1. 17 Jan, 2020 9 commits
    • Linus Torvalds's avatar
      Merge tag 'for-5.5-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · effaf901
      Linus Torvalds authored
      Pull btrfs fixes from David Sterba:
       "A few more fixes that have been in the works during last twp weeks.
        All have a user visible effect and are stable material:
      
         - scrub: properly update progress after calling cancel ioctl, calling
           'resume' would start from the beginning otherwise
      
         - fix subvolume reference removal, after moving out of the original
           path the reference is not recognized and will lead to transaction
           abort
      
         - fix reloc root lifetime checks, could lead to crashes when there's
           subvolume cleaning running in parallel
      
         - fix memory leak when quotas get disabled in the middle of extent
           accounting
      
         - fix transaction abort in case of balance being started on degraded
           mount on eg. RAID1"
      
      * tag 'for-5.5-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        btrfs: check rw_devices, not num_devices for balance
        Btrfs: always copy scrub arguments back to user space
        btrfs: relocation: fix reloc_root lifespan and access
        btrfs: fix memory leak in qgroup accounting
        btrfs: do not delete mismatched root refs
        btrfs: fix invalid removal of root ref
        btrfs: rework arguments of btrfs_unlink_subvol
      effaf901
    • Linus Torvalds's avatar
      Merge tag 'fuse-fixes-5.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse · ab7541c3
      Linus Torvalds authored
      Pull fuse fix from Miklos Szeredi:
       "Fix a regression in the last release affecting the ftp module of the
        gvfs filesystem"
      
      * tag 'fuse-fixes-5.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
        fuse: fix fuse_send_readpages() in the syncronous read case
      ab7541c3
    • Linus Torvalds's avatar
      Merge tag 'sound-5.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 07d5ac6a
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "This became bigger than I have hoped for rc7. But, the only large LOC
        is for stm32 fixes that are simple rewriting of register access
        helpers, while the rest are all nice and small fixes:
      
         - A few ASoC fixes for the remaining probe error handling bugs
      
         - ALSA sequencer core fix for racy proc file accesses
      
         - Revert the option rename of snd-hda-intel to make compatible again
      
         - Various device-specific fixes"
      
      * tag 'sound-5.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
        ALSA: seq: Fix racy access for queue timer in proc read
        ALSA: usb-audio: fix sync-ep altsetting sanity check
        ASoC: msm8916-wcd-digital: Reset RX interpolation path after use
        ASoC: msm8916-wcd-analog: Fix MIC BIAS Internal1
        ASoC: cros_ec_codec: Make the device acpi compatible
        ASoC: sti: fix possible sleep-in-atomic
        ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1
        ASoC: hdac_hda: Fix error in driver removal after failed probe
        ASoC: SOF: Intel: fix HDA codec driver probe with multiple controllers
        ASoC: SOF: Intel: lower print level to dbg if we will reinit DSP
        ALSA: dice: fix fallback from protocol extension into limited functionality
        ALSA: firewire-tascam: fix corruption due to spin lock without restoration in SoftIRQ context
        ALSA: hda: Rename back to dmic_detect option
        ASoC: stm32: dfsdm: fix 16 bits record
        ASoC: stm32: sai: fix possible circular locking
        ASoC: Fix NULL dereference at freeing
        ASoC: Intel: bytcht_es8316: Fix Irbis NB41 netbook quirk
        ASoC: rt5640: Fix NULL dereference on module unload
      07d5ac6a
    • Josef Bacik's avatar
      btrfs: check rw_devices, not num_devices for balance · b35cf1f0
      Josef Bacik authored
      The fstest btrfs/154 reports
      
        [ 8675.381709] BTRFS: Transaction aborted (error -28)
        [ 8675.383302] WARNING: CPU: 1 PID: 31900 at fs/btrfs/block-group.c:2038 btrfs_create_pending_block_groups+0x1e0/0x1f0 [btrfs]
        [ 8675.390925] CPU: 1 PID: 31900 Comm: btrfs Not tainted 5.5.0-rc6-default+ #935
        [ 8675.392780] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba527-rebuilt.opensuse.org 04/01/2014
        [ 8675.395452] RIP: 0010:btrfs_create_pending_block_groups+0x1e0/0x1f0 [btrfs]
        [ 8675.402672] RSP: 0018:ffffb2090888fb00 EFLAGS: 00010286
        [ 8675.404413] RAX: 0000000000000000 RBX: ffff92026dfa91c8 RCX: 0000000000000001
        [ 8675.406609] RDX: 0000000000000000 RSI: ffffffff8e100899 RDI: ffffffff8e100971
        [ 8675.408775] RBP: ffff920247c61660 R08: 0000000000000000 R09: 0000000000000000
        [ 8675.410978] R10: 0000000000000000 R11: 0000000000000000 R12: 00000000ffffffe4
        [ 8675.412647] R13: ffff92026db74000 R14: ffff920247c616b8 R15: ffff92026dfbc000
        [ 8675.413994] FS:  00007fd5e57248c0(0000) GS:ffff92027d800000(0000) knlGS:0000000000000000
        [ 8675.416146] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
        [ 8675.417833] CR2: 0000564aa51682d8 CR3: 000000006dcbc004 CR4: 0000000000160ee0
        [ 8675.419801] Call Trace:
        [ 8675.420742]  btrfs_start_dirty_block_groups+0x355/0x480 [btrfs]
        [ 8675.422600]  btrfs_commit_transaction+0xc8/0xaf0 [btrfs]
        [ 8675.424335]  reset_balance_state+0x14a/0x190 [btrfs]
        [ 8675.425824]  btrfs_balance.cold+0xe7/0x154 [btrfs]
        [ 8675.427313]  ? kmem_cache_alloc_trace+0x235/0x2c0
        [ 8675.428663]  btrfs_ioctl_balance+0x298/0x350 [btrfs]
        [ 8675.430285]  btrfs_ioctl+0x466/0x2550 [btrfs]
        [ 8675.431788]  ? mem_cgroup_charge_statistics+0x51/0xf0
        [ 8675.433487]  ? mem_cgroup_commit_charge+0x56/0x400
        [ 8675.435122]  ? do_raw_spin_unlock+0x4b/0xc0
        [ 8675.436618]  ? _raw_spin_unlock+0x1f/0x30
        [ 8675.438093]  ? __handle_mm_fault+0x499/0x740
        [ 8675.439619]  ? do_vfs_ioctl+0x56e/0x770
        [ 8675.441034]  do_vfs_ioctl+0x56e/0x770
        [ 8675.442411]  ksys_ioctl+0x3a/0x70
        [ 8675.443718]  ? trace_hardirqs_off_thunk+0x1a/0x1c
        [ 8675.445333]  __x64_sys_ioctl+0x16/0x20
        [ 8675.446705]  do_syscall_64+0x50/0x210
        [ 8675.448059]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
        [ 8675.479187] BTRFS: error (device vdb) in btrfs_create_pending_block_groups:2038: errno=-28 No space left
      
      We now use btrfs_can_overcommit() to see if we can flip a block group
      read only.  Before this would fail because we weren't taking into
      account the usable un-allocated space for allocating chunks.  With my
      patches we were allowed to do the balance, which is technically correct.
      
      The test is trying to start balance on degraded mount.  So now we're
      trying to allocate a chunk and cannot because we want to allocate a
      RAID1 chunk, but there's only 1 device that's available for usage.  This
      results in an ENOSPC.
      
      But we shouldn't even be making it this far, we don't have enough
      devices to restripe.  The problem is we're using btrfs_num_devices(),
      that also includes missing devices. That's not actually what we want, we
      need to use rw_devices.
      
      The chunk_mutex is not needed here, rw_devices changes only in device
      add, remove or replace, all are excluded by EXCL_OP mechanism.
      
      Fixes: e4d8ec0f ("Btrfs: implement online profile changing")
      CC: stable@vger.kernel.org # 4.4+
      Signed-off-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      [ add stacktrace, update changelog, drop chunk_mutex ]
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      b35cf1f0
    • Filipe Manana's avatar
      Btrfs: always copy scrub arguments back to user space · 5afe6ce7
      Filipe Manana authored
      If scrub returns an error we are not copying back the scrub arguments
      structure to user space. This prevents user space to know how much
      progress scrub has done if an error happened - this includes -ECANCELED
      which is returned when users ask for scrub to stop. A particular use
      case, which is used in btrfs-progs, is to resume scrub after it is
      canceled, in that case it relies on checking the progress from the scrub
      arguments structure and then use that progress in a call to resume
      scrub.
      
      So fix this by always copying the scrub arguments structure to user
      space, overwriting the value returned to user space with -EFAULT only if
      copying the structure failed to let user space know that either that
      copying did not happen, and therefore the structure is stale, or it
      happened partially and the structure is probably not valid and corrupt
      due to the partial copy.
      Reported-by: default avatarGraham Cobb <g.btrfs@cobb.uk.net>
      Link: https://lore.kernel.org/linux-btrfs/d0a97688-78be-08de-ca7d-bcb4c7fb397e@cobb.uk.net/
      Fixes: 06fe39ab ("Btrfs: do not overwrite scrub error with fault error in scrub ioctl")
      CC: stable@vger.kernel.org # 5.1+
      Reviewed-by: default avatarJohannes Thumshirn <johannes.thumshirn@wdc.com>
      Reviewed-by: default avatarQu Wenruo <wqu@suse.com>
      Tested-by: default avatarGraham Cobb <g.btrfs@cobb.uk.net>
      Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      5afe6ce7
    • Linus Torvalds's avatar
      Merge tag 'gpio-v5.5-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio · 13b2668d
      Linus Torvalds authored
      Pull GPIO fixes from Linus Walleij:
       "This reverts the GPIOLIB_IRQCHIP in the ThunderX driver.
      
        ThunderX is a piece of Arm-based server chip. I converted the driver
        to hierarchical gpiochip without access to real silicon and failed
        miserably since I didn't take MSI's into account.
      
        Kevin Hao helpfully stepped in and fixed it properly, let's revert it
        for v5.5 and put the proper conversion into v5.6"
      
      * tag 'gpio-v5.5-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
        Revert "gpio: thunderx: Switch to GPIOLIB_IRQCHIP"
      13b2668d
    • Linus Torvalds's avatar
      Merge tag 'block-5.5-2020-01-16' of git://git.kernel.dk/linux-block · 5ffdff81
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "Three fixes that should go into this release:
      
         - The 32-bit segment size fix that I mentioned last week (Ming)
      
         - Use uint for the block size (Mikulas)
      
         - A null_blk zone write handling fix (Damien)"
      
      * tag 'block-5.5-2020-01-16' of git://git.kernel.dk/linux-block:
        block: fix an integer overflow in logical block size
        null_blk: Fix zone write handling
        block: fix get_max_segment_size() overflow on 32bit arch
      5ffdff81
    • Linus Torvalds's avatar
      Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · 575966e0
      Linus Torvalds authored
      Pull ARM SoC fixes from Olof Johansson:
       "I've been sitting on these longer than I meant, so the patch count is
        a bit higher than ideal for this part of the release. There's also
        some reverts of double-applied patches that brings the diffstat up a
        bit.
      
        With that said, the biggest changes are:
      
         - Revert of duplicate i2c device addition on two Aspeed (BMC)
           Devicetrees.
      
         - Move of two device nodes that got applied to the wrong part of the
           tree on ASpeed G6.
      
         - Regulator fix for Beaglebone X15 (adding 12/5V supplies)
      
         - Use interrupts for keys on Amlogic SM1 to avoid missed polls
      
        In addition to that, there is a collection of smaller DT fixes:
      
         - Power supply assignment fixes for i.MX6
      
         - Fix of interrupt line for magnetometer on i.MX8 Librem5 devkit
      
         - Build fixlets (selects) for davinci/omap2+
      
         - More interrupt number fixes for Stratix10, Amlogic SM1, etc.
      
         - ... and more similar fixes across different platforms
      
        And some non-DT stuff:
      
         - optee fix to register multiple shared pages properly
      
         - Clock calculation fixes for MMP3
      
         - Clock fixes for OMAP as well"
      
      * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (42 commits)
        MAINTAINERS: Add myself as the co-maintainer for Actions Semi platforms
        ARM: dts: imx7: Fix Toradex Colibri iMX7S 256MB NAND flash support
        ARM: dts: imx6sll-evk: Remove incorrect power supply assignment
        ARM: dts: imx6sl-evk: Remove incorrect power supply assignment
        ARM: dts: imx6sx-sdb: Remove incorrect power supply assignment
        ARM: dts: imx6qdl-sabresd: Remove incorrect power supply assignment
        ARM: dts: imx6q-icore-mipi: Use 1.5 version of i.Core MX6DL
        ARM: omap2plus: select RESET_CONTROLLER
        ARM: davinci: select CONFIG_RESET_CONTROLLER
        ARM: dts: aspeed: rainier: Fix fan fault and presence
        ARM: dts: aspeed: rainier: Remove duplicate i2c busses
        ARM: dts: aspeed: tacoma: Remove duplicate flash nodes
        ARM: dts: aspeed: tacoma: Remove duplicate i2c busses
        ARM: dts: aspeed: tacoma: Fix fsi master node
        ARM: dts: aspeed-g6: Fix FSI master location
        ARM: dts: mmp3: Fix the TWSI ranges
        clk: mmp2: Fix the order of timer mux parents
        ARM: mmp: do not divide the clock rate
        arm64: dts: rockchip: Fix IR on Beelink A1
        optee: Fix multi page dynamic shm pool alloc
        ...
      575966e0
    • Linus Torvalds's avatar
      Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux · ef64753c
      Linus Torvalds authored
      Pull clk fixes from Stephen Boyd:
       "Second collection of clk fixes for the next release.
      
        This one includes a fix for PM on TI SoCs with sysc devices and fixes
        a bunch of clks that are stuck always enabled on Qualcomm SDM845 SoCs.
      
        Allwinner SoCs get the usual set of fixes too, mostly correcting
        drivers to have the right bits that match the hardware.
      
        There's also a Samsung and Tegra fix in here to mark a clk critical
        and avoid a double free.
      
        And finally there's a fix for critical clks that silences a big
        warning splat about trying to enable a clk that couldn't even be
        prepared"
      
      * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
        clk: ti: dra7-atl: Remove pm_runtime_irq_safe()
        clk: qcom: gcc-sdm845: Add missing flag to votable GDSCs
        clk: sunxi-ng: h6-r: Fix AR100/R_APB2 parent order
        clk: sunxi-ng: h6-r: Simplify R_APB1 clock definition
        clk: sunxi-ng: sun8i-r: Fix divider on APB0 clock
        clk: Don't try to enable critical clocks if prepare failed
        clk: tegra: Fix double-free in tegra_clk_init()
        clk: samsung: exynos5420: Keep top G3D clocks enabled
        clk: sunxi-ng: r40: Allow setting parent rate for external clock outputs
        clk: sunxi-ng: v3s: Fix incorrect number of hw_clks.
      ef64753c
  2. 16 Jan, 2020 6 commits
  3. 15 Jan, 2020 11 commits
  4. 14 Jan, 2020 14 commits
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-5.5-2' of git://git.linux-nfs.org/projects/anna/linux-nfs · 95e20af9
      Linus Torvalds authored
      Pull NFS client bugfixes from Anna Schumaker:
       "Three NFS over RDMA fixes for bugs Chuck found that can be hit during
        device removal:
      
         - Fix create_qp crash on device unload
      
         - Fix completion wait during device removal
      
         - Fix oops in receive handler after device removal"
      
      * tag 'nfs-for-5.5-2' of git://git.linux-nfs.org/projects/anna/linux-nfs:
        xprtrdma: Fix oops in Receive handler after device removal
        xprtrdma: Fix completion wait during device removal
        xprtrdma: Fix create_qp crash on device unload
      95e20af9
    • Ming Lei's avatar
      block: fix get_max_segment_size() overflow on 32bit arch · 4a2f704e
      Ming Lei authored
      Commit 429120f3 starts to take account of segment's start dma address
      when computing max segment size, and data type of 'unsigned long'
      is used to do that. However, the segment mask may be 0xffffffff, so
      the figured out segment size may be overflowed in case of zero physical
      address on 32bit arch.
      
      Fix the issue by returning queue_max_segment_size() directly when that
      happens.
      
      Fixes: 429120f3 ("block: fix splitting segments on boundary masks")
      Reported-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Tested-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Cc: Christoph Hellwig <hch@lst.de>
      Tested-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      Signed-off-by: default avatarMing Lei <ming.lei@redhat.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      4a2f704e
    • Chuck Lever's avatar
      xprtrdma: Fix oops in Receive handler after device removal · 671c450b
      Chuck Lever authored
      Since v5.4, a device removal occasionally triggered this oops:
      
      Dec  2 17:13:53 manet kernel: BUG: unable to handle page fault for address: 0000000c00000219
      Dec  2 17:13:53 manet kernel: #PF: supervisor read access in kernel mode
      Dec  2 17:13:53 manet kernel: #PF: error_code(0x0000) - not-present page
      Dec  2 17:13:53 manet kernel: PGD 0 P4D 0
      Dec  2 17:13:53 manet kernel: Oops: 0000 [#1] SMP
      Dec  2 17:13:53 manet kernel: CPU: 2 PID: 468 Comm: kworker/2:1H Tainted: G        W         5.4.0-00050-g53717e43af61 #883
      Dec  2 17:13:53 manet kernel: Hardware name: Supermicro SYS-6028R-T/X10DRi, BIOS 1.1a 10/16/2015
      Dec  2 17:13:53 manet kernel: Workqueue: ib-comp-wq ib_cq_poll_work [ib_core]
      Dec  2 17:13:53 manet kernel: RIP: 0010:rpcrdma_wc_receive+0x7c/0xf6 [rpcrdma]
      Dec  2 17:13:53 manet kernel: Code: 6d 8b 43 14 89 c1 89 45 78 48 89 4d 40 8b 43 2c 89 45 14 8b 43 20 89 45 18 48 8b 45 20 8b 53 14 48 8b 30 48 8b 40 10 48 8b 38 <48> 8b 87 18 02 00 00 48 85 c0 75 18 48 8b 05 1e 24 c4 e1 48 85 c0
      Dec  2 17:13:53 manet kernel: RSP: 0018:ffffc900035dfe00 EFLAGS: 00010246
      Dec  2 17:13:53 manet kernel: RAX: ffff888467290000 RBX: ffff88846c638400 RCX: 0000000000000048
      Dec  2 17:13:53 manet kernel: RDX: 0000000000000048 RSI: 00000000f942e000 RDI: 0000000c00000001
      Dec  2 17:13:53 manet kernel: RBP: ffff888467611b00 R08: ffff888464e4a3c4 R09: 0000000000000000
      Dec  2 17:13:53 manet kernel: R10: ffffc900035dfc88 R11: fefefefefefefeff R12: ffff888865af4428
      Dec  2 17:13:53 manet kernel: R13: ffff888466023000 R14: ffff88846c63f000 R15: 0000000000000010
      Dec  2 17:13:53 manet kernel: FS:  0000000000000000(0000) GS:ffff88846fa80000(0000) knlGS:0000000000000000
      Dec  2 17:13:53 manet kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      Dec  2 17:13:53 manet kernel: CR2: 0000000c00000219 CR3: 0000000002009002 CR4: 00000000001606e0
      Dec  2 17:13:53 manet kernel: Call Trace:
      Dec  2 17:13:53 manet kernel: __ib_process_cq+0x5c/0x14e [ib_core]
      Dec  2 17:13:53 manet kernel: ib_cq_poll_work+0x26/0x70 [ib_core]
      Dec  2 17:13:53 manet kernel: process_one_work+0x19d/0x2cd
      Dec  2 17:13:53 manet kernel: ? cancel_delayed_work_sync+0xf/0xf
      Dec  2 17:13:53 manet kernel: worker_thread+0x1a6/0x25a
      Dec  2 17:13:53 manet kernel: ? cancel_delayed_work_sync+0xf/0xf
      Dec  2 17:13:53 manet kernel: kthread+0xf4/0xf9
      Dec  2 17:13:53 manet kernel: ? kthread_queue_delayed_work+0x74/0x74
      Dec  2 17:13:53 manet kernel: ret_from_fork+0x24/0x30
      
      The proximal cause is that this rpcrdma_rep has a rr_rdmabuf that
      is still pointing to the old ib_device, which has been freed. The
      only way that is possible is if this rpcrdma_rep was not destroyed
      by rpcrdma_ia_remove.
      
      Debugging showed that was indeed the case: this rpcrdma_rep was
      still in use by a completing RPC at the time of the device removal,
      and thus wasn't on the rep free list. So, it was not found by
      rpcrdma_reps_destroy().
      
      The fix is to introduce a list of all rpcrdma_reps so that they all
      can be found when a device is removed. That list is used to perform
      only regbuf DMA unmapping, replacing that call to
      rpcrdma_reps_destroy().
      
      Meanwhile, to prevent corruption of this list, I've moved the
      destruction of temp rpcrdma_rep objects to rpcrdma_post_recvs().
      rpcrdma_xprt_drain() ensures that post_recvs (and thus rep_destroy) is
      not invoked while rpcrdma_reps_unmap is walking rb_all_reps, thus
      protecting the rb_all_reps list.
      
      Fixes: b0b227f0 ("xprtrdma: Use an llist to manage free rpcrdma_reps")
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      671c450b
    • Chuck Lever's avatar
      xprtrdma: Fix completion wait during device removal · 13cb886c
      Chuck Lever authored
      I've found that on occasion, "rmmod <dev>" will hang while if an NFS
      is under load.
      
      Ensure that ri_remove_done is initialized only just before the
      transport is woken up to force a close. This avoids the completion
      possibly getting initialized again while the CM event handler is
      waiting for a wake-up.
      
      Fixes: bebd0318 ("xprtrdma: Support unplugging an HCA from under an NFS mount")
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      13cb886c
    • Chuck Lever's avatar
      xprtrdma: Fix create_qp crash on device unload · b32b9ed4
      Chuck Lever authored
      On device re-insertion, the RDMA device driver crashes trying to set
      up a new QP:
      
      Nov 27 16:32:06 manet kernel: BUG: kernel NULL pointer dereference, address: 00000000000001c0
      Nov 27 16:32:06 manet kernel: #PF: supervisor write access in kernel mode
      Nov 27 16:32:06 manet kernel: #PF: error_code(0x0002) - not-present page
      Nov 27 16:32:06 manet kernel: PGD 0 P4D 0
      Nov 27 16:32:06 manet kernel: Oops: 0002 [#1] SMP
      Nov 27 16:32:06 manet kernel: CPU: 1 PID: 345 Comm: kworker/u28:0 Tainted: G        W         5.4.0 #852
      Nov 27 16:32:06 manet kernel: Hardware name: Supermicro SYS-6028R-T/X10DRi, BIOS 1.1a 10/16/2015
      Nov 27 16:32:06 manet kernel: Workqueue: xprtiod xprt_rdma_connect_worker [rpcrdma]
      Nov 27 16:32:06 manet kernel: RIP: 0010:atomic_try_cmpxchg+0x2/0x12
      Nov 27 16:32:06 manet kernel: Code: ff ff 48 8b 04 24 5a c3 c6 07 00 0f 1f 40 00 c3 31 c0 48 81 ff 08 09 68 81 72 0c 31 c0 48 81 ff 83 0c 68 81 0f 92 c0 c3 8b 06 <f0> 0f b1 17 0f 94 c2 84 d2 75 02 89 06 88 d0 c3 53 ba 01 00 00 00
      Nov 27 16:32:06 manet kernel: RSP: 0018:ffffc900035abbf0 EFLAGS: 00010046
      Nov 27 16:32:06 manet kernel: RAX: 0000000000000000 RBX: 00000000000001c0 RCX: 0000000000000000
      Nov 27 16:32:06 manet kernel: RDX: 0000000000000001 RSI: ffffc900035abbfc RDI: 00000000000001c0
      Nov 27 16:32:06 manet kernel: RBP: ffffc900035abde0 R08: 000000000000000e R09: ffffffffffffc000
      Nov 27 16:32:06 manet kernel: R10: 0000000000000000 R11: 000000000002e800 R12: ffff88886169d9f8
      Nov 27 16:32:06 manet kernel: R13: ffff88886169d9f4 R14: 0000000000000246 R15: 0000000000000000
      Nov 27 16:32:06 manet kernel: FS:  0000000000000000(0000) GS:ffff88846fa40000(0000) knlGS:0000000000000000
      Nov 27 16:32:06 manet kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      Nov 27 16:32:06 manet kernel: CR2: 00000000000001c0 CR3: 0000000002009006 CR4: 00000000001606e0
      Nov 27 16:32:06 manet kernel: Call Trace:
      Nov 27 16:32:06 manet kernel: do_raw_spin_lock+0x2f/0x5a
      Nov 27 16:32:06 manet kernel: create_qp_common.isra.47+0x856/0xadf [mlx4_ib]
      Nov 27 16:32:06 manet kernel: ? slab_post_alloc_hook.isra.60+0xa/0x1a
      Nov 27 16:32:06 manet kernel: ? __kmalloc+0x125/0x139
      Nov 27 16:32:06 manet kernel: mlx4_ib_create_qp+0x57f/0x972 [mlx4_ib]
      
      The fix is to copy the qp_init_attr struct that was just created by
      rpcrdma_ep_create() instead of using the one from the previous
      connection instance.
      
      Fixes: 98ef77d1 ("xprtrdma: Send Queue size grows after a reconnect")
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      b32b9ed4
    • Linus Torvalds's avatar
      Merge branch 'parisc-5.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux · 452424cd
      Linus Torvalds authored
      Pull parisc fixes from Helge Deller:
       "A boot crash fix by Mike Rapoport and a printk fix by Krzysztof
        Kozlowski"
      
      * 'parisc-5.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
        parisc: fix map_pages() to actually populate upper directory
        parisc: Use proper printk format for resource_size_t
      452424cd
    • Linus Torvalds's avatar
      Merge tag 'asm-generic-5.5' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/playground · 67373994
      Linus Torvalds authored
      Pull asm-generic fixes from Arnd Bergmann:
       "Here are two bugfixes from Mike Rapoport, both fixing compile-time
        errors for the nds32 architecture that were recently introduced"
      
      * tag 'asm-generic-5.5' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/playground:
        nds32: fix build failure caused by page table folding updates
        asm-generic/nds32: don't redefine cacheflush primitives
      67373994
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · c21ed4d9
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Two simple fixes in the upper drivers (so both fairly core), one in
        enclosures, which fixes replugging a device into an enclosure slot and
        one in the disk driver which fixes revalidating a drive with
        protection information (PI) to make it a non-PI drive ... previously
        we were still remembering the old PI state.
      
        Both fixed issues are quite rare in the field"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: enclosure: Fix stale device oops with hot replug
        scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI
      c21ed4d9
    • Linus Torvalds's avatar
      Merge branch 'dhowells' (patches from DavidH) · e033e7d4
      Linus Torvalds authored
      Merge misc fixes from David Howells.
      
      Two afs fixes and a key refcounting fix.
      
      * dhowells:
        afs: Fix afs_lookup() to not clobber the version on a new dentry
        afs: Fix use-after-loss-of-ref
        keys: Fix request_key() cache
      e033e7d4
    • David Howells's avatar
      afs: Fix afs_lookup() to not clobber the version on a new dentry · f52b83b0
      David Howells authored
      Fix afs_lookup() to not clobber the version set on a new dentry by
      afs_do_lookup() - especially as it's using the wrong version of the
      version (we need to use the one given to us by whatever op the dir
      contents correspond to rather than what's in the afs_vnode).
      
      Fixes: 9dd0b82e ("afs: Fix missing dentry data version updating")
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      f52b83b0
    • David Howells's avatar
      afs: Fix use-after-loss-of-ref · 40a708bd
      David Howells authored
      afs_lookup() has a tracepoint to indicate the outcome of
      d_splice_alias(), passing it the inode to retrieve the fid from.
      However, the function gave up its ref on that inode when it called
      d_splice_alias(), which may have failed and dropped the inode.
      
      Fix this by caching the fid.
      
      Fixes: 80548b03 ("afs: Add more tracepoints")
      Reported-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      40a708bd
    • David Howells's avatar
      keys: Fix request_key() cache · 8379bb84
      David Howells authored
      When the key cached by request_key() and co.  is cleaned up on exit(),
      the code looks in the wrong task_struct, and so clears the wrong cache.
      This leads to anomalies in key refcounting when doing, say, a kernel
      build on an afs volume, that then trigger kasan to report a
      use-after-free when the key is viewed in /proc/keys.
      
      Fix this by making exit_creds() look in the passed-in task_struct rather
      than in current (the task_struct cleanup code is deferred by RCU and
      potentially run in another task).
      
      Fixes: 7743c48e ("keys: Cache result of request_key*() temporarily in task_struct")
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8379bb84
    • Linus Torvalds's avatar
      Merge branch 'akpm' (patches from Andrew) · 3f1f9a9b
      Linus Torvalds authored
      Merge misc fixes from Andrew Morton:
       "11 mm fixes"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        mm: khugepaged: add trace status description for SCAN_PAGE_HAS_PRIVATE
        mm: memcg/slab: call flush_memcg_workqueue() only if memcg workqueue is valid
        mm/page-writeback.c: improve arithmetic divisions
        mm/page-writeback.c: use div64_ul() for u64-by-unsigned-long divide
        mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio()
        mm, debug_pagealloc: don't rely on static keys too early
        mm: memcg/slab: fix percpu slab vmstats flushing
        mm/shmem.c: thp, shmem: fix conflict of above-47bit hint address and PMD alignment
        mm/huge_memory.c: thp: fix conflict of above-47bit hint address and PMD alignment
        mm/memory_hotplug: don't free usage map when removing a re-added early section
        mm, thp: tweak reclaim/compaction effort of local-only and all-node allocations
      3f1f9a9b
    • Johan Hovold's avatar
      ALSA: usb-audio: fix sync-ep altsetting sanity check · 5d1b7122
      Johan Hovold authored
      The altsetting sanity check in set_sync_ep_implicit_fb_quirk() was
      checking for there to be at least one altsetting but then went on to
      access the second one, which may not exist.
      
      This could lead to random slab data being used to initialise the sync
      endpoint in snd_usb_add_endpoint().
      
      Fixes: c75a8a7a ("ALSA: snd-usb: add support for implicit feedback")
      Fixes: ca10a7eb ("ALSA: usb-audio: FT C400 sync playback EP to capture EP")
      Fixes: 5e35dc03 ("ALSA: usb-audio: add implicit fb quirk for Behringer UFX1204")
      Fixes: 17f08b0d ("ALSA: usb-audio: add implicit fb quirk for Axe-Fx II")
      Fixes: 103e9625 ("ALSA: usb-audio: simplify set_sync_ep_implicit_fb_quirk")
      Cc: stable <stable@vger.kernel.org>     # 3.5
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Link: https://lore.kernel.org/r/20200114083953.1106-1-johan@kernel.orgSigned-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      5d1b7122