1. 11 Mar, 2018 7 commits
  2. 10 Mar, 2018 19 commits
    • Linus Torvalds's avatar
      Merge tag 'kbuild-fixes-v4.16-2' of... · 3266b5bd
      Linus Torvalds authored
      Merge tag 'kbuild-fixes-v4.16-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
      
      Pull Kbuild fixes from Masahiro Yamada:
      
       - make fixdep parse kconfig.h to fix missing rebuild
      
       - replace hyphens with underscores in builtin DTB label names
      
       - fix typos
      
      * tag 'kbuild-fixes-v4.16-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
        kbuild: Handle builtin dtb file names containing hyphens
        scripts/bloat-o-meter: fix typos in help
        fixdep: do not ignore kconfig.h
        fixdep: remove some false CONFIG_ matches
        fixdep: remove stale references to uml-config.h
      3266b5bd
    • Linus Torvalds's avatar
      Merge tag 'linux-watchdog-4.16-fixes-2' of git://www.linux-watchdog.org/linux-watchdog · 23b33acc
      Linus Torvalds authored
      Pull watchdog fixes from Wim Van Sebroeck:
      
       - f71808e_wdt: Fix magic close handling
      
       - sbsa: 32-bit read fix for WCV
      
       - hpwdt: Remove legacy NMI sourcing
      
      * tag 'linux-watchdog-4.16-fixes-2' of git://www.linux-watchdog.org/linux-watchdog:
        watchdog: hpwdt: Remove legacy NMI sourcing.
        watchdog: sbsa: use 32-bit read for WCV
        watchdog: f71808e_wdt: Fix magic close handling
      23b33acc
    • Linus Torvalds's avatar
      Merge tag 'for-linus-20180309' of git://git.kernel.dk/linux-block · 91a26209
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - a xen-blkfront fix from Bhavesh with a multiqueue fix when
         detaching/re-attaching
      
       - a few important NVMe fixes, including a revert for a sysfs fix that
         caused some user space confusion
      
       - two bcache fixes by way of Michael Lyle
      
       - a loop regression fix, fixing an issue with lost writes on DAX.
      
      * tag 'for-linus-20180309' of git://git.kernel.dk/linux-block:
        loop: Fix lost writes caused by missing flag
        nvme_fc: rework sqsize handling
        nvme-fabrics: Ignore nr_io_queues option for discovery controllers
        xen-blkfront: move negotiate_mq to cover all cases of new VBDs
        Revert "nvme: create 'slaves' and 'holders' entries for hidden controllers"
        bcache: don't attach backing with duplicate UUID
        bcache: fix crashes in duplicate cache device register
        nvme: pci: pass max vectors as num_possible_cpus() to pci_alloc_irq_vectors
        nvme-pci: Fix EEH failure on ppc
      91a26209
    • Linus Torvalds's avatar
      Merge tag 'for-4.16/dm-fixes-2' of... · b3b25b1d
      Linus Torvalds authored
      Merge tag 'for-4.16/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
      
      Pull device mapper fixes from Mike Snitzer:
      
       - Fix an uninitialized variable false warning in dm bufio
      
       - Fix DM's passthrough ioctl support to be race free against an
         underlying device being removed.
      
       - Fix corner-case of DM raid resync reporting if/when the raid becomes
         degraded during resync; otherwise automated raid repair will fail.
      
       - A few DM multipath fixes to make non-SCSI optimizations, that were
         introduced during the 4.16 merge, useful for all non-SCSI devices,
         rather than narrowly define this non-SCSI mode in terms of "nvme".
      
         This allows the removal of "queue_mode nvme" that really didn't need
         to be introduced. Instead DM core will internalize whether
         nvme-specific IO submission optimizations are doable and DM multipath
         will only do SCSI-specific device handler operations if SCSI is in
         use.
      
      * tag 'for-4.16/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
        dm table: allow upgrade from bio-based to specialized bio-based variant
        dm mpath: remove unnecessary NVMe branching in favor of scsi_dh checks
        dm table: fix "nvme" test
        dm raid: fix incorrect sync_ratio when degraded
        dm: use blkdev_get rather than bdgrab when issuing pass-through ioctl
        dm bufio: avoid false-positive Wmaybe-uninitialized warning
      b3b25b1d
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma · 2f64e70c
      Linus Torvalds authored
      Pull rdma fixes from Doug Ledford:
      
       - Various driver bug fixes in mlx5, mlx4, bnxt_re and qedr, ranging
         from bugs under load to bad error case handling
      
       - There in one largish patch fixing the locking in bnxt_re to avoid a
         machine hard lock situation
      
       - A few core bugs on error paths
      
       - A patch to reduce stack usage in the new CQ API
      
       - One mlx5 regression introduced in this merge window
      
       - There were new syzkaller scripts written for the RDMA subsystem and
         we are fixing issues found by the bot
      
       - One of the commits (aa0de36a “RDMA/mlx5: Fix integer overflow
         while resizing CQ”) is missing part of the commit log message and one
         of the SOB lines. The original patch was from Leon Romanovsky, and a
         cut-n-paste separator in the commit message confused patchworks which
         then put the end of message separator in the wrong place in the
         downloaded patch, and I didn’t notice in time. The patch made it into
         the official branch, and the only way to fix it in-place was to
         rebase. Given the pain that a rebase causes, and the fact that the
         patch has relevant tags for stable and syzkaller, a revert of the
         munged patch and a reapplication of the original patch with the log
         message intact was done.
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma: (25 commits)
        RDMA/mlx5: Fix integer overflow while resizing CQ
        Revert "RDMA/mlx5: Fix integer overflow while resizing CQ"
        RDMA/ucma: Check that user doesn't overflow QP state
        RDMA/mlx5: Fix integer overflow while resizing CQ
        RDMA/ucma: Limit possible option size
        IB/core: Fix possible crash to access NULL netdev
        RDMA/bnxt_re: Avoid Hard lockup during error CQE processing
        RDMA/core: Reduce poll batch for direct cq polling
        IB/mlx5: Fix an error code in __mlx5_ib_modify_qp()
        IB/mlx5: When not in dual port RoCE mode, use provided port as native
        IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE
        IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs
        RDMA/qedr: Fix iWARP write and send with immediate
        RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA
        RDMA/qedr: Fix iWARP connect with port mapper
        RDMA/qedr: Fix ipv6 destination address resolution
        IB/core : Add null pointer check in addr_resolve
        RDMA/bnxt_re: Fix the ib_reg failure cleanup
        RDMA/bnxt_re: Fix incorrect DB offset calculation
        RDMA/bnxt_re: Unconditionly fence non wire memory operations
        ...
      2f64e70c
    • Linus Torvalds's avatar
      Merge tag 'platform-drivers-x86-v4.16-6' of git://git.infradead.org/linux-platform-drivers-x86 · b3337a6c
      Linus Torvalds authored
      Pull x86 platform driver fixes from Darren Hart:
       "Correct a module loading race condition between the DELL_SMBIOS
        backend modules and the first user by converting them to bool features
        of the DELL_SMBIOS driver. Fixup the resulting Kconfig dependency
        issue with DCDBAS"
      
      * tag 'platform-drivers-x86-v4.16-6' of git://git.infradead.org/linux-platform-drivers-x86:
        platform/x86: dell-smbios: Resolve dependency error on DCDBAS
        platform/x86: Allow for SMBIOS backend defaults
        platform/x86: dell-smbios: Link all dell-smbios-* modules together
        platform/x86: dell-smbios: Rename dell-smbios source to dell-smbios-base
        platform/x86: dell-smbios: Correct some style warnings
      b3337a6c
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · cdb06e9d
      Linus Torvalds authored
      Pull KVM fixes from Radim Krčmář:
       "PPC:
      
         - Fix guest time accounting in the host
      
         - Fix large-page backing for radix guests on POWER9
      
         - Fix HPT guests on POWER9 backed by 2M or 1G pages
      
         - Compile fixes for some configs and gcc versions
      
        s390:
      
         - Fix random memory corruption when running as guest2 (e.g. KVM in
           LPAR) and starting guest3 (e.g. nested KVM) with many CPUs
      
         - Export forgotten io interrupt delivery statistics counter"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: s390: fix memory overwrites when not using SCA entries
        KVM: PPC: Book3S HV: Fix guest time accounting with VIRT_CPU_ACCOUNTING_GEN
        KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing
        KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler
        KVM: s390: provide io interrupt kvm_stat
        KVM: PPC: Book3S: Fix compile error that occurs with some gcc versions
        KVM: PPC: Fix compile error that occurs when CONFIG_ALTIVEC=n
      cdb06e9d
    • Linus Torvalds's avatar
      Merge tag 'for-linus-4.16a-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · 39614481
      Linus Torvalds authored
      Pull xen fix from Juergen Gross:
       "Just one fix for the correct error handling after a failed
        device_register()"
      
      * tag 'for-linus-4.16a-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        xen: xenbus: use put_device() instead of kfree()
      39614481
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 4178802c
      Linus Torvalds authored
      Pull arm64 fixes from Catalin Marinas:
      
       - The SMCCC firmware interface for the spectre variant 2 mitigation has
         been updated to allow the discovery of whether the CPU needs the
         workaround. This pull request relaxes the kernel check on the return
         value from firmware.
      
       - Fix the commit allowing changing from global to non-global page table
         entries which inadvertently disallowed other safe attribute changes.
      
       - Fix sleeping in atomic during the arm_perf_teardown_cpu() code.
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery
        arm_pmu: Use disable_irq_nosync when disabling SPI in CPU teardown hook
        arm64: mm: fix thinko in non-global page table attribute check
      4178802c
    • Linus Torvalds's avatar
      Merge tag 'docs-4.16-fix' of git://git.lwn.net/linux · ed3c4dff
      Linus Torvalds authored
      Pull Documentation build fix from Jonathan Corbet:
       "The Sphinx 1.7 release broke the build process for reasons that are
        mostly our fault.
      
        This is a single fix cherry-picked from docs-next that restores docs
        buildability for all supported Sphinx versions"
      
      * tag 'docs-4.16-fix' of git://git.lwn.net/linux:
        Documentation/sphinx: Fix Directive import error
      ed3c4dff
    • Linus Torvalds's avatar
      Merge branch 'akpm' (patches from Andrew) · cfc79ae8
      Linus Torvalds authored
      Merge misc fixes from Andrew Morton:
       "8 fixes"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        lib/test_kmod.c: fix limit check on number of test devices created
        selftests/vm/run_vmtests: adjust hugetlb size according to nr_cpus
        mm/page_alloc: fix memmap_init_zone pageblock alignment
        mm/memblock.c: hardcode the end_pfn being -1
        mm/gup.c: teach get_user_pages_unlocked to handle FOLL_NOWAIT
        lib/bug.c: exclude non-BUG/WARN exceptions from report_bug()
        bug: use %pB in BUG and stack protector failure
        hugetlb: fix surplus pages accounting
      cfc79ae8
    • Luis R. Rodriguez's avatar
      lib/test_kmod.c: fix limit check on number of test devices created · ac68b1b3
      Luis R. Rodriguez authored
      As reported by Dan the parentheses is in the wrong place, and since
      unlikely() call returns either 0 or 1 it's never less than zero.  The
      second issue is that signed integer overflows like "INT_MAX + 1" are
      undefined behavior.
      
      Since num_test_devs represents the number of devices, we want to stop
      prior to hitting the max, and not rely on the wrap arround at all.  So
      just cap at num_test_devs + 1, prior to assigning a new device.
      
      Link: http://lkml.kernel.org/r/20180224030046.24238-1-mcgrof@kernel.org
      Fixes: d9c6a72d ("kmod: add test driver to stress test the module loader")
      Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarLuis R. Rodriguez <mcgrof@kernel.org>
      Acked-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ac68b1b3
    • Li Zhijian's avatar
      selftests/vm/run_vmtests: adjust hugetlb size according to nr_cpus · 0627be7d
      Li Zhijian authored
      Fix userfaultfd_hugetlb on hosts which have more than 64 cpus.
      
        ---------------------------
        running userfaultfd_hugetlb
        ---------------------------
        invalid MiB
        Usage: <MiB> <bounces>
        [FAIL]
      
      Via userfaultfd.c we can know, hugetlb_size needs to meet hugetlb_size
      >= nr_cpus * hugepage_size.  hugepage_size is often 2M, so when host
      cpus > 64, it requires more than 128M.
      
      [zhijianx.li@intel.com: update changelog/comments and variable name]
       Link: http://lkml.kernel.org/r/20180302024356.83359-1-zhijianx.li@intel.com
       Link: http://lkml.kernel.org/r/20180303125027.81638-1-zhijianx.li@intel.com
      Link: http://lkml.kernel.org/r/20180302024356.83359-1-zhijianx.li@intel.comSigned-off-by: default avatarLi Zhijian <zhijianx.li@intel.com>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: SeongJae Park <sj38.park@gmail.com>
      Cc: Philippe Ombredanne <pombredanne@nexb.com>
      Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
      Cc: Mike Kravetz <mike.kravetz@oracle.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      0627be7d
    • Daniel Vacek's avatar
      mm/page_alloc: fix memmap_init_zone pageblock alignment · 864b75f9
      Daniel Vacek authored
      Commit b92df1de ("mm: page_alloc: skip over regions of invalid pfns
      where possible") introduced a bug where move_freepages() triggers a
      VM_BUG_ON() on uninitialized page structure due to pageblock alignment.
      To fix this, simply align the skipped pfns in memmap_init_zone() the
      same way as in move_freepages_block().
      
      Seen in one of the RHEL reports:
      
        crash> log | grep -e BUG -e RIP -e Call.Trace -e move_freepages_block -e rmqueue -e freelist -A1
        kernel BUG at mm/page_alloc.c:1389!
        invalid opcode: 0000 [#1] SMP
        --
        RIP: 0010:[<ffffffff8118833e>]  [<ffffffff8118833e>] move_freepages+0x15e/0x160
        RSP: 0018:ffff88054d727688  EFLAGS: 00010087
        --
        Call Trace:
         [<ffffffff811883b3>] move_freepages_block+0x73/0x80
         [<ffffffff81189e63>] __rmqueue+0x263/0x460
         [<ffffffff8118c781>] get_page_from_freelist+0x7e1/0x9e0
         [<ffffffff8118caf6>] __alloc_pages_nodemask+0x176/0x420
        --
        RIP  [<ffffffff8118833e>] move_freepages+0x15e/0x160
         RSP <ffff88054d727688>
      
        crash> page_init_bug -v | grep RAM
        <struct resource 0xffff88067fffd2f8>          1000 -        9bfff	System RAM (620.00 KiB)
        <struct resource 0xffff88067fffd3a0>        100000 -     430bffff	System RAM (  1.05 GiB = 1071.75 MiB = 1097472.00 KiB)
        <struct resource 0xffff88067fffd410>      4b0c8000 -     4bf9cfff	System RAM ( 14.83 MiB = 15188.00 KiB)
        <struct resource 0xffff88067fffd480>      4bfac000 -     646b1fff	System RAM (391.02 MiB = 400408.00 KiB)
        <struct resource 0xffff88067fffd560>      7b788000 -     7b7fffff	System RAM (480.00 KiB)
        <struct resource 0xffff88067fffd640>     100000000 -    67fffffff	System RAM ( 22.00 GiB)
      
        crash> page_init_bug | head -6
        <struct resource 0xffff88067fffd560>      7b788000 -     7b7fffff	System RAM (480.00 KiB)
        <struct page 0xffffea0001ede200>   1fffff00000000  0 <struct pglist_data 0xffff88047ffd9000> 1 <struct zone 0xffff88047ffd9800> DMA32          4096    1048575
        <struct page 0xffffea0001ede200> 505736 505344 <struct page 0xffffea0001ed8000> 505855 <struct page 0xffffea0001edffc0>
        <struct page 0xffffea0001ed8000>                0  0 <struct pglist_data 0xffff88047ffd9000> 0 <struct zone 0xffff88047ffd9000> DMA               1       4095
        <struct page 0xffffea0001edffc0>   1fffff00000400  0 <struct pglist_data 0xffff88047ffd9000> 1 <struct zone 0xffff88047ffd9800> DMA32          4096    1048575
        BUG, zones differ!
      
      Note that this range follows two not populated sections
      68000000-77ffffff in this zone.  7b788000-7b7fffff is the first one
      after a gap.  This makes memmap_init_zone() skip all the pfns up to the
      beginning of this range.  But this range is not pageblock (2M) aligned.
      In fact no range has to be.
      
        crash> kmem -p 77fff000 78000000 7b5ff000 7b600000 7b787000 7b788000
              PAGE        PHYSICAL      MAPPING       INDEX CNT FLAGS
        ffffea0001e00000  78000000                0        0  0 0
        ffffea0001ed7fc0  7b5ff000                0        0  0 0
        ffffea0001ed8000  7b600000                0        0  0 0	<<<<
        ffffea0001ede1c0  7b787000                0        0  0 0
        ffffea0001ede200  7b788000                0        0  1 1fffff00000000
      
      Top part of page flags should contain nodeid and zonenr, which is not
      the case for page ffffea0001ed8000 here (<<<<).
      
        crash> log | grep -o fffea0001ed[^\ ]* | sort -u
        fffea0001ed8000
        fffea0001eded20
        fffea0001edffc0
      
        crash> bt -r | grep -o fffea0001ed[^\ ]* | sort -u
        fffea0001ed8000
        fffea0001eded00
        fffea0001eded20
        fffea0001edffc0
      
      Initialization of the whole beginning of the section is skipped up to
      the start of the range due to the commit b92df1de.  Now any code
      calling move_freepages_block() (like reusing the page from a freelist as
      in this example) with a page from the beginning of the range will get
      the page rounded down to start_page ffffea0001ed8000 and passed to
      move_freepages() which crashes on assertion getting wrong zonenr.
      
        >         VM_BUG_ON(page_zone(start_page) != page_zone(end_page));
      
      Note, page_zone() derives the zone from page flags here.
      
      From similar machine before commit b92df1de:
      
        crash> kmem -p 77fff000 78000000 7b5ff000 7b600000 7b7fe000 7b7ff000
              PAGE        PHYSICAL      MAPPING       INDEX CNT FLAGS
        fffff73941e00000  78000000                0        0  1 1fffff00000000
        fffff73941ed7fc0  7b5ff000                0        0  1 1fffff00000000
        fffff73941ed8000  7b600000                0        0  1 1fffff00000000
        fffff73941edff80  7b7fe000                0        0  1 1fffff00000000
        fffff73941edffc0  7b7ff000 ffff8e67e04d3ae0     ad84  1 1fffff00020068 uptodate,lru,active,mappedtodisk
      
      All the pages since the beginning of the section are initialized.
      move_freepages()' not gonna blow up.
      
      The same machine with this fix applied:
      
        crash> kmem -p 77fff000 78000000 7b5ff000 7b600000 7b7fe000 7b7ff000
              PAGE        PHYSICAL      MAPPING       INDEX CNT FLAGS
        ffffea0001e00000  78000000                0        0  0 0
        ffffea0001e00000  7b5ff000                0        0  0 0
        ffffea0001ed8000  7b600000                0        0  1 1fffff00000000
        ffffea0001edff80  7b7fe000                0        0  1 1fffff00000000
        ffffea0001edffc0  7b7ff000 ffff88017fb13720        8  2 1fffff00020068 uptodate,lru,active,mappedtodisk
      
      At least the bare minimum of pages is initialized preventing the crash
      as well.
      
      Customers started to report this as soon as 7.4 (where b92df1de was
      merged in RHEL) was released.  I remember reports from
      September/October-ish times.  It's not easily reproduced and happens on
      a handful of machines only.  I guess that's why.  But that does not make
      it less serious, I think.
      
      Though there actually is a report here:
        https://bugzilla.kernel.org/show_bug.cgi?id=196443
      
      And there are reports for Fedora from July:
        https://bugzilla.redhat.com/show_bug.cgi?id=1473242
      and CentOS:
        https://bugs.centos.org/view.php?id=13964
      and we internally track several dozens reports for RHEL bug
        https://bugzilla.redhat.com/show_bug.cgi?id=1525121
      
      Link: http://lkml.kernel.org/r/0485727b2e82da7efbce5f6ba42524b429d0391a.1520011945.git.neelx@redhat.com
      Fixes: b92df1de ("mm: page_alloc: skip over regions of invalid pfns where possible")
      Signed-off-by: default avatarDaniel Vacek <neelx@redhat.com>
      Cc: Mel Gorman <mgorman@techsingularity.net>
      Cc: Michal Hocko <mhocko@suse.com>
      Cc: Paul Burton <paul.burton@imgtec.com>
      Cc: Pavel Tatashin <pasha.tatashin@oracle.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      864b75f9
    • Daniel Vacek's avatar
      mm/memblock.c: hardcode the end_pfn being -1 · 379b03b7
      Daniel Vacek authored
      This is just a cleanup.  It aids handling the special end case in the
      next commit.
      
      [akpm@linux-foundation.org: make it work against current -linus, not against -mm]
      [akpm@linux-foundation.org: make it work against current -linus, not against -mm some more]
      Link: http://lkml.kernel.org/r/1ca478d4269125a99bcfb1ca04d7b88ac1aee924.1520011944.git.neelx@redhat.comSigned-off-by: default avatarDaniel Vacek <neelx@redhat.com>
      Cc: Michal Hocko <mhocko@suse.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: Mel Gorman <mgorman@techsingularity.net>
      Cc: Pavel Tatashin <pasha.tatashin@oracle.com>
      Cc: Paul Burton <paul.burton@imgtec.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      379b03b7
    • Andrea Arcangeli's avatar
      mm/gup.c: teach get_user_pages_unlocked to handle FOLL_NOWAIT · 96312e61
      Andrea Arcangeli authored
      KVM is hanging during postcopy live migration with userfaultfd because
      get_user_pages_unlocked is not capable to handle FOLL_NOWAIT.
      
      Earlier FOLL_NOWAIT was only ever passed to get_user_pages.
      
      Specifically faultin_page (the callee of get_user_pages_unlocked caller)
      doesn't know that if FAULT_FLAG_RETRY_NOWAIT was set in the page fault
      flags, when VM_FAULT_RETRY is returned, the mmap_sem wasn't actually
      released (even if nonblocking is not NULL).  So it sets *nonblocking to
      zero and the caller won't release the mmap_sem thinking it was already
      released, but it wasn't because of FOLL_NOWAIT.
      
      Link: http://lkml.kernel.org/r/20180302174343.5421-2-aarcange@redhat.com
      Fixes: ce53053c ("kvm: switch get_user_page_nowait() to get_user_pages_unlocked()")
      Signed-off-by: default avatarAndrea Arcangeli <aarcange@redhat.com>
      Reported-by: default avatarDr. David Alan Gilbert <dgilbert@redhat.com>
      Tested-by: default avatarDr. David Alan Gilbert <dgilbert@redhat.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      96312e61
    • Kees Cook's avatar
      lib/bug.c: exclude non-BUG/WARN exceptions from report_bug() · 1b4cfe3c
      Kees Cook authored
      Commit b8347c21 ("x86/debug: Handle warnings before the notifier
      chain, to fix KGDB crash") changed the ordering of fixups, and did not
      take into account the case of x86 processing non-WARN() and non-BUG()
      exceptions.  This would lead to output of a false BUG line with no other
      information.
      
      In the case of a refcount exception, it would be immediately followed by
      the refcount WARN(), producing very strange double-"cut here":
      
        lkdtm: attempting bad refcount_inc() overflow
        ------------[ cut here ]------------
        Kernel BUG at 0000000065f29de5 [verbose debug info unavailable]
        ------------[ cut here ]------------
        refcount_t overflow at lkdtm_REFCOUNT_INC_OVERFLOW+0x6b/0x90 in cat[3065], uid/euid: 0/0
        WARNING: CPU: 0 PID: 3065 at kernel/panic.c:657 refcount_error_report+0x9a/0xa4
        ...
      
      In the prior ordering, exceptions were searched first:
      
         do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str,
         ...
                      if (fixup_exception(regs, trapnr))
                              return 0;
      
        -               if (fixup_bug(regs, trapnr))
        -                       return 0;
        -
      
      As a result, fixup_bugs()'s is_valid_bugaddr() didn't take into account
      needing to search the exception list first, since that had already
      happened.
      
      So, instead of searching the exception list twice (once in
      is_valid_bugaddr() and then again in fixup_exception()), just add a
      simple sanity check to report_bug() that will immediately bail out if a
      BUG() (or WARN()) entry is not found.
      
      Link: http://lkml.kernel.org/r/20180301225934.GA34350@beast
      Fixes: b8347c21 ("x86/debug: Handle warnings before the notifier chain, to fix KGDB crash")
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Richard Weinberger <richard.weinberger@gmail.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1b4cfe3c
    • Kees Cook's avatar
      bug: use %pB in BUG and stack protector failure · 0862ca42
      Kees Cook authored
      The BUG and stack protector reports were still using a raw %p.  This
      changes it to %pB for more meaningful output.
      
      Link: http://lkml.kernel.org/r/20180301225704.GA34198@beast
      Fixes: ad67b74d ("printk: hash addresses printed with %p")
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Reviewed-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Richard Weinberger <richard.weinberger@gmail.com>,
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      0862ca42
    • Michal Hocko's avatar
      hugetlb: fix surplus pages accounting · 4704dea3
      Michal Hocko authored
      Dan Rue has noticed that libhugetlbfs test suite fails counter test:
      
        # mount_point="/mnt/hugetlb/"
        # echo 200 > /proc/sys/vm/nr_hugepages
        # mkdir -p "${mount_point}"
        # mount -t hugetlbfs hugetlbfs "${mount_point}"
        # export LD_LIBRARY_PATH=/root/libhugetlbfs/libhugetlbfs-2.20/obj64
        # /root/libhugetlbfs/libhugetlbfs-2.20/tests/obj64/counters
        Starting testcase "/root/libhugetlbfs/libhugetlbfs-2.20/tests/obj64/counters", pid 3319
        Base pool size: 0
        Clean...
        FAIL    Line 326: Bad HugePages_Total: expected 0, actual 1
      
      The bug was bisected to 0c397dae ("mm, hugetlb: further simplify
      hugetlb allocation API").
      
      The reason is that alloc_surplus_huge_page() misaccounts per node
      surplus pages.  We should increase surplus_huge_pages_node rather than
      nr_huge_pages_node which is already handled by alloc_fresh_huge_page.
      
      Link: http://lkml.kernel.org/r/20180221191439.GM2231@dhcp22.suse.cz
      Fixes: 0c397dae ("mm, hugetlb: further simplify hugetlb allocation API")
      Signed-off-by: default avatarMichal Hocko <mhocko@suse.com>
      Reported-by: default avatarDan Rue <dan.rue@linaro.org>
      Tested-by: default avatarDan Rue <dan.rue@linaro.org>
      Reviewed-by: default avatarMike Kravetz <mike.kravetz@oracle.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      4704dea3
  3. 09 Mar, 2018 14 commits
    • Leon Romanovsky's avatar
      RDMA/mlx5: Fix integer overflow while resizing CQ · 28e9091e
      Leon Romanovsky authored
      The user can provide very large cqe_size which will cause to integer
      overflow as it can be seen in the following UBSAN warning:
      
      =======================================================================
      UBSAN: Undefined behaviour in drivers/infiniband/hw/mlx5/cq.c:1192:53
      signed integer overflow:
      64870 * 65536 cannot be represented in type 'int'
      CPU: 0 PID: 267 Comm: syzkaller605279 Not tainted 4.15.0+ #90 Hardware
      name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
      rel-1.7.5-0-ge51488c-20140602_164612-nilsson.home.kraxel.org 04/01/2014
      Call Trace:
       dump_stack+0xde/0x164
       ? dma_virt_map_sg+0x22c/0x22c
       ubsan_epilogue+0xe/0x81
       handle_overflow+0x1f3/0x251
       ? __ubsan_handle_negate_overflow+0x19b/0x19b
       ? lock_acquire+0x440/0x440
       mlx5_ib_resize_cq+0x17e7/0x1e40
       ? cyc2ns_read_end+0x10/0x10
       ? native_read_msr_safe+0x6c/0x9b
       ? cyc2ns_read_end+0x10/0x10
       ? mlx5_ib_modify_cq+0x220/0x220
       ? sched_clock_cpu+0x18/0x200
       ? lookup_get_idr_uobject+0x200/0x200
       ? rdma_lookup_get_uobject+0x145/0x2f0
       ib_uverbs_resize_cq+0x207/0x3e0
       ? ib_uverbs_ex_create_cq+0x250/0x250
       ib_uverbs_write+0x7f9/0xef0
       ? cyc2ns_read_end+0x10/0x10
       ? print_irqtrace_events+0x280/0x280
       ? ib_uverbs_ex_create_cq+0x250/0x250
       ? uverbs_devnode+0x110/0x110
       ? sched_clock_cpu+0x18/0x200
       ? do_raw_spin_trylock+0x100/0x100
       ? __lru_cache_add+0x16e/0x290
       __vfs_write+0x10d/0x700
       ? uverbs_devnode+0x110/0x110
       ? kernel_read+0x170/0x170
       ? sched_clock_cpu+0x18/0x200
       ? security_file_permission+0x93/0x260
       vfs_write+0x1b0/0x550
       SyS_write+0xc7/0x1a0
       ? SyS_read+0x1a0/0x1a0
       ? trace_hardirqs_on_thunk+0x1a/0x1c
       entry_SYSCALL_64_fastpath+0x1e/0x8b
      RIP: 0033:0x433549
      RSP: 002b:00007ffe63bd1ea8 EFLAGS: 00000217
      =======================================================================
      
      Cc: syzkaller <syzkaller@googlegroups.com>
      Cc: <stable@vger.kernel.org> # 3.13
      Fixes: bde51583 ("IB/mlx5: Add support for resize CQ")
      Reported-by: default avatarNoa Osherovich <noaos@mellanox.com>
      Reviewed-by: default avatarYishai Hadas <yishaih@mellanox.com>
      Signed-off-by: default avatarLeon Romanovsky <leonro@mellanox.com>
      Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
      28e9091e
    • Doug Ledford's avatar
      Revert "RDMA/mlx5: Fix integer overflow while resizing CQ" · 212a0cbc
      Doug Ledford authored
      The original commit of this patch has a munged log message that is
      missing several of the tags the original author intended to be on the
      patch.  This was due to patchworks misinterpreting a cut-n-paste
      separator line as an end of message line and munging the mbox that was
      used to import the patch:
      
      https://patchwork.kernel.org/patch/10264089/
      
      The original patch will be reapplied with a fixed commit message so the
      proper tags are applied.
      
      This reverts commit aa0de36a.
      Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
      212a0cbc
    • Linus Torvalds's avatar
      Merge tag 'pci-v4.16-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · c68a2cf0
      Linus Torvalds authored
      Pull PCI fixes from Bjorn Helgaas:
      
       - fix sparc build issue when OF_IRQ not enabled (Guenter Roeck)
      
       - fix enumeration of devices below switches on DesignWare-based
         controllers (Koen Vandeputte)
      
      * tag 'pci-v4.16-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
        PCI: dwc: Fix enumeration end when reaching root subordinate
        PCI: Move of_irq_parse_and_map_pci() declaration under OF_IRQ
      c68a2cf0
    • Linus Torvalds's avatar
      Merge tag 'fbdev-v4.16-rc5' of git://github.com/bzolnier/linux · 99d7d64b
      Linus Torvalds authored
      Pull fbdev fix from Bartlomiej Zolnierkiewicz:
       "Just a single fix to close a kernel data leak in FBIOGETCMAP_SPARC
        ioctl"
      
      * tag 'fbdev-v4.16-rc5' of git://github.com/bzolnier/linux:
        fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper().
      99d7d64b
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-for-v4.16-rc5' of git://people.freedesktop.org/~airlied/linux · 65307f2e
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "There are a small set of sun4i and i915 fixes, and many more amdgpu
        fixes:
      
        sun4i:
         - divide by zero fix
         - clock and LVDS fixes
      
        i915:
         - fix for perf
         - race fix
      
        amdgpu:
         - a bit more than we are normally comfortable with at this point,
           however it does fix a lot of display issues with the new DC code
           which result in black screens in various configurations along with
           some run of the mill gpu configuration fixes.
      
           I'm happy enough that the fixes are limited to the DC code and
           should fix a bunch of issues on the new raven ridge APUs that we
           are seeing shipped now"
      
      * tag 'drm-fixes-for-v4.16-rc5' of git://people.freedesktop.org/~airlied/linux: (42 commits)
        drm/amd/display: validate plane format on primary plane
        drm/amdgpu:Always save uvd vcpu_bo in VM Mode
        drm/amdgpu:Correct max uvd handles
        drm/amd/display: early return if not in vga mode in disable_vga
        drm/amd/display: Fix takover from VGA mode
        drm/amd/display: Fix memleaks when atomic check fails.
        drm/amd/display: Return success when enabling interrupt
        drm/amd/display: Use crtc enable/disable_vblank hooks
        drm/amd/display: update infoframe after dig fe is turned on
        drm/amd/display: fix boot-up on vega10
        drm/amd/display: fix cursor related Pstate hang
        drm/amd/display: Set irq state only on existing crtcs
        drm/amd/display: Fixed non-native modes not lighting up
        drm/amd/display: Call update_stream_signal directly from amdgpu_dm
        drm/amd/display: Make create_stream_for_sink more consistent
        drm/amd/display: Don't block dual-link DVI modes
        drm/amd/display: Don't allow dual-link DVI on all ASICs.
        drm/amd/display: Pass signal directly to enable_tmds_output
        drm/amd/display: Remove unnecessary fail labels in create_stream_for_sink
        drm/amd/display: Move MAX_TMDS_CLOCK define to header
        ...
      65307f2e
    • Linus Torvalds's avatar
      Merge tag 'sound-4.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · dfbab3fa
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "Two type of fixes:
      
         - The usual stuff, a handful HD-audio quirks for various machines
      
         - Further hardening against ALSA sequencer ioctl/write races that are
           triggered by fuzzer"
      
      * tag 'sound-4.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
        ALSA: hda: add dock and led support for HP ProBook 640 G2
        ALSA: hda: add dock and led support for HP EliteBook 820 G3
        ALSA: hda/realtek - Make dock sound work on ThinkPad L570
        ALSA: seq: Remove superfluous snd_seq_queue_client_leave_cells() call
        ALSA: seq: More protection for concurrent write and ioctl races
        ALSA: seq: Don't allow resizing pool in use
        ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520
        ALSA: hda/realtek: Limit mic boost on T480
        ALSA: hda/realtek - Add headset mode support for Dell laptop
        ALSA: hda/realtek - Add support headset mode for DELL WYSE
        ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines
      dfbab3fa
    • Marc Zyngier's avatar
      arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery · e21da1c9
      Marc Zyngier authored
      A recent update to the ARM SMCCC ARCH_WORKAROUND_1 specification
      allows firmware to return a non zero, positive value to describe
      that although the mitigation is implemented at the higher exception
      level, the CPU on which the call is made is not affected.
      
      Let's relax the check on the return value from ARCH_WORKAROUND_1
      so that we only error out if the returned value is negative.
      
      Fixes: b092201e ("arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support")
      Signed-off-by: default avatarMarc Zyngier <marc.zyngier@arm.com>
      Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      e21da1c9
    • Matthew Wilcox's avatar
      Documentation/sphinx: Fix Directive import error · ff690eee
      Matthew Wilcox authored
      Sphinx 1.7 removed sphinx.util.compat.Directive so people
      who have upgraded cannot build the documentation.  Switch to
      docutils.parsers.rst.Directive which has been available since
      docutils 0.5 released in 2009.
      
      Bugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=1083694Co-developed-by: default avatarTakashi Iwai <tiwai@suse.de>
      Acked-by: default avatarJani Nikula <jani.nikula@intel.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMatthew Wilcox <mawilcox@microsoft.com>
      Signed-off-by: default avatarJonathan Corbet <corbet@lwn.net>
      ff690eee
    • Linus Torvalds's avatar
      Merge branch 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs · 719ea861
      Linus Torvalds authored
      Pull overlayfs fixes from Miklos Szeredi:
       "This fixes a corner case for NFS exporting (introduced in this cycle)
        as well as fixing miscellaneous bugs"
      
      * 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
        ovl: update Kconfig texts
        ovl: redirect_dir=nofollow should not follow redirect for opaque lower
        ovl: fix ptr_ret.cocci warnings
        ovl: check ERR_PTR() return value from ovl_lookup_real()
        ovl: check lower ancestry on encode of lower dir file handle
        ovl: hash non-dir by lower inode for fsnotify
      719ea861
    • Linus Torvalds's avatar
      Merge tag 'xfs-4.16-fixes-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · 2d9b1d69
      Linus Torvalds authored
      Pull xfs fixes from Darrick Wong:
      
       - Fix some iomap locking problems
      
       - Don't allocate cow blocks when we're zeroing file data
      
      * tag 'xfs-4.16-fixes-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        xfs: don't block on the ilock for RWF_NOWAIT
        xfs: don't start out with the exclusive ilock for direct I/O
        xfs: don't allocate COW blocks for zeroing holes or unwritten extents
      2d9b1d69
    • Darren Hart (VMware)'s avatar
      platform/x86: dell-smbios: Resolve dependency error on DCDBAS · 32d7b19b
      Darren Hart (VMware) authored
      When the DELL_SMBIOS_SMM backend is enabled, the DELL_SMBIOS symbol
      depends on DELL_DCDBAS, and we must avoid the situation where
      DELL_SMBIOS=y and DCDBAS=m.
      
      Adding the conditional dependency to DELL_SMBIOS such as:
      
      depends !DELL_SMBIOS_SMM || (DCDBAS || DCDBAS=n)
      
      results in the Kconfig tooling complaining about a circular dependency,
      although it appears to work in practice.
      
      Avoid the errors by simplifying the dependency and forcing DELL_SMBIOS
      to be <= DCDBAS if DCDBAS is enabled (thanks to Greg KH for the
      suggestion).
      
      Cc: Mario.Limonciello@dell.com
      Signed-off-by: default avatarDarren Hart (VMware) <dvhart@infradead.org>
      32d7b19b
    • Darren Hart (VMware)'s avatar
      platform/x86: Allow for SMBIOS backend defaults · 329d58b8
      Darren Hart (VMware) authored
      Avoid accidental configurations by setting default y for DELL_SMBIOS
      backends. Avoid this impacting the default build size, by making them
      dependent on DELL_SMBIOS, so they only appear when DELL_SMBIOS is
      manually selected, or by DELL_LAPTOP or DELL_WMI.
      
      While DELL_SMBIOS does have a prompt, it does not have any dependencies.
      Keeping DELL_SMBIOS visible, despite being "select"ed by DELL_LAPTOP and
      DELL_WMI, is a deliberate choice to provide context for the WMI and SMM
      backends, which would otherwise appear to float without context within
      the menu.
      Signed-off-by: default avatarDarren Hart (VMware) <dvhart@infradead.org>
      329d58b8
    • Mario Limonciello's avatar
      platform/x86: dell-smbios: Link all dell-smbios-* modules together · 25d47027
      Mario Limonciello authored
      Some race conditions were raised due to dell-smbios and its backends
      not being ready by the time that a consumer would call one of the
      exported methods.
      
      To avoid this problem, guarantee that all initialization has been
      done by linking them all together and running init for them all.
      
      As part of this change the Kconfig needs to be adjusted so that
      CONFIG_DELL_SMBIOS_SMM and CONFIG_DELL_SMBIOS_WMI are boolean
      rather than modules.
      
      CONFIG_DELL_SMBIOS is a visually selectable option again and both
      CONFIG_DELL_SMBIOS_WMI and CONFIG_DELL_SMBIOS_SMM are optional.
      Signed-off-by: default avatarMario Limonciello <mario.limonciello@dell.com>
      [dvhart: Update prompt and help text for DELL_SMBIOS_* backends]
      Signed-off-by: default avatarDarren Hart (VMware) <dvhart@infradead.org>
      25d47027
    • Mario Limonciello's avatar
      platform/x86: dell-smbios: Rename dell-smbios source to dell-smbios-base · 94f77cb1
      Mario Limonciello authored
      This is being done to faciliate a later change to link all the dell-smbios
      drivers together.
      Signed-off-by: default avatarMario Limonciello <mario.limonciello@dell.com>
      Signed-off-by: default avatarDarren Hart (VMware) <dvhart@infradead.org>
      94f77cb1