1. 10 Jul, 2020 22 commits
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma · aa0c9086
      Linus Torvalds authored
      Pull rdma fixes from Jason Gunthorpe:
       "Small update, a few more merge window bugs and normal driver bug
        fixes:
      
         - Two merge window regressions in mlx5: a error path bug found by
           syzkaller and some lost code during a rework preventing ipoib from
           working in some configurations
      
         - Silence clang compilation warning in OPA related code
      
         - Fix a long standing race condition in ib_nl for ACM
      
         - Resolve when the HFI1 is shutdown"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
        RDMA/mlx5: Set PD pointers for the error flow unwind
        IB/mlx5: Fix 50G per lane indication
        RDMA/siw: Fix reporting vendor_part_id
        IB/sa: Resolv use-after-free in ib_nl_make_request()
        IB/hfi1: Do not destroy link_wq when the device is shut down
        IB/hfi1: Do not destroy hfi1_wq when the device is shut down
        RDMA/mlx5: Fix legacy IPoIB QP initialization
        IB/hfi1: Add explicit cast OPA_MTU_8192 to 'enum ib_mtu'
      aa0c9086
    • Linus Torvalds's avatar
      Merge tag 'linux-kselftest-fixes-5.8-rc5' of... · 0f318cba
      Linus Torvalds authored
      Merge tag 'linux-kselftest-fixes-5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
      
      Pull kselftest fixes from Shuah Khan:
       "TPM2 test changes to run on python3 and kselftest framework fix to
        incorrect return type"
      
      * tag 'linux-kselftest-fixes-5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
        kselftest: ksft_test_num return type should be unsigned
        selftests: tpm: upgrade TPM2 tests from Python 2 to Python 3
      0f318cba
    • Linus Torvalds's avatar
      Merge tag 'io_uring-5.8-2020-07-10' of git://git.kernel.dk/linux-block · a581387e
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
      
       - Fix memleak for error path in registered files (Yang)
      
       - Export CQ overflow state in flags, necessary to fix a case where
         liburing doesn't know if it needs to enter the kernel (Xiaoguang)
      
       - Fix for a regression in when user memory is accounted freed, causing
         issues with back-to-back ring exit + init if the ulimit -l setting is
         very tight.
      
      * tag 'io_uring-5.8-2020-07-10' of git://git.kernel.dk/linux-block:
        io_uring: account user memory freed when exit has been queued
        io_uring: fix memleak in io_sqe_files_register()
        io_uring: fix memleak in __io_sqe_files_update()
        io_uring: export cq overflow status to userspace
      a581387e
    • Linus Torvalds's avatar
      Merge tag 'block-5.8-2020-07-10' of git://git.kernel.dk/linux-block · d33db702
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - Fix for inflight accounting, which affects only dm (Ming)
      
       - Fix documentation error for bfq (Yufen)
      
       - Fix memory leak for nbd (Zheng)
      
      * tag 'block-5.8-2020-07-10' of git://git.kernel.dk/linux-block:
        nbd: Fix memory leak in nbd_add_socket
        blk-mq: consider non-idle request as "inflight" in blk_mq_rq_inflight()
        docs: block: update and fix tiny error for bfq
      d33db702
    • Linus Torvalds's avatar
      Merge tag 'cleanup-kernel_read_write' of git://git.infradead.org/users/hch/misc · b1b11d00
      Linus Torvalds authored
      Pull in-kernel read and write op cleanups from Christoph Hellwig:
       "Cleanup in-kernel read and write operations
      
        Reshuffle the (__)kernel_read and (__)kernel_write helpers, and ensure
        all users of in-kernel file I/O use them if they don't use iov_iter
        based methods already.
      
        The new WARN_ONs in combination with syzcaller already found a missing
        input validation in 9p. The fix should be on your way through the
        maintainer ASAP".
      
      [ This is prep-work for the real changes coming 5.9 ]
      
      * tag 'cleanup-kernel_read_write' of git://git.infradead.org/users/hch/misc:
        fs: remove __vfs_read
        fs: implement kernel_read using __kernel_read
        integrity/ima: switch to using __kernel_read
        fs: add a __kernel_read helper
        fs: remove __vfs_write
        fs: implement kernel_write using __kernel_write
        fs: check FMODE_WRITE in __kernel_write
        fs: unexport __kernel_write
        bpfilter: switch to kernel_write
        autofs: switch to kernel_write
        cachefiles: switch to kernel_write
      b1b11d00
    • Linus Torvalds's avatar
      Merge tag 'dma-mapping-5.8-5' of git://git.infradead.org/users/hch/dma-mapping · 1bfde037
      Linus Torvalds authored
      Pull dma-mapping fixes from Christoph Hellwig:
      
       - add a warning when the atomic pool is depleted (David Rientjes)
      
       - protect the parameters of the new scatterlist helper macros (Marek
         Szyprowski )
      
      * tag 'dma-mapping-5.8-5' of git://git.infradead.org/users/hch/dma-mapping:
        scatterlist: protect parameters of the sg_table related macros
        dma-mapping: warn when coherent pool is depleted
      1bfde037
    • Linus Torvalds's avatar
      Merge tag 'pinctrl-v5.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl · 25aadbd2
      Linus Torvalds authored
      Pull pin control fixes from Linus Walleij:
      
       - Fix an issue in the AMD driver for the UART0 group
      
       - Fix a glitch issue in the Baytrail pin controller
      
      * tag 'pinctrl-v5.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
        pinctrl: baytrail: Fix pin being driven low for a while on gpiod_get(..., GPIOD_OUT_HIGH)
        pinctrl: amd: fix npins for uart0 in kerncz_groups
      25aadbd2
    • Linus Torvalds's avatar
      Merge tag 'gpio-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio · 3f883432
      Linus Torvalds authored
      Pull GPIO fixes from Linus Walleij:
       "Some GPIO fixes, most of them for the PCA953x that Andy worked hard to
        fix up.
      
         - Fix two runtime PM errorpath problems in the Arizona GPIO driver.
      
         - Fix three interrupt issues in the PCA953x driver.
      
         - Fix the automatic address increment handling in the PCA953x driver
           again.
      
         - Add a quirk to the PCA953x that fixes a problem in the Intel
           Galileo Gen 2"
      
      * tag 'gpio-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
        gpio: pca953x: Fix GPIO resource leak on Intel Galileo Gen 2
        gpio: pca953x: disable regmap locking for automatic address incrementing
        gpio: pca953x: Fix direction setting when configure an IRQ
        gpio: pca953x: Override IRQ for one of the expanders on Galileo Gen 2
        gpio: pca953x: Synchronize interrupt handler properly
        gpio: arizona: put pm_runtime in case of failure
        gpio: arizona: handle pm_runtime_get_sync failure case
      3f883432
    • Linus Torvalds's avatar
      Merge tag 'gfs2-v5.8-rc4.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 · d02b0478
      Linus Torvalds authored
      Pull gfs2 fixes from Andreas Gruenbacher:
       "Fix gfs2 readahead deadlocks by adding a IOCB_NOIO flag that allows
        gfs2 to use the generic fiel read iterator functions without having to
        worry about being called back while holding locks".
      
      * tag 'gfs2-v5.8-rc4.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2:
        gfs2: Rework read and page fault locking
        fs: Add IOCB_NOIO flag for generic_file_read_iter
      d02b0478
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · f4c8824c
      Linus Torvalds authored
      Pull arm64 fixes from Will Deacon:
       "An unfortunately large collection of arm64 fixes for -rc5.
      
        Some of this is absolutely trivial, but the alternatives, vDSO and CPU
        errata workaround fixes are significant. At least people are finding
        and fixing these things, I suppose.
      
         - Fix workaround for CPU erratum #1418040 to disable the compat vDSO
      
         - Fix Oops when single-stepping with KGDB
      
         - Fix memory attributes for hypervisor device mappings at EL2
      
         - Fix memory leak in PSCI and remove useless variable assignment
      
         - Fix up some comments and asm labels in our entry code
      
         - Fix broken register table formatting in our generated html docs
      
         - Fix missing NULL sentinel in CPU errata workaround list
      
         - Fix patching of branches in alternative instruction sections"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64/alternatives: don't patch up internal branches
        arm64: Add missing sentinel to erratum_1463225
        arm64: Documentation: Fix broken table in generated HTML
        arm64: kgdb: Fix single-step exception handling oops
        arm64: entry: Tidy up block comments and label numbers
        arm64: Rework ARM_ERRATUM_1414080 handling
        arm64: arch_timer: Disable the compat vdso for cores affected by ARM64_WORKAROUND_1418040
        arm64: arch_timer: Allow an workaround descriptor to disable compat vdso
        arm64: Introduce a way to disable the 32bit vdso
        arm64: entry: Fix the typo in the comment of el1_dbg()
        drivers/firmware/psci: Assign @err directly in hotplug_tests()
        drivers/firmware/psci: Fix memory leakage in alloc_init_cpu_groups()
        KVM: arm64: Fix definition of PAGE_HYP_DEVICE
      f4c8824c
    • Linus Torvalds's avatar
      Merge tag 's390-5.8-5' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · e8749d06
      Linus Torvalds authored
      Pull s390 fixes from Heiko Carstens:
       "This is mainly due to the fact that Gerald Schaefer's and also my old
        email addresses currently do not work any longer. Therefore we decided
        to switch to new email addresses and reflect that in the MAINTAINERS
        file.
      
         - Update email addresses in MAINTAINERS file and add .mailmap entries
           for Gerald Schaefer and Heiko Carstens.
      
         - Fix huge pte soft dirty copying"
      
      * tag 's390-5.8-5' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        MAINTAINERS: update email address for Gerald Schaefer
        MAINTAINERS: update email address for Heiko Carstens
        s390/mm: fix huge pte soft dirty copying
      e8749d06
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · cb24c61b
      Linus Torvalds authored
      Pull vkm fixes from Paolo Bonzini:
       "Two simple but important bugfixes"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: MIPS: Fix build errors for 32bit kernel
        KVM: nVMX: fixes for preemption timer migration
      cb24c61b
    • Linus Torvalds's avatar
      Merge tag 'mmc-v5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc · d45f47a4
      Linus Torvalds authored
      Pull MMC fixes from Ulf Hansson:
      
       - Override DLL_CONFIG only with valid values in sdhci-msm
      
       - Get rid of of_match_ptr() macro to fix warning in owl-mmc
      
       - Limit segments to 1 to fix meson-gx G12A/G12B SoCs
      
      * tag 'mmc-v5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
        mmc: sdhci-msm: Override DLL_CONFIG only if the valid value is supplied
        mmc: owl-mmc: Get rid of of_match_ptr() macro
        mmc: meson-gx: limit segments to 1 when dram-access-quirk is needed
      d45f47a4
    • Jens Axboe's avatar
      io_uring: account user memory freed when exit has been queued · 309fc03a
      Jens Axboe authored
      We currently account the memory after the exit work has been run, but
      that leaves a gap where a process has closed its ring and until the
      memory has been accounted as freed. If the memlocked ulimit is
      borderline, then that can introduce spurious setup errors returning
      -ENOMEM because the free work hasn't been run yet.
      
      Account this as freed when we close the ring, as not to expose a tiny
      gap where setting up a new ring can fail.
      
      Fixes: 85faa7b8 ("io_uring: punt final io_ring_ctx wait-and-free to workqueue")
      Cc: stable@vger.kernel.org # v5.7
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      309fc03a
    • Yang Yingliang's avatar
      io_uring: fix memleak in io_sqe_files_register() · 667e57da
      Yang Yingliang authored
      I got a memleak report when doing some fuzz test:
      
      BUG: memory leak
      unreferenced object 0x607eeac06e78 (size 8):
        comm "test", pid 295, jiffies 4294735835 (age 31.745s)
        hex dump (first 8 bytes):
          00 00 00 00 00 00 00 00                          ........
        backtrace:
          [<00000000932632e6>] percpu_ref_init+0x2a/0x1b0
          [<0000000092ddb796>] __io_uring_register+0x111d/0x22a0
          [<00000000eadd6c77>] __x64_sys_io_uring_register+0x17b/0x480
          [<00000000591b89a6>] do_syscall_64+0x56/0xa0
          [<00000000864a281d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      Call percpu_ref_exit() on error path to avoid
      refcount memleak.
      
      Fixes: 05f3fb3c ("io_uring: avoid ring quiesce for fixed file set unregister and update")
      Cc: stable@vger.kernel.org
      Reported-by: default avatarHulk Robot <hulkci@huawei.com>
      Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      667e57da
    • Gerald Schaefer's avatar
    • Heiko Carstens's avatar
      2c08f65f
    • Huacai Chen's avatar
      KVM: MIPS: Fix build errors for 32bit kernel · 3d9fdc25
      Huacai Chen authored
      Commit dc6d95b1 ("KVM: MIPS: Add more MMIO load/store
      instructions emulation") introduced some 64bit load/store instructions
      emulation which are unavailable on 32bit platform, and it causes build
      errors:
      
      arch/mips/kvm/emulate.c: In function 'kvm_mips_emulate_store':
      arch/mips/kvm/emulate.c:1734:6: error: right shift count >= width of type [-Werror]
            ((vcpu->arch.gprs[rt] >> 56) & 0xff);
            ^
      arch/mips/kvm/emulate.c:1738:6: error: right shift count >= width of type [-Werror]
            ((vcpu->arch.gprs[rt] >> 48) & 0xffff);
            ^
      arch/mips/kvm/emulate.c:1742:6: error: right shift count >= width of type [-Werror]
            ((vcpu->arch.gprs[rt] >> 40) & 0xffffff);
            ^
      arch/mips/kvm/emulate.c:1746:6: error: right shift count >= width of type [-Werror]
            ((vcpu->arch.gprs[rt] >> 32) & 0xffffffff);
            ^
      arch/mips/kvm/emulate.c:1796:6: error: left shift count >= width of type [-Werror]
            (vcpu->arch.gprs[rt] << 32);
            ^
      arch/mips/kvm/emulate.c:1800:6: error: left shift count >= width of type [-Werror]
            (vcpu->arch.gprs[rt] << 40);
            ^
      arch/mips/kvm/emulate.c:1804:6: error: left shift count >= width of type [-Werror]
            (vcpu->arch.gprs[rt] << 48);
            ^
      arch/mips/kvm/emulate.c:1808:6: error: left shift count >= width of type [-Werror]
            (vcpu->arch.gprs[rt] << 56);
            ^
      cc1: all warnings being treated as errors
      make[3]: *** [arch/mips/kvm/emulate.o] Error 1
      
      So, use #if defined(CONFIG_64BIT) && defined(CONFIG_KVM_MIPS_VZ) to
      guard the 64bit load/store instructions emulation.
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Fixes: dc6d95b1 ("KVM: MIPS: Add more MMIO load/store instructions emulation")
      Signed-off-by: default avatarHuacai Chen <chenhc@lemote.com>
      Message-Id: <1594365797-536-1-git-send-email-chenhc@lemote.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      3d9fdc25
    • Paolo Bonzini's avatar
      KVM: nVMX: fixes for preemption timer migration · 83d31e52
      Paolo Bonzini authored
      Commit 850448f3 ("KVM: nVMX: Fix VMX preemption timer migration",
      2020-06-01) accidentally broke nVMX live migration from older version
      by changing the userspace ABI.  Restore it and, while at it, ensure
      that vmx->nested.has_preemption_timer_deadline is always initialized
      according to the KVM_STATE_VMX_PREEMPTION_TIMER_DEADLINE flag.
      
      Cc: Makarand Sonare <makarandsonare@google.com>
      Fixes: 850448f3 ("KVM: nVMX: Fix VMX preemption timer migration")
      Reviewed-by: default avatarJim Mattson <jmattson@google.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      83d31e52
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2020-07-10' of git://anongit.freedesktop.org/drm/drm · 42f82040
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "I've been off most of the week, but some fixes have piled up. Seems a
        bit busier than last week, but they are pretty spread out across a
        bunch of drivers, none of them seem that big or worried me too much.
      
        amdgpu:
         - Fix a suspend/resume issue with PSP
         - Backlight fix for Renoir
         - Fix for gpu recovery debugging
      
        radeon:
         - Fix a double free in error path
      
        i915:
         - fbc fencing fix
         - debugfs panic fix
         - gem vma constuction fix
         - gem pin under vm->nutex fix
      
        nouveau:
         - SVM fixes
         - display fixes
      
        meson:
         - OSD burst length fixes
      
        hibmc:
         - runtime warning fix
      
        mediatek:
         - cmdq, mmsys fixes
         - visibility check fixes"
      
      * tag 'drm-fixes-2020-07-10' of git://anongit.freedesktop.org/drm/drm: (24 commits)
        drm/amdgpu: don't do soft recovery if gpu_recovery=0
        drm/radeon: fix double free
        drm/amd/display: add dmcub check on RENOIR
        drm/amdgpu: add TMR destory function for psp
        drm/amdgpu: asd function needs to be unloaded in suspend phase
        drm/hisilicon/hibmc: Move drm_fbdev_generic_setup() down to avoid the splat
        drm/nouveau/nouveau: fix page fault on device private memory
        drm/nouveau/svm: fix migrate page regression
        drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout
        drm/nouveau/kms/nv50-: bail from nv50_audio_disable() early if audio not enabled
        drm/i915/gt: Pin the rings before marking active
        drm/i915: Also drop vm.ref along error paths for vma construction
        drm/i915: Drop vm.ref for duplicate vma on construction
        drm/i915/fbc: Fix fence_y_offset handling
        drm/i915: Skip stale object handle for debugfs per-file-stats
        drm/mediatek: mtk_hdmi: Remove debug messages for function calls
        drm/mediatek: mtk_mt8173_hdmi_phy: Remove unnused const variables
        drm/mediatek: Delete not used of_device_get_match_data
        drm/mediatek: Remove unnecessary conversion to bool
        drm/meson: viu: fix setting the OSD burst length in VIU_OSD1_FIFO_CTRL_STAT
        ...
      42f82040
    • Cesar Eduardo Barros's avatar
      Restore gcc check in mips asm/unroll.h · d4e60453
      Cesar Eduardo Barros authored
      While raising the gcc version requirement to 4.9, the compile-time check
      in the unroll macro was accidentally changed from being used on gcc and
      clang to being used on clang only.
      
      Restore the gcc check, changing it from "gcc >= 4.7" to "all gcc".
      
      [ We should probably remove this all entirely: if we remove the check
        for CLANG, then the check for GCC can go away. Older versions of clang
        are not really appropriate or supported for kernel builds - Linus ]
      
      Fixes: 6ec4476a ("Raise gcc version requirement to 4.9")
      Signed-off-by: default avatarCesar Eduardo Barros <cesarb@cesarb.eti.br>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      d4e60453
    • Rikard Falkeborn's avatar
      kbuild: Move -Wtype-limits to W=2 · 355a3587
      Rikard Falkeborn authored
      -Wtype-limits is included in -Wextra which is added at W=1. It warns
      (among other things) that 'comparison of an unsigned variable `< 0` is
      always false. This causes noisy warnings, especially when used in
      macros, hence it is more suitable for W=2.
      
      Link: https://lore.kernel.org/lkml/CAHk-=wiKCXEWKJ9dWUimGbrVRo_N2RosESUw8E7m9AEtyZcu=w@mail.gmail.com/Signed-off-by: default avatarRikard Falkeborn <rikard.falkeborn@gmail.com>
      Suggested-by: default avatarArnd Bergmann <arnd@arndb.de>
      Acked-by: default avatarAndy Shevchenko <andy.shevchenko@gmail.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      355a3587
  2. 09 Jul, 2020 17 commits
  3. 08 Jul, 2020 1 commit
    • Leon Romanovsky's avatar
      RDMA/mlx5: Set PD pointers for the error flow unwind · 0a037150
      Leon Romanovsky authored
      ib_pd is accessed internally during destroy of the TIR/TIS, but PD
      can be not set yet. This leading to the following kernel panic.
      
        BUG: kernel NULL pointer dereference, address: 0000000000000074
        PGD 8000000079eaa067 P4D 8000000079eaa067 PUD 7ae81067 PMD 0 Oops: 0000 [#1] SMP PTI
        CPU: 1 PID: 709 Comm: syz-executor.0 Not tainted 5.8.0-rc3 #41 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014
        RIP: 0010:destroy_raw_packet_qp_tis drivers/infiniband/hw/mlx5/qp.c:1189 [inline]
        RIP: 0010:destroy_raw_packet_qp drivers/infiniband/hw/mlx5/qp.c:1527 [inline]
        RIP: 0010:destroy_qp_common+0x2ca/0x4f0 drivers/infiniband/hw/mlx5/qp.c:2397
        Code: 00 85 c0 74 2e e8 56 18 55 ff 48 8d b3 28 01 00 00 48 89 ef e8 d7 d3 ff ff 48 8b 43 08 8b b3 c0 01 00 00 48 8b bd a8 0a 00 00 <0f> b7 50 74 e8 0d 6a fe ff e8 28 18 55 ff 49 8d 55 50 4c 89 f1 48
        RSP: 0018:ffffc900007bbac8 EFLAGS: 00010293
        RAX: 0000000000000000 RBX: ffff88807949e800 RCX: 0000000000000998
        RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88807c180140
        RBP: ffff88807b50c000 R08: 000000000002d379 R09: ffffc900007bba00
        R10: 0000000000000001 R11: 000000000002d358 R12: ffff888076f37000
        R13: ffff88807949e9c8 R14: ffffc900007bbe08 R15: ffff888076f37000
        FS:  00000000019bf940(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000
        CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
        CR2: 0000000000000074 CR3: 0000000076d68004 CR4: 0000000000360ee0
        DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
        DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
        Call Trace:
         mlx5_ib_create_qp+0xf36/0xf90 drivers/infiniband/hw/mlx5/qp.c:3014
         _ib_create_qp drivers/infiniband/core/core_priv.h:333 [inline]
         create_qp+0x57f/0xd20 drivers/infiniband/core/uverbs_cmd.c:1443
         ib_uverbs_create_qp+0xcf/0x100 drivers/infiniband/core/uverbs_cmd.c:1564
         ib_uverbs_write+0x5fa/0x780 drivers/infiniband/core/uverbs_main.c:664
         __vfs_write+0x3f/0x90 fs/read_write.c:495
         vfs_write+0xc7/0x1f0 fs/read_write.c:559
         ksys_write+0x5e/0x110 fs/read_write.c:612
         do_syscall_64+0x3e/0x70 arch/x86/entry/common.c:359
         entry_SYSCALL_64_after_hwframe+0x44/0xa9
        RIP: 0033:0x466479
        Code: Bad RIP value.
        RSP: 002b:00007ffd057b62b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
        RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000466479
        RDX: 0000000000000070 RSI: 0000000020000240 RDI: 0000000000000003
        RBP: 00000000019bf8fc R08: 0000000000000000 R09: 0000000000000000
        R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
        R13: 0000000000000bf6 R14: 00000000004cb859 R15: 00000000006fefc0
      
      Fixes: 6c41965d ("RDMA/mlx5: Don't access ib_qp fields in internal destroy QP path")
      Link: https://lore.kernel.org/r/20200707110612.882962-4-leon@kernel.orgSigned-off-by: default avatarLeon Romanovsky <leonro@mellanox.com>
      Signed-off-by: default avatarJason Gunthorpe <jgg@nvidia.com>
      0a037150