1. 21 Sep, 2018 3 commits
    • Vincent Pelletier's avatar
      scsi: target: iscsi: Use hex2bin instead of a re-implementation · 18164943
      Vincent Pelletier authored
      This change has the following effects, in order of descreasing importance:
      
      1) Prevent a stack buffer overflow
      
      2) Do not append an unnecessary NULL to an anyway binary buffer, which
         is writing one byte past client_digest when caller is:
         chap_string_to_hex(client_digest, chap_r, strlen(chap_r));
      
      The latter was found by KASAN (see below) when input value hes expected size
      (32 hex chars), and further analysis revealed a stack buffer overflow can
      happen when network-received value is longer, allowing an unauthenticated
      remote attacker to smash up to 17 bytes after destination buffer (16 bytes
      attacker-controlled and one null).  As switching to hex2bin requires
      specifying destination buffer length, and does not internally append any null,
      it solves both issues.
      
      This addresses CVE-2018-14633.
      
      Beyond this:
      
      - Validate received value length and check hex2bin accepted the input, to log
        this rejection reason instead of just failing authentication.
      
      - Only log received CHAP_R and CHAP_C values once they passed sanity checks.
      
      ==================================================================
      BUG: KASAN: stack-out-of-bounds in chap_string_to_hex+0x32/0x60 [iscsi_target_mod]
      Write of size 1 at addr ffff8801090ef7c8 by task kworker/0:0/1021
      
      CPU: 0 PID: 1021 Comm: kworker/0:0 Tainted: G           O      4.17.8kasan.sess.connops+ #2
      Hardware name: To be filled by O.E.M. To be filled by O.E.M./Aptio CRB, BIOS 5.6.5 05/19/2014
      Workqueue: events iscsi_target_do_login_rx [iscsi_target_mod]
      Call Trace:
       dump_stack+0x71/0xac
       print_address_description+0x65/0x22e
       ? chap_string_to_hex+0x32/0x60 [iscsi_target_mod]
       kasan_report.cold.6+0x241/0x2fd
       chap_string_to_hex+0x32/0x60 [iscsi_target_mod]
       chap_server_compute_md5.isra.2+0x2cb/0x860 [iscsi_target_mod]
       ? chap_binaryhex_to_asciihex.constprop.5+0x50/0x50 [iscsi_target_mod]
       ? ftrace_caller_op_ptr+0xe/0xe
       ? __orc_find+0x6f/0xc0
       ? unwind_next_frame+0x231/0x850
       ? kthread+0x1a0/0x1c0
       ? ret_from_fork+0x35/0x40
       ? ret_from_fork+0x35/0x40
       ? iscsi_target_do_login_rx+0x3bc/0x4c0 [iscsi_target_mod]
       ? deref_stack_reg+0xd0/0xd0
       ? iscsi_target_do_login_rx+0x3bc/0x4c0 [iscsi_target_mod]
       ? is_module_text_address+0xa/0x11
       ? kernel_text_address+0x4c/0x110
       ? __save_stack_trace+0x82/0x100
       ? ret_from_fork+0x35/0x40
       ? save_stack+0x8c/0xb0
       ? 0xffffffffc1660000
       ? iscsi_target_do_login+0x155/0x8d0 [iscsi_target_mod]
       ? iscsi_target_do_login_rx+0x3bc/0x4c0 [iscsi_target_mod]
       ? process_one_work+0x35c/0x640
       ? worker_thread+0x66/0x5d0
       ? kthread+0x1a0/0x1c0
       ? ret_from_fork+0x35/0x40
       ? iscsi_update_param_value+0x80/0x80 [iscsi_target_mod]
       ? iscsit_release_cmd+0x170/0x170 [iscsi_target_mod]
       chap_main_loop+0x172/0x570 [iscsi_target_mod]
       ? chap_server_compute_md5.isra.2+0x860/0x860 [iscsi_target_mod]
       ? rx_data+0xd6/0x120 [iscsi_target_mod]
       ? iscsit_print_session_params+0xd0/0xd0 [iscsi_target_mod]
       ? cyc2ns_read_begin.part.2+0x90/0x90
       ? _raw_spin_lock_irqsave+0x25/0x50
       ? memcmp+0x45/0x70
       iscsi_target_do_login+0x875/0x8d0 [iscsi_target_mod]
       ? iscsi_target_check_first_request.isra.5+0x1a0/0x1a0 [iscsi_target_mod]
       ? del_timer+0xe0/0xe0
       ? memset+0x1f/0x40
       ? flush_sigqueue+0x29/0xd0
       iscsi_target_do_login_rx+0x3bc/0x4c0 [iscsi_target_mod]
       ? iscsi_target_nego_release+0x80/0x80 [iscsi_target_mod]
       ? iscsi_target_restore_sock_callbacks+0x130/0x130 [iscsi_target_mod]
       process_one_work+0x35c/0x640
       worker_thread+0x66/0x5d0
       ? flush_rcu_work+0x40/0x40
       kthread+0x1a0/0x1c0
       ? kthread_bind+0x30/0x30
       ret_from_fork+0x35/0x40
      
      The buggy address belongs to the page:
      page:ffffea0004243bc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
      flags: 0x17fffc000000000()
      raw: 017fffc000000000 0000000000000000 0000000000000000 00000000ffffffff
      raw: ffffea0004243c20 ffffea0004243ba0 0000000000000000 0000000000000000
      page dumped because: kasan: bad access detected
      
      Memory state around the buggy address:
       ffff8801090ef680: f2 f2 f2 f2 f2 f2 f2 01 f2 f2 f2 f2 f2 f2 f2 00
       ffff8801090ef700: f2 f2 f2 f2 f2 f2 f2 00 02 f2 f2 f2 f2 f2 f2 00
      >ffff8801090ef780: 00 f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2 f2 f2 00
                                                    ^
       ffff8801090ef800: 00 f2 f2 f2 f2 f2 f2 00 00 00 00 02 f2 f2 f2 f2
       ffff8801090ef880: f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2 f2 f2 00
      ==================================================================
      Signed-off-by: default avatarVincent Pelletier <plr.vincent@gmail.com>
      Reviewed-by: default avatarMike Christie <mchristi@redhat.com>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      18164943
    • James Smart's avatar
      scsi: lpfc: Synchronize access to remoteport via rport · 9e210178
      James Smart authored
      The driver currently uses the ndlp to get the local rport which is then used
      to get the nvme transport remoteport pointer. There can be cases where a stale
      remoteport pointer is obtained as synchronization isn't done through the
      different dereferences.
      
      Correct by using locks to synchronize the dereferences.
      Signed-off-by: default avatarDick Kennedy <dick.kennedy@broadcom.com>
      Signed-off-by: default avatarJames Smart <jsmart2021@gmail.com>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      9e210178
    • Adrian Hunter's avatar
      scsi: ufs: Disable blk-mq for now · d87161be
      Adrian Hunter authored
      blk-mq does not support runtime pm, so disable blk-mq support for now.
      
      Fixes: d5038a13 ("scsi: core: switch to scsi-mq by default")
      Signed-off-by: default avatarAdrian Hunter <adrian.hunter@intel.com>
      Acked-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      d87161be
  2. 17 Sep, 2018 3 commits
  3. 12 Sep, 2018 2 commits
  4. 30 Aug, 2018 3 commits
    • Nilesh Javali's avatar
      scsi: qedi: Add the CRC size within iSCSI NVM image · c77a2fa3
      Nilesh Javali authored
      The QED driver commit, 1ac4329a ("qed: Add configuration information
      to register dump and debug data"), removes the CRC length validation
      causing nvm_get_image failure while loading qedi driver:
      
      [qed_mcp_get_nvm_image:2700(host_10-0)]Image [0] is too big - 00006008 bytes
      where only 00006004 are available
      [qedi_get_boot_info:2253]:10: Could not get NVM image. ret = -12
      
      Hence add and adjust the CRC size to iSCSI NVM image to read boot info at
      qedi load time.
      Signed-off-by: default avatarNilesh Javali <nilesh.javali@cavium.com>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      c77a2fa3
    • Mike Christie's avatar
      scsi: iscsi: target: Fix conn_ops double free · 05a86e78
      Mike Christie authored
      If iscsi_login_init_conn fails it can free conn_ops.
      __iscsi_target_login_thread will then call iscsi_target_login_sess_out
      which will also free it.
      
      This fixes the problem by organizing conn allocation/setup into parts that
      are needed through the life of the conn and parts that are only needed for
      the login. The free functions then release what was allocated in the alloc
      functions.
      
      With this patch we have:
      
      iscsit_alloc_conn/iscsit_free_conn - allocs/frees the conn we need for the
      entire life of the conn.
      
      iscsi_login_init_conn/iscsi_target_nego_release - allocs/frees the parts
      of the conn that are only needed during login.
      Signed-off-by: default avatarMike Christie <mchristi@redhat.com>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      05a86e78
    • Vincent Pelletier's avatar
      scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails · 7915919b
      Vincent Pelletier authored
      Fixes a use-after-free reported by KASAN when later
      iscsi_target_login_sess_out gets called and it tries to access
      conn->sess->se_sess:
      
      Disabling lock debugging due to kernel taint
      iSCSI Login timeout on Network Portal [::]:3260
      iSCSI Login negotiation failed.
      ==================================================================
      BUG: KASAN: use-after-free in
      iscsi_target_login_sess_out.cold.12+0x58/0xff [iscsi_target_mod]
      Read of size 8 at addr ffff880109d070c8 by task iscsi_np/980
      
      CPU: 1 PID: 980 Comm: iscsi_np Tainted: G           O
      4.17.8kasan.sess.connops+ #4
      Hardware name: To be filled by O.E.M. To be filled by O.E.M./Aptio CRB,
      BIOS 5.6.5 05/19/2014
      Call Trace:
       dump_stack+0x71/0xac
       print_address_description+0x65/0x22e
       ? iscsi_target_login_sess_out.cold.12+0x58/0xff [iscsi_target_mod]
       kasan_report.cold.6+0x241/0x2fd
       iscsi_target_login_sess_out.cold.12+0x58/0xff [iscsi_target_mod]
       iscsi_target_login_thread+0x1086/0x1710 [iscsi_target_mod]
       ? __sched_text_start+0x8/0x8
       ? iscsi_target_login_sess_out+0x250/0x250 [iscsi_target_mod]
       ? __kthread_parkme+0xcc/0x100
       ? parse_args.cold.14+0xd3/0xd3
       ? iscsi_target_login_sess_out+0x250/0x250 [iscsi_target_mod]
       kthread+0x1a0/0x1c0
       ? kthread_bind+0x30/0x30
       ret_from_fork+0x35/0x40
      
      Allocated by task 980:
       kasan_kmalloc+0xbf/0xe0
       kmem_cache_alloc_trace+0x112/0x210
       iscsi_target_login_thread+0x816/0x1710 [iscsi_target_mod]
       kthread+0x1a0/0x1c0
       ret_from_fork+0x35/0x40
      
      Freed by task 980:
       __kasan_slab_free+0x125/0x170
       kfree+0x90/0x1d0
       iscsi_target_login_thread+0x1577/0x1710 [iscsi_target_mod]
       kthread+0x1a0/0x1c0
       ret_from_fork+0x35/0x40
      
      The buggy address belongs to the object at ffff880109d06f00
       which belongs to the cache kmalloc-512 of size 512
      The buggy address is located 456 bytes inside of
       512-byte region [ffff880109d06f00, ffff880109d07100)
      The buggy address belongs to the page:
      page:ffffea0004274180 count:1 mapcount:0 mapping:0000000000000000
      index:0x0 compound_mapcount: 0
      flags: 0x17fffc000008100(slab|head)
      raw: 017fffc000008100 0000000000000000 0000000000000000 00000001000c000c
      raw: dead000000000100 dead000000000200 ffff88011b002e00 0000000000000000
      page dumped because: kasan: bad access detected
      
      Memory state around the buggy address:
       ffff880109d06f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
       ffff880109d07000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
      >ffff880109d07080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                                    ^
       ffff880109d07100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
       ffff880109d07180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      ==================================================================
      Signed-off-by: default avatarVincent Pelletier <plr.vincent@gmail.com>
      [rebased against idr/ida changes and to handle ret review comments from Matthew]
      Signed-off-by: default avatarMike Christie <mchristi@redhat.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Reviewed-by: default avatarMatthew Wilcox <willy@infradead.org>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      7915919b
  5. 27 Aug, 2018 12 commits
  6. 26 Aug, 2018 10 commits
    • Linus Torvalds's avatar
      Linux 4.19-rc1 · 5b394b2d
      Linus Torvalds authored
      5b394b2d
    • Linus Torvalds's avatar
      Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · b933d6eb
      Linus Torvalds authored
      Pull timer update from Thomas Gleixner:
       "New defines for the compat time* types so they can be shared between
        32bit and 64bit builds. Not used yet, but merging them now allows the
        actual conversions to be merged through different maintainer trees
        without dependencies
      
        We still have compat interfaces for 32bit on 64bit even with the new
        2038 safe timespec/val variants because pointer size is different. And
        for the old style timespec/val interfaces we need yet another 'compat'
        interface for both 32bit native and 32bit on 64bit"
      
      * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        y2038: Provide aliases for compat helpers
      b933d6eb
    • Linus Torvalds's avatar
      Merge branch 'ida-4.19' of git://git.infradead.org/users/willy/linux-dax · aba16dc5
      Linus Torvalds authored
      Pull IDA updates from Matthew Wilcox:
       "A better IDA API:
      
            id = ida_alloc(ida, GFP_xxx);
            ida_free(ida, id);
      
        rather than the cumbersome ida_simple_get(), ida_simple_remove().
      
        The new IDA API is similar to ida_simple_get() but better named.  The
        internal restructuring of the IDA code removes the bitmap
        preallocation nonsense.
      
        I hope the net -200 lines of code is convincing"
      
      * 'ida-4.19' of git://git.infradead.org/users/willy/linux-dax: (29 commits)
        ida: Change ida_get_new_above to return the id
        ida: Remove old API
        test_ida: check_ida_destroy and check_ida_alloc
        test_ida: Convert check_ida_conv to new API
        test_ida: Move ida_check_max
        test_ida: Move ida_check_leaf
        idr-test: Convert ida_check_nomem to new API
        ida: Start new test_ida module
        target/iscsi: Allocate session IDs from an IDA
        iscsi target: fix session creation failure handling
        drm/vmwgfx: Convert to new IDA API
        dmaengine: Convert to new IDA API
        ppc: Convert vas ID allocation to new IDA API
        media: Convert entity ID allocation to new IDA API
        ppc: Convert mmu context allocation to new IDA API
        Convert net_namespace to new IDA API
        cb710: Convert to new IDA API
        rsxx: Convert to new IDA API
        osd: Convert to new IDA API
        sd: Convert to new IDA API
        ...
      aba16dc5
    • Linus Torvalds's avatar
      Merge tag 'gcc-plugins-v4.19-rc1-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · c4726e77
      Linus Torvalds authored
      Pull gcc plugin fix from Kees Cook:
       "Lift gcc test into Kconfig. This is for better behavior when the
        kernel is built with Clang, reported by Stefan Agner"
      
      * tag 'gcc-plugins-v4.19-rc1-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
        gcc-plugins: Disable when building under Clang
      c4726e77
    • Linus Torvalds's avatar
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · d207ea8e
      Linus Torvalds authored
      Pull perf updates from Thomas Gleixner:
       "Kernel:
         - Improve kallsyms coverage
         - Add x86 entry trampolines to kcore
         - Fix ARM SPE handling
         - Correct PPC event post processing
      
        Tools:
         - Make the build system more robust
         - Small fixes and enhancements all over the place
         - Update kernel ABI header copies
         - Preparatory work for converting libtraceevnt to a shared library
         - License cleanups"
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (100 commits)
        tools arch: Update arch/x86/lib/memcpy_64.S copy used in 'perf bench mem memcpy'
        tools arch x86: Update tools's copy of cpufeatures.h
        perf python: Fix pyrf_evlist__read_on_cpu() interface
        perf mmap: Store real cpu number in 'struct perf_mmap'
        perf tools: Remove ext from struct kmod_path
        perf tools: Add gzip_is_compressed function
        perf tools: Add lzma_is_compressed function
        perf tools: Add is_compressed callback to compressions array
        perf tools: Move the temp file processing into decompress_kmodule
        perf tools: Use compression id in decompress_kmodule()
        perf tools: Store compression id into struct dso
        perf tools: Add compression id into 'struct kmod_path'
        perf tools: Make is_supported_compression() static
        perf tools: Make decompress_to_file() function static
        perf tools: Get rid of dso__needs_decompress() call in __open_dso()
        perf tools: Get rid of dso__needs_decompress() call in symbol__disassemble()
        perf tools: Get rid of dso__needs_decompress() call in read_object_code()
        tools lib traceevent: Change to SPDX License format
        perf llvm: Allow passing options to llc in addition to clang
        perf parser: Improve error message for PMU address filters
        ...
      d207ea8e
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 2a8a2b7c
      Linus Torvalds authored
      Pull x86 fixes from Thomas Gleixner:
      
       - Correct the L1TF fallout on 32bit and the off by one in the 'too much
         RAM for protection' calculation.
      
       - Add a helpful kernel message for the 'too much RAM' case
      
       - Unbreak the VDSO in case that the compiler desides to use indirect
         jumps/calls and emits retpolines which cannot be resolved because the
         kernel uses its own thunks, which does not work for the VDSO. Make it
         use the builtin thunks.
      
       - Re-export start_thread() which was unexported when the 32/64bit
         implementation was unified. start_thread() is required by modular
         binfmt handlers.
      
       - Trivial cleanups
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/speculation/l1tf: Suggest what to do on systems with too much RAM
        x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM
        x86/kvm/vmx: Remove duplicate l1d flush definitions
        x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
        x86/process: Re-export start_thread()
        x86/mce: Add notifier_block forward declaration
        x86/vdso: Fix vDSO build if a retpoline is emitted
      2a8a2b7c
    • Linus Torvalds's avatar
      Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · de375035
      Linus Torvalds authored
      Pull irq update from Thomas Gleixner:
       "A small set of updats/fixes for the irq subsystem:
      
         - Allow GICv3 interrupts to be configured as wake-up sources to
           enable wakeup from suspend
      
         - Make the error handling of the STM32 irqchip init function work
      
         - A set of small cleanups and improvements"
      
      * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        irqchip/gic-v3: Allow interrupt to be configured as wake-up sources
        irqchip/tango: Set irq handler and data in one go
        dt-bindings: irqchip: renesas-irqc: Document r8a774a1 support
        irqchip/s3c24xx: Remove unneeded comparison of unsigned long to 0
        irqchip/stm32: Fix init error handling
        irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP
      de375035
    • Linus Torvalds's avatar
      Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · a9ce3233
      Linus Torvalds authored
      Pull licking update from Thomas Gleixner:
       "Mark the switch cases which fall through to the next case with the
        proper comment so the fallthrough compiler checks can be enabled"
      
      * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        futex: Mark expected switch fall-throughs
      a9ce3233
    • Linus Torvalds's avatar
      Merge tag 'libnvdimm-for-4.19_dax-memory-failure' of... · 2923b27e
      Linus Torvalds authored
      Merge tag 'libnvdimm-for-4.19_dax-memory-failure' of gitolite.kernel.org:pub/scm/linux/kernel/git/nvdimm/nvdimm
      
      Pull libnvdimm memory-failure update from Dave Jiang:
       "As it stands, memory_failure() gets thoroughly confused by dev_pagemap
        backed mappings. The recovery code has specific enabling for several
        possible page states and needs new enabling to handle poison in dax
        mappings.
      
        In order to support reliable reverse mapping of user space addresses:
      
         1/ Add new locking in the memory_failure() rmap path to prevent races
            that would typically be handled by the page lock.
      
         2/ Since dev_pagemap pages are hidden from the page allocator and the
            "compound page" accounting machinery, add a mechanism to determine
            the size of the mapping that encompasses a given poisoned pfn.
      
         3/ Given pmem errors can be repaired, change the speculatively
            accessed poison protection, mce_unmap_kpfn(), to be reversible and
            otherwise allow ongoing access from the kernel.
      
        A side effect of this enabling is that MADV_HWPOISON becomes usable
        for dax mappings, however the primary motivation is to allow the
        system to survive userspace consumption of hardware-poison via dax.
        Specifically the current behavior is:
      
           mce: Uncorrected hardware memory error in user-access at af34214200
           {1}[Hardware Error]: It has been corrected by h/w and requires no further action
           mce: [Hardware Error]: Machine check events logged
           {1}[Hardware Error]: event severity: corrected
           Memory failure: 0xaf34214: reserved kernel page still referenced by 1 users
           [..]
           Memory failure: 0xaf34214: recovery action for reserved kernel page: Failed
           mce: Memory error not recovered
           <reboot>
      
        ...and with these changes:
      
           Injecting memory failure for pfn 0x20cb00 at process virtual address 0x7f763dd00000
           Memory failure: 0x20cb00: Killing dax-pmd:5421 due to hardware memory corruption
           Memory failure: 0x20cb00: recovery action for dax page: Recovered
      
        Given all the cross dependencies I propose taking this through
        nvdimm.git with acks from Naoya, x86/core, x86/RAS, and of course dax
        folks"
      
      * tag 'libnvdimm-for-4.19_dax-memory-failure' of gitolite.kernel.org:pub/scm/linux/kernel/git/nvdimm/nvdimm:
        libnvdimm, pmem: Restore page attributes when clearing errors
        x86/memory_failure: Introduce {set, clear}_mce_nospec()
        x86/mm/pat: Prepare {reserve, free}_memtype() for "decoy" addresses
        mm, memory_failure: Teach memory_failure() about dev_pagemap pages
        filesystem-dax: Introduce dax_lock_mapping_entry()
        mm, memory_failure: Collect mapping size in collect_procs()
        mm, madvise_inject_error: Let memory_failure() optionally take a page reference
        mm, dev_pagemap: Do not clear ->mapping on final put
        mm, madvise_inject_error: Disable MADV_SOFT_OFFLINE for ZONE_DEVICE pages
        filesystem-dax: Set page->index
        device-dax: Set page->index
        device-dax: Enable page_mapping()
        device-dax: Convert to vmf_insert_mixed and vm_fault_t
      2923b27e
    • Linus Torvalds's avatar
      Merge tag 'libnvdimm-for-4.19_misc' of gitolite.kernel.org:pub/scm/linux/kernel/git/nvdimm/nvdimm · 828bf6e9
      Linus Torvalds authored
      Pull libnvdimm updates from Dave Jiang:
       "Collection of misc libnvdimm patches for 4.19 submission:
      
         - Adding support to read locked nvdimm capacity.
      
         - Change test code to make DSM failure code injection an override.
      
         - Add support for calculate maximum contiguous area for namespace.
      
         - Add support for queueing a short ARS when there is on going ARS for
           nvdimm.
      
         - Allow NULL to be passed in to ->direct_access() for kaddr and pfn
           params.
      
         - Improve smart injection support for nvdimm emulation testing.
      
         - Fix test code that supports for emulating controller temperature.
      
         - Fix hang on error before devm_memremap_pages()
      
         - Fix a bug that causes user memory corruption when data returned to
           user for ars_status.
      
         - Maintainer updates for Ross Zwisler emails and adding Jan Kara to
           fsdax"
      
      * tag 'libnvdimm-for-4.19_misc' of gitolite.kernel.org:pub/scm/linux/kernel/git/nvdimm/nvdimm:
        libnvdimm: fix ars_status output length calculation
        device-dax: avoid hang on error before devm_memremap_pages()
        tools/testing/nvdimm: improve emulation of smart injection
        filesystem-dax: Do not request kaddr and pfn when not required
        md/dm-writecache: Don't request pointer dummy_addr when not required
        dax/super: Do not request a pointer kaddr when not required
        tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access()
        s390, dcssblk: kaddr and pfn can be NULL to ->direct_access()
        libnvdimm, pmem: kaddr and pfn can be NULL to ->direct_access()
        acpi/nfit: queue issuing of ars when an uc error notification comes in
        libnvdimm: Export max available extent
        libnvdimm: Use max contiguous area for namespace size
        MAINTAINERS: Add Jan Kara for filesystem DAX
        MAINTAINERS: update Ross Zwisler's email address
        tools/testing/nvdimm: Fix support for emulating controller temperature
        tools/testing/nvdimm: Make DSM failure code injection an override
        acpi, nfit: Prefer _DSM over _LSR for namespace label reads
        libnvdimm: Introduce locked DIMM capacity support
      828bf6e9
  7. 25 Aug, 2018 7 commits
    • Linus Torvalds's avatar
      Merge tag 'armsoc-late' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · b3262720
      Linus Torvalds authored
      Pull ARM SoC late updates from Olof Johansson:
       "A couple of late-merged changes that would be useful to get in this
        merge window:
      
         - Driver support for reset of audio complex on Meson platforms. The
           audio driver went in this merge window, and these changes have been
           in -next for a while (just not in our tree).
      
         - Power management fixes for IOMMU on Rockchip platforms, getting
           closer to kexec working on them, including Chromebooks.
      
         - Another pass updating "arm,psci" -> "psci" for some properties that
           have snuck in since last time it was done"
      
      * tag 'armsoc-late' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
        iommu/rockchip: Move irq request past pm_runtime_enable
        iommu/rockchip: Handle errors returned from PM framework
        arm64: rockchip: Force CONFIG_PM on Rockchip systems
        ARM: rockchip: Force CONFIG_PM on Rockchip systems
        arm64: dts: Fix various entry-method properties to reflect documentation
        reset: imx7: Fix always writing bits as 0
        reset: meson: add meson audio arb driver
        reset: meson: add dt-bindings for meson-axg audio arb
      b3262720
    • Linus Torvalds's avatar
      Merge tag 'kbuild-v4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild · 1bc27677
      Linus Torvalds authored
      Pull more Kbuild updates from Masahiro Yamada:
      
       - add build_{menu,n,g,x}config targets for compile-testing Kconfig
      
       - fix and improve recursive dependency detection in Kconfig
      
       - fix parallel building of menuconfig/nconfig
      
       - fix syntax error in clang-version.sh
      
       - suppress distracting log from syncconfig
      
       - remove obsolete "rpm" target
      
       - remove VMLINUX_SYMBOL(_STR) macro entirely
      
       - fix microblaze build with CONFIG_DYNAMIC_FTRACE
      
       - move compiler test for dead code/data elimination to Kconfig
      
       - rename well-known LDFLAGS variable to KBUILD_LDFLAGS
      
       - misc fixes and cleanups
      
      * tag 'kbuild-v4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
        kbuild: rename LDFLAGS to KBUILD_LDFLAGS
        kbuild: pass LDFLAGS to recordmcount.pl
        kbuild: test dead code/data elimination support in Kconfig
        initramfs: move gen_initramfs_list.sh from scripts/ to usr/
        vmlinux.lds.h: remove stale <linux/export.h> include
        export.h: remove VMLINUX_SYMBOL() and VMLINUX_SYMBOL_STR()
        Coccinelle: remove pci_alloc_consistent semantic to detect in zalloc-simple.cocci
        kbuild: make sorting initramfs contents independent of locale
        kbuild: remove "rpm" target, which is alias of "rpm-pkg"
        kbuild: Fix LOADLIBES rename in Documentation/kbuild/makefiles.txt
        kconfig: suppress "configuration written to .config" for syncconfig
        kconfig: fix "Can't open ..." in parallel build
        kbuild: Add a space after `!` to prevent parsing as file pattern
        scripts: modpost: check memory allocation results
        kconfig: improve the recursive dependency report
        kconfig: report recursive dependency involving 'imply'
        kconfig: error out when seeing recursive dependency
        kconfig: add build-only configurator targets
        scripts/dtc: consolidate include path options in Makefile
      1bc27677
    • Linus Torvalds's avatar
      Merge tag 'for-linus-20180825' of git://git.kernel.dk/linux-block · b8dcdab3
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "A few small fixes for this merge window:
      
         - Locking imbalance fix for bcache (Shan Hai)
      
         - A few small fixes for wbt. One is a cleanup/prep, one is a fix for
           an existing issue, and the last two are fixes for changes that went
           into this merge window (me)"
      
      * tag 'for-linus-20180825' of git://git.kernel.dk/linux-block:
        blk-wbt: don't maintain inflight counts if disabled
        blk-wbt: fix has-sleeper queueing check
        blk-wbt: use wq_has_sleeper() for wq active check
        blk-wbt: move disable check into get_limit()
        bcache: release dc->writeback_lock properly in bch_writeback_thread()
      b8dcdab3
    • Linus Torvalds's avatar
      Merge tag 'upstream-4.19-rc1-fix' of git://git.infradead.org/linux-ubifs · db84abf5
      Linus Torvalds authored
      Pull UBIFS fix from Richard Weinberger:
       "Remove an empty file from UBIFS source"
      
      * tag 'upstream-4.19-rc1-fix' of git://git.infradead.org/linux-ubifs:
        ubifs: Remove empty file.h
      db84abf5
    • Linus Torvalds's avatar
      Merge tag '4.19-rc-smb3' of git://git.samba.org/sfrench/cifs-2.6 · 04faac10
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "Three small SMB3 fixes, one for stable"
      
      * tag '4.19-rc-smb3' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: update internal module version number for cifs.ko to 2.12
        cifs: check kmalloc before use
        cifs: check if SMB2 PDU size has been padded and suppress the warning
        cifs: create a define for how many iovs we need for an SMB2_open()
      04faac10
    • Linus Torvalds's avatar
      mm/cow: don't bother write protecting already write-protected pages · 1b2de5d0
      Linus Torvalds authored
      This is not normally noticeable, but repeated forks are unnecessarily
      expensive because they repeatedly dirty the parent page tables during
      the page table copy operation.
      
      It's trivial to just avoid write protecting the page table entry if it
      was already not writable.
      
      This patch was inspired by
      
          https://bugzilla.kernel.org/show_bug.cgi?id=200447
      
      which points to an ancient "waste time re-doing fork" issue in the
      presence of lots of signals.
      
      That bug was fixed by Eric Biederman's signal handling series
      culminating in commit c3ad2c3b ("signal: Don't restart fork when
      signals come in"), but the unnecessary work for repeated forks is still
      work just fixing, particularly since the fix is trivial.
      
      Cc: Eric Biederman <ebiederm@xmission.com>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1b2de5d0
    • Colin Ian King's avatar
      hpfs: remove unnecessary checks on the value of r when assigning error code · e0fcfe1f
      Colin Ian King authored
      At the point where r is being checked for different values, r is always
      going to be equal to 2 as the previous if statements jump to end or end1
      if r is not 2.  Hence the assignment to err can be simplified to just
      err an assignment without any checks on the value or r.
      
      Detected by CoverityScan, CID#1226737 ("Logically dead code")
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Reviewed-by: default avatarMikulas Patocka <mikulas@artax.karlin.mff.cuni.cz>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      e0fcfe1f