1. 06 11月, 2019 40 次提交
    • S
      rtc: pcf8523: set xtal load capacitance from DT · 91901415
      Sam Ravnborg 提交于
      [ Upstream commit 189927e719e36ceefbb8037f23d3849e47833aef ]
      
      Add support for specifying the xtal load capacitance in the DT node.
      The pcf8523 supports xtal load capacitance of 7pF or 12.5pF.
      If the rtc has the wrong configuration the time will
      drift several hours/week.
      
      The driver use the default value 12.5pF.
      
      The DT may specify either 7000fF or 12500fF.
      (The DT uses femto Farad to avoid decimal numbers).
      Other values are warned and the driver uses the default value.
      Signed-off-by: NSam Ravnborg <sam@ravnborg.org>
      Cc: Alessandro Zummo <a.zummo@towertech.it>
      Cc: Alexandre Belloni <alexandre.belloni@bootlin.com>
      Signed-off-by: NAlexandre Belloni <alexandre.belloni@bootlin.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      91901415
    • J
      usb: handle warm-reset port requests on hub resume · 961ba81d
      Jan-Marek Glogowski 提交于
      [ Upstream commit 4fdc1790e6a9ef22399c6bc6e63b80f4609f3b7e ]
      
      On plug-in of my USB-C device, its USB_SS_PORT_LS_SS_INACTIVE
      link state bit is set. Greping all the kernel for this bit shows
      that the port status requests a warm-reset this way.
      
      This just happens, if its the only device on the root hub, the hub
      therefore resumes and the HCDs status_urb isn't yet available.
      If a warm-reset request is detected, this sets the hubs event_bits,
      which will prevent any auto-suspend and allows the hubs workqueue
      to warm-reset the port later in port_event.
      Signed-off-by: NJan-Marek Glogowski <glogow@fbihome.de>
      Acked-by: NAlan Stern <stern@rowland.harvard.edu>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      961ba81d
    • J
      ALSA: usb-audio: Cleanup DSD whitelist · 3a77562e
      Jussi Laako 提交于
      [ Upstream commit 202e69e645545e8dcec5e239658125276a7a315a ]
      
      XMOS/Thesycon family of USB Audio Class firmware flags DSD altsetting
      separate from the PCM ones. Thus the DSD altsetting can be auto-detected
      based on the flag and doesn't need maintaining specific altsetting
      whitelist.
      
      In addition, static VID:PID-to-altsetting whitelisting causes problems
      when firmware update changes the altsetting, or same VID:PID is reused
      for another device that has different kind of firmware.
      
      This patch removes existing explicit whitelist mappings for XMOS VID
      (0x20b1) and Thesycon VID (0x152a).
      
      Also corrects placement of Hegel HD12 and NuPrime DAC-10 to keep list
      sorted based on VID.
      Signed-off-by: NJussi Laako <jussi@sonarnerd.net>
      Signed-off-by: NTakashi Iwai <tiwai@suse.de>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      3a77562e
    • F
      usb: dwc3: gadget: clear DWC3_EP_TRANSFER_STARTED on cmd complete · a0608eec
      Felipe Balbi 提交于
      [ Upstream commit acbfa6c26f21a18830ee064b588c92334305b6af ]
      
      We must wait until End Transfer completes in order to clear
      DWC3_EP_TRANSFER_STARTED, otherwise we may confuse the driver.
      
      This patch is in preparation to fix a rare race condition that happens
      upon Disconnect Interrupt.
      Tested-by: NThinh Nguyen <thinhn@synopsys.com>
      Signed-off-by: NFelipe Balbi <felipe.balbi@linux.intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      a0608eec
    • F
      usb: dwc3: gadget: early giveback if End Transfer already completed · d0e8b35e
      Felipe Balbi 提交于
      [ Upstream commit 9f45581f5eec6786c6eded2b3c85345d82a910c9 ]
      
      There is a rare race condition that may happen during a Disconnect
      Interrupt if we have a started request that happens to be
      dequeued *after* completion of End Transfer command. If that happens,
      that request will be left waiting for completion of an End Transfer
      command that will never happen.
      
      If End Transfer command has already completed before, we are safe to
      giveback the request straight away.
      Tested-by: NThinh Nguyen <thinhn@synopsys.com>
      Signed-off-by: NFelipe Balbi <felipe.balbi@linux.intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      d0e8b35e
    • D
      samples: bpf: fix: seg fault with NULL pointer arg · 335d4f81
      Daniel T. Lee 提交于
      [ Upstream commit d59dd69d5576d699d7d3f5da0b4738c3a36d0133 ]
      
      When NULL pointer accidentally passed to write_kprobe_events,
      due to strlen(NULL), segmentation fault happens.
      Changed code returns -1 to deal with this situation.
      
      Bug issued with Smatch, static analysis.
      Signed-off-by: NDaniel T. Lee <danieltimlee@gmail.com>
      Acked-by: NSong Liu <songliubraving@fb.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      335d4f81
    • R
      HID: steam: fix deadlock with input devices. · c41f30e8
      Rodrigo Rivas Costa 提交于
      [ Upstream commit 6b538cc21334b83f09b25dec4aa2d2726bf07ed0 ]
      
      When using this driver with the wireless dongle and some usermode
      program that monitors every input device (acpid, for example), while
      another usermode client opens and closes the low-level device
      repeadedly, the system eventually deadlocks.
      
      The reason is that steam_input_register_device() must not be called with
      the mutex held, because the input subsystem has its own synchronization
      that clashes with this one: it is possible that steam_input_open() is
      called before input_register_device() returns, and since
      steam_input_open() needs to lock the mutex, it deadlocks.
      
      However we must hold the mutex when calling any function that sends
      commands to the controller. If not, random commands end up falling fail.
      Reported-by: NSimon Gene Gottlieb <simon@gottliebtfreitag.de>
      Signed-off-by: NRodrigo Rivas Costa <rodrigorivascosta@gmail.com>
      Tested-by: NSimon Gene Gottlieb <simon@gottliebtfreitag.de>
      Signed-off-by: NJiri Kosina <jkosina@suse.cz>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      c41f30e8
    • R
      HID: steam: fix boot loop with bluetooth firmware · 4c8ae722
      Rodrigo Rivas Costa 提交于
      [ Upstream commit cf28aee292e102740e49f74385b4b89c00050763 ]
      
      There is a new firmware for the Steam Controller with support for BLE
      connections. When using such a device with a wired connection, it
      reboots itself every 10 seconds unless an application has opened it.
      
      Doing hid_hw_open() unconditionally on probe fixes the issue, and the
      code becomes simpler.
      Signed-off-by: NRodrigo Rivas Costa <rodrigorivascosta@gmail.com>
      Signed-off-by: NJiri Kosina <jkosina@suse.cz>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      4c8ae722
    • T
      NFSv4: Ensure that the state manager exits the loop on SIGKILL · ce05beb3
      Trond Myklebust 提交于
      [ Upstream commit a1aa09be21fa344d1f5585aab8164bfae55f57e3 ]
      Signed-off-by: NTrond Myklebust <trond.myklebust@hammerspace.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      ce05beb3
    • N
      HID: Add ASUS T100CHI keyboard dock battery quirks · 952b0285
      NOGUCHI Hiroshi 提交于
      [ Upstream commit a767ffea05d2737f6542cd78458a84a157fa216d ]
      
      Add ASUS Transbook T100CHI/T90CHI keyboard dock into battery quirk list, in
      order to add specific implementation in hid-asus.
      Signed-off-by: NNOGUCHI Hiroshi <drvlabo@gmail.com>
      Signed-off-by: NJiri Kosina <jkosina@suse.cz>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      952b0285
    • S
      staging: mt7621-pinctrl: use pinconf-generic for 'dt_node_to_map' and 'dt_free_map' · 24ec7c1b
      Sergio Paracuellos 提交于
      [ Upstream commit 0ca1f90861b6d64386261096b42bfc81ce11948a ]
      
      Instead of reimplement afunction to do 'dt_node_to_map' task like
      'rt2880_pinctrl_dt_node_to_map' make use of 'pinconf_generic_dt_node_to_map_all'
      generic function for this task. Also use its equivalent function for free which
      is 'pinconf_generic_dt_free_map'. Remove 'rt2880_pinctrl_dt_node_to_map' function
      which is not needed anymore. This decrease a bit driver LOC and make it more
      generic. To properly compile this changes 'GENERIC_PINCONF' option is selected
      with the driver in its Kconfig file.
      
      This also fix a problem with function 'rt2880_pinctrl_dt_node_to_map' which was
      calling internally 'pinctrl_utils_reserve_map' which expects 'num_maps' to be initialized.
      It does a memory allocation based on the value, and triggers the following
      warning if is not properly set:
      
      if (unlikely(order >= MAX_ORDER)) {
              WARN_ON_ONCE(!(gfp_mask & __GFP_NOWARN));
              return NULL;
      }
      
      Generic function 'pinconf_generic_dt_node_to_map_all' initializes properly
      'num_maps' to zero fixing the problem.
      
      Fixes: e12a1a6e ("staging: mt7621-pinctrl: refactor rt2880_pinctrl_dt_node_to_map function")
      Reported-by: NNeilBrown <neil@brown.name>
      Tested-by: NNeilBrown <neil@brown.name>
      Signed-off-by: NSergio Paracuellos <sergio.paracuellos@gmail.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      24ec7c1b
    • B
      scripts/setlocalversion: Improve -dirty check with git-status --no-optional-locks · b064e272
      Brian Norris 提交于
      [ Upstream commit ff64dd4857303dd5550faed9fd598ac90f0f2238 ]
      
      git-diff-index does not refresh the index for you, so using it for a
      "-dirty" check can give misleading results. Commit 6147b1cf
      ("scripts/setlocalversion: git: Make -dirty check more robust") tried to
      fix this by switching to git-status, but it overlooked the fact that
      git-status also writes to the .git directory of the source tree, which
      is definitely not kosher for an out-of-tree (O=) build. That is getting
      reverted.
      
      Fortunately, git-status now supports avoiding writing to the index via
      the --no-optional-locks flag, as of git 2.14. It still calculates an
      up-to-date index, but it avoids writing it out to the .git directory.
      
      So, let's retry the solution from commit 6147b1cf using this new
      flag first, and if it fails, we assume this is an older version of git
      and just use the old git-diff-index method.
      
      It's hairy to get the 'grep -vq' (inverted matching) correct by stashing
      the output of git-status (you have to be careful about the difference
      betwen "empty stdin" and "blank line on stdin"), so just pipe the output
      directly to grep and use a regex that's good enough for both the
      git-status and git-diff-index version.
      
      Cc: Christian Kujau <lists@nerdbynature.de>
      Cc: Guenter Roeck <linux@roeck-us.net>
      Suggested-by: NAlexander Kapshuk <alexander.kapshuk@gmail.com>
      Signed-off-by: NBrian Norris <briannorris@chromium.org>
      Tested-by: NGenki Sky <sky@genki.is>
      Signed-off-by: NMasahiro Yamada <yamada.masahiro@socionext.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      b064e272
    • Y
      clk: boston: unregister clks on failure in clk_boston_setup() · 9aafa299
      Yi Wang 提交于
      [ Upstream commit 8b627f616ed63dcaf922369fc14a5daf8ad03038 ]
      
      The registered clks should unregister when something wrong happens
      before going out in function clk_boston_setup().
      Signed-off-by: NYi Wang <wang.yi59@zte.com.cn>
      Signed-off-by: NStephen Boyd <sboyd@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      9aafa299
    • A
      ath10k: assign 'n_cipher_suites = 11' for WCN3990 to enable WPA3 · 1ba64887
      Abhishek Ambure 提交于
      [ Upstream commit 7ba31e6e0cdc0cc2e60e1fcbf467f3c95aea948e ]
      
      Hostapd uses CCMP, GCMP & GCMP-256 as 'wpa_pairwise' option to run WPA3.
      In WCN3990 firmware cipher suite numbers 9 to 11 are for CCMP,
      GCMP & GCMP-256.
      
      To enable CCMP, GCMP & GCMP-256 cipher suites in WCN3990 firmware,
      host sets 'n_cipher_suites = 11' while initializing hardware parameters.
      
      Tested HW: WCN3990
      Tested FW: WLAN.HL.2.0-01188-QCAHLSWMTPLZ-1
      Signed-off-by: NAbhishek Ambure <aambure@codeaurora.org>
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      1ba64887
    • V
      platform/x86: Fix config space access for intel_atomisp2_pm · a6af54d4
      Ville Syrjälä 提交于
      [ Upstream commit 6a31061833a52a79c99221b6251db08cf377470e ]
      
      We lose even config space access when we power gate the ISP
      via the PUNIT. That makes lspci & co. produce gibberish.
      
      To fix that let's try to implement actual runtime pm hooks
      and inform the pci core that the device always goes to
      D3cold. That will cause the pci core to resume the device
      before attempting config space access.
      
      This introduces another annoyance though. We get the
      following error every time we try to resume the device:
      intel_atomisp2_pm 0000:00:03.0: Refused to change power state, currently in D3
      
      The reason being that the pci core tries to put the device
      back into D0 via the standard PCI PM mechanism before
      calling the driver resume hook. To fix this properly
      we'd need to infiltrate the platform pm hooks (could
      turn ugly real fast), or use pm domains (which don't
      seem to exist on x86), or some extra early resume
      hook for the driver (which doesn't exist either).
      So maybe we just choose to live with the error?
      
      Cc: Hans de Goede <hdegoede@redhat.com>
      Cc: Alan Cox <alan@linux.intel.com>
      Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
      Cc: Darren Hart <dvhart@infradead.org>
      Signed-off-by: NVille Syrjälä <ville.syrjala@linux.intel.com>
      Signed-off-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Reviewed-by: NHans de Goede <hdegoede@redhat.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      a6af54d4
    • V
      platform/x86: Add the VLV ISP PCI ID to atomisp2_pm · 8694ceba
      Ville Syrjälä 提交于
      [ Upstream commit 8a7d7141528ad67e465bc6afacc6a3144d1fe320 ]
      
      If the ISP is exposed as a PCI device VLV machines need the
      same treatment as CHV machines to power gate the ISP. Otherwise
      s0ix will not work.
      
      Cc: Hans de Goede <hdegoede@redhat.com>
      Cc: Alan Cox <alan@linux.intel.com>
      Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
      Cc: Darren Hart <dvhart@infradead.org>
      Signed-off-by: NVille Syrjälä <ville.syrjala@linux.intel.com>
      Reviewed-by: NHans de Goede <hdegoede@redhat.com>
      Signed-off-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      8694ceba
    • H
      HID: i2c-hid: Add Odys Winbook 13 to descriptor override · 8c1b1d3c
      Hans de Goede 提交于
      [ Upstream commit f8f807441eefddc3c6d8a378421f0ede6361d565 ]
      
      The Odys Winbook 13 uses a SIPODEV SP1064 touchpad, which does not
      supply descriptors, add this to the DMI descriptor override list, fixing
      the touchpad not working.
      
      BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1526312Reported-by: NRene Wagner <redhatbugzilla@callerid.de>
      Signed-off-by: NHans de Goede <hdegoede@redhat.com>
      Signed-off-by: NJiri Kosina <jkosina@suse.cz>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      8c1b1d3c
    • K
      HID: i2c-hid: Ignore input report if there's no data present on Elan touchpanels · 3db39611
      Kai-Heng Feng 提交于
      [ Upstream commit 1475af255e18f35dc46f8a7acc18354c73d45149 ]
      
      While using Elan touchpads, the message floods:
      [  136.138487] i2c_hid i2c-DELL08D6:00: i2c_hid_get_input: incomplete report (14/65535)
      
      Though the message flood is annoying, the device it self works without
      any issue. I suspect that the device in question takes too much time to
      pull the IRQ back to high after I2C host has done reading its data.
      
      Since the host receives all useful data, let's ignore the input report
      when there's no data.
      Signed-off-by: NKai-Heng Feng <kai.heng.feng@canonical.com>
      Signed-off-by: NBenjamin Tissoires <benjamin.tissoires@redhat.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      3db39611
    • K
      HID: i2c-hid: Disable runtime PM for LG touchscreen · e0bcac99
      Kai-Heng Feng 提交于
      [ Upstream commit 86c31524b27c7e686841dd4a79eda95cfd989f16 ]
      
      LG touchscreen (1fd2:8001) stops working after reboot:
      [ 4.859153] i2c_hid i2c-SAPS2101:00: i2c_hid_get_input: incomplete report (64/66)
      [ 4.936070] i2c_hid i2c-SAPS2101:00: i2c_hid_get_input: incomplete report (64/66)
      [ 9.948224] i2c_hid i2c-SAPS2101:00: failed to reset device.
      
      The device in question stops working after receives SLEEP, ON, SLEEP
      commands in a short period. The scenario is like this:
      - Once the desktop session closes, it also closed the hid device, so the
      device gets runtime suspended and receives a SLEEP command.
      - Before calling shutdown callback, it gets runtime resumed and received
      an ON command.
      - In the shutdown callback, it receives another SLEEP command.
      
      I failed to find a reliable interval between ON/SLEEP commands that can
      make it work, so let's simply disable runtime PM for the device.
      Signed-off-by: NKai-Heng Feng <kai.heng.feng@canonical.com>
      Signed-off-by: NJiri Kosina <jkosina@suse.cz>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      e0bcac99
    • S
      netfilter: ipset: Make invalid MAC address checks consistent · d8187ff3
      Stefano Brivio 提交于
      [ Upstream commit 29edbc3ebdb0faa934114f14bf12fc0b784d4f1b ]
      
      Set types bitmap:ipmac and hash:ipmac check that MAC addresses
      are not all zeroes.
      
      Introduce one missing check, and make the remaining ones
      consistent, using is_zero_ether_addr() instead of comparing
      against an array containing zeroes.
      
      This was already done for hash:mac sets in commit 26c97c5d
      ("netfilter: ipset: Use is_zero_ether_addr instead of static and
      memcmp").
      Signed-off-by: NStefano Brivio <sbrivio@redhat.com>
      Signed-off-by: NJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      d8187ff3
    • F
      Btrfs: fix deadlock on tree root leaf when finding free extent · cb38a17c
      Filipe Manana 提交于
      [ Upstream commit 4222ea7100c0e37adace2790c8822758bbeee179 ]
      
      When we are writing out a free space cache, during the transaction commit
      phase, we can end up in a deadlock which results in a stack trace like the
      following:
      
       schedule+0x28/0x80
       btrfs_tree_read_lock+0x8e/0x120 [btrfs]
       ? finish_wait+0x80/0x80
       btrfs_read_lock_root_node+0x2f/0x40 [btrfs]
       btrfs_search_slot+0xf6/0x9f0 [btrfs]
       ? evict_refill_and_join+0xd0/0xd0 [btrfs]
       ? inode_insert5+0x119/0x190
       btrfs_lookup_inode+0x3a/0xc0 [btrfs]
       ? kmem_cache_alloc+0x166/0x1d0
       btrfs_iget+0x113/0x690 [btrfs]
       __lookup_free_space_inode+0xd8/0x150 [btrfs]
       lookup_free_space_inode+0x5b/0xb0 [btrfs]
       load_free_space_cache+0x7c/0x170 [btrfs]
       ? cache_block_group+0x72/0x3b0 [btrfs]
       cache_block_group+0x1b3/0x3b0 [btrfs]
       ? finish_wait+0x80/0x80
       find_free_extent+0x799/0x1010 [btrfs]
       btrfs_reserve_extent+0x9b/0x180 [btrfs]
       btrfs_alloc_tree_block+0x1b3/0x4f0 [btrfs]
       __btrfs_cow_block+0x11d/0x500 [btrfs]
       btrfs_cow_block+0xdc/0x180 [btrfs]
       btrfs_search_slot+0x3bd/0x9f0 [btrfs]
       btrfs_lookup_inode+0x3a/0xc0 [btrfs]
       ? kmem_cache_alloc+0x166/0x1d0
       btrfs_update_inode_item+0x46/0x100 [btrfs]
       cache_save_setup+0xe4/0x3a0 [btrfs]
       btrfs_start_dirty_block_groups+0x1be/0x480 [btrfs]
       btrfs_commit_transaction+0xcb/0x8b0 [btrfs]
      
      At cache_save_setup() we need to update the inode item of a block group's
      cache which is located in the tree root (fs_info->tree_root), which means
      that it may result in COWing a leaf from that tree. If that happens we
      need to find a free metadata extent and while looking for one, if we find
      a block group which was not cached yet we attempt to load its cache by
      calling cache_block_group(). However this function will try to load the
      inode of the free space cache, which requires finding the matching inode
      item in the tree root - if that inode item is located in the same leaf as
      the inode item of the space cache we are updating at cache_save_setup(),
      we end up in a deadlock, since we try to obtain a read lock on the same
      extent buffer that we previously write locked.
      
      So fix this by using the tree root's commit root when searching for a
      block group's free space cache inode item when we are attempting to load
      a free space cache. This is safe since block groups once loaded stay in
      memory forever, as well as their caches, so after they are first loaded
      we will never need to read their inode items again. For new block groups,
      once they are created they get their ->cached field set to
      BTRFS_CACHE_FINISHED meaning we will not need to read their inode item.
      Reported-by: NAndrew Nelson <andrew.s.nelson@gmail.com>
      Link: https://lore.kernel.org/linux-btrfs/CAPTELenq9x5KOWuQ+fa7h1r3nsJG8vyiTH8+ifjURc_duHh2Wg@mail.gmail.com/
      Fixes: 9d66e233 ("Btrfs: load free space cache if it exists")
      Tested-by: NAndrew Nelson <andrew.s.nelson@gmail.com>
      Reviewed-by: NJosef Bacik <josef@toxicpanda.com>
      Signed-off-by: NFilipe Manana <fdmanana@suse.com>
      Signed-off-by: NDavid Sterba <dsterba@suse.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      cb38a17c
    • L
      PCI: Fix Switchtec DMA aliasing quirk dmesg noise · 33970cf5
      Logan Gunthorpe 提交于
      [ Upstream commit 742bbe1ee35b5699c092541f97c7cec326556bb1 ]
      
      Currently the Switchtec quirk runs on all endpoints in the switch,
      including all the upstream and downstream ports.  These other functions do
      not contain BARs, so the quirk fails when trying to map the BAR and prints
      the error "Cannot iomap Switchtec device".  The user will see a few of
      these useless and scary errors, one for each port in the switch.
      
      At most, the quirk should only run on either a management endpoint
      (PCI_CLASS_MEMORY_OTHER) or an NTB endpoint (PCI_CLASS_BRIDGE_OTHER).
      However, the quirk is useless except in NTB applications, so we will
      only run it when the class is PCI_CLASS_BRIDGE_OTHER.
      
      Switch to using DECLARE_PCI_FIXUP_CLASS_FINAL and only match
      PCI_CLASS_BRIDGE_OTHER.
      Reported-by: NStephen Bates <sbates@raithlin.com>
      Fixes: ad281ecf ("PCI: Add DMA alias quirk for Microsemi Switchtec NTB")
      Signed-off-by: NLogan Gunthorpe <logang@deltatee.com>
      [bhelgaas: split SWITCHTEC_QUIRK() introduction to separate patch]
      Signed-off-by: NBjorn Helgaas <bhelgaas@google.com>
      Cc: Doug Meyer <dmeyer@gigaio.com>
      Cc: Kurt Schwemmer <kurt.schwemmer@microsemi.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      33970cf5
    • C
      bcache: fix input overflow to writeback_rate_minimum · 437de041
      Coly Li 提交于
      [ Upstream commit dab71b2db98dcdd4657d151b01a7be88ce10f9d1 ]
      
      dc->writeback_rate_minimum is type unsigned integer variable, it is set
      via sysfs interface, and converte from input string to unsigned integer
      by d_strtoul_nonzero(). When the converted input value is larger than
      UINT_MAX, overflow to unsigned integer happens.
      
      This patch fixes the overflow by using sysfs_strotoul_clamp() to
      convert input string and limit the value in range [1, UINT_MAX], then
      the overflow can be avoided.
      Signed-off-by: NColy Li <colyli@suse.de>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      437de041
    • J
      drm/msm/dpu: handle failures while initializing displays · be488566
      Jeykumar Sankaran 提交于
      [ Upstream commit a802ee99c448ca0496fa307f3e46b834ae2a46a3 ]
      
      Bail out KMS hw init on display initialization failures with
      proper error logging.
      
      changes in v3:
          - introduced in the series
      changes in v4:
          - avoid duplicate return on errors (Sean Paul)
          - avoid spamming errors on failures (Jordon Crouse)
      Signed-off-by: NJeykumar Sankaran <jsanka@codeaurora.org>
      Signed-off-by: NSean Paul <seanpaul@chromium.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      be488566
    • K
      x86/cpu: Add Atom Tremont (Jacobsville) · b5b3bb03
      Kan Liang 提交于
      [ Upstream commit 00ae831dfe4474ef6029558f5eb3ef0332d80043 ]
      
      Add the Atom Tremont model number to the Intel family list.
      
      [ Tony: Also update comment at head of file to say "_X" suffix is
        also used for microserver parts. ]
      Signed-off-by: NKan Liang <kan.liang@linux.intel.com>
      Signed-off-by: NQiuxu Zhuo <qiuxu.zhuo@intel.com>
      Signed-off-by: NTony Luck <tony.luck@intel.com>
      Signed-off-by: NBorislav Petkov <bp@suse.de>
      Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
      Cc: Aristeu Rozanski <aris@redhat.com>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: linux-edac <linux-edac@vger.kernel.org>
      Cc: Mauro Carvalho Chehab <mchehab@s-opensource.com>
      Cc: Megha Dey <megha.dey@linux.intel.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Qiuxu Zhuo <qiuxu.zhuo@intel.com>
      Cc: Rajneesh Bhardwaj <rajneesh.bhardwaj@intel.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: x86-ml <x86@kernel.org>
      Link: https://lkml.kernel.org/r/20190125195902.17109-4-tony.luck@intel.comSigned-off-by: NSasha Levin <sashal@kernel.org>
      b5b3bb03
    • L
      tools/power turbostat: fix goldmont C-state limit decoding · ab088869
      Len Brown 提交于
      [ Upstream commit 445640a563493f28d15f47e151e671281101e7dc ]
      
      When the C-state limit is 8 on Goldmont, PC10 is enabled.
      Previously turbostat saw this as "undefined", and thus assumed
      it should not show some counters, such as pc3, pc6, pc7.
      Signed-off-by: NLen Brown <len.brown@intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      ab088869
    • F
      usb: dwc2: fix unbalanced use of external vbus-supply · 4da8b5f8
      Fabrice Gasnier 提交于
      [ Upstream commit cd7cd0e6cedfda8da6668a4af6748f96bbb6fed4 ]
      
      When using external vbus supply regulator, it should be enabled
      synchronously with PWR bit in HPRT register. This also fixes
      unbalanced use of this optional regulator (This can be reproduced
      easily when unbinding the driver).
      
      Fixes: 531ef5eb ("usb: dwc2: add support for host mode external
      vbus supply")
      Tested-by: NArtur Petrosyan <arturp@synopsys.com>
      Acked-by: NMinas Harutyunyan <hminas@synopsys.com>
      Signed-off-by: NFabrice Gasnier <fabrice.gasnier@st.com>
      Signed-off-by: NAmelie Delaunay <amelie.delaunay@st.com>
      Signed-off-by: NFelipe Balbi <felipe.balbi@linux.intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      4da8b5f8
    • J
      HID: i2c-hid: add Direkt-Tek DTLAPY133-1 to descriptor override · 649ee6f0
      Julian Sax 提交于
      [ Upstream commit 399474e4c1100bca264ed14fa3ad0d68fab484d8 ]
      
      This device uses the SIPODEV SP1064 touchpad, which does not
      supply descriptors, so it has to be added to the override list.
      Reported-by: NTim Aldridge <taldridge@mac.com>
      Signed-off-by: NJulian Sax <jsbc@gmx.de>
      Signed-off-by: NJiri Kosina <jkosina@suse.cz>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      649ee6f0
    • C
      f2fs: fix to recover inode->i_flags of inode block during POR · ce435543
      Chao Yu 提交于
      [ Upstream commit 0c093b590efb5c1ccdc835868dc2ae94bd2e14dc ]
      
      Testcase to reproduce this bug:
      1. mkfs.f2fs /dev/sdd
      2. mount -t f2fs /dev/sdd /mnt/f2fs
      3. touch /mnt/f2fs/file
      4. sync
      5. chattr +a /mnt/f2fs/file
      6. xfs_io -a /mnt/f2fs/file -c "fsync"
      7. godown /mnt/f2fs
      8. umount /mnt/f2fs
      9. mount -t f2fs /dev/sdd /mnt/f2fs
      10. xfs_io /mnt/f2fs/file
      
      There is no error when opening this file w/o O_APPEND, but actually,
      we expect the correct result should be:
      
      /mnt/f2fs/file: Operation not permitted
      
      The root cause is, in recover_inode(), we recover inode->i_flags more
      than F2FS_I(inode)->i_flags, so fix it.
      Signed-off-by: NChao Yu <yuchao0@huawei.com>
      Signed-off-by: NJaegeuk Kim <jaegeuk@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      ce435543
    • C
      f2fs: fix to recover inode's i_gc_failures during POR · b619de07
      Chao Yu 提交于
      [ Upstream commit 7de36cf3e4087207f42a88992f8cb615a1bd902e ]
      
      inode.i_gc_failures is used to indicate that skip count of migrating
      on blocks of inode, we should guarantee it can be recovered in sudden
      power-off case.
      Signed-off-by: NChao Yu <yuchao0@huawei.com>
      Signed-off-by: NJaegeuk Kim <jaegeuk@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      b619de07
    • D
      powerpc/powernv: hold device_hotplug_lock when calling memtrace_offline_pages() · 23848022
      David Hildenbrand 提交于
      [ Upstream commit 5666848774ef43d3db5151ec518f1deb63515c20 ]
      
      Let's perform all checking + offlining + removing under
      device_hotplug_lock, so nobody can mess with these devices via sysfs
      concurrently.
      
      [david@redhat.com: take device_hotplug_lock outside of loop]
        Link: http://lkml.kernel.org/r/20180927092554.13567-6-david@redhat.com
      Link: http://lkml.kernel.org/r/20180925091457.28651-6-david@redhat.comSigned-off-by: NDavid Hildenbrand <david@redhat.com>
      Reviewed-by: NPavel Tatashin <pavel.tatashin@microsoft.com>
      Reviewed-by: NRashmica Gupta <rashmica.g@gmail.com>
      Acked-by: NBalbir Singh <bsingharora@gmail.com>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Michael Ellerman <mpe@ellerman.id.au>
      Cc: Rashmica Gupta <rashmica.g@gmail.com>
      Cc: Michael Neuling <mikey@neuling.org>
      Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: Haiyang Zhang <haiyangz@microsoft.com>
      Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
      Cc: John Allen <jallen@linux.vnet.ibm.com>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
      Cc: Juergen Gross <jgross@suse.com>
      Cc: Kate Stewart <kstewart@linuxfoundation.org>
      Cc: "K. Y. Srinivasan" <kys@microsoft.com>
      Cc: Len Brown <lenb@kernel.org>
      Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
      Cc: Mathieu Malaterre <malat@debian.org>
      Cc: Michal Hocko <mhocko@suse.com>
      Cc: Nathan Fontenot <nfont@linux.vnet.ibm.com>
      Cc: Oscar Salvador <osalvador@suse.de>
      Cc: Philippe Ombredanne <pombredanne@nexb.com>
      Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
      Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
      Cc: Stephen Hemminger <sthemmin@microsoft.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: YASUAKI ISHIMATSU <yasu.isimatu@gmail.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      23848022
    • P
      sc16is7xx: Fix for "Unexpected interrupt: 8" · bff91a96
      Phil Elwell 提交于
      [ Upstream commit 30ec514d440cf2c472c8e4b0079af2c731f71a3e ]
      
      The SC16IS752 has an Enhanced Feature Register which is aliased at the
      same address as the Interrupt Identification Register; accessing it
      requires that a magic value is written to the Line Configuration
      Register. If an interrupt is raised while the EFR is mapped in then
      the ISR won't be able to access the IIR, leading to the "Unexpected
      interrupt" error messages.
      
      Avoid the problem by claiming a mutex around accesses to the EFR
      register, also claiming the mutex in the interrupt handler work
      item (this is equivalent to disabling interrupts to interlock against
      a non-threaded interrupt handler).
      
      See: https://github.com/raspberrypi/linux/issues/2529Signed-off-by: NPhil Elwell <phil@raspberrypi.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      bff91a96
    • J
      scsi: lpfc: Fix a duplicate 0711 log message number. · 157c391b
      James Smart 提交于
      [ Upstream commit 2c4c91415a05677acc5c8131a5eb472d4aa96ae1 ]
      
      Renumber one of the 0711 log messages so there isn't a duplication.
      Signed-off-by: NDick Kennedy <dick.kennedy@broadcom.com>
      Signed-off-by: NJames Smart <jsmart2021@gmail.com>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      157c391b
    • J
      f2fs: flush quota blocks after turnning it off · 6b2fbfac
      Jaegeuk Kim 提交于
      [ Upstream commit 0e0667b625cf64243df83171bff61f9d350b9ca5 ]
      
      After quota_off, we'll get some dirty blocks. If put_super don't have a chance
      to flush them by checkpoint, it causes NULL pointer exception in end_io after
      iput(node_inode). (e.g., by checkpoint=disable)
      Reviewed-by: NChao Yu <yuchao0@huawei.com>
      Signed-off-by: NJaegeuk Kim <jaegeuk@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      6b2fbfac
    • A
      wil6210: fix freeing of rx buffers in EDMA mode · e5641f02
      Ahmad Masri 提交于
      [ Upstream commit 6470f31927b46846d957628b719dcfda05446664 ]
      
      After being associated with some EDMA rx traffic, upon "down" driver
      doesn't free all skbs in the rx ring.
      Modify wil_move_all_rx_buff_to_free_list to loop on active list of rx
      buffers, unmap the physical memory and free the skb.
      Signed-off-by: NAhmad Masri <amasri@codeaurora.org>
      Signed-off-by: NMaya Erez <merez@codeaurora.org>
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      e5641f02
    • Q
      btrfs: tracepoints: Fix wrong parameter order for qgroup events · d8ab4185
      Qu Wenruo 提交于
      [ Upstream commit fd2b007eaec898564e269d1f478a2da0380ecf51 ]
      
      [BUG]
      For btrfs:qgroup_meta_reserve event, the trace event can output garbage:
      
        qgroup_meta_reserve: 9c7f6acc-b342-4037-bc47-7f6e4d2232d7: refroot=5(FS_TREE) type=DATA diff=2
      
      The diff should always be alinged to sector size (4k), so there is
      definitely something wrong.
      
      [CAUSE]
      For the wrong @diff, it's caused by wrong parameter order.
      The correct parameters are:
      
        struct btrfs_root, s64 diff, int type.
      
      However the parameters used are:
      
        struct btrfs_root, int type, s64 diff.
      
      Fixes: 4ee0d883 ("btrfs: qgroup: Update trace events for metadata reservation")
      CC: stable@vger.kernel.org # 4.19+
      Reviewed-by: NNikolay Borisov <nborisov@suse.com>
      Signed-off-by: NQu Wenruo <wqu@suse.com>
      Reviewed-by: NDavid Sterba <dsterba@suse.com>
      Signed-off-by: NDavid Sterba <dsterba@suse.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      d8ab4185
    • Q
      btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() · 6bcbe350
      Qu Wenruo 提交于
      [ Upstream commit 8702ba9396bf7bbae2ab93c94acd4bd37cfa4f09 ]
      
      [Background]
      Btrfs qgroup uses two types of reserved space for METADATA space,
      PERTRANS and PREALLOC.
      
      PERTRANS is metadata space reserved for each transaction started by
      btrfs_start_transaction().
      While PREALLOC is for delalloc, where we reserve space before joining a
      transaction, and finally it will be converted to PERTRANS after the
      writeback is done.
      
      [Inconsistency]
      However there is inconsistency in how we handle PREALLOC metadata space.
      
      The most obvious one is:
      In btrfs_buffered_write():
      	btrfs_delalloc_release_extents(BTRFS_I(inode), reserve_bytes, true);
      
      We always free qgroup PREALLOC meta space.
      
      While in btrfs_truncate_block():
      	btrfs_delalloc_release_extents(BTRFS_I(inode), blocksize, (ret != 0));
      
      We only free qgroup PREALLOC meta space when something went wrong.
      
      [The Correct Behavior]
      The correct behavior should be the one in btrfs_buffered_write(), we
      should always free PREALLOC metadata space.
      
      The reason is, the btrfs_delalloc_* mechanism works by:
      - Reserve metadata first, even it's not necessary
        In btrfs_delalloc_reserve_metadata()
      
      - Free the unused metadata space
        Normally in:
        btrfs_delalloc_release_extents()
        |- btrfs_inode_rsv_release()
           Here we do calculation on whether we should release or not.
      
      E.g. for 64K buffered write, the metadata rsv works like:
      
      /* The first page */
      reserve_meta:	num_bytes=calc_inode_reservations()
      free_meta:	num_bytes=0
      total:		num_bytes=calc_inode_reservations()
      /* The first page caused one outstanding extent, thus needs metadata
         rsv */
      
      /* The 2nd page */
      reserve_meta:	num_bytes=calc_inode_reservations()
      free_meta:	num_bytes=calc_inode_reservations()
      total:		not changed
      /* The 2nd page doesn't cause new outstanding extent, needs no new meta
         rsv, so we free what we have reserved */
      
      /* The 3rd~16th pages */
      reserve_meta:	num_bytes=calc_inode_reservations()
      free_meta:	num_bytes=calc_inode_reservations()
      total:		not changed (still space for one outstanding extent)
      
      This means, if btrfs_delalloc_release_extents() determines to free some
      space, then those space should be freed NOW.
      So for qgroup, we should call btrfs_qgroup_free_meta_prealloc() other
      than btrfs_qgroup_convert_reserved_meta().
      
      The good news is:
      - The callers are not that hot
        The hottest caller is in btrfs_buffered_write(), which is already
        fixed by commit 336a8bb8 ("btrfs: Fix wrong
        btrfs_delalloc_release_extents parameter"). Thus it's not that
        easy to cause false EDQUOT.
      
      - The trans commit in advance for qgroup would hide the bug
        Since commit f5fef4593653 ("btrfs: qgroup: Make qgroup async transaction
        commit more aggressive"), when btrfs qgroup metadata free space is slow,
        it will try to commit transaction and free the wrongly converted
        PERTRANS space, so it's not that easy to hit such bug.
      
      [FIX]
      So to fix the problem, remove the @qgroup_free parameter for
      btrfs_delalloc_release_extents(), and always pass true to
      btrfs_inode_rsv_release().
      Reported-by: NFilipe Manana <fdmanana@suse.com>
      Fixes: 43b18595 ("btrfs: qgroup: Use separate meta reservation type for delalloc")
      CC: stable@vger.kernel.org # 4.19+
      Reviewed-by: NFilipe Manana <fdmanana@suse.com>
      Signed-off-by: NQu Wenruo <wqu@suse.com>
      Signed-off-by: NDavid Sterba <dsterba@suse.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      6bcbe350
    • F
      Btrfs: fix memory leak due to concurrent append writes with fiemap · 96b9b946
      Filipe Manana 提交于
      [ Upstream commit c67d970f0ea8dcc423e112137d34334fa0abb8ec ]
      
      When we have a buffered write that starts at an offset greater than or
      equals to the file's size happening concurrently with a full ranged
      fiemap, we can end up leaking an extent state structure.
      
      Suppose we have a file with a size of 1Mb, and before the buffered write
      and fiemap are performed, it has a single extent state in its io tree
      representing the range from 0 to 1Mb, with the EXTENT_DELALLOC bit set.
      
      The following sequence diagram shows how the memory leak happens if a
      fiemap a buffered write, starting at offset 1Mb and with a length of
      4Kb, are performed concurrently.
      
                CPU 1                                                  CPU 2
      
        extent_fiemap()
          --> it's a full ranged fiemap
              range from 0 to LLONG_MAX - 1
              (9223372036854775807)
      
          --> locks range in the inode's
              io tree
            --> after this we have 2 extent
                states in the io tree:
                --> 1 for range [0, 1Mb[ with
                    the bits EXTENT_LOCKED and
                    EXTENT_DELALLOC_BITS set
                --> 1 for the range
                    [1Mb, LLONG_MAX[ with
                    the EXTENT_LOCKED bit set
      
                                                        --> start buffered write at offset
                                                            1Mb with a length of 4Kb
      
                                                        btrfs_file_write_iter()
      
                                                          btrfs_buffered_write()
                                                            --> cached_state is NULL
      
                                                            lock_and_cleanup_extent_if_need()
                                                              --> returns 0 and does not lock
                                                                  range because it starts
                                                                  at current i_size / eof
      
                                                            --> cached_state remains NULL
      
                                                            btrfs_dirty_pages()
                                                              btrfs_set_extent_delalloc()
                                                                (...)
                                                                __set_extent_bit()
      
                                                                  --> splits extent state for range
                                                                      [1Mb, LLONG_MAX[ and now we
                                                                      have 2 extent states:
      
                                                                      --> one for the range
                                                                          [1Mb, 1Mb + 4Kb[ with
                                                                          EXTENT_LOCKED set
                                                                      --> another one for the range
                                                                          [1Mb + 4Kb, LLONG_MAX[ with
                                                                          EXTENT_LOCKED set as well
      
                                                                  --> sets EXTENT_DELALLOC on the
                                                                      extent state for the range
                                                                      [1Mb, 1Mb + 4Kb[
                                                                  --> caches extent state
                                                                      [1Mb, 1Mb + 4Kb[ into
                                                                      @cached_state because it has
                                                                      the bit EXTENT_LOCKED set
      
                                                          --> btrfs_buffered_write() ends up
                                                              with a non-NULL cached_state and
                                                              never calls anything to release its
                                                              reference on it, resulting in a
                                                              memory leak
      
      Fix this by calling free_extent_state() on cached_state if the range was
      not locked by lock_and_cleanup_extent_if_need().
      
      The same issue can happen if anything else other than fiemap locks a range
      that covers eof and beyond.
      
      This could be triggered, sporadically, by test case generic/561 from the
      fstests suite, which makes duperemove run concurrently with fsstress, and
      duperemove does plenty of calls to fiemap. When CONFIG_BTRFS_DEBUG is set
      the leak is reported in dmesg/syslog when removing the btrfs module with
      a message like the following:
      
        [77100.039461] BTRFS: state leak: start 6574080 end 6582271 state 16402 in tree 0 refs 1
      
      Otherwise (CONFIG_BTRFS_DEBUG not set) detectable with kmemleak.
      
      CC: stable@vger.kernel.org # 4.16+
      Reviewed-by: NJosef Bacik <josef@toxicpanda.com>
      Signed-off-by: NFilipe Manana <fdmanana@suse.com>
      Reviewed-by: NDavid Sterba <dsterba@suse.com>
      Signed-off-by: NDavid Sterba <dsterba@suse.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      96b9b946
    • F
      Btrfs: fix inode cache block reserve leak on failure to allocate data space · 692aa7d5
      Filipe Manana 提交于
      [ Upstream commit 29d47d00e0ae61668ee0c5d90bef2893c8abbafa ]
      
      If we failed to allocate the data extent(s) for the inode space cache, we
      were bailing out without releasing the previously reserved metadata. This
      was triggering the following warnings when unmounting a filesystem:
      
        $ cat -n fs/btrfs/inode.c
        (...)
        9268  void btrfs_destroy_inode(struct inode *inode)
        9269  {
        (...)
        9276          WARN_ON(BTRFS_I(inode)->block_rsv.reserved);
        9277          WARN_ON(BTRFS_I(inode)->block_rsv.size);
        (...)
        9281          WARN_ON(BTRFS_I(inode)->csum_bytes);
        9282          WARN_ON(BTRFS_I(inode)->defrag_bytes);
        (...)
      
      Several fstests test cases triggered this often, such as generic/083,
      generic/102, generic/172, generic/269 and generic/300 at least, producing
      stack traces like the following in dmesg/syslog:
      
        [82039.079546] WARNING: CPU: 2 PID: 13167 at fs/btrfs/inode.c:9276 btrfs_destroy_inode+0x203/0x270 [btrfs]
        (...)
        [82039.081543] CPU: 2 PID: 13167 Comm: umount Tainted: G        W         5.2.0-rc4-btrfs-next-50 #1
        [82039.081912] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.2-0-gf9626ccb91-prebuilt.qemu-project.org 04/01/2014
        [82039.082673] RIP: 0010:btrfs_destroy_inode+0x203/0x270 [btrfs]
        (...)
        [82039.083913] RSP: 0018:ffffac0b426a7d30 EFLAGS: 00010206
        [82039.084320] RAX: ffff8ddf77691158 RBX: ffff8dde29b34660 RCX: 0000000000000002
        [82039.084736] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8dde29b34660
        [82039.085156] RBP: ffff8ddf5fbec000 R08: 0000000000000000 R09: 0000000000000000
        [82039.085578] R10: ffffac0b426a7c90 R11: ffffffffb9aad768 R12: ffffac0b426a7db0
        [82039.086000] R13: ffff8ddf5fbec0a0 R14: dead000000000100 R15: 0000000000000000
        [82039.086416] FS:  00007f8db96d12c0(0000) GS:ffff8de036b00000(0000) knlGS:0000000000000000
        [82039.086837] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
        [82039.087253] CR2: 0000000001416108 CR3: 00000002315cc001 CR4: 00000000003606e0
        [82039.087672] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
        [82039.088089] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
        [82039.088504] Call Trace:
        [82039.088918]  destroy_inode+0x3b/0x70
        [82039.089340]  btrfs_free_fs_root+0x16/0xa0 [btrfs]
        [82039.089768]  btrfs_free_fs_roots+0xd8/0x160 [btrfs]
        [82039.090183]  ? wait_for_completion+0x65/0x1a0
        [82039.090607]  close_ctree+0x172/0x370 [btrfs]
        [82039.091021]  generic_shutdown_super+0x6c/0x110
        [82039.091427]  kill_anon_super+0xe/0x30
        [82039.091832]  btrfs_kill_super+0x12/0xa0 [btrfs]
        [82039.092233]  deactivate_locked_super+0x3a/0x70
        [82039.092636]  cleanup_mnt+0x3b/0x80
        [82039.093039]  task_work_run+0x93/0xc0
        [82039.093457]  exit_to_usermode_loop+0xfa/0x100
        [82039.093856]  do_syscall_64+0x162/0x1d0
        [82039.094244]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
        [82039.094634] RIP: 0033:0x7f8db8fbab37
        (...)
        [82039.095876] RSP: 002b:00007ffdce35b468 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
        [82039.096290] RAX: 0000000000000000 RBX: 0000560d20b00060 RCX: 00007f8db8fbab37
        [82039.096700] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000560d20b00240
        [82039.097110] RBP: 0000560d20b00240 R08: 0000560d20b00270 R09: 0000000000000015
        [82039.097522] R10: 00000000000006b4 R11: 0000000000000246 R12: 00007f8db94bce64
        [82039.097937] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdce35b6f0
        [82039.098350] irq event stamp: 0
        [82039.098750] hardirqs last  enabled at (0): [<0000000000000000>] 0x0
        [82039.099150] hardirqs last disabled at (0): [<ffffffffb7884ff2>] copy_process.part.33+0x7f2/0x1f00
        [82039.099545] softirqs last  enabled at (0): [<ffffffffb7884ff2>] copy_process.part.33+0x7f2/0x1f00
        [82039.099925] softirqs last disabled at (0): [<0000000000000000>] 0x0
        [82039.100292] ---[ end trace f2521afa616ddccc ]---
        [82039.100707] WARNING: CPU: 2 PID: 13167 at fs/btrfs/inode.c:9277 btrfs_destroy_inode+0x1ac/0x270 [btrfs]
        (...)
        [82039.103050] CPU: 2 PID: 13167 Comm: umount Tainted: G        W         5.2.0-rc4-btrfs-next-50 #1
        [82039.103428] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.2-0-gf9626ccb91-prebuilt.qemu-project.org 04/01/2014
        [82039.104203] RIP: 0010:btrfs_destroy_inode+0x1ac/0x270 [btrfs]
        (...)
        [82039.105461] RSP: 0018:ffffac0b426a7d30 EFLAGS: 00010206
        [82039.105866] RAX: ffff8ddf77691158 RBX: ffff8dde29b34660 RCX: 0000000000000002
        [82039.106270] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8dde29b34660
        [82039.106673] RBP: ffff8ddf5fbec000 R08: 0000000000000000 R09: 0000000000000000
        [82039.107078] R10: ffffac0b426a7c90 R11: ffffffffb9aad768 R12: ffffac0b426a7db0
        [82039.107487] R13: ffff8ddf5fbec0a0 R14: dead000000000100 R15: 0000000000000000
        [82039.107894] FS:  00007f8db96d12c0(0000) GS:ffff8de036b00000(0000) knlGS:0000000000000000
        [82039.108309] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
        [82039.108723] CR2: 0000000001416108 CR3: 00000002315cc001 CR4: 00000000003606e0
        [82039.109146] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
        [82039.109567] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
        [82039.109989] Call Trace:
        [82039.110405]  destroy_inode+0x3b/0x70
        [82039.110830]  btrfs_free_fs_root+0x16/0xa0 [btrfs]
        [82039.111257]  btrfs_free_fs_roots+0xd8/0x160 [btrfs]
        [82039.111675]  ? wait_for_completion+0x65/0x1a0
        [82039.112101]  close_ctree+0x172/0x370 [btrfs]
        [82039.112519]  generic_shutdown_super+0x6c/0x110
        [82039.112988]  kill_anon_super+0xe/0x30
        [82039.113439]  btrfs_kill_super+0x12/0xa0 [btrfs]
        [82039.113861]  deactivate_locked_super+0x3a/0x70
        [82039.114278]  cleanup_mnt+0x3b/0x80
        [82039.114685]  task_work_run+0x93/0xc0
        [82039.115083]  exit_to_usermode_loop+0xfa/0x100
        [82039.115476]  do_syscall_64+0x162/0x1d0
        [82039.115863]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
        [82039.116254] RIP: 0033:0x7f8db8fbab37
        (...)
        [82039.117463] RSP: 002b:00007ffdce35b468 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
        [82039.117882] RAX: 0000000000000000 RBX: 0000560d20b00060 RCX: 00007f8db8fbab37
        [82039.118330] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000560d20b00240
        [82039.118743] RBP: 0000560d20b00240 R08: 0000560d20b00270 R09: 0000000000000015
        [82039.119159] R10: 00000000000006b4 R11: 0000000000000246 R12: 00007f8db94bce64
        [82039.119574] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdce35b6f0
        [82039.119987] irq event stamp: 0
        [82039.120387] hardirqs last  enabled at (0): [<0000000000000000>] 0x0
        [82039.120787] hardirqs last disabled at (0): [<ffffffffb7884ff2>] copy_process.part.33+0x7f2/0x1f00
        [82039.121182] softirqs last  enabled at (0): [<ffffffffb7884ff2>] copy_process.part.33+0x7f2/0x1f00
        [82039.121563] softirqs last disabled at (0): [<0000000000000000>] 0x0
        [82039.121933] ---[ end trace f2521afa616ddccd ]---
        [82039.122353] WARNING: CPU: 2 PID: 13167 at fs/btrfs/inode.c:9278 btrfs_destroy_inode+0x1bc/0x270 [btrfs]
        (...)
        [82039.124606] CPU: 2 PID: 13167 Comm: umount Tainted: G        W         5.2.0-rc4-btrfs-next-50 #1
        [82039.125008] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.2-0-gf9626ccb91-prebuilt.qemu-project.org 04/01/2014
        [82039.125801] RIP: 0010:btrfs_destroy_inode+0x1bc/0x270 [btrfs]
        (...)
        [82039.126998] RSP: 0018:ffffac0b426a7d30 EFLAGS: 00010202
        [82039.127399] RAX: ffff8ddf77691158 RBX: ffff8dde29b34660 RCX: 0000000000000002
        [82039.127803] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8dde29b34660
        [82039.128206] RBP: ffff8ddf5fbec000 R08: 0000000000000000 R09: 0000000000000000
        [82039.128611] R10: ffffac0b426a7c90 R11: ffffffffb9aad768 R12: ffffac0b426a7db0
        [82039.129020] R13: ffff8ddf5fbec0a0 R14: dead000000000100 R15: 0000000000000000
        [82039.129428] FS:  00007f8db96d12c0(0000) GS:ffff8de036b00000(0000) knlGS:0000000000000000
        [82039.129846] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
        [82039.130261] CR2: 0000000001416108 CR3: 00000002315cc001 CR4: 00000000003606e0
        [82039.130684] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
        [82039.131142] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
        [82039.131561] Call Trace:
        [82039.131990]  destroy_inode+0x3b/0x70
        [82039.132417]  btrfs_free_fs_root+0x16/0xa0 [btrfs]
        [82039.132844]  btrfs_free_fs_roots+0xd8/0x160 [btrfs]
        [82039.133262]  ? wait_for_completion+0x65/0x1a0
        [82039.133688]  close_ctree+0x172/0x370 [btrfs]
        [82039.134157]  generic_shutdown_super+0x6c/0x110
        [82039.134575]  kill_anon_super+0xe/0x30
        [82039.134997]  btrfs_kill_super+0x12/0xa0 [btrfs]
        [82039.135415]  deactivate_locked_super+0x3a/0x70
        [82039.135832]  cleanup_mnt+0x3b/0x80
        [82039.136239]  task_work_run+0x93/0xc0
        [82039.136637]  exit_to_usermode_loop+0xfa/0x100
        [82039.137029]  do_syscall_64+0x162/0x1d0
        [82039.137418]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
        [82039.137812] RIP: 0033:0x7f8db8fbab37
        (...)
        [82039.139059] RSP: 002b:00007ffdce35b468 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
        [82039.139475] RAX: 0000000000000000 RBX: 0000560d20b00060 RCX: 00007f8db8fbab37
        [82039.139890] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000560d20b00240
        [82039.140302] RBP: 0000560d20b00240 R08: 0000560d20b00270 R09: 0000000000000015
        [82039.140719] R10: 00000000000006b4 R11: 0000000000000246 R12: 00007f8db94bce64
        [82039.141138] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdce35b6f0
        [82039.141597] irq event stamp: 0
        [82039.142043] hardirqs last  enabled at (0): [<0000000000000000>] 0x0
        [82039.142443] hardirqs last disabled at (0): [<ffffffffb7884ff2>] copy_process.part.33+0x7f2/0x1f00
        [82039.142839] softirqs last  enabled at (0): [<ffffffffb7884ff2>] copy_process.part.33+0x7f2/0x1f00
        [82039.143220] softirqs last disabled at (0): [<0000000000000000>] 0x0
        [82039.143588] ---[ end trace f2521afa616ddcce ]---
        [82039.167472] WARNING: CPU: 3 PID: 13167 at fs/btrfs/extent-tree.c:10120 btrfs_free_block_groups+0x30d/0x460 [btrfs]
        (...)
        [82039.173800] CPU: 3 PID: 13167 Comm: umount Tainted: G        W         5.2.0-rc4-btrfs-next-50 #1
        [82039.174847] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.2-0-gf9626ccb91-prebuilt.qemu-project.org 04/01/2014
        [82039.177031] RIP: 0010:btrfs_free_block_groups+0x30d/0x460 [btrfs]
        (...)
        [82039.180397] RSP: 0018:ffffac0b426a7dd8 EFLAGS: 00010206
        [82039.181574] RAX: ffff8de010a1db40 RBX: ffff8de010a1db40 RCX: 0000000000170014
        [82039.182711] RDX: ffff8ddff4380040 RSI: ffff8de010a1da58 RDI: 0000000000000246
        [82039.183817] RBP: ffff8ddf5fbec000 R08: 0000000000000000 R09: 0000000000000000
        [82039.184925] R10: ffff8de036404380 R11: ffffffffb8a5ea00 R12: ffff8de010a1b2b8
        [82039.186090] R13: ffff8de010a1b2b8 R14: 0000000000000000 R15: dead000000000100
        [82039.187208] FS:  00007f8db96d12c0(0000) GS:ffff8de036b80000(0000) knlGS:0000000000000000
        [82039.188345] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
        [82039.189481] CR2: 00007fb044005170 CR3: 00000002315cc006 CR4: 00000000003606e0
        [82039.190674] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
        [82039.191829] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
        [82039.192978] Call Trace:
        [82039.194160]  close_ctree+0x19a/0x370 [btrfs]
        [82039.195315]  generic_shutdown_super+0x6c/0x110
        [82039.196486]  kill_anon_super+0xe/0x30
        [82039.197645]  btrfs_kill_super+0x12/0xa0 [btrfs]
        [82039.198696]  deactivate_locked_super+0x3a/0x70
        [82039.199619]  cleanup_mnt+0x3b/0x80
        [82039.200559]  task_work_run+0x93/0xc0
        [82039.201505]  exit_to_usermode_loop+0xfa/0x100
        [82039.202436]  do_syscall_64+0x162/0x1d0
        [82039.203339]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
        [82039.204091] RIP: 0033:0x7f8db8fbab37
        (...)
        [82039.206360] RSP: 002b:00007ffdce35b468 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
        [82039.207132] RAX: 0000000000000000 RBX: 0000560d20b00060 RCX: 00007f8db8fbab37
        [82039.207906] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000560d20b00240
        [82039.208621] RBP: 0000560d20b00240 R08: 0000560d20b00270 R09: 0000000000000015
        [82039.209285] R10: 00000000000006b4 R11: 0000000000000246 R12: 00007f8db94bce64
        [82039.209984] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdce35b6f0
        [82039.210642] irq event stamp: 0
        [82039.211306] hardirqs last  enabled at (0): [<0000000000000000>] 0x0
        [82039.211971] hardirqs last disabled at (0): [<ffffffffb7884ff2>] copy_process.part.33+0x7f2/0x1f00
        [82039.212643] softirqs last  enabled at (0): [<ffffffffb7884ff2>] copy_process.part.33+0x7f2/0x1f00
        [82039.213304] softirqs last disabled at (0): [<0000000000000000>] 0x0
        [82039.213875] ---[ end trace f2521afa616ddccf ]---
      
      Fix this by releasing the reserved metadata on failure to allocate data
      extent(s) for the inode cache.
      
      Fixes: 69fe2d75 ("btrfs: make the delalloc block rsv per inode")
      Signed-off-by: NFilipe Manana <fdmanana@suse.com>
      Signed-off-by: NDavid Sterba <dsterba@suse.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      692aa7d5
    • M
      dm snapshot: rework COW throttling to fix deadlock · a8afda77
      Mikulas Patocka 提交于
      [ Upstream commit b21555786f18cd77f2311ad89074533109ae3ffa ]
      
      Commit 721b1d98fb517a ("dm snapshot: Fix excessive memory usage and
      workqueue stalls") introduced a semaphore to limit the maximum number of
      in-flight kcopyd (COW) jobs.
      
      The implementation of this throttling mechanism is prone to a deadlock:
      
      1. One or more threads write to the origin device causing COW, which is
         performed by kcopyd.
      
      2. At some point some of these threads might reach the s->cow_count
         semaphore limit and block in down(&s->cow_count), holding a read lock
         on _origins_lock.
      
      3. Someone tries to acquire a write lock on _origins_lock, e.g.,
         snapshot_ctr(), which blocks because the threads at step (2) already
         hold a read lock on it.
      
      4. A COW operation completes and kcopyd runs dm-snapshot's completion
         callback, which ends up calling pending_complete().
         pending_complete() tries to resubmit any deferred origin bios. This
         requires acquiring a read lock on _origins_lock, which blocks.
      
         This happens because the read-write semaphore implementation gives
         priority to writers, meaning that as soon as a writer tries to enter
         the critical section, no readers will be allowed in, until all
         writers have completed their work.
      
         So, pending_complete() waits for the writer at step (3) to acquire
         and release the lock. This writer waits for the readers at step (2)
         to release the read lock and those readers wait for
         pending_complete() (the kcopyd thread) to signal the s->cow_count
         semaphore: DEADLOCK.
      
      The above was thoroughly analyzed and documented by Nikos Tsironis as
      part of his initial proposal for fixing this deadlock, see:
      https://www.redhat.com/archives/dm-devel/2019-October/msg00001.html
      
      Fix this deadlock by reworking COW throttling so that it waits without
      holding any locks. Add a variable 'in_progress' that counts how many
      kcopyd jobs are running. A function wait_for_in_progress() will sleep if
      'in_progress' is over the limit. It drops _origins_lock in order to
      avoid the deadlock.
      Reported-by: NGuruswamy Basavaiah <guru2018@gmail.com>
      Reported-by: NNikos Tsironis <ntsironis@arrikto.com>
      Reviewed-by: NNikos Tsironis <ntsironis@arrikto.com>
      Tested-by: NNikos Tsironis <ntsironis@arrikto.com>
      Fixes: 721b1d98fb51 ("dm snapshot: Fix excessive memory usage and workqueue stalls")
      Cc: stable@vger.kernel.org # v5.0+
      Depends-on: 4a3f111a73a8c ("dm snapshot: introduce account_start_copy() and account_end_copy()")
      Signed-off-by: NMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: NMike Snitzer <snitzer@redhat.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      a8afda77