openwrt/staging/blogic.git
5 years agoblock, bfq: deschedule empty bfq_queues not referred by any process
Paolo Valente [Thu, 14 Nov 2019 09:33:11 +0000 (10:33 +0100)]
block, bfq: deschedule empty bfq_queues not referred by any process

Since commit 3726112ec731 ("block, bfq: re-schedule empty queues if
they deserve I/O plugging"), to prevent the service guarantees of a
bfq_queue from being violated, the bfq_queue may be left busy, i.e.,
scheduled for service, even if empty (see comments in
__bfq_bfqq_expire() for details). But, if no process will send
requests to the bfq_queue any longer, then there is no point in
keeping the bfq_queue scheduled for service.

In addition, keeping the bfq_queue scheduled for service, but with no
process reference any longer, may cause the bfq_queue to be freed when
descheduled from service. But this is assumed to never happen, and
causes a UAF if it happens. This, in turn, caused crashes [1, 2].

This commit fixes this issue by descheduling an empty bfq_queue when
it remains with not process reference.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1767539
[2] https://bugzilla.kernel.org/show_bug.cgi?id=205447

Fixes: 3726112ec731 ("block, bfq: re-schedule empty queues if they deserve I/O plugging")
Reported-by: Chris Evich <cevich@redhat.com>
Reported-by: Patrick Dung <patdung100@gmail.com>
Reported-by: Thorsten Schubert <tschubert@bafh.org>
Tested-by: Thorsten Schubert <tschubert@bafh.org>
Tested-by: Oleksandr Natalenko <oleksandr@natalenko.name>
Signed-off-by: Paolo Valente <paolo.valente@linaro.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agoio_uring: ensure registered buffer import returns the IO length
Jens Axboe [Wed, 13 Nov 2019 23:12:46 +0000 (16:12 -0700)]
io_uring: ensure registered buffer import returns the IO length

A test case was reported where two linked reads with registered buffers
failed the second link always. This is because we set the expected value
of a request in req->result, and if we don't get this result, then we
fail the dependent links. For some reason the registered buffer import
returned -ERROR/0, while the normal import returns -ERROR/length. This
broke linked commands with registered buffers.

Fix this by making io_import_fixed() correctly return the mapped length.

Cc: stable@vger.kernel.org # v5.3
Reported-by: 李通洲 <carter.li@eoitek.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agoio_uring: Fix getting file for timeout
Pavel Begunkov [Wed, 13 Nov 2019 21:59:19 +0000 (00:59 +0300)]
io_uring: Fix getting file for timeout

For timeout requests io_uring tries to grab a file with specified fd,
which is usually stdin/fd=0.
Update io_op_needs_file()

Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agoblock: check bi_size overflow before merge
Junichi Nomura [Tue, 12 Nov 2019 07:19:58 +0000 (07:19 +0000)]
block: check bi_size overflow before merge

__bio_try_merge_page() may merge a page to bio without bio_full() check
and cause bi_size overflow.

The overflow typically ends up with sd_init_command() warning on zero
segment request with call trace like this:

    ------------[ cut here ]------------
    WARNING: CPU: 2 PID: 1986 at drivers/scsi/scsi_lib.c:1025 scsi_init_io+0x156/0x180
    CPU: 2 PID: 1986 Comm: kworker/2:1H Kdump: loaded Not tainted 5.4.0-rc7 #1
    Workqueue: kblockd blk_mq_run_work_fn
    RIP: 0010:scsi_init_io+0x156/0x180
    RSP: 0018:ffffa11487663bf0 EFLAGS: 00010246
    RAX: 00000000002be0a0 RBX: ffff8e6e9ff30118 RCX: 0000000000000000
    RDX: 00000000ffffffe1 RSI: 0000000000000000 RDI: ffff8e6e9ff30118
    RBP: ffffa11487663c18 R08: ffffa11487663d28 R09: ffff8e6e9ff30150
    R10: 0000000000000001 R11: 0000000000000000 R12: ffff8e6e9ff30000
    R13: 0000000000000001 R14: ffff8e74a1cf1800 R15: ffff8e6e9ff30000
    FS:  0000000000000000(0000) GS:ffff8e6ea7680000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 00007fff18cf0fe8 CR3: 0000000659f0a001 CR4: 00000000001606e0
    Call Trace:
     sd_init_command+0x326/0xb40 [sd_mod]
     scsi_queue_rq+0x502/0xaa0
     ? blk_mq_get_driver_tag+0xe7/0x120
     blk_mq_dispatch_rq_list+0x256/0x5a0
     ? elv_rb_del+0x24/0x30
     ? deadline_remove_request+0x7b/0xc0
     blk_mq_do_dispatch_sched+0xa3/0x140
     blk_mq_sched_dispatch_requests+0xfb/0x170
     __blk_mq_run_hw_queue+0x81/0x130
     blk_mq_run_work_fn+0x1b/0x20
     process_one_work+0x179/0x390
     worker_thread+0x4f/0x3e0
     kthread+0x105/0x140
     ? max_active_store+0x80/0x80
     ? kthread_bind+0x20/0x20
     ret_from_fork+0x35/0x40
    ---[ end trace f9036abf5af4a4d3 ]---
    blk_update_request: I/O error, dev sdd, sector 2875552 op 0x1:(WRITE) flags 0x0 phys_seg 0 prio class 0
    XFS (sdd1): writeback error on sector 2875552

__bio_try_merge_page() should check the overflow before actually doing
merge.

Fixes: 07173c3ec276c ("block: enable multipage bvecs")
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Jun'ichi Nomura <j-nomura@ce.jp.nec.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agoio_uring: make timeout sequence == 0 mean no sequence
Jens Axboe [Tue, 12 Nov 2019 06:34:31 +0000 (23:34 -0700)]
io_uring: make timeout sequence == 0 mean no sequence

Currently we make sequence == 0 be the same as sequence == 1, but that's
not super useful if the intent is really to have a timeout that's just
a pure timeout.

If the user passes in sqe->off == 0, then don't apply any sequence logic
to the request, let it purely be driven by the timeout specified.

Reported-by: 李通洲 <carter.li@eoitek.com>
Reviewed-by: 李通洲 <carter.li@eoitek.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agocgroup,writeback: don't switch wbs immediately on dead wbs if the memcg is dead
Tejun Heo [Fri, 8 Nov 2019 20:18:29 +0000 (12:18 -0800)]
cgroup,writeback: don't switch wbs immediately on dead wbs if the memcg is dead

cgroup writeback tries to refresh the associated wb immediately if the
current wb is dead.  This is to avoid keeping issuing IOs on the stale
wb after memcg - blkcg association has changed (ie. when blkcg got
disabled / enabled higher up in the hierarchy).

Unfortunately, the logic gets triggered spuriously on inodes which are
associated with dead cgroups.  When the logic is triggered on dead
cgroups, the attempt fails only after doing quite a bit of work
allocating and initializing a new wb.

While c3aab9a0bd91 ("mm/filemap.c: don't initiate writeback if mapping
has no dirty pages") alleviated the issue significantly as it now only
triggers when the inode has dirty pages.  However, the condition can
still be triggered before the inode is switched to a different cgroup
and the logic simply doesn't make sense.

Skip the immediate switching if the associated memcg is dying.

This is a simplified version of the following two patches:

 * https://lore.kernel.org/linux-mm/20190513183053.GA73423@dennisz-mbp/
 * http://lkml.kernel.org/r/156355839560.2063.5265687291430814589.stgit@buzz

Cc: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Fixes: e8a7abf5a5bd ("writeback: disassociate inodes from dying bdi_writebacks")
Acked-by: Dennis Zhou <dennis@kernel.org>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agoblock: drbd: remove a stray unlock in __drbd_send_protocol()
Dan Carpenter [Thu, 7 Nov 2019 07:48:47 +0000 (10:48 +0300)]
block: drbd: remove a stray unlock in __drbd_send_protocol()

There are two callers of this function and they both unlock the mutex so
this ends up being a double unlock.

Fixes: 44ed167da748 ("drbd: rcu_read_lock() and rcu_dereference() for tconn->net_conf")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agoblkcg: make blkcg_print_stat() print stats only for online blkgs
Tejun Heo [Tue, 5 Nov 2019 16:09:51 +0000 (08:09 -0800)]
blkcg: make blkcg_print_stat() print stats only for online blkgs

blkcg_print_stat() iterates blkgs under RCU and doesn't test whether
the blkg is online.  This can call into pd_stat_fn() on a pd which is
still being initialized leading to an oops.

The heaviest operation - recursively summing up rwstat counters - is
already done while holding the queue_lock.  Expand queue_lock to cover
the other operations and skip the blkg if it isn't online yet.  The
online state is protected by both blkcg and queue locks, so this
guarantees that only online blkgs are processed.

Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Roman Gushchin <guro@fb.com>
Cc: Josef Bacik <jbacik@fb.com>
Fixes: 903d23f0a354 ("blk-cgroup: allow controllers to output their own stats")
Cc: stable@vger.kernel.org # v4.19+
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agoMerge branch 'nvme-5.4-rc7' of git://git.infradead.org/nvme into for-linus
Jens Axboe [Tue, 5 Nov 2019 22:34:10 +0000 (15:34 -0700)]
Merge branch 'nvme-5.4-rc7' of git://git.infradead.org/nvme into for-linus

Pull NVMe fixes from Keith:

"We have a few late nvme fixes for a couple device removal kernel
 crashes, and a compat fix for a new ioctl introduced during this merge
 window."

* 'nvme-5.4-rc7' of git://git.infradead.org/nvme:
  nvme: change nvme_passthru_cmd64 to explicitly mark rsvd
  nvme-multipath: fix crash in nvme_mpath_clear_ctrl_paths
  nvme-rdma: fix a segmentation fault during module unload

5 years agonvme: change nvme_passthru_cmd64 to explicitly mark rsvd
Charles Machalow [Tue, 5 Nov 2019 06:15:10 +0000 (22:15 -0800)]
nvme: change nvme_passthru_cmd64 to explicitly mark rsvd

Changing nvme_passthru_cmd64 to add a field: rsvd2. This field is an explicit
marker for the padding space added on certain platforms as a result of the
enlargement of the result field from 32 bit to 64 bits in size, and
fixes differences in struct size when using compat ioctl for 32-bit
binaries on 64-bit architecture.

Fixes: 65e68edce0db ("nvme: allow 64-bit results in passthru commands")
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Charles Machalow <csm10495@gmail.com>
[changelog]
Signed-off-by: Keith Busch <kbusch@kernel.org>
5 years agonvme-multipath: fix crash in nvme_mpath_clear_ctrl_paths
Anton Eidelman [Sat, 2 Nov 2019 00:27:55 +0000 (17:27 -0700)]
nvme-multipath: fix crash in nvme_mpath_clear_ctrl_paths

nvme_mpath_clear_ctrl_paths() iterates through
the ctrl->namespaces list while holding ctrl->scan_lock.
This does not seem to be the correct way of protecting
from concurrent list modification.

Specifically, nvme_scan_work() sorts ctrl->namespaces
AFTER unlocking scan_lock.

This may result in the following (rare) crash in ctrl disconnect
during scan_work:

    BUG: kernel NULL pointer dereference, address: 0000000000000050
    Oops: 0000 [#1] SMP PTI
    CPU: 0 PID: 3995 Comm: nvme 5.3.5-050305-generic
    RIP: 0010:nvme_mpath_clear_current_path+0xe/0x90 [nvme_core]
    ...
    Call Trace:
     nvme_mpath_clear_ctrl_paths+0x3c/0x70 [nvme_core]
     nvme_remove_namespaces+0x35/0xe0 [nvme_core]
     nvme_do_delete_ctrl+0x47/0x90 [nvme_core]
     nvme_sysfs_delete+0x49/0x60 [nvme_core]
     dev_attr_store+0x17/0x30
     sysfs_kf_write+0x3e/0x50
     kernfs_fop_write+0x11e/0x1a0
     __vfs_write+0x1b/0x40
     vfs_write+0xb9/0x1a0
     ksys_write+0x67/0xe0
     __x64_sys_write+0x1a/0x20
     do_syscall_64+0x5a/0x130
     entry_SYSCALL_64_after_hwframe+0x44/0xa9
    RIP: 0033:0x7f8d02bfb154

Fix:
After taking scan_lock in nvme_mpath_clear_ctrl_paths()
down_read(&ctrl->namespaces_rwsem) as well to make list traversal safe.
This will not cause deadlocks because taking scan_lock never happens
while holding the namespaces_rwsem.
Moreover, scan work downs namespaces_rwsem in the same order.

Alternative: sort ctrl->namespaces in nvme_scan_work()
while still holding the scan_lock.
This would leave nvme_mpath_clear_ctrl_paths() without correct protection
against ctrl->namespaces modification by anyone other than scan_work.

Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Anton Eidelman <anton@lightbitslabs.com>
Signed-off-by: Keith Busch <kbusch@kernel.org>
5 years agonvme-rdma: fix a segmentation fault during module unload
Max Gurtovoy [Tue, 29 Oct 2019 14:42:27 +0000 (16:42 +0200)]
nvme-rdma: fix a segmentation fault during module unload

In case there are controllers that are not associated with any RDMA
device (e.g. during unsuccessful reconnection) and the user will unload
the module, these controllers will not be freed and will access already
freed memory. The same logic appears in other fabric drivers as well.

Fixes: 87fd125344d6 ("nvme-rdma: remove redundant reference between ib_device and tagset")
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Max Gurtovoy <maxg@mellanox.com>
Signed-off-by: Keith Busch <kbusch@kernel.org>
5 years agoiocost: don't nest spin_lock_irq in ioc_weight_write()
Dan Carpenter [Thu, 31 Oct 2019 10:53:41 +0000 (13:53 +0300)]
iocost: don't nest spin_lock_irq in ioc_weight_write()

This code causes a static analysis warning:

    block/blk-iocost.c:2113 ioc_weight_write() error: double lock 'irq'

We disable IRQs in blkg_conf_prep() and re-enable them in
blkg_conf_finish().  IRQ disable/enable should not be nested because
that means the IRQs will be enabled at the first unlock instead of the
second one.

Fixes: 7caa47151ab2 ("blkcg: implement blk-iocost")
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agoio_uring: ensure we clear io_kiocb->result before each issue
Jens Axboe [Wed, 30 Oct 2019 19:53:09 +0000 (13:53 -0600)]
io_uring: ensure we clear io_kiocb->result before each issue

We use io_kiocb->result == -EAGAIN as a way to know if we need to
re-submit a polled request, as -EAGAIN reporting happens out-of-line
for IO submission failures. This field is cleared when we originally
allocate the request, but it isn't reset when we retry the submission
from async context. This can cause issues where we think something
needs a re-issue, but we're really just reading stale data.

Reset ->result whenever we re-prep a request for polled submission.

Cc: stable@vger.kernel.org
Fixes: 9e645e1105ca ("io_uring: add support for sqe links")
Reported-by: Bijan Mottahedeh <bijan.mottahedeh@oracle.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agoum-ubd: Entrust re-queue to the upper layers
Anton Ivanov [Tue, 29 Oct 2019 09:13:34 +0000 (09:13 +0000)]
um-ubd: Entrust re-queue to the upper layers

Fixes crashes due to ubd requeue logic conflicting with the block-mq
logic. Crash is reproducible in 5.0 - 5.3.

Fixes: 53766defb8c8 ("um: Clean-up command processing in UML UBD driver")
Cc: stable@vger.kernel.org # v5.0+
Signed-off-by: Anton Ivanov <anton.ivanov@cambridgegreys.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agonvme-multipath: remove unused groups_only mode in ana log
Anton Eidelman [Fri, 18 Oct 2019 18:32:51 +0000 (11:32 -0700)]
nvme-multipath: remove unused groups_only mode in ana log

groups_only mode in nvme_read_ana_log() is no longer used: remove it.

Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Anton Eidelman <anton@lightbitslabs.com>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agonvme-multipath: fix possible io hang after ctrl reconnect
Anton Eidelman [Fri, 18 Oct 2019 18:32:50 +0000 (11:32 -0700)]
nvme-multipath: fix possible io hang after ctrl reconnect

The following scenario results in an IO hang:
1) ctrl completes a request with NVME_SC_ANA_TRANSITION.
   NVME_NS_ANA_PENDING bit in ns->flags is set and ana_work is triggered.
2) ana_work: nvme_read_ana_log() tries to get the ANA log page from the ctrl.
   This fails because ctrl disconnects.
   Therefore nvme_update_ns_ana_state() is not called
   and NVME_NS_ANA_PENDING bit in ns->flags is not cleared.
3) ctrl reconnects: nvme_mpath_init(ctrl,...) calls
   nvme_read_ana_log(ctrl, groups_only=true).
   However, nvme_update_ana_state() does not update namespaces
   because nr_nsids = 0 (due to groups_only mode).
4) scan_work calls nvme_validate_ns() finds the ns and re-validates OK.

Result:
The ctrl is now live but NVME_NS_ANA_PENDING bit in ns->flags is still set.
Consequently ctrl will never be considered a viable path by __nvme_find_path().
IO will hang if ctrl is the only or the last path to the namespace.

More generally, while ctrl is reconnecting, its ANA state may change.
And because nvme_mpath_init() requests ANA log in groups_only mode,
these changes are not propagated to the existing ctrl namespaces.
This may result in a mal-function or an IO hang.

Solution:
nvme_mpath_init() will nvme_read_ana_log() with groups_only set to false.
This will not harm the new ctrl case (no namespaces present),
and will make sure the ANA state of namespaces gets updated after reconnect.

Note: Another option would be for nvme_mpath_init() to invoke
nvme_parse_ana_log(..., nvme_set_ns_ana_state) for each existing namespace.

Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Anton Eidelman <anton@lightbitslabs.com>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agoio_uring: don't touch ctx in setup after ring fd install
Jens Axboe [Mon, 28 Oct 2019 15:15:33 +0000 (09:15 -0600)]
io_uring: don't touch ctx in setup after ring fd install

syzkaller reported an issue where it looks like a malicious app can
trigger a use-after-free of reading the ctx ->sq_array and ->rings
value right after having installed the ring fd in the process file
table.

Defer ring fd installation until after we're done reading those
values.

Fixes: 75b28affdd6a ("io_uring: allocate the two rings together")
Reported-by: syzbot+6f03d895a6cd0d06187f@syzkaller.appspotmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agoio_uring: Fix leaked shadow_req
Pavel Begunkov [Sun, 27 Oct 2019 19:10:36 +0000 (22:10 +0300)]
io_uring: Fix leaked shadow_req

io_queue_link_head() owns shadow_req after taking it as an argument.
By not freeing it in case of an error, it can leak the request along
with taken ctx->refs.

Reviewed-by: Jackie Liu <liuyun01@kylinos.cn>
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agoLinux 5.4-rc5
Linus Torvalds [Sun, 27 Oct 2019 17:19:19 +0000 (13:19 -0400)]
Linux 5.4-rc5

5 years agoMerge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Sun, 27 Oct 2019 11:14:40 +0000 (07:14 -0400)]
Merge branch 'x86-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull x86 fixes from Thomas Gleixner:
 "Two fixes for the VMWare guest support:

   - Unbreak VMWare platform detection which got wreckaged by converting
     an integer constant to a string constant.

   - Fix the clang build of the VMWAre hypercall by explicitely
     specifying the ouput register for INL instead of using the short
     form"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/cpu/vmware: Fix platform detection VMWARE_PORT macro
  x86/cpu/vmware: Use the full form of INL in VMWARE_HYPERCALL, for clang/llvm

5 years agoMerge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Sun, 27 Oct 2019 11:04:22 +0000 (07:04 -0400)]
Merge branch 'timers-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull timer fixes from Thomas Gleixner:
 "A small set of fixes for time(keeping):

   - Add a missing include to prevent compiler warnings.

   - Make the VDSO implementation of clock_getres() POSIX compliant
     again. A recent change dropped the NULL pointer guard which is
     required as NULL is a valid pointer value for this function.

   - Fix two function documentation typos"

* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  posix-cpu-timers: Fix two trivial comments
  timers/sched_clock: Include local timekeeping.h for missing declarations
  lib/vdso: Make clock_getres() POSIX compliant again

5 years agoMerge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Sun, 27 Oct 2019 10:59:34 +0000 (06:59 -0400)]
Merge branch 'perf-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull perf fixes from Thomas Gleixner:
 "A set of perf fixes:

  kernel:

   - Unbreak the tracking of auxiliary buffer allocations which got
     imbalanced causing recource limit failures.

   - Fix the fallout of splitting of ToPA entries which missed to shift
     the base entry PA correctly.

   - Use the correct context to lookup the AUX event when unmapping the
     associated AUX buffer so the event can be stopped and the buffer
     reference dropped.

  tools:

   - Fix buildiid-cache mode setting in copyfile_mode_ns() when copying
     /proc/kcore

   - Fix freeing id arrays in the event list so the correct event is
     closed.

   - Sync sched.h anc kvm.h headers with the kernel sources.

   - Link jvmti against tools/lib/ctype.o to have weak strlcpy().

   - Fix multiple memory and file descriptor leaks, found by coverity in
     perf annotate.

   - Fix leaks in error handling paths in 'perf c2c', 'perf kmem', found
     by a static analysis tool"

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf/aux: Fix AUX output stopping
  perf/aux: Fix tracking of auxiliary trace buffer allocation
  perf/x86/intel/pt: Fix base for single entry topa
  perf kmem: Fix memory leak in compact_gfp_flags()
  tools headers UAPI: Sync sched.h with the kernel
  tools headers kvm: Sync kvm.h headers with the kernel sources
  tools headers kvm: Sync kvm headers with the kernel sources
  tools headers kvm: Sync kvm headers with the kernel sources
  perf c2c: Fix memory leak in build_cl_output()
  perf tools: Fix mode setting in copyfile_mode_ns()
  perf annotate: Fix multiple memory and file descriptor leaks
  perf tools: Fix resource leak of closedir() on the error paths
  perf evlist: Fix fix for freed id arrays
  perf jvmti: Link against tools/lib/ctype.h to have weak strlcpy()

5 years agoMerge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Sun, 27 Oct 2019 10:55:55 +0000 (06:55 -0400)]
Merge branch 'irq-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull irq fixes from Thomas Gleixner:
 "Two fixes for interrupt controller drivers:

   - Skip IRQ_M_EXT entries in the device tree when initializing the
     RISCV PLIC controller to avoid a double init attempt.

   - Use the correct ITS list when issuing the VMOVP synchronization
     command so the operation works only on the ITS instances which are
     associated to a VM"

* 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  irqchip/sifive-plic: Skip contexts except supervisor in plic_init()
  irqchip/gic-v3-its: Use the exact ITSList for VMOVP

5 years agoMerge tag '5.4-rc5-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6
Linus Torvalds [Sun, 27 Oct 2019 10:41:52 +0000 (06:41 -0400)]
Merge tag '5.4-rc5-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6

Pull cifs fixes from Steve French:
 "Seven cifs/smb3 fixes, including three for stable"

* tag '5.4-rc5-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
  cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs
  CIFS: Fix use after free of file info structures
  CIFS: Fix retry mid list corruption on reconnects
  cifs: Fix missed free operations
  CIFS: avoid using MID 0xFFFF
  cifs: clarify comment about timestamp granularity for old servers
  cifs: Handle -EINPROGRESS only when noblockcnt is set

5 years agoMerge tag 'riscv/for-v5.4-rc5-b' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Sun, 27 Oct 2019 10:36:57 +0000 (06:36 -0400)]
Merge tag 'riscv/for-v5.4-rc5-b' of git://git./linux/kernel/git/riscv/linux

Pull RISC-V fixes from Paul Walmsley:
 "Several minor fixes and cleanups for v5.4-rc5:

   - Three build fixes for various SPARSEMEM-related kernel
     configurations

   - Two cleanup patches for the kernel bug and breakpoint trap handler
     code"

* tag 'riscv/for-v5.4-rc5-b' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
  riscv: cleanup do_trap_break
  riscv: cleanup <asm/bug.h>
  riscv: Fix undefined reference to vmemmap_populate_basepages
  riscv: Fix implicit declaration of 'page_to_section'
  riscv: fix fs/proc/kcore.c compilation with sparsemem enabled

5 years agoMerge tag 'mips_fixes_5.4_3' of git://git.kernel.org/pub/scm/linux/kernel/git/mips...
Linus Torvalds [Sat, 26 Oct 2019 23:43:12 +0000 (19:43 -0400)]
Merge tag 'mips_fixes_5.4_3' of git://git./linux/kernel/git/mips/linux

Pull MIPS fixes from Paul Burton:
 "A few MIPS fixes:

   - Fix VDSO time-related function behavior for systems where we need
     to fall back to syscalls, but were instead returning bogus results.

   - A fix to TLB exception handlers for Cavium Octeon systems where
     they would inadvertently clobber the $1/$at register.

   - A build fix for bcm63xx configurations.

   - Switch to using my @kernel.org email address"

* tag 'mips_fixes_5.4_3' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux:
  MIPS: tlbex: Fix build_restore_pagemask KScratch restore
  MIPS: bmips: mark exception vectors as char arrays
  mips: vdso: Fix __arch_get_hw_counter()
  MAINTAINERS: Use @kernel.org address for Paul Burton

5 years agoMerge tag 'tty-5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
Linus Torvalds [Sat, 26 Oct 2019 20:40:04 +0000 (16:40 -0400)]
Merge tag 'tty-5.4-rc5' of git://git./linux/kernel/git/gregkh/tty

Pull tty/serial driver fix from Greg KH:
 "Here is a single tty/serial driver fix for 5.4-rc5 that resolves a
  reported issue.

  It has been in linux-next for a while with no problems"

* tag 'tty-5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
  8250-men-mcb: fix error checking when get_num_ports returns -ENODEV

5 years agoMerge tag 'staging-5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh...
Linus Torvalds [Sat, 26 Oct 2019 20:36:47 +0000 (16:36 -0400)]
Merge tag 'staging-5.4-rc5' of git://git./linux/kernel/git/gregkh/staging

Pull staging driver fix from Greg KH:
 "Here is a single staging driver fix, for the wlan-ng driver, that
  resolves a reported issue.

  It is been in linux-next for a while with no reported issues"

* tag 'staging-5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
  staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS

5 years agoMerge tag 'driver-core-5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Sat, 26 Oct 2019 19:23:08 +0000 (15:23 -0400)]
Merge tag 'driver-core-5.4-rc5' of git://git./linux/kernel/git/gregkh/driver-core

Pull driver core fix from Greg KH:
 "Here is a single sysfs fix for 5.4-rc5.

  It resolves an error if you actually try to use the __BIN_ATTR_WO()
  macro, seems I never tested it properly before :(

  This has been in linux-next for a while with no reported issues"

* tag 'driver-core-5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
  sysfs: Fixes __BIN_ATTR_WO() macro

5 years agoMerge tag 'char-misc-5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh...
Linus Torvalds [Sat, 26 Oct 2019 19:17:54 +0000 (15:17 -0400)]
Merge tag 'char-misc-5.4-rc5' of git://git./linux/kernel/git/gregkh/char-misc

Pull binder fix from Greg KH:
 "This is a single binder fix to resolve a reported issue by Jann. It's
  been in linux-next for a while with no reported issues"

* tag 'char-misc-5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
  binder: Don't modify VMA bounds in ->mmap handler

5 years agoMerge tag 'usb-5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Linus Torvalds [Sat, 26 Oct 2019 19:14:55 +0000 (15:14 -0400)]
Merge tag 'usb-5.4-rc5' of git://git./linux/kernel/git/gregkh/usb

Pull USB fixes from Greg KH:
 "Here are a number of small USB driver fixes for 5.4-rc5.

  More "fun" with some of the misc USB drivers as found by syzbot, and
  there are a number of other small bugfixes in here for reported
  issues.

  All have been in linux-next for a while with no reported issues"

* tag 'usb-5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  usb: cdns3: Error out if USB_DR_MODE_UNKNOWN in cdns3_core_init_role()
  USB: ldusb: fix read info leaks
  USB: serial: ti_usb_3410_5052: clean up serial data access
  USB: serial: ti_usb_3410_5052: fix port-close races
  USB: usblp: fix use-after-free on disconnect
  usb: udc: lpc32xx: fix bad bit shift operation
  usb: cdns3: Fix dequeue implementation.
  USB: legousbtower: fix a signedness bug in tower_probe()
  USB: legousbtower: fix memleak on disconnect
  USB: ldusb: fix memleak on disconnect

5 years agoMerge branch 'i2c/for-current-fixed' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Sat, 26 Oct 2019 19:06:58 +0000 (15:06 -0400)]
Merge branch 'i2c/for-current-fixed' of git://git./linux/kernel/git/wsa/linux

Pull i2c fixes from Wolfram Sang:
 "A few driver fixes for the I2C subsystem"

* 'i2c/for-current-fixed' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
  i2c: stm32f7: remove warning when compiling with W=1
  i2c: stm32f7: fix a race in slave mode with arbitration loss irq
  i2c: stm32f7: fix first byte to send in slave mode
  i2c: mt65xx: fix NULL ptr dereference
  i2c: aspeed: fix master pending state handling

5 years agoMerge tag 'for-linus-2019-10-26' of git://git.kernel.dk/linux-block
Linus Torvalds [Sat, 26 Oct 2019 18:59:51 +0000 (14:59 -0400)]
Merge tag 'for-linus-2019-10-26' of git://git.kernel.dk/linux-block

Pull block and io_uring fixes from Jens Axboe:
 "A bit bigger than usual at this point in time, mostly due to some good
  bug hunting work by Pavel that resulted in three io_uring fixes from
  him and two from me. Anyway, this pull request contains:

   - Revert of the submit-and-wait optimization for io_uring, it can't
     always be done safely. It depends on commands always making
     progress on their own, which isn't necessarily the case outside of
     strict file IO. (me)

   - Series of two patches from me and three from Pavel, fixing issues
     with shared data and sequencing for io_uring.

   - Lastly, two timeout sequence fixes for io_uring (zhangyi)

   - Two nbd patches fixing races (Josef)

   - libahci regulator_get_optional() fix (Mark)"

* tag 'for-linus-2019-10-26' of git://git.kernel.dk/linux-block:
  nbd: verify socket is supported during setup
  ata: libahci_platform: Fix regulator_get_optional() misuse
  nbd: handle racing with error'ed out commands
  nbd: protect cmd->status with cmd->lock
  io_uring: fix bad inflight accounting for SETUP_IOPOLL|SETUP_SQTHREAD
  io_uring: used cached copies of sq->dropped and cq->overflow
  io_uring: Fix race for sqes with userspace
  io_uring: Fix broken links with offloading
  io_uring: Fix corrupted user_data
  io_uring: correct timeout req sequence when inserting a new entry
  io_uring : correct timeout req sequence when waiting timeout
  io_uring: revert "io_uring: optimize submit_and_wait API"

5 years agoMerge tag 's390-5.4-5' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Linus Torvalds [Sat, 26 Oct 2019 10:35:46 +0000 (06:35 -0400)]
Merge tag 's390-5.4-5' of git://git./linux/kernel/git/s390/linux

Pull s390 fixes from Vasily Gorbik:

 - Add R_390_GLOB_DAT relocation type support. This fixes boot problem
   on linux-next.

 - Fix memory leak in zcrypt

* tag 's390-5.4-5' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/kaslr: add support for R_390_GLOB_DAT relocation type
  s390/zcrypt: fix memleak at release

5 years agoMerge tag 'for-linus-5.4-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Sat, 26 Oct 2019 10:32:12 +0000 (06:32 -0400)]
Merge tag 'for-linus-5.4-rc5-tag' of git://git./linux/kernel/git/xen/tip

Pull xen fixlet from Juergen Gross:
 "Just one patch for issuing a deprecation warning for 32-bit Xen pv
  guests"

* tag 'for-linus-5.4-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
  xen: issue deprecation warning for 32-bit pv guest

5 years agoMerge tag 'dma-mapping-5.4-2' of git://git.infradead.org/users/hch/dma-mapping
Linus Torvalds [Sat, 26 Oct 2019 10:29:04 +0000 (06:29 -0400)]
Merge tag 'dma-mapping-5.4-2' of git://git.infradead.org/users/hch/dma-mapping

Pull dma-mapping fix from Christoph Hellwig:
 "Fix a regression in the intel-iommu get_required_mask conversion
  (Arvind Sankar)"

* tag 'dma-mapping-5.4-2' of git://git.infradead.org/users/hch/dma-mapping:
  iommu/vt-d: Return the correct dma mask when we are bypassing the IOMMU

5 years agoMerge tag 'dax-fix-5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm...
Linus Torvalds [Sat, 26 Oct 2019 10:26:04 +0000 (06:26 -0400)]
Merge tag 'dax-fix-5.4-rc5' of git://git./linux/kernel/git/nvdimm/nvdimm

Pull dax fix from Dan Williams:
 "Fix a performance regression that followed from a fix to the
  conversion of the fsdax implementation to the xarray. v5.3 users
  report that they stop seeing huge page mappings on an application +
  filesystem layout that was seeing huge pages previously on v5.2"

* tag 'dax-fix-5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
  fs/dax: Fix pmd vs pte conflict detection

5 years agoMerge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Linus Torvalds [Sat, 26 Oct 2019 00:11:33 +0000 (20:11 -0400)]
Merge tag 'scsi-fixes' of git://git./linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "Nine changes, eight to drivers (qla2xxx, hpsa, lpfc, alua, ch,
  53c710[x2], target) and one core change that tries to close a race
  between sysfs delete and module removal"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: lpfc: remove left-over BUILD_NVME defines
  scsi: core: try to get module before removing device
  scsi: hpsa: add missing hunks in reset-patch
  scsi: target: core: Do not overwrite CDB byte 1
  scsi: ch: Make it possible to open a ch device multiple times again
  scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE
  scsi: sni_53c710: fix compilation error
  scsi: scsi_dh_alua: handle RTPG sense code correctly during state transitions
  scsi: qla2xxx: fix a potential NULL pointer dereference

5 years agoriscv: cleanup do_trap_break
Christoph Hellwig [Thu, 17 Oct 2019 17:37:30 +0000 (19:37 +0200)]
riscv: cleanup do_trap_break

If we always compile the get_break_insn_length inline function we can
remove the ifdefs and let dead code elimination take care of the warn
branch that is now unreadable because the report_bug stub always
returns BUG_TRAP_TYPE_BUG.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Anup Patel <anup@brainfault.org>
Signed-off-by: Paul Walmsley <paul.walmsley@sifive.com>
5 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
Linus Torvalds [Fri, 25 Oct 2019 21:31:53 +0000 (17:31 -0400)]
Merge branch 'for-linus' of git://git./linux/kernel/git/dtor/input

Pull input fix from Dmitry Torokhov:
 "A fix for st1232 driver to properly report coordinates for 2nd and
  subsequent fingers when more than one is on the surface"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: st1232 - fix reporting multitouch coordinates

5 years agonbd: verify socket is supported during setup
Mike Christie [Thu, 17 Oct 2019 21:27:34 +0000 (16:27 -0500)]
nbd: verify socket is supported during setup

nbd requires socket families to support the shutdown method so the nbd
recv workqueue can be woken up from its sock_recvmsg call. If the socket
does not support the callout we will leave recv works running or get hangs
later when the device or module is removed.

This adds a check during socket connection/reconnection to make sure the
socket being passed in supports the needed callout.

Reported-by: syzbot+24c12fa8d218ed26011a@syzkaller.appspotmail.com
Fixes: e9e006f5fcf2 ("nbd: fix max number of supported devs")
Tested-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Mike Christie <mchristi@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agoata: libahci_platform: Fix regulator_get_optional() misuse
Mark Brown [Wed, 16 Oct 2019 10:51:05 +0000 (11:51 +0100)]
ata: libahci_platform: Fix regulator_get_optional() misuse

This driver is using regulator_get_optional() to handle all the supplies
that it handles, and only ever enables and disables all supplies en masse
without ever doing any other configuration of the device to handle missing
power. These are clear signs that the API is being misused - it should only
be used for supplies that may be physically absent from the system and in
these cases the hardware usually needs different configuration if the
supply is missing. Instead use normal regualtor_get(), if the supply is
not described in DT then the framework will substitute a dummy regulator in
so no special handling is needed by the consumer driver.

In the case of the PHY regulator the handling in the driver is a hack to
deal with integrated PHYs; the supplies are only optional in the sense
that that there's some confusion in the code about where they're bound to.
From a code point of view they function exactly as normal supplies so can
be treated as such. It'd probably be better to model this by instantiating
a PHY object for integrated PHYs.

Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agonbd: handle racing with error'ed out commands
Josef Bacik [Mon, 21 Oct 2019 19:56:28 +0000 (15:56 -0400)]
nbd: handle racing with error'ed out commands

We hit the following warning in production

print_req_error: I/O error, dev nbd0, sector 7213934408 flags 80700
------------[ cut here ]------------
refcount_t: underflow; use-after-free.
WARNING: CPU: 25 PID: 32407 at lib/refcount.c:190 refcount_sub_and_test_checked+0x53/0x60
Workqueue: knbd-recv recv_work [nbd]
RIP: 0010:refcount_sub_and_test_checked+0x53/0x60
Call Trace:
 blk_mq_free_request+0xb7/0xf0
 blk_mq_complete_request+0x62/0xf0
 recv_work+0x29/0xa1 [nbd]
 process_one_work+0x1f5/0x3f0
 worker_thread+0x2d/0x3d0
 ? rescuer_thread+0x340/0x340
 kthread+0x111/0x130
 ? kthread_create_on_node+0x60/0x60
 ret_from_fork+0x1f/0x30
---[ end trace b079c3c67f98bb7c ]---

This was preceded by us timing out everything and shutting down the
sockets for the device.  The problem is we had a request in the queue at
the same time, so we completed the request twice.  This can actually
happen in a lot of cases, we fail to get a ref on our config, we only
have one connection and just error out the command, etc.

Fix this by checking cmd->status in nbd_read_stat.  We only change this
under the cmd->lock, so we are safe to check this here and see if we've
already error'ed this command out, which would indicate that we've
completed it as well.

Reviewed-by: Mike Christie <mchristi@redhat.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agonbd: protect cmd->status with cmd->lock
Josef Bacik [Mon, 21 Oct 2019 19:56:27 +0000 (15:56 -0400)]
nbd: protect cmd->status with cmd->lock

We already do this for the most part, except in timeout and clear_req.
For the timeout case we take the lock after we grab a ref on the config,
but that isn't really necessary because we're safe to touch the cmd at
this point, so just move the order around.

For the clear_req cause this is initiated by the user, so again is safe.

Reviewed-by: Mike Christie <mchristi@redhat.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agoMerge tag 'modules-for-v5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Fri, 25 Oct 2019 20:11:55 +0000 (16:11 -0400)]
Merge tag 'modules-for-v5.4-rc5' of git://git./linux/kernel/git/jeyu/linux

Pull modules fixes from Jessica Yu:

 - Revert __ksymtab_$namespace.$symbol naming scheme back to
   __ksymtab_$symbol, as it was causing issues with depmod.

   Instead, have modpost extract a symbol's namespace from __kstrtabns
   and __ksymtab_strings.

 - Fix `make nsdeps` for out of tree kernel builds (make O=...) caused
   by unescaped '/'.

   Use a different sed delimiter to avoid this problem.

* tag 'modules-for-v5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux:
  scripts/nsdeps: use alternative sed delimiter
  symbol namespaces: revert to previous __ksymtab name scheme
  modpost: make updating the symbol namespace explicit
  modpost: delegate updating namespaces to separate function

5 years agoMerge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
Linus Torvalds [Fri, 25 Oct 2019 20:00:47 +0000 (16:00 -0400)]
Merge tag 'armsoc-fixes' of git://git./linux/kernel/git/soc/soc

Pull ARM SoC fixes from Olof Johansson:
 "A slightly larger set of fixes have accrued in the last two weeks.
  Mostly a collection of the usual smaller fixes:

   - Marvell Armada: USB phy setup issues on Turris Mox

   - Broadcom: GPIO/pinmux DT mapping corrections for Stingray, MMC bus
     width fix for RPi Zero W, GPIO LED removal for RPI CM3. Also some
     maintainer updates.

   - OMAP: Fixlets for display config, interrupt settings for wifi, some
     clock/PM pieces. Also IOMMU regression fix and a ti-sysc
     no-watchdog regression fix.

   - i.MX: A few fixes around PM/settings, some devicetree fixlets and
     catching up with config option changes in DRM

   - Rockchip: RockRro64 misc DT fixups, Hugsun X99 USB-C, Kevin display
     panel settings

  ... and some smaller fixes for Davinci (backlight, McBSP DMA),
  Allwinner (phy regulators, PMU removal on A64, etc)"

* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (42 commits)
  ARM: dts: stm32: relax qspi pins slew-rate for stm32mp157
  MAINTAINERS: Update the Spreadtrum SoC maintainer
  MAINTAINERS: Remove Gregory and Brian for ARCH_BRCMSTB
  ARM: dts: bcm2837-rpi-cm3: Avoid leds-gpio probing issue
  bus: ti-sysc: Fix watchdog quirk handling
  ARM: OMAP2+: Add pdata for OMAP3 ISP IOMMU
  ARM: OMAP2+: Plug in device_enable/idle ops for IOMMUs
  ARM: davinci_all_defconfig: enable GPIO backlight
  ARM: davinci: dm365: Fix McBSP dma_slave_map entry
  ARM: dts: bcm2835-rpi-zero-w: Fix bus-width of sdhci
  ARM: imx_v6_v7_defconfig: Enable CONFIG_DRM_MSM
  arm64: dts: imx8mn: Use correct clock for usdhc's ipg clk
  arm64: dts: imx8mm: Use correct clock for usdhc's ipg clk
  arm64: dts: imx8mq: Use correct clock for usdhc's ipg clk
  ARM: dts: imx7s: Correct GPT's ipg clock source
  ARM: dts: vf610-zii-scu4-aib: Specify 'i2c-mux-idle-disconnect'
  ARM: dts: imx6q-logicpd: Re-Enable SNVS power key
  arm64: dts: lx2160a: Correct CPU core idle state name
  mailmap: Add Simon Arlott (replacement for expired email address)
  arm64: dts: rockchip: Fix override mode for rk3399-kevin panel
  ...

5 years agoMerge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Linus Torvalds [Fri, 25 Oct 2019 19:52:05 +0000 (15:52 -0400)]
Merge tag 'for-linus' of git://git./virt/kvm/kvm

Pull KVM fixes from Paolo Bonzini:
 "Bugfixes for ARM, PPC and x86, plus selftest improvements"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: nVMX: Don't leak L1 MMIO regions to L2
  KVM: SVM: Fix potential wrong physical id in avic_handle_ldr_update
  kvm: clear kvmclock MSR on reset
  KVM: x86: fix bugon.cocci warnings
  KVM: VMX: Remove specialized handling of unexpected exit-reasons
  selftests: kvm: fix sync_regs_test with newer gccs
  selftests: kvm: vmx_dirty_log_test: skip the test when VMX is not supported
  selftests: kvm: consolidate VMX support checks
  selftests: kvm: vmx_set_nested_state_test: don't check for VMX support twice
  KVM: Don't shrink/grow vCPU halt_poll_ns if host side polling is disabled
  selftests: kvm: synchronize .gitignore to Makefile
  kvm: x86: Expose RDPID in KVM_GET_SUPPORTED_CPUID
  KVM: arm64: pmu: Reset sample period on overflow handling
  KVM: arm64: pmu: Set the CHAINED attribute before creating the in-kernel event
  arm64: KVM: Handle PMCR_EL0.LC as RES1 on pure AArch64 systems
  KVM: arm64: pmu: Fix cycle counter truncation
  KVM: PPC: Book3S HV: XIVE: Ensure VP isn't already in use

5 years agoMerge tag 'drm-fixes-2019-10-25' of git://anongit.freedesktop.org/drm/drm
Linus Torvalds [Fri, 25 Oct 2019 19:41:14 +0000 (15:41 -0400)]
Merge tag 'drm-fixes-2019-10-25' of git://anongit.freedesktop.org/drm/drm

Pull drm fixes from Dave Airlie:
 "Quiet week this week, which I suspect means some people just didn't
  get around to sending me fixes pulls in time. This has 2 komeda and a
  bunch of amdgpu fixes in it:

  komeda:
   - typo fixes
   - flushing pipes fix

  amdgpu:
   - Fix suspend/resume issue related to multi-media engines
   - Fix memory leak in user ptr code related to hmm conversion
   - Fix possible VM faults when allocating page table memory
   - Fix error handling in bo list ioctl"

* tag 'drm-fixes-2019-10-25' of git://anongit.freedesktop.org/drm/drm:
  drm/komeda: Fix typos in komeda_splitter_validate
  drm/komeda: Don't flush inactive pipes
  drm/amdgpu/vce: fix allocation size in enc ring test
  drm/amdgpu: fix error handling in amdgpu_bo_list_create
  drm/amdgpu: fix potential VM faults
  drm/amdgpu: user pages array memory leak fix
  drm/amdgpu/vcn: fix allocation size in enc ring test
  drm/amdgpu/uvd7: fix allocation size in enc ring test (v2)
  drm/amdgpu/uvd6: fix allocation size in enc ring test (v2)

5 years agoMerge tag 'mmc-v5.4-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc
Linus Torvalds [Fri, 25 Oct 2019 19:25:51 +0000 (15:25 -0400)]
Merge tag 'mmc-v5.4-rc4' of git://git./linux/kernel/git/ulfh/mmc

Pull MMC fixes from Ulf Hansson:
 "MMC host fixes:

   - mxs: Fix flags passed to dmaengine_prep_slave_sg

   - cqhci: Add a missing memory barrier

   - sdhci-omap: Fix tuning procedure for temperatures < -20C"

* tag 'mmc-v5.4-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
  mmc: mxs: fix flags passed to dmaengine_prep_slave_sg
  mmc: cqhci: Commit descriptors before setting the doorbell
  mmc: sdhci-omap: Fix Tuning procedure for temperatures < -20C

5 years agoio_uring: fix bad inflight accounting for SETUP_IOPOLL|SETUP_SQTHREAD
Jens Axboe [Fri, 25 Oct 2019 16:06:15 +0000 (10:06 -0600)]
io_uring: fix bad inflight accounting for SETUP_IOPOLL|SETUP_SQTHREAD

We currently assume that submissions from the sqthread are successful,
and if IO polling is enabled, we use that value for knowing how many
completions to look for. But if we overflowed the CQ ring or some
requests simply got errored and already completed, they won't be
available for polling.

For the case of IO polling and SQTHREAD usage, look at the pending
poll list. If it ever hits empty then we know that we don't have
anymore pollable requests inflight. For that case, simply reset
the inflight count to zero.

Reported-by: Pavel Begunkov <asml.silence@gmail.com>
Reviewed-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agoio_uring: used cached copies of sq->dropped and cq->overflow
Jens Axboe [Fri, 25 Oct 2019 16:04:25 +0000 (10:04 -0600)]
io_uring: used cached copies of sq->dropped and cq->overflow

We currently use the ring values directly, but that can lead to issues
if the application is malicious and changes these values on our behalf.
Created in-kernel cached versions of them, and just overwrite the user
side when we update them. This is similar to how we treat the sq/cq
ring tail/head updates.

Reported-by: Pavel Begunkov <asml.silence@gmail.com>
Reviewed-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agoARM: dts: stm32: relax qspi pins slew-rate for stm32mp157
Patrice Chotard [Fri, 25 Oct 2019 13:01:22 +0000 (15:01 +0200)]
ARM: dts: stm32: relax qspi pins slew-rate for stm32mp157

Relax qspi pins slew-rate to minimize peak currents.

Fixes: 844030057339 ("ARM: dts: stm32: add flash nor support on stm32mp157c eval board")
Link: https://lore.kernel.org/r/20191025130122.11407-1-alexandre.torgue@st.com
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
Signed-off-by: Alexandre Torgue <alexandre.torgue@st.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
5 years agoio_uring: Fix race for sqes with userspace
Pavel Begunkov [Fri, 25 Oct 2019 09:31:31 +0000 (12:31 +0300)]
io_uring: Fix race for sqes with userspace

io_ring_submit() finalises with
1. io_commit_sqring(), which releases sqes to the userspace
2. Then calls to io_queue_link_head(), accessing released head's sqe

Reorder them.

Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agoio_uring: Fix broken links with offloading
Pavel Begunkov [Fri, 25 Oct 2019 09:31:30 +0000 (12:31 +0300)]
io_uring: Fix broken links with offloading

io_sq_thread() processes sqes by 8 without considering links. As a
result, links will be randomely subdivided.

The easiest way to fix it is to call io_get_sqring() inside
io_submit_sqes() as do io_ring_submit().

Downsides:
1. This removes optimisation of not grabbing mm_struct for fixed files
2. It submitting all sqes in one go, without finer-grained sheduling
with cq processing.

Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agoio_uring: Fix corrupted user_data
Pavel Begunkov [Fri, 25 Oct 2019 09:31:29 +0000 (12:31 +0300)]
io_uring: Fix corrupted user_data

There is a bug, where failed linked requests are returned not with
specified @user_data, but with garbage from a kernel stack.

The reason is that io_fail_links() uses req->user_data, which is
uninitialised when called from io_queue_sqe() on fail path.

Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agoxen: issue deprecation warning for 32-bit pv guest
Juergen Gross [Fri, 25 Oct 2019 07:38:58 +0000 (09:38 +0200)]
xen: issue deprecation warning for 32-bit pv guest

Support for the kernel as Xen 32-bit PV guest will soon be removed.
Issue a warning when booted as such.

Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
5 years agoMerge tag 'irqchip-fixes-5.4-2' of git://git.kernel.org/pub/scm/linux/kernel/git...
Thomas Gleixner [Fri, 25 Oct 2019 12:25:15 +0000 (14:25 +0200)]
Merge tag 'irqchip-fixes-5.4-2' of git://git./linux/kernel/git/maz/arm-platforms into irq/urgent

Pull the second lot of irqchip updates for 5.4 from Marc Zyngier:

- Sifive PLIC: force driver to skip non-relevant contexts
- GICv4: Don't send VMOVP commands to ITSs that don't have
  this vPE mapped

5 years agoirqchip/sifive-plic: Skip contexts except supervisor in plic_init()
Alan Mikhak [Thu, 24 Oct 2019 16:11:43 +0000 (09:11 -0700)]
irqchip/sifive-plic: Skip contexts except supervisor in plic_init()

Modify plic_init() to skip .dts interrupt contexts other
than supervisor external interrupt.

The .dts entry for plic may specify multiple interrupt contexts.
For example, it may assign two entries IRQ_M_EXT and IRQ_S_EXT,
in that order, to the same interrupt controller. This patch
modifies plic_init() to skip the IRQ_M_EXT context since
IRQ_S_EXT is currently the only supported context.

If IRQ_M_EXT is not skipped, plic_init() will report "handler
already present for context" when it comes across the IRQ_S_EXT
context in the next iteration of its loop.

Without this patch, .dts would have to be edited to replace the
value of IRQ_M_EXT with -1 for it to be skipped.

Signed-off-by: Alan Mikhak <alan.mikhak@sifive.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Acked-by: Paul Walmsley <paul.walmsley@sifive.com> # arch/riscv
Link: https://lkml.kernel.org/r/1571933503-21504-1-git-send-email-alan.mikhak@sifive.com
5 years agoMerge tag 'drm-fixes-5.4-2019-10-23' of git://people.freedesktop.org/~agd5f/linux...
Dave Airlie [Fri, 25 Oct 2019 04:48:53 +0000 (14:48 +1000)]
Merge tag 'drm-fixes-5.4-2019-10-23' of git://people.freedesktop.org/~agd5f/linux into drm-fixes

drm-fixes-5.4-2019-10-23:

amdgpu:
- Fix suspend/resume issue related to multi-media engines
- Fix memory leak in user ptr code related to hmm conversion
- Fix possible VM faults when allocating page table memory
- Fix error handling in bo list ioctl

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Alex Deucher <alexdeucher@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20191024031809.3155-1-alexander.deucher@amd.com
5 years agoMerge tag 'drm-misc-fixes-2019-10-23' of git://anongit.freedesktop.org/drm/drm-misc...
Dave Airlie [Fri, 25 Oct 2019 04:45:12 +0000 (14:45 +1000)]
Merge tag 'drm-misc-fixes-2019-10-23' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes

Two fixes for komeda, one for typos and one to prevent an hardware issue
when flushing inactive pipes

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Maxime Ripard <mripard@kernel.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20191023112643.evpp6f23mpjwdsn4@gilmour
5 years agocifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs
Dave Wysochanski [Wed, 23 Oct 2019 09:02:33 +0000 (05:02 -0400)]
cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs

There's a deadlock that is possible and can easily be seen with
a test where multiple readers open/read/close of the same file
and a disruption occurs causing reconnect.  The deadlock is due
a reader thread inside cifs_strict_readv calling down_read and
obtaining lock_sem, and then after reconnect inside
cifs_reopen_file calling down_read a second time.  If in
between the two down_read calls, a down_write comes from
another process, deadlock occurs.

        CPU0                    CPU1
        ----                    ----
cifs_strict_readv()
 down_read(&cifsi->lock_sem);
                               _cifsFileInfo_put
                                  OR
                               cifs_new_fileinfo
                                down_write(&cifsi->lock_sem);
cifs_reopen_file()
 down_read(&cifsi->lock_sem);

Fix the above by changing all down_write(lock_sem) calls to
down_write_trylock(lock_sem)/msleep() loop, which in turn
makes the second down_read call benign since it will never
block behind the writer while holding lock_sem.

Signed-off-by: Dave Wysochanski <dwysocha@redhat.com>
Suggested-by: Ronnie Sahlberg <lsahlber@redhat.com>
Reviewed--by: Ronnie Sahlberg <lsahlber@redhat.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
5 years agoCIFS: Fix use after free of file info structures
Pavel Shilovsky [Wed, 23 Oct 2019 22:37:19 +0000 (15:37 -0700)]
CIFS: Fix use after free of file info structures

Currently the code assumes that if a file info entry belongs
to lists of open file handles of an inode and a tcon then
it has non-zero reference. The recent changes broke that
assumption when putting the last reference of the file info.
There may be a situation when a file is being deleted but
nothing prevents another thread to reference it again
and start using it. This happens because we do not hold
the inode list lock while checking the number of references
of the file info structure. Fix this by doing the proper
locking when doing the check.

Fixes: 487317c99477d ("cifs: add spinlock for the openFileList to cifsInodeInfo")
Fixes: cb248819d209d ("cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic")
Cc: Stable <stable@vger.kernel.org>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
5 years agoCIFS: Fix retry mid list corruption on reconnects
Pavel Shilovsky [Tue, 22 Oct 2019 15:41:42 +0000 (08:41 -0700)]
CIFS: Fix retry mid list corruption on reconnects

When the client hits reconnect it iterates over the mid
pending queue marking entries for retry and moving them
to a temporary list to issue callbacks later without holding
GlobalMid_Lock. In the same time there is no guarantee that
mids can't be removed from the temporary list or even
freed completely by another thread. It may cause a temporary
list corruption:

[  430.454897] list_del corruption. prev->next should be ffff98d3a8f316c0, but was 2e885cb266355469
[  430.464668] ------------[ cut here ]------------
[  430.466569] kernel BUG at lib/list_debug.c:51!
[  430.468476] invalid opcode: 0000 [#1] SMP PTI
[  430.470286] CPU: 0 PID: 13267 Comm: cifsd Kdump: loaded Not tainted 5.4.0-rc3+ #19
[  430.473472] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[  430.475872] RIP: 0010:__list_del_entry_valid.cold+0x31/0x55
...
[  430.510426] Call Trace:
[  430.511500]  cifs_reconnect+0x25e/0x610 [cifs]
[  430.513350]  cifs_readv_from_socket+0x220/0x250 [cifs]
[  430.515464]  cifs_read_from_socket+0x4a/0x70 [cifs]
[  430.517452]  ? try_to_wake_up+0x212/0x650
[  430.519122]  ? cifs_small_buf_get+0x16/0x30 [cifs]
[  430.521086]  ? allocate_buffers+0x66/0x120 [cifs]
[  430.523019]  cifs_demultiplex_thread+0xdc/0xc30 [cifs]
[  430.525116]  kthread+0xfb/0x130
[  430.526421]  ? cifs_handle_standard+0x190/0x190 [cifs]
[  430.528514]  ? kthread_park+0x90/0x90
[  430.530019]  ret_from_fork+0x35/0x40

Fix this by obtaining extra references for mids being retried
and marking them as MID_DELETED which indicates that such a mid
has been dequeued from the pending list.

Also move mid cleanup logic from DeleteMidQEntry to
_cifs_mid_q_entry_release which is called when the last reference
to a particular mid is put. This allows to avoid any use-after-free
of response buffers.

The patch needs to be backported to stable kernels. A stable tag
is not mentioned below because the patch doesn't apply cleanly
to any actively maintained stable kernel.

Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Reviewed-and-tested-by: David Wysochanski <dwysocha@redhat.com>
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
5 years agoMerge tag 'devicetree-fixes-for-5.4-2' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Thu, 24 Oct 2019 22:29:40 +0000 (18:29 -0400)]
Merge tag 'devicetree-fixes-for-5.4-2' of git://git./linux/kernel/git/robh/linux

Pull Devicetree fixes from Rob Herring:
 "A couple more DT fixes for 5.4: fix a ref count, memory leak, and
  Risc-V cpu schema warnings"

* tag 'devicetree-fixes-for-5.4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
  of: reserved_mem: add missing of_node_put() for proper ref-counting
  of: unittest: fix memory leak in unittest_data_add
  dt-bindings: riscv: Fix CPU schema errors

5 years agoMerge tag 'acpi-5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael...
Linus Torvalds [Thu, 24 Oct 2019 19:49:32 +0000 (15:49 -0400)]
Merge tag 'acpi-5.4-rc5' of git://git./linux/kernel/git/rafael/linux-pm

Pull ACPI fix from Rafael Wysocki:
 "Fix locking issue in the error code path of a function that belongs to
  the sysfs interface exposed by the ACPI NFIT handling code (Dan
  Carpenter)"

* tag 'acpi-5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  ACPI: NFIT: Fix unlock on error in scrub_show()

5 years agoMerge tag 'pm-5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Linus Torvalds [Thu, 24 Oct 2019 19:36:11 +0000 (15:36 -0400)]
Merge tag 'pm-5.4-rc5' of git://git./linux/kernel/git/rafael/linux-pm

Pull power management fixes from Rafael Wysocki:
 "These fix problems related to frequency limits management in cpufreq
  that were introduced during the 5.3 cycle (when PM QoS had started to
  be used for that), fix a few issues in the OPP (operating performance
  points) library code and fix up the recently added haltpoll cpuidle
  driver.

  The cpufreq changes are somewhat bigger that I would like them to be
  at this stage of the cycle, but the problems fixed by them include
  crashes on boot and shutdown in some cases (among other things) and in
  my view it is better to address the root of the issue right away.

  Specifics:

   - Using device PM QoS of CPU devices for managing frequency limits in
     cpufreq does not work, so introduce frequency QoS (based on the
     original low-level PM QoS) for this purpose, switch cpufreq and
     related code over to using it and fix a race involving deferred
     updates of frequency limits on top of that (Rafael Wysocki, Sudeep
     Holla).

   - Avoid calling regulator_enable()/disable() from the OPP framework
     to avoid side-effects on boot-enabled regulators that may change
     their initial voltage due to performing initial voltage balancing
     without all restrictions from the consumers (Marek Szyprowski).

   - Avoid a kref management issue in the OPP library code and drop an
     incorrectly added lockdep_assert_held() from it (Viresh Kumar).

   - Make the recently added haltpoll cpuidle driver take the 'idle='
     override into account as appropriate (Zhenzhong Duan)"

* tag 'pm-5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  opp: Reinitialize the list_kref before adding the static OPPs again
  cpufreq: Cancel policy update work scheduled before freeing
  cpuidle: haltpoll: Take 'idle=' override into account
  opp: core: Revert "add regulators enable and disable"
  PM: QoS: Drop frequency QoS types from device PM QoS
  cpufreq: Use per-policy frequency QoS
  PM: QoS: Introduce frequency QoS
  opp: of: drop incorrect lockdep_assert_held()

5 years agoMerge tag 'gfs2-v5.4-rc4.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Thu, 24 Oct 2019 19:31:55 +0000 (15:31 -0400)]
Merge tag 'gfs2-v5.4-rc4.fixes' of git://git./linux/kernel/git/gfs2/linux-gfs2

Pull gfs2 fix from Andreas Gruenbacher:
 "Fix a memory leak introduced in -rc1"

* tag 'gfs2-v5.4-rc4.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2:
  gfs2: Fix memory leak when gfs2meta's fs_context is freed

5 years agoi2c: stm32f7: remove warning when compiling with W=1
Alain Volmat [Tue, 15 Oct 2019 13:11:58 +0000 (15:11 +0200)]
i2c: stm32f7: remove warning when compiling with W=1

Remove the following warning:

drivers/i2c/busses/i2c-stm32f7.c:315:
warning: cannot understand function prototype:
'struct stm32f7_i2c_spec i2c_specs[] =

Replace a comment starting with /** by simply /* to avoid having
it interpreted as a kernel-doc comment.

Fixes: aeb068c57214 ("i2c: i2c-stm32f7: add driver")
Signed-off-by: Alain Volmat <alain.volmat@st.com>
Reviewed-by: Pierre-Yves MORDRET <pierre-yves.mordret@st.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
5 years agoi2c: stm32f7: fix a race in slave mode with arbitration loss irq
Fabrice Gasnier [Tue, 1 Oct 2019 08:51:09 +0000 (10:51 +0200)]
i2c: stm32f7: fix a race in slave mode with arbitration loss irq

When in slave mode, an arbitration loss (ARLO) may be detected before the
slave had a chance to detect the stop condition (STOPF in ISR).
This is seen when two master + slave adapters switch their roles. It
provokes the i2c bus to be stuck, busy as SCL line is stretched.
- the I2C_SLAVE_STOP event is never generated due to STOPF flag is set but
  don't generate an irq (race with ARLO irq, STOPIE is masked). STOPF flag
  remains set until next master xfer (e.g. when STOPIE irq get unmasked).
  In this case, completion is generated too early: immediately upon new
  transfer request (then it doesn't send all data).
- Some data get stuck in TXDR register. As a consequence, the controller
  stretches the SCL line: the bus gets busy until a future master transfer
  triggers the bus busy / recovery mechanism (this can take time... and
  may never happen at all)

So choice is to let the STOPF being detected by the slave isr handler,
to properly handle this stop condition. E.g. don't mask IRQs in error
handler, when the slave is running.

Fixes: 60d609f30de2 ("i2c: i2c-stm32f7: Add slave support")
Signed-off-by: Fabrice Gasnier <fabrice.gasnier@st.com>
Reviewed-by: Pierre-Yves MORDRET <pierre-yves.mordret@st.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
5 years agoi2c: stm32f7: fix first byte to send in slave mode
Fabrice Gasnier [Mon, 30 Sep 2019 15:28:01 +0000 (17:28 +0200)]
i2c: stm32f7: fix first byte to send in slave mode

The slave-interface documentation [1] states "the bus driver should
transmit the first byte" upon I2C_SLAVE_READ_REQUESTED slave event:
- 'val': backend returns first byte to be sent
The driver currently ignores the 1st byte to send on this event.

[1] https://www.kernel.org/doc/Documentation/i2c/slave-interface

Fixes: 60d609f30de2 ("i2c: i2c-stm32f7: Add slave support")
Signed-off-by: Fabrice Gasnier <fabrice.gasnier@st.com>
Reviewed-by: Pierre-Yves MORDRET <pierre-yves.mordret@st.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
5 years agoi2c: mt65xx: fix NULL ptr dereference
Fabien Parent [Fri, 18 Oct 2019 17:32:13 +0000 (19:32 +0200)]
i2c: mt65xx: fix NULL ptr dereference

Since commit abf4923e97c3 ("i2c: mediatek: disable zero-length transfers
for mt8183"), there is a NULL pointer dereference for all the SoCs
that don't have any quirk. mtk_i2c_functionality is not checking that
the quirks pointer is not NULL before starting to use it.

This commit add a call to i2c_check_quirks which will check whether
the quirks pointer is set, and if so will check if the IP has the
NO_ZERO_LEN quirk.

Fixes: abf4923e97c3 ("i2c: mediatek: disable zero-length transfers for mt8183")
Signed-off-by: Fabien Parent <fparent@baylibre.com>
Reviewed-by: Cengiz Can <cengiz@kernel.wtf>
Reviewed-by: Hsin-Yi Wang <hsinyi@chromium.org>
Tested-by: Ulrich Hecht <uli@fpond.eu>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
5 years agoirqchip/gic-v3-its: Use the exact ITSList for VMOVP
Zenghui Yu [Wed, 23 Oct 2019 03:46:26 +0000 (03:46 +0000)]
irqchip/gic-v3-its: Use the exact ITSList for VMOVP

On a system without Single VMOVP support (say GITS_TYPER.VMOVP == 0),
we will map vPEs only on ITSs that will actually control interrupts
for the given VM.  And when moving a vPE, the VMOVP command will be
issued only for those ITSs.

But when issuing VMOVPs we seemed fail to present the exact ITSList
to ITSs who are actually included in the synchronization operation.
The its_list_map we're currently using includes all ITSs in the system,
even though some of them don't have the corresponding vPE mapping at all.

Introduce get_its_list() to get the per-VM its_list_map, to indicate
which ITSs have vPE mappings for the given VM, and use this map as
the expected ITSList when building VMOVP. This is hopefully a performance
gain not to do some synchronization with those unsuspecting ITSs.
And initialize the whole command descriptor to zero at beginning, since
the seq_num and its_list should be RES0 when GITS_TYPER.VMOVP == 1.

Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/1571802386-2680-1-git-send-email-yuzenghui@huawei.com
5 years agogfs2: Fix memory leak when gfs2meta's fs_context is freed
Andrew Price [Fri, 4 Oct 2019 16:51:58 +0000 (11:51 -0500)]
gfs2: Fix memory leak when gfs2meta's fs_context is freed

gfs2 and gfs2meta share an ->init_fs_context function which allocates an
args structure stored in fc->fs_private. gfs2 registers a ->free
function to free this memory when the fs_context is cleaned up, but
there was not one registered for gfs2meta, causing a leak.

Register a ->free function for gfs2meta. The existing gfs2_fc_free
function does what we need.

Reported-by: syzbot+c2fdfd2b783754878fb6@syzkaller.appspotmail.com
Fixes: 1f52aa08d12f ("gfs2: Convert gfs2 to fs_context")
Signed-off-by: Andrew Price <anprice@redhat.com>
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
5 years agoMerge branches 'pm-cpuidle' and 'pm-opp'
Rafael J. Wysocki [Thu, 24 Oct 2019 14:00:43 +0000 (16:00 +0200)]
Merge branches 'pm-cpuidle' and 'pm-opp'

* pm-cpuidle:
  cpuidle: haltpoll: Take 'idle=' override into account

* pm-opp:
  opp: Reinitialize the list_kref before adding the static OPPs again
  opp: core: Revert "add regulators enable and disable"
  opp: of: drop incorrect lockdep_assert_held()

5 years agoMerge tag 'mfd-fixes-5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd
Linus Torvalds [Thu, 24 Oct 2019 10:13:45 +0000 (06:13 -0400)]
Merge tag 'mfd-fixes-5.4' of git://git./linux/kernel/git/lee/mfd

Pull MFD fix from Lee Jones:
 "Fix broken support for BananaPi-r2"

* tag 'mfd-fixes-5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd:
  mfd: mt6397: Fix probe after changing mt6397-core

5 years agoMerge tag 'sound-5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai...
Linus Torvalds [Thu, 24 Oct 2019 10:09:42 +0000 (06:09 -0400)]
Merge tag 'sound-5.4-rc5' of git://git./linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "This is a usual small bump in the middle, we've got a set of ASoC
  fixes in this week as shown in diffstat.

  The only change in the core stuff is about (somewhat minor) PCM
  debugfs error handling. The major changes are rather for Intel SOF and
  topology coverage, as well as other platform (rockchip, samsung, stm)
  and codec fixes.

  As non-ASoC changes, a couple of new HD-audio chip fixes and a typo
  correction of USB-audio driver validation code are found"

* tag 'sound-5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (29 commits)
  ALSA: hda: Add Tigerlake/Jasperlake PCI ID
  ALSA: usb-audio: Fix copy&paste error in the validator
  ALSA: hda/realtek - Add support for ALC711
  ASoC: SOF: control: return true when kcontrol values change
  ASoC: stm32: sai: fix sysclk management on shutdown
  ASoC: Intel: sof-rt5682: add a check for devm_clk_get
  ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting
  ASoC: simple_card_utils.h: Fix potential multiple redefinition error
  ASoC: msm8916-wcd-digital: add missing MIX2 path for RX1/2
  ASoC: core: Fix pcm code debugfs error
  ASoc: rockchip: i2s: Fix RPM imbalance
  ASoC: wm_adsp: Don't generate kcontrols without READ flags
  ASoC: intel: bytcr_rt5651: add null check to support_button_press
  ASoC: intel: sof_rt5682: add remove function to disable jack
  ASoC: rt5682: add NULL handler to set_jack function
  ASoC: intel: sof_rt5682: use separate route map for dmic
  ASoC: SOF: Intel: hda: Disable DMI L1 entry during capture
  ASoC: SOF: Intel: initialise and verify FW crash dump data.
  ASoC: SOF: Intel: hda: fix warnings during FW load
  ASoC: SOF: pcm: harden PCM STOP sequence
  ...

5 years agomfd: mt6397: Fix probe after changing mt6397-core
Frank Wunderlich [Thu, 3 Oct 2019 18:53:23 +0000 (20:53 +0200)]
mfd: mt6397: Fix probe after changing mt6397-core

Part 3 from this series [1] was not merged due to wrong splitting
and breaks mt6323 pmic on bananapi-r2

dmesg prints this line and at least switch is not initialized on bananapi-r2

mt6397 1000d000.pwrap:mt6323: unsupported chip: 0x0

this patch contains only the probe-changes and chip_data structs
from original part 3 by Hsin-Hsiung Wang

[1] https://patchwork.kernel.org/project/linux-mediatek/list/?series=164155

Fixes: a4872e80ce7d ("mfd: mt6397: Extract IRQ related code from core driver")
Signed-off-by: Frank Wunderlich <frank-w@public-files.de>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
5 years agoMIPS: tlbex: Fix build_restore_pagemask KScratch restore
Paul Burton [Fri, 18 Oct 2019 22:38:48 +0000 (15:38 -0700)]
MIPS: tlbex: Fix build_restore_pagemask KScratch restore

build_restore_pagemask() will restore the value of register $1/$at when
its restore_scratch argument is non-zero, and aims to do so by filling a
branch delay slot. Commit 0b24cae4d535 ("MIPS: Add missing EHB in mtc0
-> mfc0 sequence.") added an EHB instruction (Execution Hazard Barrier)
prior to restoring $1 from a KScratch register, in order to resolve a
hazard that can result in stale values of the KScratch register being
observed. In particular, P-class CPUs from MIPS with out of order
execution pipelines such as the P5600 & P6600 are affected.

Unfortunately this EHB instruction was inserted in the branch delay slot
causing the MFC0 instruction which performs the restoration to no longer
execute along with the branch. The result is that the $1 register isn't
actually restored, ie. the TLB refill exception handler clobbers it -
which is exactly the problem the EHB is meant to avoid for the P-class
CPUs.

Similarly build_get_pgd_vmalloc() will restore the value of $1/$at when
its mode argument equals refill_scratch, and suffers from the same
problem.

Fix this by in both cases moving the EHB earlier in the emitted code.
There's no reason it needs to immediately precede the MFC0 - it simply
needs to be between the MTC0 & MFC0.

This bug only affects Cavium Octeon systems which use
build_fast_tlb_refill_handler().

Signed-off-by: Paul Burton <paulburton@kernel.org>
Fixes: 0b24cae4d535 ("MIPS: Add missing EHB in mtc0 -> mfc0 sequence.")
Cc: Dmitry Korotin <dkorotin@wavecomp.com>
Cc: stable@vger.kernel.org # v3.15+
Cc: linux-mips@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
5 years agoio_uring: correct timeout req sequence when inserting a new entry
zhangyi (F) [Wed, 23 Oct 2019 07:10:09 +0000 (15:10 +0800)]
io_uring: correct timeout req sequence when inserting a new entry

The sequence number of the timeout req (req->sequence) indicate the
expected completion request. Because of each timeout req consume a
sequence number, so the sequence of each timeout req on the timeout
list shouldn't be the same. But now, we may get the same number (also
incorrect) if we insert a new entry before the last one, such as submit
such two timeout reqs on a new ring instance below.

                    req->sequence
 req_1 (count = 2):       2
 req_2 (count = 1):       2

Then, if we submit a nop req, req_2 will still timeout even the nop req
finished. This patch fix this problem by adjust the sequence number of
each reordered reqs when inserting a new entry.

Signed-off-by: zhangyi (F) <yi.zhang@huawei.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agoio_uring : correct timeout req sequence when waiting timeout
zhangyi (F) [Wed, 23 Oct 2019 07:10:08 +0000 (15:10 +0800)]
io_uring : correct timeout req sequence when waiting timeout

The sequence number of reqs on the timeout_list before the timeout req
should be adjusted in io_timeout_fn(), because the current timeout req
will consumes a slot in the cq_ring and cq_tail pointer will be
increased, otherwise other timeout reqs may return in advance without
waiting for enough wait_nr.

Signed-off-by: zhangyi (F) <yi.zhang@huawei.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agoio_uring: revert "io_uring: optimize submit_and_wait API"
Jens Axboe [Tue, 22 Oct 2019 19:14:37 +0000 (13:14 -0600)]
io_uring: revert "io_uring: optimize submit_and_wait API"

There are cases where it isn't always safe to block for submission,
even if the caller asked to wait for events as well. Revert the
previous optimization of doing that.

This reverts two commits:

bf7ec93c644cb
c576666863b78

Fixes: c576666863b78 ("io_uring: optimize submit_and_wait API")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
5 years agoMIPS: bmips: mark exception vectors as char arrays
Jonas Gorski [Tue, 22 Oct 2019 19:11:00 +0000 (21:11 +0200)]
MIPS: bmips: mark exception vectors as char arrays

The vectors span more than one byte, so mark them as arrays.

Fixes the following build error when building when using GCC 8.3:

In file included from ./include/linux/string.h:19,
                 from ./include/linux/bitmap.h:9,
                 from ./include/linux/cpumask.h:12,
                 from ./arch/mips/include/asm/processor.h:15,
                 from ./arch/mips/include/asm/thread_info.h:16,
                 from ./include/linux/thread_info.h:38,
                 from ./include/asm-generic/preempt.h:5,
                 from ./arch/mips/include/generated/asm/preempt.h:1,
                 from ./include/linux/preempt.h:81,
                 from ./include/linux/spinlock.h:51,
                 from ./include/linux/mmzone.h:8,
                 from ./include/linux/bootmem.h:8,
                 from arch/mips/bcm63xx/prom.c:10:
arch/mips/bcm63xx/prom.c: In function 'prom_init':
./arch/mips/include/asm/string.h:162:11: error: '__builtin_memcpy' forming offset [2, 32] is out of the bounds [0, 1] of object 'bmips_smp_movevec' with type 'char' [-Werror=array-bounds]
   __ret = __builtin_memcpy((dst), (src), __len); \
           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
arch/mips/bcm63xx/prom.c:97:3: note: in expansion of macro 'memcpy'
   memcpy((void *)0xa0000200, &bmips_smp_movevec, 0x20);
   ^~~~~~
In file included from arch/mips/bcm63xx/prom.c:14:
./arch/mips/include/asm/bmips.h:80:13: note: 'bmips_smp_movevec' declared here
 extern char bmips_smp_movevec;

Fixes: 18a1eef92dcd ("MIPS: BMIPS: Introduce bmips.h")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Paul Burton <paulburton@kernel.org>
Cc: linux-mips@vger.kernel.org
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: James Hogan <jhogan@kernel.org>
5 years agoMerge tag 'arm-soc/for-5.5/maintainers' of https://github.com/Broadcom/stblinux into...
Olof Johansson [Thu, 24 Oct 2019 03:01:24 +0000 (20:01 -0700)]
Merge tag 'arm-soc/for-5.5/maintainers' of https://github.com/Broadcom/stblinux into arm/fixes

This pull request contains MAINTAINERS file updates for Broadcom SoCs
for the 5.5 kernel, please pull the following:

- Simon adds a .mailmap alias for his old email

- Stefan updates the existing BCM2835 with BCM2711 which is the chip
  name for the Raspberry Pi 4

- Florian removes Gregory and Brian from the MAINTAINERS file for
  BRCMSTB SoCs

* tag 'arm-soc/for-5.5/maintainers' of https://github.com/Broadcom/stblinux:
  MAINTAINERS: Remove Gregory and Brian for ARCH_BRCMSTB
  mailmap: Add Simon Arlott (replacement for expired email address)
  MAINTAINERS: Add BCM2711 to BCM2835 ARCH

Link: https://lore.kernel.org/r/20191023212814.30622-3-f.fainelli@gmail.com
Signed-off-by: Olof Johansson <olof@lixom.net>
5 years agoMAINTAINERS: Update the Spreadtrum SoC maintainer
Baolin Wang [Thu, 24 Oct 2019 02:05:10 +0000 (10:05 +0800)]
MAINTAINERS: Update the Spreadtrum SoC maintainer

Change my email address, and add more Spreadtrum SC27xx series PMIC
drivers to maintain.

Link: https://lore.kernel.org/r/a48483d13243450ecf3b777d49e741b6367f2c6b.1571881956.git.baolin.wang@linaro.org
Signed-off-by: Baolin Wang <baolin.wang@linaro.org>
Signed-off-by: Olof Johansson <olof@lixom.net>
5 years agoriscv: cleanup <asm/bug.h>
Christoph Hellwig [Thu, 17 Oct 2019 17:37:29 +0000 (19:37 +0200)]
riscv: cleanup <asm/bug.h>

Remove various not required ifdefs and externs.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Anup Patel <anup@brainfault.org>
Signed-off-by: Paul Walmsley <paul.walmsley@sifive.com>
5 years agoriscv: Fix undefined reference to vmemmap_populate_basepages
Kefeng Wang [Wed, 23 Oct 2019 03:23:02 +0000 (11:23 +0800)]
riscv: Fix undefined reference to vmemmap_populate_basepages

Using CONFIG_SPARSEMEM_VMEMMAP instead of CONFIG_SPARSEMEM to fix
following build issue.

  riscv64-linux-ld: arch/riscv/mm/init.o: in function 'vmemmap_populate':
  init.c:(.meminit.text+0x8): undefined reference to 'vmemmap_populate_basepages'

Cc: Logan Gunthorpe <logang@deltatee.com>
Fixes: d95f1a542c3d ("RISC-V: Implement sparsemem")
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Reviewed-by: Logan Gunthorpe <logang@deltatee.com>
Signed-off-by: Paul Walmsley <paul.walmsley@sifive.com>
5 years agoriscv: Fix implicit declaration of 'page_to_section'
Kefeng Wang [Wed, 23 Oct 2019 03:23:01 +0000 (11:23 +0800)]
riscv: Fix implicit declaration of 'page_to_section'

With CONFIG_SPARSEMEM and !CONFIG_SPARSEMEM_VMEMMAP,

arch/riscv/include/asm/pgtable.h: In function ‘mk_pte’:
include/asm-generic/memory_model.h:64:14: error: implicit declaration of function ‘page_to_section’; did you mean ‘present_section’? [-Werror=implicit-function-declaration]
  int __sec = page_to_section(__pg);   \
              ^~~~~~~~~~~~~~~

Fixed by changing mk_pte() from inline function to macro.

Cc: Logan Gunthorpe <logang@deltatee.com>
Fixes: d95f1a542c3d ("RISC-V: Implement sparsemem")
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
[paul.walmsley@sifive.com: fixed checkpatch errors]
Signed-off-by: Paul Walmsley <paul.walmsley@sifive.com>
5 years agoriscv: fix fs/proc/kcore.c compilation with sparsemem enabled
David Abdurachmanov [Tue, 22 Oct 2019 16:21:35 +0000 (19:21 +0300)]
riscv: fix fs/proc/kcore.c compilation with sparsemem enabled

Failed to compile Fedora/RISCV kernel (5.4-rc3+) with sparsemem enabled:

fs/proc/kcore.c: In function 'read_kcore':
fs/proc/kcore.c:510:8: error: implicit declaration of function 'kern_addr_valid'; did you mean 'virt_addr_valid'? [-Werror=implicit-function-declaration]
  510 |    if (kern_addr_valid(start)) {
      |        ^~~~~~~~~~~~~~~
      |        virt_addr_valid

Looking at other architectures I don't see kern_addr_valid being guarded by
CONFIG_FLATMEM.

Fixes: d95f1a542c3d ("RISC-V: Implement sparsemem")
Signed-off-by: David Abdurachmanov <david.abdurachmanov@sifive.com>
Tested-by: David Abdurachmanov <david.abdurachmanov@sifive.com>
Reviewed-by: Logan Gunthorpe <logang@deltatee.com>
Signed-off-by: Paul Walmsley <paul.walmsley@sifive.com>
5 years agoof: reserved_mem: add missing of_node_put() for proper ref-counting
Chris Goldsworthy [Sun, 20 Oct 2019 01:57:24 +0000 (18:57 -0700)]
of: reserved_mem: add missing of_node_put() for proper ref-counting

Commit d698a388146c ("of: reserved-memory: ignore disabled memory-region
nodes") added an early return in of_reserved_mem_device_init_by_idx(), but
didn't call of_node_put() on a device_node whose ref-count was incremented
in the call to of_parse_phandle() preceding the early exit.

Fixes: d698a388146c ("of: reserved-memory: ignore disabled memory-region nodes")
Signed-off-by: Chris Goldsworthy <cgoldswo@codeaurora.org>
Cc: stable@vger.kernel.org
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Rob Herring <robh@kernel.org>
5 years agoMerge tag 'trace-v5.4-rc3-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt...
Linus Torvalds [Wed, 23 Oct 2019 19:43:51 +0000 (15:43 -0400)]
Merge tag 'trace-v5.4-rc3-3' of git://git./linux/kernel/git/rostedt/linux-trace

Pull tracing fixes from Steven Rostedt:
 "Two minor fixes:

   - A race in perf trace initialization (missing mutexes)

   - Minor fix to represent gfp_t in synthetic events as properly
     signed"

* tag 'trace-v5.4-rc3-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
  tracing: Fix race in perf_trace_buf initialization
  tracing: Fix "gfp_t" format for synthetic events

5 years agoof: unittest: fix memory leak in unittest_data_add
Navid Emamdoost [Fri, 4 Oct 2019 18:58:43 +0000 (13:58 -0500)]
of: unittest: fix memory leak in unittest_data_add

In unittest_data_add, a copy buffer is created via kmemdup. This buffer
is leaked if of_fdt_unflatten_tree fails. The release for the
unittest_data buffer is added.

Fixes: b951f9dc7f25 ("Enabling OF selftest to run without machine's devicetree")
Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Reviewed-by: Frank Rowand <frowand.list@gmail.com>
Signed-off-by: Rob Herring <robh@kernel.org>
5 years agodt-bindings: riscv: Fix CPU schema errors
Rob Herring [Tue, 24 Sep 2019 19:37:56 +0000 (14:37 -0500)]
dt-bindings: riscv: Fix CPU schema errors

Fix the errors in the RiscV CPU DT schema:

Documentation/devicetree/bindings/riscv/cpus.example.dt.yaml: cpu@0: 'timebase-frequency' is a required property
Documentation/devicetree/bindings/riscv/cpus.example.dt.yaml: cpu@1: 'timebase-frequency' is a required property
Documentation/devicetree/bindings/riscv/cpus.example.dt.yaml: cpu@0: compatible:0: 'riscv' is not one of ['sifive,rocket0', 'sifive,e5', 'sifive,e51', 'sifive,u54-mc', 'sifive,u54', 'sifive,u5']
Documentation/devicetree/bindings/riscv/cpus.example.dt.yaml: cpu@0: compatible: ['riscv'] is too short
Documentation/devicetree/bindings/riscv/cpus.example.dt.yaml: cpu@0: 'timebase-frequency' is a required property

The DT spec allows for 'timebase-frequency' to be in 'cpu' or 'cpus' node
and RiscV requires it in /cpus node, so make it disallowed in cpu
nodes.

Fixes: 4fd669a8c487 ("dt-bindings: riscv: convert cpu binding to json-schema")
Cc: Palmer Dabbelt <palmer@sifive.com>
Cc: Albert Ou <aou@eecs.berkeley.edu>
Cc: linux-riscv@lists.infradead.org
Acked-by: Paul Walmsley <paul.walmsley@sifive.com>
Signed-off-by: Rob Herring <robh@kernel.org>
5 years agoMerge tag 'vfio-v5.4-rc5' of git://github.com/awilliam/linux-vfio
Linus Torvalds [Wed, 23 Oct 2019 19:39:02 +0000 (15:39 -0400)]
Merge tag 'vfio-v5.4-rc5' of git://github.com/awilliam/linux-vfio

Pull VFIO fixlet from Alex Williamson:
 "Fix (false) uninitialized variable warning (Joerg Roedel)"

* tag 'vfio-v5.4-rc5' of git://github.com/awilliam/linux-vfio:
  vfio/type1: Initialize resv_msi_base

5 years agoMerge tag 'regulator-fix-v5.4-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Wed, 23 Oct 2019 19:31:17 +0000 (15:31 -0400)]
Merge tag 'regulator-fix-v5.4-rc4' of git://git./linux/kernel/git/broonie/regulator

Pull regulator fixes from Mark Brown:
 "There are a few core fixes here around error handling and handling if
  suspend mode configuration and some driver specific fixes here but the
  most important change is the fix to the fixed-regulator DT schema
  conversion introduced during the last merge window.

  That fixes one of the last two errors preventing successful execution
  of "make dt_binding_check" which will be enormously helpful for DT
  schema development"

* tag 'regulator-fix-v5.4-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
  regulator: qcom-rpmh: Fix PMIC5 BoB min voltage
  regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe() could be uninitialized
  regulator: lochnagar: Add on_off_delay for VDDCORE
  regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone
  regulator: da9062: fix suspend_enable/disable preparation
  dt-bindings: fixed-regulator: fix compatible enum
  regulator: fixed: Prevent NULL pointer dereference when !CONFIG_OF
  regulator: core: make regulator_register() EPROBE_DEFER aware
  regulator: of: fix suspend-min/max-voltage parsing

5 years agoMAINTAINERS: Remove Gregory and Brian for ARCH_BRCMSTB
Florian Fainelli [Fri, 18 Oct 2019 17:18:35 +0000 (10:18 -0700)]
MAINTAINERS: Remove Gregory and Brian for ARCH_BRCMSTB

The last time Gregory and Brian did a review was sometime around 2015,
since then, they have not been active for ARCH_BRCMSTB changes.
Following the position of other maintainers and Harald Welte's position
here:

[1] http://laforge.gnumonks.org/blog/20180307-mchardy-gpl/

remove both of them.

Acked-by: Brian Norris <computersforpeace@gmail.com>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
5 years agoMerge tag 'omap-for-v5.4/fixes-rc4-signed' of git://git.kernel.org/pub/scm/linux...
Olof Johansson [Wed, 23 Oct 2019 17:08:11 +0000 (10:08 -0700)]
Merge tag 'omap-for-v5.4/fixes-rc4-signed' of git://git./linux/kernel/git/tmlind/linux-omap into arm/fixes

Three fixes for omaps for v5.4-rc cycle

Two regression fixes for omap3 iommu. I missed applying two omap3
related iommu pdata quirks patches earlier because the kbuild test
robot produced errors on them for missing dependencies.

Fix ti-sysc interconnect target module driver handling for watchdog
quirk. I must have tested this earlier only with watchdog service
running, but clearly it does not do what it needs to do.

* tag 'omap-for-v5.4/fixes-rc4-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
  bus: ti-sysc: Fix watchdog quirk handling
  ARM: OMAP2+: Add pdata for OMAP3 ISP IOMMU
  ARM: OMAP2+: Plug in device_enable/idle ops for IOMMUs

Link: https://lore.kernel.org/r/pull-1571848757-282222@atomide.com
Signed-off-by: Olof Johansson <olof@lixom.net>
5 years agoMerge tag 'sunxi-fixes-for-5.4-1' of https://git.kernel.org/pub/scm/linux/kernel...
Olof Johansson [Wed, 23 Oct 2019 15:34:08 +0000 (08:34 -0700)]
Merge tag 'sunxi-fixes-for-5.4-1' of https://git./linux/kernel/git/sunxi/linux into arm/fixes

A number of fixes for this release, but mostly:
  - A fixup for the A10 CSI DT binding merged during the 5.4-rc1 window
  - A fix for a dt-binding error
  - Addition of phy regulator delays
  - The PMU on the A64 was found to be non-functional, so we've dropped it for now

* tag 'sunxi-fixes-for-5.4-1' of https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux:
  ARM: dts: sun7i: Drop the module clock from the device tree
  dt-bindings: media: sun4i-csi: Drop the module clock
  media: dt-bindings: Fix building error for dt_binding_check
  arm64: dts: allwinner: a64: sopine-baseboard: Add PHY regulator delay
  arm64: dts: allwinner: a64: Drop PMU node
  arm64: dts: allwinner: a64: pine64-plus: Add PHY regulator delay

Link: https://lore.kernel.org/r/80085a57-c40f-4bed-a9c3-19858d87564e.lettre@localhost
Signed-off-by: Olof Johansson <olof@lixom.net>
5 years agoposix-cpu-timers: Fix two trivial comments
Yi Wang [Mon, 21 Oct 2019 07:44:12 +0000 (15:44 +0800)]
posix-cpu-timers: Fix two trivial comments

Recent changes modified the function arguments of
thread_group_sample_cputime() and task_cputimers_expired(), but forgot to
update the comments. Fix it up.

[ tglx: Changed the argument name of task_cputimers_expired() as the pointer
   points to an array of samples. ]

Fixes: b7be4ef1365d ("posix-cpu-timers: Switch thread group sampling to array")
Fixes: 001f7971433a ("posix-cpu-timers: Make expiry checks array based")
Signed-off-by: Yi Wang <wang.yi59@zte.com.cn>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/1571643852-21848-1-git-send-email-wang.yi59@zte.com.cn
5 years agotimers/sched_clock: Include local timekeeping.h for missing declarations
Ben Dooks (Codethink) [Tue, 22 Oct 2019 13:12:26 +0000 (14:12 +0100)]
timers/sched_clock: Include local timekeeping.h for missing declarations

Include the timekeeping.h header to get the declaration of the
sched_clock_{suspend,resume} functions. Fixes the following sparse
warnings:

kernel/time/sched_clock.c:275:5: warning: symbol 'sched_clock_suspend' was not declared. Should it be static?
kernel/time/sched_clock.c:286:6: warning: symbol 'sched_clock_resume' was not declared. Should it be static?

Signed-off-by: Ben Dooks (Codethink) <ben.dooks@codethink.co.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20191022131226.11465-1-ben.dooks@codethink.co.uk