Commit Graph

915591 Commits

Author SHA1 Message Date
Niklas Cassel
132be62387 nvme: prevent double free in nvme_alloc_ns() error handling
When jumping to the out_put_disk label, we will call put_disk(), which will
trigger a call to disk_release(), which calls blk_put_queue().

Later in the cleanup code, we do blk_cleanup_queue(), which will also call
blk_put_queue().

Putting the queue twice is incorrect, and will generate a KASAN splat.

Set the disk->queue pointer to NULL, before calling put_disk(), so that the
first call to blk_put_queue() will not free the queue.

The second call to blk_put_queue() uses another pointer to the same queue,
so this call will still free the queue.

Fixes: 85136c0102 ("lightnvm: simplify geometry enumeration")
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
2020-04-27 17:08:06 +02:00
Damien Le Moal
d205bde78f null_blk: Cleanup zoned device initialization
Move all zoned mode related code from null_blk_main.c to
null_blk_zoned.c, avoiding an ugly #ifdef in the process.
Rename null_zone_init() into null_init_zoned_dev(), null_zone_exit()
into null_free_zoned_dev() and add the new function
null_register_zoned_dev() to finalize the zoned dev setup before
add_disk().

Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2020-04-23 09:35:09 -06:00
Damien Le Moal
9dd44c7e99 null_blk: Fix zoned command handling
For write operations issued to a null_blk device with zoned mode
enabled, the state and write pointer position of the zone targeted by
the command should be checked before badblocks and memory backing
are handled as the write may be first failed due to, for instance, a
sector position not aligned with the zone write pointer. This order of
checking for errors reflects more accuratly the behavior of physical
zoned devices.

Furthermore, the write pointer position of the target zone should be
incremented only and only if no errors are reported by badblocks and
memory backing handling.

To fix this, introduce the small helper function null_process_cmd()
which execute null_handle_badblocks() and null_handle_memory_backed()
and use this function in null_zone_write() to correctly handle write
requests to zoned null devices depending on the type and state of the
write target zone. Also call this function in null_handle_zoned() to
process read requests to zoned null devices.

null_process_cmd() is called directly from null_handle_cmd() for
regular null devices, resulting in no functional change for these type
of devices. To have symmetric names, the function null_handle_zoned()
is renamed to null_process_zoned_cmd().

Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Reviewed-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2020-04-23 09:35:09 -06:00
Ma, Jianpeng
d56deb1e4e block: remove unused header
Dax related code already removed from this file.

Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jianpeng Ma <jianpeng.ma@intel.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2020-04-21 09:51:10 -06:00
Waiman Long
d6c8e949a3 blk-iocost: Fix error on iocost_ioc_vrate_adj
Systemtap 4.2 is unable to correctly interpret the "u32 (*missed_ppm)[2]"
argument of the iocost_ioc_vrate_adj trace entry defined in
include/trace/events/iocost.h leading to the following error:

  /tmp/stapAcz0G0/stap_c89c58b83cea1724e26395efa9ed4939_6321_aux_6.c:78:8:
  error: expected ‘;’, ‘,’ or ‘)’ before ‘*’ token
   , u32[]* __tracepoint_arg_missed_ppm

That argument type is indeed rather complex and hard to read. Looking
at block/blk-iocost.c. It is just a 2-entry u32 array. By simplifying
the argument to a simple "u32 *missed_ppm" and adjusting the trace
entry accordingly, the compilation error was gone.

Fixes: 7caa47151a ("blkcg: implement blk-iocost")
Acked-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2020-04-21 09:49:36 -06:00
Douglas Anderson
b849dd84b6 bdev: Reduce time holding bd_mutex in sync in blkdev_close()
While trying to "dd" to the block device for a USB stick, I
encountered a hung task warning (blocked for > 120 seconds).  I
managed to come up with an easy way to reproduce this on my system
(where /dev/sdb is the block device for my USB stick) with:

  while true; do dd if=/dev/zero of=/dev/sdb bs=4M; done

With my reproduction here are the relevant bits from the hung task
detector:

 INFO: task udevd:294 blocked for more than 122 seconds.
 ...
 udevd           D    0   294      1 0x00400008
 Call trace:
  ...
  mutex_lock_nested+0x40/0x50
  __blkdev_get+0x7c/0x3d4
  blkdev_get+0x118/0x138
  blkdev_open+0x94/0xa8
  do_dentry_open+0x268/0x3a0
  vfs_open+0x34/0x40
  path_openat+0x39c/0xdf4
  do_filp_open+0x90/0x10c
  do_sys_open+0x150/0x3c8
  ...

 ...
 Showing all locks held in the system:
 ...
 1 lock held by dd/2798:
  #0: ffffff814ac1a3b8 (&bdev->bd_mutex){+.+.}, at: __blkdev_put+0x50/0x204
 ...
 dd              D    0  2798   2764 0x00400208
 Call trace:
  ...
  schedule+0x8c/0xbc
  io_schedule+0x1c/0x40
  wait_on_page_bit_common+0x238/0x338
  __lock_page+0x5c/0x68
  write_cache_pages+0x194/0x500
  generic_writepages+0x64/0xa4
  blkdev_writepages+0x24/0x30
  do_writepages+0x48/0xa8
  __filemap_fdatawrite_range+0xac/0xd8
  filemap_write_and_wait+0x30/0x84
  __blkdev_put+0x88/0x204
  blkdev_put+0xc4/0xe4
  blkdev_close+0x28/0x38
  __fput+0xe0/0x238
  ____fput+0x1c/0x28
  task_work_run+0xb0/0xe4
  do_notify_resume+0xfc0/0x14bc
  work_pending+0x8/0x14

The problem appears related to the fact that my USB disk is terribly
slow and that I have a lot of RAM in my system to cache things.
Specifically my writes seem to be happening at ~15 MB/s and I've got
~4 GB of RAM in my system that can be used for buffering.  To write 4
GB of buffer to disk thus takes ~4000 MB / ~15 MB/s = ~267 seconds.

The 267 second number is a problem because in __blkdev_put() we call
sync_blockdev() while holding the bd_mutex.  Any other callers who
want the bd_mutex will be blocked for the whole time.

The problem is made worse because I believe blkdev_put() specifically
tells other tasks (namely udev) to go try to access the device at right
around the same time we're going to hold the mutex for a long time.

Putting some traces around this (after disabling the hung task detector),
I could confirm:
 dd:    437.608600: __blkdev_put() right before sync_blockdev() for sdb
 udevd: 437.623901: blkdev_open() right before blkdev_get() for sdb
 dd:    661.468451: __blkdev_put() right after sync_blockdev() for sdb
 udevd: 663.820426: blkdev_open() right after blkdev_get() for sdb

A simple fix for this is to realize that sync_blockdev() works fine if
you're not holding the mutex.  Also, it's not the end of the world if
you sync a little early (though it can have performance impacts).
Thus we can make a guess that we're going to need to do the sync and
then do it without holding the mutex.  We still do one last sync with
the mutex but it should be much, much faster.

With this, my hung task warnings for my test case are gone.

Signed-off-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2020-04-20 09:31:20 -06:00
Zhiqiang Liu
c4b4c2a78a buffer: remove useless comment and WB_REASON_FREE_MORE_MEM, reason.
free_more_memory func has been completely removed in commit bc48f001de
("buffer: eliminate the need to call free_more_memory() in __getblk_slow()")

So comment and `WB_REASON_FREE_MORE_MEM` reason about free_more_memory
are no longer needed.

Fixes: bc48f001de ("buffer: eliminate the need to call free_more_memory() in __getblk_slow()")
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2020-04-17 21:38:11 -06:00
Linus Torvalds
90280eaa88 A handful of fixes for reasonably obnoxious documentation issues.
-----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCAAtFiEEIw+MvkEiF49krdp9F0NaE2wMflgFAl6aCQcPHGNvcmJldEBs
 d24ubmV0AAoJEBdDWhNsDH5YkCgH/AtTYeNvTQYmdErz/4LCdqLbMqNT1wmP4Wo2
 jCjrlG7kbnxnjqnYOuPb3LUFJCv9rQO98lSYEKOY1wjSbA4EBEmikT+Y0p3gBPVn
 zD1PYPhfQ3tpEwHcwV081X5SVg4SzQ33KufI+qVJFym6vj2MWbrk9w4YQBiQTb6f
 vjy3hZj/nR9+7BKPnPPz4ShtgUCUSEGU7zXo2fs2ZReDrxfH8RV1R/Yx8kOFiPDX
 E71gYbY0ljop1O+vuDvrZSufx4PeySYhhZftEuEMVZOGFPU/0AEig3/vEMM87hwy
 4UOjao3UkDVZu/fZ6JfGPF1bTLVgElfXejxhaypNrvoVK2DxCRQ=
 =BC63
 -----END PGP SIGNATURE-----

Merge tag 'docs-fixes' of git://git.lwn.net/linux

Pull documentation fixes from Jonathan Corbet:
 "A handful of fixes for reasonably obnoxious documentation issues"

* tag 'docs-fixes' of git://git.lwn.net/linux:
  scripts: documentation-file-ref-check: Add line break before exit
  scripts/kernel-doc: Add missing close-paren in c:function directives
  docs: admin-guide: merge sections for the kernel.modprobe sysctl
  docs: timekeeping: Use correct prototype for deprecated functions
2020-04-17 13:10:50 -07:00
Linus Torvalds
5d286d5ebc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull proc fix from Eric Biederman:
 "While running syzbot happened to spot one more oversight in my rework
  of proc_flush_task.

  The fields proc_self and proc_thread_self were not being reinitialized
  when proc was unmounted, which could cause problems if the mount of
  proc fails"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
  proc: Handle umounts cleanly
2020-04-17 12:05:01 -07:00
Linus Torvalds
ceb1adbacb SPI-NOR:
* Fix for missing directory after code refactoring
 -----BEGIN PGP SIGNATURE-----
 
 iQJKBAABCAA0FiEEdgfidid8lnn52cLTZvlZhesYu8EFAl6Z2BMWHHJpY2hhcmRA
 c2lnbWEtc3Rhci5hdAAKCRBm+VmF6xi7wSPnD/9tc8ZrVuHQiM9egF1hgJNqSBy9
 Hokho2A+4hRk8CmdDaTP7CUvbRFa3Uqpc2HGe6n8V1vp7sdLJ1vKqvjHZ2208F3k
 iQiSWrOdDeJoUh/bdXqQGIKUehnFKDQnQO7b2F/LlsZlUvbAIyZI/bCwfGAvlZxd
 9E4LBjeGJrs0+V3ymRaivi1Ibmbio/7pcXXtz+k5nYsZYYLZzNjLojKdIVqHl0Pr
 ioHQioqvEtoCxYH0XL7cKmUgueHQRBvP9A2r7SWLcAYoPKxz+Qjy5tG25yNqNiKw
 TJcP0CLXz1Zm0ynvckZsdiy6yy6Fqae3GUhgfBCkoGpV+qyv39vDNo2ZXWtgD4SX
 iReZub6kx8McM/mh8rq/7rl1aeHf4w33STg0k+AGNbvBKFhnOLr4XkAFCErlZLKY
 EBB52T+Ti4n9zYbEBWJBW9Vdhfu2SQU7QgH0+rUz2PwHFQglfh7Z6+ncD1gpSskJ
 UnxIMsi6locvOy5E5+374N1pyIxIBQe9Vu3wXmAcUFrBqrm4+MxtJ0elJ2lzo7U6
 P2kKjjPWjUoUw5mGYujtaGtYQwPPSi4aeN5rLHFrsmaHw2B5DWMZLyUJQysny/E4
 7x+iaTsT/6rt+3pE2G0X1D/HYuccZXc2LYd2uL8Wj5gy14pEr0Hmbk3U1QIlXuej
 Jz9ni+tW6OoZ9yYfwQ==
 =SxI7
 -----END PGP SIGNATURE-----

Merge tag 'mtd/fixes-for-5.7-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux

Pull mtd fix from Richard Weinberger:
 "spi-nor: fix for missing directory after code refactoring"

* tag 'mtd/fixes-for-5.7-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux:
  mtd: spi-nor: Compile files in controllers/ directory
2020-04-17 11:52:20 -07:00
Linus Torvalds
1634615dc1 linux-watchdog 5.7-rc2 tag
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.14 (GNU/Linux)
 
 iEYEABECAAYFAl6Zv44ACgkQ+iyteGJfRsp+3QCgzgvOBYJ6Y2MtApiyrjCKygXr
 moEAmwQ+Q3vrKqxz4DZsd8PyIQGWD8BA
 =jydB
 -----END PGP SIGNATURE-----

Merge tag 'linux-watchdog-5.7-rc2' of git://www.linux-watchdog.org/linux-watchdog

Pull watchdog fix from Wim Van Sebroeck:
 "Fix restart handler in sp805 driver"

* tag 'linux-watchdog-5.7-rc2' of git://www.linux-watchdog.org/linux-watchdog:
  watchdog: sp805: fix restart handler
2020-04-17 11:40:08 -07:00
Linus Torvalds
8fce9058ca Devicetree fixes for v5.7:
- Fix warnings from enabling more dtc warnings which landed in the merge
   window and didn't get fixed in time.
 
 - Fix some document references from DT schema conversions
 
 - Fix kmemleak errors in DT unittests
 -----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCgAuFiEEktVUI4SxYhzZyEuo+vtdtY28YcMFAl6Zz40QHHJvYmhAa2Vy
 bmVsLm9yZwAKCRD6+121jbxhw+UdD/4zVtSSRIAPr7B1DjlY8ljZkI4fCWjtEzgq
 B/GifTV9bjNsLNt2MKwmHar95R9kmBWHGHNfYQUoh939XN+h/MZyP4lgnLfvCZQ1
 0y1dgVFsTEhtmUa3MCPCSHWlHkpkIuuVj8rSspIuE809WBpuEE5ddWcUfAUw2RcJ
 sCA8cHmH55/Ki42+geAy3LW1BuJROXwMvPSZHQTbO7vZpE6cWyCzAxZ1RSgmDOse
 rlUzcI6xXwM56HdlM39qkN7zAA6EzZ+bH8kcPf0ZbY/qS5umQWDczKaB3ixo3OaL
 8z3c1ohVFt9kmbMPNz3+LCGD2xisGGfM967bBacBFIbNC1e9wcvHWoReoPaCuXYi
 WLyP1j3qx+joSDRs+SMzMNtJmD19CjsCdzr61werUtyVU733KMM4ZGce/gTKlyeg
 GF/+Y/EWua1EwKPbHPhXVzS+Y2Ps9xUuxW2BYw2u78UTy8a4Mklahkg9JntsAZUr
 xs3rhYrFsHdQsxSatXQmxpROZEydreNzMx8+QzhTmVhEUS3xcLouJ1liv8GZph7M
 cnySJkl74cmnRHMDZQGw+PdpPGGPo3PjvTDwbpfosrMeO50f8eAZijnq3Eqc9OLB
 vmHWPVhWiss/Z4O9eWgklxUUyQd7YoJvfvSH/3EkNpqV4OuHhh+RwgTB6lwQGgdu
 1Acc1U7olw==
 =qdNV
 -----END PGP SIGNATURE-----

Merge tag 'devicetree-fixes-for-5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux

Pull devicetree fixes from Rob Herring:

 - Fix warnings from enabling more dtc warnings which landed in the
   merge window and didn't get fixed in time.

 - Fix some document references from DT schema conversions

 - Fix kmemleak errors in DT unittests

* tag 'devicetree-fixes-for-5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux: (23 commits)
  kbuild: check libyaml installation for 'make dt_binding_check'
  of: unittest: kmemleak in duplicate property update
  of: overlay: kmemleak in dup_and_fixup_symbol_prop()
  of: unittest: kmemleak in of_unittest_overlay_high_level()
  of: unittest: kmemleak in of_unittest_platform_populate()
  of: unittest: kmemleak on changeset destroy
  MAINTAINERS: dt: fix pointers for ARM Integrator, Versatile and RealView
  MAINTAINERS: dt: update display/allwinner file entry
  dt-bindings: iio: dac: AD5570R fix bindings errors
  dt-bindings: Fix misspellings of "Analog Devices"
  dt-bindings: pwm: Fix cros-ec-pwm example dtc 'reg' warning
  docs: dt: rockchip,dwc3.txt: fix a pointer to a renamed file
  docs: dt: fix a broken reference for a file converted to json
  docs: dt: qcom,dwc3.txt: fix cross-reference for a converted file
  docs: dt: fix broken reference to phy-cadence-torrent.yaml
  dt-bindings: interrupt-controller: Fix loongson,parent_int_map property schema
  dt-bindings: hwmon: Fix incorrect $id paths
  dt-bindings: Fix dtc warnings on reg and ranges in examples
  dt-bindings: BD718x7 - add missing I2C bus properties
  dt-bindings: clock: syscon-icst: Remove unneeded unit name
  ...
2020-04-17 11:35:20 -07:00
Linus Torvalds
95988fbc7c - Remove vdso code trying to free unallocated pages.
- Delete the space separator in the __emit_inst macro as it breaks the
   clang integrated assembler.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE5RElWfyWxS+3PLO2a9axLQDIXvEFAl6Z4L8ACgkQa9axLQDI
 XvHoNw/+M22K2NSdIG1/6XOlB96XlfbbCB5Ak30VJiIz4tnt2wSYv8CeuvCrWkdY
 u8hs3w60kPlk2uP48GyBGwZVxoGkQDQs5wZOZTkTgsa+uR3af+mJK0IWbbW04u7o
 2QRvkZCaQx435QxqKY/nNqArzzGo/90GL5tio3jNdL47iBAvpI7t/hxEIuQPvczh
 MRVvGaGQtODXsQPUdCWcnrziPG7o0dHAmGnVUuReiyvz67zf93tR33Xudw3/sQWT
 /nFnE9/WfsyomTL7jI8JndlT1bnZ9SASeyrYm881rypvMYofyCcvOao+0KqcoTnR
 6yAtcAHQttESTekti0/gC75859RWFUMcpTbCuvsG4PwM/H5Yx89cTwulAX9uCA3m
 qEnGcJ+F8jYTkbBau0edl6pYaFmNqbOtL1vbfO+ZLeBZnFspFcbqWmDJe+GgRAar
 dWwD3bR/8GCsAM53rUF+1lrH7F5MC/JWKWTjAyQQNwmMViIFDycB8xFyVdk0l3P7
 UEbX+1TqVz8m2cyRWESDAWJ+SI+WJcP+gg16w1WMuj2RGooPVQuBmERwmcxKwLkS
 OOQmc4EySHEj9JOnhEquHMxeAQOn0giMf9x8TwiFmLPOAdwWRlG+dXwmEMiYRbHu
 SVDL1lcYVurfa12v2cfihnXdOGqKWf+UReWjBsEaohANFK0YuUc=
 =2DjJ
 -----END PGP SIGNATURE-----

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fixes from Catalin Marinas:

 - Remove vdso code trying to free unallocated pages.

 - Delete the space separator in the __emit_inst macro as it breaks the
   clang integrated assembler.

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64: Delete the space separator in __emit_inst
  arm64: vdso: don't free unallocated pages
2020-04-17 10:39:43 -07:00
Linus Torvalds
d0a4ebe7d1 xen: branch for v5.7-rc2
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQRTLbB6QfY48x44uB6AXGG7T9hjvgUCXpnH4AAKCRCAXGG7T9hj
 vjkNAQD2Rl1RAKSrNP6UdKYr0uaA5CW9AN6+GArQXqulrtx0cAD6AxS9QKox176+
 1oDGzmj/72hv8n/vAXST0pmFLD1RLQA=
 =+3Ft
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-5.7-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip

Pull xen update from Juergen Gross:

 - a small cleanup patch

 - a security fix for a bug in the Xen hypervisor to avoid enabling Xen
   guests to crash dom0 on an unfixed hypervisor.

* tag 'for-linus-5.7-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
  arm/xen: make _xen_start_info static
  xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status
2020-04-17 10:35:17 -07:00
Linus Torvalds
a2286a449b io_uring-5.7-2020-04-17
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAl6ZxtgQHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgpg97EACvs/Vm50z9qAr9qJQKnWOpxUf9tYLNFhf2
 olOe8No4DgDB5kAvUdexozvV/QMRXMN2SI9CpwXJ98+ZTt/VU8dcDt1hM5DooBRL
 VWUADVeojRR362ijqdL1x7wt41pMLFt5UiAFE2VdAH04jcTV7VAVl15/ZvEhGSOX
 o86xsR06IqjhHPGQnZvY34Qyk3AKYoA9y/doKhIrTyfgaXiHsMMJPZrQhgEuPI9C
 D3i1/51FCJdKTm9c0hTz/CkhNxYvRmz91Ywjnm8wyZwXBZJJHm4ZDpDpbXijyLda
 clkLdmnnD1fkm1mkId/55sCS//iR8Um9XXsejQ4W6iSaY7OLfqyVXfuct3Rbwi2D
 ut85XvZFOiCP9M/5VaB9qFIDb9VF1nGC1qptYEmt8YrmgD+0n+4aPq83/2a+KYAs
 7RQcH6twpDZpR/HDLcAcq9zpMz9B1O2QsokgXUgkZz0QVGQqZgGXYeZgMtUud2Rl
 i3UGrmtl/Pp23A1z2NT0sPCZPopo0nVLu2OLZwL4t5PAJbV1CrIp2Q64XzOM+56U
 3ExibVR7/s0BHjBtSPS//vSphGR6UT1NLzowtEf94jBdxIdvoC5eztycmxcCBtrc
 TNcOjKsYDRDXiNS5NDnQbrc8xLXCd4mXhyRphWt+vNp/5TmA4tsqe9bZzUDm+4v/
 CYr0nGJf7Q==
 =n9hr
 -----END PGP SIGNATURE-----

Merge tag 'io_uring-5.7-2020-04-17' of git://git.kernel.dk/linux-block

Pull io_uring fixes from Jens Axboe:

 - wrap up the init/setup cleanup (Pavel)

 - fix some issues around deferral sequences (Pavel)

 - fix splice punt check using the wrong struct file member

 - apply poll re-arm logic for pollable retry too

 - pollable retry should honor cancelation

 - fix setup time error handling syzbot reported crash

 - restore work state when poll is canceled

* tag 'io_uring-5.7-2020-04-17' of git://git.kernel.dk/linux-block:
  io_uring: don't count rqs failed after current one
  io_uring: kill already cached timeout.seq_offset
  io_uring: fix cached_sq_head in io_timeout()
  io_uring: only post events in io_poll_remove_all() if we completed some
  io_uring: io_async_task_func() should check and honor cancelation
  io_uring: check for need to re-wait in polled async handling
  io_uring: correct O_NONBLOCK check for splice punt
  io_uring: restore req->work when canceling poll request
  io_uring: move all request init code in one place
  io_uring: keep all sqe->flags in req->flags
  io_uring: early submission req fail code
  io_uring: track mm through current->mm
  io_uring: remove obsolete @mm_fault
2020-04-17 10:12:26 -07:00
Linus Torvalds
bf9196d51f block-5.7-2020-04-17
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAl6ZxugQHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgpvGVEACFQ/l7YtzYov9YyffhfFU77QmXoTeaW3M5
 p/Yz3QFphRLROs1w9n9k/DjtFgfYfAlOrWRDss9tuG4Nr/jt3i6g8duAkiQXV7M/
 FJ9urg7Y+766XChGqPL6HhTQmTxbzXp4L6nD9EUG9X/dzl4IpyD8oT4nwbOb022W
 zWZPApDwglZeuD7plrrnrLqpXrIGMyzjob7AQDM+FoqzUAsnsZ4SEheIrNoNqe8f
 m7+ZxYWcAOy8fb9FQJASnA5mj+id03nNVc/DAZQrhzJdwC+3O4QElgXO/KaPic8X
 sUHrmKCLA72WezgsZB1cF4IovANvz+7ANmrORfRQ2Sedsxm2Y+URQ9pB7IMH9mMc
 fsdbwlhoeeqKSQ5JhTvg4QUsD/yhDq/cpAx68y9N3bHNwS6NjnYi1Us1S1yyXH27
 zCK54YsHzpmd/iLi8PbewEFifYRTMGztPNsCeaZnNcqONogZAquboEDXGdv9uypX
 bPqd3i7nYDoLhgSZ93yF++QbW/4KmdiIW3RbrlVNoth6ELnyRjI7TIkwmNo4SnAC
 OG62Q434Jv2A5NxXBeWDmnmBD8Y5JUOAJ2YiPC27i6E8lcko5GPsMwz79+GClnOU
 X+ncjtkRJNzCNuRp4FXrNKCQ/L2mXeKPgcN9XqiH1/VPqxxdA6G0kDdISEKDYOY3
 q97dwpigdw==
 =W4kQ
 -----END PGP SIGNATURE-----

Merge tag 'block-5.7-2020-04-17' of git://git.kernel.dk/linux-block

Pull block fixes from Jens Axboe:

 - Fix for a driver tag leak in error handling (John)

 - Remove now defunct Kconfig selection from dasd (Stefan)

 - blk-wbt trace fiexs (Tommi)

* tag 'block-5.7-2020-04-17' of git://git.kernel.dk/linux-block:
  blk-wbt: Drop needless newlines from tracepoint format strings
  blk-wbt: Use tracepoint_string() for wbt_step tracepoint string literals
  s390/dasd: remove IOSCHED_DEADLINE from DASD Kconfig
  blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget
2020-04-17 10:08:08 -07:00
Linus Torvalds
2acbb9e670 libata-5.7-2020-04-17
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAl6ZxvQQHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgpqWfEADCccXhidLp0vBn0s2FpVb22lREd3nYQ4xg
 RRqvyyNMncErHR5wQsFt/swoe1w/V2vmc4vSW6zxhw0esGP+Lcb2x7KL2O/59X8W
 LO1DUuum74VVxKTb8T2KVJdx9ANa6G8qw5c6CMpJwIlsmETxpeR6XJraWcgLcOkY
 sD6XKut+/d46txYgM7YLvyOdQ1qXM1P8oCQrYgieEZ9D18mfsVWyXI9G+qWmeiqF
 ROFMHfPZdpNaEw4mw53Pow7UFz8KOTNvbw8sNpMBnspeE0KLC7gtJxgK1bAQ5QC7
 vtiXEJlkEmFO3PzXvS/shcIyYHA5fCTvCc6L/JmAVNAmT+bqti9hmm3ONLsxAmb+
 bo7/rKvmYjtFquFg3nhQrBkRc2Xl7GqZL2/BJTkOMp/kaJiXqCOzEd89/wvBSfCS
 qfDASf8zXrsgO55gyTxXxwYoBKju0FX0DAlDoryJtikqzLIgupTHT+/uQ+5mU9lw
 OzhwLP2tL9xS2t8i7TIDgAz8FI0HXmcg54iRrVMvnAuUelG1bs5uRa/QTWLE2rf6
 9jEQN+2O5K2mW8AJkzgCVC6WZIYcjVKq0YA2fQ0emiomrD420oYAt4gx8J+kqoI4
 TRoznSj/WIcWPp0EcKv3buZROPVbbk4g/akFqJWJqEr3FlWBonRI+z0Q+dgKeERB
 nG8VuNa9+g==
 =MzVj
 -----END PGP SIGNATURE-----

Merge tag 'libata-5.7-2020-04-17' of git://git.kernel.dk/linux-block

Pull libata fixlet from Jens Axboe:
 "Add yet another Comet Lake PCI ID for ahci"

* tag 'libata-5.7-2020-04-17' of git://git.kernel.dk/linux-block:
  ahci: Add Intel Comet Lake PCH-U PCI ID
2020-04-17 10:06:16 -07:00
Linus Torvalds
c5304dd59b for-5.7-rc1-tag
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE8rQSAMVO+zA4DBdWxWXV+ddtWDsFAl6ZrWEACgkQxWXV+ddt
 WDsQohAAhcAaSc/QoJ5g+vI/x5YQbo6KzAVyKbUbJdFlUIzh5uVBjJmpy4IQehcG
 QQGoqj5mAO9DaWHH5wGoR9xBRKNDjc5Sh86IjaKrPNNyDoDWMuUKs5bqZojtY819
 4zZyZaKUGQ8HD0BwKEMCMM30BWyXjj7MkngJtzO5/qj43cwSyIORDk8a4DDLwImr
 FPdArpdUshRlt5aEwosTV4X/zRQ5kfQF8vOYd0TopfXAvKF3g6PZ7YmrHzfmVQGK
 hdmqfsKY3gMhcNwi7nCTfaHN6qRd/9Bec+Z3ZVtZPsEoIPMZOyqgw8yU9NRjMj4O
 GhmsLA9onbEYYrSAaGP/O7nEYr2M3MS0vJ0KnOobpOJaSMPZFUOfouac7u8l9ZZU
 KQ5aSJo2mx9E6/VSesoP19TafKHJYx79J8M71tStVrXFCtT6yLkWzvsxj4gNacJc
 2HFNEN/8zvDuWCy9s0JZnSQZ+nv01EuCjZ60IoMuS51lh9EcZORu6kKX33pp7UJS
 WOANssZvunc1AaW0HxT0GME4V0RJa8yoKRFIhV2bLZFGGo2dwvom+v2/1kJy+fW/
 LyfEA9973lyWuhqedB08r+dTIgEN5MEOwetsxQua2iC/P8VnpmU7rfmBk/LlTg7j
 dN+O39+Ms6edsk+K3pxSedRU79XgdJ3muA6fNPmILUJBczQriKU=
 =s26U
 -----END PGP SIGNATURE-----

Merge tag 'for-5.7-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux

Pull btrfs fix from David Sterba:
 "A regression fix for a warning caused by running balance and snapshot
  creation in parallel"

* tag 'for-5.7-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
  btrfs: fix setting last_trans for reloc roots
2020-04-17 10:00:33 -07:00
Linus Torvalds
5a32fe48bc Power management update for 5.7-rc2
Allow the operating performance points (OPP) core to be used in
 the case when the same driver is used on different platforms,
 some of which have an OPP table and some of which have a clock
 node (Rajendra Nayak).
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAl6ZuBESHHJqd0Byand5
 c29ja2kubmV0AAoJEILEb/54YlRx6tQP/3eBHKn8tJqGyKFWf0A08y1QhzuH095+
 oOOAyekjV7g8j7sOyYGgmNbcxc02KkM6+TsWbSKCXMCKJ9dzAi2CfMQIQz3hiPnf
 3Moc7dmKV6ZrEO87qbuU2V6O2Dmv3SXugIoVEubcS+k4j1FHABE72YPKoJ5aqyM/
 oafSghRd+gwJcLrHAurUBQwYNMLQiCrX60hRglENxZQfaeMp/aZ/zGXwrFPhdmPh
 eNssdHPpCWbfGQYkqMjIJ5xw9KMMJtxvSKpmnQp1Z7vBZnoYJ+CypAULnPt1ATNz
 EngVt3WqY9VG38RtcOFWfZXlMQiCeQzO78PP9WR/asDySCL79OwNVPozvEi85keT
 SCCdFyrVf7c6HzGpRC3I8r1hzVmC707S9ScQ5255WiaUpCdFTIYPNzrcAWIvmf6m
 c6J/nNS++HAleaeb9Idu6QvBG15en9vj9R5nuI2UOOjk+qXzQmYFVw7IM7aF1nlN
 wULMVhpszkqtGLbS/LS/Xcc4ikNda4V5dlLBawBkRzSjJlb5Qm4IjliJpO8ajfZu
 1gtdpfkSRGJMGNtT364RsA6ObCPf6xbgSYoL5pDr5xnZggGyf/vjGd/hJ1ECHR0z
 oVLIJqIYLqWBlIiXi+08pQNIxh37Kh7c11TSP/6F8tOPR7FopS56svyLRr7R+RFI
 xXSEaXKC1Z3w
 =+9n1
 -----END PGP SIGNATURE-----

Merge tag 'pm-5.7-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull power management update from Rafael Wysocki:
 "Allow the operating performance points (OPP) core to be used in the
  case when the same driver is used on different platforms, some of
  which have an OPP table and some of which have a clock node (Rajendra
  Nayak)"

* tag 'pm-5.7-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  opp: Manage empty OPP tables with clk handle
2020-04-17 09:56:28 -07:00
Linus Torvalds
c8a6552ff1 sound fixes for 5.7-rc2
One significant regression fix is for HD-audio buffer preallocation.
 In 5.6 it was set to non-prompt for x86 and forced to 0, but this
 turned out to be problematic for some applications, hence it gets
 reverted.  Distros would need to restore CONFIG_SND_HDA_PREALLOC_SIZE
 value to the earlier values they've used in the past.
 
 Other than that, we've received quite a few small fixes for HD-audio
 and USB-audio.  Most of them are for dealing with the broken TRX40
 mobos and the runtime PM without HD-audio codecs.
 -----BEGIN PGP SIGNATURE-----
 
 iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAl6ZgMEOHHRpd2FpQHN1
 c2UuZGUACgkQLtJE4w1nLE9xIg//W0CkSxsl3yp71o+8Gv+xEWSuOGZ6Gbu5q82e
 PXDODxiAUTvzaueQm+ufofQRYxepZfilLweyxyETT2beQeC20Ty+p+S4bEw1uA4Q
 NiCkGjJZ6EGxVIb3F1S6n2BMrRckRBFD2xoz6NTd9S/iwAv9dBkUFUit9WywjgOF
 XLj0UiTfydgJJ8JIeql6S0glu7Hr+itMcvb3zhIKhvSv0gjR2EFxM6vvl7X9sn8l
 b/RYwJmR0ixKSXSTYWOAyJxLETEwRDOVbkyxOMFwU7y/JaE3j6D8xEd7vnT96AmJ
 7k9upgh5nRWMGEjIa4lp3ob7HhuMF9q99b2yUG6NsDvP3SffusM8MoDWJ04ULMle
 V2sJQQeMk20SuKlNBQfkui9lTbTG1iLRfIjPmJPUHrQNmo4v2P74iQy/7WuJwunK
 U1j0A6VJDkQmRp5WNk9tbkwcGLD7x0ZMfnA/fmulT50iU98Qc1ONfbmxDnOMekOC
 5AckG3upHS6dlQS61LIK9QENkc1GGQRk7b2eKd7wihYLaQEcvq+6z9ywZiSelhSA
 2hc3dAX7RaGR+f2VdWni6uuE+j/XhFblKHWkLlfvY9ESBJgX5s7qys7ogO8+mOfc
 8fGyrYFz/bc3Z8ZHqkOPxhfaIHJYyPNR0AXTLCW5di/OZRXBjW6N7rhCHOM7K2YH
 uulsJDM=
 =2Ir9
 -----END PGP SIGNATURE-----

Merge tag 'sound-5.7-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "One significant regression fix is for HD-audio buffer preallocation.
  In 5.6 it was set to non-prompt for x86 and forced to 0, but this
  turned out to be problematic for some applications, hence it gets
  reverted. Distros would need to restore CONFIG_SND_HDA_PREALLOC_SIZE
  value to the earlier values they've used in the past.

  Other than that, we've received quite a few small fixes for HD-audio
  and USB-audio. Most of them are for dealing with the broken TRX40
  mobos and the runtime PM without HD-audio codecs"

* tag 'sound-5.7-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: hda: call runtime_allow() for all hda controllers
  ALSA: hda: Allow setting preallocation again for x86
  ALSA: hda: Explicitly permit using autosuspend if runtime PM is supported
  ALSA: hda: Skip controller resume if not needed
  ALSA: hda: Keep the controller initialization even if no codecs found
  ALSA: hda: Release resources at error in delayed probe
  ALSA: hda: Honor PM disablement in PM freeze and thaw_noirq ops
  ALSA: hda: Don't release card at firmware loading error
  ALSA: usb-audio: Check mapping at creating connector controls, too
  ALSA: usb-audio: Don't create jack controls for PCM terminals
  ALSA: usb-audio: Don't override ignore_ctl_error value from the map
  ALSA: usb-audio: Filter error from connector kctl ops, too
  ALSA: hda/realtek - Enable the headset mic on Asus FX505DT
  ALSA: ctxfi: Remove unnecessary cast in kfree
2020-04-17 09:48:50 -07:00
Masahiro Yamada
0903060fe5 kbuild: check libyaml installation for 'make dt_binding_check'
If you run 'make dtbs_check' without installing the libyaml package,
the error message "dtc needs libyaml ..." is shown.

This should be checked also for 'make dt_binding_check' because dtc
needs to validate *.example.dts extracted from *.yaml files.

It is missing since commit 4f0e3a57d6 ("kbuild: Add support for DT
binding schema checks"), but this fix-up is applicable only after commit
e10c4321dc ("kbuild: allow to run dt_binding_check and dtbs_check
in a single command").

I gave the Fixes tag to the latter in case somebody is interested in
back-porting this.

Fixes: e10c4321dc ("kbuild: allow to run dt_binding_check and dtbs_check in a single command")
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Rob Herring <robh@kernel.org>
2020-04-17 10:45:23 -05:00
Tommi Rantala
3f22037d38 blk-wbt: Drop needless newlines from tracepoint format strings
Drop needless newlines from tracepoint format strings, they only add
empty lines to perf tracing output.

Signed-off-by: Tommi Rantala <tommi.t.rantala@nokia.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2020-04-17 08:21:46 -06:00
Tommi Rantala
3a89c25d98 blk-wbt: Use tracepoint_string() for wbt_step tracepoint string literals
Use tracepoint_string() for string literals that are used in the
wbt_step tracepoint, so that userspace tools can display the string
content.

Signed-off-by: Tommi Rantala <tommi.t.rantala@nokia.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2020-04-17 08:21:44 -06:00
Stefan Haberland
3dceecfad6 s390/dasd: remove IOSCHED_DEADLINE from DASD Kconfig
CONFIG_IOSCHED_DEADLINE was removed with
commit f382fb0bce ("block: remove legacy IO schedulers")

and setting of the scheduler was removed with
commit a5fd8ddce2 ("s390/dasd: remove setting of scheduler from driver").

So get rid of the select.

Reported-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2020-04-17 08:05:27 -06:00
Frank Rowand
29acfb6559 of: unittest: kmemleak in duplicate property update
kmemleak reports several memory leaks from devicetree unittest.
This is the fix for problem 5 of 5.

When overlay 'overlay_bad_add_dup_prop' is applied, the apply code
properly detects that a memory leak will occur if the overlay is removed
since the duplicate property is located in a base devicetree node and
reports via printk():

  OF: overlay: WARNING: memory leak will occur if overlay removed, property: /testcase-data-2/substation@100/motor-1/rpm_avail
  OF: overlay: WARNING: memory leak will occur if overlay removed, property: /testcase-data-2/substation@100/motor-1/rpm_avail

The overlay is removed when the apply code detects multiple changesets
modifying the same property.  This is reported via printk():

  OF: overlay: ERROR: multiple fragments add, update, and/or delete property /testcase-data-2/substation@100/motor-1/rpm_avail

As a result of this error, the overlay is removed resulting in the
expected memory leak.

Add another device node level to the overlay so that the duplicate
property is located in a node added by the overlay, thus no memory
leak will occur when the overlay is removed.

Thus users of kmemleak will not have to debug this leak in the future.

Fixes: 2fe0e8769d ("of: overlay: check prevents multiple fragments touching same property")
Reported-by: Erhard F. <erhard_f@mailbox.org>
Signed-off-by: Frank Rowand <frank.rowand@sony.com>
Signed-off-by: Rob Herring <robh@kernel.org>
2020-04-17 08:31:34 -05:00
Frank Rowand
478ff649b1 of: overlay: kmemleak in dup_and_fixup_symbol_prop()
kmemleak reports several memory leaks from devicetree unittest.
This is the fix for problem 4 of 5.

target_path was not freed in the non-error path.

Fixes: e0a58f3e08 ("of: overlay: remove a dependency on device node full_name")
Reported-by: Erhard F. <erhard_f@mailbox.org>
Signed-off-by: Frank Rowand <frank.rowand@sony.com>
Signed-off-by: Rob Herring <robh@kernel.org>
2020-04-17 08:31:34 -05:00
Frank Rowand
145fc138f9 of: unittest: kmemleak in of_unittest_overlay_high_level()
kmemleak reports several memory leaks from devicetree unittest.
This is the fix for problem 3 of 5.

of_unittest_overlay_high_level() failed to kfree the newly created
property when the property named 'name' is skipped.

Fixes: 39a751a4cb ("of: change overlay apply input data from unflattened to FDT")
Reported-by: Erhard F. <erhard_f@mailbox.org>
Signed-off-by: Frank Rowand <frank.rowand@sony.com>
Signed-off-by: Rob Herring <robh@kernel.org>
2020-04-17 08:31:34 -05:00
Frank Rowand
216830d241 of: unittest: kmemleak in of_unittest_platform_populate()
kmemleak reports several memory leaks from devicetree unittest.
This is the fix for problem 2 of 5.

of_unittest_platform_populate() left an elevated reference count for
grandchild nodes (which are platform devices).  Fix the platform
device reference counts so that the memory will be freed.

Fixes: fb2caa50fb ("of/selftest: add testcase for nodes with same name and address")
Reported-by: Erhard F. <erhard_f@mailbox.org>
Signed-off-by: Frank Rowand <frank.rowand@sony.com>
Signed-off-by: Rob Herring <robh@kernel.org>
2020-04-17 08:31:34 -05:00
Frank Rowand
b3fb36ed69 of: unittest: kmemleak on changeset destroy
kmemleak reports several memory leaks from devicetree unittest.
This is the fix for problem 1 of 5.

of_unittest_changeset() reaches deeply into the dynamic devicetree
functions.  Several nodes were left with an elevated reference
count and thus were not properly cleaned up.  Fix the reference
counts so that the memory will be freed.

Fixes: 201c910bd6 ("of: Transactional DT support.")
Reported-by: Erhard F. <erhard_f@mailbox.org>
Signed-off-by: Frank Rowand <frank.rowand@sony.com>
Signed-off-by: Rob Herring <robh@kernel.org>
2020-04-17 08:31:34 -05:00
Mauro Carvalho Chehab
21a431e627 MAINTAINERS: dt: fix pointers for ARM Integrator, Versatile and RealView
There's a conversion from a plain text binding file into 4 yaml ones.
The old file got removed, causing this new warning:

	Warning: MAINTAINERS references a file that doesn't exist: Documentation/devicetree/bindings/arm/arm-boards

Address it by replacing the old reference by the new ones

Fixes: 4b900070d5 ("dt-bindings: arm: Add Versatile YAML schema")
Fixes: 2d483550b6 ("dt-bindings: arm: Drop the non-YAML bindings")
Fixes: 7db625b9fa ("dt-bindings: arm: Add RealView YAML schema")
Fixes: 4fb00d9066 ("dt-bindings: arm: Add Versatile Express and Juno YAML schema")
Fixes: 33fbfb3eaf ("dt-bindings: arm: Add Integrator YAML schema")
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Acked-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Rob Herring <robh@kernel.org>
2020-04-17 08:31:34 -05:00
Mauro Carvalho Chehab
f4d859b7f3 MAINTAINERS: dt: update display/allwinner file entry
Changeset f5a98bfe7b ("dt-bindings: display: Convert Allwinner display pipeline to schemas")
split Documentation/devicetree/bindings/display/sunxi/sun4i-drm.txt
into several files. Yet, it kept the old place at MAINTAINERS.

Update it to point to the new place.

Fixes: f5a98bfe7b ("dt-bindings: display: Convert Allwinner display pipeline to schemas")
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Rob Herring <robh@kernel.org>
2020-04-17 08:31:34 -05:00
Alexandru Tachici
2cf3818f18 dt-bindings: iio: dac: AD5570R fix bindings errors
Replaced num property with reg property, fixed errors
reported by dt-binding-check.

Fixes: ea52c21268 ("dt-bindings: iio: dac: Add docs for AD5770R DAC")
Signed-off-by: Alexandru Tachici <alexandru.tachici@analog.com>
[robh: Fix required property list, fix Fixes tag]
Signed-off-by: Rob Herring <robh@kernel.org>
2020-04-17 08:29:16 -05:00
Josef Bacik
aec7db3b13 btrfs: fix setting last_trans for reloc roots
I made a mistake with my previous fix, I assumed that we didn't need to
mess with the reloc roots once we were out of the part of relocation where
we are actually moving the extents.

The subtle thing that I missed is that btrfs_init_reloc_root() also
updates the last_trans for the reloc root when we do
btrfs_record_root_in_trans() for the corresponding fs_root.  I've added a
comment to make sure future me doesn't make this mistake again.

This showed up as a WARN_ON() in btrfs_copy_root() because our
last_trans didn't == the current transid.  This could happen if we
snapshotted a fs root with a reloc root after we set
rc->create_reloc_tree = 0, but before we actually merge the reloc root.

Worth mentioning that the regression produced the following warning
when running snapshot creation and balance in parallel:

  BTRFS info (device sdc): relocating block group 30408704 flags metadata|dup
  ------------[ cut here ]------------
  WARNING: CPU: 0 PID: 12823 at fs/btrfs/ctree.c:191 btrfs_copy_root+0x26f/0x430 [btrfs]
  CPU: 0 PID: 12823 Comm: btrfs Tainted: G        W 5.6.0-rc7-btrfs-next-58 #1
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
  RIP: 0010:btrfs_copy_root+0x26f/0x430 [btrfs]
  RSP: 0018:ffffb96e044279b8 EFLAGS: 00010202
  RAX: 0000000000000009 RBX: ffff9da70bf61000 RCX: ffffb96e04427a48
  RDX: ffff9da733a770c8 RSI: ffff9da70bf61000 RDI: ffff9da694163818
  RBP: ffff9da733a770c8 R08: fffffffffffffff8 R09: 0000000000000002
  R10: ffffb96e044279a0 R11: 0000000000000000 R12: ffff9da694163818
  R13: fffffffffffffff8 R14: ffff9da6d2512000 R15: ffff9da714cdac00
  FS:  00007fdeacf328c0(0000) GS:ffff9da735e00000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 000055a2a5b8a118 CR3: 00000001eed78002 CR4: 00000000003606f0
  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
  Call Trace:
   ? create_reloc_root+0x49/0x2b0 [btrfs]
   ? kmem_cache_alloc_trace+0xe5/0x200
   create_reloc_root+0x8b/0x2b0 [btrfs]
   btrfs_reloc_post_snapshot+0x96/0x5b0 [btrfs]
   create_pending_snapshot+0x610/0x1010 [btrfs]
   create_pending_snapshots+0xa8/0xd0 [btrfs]
   btrfs_commit_transaction+0x4c7/0xc50 [btrfs]
   ? btrfs_mksubvol+0x3cd/0x560 [btrfs]
   btrfs_mksubvol+0x455/0x560 [btrfs]
   __btrfs_ioctl_snap_create+0x15f/0x190 [btrfs]
   btrfs_ioctl_snap_create_v2+0xa4/0xf0 [btrfs]
   ? mem_cgroup_commit_charge+0x6e/0x540
   btrfs_ioctl+0x12d8/0x3760 [btrfs]
   ? do_raw_spin_unlock+0x49/0xc0
   ? _raw_spin_unlock+0x29/0x40
   ? __handle_mm_fault+0x11b3/0x14b0
   ? ksys_ioctl+0x92/0xb0
   ksys_ioctl+0x92/0xb0
   ? trace_hardirqs_off_thunk+0x1a/0x1c
   __x64_sys_ioctl+0x16/0x20
   do_syscall_64+0x5c/0x280
   entry_SYSCALL_64_after_hwframe+0x49/0xbe
  RIP: 0033:0x7fdeabd3bdd7

Fixes: 2abc726ab4 ("btrfs: do not init a reloc root if we aren't relocating")
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-04-17 15:20:08 +02:00
Jason Yan
74f4c438f2 arm/xen: make _xen_start_info static
Fix the following sparse warning:

arch/arm64/xen/../../arm/xen/enlighten.c:39:19: warning: symbol
'_xen_start_info' was not declared. Should it be static?

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Jason Yan <yanaijie@huawei.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Link: https://lore.kernel.org/r/20200415084853.5808-1-yanaijie@huawei.com
Signed-off-by: Juergen Gross <jgross@suse.com>
2020-04-17 07:45:12 +02:00
Linus Torvalds
7a56db0299 NFS client bugfix for Linux 5.7
Bugfix:
 - Fix an ABBA spinlock issue in pnfs_update_layout()
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEESQctxSBg8JpV8KqEZwvnipYKAPIFAl6Y6YsACgkQZwvnipYK
 APLXfQ//X2DgzbDuuLOu5xTR5VBgOjfgkysBHr+MhEfQEJjqULBp2Y9IOM3HQPFo
 qDfq2x5FCuFef0WBHsT8QGyLoTtPyaICAAhHobIzLiPSRip2FwYwyTqyvmmW6sts
 fhdvfMdVwcexysM6o2Mjh/lCHLAJ1loxT9M99/j+Hh13LmMFG0PorjVrh9wB9BlE
 0JXFH4crpNwPfSr3dBV+rV8Su309uFEwSm8FS4+7gJZLv/eb2LfT0id9OMOqEbEk
 0EMkkfK4Ta4I7O2gVsnzs+nN8QJguhkZrjdTxpy6V9RHPM0op5HHEyA3jvD6l9iq
 YXzfz0n5PnRy1LsUUf1izpaDbfBjubuU+uuR2edwi9m1jiFrk+kXxXGltQY6GJpH
 CMfaLFq8u4ShPpHO3pEyRR2Iqq2mNRj0ejBQLOQhpBJivTKw+8o/0ZAb1T8JLP83
 b3GMvBbKU2H33xYAAS9Zj64cfjCkgiMlyXZvusQE39u8HHz1moBqyZzmBhlih/mL
 QHdjeE/Aepi3C3a62iXk8P5Qamq0+FJTmOVKoJlaTMWGOrFyYND9efG1Fe7hnv53
 b+sUhUJlknTLONRLkEcY0CCuv+S2XL2ASIzIx56aNmPCAoCspIEcvhbL9MWvGRM2
 Mg2Ktofm2iSQ4NOeWHC3zXRtwb8HBpJiZuZlYndmC4UXw5oYsI0=
 =xLVa
 -----END PGP SIGNATURE-----

Merge tag 'nfs-for-5.7-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs

Pull NFS client bugfix from Trond Myklebust:
 "Fix an ABBA spinlock issue in pnfs_update_layout()"

* tag 'nfs-for-5.7-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
  NFS: Fix an ABBA spinlock issue in pnfs_update_layout()
2020-04-16 18:14:13 -07:00
Linus Torvalds
2fcd80144b chrome-platform fixes for v5.7-rc2
Two small fixes for cros_ec_sensorhub_ring.c, addressing issues
 introduced in the cros_ec_sensorhub FIFO support commit.
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQQCtZK6p/AktxXfkOlzbaomhzOwwgUCXpdaqAAKCRBzbaomhzOw
 wst9AP4+4+F7kAkLcdwG9t2ObWO9VNaPZdlJQ5sSSBPaH6Ai6AD+OihE/4vpkxA4
 E70GJ3jTPdi+r20u+GVdf4IeWlu68AQ=
 =Vyz7
 -----END PGP SIGNATURE-----

Merge tag 'tag-chrome-platform-fixes-for-v5.7-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux

Pull chrome-platform fixes from Benson Leung:
 "Two small fixes for cros_ec_sensorhub_ring.c, addressing issues
  introduced in the cros_ec_sensorhub FIFO support commit"

* tag 'tag-chrome-platform-fixes-for-v5.7-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux:
  platform/chrome: cros_ec_sensorhub: Add missing '\n' in log messages
  platform/chrome: cros_ec_sensorhub: Off by one in cros_sensorhub_send_sample()
2020-04-16 15:00:57 -07:00
Linus Torvalds
c8372665b4 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from David Miller:

 1) Disable RISCV BPF JIT builds when !MMU, from Björn Töpel.

 2) nf_tables leaves dangling pointer after free, fix from Eric Dumazet.

 3) Out of boundary write in __xsk_rcv_memcpy(), fix from Li RongQing.

 4) Adjust icmp6 message source address selection when routes have a
    preferred source address set, from Tim Stallard.

 5) Be sure to validate HSR protocol version when creating new links,
    from Taehee Yoo.

 6) CAP_NET_ADMIN should be sufficient to manage l2tp tunnels even in
    non-initial namespaces, from Michael Weiß.

 7) Missing release firmware call in mlx5, from Eran Ben Elisha.

 8) Fix variable type in macsec_changelink(), caught by KASAN. Fix from
    Taehee Yoo.

 9) Fix pause frame negotiation in marvell phy driver, from Clemens
    Gruber.

10) Record RX queue early enough in tun packet paths such that XDP
    programs will see the correct RX queue index, from Gilberto Bertin.

11) Fix double unlock in mptcp, from Florian Westphal.

12) Fix offset overflow in ARM bpf JIT, from Luke Nelson.

13) marvell10g needs to soft reset PHY when coming out of low power
    mode, from Russell King.

14) Fix MTU setting regression in stmmac for some chip types, from
    Florian Fainelli.

* git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (101 commits)
  amd-xgbe: Use __napi_schedule() in BH context
  mISDN: make dmril and dmrim static
  net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes
  net: dsa: mt7530: fix tagged frames pass-through in VLAN-unaware mode
  tipc: fix incorrect increasing of link window
  Documentation: Fix tcp_challenge_ack_limit default value
  net: tulip: make early_486_chipsets static
  dt-bindings: net: ethernet-phy: add desciption for ethernet-phy-id1234.d400
  ipv6: remove redundant assignment to variable err
  net/rds: Use ERR_PTR for rds_message_alloc_sgs()
  net: mscc: ocelot: fix untagged packet drops when enslaving to vlan aware bridge
  selftests/bpf: Check for correct program attach/detach in xdp_attach test
  libbpf: Fix type of old_fd in bpf_xdp_set_link_opts
  libbpf: Always specify expected_attach_type on program load if supported
  xsk: Add missing check on user supplied headroom size
  mac80211: fix channel switch trigger from unknown mesh peer
  mac80211: fix race in ieee80211_register_hw()
  net: marvell10g: soft-reset the PHY when coming out of low power
  net: marvell10g: report firmware version
  net/cxgb4: Check the return from t4_query_params properly
  ...
2020-04-16 14:52:29 -07:00
Sebastian Andrzej Siewior
d518691cbd amd-xgbe: Use __napi_schedule() in BH context
The driver uses __napi_schedule_irqoff() which is fine as long as it is
invoked with disabled interrupts by everybody. Since the commit
mentioned below the driver may invoke xgbe_isr_task() in tasklet/softirq
context. This may lead to list corruption if another driver uses
__napi_schedule_irqoff() in IRQ context.

Use __napi_schedule() which safe to use from IRQ and softirq context.

Fixes: 85b85c8534 ("amd-xgbe: Re-issue interrupt if interrupt status not cleared")
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-04-16 13:59:53 -07:00
Jason Yan
05eab4f328 mISDN: make dmril and dmrim static
Fix the following sparse warning:

drivers/isdn/hardware/mISDN/mISDNisar.c:746:12: warning: symbol 'dmril'
was not declared. Should it be static?
drivers/isdn/hardware/mISDN/mISDNisar.c:749:12: warning: symbol 'dmrim'
was not declared. Should it be static?

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Jason Yan <yanaijie@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-04-16 13:52:31 -07:00
Florian Fainelli
806fd188ce net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes
After commit bfcb813203 ("net: dsa:
configure the MTU for switch ports") my Lamobo R1 platform which uses
an allwinner,sun7i-a20-gmac compatible Ethernet MAC started to fail
by rejecting a MTU of 1536. The reason for that is that the DMA
capabilities are not readable on this version of the IP, and there
is also no 'tx-fifo-depth' property being provided in Device Tree. The
property is documented as optional, and is not provided.

Chen-Yu indicated that the FIFO sizes are 4KB for TX and 16KB for RX, so
provide these values through platform data as an immediate fix until
various Device Tree sources get updated accordingly.

Fixes: eaf4fac478 ("net: stmmac: Do not accept invalid MTU values")
Suggested-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Acked-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-04-16 13:47:53 -07:00
DENG Qingfang
e045124e93 net: dsa: mt7530: fix tagged frames pass-through in VLAN-unaware mode
In VLAN-unaware mode, the Egress Tag (EG_TAG) field in Port VLAN
Control register must be set to Consistent to let tagged frames pass
through as is, otherwise their tags will be stripped.

Fixes: 83163f7dca ("net: dsa: mediatek: add VLAN support for MT7530")
Signed-off-by: DENG Qingfang <dqfext@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Tested-by: René van Dorst <opensource@vdorst.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-04-16 13:32:05 -07:00
Geert Uytterhoeven
9b5d2a4f79 dt-bindings: Fix misspellings of "Analog Devices"
According to https://www.analog.com/, the company name is spelled
"Analog Devices".

Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Rob Herring <robh@kernel.org>
2020-04-16 14:30:58 -05:00
Linus Torvalds
9786cab674 selinux/stable-5.7 PR 20200416
-----BEGIN PGP SIGNATURE-----
 
 iQJIBAABCAAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAl6YmC0UHHBhdWxAcGF1
 bC1tb29yZS5jb20ACgkQ6iDy2pc3iXPplBAAzu5Fi0grInLr/IGXQKN2ZWcnx6KC
 OIo28vpBhie0Q9tRtHTux2ec57IBYGAVomhZDGWcHvVHdm84T3/+/Fnb/cL9FIBy
 GX2XgQjvAIyIPsscnq47eHbGdAk8o9E1mxuGD7Sgyql5834j3XbRN1yoOMEXfIOg
 0sDjv7/4EzIymI/jiEaZ6LyVA/bXT2L0CcXEyLD4RSUJEgBaejrx8k1jAwz2w/De
 NoXUqSnRpzN+ti2T0u/kt77cnshmK7w5AyjedA340LAqtvpMIWseeFmeTvlxQeOK
 bIZaTmwgGdkKo8hdgayns1/A3FNSr9lnlOOfn04/SpGHpGOvmC/b+xrw3ENJLHJG
 r+hanFAKkUlYGVY3dK82g3gAbfRQL3n48Cb0qmujqlqfLLAwc5VG0AN8WfDm0c8D
 kZEe3Hbf7NAx9KUOIfclcqYvDaCE7F6DyXJs2ToO0rHDyuWXJ6T6kPQtSGdB7Qd3
 fzi8XsN6fS2yCxEDyymUxRt5V+cJ+eNUuc52p+RTes3xh+31TGeIWmRudeNFfDTx
 XawXjypvZTxOfoo+3WcLq0qPVp9bc3lzORKAX28nSGb/6Ytijctf5iS3f1VmZVM8
 whY7UiSkTCFwix4SE3MwzJ1+kzJVngHY2woYxC02E5Lw972tiVT8LORvLU6G6P2G
 Nf4aDz3SNGiYM3o=
 =/dym
 -----END PGP SIGNATURE-----

Merge tag 'selinux-pr-20200416' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull SELinux fix from Paul Moore:
 "One small SELinux fix to ensure we cleanup properly on an error
  condition"

* tag 'selinux-pr-20200416' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: free str on error in str_read()
2020-04-16 10:45:47 -07:00
Linus Torvalds
3fa84bf926 A set of patches for a deadlock on "rbd map" error path and a fix
for invalid pointer dereference and uninitialized variable use on
 asynchronous create and unlink error paths.
 -----BEGIN PGP SIGNATURE-----
 
 iQFHBAABCAAxFiEEydHwtzie9C7TfviiSn/eOAIR84sFAl6YkKMTHGlkcnlvbW92
 QGdtYWlsLmNvbQAKCRBKf944AhHzi9mfCACM7yEZA3rYEUzoUVO2MfaZOnbPVyFe
 0tRZB2Fcu5nzJLibeTMX8e0OKb0KtEpPcJXw8EMIe/IRA4ahUUCHp7cCe+jIoPuX
 OB9JLOD0tgQJ1jt7hAd7SZFkN/iCJ/jpF/9kSD/8cLHUmPy2g2QzUtSeEtuRfsXD
 8jOxW9heOIFVpysUC8HHsRO+b7yPL8AguG8WXNoDItL9uB1DmrgkxOhh/ijqPxVz
 F9Du3WlEPzdOTheU6pxtTAMdds4mq3ltBnUElCevR4qY0og4YaqDwnGf0pJlzSuN
 nVvAhSSOGbVdvkjzTaPo2BF5rEYXNm6Hln0HGHsUubnDlFZ200GbFEJk
 =b1jf
 -----END PGP SIGNATURE-----

Merge tag 'ceph-for-5.7-rc2' of git://github.com/ceph/ceph-client

Pull ceph fixes from Ilya Dryomov:

 - a set of patches for a deadlock on "rbd map" error path

 - a fix for invalid pointer dereference and uninitialized variable use
   on asynchronous create and unlink error paths.

* tag 'ceph-for-5.7-rc2' of git://github.com/ceph/ceph-client:
  ceph: fix potential bad pointer deref in async dirops cb's
  rbd: don't mess with a page vector in rbd_notify_op_lock()
  rbd: don't test rbd_dev->opts in rbd_dev_image_release()
  rbd: call rbd_dev_unprobe() after unwatching and flushing notifies
  rbd: avoid a deadlock on header_rwsem when flushing notifies
2020-04-16 10:29:34 -07:00
Linus Torvalds
4ede125902 This fixes a small race between allocating a snapshot buffer and setting the
snapshot trigger. On a slow machine, the trigger can occur before the
 snapshot is allocated causing a warning to be displayed in the ring buffer,
 and no snapshot triggering. Reversing the allocation and the enabling of the
 trigger fixes the problem.
 -----BEGIN PGP SIGNATURE-----
 
 iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCXpe22hQccm9zdGVkdEBn
 b29kbWlzLm9yZwAKCRAp5XQQmuv6qq/AAQCFl/iUjobPU4OLGHkUxZelv95Q38+s
 LcuUD1mtTgHANgD+J8XDnYKfimMLSnUMnihamARpTCVO5lTiRFA7gPlT9QY=
 =MQz7
 -----END PGP SIGNATURE-----

Merge tag 'trace-v5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace

Pull tracing fix from Steven Rostedt:
 "This fixes a small race between allocating a snapshot buffer and
  setting the snapshot trigger.

  On a slow machine, the trigger can occur before the snapshot is
  allocated causing a warning to be displayed in the ring buffer, and no
  snapshot triggering. Reversing the allocation and the enabling of the
  trigger fixes the problem"

* tag 'trace-v5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
  tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation
2020-04-16 10:14:22 -07:00
Vasily Averin
86d32f9a7c keys: Fix proc_keys_next to increase position index
If seq_file .next function does not change position index,
read after some lseek can generate unexpected output:

    $ dd if=/proc/keys bs=1  # full usual output
    0f6bfdf5 I--Q---     2 perm 3f010000  1000  1000 user      4af2f79ab8848d0a: 740
    1fb91b32 I--Q---     3 perm 1f3f0000  1000 65534 keyring   _uid.1000: 2
    27589480 I--Q---     1 perm 0b0b0000     0     0 user      invocation_id: 16
    2f33ab67 I--Q---   152 perm 3f030000     0     0 keyring   _ses: 2
    33f1d8fa I--Q---     4 perm 3f030000  1000  1000 keyring   _ses: 1
    3d427fda I--Q---     2 perm 3f010000  1000  1000 user      69ec44aec7678e5a: 740
    3ead4096 I--Q---     1 perm 1f3f0000  1000 65534 keyring   _uid_ses.1000: 1
    521+0 records in
    521+0 records out
    521 bytes copied, 0,00123769 s, 421 kB/s

But a read after lseek in middle of last line results in the partial
last line and then a repeat of the final line:

    $ dd if=/proc/keys bs=500 skip=1
    dd: /proc/keys: cannot skip to specified offset
    g   _uid_ses.1000: 1
    3ead4096 I--Q---     1 perm 1f3f0000  1000 65534 keyring   _uid_ses.1000: 1
    0+1 records in
    0+1 records out
    97 bytes copied, 0,000135035 s, 718 kB/s

and a read after lseek beyond end of file results in the last line being
shown:

    $ dd if=/proc/keys bs=1000 skip=1   # read after lseek beyond end of file
    dd: /proc/keys: cannot skip to specified offset
    3ead4096 I--Q---     1 perm 1f3f0000  1000 65534 keyring   _uid_ses.1000: 1
    0+1 records in
    0+1 records out
    76 bytes copied, 0,000119981 s, 633 kB/s

See https://bugzilla.kernel.org/show_bug.cgi?id=206283

Fixes: 1f4aace60b ("fs/seq_file.c: simplify seq_file iteration code ...")
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-04-16 10:10:50 -07:00
Kai-Heng Feng
1f2ef049cb ahci: Add Intel Comet Lake PCH-U PCI ID
Add Intel Comet Lake PCH-U PCI ID to the list of supported controllers.

Set default SATA LPM so the SoC can enter S0ix.

Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2020-04-16 10:26:52 -06:00
John Garry
5fe56de799 blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget
If in blk_mq_dispatch_rq_list() we find no budget, then we break of the
dispatch loop, but the request may keep the driver tag, evaulated
in 'nxt' in the previous loop iteration.

Fix by putting the driver tag for that request.

Reviewed-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: John Garry <john.garry@huawei.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2020-04-16 09:27:03 -06:00
Eric W. Biederman
4fa3b1c417 proc: Handle umounts cleanly
syzbot writes:
> KASAN: use-after-free Read in dput (2)
>
> proc_fill_super: allocate dentry failed
> ==================================================================
> BUG: KASAN: use-after-free in fast_dput fs/dcache.c:727 [inline]
> BUG: KASAN: use-after-free in dput+0x53e/0xdf0 fs/dcache.c:846
> Read of size 4 at addr ffff88808a618cf0 by task syz-executor.0/8426
>
> CPU: 0 PID: 8426 Comm: syz-executor.0 Not tainted 5.6.0-next-20200412-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> Call Trace:
>  __dump_stack lib/dump_stack.c:77 [inline]
>  dump_stack+0x188/0x20d lib/dump_stack.c:118
>  print_address_description.constprop.0.cold+0xd3/0x315 mm/kasan/report.c:382
>  __kasan_report.cold+0x35/0x4d mm/kasan/report.c:511
>  kasan_report+0x33/0x50 mm/kasan/common.c:625
>  fast_dput fs/dcache.c:727 [inline]
>  dput+0x53e/0xdf0 fs/dcache.c:846
>  proc_kill_sb+0x73/0xf0 fs/proc/root.c:195
>  deactivate_locked_super+0x8c/0xf0 fs/super.c:335
>  vfs_get_super+0x258/0x2d0 fs/super.c:1212
>  vfs_get_tree+0x89/0x2f0 fs/super.c:1547
>  do_new_mount fs/namespace.c:2813 [inline]
>  do_mount+0x1306/0x1b30 fs/namespace.c:3138
>  __do_sys_mount fs/namespace.c:3347 [inline]
>  __se_sys_mount fs/namespace.c:3324 [inline]
>  __x64_sys_mount+0x18f/0x230 fs/namespace.c:3324
>  do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
>  entry_SYSCALL_64_after_hwframe+0x49/0xb3
> RIP: 0033:0x45c889
> Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
> RSP: 002b:00007ffc1930ec48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
> RAX: ffffffffffffffda RBX: 0000000001324914 RCX: 000000000045c889
> RDX: 0000000020000140 RSI: 0000000020000040 RDI: 0000000000000000
> RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
> R13: 0000000000000749 R14: 00000000004ca15a R15: 0000000000000013

Looking at the code now that it the internal mount of proc is no
longer used it is possible to unmount proc.   If proc is unmounted
the fields of the pid namespace that were used for filesystem
specific state are not reinitialized.

Which means that proc_self and proc_thread_self can be pointers to
already freed dentries.

The reported user after free appears to be from mounting and
unmounting proc followed by mounting proc again and using error
injection to cause the new root dentry allocation to fail.  This in
turn results in proc_kill_sb running with proc_self and
proc_thread_self still retaining their values from the previous mount
of proc.  Then calling dput on either proc_self of proc_thread_self
will result in double put.  Which KASAN sees as a use after free.

Solve this by always reinitializing the filesystem state stored
in the struct pid_namespace, when proc is unmounted.

Reported-by: syzbot+72868dd424eb66c6b95f@syzkaller.appspotmail.com
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Fixes: 69879c01a0 ("proc: Remove the now unnecessary internal mount of proc")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2020-04-15 23:52:29 -05:00
Linus Torvalds
00086336a8 Misc EFI fixes, including the boot failure regression caused by the BSS section not being cleared.
-----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCgAvFiEEBpT5eoXrXCwVQwEKEnMQ0APhK1gFAl6WzYwRHG1pbmdvQGtl
 cm5lbC5vcmcACgkQEnMQ0APhK1jsFRAArMSO7A9NvpkP2rVpI6mHB2tIBDwLoXMC
 VNoCB9h0oiV7TDKIDv1f5nhtsdQwIqxOtGVjVAraUoEQPi6Ef55pmE4kSlPklGxU
 4+W5Ch1g3gbQCK8leB0cxQW/LingG2LEXM6zzAWtmonkIu1t2F3b+8XrSGNPe56e
 BFnK9/Y9QNKox14ITtv8u9tOXWc7hkZ8W+fpKmQr1PWtZ0FaUDXmxrjJ4FyYwvnT
 hUNmGfKAngT13WU7glxhh5B9W161XtlMt0sJ62ZQ4I7t77FErFB81fOQ0wmJwnDu
 Qa9cQAvFEHvXxnQxhq1pmK+w8vyzdtRZD5eF4kLz2lz5tCiduVSHIutM6xXAqVhD
 eAVL59hSPGwP1+Tc3JS5d1O2smuWclUWsXKN21cTLgOnNltn2Ri4Ij5FTJ1lOAOh
 RNekYQJLbiVdSDn8cVtmOzx91q9xeTuu9w1NUAXFM+eVTQbRl7lqA1vln56Ccekn
 dRPJQiGIUDObjY/8T6AtySc1/tDskDrsQkPF9zw90GXDNITX/G3MluUsQ3m1UA4X
 JBJQs+ORjoD1ujNNe12G823XGssOrY0vOriY4L1vvJnnarFd2Fku8RKa9ZOLa0Ia
 YrguIVe63guitBoshJHPoSbglgGgKVWtfN5v0cgPpW3YepUG7xMQGdw1TDQlDNV7
 H0hiMRtYdVM=
 =dC6l
 -----END PGP SIGNATURE-----

Merge tag 'efi-urgent-2020-04-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull EFI fixes from Ingo Molnar:
 "Misc EFI fixes, including the boot failure regression caused by the
  BSS section not being cleared by the loaders"

* tag 'efi-urgent-2020-04-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  efi/x86: Revert struct layout change to fix kexec boot regression
  efi/x86: Don't remap text<->rodata gap read-only for mixed mode
  efi/x86: Fix the deletion of variables in mixed mode
  efi/libstub/file: Merge file name buffers to reduce stack usage
  Documentation/x86, efi/x86: Clarify EFI handover protocol and its requirements
  efi/arm: Deal with ADR going out of range in efi_enter_kernel()
  efi/x86: Always relocate the kernel for EFI handover entry
  efi/x86: Move efi stub globals from .bss to .data
  efi/libstub/x86: Remove redundant assignment to pointer hdr
  efi/cper: Use scnprintf() for avoiding potential buffer overflow
2020-04-15 17:37:48 -07:00