1. 02 Nov, 2019 8 commits
    • Mika Westerberg's avatar
      thunderbolt: Do not start firmware unless asked by the user · 354a7a77
      Mika Westerberg authored
      Since now we can do pretty much the same thing in the software
      connection manager than the firmware would do, there is no point
      starting it by default. Instead we can just continue using the software
      connection manager.
      
      Make it possible for user to switch between the two by adding a module
      pararameter (start_icm) which is by default false. Having this ability
      to enable the firmware may be useful at least when debugging possible
      issues with the software connection manager implementation.
      Signed-off-by: default avatarMika Westerberg <mika.westerberg@linux.intel.com>
      354a7a77
    • Mika Westerberg's avatar
      thunderbolt: Add bandwidth management for Display Port tunnels · a11b88ad
      Mika Westerberg authored
      Titan Ridge supports Display Port 1.4 which adds HBR3 (High Bit Rate)
      rates that may be up to 8.1 Gb/s over 4 lanes. This translates to
      effective data bandwidth of 25.92 Gb/s (as 8/10 encoding is removed by
      the DP adapters when going over Thunderbolt fabric). If another high
      rate monitor is connected we may need to reduce the bandwidth it
      consumes so that it fits into the total 40 Gb/s available on the
      Thunderbolt fabric.
      Signed-off-by: default avatarMika Westerberg <mika.westerberg@linux.intel.com>
      a11b88ad
    • Mika Westerberg's avatar
      thunderbolt: Add Display Port adapter pairing and resource management · 8afe909b
      Mika Westerberg authored
      To perform proper Display Port tunneling for Thunderbolt 3 devices we
      need to allocate DP resources for DP IN port before they can be used.
      The reason for this is that the user can also connect a monitor directly
      to the Type-C ports in which case the Thunderbolt controller acts as
      re-driver for Display Port (no tunneling takes place) taking the DP
      sinks away from the connection manager. This allocation is done using
      special sink allocation registers available through the link controller.
      
      We can pair DP IN to DP OUT only if
      
       * DP IN has sink allocated via link controller
       * DP OUT port receives hotplug event
      
      For DP IN adapters (only for the host router) we first query whether
      there is DP resource available (it may be the previous instance of the
      driver for example already allocated it) and if it is we add it to the
      list. We then update the list when after each plug/unplug event to a DP
      IN/OUT adapter. Each time the list is updated we try to find additional
      DP IN <-> DP OUT pairs for tunnel establishment. This strategy also
      makes it possible to establish another tunnel in case there are 3
      monitors connected and one gets unplugged releasing the DP IN adapter
      for the new tunnel.
      Signed-off-by: default avatarMika Westerberg <mika.westerberg@linux.intel.com>
      8afe909b
    • Mika Westerberg's avatar
      thunderbolt: Add Display Port CM handshake for Titan Ridge devices · de718ac7
      Mika Westerberg authored
      Titan Ridge needs an additional connection manager handshake in order to
      do proper Display Port tunneling so implement it here.
      Signed-off-by: default avatarMika Westerberg <mika.westerberg@linux.intel.com>
      de718ac7
    • Mika Westerberg's avatar
      thunderbolt: Add downstream PCIe port mappings for Alpine and Titan Ridge · 7bffd97e
      Mika Westerberg authored
      In order to keep PCIe hierarchies consistent across hotplugs, add
      hard-coded PCIe downstream port to Thunderbolt port for Alpine Ridge and
      Titan Ridge as well.
      Signed-off-by: default avatarMika Westerberg <mika.westerberg@linux.intel.com>
      7bffd97e
    • Mika Westerberg's avatar
      thunderbolt: Expand controller name in tb_switch_is_xy() · 17a8f815
      Mika Westerberg authored
      For a casual reader tb_switch_is_cr() does not tell much so instead
      spell out the full controller name in the function name. For example
      tb_switch_is_cr() becomes tb_switch_is_cactus_ridge() which is easier
      to understand.
      Signed-off-by: default avatarMika Westerberg <mika.westerberg@linux.intel.com>
      17a8f815
    • Mika Westerberg's avatar
      thunderbolt: Add default linking between lane adapters if not provided by DROM · 0d46c08d
      Mika Westerberg authored
      We currently read how sibling lane adapter ports relate each other from
      DROM (Device ROM). If the two lane adapter ports go through the same
      physical connector these lanes can then be bonded together. However,
      some cases DROM does not provide this information or it is missing
      completely (host routers typically do not have DROM). In this case we
      have hard-coded the relationship.
      
      Expand this to work with both legacy devices where lane adapter ports 1
      and 2, and 3 and 4 are always linked together, and with USB4 devices
      where lane adapter 1 is always following lane adapter 0 or is disabled
      completely (see USB4 section 5.2.1 for more information).
      Signed-off-by: default avatarMika Westerberg <mika.westerberg@linux.intel.com>
      0d46c08d
    • Mika Westerberg's avatar
      thunderbolt: Add support for lane bonding · 91c0c120
      Mika Westerberg authored
      Lane bonding allows aggregating two 10/20 Gb/s (depending on the
      generation) lanes into a single 20/40 Gb/s bonded link. This allows
      sharing the full bandwidth more efficiently. In order to establish lane
      bonding we need to check that lane bonding is possible through link
      controller and that both ends of the link actually supports 2x widths.
      This also means that all the paths should be established through the
      primary port so update tb_path_alloc() to handle this as well.
      
      Lane bonding is supported starting from Falcon Ridge (2nd generation)
      controllers.
      
      We also expose the current speed and number of lanes under each device
      except the host router following similar attribute naming than USB bus.
      Expose speed and number of lanes for both directions to allow possibility
      of asymmetric link in the future.
      Signed-off-by: default avatarMika Westerberg <mika.westerberg@linux.intel.com>
      91c0c120
  2. 01 Nov, 2019 10 commits
  3. 09 Oct, 2019 1 commit
  4. 08 Oct, 2019 3 commits
    • Mika Westerberg's avatar
      thunderbolt: Drop unnecessary read when writing LC command in Ice Lake · 747125db
      Mika Westerberg authored
      The read is not needed as we overwrite the returned value in the next
      line anyway so drop it.
      
      Fixes: 3cdb9446 ("thunderbolt: Add support for Intel Ice Lake")
      Reported-by: default avatarNicholas Johnson <nicholas.johnson-opensource@outlook.com.au>
      Signed-off-by: default avatarMika Westerberg <mika.westerberg@linux.intel.com>
      747125db
    • Mika Westerberg's avatar
      thunderbolt: Fix lockdep circular locking depedency warning · 6f670973
      Mika Westerberg authored
      When lockdep is enabled, plugging Thunderbolt dock on Dominik's laptop
      triggers following splat:
      
        ======================================================
        WARNING: possible circular locking dependency detected
        5.3.0-rc6+ #1 Tainted: G                T
        ------------------------------------------------------
        pool-/usr/lib/b/1258 is trying to acquire lock:
        000000005ab0ad43 (pci_rescan_remove_lock){+.+.}, at: authorized_store+0xe8/0x210
      
        but task is already holding lock:
        00000000bfb796b5 (&tb->lock){+.+.}, at: authorized_store+0x7c/0x210
      
        which lock already depends on the new lock.
      
        the existing dependency chain (in reverse order) is:
      
        -> #1 (&tb->lock){+.+.}:
               __mutex_lock+0xac/0x9a0
               tb_domain_add+0x2d/0x130
               nhi_probe+0x1dd/0x330
               pci_device_probe+0xd2/0x150
               really_probe+0xee/0x280
               driver_probe_device+0x50/0xc0
               bus_for_each_drv+0x84/0xd0
               __device_attach+0xe4/0x150
               pci_bus_add_device+0x4e/0x70
               pci_bus_add_devices+0x2e/0x66
               pci_bus_add_devices+0x59/0x66
               pci_bus_add_devices+0x59/0x66
               enable_slot+0x344/0x450
               acpiphp_check_bridge.part.0+0x119/0x150
               acpiphp_hotplug_notify+0xaa/0x140
               acpi_device_hotplug+0xa2/0x3f0
               acpi_hotplug_work_fn+0x1a/0x30
               process_one_work+0x234/0x580
               worker_thread+0x50/0x3b0
               kthread+0x10a/0x140
               ret_from_fork+0x3a/0x50
      
        -> #0 (pci_rescan_remove_lock){+.+.}:
               __lock_acquire+0xe54/0x1ac0
               lock_acquire+0xb8/0x1b0
               __mutex_lock+0xac/0x9a0
               authorized_store+0xe8/0x210
               kernfs_fop_write+0x125/0x1b0
               vfs_write+0xc2/0x1d0
               ksys_write+0x6c/0xf0
               do_syscall_64+0x50/0x180
               entry_SYSCALL_64_after_hwframe+0x49/0xbe
      
        other info that might help us debug this:
         Possible unsafe locking scenario:
               CPU0                    CPU1
               ----                    ----
          lock(&tb->lock);
                                       lock(pci_rescan_remove_lock);
                                       lock(&tb->lock);
          lock(pci_rescan_remove_lock);
      
         *** DEADLOCK ***
        5 locks held by pool-/usr/lib/b/1258:
         #0: 000000003df1a1ad (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x4d/0x60
         #1: 0000000095a40b02 (sb_writers#6){.+.+}, at: vfs_write+0x185/0x1d0
         #2: 0000000017a7d714 (&of->mutex){+.+.}, at: kernfs_fop_write+0xf2/0x1b0
         #3: 000000004f262981 (kn->count#208){.+.+}, at: kernfs_fop_write+0xfa/0x1b0
         #4: 00000000bfb796b5 (&tb->lock){+.+.}, at: authorized_store+0x7c/0x210
      
        stack backtrace:
        CPU: 0 PID: 1258 Comm: pool-/usr/lib/b Tainted: G                T 5.3.0-rc6+ #1
      
      On an system using ACPI hotplug the host router gets hotplugged first and then
      the firmware starts sending notifications about connected devices so the above
      scenario should not happen in reality. However, after taking a second
      look at commit a03e8289 ("thunderbolt: Serialize PCIe tunnel
      creation with PCI rescan") that introduced the locking, I don't think it
      is actually correct. It may have cured the symptom but probably the real
      root cause was somewhere closer to PCI stack and possibly is already
      fixed with recent kernels. I also tried to reproduce the original issue
      with the commit reverted but could not.
      
      So to keep lockdep happy and the code bit less complex drop calls to
      pci_lock_rescan_remove()/pci_unlock_rescan_remove() in
      tb_switch_set_authorized() effectively reverting a03e8289.
      
      Link: https://lkml.org/lkml/2019/8/30/513
      Fixes: a03e8289 ("thunderbolt: Serialize PCIe tunnel creation with PCI rescan")
      Reported-by: default avatarDominik Brodowski <linux@dominikbrodowski.net>
      Signed-off-by: default avatarMika Westerberg <mika.westerberg@linux.intel.com>
      6f670973
    • Mika Westerberg's avatar
      thunderbolt: Read DP IN adapter first two dwords in one go · fd5c46b7
      Mika Westerberg authored
      When we discover existing DP tunnels the code checks whether DP IN
      adapter port is enabled by calling tb_dp_port_is_enabled() before it
      continues the discovery process. On Light Ridge (gen 1) controller
      reading only the first dword of the DP IN config space causes subsequent
      access to the same DP IN port path config space to fail or return
      invalid data as can be seen in the below splat:
      
        thunderbolt 0000:07:00.0: CFG_ERROR(0:d): Invalid config space or offset
        Call Trace:
         tb_cfg_read+0xb9/0xd0
         __tb_path_deactivate_hop+0x98/0x210
         tb_path_activate+0x228/0x7d0
         tb_tunnel_restart+0x95/0x200
         tb_handle_hotplug+0x30e/0x630
         process_one_work+0x1b4/0x340
         worker_thread+0x44/0x3d0
         kthread+0xeb/0x120
         ? process_one_work+0x340/0x340
         ? kthread_park+0xa0/0xa0
         ret_from_fork+0x1f/0x30
      
      If both DP In adapter config dwords are read in one go the issue does
      not reproduce. This is likely firmware bug but we can work it around by
      always reading the two dwords in one go. There should be no harm for
      other controllers either so can do it unconditionally.
      
      Link: https://lkml.org/lkml/2019/8/28/160Reported-by: default avatarBrad Campbell <lists2009@fnarfbargle.com>
      Tested-by: default avatarBrad Campbell <lists2009@fnarfbargle.com>
      Signed-off-by: default avatarMika Westerberg <mika.westerberg@linux.intel.com>
      fd5c46b7
  5. 06 Oct, 2019 4 commits
    • Linus Torvalds's avatar
      Linux 5.4-rc2 · da0c9ea1
      Linus Torvalds authored
      da0c9ea1
    • Linus Torvalds's avatar
      elf: don't use MAP_FIXED_NOREPLACE for elf executable mappings · b212921b
      Linus Torvalds authored
      In commit 4ed28639 ("fs, elf: drop MAP_FIXED usage from elf_map") we
      changed elf to use MAP_FIXED_NOREPLACE instead of MAP_FIXED for the
      executable mappings.
      
      Then, people reported that it broke some binaries that had overlapping
      segments from the same file, and commit ad55eac7 ("elf: enforce
      MAP_FIXED on overlaying elf segments") re-instated MAP_FIXED for some
      overlaying elf segment cases.  But only some - despite the summary line
      of that commit, it only did it when it also does a temporary brk vma for
      one obvious overlapping case.
      
      Now Russell King reports another overlapping case with old 32-bit x86
      binaries, which doesn't trigger that limited case.  End result: we had
      better just drop MAP_FIXED_NOREPLACE entirely, and go back to MAP_FIXED.
      
      Yes, it's a sign of old binaries generated with old tool-chains, but we
      do pride ourselves on not breaking existing setups.
      
      This still leaves MAP_FIXED_NOREPLACE in place for the load_elf_interp()
      and the old load_elf_library() use-cases, because nobody has reported
      breakage for those. Yet.
      
      Note that in all the cases seen so far, the overlapping elf sections
      seem to be just re-mapping of the same executable with different section
      attributes.  We could possibly introduce a new MAP_FIXED_NOFILECHANGE
      flag or similar, which acts like NOREPLACE, but allows just remapping
      the same executable file using different protection flags.
      
      It's not clear that would make a huge difference to anything, but if
      people really hate that "elf remaps over previous maps" behavior, maybe
      at least a more limited form of remapping would alleviate some concerns.
      
      Alternatively, we should take a look at our elf_map() logic to see if we
      end up not mapping things properly the first time.
      
      In the meantime, this is the minimal "don't do that then" patch while
      people hopefully think about it more.
      Reported-by: default avatarRussell King <linux@armlinux.org.uk>
      Fixes: 4ed28639 ("fs, elf: drop MAP_FIXED usage from elf_map")
      Fixes: ad55eac7 ("elf: enforce  MAP_FIXED on overlaying elf segments")
      Cc: Michal Hocko <mhocko@suse.com>
      Cc: Kees Cook <keescook@chromium.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b212921b
    • Linus Torvalds's avatar
      Merge tag 'dma-mapping-5.4-1' of git://git.infradead.org/users/hch/dma-mapping · 7cdb85df
      Linus Torvalds authored
      Pull dma-mapping regression fix from Christoph Hellwig:
       "Revert an incorret hunk from a patch that caused problems on various
        arm boards (Andrey Smirnov)"
      
      * tag 'dma-mapping-5.4-1' of git://git.infradead.org/users/hch/dma-mapping:
        dma-mapping: fix false positive warnings in dma_common_free_remap()
      7cdb85df
    • Linus Torvalds's avatar
      Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · 43b815c6
      Linus Torvalds authored
      Pull ARM SoC fixes from Olof Johansson:
       "A few fixes this time around:
      
         - Fixup of some clock specifications for DRA7 (device-tree fix)
      
         - Removal of some dead/legacy CPU OPP/PM code for OMAP that throws
           warnings at boot
      
         - A few more minor fixups for OMAPs, most around display
      
         - Enable STM32 QSPI as =y since their rootfs sometimes comes from
           there
      
         - Switch CONFIG_REMOTEPROC to =y since it went from tristate to bool
      
         - Fix of thermal zone definition for ux500 (5.4 regression)"
      
      * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
        ARM: multi_v7_defconfig: Fix SPI_STM32_QSPI support
        ARM: dts: ux500: Fix up the CPU thermal zone
        arm64/ARM: configs: Change CONFIG_REMOTEPROC from m to y
        ARM: dts: am4372: Set memory bandwidth limit for DISPC
        ARM: OMAP2+: Fix warnings with broken omap2_set_init_voltage()
        ARM: OMAP2+: Add missing LCDC midlemode for am335x
        ARM: OMAP2+: Fix missing reset done flag for am3 and am43
        ARM: dts: Fix gpio0 flags for am335x-icev2
        ARM: omap2plus_defconfig: Enable more droid4 devices as loadable modules
        ARM: omap2plus_defconfig: Enable DRM_TI_TFP410
        DTS: ARM: gta04: introduce legacy spi-cs-high to make display work again
        ARM: dts: Fix wrong clocks for dra7 mcasp
        clk: ti: dra7: Fix mcasp8 clock bits
      43b815c6
  6. 05 Oct, 2019 14 commits
    • Linus Torvalds's avatar
      Merge tag 'kbuild-fixes-v5.4' of... · 2d00aee2
      Linus Torvalds authored
      Merge tag 'kbuild-fixes-v5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
      
      Pull Kbuild fixes from Masahiro Yamada:
      
       - remove unneeded ar-option and KBUILD_ARFLAGS
      
       - remove long-deprecated SUBDIRS
      
       - fix modpost to suppress false-positive warnings for UML builds
      
       - fix namespace.pl to handle relative paths to ${objtree}, ${srctree}
      
       - make setlocalversion work for /bin/sh
      
       - make header archive reproducible
      
       - fix some Makefiles and documents
      
      * tag 'kbuild-fixes-v5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
        kheaders: make headers archive reproducible
        kbuild: update compile-test header list for v5.4-rc2
        kbuild: two minor updates for Documentation/kbuild/modules.rst
        scripts/setlocalversion: clear local variable to make it work for sh
        namespace: fix namespace.pl script to support relative paths
        video/logo: do not generate unneeded logo C files
        video/logo: remove unneeded *.o pattern from clean-files
        integrity: remove pointless subdir-$(CONFIG_...)
        integrity: remove unneeded, broken attempt to add -fshort-wchar
        modpost: fix static EXPORT_SYMBOL warnings for UML build
        kbuild: correct formatting of header in kbuild module docs
        kbuild: remove SUBDIRS support
        kbuild: remove ar-option and KBUILD_ARFLAGS
      2d00aee2
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 126195c9
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Twelve patches mostly small but obvious fixes or cosmetic but small
        updates"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: qla2xxx: Fix Nport ID display value
        scsi: qla2xxx: Fix N2N link up fail
        scsi: qla2xxx: Fix N2N link reset
        scsi: qla2xxx: Optimize NPIV tear down process
        scsi: qla2xxx: Fix stale mem access on driver unload
        scsi: qla2xxx: Fix unbound sleep in fcport delete path.
        scsi: qla2xxx: Silence fwdump template message
        scsi: hisi_sas: Make three functions static
        scsi: megaraid: disable device when probe failed after enabled device
        scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue
        scsi: qedf: Remove always false 'tmp_prio < 0' statement
        scsi: ufs: skip shutdown if hba is not powered
        scsi: bnx2fc: Handle scope bits when array returns BUSY or TSF
      126195c9
    • Linus Torvalds's avatar
      Merge branch 'readdir' (readdir speedup and sanity checking) · 4f11918a
      Linus Torvalds authored
      This makes getdents() and getdents64() do sanity checking on the
      pathname that it gives to user space.  And to mitigate the performance
      impact of that, it first cleans up the way it does the user copying, so
      that the code avoids doing the SMAP/PAN updates between each part of the
      dirent structure write.
      
      I really wanted to do this during the merge window, but didn't have
      time.  The conversion of filldir to unsafe_put_user() is something I've
      had around for years now in a private branch, but the extra pathname
      checking finally made me clean it up to the point where it is mergable.
      
      It's worth noting that the filename validity checking really should be a
      bit smarter: it would be much better to delay the error reporting until
      the end of the readdir, so that non-corrupted filenames are still
      returned.  But that involves bigger changes, so let's see if anybody
      actually hits the corrupt directory entry case before worrying about it
      further.
      
      * branch 'readdir':
        Make filldir[64]() verify the directory entry filename is valid
        Convert filldir[64]() from __put_user() to unsafe_put_user()
      4f11918a
    • Linus Torvalds's avatar
      Make filldir[64]() verify the directory entry filename is valid · 8a23eb80
      Linus Torvalds authored
      This has been discussed several times, and now filesystem people are
      talking about doing it individually at the filesystem layer, so head
      that off at the pass and just do it in getdents{64}().
      
      This is partially based on a patch by Jann Horn, but checks for NUL
      bytes as well, and somewhat simplified.
      
      There's also commentary about how it might be better if invalid names
      due to filesystem corruption don't cause an immediate failure, but only
      an error at the end of the readdir(), so that people can still see the
      filenames that are ok.
      
      There's also been discussion about just how much POSIX strictly speaking
      requires this since it's about filesystem corruption.  It's really more
      "protect user space from bad behavior" as pointed out by Jann.  But
      since Eric Biederman looked up the POSIX wording, here it is for context:
      
       "From readdir:
      
         The readdir() function shall return a pointer to a structure
         representing the directory entry at the current position in the
         directory stream specified by the argument dirp, and position the
         directory stream at the next entry. It shall return a null pointer
         upon reaching the end of the directory stream. The structure dirent
         defined in the <dirent.h> header describes a directory entry.
      
        From definitions:
      
         3.129 Directory Entry (or Link)
      
         An object that associates a filename with a file. Several directory
         entries can associate names with the same file.
      
        ...
      
         3.169 Filename
      
         A name consisting of 1 to {NAME_MAX} bytes used to name a file. The
         characters composing the name may be selected from the set of all
         character values excluding the slash character and the null byte. The
         filenames dot and dot-dot have special meaning. A filename is
         sometimes referred to as a 'pathname component'."
      
      Note that I didn't bother adding the checks to any legacy interfaces
      that nobody uses.
      
      Also note that if this ends up being noticeable as a performance
      regression, we can fix that to do a much more optimized model that
      checks for both NUL and '/' at the same time one word at a time.
      
      We haven't really tended to optimize 'memchr()', and it only checks for
      one pattern at a time anyway, and we really _should_ check for NUL too
      (but see the comment about "soft errors" in the code about why it
      currently only checks for '/')
      
      See the CONFIG_DCACHE_WORD_ACCESS case of hash_name() for how the name
      lookup code looks for pathname terminating characters in parallel.
      
      Link: https://lore.kernel.org/lkml/20190118161440.220134-2-jannh@google.com/
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Cc: Jann Horn <jannh@google.com>
      Cc: Eric W. Biederman <ebiederm@xmission.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8a23eb80
    • Linus Torvalds's avatar
      Convert filldir[64]() from __put_user() to unsafe_put_user() · 9f79b78e
      Linus Torvalds authored
      We really should avoid the "__{get,put}_user()" functions entirely,
      because they can easily be mis-used and the original intent of being
      used for simple direct user accesses no longer holds in a post-SMAP/PAN
      world.
      
      Manually optimizing away the user access range check makes no sense any
      more, when the range check is generally much cheaper than the "enable
      user accesses" code that the __{get,put}_user() functions still need.
      
      So instead of __put_user(), use the unsafe_put_user() interface with
      user_access_{begin,end}() that really does generate better code these
      days, and which is generally a nicer interface.  Under some loads, the
      multiple user writes that filldir() does are actually quite noticeable.
      
      This also makes the dirent name copy use unsafe_put_user() with a couple
      of macros.  We do not want to make function calls with SMAP/PAN
      disabled, and the code this generates is quite good when the
      architecture uses "asm goto" for unsafe_put_user() like x86 does.
      
      Note that this doesn't bother with the legacy cases.  Nobody should use
      them anyway, so performance doesn't really matter there.
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9f79b78e
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 9819a30c
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix ieeeu02154 atusb driver use-after-free, from Johan Hovold.
      
       2) Need to validate TCA_CBQ_WRROPT netlink attributes, from Eric
          Dumazet.
      
       3) txq null deref in mac80211, from Miaoqing Pan.
      
       4) ionic driver needs to select NET_DEVLINK, from Arnd Bergmann.
      
       5) Need to disable bh during nft_connlimit GC, from Pablo Neira Ayuso.
      
       6) Avoid division by zero in taprio scheduler, from Vladimir Oltean.
      
       7) Various xgmac fixes in stmmac driver from Jose Abreu.
      
       8) Avoid 64-bit division in mlx5 leading to link errors on 32-bit from
          Michal Kubecek.
      
       9) Fix bad VLAN check in rtl8366 DSA driver, from Linus Walleij.
      
      10) Fix sleep while atomic in sja1105, from Vladimir Oltean.
      
      11) Suspend/resume deadlock in stmmac, from Thierry Reding.
      
      12) Various UDP GSO fixes from Josh Hunt.
      
      13) Fix slab out of bounds access in tcp_zerocopy_receive(), from Eric
          Dumazet.
      
      14) Fix OOPS in __ipv6_ifa_notify(), from David Ahern.
      
      15) Memory leak in NFC's llcp_sock_bind, from Eric Dumazet.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (72 commits)
        selftests/net: add nettest to .gitignore
        net: qlogic: Fix memory leak in ql_alloc_large_buffers
        nfc: fix memory leak in llcp_sock_bind()
        sch_dsmark: fix potential NULL deref in dsmark_init()
        net: phy: at803x: use operating parameters from PHY-specific status
        net: phy: extract pause mode
        net: phy: extract link partner advertisement reading
        net: phy: fix write to mii-ctrl1000 register
        ipv6: Handle missing host route in __ipv6_ifa_notify
        net: phy: allow for reset line to be tied to a sleepy GPIO controller
        net: ipv4: avoid mixed n_redirects and rate_tokens usage
        r8152: Set macpassthru in reset_resume callback
        cxgb4:Fix out-of-bounds MSI-X info array access
        Revert "ipv6: Handle race in addrconf_dad_work"
        net: make sock_prot_memory_pressure() return "const char *"
        rxrpc: Fix rxrpc_recvmsg tracepoint
        qmi_wwan: add support for Cinterion CLS8 devices
        tcp: fix slab-out-of-bounds in tcp_zerocopy_receive()
        lib: textsearch: fix escapes in example code
        udp: only do GSO if # of segs > 1
        ...
      9819a30c
    • Linus Torvalds's avatar
      Merge tag 's390-5.4-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · 6fe137cb
      Linus Torvalds authored
      Pull s390 fixes from Vasily Gorbik:
      
       - defconfig updates
      
       - Fix build errors with CC_OPTIMIZE_FOR_SIZE due to usage of "i"
         constraint for function arguments. Two kvm changes acked-by Christian
         Borntraeger.
      
       - Fix -Wunused-but-set-variable warnings in mm code.
      
       - Avoid a constant misuse in qdio.
      
       - Handle a case when cpumf is temporarily unavailable.
      
      * tag 's390-5.4-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        KVM: s390: mark __insn32_query() as __always_inline
        KVM: s390: fix __insn32_query() inline assembly
        s390: update defconfigs
        s390/pci: mark function(s) __always_inline
        s390/mm: mark function(s) __always_inline
        s390/jump_label: mark function(s) __always_inline
        s390/cpu_mf: mark function(s) __always_inline
        s390/atomic,bitops: mark function(s) __always_inline
        s390/mm: fix -Wunused-but-set-variable warnings
        s390: mark __cpacf_query() as __always_inline
        s390/qdio: clarify size of the QIB parm area
        s390/cpumf: Fix indentation in sampling device driver
        s390/cpumsf: Check for CPU Measurement sampling
        s390/cpumf: Use consistant debug print format
      6fe137cb
    • Heiko Carstens's avatar
      KVM: s390: mark __insn32_query() as __always_inline · d0dea733
      Heiko Carstens authored
      __insn32_query() will not compile if the compiler decides to not
      inline it, since it contains an inline assembly with an "i" constraint
      with variable contents.
      Acked-by: default avatarChristian Borntraeger <borntraeger@de.ibm.com>
      Signed-off-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      d0dea733
    • Heiko Carstens's avatar
      KVM: s390: fix __insn32_query() inline assembly · b1c41ac3
      Heiko Carstens authored
      The inline assembly constraints of __insn32_query() tell the compiler
      that only the first byte of "query" is being written to. Intended was
      probably that 32 bytes are written to.
      
      Fix and simplify the code and just use a "memory" clobber.
      
      Fixes: d6681397 ("KVM: s390: provide query function for instructions returning 32 byte")
      Cc: stable@vger.kernel.org # v5.2+
      Acked-by: default avatarChristian Borntraeger <borntraeger@de.ibm.com>
      Signed-off-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      b1c41ac3
    • Andrey Smirnov's avatar
      dma-mapping: fix false positivse warnings in dma_common_free_remap() · 2cf2aa6a
      Andrey Smirnov authored
      Commit 5cf45379 ("dma-mapping: introduce a dma_common_find_pages
      helper") changed invalid input check in dma_common_free_remap() from:
      
          if (!area || !area->flags != VM_DMA_COHERENT)
      
      to
      
          if (!area || !area->flags != VM_DMA_COHERENT || !area->pages)
      
      which seem to produce false positives for memory obtained via
      dma_common_contiguous_remap()
      
      This triggers the following warning message when doing "reboot" on ZII
      VF610 Dev Board Rev B:
      
      WARNING: CPU: 0 PID: 1 at kernel/dma/remap.c:112 dma_common_free_remap+0x88/0x8c
      trying to free invalid coherent area: 9ef82980
      Modules linked in:
      CPU: 0 PID: 1 Comm: systemd-shutdow Not tainted 5.3.0-rc6-next-20190820 #119
      Hardware name: Freescale Vybrid VF5xx/VF6xx (Device Tree)
      Backtrace:
      [<8010d1ec>] (dump_backtrace) from [<8010d588>] (show_stack+0x20/0x24)
       r7:8015ed78 r6:00000009 r5:00000000 r4:9f4d9b14
      [<8010d568>] (show_stack) from [<8077e3f0>] (dump_stack+0x24/0x28)
      [<8077e3cc>] (dump_stack) from [<801197a0>] (__warn.part.3+0xcc/0xe4)
      [<801196d4>] (__warn.part.3) from [<80119830>] (warn_slowpath_fmt+0x78/0x94)
       r6:00000070 r5:808e540c r4:81c03048
      [<801197bc>] (warn_slowpath_fmt) from [<8015ed78>] (dma_common_free_remap+0x88/0x8c)
       r3:9ef82980 r2:808e53e0
       r7:00001000 r6:a0b1e000 r5:a0b1e000 r4:00001000
      [<8015ecf0>] (dma_common_free_remap) from [<8010fa9c>] (remap_allocator_free+0x60/0x68)
       r5:81c03048 r4:9f4d9b78
      [<8010fa3c>] (remap_allocator_free) from [<801100d0>] (__arm_dma_free.constprop.3+0xf8/0x148)
       r5:81c03048 r4:9ef82900
      [<8010ffd8>] (__arm_dma_free.constprop.3) from [<80110144>] (arm_dma_free+0x24/0x2c)
       r5:9f563410 r4:80110120
      [<80110120>] (arm_dma_free) from [<8015d80c>] (dma_free_attrs+0xa0/0xdc)
      [<8015d76c>] (dma_free_attrs) from [<8020f3e4>] (dma_pool_destroy+0xc0/0x154)
       r8:9efa8860 r7:808f02f0 r6:808f02d0 r5:9ef82880 r4:9ef82780
      [<8020f324>] (dma_pool_destroy) from [<805525d0>] (ehci_mem_cleanup+0x6c/0x150)
       r7:9f563410 r6:9efa8810 r5:00000000 r4:9efd0148
      [<80552564>] (ehci_mem_cleanup) from [<80558e0c>] (ehci_stop+0xac/0xc0)
       r5:9efd0148 r4:9efd0000
      [<80558d60>] (ehci_stop) from [<8053c4bc>] (usb_remove_hcd+0xf4/0x1b0)
       r7:9f563410 r6:9efd0074 r5:81c03048 r4:9efd0000
      [<8053c3c8>] (usb_remove_hcd) from [<8056361c>] (host_stop+0x48/0xb8)
       r7:9f563410 r6:9efd0000 r5:9f5f4040 r4:9f5f5040
      [<805635d4>] (host_stop) from [<80563d0c>] (ci_hdrc_host_destroy+0x34/0x38)
       r7:9f563410 r6:9f5f5040 r5:9efa8800 r4:9f5f4040
      [<80563cd8>] (ci_hdrc_host_destroy) from [<8055ef18>] (ci_hdrc_remove+0x50/0x10c)
      [<8055eec8>] (ci_hdrc_remove) from [<804a2ed8>] (platform_drv_remove+0x34/0x4c)
       r7:9f563410 r6:81c4f99c r5:9efa8810 r4:9efa8810
      [<804a2ea4>] (platform_drv_remove) from [<804a18a8>] (device_release_driver_internal+0xec/0x19c)
       r5:00000000 r4:9efa8810
      [<804a17bc>] (device_release_driver_internal) from [<804a1978>] (device_release_driver+0x20/0x24)
       r7:9f563410 r6:81c41ed0 r5:9efa8810 r4:9f4a1dac
      [<804a1958>] (device_release_driver) from [<804a01b8>] (bus_remove_device+0xdc/0x108)
      [<804a00dc>] (bus_remove_device) from [<8049c204>] (device_del+0x150/0x36c)
       r7:9f563410 r6:81c03048 r5:9efa8854 r4:9efa8810
      [<8049c0b4>] (device_del) from [<804a3368>] (platform_device_del.part.2+0x20/0x84)
       r10:9f563414 r9:809177e0 r8:81cb07dc r7:81c78320 r6:9f563454 r5:9efa8800
       r4:9efa8800
      [<804a3348>] (platform_device_del.part.2) from [<804a3420>] (platform_device_unregister+0x28/0x34)
       r5:9f563400 r4:9efa8800
      [<804a33f8>] (platform_device_unregister) from [<8055dce0>] (ci_hdrc_remove_device+0x1c/0x30)
       r5:9f563400 r4:00000001
      [<8055dcc4>] (ci_hdrc_remove_device) from [<805652ac>] (ci_hdrc_imx_remove+0x38/0x118)
       r7:81c78320 r6:9f563454 r5:9f563410 r4:9f541010
      [<8056538c>] (ci_hdrc_imx_shutdown) from [<804a2970>] (platform_drv_shutdown+0x2c/0x30)
      [<804a2944>] (platform_drv_shutdown) from [<8049e4fc>] (device_shutdown+0x158/0x1f0)
      [<8049e3a4>] (device_shutdown) from [<8013ac80>] (kernel_restart_prepare+0x44/0x48)
       r10:00000058 r9:9f4d8000 r8:fee1dead r7:379ce700 r6:81c0b280 r5:81c03048
       r4:00000000
      [<8013ac3c>] (kernel_restart_prepare) from [<8013ad14>] (kernel_restart+0x1c/0x60)
      [<8013acf8>] (kernel_restart) from [<8013af84>] (__do_sys_reboot+0xe0/0x1d8)
       r5:81c03048 r4:00000000
      [<8013aea4>] (__do_sys_reboot) from [<8013b0ec>] (sys_reboot+0x18/0x1c)
       r8:80101204 r7:00000058 r6:00000000 r5:00000000 r4:00000000
      [<8013b0d4>] (sys_reboot) from [<80101000>] (ret_fast_syscall+0x0/0x54)
      Exception stack(0x9f4d9fa8 to 0x9f4d9ff0)
      9fa0:                   00000000 00000000 fee1dead 28121969 01234567 379ce700
      9fc0: 00000000 00000000 00000000 00000058 00000000 00000000 00000000 00016d04
      9fe0: 00028e0c 7ec87c64 000135ec 76c1f410
      
      Restore original invalid input check in dma_common_free_remap() to
      avoid this problem.
      
      Fixes: 5cf45379 ("dma-mapping: introduce a dma_common_find_pages helper")
      Signed-off-by: default avatarAndrey Smirnov <andrew.smirnov@gmail.com>
      [hch: just revert the offending hunk instead of creating a new helper]
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      2cf2aa6a
    • Dmitry Goldin's avatar
      kheaders: make headers archive reproducible · 86cdd2fd
      Dmitry Goldin authored
      In commit 43d8ce9d ("Provide in-kernel headers to make
      extending kernel easier") a new mechanism was introduced, for kernels
      >=5.2, which embeds the kernel headers in the kernel image or a module
      and exposes them in procfs for use by userland tools.
      
      The archive containing the header files has nondeterminism caused by
      header files metadata. This patch normalizes the metadata and utilizes
      KBUILD_BUILD_TIMESTAMP if provided and otherwise falls back to the
      default behaviour.
      
      In commit f7b101d3 ("kheaders: Move from proc to sysfs") it was
      modified to use sysfs and the script for generation of the archive was
      renamed to what is being patched.
      Signed-off-by: default avatarDmitry Goldin <dgoldin+lkml@protonmail.ch>
      Reviewed-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Reviewed-by: default avatarJoel Fernandes (Google) <joel@joelfernandes.org>
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      86cdd2fd
    • Masahiro Yamada's avatar
      kbuild: update compile-test header list for v5.4-rc2 · d188b8c9
      Masahiro Yamada authored
      Commit 6dc280eb ("coda: remove uapi/linux/coda_psdev.h") removed
      a header in question. Some more build errors were fixed. Add more
      headers into the test coverage.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      d188b8c9
    • Masahiro Yamada's avatar
      kbuild: two minor updates for Documentation/kbuild/modules.rst · 43496709
      Masahiro Yamada authored
      Capitalize the first word in the sentence.
      
      Use obj-m instead of obj-y. obj-y still works, but we have no built-in
      objects in external module builds. So, obj-m is better IMHO.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      43496709
    • Masahiro Yamada's avatar
      scripts/setlocalversion: clear local variable to make it work for sh · 7a82e3fa
      Masahiro Yamada authored
      Geert Uytterhoeven reports a strange side-effect of commit 858805b3
      ("kbuild: add $(BASH) to run scripts with bash-extension"), which
      inserts the contents of a localversion file in the build directory twice.
      
      [Steps to Reproduce]
        $ echo bar > localversion
        $ mkdir build
        $ cd build/
        $ echo foo > localversion
        $ make -s -f ../Makefile defconfig include/config/kernel.release
        $ cat include/config/kernel.release
        5.4.0-rc1foofoobar
      
      This comes down to the behavior change of local variables.
      
      The 'man sh' on my Ubuntu machine, where sh is an alias to dash,
      explains as follows:
        When a variable is made local, it inherits the initial value and
        exported and readonly flags from the variable with the same name
        in the surrounding scope, if there is one. Otherwise, the variable
        is initially unset.
      
      [Test Code]
      
        foo ()
        {
                local res
                echo "res: $res"
        }
      
        res=1
        foo
      
      [Result]
      
        $ sh test.sh
        res: 1
        $ bash test.sh
        res:
      
      So, scripts/setlocalversion correctly works only for bash in spite of
      its hashbang being #!/bin/sh. Nobody had noticed it before because
      CONFIG_SHELL was previously set to bash almost all the time.
      
      Now that CONFIG_SHELL is set to sh, we must write portable and correct
      code. I gave the Fixes tag to the commit that uncovered the issue.
      
      Clear the variable 'res' in collect_files() to make it work for sh
      (and it also works on distributions where sh is an alias to bash).
      
      Fixes: 858805b3 ("kbuild: add $(BASH) to run scripts with bash-extension")
      Reported-by: default avatarGeert Uytterhoeven <geert+renesas@glider.be>
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      Tested-by: default avatarGeert Uytterhoeven <geert+renesas@glider.be>
      7a82e3fa