sfrench/cifs-2.6.git
2 years agoext4: missing !bh check in ext4_xattr_inode_write()
Vasily Averin [Fri, 9 Nov 2018 16:34:40 +0000 (11:34 -0500)]
ext4: missing !bh check in ext4_xattr_inode_write()

According to Ted Ts'o ext4_getblk() called in ext4_xattr_inode_write()
should not return bh = NULL

The only time that bh could be NULL, then, would be in the case of
something really going wrong; a programming error elsewhere (perhaps a
wild pointer dereference) or I/O error causing on-disk file system
corruption (although that would be highly unlikely given that we had
*just* allocated the blocks and so the metadata blocks in question
probably would still be in the cache).

Fixes: e50e5129f384 ("ext4: xattr-in-inode support")
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org # 4.13
2 years agoext4: fix buffer leak in __ext4_read_dirblock() on error path
Vasily Averin [Thu, 8 Nov 2018 03:36:23 +0000 (22:36 -0500)]
ext4: fix buffer leak in __ext4_read_dirblock() on error path

Fixes: dc6982ff4db1 ("ext4: refactor code to read directory blocks ...")
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org # 3.9
2 years agoext4: fix buffer leak in ext4_expand_extra_isize_ea() on error path
Vasily Averin [Wed, 7 Nov 2018 16:14:35 +0000 (11:14 -0500)]
ext4: fix buffer leak in ext4_expand_extra_isize_ea() on error path

Fixes: de05ca852679 ("ext4: move call to ext4_error() into ...")
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org # 4.17
2 years agoext4: fix buffer leak in ext4_xattr_move_to_block() on error path
Vasily Averin [Wed, 7 Nov 2018 16:10:21 +0000 (11:10 -0500)]
ext4: fix buffer leak in ext4_xattr_move_to_block() on error path

Fixes: 3f2571c1f91f ("ext4: factor out xattr moving")
Fixes: 6dd4ee7cab7e ("ext4: Expand extra_inodes space per ...")
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org # 2.6.23
2 years agoext4: release bs.bh before re-using in ext4_xattr_block_find()
Vasily Averin [Wed, 7 Nov 2018 16:07:01 +0000 (11:07 -0500)]
ext4: release bs.bh before re-using in ext4_xattr_block_find()

bs.bh was taken in previous ext4_xattr_block_find() call,
it should be released before re-using

Fixes: 7e01c8e5420b ("ext3/4: fix uninitialized bs in ...")
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org # 2.6.26
2 years agoext4: fix buffer leak in ext4_xattr_get_block() on error path
Vasily Averin [Wed, 7 Nov 2018 16:01:33 +0000 (11:01 -0500)]
ext4: fix buffer leak in ext4_xattr_get_block() on error path

Fixes: dec214d00e0d ("ext4: xattr inode deduplication")
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org # 4.13
2 years agoext4: fix possible leak of s_journal_flag_rwsem in error path
Vasily Averin [Wed, 7 Nov 2018 15:56:28 +0000 (10:56 -0500)]
ext4: fix possible leak of s_journal_flag_rwsem in error path

Fixes: c8585c6fcaf2 ("ext4: fix races between changing inode journal ...")
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org # 4.7
2 years agoext4: fix possible leak of sbi->s_group_desc_leak in error path
Theodore Ts'o [Wed, 7 Nov 2018 15:32:53 +0000 (10:32 -0500)]
ext4: fix possible leak of sbi->s_group_desc_leak in error path

Fixes: bfe0a5f47ada ("ext4: add more mount time checks of the superblock")
Reported-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org # 4.18
2 years agoext4: remove unneeded brelse call in ext4_xattr_inode_update_ref()
Vasily Averin [Tue, 6 Nov 2018 22:45:02 +0000 (17:45 -0500)]
ext4: remove unneeded brelse call in ext4_xattr_inode_update_ref()

Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2 years agoext4: avoid possible double brelse() in add_new_gdb() on error path
Theodore Ts'o [Tue, 6 Nov 2018 22:18:17 +0000 (17:18 -0500)]
ext4: avoid possible double brelse() in add_new_gdb() on error path

Fixes: b40971426a83 ("ext4: add error checking to calls to ...")
Reported-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org # 2.6.38
2 years agoext4: avoid buffer leak in ext4_orphan_add() after prior errors
Vasily Averin [Tue, 6 Nov 2018 22:01:36 +0000 (17:01 -0500)]
ext4: avoid buffer leak in ext4_orphan_add() after prior errors

Fixes: d745a8c20c1f ("ext4: reduce contention on s_orphan_lock")
Fixes: 6e3617e579e0 ("ext4: Handle non empty on-disk orphan link")
Cc: Dmitry Monakhov <dmonakhov@gmail.com>
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org # 2.6.34
2 years agoext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty()
Vasily Averin [Tue, 6 Nov 2018 21:49:50 +0000 (16:49 -0500)]
ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty()

ext4_mark_iloc_dirty() callers expect that it releases iloc->bh
even if it returns an error.

Fixes: 0db1ff222d40 ("ext4: add shutdown bit and check for it")
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org # 4.11
2 years agoext4: fix possible inode leak in the retry loop of ext4_resize_fs()
Vasily Averin [Tue, 6 Nov 2018 21:20:40 +0000 (16:20 -0500)]
ext4: fix possible inode leak in the retry loop of ext4_resize_fs()

Fixes: 1c6bd7173d66 ("ext4: convert file system to meta_bg if needed ...")
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org # 3.7
2 years agoext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing
Vasily Averin [Tue, 6 Nov 2018 21:16:01 +0000 (16:16 -0500)]
ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing

Fixes: 117fff10d7f1 ("ext4: grow the s_flex_groups array as needed ...")
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org # 3.7
2 years agoext4: add missing brelse() update_backups()'s error path
Vasily Averin [Sat, 3 Nov 2018 21:11:19 +0000 (17:11 -0400)]
ext4: add missing brelse() update_backups()'s error path

Fixes: ac27a0ec112a ("ext4: initial copy of files from ext3")
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org # 2.6.19
2 years agoext4: add missing brelse() add_new_gdb_meta_bg()'s error path
Vasily Averin [Sat, 3 Nov 2018 20:50:08 +0000 (16:50 -0400)]
ext4: add missing brelse() add_new_gdb_meta_bg()'s error path

Fixes: 01f795f9e0d6 ("ext4: add online resizing support for meta_bg ...")
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org # 3.7
2 years agoext4: add missing brelse() in set_flexbg_block_bitmap()'s error path
Vasily Averin [Sat, 3 Nov 2018 20:22:10 +0000 (16:22 -0400)]
ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path

Fixes: 33afdcc5402d ("ext4: add a function which sets up group blocks ...")
Cc: stable@kernel.org # 3.3
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2 years agoext4: avoid potential extra brelse in setup_new_flex_group_blocks()
Vasily Averin [Sat, 3 Nov 2018 20:13:17 +0000 (16:13 -0400)]
ext4: avoid potential extra brelse in setup_new_flex_group_blocks()

Currently bh is set to NULL only during first iteration of for cycle,
then this pointer is not cleared after end of using.
Therefore rollback after errors can lead to extra brelse(bh) call,
decrements bh counter and later trigger an unexpected warning in __brelse()

Patch moves brelse() calls in body of cycle to exclude requirement of
brelse() call in rollback.

Fixes: 33afdcc5402d ("ext4: add a function which sets up group blocks ...")
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org # 3.3+
2 years agoext4: fix use-after-free race in ext4_remount()'s error path
Theodore Ts'o [Fri, 12 Oct 2018 13:28:09 +0000 (09:28 -0400)]
ext4: fix use-after-free race in ext4_remount()'s error path

It's possible for ext4_show_quota_options() to try reading
s_qf_names[i] while it is being modified by ext4_remount() --- most
notably, in ext4_remount's error path when the original values of the
quota file name gets restored.

Reported-by: syzbot+a2872d6feea6918008a9@syzkaller.appspotmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org # 3.2+
2 years agoext4: cache NULL when both default_acl and acl are NULL
Chengguang Xu [Sun, 7 Oct 2018 02:40:34 +0000 (22:40 -0400)]
ext4: cache NULL when both default_acl and acl are NULL

default_acl and acl of newly created inode will be initiated as
ACL_NOT_CACHED in vfs function inode_init_always() and later will be
updated by calling xxx_init_acl() in specific filesystems.  However,
when default_acl and acl are NULL then they keep the value of
ACL_NOT_CACHED.  This patch changes the code to cache NULL for acl /
default_acl in this case to save unnecessary ACL lookup attempt.

Signed-off-by: Chengguang Xu <cgxu519@gmx.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jan Kara <jack@suse.cz>
2 years agodocs: promote the ext4 data structures book to top level
Darrick J. Wong [Fri, 5 Oct 2018 23:20:08 +0000 (19:20 -0400)]
docs: promote the ext4 data structures book to top level

Move the ext4 data structures book to Documentation/filesystems/ext4/
since the administrative information moved elsewhere.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2 years agodocs: move ext4 administrative docs to admin-guide/
Darrick J. Wong [Fri, 5 Oct 2018 23:11:59 +0000 (19:11 -0400)]
docs: move ext4 administrative docs to admin-guide/

Move the ext4 mount option and other administrative stuff to the Linux
administrator's guide.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2 years agojbd2: fix use after free in jbd2_log_do_checkpoint()
Jan Kara [Fri, 5 Oct 2018 22:44:40 +0000 (18:44 -0400)]
jbd2: fix use after free in jbd2_log_do_checkpoint()

The code cleaning transaction's lists of checkpoint buffers has a bug
where it increases bh refcount only after releasing
journal->j_list_lock. Thus the following race is possible:

CPU0 CPU1
jbd2_log_do_checkpoint()
jbd2_journal_try_to_free_buffers()
  __journal_try_to_free_buffer(bh)
  ...
  while (transaction->t_checkpoint_io_list)
  ...
    if (buffer_locked(bh)) {

<-- IO completes now, buffer gets unlocked -->

      spin_unlock(&journal->j_list_lock);
    spin_lock(&journal->j_list_lock);
    __jbd2_journal_remove_checkpoint(jh);
    spin_unlock(&journal->j_list_lock);
  try_to_free_buffers(page);
      get_bh(bh) <-- accesses freed bh

Fix the problem by grabbing bh reference before unlocking
journal->j_list_lock.

Fixes: dc6e8d669cf5 ("jbd2: don't call get_bh() before calling __jbd2_journal_remove_checkpoint()")
Fixes: be1158cc615f ("jbd2: fold __process_buffer() into jbd2_log_do_checkpoint()")
Reported-by: syzbot+7f4a27091759e2fe7453@syzkaller.appspotmail.com
CC: stable@vger.kernel.org
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2 years agoext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR
Wang Shilong [Wed, 3 Oct 2018 16:19:21 +0000 (12:19 -0400)]
ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR

We return most failure of dquota_initialize() except
inode evict, this could make a bit sense, for example
we allow file removal even quota files are broken?

But it dosen't make sense to allow setting project
if quota files etc are broken.

Signed-off-by: Wang Shilong <wshilong@ddn.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
2 years agoext4: fix setattr project check in fssetxattr ioctl
Wang Shilong [Wed, 3 Oct 2018 14:33:32 +0000 (10:33 -0400)]
ext4: fix setattr project check in fssetxattr ioctl

Currently, project quota could be changed by fssetxattr
ioctl, and existed permission check inode_owner_or_capable()
is obviously not enough, just think that common users could
change project id of file, that could make users to
break project quota easily.

This patch try to follow same regular of xfs project
quota:

"Project Quota ID state is only allowed to change from
within the init namespace. Enforce that restriction only
if we are trying to change the quota ID state.
Everything else is allowed in user namespaces."

Besides that, check and set project id'state should
be an atomic operation, protect whole operation with
inode lock, ext4_ioctl_setproject() is only used for
ioctl EXT4_IOC_FSSETXATTR, we have held mnt_want_write_file()
before ext4_ioctl_setflags(), and ext4_ioctl_setproject()
is called after ext4_ioctl_setflags(), we could share
codes, so remove it inside ext4_ioctl_setproject().

Signed-off-by: Wang Shilong <wshilong@ddn.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Cc: stable@kernel.org
2 years agodocs: make ext4 readme tables readable
Darrick J. Wong [Wed, 3 Oct 2018 02:45:25 +0000 (22:45 -0400)]
docs: make ext4 readme tables readable

The tables in the ext4 readme are not particularly space efficient in
the text or html outputs, and they're totally broken in the pdf output.
Convert them into titled paragraphs so that they render more nicely.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2 years agodocs: fix ext4 documentation table formatting problems
Darrick J. Wong [Wed, 3 Oct 2018 02:43:40 +0000 (22:43 -0400)]
docs: fix ext4 documentation table formatting problems

It turns out that the latex table formatters lay out table columns with
the exact proportional widths given in the table metadata, even if text
overflows outside the box.  This was not caught during the initial
import because the HTML renderers are smart enough to fudge the table.

Fix the table column width formatting problems in the data structures
and algorithms documentation so that we don't have squashed columns.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2 years agodocs: generate a separate ext4 pdf file from the documentation
Darrick J. Wong [Wed, 3 Oct 2018 02:40:32 +0000 (22:40 -0400)]
docs: generate a separate ext4 pdf file from the documentation

The documentation build scripts won't build a pdf for the ext4
documentation unless explicitly called for, so ask for a separate
ext4.pdf to be generated with all the documentation.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2 years agoext4: convert fault handler to use vm_fault_t type
Souptick Joarder [Wed, 3 Oct 2018 02:20:50 +0000 (22:20 -0400)]
ext4: convert fault handler to use vm_fault_t type

Return type of ext4_page_mkwrite and ext4_filemap_fault are
changed to use vm_fault_t type.

With this patch all the callers of block_page_mkwrite_return()
are changed to handle vm_fault_t. So converting the return type
of block_page_mkwrite_return() to vm_fault_t.

Signed-off-by: Souptick Joarder <jrdr.linux@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Matthew Wilcox <willy@infradead.org>
2 years agoext4: initialize retries variable in ext4_da_write_inline_data_begin()
Lukas Czerner [Wed, 3 Oct 2018 01:18:45 +0000 (21:18 -0400)]
ext4: initialize retries variable in ext4_da_write_inline_data_begin()

Variable retries is not initialized in ext4_da_write_inline_data_begin()
which can lead to nondeterministic number of retries in case we hit
ENOSPC. Initialize retries to zero as we do everywhere else.

Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Fixes: bc0ca9df3b2a ("ext4: retry allocation when inline->extent conversion failed")
Cc: stable@kernel.org
2 years agoext4: fix EXT4_IOC_SWAP_BOOT
Theodore Ts'o [Tue, 2 Oct 2018 22:21:19 +0000 (18:21 -0400)]
ext4: fix EXT4_IOC_SWAP_BOOT

The code EXT4_IOC_SWAP_BOOT ioctl hasn't been updated in a while, and
it's a bit broken with respect to more modern ext4 kernels, especially
metadata checksums.

Other problems fixed with this commit:

* Don't allow installing a DAX, swap file, or an encrypted file as a
  boot loader.

* Respect the immutable and append-only flags.

* Wait until any DIO operations are finished *before* calling
  truncate_inode_pages().

* Don't swap inode->i_flags, since these flags have nothing to do with
  the inode blocks --- and it will give the IMA/audit code heartburn
  when the inode is evicted.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Reported-by: syzbot+e81ccd4744c6c4f71354@syzkaller.appspotmail.com
2 years agoext4: fix build error when DX_DEBUG is defined
Gabriel Krisman Bertazi [Tue, 2 Oct 2018 16:43:51 +0000 (12:43 -0400)]
ext4: fix build error when DX_DEBUG is defined

Enabling DX_DEBUG triggers the build error below.  info is an attribute
of  the dxroot structure.

linux/fs/ext4/namei.c:2264:12: error: ‘info’
undeclared (first use in this function); did you mean ‘insl’?
      info->indirect_levels));

Fixes: e08ac99fa2a2 ("ext4: add largedir feature")
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
2 years agoext4: fix argument checking in EXT4_IOC_MOVE_EXT
Theodore Ts'o [Tue, 2 Oct 2018 05:34:44 +0000 (01:34 -0400)]
ext4: fix argument checking in EXT4_IOC_MOVE_EXT

If the starting block number of either the source or destination file
exceeds the EOF, EXT4_IOC_MOVE_EXT should return EINVAL.

Also fixed the helper function mext_check_coverage() so that if the
logical block is beyond EOF, make it return immediately, instead of
looping until the block number wraps all the away around.  This takes
long enough that if there are multiple threads trying to do pound on
an the same inode doing non-sensical things, it can end up triggering
the kernel's soft lockup detector.

Reported-by: syzbot+c61979f6f2cba5cb3c06@syzkaller.appspotmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
2 years agoext4: fix reserved cluster accounting at page invalidation time
Eric Whitney [Mon, 1 Oct 2018 18:33:24 +0000 (14:33 -0400)]
ext4: fix reserved cluster accounting at page invalidation time

Add new code to count canceled pending cluster reservations on bigalloc
file systems and to reduce the cluster reservation count on all file
systems using delayed allocation.  This replaces old code in
ext4_da_page_release_reservations that was incorrect.

Signed-off-by: Eric Whitney <enwlinux@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2 years agoext4: adjust reserved cluster count when removing extents
Eric Whitney [Mon, 1 Oct 2018 18:25:08 +0000 (14:25 -0400)]
ext4: adjust reserved cluster count when removing extents

Modify ext4_ext_remove_space() and the code it calls to correct the
reserved cluster count for pending reservations (delayed allocated
clusters shared with allocated blocks) when a block range is removed
from the extent tree.  Pending reservations may be found for the clusters
at the ends of written or unwritten extents when a block range is removed.
If a physical cluster at the end of an extent is freed, it's necessary
to increment the reserved cluster count to maintain correct accounting
if the corresponding logical cluster is shared with at least one
delayed and unwritten extent as found in the extents status tree.

Add a new function, ext4_rereserve_cluster(), to reapply a reservation
on a delayed allocated cluster sharing blocks with a freed allocated
cluster.  To avoid ENOSPC on reservation, a flag is applied to
ext4_free_blocks() to briefly defer updating the freeclusters counter
when an allocated cluster is freed.  This prevents another thread
from allocating the freed block before the reservation can be reapplied.

Redefine the partial cluster object as a struct to carry more state
information and to clarify the code using it.

Adjust the conditional code structure in ext4_ext_remove_space to
reduce the indentation level in the main body of the code to improve
readability.

Signed-off-by: Eric Whitney <enwlinux@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2 years agoext4: reduce reserved cluster count by number of allocated clusters
Eric Whitney [Mon, 1 Oct 2018 18:24:08 +0000 (14:24 -0400)]
ext4: reduce reserved cluster count by number of allocated clusters

Ext4 does not always reduce the reserved cluster count by the number
of clusters allocated when mapping a delayed extent.  It sometimes
adds back one or more clusters after allocation if delalloc blocks
adjacent to the range allocated by ext4_ext_map_blocks() share the
clusters newly allocated for that range.  However, this overcounts
the number of clusters needed to satisfy future mapping requests
(holding one or more reservations for clusters that have already been
allocated) and premature ENOSPC and quota failures, etc., result.

Ext4 also does not reduce the reserved cluster count when allocating
clusters for non-delayed allocated writes that have previously been
reserved for delayed writes.  This also results in overcounts.

To make it possible to handle reserved cluster accounting for
fallocated regions in the same manner as used for other non-delayed
writes, do the reserved cluster accounting for them at the time of
allocation.  In the current code, this is only done later when a
delayed extent sharing the fallocated region is finally mapped.

Address comment correcting handling of unsigned long long constant
from Jan Kara's review of RFC version of this patch.

Signed-off-by: Eric Whitney <enwlinux@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2 years agoext4: fix reserved cluster accounting at delayed write time
Eric Whitney [Mon, 1 Oct 2018 18:19:37 +0000 (14:19 -0400)]
ext4: fix reserved cluster accounting at delayed write time

The code in ext4_da_map_blocks sometimes reserves space for more
delayed allocated clusters than it should, resulting in premature
ENOSPC, exceeded quota, and inaccurate free space reporting.

Fix this by checking for written and unwritten blocks shared in the
same cluster with the newly delayed allocated block.  A cluster
reservation should not be made for a cluster for which physical space
has already been allocated.

Signed-off-by: Eric Whitney <enwlinux@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2 years agoext4: add new pending reservation mechanism
Eric Whitney [Mon, 1 Oct 2018 18:17:41 +0000 (14:17 -0400)]
ext4: add new pending reservation mechanism

Add new pending reservation mechanism to help manage reserved cluster
accounting.  Its primary function is to avoid the need to read extents
from the disk when invalidating pages as a result of a truncate, punch
hole, or collapse range operation.

Signed-off-by: Eric Whitney <enwlinux@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2 years agoext4: generalize extents status tree search functions
Eric Whitney [Mon, 1 Oct 2018 18:10:39 +0000 (14:10 -0400)]
ext4: generalize extents status tree search functions

Ext4 contains a few functions that are used to search for delayed
extents or blocks in the extents status tree.  Rather than duplicate
code to add new functions to search for extents with different status
values, such as written or a combination of delayed and unwritten,
generalize the existing code to search for caller-specified extents
status values.  Also, move this code into extents_status.c where it
is better associated with the data structures it operates upon, and
where it can be more readily used to implement new extents status tree
functions that might want a broader scope for i_es_lock.

Three missing static specifiers in RFC version of patch reported and
fixed by Fengguang Wu <fengguang.wu@intel.com>.

Signed-off-by: Eric Whitney <enwlinux@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2 years agoLinux 4.19-rc6 v4.19-rc6
Greg Kroah-Hartman [Sun, 30 Sep 2018 14:15:35 +0000 (07:15 -0700)]
Linux 4.19-rc6

2 years agoMerge tag 'auxdisplay-for-greg-v4.19-rc6' of https://github.com/ojeda/linux
Greg Kroah-Hartman [Sun, 30 Sep 2018 13:20:33 +0000 (06:20 -0700)]
Merge tag 'auxdisplay-for-greg-v4.19-rc6' of https://github.com/ojeda/linux

Miguel writes:
  "A trivial fix for auxdisplay

    - MAINTAINERS reference fix for moved file
      Reported by Joe Perches"

* tag 'auxdisplay-for-greg-v4.19-rc6' of https://github.com/ojeda/linux:
  MAINTAINERS: fix reference to moved drivers/{misc => auxdisplay}/panel.c

2 years agoMerge tag 'libnvdimm-fixes2-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel...
Greg Kroah-Hartman [Sun, 30 Sep 2018 13:19:38 +0000 (06:19 -0700)]
Merge tag 'libnvdimm-fixes2-4.19-rc6' of git://git./linux/kernel/git/nvdimm/nvdimm

Dan writes:
  "filesystem-dax for 4.19-rc6

   Fix a deadlock in the new for 4.19 dax_lock_mapping_entry() routine."

* tag 'libnvdimm-fixes2-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
  dax: Fix deadlock in dax_lock_mapping_entry()

2 years agoMAINTAINERS: fix reference to moved drivers/{misc => auxdisplay}/panel.c
Miguel Ojeda [Sun, 30 Sep 2018 11:50:05 +0000 (13:50 +0200)]
MAINTAINERS: fix reference to moved drivers/{misc => auxdisplay}/panel.c

Commit 51c1e9b554c9 ("auxdisplay: Move panel.c to drivers/auxdisplay folder")
moved the file, but the MAINTAINERS reference was not updated.

Link: https://lore.kernel.org/lkml/20180928220131.31075-1-joe@perches.com/
Reported-by: Joe Perches <joe@perches.com>
Signed-off-by: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>
2 years agoMerge tag 'for-linus-20180929' of git://git.kernel.dk/linux-block
Greg Kroah-Hartman [Sat, 29 Sep 2018 21:52:14 +0000 (14:52 -0700)]
Merge tag 'for-linus-20180929' of git://git.kernel.dk/linux-block

Jens writes:
  "Block fixes for 4.19-rc6

   A set of fixes that should go into this release. This pull request
   contains:

   - A fix (hopefully) for the persistent grants for xen-blkfront. A
     previous fix from this series wasn't complete, hence reverted, and
     this one should hopefully be it. (Boris Ostrovsky)

   - Fix for an elevator drain warning with SMR devices, which is
     triggered when you switch schedulers (Damien)

   - bcache deadlock fix (Guoju Fang)

   - Fix for the block unplug tracepoint, which has had the
     timer/explicit flag reverted since 4.11 (Ilya)

   - Fix a regression in this series where the blk-mq timeout hook is
     invoked with the RCU read lock held, hence preventing it from
     blocking (Keith)

   - NVMe pull from Christoph, with a single multipath fix (Susobhan Dey)"

* tag 'for-linus-20180929' of git://git.kernel.dk/linux-block:
  xen/blkfront: correct purging of persistent grants
  Revert "xen/blkfront: When purging persistent grants, keep them in the buffer"
  blk-mq: I/O and timer unplugs are inverted in blktrace
  bcache: add separate workqueue for journal_write to avoid deadlock
  xen/blkfront: When purging persistent grants, keep them in the buffer
  block: fix deadline elevator drain for zoned block devices
  blk-mq: Allow blocking queue tag iter callbacks
  nvme: properly propagate errors in nvme_mpath_init

2 years agoMerge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Greg Kroah-Hartman [Sat, 29 Sep 2018 21:34:06 +0000 (14:34 -0700)]
Merge branch 'x86-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Thomas writes:
  "A single fix for the AMD memory encryption boot code so it does not
   read random garbage instead of the cached encryption bit when a kexec
   kernel is allocated above the 32bit address limit."

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/boot: Fix kexec booting failure in the SEV bit detection code

2 years agoMerge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Greg Kroah-Hartman [Sat, 29 Sep 2018 21:32:49 +0000 (14:32 -0700)]
Merge branch 'timers-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Thomas writes:
  "Three small fixes for clocksource drivers:
   - Proper error handling in the Atmel PIT driver
   - Add CLOCK_SOURCE_SUSPEND_NONSTOP for TI SoCs so suspend works again
   - Fix the next event function for Facebook Backpack-CMM BMC chips so
     usleep(100) doesnt sleep several milliseconds"

* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  clocksource/drivers/timer-atmel-pit: Properly handle error cases
  clocksource/drivers/fttmr010: Fix set_next_event handler
  clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs

2 years agoMerge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Greg Kroah-Hartman [Sat, 29 Sep 2018 18:32:03 +0000 (11:32 -0700)]
Merge branch 'perf-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Thomas writes:
  "A single fix for a missing sanity check when a pinned event is tried
  to be read on the wrong CPU due to a legit event scheduling failure."

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf/core: Add sanity check to deal with pinned event failure

2 years agoMerge tag 'pm-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Greg Kroah-Hartman [Sat, 29 Sep 2018 13:50:36 +0000 (06:50 -0700)]
Merge tag 'pm-4.19-rc6' of git://git./linux/kernel/git/rafael/linux-pm

Rafael writes:
  "Power management fix for 4.19-rc6

   Fix incorrect __init and __exit annotations in the Qualcomm
   Kryo cpufreq driver (Nathan Chancellor)."

* tag 'pm-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  cpufreq: qcom-kryo: Fix section annotations

2 years agocpufreq: qcom-kryo: Fix section annotations
Nathan Chancellor [Thu, 20 Sep 2018 00:22:21 +0000 (17:22 -0700)]
cpufreq: qcom-kryo: Fix section annotations

There is currently a warning when building the Kryo cpufreq driver into
the kernel image:

WARNING: vmlinux.o(.text+0x8aa424): Section mismatch in reference from
the function qcom_cpufreq_kryo_probe() to the function
.init.text:qcom_cpufreq_kryo_get_msm_id()
The function qcom_cpufreq_kryo_probe() references
the function __init qcom_cpufreq_kryo_get_msm_id().
This is often because qcom_cpufreq_kryo_probe lacks a __init
annotation or the annotation of qcom_cpufreq_kryo_get_msm_id is wrong.

Remove the '__init' annotation from qcom_cpufreq_kryo_get_msm_id
so that there is no more mismatch warning.

Additionally, Nick noticed that the remove function was marked as
'__init' when it should really be marked as '__exit'.

Fixes: 46e2856b8e18 (cpufreq: Add Kryo CPU scaling driver)
Fixes: 5ad7346b4ae2 (cpufreq: kryo: Add module remove and exit)
Reported-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Cc: 4.18+ <stable@vger.kernel.org> # 4.18+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2 years agoMerge tag 'dma-mapping-4.19-3' of git://git.infradead.org/users/hch/dma-mapping
Greg Kroah-Hartman [Sat, 29 Sep 2018 09:52:24 +0000 (02:52 -0700)]
Merge tag 'dma-mapping-4.19-3' of git://git.infradead.org/users/hch/dma-mapping

Christoph writes:
  "dma mapping fix for 4.19-rc6

   fix a missing Kconfig symbol for commits introduced in 4.19-rc"

* tag 'dma-mapping-4.19-3' of git://git.infradead.org/users/hch/dma-mapping:
  dma-mapping: add the missing ARCH_HAS_SYNC_DMA_FOR_CPU_ALL declaration

2 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
Greg Kroah-Hartman [Sat, 29 Sep 2018 01:04:50 +0000 (18:04 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/dtor/input

Dmitry writes:
  "Input updates for v4.19-rc5

   Just a few driver fixes"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: uinput - allow for max == min during input_absinfo validation
  Input: elantech - enable middle button of touchpad on ThinkPad P72
  Input: atakbd - fix Atari CapsLock behaviour
  Input: atakbd - fix Atari keymap
  Input: egalax_ts - add system wakeup support
  Input: gpio-keys - fix a documentation index issue

2 years agoMerge tag 'spi-fix-v4.19-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git...
Greg Kroah-Hartman [Sat, 29 Sep 2018 01:04:06 +0000 (18:04 -0700)]
Merge tag 'spi-fix-v4.19-rc5' of https://git./linux/kernel/git/broonie/spi

Mark writes:
  "spi: Fixes for v4.19

   Quite a few fixes for the Renesas drivers in here, plus a fix for the
   Tegra driver and some documentation fixes for the recently added
   spi-mem code.  The Tegra fix is relatively large but fairly
   straightforward and mechanical, it runs on probe so it's been
   reasonably well covered in -next testing."

* tag 'spi-fix-v4.19-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
  spi: spi-mem: Move the DMA-able constraint doc to the kerneldoc header
  spi: spi-mem: Add missing description for data.nbytes field
  spi: rspi: Fix interrupted DMA transfers
  spi: rspi: Fix invalid SPI use during system suspend
  spi: sh-msiof: Fix handling of write value for SISTR register
  spi: sh-msiof: Fix invalid SPI use during system suspend
  spi: gpio: Fix copy-and-paste error
  spi: tegra20-slink: explicitly enable/disable clock

2 years agoMerge tag 'regulator-v4.19-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git...
Greg Kroah-Hartman [Sat, 29 Sep 2018 01:02:25 +0000 (18:02 -0700)]
Merge tag 'regulator-v4.19-rc5' of https://git./linux/kernel/git/broonie/regulator

Mark writes:
  "regulator: Fixes for 4.19

   A collection of fairly minor bug fixes here, a couple of driver
   specific ones plus two core fixes.  There's one fix for the new
   suspend state code which fixes some confusion with constant values
   that are supposed to indicate noop operation and another fixing a
   race condition with the creation of sysfs files on new regulators."

* tag 'regulator-v4.19-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
  regulator: fix crash caused by null driver data
  regulator: Fix 'do-nothing' value for regulators without suspend state
  regulator: da9063: fix DT probing with constraints
  regulator: bd71837: Disable voltage monitoring for LDO3/4

2 years agoMerge tag 'powerpc-4.19-3' of https://git.kernel.org/pub/scm/linux/kernel/git/powerpc...
Greg Kroah-Hartman [Sat, 29 Sep 2018 00:43:32 +0000 (17:43 -0700)]
Merge tag 'powerpc-4.19-3' of https://git./linux/kernel/git/powerpc/linux

Michael writes:
  "powerpc fixes for 4.19 #3

   A reasonably big batch of fixes due to me being away for a few weeks.

   A fix for the TM emulation support on Power9, which could result in
   corrupting the guest r11 when running under KVM.

   Two fixes to the TM code which could lead to userspace GPR corruption
   if we take an SLB miss at exactly the wrong time.

   Our dynamic patching code had a bug that meant we could patch freed
   __init text, which could lead to corrupting userspace memory.

   csum_ipv6_magic() didn't work on little endian platforms since we
   optimised it recently.

   A fix for an endian bug when reading a device tree property telling
   us how many storage keys the machine has available.

   Fix a crash seen on some configurations of PowerVM when migrating the
   partition from one machine to another.

   A fix for a regression in the setup of our CPU to NUMA node mapping
   in KVM guests.

   A fix to our selftest Makefiles to make them work since a recent
   change to the shared Makefile logic."

* tag 'powerpc-4.19-3' of https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  selftests/powerpc: Fix Makefiles for headers_install change
  powerpc/numa: Use associativity if VPHN hcall is successful
  powerpc/tm: Avoid possible userspace r1 corruption on reclaim
  powerpc/tm: Fix userspace r13 corruption
  powerpc/pseries: Fix unitialized timer reset on migration
  powerpc/pkeys: Fix reading of ibm, processor-storage-keys property
  powerpc: fix csum_ipv6_magic() on little endian platforms
  powerpc/powernv/ioda2: Reduce upper limit for DMA window size (again)
  powerpc: Avoid code patching freed init sections
  KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds

2 years agoMerge tag 'pinctrl-v4.19-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw...
Greg Kroah-Hartman [Sat, 29 Sep 2018 00:42:44 +0000 (17:42 -0700)]
Merge tag 'pinctrl-v4.19-4' of git://git./linux/kernel/git/linusw/linux-pinctrl

Linus writes:
  "Pin control fixes for v4.19:
   - Fixes to x86 hardware:
   - AMD interrupt debounce issues
   - Faulty Intel cannonlake register offset
   - Revert pin translation IRQ locking"

* tag 'pinctrl-v4.19-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
  Revert "pinctrl: intel: Do pin translation when lock IRQ"
  pinctrl: cannonlake: Fix HOSTSW_OWN register offset of H variant
  pinctrl/amd: poll InterruptEnable bits in amd_gpio_irq_set_type

2 years agoperf/core: Add sanity check to deal with pinned event failure
Reinette Chatre [Wed, 19 Sep 2018 17:29:06 +0000 (10:29 -0700)]
perf/core: Add sanity check to deal with pinned event failure

It is possible that a failure can occur during the scheduling of a
pinned event. The initial portion of perf_event_read_local() contains
the various error checks an event should pass before it can be
considered valid. Ensure that the potential scheduling failure
of a pinned event is checked for and have a credible error.

Suggested-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: fenghua.yu@intel.com
Cc: tony.luck@intel.com
Cc: acme@kernel.org
Cc: gavin.hindman@intel.com
Cc: jithu.joseph@intel.com
Cc: dave.hansen@intel.com
Cc: hpa@zytor.com
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/6486385d1f30336e9973b24c8c65f5079543d3d3.1537377064.git.reinette.chatre@intel.com
2 years agoMerge tag 'drm-fixes-2018-09-28' of git://anongit.freedesktop.org/drm/drm
Greg Kroah-Hartman [Fri, 28 Sep 2018 16:55:17 +0000 (18:55 +0200)]
Merge tag 'drm-fixes-2018-09-28' of git://anongit.freedesktop.org/drm/drm

Dave writes:
  "drm fixes for 4.19-rc6

   Looks like a pretty normal week for graphics,

   core: syncobj fix, panel link regression revert
   amd: suspend/resume fixes, EDID emulation fix
   mali-dp: NV12 writeback and vblank reset fixes
   etnaviv: DMA setup fix"

* tag 'drm-fixes-2018-09-28' of git://anongit.freedesktop.org/drm/drm:
  drm/amd/display: Fix Edid emulation for linux
  drm/amd/display: Fix Vega10 lightup on S3 resume
  drm/amdgpu: Fix vce work queue was not cancelled when suspend
  Revert "drm/panel: Add device_link from panel device to DRM device"
  drm/syncobj: Don't leak fences when WAIT_FOR_SUBMIT is set
  drm/malidp: Fix writeback in NV12
  drm: mali-dp: Call drm_crtc_vblank_reset on device init
  drm/etnaviv: add DMA configuration for etnaviv platform device

2 years agoMerge tag 'riscv-for-linus-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel...
Greg Kroah-Hartman [Fri, 28 Sep 2018 16:53:22 +0000 (18:53 +0200)]
Merge tag 'riscv-for-linus-4.19-rc6' of git://git./linux/kernel/git/palmer/riscv-linux

Palmer writes:
  "A Single RISC-V Update for 4.19-rc6

   The Debian guys have been pushing on our port and found some
   unversioned symbols leaking into modules.  This PR contains a single
   fix for that issue."

* tag 'riscv-for-linus-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux:
  RISC-V: include linux/ftrace.h in asm-prototypes.h

2 years agoMerge tag 'pci-v4.19-fixes-2' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git...
Greg Kroah-Hartman [Fri, 28 Sep 2018 16:20:41 +0000 (18:20 +0200)]
Merge tag 'pci-v4.19-fixes-2' of ssh://gitolite./linux/kernel/git/helgaas/pci

Bjorn writes:
  "PCI fixes:

  - Fix ACPI hotplug issue that causes black screen crash at boot (Mika
    Westerberg)

  - Fix DesignWare "scheduling while atomic" issues (Jisheng Zhang)

  - Add PPC contacts to MAINTAINERS for PCI core error handling (Bjorn
    Helgaas)

  - Sort Mobiveil MAINTAINERS entry (Lorenzo Pieralisi)"

* tag 'pci-v4.19-fixes-2' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
  ACPI / hotplug / PCI: Don't scan for non-hotplug bridges if slot is not bridge
  PCI: dwc: Fix scheduling while atomic issues
  MAINTAINERS: Move mobiveil PCI driver entry where it belongs
  MAINTAINERS: Update PPC contacts for PCI core error handling

2 years agoMerge branch 'nvme-4.19' of git://git.infradead.org/nvme into for-linus
Jens Axboe [Fri, 28 Sep 2018 15:41:40 +0000 (09:41 -0600)]
Merge branch 'nvme-4.19' of git://git.infradead.org/nvme into for-linus

Pull NVMe fix from Christoph.

* 'nvme-4.19' of git://git.infradead.org/nvme:
  nvme: properly propagate errors in nvme_mpath_init

2 years agoxen/blkfront: correct purging of persistent grants
Juergen Gross [Fri, 28 Sep 2018 07:28:27 +0000 (09:28 +0200)]
xen/blkfront: correct purging of persistent grants

Commit a46b53672b2c2e3770b38a4abf90d16364d2584b ("xen/blkfront: cleanup
stale persistent grants") introduced a regression as purged persistent
grants were not pu into the list of free grants again. Correct that.

Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2 years agoRevert "xen/blkfront: When purging persistent grants, keep them in the buffer"
Jens Axboe [Fri, 28 Sep 2018 15:40:17 +0000 (09:40 -0600)]
Revert "xen/blkfront: When purging persistent grants, keep them in the buffer"

Fix didn't work for all cases, reverting to add a (hopefully)
better fix.

This reverts commit f151ba989d149bbdfc90e5405724bbea094f9b17.

Signed-off-by: Jens Axboe <axboe@kernel.dk>
2 years agoselftests/powerpc: Fix Makefiles for headers_install change
Michael Ellerman [Fri, 28 Sep 2018 04:53:18 +0000 (14:53 +1000)]
selftests/powerpc: Fix Makefiles for headers_install change

Commit b2d35fa5fc80 ("selftests: add headers_install to lib.mk")
introduced a requirement that Makefiles more than one level below the
selftests directory need to define top_srcdir, but it didn't update
any of the powerpc Makefiles.

This broke building all the powerpc selftests with eg:

  make[1]: Entering directory '/src/linux/tools/testing/selftests/powerpc'
  BUILD_TARGET=/src/linux/tools/testing/selftests/powerpc/alignment; mkdir -p $BUILD_TARGET; make OUTPUT=$BUILD_TARGET -k -C alignment all
  make[2]: Entering directory '/src/linux/tools/testing/selftests/powerpc/alignment'
  ../../lib.mk:20: ../../../../scripts/subarch.include: No such file or directory
  make[2]: *** No rule to make target '../../../../scripts/subarch.include'.
  make[2]: Failed to remake makefile '../../../../scripts/subarch.include'.
  Makefile:38: recipe for target 'alignment' failed

Fix it by setting top_srcdir in the affected Makefiles.

Fixes: b2d35fa5fc80 ("selftests: add headers_install to lib.mk")
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2 years agoMerge branch 'drm-fixes-4.19' of git://people.freedesktop.org/~agd5f/linux into drm...
Dave Airlie [Thu, 27 Sep 2018 23:30:11 +0000 (09:30 +1000)]
Merge branch 'drm-fixes-4.19' of git://people.freedesktop.org/~agd5f/linux into drm-fixes

Just a few fixes for 4.19:
- Couple of suspend/resume fixes
- Fix EDID emulation with DC

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Alex Deucher <alexdeucher@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20180927155418.2813-1-alexander.deucher@amd.com
2 years agoMerge tag 'drm-misc-fixes-2018-09-27-1' of git://anongit.freedesktop.org/drm/drm...
Dave Airlie [Thu, 27 Sep 2018 23:25:26 +0000 (09:25 +1000)]
Merge tag 'drm-misc-fixes-2018-09-27-1' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes

- Revert adding device-link to panels
- Don't leak fences in drm/syncobj

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Sean Paul <sean@poorly.run>
Link: https://patchwork.freedesktop.org/patch/msgid/20180927152712.GA53076@art_vandelay
2 years agoMerge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
Greg Kroah-Hartman [Thu, 27 Sep 2018 19:53:55 +0000 (21:53 +0200)]
Merge tag 'for-linus' of git://git./linux/kernel/git/rdma/rdma

Jason writes:
  "Second RDMA rc pull request

   - Fix a long standing race bug when destroying comp_event file descriptors

   - srp, hfi1, bnxt_re: Various driver crashes from missing validation
     and other cases

   - Fixes for regressions in patches merged this window in the gid
     cache, devx, ucma and uapi."

* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
  RDMA/core: Set right entry state before releasing reference
  IB/mlx5: Destroy the DEVX object upon error flow
  IB/uverbs: Free uapi on destroy
  RDMA/bnxt_re: Fix system crash during RDMA resource initialization
  IB/hfi1: Fix destroy_qp hang after a link down
  IB/hfi1: Fix context recovery when PBC has an UnsupportedVL
  IB/hfi1: Invalid user input can result in crash
  IB/hfi1: Fix SL array bounds check
  RDMA/uverbs: Fix validity check for modify QP
  IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop
  ucma: fix a use-after-free in ucma_resolve_ip()
  RDMA/uverbs: Atomically flush and mark closed the comp event queue
  cxgb4: fix abort_req_rss6 struct

2 years agoMerge tag 'for_v4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
Greg Kroah-Hartman [Thu, 27 Sep 2018 19:16:24 +0000 (21:16 +0200)]
Merge tag 'for_v4.19-rc6' of git://git./linux/kernel/git/jack/linux-fs

Jan writes:
  "an ext2 patch fixing fsync(2) for DAX mounts."

* tag 'for_v4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
  ext2, dax: set ext2_dax_aops for dax files

2 years agoblk-mq: I/O and timer unplugs are inverted in blktrace
Ilya Dryomov [Wed, 26 Sep 2018 12:35:50 +0000 (14:35 +0200)]
blk-mq: I/O and timer unplugs are inverted in blktrace

trace_block_unplug() takes true for explicit unplugs and false for
implicit unplugs.  schedule() unplugs are implicit and should be
reported as timer unplugs.  While correct in the legacy code, this has
been inverted in blk-mq since 4.11.

Cc: stable@vger.kernel.org
Fixes: bd166ef183c2 ("blk-mq-sched: add framework for MQ capable IO schedulers")
Reviewed-by: Omar Sandoval <osandov@fb.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2 years agodax: Fix deadlock in dax_lock_mapping_entry()
Jan Kara [Thu, 27 Sep 2018 11:23:32 +0000 (13:23 +0200)]
dax: Fix deadlock in dax_lock_mapping_entry()

When dax_lock_mapping_entry() has to sleep to obtain entry lock, it will
fail to unlock mapping->i_pages spinlock and thus immediately deadlock
against itself when retrying to grab the entry lock again. Fix the
problem by unlocking mapping->i_pages before retrying.

Fixes: c2a7d2a11552 ("filesystem-dax: Introduce dax_lock_mapping_entry()")
Reported-by: Barret Rhoden <brho@google.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
2 years agox86/boot: Fix kexec booting failure in the SEV bit detection code
Kairui Song [Thu, 27 Sep 2018 12:38:45 +0000 (20:38 +0800)]
x86/boot: Fix kexec booting failure in the SEV bit detection code

Commit

  1958b5fc4010 ("x86/boot: Add early boot support when running with SEV active")

can occasionally cause system resets when kexec-ing a second kernel even
if SEV is not active.

That's because get_sev_encryption_bit() uses 32-bit rIP-relative
addressing to read the value of enc_bit - a variable which caches a
previously detected encryption bit position - but kexec may allocate
the early boot code to a higher location, beyond the 32-bit addressing
limit.

In this case, garbage will be read and get_sev_encryption_bit() will
return the wrong value, leading to accessing memory with the wrong
encryption setting.

Therefore, remove enc_bit, and thus get rid of the need to do 32-bit
rIP-relative addressing in the first place.

 [ bp: massage commit message heavily. ]

Fixes: 1958b5fc4010 ("x86/boot: Add early boot support when running with SEV active")
Suggested-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Kairui Song <kasong@redhat.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Cc: linux-kernel@vger.kernel.org
Cc: tglx@linutronix.de
Cc: mingo@redhat.com
Cc: hpa@zytor.com
Cc: brijesh.singh@amd.com
Cc: kexec@lists.infradead.org
Cc: dyoung@redhat.com
Cc: bhe@redhat.com
Cc: ghook@redhat.com
Link: https://lkml.kernel.org/r/20180927123845.32052-1-kasong@redhat.com
2 years agobcache: add separate workqueue for journal_write to avoid deadlock
Guoju Fang [Thu, 27 Sep 2018 15:41:46 +0000 (23:41 +0800)]
bcache: add separate workqueue for journal_write to avoid deadlock

After write SSD completed, bcache schedules journal_write work to
system_wq, which is a public workqueue in system, without WQ_MEM_RECLAIM
flag. system_wq is also a bound wq, and there may be no idle kworker on
current processor. Creating a new kworker may unfortunately need to
reclaim memory first, by shrinking cache and slab used by vfs, which
depends on bcache device. That's a deadlock.

This patch create a new workqueue for journal_write with WQ_MEM_RECLAIM
flag. It's rescuer thread will work to avoid the deadlock.

Signed-off-by: Guoju Fang <fangguoju@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2 years agodrm/amd/display: Fix Edid emulation for linux
Bhawanpreet Lakha [Wed, 26 Sep 2018 17:42:10 +0000 (13:42 -0400)]
drm/amd/display: Fix Edid emulation for linux

[Why]
EDID emulation didn't work properly for linux, as we stop programming
if nothing is connected physically.

[How]
We get a flag from DRM when we want to do edid emulation. We check if
this flag is true and nothing is connected physically, if so we only
program the front end using VIRTUAL_SIGNAL.

Signed-off-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Reviewed-by: Harry Wentland <Harry.Wentland@amd.com>
Acked-by: Leo Li <sunpeng.li@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
2 years agodrm/amd/display: Fix Vega10 lightup on S3 resume
Roman Li [Wed, 26 Sep 2018 17:42:16 +0000 (13:42 -0400)]
drm/amd/display: Fix Vega10 lightup on S3 resume

[Why]
There have been a few reports of Vega10 display remaining blank
after S3 resume. The regression is caused by workaround for mode
change on Vega10 - skip set_bandwidth if stream count is 0.
As a result we skipped dispclk reset on suspend, thus on resume
we may skip the clock update assuming it hasn't been changed.
On some systems it causes display blank or 'out of range'.

[How]
Revert "drm/amd/display: Fix Vega10 black screen after mode change"
Verified that it hadn't cause mode change regression.

Signed-off-by: Roman Li <Roman.Li@amd.com>
Reviewed-by: Sun peng Li <Sunpeng.Li@amd.com>
Acked-by: Leo Li <sunpeng.li@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
2 years agodrm/amdgpu: Fix vce work queue was not cancelled when suspend
Rex Zhu [Thu, 27 Sep 2018 12:48:39 +0000 (20:48 +0800)]
drm/amdgpu: Fix vce work queue was not cancelled when suspend

The vce cancel_delayed_work_sync never be called.
driver call the function in error path.

This caused the A+A suspend hang when runtime pm enebled.
As we will visit the smu in the idle queue. this will cause
smu hang because the dgpu has been suspend, and the dgpu also
will be waked up. As the smu has been hang, so the dgpu resume
will failed.

Reviewed-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Feifei Xu <Feifei.Xu@amd.com>
Signed-off-by: Rex Zhu <Rex.Zhu@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
2 years agoRevert "drm/panel: Add device_link from panel device to DRM device"
Linus Walleij [Thu, 27 Sep 2018 12:41:30 +0000 (14:41 +0200)]
Revert "drm/panel: Add device_link from panel device to DRM device"

This reverts commit 0c08754b59da5557532d946599854e6df28edc22.

commit 0c08754b59da
("drm/panel: Add device_link from panel device to DRM device")
creates a circular dependency under these circumstances:

1. The panel depends on dsi-host because it is MIPI-DSI child
   device.
2. dsi-host depends on the drm parent device (connector->dev->dev)
   this should be allowed.
3. drm parent dev (connector->dev->dev) depends on the panel
   after this patch.

This makes the dependency circular and while it appears it
does not affect any in-tree drivers (they do not seem to have
dsi hosts depending on the same parent device) this does not
seem right.

As noted in a response from Andrzej Hajda, the intent is
likely to make the panel dependent on the DRM device
(connector->dev) not its parent. But we have no way of
doing that since the DRM device doesn't contain any
struct device on its own (arguably it should).

Revert this until a proper approach is figured out.

Cc: Jyri Sarha <jsarha@ti.com>
Cc: Eric Anholt <eric@anholt.net>
Cc: Andrzej Hajda <a.hajda@samsung.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sean Paul <seanpaul@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20180927124130.9102-1-linus.walleij@linaro.org
2 years agoMerge branch 'clockevents/4.19-fixes' of https://git.linaro.org/people/daniel.lezcano...
Thomas Gleixner [Thu, 27 Sep 2018 14:50:22 +0000 (16:50 +0200)]
Merge branch 'clockevents/4.19-fixes' of https://git.linaro.org/people/daniel.lezcano/linux into timers/urgent

Pull another fix from Daniel Lezcano, which felt through the cracks:

 - Fix a potential memory leak reported by smatch in the atmel timer driver

2 years agoxen/blkfront: When purging persistent grants, keep them in the buffer
Boris Ostrovsky [Sat, 22 Sep 2018 19:55:49 +0000 (15:55 -0400)]
xen/blkfront: When purging persistent grants, keep them in the buffer

Commit a46b53672b2c ("xen/blkfront: cleanup stale persistent grants")
added support for purging persistent grants when they are not in use. As
part of the purge, the grants were removed from the grant buffer, This
eventually causes the buffer to become empty, with BUG_ON triggered in
get_free_grant(). This can be observed even on an idle system, within
20-30 minutes.

We should keep the grants in the buffer when purging, and only free the
grant ref.

Fixes: a46b53672b2c ("xen/blkfront: cleanup stale persistent grants")
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2 years agoclocksource/drivers/timer-atmel-pit: Properly handle error cases
Alexandre Belloni [Wed, 25 Apr 2018 10:14:39 +0000 (12:14 +0200)]
clocksource/drivers/timer-atmel-pit: Properly handle error cases

The smatch utility reports a possible leak:

smatch warnings:
drivers/clocksource/timer-atmel-pit.c:183 at91sam926x_pit_dt_init() warn: possible memory leak of 'data'

Ensure data is freed before exiting with an error.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Cc: stable@vger.kernel.org
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
2 years agoblock: fix deadline elevator drain for zoned block devices
Damien Le Moal [Thu, 27 Sep 2018 01:55:13 +0000 (10:55 +0900)]
block: fix deadline elevator drain for zoned block devices

When the deadline scheduler is used with a zoned block device, writes
to a zone will be dispatched one at a time. This causes the warning
message:

deadline: forced dispatching is broken (nr_sorted=X), please report this

to be displayed when switching to another elevator with the legacy I/O
path while write requests to a zone are being retained in the scheduler
queue.

Prevent this message from being displayed when executing
elv_drain_elevator() for a zoned block device. __blk_drain_queue() will
loop until all writes are dispatched and completed, resulting in the
desired elevator queue drain without extensive modifications to the
deadline code itself to handle forced-dispatch calls.

Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Fixes: 8dc8146f9c92 ("deadline-iosched: Introduce zone locking support")
Cc: stable@vger.kernel.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2 years agoMerge branch 'for-upstream/malidp-fixes' of git://linux-arm.org/linux-ld into drm...
Dave Airlie [Thu, 27 Sep 2018 00:49:44 +0000 (10:49 +1000)]
Merge branch 'for-upstream/malidp-fixes' of git://linux-arm.org/linux-ld into drm-fixes

Fix NV12 writeback and fix vblank reset.

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Liviu Dudau <Liviu.Dudau@arm.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20180921112354.GR936@e110455-lin.cambridge.arm.com
2 years agoMerge branch 'etnaviv/fixes' of https://git.pengutronix.de/git/lst/linux into drm...
Dave Airlie [Thu, 27 Sep 2018 00:19:26 +0000 (10:19 +1000)]
Merge branch 'etnaviv/fixes' of https://git.pengutronix.de/git/lst/linux into drm-fixes

one fix to get a proper DMA configuration in place for the etnaviv
virtual device. I'm sending this as a fix, as a dma-mapping change at
the ARC architecture side during the 4.19 cycle broke etnaviv on this
platform, which gets remedied with this patch, but it also enables
ARM64.

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Lucas Stach <l.stach@pengutronix.de>
Link: https://patchwork.freedesktop.org/patch/msgid/ea1f712bf09bf9439c6b092bf2c2bde7bb01cf5e.camel@pengutronix.de
2 years agoACPI / hotplug / PCI: Don't scan for non-hotplug bridges if slot is not bridge
Mika Westerberg [Wed, 26 Sep 2018 20:39:28 +0000 (15:39 -0500)]
ACPI / hotplug / PCI: Don't scan for non-hotplug bridges if slot is not bridge

HP 6730b laptop has an ethernet NIC connected to one of the PCIe root
ports.  The root ports themselves are native PCIe hotplug capable.  Now,
during boot after PCI devices are scanned the BIOS triggers ACPI bus check
directly to the NIC:

  ACPI: \_SB_.PCI0.RP06.NIC_: Bus check in hotplug_event()

It is not clear why it is sending bus check but regardless the ACPI hotplug
notify handler calls enable_slot() directly (instead of going through
acpiphp_check_bridge() as there is no bridge), which ends up handling
special case for non-hotplug bridges with native PCIe hotplug.  This
results a crash of some kind but the reporter only sees black screen so it
is hard to figure out the exact spot and what actually happens.  Based on
a few fix proposals it was tracked to crash somewhere inside
pci_assign_unassigned_bridge_resources().

In any case we should not really be in that special branch at all because
the ACPI notify happened to a slot that is not a PCI bridge (it is just a
regular PCI device).

Fix this so that we only go to that special branch if we are calling
enable_slot() for a bridge (e.g., the ACPI notification was for the
bridge).

Link: https://bugzilla.kernel.org/show_bug.cgi?id=201127
Fixes: 84c8b58ed3ad ("ACPI / hotplug / PCI: Don't scan bridges managed by native hotplug")
Reported-by: Peter Anemone <peter.anemone@gmail.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
CC: stable@vger.kernel.org # v4.18+
2 years agodrm/syncobj: Don't leak fences when WAIT_FOR_SUBMIT is set
Jason Ekstrand [Wed, 26 Sep 2018 07:17:03 +0000 (02:17 -0500)]
drm/syncobj: Don't leak fences when WAIT_FOR_SUBMIT is set

We attempt to get fences earlier in the hopes that everything will
already have fences and no callbacks will be needed.  If we do succeed
in getting a fence, getting one a second time will result in a duplicate
ref with no unref.  This is causing memory leaks in Vulkan applications
that create a lot of fences; playing for a few hours can, apparently,
bring down the system.

Cc: stable@vger.kernel.org
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107899
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Jason Ekstrand <jason@jlekstrand.net>
Signed-off-by: Sean Paul <seanpaul@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20180926071703.15257-1-jason.ekstrand@intel.com
2 years agoMerge tag 'iommu-fixes-v4.19-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git...
Greg Kroah-Hartman [Wed, 26 Sep 2018 11:08:53 +0000 (13:08 +0200)]
Merge tag 'iommu-fixes-v4.19-rc5' of git://git./linux/kernel/git/joro/iommu

Joerg writes:
  "IOMMU Fixes for Linux v4.19-rc5

   Three fixes queued up:

- Warning fix for Rockchip IOMMU where there were IRQ handlers
  for offlined hardware.

- Fix for Intel VT-d because recent changes caused boot failures
  on some machines because it tried to allocate to much
  contiguous memory.

- Fix for AMD IOMMU to handle eMMC devices correctly that appear
  as ACPI HID devices."

* tag 'iommu-fixes-v4.19-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
  iommu/amd: Return devid as alias for ACPI HID devices
  iommu/vt-d: Handle memory shortage on pasid table allocation
  iommu/rockchip: Free irqs in shutdown handler

2 years agoiommu/amd: Return devid as alias for ACPI HID devices
Arindam Nath [Tue, 18 Sep 2018 10:10:58 +0000 (15:40 +0530)]
iommu/amd: Return devid as alias for ACPI HID devices

ACPI HID devices do not actually have an alias for
them in the IVRS. But dev_data->alias is still used
for indexing into the IOMMU device table for devices
being handled by the IOMMU. So for ACPI HID devices,
we simply return the corresponding devid as an alias,
as parsed from IVRS table.

Signed-off-by: Arindam Nath <arindam.nath@amd.com>
Fixes: 2bf9a0a12749 ('iommu/amd: Add iommu support for ACPI HID devices')
Signed-off-by: Joerg Roedel <jroedel@suse.de>
2 years agoblk-mq: Allow blocking queue tag iter callbacks
Keith Busch [Tue, 25 Sep 2018 16:36:20 +0000 (10:36 -0600)]
blk-mq: Allow blocking queue tag iter callbacks

A recent commit runs tag iterator callbacks under the rcu read lock,
but existing callbacks do not satisfy the non-blocking requirement.
The commit intended to prevent an iterator from accessing a queue that's
being modified. This patch fixes the original issue by taking a queue
reference instead of reading it, which allows callbacks to make blocking
calls.

Fixes: f5bbbbe4d6357 ("blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter")
Acked-by: Jianchao Wang <jianchao.w.wang@oracle.com>
Signed-off-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2 years agonvme: properly propagate errors in nvme_mpath_init
Susobhan Dey [Tue, 25 Sep 2018 19:29:15 +0000 (12:29 -0700)]
nvme: properly propagate errors in nvme_mpath_init

Signed-off-by: Susobhan Dey <susobhan.dey@gmail.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
2 years agodma-mapping: add the missing ARCH_HAS_SYNC_DMA_FOR_CPU_ALL declaration
Christoph Hellwig [Tue, 11 Sep 2018 09:00:49 +0000 (11:00 +0200)]
dma-mapping: add the missing ARCH_HAS_SYNC_DMA_FOR_CPU_ALL declaration

The patch adding the infrastructure failed to actually add the symbol
declaration, oops..

Fixes: faef87723a ("dma-noncoherent: add a arch_sync_dma_for_cpu_all hook")
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Paul Burton <paul.burton@mips.com>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
2 years agoRDMA/core: Set right entry state before releasing reference
Parav Pandit [Tue, 25 Sep 2018 09:10:40 +0000 (12:10 +0300)]
RDMA/core: Set right entry state before releasing reference

Currently add_modify_gid() for IB link layer has followong issue
in cache update path.

When GID update event occurs, core releases reference to the GID
table without updating its state and/or entry pointer.

CPU-0                              CPU-1
------                             -----
ib_cache_update()                    IPoIB ULP
   add_modify_gid()                   [..]
      put_gid_entry()
      refcnt = 0, but
      state = valid,
      entry is valid.
      (work item is not yet executed).
                                   ipoib_create_ah()
                                     rdma_create_ah()
                                        rdma_get_gid_attr() <--
                                    Tries to acquire gid_attr
                                        which has refcnt = 0.
                                    This is incorrect.

GID entry state and entry pointer is provides the accurate GID enty
state. Such fields must be updated with rwlock to protect against
readers and, such fields must be in sane state before refcount can drop
to zero. Otherwise above race condition can happen leading to
use-after-free situation.

Following backtrace has been observed when cache update for an IB port
is triggered while IPoIB ULP is creating an AH.

Therefore, when updating GID entry, first mark a valid entry as invalid
through state and set the barrier so that no callers can acquired
the GID entry, followed by release reference to it.

refcount_t: increment on 0; use-after-free.
WARNING: CPU: 4 PID: 29106 at lib/refcount.c:153 refcount_inc_checked+0x30/0x50
Workqueue: ib-comp-unb-wq ib_cq_poll_work [ib_core]
RIP: 0010:refcount_inc_checked+0x30/0x50
RSP: 0018:ffff8802ad36f600 EFLAGS: 00010082
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000002 RSI: 0000000000000008 RDI: ffffffff86710100
RBP: ffff8802d6e60a30 R08: ffffed005d67bf8b R09: ffffed005d67bf8b
R10: 0000000000000001 R11: ffffed005d67bf8a R12: ffff88027620cee8
R13: ffff8802d6e60988 R14: ffff8802d6e60a78 R15: 0000000000000202
FS: 0000000000000000(0000) GS:ffff8802eb200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f3ab35e5c88 CR3: 00000002ce84a000 CR4: 00000000000006e0
IPv6: ADDRCONF(NETDEV_CHANGE): ib1: link becomes ready
Call Trace:
rdma_get_gid_attr+0x220/0x310 [ib_core]
? lock_acquire+0x145/0x3a0
rdma_fill_sgid_attr+0x32c/0x470 [ib_core]
rdma_create_ah+0x89/0x160 [ib_core]
? rdma_fill_sgid_attr+0x470/0x470 [ib_core]
? ipoib_create_ah+0x52/0x260 [ib_ipoib]
ipoib_create_ah+0xf5/0x260 [ib_ipoib]
ipoib_mcast_join_complete+0xbbe/0x2540 [ib_ipoib]

Fixes: b150c3862d21 ("IB/core: Introduce GID entry reference counts")
Signed-off-by: Parav Pandit <parav@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
2 years agoIB/mlx5: Destroy the DEVX object upon error flow
Yishai Hadas [Tue, 25 Sep 2018 09:11:12 +0000 (12:11 +0300)]
IB/mlx5: Destroy the DEVX object upon error flow

Upon DEVX object creation the object must be destroyed upon a follows
error flow.

Fixes: 7efce3691d33 ("IB/mlx5: Add obj create and destroy functionality")
Signed-off-by: Yishai Hadas <yishaih@mellanox.com>
Reviewed-by: Artemy Kovalyov <artemyko@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
2 years agoIB/uverbs: Free uapi on destroy
Mark Bloch [Tue, 25 Sep 2018 08:23:55 +0000 (11:23 +0300)]
IB/uverbs: Free uapi on destroy

Make sure we free struct uverbs_api once we clean the radix tree. It was
allocated by uverbs_alloc_api().

Fixes: 9ed3e5f44772 ("IB/uverbs: Build the specs into a radix tree at runtime")
Reported-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Mark Bloch <markb@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
2 years agoerge tag 'libnvdimm-fixes-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel...
Greg Kroah-Hartman [Tue, 25 Sep 2018 19:37:41 +0000 (21:37 +0200)]
erge tag 'libnvdimm-fixes-4.19-rc6' of git://git./linux/kernel/git/nvdimm/nvdimm

Dan writes:
  "libnvdimm/dax for 4.19-rc6

  * (2) fixes for the dax error handling updates that were merged for
  v4.19-rc1. My mails to Al have been bouncing recently, so I do not have
  his ack but the uaccess change is of the trivial / obviously correct
  variety. The address_space_operations fixes a regression.

  * A filesystem-dax fix to correct the zero page lookup to be compatible
   with non-x86 (mips and s390) architectures."

* tag 'libnvdimm-fixes-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
  device-dax: Add missing address_space_operations
  uaccess: Fix is_source param for check_copy_size() in copy_to_iter_mcsafe()
  filesystem-dax: Fix use of zero page

2 years agoMerge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Greg Kroah-Hartman [Tue, 25 Sep 2018 16:14:14 +0000 (18:14 +0200)]
Merge tag 'scsi-fixes' of git://git./linux/kernel/git/jejb/scsi

James writes:
  "SCSI fixes on 20180925

   Nine obvious bug fixes mostly in individual drivers.  The target fix
   is of particular importance because it's CVE related."

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: sd: don't crash the host on invalid commands
  scsi: ipr: System hung while dlpar adding primary ipr adapter back
  scsi: target: iscsi: Use bin2hex instead of a re-implementation
  scsi: target: iscsi: Use hex2bin instead of a re-implementation
  scsi: lpfc: Synchronize access to remoteport via rport
  scsi: ufs: Disable blk-mq for now
  scsi: sd: Contribute to randomness when running rotational device
  scsi: ibmvscsis: Ensure partition name is properly NUL terminated
  scsi: ibmvscsis: Fix a stringop-overflow warning

2 years agoMerge tag 'usb-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Greg Kroah-Hartman [Tue, 25 Sep 2018 15:54:55 +0000 (17:54 +0200)]
Merge tag 'usb-4.19-rc6' of git://git./linux/kernel/git/gregkh/usb

I wrote:
  "USB fixes for 4.19-rc6

   Here are some small USB core and driver fixes for reported issues for
   4.19-rc6.

   The most visible is the oops fix for when the USB core is built into the
   kernel that is present in 4.18.  Turns out not many people actually do
   that so it went unnoticed for a while.  The rest is some tiny typec,
   musb, and other core fixes.

   All have been in linux-next with no reported issues."

* tag 'usb-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  usb: typec: mux: Take care of driver module reference counting
  usb: core: safely deal with the dynamic quirk lists
  usb: roles: Take care of driver module reference counting
  USB: handle NULL config in usb_find_alt_setting()
  USB: fix error handling in usb_driver_claim_interface()
  USB: remove LPM management from usb_driver_claim_interface()
  USB: usbdevfs: restore warning for nonsensical flags
  USB: usbdevfs: sanitize flags more
  Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()"
  usb: musb: dsps: do not disable CPPI41 irq in driver teardown

2 years agoMerge tag 'tty-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
Greg Kroah-Hartman [Tue, 25 Sep 2018 15:22:50 +0000 (17:22 +0200)]
Merge tag 'tty-4.19-rc6' of git://git./linux/kernel/git/gregkh/tty

I wrote:
  "TTY/Serial driver fixes for 4.19-rc6

   Here are a number of small tty and serial driver fixes for reported
   issues for 4.19-rc6.

   One should hopefully resolve a much-reported issue that syzbot has found
   in the tty layer.  Although there are still more issues there, getting
   this fixed is nice to see finally happen.

   All of these have been in linux-next for a while with no reported
   issues."

* tag 'tty-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
  serial: imx: restore handshaking irq for imx1
  tty: vt_ioctl: fix potential Spectre v1
  tty: Drop tty->count on tty_reopen() failure
  serial: cpm_uart: return immediately from console poll
  tty: serial: lpuart: avoid leaking struct tty_struct
  serial: mvebu-uart: Fix reporting of effective CSIZE to userspace

2 years agoMerge tag 'char-misc-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregk...
Greg Kroah-Hartman [Tue, 25 Sep 2018 15:01:52 +0000 (17:01 +0200)]
Merge tag 'char-misc-4.19-rc6' of git://git./linux/kernel/git/gregkh/char-misc

Greg (well I), wrote:
  "Char/Misc driver fixes for 4.19-rc6

   Here are some soundwire and intel_th (tracing) driver fixes for some
   reported issues.

   All of these have been in linux-next for a week with no reported issues."

* tag 'char-misc-4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
  intel_th: pci: Add Ice Lake PCH support
  intel_th: Fix resource handling for ACPI glue layer
  intel_th: Fix device removal logic
  soundwire: Fix acquiring bus lock twice during master release
  soundwire: Fix incorrect exit after configuring stream
  soundwire: Fix duplicate stream state assignment

2 years agopowerpc/numa: Use associativity if VPHN hcall is successful
Srikar Dronamraju [Tue, 25 Sep 2018 12:25:15 +0000 (17:55 +0530)]
powerpc/numa: Use associativity if VPHN hcall is successful

Currently associativity is used to lookup node-id even if the
preceding VPHN hcall failed. However this can cause CPU to be made
part of the wrong node, (most likely to be node 0). This is because
VPHN is not enabled on KVM guests.

With 2ea6263 ("powerpc/topology: Get topology for shared processors at
boot"), associativity is used to set to the wrong node. Hence KVM
guest topology is broken.

For example : A 4 node KVM guest before would have reported.

  [root@localhost ~]#  numactl -H
  available: 4 nodes (0-3)
  node 0 cpus: 0 1 2 3
  node 0 size: 1746 MB
  node 0 free: 1604 MB
  node 1 cpus: 4 5 6 7
  node 1 size: 2044 MB
  node 1 free: 1765 MB
  node 2 cpus: 8 9 10 11
  node 2 size: 2044 MB
  node 2 free: 1837 MB
  node 3 cpus: 12 13 14 15
  node 3 size: 2044 MB
  node 3 free: 1903 MB
  node distances:
  node   0   1   2   3
    0:  10  40  40  40
    1:  40  10  40  40
    2:  40  40  10  40
    3:  40  40  40  10

Would now report:

  [root@localhost ~]# numactl -H
  available: 4 nodes (0-3)
  node 0 cpus: 0 2 3 4 5 6 7 8 9 10 11 12 13 14 15
  node 0 size: 1746 MB
  node 0 free: 1244 MB
  node 1 cpus:
  node 1 size: 2044 MB
  node 1 free: 2032 MB
  node 2 cpus: 1
  node 2 size: 2044 MB
  node 2 free: 2028 MB
  node 3 cpus:
  node 3 size: 2044 MB
  node 3 free: 2032 MB
  node distances:
  node   0   1   2   3
    0:  10  40  40  40
    1:  40  10  40  40
    2:  40  40  10  40
    3:  40  40  40  10

Fix this by skipping associativity lookup if the VPHN hcall failed.

Fixes: 2ea626306810 ("powerpc/topology: Get topology for shared processors at boot")
Signed-off-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2 years agopowerpc/tm: Avoid possible userspace r1 corruption on reclaim
Michael Neuling [Tue, 25 Sep 2018 09:36:47 +0000 (19:36 +1000)]
powerpc/tm: Avoid possible userspace r1 corruption on reclaim

Current we store the userspace r1 to PACATMSCRATCH before finally
saving it to the thread struct.

In theory an exception could be taken here (like a machine check or
SLB miss) that could write PACATMSCRATCH and hence corrupt the
userspace r1. The SLB fault currently doesn't touch PACATMSCRATCH, but
others do.

We've never actually seen this happen but it's theoretically
possible. Either way, the code is fragile as it is.

This patch saves r1 to the kernel stack (which can't fault) before we
turn MSR[RI] back on. PACATMSCRATCH is still used but only with
MSR[RI] off. We then copy r1 from the kernel stack to the thread
struct once we have MSR[RI] back on.

Suggested-by: Breno Leitao <leitao@debian.org>
Signed-off-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2 years agopowerpc/tm: Fix userspace r13 corruption
Michael Neuling [Mon, 24 Sep 2018 07:27:04 +0000 (17:27 +1000)]
powerpc/tm: Fix userspace r13 corruption

When we treclaim we store the userspace checkpointed r13 to a scratch
SPR and then later save the scratch SPR to the user thread struct.

Unfortunately, this doesn't work as accessing the user thread struct
can take an SLB fault and the SLB fault handler will write the same
scratch SPRG that now contains the userspace r13.

To fix this, we store r13 to the kernel stack (which can't fault)
before we access the user thread struct.

Found by running P8 guest + powervm + disable_1tb_segments + TM. Seen
as a random userspace segfault with r13 looking like a kernel address.

Signed-off-by: Michael Neuling <mikey@neuling.org>
Reviewed-by: Breno Leitao <leitao@debian.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2 years agoiommu/vt-d: Handle memory shortage on pasid table allocation
Lu Baolu [Sat, 8 Sep 2018 01:42:53 +0000 (09:42 +0800)]
iommu/vt-d: Handle memory shortage on pasid table allocation

Pasid table memory allocation could return failure due to memory
shortage. Limit the pasid table size to 1MiB because current 8MiB
contiguous physical memory allocation can be hard to come by. W/o
a PASID table, the device could continue to work with only shared
virtual memory impacted. So, let's go ahead with context mapping
even the memory allocation for pasid table failed.

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107783
Fixes: cc580e41260d ("iommu/vt-d: Per PCI device pasid table interfaces")

Cc: Ashok Raj <ashok.raj@intel.com>
Cc: Jacob Pan <jacob.jun.pan@linux.intel.com>
Cc: Mika Westerberg <mika.westerberg@linux.intel.com>
Reported-and-tested-by: Pelton Kyle D <kyle.d.pelton@intel.com>
Tested-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>