riccardo Mancini <rickyman7@gmail.com>
      Cc: Ian Rogers <irogers@google.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Krister Johansen <kjlx@templeofstupid.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Signed-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      9bac1bd6
    • Rafael J. Wysocki's avatar
      Merge branches 'acpi-resources' and 'acpi-dptf' · e83f54ea
      Rafael J. Wysocki authored
      * acpi-resources:
        Revert "ACPI: resources: Add checks for ACPI IRQ override"
      
      * acpi-dptf:
        ACPI: DPTF: Fix reading of attributes
      e83f54ea
    • Linus Torvalds's avatar
      Merge tag 'block-5.14-2021-07-30' of git://git.kernel.dk/linux-block · 4669e13c
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - gendisk freeing fix (Christoph)
      
       - blk-iocost wake ordering fix (Tejun)
      
       - tag allocation error handling fix (John)
      
       - loop locking fix. While this isn't the prettiest fix in the world,
         nobody has any good alternatives for 5.14. Something to likely
         revisit for 5.15. (Tetsuo)
      
      * tag 'block-5.14-2021-07-30' of git://git.kernel.dk/linux-block:
        block: delay freeing the gendisk
        blk-iocost: fix operation ordering in iocg_wake_fn()
        blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling
        loop: reintroduce global lock for safe loop_validate_file() traversal
      4669e13c
    • Linus Torvalds's avatar
      Merge tag 'io_uring-5.14-2021-07-30' of git://git.kernel.dk/linux-block · 27eb687b
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
      
       - A fix for block backed reissue (me)
      
       - Reissue context hardening (me)
      
       - Async link locking fix (Pavel)
      
      * tag 'io_uring-5.14-2021-07-30' of git://git.kernel.dk/linux-block:
        io_uring: fix poll requests leaking second poll entries
        io_uring: don't block level reissue off completion path
        io_uring: always reissue from task_work context
        io_uring: fix race in unified task_work running
        io_uring: fix io_prep_async_link locking
      27eb687b
    • Linus Torvalds's avatar
      Merge tag 'libata-5.14-2021-07-30' of git://git.kernel.dk/linux-block · f6c5971b
      Linus Torvalds authored
      Pull libata fixlets from Jens Axboe:
      
       - A fix for PIO highmem (Christoph)
      
       - Kill HAVE_IDE as it's now unused (Lukas)
      
      * tag 'libata-5.14-2021-07-30' of git://git.kernel.dk/linux-block:
        arch: Kconfig: clean up obsolete use of HAVE_IDE
        libata: fix ata_pio_sector for CONFIG_HIGHMEM
      f6c5971b