1. 18 Feb, 2019 3 commits
  2. 17 Feb, 2019 16 commits
    • Linus Torvalds's avatar
      Merge branch 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 2fee036a
      Linus Torvalds authored
      Pull EFI fixes from Ingo Molnar:
       "This tree reverts a GICv3 commit (which was broken) and fixes it in
        another way, by adding a memblock build-time entries quirk for ARM64"
      
      * 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        efi/arm: Revert "Defer persistent reservations until after paging_init()"
        arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table
      2fee036a
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 8d33316d
      Linus Torvalds authored
      Pull x86 fixes from Ingo Molnar:
       "Three changes:
      
         - An UV fix/quirk to pull UV BIOS calls into the efi_runtime_lock
           locking regime. (This done by aliasing __efi_uv_runtime_lock to
           efi_runtime_lock, which should make the quirk nature obvious and
           maintain the general policy that the EFI lock (name...) isn't
           exposed to drivers.)
      
         - Our version of MAGA: Make a.out Great Again.
      
         - Add a new Intel model name enumerator to an upstream header to help
           reduce dependencies going forward"
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls
        x86/CPU: Add Icelake model number
        x86/a.out: Clear the dump structure initially
      8d33316d
    • Linus Torvalds's avatar
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · dd6f29da
      Linus Torvalds authored
      Pull perf fixes from Ingo Molnar:
       "Two fixes on the kernel side: fix an over-eager condition that failed
        larger perf ring-buffer sizes, plus fix crashes in the Intel BTS code
        for a corner case, found by fuzzing"
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/core: Fix impossible ring-buffer sizes warning
        perf/x86: Add check_period PMU callback
      dd6f29da
    • Linus Torvalds's avatar
      Merge tag 'powerpc-5.0-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · c5f1ac5e
      Linus Torvalds authored
      Pull powerpc fix from Michael Ellerman:
       "Just one fix, for pgd/pud_present() which were broken on big endian
        since v4.20, leading to possible data corruption.
      
        Thanks to: Aneesh Kumar K.V., Erhard F., Jan Kara"
      
      * tag 'powerpc-5.0-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/64s: Fix possible corruption on big endian due to pgd/pud_present()
      c5f1ac5e
    • Linus Torvalds's avatar
      Merge tag 'csky-for-linus-5.0-rc6' of git://github.com/c-sky/csky-linux · 0513ebc3
      Linus Torvalds authored
      Pull arch/csky fixes from Guo Ren:
       "Here are some fixup patches for 5.0-rc6"
      
      * tag 'csky-for-linus-5.0-rc6' of git://github.com/c-sky/csky-linux:
        csky: Fixup dead loop in show_stack
        csky: Fixup io-range page attribute for mmap("/dev/mem")
        csky: coding convention: Use task_stack_page
        csky: Fixup wrong pt_regs size
        csky: Fixup _PAGE_GLOBAL bit for 610 tlb entry
      0513ebc3
    • Linus Torvalds's avatar
      Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · 1653c2f2
      Linus Torvalds authored
      Pull i2c fixes from Wolfram Sang:
       "Two more driver bugfixes"
      
      * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        i2c: bcm2835: Clear current buffer pointers and counts after a transfer
        i2c: cadence: Fix the hold bit setting
      1653c2f2
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · b8c82b6a
      Linus Torvalds authored
      Pull input fixes from Dmitry Torokhov:
      
       - tweaks to Elan drivers (both PS/2 and I2C) to support new devices.
         Also revert of one of IDs as that device should really be driven by
         i2c-hid + hid-multitouch
      
       - a few drivers have been switched to set_brightness_blocking() call
         because they either were sleeping the their set_brightness()
         implementation or used workqueue but were not canceling it on unbind.
      
       - ps2-gpio and matrix_keypad needed to [properly] flush their works to
         avoid potential use-after-free on unbind.
      
       - other miscellaneous fixes.
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
        Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK
        Input: st-keyscan - fix potential zalloc NULL dereference
        Input: apanel - switch to using brightness_set_blocking()
        Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G"
        Input: qt2160 - switch to using brightness_set_blocking()
        Input: matrix_keypad - use flush_delayed_work()
        Input: ps2-gpio - flush TX work when closing port
        Input: cap11xx - switch to using set_brightness_blocking()
        Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780
        Input: bma150 - register input device after setting private data
        Input: pwm-vibra - stop regulator after disabling pwm, not before
        Input: pwm-vibra - prevent unbalanced regulator
        Input: snvs_pwrkey - allow selecting driver for i.MX 7D
      b8c82b6a
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · ed0a0ec9
      Linus Torvalds authored
      Pull KVM fixes from Paolo Bonzini:
       "A somewhat bigger ARM update, and the usual smattering of x86 bug
        fixes"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        kvm: vmx: Fix entry number check for add_atomic_switch_msr()
        KVM: x86: Recompute PID.ON when clearing PID.SN
        KVM: nVMX: Restore a preemption timer consistency check
        x86/kvm/nVMX: read from MSR_IA32_VMX_PROCBASED_CTLS2 only when it is available
        KVM: arm64: Forbid kprobing of the VHE world-switch code
        KVM: arm64: Relax the restriction on using stage2 PUD huge mapping
        arm: KVM: Add missing kvm_stage2_has_pmd() helper
        KVM: arm/arm64: vgic: Always initialize the group of private IRQs
        arm/arm64: KVM: Don't panic on failure to properly reset system registers
        arm/arm64: KVM: Allow a VCPU to fully reset itself
        KVM: arm/arm64: Reset the VCPU without preemption and vcpu state loaded
        arm64: KVM: Don't generate UNDEF when LORegion feature is present
        KVM: arm/arm64: vgic: Make vgic_cpu->ap_list_lock a raw_spinlock
        KVM: arm/arm64: vgic: Make vgic_dist->lpi_list_lock a raw_spinlock
        KVM: arm/arm64: vgic: Make vgic_irq->irq_lock a raw_spinlock
      ed0a0ec9
    • Mauro Ciancio's avatar
      Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK · 7ad222b3
      Mauro Ciancio authored
      This adds ELAN0617 to the ACPI table to support Elan touchpad found in
      Lenovo V330-15ISK.
      Signed-off-by: default avatarMauro Ciancio <mauro@acadeu.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
      7ad222b3
    • Gabriel Fernandez's avatar
      Input: st-keyscan - fix potential zalloc NULL dereference · 2439d37e
      Gabriel Fernandez authored
      This patch fixes the following static checker warning:
      
      drivers/input/keyboard/st-keyscan.c:156 keyscan_probe()
      error: potential zalloc NULL dereference: 'keypad_data->input_dev'
      Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarGabriel Fernandez <gabriel.fernandez@st.com>
      Signed-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
      2439d37e
    • Dmitry Torokhov's avatar
      Input: apanel - switch to using brightness_set_blocking() · 1cd48dc5
      Dmitry Torokhov authored
      Now that LEDs core allows "blocking" flavor of "set brightness" method we
      can use it and get rid of private work item. As a bonus, we are no longer
      forgetting to cancel it when we unbind the driver.
      Reviewed-by: default avatarSven Van Asbroeck <TheSven73@gmail.com>
      Signed-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
      1cd48dc5
    • Michael Ellerman's avatar
      powerpc/64s: Fix possible corruption on big endian due to pgd/pud_present() · a5800762
      Michael Ellerman authored
      In v4.20 we changed our pgd/pud_present() to check for _PAGE_PRESENT
      rather than just checking that the value is non-zero, e.g.:
      
        static inline int pgd_present(pgd_t pgd)
        {
       -       return !pgd_none(pgd);
       +       return (pgd_raw(pgd) & cpu_to_be64(_PAGE_PRESENT));
        }
      
      Unfortunately this is broken on big endian, as the result of the
      bitwise & is truncated to int, which is always zero because
      _PAGE_PRESENT is 0x8000000000000000ul. This means pgd_present() and
      pud_present() are always false at compile time, and the compiler
      elides the subsequent code.
      
      Remarkably with that bug present we are still able to boot and run
      with few noticeable effects. However under some work loads we are able
      to trigger a warning in the ext4 code:
      
        WARNING: CPU: 11 PID: 29593 at fs/ext4/inode.c:3927 .ext4_set_page_dirty+0x70/0xb0
        CPU: 11 PID: 29593 Comm: debugedit Not tainted 4.20.0-rc1 #1
        ...
        NIP .ext4_set_page_dirty+0x70/0xb0
        LR  .set_page_dirty+0xa0/0x150
        Call Trace:
         .set_page_dirty+0xa0/0x150
         .unmap_page_range+0xbf0/0xe10
         .unmap_vmas+0x84/0x130
         .unmap_region+0xe8/0x190
         .__do_munmap+0x2f0/0x510
         .__vm_munmap+0x80/0x110
         .__se_sys_munmap+0x14/0x30
         system_call+0x5c/0x70
      
      The fix is simple, we need to convert the result of the bitwise & to
      an int before returning it.
      
      Thanks to Erhard, Jan Kara and Aneesh for help with debugging.
      
      Fixes: da7ad366 ("powerpc/mm/book3s: Update pmd_present to look at _PAGE_PRESENT bit")
      Cc: stable@vger.kernel.org # v4.20+
      Reported-by: default avatarErhard F. <erhard_f@mailbox.org>
      Reviewed-by: default avatarAneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      a5800762
    • Linus Torvalds's avatar
      Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · 64c0133e
      Linus Torvalds authored
      Pull ARM SoC fixes from Arnd Bergmann:
       "This week is a much smaller update, containing fixes only for TI OMAP,
        NXP i.MX and Rockchips platforms:
      
        omap:
         - omap4 had problems with lost timer interrupts
         - another IRQ handling issue with OMAP5
         - A workaround for a regression in the pwm-omap-dmtimer driver
      
        NXP i.MX:
         - eMMC was broken on the new imx8mq-evk board
      
        Rockchip:
         - a fix for new dtc graph warnings and a regulator fix for rock64
         - USB support broke on rk3328-rock64"
      
      * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
        ARM: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug
        arm64: dts: imx8mq: Fix boot from eMMC
        ARM: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized
        ARM: dts: Configure clock parent for pwm vibra
        bus: ti-sysc: Fix timer handling with drop pm_runtime_irq_safe()
        arm64: dts: rockchip: enable usb-host regulators at boot on rk3328-rock64
        arm64: dts: rockchip: fix graph_port warning on rk3399 bob kevin and excavator
        ARM: OMAP5+: Fix inverted nirq pin interrupts with irq_set_type
        clocksource: timer-ti-dm: Fix pwm dmtimer usage of fck reparenting
        ARM: dts: rockchip: remove qos_cif1 from rk3188 power-domain
      64c0133e
    • Linus Torvalds's avatar
      Merge tag 'nfsd-5.0-2' of git://linux-nfs.org/~bfields/linux · 88fe73cb
      Linus Torvalds authored
      Pull more nfsd fixes from Bruce Fields:
       "Two small fixes, one for crashes using nfs/krb5 with older enctypes,
        one that could prevent clients from reclaiming state after a kernel
        upgrade"
      
      * tag 'nfsd-5.0-2' of git://linux-nfs.org/~bfields/linux:
        sunrpc: fix 4 more call sites that were using stack memory with a scatterlist
        Revert "nfsd4: return default lease period"
      88fe73cb
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-5.0-4' of git://git.linux-nfs.org/projects/anna/linux-nfs · 55638c52
      Linus Torvalds authored
      Pull more NFS client fixes from Anna Schumaker:
       "Three fixes this time.
      
        Nicolas's is for xprtrdma completion vector allocation on single-core
        systems. Greg's adds an error check when allocating a debugfs dentry.
        And Ben's is an additional fix for nfs_page_async_flush() to prevent
        pages from accidentally getting truncated.
      
        Summary:
      
         - Make sure Send CQ is allocated on an existing compvec
      
         - Properly check debugfs dentry before using it
      
         - Don't use page_file_mapping() after removing a page"
      
      * tag 'nfs-for-5.0-4' of git://git.linux-nfs.org/projects/anna/linux-nfs:
        NFS: Don't use page_file_mapping after removing the page
        rpc: properly check debugfs dentry before using it
        xprtrdma: Make sure Send CQ is allocated on an existing compvec
      55638c52
    • Linus Torvalds's avatar
      Merge tag 'auxdisplay-for-linus-v5.0-rc7' of git://github.com/ojeda/linux · 9a7dcde4
      Linus Torvalds authored
      Pull auxdisplay fix from Miguel Ojeda:
       "Fix potential user-after-free on ht16k33 module unload. Reported by
        Sven Van Asbroeck"
      
      * tag 'auxdisplay-for-linus-v5.0-rc7' of git://github.com/ojeda/linux:
        auxdisplay: ht16k33: fix potential user-after-free on module unload
      9a7dcde4
  3. 16 Feb, 2019 3 commits
  4. 15 Feb, 2019 18 commits
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 5ded5871
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Two fairly small fixes: the qla one is a panic inducing use after free
        and the entropy fix may seem minor but it has had huge userspace
        impact thanks to an unrelated change in openssl that causes sshd to
        refuse logins until it has enough entropy for the session keys, which
        causes tens of minutes delay before the affected systems allow logins
        after reboot"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd
        scsi: sd: fix entropy gathering for most rotational disks
      5ded5871
    • Scott Mayhew's avatar
      sunrpc: fix 4 more call sites that were using stack memory with a scatterlist · e7afe6c1
      Scott Mayhew authored
      While trying to reproduce a reported kernel panic on arm64, I discovered
      that AUTH_GSS basically doesn't work at all with older enctypes on arm64
      systems with CONFIG_VMAP_STACK enabled.  It turns out there still a few
      places using stack memory with scatterlists, causing krb5_encrypt() and
      krb5_decrypt() to produce incorrect results (or a BUG if CONFIG_DEBUG_SG
      is enabled).
      
      Tested with cthon on v4.0/v4.1/v4.2 with krb5/krb5i/krb5p using
      des3-cbc-sha1 and arcfour-hmac-md5.
      Signed-off-by: default avatarScott Mayhew <smayhew@redhat.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      e7afe6c1
    • Arnd Bergmann's avatar
      Merge tag 'omap-for-v5.0/fixes-rc5' of... · 410d7360
      Arnd Bergmann authored
      Merge tag 'omap-for-v5.0/fixes-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into arm/fixes
      
      Fix omap4 and later lost cpu1 interrupts for periodic timer
      
      A fix from Russell that took a while to get applied into fixes as
      I thought Russell is merging this one.
      
      * tag 'omap-for-v5.0/fixes-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
        ARM: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug
      410d7360
    • Miguel Ojeda's avatar
      include/linux/module.h: copy __init/__exit attrs to init/cleanup_module · a6e60d84
      Miguel Ojeda authored
      The upcoming GCC 9 release extends the -Wmissing-attributes warnings
      (enabled by -Wall) to C and aliases: it warns when particular function
      attributes are missing in the aliases but not in their target.
      
      In particular, it triggers for all the init/cleanup_module
      aliases in the kernel (defined by the module_init/exit macros),
      ending up being very noisy.
      
      These aliases point to the __init/__exit functions of a module,
      which are defined as __cold (among other attributes). However,
      the aliases themselves do not have the __cold attribute.
      
      Since the compiler behaves differently when compiling a __cold
      function as well as when compiling paths leading to calls
      to __cold functions, the warning is trying to point out
      the possibly-forgotten attribute in the alias.
      
      In order to keep the warning enabled, we decided to silence
      this case. Ideally, we would mark the aliases directly
      as __init/__exit. However, there are currently around 132 modules
      in the kernel which are missing __init/__exit in their init/cleanup
      functions (either because they are missing, or for other reasons,
      e.g. the functions being called from somewhere else); and
      a section mismatch is a hard error.
      
      A conservative alternative was to mark the aliases as __cold only.
      However, since we would like to eventually enforce __init/__exit
      to be always marked,  we chose to use the new __copy function
      attribute (introduced by GCC 9 as well to deal with this).
      With it, we copy the attributes used by the target functions
      into the aliases. This way, functions that were not marked
      as __init/__exit won't have their aliases marked either,
      and therefore there won't be a section mismatch.
      
      Note that the warning would go away marking either the extern
      declaration, the definition, or both. However, we only mark
      the definition of the alias, since we do not want callers
      (which only see the declaration) to be compiled as if the function
      was __cold (and therefore the paths leading to those calls
      would be assumed to be unlikely).
      
      Link: https://lore.kernel.org/lkml/20190123173707.GA16603@gmail.com/
      Link: https://lore.kernel.org/lkml/20190206175627.GA20399@gmail.com/Suggested-by: default avatarMartin Sebor <msebor@gcc.gnu.org>
      Acked-by: default avatarJessica Yu <jeyu@kernel.org>
      Signed-off-by: default avatarMiguel Ojeda <miguel.ojeda.sandonis@gmail.com>
      a6e60d84
    • Miguel Ojeda's avatar
      Compiler Attributes: add support for __copy (gcc >= 9) · c0d9782f
      Miguel Ojeda authored
      From the GCC manual:
      
        copy
        copy(function)
      
          The copy attribute applies the set of attributes with which function
          has been declared to the declaration of the function to which
          the attribute is applied. The attribute is designed for libraries
          that define aliases or function resolvers that are expected
          to specify the same set of attributes as their targets. The copy
          attribute can be used with functions, variables, or types. However,
          the kind of symbol to which the attribute is applied (either
          function or variable) must match the kind of symbol to which
          the argument refers. The copy attribute copies only syntactic and
          semantic attributes but not attributes that affect a symbol’s
          linkage or visibility such as alias, visibility, or weak.
          The deprecated attribute is also not copied.
      
        https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html
      
      The upcoming GCC 9 release extends the -Wmissing-attributes warnings
      (enabled by -Wall) to C and aliases: it warns when particular function
      attributes are missing in the aliases but not in their target, e.g.:
      
          void __cold f(void) {}
          void __alias("f") g(void);
      
      diagnoses:
      
          warning: 'g' specifies less restrictive attribute than
          its target 'f': 'cold' [-Wmissing-attributes]
      
      Using __copy(f) we can copy the __cold attribute from f to g:
      
          void __cold f(void) {}
          void __copy(f) __alias("f") g(void);
      
      This attribute is most useful to deal with situations where an alias
      is declared but we don't know the exact attributes the target has.
      
      For instance, in the kernel, the widely used module_init/exit macros
      define the init/cleanup_module aliases, but those cannot be marked
      always as __init/__exit since some modules do not have their
      functions marked as such.
      Suggested-by: default avatarMartin Sebor <msebor@gcc.gnu.org>
      Reviewed-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      Signed-off-by: default avatarMiguel Ojeda <miguel.ojeda.sandonis@gmail.com>
      c0d9782f
    • Miguel Ojeda's avatar
      lib/crc32.c: mark crc32_le_base/__crc32c_le_base aliases as __pure · ff98e20e
      Miguel Ojeda authored
      The upcoming GCC 9 release extends the -Wmissing-attributes warnings
      (enabled by -Wall) to C and aliases: it warns when particular function
      attributes are missing in the aliases but not in their target.
      
      In particular, it triggers here because crc32_le_base/__crc32c_le_base
      aren't __pure while their target crc32_le/__crc32c_le are.
      
      These aliases are used by architectures as a fallback in accelerated
      versions of CRC32. See commit 9784d82d ("lib/crc32: make core crc32()
      routines weak so they can be overridden").
      
      Therefore, being fallbacks, it is likely that even if the aliases
      were called from C, there wouldn't be any optimizations possible.
      Currently, the only user is arm64, which calls this from asm.
      
      Still, marking the aliases as __pure makes sense and is a good idea
      for documentation purposes and possible future optimizations,
      which also silences the warning.
      Acked-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Tested-by: default avatarLaura Abbott <labbott@redhat.com>
      Signed-off-by: default avatarMiguel Ojeda <miguel.ojeda.sandonis@gmail.com>
      ff98e20e
    • Miguel Ojeda's avatar
      auxdisplay: ht16k33: fix potential user-after-free on module unload · 69ef9bc5
      Miguel Ojeda authored
      On module unload/remove, we need to ensure that work does not run
      after we have freed resources. Concretely, cancel_delayed_work()
      may return while the callback function is still running.
      
      From kernel/workqueue.c:
      
          The work callback function may still be running on return,
          unless it returns true and the work doesn't re-arm itself.
          Explicitly flush or use cancel_delayed_work_sync() to wait on it.
      
      Link: https://lore.kernel.org/lkml/20190204220952.30761-1-TheSven73@googlemail.com/Reported-by: default avatarSven Van Asbroeck <thesven73@gmail.com>
      Reviewed-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
      Reviewed-by: default avatarSven Van Asbroeck <TheSven73@gmail.com>
      Acked-by: default avatarRobin van der Gracht <robin@protonic.nl>
      Signed-off-by: default avatarMiguel Ojeda <miguel.ojeda.sandonis@gmail.com>
      69ef9bc5
    • Quentin Perret's avatar
      tracing: Fix number of entries in trace header · 9e738215
      Quentin Perret authored
      The following commit
      
        441dae8f ("tracing: Add support for display of tgid in trace output")
      
      removed the call to print_event_info() from print_func_help_header_irq()
      which results in the ftrace header not reporting the number of entries
      written in the buffer. As this wasn't the original intent of the patch,
      re-introduce the call to print_event_info() to restore the orginal
      behaviour.
      
      Link: http://lkml.kernel.org/r/20190214152950.4179-1-quentin.perret@arm.comAcked-by: default avatarJoel Fernandes <joelaf@google.com>
      Cc: stable@vger.kernel.org
      Fixes: 441dae8f ("tracing: Add support for display of tgid in trace output")
      Signed-off-by: default avatarQuentin Perret <quentin.perret@arm.com>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      9e738215
    • Changbin Du's avatar
      kprobe: Do not use uaccess functions to access kernel memory that can fault · 2c4f1fcb
      Changbin Du authored
      The userspace can ask kprobe to intercept strings at any memory address,
      including invalid kernel address. In this case, fetch_store_strlen()
      would crash since it uses general usercopy function, and user access
      functions are no longer allowed to access kernel memory.
      
      For example, we can crash the kernel by doing something as below:
      
      $ sudo kprobe 'p:do_sys_open +0(+0(%si)):string'
      
      [  103.620391] BUG: GPF in non-whitelisted uaccess (non-canonical address?)
      [  103.622104] general protection fault: 0000 [#1] SMP PTI
      [  103.623424] CPU: 10 PID: 1046 Comm: cat Not tainted 5.0.0-rc3-00130-gd73aba11-dirty #96
      [  103.625321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-2-g628b2e6-dirty-20190104_103505-linux 04/01/2014
      [  103.628284] RIP: 0010:process_fetch_insn+0x1ab/0x4b0
      [  103.629518] Code: 10 83 80 28 2e 00 00 01 31 d2 31 ff 48 8b 74 24 28 eb 0c 81 fa ff 0f 00 00 7f 1c 85 c0 75 18 66 66 90 0f ae e8 48 63
       ca 89 f8 <8a> 0c 31 66 66 90 83 c2 01 84 c9 75 dc 89 54 24 34 89 44 24 28 48
      [  103.634032] RSP: 0018:ffff88845eb37ce0 EFLAGS: 00010246
      [  103.635312] RAX: 0000000000000000 RBX: ffff888456c4e5a8 RCX: 0000000000000000
      [  103.637057] RDX: 0000000000000000 RSI: 2e646c2f6374652f RDI: 0000000000000000
      [  103.638795] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
      [  103.640556] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
      [  103.642297] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
      [  103.644040] FS:  0000000000000000(0000) GS:ffff88846f000000(0000) knlGS:0000000000000000
      [  103.646019] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  103.647436] CR2: 00007ffc79758038 CR3: 0000000463360006 CR4: 0000000000020ee0
      [  103.649147] Call Trace:
      [  103.649781]  ? sched_clock_cpu+0xc/0xa0
      [  103.650747]  ? do_sys_open+0x5/0x220
      [  103.651635]  kprobe_trace_func+0x303/0x380
      [  103.652645]  ? do_sys_open+0x5/0x220
      [  103.653528]  kprobe_dispatcher+0x45/0x50
      [  103.654682]  ? do_sys_open+0x1/0x220
      [  103.655875]  kprobe_ftrace_handler+0x90/0xf0
      [  103.657282]  ftrace_ops_assist_func+0x54/0xf0
      [  103.658564]  ? __call_rcu+0x1dc/0x280
      [  103.659482]  0xffffffffc00000bf
      [  103.660384]  ? __ia32_sys_open+0x20/0x20
      [  103.661682]  ? do_sys_open+0x1/0x220
      [  103.662863]  do_sys_open+0x5/0x220
      [  103.663988]  do_syscall_64+0x60/0x210
      [  103.665201]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
      [  103.666862] RIP: 0033:0x7fc22fadccdd
      [  103.668034] Code: 48 89 54 24 e0 41 83 e2 40 75 32 89 f0 25 00 00 41 00 3d 00 00 41 00 74 24 89 f2 b8 01 01 00 00 48 89 fe bf 9c ff ff
       ff 0f 05 <48> 3d 00 f0 ff ff 77 33 f3 c3 66 0f 1f 84 00 00 00 00 00 48 8d 44
      [  103.674029] RSP: 002b:00007ffc7972c3a8 EFLAGS: 00000287 ORIG_RAX: 0000000000000101
      [  103.676512] RAX: ffffffffffffffda RBX: 0000562f86147a21 RCX: 00007fc22fadccdd
      [  103.678853] RDX: 0000000000080000 RSI: 00007fc22fae1428 RDI: 00000000ffffff9c
      [  103.681151] RBP: ffffffffffffffff R08: 0000000000000000 R09: 0000000000000000
      [  103.683489] R10: 0000000000000000 R11: 0000000000000287 R12: 00007fc22fce90a8
      [  103.685774] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000
      [  103.688056] Modules linked in:
      [  103.689131] ---[ end trace 43792035c28984a1 ]---
      
      This can be fixed by using probe_mem_read() instead, as it can handle faulting
      kernel memory addresses, which kprobes can legitimately do.
      
      Link: http://lkml.kernel.org/r/20190125151051.7381-1-changbin.du@gmail.com
      
      Cc: stable@vger.kernel.org
      Fixes: 9da3f2b7 ("x86/fault: BUG() when uaccess helpers fault on kernel addresses")
      Signed-off-by: default avatarChangbin Du <changbin.du@gmail.com>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      2c4f1fcb
    • Linus Torvalds's avatar
      Merge tag 'for-linus-20190215' of git://git.kernel.dk/linux-block · 24f0a487
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - Ensure we insert into the hctx dispatch list, if a request is marked
         as DONTPREP (Jianchao)
      
       - NVMe pull request, single missing unlock on error fix (Keith)
      
       - MD pull request, single fix for a potentially data corrupting issue
         (Nate)
      
       - Floppy check_events regression fix (Yufen)
      
      * tag 'for-linus-20190215' of git://git.kernel.dk/linux-block:
        md/raid1: don't clear bitmap bits on interrupted recovery.
        floppy: check_events callback should not return a negative number
        nvme-pci: add missing unlock for reset error
        blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue
      24f0a487
    • Linus Torvalds's avatar
      Merge tag 'for-5.0/dm-fixes-3' of... · ae3fa8bd
      Linus Torvalds authored
      Merge tag 'for-5.0/dm-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
      
      Pull device mapper fixes from Mike Snitzer:
      
       - Fix bug in DM crypt's sizing of its block integrity tag space,
         resulting in less memory use when DM crypt layers on DM integrity.
      
       - Fix a long-standing DM thinp crash consistency bug that was due to
         improper handling of FUA. This issue is specific to writes that fill
         an entire thinp block which needs to be allocated.
      
      * tag 'for-5.0/dm-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
        dm thin: fix bug where bio that overwrites thin block ignores FUA
        dm crypt: don't overallocate the integrity tag space
      ae3fa8bd
    • Linus Torvalds's avatar
      Merge tag 'mmc-v5.0-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc · dfeae337
      Linus Torvalds authored
      Pull MMC fixes from Ulf Hansson:
       "A couple of MMC fixes intended for v5.0-rc7.
      
        MMC core:
         - Fix deadlock bug for block I/O requests
      
        MMC host:
         - sunxi: Disable broken HS-DDR mode for H5 by default
         - sunxi: Avoid unsupported speed modes declared via DT
         - meson-gx: Restore interrupt name"
      
      * tag 'mmc-v5.0-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
        mmc: meson-gx: fix interrupt name
        mmc: block: handle complete_work on separate workqueue
        mmc: sunxi: Filter out unsupported modes declared in the device tree
        mmc: sunxi: Disable HS-DDR mode for H5 eMMC controller by default
      dfeae337
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2019-02-15-1' of git://anongit.freedesktop.org/drm/drm · 545aabcb
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Usual pull request, little larger than I'd like but nothing too
        strange in it. Willy found an bug in the lease ioctl calculations, but
        it's a drm master only ioctl which makes it harder to mess with.
      
       i915:
         - combo phy programming fix
         - opregion version check fix for VBT RVDA lookup
         - gem mmap ioctl race fix
         - fbdev hpd during suspend fix
         - array size bounds check fix in pmu
      
        amdgpu:
         - Vega20 psp fix
         - Add vrr range to debugfs for freesync debugging
      
        sched:
         - Scheduler race fix
      
        vkms:
         - license header fixups
      
        imx:
         - Fix CSI register offsets for i.MX51 and i.MX53.
         - Fix delayed page flip completion events on i.MX6QP due to
           unexpected behaviour of the PRE when issuing NOP buffer updates to
           the same buffer address.
         - Stop throwing errors for plane updates on disabled CRTCs when a
           userspace process is killed while a plane update is pending.
         - Add missing of_node_put cleanup in imx_ldb_bind"
      
      * tag 'drm-fixes-2019-02-15-1' of git://anongit.freedesktop.org/drm/drm:
        drm: Use array_size() when creating lease
        drm/amdgpu/psp11: TA firmware is optional (v3)
        drm/i915/opregion: rvda is relative from opregion base in opregion 2.1+
        drm/i915/opregion: fix version check
        drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set
        drm/i915: Block fbdev HPD processing during suspend
        drm/i915/pmu: Fix enable count array size and bounds checking
        drm/i915/cnl: Fix CNL macros for Voltage Swing programming
        drm/i915/icl: combo port vswing programming changes per BSPEC
        drm/vkms: Fix license inconsistent
        drm/amd/display: Expose connector VRR range via debugfs
        drm/sched: Always trace the dependencies we wait on, to fix a race.
        gpu: ipu-v3: pre: don't trigger update if buffer address doesn't change
        gpu: ipu-v3: Fix CSI offsets for imx53
        drm/imx: imx-ldb: add missing of_node_puts
        gpu: ipu-v3: Fix i.MX51 CSI control registers offset
        drm/imx: ignore plane updates on disabled crtcs
      545aabcb
    • Linus Torvalds's avatar
      Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 2aba3220
      Linus Torvalds authored
      Pull crypto fix from Herbert Xu:
       "This fixes a crash on resume in the ccree driver"
      
      * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: ccree - fix resume race condition on init
      2aba3220
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 6e7bd3b5
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix MAC address setting in mac80211 pmsr code, from Johannes Berg.
      
       2) Probe SFP modules after being attached, from Russell King.
      
       3) Byte ordering bug in SMC rx_curs_confirmed code, from Ursula Braun.
      
       4) Revert some r8169 changes that are causing regressions, from Heiner
          Kallweit.
      
       5) Fix spurious connection timeouts in netfilter nat code, from Florian
          Westphal.
      
       6) SKB leak in tipc, from Hoang Le.
      
       7) Short packet checkum issue in mlx4, similar to a previous mlx5
          change, from Saeed Mahameed. The issue is that whilst padding bytes
          are usually zero, it is not guarateed and the hardware doesn't take
          the padding bytes into consideration when generating the checksum.
      
       8) Fix various races in cls_tcindex, from Cong Wang.
      
       9) Need to set stream ext to NULL before freeing in SCTP code, from Xin
          Long.
      
      10) Fix locking in phy_is_started, from Heiner Kallweit.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (54 commits)
        net: ethernet: freescale: set FEC ethtool regs version
        net: hns: Fix object reference leaks in hns_dsaf_roce_reset()
        mm: page_alloc: fix ref bias in page_frag_alloc() for 1-byte allocs
        net: phy: fix potential race in the phylib state machine
        net: phy: don't use locking in phy_is_started
        selftests: fix timestamping Makefile
        net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend()
        net: fix possible overflow in __sk_mem_raise_allocated()
        dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit
        net: phy: fix interrupt handling in non-started states
        sctp: set stream ext to NULL after freeing it in sctp_stream_outq_migrate
        sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment
        net/mlx5e: XDP, fix redirect resources availability check
        net/mlx5: Fix a compilation warning in events.c
        net/mlx5: No command allowed when command interface is not ready
        net/mlx5e: Fix NULL pointer derefernce in set channels error flow
        netfilter: nft_compat: use-after-free when deleting targets
        team: avoid complex list operations in team_nl_cmd_options_set()
        net_sched: fix two more memory leaks in cls_tcindex
        net_sched: fix a memory leak in cls_tcindex
        ...
      6e7bd3b5
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace · 02d75040
      Linus Torvalds authored
      Pull signal fix from Eric Biederman:
       "Just a single patch that restores PTRACE_EVENT_EXIT functionality that
        was accidentally broken by last weeks fixes"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
        signal: Restore the stop PTRACE_EVENT_EXIT
      02d75040
    • Hedi Berriche's avatar
      x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls · f331e766
      Hedi Berriche authored
      Calls into UV firmware must be protected against concurrency, expose the
      efi_runtime_lock to the UV platform, and use it to serialise UV BIOS
      calls.
      Signed-off-by: default avatarHedi Berriche <hedi.berriche@hpe.com>
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      Reviewed-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Reviewed-by: default avatarRuss Anderson <rja@hpe.com>
      Reviewed-by: default avatarDimitri Sivanich <sivanich@hpe.com>
      Reviewed-by: default avatarMike Travis <mike.travis@hpe.com>
      Cc: Andy Shevchenko <andy@infradead.org>
      Cc: Bhupesh Sharma <bhsharma@redhat.com>
      Cc: Darren Hart <dvhart@infradead.org>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: linux-efi <linux-efi@vger.kernel.org>
      Cc: platform-driver-x86@vger.kernel.org
      Cc: stable@vger.kernel.org # v4.9+
      Cc: Steve Wahl <steve.wahl@hpe.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: x86-ml <x86@kernel.org>
      Link: https://lkml.kernel.org/r/20190213193413.25560-5-hedi.berriche@hpe.com
      f331e766
    • Arnd Bergmann's avatar
      Merge tag 'imx-fixes-5.0-3' of... · 62a23bb0
      Arnd Bergmann authored
      Merge tag 'imx-fixes-5.0-3' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into arm/fixes
      
      i.MX fixes for 5.0, 3rd round:
      
      It contains a fix for i.MX8MQ EVK board device tree, which makes the
      broken eMMC support work as expected.
      
      * tag 'imx-fixes-5.0-3' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux:
        arm64: dts: imx8mq: Fix boot from eMMC
      62a23bb0