1. 21 Jun, 2019 1 commit
    • Jens Axboe's avatar
      io_uring: ensure req->file is cleared on allocation · 60c112b0
      Jens Axboe authored
      Stephen reports:
      
      I hit the following General Protection Fault when testing io_uring via
      the io_uring engine in fio. This was on a VM running 5.2-rc5 and the
      latest version of fio. The issue occurs for both null_blk and fake NVMe
      drives. I have not tested bare metal or real NVMe SSDs. The fio script
      used is given below.
      
      [io_uring]
      time_based=1
      runtime=60
      filename=/dev/nvme2n1 (note /dev/nullb0 also fails)
      ioengine=io_uring
      bs=4k
      rw=readwrite
      direct=1
      fixedbufs=1
      sqthread_poll=1
      sqthread_poll_cpu=0
      
      general protection fault: 0000 [#1] SMP PTI
      CPU: 0 PID: 872 Comm: io_uring-sq Not tainted 5.2.0-rc5-cpacket-io-uring #1
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
      RIP: 0010:fput_many+0x7/0x90
      Code: 01 48 85 ff 74 17 55 48 89 e5 53 48 8b 1f e8 a0 f9 ff ff 48 85 db 48 89 df 75 f0 5b 5d f3 c3 0f 1f 40 00 0f 1f 44 00 00 89 f6 <f0> 48 29 77 38 74 01 c3 55 48 89 e5 53 48 89 fb 65 48 \
      
      RSP: 0018:ffffadeb817ebc50 EFLAGS: 00010246
      RAX: 0000000000000004 RBX: ffff8f46ad477480 RCX: 0000000000001805
      RDX: 0000000000000000 RSI: 0000000000000001 RDI: f18b51b9a39552b5
      RBP: ffffadeb817ebc58 R08: ffff8f46b7a318c0 R09: 000000000000015d
      R10: ffffadeb817ebce8 R11: 0000000000000020 R12: ffff8f46ad4cd000
      R13: 00000000fffffff7 R14: ffffadeb817ebe30 R15: 0000000000000004
      FS:  0000000000000000(0000) GS:ffff8f46b7a00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 000055828f0bbbf0 CR3: 0000000232176004 CR4: 00000000003606f0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       ? fput+0x13/0x20
       io_free_req+0x20/0x40
       io_put_req+0x1b/0x20
       io_submit_sqe+0x40a/0x680
       ? __switch_to_asm+0x34/0x70
       ? __switch_to_asm+0x40/0x70
       io_submit_sqes+0xb9/0x160
       ? io_submit_sqes+0xb9/0x160
       ? __switch_to_asm+0x40/0x70
       ? __switch_to_asm+0x34/0x70
       ? __schedule+0x3f2/0x6a0
       ? __switch_to_asm+0x34/0x70
       io_sq_thread+0x1af/0x470
       ? __switch_to_asm+0x34/0x70
       ? wait_woken+0x80/0x80
       ? __switch_to+0x85/0x410
       ? __switch_to_asm+0x40/0x70
       ? __switch_to_asm+0x34/0x70
       ? __schedule+0x3f2/0x6a0
       kthread+0x105/0x140
       ? io_submit_sqes+0x160/0x160
       ? kthread+0x105/0x140
       ? io_submit_sqes+0x160/0x160
       ? kthread_destroy_worker+0x50/0x50
       ret_from_fork+0x35/0x40
      
      which occurs because using a kernel side submission thread isn't valid
      without using fixed files (registered through io_uring_register()). This
      causes io_uring to put the request after logging an error, but before
      the file field is set in the request. If it happens to be non-zero, we
      attempt to fput() garbage.
      
      Fix this by ensuring that req->file is initialized when the request is
      allocated.
      
      Cc: stable@vger.kernel.org # 5.1+
      Reported-by: default avatarStephen Bates <sbates@raithlin.com>
      Tested-by: default avatarStephen Bates <sbates@raithlin.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      60c112b0
  2. 18 Jun, 2019 2 commits
  3. 17 Jun, 2019 2 commits
  4. 13 Jun, 2019 11 commits
  5. 10 Jun, 2019 1 commit
  6. 09 Jun, 2019 1 commit
  7. 08 Jun, 2019 12 commits
    • Linus Torvalds's avatar
      Merge tag 'ceph-for-5.2-rc4' of git://github.com/ceph/ceph-client · 2759e05c
      Linus Torvalds authored
      Pull ceph fixes from Ilya Dryomov:
       "A change to call iput() asynchronously to avoid a possible deadlock
        when iput_final() needs to wait for in-flight I/O (e.g. readahead) and
        a fixup for a cleanup that went into -rc1"
      
      * tag 'ceph-for-5.2-rc4' of git://github.com/ceph/ceph-client:
        ceph: fix error handling in ceph_get_caps()
        ceph: avoid iput_final() while holding mutex or in dispatch thread
        ceph: single workqueue for inode related works
      2759e05c
    • Linus Torvalds's avatar
      Merge tag 'for-linus-5.2b-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · 8e61f6f7
      Linus Torvalds authored
      Pull xen fix from Juergen Gross:
       "Just one fix for the Xen block frontend driver avoiding allocations
        with order > 0"
      
      * tag 'for-linus-5.2b-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        xen-blkfront: switch kcalloc to kvcalloc for large array allocation
      8e61f6f7
    • Linus Torvalds's avatar
      Merge tag 's390-5.2-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · 3d4645bf
      Linus Torvalds authored
      Pull s390 fixes from Heiko Carstens:
      
       - fix stack unwinder: the stack unwinder rework has on off-by-one bug
         which prevents following stack backchains over more than one context
         (e.g. irq -> process).
      
       - fix address space detection in exception handler: if user space
         switches to access register mode, which is not supported anymore, the
         exception handler may resolve to the wrong address space.
      
      * tag 's390-5.2-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390/unwind: correct stack switching during unwind
        s390/mm: fix address space detection in exception handling
      3d4645bf
    • Linus Torvalds's avatar
      Merge tag 'mips_fixes_5.2_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux · d0cc617a
      Linus Torvalds authored
      Pull MIPS fixes from Paul Burton:
      
       - Declare ginvt() __always_inline due to its use of an argument as an
         inline asm immediate.
      
       - A VDSO build fix following Kbuild changes made this cycle.
      
       - A fix for boot failures on txx9 systems following memory
         initialization changes made this cycle.
      
       - Bounds check virt_addr_valid() to prevent it spuriously indicating
         that bogus addresses are valid, in turn fixing hardened usercopy
         failures that have been present since v4.12.
      
       - Build uImage.gz for pistachio systems by default, since this is the
         image we need in order to actually boot on a board.
      
       - Remove an unused variable in our uprobes code.
      
      * tag 'mips_fixes_5.2_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux:
        MIPS: uprobes: remove set but not used variable 'epc'
        MIPS: pistachio: Build uImage.gz by default
        MIPS: Make virt_addr_valid() return bool
        MIPS: Bounds check virt_addr_valid
        MIPS: TXx9: Fix boot crash in free_initmem()
        MIPS: remove a space after -I to cope with header search paths for VDSO
        MIPS: mark ginvt() as __always_inline
      d0cc617a
    • Linus Torvalds's avatar
      Merge tag 'spdx-5.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core · 9331b674
      Linus Torvalds authored
      Pull yet more SPDX updates from Greg KH:
       "Another round of SPDX header file fixes for 5.2-rc4
      
        These are all more "GPL-2.0-or-later" or "GPL-2.0-only" tags being
        added, based on the text in the files. We are slowly chipping away at
        the 700+ different ways people tried to write the license text. All of
        these were reviewed on the spdx mailing list by a number of different
        people.
      
        We now have over 60% of the kernel files covered with SPDX tags:
      	$ ./scripts/spdxcheck.py -v 2>&1 | grep Files
      	Files checked:            64533
      	Files with SPDX:          40392
      	Files with errors:            0
      
        I think the majority of the "easy" fixups are now done, it's now the
        start of the longer-tail of crazy variants to wade through"
      
      * tag 'spdx-5.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: (159 commits)
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 450
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 449
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 448
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 446
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 445
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 444
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 443
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 442
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 440
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 438
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 437
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 436
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 435
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 434
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 433
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 432
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 431
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 430
        treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 429
        ...
      9331b674
    • Linus Torvalds's avatar
      Merge tag 'char-misc-5.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · 1ce2c851
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "Here are some small char and misc driver fixes for 5.2-rc4 to resolve
        a number of reported issues.
      
        The most "notable" one here is the kernel headers in proc^Wsysfs
        fixes. Those changes move the header file info into sysfs and fixes
        the build issues that you reported.
      
        Other than that, a bunch of small habanalabs driver fixes, some fpga
        driver fixes, and a few other tiny driver fixes.
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'char-misc-5.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        habanalabs: Read upper bits of trace buffer from RWPHI
        habanalabs: Fix virtual address access via debugfs for 2MB pages
        fpga: zynqmp-fpga: Correctly handle error pointer
        habanalabs: fix bug in checking huge page optimization
        habanalabs: Avoid using a non-initialized MMU cache mutex
        habanalabs: fix debugfs code
        uapi/habanalabs: add opcode for enable/disable device debug mode
        habanalabs: halt debug engines on user process close
        test_firmware: Use correct snprintf() limit
        genwqe: Prevent an integer overflow in the ioctl
        parport: Fix mem leak in parport_register_dev_model
        fpga: dfl: expand minor range when registering chrdev region
        fpga: dfl: Add lockdep classes for pdata->lock
        fpga: dfl: afu: Pass the correct device to dma_mapping_error()
        fpga: stratix10-soc: fix use-after-free on s10_init()
        w1: ds2408: Fix typo after 49695ac4 (reset on output_write retry with readback)
        kheaders: Do not regenerate archive if config is not changed
        kheaders: Move from proc to sysfs
        lkdtm/bugs: Adjust recursion test to avoid elision
        lkdtm/usercopy: Moves the KERNEL_DS test to non-canonical
      1ce2c851
    • Linus Torvalds's avatar
      Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · 902b2edf
      Linus Torvalds authored
      Pull i2c fixes from Wolfram Sang:
       "I2C has a driver bugfix and a MAINTAINERS fix"
      
      * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        MAINTAINERS: Karthikeyan Ramasubramanian is MIA
        i2c: xiic: Add max_read_len quirk
      902b2edf
    • Linus Torvalds's avatar
      Merge tag 'dmaengine-fix-5.2-rc4' of git://git.infradead.org/users/vkoul/slave-dma · 66b59f2b
      Linus Torvalds authored
      Pull dmaengine fixes from Vinod Koul:
      
       - jz4780 transfer fix for acking descriptors early
      
       - fsl-qdma: clean registers on error
      
       - dw-axi-dmac: null pointer dereference fix
      
       - mediatek-cqdma: fix sleeping in atomic context
      
       - tegra210-adma: fix bunch os issues like crashing in driver probe,
         channel FIFO configuration etc.
      
       - sprd: Fixes for possible crash on descriptor status, block length
         overflow. For 2-stage transfer fix incorrect start, configuration and
         interrupt handling.
      
      * tag 'dmaengine-fix-5.2-rc4' of git://git.infradead.org/users/vkoul/slave-dma:
        dmaengine: sprd: Add interrupt support for 2-stage transfer
        dmaengine: sprd: Fix the right place to configure 2-stage transfer
        dmaengine: sprd: Fix block length overflow
        dmaengine: sprd: Fix the incorrect start for 2-stage destination channels
        dmaengine: sprd: Add validation of current descriptor in irq handler
        dmaengine: sprd: Fix the possible crash when getting descriptor status
        dmaengine: tegra210-adma: Fix spelling
        dmaengine: tegra210-adma: Fix channel FIFO configuration
        dmaengine: tegra210-adma: Fix crash during probe
        dmaengine: mediatek-cqdma: sleeping in atomic context
        dmaengine: dw-axi-dmac: fix null dereference when pointer first is null
        dmaengine: fsl-qdma: Add improvement
        dmaengine: jz4780: Fix transfers being ACKed too soon
      66b59f2b
    • Linus Torvalds's avatar
      Merge tag 'for-linus-20190608' of git://git.kernel.dk/linux-block · 8d72e5bd
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - Allow symlink from the bfq.weight cgroup parameter to the general
         weight (Angelo)
      
       - Damien is new skd maintainer (Bart)
      
       - NVMe pull request from Sagi, with a few small fixes.
      
       - Ensure we set DMA segment size properly, dma-debug is now tripping on
         these (Christoph)
      
       - Remove useless debugfs_create() return check (Greg)
      
       - Remove redundant unlikely() check on IS_ERR() (Kefeng)
      
       - Fixup request freeing on exit (Ming)
      
      * tag 'for-linus-20190608' of git://git.kernel.dk/linux-block:
        block, bfq: add weight symlink to the bfq.weight cgroup parameter
        cgroup: let a symlink too be created with a cftype file
        block: free sched's request pool in blk_cleanup_queue
        nvme-rdma: use dynamic dma mapping per command
        nvme: Fix u32 overflow in the number of namespace list calculation
        mmc: also set max_segment_size in the device
        mtip32xx: also set max_segment_size in the device
        rsxx: don't call dma_set_max_seg_size
        nvme-pci: don't limit DMA segement size
        block: Drop unlikely before IS_ERR(_OR_NULL)
        block: aoe: no need to check return value of debugfs_create functions
        nvmet: fix data_len to 0 for bdev-backed write_zeroes
        MAINTAINERS: Hand over skd maintainership
        nvme-tcp: fix queue mapping when queue count is limited
        nvme-rdma: fix queue mapping when queue count is limited
      8d72e5bd
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 1b02caa3
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Two bug fixes, both for fairly serious problems; the UFS one looks
        like it could be used to exfiltrate data from the kernel, although
        probably only a privileged user has access to the command management
        interface and the missing unlock in smartpqi is long standing and
        probably a little used error path"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous()
        scsi: ufs: Check that space was properly alloced in copy_query_response
      1b02caa3
    • Linus Torvalds's avatar
      Merge tag 'linux-kselftest-5.2-rc4-2' of... · 0ad43e29
      Linus Torvalds authored
      Merge tag 'linux-kselftest-5.2-rc4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
      
      Pull Kselftest fix from Shuah Khan:
       "This consists of a single fix for a vm test build failure regression
        when it is built by itself"
      
      * tag 'linux-kselftest-5.2-rc4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
        selftests: vm: Fix test build failure when built by itself
      0ad43e29
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2019-06-07-1' of git://anongit.freedesktop.org/drm/drm · 79c3ba32
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "A small bit more lively this week but not majorly so. I'm away in
        Japan next week for family holiday, so I'll be pretty disconnected,
        I've asked Daniel to do fixes for the week while I'm out.
      
        The nouveau firmware changes are a bit large, but they address a big
        problem where a whole set of boards don't load with the driver, and
        the new firmware fixes that, so I think it's worth trying to land it
        now.
      
        core:
         - Allow fb changes in async commits (drivers as well)
      
        udmabuf:
         - Unmap scatterlist when unmapping udmabuf
      
        nouveau:
         - firmware loading fixes for secboot firmware on new GPU revision.
      
        komeda:
         - oops, dma mapping and warning fixes
      
        arm-hdlcd:
         - clock fixes
         - mode validation fix
      
        i915:
         - Add a missing Icelake workaround
         - GVT - DMA map fault fix and enforcement fixes
      
        amdgpu:
         - DCE resume fix
         - New raven variation updates"
      
      * tag 'drm-fixes-2019-06-07-1' of git://anongit.freedesktop.org/drm/drm: (33 commits)
        drm/nouveau/secboot/gp10[2467]: support newer FW to fix SEC2 failures on some boards
        drm/nouveau/secboot: enable loading of versioned LS PMU/SEC2 ACR msgqueue FW
        drm/nouveau/secboot: split out FW version-specific LS function pointers
        drm/nouveau/secboot: pass max supported FW version to LS load funcs
        drm/nouveau/core: support versioned firmware loading
        drm/nouveau/core: pass subdev into nvkm_firmware_get, rather than device
        drm/komeda: Potential error pointer dereference
        drm/komeda: remove set but not used variable 'kcrtc'
        drm/amd/amdgpu: add RLC firmware to support raven1 refresh
        drm/amd/powerplay: add set_power_profile_mode for raven1_refresh
        drm/amdgpu: fix ring test failure issue during s3 in vce 3.0 (V2)
        udmabuf: actually unmap the scatterlist
        drm/arm/hdlcd: Allow a bit of clock tolerance
        drm/arm/hdlcd: Actually validate CRTC modes
        drm/arm/mali-dp: Add a loop around the second set CVAL and try 5 times
        drm/komeda: fixing of DMA mapping sg segment warning
        drm: don't block fb changes for async plane updates
        drm/vc4: fix fb references in async update
        drm/msm: fix fb references in async update
        drm/amd: fix fb references in async update
        ...
      79c3ba32
  8. 07 Jun, 2019 10 commits