openwrt/staging/blogic.git
7 years agomd/raid5: cap worker count
Shaohua Li [Thu, 21 Sep 2017 18:03:52 +0000 (11:03 -0700)]
md/raid5: cap worker count

static checker reports a potential integer overflow. Cap the worker count to
avoid the overflow.

Reported:-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Shaohua Li <shli@fb.com>
7 years agodm-raid: fix a race condition in request handling
Shaohua Li [Thu, 21 Sep 2017 17:29:22 +0000 (10:29 -0700)]
dm-raid: fix a race condition in request handling

raid_map calls pers->make_request, which missed the suspend check. Fix it with
the new md_handle_request API.

Fix: cc27b0c78c79(md: fix deadlock between mddev_suspend() and md_write_start())
Cc: Heinz Mauelshagen <heinzm@redhat.com>
Cc: Mike Snitzer <snitzer@redhat.com>
Cc: stable@vger.kernel.org
Reviewed-by: NeilBrown <neilb@suse.com>
Signed-off-by: Shaohua Li <shli@fb.com>
7 years agomd: fix a race condition for flush request handling
Shaohua Li [Thu, 21 Sep 2017 16:55:28 +0000 (09:55 -0700)]
md: fix a race condition for flush request handling

md_submit_flush_data calls pers->make_request, which missed the suspend check.
Fix it with the new md_handle_request API.

Reported-by: Nate Dailey <nate.dailey@stratus.com>
Tested-by: Nate Dailey <nate.dailey@stratus.com>
Fix: cc27b0c78c79(md: fix deadlock between mddev_suspend() and md_write_start())
Cc: stable@vger.kernel.org
Reviewed-by: NeilBrown <neilb@suse.com>
Signed-off-by: Shaohua Li <shli@fb.com>
7 years agomd: separate request handling
Shaohua Li [Thu, 21 Sep 2017 17:23:35 +0000 (10:23 -0700)]
md: separate request handling

With commit cc27b0c78c79, pers->make_request could bail out without handling
the bio. If that happens, we should retry.  The commit fixes md_make_request
but not other call sites. Separate the request handling part, so other call
sites can use it.

Reported-by: Nate Dailey <nate.dailey@stratus.com>
Fix: cc27b0c78c79(md: fix deadlock between mddev_suspend() and md_write_start())
Cc: stable@vger.kernel.org
Reviewed-by: NeilBrown <neilb@suse.com>
Signed-off-by: Shaohua Li <shli@fb.com>
7 years agoMerge tag 'kbuild-fixes-v4.14' of git://git.kernel.org/pub/scm/linux/kernel/git/masah...
Linus Torvalds [Thu, 21 Sep 2017 16:01:03 +0000 (06:01 -1000)]
Merge tag 'kbuild-fixes-v4.14' of git://git./linux/kernel/git/masahiroy/linux-kbuild

Pull Kbuild fixes from Masahiro Yamada:
 "Here are some early Kbuild fixes.

  The in-kernel firmware was removed during the previous merge window.
  Since then, some bug reports of broken rpm building are flying in ML.
  We need to fix it now.

  Summary:

   - remove firmware install from rpm-pkg / deb-pkg

   - fix mismatch between release number and UTS_VERSION for rpm-pkg"

* tag 'kbuild-fixes-v4.14' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
  kbuild: rpm-pkg: fix version number handling
  kbuild: deb-pkg: remove firmware package support
  kbuild: rpm-pkg: delete firmware_install to fix build error

7 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Linus Torvalds [Thu, 21 Sep 2017 15:57:50 +0000 (05:57 -1000)]
Merge branch 'for-linus' of git://git./linux/kernel/git/viro/vfs

Pull misc fixes from Al Viro:
 "A couple of regression fixes, one for this merge window, one for the
  previous cycle"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  ipc/shm: Fix order of parameters when calling copy_compat_shmid_to_user
  iov_iter: fix page_copy_sane for compound pages

7 years agoMerge tag 'mtd/fixes-for-4.14-rc2' of git://git.infradead.org/linux-mtd
Linus Torvalds [Thu, 21 Sep 2017 15:55:20 +0000 (05:55 -1000)]
Merge tag 'mtd/fixes-for-4.14-rc2' of git://git.infradead.org/linux-mtd

Pull mtd fixes from Boris Brezillon:
 "SPI NOR:
   - Fix the SFDP parsing code (bugs reported by Geert Uytterhoeven)

  NAND:
   - Fix a resource leak in the lpc32xx_mlc driver
   - Fix a build warning in the core"

* tag 'mtd/fixes-for-4.14-rc2' of git://git.infradead.org/linux-mtd:
  mtd: nand: remove unused blockmask variable
  mtd: nand: lpc32xx_mlc: Fix an error handling path in lpc32xx_nand_probe()
  mtd: spi-nor: fix DMA unsafe buffer issue in spi_nor_read_sfdp()
  mtd: spi-nor: Check consistency of the memory size extracted from the SFDP

7 years agoMerge tag 'drm-fixes-for-v4.14-rc2' of git://people.freedesktop.org/~airlied/linux
Linus Torvalds [Thu, 21 Sep 2017 15:52:36 +0000 (05:52 -1000)]
Merge tag 'drm-fixes-for-v4.14-rc2' of git://people.freedesktop.org/~airlied/linux

Pull drm fixes from Dave Airlie:
 "amdkfd, i915 and exynos fixes.

  I've ended up on unplanned + planned leave this week, but there were
  some fixes I decided to dequeue, some amdkfd bits missed the next pull
  but they are pretty trivial, so I included them.

  I'm not sure I'll see much else for rc2, lots of people are at XDC"

* tag 'drm-fixes-for-v4.14-rc2' of git://people.freedesktop.org/~airlied/linux:
  drm/exynos/hdmi: Fix unsafe list iteration
  drm: exynos: include linux/irq.h
  drm/exynos: Fix suspend/resume support
  drm/exynos: Fix locking in the suspend/resume paths
  drm/i915: Remove unused 'in_vbl' from i915_get_crtc_scanoutpos()
  drm/i915/cnp: set min brightness from VBT
  Revert "drm/i915/bxt: Disable device ready before shutdown command"
  drm/i915/bxt: set min brightness from VBT
  drm/i915: Fix an error handling in 'intel_framebuffer_init()'
  drm/i915/gvt: Fix incorrect PCI BARs reporting
  drm/amdkfd: pass queue's mqd when destroying mqd
  drm/amdkfd: remove memset before memcpy
  uapi linux/kfd_ioctl.h: only use __u32 and __u64

7 years agoMerge tag 'dma-mapping-4.14-2' of git://git.infradead.org/users/hch/dma-mapping
Linus Torvalds [Thu, 21 Sep 2017 15:51:03 +0000 (05:51 -1000)]
Merge tag 'dma-mapping-4.14-2' of git://git.infradead.org/users/hch/dma-mapping

Pull dma mapping fix from Christoph Hellwig:
 "A fix for a fix that went in this merge window from Arnd"

* tag 'dma-mapping-4.14-2' of git://git.infradead.org/users/hch/dma-mapping:
  dma-coherent: fix rmem_dma_device_init regression

7 years agoipc/shm: Fix order of parameters when calling copy_compat_shmid_to_user
Will Deacon [Mon, 18 Sep 2017 16:47:38 +0000 (17:47 +0100)]
ipc/shm: Fix order of parameters when calling copy_compat_shmid_to_user

Commit 553f770ef71b ("ipc: move compat shmctl to native") moved the
compat IPC syscall handling into ipc/shm.c and refactored the struct
accessors in the process. Unfortunately, the call to
copy_compat_shmid_to_user when handling a compat {IPC,SHM}_STAT command
gets the arguments the wrong way round, passing a kernel stack address
as the user buffer (destination) and the user buffer as the kernel stack
address (source).

This patch fixes the parameter ordering so the buffers are accessed
correctly.

Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
7 years agoiov_iter: fix page_copy_sane for compound pages
Petar Penkov [Tue, 29 Aug 2017 18:20:32 +0000 (11:20 -0700)]
iov_iter: fix page_copy_sane for compound pages

Issue is that if the data crosses a page boundary inside a compound
page, this check will incorrectly trigger a WARN_ON.

To fix this, compute the order using the head of the compound page and
adjust the offset to be relative to that head.

Fixes: 72e809ed81ed ("iov_iter: sanity checks for copy to/from page
primitives")

Signed-off-by: Petar Penkov <ppenkov@google.com>
CC: Al Viro <viro@zeniv.linux.org.uk>
CC: Eric Dumazet <edumazet@google.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
7 years agoMerge tag 'exynos-drm-fixes-for-v4.14-rc1' of git://git.kernel.org/pub/scm/linux...
Dave Airlie [Wed, 20 Sep 2017 22:02:39 +0000 (08:02 +1000)]
Merge tag 'exynos-drm-fixes-for-v4.14-rc1' of git://git./linux/kernel/git/daeinki/drm-exynos into drm-fixes

- fix suspend/resume issues.
- fix memory corruption detected by kasan.
- fix build error on x86.

* tag 'exynos-drm-fixes-for-v4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos:
  drm/exynos/hdmi: Fix unsafe list iteration
  drm: exynos: include linux/irq.h
  drm/exynos: Fix suspend/resume support
  drm/exynos: Fix locking in the suspend/resume paths

7 years agoMerge tag 'drm-intel-fixes-2017-09-20' of git://anongit.freedesktop.org/git/drm-intel...
Dave Airlie [Wed, 20 Sep 2017 22:02:21 +0000 (08:02 +1000)]
Merge tag 'drm-intel-fixes-2017-09-20' of git://anongit.freedesktop.org/git/drm-intel into drm-fixes

drm/i915 fixes for 4.14-rc1

Couple fixes for stable:

- Fix MIPI panels on BXT.
- Fix PCI BARs information on GVT.

Plus other fixes:

- Fix minimal brightness for BXT, GLK, CFL and CNL.
- Fix compilation warning: unused in_vbl
- Fix error handling in intel_framebuffer_init

* tag 'drm-intel-fixes-2017-09-20' of git://anongit.freedesktop.org/git/drm-intel:
  drm/i915: Remove unused 'in_vbl' from i915_get_crtc_scanoutpos()
  drm/i915/cnp: set min brightness from VBT
  Revert "drm/i915/bxt: Disable device ready before shutdown command"
  drm/i915/bxt: set min brightness from VBT
  drm/i915: Fix an error handling in 'intel_framebuffer_init()'
  drm/i915/gvt: Fix incorrect PCI BARs reporting

7 years agoMerge tag 'trace-v4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt...
Linus Torvalds [Wed, 20 Sep 2017 16:38:07 +0000 (06:38 -1000)]
Merge tag 'trace-v4.14-rc1' of git://git./linux/kernel/git/rostedt/linux-trace

Pull tracing fixes from Steven Rostedt:
 "This includes three minor fixes.

    - Have writing to trace file clear the irqsoff (and friends) tracer

    - trace_pipe behavior for instance buffers was different than top
      buffer

    - Show a message of why mmiotrace doesn't start from commandline"

* tag 'trace-v4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
  tracing: Fix trace_pipe behavior for instance traces
  tracing: Ignore mmiotrace from kernel commandline
  tracing: Erase irqsoff trace with empty write

7 years agokbuild: rpm-pkg: fix version number handling
Masahiro Yamada [Wed, 20 Sep 2017 13:01:26 +0000 (22:01 +0900)]
kbuild: rpm-pkg: fix version number handling

The "Release:" field of the spec file is determined based on the
.version file.

However, the .version file is not copied to the source tar file.
So, when we build the kernel from the source package, the UTS_VERSION
always indicates #1.  This does not match with "rpm -q".

The kernel UTS_VERSION and "rpm -q" do not agree for binrpm-pkg, either.
Please note the kernel has already been built before the spec file is
created.  Currently, mkspec invokes mkversion.  This script returns an
incremented version.  So, the "Release:" field of the spec file is
greater than the version in the kernel by one.

For the source package build (where .version file is missing), we can
give KBUILD_BUILD_VERSION=%{release} to the build command.

For the binary package build, we can simply read out the .version file
because it contains the version number that was used for building the
kernel image.

We can remove scripts/mkversion because scripts/package/Makefile need
not touch the .version file.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
7 years agokbuild: deb-pkg: remove firmware package support
Masahiro Yamada [Mon, 18 Sep 2017 09:22:19 +0000 (18:22 +0900)]
kbuild: deb-pkg: remove firmware package support

Commit 5620a0d1aacd ("firmware: delete in-kernel firmware") deleted
in-kernel firmware support, including the firmware install command.

So, the firmware package does not make sense any more.  Remove it.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Riku Voipio <riku.voipio@linaro.org>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
7 years agokbuild: rpm-pkg: delete firmware_install to fix build error
Masahiro Yamada [Mon, 18 Sep 2017 09:12:36 +0000 (18:12 +0900)]
kbuild: rpm-pkg: delete firmware_install to fix build error

Commit 5620a0d1aacd ("firmware: delete in-kernel firmware") deleted
in-kernel firmware support, including "make firmware_install".

Since then, "make rpm-pkg" / "make binrpm-pkg" fails to build with
the error:

  make[2]: *** No rule to make target `firmware_install'.  Stop.

Commit df85b2d767aa ("firmware: Restore support for built-in firmware")
restored the build infrastructure for CONFIG_EXTRA_FIRMWARE, but this
is out of the scope of "make firmware_install".  So, the right thing to
do is to kill the use of "make firmware_install".

Fixes: 5620a0d1aacd ("firmware: delete in-kernel firmware")
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
7 years agoMerge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Linus Torvalds [Wed, 20 Sep 2017 03:09:55 +0000 (17:09 -1000)]
Merge tag 'scsi-fixes' of git://git./linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "This is a set of five small fixes: one is a null deref fix which is
  pretty critical for the fc transport class and one fixes a potential
  security issue of sg leaking kernel information"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE
  scsi: sg: factor out sg_fill_request_table()
  scsi: sd: Remove unnecessary condition in sd_read_block_limits()
  scsi: acornscsi: fix build error
  scsi: scsi_transport_fc: fix NULL pointer dereference in fc_bsg_job_timeout

7 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm...
Linus Torvalds [Wed, 20 Sep 2017 03:07:18 +0000 (17:07 -1000)]
Merge branch 'for-linus' of git://git./linux/kernel/git/ebiederm/user-namespace

Pull si_code fix from Eric Biederman:
 "When sorting out the si_code ambiguity fcntl I accidentally overshot
  and included SIGPOLL as well. Ooops! This is my trivial fix for that.

  Vince Weaver caught this when it landed in your tree with his
  perf_event_tests many of which started failing because the si_code
  changed"

Quoth Vince Weaver:
 "I've tested with this patch applied and can confirm all of my tests
  now pass again"

Fixes: d08477aa975e ("fcntl: Don't use ambiguous SIG_POLL si_codes")
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
  fcntl: Don't set si_code to SI_SIGIO when sig == SIGPOLL

7 years agoMerge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Linus Torvalds [Wed, 20 Sep 2017 03:05:53 +0000 (17:05 -1000)]
Merge tag 'for-linus' of git://git./virt/kvm/kvm

Pull KVM fixes from Radim Krčmář:

 - fix build without CONFIG_HAVE_KVM_IRQ_ROUTING

 - fix NULL access in x86 CR access

 - fix race with VMX posted interrups

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt
  KVM: VMX: do not change SN bit in vmx_update_pi_irte()
  KVM: x86: Fix the NULL pointer parameter in check_cr_write()
  Revert "KVM: Don't accept obviously wrong gsi values via KVM_IRQFD"

7 years agodrm/exynos/hdmi: Fix unsafe list iteration
Maciej Purski [Tue, 5 Sep 2017 12:23:02 +0000 (14:23 +0200)]
drm/exynos/hdmi: Fix unsafe list iteration

Function hdmi_mode_fixup() used bare list_for_each entry, which was
unsafe and caused memory corruption detected by kasan.
It now uses drm_for_each_connector_iter macro, which is now recommended
by the documentation and safe.

Signed-off-by: Maciej Purski <m.purski@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
7 years agotracing: Fix trace_pipe behavior for instance traces
Tahsin Erdogan [Sun, 17 Sep 2017 10:23:48 +0000 (03:23 -0700)]
tracing: Fix trace_pipe behavior for instance traces

When reading data from trace_pipe, tracing_wait_pipe() performs a
check to see if tracing has been turned off after some data was read.
Currently, this check always looks at global trace state, but it
should be checking the trace instance where trace_pipe is located at.

Because of this bug, cat instances/i1/trace_pipe in the following
script will immediately exit instead of waiting for data:

cd /sys/kernel/debug/tracing
echo 0 > tracing_on
mkdir -p instances/i1
echo 1 > instances/i1/tracing_on
echo 1 > instances/i1/events/sched/sched_process_exec/enable
cat instances/i1/trace_pipe

Link: http://lkml.kernel.org/r/20170917102348.1615-1-tahsin@google.com
Cc: stable@vger.kernel.org
Fixes: 10246fa35d4f ("tracing: give easy way to clear trace buffer")
Signed-off-by: Tahsin Erdogan <tahsin@google.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
7 years agotracing: Ignore mmiotrace from kernel commandline
Ziqian SUN (Zamir) [Mon, 11 Sep 2017 06:26:35 +0000 (14:26 +0800)]
tracing: Ignore mmiotrace from kernel commandline

The mmiotrace tracer cannot be enabled with ftrace=mmiotrace in kernel
commandline. With this patch, noboot is added to the tracer struct,
and when system boot with a tracer that has noboot=true, it will print
out a warning message and continue booting.

Link: http://lkml.kernel.org/r/1505111195-31942-1-git-send-email-zsun@redhat.com
Signed-off-by: Ziqian SUN (Zamir) <zsun@redhat.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
7 years agotracing: Erase irqsoff trace with empty write
Bo Yan [Mon, 18 Sep 2017 17:03:35 +0000 (10:03 -0700)]
tracing: Erase irqsoff trace with empty write

One convenient way to erase trace is "echo > trace". However, this
is currently broken if the current tracer is irqsoff tracer. This
is because irqsoff tracer use max_buffer as the default trace
buffer.

Set the max_buffer as the one to be cleared when it's the trace
buffer currently in use.

Link: http://lkml.kernel.org/r/1505754215-29411-1-git-send-email-byan@nvidia.com
Cc: <mingo@redhat.com>
Cc: stable@vger.kernel.org
Fixes: 4acd4d00f ("tracing: give easy way to clear trace buffer")
Signed-off-by: Bo Yan <byan@nvidia.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
7 years agoMerge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md
Linus Torvalds [Tue, 19 Sep 2017 15:39:32 +0000 (08:39 -0700)]
Merge branch 'for-next' of git://git./linux/kernel/git/shli/md

Pull MD fixes from Shaohua Li:
 "Two small patches to fix long-lived raid5 stripe batch bugs, one from
  Dennis and the other from me"

* 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md:
  md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list
  md/raid5: fix a race condition in stripe batch

7 years agoMerge tag '4.14-smb3-multidialect-support-and-fixes-for-stable' of git://git.samba...
Linus Torvalds [Tue, 19 Sep 2017 15:35:42 +0000 (08:35 -0700)]
Merge tag '4.14-smb3-multidialect-support-and-fixes-for-stable' of git://git.samba.org/sfrench/cifs-2.6

Pull cifs fixes from Steve French:
 "Convert default dialect to smb2.1 or later to allow connecting to
  Windows 7 for example, also includes some fixes for stable"

* tag '4.14-smb3-multidialect-support-and-fixes-for-stable' of git://git.samba.org/sfrench/cifs-2.6:
  Update version of cifs module
  cifs: hide unused functions
  SMB3: Add support for multidialect negotiate (SMB2.1 and later)
  CIFS/SMB3: Update documentation to reflect SMB3 and various changes
  cifs: check rsp for NULL before dereferencing in SMB2_open

7 years agoKVM: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt
Haozhong Zhang [Mon, 18 Sep 2017 01:56:50 +0000 (09:56 +0800)]
KVM: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt

WARN_ON_ONCE(pi_test_sn(&vmx->pi_desc)) in kvm_vcpu_trigger_posted_interrupt()
intends to detect the violation of invariant that VT-d PI notification
event is not suppressed when vcpu is in the guest mode. Because the
two checks for the target vcpu mode and the target suppress field
cannot be performed atomically, the target vcpu mode may change in
between. If that does happen, WARN_ON_ONCE() here may raise false
alarms.

As the previous patch fixed the real invariant breaker, remove this
WARN_ON_ONCE() to avoid false alarms, and document the allowed cases
instead.

Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com>
Reported-by: "Ramamurthy, Venkatesh" <venkatesh.ramamurthy@intel.com>
Reported-by: Dan Williams <dan.j.williams@intel.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Fixes: 28b835d60fcc ("KVM: Update Posted-Interrupts Descriptor when vCPU is preempted")
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
7 years agoKVM: VMX: do not change SN bit in vmx_update_pi_irte()
Haozhong Zhang [Mon, 18 Sep 2017 01:56:49 +0000 (09:56 +0800)]
KVM: VMX: do not change SN bit in vmx_update_pi_irte()

In kvm_vcpu_trigger_posted_interrupt() and pi_pre_block(), KVM
assumes that PI notification events should not be suppressed when the
target vCPU is not blocked.

vmx_update_pi_irte() sets the SN field before changing an interrupt
from posting to remapping, but it does not check the vCPU mode.
Therefore, the change of SN field may break above the assumption.
Besides, I don't see reasons to suppress notification events here, so
remove the changes of SN field to avoid race condition.

Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com>
Reported-by: "Ramamurthy, Venkatesh" <venkatesh.ramamurthy@intel.com>
Reported-by: Dan Williams <dan.j.williams@intel.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Fixes: 28b835d60fcc ("KVM: Update Posted-Interrupts Descriptor when vCPU is preempted")
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
7 years agoKVM: x86: Fix the NULL pointer parameter in check_cr_write()
Yu Zhang [Mon, 18 Sep 2017 10:45:01 +0000 (18:45 +0800)]
KVM: x86: Fix the NULL pointer parameter in check_cr_write()

Routine check_cr_write() will trigger emulator_get_cpuid()->
kvm_cpuid() to get maxphyaddr, and NULL is passed as values
for ebx/ecx/edx. This is problematic because kvm_cpuid() will
dereference these pointers.

Fixes: d1cd3ce90044 ("KVM: MMU: check guest CR3 reserved bits based on its physical address width.")
Reported-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Yu Zhang <yu.c.zhang@linux.intel.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
7 years agodrm: exynos: include linux/irq.h
Arnd Bergmann [Tue, 5 Sep 2017 08:19:55 +0000 (10:19 +0200)]
drm: exynos: include linux/irq.h

I ran into a build error on x86:

drivers/gpu/drm/exynos/exynos5433_drm_decon.c: In function 'decon_conf_irq':
drivers/gpu/drm/exynos/exynos5433_drm_decon.c:706:2: error: implicit declaration of function 'irq_set_status_flags'; did you mean 'dquot_state_flag'? [-Werror=implicit-function-declaration]
  irq_set_status_flags(irq, IRQ_NOAUTOEN);

Adding the missing include fixes the error.

Fixes: b37d53a0382c ("drm/exynos/decon5433: move TE handling to DECON")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
7 years agodrm/exynos: Fix suspend/resume support
Marek Szyprowski [Thu, 14 Sep 2017 12:01:01 +0000 (14:01 +0200)]
drm/exynos: Fix suspend/resume support

Commit 7d902c05b480 ("drm: Nuke drm_atomic_helper_connector_dpms")
removed drm_atomic_helper_connector_dpms() helper saying that it was a dead
code. It was however indirectly used by Exynos DRM driver for implementing
suspend/resume support. To fix this regression (after that patch Exynos DRM
suspend/resume functions became no-ops and hardware fails to suspend),
this patch rewrites them with drm_atomic_helper_suspend/resume() helpers.

Fixes: 7d902c05b480 ("drm: Nuke drm_atomic_helper_connector_dpms")
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Acked-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
7 years agodrm/exynos: Fix locking in the suspend/resume paths
Marek Szyprowski [Thu, 14 Sep 2017 12:01:00 +0000 (14:01 +0200)]
drm/exynos: Fix locking in the suspend/resume paths

Commit 48a92916729b ("drm/exynos: use drm_for_each_connector_iter()")
replaced unsafe drm_for_each_connector() with drm_for_each_connector_iter()
and removed surrounding drm_modeset_lock calls. However, that lock was
there not only to protect unsafe drm_for_each_connector(), but it was also
required to be held by the dpms code which was called from the loop body.
This patch restores those drm_modeset_lock calls to fix broken suspend
and resume of Exynos DRM subsystem in v4.13 kernel.

Fixes: 48a92916729b ("drm/exynos: use drm_for_each_connector_iter()")
CC: stable@vger.kernel.org # v4.13
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Acked-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
7 years agoRevert "KVM: Don't accept obviously wrong gsi values via KVM_IRQFD"
Jan H. Schönherr [Sat, 16 Sep 2017 20:12:24 +0000 (22:12 +0200)]
Revert "KVM: Don't accept obviously wrong gsi values via KVM_IRQFD"

This reverts commit 36ae3c0a36b7456432fedce38ae2f7bd3e01a563.

The commit broke compilation on !CONFIG_HAVE_KVM_IRQ_ROUTING. Also,
there may be cases with CONFIG_HAVE_KVM_IRQ_ROUTING, where larger
gsi values make sense.

As the commit was meant as an early indicator to user space that
something is wrong, reverting just restores the previous behavior
where overly large values are ignored when encountered (without
any direct feedback).

Reported-by: Abdul Haleem <abdhalee@linux.vnet.ibm.com>
Signed-off-by: Jan H. Schönherr <jschoenh@amazon.de>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
7 years agofcntl: Don't set si_code to SI_SIGIO when sig == SIGPOLL
Eric W. Biederman [Tue, 19 Sep 2017 03:51:14 +0000 (22:51 -0500)]
fcntl: Don't set si_code to SI_SIGIO when sig == SIGPOLL

When fixing things to avoid ambiguous cases I had a thinko
and included SIGPOLL/SIGIO in with all of the other signals
that have signal specific si_codes.  Which is completely wrong.

Fix that.

Reported-by: Vince Weaver <vincent.weaver@maine.edu>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
7 years agodrm/i915: Remove unused 'in_vbl' from i915_get_crtc_scanoutpos()
Chris Wilson [Thu, 14 Sep 2017 16:42:13 +0000 (17:42 +0100)]
drm/i915: Remove unused 'in_vbl' from i915_get_crtc_scanoutpos()

Commit 1bf6ad622b9b ("drm/vblank: drop the mode argument from
drm_calc_vbltimestamp_from_scanoutpos") removed the use of in_vbl, but
did not remove the local variable. Do so now.

Fixes: 1bf6ad622b9b ("drm/vblank: drop the mode argument from drm_calc_vbltimestamp_from_scanoutpos")
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Cc: Daniel Vetter <daniel.vetter@intel.com>
Cc: Jani Nikula <jani.nikula@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20170914164213.18461-1-chris@chris-wilson.co.uk
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
(cherry picked from commit e01e71fc49d4c95090a04f898a3fe788c652a04b)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
7 years agodrm/i915/cnp: set min brightness from VBT
Lee, Shawn C [Wed, 13 Sep 2017 05:19:20 +0000 (13:19 +0800)]
drm/i915/cnp: set min brightness from VBT

Min brightness value from vbt was missing for CNP platform.
This setting have to refer backlight ic spec to restrict
min backlight output. Without this restriction, driver would
allow to configure lower brightness value and violate
backlight ic requirement.

Fixes: 4c9f7086ac6d ("drm/i915/cnp: Backlight support for CNP.")
Cc: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Shawn Lee <shawn.c.lee@intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/1505279961-16140-1-git-send-email-shawn.c.lee@intel.com
(cherry picked from commit f44e354f857f207cd361269c5e38e1f96e0b616c)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
7 years agoRevert "drm/i915/bxt: Disable device ready before shutdown command"
Uma Shankar [Tue, 5 Sep 2017 09:44:31 +0000 (15:14 +0530)]
Revert "drm/i915/bxt: Disable device ready before shutdown command"

This reverts commit bbdf0b2ff32a ("drm/i915/bxt: Disable device ready
before shutdown command").

Disable device ready before shutdown command was added previously to
avoid a split screen issue seen on dual link DSI panels. As of now, dual
link is not supported and will need some rework in the upstream
code. For single link DSI panels, the change is not required. This will
cause failure in sending SHUTDOWN packet during disable. Hence reverting
the change. Will handle the change as part of dual link enabling in
upstream.

Fixes: bbdf0b2ff32a ("drm/i915/bxt: Disable device ready before shutdown command")
Cc: <stable@vger.kernel.org> # v4.12+
Signed-off-by: Uma Shankar <uma.shankar@intel.com>
Signed-off-by: Vidya Srinivas <vidya.srinivas@intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/1504604671-17237-1-git-send-email-vidya.srinivas@intel.com
(cherry picked from commit 33c8d8870c67faf3161898a56af98ac3c1c71450)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
7 years agodrm/i915/bxt: set min brightness from VBT
Lee, Shawn C [Tue, 12 Sep 2017 03:36:30 +0000 (11:36 +0800)]
drm/i915/bxt: set min brightness from VBT

Min brightness value from vbt was missing for BXT platform.
This setting have to refer backlight ic spec to restrict
min backlight output. Without this restriction, driver would
allow to configure lower brightness value and violate
backlight ic requirement.

Fixes: 0fb890c01349 ("drm/i915/bxt: BLC implementation")
Cc: Jani Nikula <jani.nikula@intel.com>
Cc: Cooper Chiou <cooper.chiou@intel.com>
Cc: Gary C Wang <gary.c.wang@intel.com>
Signed-off-by: Shawn Lee <shawn.c.lee@intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/1505187390-7039-1-git-send-email-shawn.c.lee@intel.com
(cherry picked from commit c3881128cb672cf484a52fbb36b5daa9044d9168)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
7 years agodrm/i915: Fix an error handling in 'intel_framebuffer_init()'
Christophe JAILLET [Sun, 10 Sep 2017 08:56:42 +0000 (10:56 +0200)]
drm/i915: Fix an error handling in 'intel_framebuffer_init()'

We should go through the error handling path to decrease the
'framebuffer_references' as done everywhere else in this function.

Fixes: 2e2adb05736c ("drm/i915: Add render decompression support")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20170910085642.13673-1-christophe.jaillet@wanadoo.fr
(cherry picked from commit 37875d6b3af702425ce292de81b77faf94766616)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
7 years agodrm/i915/gvt: Fix incorrect PCI BARs reporting
Changbin Du [Fri, 18 Aug 2017 09:49:58 +0000 (17:49 +0800)]
drm/i915/gvt: Fix incorrect PCI BARs reporting

Looking at our virtual PCI device, we can see surprising Region 4 and Region 5.
00:10.0 VGA compatible controller: Intel Corporation Sky Lake Integrated Graphics (rev 06) (prog-if 00 [VGA controller])
        ....
        Region 0: Memory at 140000000 (64-bit, non-prefetchable) [size=16M]
        Region 2: Memory at 180000000 (64-bit, prefetchable) [size=1G]
        Region 4: Memory at <ignored> (32-bit, non-prefetchable)
        Region 5: Memory at <ignored> (32-bit, non-prefetchable)
        Expansion ROM at febd6000 [disabled] [size=2K]

The fact is that we only implemented BAR0 and BAR2. Surprising Region 4 and
Region 5 are shown because we report their size as 0xffffffff. They should
report size 0 instead.

BTW, the physical GPU has a PIO BAR. GVTg hasn't implemented PIO access, so
we ignored this BAR for vGPU device.

v2: fix BAR size value calculation.

Link: https://bugzilla.redhat.com/show_bug.cgi?id=1458032
Signed-off-by: Changbin Du <changbin.du@intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
(cherry picked from commit f1751362d6357a90bc6e53176cec715ff2dbed74)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
7 years agoMerge tag 'mmc-v4.14-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc
Linus Torvalds [Mon, 18 Sep 2017 15:44:51 +0000 (08:44 -0700)]
Merge tag 'mmc-v4.14-2' of git://git./linux/kernel/git/ulfh/mmc

Pull MMC fixes from Ulf Hansson:
 "MMC core:
   - Fix trivial typo in Kconfig
   - Fixup initialization of mmc block requests

  MMC host:
   - cavium: Fix use-after-free bug reported by KASAN"

* tag 'mmc-v4.14-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
  mmc: cavium: Fix use-after-free in of_platform_device_destroy
  mmc: host: fix typo after MMC_DEBUG move
  mmc: block: Fix incorrectly initialized requests

7 years agomtd: nand: remove unused blockmask variable
Corentin Labbe [Sat, 2 Sep 2017 08:49:38 +0000 (10:49 +0200)]
mtd: nand: remove unused blockmask variable

This patch fix the following build warning:
drivers/mtd/nand/nand_base.c:2671:30: attention : variable ‘blockmask’ set but not used [-Wunused-but-set-variable]

Fixes: 0b4773fd1649 ("mtd: nand: Drop unused cached programming support")
Signed-off-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
7 years agomtd: nand: lpc32xx_mlc: Fix an error handling path in lpc32xx_nand_probe()
Christophe JAILLET [Sun, 3 Sep 2017 11:58:31 +0000 (13:58 +0200)]
mtd: nand: lpc32xx_mlc: Fix an error handling path in lpc32xx_nand_probe()

If 'clk_prepare_enable()' fails, we must 'put' the corresponding clock.

Fixes: 4d26f012ab59 ("mtd: nand: lpc32xx_mlc: Handle return value of clk_prepare_enable.")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
7 years agomtd: spi-nor: fix DMA unsafe buffer issue in spi_nor_read_sfdp()
Cyrille Pitchen [Wed, 6 Sep 2017 21:45:02 +0000 (23:45 +0200)]
mtd: spi-nor: fix DMA unsafe buffer issue in spi_nor_read_sfdp()

spi_nor_read_sfdp() calls nor->read() to read the SFDP data.
When the m25p80 driver is used (pretty common case), nor->read() is then
implemented by the m25p80_read() function, which is likely to initialize a
'struct spi_transfer' from its buf argument before appending this
structure inside the 'struct spi_message' argument of spi_sync().

Besides the SPI sub-system states that both .tx_buf and .rx_buf members of
'struct spi_transfer' must point into dma-safe memory. However, two of the
three calls of spi_nor_read_sfdp() were given pointers to stack allocated
memory as buf argument, hence not in a dma-safe area.
Hopefully, the third and last call of spi_nor_read_sfdp() was already
given a kmalloc'ed buffer argument, hence dma-safe.

So this patch fixes this issue by introducing a
spi_nor_read_sfdp_dma_unsafe() function which simply wraps the existing
spi_nor_read_sfdp() function and uses some kmalloc'ed memory as a bounce
buffer.

Fixes: f384b352cbf0 ("mtd: spi-nor: parse Serial Flash Discoverable Parameters (SFDP) tables")
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Cyrille Pitchen <cyrille.pitchen@wedev4u.fr>
Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
7 years agomtd: spi-nor: Check consistency of the memory size extracted from the SFDP
Boris Brezillon [Tue, 12 Sep 2017 13:10:35 +0000 (15:10 +0200)]
mtd: spi-nor: Check consistency of the memory size extracted from the SFDP

One field of the flash parameter table contains information about the
flash device size.
Most of the time the data extracted from this field is valid, but
sometimes the BFPT section of the SFDP table is corrupted or invalid and
this field is set to 0xffffffff, thus resulting in an integer overflow
when setting params->size.

Since NOR devices are anayway always smaller than 2^64 bytes, we can
easily stop the BFPT parsing if the size reported in this table is
invalid.

Fixes: f384b352cbf0 ("mtd: spi-nor: parse Serial Flash Discoverable Parameters (SFDP) tables")
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
Acked-by: Cyrille Pitchen <cyrille.pitchen@wedev4u.com>
7 years agoMerge tag 'drm-amdkfd-next-2017-09-02' of git://people.freedesktop.org/~gabbayo/linux...
Dave Airlie [Mon, 18 Sep 2017 06:29:47 +0000 (16:29 +1000)]
Merge tag 'drm-amdkfd-next-2017-09-02' of git://people.freedesktop.org/~gabbayo/linux into drm-fixes

some trivial amdkfd cleanups

* tag 'drm-amdkfd-next-2017-09-02' of git://people.freedesktop.org/~gabbayo/linux:
  drm/amdkfd: pass queue's mqd when destroying mqd
  drm/amdkfd: remove memset before memcpy
  uapi linux/kfd_ioctl.h: only use __u32 and __u64

7 years agoUpdate version of cifs module
Steve French [Tue, 12 Sep 2017 23:13:11 +0000 (18:13 -0500)]
Update version of cifs module

Signed-off-by: Steve French <smfrench@gmail.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
7 years agocifs: hide unused functions
Arnd Bergmann [Tue, 5 Sep 2017 09:24:15 +0000 (11:24 +0200)]
cifs: hide unused functions

The newly added SMB2+ attribute support causes unused function
warnings when CONFIG_CIFS_XATTR is disabled:

fs/cifs/smb2ops.c:563:1: error: 'smb2_set_ea' defined but not used [-Werror=unused-function]
 smb2_set_ea(const unsigned int xid, struct cifs_tcon *tcon,
fs/cifs/smb2ops.c:513:1: error: 'smb2_query_eas' defined but not used [-Werror=unused-function]
 smb2_query_eas(const unsigned int xid, struct cifs_tcon *tcon,

This adds another #ifdef around the affected functions.

Fixes: 5517554e4313 ("cifs: Add support for writing attributes on SMB2+")
Fixes: 95907fea4fd8 ("cifs: Add support for reading attributes on SMB2+")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Steve French <smfrench@gmail.com>
7 years agoSMB3: Add support for multidialect negotiate (SMB2.1 and later)
Steve French [Sun, 17 Sep 2017 15:41:35 +0000 (10:41 -0500)]
SMB3: Add support for multidialect negotiate (SMB2.1 and later)

With the need to discourage use of less secure dialect, SMB1 (CIFS),
we temporarily upgraded the dialect to SMB3 in 4.13, but since there
are various servers which only support SMB2.1 (2.1 is more secure
than CIFS/SMB1) but not optimal for a default dialect - add support
for multidialect negotiation.  cifs.ko will now request SMB2.1
or later (ie SMB2.1 or SMB3.0, SMB3.02) and the server will
pick the latest most secure one it can support.

In addition since we are sending multidialect negotiate, add
support for secure negotiate to validate that a man in the
middle didn't downgrade us.

Signed-off-by: Steve French <smfrench@gmail.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
CC: Stable <stable@vger.kernel.org> # 4.13+
7 years agoCIFS/SMB3: Update documentation to reflect SMB3 and various changes
Steve French [Thu, 14 Sep 2017 19:51:20 +0000 (14:51 -0500)]
CIFS/SMB3: Update documentation to reflect SMB3 and various changes

Signed-off-by: Steve French <smfrench@gmail.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
7 years agodma-coherent: fix rmem_dma_device_init regression
Arnd Bergmann [Fri, 15 Sep 2017 15:08:16 +0000 (17:08 +0200)]
dma-coherent: fix rmem_dma_device_init regression

My recent bug fix introduced another bug, which caused rmem_dma_device_init
to always fail, as rmem->priv is never set to anything.

This restores the previous behavior, calling dma_init_coherent_memory()
whenever ->priv is NULL.

Fixes: d35b0996fef3 ("dma-coherent: fix dma_declare_coherent_memory() logic error")
Reported-by: Roy Pledge <roy.pledge@nxp.com>
Tested-by: Roy Pledge <roy.pledge@nxp.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Christoph Hellwig <hch@lst.de>
7 years agoMerge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Sun, 17 Sep 2017 15:16:36 +0000 (08:16 -0700)]
Merge branch 'core-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull misc fixes from Thomas Gleixner:

  - A fix for a user space regression in /proc/$PID/stat

  - A couple of objtool fixes:
     ~ Plug a memory leak
     ~ Avoid accessing empty sections which upsets certain binutil
       versions
     ~ Prevent corrupting the obj file when section sizes did not change

* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  fs/proc: Report eip/esp in /prod/PID/stat for coredumping
  objtool: Fix object file corruption
  objtool: Do not retrieve data from empty sections
  objtool: Fix memory leak in elf_create_rela_section()

7 years agoMerge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Sun, 17 Sep 2017 15:15:11 +0000 (08:15 -0700)]
Merge branch 'irq-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull irq fix from Thomas Gleixner:
 "Fix for an off by one error in a cpumask result comparison"

* 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  genirq: Fix cpumask check in __irq_startup_managed()

7 years agoMerge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Sun, 17 Sep 2017 15:05:54 +0000 (08:05 -0700)]
Merge branch 'x86-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull x86 fix from Thomas Gleixner:
 "A single fix addressing the missing CP8 feature bit in CPUID for a
  range of AMD ZEN models/mask revisions"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/cpu/AMD: Fix erratum 1076 (CPB bit)

7 years agoLinux 4.14-rc1
Linus Torvalds [Sat, 16 Sep 2017 22:47:51 +0000 (15:47 -0700)]
Linux 4.14-rc1

7 years agoMerge tag 'upstream-4.14-rc1' of git://git.infradead.org/linux-ubifs
Linus Torvalds [Sat, 16 Sep 2017 19:08:10 +0000 (12:08 -0700)]
Merge tag 'upstream-4.14-rc1' of git://git.infradead.org/linux-ubifs

Pull UBI updates from Richard Weinberger:
 "Minor improvements"

* tag 'upstream-4.14-rc1' of git://git.infradead.org/linux-ubifs:
  UBI: Fix two typos in comments
  ubi: fastmap: fix spelling mistake: "invalidiate" -> "invalidate"
  ubi: pr_err() strings should end with newlines
  ubi: pr_err() strings should end with newlines
  ubi: pr_err() strings should end with newlines

7 years agoMerge branch 'for-linus-4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Sat, 16 Sep 2017 19:03:25 +0000 (12:03 -0700)]
Merge branch 'for-linus-4.14-rc1' of git://git./linux/kernel/git/rw/uml

Pull UML updates from Richard Weinberger:

 - minor improvements

 - fixes for Debian's new gcc defaults (pie enabled by default)

 - fixes for XSTATE/XSAVE to make UML work again on modern systems

* 'for-linus-4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml:
  um: return negative in tuntap_open_tramp()
  um: remove a stray tab
  um: Use relative modversions with LD_SCRIPT_DYN
  um: link vmlinux with -no-pie
  um: Fix CONFIG_GCOV for modules.
  Fix minor typos and grammar in UML start_up help
  um: defconfig: Cleanup from old Kconfig options
  um: Fix FP register size for XSTATE/XSAVE

7 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Linus Torvalds [Sat, 16 Sep 2017 18:28:59 +0000 (11:28 -0700)]
Merge git://git./linux/kernel/git/davem/net

Pull networking fixes from David Miller:

 1) Fix hotplug deadlock in hv_netvsc, from Stephen Hemminger.

 2) Fix double-free in rmnet driver, from Dan Carpenter.

 3) INET connection socket layer can double put request sockets, fix
    from Eric Dumazet.

 4) Don't match collect metadata-mode tunnels if the device is down,
    from Haishuang Yan.

 5) Do not perform TSO6/GSO on ipv6 packets with extensions headers in
    be2net driver, from Suresh Reddy.

 6) Fix scaling error in gen_estimator, from Eric Dumazet.

 7) Fix 64-bit statistics deadlock in systemport driver, from Florian
    Fainelli.

 8) Fix use-after-free in sctp_sock_dump, from Xin Long.

 9) Reject invalid BPF_END instructions in verifier, from Edward Cree.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (43 commits)
  mlxsw: spectrum_router: Only handle IPv4 and IPv6 events
  Documentation: link in networking docs
  tcp: fix data delivery rate
  bpf/verifier: reject BPF_ALU64|BPF_END
  sctp: do not mark sk dumped when inet_sctp_diag_fill returns err
  sctp: fix an use-after-free issue in sctp_sock_dump
  netvsc: increase default receive buffer size
  tcp: update skb->skb_mstamp more carefully
  net: ipv4: fix l3slave check for index returned in IP_PKTINFO
  net: smsc911x: Quieten netif during suspend
  net: systemport: Fix 64-bit stats deadlock
  net: vrf: avoid gcc-4.6 warning
  qed: remove unnecessary call to memset
  tg3: clean up redundant initialization of tnapi
  tls: make tls_sw_free_resources static
  sctp: potential read out of bounds in sctp_ulpevent_type_enabled()
  MAINTAINERS: review Renesas DT bindings as well
  net_sched: gen_estimator: fix scaling error in bytes/packets samples
  nfp: wait for the NSP resource to appear on boot
  nfp: wait for board state before talking to the NSP
  ...

7 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
Linus Torvalds [Sat, 16 Sep 2017 18:24:26 +0000 (11:24 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/dtor/input

Pull more input updates from Dmitry Torokhov:
 "A second round of updates for the input subsystem:

   - a new driver for PWM-controlled vibrators

   - ucb1400 touchscreen driver had completely busted suspend/resume
     handling

   - we now handle "home" button found on some devices with Goodix
     touchscreens

   - assorted other fixups"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: i8042 - add Gigabyte P57 to the keyboard reset table
  Input: xpad - validate USB endpoint type during probe
  Input: ucb1400_ts - fix suspend and resume handling
  Input: edt-ft5x06 - fix access to non-existing register
  Input: elantech - make arrays debounce_packet static, reduces object code size
  Input: surface3_spi - make const array header static, reduces object code size
  Input: goodix - add support for capacitive home button
  Input: add a driver for PWM controllable vibrators
  Input: adi - make array seq static, reduces object code size

7 years agogenirq: Fix cpumask check in __irq_startup_managed()
Thomas Gleixner [Wed, 13 Sep 2017 21:29:03 +0000 (23:29 +0200)]
genirq: Fix cpumask check in __irq_startup_managed()

The result of cpumask_any_and() is invalid when result greater or equal
nr_cpu_ids. The current check is checking for greater only. Fix it.

Fixes: 761ea388e8c4 ("genirq: Handle managed irqs gracefully in irq_startup()")
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Chen Yu <yu.c.chen@intel.com>
Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: Alok Kataria <akataria@vmware.com>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: stable@vger.kernel.org
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Rui Zhang <rui.zhang@intel.com>
Cc: "K. Y. Srinivasan" <kys@microsoft.com>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Len Brown <lenb@kernel.org>
Link: http://lkml.kernel.org/r/20170913213152.272283444@linutronix.de
7 years agofirmware: Restore support for built-in firmware
Markus Trippelsdorf [Sat, 16 Sep 2017 09:01:16 +0000 (11:01 +0200)]
firmware: Restore support for built-in firmware

Commit 5620a0d1aac ("firmware: delete in-kernel firmware") removed the
entire firmware directory.  Unfortunately it thereby also removed the
support for built-in firmware.

This restores the ability to build firmware directly into the kernel by
pruning the original Makefile to the necessary minimum.  The default for
EXTRA_FIRMWARE_DIR is now the standard directory /lib/firmware/.

Fixes: 5620a0d1aac ("firmware: delete in-kernel firmware")
Signed-off-by: Markus Trippelsdorf <markus@trippelsdorf.de>
Acked-by: Greg K-H <gregkh@linuxfoundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
7 years agomlxsw: spectrum_router: Only handle IPv4 and IPv6 events
Ido Schimmel [Fri, 15 Sep 2017 13:31:07 +0000 (15:31 +0200)]
mlxsw: spectrum_router: Only handle IPv4 and IPv6 events

The driver doesn't support events from address families other than IPv4
and IPv6, so ignore them. Otherwise, we risk queueing a work item before
it's initialized.

This can happen in case a VRF is configured when MROUTE_MULTIPLE_TABLES
is enabled, as the VRF driver will try to add an l3mdev rule for the
IPMR family.

Fixes: 65e65ec137f4 ("mlxsw: spectrum_router: Don't ignore IPv6 notifications")
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Reported-by: Andreas Rammhold <andreas@rammhold.de>
Reported-by: Florian Klink <flokli@flokli.de>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoDocumentation: link in networking docs
Pavel Machek [Sat, 16 Sep 2017 14:28:02 +0000 (16:28 +0200)]
Documentation: link in networking docs

Fix link in filter.txt.

Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agotcp: fix data delivery rate
Eric Dumazet [Fri, 15 Sep 2017 23:47:42 +0000 (16:47 -0700)]
tcp: fix data delivery rate

Now skb->mstamp_skb is updated later, we also need to call
tcp_rate_skb_sent() after the update is done.

Fixes: 8c72c65b426b ("tcp: update skb->skb_mstamp more carefully")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoMerge branch '4.14-features' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus
Linus Torvalds [Sat, 16 Sep 2017 03:43:33 +0000 (20:43 -0700)]
Merge branch '4.14-features' of git://git.linux-mips.org/ralf/upstream-linus

Pull MIPS updates from Ralf Baechle:
 "This is the main pull request for 4.14 for MIPS; below a summary of
  the non-merge commits:

  CM:
   - Rename mips_cm_base to mips_gcr_base
   - Specify register size when generating accessors
   - Use BIT/GENMASK for register fields, order & drop shifts
   - Add cluster & block args to mips_cm_lock_other()

  CPC:
   - Use common CPS accessor generation macros
   - Use BIT/GENMASK for register fields, order & drop shifts
   - Introduce register modify (set/clear/change) accessors
   - Use change_*, set_* & clear_* where appropriate
   - Add CM/CPC 3.5 register definitions
   - Use GlobalNumber macros rather than magic numbers
   - Have asm/mips-cps.h include CM & CPC headers
   - Cluster support for topology functions
   - Detect CPUs in secondary clusters

  CPS:
   - Read GIC_VL_IDENT directly, not via irqchip driver

  DMA:
   - Consolidate coherent and non-coherent dma_alloc code
   - Don't use dma_cache_sync to implement fd_cacheflush

  FPU emulation / FP assist code:
   - Another series of 14 commits fixing corner cases such as NaN
     propgagation and other special input values.
   - Zero bits 32-63 of the result for a CLASS.D instruction.
   - Enhanced statics via debugfs
   - Do not use bools for arithmetic. GCC 7.1 moans about this.
   - Correct user fault_addr type

  Generic MIPS:
   - Enhancement of stack backtraces
   - Cleanup from non-existing options
   - Handle non word sized instructions when examining frame
   - Fix detection and decoding of ADDIUSP instruction
   - Fix decoding of SWSP16 instruction
   - Refactor handling of stack pointer in get_frame_info
   - Remove unreachable code from force_fcr31_sig()
   - Convert to using %pOF instead of full_name
   - Remove the R6000 support.
   - Move FP code from *_switch.S to *_fpu.S
   - Remove unused ST_OFF from r2300_switch.S
   - Allow platform to specify multiple its.S files
   - Add #includes to various files to ensure code builds reliable and
     without warning..
   - Remove __invalidate_kernel_vmap_range
   - Remove plat_timer_setup
   - Declare various variables & functions static
   - Abstract CPU core & VP(E) ID access through accessor functions
   - Store core & VP IDs in GlobalNumber-style variable
   - Unify checks for sibling CPUs
   - Add CPU cluster number accessors
   - Prevent direct use of generic_defconfig
   - Make CONFIG_MIPS_MT_SMP default y
   - Add __ioread64_copy
   - Remove unnecessary inclusions of linux/irqchip/mips-gic.h

  GIC:
   - Introduce asm/mips-gic.h with accessor functions
   - Use new GIC accessor functions in mips-gic-timer
   - Remove counter access functions from irq-mips-gic.c
   - Remove gic_read_local_vp_id() from irq-mips-gic.c
   - Simplify shared interrupt pending/mask reads in irq-mips-gic.c
   - Simplify gic_local_irq_domain_map() in irq-mips-gic.c
   - Drop gic_(re)set_mask() functions in irq-mips-gic.c
   - Remove gic_set_polarity(), gic_set_trigger(), gic_set_dual_edge(),
     gic_map_to_pin() and gic_map_to_vpe() from irq-mips-gic.c.
   - Convert remaining shared reg access, local int mask access and
     remaining local reg access to new accessors
   - Move GIC_LOCAL_INT_* to asm/mips-gic.h
   - Remove GIC_CPU_INT* macros from irq-mips-gic.c
   - Move various definitions to the driver
   - Remove gic_get_usm_range()
   - Remove __gic_irq_dispatch() forward declaration
   - Remove gic_init()
   - Use mips_gic_present() in place of gic_present and remove
     gic_present
   - Move gic_get_c0_*_int() to asm/mips-gic.h
   - Remove linux/irqchip/mips-gic.h
   - Inline __gic_init()
   - Inline gic_basic_init()
   - Make pcpu_masks a per-cpu variable
   - Use pcpu_masks to avoid reading GIC_SH_MASK*
   - Clean up mti, reserved-cpu-vectors handling
   - Use cpumask_first_and() in gic_set_affinity()
   - Let the core set struct irq_common_data affinity

  microMIPS:
   - Fix microMIPS stack unwinding on big endian systems

  MIPS-GIC:
   - SYNC after enabling GIC region

  NUMA:
   - Remove the unused parent_node() macro

  R6:
   - Constify r2_decoder_tables
   - Add accessor & bit definitions for GlobalNumber

  SMP:
   - Constify smp ops
   - Allow boot_secondary SMP op to return errors

  VDSO:
   - Drop gic_get_usm_range() usage
   - Avoid use of linux/irqchip/mips-gic.h

  Platform changes:

  Alchemy:
   - Add devboard machine type to cpuinfo
   - update cpu feature overrides
   - Threaded carddetect irqs for devboards

  AR7:
   - allow NULL clock for clk_get_rate

  BCM63xx:
   - Fix ENETDMA_6345_MAXBURST_REG offset
   - Allow NULL clock for clk_get_rate

  CI20:
   - Enable GPIO and RTC drivers in defconfig
   - Add ethernet and fixed-regulator nodes to DTS

  Generic platform:
   - Move Boston and NI 169445 FIT image source to their own files
   - Include asm/bootinfo.h for plat_fdt_relocated()
   - Include asm/time.h for get_c0_*_int()
   - Include asm/bootinfo.h for plat_fdt_relocated()
   - Include asm/time.h for get_c0_*_int()
   - Allow filtering enabled boards by requirements
   - Don't explicitly disable CONFIG_USB_SUPPORT
   - Bump default NR_CPUS to 16

  JZ4700:
   - Probe the jz4740-rtc driver from devicetree

  Lantiq:
   - Drop check of boot select from the spi-falcon driver.
   - Drop check of boot select from the lantiq-flash MTD driver.
   - Access boot cause register in the watchdog driver through regmap
   - Add device tree binding documentation for the watchdog driver
   - Add docs for the RCU DT bindings.
   - Convert the fpi bus driver to a platform_driver
   - Remove ltq_reset_cause() and ltq_boot_select(
   - Switch to a proper reset driver
   - Switch to a new drivers/soc GPHY driver
   - Add an USB PHY driver for the Lantiq SoCs using the RCU module
   - Use of_platform_default_populate instead of __dt_register_buses
   - Enable MFD_SYSCON to be able to use it for the RCU MFD
   - Replace ltq_boot_select() with dummy implementation.

  Loongson 2F:
   - Allow NULL clock for clk_get_rate

  Malta:
   - Use new GIC accessor functions

  NI 169445:
   - Add support for NI 169445 board.
   - Only include in 32r2el kernels

  Octeon:
   - Add support for watchdog of 78XX SOCs.
   - Add support for watchdog of CN68XX SOCs.
   - Expose support for mips32r1, mips32r2 and mips64r1
   - Enable more drivers in config file
   - Add support for accessing the boot vector.
   - Remove old boot vector code from watchdog driver
   - Define watchdog registers for 70xx, 73xx, 78xx, F75xx.
   - Make CSR functions node aware.
   - Allow access to CIU3 IRQ domains.
   - Misc cleanups in the watchdog driver

  Omega2+:
   - New board, add support and defconfig

  Pistachio:
   - Enable Root FS on NFS in defconfig

  Ralink:
   - Add Mediatek MT7628A SoC
   - Allow NULL clock for clk_get_rate
   - Explicitly request exclusive reset control in the pci-mt7620 PCI driver.

  SEAD3:
   - Only include in 32 bit kernels by default

  VoCore:
   - Add VoCore as a vendor t0 dt-bindings
   - Add defconfig file"

* '4.14-features' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: (167 commits)
  MIPS: Refactor handling of stack pointer in get_frame_info
  MIPS: Stacktrace: Fix microMIPS stack unwinding on big endian systems
  MIPS: microMIPS: Fix decoding of swsp16 instruction
  MIPS: microMIPS: Fix decoding of addiusp instruction
  MIPS: microMIPS: Fix detection of addiusp instruction
  MIPS: Handle non word sized instructions when examining frame
  MIPS: ralink: allow NULL clock for clk_get_rate
  MIPS: Loongson 2F: allow NULL clock for clk_get_rate
  MIPS: BCM63XX: allow NULL clock for clk_get_rate
  MIPS: AR7: allow NULL clock for clk_get_rate
  MIPS: BCM63XX: fix ENETDMA_6345_MAXBURST_REG offset
  mips: Save all registers when saving the frame
  MIPS: Add DWARF unwinding to assembly
  MIPS: Make SAVE_SOME more standard
  MIPS: Fix issues in backtraces
  MIPS: jz4780: DTS: Probe the jz4740-rtc driver from devicetree
  MIPS: Ci20: Enable RTC driver
  watchdog: octeon-wdt: Add support for 78XX SOCs.
  watchdog: octeon-wdt: Add support for cn68XX SOCs.
  watchdog: octeon-wdt: File cleaning.
  ...

7 years agoMerge tag 'pci-v4.14-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaa...
Linus Torvalds [Sat, 16 Sep 2017 03:25:06 +0000 (20:25 -0700)]
Merge tag 'pci-v4.14-fixes-1' of git://git./linux/kernel/git/helgaas/pci

Pull PCI fix from Bjorn Helgaas:
 "Revert an attempt to fix a race while enabling upstream bridges
  because it broke iwlwifi firmware loading"

* tag 'pci-v4.14-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
  Revert "PCI: Avoid race while enabling upstream bridges"

7 years agoMerge tag 'drm-fixes-for-v4.14-rc1' of git://people.freedesktop.org/~airlied/linux
Linus Torvalds [Sat, 16 Sep 2017 00:52:52 +0000 (17:52 -0700)]
Merge tag 'drm-fixes-for-v4.14-rc1' of git://people.freedesktop.org/~airlied/linux

Pull drm AMD fixes from Dave Airlie:
 "Just had a single AMD fixes pull from Alex for rc1"

* tag 'drm-fixes-for-v4.14-rc1' of git://people.freedesktop.org/~airlied/linux:
  drm/amdgpu: revert "fix deadlock of reservation between cs and gpu reset v2"
  drm/amdgpu: remove duplicate return statement
  drm/amdgpu: check memory allocation failure
  drm/amd/amdgpu: fix BANK_SELECT on Vega10 (v2)
  drm/amdgpu: inline amdgpu_ttm_do_bind again
  drm/amdgpu: fix amdgpu_ttm_bind
  drm/amdgpu: remove the GART copy hack
  drm/ttm:fix wrong decoding of bo_count
  drm/ttm: fix missing inc bo_count
  drm/amdgpu: set sched_hw_submission higher for KIQ (v3)
  drm/amdgpu: move default gart size setting into gmc modules
  drm/amdgpu: refine default gart size
  drm/amd/powerplay: ACG frequency added in PPTable
  drm/amdgpu: discard commands of killed processes
  drm/amdgpu: fix and cleanup shadow handling
  drm/amdgpu: add automatic per asic settings for gart_size
  drm/amdgpu/gfx8: fix spelling typo in mqd allocation
  drm/amd/powerplay: unhalt mec after loading
  drm/amdgpu/virtual_dce: Virtual display doesn't support disable vblank immediately
  drm/amdgpu: Fix huge page updates with CPU

7 years agoMerge branch 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa...
Linus Torvalds [Sat, 16 Sep 2017 00:49:46 +0000 (17:49 -0700)]
Merge branch 'i2c/for-next' of git://git./linux/kernel/git/wsa/linux

Pull more i2c updates from Wolfram Sang:
 "I2C has two more new drivers: Altera FPGA and STM32F7"

* 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
  i2c: i2c-stm32f7: add driver
  i2c: i2c-stm32f4: use generic definition of speed enum
  dt-bindings: i2c-stm32: Document the STM32F7 I2C bindings
  i2c: altera: Add Altera I2C Controller driver
  dt-bindings: i2c: Add Altera I2C Controller

7 years agoMerge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Linus Torvalds [Fri, 15 Sep 2017 22:43:55 +0000 (15:43 -0700)]
Merge tag 'for-linus' of git://git./virt/kvm/kvm

Pull more KVM updates from Paolo Bonzini:
 - PPC bugfixes
 - RCU splat fix
 - swait races fix
 - pointless userspace-triggerable BUG() fix
 - misc fixes for KVM_RUN corner cases
 - nested virt correctness fixes + one host DoS
 - some cleanups
 - clang build fix
 - fix AMD AVIC with default QEMU command line options
 - x86 bugfixes

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (28 commits)
  kvm: nVMX: Handle deferred early VMLAUNCH/VMRESUME failure properly
  kvm: vmx: Handle VMLAUNCH/VMRESUME failure properly
  kvm: nVMX: Remove nested_vmx_succeed after successful VM-entry
  kvm,mips: Fix potential swait_active() races
  kvm,powerpc: Serialize wq active checks in ops->vcpu_kick
  kvm: Serialize wq active checks in kvm_vcpu_wake_up()
  kvm,x86: Fix apf_task_wake_one() wq serialization
  kvm,lapic: Justify use of swait_active()
  kvm,async_pf: Use swq_has_sleeper()
  sched/wait: Add swq_has_sleeper()
  KVM: VMX: Do not BUG() on out-of-bounds guest IRQ
  KVM: Don't accept obviously wrong gsi values via KVM_IRQFD
  kvm: nVMX: Don't allow L2 to access the hardware CR8
  KVM: trace events: update list of exit reasons
  KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready" exceptions simultaneously
  KVM: X86: Don't block vCPU if there is pending exception
  KVM: SVM: Add irqchip_split() checks before enabling AVIC
  KVM: Add struct kvm_vcpu pointer parameter to get_enable_apicv()
  KVM: SVM: Refactor AVIC vcpu initialization into avic_init_vcpu()
  KVM: x86: fix clang build
  ...

7 years agobpf/verifier: reject BPF_ALU64|BPF_END
Edward Cree [Fri, 15 Sep 2017 13:37:38 +0000 (14:37 +0100)]
bpf/verifier: reject BPF_ALU64|BPF_END

Neither ___bpf_prog_run nor the JITs accept it.
Also adds a new test case.

Fixes: 17a5267067f3 ("bpf: verifier (add verifier core)")
Signed-off-by: Edward Cree <ecree@solarflare.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agosctp: do not mark sk dumped when inet_sctp_diag_fill returns err
Xin Long [Fri, 15 Sep 2017 03:02:48 +0000 (11:02 +0800)]
sctp: do not mark sk dumped when inet_sctp_diag_fill returns err

sctp_diag would not actually dump out sk/asoc if inet_sctp_diag_fill
returns err, in which case it shouldn't mark sk dumped by setting
cb->args[3] as 1 in sctp_sock_dump().

Otherwise, it could cause some asocs to have no parent's sk dumped
in 'ss --sctp'.

So this patch is to not set cb->args[3] when inet_sctp_diag_fill()
returns err in sctp_sock_dump().

Fixes: 8f840e47f190 ("sctp: add the sctp_diag.c file")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agosctp: fix an use-after-free issue in sctp_sock_dump
Xin Long [Fri, 15 Sep 2017 03:02:21 +0000 (11:02 +0800)]
sctp: fix an use-after-free issue in sctp_sock_dump

Commit 86fdb3448cc1 ("sctp: ensure ep is not destroyed before doing the
dump") tried to fix an use-after-free issue by checking !sctp_sk(sk)->ep
with holding sock and sock lock.

But Paolo noticed that endpoint could be destroyed in sctp_rcv without
sock lock protection. It means the use-after-free issue still could be
triggered when sctp_rcv put and destroy ep after sctp_sock_dump checks
!ep, although it's pretty hard to reproduce.

I could reproduce it by mdelay in sctp_rcv while msleep in sctp_close
and sctp_sock_dump long time.

This patch is to add another param cb_done to sctp_for_each_transport
and dump ep->assocs with holding tsp after jumping out of transport's
traversal in it to avoid this issue.

It can also improve sctp diag dump to make it run faster, as no need
to save sk into cb->args[5] and keep calling sctp_for_each_transport
any more.

This patch is also to use int * instead of int for the pos argument
in sctp_for_each_transport, which could make postion increment only
in sctp_for_each_transport and no need to keep changing cb->args[2]
in sctp_sock_filter and sctp_sock_dump any more.

Fixes: 86fdb3448cc1 ("sctp: ensure ep is not destroyed before doing the dump")
Reported-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonetvsc: increase default receive buffer size
Stephen Hemminger [Thu, 14 Sep 2017 16:31:07 +0000 (09:31 -0700)]
netvsc: increase default receive buffer size

The default receive buffer size was reduced by recent change
to a value which was appropriate for 10G and Windows Server 2016.
But the value is too small for full performance with 40G on Azure.
Increase the default back to maximum supported by host.

Fixes: 8b5327975ae1 ("netvsc: allow controlling send/recv buffer size")
Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agotcp: update skb->skb_mstamp more carefully
Eric Dumazet [Thu, 14 Sep 2017 03:30:39 +0000 (20:30 -0700)]
tcp: update skb->skb_mstamp more carefully

liujian reported a problem in TCP_USER_TIMEOUT processing with a patch
in tcp_probe_timer() :
      https://www.spinics.net/lists/netdev/msg454496.html

After investigations, the root cause of the problem is that we update
skb->skb_mstamp of skbs in write queue, even if the attempt to send a
clone or copy of it failed. One reason being a routing problem.

This patch prevents this, solving liujian issue.

It also removes a potential RTT miscalculation, since
__tcp_retransmit_skb() is not OR-ing TCP_SKB_CB(skb)->sacked with
TCPCB_EVER_RETRANS if a failure happens, but skb->skb_mstamp has
been changed.

A future ACK would then lead to a very small RTT sample and min_rtt
would then be lowered to this too small value.

Tested:

# cat user_timeout.pkt
--local_ip=192.168.102.64

    0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
   +0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
   +0 bind(3, ..., ...) = 0
   +0 listen(3, 1) = 0

   +0 `ifconfig tun0 192.168.102.64/16; ip ro add 192.0.2.1 dev tun0`

   +0 < S 0:0(0) win 0 <mss 1460>
   +0 > S. 0:0(0) ack 1 <mss 1460>

  +.1 < . 1:1(0) ack 1 win 65530
   +0 accept(3, ..., ...) = 4

   +0 setsockopt(4, SOL_TCP, TCP_USER_TIMEOUT, [3000], 4) = 0
   +0 write(4, ..., 24) = 24
   +0 > P. 1:25(24) ack 1 win 29200
   +.1 < . 1:1(0) ack 25 win 65530

//change the ipaddress
   +1 `ifconfig tun0 192.168.0.10/16`

   +1 write(4, ..., 24) = 24
   +1 write(4, ..., 24) = 24
   +1 write(4, ..., 24) = 24
   +1 write(4, ..., 24) = 24

   +0 `ifconfig tun0 192.168.102.64/16`
   +0 < . 1:2(1) ack 25 win 65530
   +0 `ifconfig tun0 192.168.0.10/16`

   +3 write(4, ..., 24) = -1

# ./packetdrill user_timeout.pkt

Signed-off-by: Eric Dumazet <edumazet@googl.com>
Reported-by: liujian <liujian56@huawei.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agofs/proc: Report eip/esp in /prod/PID/stat for coredumping
John Ogness [Thu, 14 Sep 2017 09:42:17 +0000 (11:42 +0200)]
fs/proc: Report eip/esp in /prod/PID/stat for coredumping

Commit 0a1eb2d474ed ("fs/proc: Stop reporting eip and esp in
/proc/PID/stat") stopped reporting eip/esp because it is
racy and dangerous for executing tasks. The comment adds:

    As far as I know, there are no use programs that make any
    material use of these fields, so just get rid of them.

However, existing userspace core-dump-handler applications (for
example, minicoredumper) are using these fields since they
provide an excellent cross-platform interface to these valuable
pointers. So that commit introduced a user space visible
regression.

Partially revert the change and make the readout possible for
tasks with the proper permissions and only if the target task
has the PF_DUMPCORE flag set.

Fixes: 0a1eb2d474ed ("fs/proc: Stop reporting eip and esp in> /proc/PID/stat")
Reported-by: Marco Felsch <marco.felsch@preh.de>
Signed-off-by: John Ogness <john.ogness@linutronix.de>
Reviewed-by: Andy Lutomirski <luto@kernel.org>
Cc: Tycho Andersen <tycho.andersen@canonical.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: stable@vger.kernel.org
Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Linux API <linux-api@vger.kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: http://lkml.kernel.org/r/87poatfwg6.fsf@linutronix.de
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
7 years agonet: ipv4: fix l3slave check for index returned in IP_PKTINFO
David Ahern [Thu, 14 Sep 2017 00:11:37 +0000 (17:11 -0700)]
net: ipv4: fix l3slave check for index returned in IP_PKTINFO

rt_iif is only set to the actual egress device for the output path. The
recent change to consider the l3slave flag when returning IP_PKTINFO
works for local traffic (the correct device index is returned), but it
broke the more typical use case of packets received from a remote host
always returning the VRF index rather than the original ingress device.
Update the fixup to consider l3slave and rt_iif actually getting set.

Fixes: 1dfa76390bf05 ("net: ipv4: add check for l3slave for index returned in IP_PKTINFO")
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet: smsc911x: Quieten netif during suspend
Geert Uytterhoeven [Wed, 13 Sep 2017 17:42:05 +0000 (19:42 +0200)]
net: smsc911x: Quieten netif during suspend

If the network interface is kept running during suspend, the net core
may call net_device_ops.ndo_start_xmit() while the Ethernet device is
still suspended, which may lead to a system crash.

E.g. on sh73a0/kzm9g and r8a73a4/ape6evm, the external Ethernet chip is
driven by a PM controlled clock.  If the Ethernet registers are accessed
while the clock is not running, the system will crash with an imprecise
external abort.

As this is a race condition with a small time window, it is not so easy
to trigger at will.  Using pm_test may increase your chances:

    # echo 0 > /sys/module/printk/parameters/console_suspend
    # echo platform > /sys/power/pm_test
    # echo mem > /sys/power/state

To fix this, make sure the network interface is quietened during
suspend.

Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet: systemport: Fix 64-bit stats deadlock
Florian Fainelli [Tue, 12 Sep 2017 20:14:26 +0000 (13:14 -0700)]
net: systemport: Fix 64-bit stats deadlock

We can enter a deadlock situation because there is no sufficient protection
when ndo_get_stats64() runs in process context to guard against RX or TX NAPI
contexts running in softirq, this can lead to the following lockdep splat and
actual deadlock was experienced as well with an iperf session in the background
and a while loop doing ifconfig + ethtool.

[    5.780350] ================================
[    5.784679] WARNING: inconsistent lock state
[    5.789011] 4.13.0-rc7-02179-g32fae27c725d #70 Not tainted
[    5.794561] --------------------------------
[    5.798890] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
[    5.804971] swapper/0/0 [HC0[0]:SC1[1]:HE0:SE0] takes:
[    5.810175]  (&syncp->seq#2){+.?...}, at: [<c0768a28>] bcm_sysport_tx_reclaim+0x30/0x54
[    5.818327] {SOFTIRQ-ON-W} state was registered at:
[    5.823278]   bcm_sysport_get_stats64+0x17c/0x258
[    5.828053]   dev_get_stats+0x38/0xac
[    5.831776]   rtnl_fill_stats+0x30/0x118
[    5.835761]   rtnl_fill_ifinfo+0x538/0xe24
[    5.839921]   rtmsg_ifinfo_build_skb+0x6c/0xd8
[    5.844430]   rtmsg_ifinfo_event.part.5+0x14/0x44
[    5.849201]   rtmsg_ifinfo+0x20/0x28
[    5.852837]   register_netdevice+0x628/0x6b8
[    5.857171]   register_netdev+0x14/0x24
[    5.861051]   bcm_sysport_probe+0x30c/0x438
[    5.865280]   platform_drv_probe+0x50/0xb0
[    5.869418]   driver_probe_device+0x2e8/0x450
[    5.873817]   __driver_attach+0x104/0x120
[    5.877871]   bus_for_each_dev+0x7c/0xc0
[    5.881834]   bus_add_driver+0x1b0/0x270
[    5.885797]   driver_register+0x78/0xf4
[    5.889675]   do_one_initcall+0x54/0x190
[    5.893646]   kernel_init_freeable+0x144/0x1d0
[    5.898135]   kernel_init+0x8/0x110
[    5.901665]   ret_from_fork+0x14/0x2c
[    5.905363] irq event stamp: 24263
[    5.908804] hardirqs last  enabled at (24262): [<c08eecf0>] net_rx_action+0xc4/0x4e4
[    5.916624] hardirqs last disabled at (24263): [<c0a7da00>] _raw_spin_lock_irqsave+0x1c/0x98
[    5.925143] softirqs last  enabled at (24258): [<c022a7fc>] irq_enter+0x84/0x98
[    5.932524] softirqs last disabled at (24259): [<c022a918>] irq_exit+0x108/0x16c
[    5.939985]
[    5.939985] other info that might help us debug this:
[    5.946576]  Possible unsafe locking scenario:
[    5.946576]
[    5.952556]        CPU0
[    5.955031]        ----
[    5.957506]   lock(&syncp->seq#2);
[    5.960955]   <Interrupt>
[    5.963604]     lock(&syncp->seq#2);
[    5.967227]
[    5.967227]  *** DEADLOCK ***
[    5.967227]
[    5.973222] 1 lock held by swapper/0/0:
[    5.977092]  #0:  (&(&ring->lock)->rlock){..-...}, at: [<c0768a18>] bcm_sysport_tx_reclaim+0x20/0x54

So just remove the u64_stats_update_begin()/end() pair in ndo_get_stats64()
since it does not appear to be useful for anything. No inconsistency was
observed with either ifconfig or ethtool, global TX counts equal the sum of
per-queue TX counts on a 32-bit architecture.

Fixes: 10377ba7673d ("net: systemport: Support 64bit statistics")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet: vrf: avoid gcc-4.6 warning
Arnd Bergmann [Tue, 12 Sep 2017 20:10:53 +0000 (22:10 +0200)]
net: vrf: avoid gcc-4.6 warning

When building an allmodconfig kernel with gcc-4.6, we get a rather
odd warning:

drivers/net/vrf.c: In function ‘vrf_ip6_input_dst’:
drivers/net/vrf.c:964:3: error: initialized field with side-effects overwritten [-Werror]
drivers/net/vrf.c:964:3: error: (near initialization for ‘fl6’) [-Werror]

I have no idea what this warning is even trying to say, but it does
seem like a false positive. Reordering the initialization in to match
the structure definition gets rid of the warning, and might also avoid
whatever gcc thinks is wrong here.

Fixes: 9ff74384600a ("net: vrf: Handle ipv6 multicast and link-local addresses")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoqed: remove unnecessary call to memset
Himanshu Jha [Tue, 12 Sep 2017 11:19:22 +0000 (16:49 +0530)]
qed: remove unnecessary call to memset

call to memset to assign 0 value immediately after allocating
memory with kzalloc is unnecesaary as kzalloc allocates the memory
filled with 0 value.

Semantic patch used to resolve this issue:

@@
expression e,e2; constant c;
statement S;
@@

  e = kzalloc(e2, c);
  if(e == NULL) S
- memset(e, 0, e2);

Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
Acked-by: Sudarsana Kalluru <sudarsana.kalluru@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoMerge tag 'firmware_removal-4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Fri, 15 Sep 2017 19:58:55 +0000 (12:58 -0700)]
Merge tag 'firmware_removal-4.14-rc1' of git://git./linux/kernel/git/gregkh/driver-core

Pull firmware removal from Greg KH:
 "Many many years ago (at the kernel summit in Boston), we all came to
  the agreement that the firmware/ tree should be dropped from the
  kernel, and everyone use the linux-firmware package instead. For some
  minor reason, David Woodhouse didn't send the pull request at that
  point in time, and everyone forgot about this.

  The topic came up in the hallway track at the Plumbers conference this
  week, so here's a single patch that drops the whole firmware tree. The
  last firmware update was back in 2013, and all distros have been using
  linux-firmware instead since at least that year, if not before. The
  only commits to that directory since 2013 was some kbuild fixups for
  various build tool issues.

  So lets finally drop this, we don't need to lug them around in the
  kernel source tree anymore, especially as no one wants or uses them.

  This has passed build testing with 0-day, I don't think it made it
  into linux-next this week, but I figured it was good to get in before
  4.14-rc1 was out"

* tag 'firmware_removal-4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
  firmware: delete in-kernel firmware

7 years agoMerge tag 'nios2-v4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/lftan...
Linus Torvalds [Fri, 15 Sep 2017 19:47:21 +0000 (12:47 -0700)]
Merge tag 'nios2-v4.14-rc1' of git://git./linux/kernel/git/lftan/nios2

Pull arch/nios2 update from Ley Foon Tan.

* tag 'nios2-v4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/lftan/nios2:
  nios2: time: Read timer in get_cycles only if initialized
  nios2: add earlycon support to 3c120 devboard DTS

7 years agoMerge tag 'powerpc-4.14-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc...
Linus Torvalds [Fri, 15 Sep 2017 19:44:59 +0000 (12:44 -0700)]
Merge tag 'powerpc-4.14-2' of git://git./linux/kernel/git/powerpc/linux

Pull powerpc fix from Michael Ellerman:
 "Just one fix, for the handling of alignment interrupts on dcbz
  instructions.

  Thanks to Paul Mackerras, Christian Zigotzky, Michal Sojka"

* tag 'powerpc-4.14-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  powerpc: Fix handling of alignment interrupt on dcbz instruction

7 years agoscsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE
Hannes Reinecke [Fri, 15 Sep 2017 12:05:16 +0000 (14:05 +0200)]
scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE

When calling SG_GET_REQUEST_TABLE ioctl only a half-filled table is
returned; the remaining part will then contain stale kernel memory
information.  This patch zeroes out the entire table to avoid this
issue.

Signed-off-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
7 years agoMerge tag 'for-linus-4.14-ofs2' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Fri, 15 Sep 2017 19:16:18 +0000 (12:16 -0700)]
Merge tag 'for-linus-4.14-ofs2' of git://git./linux/kernel/git/hubcap/linux

Pull orangefs updates from Mike Marshall:
 "Some cleanups and a big bug fix for ACLs.

  When I was reviewing Jan Kara's ACL patch, I realized that Orangefs
  ACL code was busted, not just in the kernel module, but in the server
  as well. I've been working on the code in the server mostly, but
  here's one kernel patch, there will be more"

* tag 'for-linus-4.14-ofs2' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux:
  orangefs: Adjust three checks for null pointers
  orangefs: Use kcalloc() in orangefs_prepare_cdm_array()
  orangefs: Delete error messages for a failed memory allocation in five functions
  orangefs: constify xattr_handler structure
  orangefs: don't call filemap_write_and_wait from fsync
  orangefs: off by ones in xattr size checks
  orangefs: documentation clean up
  orangefs: react properly to posix_acl_update_mode's aftermath.
  orangefs: Don't clear SGID when inheriting ACLs

7 years agoscsi: sg: factor out sg_fill_request_table()
Hannes Reinecke [Fri, 15 Sep 2017 12:05:15 +0000 (14:05 +0200)]
scsi: sg: factor out sg_fill_request_table()

Factor out sg_fill_request_table() for better readability.

[mkp: typos, applied by hand]

Signed-off-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
7 years agoscsi: sd: Remove unnecessary condition in sd_read_block_limits()
Lukas Czerner [Wed, 13 Sep 2017 14:29:46 +0000 (16:29 +0200)]
scsi: sd: Remove unnecessary condition in sd_read_block_limits()

After series of changes around WRITE_SAME and UNMAP setup we ended up
with leftover unnecessary condition. Remove it.

Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
7 years agoMerge branch 'next' into for-linus
Dmitry Torokhov [Fri, 15 Sep 2017 16:52:21 +0000 (09:52 -0700)]
Merge branch 'next' into for-linus

Prepare second round of input updates for 4.14 merge window.

7 years agoInput: i8042 - add Gigabyte P57 to the keyboard reset table
Kai-Heng Feng [Fri, 15 Sep 2017 16:36:16 +0000 (09:36 -0700)]
Input: i8042 - add Gigabyte P57 to the keyboard reset table

Similar to other Gigabyte laptops, the touchpad on P57 requires a
keyboard reset to detect Elantech touchpad correctly.

BugLink: https://bugs.launchpad.net/bugs/1594214
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
7 years agokvm: nVMX: Handle deferred early VMLAUNCH/VMRESUME failure properly
Jim Mattson [Thu, 14 Sep 2017 23:31:44 +0000 (16:31 -0700)]
kvm: nVMX: Handle deferred early VMLAUNCH/VMRESUME failure properly

When emulating a nested VM-entry from L1 to L2, several control field
validation checks are deferred to the hardware. Should one of these
validation checks fail, vcpu_vmx_run will set the vmx->fail flag. When
this happens, the L2 guest state is not loaded (even in part), and
execution should continue in L1 with the next instruction after the
VMLAUNCH/VMRESUME.

The VMCS12 is not modified (except for the VM-instruction error
field), the VMCS12 MSR save/load lists are not processed, and the CPU
state is not loaded from the VMCS12 host area. Moreover, the vmcs02
exit reason is stale, so it should not be consulted for any reason.

Signed-off-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years agokvm: vmx: Handle VMLAUNCH/VMRESUME failure properly
Jim Mattson [Thu, 14 Sep 2017 23:31:42 +0000 (16:31 -0700)]
kvm: vmx: Handle VMLAUNCH/VMRESUME failure properly

On an early VMLAUNCH/VMRESUME failure (i.e. one which sets the
VM-instruction error field of the current VMCS), the launch state of
the current VMCS is not set to "launched," and the VM-exit information
fields of the current VMCS (including IDT-vectoring information and
exit reason) are stale.

On a late VMLAUNCH/VMRESUME failure (i.e. one which sets the high bit
of the exit reason field), the launch state of the current VMCS is not
set to "launched," and only two of the VM-exit information fields of
the current VMCS are modified (exit reason and exit
qualification). The remaining VM-exit information fields of the
current VMCS (including IDT-vectoring information, in particular) are
stale.

Signed-off-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years agokvm: nVMX: Remove nested_vmx_succeed after successful VM-entry
Jim Mattson [Thu, 14 Sep 2017 23:31:40 +0000 (16:31 -0700)]
kvm: nVMX: Remove nested_vmx_succeed after successful VM-entry

After a successful VM-entry, RFLAGS is cleared, with the exception of
bit 1, which is always set. This is handled by load_vmcs12_host_state.

Signed-off-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years agokvm,mips: Fix potential swait_active() races
Davidlohr Bueso [Wed, 13 Sep 2017 20:08:24 +0000 (13:08 -0700)]
kvm,mips: Fix potential swait_active() races

For example, the following could occur, making us miss a wakeup:

CPU0 CPU1
kvm_vcpu_block kvm_mips_comparecount_func
  [L] swait_active(&vcpu->wq)
  [S] prepare_to_swait(&vcpu->wq)
  [L] if (!kvm_vcpu_has_pending_timer(vcpu))
         schedule()                       [S] queue_timer_int(vcpu)

Ensure that the swait_active() check is not hoisted over the interrupt.

Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years agokvm,powerpc: Serialize wq active checks in ops->vcpu_kick
Davidlohr Bueso [Wed, 13 Sep 2017 20:08:23 +0000 (13:08 -0700)]
kvm,powerpc: Serialize wq active checks in ops->vcpu_kick

Particularly because kvmppc_fast_vcpu_kick_hv() is a callback,
ensure that we properly serialize wq active checks in order to
avoid potentially missing a wakeup due to racing with the waiter
side.

Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years agokvm: Serialize wq active checks in kvm_vcpu_wake_up()
Davidlohr Bueso [Wed, 13 Sep 2017 20:08:22 +0000 (13:08 -0700)]
kvm: Serialize wq active checks in kvm_vcpu_wake_up()

This is a generic call and can be suceptible to races
in reading the wq task_list while another task is adding
itself to the list. Add a full barrier by using the
swq_has_sleeper() helper.

Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years agokvm,x86: Fix apf_task_wake_one() wq serialization
Davidlohr Bueso [Wed, 13 Sep 2017 20:08:21 +0000 (13:08 -0700)]
kvm,x86: Fix apf_task_wake_one() wq serialization

During code inspection, the following potential race was seen:

CPU0                    CPU1
kvm_async_pf_task_wait apf_task_wake_one
  [L] swait_active(&n->wq)
  [S] prepare_to_swait(&n.wq)
  [L] if (!hlist_unhahed(&n.link))
schedule()   [S] hlist_del_init(&n->link);

Properly serialize swait_active() checks such that a wakeup is
not missed.

Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years agokvm,lapic: Justify use of swait_active()
Davidlohr Bueso [Wed, 13 Sep 2017 20:08:20 +0000 (13:08 -0700)]
kvm,lapic: Justify use of swait_active()

A comment might serve future readers.

Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years agokvm,async_pf: Use swq_has_sleeper()
Davidlohr Bueso [Wed, 13 Sep 2017 20:08:19 +0000 (13:08 -0700)]
kvm,async_pf: Use swq_has_sleeper()

... as we've got the new helper now. This caller already
does the right thing, hence no changes in semantics.

Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years agosched/wait: Add swq_has_sleeper()
Davidlohr Bueso [Wed, 13 Sep 2017 20:08:18 +0000 (13:08 -0700)]
sched/wait: Add swq_has_sleeper()

Which is the equivalent of what we have in regular waitqueues.
I'm not crazy about the name, but this also helps us get both
apis closer -- which iirc comes originally from the -net folks.

We also duplicate the comments for the lockless swait_active(),
from wait.h. Future users will make use of this interface.

Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
7 years agoKVM: VMX: Do not BUG() on out-of-bounds guest IRQ
Jan H. Schönherr [Thu, 7 Sep 2017 18:02:30 +0000 (19:02 +0100)]
KVM: VMX: Do not BUG() on out-of-bounds guest IRQ

The value of the guest_irq argument to vmx_update_pi_irte() is
ultimately coming from a KVM_IRQFD API call. Do not BUG() in
vmx_update_pi_irte() if the value is out-of bounds. (Especially,
since KVM as a whole seems to hang after that.)

Instead, print a message only once if we find that we don't have a
route for a certain IRQ (which can be out-of-bounds or within the
array).

This fixes CVE-2017-1000252.

Fixes: efc644048ecde54 ("KVM: x86: Update IRTE for posted-interrupts")
Signed-off-by: Jan H. Schönherr <jschoenh@amazon.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>