1. 22 12月, 2018 12 次提交
    • O
      mm, page_alloc: fix has_unmovable_pages for HugePages · 17e2e7d7
      Oscar Salvador 提交于
      While playing with gigantic hugepages and memory_hotplug, I triggered
      the following #PF when "cat memoryX/removable":
      
        BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
        #PF error: [normal kernel read fault]
        PGD 0 P4D 0
        Oops: 0000 [#1] SMP PTI
        CPU: 1 PID: 1481 Comm: cat Tainted: G            E     4.20.0-rc6-mm1-1-default+ #18
        Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014
        RIP: 0010:has_unmovable_pages+0x154/0x210
        Call Trace:
         is_mem_section_removable+0x7d/0x100
         removable_show+0x90/0xb0
         dev_attr_show+0x1c/0x50
         sysfs_kf_seq_show+0xca/0x1b0
         seq_read+0x133/0x380
         __vfs_read+0x26/0x180
         vfs_read+0x89/0x140
         ksys_read+0x42/0x90
         do_syscall_64+0x5b/0x180
         entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      The reason is we do not pass the Head to page_hstate(), and so, the call
      to compound_order() in page_hstate() returns 0, so we end up checking
      all hstates's size to match PAGE_SIZE.
      
      Obviously, we do not find any hstate matching that size, and we return
      NULL.  Then, we dereference that NULL pointer in
      hugepage_migration_supported() and we got the #PF from above.
      
      Fix that by getting the head page before calling page_hstate().
      
      Also, since gigantic pages span several pageblocks, re-adjust the logic
      for skipping pages.  While are it, we can also get rid of the
      round_up().
      
      [osalvador@suse.de: remove round_up(), adjust skip pages logic per Michal]
        Link: http://lkml.kernel.org/r/20181221062809.31771-1-osalvador@suse.de
      Link: http://lkml.kernel.org/r/20181217225113.17864-1-osalvador@suse.deSigned-off-by: NOscar Salvador <osalvador@suse.de>
      Acked-by: NMichal Hocko <mhocko@suse.com>
      Reviewed-by: NDavid Hildenbrand <david@redhat.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: Pavel Tatashin <pavel.tatashin@microsoft.com>
      Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      17e2e7d7
    • R
      fork,memcg: fix crash in free_thread_stack on memcg charge fail · 5eed6f1d
      Rik van Riel 提交于
      Commit 9b6f7e16 ("mm: rework memcg kernel stack accounting") will
      result in fork failing if allocating a kernel stack for a task in
      dup_task_struct exceeds the kernel memory allowance for that cgroup.
      
      Unfortunately, it also results in a crash.
      
      This is due to the code jumping to free_stack and calling
      free_thread_stack when the memcg kernel stack charge fails, but without
      tsk->stack pointing at the freshly allocated stack.
      
      This in turn results in the vfree_atomic in free_thread_stack oopsing
      with a backtrace like this:
      
      #5 [ffffc900244efc88] die at ffffffff8101f0ab
       #6 [ffffc900244efcb8] do_general_protection at ffffffff8101cb86
       #7 [ffffc900244efce0] general_protection at ffffffff818ff082
          [exception RIP: llist_add_batch+7]
          RIP: ffffffff8150d487  RSP: ffffc900244efd98  RFLAGS: 00010282
          RAX: 0000000000000000  RBX: ffff88085ef55980  RCX: 0000000000000000
          RDX: ffff88085ef55980  RSI: 343834343531203a  RDI: 343834343531203a
          RBP: ffffc900244efd98   R8: 0000000000000001   R9: ffff8808578c3600
          R10: 0000000000000000  R11: 0000000000000001  R12: ffff88029f6c21c0
          R13: 0000000000000286  R14: ffff880147759b00  R15: 0000000000000000
          ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
       #8 [ffffc900244efda0] vfree_atomic at ffffffff811df2c7
       #9 [ffffc900244efdb8] copy_process at ffffffff81086e37
      #10 [ffffc900244efe98] _do_fork at ffffffff810884e0
      #11 [ffffc900244eff10] sys_vfork at ffffffff810887ff
      #12 [ffffc900244eff20] do_syscall_64 at ffffffff81002a43
          RIP: 000000000049b948  RSP: 00007ffcdb307830  RFLAGS: 00000246
          RAX: ffffffffffffffda  RBX: 0000000000896030  RCX: 000000000049b948
          RDX: 0000000000000000  RSI: 00007ffcdb307790  RDI: 00000000005d7421
          RBP: 000000000067370f   R8: 00007ffcdb3077b0   R9: 000000000001ed00
          R10: 0000000000000008  R11: 0000000000000246  R12: 0000000000000040
          R13: 000000000000000f  R14: 0000000000000000  R15: 000000000088d018
          ORIG_RAX: 000000000000003a  CS: 0033  SS: 002b
      
      The simplest fix is to assign tsk->stack right where it is allocated.
      
      Link: http://lkml.kernel.org/r/20181214231726.7ee4843c@imladris.surriel.com
      Fixes: 9b6f7e16 ("mm: rework memcg kernel stack accounting")
      Signed-off-by: NRik van Riel <riel@surriel.com>
      Acked-by: NRoman Gushchin <guro@fb.com>
      Acked-by: NMichal Hocko <mhocko@suse.com>
      Cc: Shakeel Butt <shakeelb@google.com>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      5eed6f1d
    • P
      mm: thp: fix flags for pmd migration when split · 2e83ee1d
      Peter Xu 提交于
      When splitting a huge migrating PMD, we'll transfer all the existing PMD
      bits and apply them again onto the small PTEs.  However we are fetching
      the bits unconditionally via pmd_soft_dirty(), pmd_write() or
      pmd_yound() while actually they don't make sense at all when it's a
      migration entry.  Fix them up.  Since at it, drop the ifdef together as
      not needed.
      
      Note that if my understanding is correct about the problem then if
      without the patch there is chance to lose some of the dirty bits in the
      migrating pmd pages (on x86_64 we're fetching bit 11 which is part of
      swap offset instead of bit 2) and it could potentially corrupt the
      memory of an userspace program which depends on the dirty bit.
      
      Link: http://lkml.kernel.org/r/20181213051510.20306-1-peterx@redhat.comSigned-off-by: NPeter Xu <peterx@redhat.com>
      Reviewed-by: NKonstantin Khlebnikov <khlebnikov@yandex-team.ru>
      Reviewed-by: NWilliam Kucharski <william.kucharski@oracle.com>
      Acked-by: NKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Michal Hocko <mhocko@suse.com>
      Cc: Dave Jiang <dave.jiang@intel.com>
      Cc: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
      Cc: Souptick Joarder <jrdr.linux@gmail.com>
      Cc: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
      Cc: Zi Yan <zi.yan@cs.rutgers.edu>
      Cc: <stable@vger.kernel.org>	[4.14+]
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      2e83ee1d
    • M
      mm, memory_hotplug: initialize struct pages for the full memory section · 2830bf6f
      Mikhail Zaslonko 提交于
      If memory end is not aligned with the sparse memory section boundary,
      the mapping of such a section is only partly initialized.  This may lead
      to VM_BUG_ON due to uninitialized struct page access from
      is_mem_section_removable() or test_pages_in_a_zone() function triggered
      by memory_hotplug sysfs handlers:
      
      Here are the the panic examples:
       CONFIG_DEBUG_VM=y
       CONFIG_DEBUG_VM_PGFLAGS=y
      
       kernel parameter mem=2050M
       --------------------------
       page:000003d082008000 is uninitialized and poisoned
       page dumped because: VM_BUG_ON_PAGE(PagePoisoned(p))
       Call Trace:
       ( test_pages_in_a_zone+0xde/0x160)
         show_valid_zones+0x5c/0x190
         dev_attr_show+0x34/0x70
         sysfs_kf_seq_show+0xc8/0x148
         seq_read+0x204/0x480
         __vfs_read+0x32/0x178
         vfs_read+0x82/0x138
         ksys_read+0x5a/0xb0
         system_call+0xdc/0x2d8
       Last Breaking-Event-Address:
         test_pages_in_a_zone+0xde/0x160
       Kernel panic - not syncing: Fatal exception: panic_on_oops
      
       kernel parameter mem=3075M
       --------------------------
       page:000003d08300c000 is uninitialized and poisoned
       page dumped because: VM_BUG_ON_PAGE(PagePoisoned(p))
       Call Trace:
       ( is_mem_section_removable+0xb4/0x190)
         show_mem_removable+0x9a/0xd8
         dev_attr_show+0x34/0x70
         sysfs_kf_seq_show+0xc8/0x148
         seq_read+0x204/0x480
         __vfs_read+0x32/0x178
         vfs_read+0x82/0x138
         ksys_read+0x5a/0xb0
         system_call+0xdc/0x2d8
       Last Breaking-Event-Address:
         is_mem_section_removable+0xb4/0x190
       Kernel panic - not syncing: Fatal exception: panic_on_oops
      
      Fix the problem by initializing the last memory section of each zone in
      memmap_init_zone() till the very end, even if it goes beyond the zone end.
      
      Michal said:
      
      : This has alwways been problem AFAIU.  It just went unnoticed because we
      : have zeroed memmaps during allocation before f7f99100 ("mm: stop
      : zeroing memory during allocation in vmemmap") and so the above test
      : would simply skip these ranges as belonging to zone 0 or provided a
      : garbage.
      :
      : So I guess we do care for post f7f99100 kernels mostly and
      : therefore Fixes: f7f99100 ("mm: stop zeroing memory during
      : allocation in vmemmap")
      
      Link: http://lkml.kernel.org/r/20181212172712.34019-2-zaslonko@linux.ibm.com
      Fixes: f7f99100 ("mm: stop zeroing memory during allocation in vmemmap")
      Signed-off-by: NMikhail Zaslonko <zaslonko@linux.ibm.com>
      Reviewed-by: NGerald Schaefer <gerald.schaefer@de.ibm.com>
      Suggested-by: NMichal Hocko <mhocko@kernel.org>
      Acked-by: NMichal Hocko <mhocko@suse.com>
      Reported-by: NMikhail Gavrilov <mikhail.v.gavrilov@gmail.com>
      Tested-by: NMikhail Gavrilov <mikhail.v.gavrilov@gmail.com>
      Cc: Dave Hansen <dave.hansen@intel.com>
      Cc: Alexander Duyck <alexander.h.duyck@linux.intel.com>
      Cc: Pasha Tatashin <Pavel.Tatashin@microsoft.com>
      Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
      Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      2830bf6f
    • L
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 5092adb2
      Linus Torvalds 提交于
      Pull kvm fix from Paolo Bonzini:
       "A simple patch for a pretty bad bug: Unbreak AMD nested
        virtualization."
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: x86: nSVM: fix switch to guest mmu
      5092adb2
    • L
      Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · e572fa0e
      Linus Torvalds 提交于
      Pull timer fix from Ingo Molnar:
       "Fix a division by zero crash in the posix-timers code"
      
      * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        posix-timers: Fix division by zero bug
      e572fa0e
    • L
      Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · d5fa080d
      Linus Torvalds 提交于
      Pull futex fix from Ingo Molnar:
       "A single fix for a robust futexes race between sys_exit() and
        sys_futex_lock_pi()"
      
      * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        futex: Cure exit race
      d5fa080d
    • L
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 70ad6368
      Linus Torvalds 提交于
      Pull x86 fixes from Ingo Molnar:
       "The biggest part is a series of reverts for the macro based GCC
        inlining workarounds. It caused regressions in distro build and other
        kernel tooling environments, and the GCC project was very receptive to
        fixing the underlying inliner weaknesses - so as time ran out we
        decided to do a reasonably straightforward revert of the patches. The
        plan is to rely on the 'asm inline' GCC 9 feature, which might be
        backported to GCC 8 and could thus become reasonably widely available
        on modern distros.
      
        Other than those reverts, there's misc fixes from all around the
        place.
      
        I wish our final x86 pull request for v4.20 was smaller..."
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        Revert "kbuild/Makefile: Prepare for using macros in inline assembly code to work around asm() related GCC inlining bugs"
        Revert "x86/objtool: Use asm macros to work around GCC inlining bugs"
        Revert "x86/refcount: Work around GCC inlining bug"
        Revert "x86/alternatives: Macrofy lock prefixes to work around GCC inlining bugs"
        Revert "x86/bug: Macrofy the BUG table section handling, to work around GCC inlining bugs"
        Revert "x86/paravirt: Work around GCC inlining bugs when compiling paravirt ops"
        Revert "x86/extable: Macrofy inline assembly code to work around GCC inlining bugs"
        Revert "x86/cpufeature: Macrofy inline assembly code to work around GCC inlining bugs"
        Revert "x86/jump-labels: Macrofy inline assembly code to work around GCC inlining bugs"
        x86/mtrr: Don't copy uninitialized gentry fields back to userspace
        x86/fsgsbase/64: Fix the base write helper functions
        x86/mm/cpa: Fix cpa_flush_array() TLB invalidation
        x86/vdso: Pass --eh-frame-hdr to the linker
        x86/mm: Fix decoy address handling vs 32-bit builds
        x86/intel_rdt: Ensure a CPU remains online for the region's pseudo-locking sequence
        x86/dump_pagetables: Fix LDT remap address marker
        x86/mm: Fix guard hole handling
      70ad6368
    • L
      Merge tag 'drm-fixes-2018-12-21' of git://anongit.freedesktop.org/drm/drm · 96d6ee7d
      Linus Torvalds 提交于
      Pull final drm fix from Daniel Vetter:
       "Very calm week, so either everything perfect or everyone on holidays
        already. Just one array_index_nospec patch, also for stable"
      
      * tag 'drm-fixes-2018-12-21' of git://anongit.freedesktop.org/drm/drm:
        drm/ioctl: Fix Spectre v1 vulnerabilities
      96d6ee7d
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · 0b517333
      Linus Torvalds 提交于
      Pull input fixes from Dmitry Torokhov:
       "Switching a few devices with Synaptics over to SMbus and disabling
        SMbus on a couple devices with Elan touchpads as they need more
        plumbing on PS/2 side"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
        Input: synaptics - enable SMBus for HP EliteBook 840 G4
        Input: elantech - disable elan-i2c for P52 and P72
        Input: synaptics - enable RMI on ThinkPad T560
        Input: omap-keypad - fix idle configuration to not block SoC idle states
      0b517333
    • L
      Merge tag 'gpio-v4.20-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio · bc380733
      Linus Torvalds 提交于
      Pull GPIO fixes from Linus Walleij:
       "Hopefully last round of GPIO fixes.
      
        The ACPI patch is pretty important for some laptop users, the rest is
        driver-specific for embedded (mostly ARM) systems.
      
        I took out one ACPI patch that wasn't critical enough because I
        couldn't justify sending it at this point, and that is why the commit
        date is today, but the patches have been in linux-next.
      
        Sorry for not sending some of them earlier :(
      
        Notice that we have a co-maintainer for GPIO now, Bartosz Golaszewski,
        and he might jump in and make some pull requests at times when I am
        off.
      
        Summary:
      
         - ACPI IRQ request deferral
      
         - OMAP: revert deferred wakeup quirk
      
         - MAX7301: fix DMA safe memory handling
      
         - MVEBU: selective probe failure on missing clk"
      
      * tag 'gpio-v4.20-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
        gpio: mvebu: only fail on missing clk if pwm is actually to be used
        gpio: max7301: fix driver for use with CONFIG_VMAP_STACK
        gpio: gpio-omap: Revert deferred wakeup quirk handling for regressions
        gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers
      bc380733
    • L
      Merge tag '4.20-rc7-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 · 78361955
      Linus Torvalds 提交于
      Pull smb3 fix from Steve French:
       "An important smb3 fix for an regression to some servers introduced by
        compounding optimization to rmdir.
      
        This fix has been tested by multiple developers (including me) with
        the usual private xfstesting, but also by the new cifs/smb3 "buildbot"
        xfstest VMs (thank you Ronnie and Aurelien for good work on this
        automation). The automated testing has been updated so that it will
        catch problems like this in the future.
      
        Note that Pavel discovered (very recently) some unrelated but
        extremely important bugs in credit handling (smb3 flow control problem
        that can lead to disconnects/reconnects) when compounding, that I
        would have liked to send in ASAP but the complete testing of those two
        fixes may not be done in time and have to wait for 4.21"
      
      * tag '4.20-rc7-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        smb3: Fix rmdir compounding regression to strict servers
      78361955
  2. 21 12月, 2018 8 次提交
  3. 20 12月, 2018 20 次提交
    • L
      Merge tag 'm68k-for-v4.20-tag2' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k · 1d51b4b1
      Linus Torvalds 提交于
      Pull m68k fix from Geert Uytterhoeven:
       "Fix memblock-related crashes"
      
      * tag 'm68k-for-v4.20-tag2' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k:
        m68k: Fix memblock-related crashes
      1d51b4b1
    • L
      Merge tag 'kbuild-fixes-v4.20-2' of... · c0f3ece4
      Linus Torvalds 提交于
      Merge tag 'kbuild-fixes-v4.20-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
      
      Pull Kbuild fix from Masahiro Yamada:
       "Fix false positive warning/error about missing library for objtool"
      
      * tag 'kbuild-fixes-v4.20-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
        kbuild: fix false positive warning/error about missing libelf
      c0f3ece4
    • L
      Merge tag 'char-misc-4.20-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · 122b7e33
      Linus Torvalds 提交于
      Pull char/misc driver fixes from Greg KH:
       "Here are three tiny last-minute driver fixes for 4.20-rc8 that resolve
        some reported issues, and one MAINTAINERS file update.
      
        All of them are related to the hyper-v subsystem, it seems people are
        actually testing and using it now, which is nice to see :)
      
        The fixes are:
         - uio_hv_generic: fix for opening multiple times
         - Remove PCI dependancy on hyperv drivers
         - return proper error code for an unopened channel.
      
        And Sasha has signed up to help out with the hyperv maintainership.
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'char-misc-4.20-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels
        x86, hyperv: remove PCI dependency
        MAINTAINERS: Patch monkey for the Hyper-V code
        uio_hv_generic: set callbacks on open
      122b7e33
    • L
      Merge tag 'tty-4.20-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · bfd7bd5b
      Linus Torvalds 提交于
      Pull tty/serial fix from Greg KH:
       "Here is a single fix, a revert, for the 8250 serial driver to resolve
        a reported problem.
      
        There was some attempted patches to fix the issue, but people are
        arguing about them, so reverting the patch to revert back to the 4.19
        and older behavior is the best thing to do at this late in the release
        cycle.
      
        The revert has been in linux-next with no reported issues"
      
      * tag 'tty-4.20-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        Revert "serial: 8250: Fix clearing FIFOs in RS485 mode again"
      bfd7bd5b
    • L
      Merge tag 'usb-4.20-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 177c459b
      Linus Torvalds 提交于
      Pull USB fixes and ids from Greg KH:
       "Here are some late xhci fixes for 4.20-rc8 as well as a few new device
        ids for the option usb-serial driver.
      
        The xhci fixes resolve some many-reported issues and all of these have
        been in linux-next for a while with no reported problems"
      
      * tag 'usb-4.20-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        USB: xhci: fix 'broken_suspend' placement in struct xchi_hcd
        xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only
        USB: serial: option: add Telit LN940 series
        USB: serial: option: add Fibocom NL668 series
        USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode)
        USB: serial: option: add GosunCn ZTE WeLink ME3630
        USB: serial: option: add HP lt4132
      177c459b
    • L
      Merge tag 'mmc-v4.20-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc · d31aeb78
      Linus Torvalds 提交于
      Pull MMC fixes from Ulf Hansson:
       "MMC core:
         - Restore code to allow BKOPS and CACHE ctrl even if no HPI support
         - Reset HPI enabled state during re-init
         - Use a default minimum timeout when enabling CACHE ctrl
      
        MMC host:
         - omap_hsmmc: Fix DMA API warning
         - sdhci-tegra: Fix dt parsing of SDMMC pads autocal values
         - Correct register accesses when enabling v4 mode"
      
      * tag 'mmc-v4.20-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
        mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl
        mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support
        mmc: core: Reset HPI enabled state during re-init and in case of errors
        mmc: omap_hsmmc: fix DMA API warning
        mmc: tegra: Fix for SDMMC pads autocal parsing from dt
        mmc: sdhci: Fix sdhci_do_enable_v4_mode
      d31aeb78
    • D
      iomap: Revert "fs/iomap.c: get/put the page in iomap_page_create/release()" · a837eca2
      Dave Chinner 提交于
      This reverts commit 61c6de66.
      
      The reverted commit added page reference counting to iomap page
      structures that are used to track block size < page size state. This
      was supposed to align the code with page migration page accounting
      assumptions, but what it has done instead is break XFS filesystems.
      Every fstests run I've done on sub-page block size XFS filesystems
      has since picking up this commit 2 days ago has failed with bad page
      state errors such as:
      
      # ./run_check.sh "-m rmapbt=1,reflink=1 -i sparse=1 -b size=1k" "generic/038"
      ....
      SECTION       -- xfs
      FSTYP         -- xfs (debug)
      PLATFORM      -- Linux/x86_64 test1 4.20.0-rc6-dgc+
      MKFS_OPTIONS  -- -f -m rmapbt=1,reflink=1 -i sparse=1 -b size=1k /dev/sdc
      MOUNT_OPTIONS -- /dev/sdc /mnt/scratch
      
      generic/038 454s ...
       run fstests generic/038 at 2018-12-20 18:43:05
       XFS (sdc): Unmounting Filesystem
       XFS (sdc): Mounting V5 Filesystem
       XFS (sdc): Ending clean mount
       BUG: Bad page state in process kswapd0  pfn:3a7fa
       page:ffffea0000ccbeb0 count:0 mapcount:0 mapping:ffff88800d9b6360 index:0x1
       flags: 0xfffffc0000000()
       raw: 000fffffc0000000 dead000000000100 dead000000000200 ffff88800d9b6360
       raw: 0000000000000001 0000000000000000 00000000ffffffff
       page dumped because: non-NULL mapping
       CPU: 0 PID: 676 Comm: kswapd0 Not tainted 4.20.0-rc6-dgc+ #915
       Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.1-1 04/01/2014
       Call Trace:
        dump_stack+0x67/0x90
        bad_page.cold.116+0x8a/0xbd
        free_pcppages_bulk+0x4bf/0x6a0
        free_unref_page_list+0x10f/0x1f0
        shrink_page_list+0x49d/0xf50
        shrink_inactive_list+0x19d/0x3b0
        shrink_node_memcg.constprop.77+0x398/0x690
        ? shrink_slab.constprop.81+0x278/0x3f0
        shrink_node+0x7a/0x2f0
        kswapd+0x34b/0x6d0
        ? node_reclaim+0x240/0x240
        kthread+0x11f/0x140
        ? __kthread_bind_mask+0x60/0x60
        ret_from_fork+0x24/0x30
       Disabling lock debugging due to kernel taint
      ....
      
      The failures are from anyway that frees pages and empties the
      per-cpu page magazines, so it's not a predictable failure or an easy
      to debug failure.
      
      generic/038 is a reliable reproducer of this problem - it has a 9 in
      10 failure rate on one of my test machines. Failure on other
      machines have been at random points in fstests runs but every run
      has ended up tripping this problem. Hence generic/038 was used to
      bisect the failure because it was the most reliable failure.
      
      It is too close to the 4.20 release (not to mention holidays) to
      try to diagnose, fix and test the underlying cause of the problem,
      so reverting the commit is the only option we have right now. The
      revert has been tested against a current tot 4.20-rc7+ kernel across
      multiple machines running sub-page block size XFs filesystems and
      none of the bad page state failures have been seen.
      Signed-off-by: NDave Chinner <dchinner@redhat.com>
      Cc: Piotr Jaroszynski <pjaroszynski@nvidia.com>
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: William Kucharski <william.kucharski@oracle.com>
      Cc: Darrick J. Wong <darrick.wong@oracle.com>
      Cc: Brian Foster <bfoster@redhat.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      a837eca2
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 519be699
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
      
       1) Off by one in netlink parsing of mac802154_hwsim, from Alexander
          Aring.
      
       2) nf_tables RCU usage fix from Taehee Yoo.
      
       3) Flow dissector needs nhoff and thoff clamping, from Stanislav
          Fomichev.
      
       4) Missing sin6_flowinfo initialization in SCTP, from Xin Long.
      
       5) Spectrev1 in ipmr and ip6mr, from Gustavo A. R. Silva.
      
       6) Fix r8169 crash when DEBUG_SHIRQ is enabled, from Heiner Kallweit.
      
       7) Fix SKB leak in rtlwifi, from Larry Finger.
      
       8) Fix state pruning in bpf verifier, from Jakub Kicinski.
      
       9) Don't handle completely duplicate fragments as overlapping, from
          Michal Kubecek.
      
      10) Fix memory corruption with macb and 64-bit DMA, from Anssi Hannula.
      
      11) Fix TCP fallback socket release in smc, from Myungho Jung.
      
      12) gro_cells_destroy needs to napi_disable, from Lorenzo Bianconi.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (130 commits)
        rds: Fix warning.
        neighbor: NTF_PROXY is a valid ndm_flag for a dump request
        net: mvpp2: fix the phylink mode validation
        net/sched: cls_flower: Remove old entries from rhashtable
        net/tls: allocate tls context using GFP_ATOMIC
        iptunnel: make TUNNEL_FLAGS available in uapi
        gro_cell: add napi_disable in gro_cells_destroy
        lan743x: Remove MAC Reset from initialization
        net/mlx5e: Remove the false indication of software timestamping support
        net/mlx5: Typo fix in del_sw_hw_rule
        net/mlx5e: RX, Fix wrong early return in receive queue poll
        ipv6: explicitly initialize udp6_addr in udp_sock_create6()
        bnxt_en: Fix ethtool self-test loopback.
        net/rds: remove user triggered WARN_ON in rds_sendmsg
        net/rds: fix warn in rds_message_alloc_sgs
        ath10k: skip sending quiet mode cmd for WCN3990
        mac80211: free skb fraglist before freeing the skb
        nl80211: fix memory leak if validate_pae_over_nl80211() fails
        net/smc: fix TCP fallback socket release
        vxge: ensure data0 is initialized in when fetching firmware version information
        ...
      519be699
    • G
      drm/ioctl: Fix Spectre v1 vulnerabilities · 505b5240
      Gustavo A. R. Silva 提交于
      nr is indirectly controlled by user-space, hence leading to a
      potential exploitation of the Spectre variant 1 vulnerability.
      
      This issue was detected with the help of Smatch:
      
      drivers/gpu/drm/drm_ioctl.c:805 drm_ioctl() warn: potential spectre issue 'dev->driver->ioctls' [r]
      drivers/gpu/drm/drm_ioctl.c:810 drm_ioctl() warn: potential spectre issue 'drm_ioctls' [r] (local cap)
      drivers/gpu/drm/drm_ioctl.c:892 drm_ioctl_flags() warn: potential spectre issue 'drm_ioctls' [r] (local cap)
      
      Fix this by sanitizing nr before using it to index dev->driver->ioctls
      and drm_ioctls.
      
      Notice that given that speculation windows are large, the policy is
      to kill the speculation on the first load and not worry if it can be
      completed with a dependent load/store [1].
      
      [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NGustavo A. R. Silva <gustavo@embeddedor.com>
      Signed-off-by: NDaniel Vetter <daniel.vetter@ffwll.ch>
      Link: https://patchwork.freedesktop.org/patch/msgid/20181220000015.GA18973@embeddedor
      505b5240
    • D
      rds: Fix warning. · d84e7bc0
      David S. Miller 提交于
      >> net/rds/send.c:1109:42: warning: Using plain integer as NULL pointer
      
      Fixes: ea010070 ("net/rds: fix warn in rds_message_alloc_sgs")
      Reported-by: Nkbuild test robot <lkp@intel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d84e7bc0
    • L
      Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost · ab63e725
      Linus Torvalds 提交于
      Pull virtio fix from Michael Tsirkin:
       "A last-minute fix for a test build"
      
      * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
        virtio: fix test build after uio.h change
      ab63e725
    • L
      Merge tag 'nfs-for-4.20-6' of git://git.linux-nfs.org/projects/trondmy/linux-nfs · 8c9dff1e
      Linus Torvalds 提交于
      Pull NFS client bugfixes from Trond Myklebust:
      
       - Fix TCP socket disconnection races by ensuring we always call
         xprt_disconnect_done() after releasing the socket.
      
       - Fix a race when clearing both XPRT_CONNECTING and XPRT_LOCKED
      
       - Remove xprt_connect_status() so it does not mask errors that should
         be handled by call_connect_status()
      
      * tag 'nfs-for-4.20-6' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
        SUNRPC: Remove xprt_connect_status()
        SUNRPC: Fix a race with XPRT_CONNECTING
        SUNRPC: Fix disconnection races
      8c9dff1e
    • L
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · fe112793
      Linus Torvalds 提交于
      Pull kvm fixes from Paolo Bonzini:
      
       -  One nasty use-after-free bugfix, from this merge window however
      
       -  A less nasty use-after-free that can only zero some words at the
          beginning of the page, and hence is not really exploitable
      
       -  A NULL pointer dereference
      
       -  A dummy implementation of an AMD chicken bit MSR that Windows uses
          for some unknown reason
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs
        KVM: X86: Fix NULL deref in vcpu_scan_ioapic
        KVM: Fix UAF in nested posted interrupt processing
        KVM: fix unregistering coalesced mmio zone from wrong bus
      fe112793
    • L
      Merge tag 'dma-mapping-4.20-4' of git://git.infradead.org/users/hch/dma-mapping · 2dd516ff
      Linus Torvalds 提交于
      Pull dma-mapping fix from Christoph Hellwig:
       "Fix a regression in dma-direct that didn't take account the magic AMD
        memory encryption mask in the DMA address"
      
      * tag 'dma-mapping-4.20-4' of git://git.infradead.org/users/hch/dma-mapping:
        dma-direct: do not include SME mask in the DMA supported check
      2dd516ff
    • D
      neighbor: NTF_PROXY is a valid ndm_flag for a dump request · c0fde870
      David Ahern 提交于
      When dumping proxy entries the dump request has NTF_PROXY set in
      ndm_flags. strict mode checking needs to be updated to allow this
      flag.
      
      Fixes: 51183d23 ("net/neighbor: Update neigh_dump_info for strict data checking")
      Signed-off-by: NDavid Ahern <dsahern@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c0fde870
    • A
      net: mvpp2: fix the phylink mode validation · 1b451fb2
      Antoine Tenart 提交于
      The mvpp2_phylink_validate() sets all modes that are supported by a
      given PPv2 port. An mistake made the 10000baseT_Full mode being
      advertised in some cases when a port wasn't configured to perform at
      10G. This patch fixes this.
      
      Fixes: d97c9f4a ("net: mvpp2: 1000baseX support")
      Reported-by: NRussell King <linux@armlinux.org.uk>
      Signed-off-by: NAntoine Tenart <antoine.tenart@bootlin.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1b451fb2
    • R
      net/sched: cls_flower: Remove old entries from rhashtable · 599d2570
      Roi Dayan 提交于
      When replacing a rule we add the new rule to the rhashtable
      but only remove the old if not in skip_sw.
      This commit fix this and remove the old rule anyway.
      
      Fixes: 35cc3cef ("net/sched: cls_flower: Reject duplicated rules also under skip_sw")
      Signed-off-by: NRoi Dayan <roid@mellanox.com>
      Reviewed-by: NVlad Buslov <vladbu@mellanox.com>
      Acked-by: NOr Gerlitz <ogerlitz@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      599d2570
    • G
      net/tls: allocate tls context using GFP_ATOMIC · c6ec179a
      Ganesh Goudar 提交于
      create_ctx can be called from atomic context, hence use
      GFP_ATOMIC instead of GFP_KERNEL.
      
      [  395.962599] BUG: sleeping function called from invalid context at mm/slab.h:421
      [  395.979896] in_atomic(): 1, irqs_disabled(): 0, pid: 16254, name: openssl
      [  395.996564] 2 locks held by openssl/16254:
      [  396.010492]  #0: 00000000347acb52 (sk_lock-AF_INET){+.+.}, at: do_tcp_setsockopt.isra.44+0x13b/0x9a0
      [  396.029838]  #1: 000000006c9552b5 (device_spinlock){+...}, at: tls_init+0x1d/0x280
      [  396.047675] CPU: 5 PID: 16254 Comm: openssl Tainted: G           O      4.20.0-rc6+ #25
      [  396.066019] Hardware name: Supermicro X10SRA-F/X10SRA-F, BIOS 2.0c 09/25/2017
      [  396.083537] Call Trace:
      [  396.096265]  dump_stack+0x5e/0x8b
      [  396.109876]  ___might_sleep+0x216/0x250
      [  396.123940]  kmem_cache_alloc_trace+0x1b0/0x240
      [  396.138800]  create_ctx+0x1f/0x60
      [  396.152504]  tls_init+0xbd/0x280
      [  396.166135]  tcp_set_ulp+0x191/0x2d0
      [  396.180035]  ? tcp_set_ulp+0x2c/0x2d0
      [  396.193960]  do_tcp_setsockopt.isra.44+0x148/0x9a0
      [  396.209013]  __sys_setsockopt+0x7c/0xe0
      [  396.223054]  __x64_sys_setsockopt+0x20/0x30
      [  396.237378]  do_syscall_64+0x4a/0x180
      [  396.251200]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
      
      Fixes: df9d4a17 ("net/tls: sleeping function from invalid context")
      Signed-off-by: NGanesh Goudar <ganeshgr@chelsio.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c6ec179a
    • W
      iptunnel: make TUNNEL_FLAGS available in uapi · 1875a9ab
      wenxu 提交于
      ip l add dev tun type gretap external
      ip r a 10.0.0.1 encap ip dst 192.168.152.171 id 1000 dev gretap
      
      For gretap Key example when the command set the id but don't set the
      TUNNEL_KEY flags. There is no key field in the send packet
      
      In the lwtunnel situation, some TUNNEL_FLAGS should can be set by
      userspace
      Signed-off-by: Nwenxu <wenxu@ucloud.cn>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1875a9ab
    • L
      gro_cell: add napi_disable in gro_cells_destroy · 8e1da73a
      Lorenzo Bianconi 提交于
      Add napi_disable routine in gro_cells_destroy since starting from
      commit c42858ea ("gro_cells: remove spinlock protecting receive
      queues") gro_cell_poll and gro_cells_destroy can run concurrently on
      napi_skbs list producing a kernel Oops if the tunnel interface is
      removed while gro_cell_poll is running. The following Oops has been
      triggered removing a vxlan device while the interface is receiving
      traffic
      
      [ 5628.948853] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
      [ 5628.949981] PGD 0 P4D 0
      [ 5628.950308] Oops: 0002 [#1] SMP PTI
      [ 5628.950748] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 4.20.0-rc6+ #41
      [ 5628.952940] RIP: 0010:gro_cell_poll+0x49/0x80
      [ 5628.955615] RSP: 0018:ffffc9000004fdd8 EFLAGS: 00010202
      [ 5628.956250] RAX: 0000000000000000 RBX: ffffe8ffffc08150 RCX: 0000000000000000
      [ 5628.957102] RDX: 0000000000000000 RSI: ffff88802356bf00 RDI: ffffe8ffffc08150
      [ 5628.957940] RBP: 0000000000000026 R08: 0000000000000000 R09: 0000000000000000
      [ 5628.958803] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000040
      [ 5628.959661] R13: ffffe8ffffc08100 R14: 0000000000000000 R15: 0000000000000040
      [ 5628.960682] FS:  0000000000000000(0000) GS:ffff88803ea00000(0000) knlGS:0000000000000000
      [ 5628.961616] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [ 5628.962359] CR2: 0000000000000008 CR3: 000000000221c000 CR4: 00000000000006b0
      [ 5628.963188] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      [ 5628.964034] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      [ 5628.964871] Call Trace:
      [ 5628.965179]  net_rx_action+0xf0/0x380
      [ 5628.965637]  __do_softirq+0xc7/0x431
      [ 5628.966510]  run_ksoftirqd+0x24/0x30
      [ 5628.966957]  smpboot_thread_fn+0xc5/0x160
      [ 5628.967436]  kthread+0x113/0x130
      [ 5628.968283]  ret_from_fork+0x3a/0x50
      [ 5628.968721] Modules linked in:
      [ 5628.969099] CR2: 0000000000000008
      [ 5628.969510] ---[ end trace 9d9dedc7181661fe ]---
      [ 5628.970073] RIP: 0010:gro_cell_poll+0x49/0x80
      [ 5628.972965] RSP: 0018:ffffc9000004fdd8 EFLAGS: 00010202
      [ 5628.973611] RAX: 0000000000000000 RBX: ffffe8ffffc08150 RCX: 0000000000000000
      [ 5628.974504] RDX: 0000000000000000 RSI: ffff88802356bf00 RDI: ffffe8ffffc08150
      [ 5628.975462] RBP: 0000000000000026 R08: 0000000000000000 R09: 0000000000000000
      [ 5628.976413] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000040
      [ 5628.977375] R13: ffffe8ffffc08100 R14: 0000000000000000 R15: 0000000000000040
      [ 5628.978296] FS:  0000000000000000(0000) GS:ffff88803ea00000(0000) knlGS:0000000000000000
      [ 5628.979327] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [ 5628.980044] CR2: 0000000000000008 CR3: 000000000221c000 CR4: 00000000000006b0
      [ 5628.980929] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      [ 5628.981736] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      [ 5628.982409] Kernel panic - not syncing: Fatal exception in interrupt
      [ 5628.983307] Kernel Offset: disabled
      
      Fixes: c42858ea ("gro_cells: remove spinlock protecting receive queues")
      Signed-off-by: NLorenzo Bianconi <lorenzo.bianconi@redhat.com>
      Acked-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8e1da73a