1. 13 2月, 2019 40 次提交
    • A
      HID: lenovo: Add checks to fix of_led_classdev_register · d921bb16
      Aditya Pakki 提交于
      [ Upstream commit 6ae16dfb61bce538d48b7fe98160fada446056c5 ]
      
      In lenovo_probe_tpkbd(), the function of_led_classdev_register() could
      return an error value that is unchecked. The fix adds these checks.
      Signed-off-by: NAditya Pakki <pakki001@umn.edu>
      Signed-off-by: NJiri Kosina <jkosina@suse.cz>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      d921bb16
    • B
      thermal: generic-adc: Fix adc to temp interpolation · ec8f73c2
      Bjorn Andersson 提交于
      [ Upstream commit 9d216211fded20fff301d0317af3238d8383634c ]
      
      First correct the edge case to return the last element if we're
      outside the range, rather than at the last element, so that
      interpolation is not omitted for points between the two last entries in
      the table.
      
      Then correct the formula to perform linear interpolation based the two
      points surrounding the read ADC value. The indices for temp are kept as
      "hi" and "lo" to pair with the adc indices, but there's no requirement
      that the temperature is provided in descendent order. mult_frac() is
      used to prevent issues with overflowing the int.
      
      Cc: Laxman Dewangan <ldewangan@nvidia.com>
      Signed-off-by: NBjorn Andersson <bjorn.andersson@linaro.org>
      Signed-off-by: NEduardo Valentin <edubezval@gmail.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      ec8f73c2
    • R
      PCI: imx: Enable MSI from downstream components · 89c18358
      Richard Zhu 提交于
      [ Upstream commit 75cb8d20c112aba70f23d98e3f8d0a38ace16006 ]
      
      The MSI Enable bit in the MSI Capability (PCIe r4.0, sec 7.7.1.2) controls
      whether a Function can request service using MSI.
      
      i.MX6 Root Ports implement the MSI Capability and may use MSI to request
      service for events like PME, hotplug, AER, etc.  In addition, on i.MX6, the
      MSI Enable bit controls delivery of MSI interrupts from components below
      the Root Port.
      
      Prior to f3fdfc4a ("PCI: Remove host driver Kconfig selection of
      CONFIG_PCIEPORTBUS"), enabling CONFIG_PCI_IMX6 automatically also enabled
      CONFIG_PCIEPORTBUS, and when portdrv claimed the Root Ports, it set the MSI
      Enable bit so it could use PME, hotplug, AER, etc.  As a side effect, that
      also enabled delivery of MSI interrupts from downstream components.
      
      The imx6q-pcie driver itself does not depend on portdrv, so set MSI Enable
      in imx6q-pcie so MSI from downstream components works even if nobody uses
      MSI for the Root Port events.
      
      Fixes: f3fdfc4a ("PCI: Remove host driver Kconfig selection of CONFIG_PCIEPORTBUS")
      Signed-off-by: NRichard Zhu <hongxing.zhu@nxp.com>
      Signed-off-by: NBjorn Helgaas <bhelgaas@google.com>
      Tested-by: NSven Van Asbroeck <TheSven73@googlemail.com>
      Tested-by: NTrent Piepho <tpiepho@impinj.com>
      Reviewed-by: NLucas Stach <l.stach@pengutronix.de>
      Acked-by: NLorenzo Pieralisi <lorenzo.pieralisi@arm.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      89c18358
    • D
      kdb: Don't back trace on a cpu that didn't round up · 3818c29a
      Douglas Anderson 提交于
      [ Upstream commit 162bc7f5afd75b72acbe3c5f3488ef7e64a3fe36 ]
      
      If you have a CPU that fails to round up and then run 'btc' you'll end
      up crashing in kdb becaue we dereferenced NULL.  Let's add a check.
      It's wise to also set the task to NULL when leaving the debugger so
      that if we fail to round up on a later entry into the debugger we
      won't backtrace a stale task.
      Signed-off-by: NDouglas Anderson <dianders@chromium.org>
      Acked-by: NDaniel Thompson <daniel.thompson@linaro.org>
      Signed-off-by: NDaniel Thompson <daniel.thompson@linaro.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      3818c29a
    • M
      thermal: bcm2835: enable hwmon explicitly · 6a7c0215
      Matthias Brugger 提交于
      [ Upstream commit d56c19d07e0bc3ceff366a49b7d7a2440c967b1b ]
      
      By defaul of-based thermal driver do not enable hwmon.
      This patch does this explicitly, so that the temperature can be read
      through the common hwmon sysfs.
      Signed-off-by: NMatthias Brugger <mbrugger@suse.com>
      Acked-by: NStefan Wahren <stefan.wahren@i2se.com>
      Signed-off-by: NEduardo Valentin <edubezval@gmail.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      6a7c0215
    • F
      block/swim3: Fix -EBUSY error when re-opening device after unmount · 295b3e2a
      Finn Thain 提交于
      [ Upstream commit 296dcc40f2f2e402facf7cd26cf3f2c8f4b17d47 ]
      
      When the block device is opened with FMODE_EXCL, ref_count is set to -1.
      This value doesn't get reset when the device is closed which means the
      device cannot be opened again. Fix this by checking for refcount <= 0
      in the release method.
      Reported-and-tested-by: NStan Johnson <userm57@yahoo.com>
      Fixes: 1da177e4 ("Linux-2.6.12-rc2")
      Cc: linuxppc-dev@lists.ozlabs.org
      Signed-off-by: NFinn Thain <fthain@telegraphics.com.au>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      295b3e2a
    • S
      fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() · d579abca
      Scott Wood 提交于
      [ Upstream commit 0d9c9a238faf925823bde866182c663b6d734f2e ]
      
      These functions are called from atomic context:
      
      [    9.150239] BUG: sleeping function called from invalid context at /home/scott/git/linux/mm/slab.h:421
      [    9.158159] in_atomic(): 1, irqs_disabled(): 0, pid: 4432, name: ip
      [    9.163128] CPU: 8 PID: 4432 Comm: ip Not tainted 4.20.0-rc2-00169-g63d86876f324 #29
      [    9.163130] Call Trace:
      [    9.170701] [c0000002e899a980] [c0000000009c1068] .dump_stack+0xa8/0xec (unreliable)
      [    9.177140] [c0000002e899aa10] [c00000000007a7b4] .___might_sleep+0x138/0x164
      [    9.184440] [c0000002e899aa80] [c0000000001d5bac] .kmem_cache_alloc_trace+0x238/0x30c
      [    9.191216] [c0000002e899ab40] [c00000000065ea1c] .memac_add_hash_mac_address+0x104/0x198
      [    9.199464] [c0000002e899abd0] [c00000000065a788] .set_multi+0x1c8/0x218
      [    9.206242] [c0000002e899ac80] [c0000000006615ec] .dpaa_set_rx_mode+0xdc/0x17c
      [    9.213544] [c0000002e899ad00] [c00000000083d2b0] .__dev_set_rx_mode+0x80/0xd4
      [    9.219535] [c0000002e899ad90] [c00000000083d334] .dev_set_rx_mode+0x30/0x54
      [    9.225271] [c0000002e899ae10] [c00000000083d4a0] .__dev_open+0x148/0x1c8
      [    9.230751] [c0000002e899aeb0] [c00000000083d934] .__dev_change_flags+0x19c/0x1e0
      [    9.230755] [c0000002e899af60] [c00000000083d9a4] .dev_change_flags+0x2c/0x80
      [    9.242752] [c0000002e899aff0] [c0000000008554ec] .do_setlink+0x350/0xf08
      [    9.248228] [c0000002e899b170] [c000000000857ad0] .rtnl_newlink+0x588/0x7e0
      [    9.253965] [c0000002e899b740] [c000000000852424] .rtnetlink_rcv_msg+0x3e0/0x498
      [    9.261440] [c0000002e899b820] [c000000000884790] .netlink_rcv_skb+0x134/0x14c
      [    9.267607] [c0000002e899b8e0] [c000000000851840] .rtnetlink_rcv+0x18/0x2c
      [    9.274558] [c0000002e899b950] [c000000000883c8c] .netlink_unicast+0x214/0x318
      [    9.281163] [c0000002e899ba00] [c000000000884220] .netlink_sendmsg+0x348/0x444
      [    9.287076] [c0000002e899bae0] [c00000000080d13c] .sock_sendmsg+0x2c/0x54
      [    9.287080] [c0000002e899bb50] [c0000000008106c0] .___sys_sendmsg+0x2d0/0x2d8
      [    9.298375] [c0000002e899bd30] [c000000000811a80] .__sys_sendmsg+0x5c/0xb0
      [    9.303939] [c0000002e899be20] [c0000000000006b0] system_call+0x60/0x6c
      Signed-off-by: NScott Wood <oss@buserror.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      d579abca
    • W
      gdrom: fix a memory leak bug · 711b2e7f
      Wenwen Wang 提交于
      [ Upstream commit 093c48213ee37c3c3ff1cf5ac1aa2a9d8bc66017 ]
      
      In probe_gdrom(), the buffer pointed by 'gd.cd_info' is allocated through
      kzalloc() and is used to hold the information of the gdrom device. To
      register and unregister the device, the pointer 'gd.cd_info' is passed to
      the functions register_cdrom() and unregister_cdrom(), respectively.
      However, this buffer is not freed after it is used, which can cause a
      memory leak bug.
      
      This patch simply frees the buffer 'gd.cd_info' in exit_gdrom() to fix the
      above issue.
      Signed-off-by: NWenwen Wang <wang6495@umn.edu>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      711b2e7f
    • J
      isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() · b67e3130
      Jia-Ju Bai 提交于
      [ Upstream commit 7418e6520f22a2e35815122fa5a53d5bbfa2c10f ]
      
      In drivers/isdn/hisax/hfc_pci.c, the functions hfcpci_interrupt() and
      HFCPCI_l1hw() may be concurrently executed.
      
      HFCPCI_l1hw()
        line 1173: if (!cs->tx_skb)
      
      hfcpci_interrupt()
        line 942: spin_lock_irqsave();
        line 1066: dev_kfree_skb_irq(cs->tx_skb);
      
      Thus, a possible concurrency use-after-free bug may occur
      in HFCPCI_l1hw().
      
      To fix these bugs, the calls to spin_lock_irqsave() and
      spin_unlock_irqrestore() are added in HFCPCI_l1hw(), to protect the
      access to cs->tx_skb.
      Signed-off-by: NJia-Ju Bai <baijiaju1990@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      b67e3130
    • M
      zram: fix lockdep warning of free block handling · 3b3ee499
      Minchan Kim 提交于
      [ Upstream commit 3c9959e025472122a61faebb208525cf26b305d1 ]
      
      Patch series "zram idle page writeback", v3.
      
      Inherently, swap device has many idle pages which are rare touched since
      it was allocated.  It is never problem if we use storage device as swap.
      However, it's just waste for zram-swap.
      
      This patchset supports zram idle page writeback feature.
      
      * Admin can define what is idle page "no access since X time ago"
      * Admin can define when zram should writeback them
      * Admin can define when zram should stop writeback to prevent wearout
      
      Details are in each patch's description.
      
      This patch (of 7):
      
        ================================
        WARNING: inconsistent lock state
        4.19.0+ #390 Not tainted
        --------------------------------
        inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
        zram_verify/2095 [HC0[0]:SC1[1]:HE1:SE0] takes:
        00000000b1828693 (&(&zram->bitmap_lock)->rlock){+.?.}, at: put_entry_bdev+0x1e/0x50
        {SOFTIRQ-ON-W} state was registered at:
          _raw_spin_lock+0x2c/0x40
          zram_make_request+0x755/0xdc9
          generic_make_request+0x373/0x6a0
          submit_bio+0x6c/0x140
          __swap_writepage+0x3a8/0x480
          shrink_page_list+0x1102/0x1a60
          shrink_inactive_list+0x21b/0x3f0
          shrink_node_memcg.constprop.99+0x4f8/0x7e0
          shrink_node+0x7d/0x2f0
          do_try_to_free_pages+0xe0/0x300
          try_to_free_pages+0x116/0x2b0
          __alloc_pages_slowpath+0x3f4/0xf80
          __alloc_pages_nodemask+0x2a2/0x2f0
          __handle_mm_fault+0x42e/0xb50
          handle_mm_fault+0x55/0xb0
          __do_page_fault+0x235/0x4b0
          page_fault+0x1e/0x30
        irq event stamp: 228412
        hardirqs last  enabled at (228412): [<ffffffff98245846>] __slab_free+0x3e6/0x600
        hardirqs last disabled at (228411): [<ffffffff98245625>] __slab_free+0x1c5/0x600
        softirqs last  enabled at (228396): [<ffffffff98e0031e>] __do_softirq+0x31e/0x427
        softirqs last disabled at (228403): [<ffffffff98072051>] irq_exit+0xd1/0xe0
      
        other info that might help us debug this:
         Possible unsafe locking scenario:
      
               CPU0
               ----
          lock(&(&zram->bitmap_lock)->rlock);
          <Interrupt>
            lock(&(&zram->bitmap_lock)->rlock);
      
         *** DEADLOCK ***
      
        no locks held by zram_verify/2095.
      
        stack backtrace:
        CPU: 5 PID: 2095 Comm: zram_verify Not tainted 4.19.0+ #390
        Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
        Call Trace:
         <IRQ>
         dump_stack+0x67/0x9b
         print_usage_bug+0x1bd/0x1d3
         mark_lock+0x4aa/0x540
         __lock_acquire+0x51d/0x1300
         lock_acquire+0x90/0x180
         _raw_spin_lock+0x2c/0x40
         put_entry_bdev+0x1e/0x50
         zram_free_page+0xf6/0x110
         zram_slot_free_notify+0x42/0xa0
         end_swap_bio_read+0x5b/0x170
         blk_update_request+0x8f/0x340
         scsi_end_request+0x2c/0x1e0
         scsi_io_completion+0x98/0x650
         blk_done_softirq+0x9e/0xd0
         __do_softirq+0xcc/0x427
         irq_exit+0xd1/0xe0
         do_IRQ+0x93/0x120
         common_interrupt+0xf/0xf
         </IRQ>
      
      With writeback feature, zram_slot_free_notify could be called in softirq
      context by end_swap_bio_read.  However, bitmap_lock is not aware of that
      so lockdep yell out:
      
        get_entry_bdev
        spin_lock(bitmap->lock);
        irq
        softirq
        end_swap_bio_read
        zram_slot_free_notify
        zram_slot_lock <-- deadlock prone
        zram_free_page
        put_entry_bdev
        spin_lock(bitmap->lock); <-- deadlock prone
      
      With akpm's suggestion (i.e.  bitmap operation is already atomic), we
      could remove bitmap lock.  It might fail to find a empty slot if serious
      contention happens.  However, it's not severe problem because huge page
      writeback has already possiblity to fail if there is severe memory
      pressure.  Worst case is just keeping the incompressible in memory, not
      storage.
      
      The other problem is zram_slot_lock in zram_slot_slot_free_notify.  To
      make it safe is this patch introduces zram_slot_trylock where
      zram_slot_free_notify uses it.  Although it's rare to be contented, this
      patch adds new debug stat "miss_free" to keep monitoring how often it
      happens.
      
      Link: http://lkml.kernel.org/r/20181127055429.251614-2-minchan@kernel.orgSigned-off-by: NMinchan Kim <minchan@kernel.org>
      Reviewed-by: NSergey Senozhatsky <sergey.senozhatsky@gmail.com>
      Reviewed-by: NJoey Pabalinas <joeypabalinas@gmail.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      3b3ee499
    • W
      mm/page_alloc.c: don't call kasan_free_pages() at deferred mem init · f73c7753
      Waiman Long 提交于
      [ Upstream commit 3c0c12cc8f00ca5f81acb010023b8eb13e9a7004 ]
      
      When CONFIG_KASAN is enabled on large memory SMP systems, the deferrred
      pages initialization can take a long time.  Below were the reported init
      times on a 8-socket 96-core 4TB IvyBridge system.
      
        1) Non-debug kernel without CONFIG_KASAN
           [    8.764222] node 1 initialised, 132086516 pages in 7027ms
      
        2) Debug kernel with CONFIG_KASAN
           [  146.288115] node 1 initialised, 132075466 pages in 143052ms
      
      So the page init time in a debug kernel was 20X of the non-debug kernel.
      The long init time can be problematic as the page initialization is done
      with interrupt disabled.  In this particular case, it caused the
      appearance of following warning messages as well as NMI backtraces of all
      the cores that were doing the initialization.
      
      [   68.240049] rcu: INFO: rcu_sched detected stalls on CPUs/tasks:
      [   68.241000] rcu: 	25-...0: (100 ticks this GP) idle=b72/1/0x4000000000000000 softirq=915/915 fqs=16252
      [   68.241000] rcu: 	44-...0: (95 ticks this GP) idle=49a/1/0x4000000000000000 softirq=788/788 fqs=16253
      [   68.241000] rcu: 	54-...0: (104 ticks this GP) idle=03a/1/0x4000000000000000 softirq=721/825 fqs=16253
      [   68.241000] rcu: 	60-...0: (103 ticks this GP) idle=cbe/1/0x4000000000000000 softirq=637/740 fqs=16253
      [   68.241000] rcu: 	72-...0: (105 ticks this GP) idle=786/1/0x4000000000000000 softirq=536/641 fqs=16253
      [   68.241000] rcu: 	84-...0: (99 ticks this GP) idle=292/1/0x4000000000000000 softirq=537/537 fqs=16253
      [   68.241000] rcu: 	111-...0: (104 ticks this GP) idle=bde/1/0x4000000000000000 softirq=474/476 fqs=16253
      [   68.241000] rcu: 	(detected by 13, t=65018 jiffies, g=249, q=2)
      
      The long init time was mainly caused by the call to kasan_free_pages() to
      poison the newly initialized pages.  On a 4TB system, we are talking about
      almost 500GB of memory probably on the same node.
      
      In reality, we may not need to poison the newly initialized pages before
      they are ever allocated.  So KASAN poisoning of freed pages before the
      completion of deferred memory initialization is now disabled.  Those pages
      will be properly poisoned when they are allocated or freed after deferred
      pages initialization is done.
      
      With this change, the new page initialization time became:
      
      [   21.948010] node 1 initialised, 132075466 pages in 18702ms
      
      This was still about double the non-debug kernel time, but was much
      better than before.
      
      Link: http://lkml.kernel.org/r/1544459388-8736-1-git-send-email-longman@redhat.comSigned-off-by: NWaiman Long <longman@redhat.com>
      Reviewed-by: NAndrew Morton <akpm@linux-foundation.org>
      Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Michal Hocko <mhocko@suse.com>
      Cc: Pasha Tatashin <Pavel.Tatashin@microsoft.com>
      Cc: Oscar Salvador <osalvador@suse.de>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      f73c7753
    • L
      ocfs2: improve ocfs2 Makefile · 066206bc
      Larry Chen 提交于
      [ Upstream commit 9e6aea22802b5684c7e1d69822aeb0844dd01953 ]
      
      Included file path was hard-wired in the ocfs2 makefile, which might
      causes some confusion when compiling ocfs2 as an external module.
      
      Say if we compile ocfs2 module as following.
      cp -r /kernel/tree/fs/ocfs2 /other/dir/ocfs2
      cd /other/dir/ocfs2
      make -C /path/to/kernel_source M=`pwd` modules
      
      Acutally, the compiler wil try to find included file in
      /kernel/tree/fs/ocfs2, rather than the directory /other/dir/ocfs2.
      
      To fix this little bug, we introduce the var $(src) provided by kbuild.
      $(src) means the absolute path of the running kbuild file.
      
      Link: http://lkml.kernel.org/r/20181108085546.15149-1-lchen@suse.comSigned-off-by: NLarry Chen <lchen@suse.com>
      Reviewed-by: NAndrew Morton <akpm@linux-foundation.org>
      Cc: Mark Fasheh <mark@fasheh.com>
      Cc: Joel Becker <jlbec@evilplan.org>
      Cc: Junxiao Bi <junxiao.bi@oracle.com>
      Cc: Joseph Qi <jiangqi903@gmail.com>
      Cc: Changwei Ge <ge.changwei@h3c.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      066206bc
    • J
      ocfs2: don't clear bh uptodate for block read · 69e63b49
      Junxiao Bi 提交于
      [ Upstream commit 70306d9dce75abde855cefaf32b3f71eed8602a3 ]
      
      For sync io read in ocfs2_read_blocks_sync(), first clear bh uptodate flag
      and submit the io, second wait io done, last check whether bh uptodate, if
      not return io error.
      
      If two sync io for the same bh were issued, it could be the first io done
      and set uptodate flag, but just before check that flag, the second io came
      in and cleared uptodate, then ocfs2_read_blocks_sync() for the first io
      will return IO error.
      
      Indeed it's not necessary to clear uptodate flag, as the io end handler
      end_buffer_read_sync() will set or clear it based on io succeed or failed.
      
      The following message was found from a nfs server but the underlying
      storage returned no error.
      
      [4106438.567376] (nfsd,7146,3):ocfs2_get_suballoc_slot_bit:2780 ERROR: read block 1238823695 failed -5
      [4106438.567569] (nfsd,7146,3):ocfs2_get_suballoc_slot_bit:2812 ERROR: status = -5
      [4106438.567611] (nfsd,7146,3):ocfs2_test_inode_bit:2894 ERROR: get alloc slot and bit failed -5
      [4106438.567643] (nfsd,7146,3):ocfs2_test_inode_bit:2932 ERROR: status = -5
      [4106438.567675] (nfsd,7146,3):ocfs2_get_dentry:94 ERROR: test inode bit failed -5
      
      Same issue in non sync read ocfs2_read_blocks(), fixed it as well.
      
      Link: http://lkml.kernel.org/r/20181121020023.3034-4-junxiao.bi@oracle.comSigned-off-by: NJunxiao Bi <junxiao.bi@oracle.com>
      Reviewed-by: NChangwei Ge <ge.changwei@h3c.com>
      Reviewed-by: NYiwen Jiang <jiangyiwen@huawei.com>
      Cc: Joel Becker <jlbec@evilplan.org>
      Cc: Joseph Qi <jiangqi903@gmail.com>
      Cc: Jun Piao <piaojun@huawei.com>
      Cc: Mark Fasheh <mfasheh@versity.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      69e63b49
    • R
      arch/sh/boards/mach-kfr2r09/setup.c: fix struct mtd_oob_ops build warning · dc8bd7ed
      Randy Dunlap 提交于
      [ Upstream commit 440e7b379f91acd245d5c8de94d533f40f5dffb3 ]
      
      arch/sh/boards/mach-kfr2r09/setup.c does not need to #include
      <mtd/onenand.h>, and doing so causes a build warning, so drop that header
      file.
      
      In file included from ../arch/sh/boards/mach-kfr2r09/setup.c:28:
      ../include/linux/mtd/onenand.h:225:12: warning: 'struct mtd_oob_ops' declared inside parameter list will not be visible outside of this definition or declaration
           struct mtd_oob_ops *ops);
      
      Link: http://lkml.kernel.org/r/702f0a25-c63e-6912-4640-6ab0f00afbc7@infradead.org
      Fixes: f3590dc3 ("media: arch: sh: kfr2r09: Use new renesas-ceu camera driver")
      Signed-off-by: NRandy Dunlap <rdunlap@infradead.org>
      Reported-by: NGeert Uytterhoeven <geert@linux-m68k.org>
      Suggested-by: NMiquel Raynal <miquel.raynal@bootlin.com>
      Reviewed-by: NMiquel Raynal <miquel.raynal@bootlin.com>
      Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
      Cc: Rich Felker <dalias@libc.org>
      Cc: Jacopo Mondi <jacopo+renesas@jmondi.org>
      Cc: Magnus Damm <magnus.damm@gmail.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      dc8bd7ed
    • M
      scripts/decode_stacktrace: only strip base path when a prefix of the path · fa3c7c09
      Marc Zyngier 提交于
      [ Upstream commit 67a28de47faa83585dd644bd4c31e5a1d9346c50 ]
      
      Running something like:
      
      	decodecode vmlinux .
      
      leads to interested results where not only the leading "." gets stripped
      from the displayed paths, but also anywhere in the string, displaying
      something like:
      
      	kvm_vcpu_check_block (arch/arm64/kvm/virt/kvm/kvm_mainc:2141)
      
      which doesn't help further processing.
      
      Fix it by only stripping the base path if it is a prefix of the path.
      
      Link: http://lkml.kernel.org/r/20181210174659.31054-3-marc.zyngier@arm.comSigned-off-by: NMarc Zyngier <marc.zyngier@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      fa3c7c09
    • J
      perf python: Do not force closing original perf descriptor in evlist.get_pollfd() · 395cbb9a
      Jiri Olsa 提交于
      [ Upstream commit a389aece97938966616ce0336466b98b0351ef10 ]
      
      Ondřej reported that when compiled with python3, the python extension
      regresses in evlist.get_pollfd function behaviour.
      
      The evlist.get_pollfd function creates file objects from evlist's fds
      and returns them in a list. The python3 version also sets them to 'close
      the original descriptor' when the object dies (is closed), by passing
      True via the 'closefd' arg in the PyFile_FromFd call.
      
      The python's closefd doc says:
      
        If closefd is False, the underlying file descriptor will be kept open
        when the file is closed.
      
      That's why the following line in python3 closes all evlist fds:
      
        evlist.get_pollfd()
      
      the returned list is immediately destroyed and that takes down the
      original events fds.
      
      Passing closefd as False to PyFile_FromFd to fix this.
      Reported-by: NOndřej Lysoněk <olysonek@redhat.com>
      Signed-off-by: NJiri Olsa <jolsa@kernel.org>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Jaroslav Škarvada <jskarvad@redhat.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Fixes: 66dfdff0 ("perf tools: Add Python 3 support")
      Link: http://lkml.kernel.org/r/20181226112121.5285-1-jolsa@kernel.orgSigned-off-by: NArnaldo Carvalho de Melo <acme@redhat.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      395cbb9a
    • O
      cgroup: fix parsing empty mount option string · 4b5abffd
      Ondrej Mosnacek 提交于
      [ Upstream commit e250d91d65750a0c0c62483ac4f9f357e7317617 ]
      
      This fixes the case where all mount options specified are consumed by an
      LSM and all that's left is an empty string. In this case cgroupfs should
      accept the string and not fail.
      
      How to reproduce (with SELinux enabled):
      
          # umount /sys/fs/cgroup/unified
          # mount -o context=system_u:object_r:cgroup_t:s0 -t cgroup2 cgroup2 /sys/fs/cgroup/unified
          mount: /sys/fs/cgroup/unified: wrong fs type, bad option, bad superblock on cgroup2, missing codepage or helper program, or other error.
          # dmesg | tail -n 1
          [   31.575952] cgroup: cgroup2: unknown option ""
      
      Fixes: 67e9c74b ("cgroup: replace __DEVEL__sane_behavior with cgroup2 fs type")
      [NOTE: should apply on top of commit 5136f636 ("cgroup: implement "nsdelegate" mount option"), older versions need manual rebase]
      Suggested-by: NStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: NOndrej Mosnacek <omosnace@redhat.com>
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      4b5abffd
    • S
      f2fs: fix sbi->extent_list corruption issue · df13b036
      Sahitya Tummala 提交于
      [ Upstream commit e4589fa545e0020dbbc3c9bde35f35f949901392 ]
      
      When there is a failure in f2fs_fill_super() after/during
      the recovery of fsync'd nodes, it frees the current sbi and
      retries again. This time the mount is successful, but the files
      that got recovered before retry, still holds the extent tree,
      whose extent nodes list is corrupted since sbi and sbi->extent_list
      is freed up. The list_del corruption issue is observed when the
      file system is getting unmounted and when those recoverd files extent
      node is being freed up in the below context.
      
      list_del corruption. prev->next should be fffffff1e1ef5480, but was (null)
      <...>
      kernel BUG at kernel/msm-4.14/lib/list_debug.c:53!
      lr : __list_del_entry_valid+0x94/0xb4
      pc : __list_del_entry_valid+0x94/0xb4
      <...>
      Call trace:
      __list_del_entry_valid+0x94/0xb4
      __release_extent_node+0xb0/0x114
      __free_extent_tree+0x58/0x7c
      f2fs_shrink_extent_tree+0xdc/0x3b0
      f2fs_leave_shrinker+0x28/0x7c
      f2fs_put_super+0xfc/0x1e0
      generic_shutdown_super+0x70/0xf4
      kill_block_super+0x2c/0x5c
      kill_f2fs_super+0x44/0x50
      deactivate_locked_super+0x60/0x8c
      deactivate_super+0x68/0x74
      cleanup_mnt+0x40/0x78
      __cleanup_mnt+0x1c/0x28
      task_work_run+0x48/0xd0
      do_notify_resume+0x678/0xe98
      work_pending+0x8/0x14
      
      Fix this by not creating extents for those recovered files if shrinker is
      not registered yet. Once mount is successful and shrinker is registered,
      those files can have extents again.
      Signed-off-by: NSahitya Tummala <stummala@codeaurora.org>
      Signed-off-by: NJaegeuk Kim <jaegeuk@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      df13b036
    • K
      niu: fix missing checks of niu_pci_eeprom_read · 4d6b5b08
      Kangjie Lu 提交于
      [ Upstream commit 26fd962bde0b15e54234fe762d86bc0349df1de4 ]
      
      niu_pci_eeprom_read() may fail, so we should check its return value
      before using the read data.
      Signed-off-by: NKangjie Lu <kjlu@umn.edu>
      Acked-by: NShannon Nelson <shannon.lee.nelson@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      4d6b5b08
    • A
      um: Avoid marking pages with "changed protection" · 1e480ee6
      Anton Ivanov 提交于
      [ Upstream commit 8892d8545f2d0342b9c550defbfb165db237044b ]
      
      Changing protection is a very high cost operation in UML
      because in addition to an extra syscall it also interrupts
      mmap merge sequences generated by the tlb.
      
      While the condition is not particularly common it is worth
      avoiding.
      Signed-off-by: NAnton Ivanov <anton.ivanov@cambridgegreys.com>
      Signed-off-by: NRichard Weinberger <richard@nod.at>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      1e480ee6
    • S
      f2fs: fix use-after-free issue when accessing sbi->stat_info · 69e7f877
      Sahitya Tummala 提交于
      [ Upstream commit 60aa4d5536ab7fe32433ca1173bd9d6633851f27 ]
      
      iput() on sbi->node_inode can update sbi->stat_info
      in the below context, if the f2fs_write_checkpoint()
      has failed with error.
      
      f2fs_balance_fs_bg+0x1ac/0x1ec
      f2fs_write_node_pages+0x4c/0x260
      do_writepages+0x80/0xbc
      __writeback_single_inode+0xdc/0x4ac
      writeback_single_inode+0x9c/0x144
      write_inode_now+0xc4/0xec
      iput+0x194/0x22c
      f2fs_put_super+0x11c/0x1e8
      generic_shutdown_super+0x70/0xf4
      kill_block_super+0x2c/0x5c
      kill_f2fs_super+0x44/0x50
      deactivate_locked_super+0x60/0x8c
      deactivate_super+0x68/0x74
      cleanup_mnt+0x40/0x78
      
      Fix this by moving f2fs_destroy_stats() further below iput() in
      both f2fs_put_super() and f2fs_fill_super() paths.
      Signed-off-by: NSahitya Tummala <stummala@codeaurora.org>
      Reviewed-by: NChao Yu <yuchao0@huawei.com>
      Signed-off-by: NJaegeuk Kim <jaegeuk@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      69e7f877
    • R
      cifs: check ntwrk_buf_start for NULL before dereferencing it · 5d3b4cd8
      Ronnie Sahlberg 提交于
      [ Upstream commit 59a63e479ce36a3f24444c3a36efe82b78e4a8e0 ]
      
      RHBZ: 1021460
      
      There is an issue where when multiple threads open/close the same directory
      ntwrk_buf_start might end up being NULL, causing the call to smbCalcSize
      later to oops with a NULL deref.
      
      The real bug is why this happens and why this can become NULL for an
      open cfile, which should not be allowed.
      This patch tries to avoid a oops until the time when we fix the underlying
      issue.
      Signed-off-by: NRonnie Sahlberg <lsahlber@redhat.com>
      Signed-off-by: NSteve French <stfrench@microsoft.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      5d3b4cd8
    • S
      MIPS: ralink: Select CONFIG_CPU_MIPSR2_IRQ_VI on MT7620/8 · 2cdf5246
      Stefan Roese 提交于
      [ Upstream commit 0b15394475e3bcaf35ca4bf22fc55d56df67224e ]
      
      Testing has shown, that when using mainline U-Boot on MT7688 based
      boards, the system may hang or crash while mounting the root-fs. The
      main issue here is that mainline U-Boot configures EBase to a value
      near the end of system memory. And with CONFIG_CPU_MIPSR2_IRQ_VI
      disabled, trap_init() will not allocate a new area to place the
      exception handler. The original value will be used and the handler
      will be copied to this location, which might already be used by some
      userspace application.
      
      The MT7688 supports VI - its config3 register is 0x00002420, so VInt
      (Bit 5) is set. But without setting CONFIG_CPU_MIPSR2_IRQ_VI this
      bit will not be evaluated to result in "cpu_has_vi" being set. This
      patch now selects CONFIG_CPU_MIPSR2_IRQ_VI on MT7620/8 which results
      trap_init() to allocate some memory for the exception handler.
      
      Please note that this issue was not seen with the Mediatek U-Boot
      version, as it does not touch EBase (stays at default of 0x8000.0000).
      This is strictly also not correct as the kernel (_text) resides
      here.
      Signed-off-by: NStefan Roese <sr@denx.de>
      [paul.burton@mips.com: s/beeing/being/]
      Signed-off-by: NPaul Burton <paul.burton@mips.com>
      Cc: John Crispin <blogic@openwrt.org>
      Cc: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: linux-mips@linux-mips.org
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      2cdf5246
    • N
      crypto: ux500 - Use proper enum in hash_set_dma_transfer · 1dc571ff
      Nathan Chancellor 提交于
      [ Upstream commit 5ac93f808338f4dd465402e91869702eb87db241 ]
      
      Clang warns when one enumerated type is implicitly converted to another:
      
      drivers/crypto/ux500/hash/hash_core.c:169:4: warning: implicit
      conversion from enumeration type 'enum dma_data_direction' to different
      enumeration type 'enum dma_transfer_direction' [-Wenum-conversion]
                              direction, DMA_CTRL_ACK | DMA_PREP_INTERRUPT);
                              ^~~~~~~~~
      1 warning generated.
      
      dmaengine_prep_slave_sg expects an enum from dma_transfer_direction.
      We know that the only direction supported by this function is
      DMA_TO_DEVICE because of the check at the top of this function so we can
      just use the equivalent value from dma_transfer_direction.
      
      DMA_TO_DEVICE = DMA_MEM_TO_DEV = 1
      Signed-off-by: NNathan Chancellor <natechancellor@gmail.com>
      Reviewed-by: NNick Desaulniers <ndesaulniers@google.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      1dc571ff
    • N
      crypto: ux500 - Use proper enum in cryp_set_dma_transfer · 2b020c09
      Nathan Chancellor 提交于
      [ Upstream commit 9d880c5945c748d8edcac30965f3349a602158c4 ]
      
      Clang warns when one enumerated type is implicitly converted to another:
      
      drivers/crypto/ux500/cryp/cryp_core.c:559:5: warning: implicit
      conversion from enumeration type 'enum dma_data_direction' to different
      enumeration type 'enum dma_transfer_direction' [-Wenum-conversion]
                                      direction, DMA_CTRL_ACK);
                                      ^~~~~~~~~
      drivers/crypto/ux500/cryp/cryp_core.c:583:5: warning: implicit
      conversion from enumeration type 'enum dma_data_direction' to different
      enumeration type 'enum dma_transfer_direction' [-Wenum-conversion]
                                      direction,
                                      ^~~~~~~~~
      2 warnings generated.
      
      dmaengine_prep_slave_sg expects an enum from dma_transfer_direction.
      Because we know the value of the dma_data_direction enum from the
      switch statement, we can just use the proper value from
      dma_transfer_direction so there is no more conversion.
      
      DMA_TO_DEVICE = DMA_MEM_TO_DEV = 1
      DMA_FROM_DEVICE = DMA_DEV_TO_MEM = 2
      Signed-off-by: NNathan Chancellor <natechancellor@gmail.com>
      Reviewed-by: NNick Desaulniers <ndesaulniers@google.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      2b020c09
    • M
      seq_buf: Make seq_buf_puts() null-terminate the buffer · 6201e8ad
      Michael Ellerman 提交于
      [ Upstream commit 0464ed24380905d640030d368cd84a4e4d1e15e2 ]
      
      Currently seq_buf_puts() will happily create a non null-terminated
      string for you in the buffer. This is particularly dangerous if the
      buffer is on the stack.
      
      For example:
      
        char buf[8];
        char secret = "secret";
        struct seq_buf s;
      
        seq_buf_init(&s, buf, sizeof(buf));
        seq_buf_puts(&s, "foo");
        printk("Message is %s\n", buf);
      
      Can result in:
      
        Message is fooªªªªªsecret
      
      We could require all users to memset() their buffer to zero before
      use. But that seems likely to be forgotten and lead to bugs.
      
      Instead we can change seq_buf_puts() to always leave the buffer in a
      null-terminated state.
      
      The only downside is that this makes the buffer 1 character smaller
      for seq_buf_puts(), but that seems like a good trade off.
      
      Link: http://lkml.kernel.org/r/20181019042109.8064-1-mpe@ellerman.id.auAcked-by: NKees Cook <keescook@chromium.org>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      Signed-off-by: NSteven Rostedt (VMware) <rostedt@goodmis.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      6201e8ad
    • K
      hwmon: (lm80) fix a missing check of bus read in lm80 probe · 040f7697
      Kangjie Lu 提交于
      [ Upstream commit 9aa3aa15f4c2f74f47afd6c5db4b420fadf3f315 ]
      
      In lm80_probe(), if lm80_read_value() fails, it returns a negative
      error number which is stored to data->fan[f_min] and will be further
      used. We should avoid using the data if the read fails.
      
      The fix checks if lm80_read_value() fails, and if so, returns with the
      error number.
      Signed-off-by: NKangjie Lu <kjlu@umn.edu>
      Signed-off-by: NGuenter Roeck <linux@roeck-us.net>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      040f7697
    • K
      hwmon: (lm80) fix a missing check of the status of SMBus read · 8dcf8478
      Kangjie Lu 提交于
      [ Upstream commit c9c63915519b1def7043b184680f33c24cd49d7b ]
      
      If lm80_read_value() fails, it returns a negative number instead of the
      correct read data. Therefore, we should avoid using the data if it
      fails.
      
      The fix checks if lm80_read_value() fails, and if so, returns with the
      error number.
      Signed-off-by: NKangjie Lu <kjlu@umn.edu>
      [groeck: One variable for return values is enough]
      Signed-off-by: NGuenter Roeck <linux@roeck-us.net>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      8dcf8478
    • S
      perf build: Don't unconditionally link the libbfd feature test to -liberty and -lz · 303d29d8
      Stanislav Fomichev 提交于
      [ Upstream commit 14541b1e7e723859ff2c75c6fc10cdbbec6b8c34 ]
      
      Current libbfd feature test unconditionally links against -liberty and -lz.
      While it's required on some systems (e.g. opensuse), it's completely
      unnecessary on the others, where only -lbdf is sufficient (debian).
      This patch streamlines (and renames) the following feature checks:
      
      feature-libbfd           - only link against -lbfd (debian),
                                 see commit 2cf90407 ("perf tools: Fix bfd
      			   dependency libraries detection")
      feature-libbfd-liberty   - link against -lbfd and -liberty
      feature-libbfd-liberty-z - link against -lbfd, -liberty and -lz (opensuse),
                                 see commit 280e7c48 ("perf tools: fix BFD
      			   detection on opensuse")
      
      (feature-liberty{,-z} were renamed to feature-libbfd-liberty{,z}
      for clarity)
      
      The main motivation is to fix this feature test for bpftool which is
      currently broken on debian (libbfd feature shows OFF, but we still
      unconditionally link against -lbfd and it works).
      
      Tested on debian with only -lbfd installed (without -liberty); I'd
      appreciate if somebody on the other systems can test this new detection
      method.
      Signed-off-by: NStanislav Fomichev <sdf@google.com>
      Acked-by: NJiri Olsa <jolsa@kernel.org>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Link: http://lkml.kernel.org/r/4dfc634cfcfb236883971b5107cf3c28ec8a31be.1542328222.git.sdf@google.comSigned-off-by: NArnaldo Carvalho de Melo <acme@redhat.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      303d29d8
    • C
      NFS: nfs_compare_mount_options always compare auth flavors. · 8c642d71
      Chris Perl 提交于
      [ Upstream commit 594d1644cd59447f4fceb592448d5cd09eb09b5e ]
      
      This patch removes the check from nfs_compare_mount_options to see if a
      `sec' option was passed for the current mount before comparing auth
      flavors and instead just always compares auth flavors.
      
      Consider the following scenario:
      
      You have a server with the address 192.168.1.1 and two exports /export/a
      and /export/b.  The first export supports `sys' and `krb5' security, the
      second just `sys'.
      
      Assume you start with no mounts from the server.
      
      The following results in EIOs being returned as the kernel nfs client
      incorrectly thinks it can share the underlying `struct nfs_server's:
      
      $ mkdir /tmp/{a,b}
      $ sudo mount -t nfs -o vers=3,sec=krb5 192.168.1.1:/export/a /tmp/a
      $ sudo mount -t nfs -o vers=3          192.168.1.1:/export/b /tmp/b
      $ df >/dev/null
      df: ‘/tmp/b’: Input/output error
      Signed-off-by: NChris Perl <cperl@janestreet.com>
      Signed-off-by: NAnna Schumaker <Anna.Schumaker@Netapp.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      8c642d71
    • J
      kvm: Change offset in kvm_write_guest_offset_cached to unsigned · ad9241f2
      Jim Mattson 提交于
      [ Upstream commit 7a86dab8cf2f0fdf508f3555dddfc236623bff60 ]
      
      Since the offset is added directly to the hva from the
      gfn_to_hva_cache, a negative offset could result in an out of bounds
      write. The existing BUG_ON only checks for addresses beyond the end of
      the gfn_to_hva_cache, not for addresses before the start of the
      gfn_to_hva_cache.
      
      Note that all current call sites have non-negative offsets.
      
      Fixes: 4ec6e863 ("kvm: Introduce kvm_write_guest_offset_cached()")
      Reported-by: NCfir Cohen <cfir@google.com>
      Signed-off-by: NJim Mattson <jmattson@google.com>
      Reviewed-by: NCfir Cohen <cfir@google.com>
      Reviewed-by: NPeter Shier <pshier@google.com>
      Reviewed-by: NKrish Sadhukhan <krish.sadhukhan@oracle.com>
      Reviewed-by: NSean Christopherson <sean.j.christopherson@intel.com>
      Signed-off-by: NRadim Krčmář <rkrcmar@redhat.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      ad9241f2
    • M
      powerpc/fadump: Do not allow hot-remove memory from fadump reserved area. · fc090081
      Mahesh Salgaonkar 提交于
      [ Upstream commit 0db6896ff6332ba694f1e61b93ae3b2640317633 ]
      
      For fadump to work successfully there should not be any holes in reserved
      memory ranges where kernel has asked firmware to move the content of old
      kernel memory in event of crash. Now that fadump uses CMA for reserved
      area, this memory area is now not protected from hot-remove operations
      unless it is cma allocated. Hence, fadump service can fail to re-register
      after the hot-remove operation, if hot-removed memory belongs to fadump
      reserved region. To avoid this make sure that memory from fadump reserved
      area is not hot-removable if fadump is registered.
      
      However, if user still wants to remove that memory, he can do so by
      manually stopping fadump service before hot-remove operation.
      Signed-off-by: NMahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      fc090081
    • V
      KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported · 84a4572b
      Vitaly Kuznetsov 提交于
      [ Upstream commit e87555e550cef4941579cd879759a7c0dee24e68 ]
      
      AMD doesn't seem to implement MSR_IA32_MCG_EXT_CTL and svm code in kvm
      knows nothing about it, however, this MSR is among emulated_msrs and
      thus returned with KVM_GET_MSR_INDEX_LIST. The consequent KVM_GET_MSRS,
      of course, fails.
      
      Report the MSR as unsupported to not confuse userspace.
      Signed-off-by: NVitaly Kuznetsov <vkuznets@redhat.com>
      Signed-off-by: NRadim Krčmář <rkrcmar@redhat.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      84a4572b
    • M
      pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins · a41cd69e
      Martin Blumenstingl 提交于
      [ Upstream commit 2b745ac3cceb8fc1d9985990c8241a821ea97e53 ]
      
      The GPIOAO pins (as well as the two exotic GPIO_BSD_EN and GPIO_TEST_N)
      only belong to the pin controller in the AO domain. With the current
      definition these pins cannot be referred to in .dts files as group
      (which is possible on GXBB and GXL for example).
      
      Add a separate "gpio_aobus" function to fix the mapping between the pin
      controller and the GPIO pins in the AO domain. This is similar to how
      the GXBB and GXL drivers implement this functionality.
      
      Fixes: 9dab1868 ("pinctrl: amlogic: Make driver independent from two-domain configuration")
      Signed-off-by: NMartin Blumenstingl <martin.blumenstingl@googlemail.com>
      Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      a41cd69e
    • M
      pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins · 098fa489
      Martin Blumenstingl 提交于
      [ Upstream commit 42f9b48cc5402be11d2364275eb18c257d2a79e8 ]
      
      The GPIOAO pins (as well as the two exotic GPIO_BSD_EN and GPIO_TEST_N)
      only belong to the pin controller in the AO domain. With the current
      definition these pins cannot be referred to in .dts files as group
      (which is possible on GXBB and GXL for example).
      
      Add a separate "gpio_aobus" function to fix the mapping between the pin
      controller and the GPIO pins in the AO domain. This is similar to how
      the GXBB and GXL drivers implement this functionality.
      
      Fixes: 9dab1868 ("pinctrl: amlogic: Make driver independent from two-domain configuration")
      Signed-off-by: NMartin Blumenstingl <martin.blumenstingl@googlemail.com>
      Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      098fa489
    • C
      powerpc/mm: Fix reporting of kernel execute faults on the 8xx · 279eb1d9
      Christophe Leroy 提交于
      [ Upstream commit ffca395b11c4a5a6df6d6345f794b0e3d578e2d0 ]
      
      On the 8xx, no-execute is set via PPP bits in the PTE. Therefore
      a no-exec fault generates DSISR_PROTFAULT error bits,
      not DSISR_NOEXEC_OR_G.
      
      This patch adds DSISR_PROTFAULT in the test mask.
      
      Fixes: d3ca5874 ("powerpc/mm: Fix reporting of kernel execute faults")
      Signed-off-by: NChristophe Leroy <christophe.leroy@c-s.fr>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      279eb1d9
    • N
      fbdev: fbcon: Fix unregister crash when more than one framebuffer · 9e9435bc
      Noralf Trønnes 提交于
      [ Upstream commit 2122b40580dd9d0620398739c773d07a7b7939d0 ]
      
      When unregistering fbdev using unregister_framebuffer(), any bound
      console will unbind automatically. This is working fine if this is the
      only framebuffer, resulting in a switch to the dummy console. However if
      there is a fb0 and I unregister fb1 having a bound console, I eventually
      get a crash. The fastest way for me to trigger the crash is to do a
      reboot, resulting in this splat:
      
      [   76.478825] WARNING: CPU: 0 PID: 527 at linux/kernel/workqueue.c:1442 __queue_work+0x2d4/0x41c
      [   76.478849] Modules linked in: raspberrypi_hwmon gpio_backlight backlight bcm2835_rng rng_core [last unloaded: tinydrm]
      [   76.478916] CPU: 0 PID: 527 Comm: systemd-udevd Not tainted 4.20.0-rc4+ #4
      [   76.478933] Hardware name: BCM2835
      [   76.478949] Backtrace:
      [   76.478995] [<c010d388>] (dump_backtrace) from [<c010d670>] (show_stack+0x20/0x24)
      [   76.479022]  r6:00000000 r5:c0bc73be r4:00000000 r3:6fb5bf81
      [   76.479060] [<c010d650>] (show_stack) from [<c08e82f4>] (dump_stack+0x20/0x28)
      [   76.479102] [<c08e82d4>] (dump_stack) from [<c0120070>] (__warn+0xec/0x12c)
      [   76.479134] [<c011ff84>] (__warn) from [<c01201e4>] (warn_slowpath_null+0x4c/0x58)
      [   76.479165]  r9:c0eb6944 r8:00000001 r7:c0e927f8 r6:c0bc73be r5:000005a2 r4:c0139e84
      [   76.479197] [<c0120198>] (warn_slowpath_null) from [<c0139e84>] (__queue_work+0x2d4/0x41c)
      [   76.479222]  r6:d7666a00 r5:c0e918ee r4:dbc4e700
      [   76.479251] [<c0139bb0>] (__queue_work) from [<c013a02c>] (queue_work_on+0x60/0x88)
      [   76.479281]  r10:c0496bf8 r9:00000100 r8:c0e92ae0 r7:00000001 r6:d9403700 r5:d7666a00
      [   76.479298]  r4:20000113
      [   76.479348] [<c0139fcc>] (queue_work_on) from [<c0496c28>] (cursor_timer_handler+0x30/0x54)
      [   76.479374]  r7:d8a8fabc r6:c0e08088 r5:d8afdc5c r4:d8a8fabc
      [   76.479413] [<c0496bf8>] (cursor_timer_handler) from [<c0178744>] (call_timer_fn+0x100/0x230)
      [   76.479435]  r4:c0e9192f r3:d758a340
      [   76.479465] [<c0178644>] (call_timer_fn) from [<c0178980>] (expire_timers+0x10c/0x12c)
      [   76.479495]  r10:40000000 r9:c0e9192f r8:c0e92ae0 r7:d8afdccc r6:c0e19280 r5:c0496bf8
      [   76.479513]  r4:d8a8fabc
      [   76.479541] [<c0178874>] (expire_timers) from [<c0179630>] (run_timer_softirq+0xa8/0x184)
      [   76.479570]  r9:00000001 r8:c0e19280 r7:00000000 r6:c0e08088 r5:c0e1a3e0 r4:c0e19280
      [   76.479603] [<c0179588>] (run_timer_softirq) from [<c0102404>] (__do_softirq+0x1ac/0x3fc)
      [   76.479632]  r10:c0e91680 r9:d8afc020 r8:0000000a r7:00000100 r6:00000001 r5:00000002
      [   76.479650]  r4:c0eb65ec
      [   76.479686] [<c0102258>] (__do_softirq) from [<c0124d10>] (irq_exit+0xe8/0x168)
      [   76.479716]  r10:d8d1a9b0 r9:d8afc000 r8:00000001 r7:d949c000 r6:00000000 r5:c0e8b3f0
      [   76.479734]  r4:00000000
      [   76.479764] [<c0124c28>] (irq_exit) from [<c016b72c>] (__handle_domain_irq+0x94/0xb0)
      [   76.479793] [<c016b698>] (__handle_domain_irq) from [<c01021dc>] (bcm2835_handle_irq+0x3c/0x48)
      [   76.479823]  r8:d8afdebc r7:d8afddfc r6:ffffffff r5:c0e089f8 r4:d8afddc8 r3:d8afddc8
      [   76.479851] [<c01021a0>] (bcm2835_handle_irq) from [<c01019f0>] (__irq_svc+0x70/0x98)
      
      The problem is in the console rebinding in fbcon_fb_unbind(). It uses the
      virtual console index as the new framebuffer index to bind the console(s)
      to. The correct way is to use the con2fb_map lookup table to find the
      framebuffer index.
      
      Fixes: cfafca80 ("fbdev: fbcon: console unregistration from unregister_framebuffer")
      Signed-off-by: NNoralf Trønnes <noralf@tronnes.org>
      Reviewed-by: NMikulas Patocka <mpatocka@redhat.com>
      Acked-by: NDaniel Vetter <daniel.vetter@ffwll.ch>
      Signed-off-by: NBartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      9e9435bc
    • L
      ACPI/APEI: Clear GHES block_status before panic() · 00e391ec
      Lenny Szubowicz 提交于
      [ Upstream commit 98cff8b23ed1c763a029ee81ea300df0d153d07d ]
      
      In __ghes_panic() clear the block status in the APEI generic
      error status block for that generic hardware error source before
      calling panic() to prevent a second panic() in the crash kernel
      for exactly the same fatal error.
      
      Otherwise ghes_probe(), running in the crash kernel, would see
      an unhandled error in the APEI generic error status block and
      panic again, thereby precluding any crash dump.
      Signed-off-by: NLenny Szubowicz <lszubowi@redhat.com>
      Signed-off-by: NDavid Arcari <darcari@redhat.com>
      Tested-by: NTyler Baicar <baicar.tyler@gmail.com>
      Acked-by: NBorislav Petkov <bp@suse.de>
      Signed-off-by: NRafael J. Wysocki <rafael.j.wysocki@intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      00e391ec
    • K
      igb: Fix an issue that PME is not enabled during runtime suspend · d657e82f
      Kai-Heng Feng 提交于
      [ Upstream commit 1fb3a7a75e2efcc83ef21f2434069cddd6fae6f5 ]
      
      I210 ethernet card doesn't wakeup when a cable gets plugged. It's
      because its PME is not set.
      
      Since commit 42eca230 ("PCI: Don't touch card regs after runtime
      suspend D3"), if the PCI state is saved, pci_pm_runtime_suspend() stops
      calling pci_finish_runtime_suspend(), which enables the PCI PME.
      
      To fix the issue, let's not to save PCI states when it's runtime
      suspend, to let the PCI subsystem enables PME.
      
      Fixes: 42eca230 ("PCI: Don't touch card regs after runtime suspend D3")
      Signed-off-by: NKai-Heng Feng <kai.heng.feng@canonical.com>
      Tested-by: NAaron Brown <aaron.f.brown@intel.com>
      Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      d657e82f
    • Y
      ice: Do not enable NAPI on q_vectors that have no rings · d01b26e7
      Young Xiao 提交于
      [ Upstream commit eec903769b4ea476591ffff73bb7359f14f38c51 ]
      
      If ice driver has q_vectors w/ active NAPI that has no rings,
      then this will result in a divide by zero error. To correct it
      I am updating the driver code so that we only support NAPI on
      q_vectors that have 1 or more rings allocated to them.
      
      See commit 13a8cd19 ("i40e: Do not enable NAPI on q_vectors
      that have no rings") for detail.
      Signed-off-by: NYoung Xiao <YangX92@hotmail.com>
      Acked-by: NAnirudh Venkataramanan <anirudh.venkataramanan@intel.com>
      Tested-by: NAndrew Bowers <andrewx.bowers@intel.com>
      Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      d01b26e7