1. 12 Jul, 2017 8 commits
    • Chuck Lever's avatar
      svcrdma: Clean up after converting svc_rdma_recvfrom to rdma_rw API · 9450ca8e
      Chuck Lever authored
      Clean up: Registration mode details are now handled by the rdma_rw
      API, and thus can be removed from svcrdma.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      9450ca8e
    • Chuck Lever's avatar
      svcrdma: Clean-up svc_rdma_unmap_dma · 0d956e69
      Chuck Lever authored
      There's no longer a need to compare each SGE's lkey with the PD's
      local_dma_lkey. Now that FRWR is gone, all DMA mappings are for
      pages that were registered with this key.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      0d956e69
    • Chuck Lever's avatar
      svcrdma: Remove frmr cache · 463e63d7
      Chuck Lever authored
      Clean up: Now that the svc_rdma_recvfrom path uses the rdma_rw API,
      the details of Read sink buffer registration are dealt with by the
      kernel's RDMA core. This cache is no longer used, and can be
      removed.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      463e63d7
    • Chuck Lever's avatar
      svcrdma: Remove unused Read completion handlers · c84dc900
      Chuck Lever authored
      Clean up:
      
      The generic RDMA R/W API conversion of svc_rdma_recvfrom replaced
      the Register, Read, and Invalidate completion handlers. Remove the
      old ones, which are no longer used.
      
      These handlers shared some helper code with svc_rdma_wc_send. Fold
      the wc_common helper back into the one remaining completion handler.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      c84dc900
    • Chuck Lever's avatar
      svcrdma: Properly compute .len and .buflen for received RPC Calls · 71641d99
      Chuck Lever authored
      When an RPC-over-RDMA request is received, the Receive buffer
      contains a Transport Header possibly followed by an RPC message.
      
      Even though rq_arg.head[0] (as passed to NFSD) does not contain the
      Transport Header header, currently rq_arg.len includes the size of
      the Transport Header.
      
      That violates the intent of the xdr_buf API contract. .buflen should
      include everything, but .len should be exactly the length of the RPC
      message in the buffer.
      
      The rq_arg fields are summed together at the end of
      svc_rdma_recvfrom to obtain the correct return value. rq_arg.len
      really ought to contain the correct number of bytes already, but it
      currently doesn't due to the above misbehavior.
      
      Let's instead ensure that .buflen includes the length of the
      transport header, and that .len is always equal to head.iov_len +
      .page_len + tail.iov_len .
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      71641d99
    • Chuck Lever's avatar
      svcrdma: Use generic RDMA R/W API in RPC Call path · cafc7398
      Chuck Lever authored
      The current svcrdma recvfrom code path has a lot of detail about
      registration mode and the type of port (iWARP, IB, etc).
      
      Instead, use the RDMA core's generic R/W API. This shares code with
      other RDMA-enabled ULPs that manages the gory details of buffer
      registration and the posting of RDMA Read Work Requests.
      
      Since the Read list marshaling code is being replaced, I took the
      opportunity to replace C structure-based XDR encoding code with more
      portable code that uses pointer arithmetic.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      cafc7398
    • Chuck Lever's avatar
      svcrdma: Add recvfrom helpers to svc_rdma_rw.c · 026d958b
      Chuck Lever authored
      svc_rdma_rw.c already contains helpers for the sendto path.
      Introduce helpers for the recvfrom path.
      
      The plan is to replace the local NFSD bespoke code that constructs
      and posts RDMA Read Work Requests with calls to the rdma_rw API.
      This shares code with other RDMA-enabled ULPs that manages the gory
      details of buffer registration and posting Work Requests.
      
      This new code also puts all RDMA_NOMSG-specific logic in one place.
      
      Lastly, the use of rqstp->rq_arg.pages is deprecated in favor of
      using rqstp->rq_pages directly, for clarity.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      026d958b
    • Chuck Lever's avatar
      sunrpc: Allocate up to RPCSVC_MAXPAGES per svc_rqst · 8c6ae498
      Chuck Lever authored
      svcrdma needs 259 pages allocated to receive 1MB NFSv4.0 WRITE requests:
      
       - 1 page for the transport header and head iovec
       - 256 pages for the data payload
       - 1 page for the trailing GETATTR request (since NFSD XDR decoding
         does not look for a tail iovec, the GETATTR is stuck at the end
         of the rqstp->rq_arg.pages list)
       - 1 page for building the reply xdr_buf
      
      But RPCSVC_MAXPAGES is already 259 (on x86_64). The problem is that
      svc_alloc_arg never allocates that many pages. To address this:
      
      1. The final element of rq_pages always points to NULL. To
         accommodate up to 259 pages in rq_pages, add an extra element
         to rq_pages for the array termination sentinel.
      
      2. Adjust the calculation of "pages" to match how RPCSVC_MAXPAGES
         is calculated, so it can go up to 259. Bruce noted that the
         calculation assumes sv_max_mesg is a multiple of PAGE_SIZE,
         which might not always be true. I didn't change this assumption.
      
      3. Change the loop boundaries to allow 259 pages to be allocated.
      
      Additional clean-up: WARN_ON_ONCE adds an extra conditional branch,
      which is basically never taken. And there's no need to dump the
      stack here because svc_alloc_arg has only one caller.
      
      Keeping that NULL "array termination sentinel"; there doesn't appear to
      be any code that depends on it, only code in nfsd_splice_actor() which
      needs the 259th element to be initialized to *something*.  So it's
      possible we could just keep the array at 259 elements and drop that
      final NULL, but we're being conservative for now.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      8c6ae498
  2. 28 Jun, 2017 9 commits
    • Chuck Lever's avatar
      svcrdma: Don't account for Receive queue "starvation" · 2d6491a5
      Chuck Lever authored
      >From what I can tell, calling ->recvfrom when there is no work to do
      is a normal part of operation. This is the only way svc_recv can
      tell when there is no more data ready to receive on the transport.
      
      Neither the TCP nor the UDP transport implementations have a
      "starve" metric.
      
      The cost of receive starvation accounting is bumping an atomic, which
      results in extra (IMO unnecessary) bus traffic between CPU sockets,
      while holding a spin lock.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      2d6491a5
    • Chuck Lever's avatar
      svcrdma: Improve Reply chunk sanity checking · ca5c76ab
      Chuck Lever authored
      Identify malformed transport headers and unsupported chunk
      combinations as early as possible.
      
      - Ensure that segment lengths are not crazy.
      
      - Ensure that the Reply chunk's segment count is not crazy.
      
      With a 1KB inline threshold, the largest number of Write segments
      that can be conveyed is about 60 (for a RDMA_NOMSG Reply message).
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      ca5c76ab
    • Chuck Lever's avatar
      svcrdma: Improve Write chunk sanity checking · 3c22f326
      Chuck Lever authored
      Identify malformed transport headers and unsupported chunk
      combinations as early as possible.
      
      - Reject RPC-over-RDMA messages that contain more than one Write
      chunk, since this implementation does not support more than one per
      message.
      
      - Ensure that segment lengths are not crazy.
      
      - Ensure that the chunk's segment count is not crazy.
      
      With a 1KB inline threshold, the largest number of Write segments
      that can be conveyed is about 60 (for a RDMA_NOMSG Reply message).
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      3c22f326
    • Chuck Lever's avatar
      svcrdma: Improve Read chunk sanity checking · e77340e0
      Chuck Lever authored
      Identify malformed transport headers and unsupported chunk
      combinations as early as possible.
      
      - Reject RPC-over-RDMA messages that contain more than one Read chunk,
        since this implementation currently does not support more than one
        per RPC transaction.
      
      - Ensure that segment lengths are not crazy.
      
      - Remove the segment count check. With a 1KB inline threshold, the
        largest number of Read segments that can be conveyed is about 40
        (for a RDMA_NOMSG Call message). This is nowhere near
        RPCSVC_MAXPAGES. As far as I can tell, that was just a sanity
        check and does not enforce an implementation limit.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      e77340e0
    • Chuck Lever's avatar
      svcrdma: Remove svc_rdma_marshal.c · a80a3234
      Chuck Lever authored
      svc_rdma_marshal.c has one remaining exported function --
      svc_rdma_xdr_decode_req -- and it has a single call site. Take
      the same approach as the sendto path, and move this function
      into the source file where it is called.
      
      This is a refactoring change only.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      a80a3234
    • Chuck Lever's avatar
      svcrdma: Avoid Send Queue overflow · 107c1d0a
      Chuck Lever authored
      Sanity case: Catch the case where more Work Requests are being
      posted to the Send Queue than there are Send Queue Entries.
      
      This might happen if a client sends a chunk with more segments than
      there are SQEs for the transport. The server can't send that reply,
      so the transport will deadlock unless the client drops the RPC.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      107c1d0a
    • Chuck Lever's avatar
      svcrdma: Squelch disconnection messages · 91a08eae
      Chuck Lever authored
      The server displays "svcrdma: failed to post Send WR (-107)" in the
      kernel log when the client disconnects. This could flood the server's
      log, so remove the message.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      91a08eae
    • Chuck Lever's avatar
      sunrpc: Disable splice for krb5i · 06eb8a56
      Chuck Lever authored
      Running a multi-threaded 8KB fio test (70/30 mix), three or four out
      of twelve of the jobs fail when using krb5i. The failure is an EIO
      on a read.
      
      Troubleshooting confirmed the EIO results when the client fails to
      verify the MIC of an NFS READ reply. Bruce suggested the problem
      could be due to the data payload changing between the time the
      reply's MIC was computed on the server and the time the reply was
      actually sent.
      
      krb5p gets around this problem by disabling RQ_SPLICE_OK. Use the
      same mechanism for krb5i RPCs.
      
      "iozone -i0 -i1 -s128m -y1k -az -I", export is tmpfs, mount is
      sec=krb5i,vers=3,proto=rdma. The important numbers are the
      read / reread column.
      
      Here's without the RQ_SPLICE_OK patch:
      
                    kB  reclen    write  rewrite    read    reread
                131072       1     7546     7929     8396     8267
                131072       2    14375    14600    15843    15639
                131072       4    19280    19248    21303    21410
                131072       8    32350    31772    35199    34883
                131072      16    36748    37477    49365    51706
                131072      32    55669    56059    57475    57389
                131072      64    74599    75190    74903    75550
                131072     128    99810   101446   102828   102724
                131072     256   122042   122612   124806   125026
                131072     512   137614   138004   141412   141267
                131072    1024   146601   148774   151356   151409
                131072    2048   180684   181727   293140   292840
                131072    4096   206907   207658   552964   549029
                131072    8192   223982   224360   454493   473469
                131072   16384   228927   228390   654734   632607
      
      And here's with it:
      
                    kB  reclen    write  rewrite    read    reread
                131072       1     7700     7365     7958     8011
                131072       2    13211    13303    14937    14414
                131072       4    19001    19265    20544    20657
                131072       8    30883    31097    34255    33566
                131072      16    36868    34908    51499    49944
                131072      32    56428    55535    58710    56952
                131072      64    73507    74676    75619    74378
                131072     128   100324   101442   103276   102736
                131072     256   122517   122995   124639   124150
                131072     512   137317   139007   140530   140830
                131072    1024   146807   148923   151246   151072
                131072    2048   179656   180732   292631   292034
                131072    4096   206216   208583   543355   541951
                131072    8192   223738   224273   494201   489372
                131072   16384   229313   229840   691719   668427
      
      I would say that there is not much difference in this test.
      
      For good measure, here's the same test with sec=krb5p:
      
                    kB  reclen    write  rewrite    read    reread
                131072       1     5982     5881     6137     6218
                131072       2    10216    10252    10850    10932
                131072       4    12236    12575    15375    15526
                131072       8    15461    15462    23821    22351
                131072      16    25677    25811    27529    27640
                131072      32    31903    32354    34063    33857
                131072      64    42989    43188    45635    45561
                131072     128    52848    53210    56144    56141
                131072     256    59123    59214    62691    62933
                131072     512    63140    63277    66887    67025
                131072    1024    65255    65299    69213    69140
                131072    2048    76454    76555   133767   133862
                131072    4096    84726    84883   251925   250702
                131072    8192    89491    89482   270821   276085
                131072   16384    91572    91597   361768   336868
      
      BugLink: https://bugzilla.linux-nfs.org/show_bug.cgi?id=307Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Reviewed-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      06eb8a56
    • J. Bruce Fields's avatar
      Merge tag 'v4.12-rc5' into nfsd tree · 9a1d168e
      J. Bruce Fields authored
      Update to get f0c3192c "virtio_net: lower limit on buffer size".
      That bug was interfering with my nfsd testing.
      9a1d168e
  3. 11 Jun, 2017 15 commits
    • Linus Torvalds's avatar
      Linux 4.12-rc5 · 32c1431e
      Linus Torvalds authored
      32c1431e
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · 32627645
      Linus Torvalds authored
      Pull key subsystem fixes from James Morris:
       "Here are a bunch of fixes for Linux keyrings, including:
      
         - Fix up the refcount handling now that key structs use the
           refcount_t type and the refcount_t ops don't allow a 0->1
           transition.
      
         - Fix a potential NULL deref after error in x509_cert_parse().
      
         - Don't put data for the crypto algorithms to use on the stack.
      
         - Fix the handling of a null payload being passed to add_key().
      
         - Fix incorrect cleanup an uninitialised key_preparsed_payload in
           key_update().
      
         - Explicit sanitisation of potentially secure data before freeing.
      
         - Fixes for the Diffie-Helman code"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (23 commits)
        KEYS: fix refcount_inc() on zero
        KEYS: Convert KEYCTL_DH_COMPUTE to use the crypto KPP API
        crypto : asymmetric_keys : verify_pefile:zero memory content before freeing
        KEYS: DH: add __user annotations to keyctl_kdf_params
        KEYS: DH: ensure the KDF counter is properly aligned
        KEYS: DH: don't feed uninitialized "otherinfo" into KDF
        KEYS: DH: forbid using digest_null as the KDF hash
        KEYS: sanitize key structs before freeing
        KEYS: trusted: sanitize all key material
        KEYS: encrypted: sanitize all key material
        KEYS: user_defined: sanitize key payloads
        KEYS: sanitize add_key() and keyctl() key payloads
        KEYS: fix freeing uninitialized memory in key_update()
        KEYS: fix dereferencing NULL payload with nonzero length
        KEYS: encrypted: use constant-time HMAC comparison
        KEYS: encrypted: fix race causing incorrect HMAC calculations
        KEYS: encrypted: fix buffer overread in valid_master_desc()
        KEYS: encrypted: avoid encrypting/decrypting stack buffers
        KEYS: put keyring if install_session_keyring_to_cred() fails
        KEYS: Delete an error message for a failed memory allocation in get_derived_key()
        ...
      32627645
    • Linus Torvalds's avatar
      compiler, clang: properly override 'inline' for clang · 6d53cefb
      Linus Torvalds authored
      Commit abb2ea7d ("compiler, clang: suppress warning for unused
      static inline functions") just caused more warnings due to re-defining
      the 'inline' macro.
      
      So undef it before re-defining it, and also add the 'notrace' attribute
      like the gcc version that this is overriding does.
      
      Maybe this makes clang happier.
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      6d53cefb
    • Linus Torvalds's avatar
      Merge tag 'random_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random · 5ad9345d
      Linus Torvalds authored
      Pull randomness fixes from Ted Ts'o:
       "Improve performance by using a lockless update mechanism suggested by
        Linus, and make sure we refresh per-CPU entropy returned get_random_*
        as soon as the CRNG is initialized"
      
      * tag 'random_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random:
        random: invalidate batched entropy after crng init
        random: use lockless method of accessing and updating f->reg_idx
      5ad9345d
    • Linus Torvalds's avatar
      Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 · 5e38b72a
      Linus Torvalds authored
      Pull ext4 fixes from Ted Ts'o:
       "Fix various bug fixes in ext4 caused by races and memory allocation
        failures"
      
      * tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
        ext4: fix fdatasync(2) after extent manipulation operations
        ext4: fix data corruption for mmap writes
        ext4: fix data corruption with EXT4_GET_BLOCKS_ZERO
        ext4: fix quota charging for shared xattr blocks
        ext4: remove redundant check for encrypted file on dio write path
        ext4: remove unused d_name argument from ext4_search_dir() et al.
        ext4: fix off-by-one error when writing back pages before dio read
        ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff()
        ext4: keep existing extra fields when inode expands
        ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors
        ext4: fix off-by-in in loop termination in ext4_find_unwritten_pgoff()
        ext4: fix SEEK_HOLE
        jbd2: preserve original nofs flag during journal restart
        ext4: clear lockdep subtype for quota files on quota off
      5e38b72a
    • Linus Torvalds's avatar
      Merge tag 'gpio-v4.12-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio · f986e31b
      Linus Torvalds authored
      Pull GPIO fixes from Linus Walleij:
       "A few overdue GPIO patches for the v4.12 kernel.
      
         - Fix debounce logic on the Aspeed platform.
      
         - Fix the "virtual gpio" things on the Intel Crystal Cove.
      
         - Fix the blink counter selection on the MVEBU platform"
      
      * tag 'gpio-v4.12-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
        gpio: mvebu: fix gpio bank registration when pwm is used
        gpio: mvebu: fix blink counter register selection
        MAINTAINERS: remove self from GPIO maintainers
        gpio: crystalcove: Do not write regular gpio registers for virtual GPIOs
        gpio: aspeed: Don't attempt to debounce if disabled
      f986e31b
    • Linus Torvalds's avatar
      Merge tag 'char-misc-4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · 9cd9cb0b
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "Here are some small driver fixes for 4.12-rc5. Nothing major here,
        just some small bugfixes found by people testing, and a MAINTAINERS
        file update for the genwqe driver.
      
        All have been in linux-next with no reported issues"
      
      [ The cxl driver fix came in through the powerpc tree earlier ]
      
      * tag 'char-misc-4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        cxl: Avoid double free_irq() for psl,slice interrupts
        mei: make sysfs modalias format similar as uevent modalias
        drivers: char: mem: Fix wraparound check to allow mappings up to the end
        MAINTAINERS: Change maintainer of genwqe driver
        goldfish_pipe: use GFP_ATOMIC under spin lock
        firmware: vpd: do not leak kobjects
        firmware: vpd: avoid potential use-after-free when destroying section
        firmware: vpd: do not leave freed section attributes to the list
      9cd9cb0b
    • Linus Torvalds's avatar
      Merge tag 'staging-4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · 21c9eb7c
      Linus Torvalds authored
      Pull staging/IIO fixes from Greg KH:
       "These are mostly all IIO driver fixes, resolving a number of tiny
        issues. There's also a ccree and lustre fix in here as well, both fix
        problems found in those codebases.
      
        All have been in linux-next with no reported issues"
      
      * tag 'staging-4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        staging: ccree: fix buffer copy
        staging/lustre/lov: remove set_fs() call from lov_getstripe()
        staging: ccree: add CRYPTO dependency
        iio: adc: sun4i-gpadc-iio: fix parent device being used in devm function
        iio: light: ltr501 Fix interchanged als/ps register field
        iio: adc: bcm_iproc_adc: swap primary and secondary isr handler's
        iio: trigger: fix NULL pointer dereference in iio_trigger_write_current()
        iio: adc: max9611: Fix attribute measure unit
        iio: adc: ti_am335x_adc: allocating too much in probe
        iio: adc: sun4i-gpadc-iio: Fix module autoload when OF devices are registered
        iio: adc: sun4i-gpadc-iio: Fix module autoload when PLATFORM devices are registered
        iio: proximity: as3935: fix iio_trigger_poll issue
        iio: proximity: as3935: fix AS3935_INT mask
        iio: adc: Max9611: checking for ERR_PTR instead of NULL in probe
        iio: proximity: as3935: recalibrate RCO after resume
      21c9eb7c
    • Linus Torvalds's avatar
      Merge tag 'usb-4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 246baac2
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are some small USB fixes for 4.12-rc5
      
        They are for some reported issues in the chipidea and gadget drivers.
        Nothing major. All have been in linux-next for a while with no
        reported issues"
      
      * tag 'usb-4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        usb: gadget: udc: renesas_usb3: Fix PN_INT_ENA disabling timing
        usb: gadget: udc: renesas_usb3: lock for PN_ registers access
        usb: gadget: udc: renesas_usb3: fix deadlock by spinlock
        usb: gadget: udc: renesas_usb3: fix pm_runtime functions calling
        usb: gadget: f_mass_storage: Serialize wake and sleep execution
        usb: dwc2: add support for the DWC2 controller on Meson8 SoCs
        phy: qualcomm: phy-qcom-qmp: fix application of sizeof to pointer
        usb: musb: dsps: keep VBUS on for host-only mode
        usb: chipidea: core: check before accessing ci_role in ci_role_show
        usb: chipidea: debug: check before accessing ci_role
        phy: qcom-qmp: fix return value check in qcom_qmp_phy_create()
        usb: chipidea: udc: fix NULL pointer dereference if udc_start failed
        usb: chipidea: imx: Do not access CLKONOFF on i.MX51
      246baac2
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · ef918d3c
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "This is a set of user visible fixes (excepting one format string
        change).
      
        Four of the qla2xxx fixes only affect the firmware dump path, but it's
        still important to the enterprise. The rest are various NULL pointer
        crash conditions or outright driver hangs"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: cxgb4i: libcxgbi: in error case RST tcp conn
        scsi: scsi_debug: Avoid PI being disabled when TPGS is enabled
        scsi: qla2xxx: Fix extraneous ref on sp's after adapter break
        scsi: lpfc: prevent potential null pointer dereference
        scsi: lpfc: Avoid NULL pointer dereference in lpfc_els_abort()
        scsi: lpfc: nvmet_fc: fix format string
        scsi: qla2xxx: Fix crash due to NULL pointer dereference of ctx
        scsi: qla2xxx: Fix mailbox pointer error in fwdump capture
        scsi: qla2xxx: Set bit 15 for DIAG_ECHO_TEST MBC
        scsi: qla2xxx: Modify T262 FW dump template to specify same start/end to debug customer issues
        scsi: qla2xxx: Fix crash due to mismatch mumber of Q-pair creation for Multi queue
        scsi: qla2xxx: Fix NULL pointer access due to redundant fc_host_port_name call
        scsi: qla2xxx: Fix recursive loop during target mode configuration for ISP25XX leaving system unresponsive
        scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats()
        scsi: qla2xxx: don't disable a not previously enabled PCI device
      ef918d3c
    • Linus Torvalds's avatar
      Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm · 8f56821d
      Linus Torvalds authored
      Pull libnvdimm fix from Dan Williams:
       "We expanded the device-dax fs type in 4.12 to be a generic provider of
        a struct dax_device with an embedded inode. However, Sasha found some
        basic negative testing was not run to verify that this fs cleanly
        handles being mounted directly.
      
        Note that the fresh rebase was done to remove an unnecessary Cc:
        <stable> tag, but this commit otherwise had a build success
        notification from the 0day robot."
      
      * 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
        device-dax: fix 'dax' device filesystem inode destruction crash
      8f56821d
    • Linus Torvalds's avatar
      Merge tag 'hexagon-for-linus-v4.12-rc5' of... · 9d66af6b
      Linus Torvalds authored
      Merge tag 'hexagon-for-linus-v4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging
      
      Pull hexagon fix from Guenter Roeck:
       "This fixes a build error seen when building hexagon images.
      
        Richard sent me an Ack, but didn't reply when asked if he wants me to
        send the patch to you directly, so I figured I'd just do it"
      
      * tag 'hexagon-for-linus-v4.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
        hexagon: Use raw_copy_to_user
      9d66af6b
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 9d0eb462
      Linus Torvalds authored
      Pull KVM fixes from Paolo Bonzini:
       "Bug fixes (ARM, s390, x86)"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: async_pf: avoid async pf injection when in guest mode
        KVM: cpuid: Fix read/write out-of-bounds vulnerability in cpuid emulation
        arm: KVM: Allow unaligned accesses at HYP
        arm64: KVM: Allow unaligned accesses at EL2
        arm64: KVM: Preserve RES1 bits in SCTLR_EL2
        KVM: arm/arm64: Handle possible NULL stage2 pud when ageing pages
        KVM: nVMX: Fix exception injection
        kvm: async_pf: fix rcu_irq_enter() with irqs enabled
        KVM: arm/arm64: vgic-v3: Fix nr_pre_bits bitfield extraction
        KVM: s390: fix ais handling vs cpu model
        KVM: arm/arm64: Fix isues with GICv2 on GICv3 migration
      9d0eb462
    • Wanpeng Li's avatar
      KVM: async_pf: avoid async pf injection when in guest mode · 9bc1f09f
      Wanpeng Li authored
       INFO: task gnome-terminal-:1734 blocked for more than 120 seconds.
             Not tainted 4.12.0-rc4+ #8
       "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
       gnome-terminal- D    0  1734   1015 0x00000000
       Call Trace:
        __schedule+0x3cd/0xb30
        schedule+0x40/0x90
        kvm_async_pf_task_wait+0x1cc/0x270
        ? __vfs_read+0x37/0x150
        ? prepare_to_swait+0x22/0x70
        do_async_page_fault+0x77/0xb0
        ? do_async_page_fault+0x77/0xb0
        async_page_fault+0x28/0x30
      
      This is triggered by running both win7 and win2016 on L1 KVM simultaneously,
      and then gives stress to memory on L1, I can observed this hang on L1 when
      at least ~70% swap area is occupied on L0.
      
      This is due to async pf was injected to L2 which should be injected to L1,
      L2 guest starts receiving pagefault w/ bogus %cr2(apf token from the host
      actually), and L1 guest starts accumulating tasks stuck in D state in
      kvm_async_pf_task_wait() since missing PAGE_READY async_pfs.
      
      This patch fixes the hang by doing async pf when executing L1 guest.
      
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Radim Krčmář <rkrcmar@redhat.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarWanpeng Li <wanpeng.li@hotmail.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      9bc1f09f
    • Guenter Roeck's avatar
      hexagon: Use raw_copy_to_user · 4d801cca
      Guenter Roeck authored
      Commit ac4691fa ("hexagon: switch to RAW_COPY_USER") replaced
      __copy_to_user_hexagon() with raw_copy_to_user(), but did not catch
      all callers, resulting in the following build error.
      
      arch/hexagon/mm/uaccess.c: In function '__clear_user_hexagon':
      arch/hexagon/mm/uaccess.c:40:3: error:
      	implicit declaration of function '__copy_to_user_hexagon'
      
      Fixes: ac4691fa ("hexagon: switch to RAW_COPY_USER")
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Acked-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Acked-by: default avatarRichard Kuo <rkuo@codeaurora.org>
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      4d801cca
  4. 10 Jun, 2017 8 commits