1. 26 Nov, 2018 5 commits
  2. 25 Nov, 2018 22 commits
  3. 15 Nov, 2018 2 commits
  4. 14 Nov, 2018 1 commit
  5. 12 Nov, 2018 3 commits
    • Michael Ellerman's avatar
      selftests/powerpc: Fix wild_bctr test to work on ppc64 · 2c7645b0
      Michael Ellerman authored
      The selftest I recently added to test branching to an out-of-bounds
      NIP doesn't work on 64-bit big endian. It does fail but not in the
      right way. That is it SEGVs trying to load from the opd at BAD_NIP,
      but it never gets as far as branching to BAD_NIP.
      
      To fix it we need to create an opd which is reachable but which holds
      the bad address.
      
      Fixes: b7683fc6 ("selftests/powerpc: Add a test of wild bctr")
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      2c7645b0
    • Michael Ellerman's avatar
      powerpc/io: Fix the IO workarounds code to work with Radix · 43c6494f
      Michael Ellerman authored
      Back in 2006 Ben added some workarounds for a misbehaviour in the
      Spider IO bridge used on early Cell machines, see commit
      014da7ff ("[POWERPC] Cell "Spider" MMIO workarounds"). Later these
      were made to be generic, ie. not tied specifically to Spider.
      
      The code stashes a token in the high bits (59-48) of virtual addresses
      used for IO (eg. returned from ioremap()). This works fine when using
      the Hash MMU, but when we're using the Radix MMU the bits used for the
      token overlap with some of the bits of the virtual address.
      
      This is because the maximum virtual address is larger with Radix, up
      to c00fffffffffffff, and in fact we use that high part of the address
      range for ioremap(), see RADIX_KERN_IO_START.
      
      As it happens the bits that are used overlap with the bits that
      differentiate an IO address vs a linear map address. If the resulting
      address lies outside the linear mapping we will crash (see below), if
      not we just corrupt memory.
      
        virtio-pci 0000:00:00.0: Using 64-bit direct DMA at offset 800000000000000
        Unable to handle kernel paging request for data at address 0xc000000080000014
        ...
        CFAR: c000000000626b98 DAR: c000000080000014 DSISR: 42000000 IRQMASK: 0
        GPR00: c0000000006c54fc c00000003e523378 c0000000016de600 0000000000000000
        GPR04: c00c000080000014 0000000000000007 0fffffff000affff 0000000000000030
               ^^^^
        ...
        NIP [c000000000626c5c] .iowrite8+0xec/0x100
        LR [c0000000006c992c] .vp_reset+0x2c/0x90
        Call Trace:
          .pci_bus_read_config_dword+0xc4/0x120 (unreliable)
          .register_virtio_device+0x13c/0x1c0
          .virtio_pci_probe+0x148/0x1f0
          .local_pci_probe+0x68/0x140
          .pci_device_probe+0x164/0x220
          .really_probe+0x274/0x3b0
          .driver_probe_device+0x80/0x170
          .__driver_attach+0x14c/0x150
          .bus_for_each_dev+0xb8/0x130
          .driver_attach+0x34/0x50
          .bus_add_driver+0x178/0x2f0
          .driver_register+0x90/0x1a0
          .__pci_register_driver+0x6c/0x90
          .virtio_pci_driver_init+0x2c/0x40
          .do_one_initcall+0x64/0x280
          .kernel_init_freeable+0x36c/0x474
          .kernel_init+0x24/0x160
          .ret_from_kernel_thread+0x58/0x7c
      
      This hasn't been a problem because CONFIG_PPC_IO_WORKAROUNDS which
      enables this code is usually not enabled. It is only enabled when it's
      selected by PPC_CELL_NATIVE which is only selected by
      PPC_IBM_CELL_BLADE and that in turn depends on BIG_ENDIAN. So in order
      to hit the bug you need to build a big endian kernel, with IBM Cell
      Blade support enabled, as well as Radix MMU support, and then boot
      that on Power9 using Radix MMU.
      
      Still we can fix the bug, so let's do that. We simply use fewer bits
      for the token, taking the union of the restrictions on the address
      from both Hash and Radix, we end up with 8 bits we can use for the
      token. The only user of the token is iowa_mem_find_bus() which only
      supports 8 token values, so 8 bits is plenty for that.
      
      Fixes: 566ca99a ("powerpc/mm/radix: Add dummy radix_enabled()")
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      43c6494f
    • Michael Ellerman's avatar
      powerpc/mm/64s: Fix preempt warning in slb_allocate_kernel() · c8b00bb7
      Michael Ellerman authored
      With preempt enabled we see warnings in do_slb_fault():
      
        BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u33:0/98
        futex hash table entries: 4096 (order: 3, 524288 bytes)
        caller is do_slb_fault+0x204/0x230
        CPU: 5 PID: 98 Comm: kworker/u33:0 Not tainted 4.19.0-rc3-gcc-7.3.1-00022-g1936f094 #138
        Call Trace:
          dump_stack+0xb4/0x104 (unreliable)
          check_preemption_disabled+0x148/0x150
          do_slb_fault+0x204/0x230
          data_access_slb_common+0x138/0x180
      
      This is caused by the get_paca() in slb_allocate_kernel(), which
      includes a call to debug_smp_processor_id().
      
      slb_allocate_kernel() can only be called from do_slb_fault(), and in
      that path interrupts are hard disabled and so we can't be preempted,
      but we can't update the preempt flags (in thread_info) because that
      could cause an SLB fault.
      
      So just use local_paca which is safe and doesn't cause the warning.
      
      Fixes: 48e7b769 ("powerpc/64s/hash: Convert SLB miss handlers to C")
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      c8b00bb7
  6. 11 Nov, 2018 7 commits
    • Linus Torvalds's avatar
      Linux 4.20-rc2 · ccda4af0
      Linus Torvalds authored
      ccda4af0
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 7a3765ed
      Linus Torvalds authored
      Pull networking fixes from David Miller:
       "One last pull request before heading to Vancouver for LPC, here we have:
      
         1) Don't forget to free VSI contexts during ice driver unload, from
            Victor Raj.
      
         2) Don't forget napi delete calls during device remove in ice driver,
            from Dave Ertman.
      
         3) Don't request VLAN tag insertion of ibmvnic device when SKB
            doesn't have VLAN tags at all.
      
         4) IPV4 frag handling code has to accomodate the situation where two
            threads try to insert the same fragment into the hash table at the
            same time. From Eric Dumazet.
      
         5) Relatedly, don't flow separate on protocol ports for fragmented
            frames, also from Eric Dumazet.
      
         6) Memory leaks in qed driver, from Denis Bolotin.
      
         7) Correct valid MTU range in smsc95xx driver, from Stefan Wahren.
      
         8) Validate cls_flower nested policies properly, from Jakub Kicinski.
      
         9) Clearing of stats counters in mc88e6xxx driver doesn't retain
            important bits in the G1_STATS_OP register causing the chip to
            hang. Fix from Andrew Lunn"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (41 commits)
        act_mirred: clear skb->tstamp on redirect
        net: dsa: mv88e6xxx: Fix clearing of stats counters
        tipc: fix link re-establish failure
        net: sched: cls_flower: validate nested enc_opts_policy to avoid warning
        net: mvneta: correct typo
        flow_dissector: do not dissect l4 ports for fragments
        net: qualcomm: rmnet: Fix incorrect assignment of real_dev
        net: aquantia: allow rx checksum offload configuration
        net: aquantia: invalid checksumm offload implementation
        net: aquantia: fixed enable unicast on 32 macvlan
        net: aquantia: fix potential IOMMU fault after driver unbind
        net: aquantia: synchronized flow control between mac/phy
        net: smsc95xx: Fix MTU range
        net: stmmac: Fix RX packet size > 8191
        qed: Fix potential memory corruption
        qed: Fix SPQ entries not returned to pool in error flows
        qed: Fix blocking/unlimited SPQ entries leak
        qed: Fix memory/entry leak in qed_init_sp_request()
        inet: frags: better deal with smp races
        net: hns3: bugfix for not checking return value
        ...
      7a3765ed
    • Linus Torvalds's avatar
      Merge tag 'kbuild-fixes-v4.20' of... · e12e00e3
      Linus Torvalds authored
      Merge tag 'kbuild-fixes-v4.20' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
      
      Pull Kbuild fixes from Masahiro Yamada:
      
       - fix build errors in binrpm-pkg and bindeb-pkg targets
      
       - fix false positive matches in merge_config.sh
      
       - fix build version mismatch in deb-pkg target
      
       - fix dtbs_install handling in (bin)deb-pkg target
      
       - revert a commit that allows setlocalversion to write to source tree
      
      * tag 'kbuild-fixes-v4.20' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
        builddeb: Fix inclusion of dtbs in debian package
        Revert "scripts/setlocalversion: git: Make -dirty check more robust"
        kbuild: deb-pkg: fix too low build version number
        kconfig: merge_config: avoid false positive matches from comment lines
        kbuild: deb-pkg: fix bindeb-pkg breakage when O= is used
        kbuild: rpm-pkg: fix binrpm-pkg breakage when O= is used
      e12e00e3
    • Linus Torvalds's avatar
      Merge tag 'for-4.20-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · 63a42e1a
      Linus Torvalds authored
      Pull btrfs fixes from David Sterba:
       "Several fixes to recent release (4.19, fixes tagged for stable) and
        other fixes"
      
      * tag 'for-4.20-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        Btrfs: fix missing delayed iputs on unmount
        Btrfs: fix data corruption due to cloning of eof block
        Btrfs: fix infinite loop on inode eviction after deduplication of eof block
        Btrfs: fix deadlock on tree root leaf when finding free extent
        btrfs: avoid link error with CONFIG_NO_AUTO_INLINE
        btrfs: tree-checker: Fix misleading group system information
        Btrfs: fix missing data checksums after a ranged fsync (msync)
        btrfs: fix pinned underflow after transaction aborted
        Btrfs: fix cur_offset in the error case for nocow
      63a42e1a
    • Linus Torvalds's avatar
      Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 · c140f8b0
      Linus Torvalds authored
      Pull ext4 fixes from Ted Ts'o:
       "A large number of ext4 bug fixes, mostly buffer and memory leaks on
        error return cleanup paths"
      
      * tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
        ext4: missing !bh check in ext4_xattr_inode_write()
        ext4: fix buffer leak in __ext4_read_dirblock() on error path
        ext4: fix buffer leak in ext4_expand_extra_isize_ea() on error path
        ext4: fix buffer leak in ext4_xattr_move_to_block() on error path
        ext4: release bs.bh before re-using in ext4_xattr_block_find()
        ext4: fix buffer leak in ext4_xattr_get_block() on error path
        ext4: fix possible leak of s_journal_flag_rwsem in error path
        ext4: fix possible leak of sbi->s_group_desc_leak in error path
        ext4: remove unneeded brelse call in ext4_xattr_inode_update_ref()
        ext4: avoid possible double brelse() in add_new_gdb() on error path
        ext4: avoid buffer leak in ext4_orphan_add() after prior errors
        ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty()
        ext4: fix possible inode leak in the retry loop of ext4_resize_fs()
        ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing
        ext4: add missing brelse() update_backups()'s error path
        ext4: add missing brelse() add_new_gdb_meta_bg()'s error path
        ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path
        ext4: avoid potential extra brelse in setup_new_flex_group_blocks()
      c140f8b0
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · b6df7b6d
      Linus Torvalds authored
      Pull x86 fixes from Thomas Gleixner:
       "A set of x86 fixes:
      
         - Cure the LDT remapping to user space on 5 level paging which ended
           up in the KASLR space
      
         - Remove LDT mapping before freeing the LDT pages
      
         - Make NFIT MCE handling more robust
      
         - Unbreak the VSMP build by removing the dependency on paravirt ops
      
         - Support broken PIT emulation on Microsoft hyperV
      
         - Don't trace vmware_sched_clock() to avoid tracer recursion
      
         - Remove -pipe from KBUILD CFLAGS which breaks clang and is also
           slower on GCC
      
         - Trivial coding style and typo fixes"
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/cpu/vmware: Do not trace vmware_sched_clock()
        x86/vsmp: Remove dependency on pv_irq_ops
        x86/ldt: Remove unused variable in map_ldt_struct()
        x86/ldt: Unmap PTEs for the slot before freeing LDT pages
        x86/mm: Move LDT remap out of KASLR region on 5-level paging
        acpi/nfit, x86/mce: Validate a MCE's address before using it
        acpi/nfit, x86/mce: Handle only uncorrectable machine checks
        x86/build: Remove -pipe from KBUILD_CFLAGS
        x86/hyper-v: Fix indentation in hv_do_fast_hypercall16()
        Documentation/x86: Fix typo in zero-page.txt
        x86/hyper-v: Enable PIT shutdown quirk
        clockevents/drivers/i8253: Add support for PIT shutdown quirk
      b6df7b6d
    • Linus Torvalds's avatar
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 655c6b97
      Linus Torvalds authored
      Pull perf fixes from Thomas Gleixner:
       "A bunch of perf tooling fixes:
      
         - Make the Intel PT SQL viewer more robust
      
         - Make the Intel PT debug log more useful
      
         - Support weak groups in perf record so it's behaving the same way as
           perf stat
      
         - Display the LBR stats in callchain entries properly in perf top
      
         - Handle different PMu names with common prefix properlin in pert
           stat
      
         - Start syscall augmenting in perf trace. Preparation for
           architecture independent eBPF instrumentation of syscalls.
      
         - Fix build breakage in JVMTI perf lib
      
         - Fix arm64 tools build failure wrt smp_load_{acquire,release}"
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf tools: Do not zero sample_id_all for group members
        perf tools: Fix undefined symbol scnprintf in libperf-jvmti.so
        perf beauty: Use SRCARCH, ARCH=x86_64 must map to "x86" to find the headers
        perf intel-pt: Add MTC and CYC timestamps to debug log
        perf intel-pt: Add more event information to debug log
        perf scripts python: exported-sql-viewer.py: Fix table find when table re-ordered
        perf scripts python: exported-sql-viewer.py: Add help window
        perf scripts python: exported-sql-viewer.py: Add Selected branches report
        perf scripts python: exported-sql-viewer.py: Fall back to /usr/local/lib/libxed.so
        perf top: Display the LBR stats in callchain entry
        perf stat: Handle different PMU names with common prefix
        perf record: Support weak groups
        perf evlist: Move perf_evsel__reset_weak_group into evlist
        perf augmented_syscalls: Start collecting pathnames in the BPF program
        perf trace: Fix setting of augmented payload when using eBPF + raw_syscalls
        perf trace: When augmenting raw_syscalls plug raw_syscalls:sys_exit too
        perf examples bpf: Start augmenting raw_syscalls:sys_{start,exit}
        tools headers barrier: Fix arm64 tools build failure wrt smp_load_{acquire,release}
      655c6b97