1. 21 Mar, 2020 1 commit
  2. 19 Mar, 2020 1 commit
  3. 16 Mar, 2020 8 commits
    • Marc Zyngier's avatar
      irqchip/gic-v4: Provide irq_retrigger to avoid circular locking dependency · 7809f701
      Marc Zyngier authored
      On a very heavily loaded D05 with GICv4, I managed to trigger the
      following lockdep splat:
      
      [ 6022.598864] ======================================================
      [ 6022.605031] WARNING: possible circular locking dependency detected
      [ 6022.611200] 5.6.0-rc4-00026-geee7c7b0f498 #680 Tainted: G            E
      [ 6022.618061] ------------------------------------------------------
      [ 6022.624227] qemu-system-aar/7569 is trying to acquire lock:
      [ 6022.629789] ffff042f97606808 (&p->pi_lock){-.-.}, at: try_to_wake_up+0x54/0x7a0
      [ 6022.637102]
      [ 6022.637102] but task is already holding lock:
      [ 6022.642921] ffff002fae424cf0 (&irq_desc_lock_class){-.-.}, at: __irq_get_desc_lock+0x5c/0x98
      [ 6022.651350]
      [ 6022.651350] which lock already depends on the new lock.
      [ 6022.651350]
      [ 6022.659512]
      [ 6022.659512] the existing dependency chain (in reverse order) is:
      [ 6022.666980]
      [ 6022.666980] -> #2 (&irq_desc_lock_class){-.-.}:
      [ 6022.672983]        _raw_spin_lock_irqsave+0x50/0x78
      [ 6022.677848]        __irq_get_desc_lock+0x5c/0x98
      [ 6022.682453]        irq_set_vcpu_affinity+0x40/0xc0
      [ 6022.687236]        its_make_vpe_non_resident+0x6c/0xb8
      [ 6022.692364]        vgic_v4_put+0x54/0x70
      [ 6022.696273]        vgic_v3_put+0x20/0xd8
      [ 6022.700183]        kvm_vgic_put+0x30/0x48
      [ 6022.704182]        kvm_arch_vcpu_put+0x34/0x50
      [ 6022.708614]        kvm_sched_out+0x34/0x50
      [ 6022.712700]        __schedule+0x4bc/0x7f8
      [ 6022.716697]        schedule+0x50/0xd8
      [ 6022.720347]        kvm_arch_vcpu_ioctl_run+0x5f0/0x978
      [ 6022.725473]        kvm_vcpu_ioctl+0x3d4/0x8f8
      [ 6022.729820]        ksys_ioctl+0x90/0xd0
      [ 6022.733642]        __arm64_sys_ioctl+0x24/0x30
      [ 6022.738074]        el0_svc_common.constprop.3+0xa8/0x1e8
      [ 6022.743373]        do_el0_svc+0x28/0x88
      [ 6022.747198]        el0_svc+0x14/0x40
      [ 6022.750761]        el0_sync_handler+0x124/0x2b8
      [ 6022.755278]        el0_sync+0x140/0x180
      [ 6022.759100]
      [ 6022.759100] -> #1 (&rq->lock){-.-.}:
      [ 6022.764143]        _raw_spin_lock+0x38/0x50
      [ 6022.768314]        task_fork_fair+0x40/0x128
      [ 6022.772572]        sched_fork+0xe0/0x210
      [ 6022.776484]        copy_process+0x8c4/0x18d8
      [ 6022.780742]        _do_fork+0x88/0x6d8
      [ 6022.784478]        kernel_thread+0x64/0x88
      [ 6022.788563]        rest_init+0x30/0x270
      [ 6022.792390]        arch_call_rest_init+0x14/0x1c
      [ 6022.796995]        start_kernel+0x498/0x4c4
      [ 6022.801164]
      [ 6022.801164] -> #0 (&p->pi_lock){-.-.}:
      [ 6022.806382]        __lock_acquire+0xdd8/0x15c8
      [ 6022.810813]        lock_acquire+0xd0/0x218
      [ 6022.814896]        _raw_spin_lock_irqsave+0x50/0x78
      [ 6022.819761]        try_to_wake_up+0x54/0x7a0
      [ 6022.824018]        wake_up_process+0x1c/0x28
      [ 6022.828276]        wakeup_softirqd+0x38/0x40
      [ 6022.832533]        __tasklet_schedule_common+0xc4/0xf0
      [ 6022.837658]        __tasklet_schedule+0x24/0x30
      [ 6022.842176]        check_irq_resend+0xc8/0x158
      [ 6022.846609]        irq_startup+0x74/0x128
      [ 6022.850606]        __enable_irq+0x6c/0x78
      [ 6022.854602]        enable_irq+0x54/0xa0
      [ 6022.858431]        its_make_vpe_non_resident+0xa4/0xb8
      [ 6022.863557]        vgic_v4_put+0x54/0x70
      [ 6022.867469]        kvm_arch_vcpu_blocking+0x28/0x38
      [ 6022.872336]        kvm_vcpu_block+0x48/0x490
      [ 6022.876594]        kvm_handle_wfx+0x18c/0x310
      [ 6022.880938]        handle_exit+0x138/0x198
      [ 6022.885022]        kvm_arch_vcpu_ioctl_run+0x4d4/0x978
      [ 6022.890148]        kvm_vcpu_ioctl+0x3d4/0x8f8
      [ 6022.894494]        ksys_ioctl+0x90/0xd0
      [ 6022.898317]        __arm64_sys_ioctl+0x24/0x30
      [ 6022.902748]        el0_svc_common.constprop.3+0xa8/0x1e8
      [ 6022.908046]        do_el0_svc+0x28/0x88
      [ 6022.911871]        el0_svc+0x14/0x40
      [ 6022.915434]        el0_sync_handler+0x124/0x2b8
      [ 6022.919951]        el0_sync+0x140/0x180
      [ 6022.923773]
      [ 6022.923773] other info that might help us debug this:
      [ 6022.923773]
      [ 6022.931762] Chain exists of:
      [ 6022.931762]   &p->pi_lock --> &rq->lock --> &irq_desc_lock_class
      [ 6022.931762]
      [ 6022.942101]  Possible unsafe locking scenario:
      [ 6022.942101]
      [ 6022.948007]        CPU0                    CPU1
      [ 6022.952523]        ----                    ----
      [ 6022.957039]   lock(&irq_desc_lock_class);
      [ 6022.961036]                                lock(&rq->lock);
      [ 6022.966595]                                lock(&irq_desc_lock_class);
      [ 6022.973109]   lock(&p->pi_lock);
      [ 6022.976324]
      [ 6022.976324]  *** DEADLOCK ***
      
      This is happening because we have a pending doorbell that requires
      retrigger. As SW retriggering is done in a tasklet, we trigger the
      circular dependency above.
      
      The easy cop-out is to provide a retrigger callback that doesn't
      require acquiring any extra lock.
      Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
      Link: https://lore.kernel.org/r/20200310184921.23552-5-maz@kernel.org
      7809f701
    • Marc Zyngier's avatar
      ARM: sa1111: Fix irq_retrigger callback return value · ad00a325
      Marc Zyngier authored
      The irq_retrigger callback is supposed to return 0 when retrigger
      has failed, and a non-zero value otherwise. Tell the core code
      that the driver has succedded in using the HW to retrigger the
      interrupt (if ever).
      Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
      Link: https://lore.kernel.org/r/20200310184921.23552-4-maz@kernel.org
      ad00a325
    • Marc Zyngier's avatar
      irqchip/atmel-aic5: Fix irq_retrigger callback return value · 4ddfc459
      Marc Zyngier authored
      The irq_retrigger callback is supposed to return 0 when retrigger
      has failed, and a non-zero value otherwise. Tell the core code
      that the driver has succedded in using the HW to retrigger the
      interrupt.
      Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
      Link: https://lore.kernel.org/r/20200310184921.23552-3-maz@kernel.org
      4ddfc459
    • Marc Zyngier's avatar
      irqchip/atmel-aic: Fix irq_retrigger callback return value · 7177144a
      Marc Zyngier authored
      The irq_retrigger callback is supposed to return 0 when retrigger
      has failed, and a non-zero value otherwise. Tell the core code
      that the driver has succedded in using the HW to retrigger the
      interrupt.
      Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
      Link: https://lore.kernel.org/r/20200310184921.23552-2-maz@kernel.org
      7177144a
    • Marc Zyngier's avatar
      irqchip/gic-v3-its: Probe ITS page size for all GITS_BASERn registers · d5df9dc9
      Marc Zyngier authored
      The GICv3 ITS driver assumes that once it has latched on a page size for
      a given BASER register, it can use the same page size as the maximum
      page size for all subsequent BASER registers.
      
      Although it worked so far, nothing in the architecture guarantees this,
      and Nianyao Tang hit this problem on some undisclosed implementation.
      
      Let's bite the bullet and probe the the supported page size on all BASER
      registers before starting to populate the tables. This simplifies the
      setup a bit, at the expense of a few additional MMIO accesses.
      Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
      Reported-by: default avatarNianyao Tang <tangnianyao@huawei.com>
      Tested-by: default avatarNianyao Tang <tangnianyao@huawei.com>
      Link: https://lore.kernel.org/r/1584089195-63897-1-git-send-email-zhangshaokun@hisilicon.com
      d5df9dc9
    • Lukas Wunner's avatar
      irqchip/bcm2835: Quiesce IRQs left enabled by bootloader · bd59b343
      Lukas Wunner authored
      Per the spec, the BCM2835's IRQs are all disabled when coming out of
      power-on reset.  Its IRQ driver assumes that's still the case when the
      kernel boots and does not perform any initialization of the registers.
      However the Raspberry Pi Foundation's bootloader leaves the USB
      interrupt enabled when handing over control to the kernel.
      
      Quiesce IRQs and the FIQ if they were left enabled and log a message to
      let users know that they should update the bootloader once a fixed
      version is released.
      
      If the USB interrupt is not quiesced and the USB driver later on claims
      the FIQ (as it does on the Raspberry Pi Foundation's downstream kernel),
      interrupt latency for all other peripherals increases and occasional
      lockups occur.  That's because both the FIQ and the normal USB interrupt
      fire simultaneously:
      
      On a multicore Raspberry Pi, if normal interrupts are routed to CPU 0
      and the FIQ to CPU 1 (hardcoded in the Foundation's kernel), then a USB
      interrupt causes CPU 0 to spin in bcm2836_chained_handle_irq() until the
      FIQ on CPU 1 has cleared it.  Other peripherals' interrupts are starved
      as long.  I've seen CPU 0 blocked for up to 2.9 msec.  eMMC throughput
      on a Compute Module 3 irregularly dips to 23.0 MB/s without this commit
      but remains relatively constant at 23.5 MB/s with this commit.
      
      The lockups occur when CPU 0 receives a USB interrupt while holding a
      lock which CPU 1 is trying to acquire while the FIQ is temporarily
      disabled on CPU 1.  At best users get RCU CPU stall warnings, but most
      of the time the system just freezes.
      
      Fixes: 89214f00 ("ARM: bcm2835: add interrupt controller driver")
      Signed-off-by: default avatarLukas Wunner <lukas@wunner.de>
      Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
      Reviewed-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Reviewed-by: default avatarNicolas Saenz Julienne <nsaenzjulienne@suse.de>
      Link: https://lore.kernel.org/r/f97868ba4e9b86ddad71f44ec9d8b3b7d8daa1ea.1582618537.git.lukas@wunner.de
      bd59b343
    • Atish Patra's avatar
      irqchip/sifive-plic: Add support for multiple PLICs · f1ad1133
      Atish Patra authored
      Current, PLIC driver can support only 1 PLIC on the board. However,
      there can be multiple PLICs present on a two socket systems in RISC-V.
      
      Modify the driver so that each PLIC handler can have a information
      about individual PLIC registers and an irqdomain associated with it.
      
      Tested on two socket RISC-V system based on VCU118 FPGA connected via
      OmniXtend protocol.
      Signed-off-by: default avatarAtish Patra <atish.patra@wdc.com>
      Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
      Reviewed-by: default avatarAnup Patel <anup@brainfault.org>
      Link: https://lore.kernel.org/r/20200302231146.15530-3-atish.patra@wdc.com
      f1ad1133
    • Atish Patra's avatar
      irqchip/sifive-plic: Enable/Disable external interrupts upon cpu online/offline · ccbe80ba
      Atish Patra authored
      Currently, PLIC threshold is only initialized once in the beginning.
      However, threshold can be set to disabled if a CPU is marked offline with
      CPU hotplug feature. This will not allow to change the irq affinity to a
      CPU that just came online.
      
      Add PLIC specific CPU hotplug callbacks and enable the threshold when a CPU
      comes online. Take this opportunity to move the external interrupt enable
      code from trap init to PLIC driver as well. On cpu offline path, the driver
      performs the exact opposite operations i.e. disable the interrupt and
      the threshold.
      Signed-off-by: default avatarAtish Patra <atish.patra@wdc.com>
      Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
      Reviewed-by: default avatarAnup Patel <anup@brainfault.org>
      Link: https://lore.kernel.org/r/20200302231146.15530-2-atish.patra@wdc.com
      ccbe80ba
  4. 08 Mar, 2020 7 commits
  5. 01 Mar, 2020 5 commits
  6. 29 Feb, 2020 4 commits
    • Dan Carpenter's avatar
      ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() · 37b0b6b8
      Dan Carpenter authored
      If sbi->s_flex_groups_allocated is zero and the first allocation fails
      then this code will crash.  The problem is that "i--" will set "i" to
      -1 but when we compare "i >= sbi->s_flex_groups_allocated" then the -1
      is type promoted to unsigned and becomes UINT_MAX.  Since UINT_MAX
      is more than zero, the condition is true so we call kvfree(new_groups[-1]).
      The loop will carry on freeing invalid memory until it crashes.
      
      Fixes: 7c990728 ("ext4: fix potential race between s_flex_groups online resizing and access")
      Reviewed-by: default avatarSuraj Jitindar Singh <surajjs@amazon.com>
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Cc: stable@kernel.org
      Link: https://lore.kernel.org/r/20200228092142.7irbc44yaz3by7nb@kili.mountainSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      37b0b6b8
    • Wolfram Sang's avatar
      macintosh: therm_windtunnel: fix regression when instantiating devices · 38b17afb
      Wolfram Sang authored
      Removing attach_adapter from this driver caused a regression for at
      least some machines. Those machines had the sensors described in their
      DT, too, so they didn't need manual creation of the sensor devices. The
      old code worked, though, because manual creation came first. Creation of
      DT devices then failed later and caused error logs, but the sensors
      worked nonetheless because of the manually created devices.
      
      When removing attach_adaper, manual creation now comes later and loses
      the race. The sensor devices were already registered via DT, yet with
      another binding, so the driver could not be bound to it.
      
      This fix refactors the code to remove the race and only manually creates
      devices if there are no DT nodes present. Also, the DT binding is updated
      to match both, the DT and manually created devices. Because we don't
      know which device creation will be used at runtime, the code to start
      the kthread is moved to do_probe() which will be called by both methods.
      
      Fixes: 3e7bed52 ("macintosh: therm_windtunnel: drop using attach_adapter")
      Link: https://bugzilla.kernel.org/show_bug.cgi?id=201723Reported-by: default avatarErhard Furtner <erhard_f@mailbox.org>
      Tested-by: default avatarErhard Furtner <erhard_f@mailbox.org>
      Acked-by: Michael Ellerman <mpe@ellerman.id.au> (powerpc)
      Signed-off-by: default avatarWolfram Sang <wsa@the-dreams.de>
      Cc: stable@kernel.org # v4.19+
      38b17afb
    • Qian Cai's avatar
      jbd2: fix data races at struct journal_head · 6c5d9112
      Qian Cai authored
      journal_head::b_transaction and journal_head::b_next_transaction could
      be accessed concurrently as noticed by KCSAN,
      
       LTP: starting fsync04
       /dev/zero: Can't open blockdev
       EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
       EXT4-fs (loop0): mounted filesystem with ordered data mode. Opts: (null)
       ==================================================================
       BUG: KCSAN: data-race in __jbd2_journal_refile_buffer [jbd2] / jbd2_write_access_granted [jbd2]
      
       write to 0xffff99f9b1bd0e30 of 8 bytes by task 25721 on cpu 70:
        __jbd2_journal_refile_buffer+0xdd/0x210 [jbd2]
        __jbd2_journal_refile_buffer at fs/jbd2/transaction.c:2569
        jbd2_journal_commit_transaction+0x2d15/0x3f20 [jbd2]
        (inlined by) jbd2_journal_commit_transaction at fs/jbd2/commit.c:1034
        kjournald2+0x13b/0x450 [jbd2]
        kthread+0x1cd/0x1f0
        ret_from_fork+0x27/0x50
      
       read to 0xffff99f9b1bd0e30 of 8 bytes by task 25724 on cpu 68:
        jbd2_write_access_granted+0x1b2/0x250 [jbd2]
        jbd2_write_access_granted at fs/jbd2/transaction.c:1155
        jbd2_journal_get_write_access+0x2c/0x60 [jbd2]
        __ext4_journal_get_write_access+0x50/0x90 [ext4]
        ext4_mb_mark_diskspace_used+0x158/0x620 [ext4]
        ext4_mb_new_blocks+0x54f/0xca0 [ext4]
        ext4_ind_map_blocks+0xc79/0x1b40 [ext4]
        ext4_map_blocks+0x3b4/0x950 [ext4]
        _ext4_get_block+0xfc/0x270 [ext4]
        ext4_get_block+0x3b/0x50 [ext4]
        __block_write_begin_int+0x22e/0xae0
        __block_write_begin+0x39/0x50
        ext4_write_begin+0x388/0xb50 [ext4]
        generic_perform_write+0x15d/0x290
        ext4_buffered_write_iter+0x11f/0x210 [ext4]
        ext4_file_write_iter+0xce/0x9e0 [ext4]
        new_sync_write+0x29c/0x3b0
        __vfs_write+0x92/0xa0
        vfs_write+0x103/0x260
        ksys_write+0x9d/0x130
        __x64_sys_write+0x4c/0x60
        do_syscall_64+0x91/0xb05
        entry_SYSCALL_64_after_hwframe+0x49/0xbe
      
       5 locks held by fsync04/25724:
        #0: ffff99f9911093f8 (sb_writers#13){.+.+}, at: vfs_write+0x21c/0x260
        #1: ffff99f9db4c0348 (&sb->s_type->i_mutex_key#15){+.+.}, at: ext4_buffered_write_iter+0x65/0x210 [ext4]
        #2: ffff99f5e7dfcf58 (jbd2_handle){++++}, at: start_this_handle+0x1c1/0x9d0 [jbd2]
        #3: ffff99f9db4c0168 (&ei->i_data_sem){++++}, at: ext4_map_blocks+0x176/0x950 [ext4]
        #4: ffffffff99086b40 (rcu_read_lock){....}, at: jbd2_write_access_granted+0x4e/0x250 [jbd2]
       irq event stamp: 1407125
       hardirqs last  enabled at (1407125): [<ffffffff980da9b7>] __find_get_block+0x107/0x790
       hardirqs last disabled at (1407124): [<ffffffff980da8f9>] __find_get_block+0x49/0x790
       softirqs last  enabled at (1405528): [<ffffffff98a0034c>] __do_softirq+0x34c/0x57c
       softirqs last disabled at (1405521): [<ffffffff97cc67a2>] irq_exit+0xa2/0xc0
      
       Reported by Kernel Concurrency Sanitizer on:
       CPU: 68 PID: 25724 Comm: fsync04 Tainted: G L 5.6.0-rc2-next-20200221+ #7
       Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/10/2019
      
      The plain reads are outside of jh->b_state_lock critical section which result
      in data races. Fix them by adding pairs of READ|WRITE_ONCE().
      Reviewed-by: default avatarJan Kara <jack@suse.cz>
      Signed-off-by: default avatarQian Cai <cai@lca.pw>
      Link: https://lore.kernel.org/r/20200222043111.2227-1-cai@lca.pwSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      6c5d9112
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 7557c1b3
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Four small fixes.
      
        Three are in drivers for fairly obvious bugs. The fourth is a set of
        regressions introduced by the compat_ioctl changes because some of the
        compat updates wrongly replaced .ioctl instead of .compat_ioctl"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: compat_ioctl: cdrom: Replace .ioctl with .compat_ioctl in four appropriate places
        scsi: zfcp: fix wrong data and display format of SFP+ temperature
        scsi: sd_sbc: Fix sd_zbc_report_zones()
        scsi: libfc: free response frame from GPN_ID
      7557c1b3
  7. 28 Feb, 2020 14 commits