1. 16 9月, 2019 40 次提交
    • T
      mmc: renesas_sdhi: Fix card initialization failure in high speed mode · df732920
      Takeshi Saito 提交于
      [ Upstream commit d30ae056adb81e1d2b8b953efa74735a020b8e3b ]
      
      This fixes card initialization failure in high speed mode.
      
      If U-Boot uses SDR or HS200/400 mode before starting Linux and Linux
      DT does not enable SDR/HS200/HS400 mode, card initialization fails in
      high speed mode.
      
      It is necessary to initialize SCC registers during card initialization
      phase. HW reset function is registered only for a port with either of
      SDR/HS200/HS400 properties in device tree. If SDR/HS200/HS400 properties
      are not present in device tree, SCC registers will not be reset. In SoC
      that support SCC registers, HW reset function should be registered
      regardless of the configuration of device tree.
      
      Reproduction procedure:
      - Use U-Boot that support MMC HS200/400 mode.
      - Delete HS200/HS400 properties in device tree.
        (Delete mmc-hs200-1_8v and mmc-hs400-1_8v)
      - MMC port works high speed mode and all commands fail.
      Signed-off-by: NTakeshi Saito <takeshi.saito.xv@renesas.com>
      Signed-off-by: NMarek Vasut <marek.vasut+renesas@gmail.com>
      Cc: Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se>
      Cc: Simon Horman <horms+renesas@verge.net.au>
      Reviewed-by: NWolfram Sang <wsa+renesas@sang-engineering.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: NUlf Hansson <ulf.hansson@linaro.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      df732920
    • M
      powerpc/kvm: Save and restore host AMR/IAMR/UAMOR · 915c9d0a
      Michael Ellerman 提交于
      [ Upstream commit c3c7470c75566a077c8dc71dcf8f1948b8ddfab4 ]
      
      When the hash MMU is active the AMR, IAMR and UAMOR are used for
      pkeys. The AMR is directly writable by user space, and the UAMOR masks
      those writes, meaning both registers are effectively user register
      state. The IAMR is used to create an execute only key.
      
      Also we must maintain the value of at least the AMR when running in
      process context, so that any memory accesses done by the kernel on
      behalf of the process are correctly controlled by the AMR.
      
      Although we are correctly switching all registers when going into a
      guest, on returning to the host we just write 0 into all regs, except
      on Power9 where we restore the IAMR correctly.
      
      This could be observed by a user process if it writes the AMR, then
      runs a guest and we then return immediately to it without
      rescheduling. Because we have written 0 to the AMR that would have the
      effect of granting read/write permission to pages that the process was
      trying to protect.
      
      In addition, when using the Radix MMU, the AMR can prevent inadvertent
      kernel access to userspace data, writing 0 to the AMR disables that
      protection.
      
      So save and restore AMR, IAMR and UAMOR.
      
      Fixes: cf43d3b2 ("powerpc: Enable pkey subsystem")
      Cc: stable@vger.kernel.org # v4.16+
      Signed-off-by: NRussell Currey <ruscur@russell.cc>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      Acked-by: NPaul Mackerras <paulus@ozlabs.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      915c9d0a
    • R
      spi: spi-gpio: fix SPI_CS_HIGH capability · b3f864b8
      Russell King 提交于
      [ Upstream commit b89fefda7d4e3a649129584d855be233c7465264 ]
      
      spi-gpio is capable of dealing with active-high chip-selects.
      Unfortunately, commit 4b859db2 ("spi: spi-gpio: add SPI_3WIRE
      support") broke this by setting master->mode_bits, which overrides
      the setting in the spi-bitbang code.  Fix this.
      
      [Fixed a trivial conflict with SPI_3WIRE_HIZ support -- broonie]
      
      Fixes: 4b859db2 ("spi: spi-gpio: add SPI_3WIRE support")
      Signed-off-by: NRussell King <rmk+kernel@armlinux.org.uk>
      Signed-off-by: NMark Brown <broonie@kernel.org>
      Cc: stable@vger.kernel.org
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      b3f864b8
    • P
      x86/kvmclock: set offset for kvm unstable clock · 1d60902a
      Pavel Tatashin 提交于
      [ Upstream commit b5179ec4187251a751832193693d6e474d3445ac ]
      
      VMs may show incorrect uptime and dmesg printk offsets on hypervisors with
      unstable clock. The problem is produced when VM is rebooted without exiting
      from qemu.
      
      The fix is to calculate clock offset not only for stable clock but for
      unstable clock as well, and use kvm_sched_clock_read() which substracts
      the offset for both clocks.
      
      This is safe, because pvclock_clocksource_read() does the right thing and
      makes sure that clock always goes forward, so once offset is calculated
      with unstable clock, we won't get new reads that are smaller than offset,
      and thus won't get negative results.
      
      Thank you Jon DeVree for helping to reproduce this issue.
      
      Fixes: 857baa87 ("sched/clock: Enable sched clock early")
      Cc: stable@vger.kernel.org
      Reported-by: NDominique Martinet <asmadeus@codewreck.org>
      Signed-off-by: NPavel Tatashin <pasha.tatashin@soleen.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      1d60902a
    • I
      iwlwifi: add new card for 9260 series · 716b0cfa
      Ihab Zhaika 提交于
      [ Upstream commit 3941310cf665b8a7965424d2a185c80782faa030 ]
      
      Add one PCI ID for 9260 series.
      
      CC: <stable@vger.kernel.org> # 4.14+
      Signed-off-by: NIhab Zhaika <ihab.zhaika@intel.com>
      Signed-off-by: NLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      716b0cfa
    • L
      iwlwifi: fix devices with PCI Device ID 0x34F0 and 11ac RF modules · 213566a9
      Luca Coelho 提交于
      [ Upstream commit ab27926d9e4ae23df4f4d98e31f067c8b486bb4f ]
      
      The devices with PCI device ID 0x34F0 are part of the SoC and can be
      combined with some different external RF modules.  The configuration
      for these devices should reflect that, but are currently mixed up.  To
      avoid confusion with discrete devices, add part of the firmware to be
      used and the official name of the device to the cfg structs.
      
      This is least reorganization possible (without messing things even
      more) that could be done as a bugfix for this SoC.  Further
      reorganization of this code will be done separately.
      Signed-off-by: NLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      213566a9
    • L
      drm/nouveau: Don't WARN_ON VCPI allocation failures · 2b76fcb6
      Lyude Paul 提交于
      [ Upstream commit b513a18cf1d705bd04efd91c417e79e4938be093 ]
      
      This is much louder then we want. VCPI allocation failures are quite
      normal, since they will happen if any part of the modesetting process is
      interrupted by removing the DP MST topology in question. So just print a
      debugging message on VCPI failures instead.
      Signed-off-by: NLyude Paul <lyude@redhat.com>
      Fixes: f479c0ba ("drm/nouveau/kms/nv50: initial support for DP 1.2 multi-stream")
      Cc: Ben Skeggs <bskeggs@redhat.com>
      Cc: dri-devel@lists.freedesktop.org
      Cc: nouveau@lists.freedesktop.org
      Cc: <stable@vger.kernel.org> # v4.10+
      Signed-off-by: NBen Skeggs <bskeggs@redhat.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      2b76fcb6
    • F
      mt76: fix corrupted software generated tx CCMP PN · 173b6557
      Felix Fietkau 提交于
      [ Upstream commit 906d2d3f874a54183df5a609fda180adf0462428 ]
      
      Since ccmp_pn is u8 *, the second half needs to start at array index 4
      instead of 0. Fixes a connection stall after a certain amount of traffic
      
      Fixes: 23405236 ("mt76: fix transmission of encrypted management frames")
      Cc: stable@vger.kernel.org
      Signed-off-by: NFelix Fietkau <nbd@nbd.name>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      173b6557
    • K
      iio: adc: exynos-adc: Use proper number of channels for Exynos4x12 · 0d7f329e
      Krzysztof Kozlowski 提交于
      [ Upstream commit 103cda6a3b8d2c10d5f8cd7abad118e9db8f4776 ]
      
      Exynos4212 and Exynos4412 have only four ADC channels so using
      "samsung,exynos-adc-v1" compatible (for eight channels ADCv1) on them is
      wrong.  Add a new compatible for Exynos4x12.
      Signed-off-by: NKrzysztof Kozlowski <krzk@kernel.org>
      Cc: <Stable@vger.kernel.org>
      Signed-off-by: NJonathan Cameron <Jonathan.Cameron@huawei.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      0d7f329e
    • J
      dt-bindings: iio: adc: exynos-adc: Add S5PV210 variant · 4e516b72
      Jonathan Bakker 提交于
      [ Upstream commit a9b0a2a7c19316588421b94946c8e2e5a84ac14e ]
      
      Add information about new compatible for S5PV210
      Signed-off-by: NJonathan Bakker <xc-racer2@live.ca>
      Signed-off-by: NPaweł Chmiel <pawel.mikolaj.chmiel@gmail.com>
      Signed-off-by: NJonathan Cameron <Jonathan.Cameron@huawei.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      4e516b72
    • J
      iio: adc: exynos-adc: Add S5PV210 variant · 7f588a72
      Jonathan Bakker 提交于
      [ Upstream commit 882bf52fdeab47dbe991cc0e564b0b51c571d0a3 ]
      
      S5PV210's ADC variant is almost the same as v1 except that it has 10
      channels and doesn't require the pmu register
      Signed-off-by: NJonathan Bakker <xc-racer2@live.ca>
      Signed-off-by: NPaweł Chmiel <pawel.mikolaj.chmiel@gmail.com>
      Signed-off-by: NJonathan Cameron <Jonathan.Cameron@huawei.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      7f588a72
    • S
      KVM: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run · cd490d44
      Sean Christopherson 提交于
      [ Upstream commit 61c08aa9606d4e48a8a50639c956448a720174c3 ]
      
      The vCPU-run asm blob does a manual comparison of a VMCS' launched
      status to execute the correct VM-Enter instruction, i.e. VMLAUNCH vs.
      VMRESUME.  The launched flag is a bool, which is a typedef of _Bool.
      C99 does not define an exact size for _Bool, stating only that is must
      be large enough to hold '0' and '1'.  Most, if not all, compilers use
      a single byte for _Bool, including gcc[1].
      
      Originally, 'launched' was of type 'int' and so the asm blob used 'cmpl'
      to check the launch status.  When 'launched' was moved to be stored on a
      per-VMCS basis, struct vcpu_vmx's "temporary" __launched flag was added
      in order to avoid having to pass the current VMCS into the asm blob.
      The new  '__launched' was defined as a 'bool' and not an 'int', but the
      'cmp' instruction was not updated.
      
      This has not caused any known problems, likely due to compilers aligning
      variables to 4-byte or 8-byte boundaries and KVM zeroing out struct
      vcpu_vmx during allocation.  I.e. vCPU-run accesses "junk" data, it just
      happens to always be zero and so doesn't affect the result.
      
      [1] https://gcc.gnu.org/ml/gcc-patches/2000-10/msg01127.html
      
      Fixes: d462b819 ("KVM: VMX: Keep list of loaded VMCSs, instead of vcpus")
      Cc: <stable@vger.kernel.org>
      Reviewed-by: NJim Mattson <jmattson@google.com>
      Reviewed-by: NKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      Signed-off-by: NSean Christopherson <sean.j.christopherson@intel.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      cd490d44
    • T
      bcache: treat stale && dirty keys as bad keys · 687e470e
      Tang Junhui 提交于
      [ Upstream commit 58ac323084ebf44f8470eeb8b82660f9d0ee3689 ]
      
      Stale && dirty keys can be produced in the follow way:
      After writeback in write_dirty_finish(), dirty keys k1 will
      replace by clean keys k2
      ==>ret = bch_btree_insert(dc->disk.c, &keys, NULL, &w->key);
      ==>btree_insert_fn(struct btree_op *b_op, struct btree *b)
      ==>static int bch_btree_insert_node(struct btree *b,
             struct btree_op *op,
             struct keylist *insert_keys,
             atomic_t *journal_ref,
      Then two steps:
      A) update k1 to k2 in btree node memory;
         bch_btree_insert_keys(b, op, insert_keys, replace_key)
      B) Write the bset(contains k2) to cache disk by a 30s delay work
         bch_btree_leaf_dirty(b, journal_ref).
      But before the 30s delay work write the bset to cache device,
      these things happened:
      A) GC works, and reclaim the bucket k2 point to;
      B) Allocator works, and invalidate the bucket k2 point to,
         and increase the gen of the bucket, and place it into free_inc
         fifo;
      C) Until now, the 30s delay work still does not finish work,
         so in the disk, the key still is k1, it is dirty and stale
         (its gen is smaller than the gen of the bucket). and then the
         machine power off suddenly happens;
      D) When the machine power on again, after the btree reconstruction,
         the stale dirty key appear.
      
      In bch_extent_bad(), when expensive_debug_checks is off, it would
      treat the dirty key as good even it is stale keys, and it would
      cause bellow probelms:
      A) In read_dirty() it would cause machine crash:
         BUG_ON(ptr_stale(dc->disk.c, &w->key, 0));
      B) It could be worse when reads hits stale dirty keys, it would
         read old incorrect data.
      
      This patch tolerate the existence of these stale && dirty keys,
      and treat them as bad key in bch_extent_bad().
      
      (Coly Li: fix indent which was modified by sender's email client)
      Signed-off-by: NTang Junhui <tang.junhui.linux@gmail.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: NColy Li <colyli@suse.de>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      687e470e
    • C
      bcache: replace hard coded number with BUCKET_GC_GEN_MAX · d1cec665
      Coly Li 提交于
      [ Upstream commit 149d0efada7777ad5a5242b095692af142f533d8 ]
      
      In extents.c:bch_extent_bad(), number 96 is used as parameter to call
      btree_bug_on(). The purpose is to check whether stale gen value exceeds
      BUCKET_GC_GEN_MAX, so it is better to use macro BUCKET_GC_GEN_MAX to
      make the code more understandable.
      Signed-off-by: NColy Li <colyli@suse.de>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      d1cec665
    • J
      tpm: Fix some name collisions with drivers/char/tpm.h · ee30121f
      Jarkko Sakkinen 提交于
      [ Upstream commit 8ab547a2dcfac6ec184a5e036e1093eb3f7a215c ]
      
      * Rename TPM_BUFSIZE defined in drivers/char/tpm/st33zp24/st33zp24.h to
        ST33ZP24_BUFSIZE.
      * Rename TPM_BUFSIZE defined in drivers/char/tpm/tpm_i2c_infineon.c to
        TPM_I2C_INFINEON_BUFSIZE.
      * Rename TPM_RETRY in tpm_i2c_nuvoton to TPM_I2C_RETRIES.
      * Remove TPM_HEADER_SIZE from tpm_i2c_nuvoton.
      
      Cc: stable@vger.kernel.org
      Fixes: bf38b871 ("tpm/tpm_i2c_stm_st33: Split tpm_i2c_tpm_st33 in 2 layers (core + phy)")
      Fixes: aad628c1 ("char/tpm: Add new driver for Infineon I2C TIS TPM")
      Fixes: 32d33b29 ("TPM: Retry SaveState command in suspend path")
      Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      ee30121f
    • J
      mfd: Kconfig: Fix I2C_DESIGNWARE_PLATFORM dependencies · c207ac66
      Jarkko Nikula 提交于
      [ Upstream commit 09fdc98577120d4f47601c3127efde726a2300c6 ]
      
      INTEL_SOC_PMIC, INTEL_SOC_PMIC_CHTWC and MFD_TPS68470 select the
      I2C_DESIGNWARE_PLATFORM without its dependencies making it possible to see
      warning and build error like below:
      
      WARNING: unmet direct dependencies detected for I2C_DESIGNWARE_PLATFORM
        Depends on [n]: I2C [=y] && HAS_IOMEM [=y] && (ACPI [=y] && COMMON_CLK [=n] || !ACPI [=y])
        Selected by [y]:
        - MFD_TPS68470 [=y] && HAS_IOMEM [=y] && ACPI [=y] && I2C [=y]=y
      
      /usr/bin/ld: drivers/i2c/busses/i2c-designware-platdrv.o: in function `dw_i2c_plat_resume':
      i2c-designware-platdrv.c:(.text+0x62): undefined reference to `i2c_dw_prepare_clk'
      /usr/bin/ld: drivers/i2c/busses/i2c-designware-platdrv.o: in function `dw_i2c_plat_suspend':
      i2c-designware-platdrv.c:(.text+0x9a): undefined reference to `i2c_dw_prepare_clk'
      /usr/bin/ld: drivers/i2c/busses/i2c-designware-platdrv.o: in function `dw_i2c_plat_probe':
      i2c-designware-platdrv.c:(.text+0x41c): undefined reference to `i2c_dw_prepare_clk'
      /usr/bin/ld: i2c-designware-platdrv.c:(.text+0x438): undefined reference to `i2c_dw_read_comp_param'
      /usr/bin/ld: i2c-designware-platdrv.c:(.text+0x545): undefined reference to `i2c_dw_probe'
      /usr/bin/ld: i2c-designware-platdrv.c:(.text+0x727): undefined reference to `i2c_dw_probe_slave'
      
      Fix this by making above options to depend on I2C_DESIGNWARE_PLATFORM
      being built-in. I2C_DESIGNWARE_PLATFORM is a visible symbol with
      dependencies so in general the select should be avoided.
      
      Fixes: acebcff9 ("mfd: intel_soc_pmic: Select designware i2c-bus driver")
      Fixes: de85d79f ("mfd: Add Cherry Trail Whiskey Cove PMIC driver")
      Fixes: 9bbf6a15 ("mfd: Add support for TPS68470 device")
      Cc: Stable <stable@vger.kernel.org> # v4.14+
      Reported-by: NRandy Dunlap <rdunlap@infradead.org>
      Signed-off-by: NJarkko Nikula <jarkko.nikula@linux.intel.com>
      Acked-by: Randy Dunlap <rdunlap@infradead.org> # build-tested
      Signed-off-by: NLee Jones <lee.jones@linaro.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      c207ac66
    • J
      drm/i915/ilk: Fix warning when reading emon_status with no output · 6fd5e50a
      José Roberto de Souza 提交于
      [ Upstream commit cab870b7fdf3c4be747d88de5248b28db7d4055e ]
      
      When there is no output no one will hold a runtime_pm reference
      causing a warning when trying to read emom_status in debugfs.
      
      [22.756480] ------------[ cut here ]------------
      [22.756489] RPM wakelock ref not held during HW access
      [22.756578] WARNING: CPU: 0 PID: 1058 at drivers/gpu/drm/i915/intel_drv.h:2104 gen5_read32+0x16b/0x1a0 [i915]
      [22.756580] Modules linked in: snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic i915 coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_hda_intel snd_hda_codec snd_hwdep snd_hda_core e1000e snd_pcm mei_me prime_numbers mei lpc_ich
      [22.756595] CPU: 0 PID: 1058 Comm: debugfs_test Not tainted 4.20.0-rc1-CI-Trybot_3219+ #1
      [22.756597] Hardware name: Hewlett-Packard HP Compaq 8100 Elite SFF PC/304Ah, BIOS 786H1 v01.13 07/14/2011
      [22.756634] RIP: 0010:gen5_read32+0x16b/0x1a0 [i915]
      [22.756637] Code: a4 ea e0 0f 0b e9 d2 fe ff ff 80 3d a5 71 19 00 00 0f 85 d3 fe ff ff 48 c7 c7 48 d0 2d a0 c6 05 91 71 19 00 01 e8 35 a4 ea e0 <0f> 0b e9 b9 fe ff ff e8 69 c6 f2 e0 85 c0 75 92 48 c7 c2 78 d0 2d
      [22.756639] RSP: 0018:ffffc90000f1fd38 EFLAGS: 00010282
      [22.756642] RAX: 0000000000000000 RBX: ffff8801f7ab0000 RCX: 0000000000000006
      [22.756643] RDX: 0000000000000006 RSI: ffffffff8212886a RDI: ffffffff820d6d57
      [22.756645] RBP: 0000000000011020 R08: 0000000043e3d1a8 R09: 0000000000000000
      [22.756647] R10: ffffc90000f1fd80 R11: 0000000000000000 R12: 0000000000000001
      [22.756649] R13: ffff8801f7ab0068 R14: 0000000000000001 R15: ffff88020d53d188
      [22.756651] FS:  00007f2878849980(0000) GS:ffff880213a00000(0000) knlGS:0000000000000000
      [22.756653] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [22.756655] CR2: 00005638deedf028 CR3: 0000000203292001 CR4: 00000000000206f0
      [22.756657] Call Trace:
      [22.756689]  i915_mch_val+0x1b/0x60 [i915]
      [22.756721]  i915_emon_status+0x45/0xd0 [i915]
      [22.756730]  seq_read+0xdb/0x3c0
      [22.756736]  ? lockdep_hardirqs_off+0x94/0xd0
      [22.756740]  ? __slab_free+0x24e/0x510
      [22.756746]  full_proxy_read+0x52/0x90
      [22.756752]  __vfs_read+0x31/0x170
      [22.756759]  ? do_sys_open+0x13b/0x240
      [22.756763]  ? rcu_read_lock_sched_held+0x6f/0x80
      [22.756766]  vfs_read+0x9e/0x140
      [22.756770]  ksys_read+0x50/0xc0
      [22.756775]  do_syscall_64+0x55/0x190
      [22.756781]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
      [22.756783] RIP: 0033:0x7f28781dc34e
      [22.756786] Code: 00 00 00 00 48 8b 15 71 8c 20 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff c3 0f 1f 40 00 8b 05 ba d0 20 00 85 c0 75 16 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 5a f3 c3 0f 1f 84 00 00 00 00 00 41 54 55 49
      [22.756787] RSP: 002b:00007ffd33fa0d08 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
      [22.756790] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f28781dc34e
      [22.756792] RDX: 0000000000000200 RSI: 00007ffd33fa0d50 RDI: 0000000000000008
      [22.756794] RBP: 00007ffd33fa0f60 R08: 0000000000000000 R09: 0000000000000020
      [22.756796] R10: 0000000000000000 R11: 0000000000000246 R12: 00005638de45c2c0
      [22.756797] R13: 00007ffd33fa14b0 R14: 0000000000000000 R15: 0000000000000000
      [22.756806] irq event stamp: 47950
      [22.756811] hardirqs last  enabled at (47949): [<ffffffff810fba74>] vprintk_emit+0x124/0x320
      [22.756813] hardirqs last disabled at (47950): [<ffffffff810019b0>] trace_hardirqs_off_thunk+0x1a/0x1c
      [22.756816] softirqs last  enabled at (47518): [<ffffffff81c0033a>] __do_softirq+0x33a/0x4b9
      [22.756820] softirqs last disabled at (47479): [<ffffffff8108df29>] irq_exit+0xa9/0xc0
      [22.756858] WARNING: CPU: 0 PID: 1058 at drivers/gpu/drm/i915/intel_drv.h:2104 gen5_read32+0x16b/0x1a0 [i915]
      [22.756860] ---[ end trace bf56fa7d6a3cbf7a ]
      Signed-off-by: NJosé Roberto de Souza <jose.souza@intel.com>
      Reviewed-by: NRodrigo Vivi <rodrigo.vivi@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20181119230101.32460-1-jose.souza@intel.comSigned-off-by: NSasha Levin <sashal@kernel.org>
      6fd5e50a
    • V
      drm/vblank: Allow dynamic per-crtc max_vblank_count · 2b4f5679
      Ville Syrjälä 提交于
      [ Upstream commit ed20151a7699bb2c77eba3610199789a126940c4 ]
      
      On i965gm we need to adjust max_vblank_count dynamically
      depending on whether the TV encoder is used or not. To
      that end add a per-crtc max_vblank_count that takes
      precedence over its device wide counterpart. The driver
      can now call drm_crtc_set_max_vblank_count() to configure
      the per-crtc value before calling drm_vblank_on().
      
      Also looks like there was some discussion about exynos needing
      similar treatment.
      
      v2: Drop the extra max_vblank_count!=0 check for the
          WARN(last!=current), will take care of it in i915 code (Daniel)
          WARN_ON(!inmodeset) (Daniel)
          WARN_ON(dev->max_vblank_count)
          Pimp up the docs (Daniel)
      
      Cc: stable@vger.kernel.org
      Cc: Inki Dae <inki.dae@samsung.com>
      Cc: Daniel Vetter <daniel@ffwll.ch>
      Signed-off-by: NVille Syrjälä <ville.syrjala@linux.intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20181127182004.28885-1-ville.syrjala@linux.intel.comReviewed-by: NDaniel Vetter <daniel.vetter@ffwll.ch>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      2b4f5679
    • G
      crypto: ccree - add missing inline qualifier · 71f71910
      Gilad Ben-Yossef 提交于
      [ Upstream commit f1071c3e2473ae19a7f5d892a187c4cab1a61f2e ]
      
      Commit 1358c13a48c4 ("crypto: ccree - fix resume race condition on init")
      was missing a "inline" qualifier for stub function used when CONFIG_PM
      is not set causing a build warning.
      
      Fixes: 1358c13a48c4 ("crypto: ccree - fix resume race condition on init")
      Cc: stable@kernel.org # v4.20
      Signed-off-by: NGilad Ben-Yossef <gilad@benyossef.com>
      Acked-by: NGeert Uytterhoeven <geert@linux-m68k.org>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      71f71910
    • G
      crypto: ccree - fix resume race condition on init · 72eec6b3
      Gilad Ben-Yossef 提交于
      [ Upstream commit 1358c13a48c43f5e4de0c1835291837a27b9720c ]
      
      We were enabling autosuspend, which is using data set by the
      hash module, prior to the hash module being inited, casuing
      a crash on resume as part of the startup sequence if the race
      was lost.
      
      This was never a real problem because the PM infra was using low
      res timers so we were always winning the race, until commit 8234f6734c5d
      ("PM-runtime: Switch autosuspend over to using hrtimers") changed that :-)
      
      Fix this by seperating the PM setup and enablement and doing the
      latter only at the end of the init sequence.
      Signed-off-by: NGilad Ben-Yossef <gilad@benyossef.com>
      Cc: Vincent Guittot <vincent.guittot@linaro.org>
      Cc: stable@kernel.org # v4.20
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      72eec6b3
    • Y
      IB/uverbs: Fix OOPs upon device disassociation · f0e28655
      Yishai Hadas 提交于
      [ Upstream commit 425784aa5b029eeb80498c73a68f62c3ad1d3b3f ]
      
      The async_file might be freed before the disassociation has been ended,
      causing qp shutdown to use after free on it.
      
      Since uverbs_destroy_ufile_hw is not a fence, it returns if a
      disassociation is ongoing in another thread. It has to be written this way
      to avoid deadlock. However this means that the ufile FD close cannot
      destroy anything that may still be used by an active kref, such as the the
      async_file.
      
      To fix that move the kref_put() to be in ib_uverbs_release_file().
      
       BUG: unable to handle kernel paging request at ffffffffba682787
       PGD bc80e067 P4D bc80e067 PUD bc80f063 PMD 1313df163 PTE 80000000bc682061
       Oops: 0003 [#1] SMP PTI
       CPU: 1 PID: 32410 Comm: bash Tainted: G           OE 4.20.0-rc6+ #3
       Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
       RIP: 0010:__pv_queued_spin_lock_slowpath+0x1b3/0x2a0
       Code: 98 83 e2 60 49 89 df 48 8b 04 c5 80 18 72 ba 48 8d
      		ba 80 32 02 00 ba 00 80 00 00 4c 8d 65 14 41 bd 01 00 00 00 48 01 c7 85
      		d2 <48> 89 2f 48 89 fb 74 14 8b 45 08 85 c0 75 42 84 d2 74 6b f3 90 83
       RSP: 0018:ffffc1bbc064fb58 EFLAGS: 00010006
       RAX: ffffffffba65f4e7 RBX: ffff9f209c656c00 RCX: 0000000000000001
       RDX: 0000000000008000 RSI: 0000000000000000 RDI: ffffffffba682787
       RBP: ffff9f217bb23280 R08: 0000000000000001 R09: 0000000000000000
       R10: ffff9f209d2c7800 R11: ffffffffffffffe8 R12: ffff9f217bb23294
       R13: 0000000000000001 R14: 0000000000000000 R15: ffff9f209c656c00
       FS:  00007fac55aad740(0000) GS:ffff9f217bb00000(0000) knlGS:0000000000000000
       CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
       CR2: ffffffffba682787 CR3: 000000012f8e0000 CR4: 00000000000006e0
       Call Trace:
        _raw_spin_lock_irq+0x27/0x30
        ib_uverbs_release_uevent+0x1e/0xa0 [ib_uverbs]
        uverbs_free_qp+0x7e/0x90 [ib_uverbs]
        destroy_hw_idr_uobject+0x1c/0x50 [ib_uverbs]
        uverbs_destroy_uobject+0x2e/0x180 [ib_uverbs]
        __uverbs_cleanup_ufile+0x73/0x90 [ib_uverbs]
        uverbs_destroy_ufile_hw+0x5d/0x120 [ib_uverbs]
        ib_uverbs_remove_one+0xea/0x240 [ib_uverbs]
        ib_unregister_device+0xfb/0x200 [ib_core]
        mlx5_ib_remove+0x51/0xe0 [mlx5_ib]
        mlx5_remove_device+0xc1/0xd0 [mlx5_core]
        mlx5_unregister_device+0x3d/0xb0 [mlx5_core]
        remove_one+0x2a/0x90 [mlx5_core]
        pci_device_remove+0x3b/0xc0
        device_release_driver_internal+0x16d/0x240
        unbind_store+0xb2/0x100
        kernfs_fop_write+0x102/0x180
        __vfs_write+0x36/0x1a0
        ? __alloc_fd+0xa9/0x170
        ? set_close_on_exec+0x49/0x70
        vfs_write+0xad/0x1a0
        ksys_write+0x52/0xc0
        do_syscall_64+0x5b/0x180
        entry_SYSCALL_64_after_hwframe+0x44/0xa9
       RIP: 0033:0x7fac551aac60
      
      Cc: <stable@vger.kernel.org> # 4.2
      Fixes: 036b1063 ("IB/uverbs: Enable device removal when there are active user space applications")
      Signed-off-by: NYishai Hadas <yishaih@mellanox.com>
      Signed-off-by: NLeon Romanovsky <leonro@mellanox.com>
      Signed-off-by: NJason Gunthorpe <jgg@mellanox.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      f0e28655
    • V
      ARC: mm: do_page_fault fixes #1: relinquish mmap_sem if signal arrives while handle_mm_fault · 8c6fb55a
      Vineet Gupta 提交于
      [ Upstream commit 4d447455e73b47c43dd35fcc38ed823d3182a474 ]
      
      do_page_fault() forgot to relinquish mmap_sem if a signal came while
      handling handle_mm_fault() - due to say a ctl+c or oom etc.
      This would later cause a deadlock by acquiring it twice.
      
      This came to light when running libc testsuite tst-tls3-malloc test but
      is likely also the cause for prior seen LTP failures. Using lockdep
      clearly showed what the issue was.
      
      | # while true; do ./tst-tls3-malloc ; done
      | Didn't expect signal from child: got `Segmentation fault'
      | ^C
      | ============================================
      | WARNING: possible recursive locking detected
      | 4.17.0+ #25 Not tainted
      | --------------------------------------------
      | tst-tls3-malloc/510 is trying to acquire lock:
      | 606c7728 (&mm->mmap_sem){++++}, at: __might_fault+0x28/0x5c
      |
      |but task is already holding lock:
      |606c7728 (&mm->mmap_sem){++++}, at: do_page_fault+0x9c/0x2a0
      |
      | other info that might help us debug this:
      |  Possible unsafe locking scenario:
      |
      |       CPU0
      |       ----
      |  lock(&mm->mmap_sem);
      |  lock(&mm->mmap_sem);
      |
      | *** DEADLOCK ***
      |
      
      ------------------------------------------------------------
      What the change does is not obvious (note to myself)
      
      prior code was
      
      | do_page_fault
      |
      |   down_read()		<-- lock taken
      |   handle_mm_fault	<-- signal pending as this runs
      |   if fatal_signal_pending
      |       if VM_FAULT_ERROR
      |           up_read
      |       if user_mode
      |          return	<-- lock still held, this was the BUG
      
      New code
      
      | do_page_fault
      |
      |   down_read()		<-- lock taken
      |   handle_mm_fault	<-- signal pending as this runs
      |   if fatal_signal_pending
      |       if VM_FAULT_RETRY
      |          return       <-- not same case as above, but still OK since
      |                           core mm already relinq lock for FAULT_RETRY
      |    ...
      |
      |   < Now falls through for bug case above >
      |
      |   up_read()		<-- lock relinquished
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NVineet Gupta <vgupta@synopsys.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      8c6fb55a
    • V
      ARC: show_regs: lockdep: re-enable preemption · 96af7d92
      Vineet Gupta 提交于
      [ Upstream commit f731a8e89f8c78985707c626680f3e24c7a60772 ]
      
      signal handling core calls show_regs() with preemption disabled which
      on ARC takes mmap_sem for mm/vma access, causing lockdep splat.
      
      | [ARCLinux]# ./segv-null-ptr
      | potentially unexpected fatal signal 11.
      | BUG: sleeping function called from invalid context at kernel/fork.c:1011
      | in_atomic(): 1, irqs_disabled(): 0, pid: 70, name: segv-null-ptr
      | no locks held by segv-null-ptr/70.
      | CPU: 0 PID: 70 Comm: segv-null-ptr Not tainted 4.18.0+ #69
      |
      | Stack Trace:
      |  arc_unwind_core+0xcc/0x100
      |  ___might_sleep+0x17a/0x190
      |  mmput+0x16/0xb8
      |  show_regs+0x52/0x310
      |  get_signal+0x5ee/0x610
      |  do_signal+0x2c/0x218
      |  resume_user_mode_begin+0x90/0xd8
      
      Workaround by re-enabling preemption temporarily.
      
      Note that the preemption disabling in core code around show_regs()
      was introduced by commit 3a9f84d3 ("signals, debug: fix BUG: using
      smp_processor_id() in preemptible code in print_fatal_signal()")
      
      to silence a differnt lockdep seen on x86 bakc in 2009.
      
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NVineet Gupta <vgupta@synopsys.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      96af7d92
    • H
      media: vim2m: only cancel work if it is for right context · 424b75b7
      Hans Verkuil 提交于
      [ Upstream commit 240809ef6630a4ce57c273c2d79ffb657cd361eb ]
      
      cancel_delayed_work_sync() was called for any queue, but it should only
      be called for the queue that is associated with the currently running job.
      
      Otherwise, if two filehandles are streaming at the same time, then closing the
      first will cancel the work which might still be running for a job from the
      second filehandle. As a result the second filehandle will never be able to
      finish the job and an attempt to stop streaming on that second filehandle will
      stall.
      
      Fixes: 52117be68b82 ("media: vim2m: use cancel_delayed_work_sync instead of flush_schedule_work")
      Signed-off-by: NHans Verkuil <hverkuil-cisco@xs4all.nl>
      Cc: <stable@vger.kernel.org>      # for v4.20 and up
      Signed-off-by: NMauro Carvalho Chehab <mchehab+samsung@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      424b75b7
    • Q
      btrfs: Use real device structure to verify dev extent · be77686f
      Qu Wenruo 提交于
      [ Upstream commit 1b3922a8bc74231f9a767d1be6d9a061a4d4eeab ]
      
      [BUG]
      Linux v5.0-rc1 will fail fstests/btrfs/163 with the following kernel
      message:
      
        BTRFS error (device dm-6): dev extent devid 1 physical offset 13631488 len 8388608 is beyond device boundary 0
        BTRFS error (device dm-6): failed to verify dev extents against chunks: -117
        BTRFS error (device dm-6): open_ctree failed
      
      [CAUSE]
      Commit cf90d884 ("btrfs: Introduce mount time chunk <-> dev extent
      mapping check") introduced strict check on dev extents.
      
      We use btrfs_find_device() with dev uuid and fs uuid set to NULL, and
      only dependent on @devid to find the real device.
      
      For seed devices, we call clone_fs_devices() in open_seed_devices() to
      allow us search seed devices directly.
      
      However clone_fs_devices() just populates devices with devid and dev
      uuid, without populating other essential members, like disk_total_bytes.
      
      This makes any device returned by btrfs_find_device(fs_info, devid,
      NULL, NULL) is just a dummy, with 0 disk_total_bytes, and any dev
      extents on the seed device will not pass the device boundary check.
      
      [FIX]
      This patch will try to verify the device returned by btrfs_find_device()
      and if it's a dummy then re-search in seed devices.
      
      Fixes: cf90d884 ("btrfs: Introduce mount time chunk <-> dev extent mapping check")
      CC: stable@vger.kernel.org # 4.19+
      Reported-by: NFilipe Manana <fdmanana@suse.com>
      Signed-off-by: NQu Wenruo <wqu@suse.com>
      Signed-off-by: NDavid Sterba <dsterba@suse.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      be77686f
    • Q
      btrfs: volumes: Make sure no dev extent is beyond device boundary · a2790b99
      Qu Wenruo 提交于
      [ Upstream commit 05a37c48604c19b50873fd9663f9140c150469d1 ]
      
      Add extra dev extent end check against device boundary.
      Signed-off-by: NQu Wenruo <wqu@suse.com>
      Reviewed-by: NDavid Sterba <dsterba@suse.com>
      Signed-off-by: NDavid Sterba <dsterba@suse.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      a2790b99
    • R
      powerpc/pkeys: Fix handling of pkey state across fork() · cfbf227e
      Ram Pai 提交于
      [ Upstream commit 2cd4bd192ee94848695c1c052d87913260e10f36 ]
      
      Protection key tracking information is not copied over to the
      mm_struct of the child during fork(). This can cause the child to
      erroneously allocate keys that were already allocated. Any allocated
      execute-only key is lost aswell.
      
      Add code; called by dup_mmap(), to copy the pkey state from parent to
      child explicitly.
      
      This problem was originally found by Dave Hansen on x86, which turns
      out to be a problem on powerpc aswell.
      
      Fixes: cf43d3b2 ("powerpc: Enable pkey subsystem")
      Cc: stable@vger.kernel.org # v4.16+
      Reviewed-by: NThiago Jung Bauermann <bauerman@linux.ibm.com>
      Signed-off-by: NRam Pai <linuxram@us.ibm.com>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      cfbf227e
    • S
      scsi: megaraid_sas: Use 63-bit DMA addressing · 2ad95be1
      Shivasharan S 提交于
      [ Upstream commit 894169db12463cea08d0e2a9e35f42b291340e5a ]
      
      Although MegaRAID controllers support 64-bit DMA addressing, as per
      hardware design, DMA address with all 64-bits set
      (0xFFFFFFFF-FFFFFFFF) results in a firmware fault.
      
      Driver will set 63-bit DMA mask to ensure the above address will not be
      used.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NShivasharan S <shivasharan.srikanteshwara@broadcom.com>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      2ad95be1
    • S
      scsi: megaraid_sas: Add check for reset adapter bit · 3263f786
      Shivasharan S 提交于
      [ Upstream commit de93b40d98ead27ee2f7f7df93fdd4914a6c8d8d ]
      
      For SAS3 and later controllers, FW sets the reset adapter bit indicating
      the driver to perform a controller reset.  Driver needs to check if this
      bit is set before doing a reset.  This reduces the driver probe failure
      time to 180seconds in case there is a faulty controller connected.
      Signed-off-by: NSumit Saxena <sumit.saxena@broadcom.com>
      Signed-off-by: NShivasharan S <shivasharan.srikanteshwara@broadcom.com>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      3263f786
    • S
      scsi: megaraid_sas: Fix combined reply queue mode detection · dc4e3ec9
      Shivasharan S 提交于
      [ Upstream commit e29c322133472628c6de85efb99ccd3b3df5571e ]
      
      For Invader series, if FW supports more than 8 MSI-x vectors, driver needs
      to enable combined reply queue mode. For Ventura series, driver enables
      combined reply queue mode in case of more than 16 MSI-x vectors.
      Signed-off-by: NSumit Saxena <sumit.saxena@broadcom.com>
      Signed-off-by: NShivasharan S <shivasharan.srikanteshwara@broadcom.com>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      dc4e3ec9
    • N
      btrfs: Fix error handling in btrfs_cleanup_ordered_extents · eb124aaa
      Nikolay Borisov 提交于
      [ Upstream commit d1051d6ebf8ef3517a5a3cf82bba8436d190f1c2 ]
      
      Running btrfs/124 in a loop hung up on me sporadically with the
      following call trace:
      
      	btrfs           D    0  5760   5324 0x00000000
      	Call Trace:
      	 ? __schedule+0x243/0x800
      	 schedule+0x33/0x90
      	 btrfs_start_ordered_extent+0x10c/0x1b0 [btrfs]
      	 ? wait_woken+0xa0/0xa0
      	 btrfs_wait_ordered_range+0xbb/0x100 [btrfs]
      	 btrfs_relocate_block_group+0x1ff/0x230 [btrfs]
      	 btrfs_relocate_chunk+0x49/0x100 [btrfs]
      	 btrfs_balance+0xbeb/0x1740 [btrfs]
      	 btrfs_ioctl_balance+0x2ee/0x380 [btrfs]
      	 btrfs_ioctl+0x1691/0x3110 [btrfs]
      	 ? lockdep_hardirqs_on+0xed/0x180
      	 ? __handle_mm_fault+0x8e7/0xfb0
      	 ? _raw_spin_unlock+0x24/0x30
      	 ? __handle_mm_fault+0x8e7/0xfb0
      	 ? do_vfs_ioctl+0xa5/0x6e0
      	 ? btrfs_ioctl_get_supported_features+0x30/0x30 [btrfs]
      	 do_vfs_ioctl+0xa5/0x6e0
      	 ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
      	 ksys_ioctl+0x3a/0x70
      	 __x64_sys_ioctl+0x16/0x20
      	 do_syscall_64+0x60/0x1b0
      	 entry_SYSCALL_64_after_hwframe+0x49/0xbe
      
      This happens because during page writeback it's valid for
      writepage_delalloc to instantiate a delalloc range which doesn't belong
      to the page currently being written back.
      
      The reason this case is valid is due to find_lock_delalloc_range
      returning any available range after the passed delalloc_start and
      ignoring whether the page under writeback is within that range.
      
      In turn ordered extents (OE) are always created for the returned range
      from find_lock_delalloc_range. If, however, a failure occurs while OE
      are being created then the clean up code in btrfs_cleanup_ordered_extents
      will be called.
      
      Unfortunately the code in btrfs_cleanup_ordered_extents doesn't consider
      the case of such 'foreign' range being processed and instead it always
      assumes that the range OE are created for belongs to the page. This
      leads to the first page of such foregin range to not be cleaned up since
      it's deliberately missed and skipped by the current cleaning up code.
      
      Fix this by correctly checking whether the current page belongs to the
      range being instantiated and if so adjsut the range parameters passed
      for cleaning up. If it doesn't, then just clean the whole OE range
      directly.
      
      Fixes: 52427260 ("btrfs: Handle delalloc error correctly to avoid ordered extent hang")
      CC: stable@vger.kernel.org # 4.14+
      Reviewed-by: NJosef Bacik <josef@toxicpanda.com>
      Signed-off-by: NNikolay Borisov <nborisov@suse.com>
      Signed-off-by: NDavid Sterba <dsterba@suse.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      eb124aaa
    • N
      btrfs: Remove extent_io_ops::fill_delalloc · 1669d1d2
      Nikolay Borisov 提交于
      [ Upstream commit 5eaad97af8aeff38debe7d3c69ec3a0d71f8350f ]
      
      This callback is called only from writepage_delalloc which in turn is
      guaranteed to be called from the data page writeout path. In the end
      there is no reason to have the call to this function to be indrected via
      the extent_io_ops structure. This patch removes the callback definition,
      exports the function and calls it directly. No functional changes.
      Reviewed-by: NJosef Bacik <josef@toxicpanda.com>
      Signed-off-by: NNikolay Borisov <nborisov@suse.com>
      Reviewed-by: NDavid Sterba <dsterba@suse.com>
      [ rename to btrfs_run_delalloc_range ]
      Signed-off-by: NDavid Sterba <dsterba@suse.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      1669d1d2
    • F
      Btrfs: fix deadlock with memory reclaim during scrub · 338a528b
      Filipe Manana 提交于
      [ Upstream commit a5fb11429167ee6ddeeacc554efaf5776b36433a ]
      
      When a transaction commit starts, it attempts to pause scrub and it blocks
      until the scrub is paused. So while the transaction is blocked waiting for
      scrub to pause, we can not do memory allocation with GFP_KERNEL from scrub,
      otherwise we risk getting into a deadlock with reclaim.
      
      Checking for scrub pause requests is done early at the beginning of the
      while loop of scrub_stripe() and later in the loop, scrub_extent() and
      scrub_raid56_parity() are called, which in turn call scrub_pages() and
      scrub_pages_for_parity() respectively. These last two functions do memory
      allocations using GFP_KERNEL. Same problem could happen while scrubbing
      the super blocks, since it calls scrub_pages().
      
      We also can not have any of the worker tasks, created by the scrub task,
      doing GFP_KERNEL allocations, because before pausing, the scrub task waits
      for all the worker tasks to complete (also done at scrub_stripe()).
      
      So make sure GFP_NOFS is used for the memory allocations because at any
      time a scrub pause request can happen from another task that started to
      commit a transaction.
      
      Fixes: 58c4e173 ("btrfs: scrub: use GFP_KERNEL on the submission path")
      CC: stable@vger.kernel.org # 4.6+
      Reviewed-by: NNikolay Borisov <nborisov@suse.com>
      Signed-off-by: NFilipe Manana <fdmanana@suse.com>
      Reviewed-by: NDavid Sterba <dsterba@suse.com>
      Signed-off-by: NDavid Sterba <dsterba@suse.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      338a528b
    • O
      Btrfs: clean up scrub is_dev_replace parameter · fac80347
      Omar Sandoval 提交于
      [ Upstream commit 32934280967d00dc2b5c4d3b63b21a9c8638326e ]
      
      struct scrub_ctx has an ->is_dev_replace member, so there's no point in
      passing around is_dev_replace where sctx is available.
      Signed-off-by: NOmar Sandoval <osandov@fb.com>
      Signed-off-by: NDavid Sterba <dsterba@suse.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      fac80347
    • P
      KVM: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch · d3984e80
      Paul Mackerras 提交于
      [ Upstream commit 234ff0b729ad882d20f7996591a964965647addf ]
      
      Testing has revealed an occasional crash which appears to be caused
      by a race between kvmppc_switch_mmu_to_hpt and kvm_unmap_hva_range_hv.
      The symptom is a NULL pointer dereference in __find_linux_pte() called
      from kvm_unmap_radix() with kvm->arch.pgtable == NULL.
      
      Looking at kvmppc_switch_mmu_to_hpt(), it does indeed clear
      kvm->arch.pgtable (via kvmppc_free_radix()) before setting
      kvm->arch.radix to NULL, and there is nothing to prevent
      kvm_unmap_hva_range_hv() or the other MMU callback functions from
      being called concurrently with kvmppc_switch_mmu_to_hpt() or
      kvmppc_switch_mmu_to_radix().
      
      This patch therefore adds calls to spin_lock/unlock on the kvm->mmu_lock
      around the assignments to kvm->arch.radix, and makes sure that the
      partition-scoped radix tree or HPT is only freed after changing
      kvm->arch.radix.
      
      This also takes the kvm->mmu_lock in kvmppc_rmap_reset() to make sure
      that the clearing of each rmap array (one per memslot) doesn't happen
      concurrently with use of the array in the kvm_unmap_hva_range_hv()
      or the other MMU callbacks.
      
      Fixes: 18c3640c ("KVM: PPC: Book3S HV: Add infrastructure for running HPT guests on radix host")
      Cc: stable@vger.kernel.org # v4.15+
      Signed-off-by: NPaul Mackerras <paulus@ozlabs.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      d3984e80
    • C
      drm/i915: Cleanup gt powerstate from gem · d88b01d0
      Chris Wilson 提交于
      [ Upstream commit 30b710840e4b9c9699d3d4b33fb19ad8880d4614 ]
      
      Since the gt powerstate is allocated by i915_gem_init, clean it from
      i915_gem_fini for symmetry and to correct the imbalance on error.
      Signed-off-by: NChris Wilson <chris@chris-wilson.co.uk>
      Reviewed-by: NMika Kuoppala <mika.kuoppala@linux.intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20180812223642.24865-1-chris@chris-wilson.co.ukSigned-off-by: NSasha Levin <sashal@kernel.org>
      d88b01d0
    • C
      drm/i915: Restore sane defaults for KMS on GEM error load · b185bde5
      Chris Wilson 提交于
      [ Upstream commit 7ed43df720c007d60bee6d81da07bcdc7e4a55ae ]
      
      If we fail during GEM initialisation, we scrub the HW state by
      performing a device level GPU resuet. However, we want to leave the
      system in a usable state (with functioning KMS but no GEM) so after
      scrubbing the HW state, we need to restore some sane defaults and
      re-enable the low-level common parts of the GPU (such as the GMCH).
      
      v2: Restore GTT entries.
      Signed-off-by: NChris Wilson <chris@chris-wilson.co.uk>
      Link: https://patchwork.freedesktop.org/patch/msgid/20180726085033.4044-2-chris@chris-wilson.co.ukReviewed-by: NMichał Winiarski <michal.winiarski@intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      b185bde5
    • H
      media: vim2m: use cancel_delayed_work_sync instead of flush_schedule_work · f9994851
      Hans Verkuil 提交于
      [ Upstream commit 52117be68b82ee05c96da0a7beec319906ccf6cc ]
      
      The use of flush_schedule_work() made no sense and caused a syzkaller error.
      Replace with the correct cancel_delayed_work_sync().
      Signed-off-by: NHans Verkuil <hverkuil-cisco@xs4all.nl>
      Reported-by: syzbot+69780d144754b8071f4b@syzkaller.appspotmail.com
      Cc: <stable@vger.kernel.org>      # for v4.20 and up
      Signed-off-by: NMauro Carvalho Chehab <mchehab+samsung@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      f9994851
    • H
      media: vim2m: use workqueue · a7b6f95f
      Hans Verkuil 提交于
      [ Upstream commit 144bd0ee304c7d0690eec285aee93019d3f30fc8 ]
      
      v4l2_ctrl uses mutexes, so we can't setup a ctrl_handler in
      interrupt context. Switch to a workqueue instead and drop the timer.
      Signed-off-by: NHans Verkuil <hans.verkuil@cisco.com>
      Reviewed-by: NMauro Carvalho Chehab <mchehab+samsung@kernel.org>
      Signed-off-by: NMauro Carvalho Chehab <mchehab+samsung@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      a7b6f95f
    • H
      s390/zcrypt: reinit ap queue state machine during device probe · e432a58d
      Harald Freudenberger 提交于
      [ Upstream commit 104f708fd1241b22f808bdf066ab67dc5a051de5 ]
      
      Until the vfio-ap driver came into live there was a well known
      agreement about the way how ap devices are initialized and their
      states when the driver's probe function is called.
      
      However, the vfio device driver when receiving an ap queue device does
      additional resets thereby removing the registration for interrupts for
      the ap device done by the ap bus core code. So when later the vfio
      driver releases the device and one of the default zcrypt drivers takes
      care of the device the interrupt registration needs to get
      renewed. The current code does no renew and result is that requests
      send into such a queue will never see a reply processed - the
      application hangs.
      
      This patch adds a function which resets the aq queue state machine for
      the ap queue device and triggers the walk through the initial states
      (which are reset and registration for interrupts). This function is
      now called before the driver's probe function is invoked.
      
      When the association between driver and device is released, the
      driver's remove function is called. The current implementation calls a
      ap queue function ap_queue_remove(). This invokation has been moved to
      the ap bus function to make the probe / remove pair for ap bus and
      drivers more symmetric.
      
      Fixes: 7e0bdbe5 ("s390/zcrypt: AP bus support for alternate driver(s)")
      Cc: stable@vger.kernel.org # 4.19+
      Signed-off-by: NHarald Freudenberger <freude@linux.ibm.com>
      Reviewd-by: NTony Krowiak <akrowiak@linux.ibm.com>
      Reviewd-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
      Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      e432a58d