1. 18 Sep, 2018 4 commits
    • Lukas Wunner's avatar
      PCI: pciehp: Reshuffle controller struct for clarity · d7587142
      Lukas Wunner authored
      The members in pciehp's controller struct are arranged in a seemingly
      arbitrary order and have grown to an amount that I no longer consider
      easily graspable by contributors.
      
      Sort the members into 5 rubrics:
      * Slot Capabilities register and quirks
      * Slot Control register access
      * Slot Status register event handling
      * state machine
      * hotplug core interface
      
      Obviously, this is just my personal bikeshed color and if anyone has a
      better idea, please come forward.  Any ordering will do as long as the
      information is presented in a manageable manner.
      
      No functional change intended.
      Signed-off-by: default avatarLukas Wunner <lukas@wunner.de>
      Signed-off-by: default avatarBjorn Helgaas <bhelgaas@google.com>
      d7587142
    • Lukas Wunner's avatar
      PCI: pciehp: Rename controller struct members for clarity · 4ff3126e
      Lukas Wunner authored
      Of the members which were just moved from pciehp's slot struct to the
      controller struct, rename "lock" to "state_lock" and rename "work" to
      "button_work" for clarity.  Perform the rename separately to the
      unification of the two structs per Sinan's request.
      
      No functional change intended.
      Signed-off-by: default avatarLukas Wunner <lukas@wunner.de>
      Signed-off-by: default avatarBjorn Helgaas <bhelgaas@google.com>
      Cc: Sinan Kaya <okaya@kernel.org>
      4ff3126e
    • Lukas Wunner's avatar
      PCI: pciehp: Unify controller and slot structs · 5790a9c7
      Lukas Wunner authored
      pciehp was originally introduced together with shpchp in a single
      commit, c16b4b14 ("PCI Hotplug: Add SHPC and PCI Express hot-plug
      drivers"):
      https://git.kernel.org/tglx/history/c/c16b4b14d980
      
      shpchp supports up to 31 slots per controller, hence uses separate slot
      and controller structs.  pciehp has a 1:1 relationship between slot and
      controller and therefore never required this separation.  Nevertheless,
      because much of the code had been copy-pasted between the two drivers,
      pciehp likewise uses separate structs to this very day.
      
      The artificial separation of data structures adds unnecessary complexity
      and bloat to pciehp and requires constantly chasing pointers at runtime.
      
      Simplify the driver by merging struct slot into struct controller.
      Merge the slot constructor pcie_init_slot() and the destructor
      pcie_cleanup_slot() into the controller counterparts.
      
      No functional change intended.
      Signed-off-by: default avatarLukas Wunner <lukas@wunner.de>
      Signed-off-by: default avatarBjorn Helgaas <bhelgaas@google.com>
      5790a9c7
    • Lukas Wunner's avatar
      PCI: pciehp: Tolerate Presence Detect hardwired to zero · 80696f99
      Lukas Wunner authored
      The WiGig Bus Extension (WBE) specification allows tunneling PCIe over
      IEEE 802.11.  A product implementing this spec is the wil6210 from
      Wilocity (now part of Qualcomm Atheros).  It integrates a PCIe switch
      with a wireless network adapter:
      
        00.0-+              [1ae9:0101]  Upstream Port
             +-00.0-+       [1ae9:0200]  Downstream Port
             |      +-00.0  [168c:0034]  Atheros AR9462 Wireless Network Adapter
             +-02.0         [1ae9:0201]  Downstream Port
             +-03.0         [1ae9:0201]  Downstream Port
      
      Wirelessly attached devices presumably appear below the hotplug ports
      with device ID [1ae9:0201].  Oddly, the Downstream Port [1ae9:0200]
      leading to the wireless network adapter is likewise Hotplug Capable,
      but has its Presence Detect State bit hardwired to zero.  Even if the
      Link Active bit is set, Presence Detect is zero, so this cannot be
      caused by in-band presence detection but only by broken hardware.
      
      pciehp assumes an empty slot if Presence Detect State is zero,
      regardless of Link Active being one.  Consequently, up until v4.18 it
      removes the wireless network adapter in pciehp_resume().  From v4.19 it
      already does so in pciehp_probe().
      
      Be lenient towards broken hardware and assume the slot is occupied if
      Link Active is set:  Introduce pciehp_card_present_or_link_active()
      and use it in lieu of pciehp_get_adapter_status() everywhere, except
      in pciehp_handle_presence_or_link_change() whose log messages depend
      on which of Presence Detect State or Link Active is set.
      
      Remove the Presence Detect State check from __pciehp_enable_slot()
      because it is only called if either of Presence Detect State or Link
      Active is set.
      
      Caution: There is a possibility that broken hardware exists which has
      working Presence Detect but hardwires Link Active to one.  On such
      hardware the slot will now incorrectly be considered always occupied.
      If such hardware is discovered, this commit can be rolled back and a
      quirk can be added which sets is_hotplug_bridge = 0 for [1ae9:0200].
      
      Link: https://bugzilla.kernel.org/show_bug.cgi?id=200839Reported-and-tested-by: default avatarDavid Yang <mmyangfl@gmail.com>
      Signed-off-by: default avatarLukas Wunner <lukas@wunner.de>
      Signed-off-by: default avatarBjorn Helgaas <bhelgaas@google.com>
      Cc: Rajat Jain <rajatja@google.com>
      Cc: Ashok Raj <ashok.raj@intel.com>
      80696f99
  2. 17 Sep, 2018 4 commits
    • Lukas Wunner's avatar
      PCI: pciehp: Drop hotplug_slot_ops wrappers · eee6e273
      Lukas Wunner authored
      pciehp's ->enable_slot, ->disable_slot, ->get_attention_status and
      ->reset_slot callbacks are currently implemented by wrapper functions
      that do nothing else but call down to a backend function.  The backends
      are not called from anywhere else, so drop the wrappers and use the
      backends directly as callbacks, thereby shaving off a few lines of
      unnecessary code.
      
      No functional change intended.
      Signed-off-by: default avatarLukas Wunner <lukas@wunner.de>
      Signed-off-by: default avatarBjorn Helgaas <bhelgaas@google.com>
      eee6e273
    • Lukas Wunner's avatar
      PCI: pciehp: Drop unnecessary includes · 7d4ba523
      Lukas Wunner authored
      Drop the following includes from pciehp source files which no longer use
      any of the included symbols:
      
      * <linux/sched/signal.h> in pciehp.h
        <linux/signal.h> in pciehp_hpc.c
        Added by commit de25968c ("fix more missing includes") to
        accommodate for a call to signal_pending().
        The call was removed by commit 262303fe ("pciehp: fix wait command
        completion").
      
      * <linux/interrupt.h> in pciehp_core.c
        Added by historic commit f308a2df ("PCI: add PCI Express Port Bus
        Driver subsystem") to accommodate for a call to free_irq():
        https://git.kernel.org/tglx/history/c/f308a2dfbe63
        The call was removed by commit 407f452b ("pciehp: remove
        unnecessary free_irq").
      
      * <linux/time.h> in pciehp_core.c and pciehp_hpc.c
        Added by commit 34d03419 ("PCIEHP: Add Electro Mechanical
        Interlock (EMI) support to the PCIE hotplug driver."),
        which was reverted by commit bd3d99c1 ("PCI: Remove untested
        Electromechanical Interlock (EMI) support in pciehp.").
      
      * <linux/module.h> in pciehp_ctrl.c, pciehp_hpc.c and pciehp_pci.c
        Added by historic commit c16b4b14 ("PCI Hotplug: Add SHPC and PCI
        Express hot-plug drivers"):
        https://git.kernel.org/tglx/history/c/c16b4b14d980
        Module-related symbols were neither used back then in those files,
        nor are they used today.
      
      * <linux/slab.h> in pciehp_ctrl.c
        Added by commit 5a0e3ad6 ("include cleanup: Update gfp.h and
        slab.h includes to prepare for breaking implicit slab.h inclusion from
        percpu.h") to accommodate for calls to kmalloc().
        The calls were removed by commit 0e94916e ("PCI: pciehp: Handle
        events synchronously").
      
      * "../pci.h" in pciehp_ctrl.c
        Added by historic commit 67f4660b ("PCI: ASPM patch for") to
        accommodate for usage of the global variable pcie_mch_quirk:
        https://git.kernel.org/tglx/history/c/67f4660b72f2
        The global variable was removed by commit 0ba379ec ("PCI: Simplify
        hotplug mch quirk").
      Signed-off-by: default avatarLukas Wunner <lukas@wunner.de>
      Signed-off-by: default avatarBjorn Helgaas <bhelgaas@google.com>
      7d4ba523
    • Lukas Wunner's avatar
      PCI: pciehp: Differentiate between surprise and safe removal · 11e87702
      Lukas Wunner authored
      When removing PCI devices below a hotplug bridge, pciehp marks them as
      disconnected if the card is no longer present in the slot or it quiesces
      them if the card is still present (by disabling INTx interrupts, bus
      mastering and SERR# reporting).
      
      To detect whether the card is still present, pciehp checks the Presence
      Detect State bit in the Slot Status register.  The problem with this
      approach is that even if the card is present, the link to it may be
      down, and it that case it would be better to mark the devices as
      disconnected instead of trying to quiesce them.  Moreover, if the card
      in the slot was quickly replaced by another one, the Presence Detect
      State bit would be set, yet trying to quiesce the new card's devices
      would be wrong and the correct thing to do is to mark the previous
      card's devices as disconnected.
      
      Instead of looking at the Presence Detect State bit, it is better to
      differentiate whether the card was surprise removed versus safely
      removed (via sysfs or an Attention Button press).  On surprise removal,
      the devices should be marked as disconnected, whereas on safe removal it
      is correct to quiesce the devices.
      
      The knowledge whether a surprise removal or a safe removal is at hand
      does exist further up in the call stack:  A surprise removal is
      initiated by pciehp_handle_presence_or_link_change(), a safe removal by
      pciehp_handle_disable_request().
      
      Pass that information down to pciehp_unconfigure_device() and use it in
      lieu of the Presence Detect State bit.  While there, add kernel-doc to
      pciehp_unconfigure_device() and pciehp_configure_device().
      Tested-by: default avatarAlexandru Gagniuc <mr.nuke.me@gmail.com>
      Signed-off-by: default avatarLukas Wunner <lukas@wunner.de>
      Signed-off-by: default avatarBjorn Helgaas <bhelgaas@google.com>
      Cc: Keith Busch <keith.busch@intel.com>
      11e87702
    • Lukas Wunner's avatar
      PCI: Simplify disconnected marking · a50ac6bf
      Lukas Wunner authored
      Commit 89ee9f76 ("PCI: Add device disconnected state") iterates over
      the devices on a parent bus, marks each as disconnected, then marks
      each device's children as disconnected using pci_walk_bus().
      
      The same can be achieved more succinctly by calling pci_walk_bus() on
      the parent bus.  Moreover, this does not need to wait until acquiring
      pci_lock_rescan_remove(), so move it out of that critical section.
      
      The critical section in err.c contains a pci_dev_get() / pci_dev_put()
      pair which was apparently copy-pasted from pciehp_pci.c.  In the latter
      it serves the purpose of holding the struct pci_dev in place until the
      Command register is updated.  err.c doesn't do anything like that, hence
      the pair is unnecessary.  Remove it.
      Signed-off-by: default avatarLukas Wunner <lukas@wunner.de>
      Signed-off-by: default avatarBjorn Helgaas <bhelgaas@google.com>
      Cc: Keith Busch <keith.busch@intel.com>
      Cc: Oza Pawandeep <poza@codeaurora.org>
      Cc: Sinan Kaya <okaya@kernel.org>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      a50ac6bf
  3. 16 Sep, 2018 2 commits
  4. 15 Sep, 2018 8 commits
  5. 14 Sep, 2018 22 commits
    • Linus Torvalds's avatar
      Merge tag 'devicetree-fixes-for-4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux · 090b75bc
      Linus Torvalds authored
      Pull DeviceTree fix from Rob Herring:
       "One regression for a 20 year old PowerMac:
      
         - Fix a regression on systems having a DT without any phandles which
           happens on a PowerMac G3"
      
      * tag 'devicetree-fixes-for-4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
        of: fix phandle cache creation for DTs with no phandles
      090b75bc
    • Linus Torvalds's avatar
      Merge tag 'for-linus-4.19c-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · d7c02680
      Linus Torvalds authored
      Pull xen fixes from Juergen Gross:
       "This contains some minor cleanups and fixes:
      
         - a new knob for controlling scrubbing of pages returned by the Xen
           balloon driver to the Xen hypervisor to address a boot performance
           issue seen in large guests booted pre-ballooned
      
         - a fix of a regression in the gntdev driver which made it impossible
           to use fully virtualized guests (HVM guests) with a 4.19 based dom0
      
         - a fix in Xen cpu hotplug functionality which could be triggered by
           wrong admin commands (setting number of active vcpus to 0)
      
        One further note: the patches have all been under test for several
        days in another branch. This branch has been rebased in order to avoid
        merge conflicts"
      
      * tag 'for-linus-4.19c-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        xen/gntdev: fix up blockable calls to mn_invl_range_start
        xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage
        xen: avoid crash in disable_hotplug_cpu
        xen/balloon: add runtime control for scrubbing ballooned out pages
        xen/manage: don't complain about an empty value in control/sysrq node
      d7c02680
    • Linus Torvalds's avatar
      Merge tag 'xtensa-20180914' of git://github.com/jcmvbkbc/linux-xtensa · eae4f885
      Linus Torvalds authored
      Pull Xtensa fixes and cleanups from Max Filippov:
      
       - don't allocate memory in platform_setup as the memory allocator is
         not initialized at that point yet;
      
       - remove unnecessary ifeq KBUILD_SRC from arch/xtensa/Makefile;
      
       - enable SG chaining in arch/xtensa/Kconfig.
      
      * tag 'xtensa-20180914' of git://github.com/jcmvbkbc/linux-xtensa:
        xtensa: enable SG chaining in Kconfig
        xtensa: remove unnecessary KBUILD_SRC ifeq conditional
        xtensa: ISS: don't allocate memory in platform_setup
      eae4f885
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 3e153256
      Linus Torvalds authored
      Pull arm64 fixes from Will Deacon:
       "The trickle of arm64 fixes continues to come in.
      
        Nothing that's the end of the world, but we've got a fix for PCI IO
        port accesses, an accidental naked "asm goto" and a fix to the
        vmcoreinfo PT_NOTE merged this time around which we'd like to get
        sorted before it becomes ABI.
      
         - Fix ioport_map() mapping the wrong physical address for some I/O
           BARs
      
         - Remove direct use of "asm goto", since some compilers don't like
           that
      
         - Ensure kimage_voffset is always present in vmcoreinfo PT_NOTE"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        asm-generic: io: Fix ioport_map() for !CONFIG_GENERIC_IOMAP && CONFIG_INDIRECT_PIO
        arm64: kernel: arch_crash_save_vmcoreinfo() should depend on CONFIG_CRASH_CORE
        arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto"
      3e153256
    • Trond Myklebust's avatar
      NFS: Don't open code clearing of delegation state · 9f0c5124
      Trond Myklebust authored
      Add a helper for the case when the nfs4 open state has been set to use
      a delegation stateid, and we want to revert to using the open stateid.
      Signed-off-by: default avatarTrond Myklebust <trond.myklebust@hammerspace.com>
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      9f0c5124
    • Trond Myklebust's avatar
      NFSv4.1 fix infinite loop on I/O. · 994b15b9
      Trond Myklebust authored
      The previous fix broke recovery of delegated stateids because it assumes
      that if we did not mark the delegation as suspect, then the delegation has
      effectively been revoked, and so it removes that delegation irrespectively
      of whether or not it is valid and still in use. While this is "mostly
      harmless" for ordinary I/O, we've seen pNFS fail with LAYOUTGET spinning
      in an infinite loop while complaining that we're using an invalid stateid
      (in this case the all-zero stateid).
      
      What we rather want to do here is ensure that the delegation is always
      correctly marked as needing testing when that is the case. So we want
      to close the loophole offered by nfs4_schedule_stateid_recovery(),
      which marks the state as needing to be reclaimed, but not the
      delegation that may be backing it.
      
      Fixes: 0e3d3e5d ("NFSv4.1 fix infinite loop on IO BAD_STATEID error")
      Signed-off-by: default avatarTrond Myklebust <trond.myklebust@hammerspace.com>
      Cc: stable@vger.kernel.org # v4.11+
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      994b15b9
    • Trond Myklebust's avatar
      NFSv4: Fix a tracepoint Oops in initiate_file_draining() · 2edaead6
      Trond Myklebust authored
      Now that the value of 'ino' can be NULL or an ERR_PTR(), we need to
      change the test in the tracepoint.
      
      Fixes: ce5624f7 ("NFSv4: Return NFS4ERR_DELAY when a layout fails...")
      Signed-off-by: default avatarTrond Myklebust <trond.myklebust@hammerspace.com>
      Cc: stable@vger.kernel.org # v4.17+
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      2edaead6
    • Trond Myklebust's avatar
      pNFS: Ensure we return the error if someone kills a waiting layoutget · d03360aa
      Trond Myklebust authored
      If someone interrupts a wait on one or more outstanding layoutgets in
      pnfs_update_layout() then return the ERESTARTSYS/EINTR error.
      Signed-off-by: default avatarTrond Myklebust <trond.myklebust@hammerspace.com>
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      d03360aa
    • Trond Myklebust's avatar
      NFSv4: Fix a tracepoint Oops in initiate_file_draining() · 2a534a74
      Trond Myklebust authored
      Now that the value of 'ino' can be NULL or an ERR_PTR(), we need to
      change the test in the tracepoint.
      
      Fixes: ce5624f7 ("NFSv4: Return NFS4ERR_DELAY when a layout fails...")
      Signed-off-by: default avatarTrond Myklebust <trond.myklebust@hammerspace.com>
      Cc: stable@vger.kernel.org # v4.17+
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      2a534a74
    • Linus Torvalds's avatar
      Merge tag 'dmaengine-fix-4.19-rc4' of git://git.infradead.org/users/vkoul/slave-dma · f3c0b8ce
      Linus Torvalds authored
      Pull dmaengine fix from Vinod Koul:
       "Fix the mic_x100_dma driver to use devm_kzalloc for driver memory, so
        that it is freed properly when it unregisters from dmaengine using
        managed API"
      
      * tag 'dmaengine-fix-4.19-rc4' of git://git.infradead.org/users/vkoul/slave-dma:
        dmaengine: mic_x100_dma: use devm_kzalloc to fix an issue
      f3c0b8ce
    • Linus Torvalds's avatar
      Merge tag 'usb-4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 1abc088a
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are a number of small USB driver fixes for -rc4.
      
        The usual suspects of gadget, xhci, and dwc2/3 are in here, along with
        some reverts of reported problem changes, and a number of build
        documentation warning fixes. Full details are in the shortlog.
      
        All of these have been in linux-next with no reported issues"
      
      * tag 'usb-4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (28 commits)
        Revert "cdc-acm: implement put_char() and flush_chars()"
        usb: Change usb_of_get_companion_dev() place to usb/common
        usb: xhci: fix interrupt transfer error happened on MTK platforms
        usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()
        usb: misc: uss720: Fix two sleep-in-atomic-context bugs
        usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame()
        usb: Avoid use-after-free by flushing endpoints early in usb_set_interface()
        linux/mod_devicetable.h: fix kernel-doc missing notation for typec_device_id
        usb/typec: fix kernel-doc notation warning for typec_match_altmode
        usb: Don't die twice if PCI xhci host is not responding in resume
        usb: mtu3: fix error of xhci port id when enable U3 dual role
        usb: uas: add support for more quirk flags
        USB: Add quirk to support DJI CineSSD
        usb: typec: fix kernel-doc parameter warning
        usb/dwc3/gadget: fix kernel-doc parameter warning
        USB: yurex: Check for truncation in yurex_read()
        USB: yurex: Fix buffer over-read in yurex_write()
        usb: host: xhci-plat: Iterate over parent nodes for finding quirks
        xhci: Fix use after free for URB cancellation on a reallocated endpoint
        USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller
        ...
      1abc088a
    • Linus Torvalds's avatar
      Merge tag 'tty-4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · c284cf06
      Linus Torvalds authored
      Pull tty fixes from Greg KH:
       "Here are three small HVC tty driver fixes to resolve a reported
        regression from 4.19-rc1.
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'tty-4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        tty: hvc: hvc_write() fix break condition
        tty: hvc: hvc_poll() fix read loop batching
        tty: hvc: hvc_poll() fix read loop hang
      c284cf06
    • Linus Torvalds's avatar
      Merge tag 'staging-4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · 45d9ab8a
      Linus Torvalds authored
      Pull staging/IIO driver fixes from Greg KH:
       "Here are a few small staging and iio driver fixes for -rc4.
      
        Nothing major, just a few small bugfixes for some reported issues, and
        a MAINTAINERS file update for the fbtft drivers.
      
        We also re-enable the building of the erofs filesystem as the XArray
        patches that were causing it to break never got merged in the -rc1
        cycle, so there's no reason it can't be turned back on for now. The
        problem that was previously there is now being handled in the Xarray
        tree at the moment, so it will not hit us again in the future.
      
        All of these patches have been in linux-next with no reported issues"
      
      * tag 'staging-4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        staging: vboxvideo: Change address of scanout buffer on page-flip
        staging: vboxvideo: Fix IRQs no longer working
        staging: gasket: TODO: re-implement using UIO
        staging/fbtft: Update TODO and mailing lists
        staging: erofs: rename superblock flags (MS_xyz -> SB_xyz)
        iio: imu: st_lsm6dsx: take into account ts samples in wm configuration
        Revert "iio: temperature: maxim_thermocouple: add MAX31856 part"
        Revert "staging: erofs: disable compiling temporarile"
        MAINTAINERS: Switch a maintainer for drivers/staging/gasket
        staging: wilc1000: revert "fix TODO to compile spi and sdio components in single module"
      45d9ab8a
    • Linus Torvalds's avatar
      Merge tag 'char-misc-4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · 319cbacf
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "Here are a small handful of char/misc driver fixes for 4.19-rc4.
      
        All of them are simple, resolving reported problems in a few drivers.
        Full details are in the shortlog.
      
        All of these have been in linux-next with no reported issues"
      
      * tag 'char-misc-4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        firmware: Fix security issue with request_firmware_into_buf()
        vmbus: don't return values for uninitalized channels
        fpga: dfl: fme: fix return value check in in pr_mgmt_init()
        misc: hmc6352: fix potential Spectre v1
        Tools: hv: Fix a bug in the key delete code
        misc: ibmvsm: Fix wrong assignment of return code
        android: binder: fix the race mmap and alloc_new_buf_locked
        mei: bus: need to unlink client before freeing
        mei: bus: fix hw module get/put balance
        mei: fix use-after-free in mei_cl_write
        mei: ignore not found client in the enumeration
      319cbacf
    • Joerg Roedel's avatar
      Revert "x86/mm/legacy: Populate the user page-table with user pgd's" · 61a6bd83
      Joerg Roedel authored
      This reverts commit 1f40a46c.
      
      It turned out that this patch is not sufficient to enable PTI on 32 bit
      systems with legacy 2-level page-tables. In this paging mode the huge-page
      PTEs are in the top-level page-table directory, where also the mirroring to
      the user-space page-table happens. So every huge PTE exits twice, in the
      kernel and in the user page-table.
      
      That means that accessed/dirty bits need to be fetched from two PTEs in
      this mode to be safe, but this is not trivial to implement because it needs
      changes to generic code just for the sake of enabling PTI with 32-bit
      legacy paging. As all systems that need PTI should support PAE anyway,
      remove support for PTI when 32-bit legacy paging is used.
      
      Fixes: 7757d607 ('x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32')
      Reported-by: default avatarMeelis Roos <mroos@linux.ee>
      Signed-off-by: default avatarJoerg Roedel <jroedel@suse.de>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: hpa@zytor.com
      Cc: linux-mm@kvack.org
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Dave Hansen <dave.hansen@intel.com>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Link: https://lkml.kernel.org/r/1536922754-31379-1-git-send-email-joro@8bytes.org
      61a6bd83
    • Michal Hocko's avatar
      xen/gntdev: fix up blockable calls to mn_invl_range_start · 58a57569
      Michal Hocko authored
      Patch series "mmu_notifiers follow ups".
      
      Tetsuo has noticed some fallouts from 93065ac7 ("mm, oom: distinguish
      blockable mode for mmu notifiers").  One of them has been fixed and picked
      up by AMD/DRM maintainer [1].  XEN issue is fixed by patch 1.  I have also
      clarified expectations about blockable semantic of invalidate_range_end.
      Finally the last patch removes MMU_INVALIDATE_DOES_NOT_BLOCK which is no
      longer used nor needed.
      
      [1] http://lkml.kernel.org/r/20180824135257.GU29735@dhcp22.suse.cz
      
      This patch (of 3):
      
      93065ac7 ("mm, oom: distinguish blockable mode for mmu notifiers") has
      introduced blockable parameter to all mmu_notifiers and the notifier has
      to back off when called in !blockable case and it could block down the
      road.
      
      The above commit implemented that for mn_invl_range_start but both
      in_range checks are done unconditionally regardless of the blockable mode
      and as such they would fail all the time for regular calls.  Fix this by
      checking blockable parameter as well.
      
      Once we are there we can remove the stale TODO.  The lock has to be
      sleepable because we wait for completion down in gnttab_unmap_refs_sync.
      
      Link: http://lkml.kernel.org/r/20180827112623.8992-2-mhocko@kernel.org
      Fixes: 93065ac7 ("mm, oom: distinguish blockable mode for mmu notifiers")
      Signed-off-by: default avatarMichal Hocko <mhocko@suse.com>
      Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
      Cc: Juergen Gross <jgross@suse.com>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Jerome Glisse <jglisse@redhat.com>
      Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Reviewed-by: default avatarJuergen Gross <jgross@suse.com>
      Signed-off-by: default avatarBoris Ostrovsky <boris.ostrovsky@oracle.com>
      58a57569
    • Josh Abraham's avatar
      xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage · 4dca864b
      Josh Abraham authored
      This patch removes duplicate macro useage in events_base.c.
      
      It also fixes gcc warning:
      variable ‘col’ set but not used [-Wunused-but-set-variable]
      Signed-off-by: default avatarJoshua Abraham <j.abraham1776@gmail.com>
      Reviewed-by: default avatarJuergen Gross <jgross@suse.com>
      Signed-off-by: default avatarBoris Ostrovsky <boris.ostrovsky@oracle.com>
      4dca864b
    • Olaf Hering's avatar
      xen: avoid crash in disable_hotplug_cpu · 3366cdb6
      Olaf Hering authored
      The command 'xl vcpu-set 0 0', issued in dom0, will crash dom0:
      
      BUG: unable to handle kernel NULL pointer dereference at 00000000000002d8
      PGD 0 P4D 0
      Oops: 0000 [#1] PREEMPT SMP NOPTI
      CPU: 7 PID: 65 Comm: xenwatch Not tainted 4.19.0-rc2-1.ga9462db-default #1 openSUSE Tumbleweed (unreleased)
      Hardware name: Intel Corporation S5520UR/S5520UR, BIOS S5500.86B.01.00.0050.050620101605 05/06/2010
      RIP: e030:device_offline+0x9/0xb0
      Code: 77 24 00 e9 ce fe ff ff 48 8b 13 e9 68 ff ff ff 48 8b 13 e9 29 ff ff ff 48 8b 13 e9 ea fe ff ff 90 66 66 66 66 90 41 54 55 53 <f6> 87 d8 02 00 00 01 0f 85 88 00 00 00 48 c7 c2 20 09 60 81 31 f6
      RSP: e02b:ffffc90040f27e80 EFLAGS: 00010203
      RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
      RDX: ffff8801f3800000 RSI: ffffc90040f27e70 RDI: 0000000000000000
      RBP: 0000000000000000 R08: ffffffff820e47b3 R09: 0000000000000000
      R10: 0000000000007ff0 R11: 0000000000000000 R12: ffffffff822e6d30
      R13: dead000000000200 R14: dead000000000100 R15: ffffffff8158b4e0
      FS:  00007ffa595158c0(0000) GS:ffff8801f39c0000(0000) knlGS:0000000000000000
      CS:  e033 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 00000000000002d8 CR3: 00000001d9602000 CR4: 0000000000002660
      Call Trace:
       handle_vcpu_hotplug_event+0xb5/0xc0
       xenwatch_thread+0x80/0x140
       ? wait_woken+0x80/0x80
       kthread+0x112/0x130
       ? kthread_create_worker_on_cpu+0x40/0x40
       ret_from_fork+0x3a/0x50
      
      This happens because handle_vcpu_hotplug_event is called twice. In the
      first iteration cpu_present is still true, in the second iteration
      cpu_present is false which causes get_cpu_device to return NULL.
      In case of cpu#0, cpu_online is apparently always true.
      
      Fix this crash by checking if the cpu can be hotplugged, which is false
      for a cpu that was just removed.
      
      Also check if the cpu was actually offlined by device_remove, otherwise
      leave the cpu_present state as it is.
      
      Rearrange to code to do all work with device_hotplug_lock held.
      Signed-off-by: default avatarOlaf Hering <olaf@aepfle.de>
      Reviewed-by: default avatarJuergen Gross <jgross@suse.com>
      Signed-off-by: default avatarBoris Ostrovsky <boris.ostrovsky@oracle.com>
      3366cdb6
    • Marek Marczykowski-Górecki's avatar
      xen/balloon: add runtime control for scrubbing ballooned out pages · 197ecb38
      Marek Marczykowski-Górecki authored
      Scrubbing pages on initial balloon down can take some time, especially
      in nested virtualization case (nested EPT is slow). When HVM/PVH guest is
      started with memory= significantly lower than maxmem=, all the extra
      pages will be scrubbed before returning to Xen. But since most of them
      weren't used at all at that point, Xen needs to populate them first
      (from populate-on-demand pool). In nested virt case (Xen inside KVM)
      this slows down the guest boot by 15-30s with just 1.5GB needed to be
      returned to Xen.
      
      Add runtime parameter to enable/disable it, to allow initially disabling
      scrubbing, then enable it back during boot (for example in initramfs).
      Such usage relies on assumption that a) most pages ballooned out during
      initial boot weren't used at all, and b) even if they were, very few
      secrets are in the guest at that time (before any serious userspace
      kicks in).
      Convert CONFIG_XEN_SCRUB_PAGES to CONFIG_XEN_SCRUB_PAGES_DEFAULT (also
      enabled by default), controlling default value for the new runtime
      switch.
      Signed-off-by: default avatarMarek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
      Reviewed-by: default avatarJuergen Gross <jgross@suse.com>
      Signed-off-by: default avatarBoris Ostrovsky <boris.ostrovsky@oracle.com>
      197ecb38
    • Vitaly Kuznetsov's avatar
      xen/manage: don't complain about an empty value in control/sysrq node · 87dffe86
      Vitaly Kuznetsov authored
      When guest receives a sysrq request from the host it acknowledges it by
      writing '\0' to control/sysrq xenstore node. This, however, make xenstore
      watch fire again but xenbus_scanf() fails to parse empty value with "%c"
      format string:
      
       sysrq: SysRq : Emergency Sync
       Emergency Sync complete
       xen:manage: Error -34 reading sysrq code in control/sysrq
      
      Ignore -ERANGE the same way we already ignore -ENOENT, empty value in
      control/sysrq is totally legal.
      Signed-off-by: default avatarVitaly Kuznetsov <vkuznets@redhat.com>
      Reviewed-by: default avatarWei Liu <wei.liu2@citrix.com>
      Signed-off-by: default avatarBoris Ostrovsky <boris.ostrovsky@oracle.com>
      87dffe86
    • Andrew Murray's avatar
      asm-generic: io: Fix ioport_map() for !CONFIG_GENERIC_IOMAP && CONFIG_INDIRECT_PIO · 500dd232
      Andrew Murray authored
      The !CONFIG_GENERIC_IOMAP version of ioport_map uses MMIO_UPPER_LIMIT to
      prevent users from making I/O accesses outside the expected I/O range -
      however it erroneously treats MMIO_UPPER_LIMIT as a mask which is
      contradictory to its other users.
      
      The introduction of CONFIG_INDIRECT_PIO, which subtracts an arbitrary
      amount from IO_SPACE_LIMIT to form MMIO_UPPER_LIMIT, results in ioport_map
      mangling the given port rather than capping it.
      
      We address this by aligning more closely with the CONFIG_GENERIC_IOMAP
      implementation of ioport_map by using the comparison operator and
      returning NULL where the port exceeds MMIO_UPPER_LIMIT. Though note that
      we preserve the existing behavior of masking with IO_SPACE_LIMIT such that
      we don't break existing buggy drivers that somehow rely on this masking.
      
      Fixes: 5745392e ("PCI: Apply the new generic I/O management on PCI IO hosts")
      Reported-by: default avatarWill Deacon <will.deacon@arm.com>
      Reviewed-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarAndrew Murray <andrew.murray@arm.com>
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      500dd232
    • Linus Torvalds's avatar
      Merge tag 'printk-for-4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk · a06b0c82
      Linus Torvalds authored
      Pull printk fix from Petr Mladek:
       "Revert a commit that caused "quiet", "debug", and "loglevel" early
        parameters to be ignored for early boot messages"
      
      * tag 'printk-for-4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk:
        Revert "printk: make sure to print log on console."
      a06b0c82