1. 18 Aug, 2016 2 commits
    • Jiri Olsa's avatar
      x86/smp: Fix __max_logical_packages value setup · 7b0501b1
      Jiri Olsa authored
      Frank reported kernel panic when he disabled several cores in BIOS
      via following option:
      
        Core Disable Bitmap(Hex)   [0]
      
      with number 0xFFE, which leaves 16 CPUs in system (out of 48).
      
      The kernel panic below goes along with following messages:
      
       smpboot: Max logical packages: 2^M
       smpboot: APIC(0) Converting physical 0 to logical package 0^M
       smpboot: APIC(20) Converting physical 1 to logical package 1^M
       smpboot: APIC(40) Package 2 exceeds logical package map^M
       smpboot: CPU 8 APICId 40 disabled^M
       smpboot: APIC(60) Package 3 exceeds logical package map^M
       smpboot: CPU 12 APICId 60 disabled^M
       ...
       general protection fault: 0000 [#1] SMP^M
       Modules linked in:^M
       CPU: 15 PID: 1 Comm: swapper/0 Not tainted 4.7.0-rc5+ #1^M
       Hardware name: SGI UV300/UV300, BIOS SGI UV 300 series BIOS 05/25/2016^M
       task: ffff8801673e0000 ti: ffff8801673ac000 task.ti: ffff8801673ac000^M
       RIP: 0010:[<ffffffff81014d54>]  [<ffffffff81014d54>] uncore_change_context+0xd4/0x180^M
       ...
        [<ffffffff810158ac>] uncore_event_init_cpu+0x6c/0x70^M
        [<ffffffff81d8c91c>] intel_uncore_init+0x1c2/0x2dd^M
        [<ffffffff81d8c75a>] ? uncore_cpu_setup+0x17/0x17^M
        [<ffffffff81002190>] do_one_initcall+0x50/0x190^M
        [<ffffffff810ab193>] ? parse_args+0x293/0x480^M
        [<ffffffff81d87365>] kernel_init_freeable+0x1a5/0x249^M
        [<ffffffff81d86a35>] ? set_debug_rodata+0x12/0x12^M
        [<ffffffff816dc19e>] kernel_init+0xe/0x110^M
        [<ffffffff816e93bf>] ret_from_fork+0x1f/0x40^M
        [<ffffffff816dc190>] ? rest_init+0x80/0x80^M
      
      The reason for the panic is wrong value of __max_logical_packages,
      which lets logical_package_map uninitialized and the uncore code
      relying on this map being properly initialized (maybe we should
      add some safety checks there as well).
      
      The __max_logical_packages is computed as:
      
        DIV_ROUND_UP(total_cpus, ncpus);
        - ncpus being number of cores
      
      With above BIOS setup we get total_cpus == 16 which set
      __max_logical_packages to 2 (ncpus is 12).
      
      Once topology_update_package_map processes CPU with logical
      pkg over 2 we display above messages and fail to initialize
      the physical_to_logical_pkg map, which makes the uncore code
      crash.
      
      The fix is to remove logical_package_map bitmap completely
      and keep and update the logical_packages number instead.
      
      After we enumerate all the present CPUs, we check if the
      enumerated logical packages count is within its computed
      maximum from BIOS data.
      
      If it's not the case, we set this maximum to the new enumerated
      value and freeze any new addition of logical packages.
      
      The freeze is because lot of init code like uncore/rapl/cqm
      depends on having maximum logical package value set to allocate
      their data, so we can't change it later on.
      
      Prarit Bhargava tested the patch and confirms that it solves
      the problem:
      
        From dmidecode:
                Core Count: 24
                Core Enabled: 24
                Thread Count: 48
      
      Orig kernel boot log:
      
       [    0.464981] smpboot: Max logical packages: 19
       [    0.469861] smpboot: APIC(0) Converting physical 0 to logical package 0
       [    0.477261] smpboot: APIC(40) Converting physical 1 to logical package 1
       [    0.484760] smpboot: APIC(80) Converting physical 2 to logical package 2
       [    0.492258] smpboot: APIC(c0) Converting physical 3 to logical package 3
      
      1.  nr_cpus=8, should stop enumerating in package 0:
      
       [    0.533664] smpboot: APIC(0) Converting physical 0 to logical package 0
       [    0.539596] smpboot: Max logical packages: 19
      
      2.  max_cpus=8, should still enumerate all packages:
      
       [    0.526494] smpboot: APIC(0) Converting physical 0 to logical package 0
       [    0.532428] smpboot: APIC(40) Converting physical 1 to logical package 1
       [    0.538456] smpboot: APIC(80) Converting physical 2 to logical package 2
       [    0.544486] smpboot: APIC(c0) Converting physical 3 to logical package 3
       [    0.550524] smpboot: Max logical packages: 19
      
      3.  nr_cpus=49 ( 2 socket + 1 core on 3rd socket), should stop enumerating in
          package 2:
      
       [    0.521378] smpboot: APIC(0) Converting physical 0 to logical package 0
       [    0.527314] smpboot: APIC(40) Converting physical 1 to logical package 1
       [    0.533345] smpboot: APIC(80) Converting physical 2 to logical package 2
       [    0.539368] smpboot: Max logical packages: 19
      
      4.  maxcpus=49, should still enumerate all packages:
      
       [    0.525591] smpboot: APIC(0) Converting physical 0 to logical package 0
       [    0.531525] smpboot: APIC(40) Converting physical 1 to logical package 1
       [    0.537547] smpboot: APIC(80) Converting physical 2 to logical package 2
       [    0.543579] smpboot: APIC(c0) Converting physical 3 to logical package 3
       [    0.549624] smpboot: Max logical packages: 19
      
      5.  kdump (nr_cpus=1) works as well.
      Reported-by: default avatarFrank Ramsay <framsay@redhat.com>
      Tested-by: default avatarPrarit Bhargava <prarit@redhat.com>
      Signed-off-by: default avatarJiri Olsa <jolsa@kernel.org>
      Reviewed-by: default avatarPrarit Bhargava <prarit@redhat.com>
      Acked-by: default avatarPeter Zijlstra <peterz@infradead.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Link: http://lkml.kernel.org/r/20160815101700.GA30090@kravaSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      7b0501b1
    • Borislav Petkov's avatar
      x86/microcode/AMD: Fix initrd loading with CONFIG_RANDOMIZE_MEMORY=y · 88b2f634
      Borislav Petkov authored
      Similar to:
      
        efaad554 ("x86/microcode/intel: Fix initrd loading with CONFIG_RANDOMIZE_MEMORY=y")
      
      ... fix microcode loading from the initrd on AMD by adding the
      randomization offset to the microcode patch container within the initrd.
      Reported-and-tested-by: default avatarBrian Gerst <brgerst@gmail.com>
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: linux-tip-commits@vger.kernel.org
      Link: http://lkml.kernel.org/r/20160817113314.GA19221@nazgul.tnicSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      88b2f634
  2. 15 Aug, 2016 5 commits
  3. 14 Aug, 2016 2 commits
    • Linus Torvalds's avatar
      Merge tag 'fixes-for-linus-4.8' of... · 118253a5
      Linus Torvalds authored
      Merge tag 'fixes-for-linus-4.8' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging
      
      Pull h8300 and unicore32 architecture fixes from Guenter Roeck:
       "Two patches to fix h8300 and unicore32 builds.
      
        unicore32 builds have been broken since v4.6.  The fix has been
        available in -next since March of this year.
      
        h8300 builds have been broken since the last commit window.  The fix
        has been available in -next since June of this year"
      
      * tag 'fixes-for-linus-4.8' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
        h8300: Add missing include file to asm/io.h
        unicore32: mm: Add missing parameter to arch_vma_access_permitted
      118253a5
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 120c5475
      Linus Torvalds authored
      Pull arm64 fixes from Catalin Marinas:
      
       - support for nr_cpus= command line argument (maxcpus was previously
         changed to allow secondary CPUs to be hot-plugged)
      
       - ARM PMU interrupt handling fix
      
       - fix potential TLB conflict in the hibernate code
      
       - improved handling of EL1 instruction aborts (better error reporting)
      
       - removal of useless jprobes code for stack saving/restoring
      
       - defconfig updates
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: defconfig: enable CONFIG_LOCALVERSION_AUTO
        arm64: defconfig: add options for virtualization and containers
        arm64: hibernate: handle allocation failures
        arm64: hibernate: avoid potential TLB conflict
        arm64: Handle el1 synchronous instruction aborts cleanly
        arm64: Remove stack duplicating code from jprobes
        drivers/perf: arm-pmu: Fix handling of SPI lacking "interrupt-affinity" property
        drivers/perf: arm-pmu: convert arm_pmu_mutex to spinlock
        arm64: Support hard limit of cpu count by nr_cpus
      120c5475
  4. 13 Aug, 2016 4 commits
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 329f4152
      Linus Torvalds authored
      Pull KVM fixes from Radim Krčmář:
       "KVM:
         - lock kvm_device list to prevent corruption on device creation.
      
        PPC:
         - split debugfs initialization from creation of the xics device to
           unlock the newly taken kvm lock earlier.
      
        s390:
         - prevent userspace from triggering two WARN_ON_ONCE.
      
        MIPS:
         - fix several issues in the management of TLB faults (Cc: stable)"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        MIPS: KVM: Propagate kseg0/mapped tlb fault errors
        MIPS: KVM: Fix gfn range check in kseg0 tlb faults
        MIPS: KVM: Add missing gfn range check
        MIPS: KVM: Fix mapped fault broken commpage handling
        KVM: Protect device ops->create and list_add with kvm->lock
        KVM: PPC: Move xics_debugfs_init out of create
        KVM: s390: reset KVM_REQ_MMU_RELOAD if mapping the prefix failed
        KVM: s390: set the prefix initially properly
      329f4152
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.dk/linux-block · a1e21033
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - an NVMe fix from Gabriel, fixing a suspend/resume issue on some
         setups
      
       - addition of a few missing entries in the block queue sysfs
         documentation, from Joe
      
       - a fix for a sparse shadow warning for the bvec iterator, from
         Johannes
      
       - a writeback deadlock involving raid issuing barriers, and not
         flushing the plug when we wakeup the flusher threads.  From
         Konstantin
      
       - a set of patches for the NVMe target/loop/rdma code, from Roland and
         Sagi
      
      * 'for-linus' of git://git.kernel.dk/linux-block:
        bvec: avoid variable shadowing warning
        doc: update block/queue-sysfs.txt entries
        nvme: Suspend all queues before deletion
        mm, writeback: flush plugged IO in wakeup_flusher_threads()
        nvme-rdma: Remove unused includes
        nvme-rdma: start async event handler after reconnecting to a controller
        nvmet: Fix controller serial number inconsistency
        nvmet-rdma: Don't use the inline buffer in order to avoid allocation for small reads
        nvmet-rdma: Correctly handle RDMA device hot removal
        nvme-rdma: Make sure to shutdown the controller if we can
        nvme-loop: Remove duplicate call to nvme_remove_namespaces
        nvme-rdma: Free the I/O tags when we delete the controller
        nvme-rdma: Remove duplicate call to nvme_remove_namespaces
        nvme-rdma: Fix device removal handling
        nvme-rdma: Queue ns scanning after a sucessful reconnection
        nvme-rdma: Don't leak uninitialized memory in connect request private data
      a1e21033
    • Guenter Roeck's avatar
      h8300: Add missing include file to asm/io.h · 2b05980d
      Guenter Roeck authored
      h8300 builds fail with
      
      arch/h8300/include/asm/io.h:9:15: error: unknown type name ‘u8’
      arch/h8300/include/asm/io.h:15:15: error: unknown type name ‘u16’
      arch/h8300/include/asm/io.h:21:15: error: unknown type name ‘u32’
      
      and many related errors.
      
      Fixes: 23c82d41bdf4 ("kexec-allow-architectures-to-override-boot-mapping-fix")
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      2b05980d
    • Guenter Roeck's avatar
      unicore32: mm: Add missing parameter to arch_vma_access_permitted · 783011b1
      Guenter Roeck authored
      unicore32 fails to compile with the following errors.
      
      mm/memory.c: In function ‘__handle_mm_fault’:
      mm/memory.c:3381: error:
      	too many arguments to function ‘arch_vma_access_permitted’
      mm/gup.c: In function ‘check_vma_flags’:
      mm/gup.c:456: error:
      	too many arguments to function ‘arch_vma_access_permitted’
      mm/gup.c: In function ‘vma_permits_fault’:
      mm/gup.c:640: error:
      	too many arguments to function ‘arch_vma_access_permitted’
      
      Fixes: d61172b4 ("mm/core, x86/mm/pkeys: Differentiate instruction fetches")
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Ingo Molnar <mingo@kernel.org>
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Acked-by: default avatarGuan Xuetao <gxt@mprc.pku.edu.cn>
      783011b1
  5. 12 Aug, 2016 27 commits
    • Linus Torvalds's avatar
      Merge tag 'vfio-v4.8-rc2' of git://github.com/awilliam/linux-vfio · f31494bd
      Linus Torvalds authored
      Pull VFIO fix from Alex Williamson:
       "Fix oops when dereferencing empty data (Alex Williamson)"
      
      * tag 'vfio-v4.8-rc2' of git://github.com/awilliam/linux-vfio:
        vfio/pci: Fix NULL pointer oops in error interrupt setup handling
      f31494bd
    • Linus Torvalds's avatar
      Merge tag 'nfsd-4.8-1' of git://linux-nfs.org/~bfields/linux · b112324c
      Linus Torvalds authored
      Pull nfsd fixes from Bruce Fields:
       "Fixes for the dentry refcounting leak I introduced in 4.8-rc1, and for
        races in the LOCK code which appear to go back to the big nfsd state
        lock removal from 3.17"
      
      * tag 'nfsd-4.8-1' of git://linux-nfs.org/~bfields/linux:
        nfsd: don't return an unhashed lock stateid after taking mutex
        nfsd: Fix race between FREE_STATEID and LOCK
        nfsd: fix dentry refcounting on create
      b112324c
    • Linus Torvalds's avatar
      Merge tag 'pm-4.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 9710cb66
      Linus Torvalds authored
      Pull power management fixes from Rafael Wysocki:
       "Two hibernation fixes allowing it to work with the recently added
        randomization of the kernel identity mapping base on x86-64 and one
        cpufreq driver regression fix.
      
        Specifics:
      
         - Fix the x86 identity mapping creation helpers to avoid the
           assumption that the base address of the mapping will always be
           aligned at the PGD level, as it may be aligned at the PUD level if
           address space randomization is enabled (Rafael Wysocki).
      
         - Fix the hibernation core to avoid executing tracing functions
           before restoring the processor state completely during resume
           (Thomas Garnier).
      
         - Fix a recently introduced regression in the powernv cpufreq driver
           that causes it to crash due to an out-of-bounds array access
           (Akshay Adiga)"
      
      * tag 'pm-4.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        PM / hibernate: Restore processor state before using per-CPU variables
        x86/power/64: Always create temporary identity mapping correctly
        cpufreq: powernv: Fix crash in gpstate_timer_handler()
      9710cb66
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 01ea4439
      Linus Torvalds authored
      Pull x86 fixes from Ingo Molnar:
       "This is bigger than usual - the reason is partly a pent-up stream of
        fixes after the merge window and partly accidental.  The fixes are:
      
         - five patches to fix a boot failure on Andy Lutomirsky's laptop
         - four SGI UV platform fixes
         - KASAN fix
         - warning fix
         - documentation update
         - swap entry definition fix
         - pkeys fix
         - irq stats fix"
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/apic/x2apic, smp/hotplug: Don't use before alloc in x2apic_cluster_probe()
        x86/efi: Allocate a trampoline if needed in efi_free_boot_services()
        x86/boot: Rework reserve_real_mode() to allow multiple tries
        x86/boot: Defer setup_real_mode() to early_initcall time
        x86/boot: Synchronize trampoline_cr4_features and mmu_cr4_features directly
        x86/boot: Run reserve_bios_regions() after we initialize the memory map
        x86/irq: Do not substract irq_tlb_count from irq_call_count
        x86/mm: Fix swap entry comment and macro
        x86/mm/kaslr: Fix -Wformat-security warning
        x86/mm/pkeys: Fix compact mode by removing protection keys' XSAVE buffer manipulation
        x86/build: Reduce the W=1 warnings noise when compiling x86 syscall tables
        x86/platform/UV: Fix kernel panic running RHEL kdump kernel on UV systems
        x86/platform/UV: Fix problem with UV4 BIOS providing incorrect PXM values
        x86/platform/UV: Fix bug with iounmap() of the UV4 EFI System Table causing a crash
        x86/platform/UV: Fix problem with UV4 Socket IDs not being contiguous
        x86/entry: Clarify the RF saving/restoring situation with SYSCALL/SYSRET
        x86/mm: Disable preemption during CR3 read+write
        x86/mm/KASLR: Increase BRK pages for KASLR memory randomization
        x86/mm/KASLR: Fix physical memory calculation on KASLR memory randomization
        x86, kasan, ftrace: Put APIC interrupt handlers into .irqentry.text
      01ea4439
    • Linus Torvalds's avatar
      Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 3bc6d8c1
      Linus Torvalds authored
      Pull timer fixes from Ingo Molnar:
       "Misc fixes: a /dev/rtc regression fix, two APIC timer period
        calibration fixes, an ARM clocksource driver fix and a NOHZ
        power use regression fix"
      
      * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/hpet: Fix /dev/rtc breakage caused by RTC cleanup
        x86/timers/apic: Inform TSC deadline clockevent device about recalibration
        x86/timers/apic: Fix imprecise timer interrupts by eliminating TSC clockevents frequency roundoff error
        timers: Fix get_next_timer_interrupt() computation
        clocksource/arm_arch_timer: Force per-CPU interrupt to be level-triggered
      3bc6d8c1
    • Rafael J. Wysocki's avatar
      Merge branches 'pm-sleep' and 'pm-cpufreq' · 0aeeb3e7
      Rafael J. Wysocki authored
      * pm-sleep:
        PM / hibernate: Restore processor state before using per-CPU variables
        x86/power/64: Always create temporary identity mapping correctly
      
      * pm-cpufreq:
        cpufreq: powernv: Fix crash in gpstate_timer_handler()
      0aeeb3e7
    • Linus Torvalds's avatar
      Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · e6e7214f
      Linus Torvalds authored
      Pull scheduler fixes from Ingo Molnar:
       "Misc fixes: cputime fixes, two deadline scheduler fixes and a cgroups
        scheduling fix"
      
      * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/cputime: Fix omitted ticks passed in parameter
        sched/cputime: Fix steal time accounting
        sched/deadline: Fix lock pinning warning during CPU hotplug
        sched/cputime: Mitigate performance regression in times()/clock_gettime()
        sched/fair: Fix typo in sync_throttle()
        sched/deadline: Fix wrap-around in DL heap
      e6e7214f
    • Thomas Garnier's avatar
      PM / hibernate: Restore processor state before using per-CPU variables · 62822e2e
      Thomas Garnier authored
      Restore the processor state before calling any other functions to
      ensure per-CPU variables can be used with KASLR memory randomization.
      
      Tracing functions use per-CPU variables (GS based on x86) and one was
      called just before restoring the processor state fully. It resulted
      in a double fault when both the tracing & the exception handler
      functions tried to use a per-CPU variable.
      
      Fixes: bb3632c6 (PM / sleep: trace events for suspend/resume)
      Reported-and-tested-by: default avatarBorislav Petkov <bp@suse.de>
      Reported-by: default avatarJiri Kosina <jikos@kernel.org>
      Tested-by: default avatarRafael J. Wysocki <rafael@kernel.org>
      Tested-by: default avatarJiri Kosina <jkosina@suse.cz>
      Signed-off-by: default avatarThomas Garnier <thgarnie@google.com>
      Acked-by: default avatarPavel Machek <pavel@ucw.cz>
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      62822e2e
    • Linus Torvalds's avatar
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · ad83242a
      Linus Torvalds authored
      Pull perf fixes from Ingo Molnar:
       "Mostly tooling fixes, plus two uncore-PMU fixes, an uprobes fix, a
        perf-cgroups fix and an AUX events fix"
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/x86/intel/uncore: Add enable_box for client MSR uncore
        perf/x86/intel/uncore: Fix uncore num_counters
        uprobes/x86: Fix RIP-relative handling of EVEX-encoded instructions
        perf/core: Set cgroup in CPU contexts for new cgroup events
        perf/core: Fix sideband list-iteration vs. event ordering NULL pointer deference crash
        perf probe ppc64le: Fix probe location when using DWARF
        perf probe: Add function to post process kernel trace events
        tools: Sync cpufeatures headers with the kernel
        toops: Sync tools/include/uapi/linux/bpf.h with the kernel
        tools: Sync cpufeatures.h and vmx.h with the kernel
        perf probe: Support signedness casting
        perf stat: Avoid skew when reading events
        perf probe: Fix module name matching
        perf probe: Adjust map->reloc offset when finding kernel symbol from map
        perf hists: Trim libtraceevent trace_seq buffers
        perf script: Add 'bpf-output' field to usage message
      ad83242a
    • Jeff Layton's avatar
      nfsd: don't return an unhashed lock stateid after taking mutex · dd257933
      Jeff Layton authored
      nfsd4_lock will take the st_mutex before working with the stateid it
      gets, but between the time when we drop the cl_lock and take the mutex,
      the stateid could become unhashed (a'la FREE_STATEID). If that happens
      the lock stateid returned to the client will be forgotten.
      
      Fix this by first moving the st_mutex acquisition into
      lookup_or_create_lock_state. Then, have it check to see if the lock
      stateid is still hashed after taking the mutex. If it's not, then put
      the stateid and try the find/create again.
      Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
      Tested-by: default avatarAlexey Kodanev <alexey.kodanev@oracle.com>
      Cc: stable@vger.kernel.org # feb9dad5 nfsd: Always lock state exclusively.
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      dd257933
    • Linus Torvalds's avatar
      Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 1f8083c6
      Linus Torvalds authored
      Pull locking fixes from Ingo Molnar:
       "Misc fixes: lockstat fix, futex fix on !MMU systems, big endian fix
        for qrwlocks and a race fix for pvqspinlocks"
      
      * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        locking/pvqspinlock: Fix a bug in qstat_read()
        locking/pvqspinlock: Fix double hash race
        locking/qrwlock: Fix write unlock bug on big endian systems
        futex: Assume all mappings are private on !MMU systems
      1f8083c6
    • Linus Torvalds's avatar
      Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 25db6918
      Linus Torvalds authored
      Pull irq fix from Ingo Molnar:
       "A fix for an MSI regression"
      
      * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        genirq/msi: Make sure PCI MSIs are activated early
      25db6918
    • Linus Torvalds's avatar
      Merge branch 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 0e1117b2
      Linus Torvalds authored
      Pull EFI fixes from Ingo Molnar:
       "A fix for EFI capsules and an SGI UV platform fix"
      
      * 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        efi/capsule: Allocate whole capsule into virtual memory
        x86/platform/uv: Skip UV runtime services mapping in the efi_runtime_disabled case
      0e1117b2
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-4.8-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs · 99091700
      Linus Torvalds authored
      Pull NFS client bugfixes from Trond Myklebust:
       "Highlights include:
      
         - Stable patch from Olga to fix RPCSEC_GSS upcalls when the same user
           needs multiple different security services (e.g.  krb5i and krb5p).
      
         - Stable patch to fix a regression introduced by the use of
           SO_REUSEPORT, and that prevented the use of multiple different NFS
           versions to the same server.
      
         - TCP socket reconnection timer fixes.
      
         - Patch from Neil to disable the use of IPv6 temporary addresses"
      
      * tag 'nfs-for-4.8-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
        NFSv4: Cap the transport reconnection timer at 1/2 lease period
        NFSv4: Cleanup the setting of the nfs4 lease period
        SUNRPC: Limit the reconnect backoff timer to the max RPC message timeout
        SUNRPC: Fix reconnection timeouts
        NFSv4.2: LAYOUTSTATS may return NFS4ERR_ADMIN/DELEG_REVOKED
        SUNRPC: disable the use of IPv6 temporary addresses.
        SUNRPC: allow for upcalls for same uid but different gss service
        SUNRPC: Fix up socket autodisconnect
        SUNRPC: Handle EADDRNOTAVAIL on connection failures
      99091700
    • Linus Torvalds's avatar
      Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm · c239ae10
      Linus Torvalds authored
      Pull libnvdimm fixes from Dan Williams:
      
       - Fix for the nd_blk (NVDIMM Block Window Aperture) driver.
      
         A spec clarification requires the driver to mask off reserved bits in
         status register.  This is tagged for -stable back to the v4.2 kernel.
      
       - Fix for a kernel crash in the nvdimm unit tests when module loading
         is interrupted with SIGTERM.  Tagged for -stable since validation
         efforts external to Intel use the unit tests for qualifying
         backports.
      
       - Add a new 'size' sysfs attribute for the BTT (NVDIMM Block
         Translation Table) driver to make it symmetric with the other
         namespace personality drivers (PFN and DAX) that provide a size
         attribute for indicating how much namespace capacity is lost to
         metadata.
      
         The BTT change arrived at the start of the merge window and has
         appeared in a -next release.  It can technically wait for 4.9, but it
         is small, fixes asymmetry in the libnvdimm-sysfs interface, and
         something I would have squeezed into the v4.8 pull request had it
         arrived a few days earlier.
      
      * 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
        tools/testing/nvdimm: fix SIGTERM vs hotplug crash
        nvdimm, btt: add a size attribute for BTTs
        libnvdimm, nd_blk: mask off reserved status bits
      c239ae10
    • Linus Torvalds's avatar
      Merge tag 'sound-4.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 86fc0488
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "A regression fix of HD-audio runtime PM and two USB quirks"
      
      * tag 'sound-4.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
        ALSA: hda - Manage power well properly for resume
        ALSA: usb-audio: Add quirk for ELP HD USB Camera
        ALSA: usb-audio: Add a sample rate quirk for Creative Live! Cam Socialize HD (VF0610)
      86fc0488
    • Linus Torvalds's avatar
      Merge tag 'powerpc-4.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · 8766dc68
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
       "Some powerpc fixes for 4.8:
      
        Misc:
         - powerpc/vdso: Fix build rules to rebuild vdsos correctly from Nicholas Piggin
         - powerpc/ptrace: Fix coredump since ptrace TM changes from Cyril Bur
         - powerpc/32: Fix csum_partial_copy_generic() from Christophe Leroy
         - cxl: Set psl_fir_cntl to production environment value from Frederic Barrat
         - powerpc/eeh: Switch to conventional PCI address output in EEH log from Guilherme G. Piccoli
         - cxl: Use fixed width predefined types in data structure. from Philippe Bergheaud
         - powerpc/vdso: Add missing include file from Guenter Roeck
         - powerpc: Fix unused function warning 'lmb_to_memblock' from Alastair D'Silva
         - powerpc/powernv/ioda: Fix TCE invalidate to work in real mode again from Alexey Kardashevskiy
         - powerpc/cell: Add missing error code in spufs_mkgang() from Dan Carpenter
         - crypto: crc32c-vpmsum - Convert to CPU feature based module autoloading from Anton Blanchard
         - powerpc/pasemi: Fix coherent_dma_mask for dma engine from Darren Stevens
      
        Benjamin Herrenschmidt:
         - powerpc/32: Fix crash during static key init
         - powerpc: Update obsolete comment in setup_32.c about early_init()
         - powerpc: Print the kernel load address at the end of prom_init()
         - powerpc/pnv/pci: Fix incorrect PE reservation attempt on some 64-bit BARs
         - powerpc/xics: Properly set Edge/Level type and enable resend
      
        Mahesh Salgaonkar:
         - powerpc/book3s: Fix MCE console messages for unrecoverable MCE.
         - powerpc/powernv: Fix MCE handler to avoid trashing CR0/CR1 registers.
         - powerpc/powernv: Move IDLE_STATE_ENTER_SEQ macro to cpuidle.h
         - powerpc/powernv: Load correct TOC pointer while waking up from winkle.
      
        Andrew Donnellan:
         - cxl: Fix sparse warnings
         - cxl: Fix NULL dereference in cxl_context_init() on PowerVM guests
      
        Michael Ellerman:
         - selftests/powerpc: Specify we expect to build with std=gnu99
         - powerpc/Makefile: Use cflags-y/aflags-y for setting endian options
         - powerpc/pci: Fix endian bug in fixed PHB numbering"
      
      * tag 'powerpc-4.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: (26 commits)
        selftests/powerpc: Specify we expect to build with std=gnu99
        powerpc/vdso: Fix build rules to rebuild vdsos correctly
        powerpc/Makefile: Use cflags-y/aflags-y for setting endian options
        powerpc/32: Fix crash during static key init
        powerpc: Update obsolete comment in setup_32.c about early_init()
        powerpc: Print the kernel load address at the end of prom_init()
        powerpc/ptrace: Fix coredump since ptrace TM changes
        powerpc/32: Fix csum_partial_copy_generic()
        cxl: Set psl_fir_cntl to production environment value
        powerpc/pnv/pci: Fix incorrect PE reservation attempt on some 64-bit BARs
        powerpc/book3s: Fix MCE console messages for unrecoverable MCE.
        powerpc/pci: Fix endian bug in fixed PHB numbering
        powerpc/eeh: Switch to conventional PCI address output in EEH log
        cxl: Fix sparse warnings
        cxl: Fix NULL dereference in cxl_context_init() on PowerVM guests
        cxl: Use fixed width predefined types in data structure.
        powerpc/vdso: Add missing include file
        powerpc: Fix unused function warning 'lmb_to_memblock'
        powerpc/powernv: Fix MCE handler to avoid trashing CR0/CR1 registers.
        powerpc/powernv: Move IDLE_STATE_ENTER_SEQ macro to cpuidle.h
        ...
      8766dc68
    • Masahiro Yamada's avatar
      arm64: defconfig: enable CONFIG_LOCALVERSION_AUTO · 53fb45d3
      Masahiro Yamada authored
      When CONFIG_LOCALVERSION_AUTO is disabled, the version string is
      just a tag name (or with a '+' appended if HEAD is not a tagged
      commit).
      
      During the development (and especially when git-bisecting), longer
      version string would be helpful to identify the commit we are running.
      
      This is a default y option, so drop the unset to enable it.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      53fb45d3
    • Riku Voipio's avatar
      arm64: defconfig: add options for virtualization and containers · 2323439f
      Riku Voipio authored
      Enable options commonly needed by popular virtualization
      and container applications. Use modules when possible to
      avoid too much overhead for users not interested.
      
      - add namespace and cgroup options needed
      - add seccomp - optional, but enhances Qemu etc
      - bridge, nat, veth, macvtap and multicast for routing
        guests and containers
      - btfrs and overlayfs modules for container COW backends
      - while near it, make fuse a module instead of built-in.
      
      Generated with make saveconfig and dropping unrelated spurious
      change hunks while commiting. bloat-o-meter old-vmlinux vmlinux:
      
      add/remove: 905/390 grow/shrink: 767/229 up/down: 183513/-94861 (88652)
      ....
      Total: Before=10515408, After=10604060, chg +0.84%
      Signed-off-by: default avatarRiku Voipio <riku.voipio@linaro.org>
      Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      2323439f
    • Mark Rutland's avatar
      arm64: hibernate: handle allocation failures · dfbca61a
      Mark Rutland authored
      In create_safe_exec_page(), we create a copy of the hibernate exit text,
      along with some page tables to map this via TTBR0. We then install the
      new tables in TTBR0.
      
      In swsusp_arch_resume() we call create_safe_exec_page() before trying a
      number of operations which may fail (e.g. copying the linear map page
      tables). If these fail, we bail out of swsusp_arch_resume() and return
      an error code, but leave TTBR0 as-is. Subsequently, the core hibernate
      code will call free_basic_memory_bitmaps(), which will free all of the
      memory allocations we made, including the page tables installed in
      TTBR0.
      
      Thus, we may have TTBR0 pointing at dangling freed memory for some
      period of time. If the hibernate attempt was triggered by a user
      requesting a hibernate test via the reboot syscall, we may return to
      userspace with the clobbered TTBR0 value.
      
      Avoid these issues by reorganising swsusp_arch_resume() such that we
      have no failure paths after create_safe_exec_page(). We also add a check
      that the zero page allocation succeeded, matching what we have for other
      allocations.
      
      Fixes: 82869ac5 ("arm64: kernel: Add support for hibernate/suspend-to-disk")
      Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
      Acked-by: default avatarJames Morse <james.morse@arm.com>
      Cc: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: <stable@vger.kernel.org> # 4.7+
      Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      dfbca61a
    • Mark Rutland's avatar
      arm64: hibernate: avoid potential TLB conflict · 0194e760
      Mark Rutland authored
      In create_safe_exec_page we install a set of global mappings in TTBR0,
      then subsequently invalidate TLBs. While TTBR0 points at the zero page,
      and the TLBs should be free of stale global entries, we may have stale
      ASID-tagged entries (e.g. from the EFI runtime services mappings) for
      the same VAs. Per the ARM ARM these ASID-tagged entries may conflict
      with newly-allocated global entries, and we must follow a
      Break-Before-Make approach to avoid issues resulting from this.
      
      This patch reworks create_safe_exec_page to invalidate TLBs while the
      zero page is still in place, ensuring that there are no potential
      conflicts when the new TTBR0 value is installed. As a single CPU is
      online while this code executes, we do not need to perform broadcast TLB
      maintenance, and can call local_flush_tlb_all(), which also subsumes
      some barriers. The remaining assembly is converted to use write_sysreg()
      and isb().
      
      Other than this, we safely manipulate TTBRs in the hibernate dance. The
      code we install as part of the new TTBR0 mapping (the hibernated
      kernel's swsusp_arch_suspend_exit) installs a zero page into TTBR1,
      invalidates TLBs, then installs its preferred value. Upon being restored
      to the middle of swsusp_arch_suspend, the new image will call
      __cpu_suspend_exit, which will call cpu_uninstall_idmap, installing the
      zero page in TTBR0 and invalidating all TLB entries.
      
      Fixes: 82869ac5 ("arm64: kernel: Add support for hibernate/suspend-to-disk")
      Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
      Acked-by: default avatarJames Morse <james.morse@arm.com>
      Tested-by: default avatarJames Morse <james.morse@arm.com>
      Cc: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: <stable@vger.kernel.org> # 4.7+
      Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      0194e760
    • Laura Abbott's avatar
      arm64: Handle el1 synchronous instruction aborts cleanly · 9adeb8e7
      Laura Abbott authored
      Executing from a non-executable area gives an ugly message:
      
      lkdtm: Performing direct entry EXEC_RODATA
      lkdtm: attempting ok execution at ffff0000084c0e08
      lkdtm: attempting bad execution at ffff000008880700
      Bad mode in Synchronous Abort handler detected on CPU2, code 0x8400000e -- IABT (current EL)
      CPU: 2 PID: 998 Comm: sh Not tainted 4.7.0-rc2+ #13
      Hardware name: linux,dummy-virt (DT)
      task: ffff800077e35780 ti: ffff800077970000 task.ti: ffff800077970000
      PC is at lkdtm_rodata_do_nothing+0x0/0x8
      LR is at execute_location+0x74/0x88
      
      The 'IABT (current EL)' indicates the error but it's a bit cryptic
      without knowledge of the ARM ARM. There is also no indication of the
      specific address which triggered the fault. The increase in kernel
      page permissions makes hitting this case more likely as well.
      Handling the case in the vectors gives a much more familiar looking
      error message:
      
      lkdtm: Performing direct entry EXEC_RODATA
      lkdtm: attempting ok execution at ffff0000084c0840
      lkdtm: attempting bad execution at ffff000008880680
      Unable to handle kernel paging request at virtual address ffff000008880680
      pgd = ffff8000089b2000
      [ffff000008880680] *pgd=00000000489b4003, *pud=0000000048904003, *pmd=0000000000000000
      Internal error: Oops: 8400000e [#1] PREEMPT SMP
      Modules linked in:
      CPU: 1 PID: 997 Comm: sh Not tainted 4.7.0-rc1+ #24
      Hardware name: linux,dummy-virt (DT)
      task: ffff800077f9f080 ti: ffff800008a1c000 task.ti: ffff800008a1c000
      PC is at lkdtm_rodata_do_nothing+0x0/0x8
      LR is at execute_location+0x74/0x88
      Acked-by: default avatarMark Rutland <mark.rutland@arm.com>
      Signed-off-by: default avatarLaura Abbott <labbott@redhat.com>
      Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      9adeb8e7
    • Radim Krčmář's avatar
      Merge tag 'kvm-s390-master-4.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux · 89a1d43e
      Radim Krčmář authored
      KVM: s390: Fixes for 4.8 (via kvm/master)
      
      Here are two fixes found by fuzzing of the ioctl interface.
      Both cases can trigger a WARN_ON_ONCE from user space.
      89a1d43e
    • James Hogan's avatar
      MIPS: KVM: Propagate kseg0/mapped tlb fault errors · 9b731bcf
      James Hogan authored
      Propagate errors from kvm_mips_handle_kseg0_tlb_fault() and
      kvm_mips_handle_mapped_seg_tlb_fault(), usually triggering an internal
      error since they normally indicate the guest accessed bad physical
      memory or the commpage in an unexpected way.
      
      Fixes: 858dd5d4 ("KVM/MIPS32: MMU/TLB operations for the Guest.")
      Fixes: e685c689 ("KVM/MIPS32: Privileged instruction/target branch emulation.")
      Signed-off-by: default avatarJames Hogan <james.hogan@imgtec.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: "Radim Krčmář" <rkrcmar@redhat.com>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: linux-mips@linux-mips.org
      Cc: kvm@vger.kernel.org
      Cc: <stable@vger.kernel.org> # 3.10.x-
      Signed-off-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
      9b731bcf
    • James Hogan's avatar
      MIPS: KVM: Fix gfn range check in kseg0 tlb faults · 0741f52d
      James Hogan authored
      Two consecutive gfns are loaded into host TLB, so ensure the range check
      isn't off by one if guest_pmap_npages is odd.
      
      Fixes: 858dd5d4 ("KVM/MIPS32: MMU/TLB operations for the Guest.")
      Signed-off-by: default avatarJames Hogan <james.hogan@imgtec.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: "Radim Krčmář" <rkrcmar@redhat.com>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: linux-mips@linux-mips.org
      Cc: kvm@vger.kernel.org
      Cc: <stable@vger.kernel.org> # 3.10.x-
      Signed-off-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
      0741f52d
    • James Hogan's avatar
      MIPS: KVM: Add missing gfn range check · 8985d503
      James Hogan authored
      kvm_mips_handle_mapped_seg_tlb_fault() calculates the guest frame number
      based on the guest TLB EntryLo values, however it is not range checked
      to ensure it lies within the guest_pmap. If the physical memory the
      guest refers to is out of range then dump the guest TLB and emit an
      internal error.
      
      Fixes: 858dd5d4 ("KVM/MIPS32: MMU/TLB operations for the Guest.")
      Signed-off-by: default avatarJames Hogan <james.hogan@imgtec.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: "Radim Krčmář" <rkrcmar@redhat.com>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: linux-mips@linux-mips.org
      Cc: kvm@vger.kernel.org
      Cc: <stable@vger.kernel.org> # 3.10.x-
      Signed-off-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
      8985d503
    • James Hogan's avatar
      MIPS: KVM: Fix mapped fault broken commpage handling · c604cffa
      James Hogan authored
      kvm_mips_handle_mapped_seg_tlb_fault() appears to map the guest page at
      virtual address 0 to PFN 0 if the guest has created its own mapping
      there. The intention is unclear, but it may have been an attempt to
      protect the zero page from being mapped to anything but the comm page in
      code paths you wouldn't expect from genuine commpage accesses (guest
      kernel mode cache instructions on that address, hitting trapping
      instructions when executing from that address with a coincidental TLB
      eviction during the KVM handling, and guest user mode accesses to that
      address).
      
      Fix this to check for mappings exactly at KVM_GUEST_COMMPAGE_ADDR (it
      may not be at address 0 since commit 42aa12e7 ("MIPS: KVM: Move
      commpage so 0x0 is unmapped")), and set the corresponding EntryLo to be
      interpreted as 0 (invalid).
      
      Fixes: 858dd5d4 ("KVM/MIPS32: MMU/TLB operations for the Guest.")
      Signed-off-by: default avatarJames Hogan <james.hogan@imgtec.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: "Radim Krčmář" <rkrcmar@redhat.com>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: linux-mips@linux-mips.org
      Cc: kvm@vger.kernel.org
      Cc: <stable@vger.kernel.org> # 3.10.x-
      Signed-off-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
      c604cffa