1. 18 Oct, 2019 7 commits
    • Linus Torvalds's avatar
      Merge tag 'acpi-5.4-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · adca4ce3
      Linus Torvalds authored
      Pull ACPI fixes from Rafael Wysocki:
       "Fix possible use-after-free in the ACPI CPPC support code (John Garry)
        and prevent the ACPI HMAT parsing code from using possibly incorrect
        data coming from the platform firmware (Daniel Black)"
      
      * tag 'acpi-5.4-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit()
        ACPI: HMAT: ACPI_HMAT_MEMORY_PD_VALID is deprecated since ACPI-6.3
      adca4ce3
    • Linus Torvalds's avatar
      Merge tag 'pm-5.4-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · e59b76ff
      Linus Torvalds authored
      Pull power management fixes from Rafael Wysocki:
       "These include a fix for a recent regression in the ACPI CPU
      performance scaling code, a PCI device power management fix,
      a system shutdown fix related to cpufreq, a removal of an ACPI
      suspend-to-idle blacklist entry and a build warning fix.
      
      Specifics:
      
         - Fix possible NULL pointer dereference in the ACPI processor scaling
           initialization code introduced by a recent cpufreq update (Rafael
           Wysocki).
      
         - Fix possible deadlock due to suspending cpufreq too late during
           system shutdown (Rafael Wysocki).
      
         - Make the PCI device system resume code path be more consistent with
           its PM-runtime counterpart to fix an issue with missing delay on
           transitions from D3cold to D0 during system resume from
           suspend-to-idle on some systems (Rafael Wysocki).
      
         - Drop Dell XPS13 9360 from the LPS0 Idle _DSM blacklist to make it
           use suspend-to-idle by default (Mario Limonciello).
      
         - Fix build warning in the core system suspend support code (Ben
           Dooks)"
      
      * tag 'pm-5.4-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        ACPI: processor: Avoid NULL pointer dereferences at init time
        PCI: PM: Fix pci_power_up()
        PM: sleep: include <linux/pm_runtime.h> for pm_wq
        cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
        ACPI: PM: Drop Dell XPS13 9360 from LPS0 Idle _DSM blacklist
      e59b76ff
    • Linus Torvalds's avatar
      Merge tag 'mkp-scsi-postmerge' of git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi · c3419fd6
      Linus Torvalds authored
      Pull scsi fixes from Martin Petersen:
       "These two commits were in a separate postmerge branch due to a
        dependency on changes merged for 5.4 in the block tree.
      
        They fix two issues in the intersection of the request cleanup changes
        from block (b7e9e1fb) and the request batching changes
        (8930a6c2) that were made to SCSI during the 5.4 cycle"
      
      * tag 'mkp-scsi-postmerge' of git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi:
        scsi: core: fix dh and multipathing for SCSI hosts without request batching
        scsi: core: fix missing .cleanup_rq for SCSI hosts without request batching
      c3419fd6
    • Rafael J. Wysocki's avatar
      Merge branch 'acpi-tables' · ffba17bb
      Rafael J. Wysocki authored
      * acpi-tables:
        ACPI: HMAT: ACPI_HMAT_MEMORY_PD_VALID is deprecated since ACPI-6.3
      ffba17bb
    • John Garry's avatar
      ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() · 56a0b978
      John Garry authored
      When enabling KASAN and DEBUG_TEST_DRIVER_REMOVE, I find this KASAN
      warning:
      
      [   20.872057] BUG: KASAN: use-after-free in pcc_data_alloc+0x40/0xb8
      [   20.878226] Read of size 4 at addr ffff00236cdeb684 by task swapper/0/1
      [   20.884826]
      [   20.886309] CPU: 19 PID: 1 Comm: swapper/0 Not tainted 5.4.0-rc1-00009-ge7f7df3db5bf-dirty #289
      [   20.894994] Hardware name: Huawei D06 /D06, BIOS Hisilicon D06 UEFI RC0 - V1.16.01 03/15/2019
      [   20.903505] Call trace:
      [   20.905942]  dump_backtrace+0x0/0x200
      [   20.909593]  show_stack+0x14/0x20
      [   20.912899]  dump_stack+0xd4/0x130
      [   20.916291]  print_address_description.isra.9+0x6c/0x3b8
      [   20.921592]  __kasan_report+0x12c/0x23c
      [   20.925417]  kasan_report+0xc/0x18
      [   20.928808]  __asan_load4+0x94/0xb8
      [   20.932286]  pcc_data_alloc+0x40/0xb8
      [   20.935938]  acpi_cppc_processor_probe+0x4e8/0xb08
      [   20.940717]  __acpi_processor_start+0x48/0xb0
      [   20.945062]  acpi_processor_start+0x40/0x60
      [   20.949235]  really_probe+0x118/0x548
      [   20.952887]  driver_probe_device+0x7c/0x148
      [   20.957059]  device_driver_attach+0x94/0xa0
      [   20.961231]  __driver_attach+0xa4/0x110
      [   20.965055]  bus_for_each_dev+0xe8/0x158
      [   20.968966]  driver_attach+0x30/0x40
      [   20.972531]  bus_add_driver+0x234/0x2f0
      [   20.976356]  driver_register+0xbc/0x1d0
      [   20.980182]  acpi_processor_driver_init+0x40/0xe4
      [   20.984875]  do_one_initcall+0xb4/0x254
      [   20.988700]  kernel_init_freeable+0x24c/0x2f8
      [   20.993047]  kernel_init+0x10/0x118
      [   20.996524]  ret_from_fork+0x10/0x18
      [   21.000087]
      [   21.001567] Allocated by task 1:
      [   21.004785]  save_stack+0x28/0xc8
      [   21.008089]  __kasan_kmalloc.isra.9+0xbc/0xd8
      [   21.012435]  kasan_kmalloc+0xc/0x18
      [   21.015913]  pcc_data_alloc+0x94/0xb8
      [   21.019564]  acpi_cppc_processor_probe+0x4e8/0xb08
      [   21.024343]  __acpi_processor_start+0x48/0xb0
      [   21.028689]  acpi_processor_start+0x40/0x60
      [   21.032860]  really_probe+0x118/0x548
      [   21.036512]  driver_probe_device+0x7c/0x148
      [   21.040684]  device_driver_attach+0x94/0xa0
      [   21.044855]  __driver_attach+0xa4/0x110
      [   21.048680]  bus_for_each_dev+0xe8/0x158
      [   21.052591]  driver_attach+0x30/0x40
      [   21.056155]  bus_add_driver+0x234/0x2f0
      [   21.059980]  driver_register+0xbc/0x1d0
      [   21.063805]  acpi_processor_driver_init+0x40/0xe4
      [   21.068497]  do_one_initcall+0xb4/0x254
      [   21.072322]  kernel_init_freeable+0x24c/0x2f8
      [   21.076667]  kernel_init+0x10/0x118
      [   21.080144]  ret_from_fork+0x10/0x18
      [   21.083707]
      [   21.085186] Freed by task 1:
      [   21.088056]  save_stack+0x28/0xc8
      [   21.091360]  __kasan_slab_free+0x118/0x180
      [   21.095445]  kasan_slab_free+0x10/0x18
      [   21.099183]  kfree+0x80/0x268
      [   21.102139]  acpi_cppc_processor_exit+0x1a8/0x1b8
      [   21.106832]  acpi_processor_stop+0x70/0x80
      [   21.110917]  really_probe+0x174/0x548
      [   21.114568]  driver_probe_device+0x7c/0x148
      [   21.118740]  device_driver_attach+0x94/0xa0
      [   21.122912]  __driver_attach+0xa4/0x110
      [   21.126736]  bus_for_each_dev+0xe8/0x158
      [   21.130648]  driver_attach+0x30/0x40
      [   21.134212]  bus_add_driver+0x234/0x2f0
      [   21.0x10/0x18
      [   21.161764]
      [   21.163244] The buggy address belongs to the object at ffff00236cdeb600
      [   21.163244]  which belongs to the cache kmalloc-256 of size 256
      [   21.175750] The buggy address is located 132 bytes inside of
      [   21.175750]  256-byte region [ffff00236cdeb600, ffff00236cdeb700)
      [   21.187473] The buggy address belongs to the page:
      [   21.192254] page:fffffe008d937a00 refcount:1 mapcount:0 mapping:ffff002370c0fa00 index:0x0 compound_mapcount: 0
      [   21.202331] flags: 0x1ffff00000010200(slab|head)
      [   21.206940] raw: 1ffff00000010200 dead000000000100 dead000000000122 ffff002370c0fa00
      [   21.214671] raw: 0000000000000000 00000000802a002a 00000001ffffffff 0000000000000000
      [   21.222400] page dumped because: kasan: bad access detected
      [   21.227959]
      [   21.229438] Memory state around the buggy address:
      [   21.234218]  ffff00236cdeb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      [   21.241427]  ffff00236cdeb600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
      [   21.248637] >ffff00236cdeb680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
      [   21.255845]                    ^
      [   21.259062]  ffff00236cdeb700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      [   21.266272]  ffff00236cdeb780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
      [   21.273480] ==================================================================
      
      It seems that global pcc_data[pcc_ss_id] can be freed in
      acpi_cppc_processor_exit(), but we may later reference this value, so
      NULLify it when freed.
      
      Also remove the useless setting of data "pcc_channel_acquired", which
      we're about to free.
      
      Fixes: 85b1407b ("ACPI / CPPC: Make CPPC ACPI driver aware of PCC subspace IDs")
      Signed-off-by: default avatarJohn Garry <john.garry@huawei.com>
      Cc: 4.15+ <stable@vger.kernel.org> # 4.15+
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      56a0b978
    • Rafael J. Wysocki's avatar
      Merge branches 'pm-cpufreq' and 'pm-sleep' · b23eb5c7
      Rafael J. Wysocki authored
      * pm-cpufreq:
        ACPI: processor: Avoid NULL pointer dereferences at init time
        cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
      
      * pm-sleep:
        PM: sleep: include <linux/pm_runtime.h> for pm_wq
        ACPI: PM: Drop Dell XPS13 9360 from LPS0 Idle _DSM blacklist
      b23eb5c7
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 0e2adab6
      Linus Torvalds authored
      Pull arm64 fixes from Will Deacon:
       "The main thing here is a long-awaited workaround for a CPU erratum on
        ThunderX2 which we have developed in conjunction with engineers from
        Cavium/Marvell.
      
        At the moment, the workaround is unconditionally enabled for affected
        CPUs at runtime but we may add a command-line option to disable it in
        future if performance numbers show up indicating a significant cost
        for real workloads.
      
        Summary:
      
         - Work around Cavium/Marvell ThunderX2 erratum #219
      
         - Fix regression in mlock() ABI caused by sign-extension of TTBR1 addresses
      
         - More fixes to the spurious kernel fault detection logic
      
         - Fix pathological preemption race when enabling some CPU features at boot
      
         - Drop broken kcore macros in favour of generic implementations
      
         - Fix userspace view of ID_AA64ZFR0_EL1 when SVE is disabled
      
         - Avoid NULL dereference on allocation failure during hibernation"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: tags: Preserve tags for addresses translated via TTBR1
        arm64: mm: fix inverted PAR_EL1.F check
        arm64: sysreg: fix incorrect definition of SYS_PAR_EL1_F
        arm64: entry.S: Do not preempt from IRQ before all cpufeatures are enabled
        arm64: hibernate: check pgd table allocation
        arm64: cpufeature: Treat ID_AA64ZFR0_EL1 as RAZ when SVE is not enabled
        arm64: Fix kcore macros after 52-bit virtual addressing fallout
        arm64: Allow CAVIUM_TX2_ERRATUM_219 to be selected
        arm64: Avoid Cavium TX2 erratum 219 when switching TTBR
        arm64: Enable workaround for Cavium TX2 erratum 219 when running SMT
        arm64: KVM: Trap VM ops when ARM64_WORKAROUND_CAVIUM_TX2_219_TVM is set
      0e2adab6
  2. 17 Oct, 2019 11 commits
  3. 16 Oct, 2019 12 commits
  4. 15 Oct, 2019 10 commits