Heiher [Thu, 5 Dec 2019 00:52:19 +0000 (16:52 -0800)]
selftests: add epoll selftests
This adds the promised selftest for epoll. It will verify the wakeups
of epoll. Including leaf and nested mode, epoll_wait() and poll() and
multi-threads.
Jason Baron [Thu, 5 Dec 2019 00:52:12 +0000 (16:52 -0800)]
epoll: simplify ep_poll_safewake() for CONFIG_DEBUG_LOCK_ALLOC
Currently, ep_poll_safewake() in the CONFIG_DEBUG_LOCK_ALLOC case uses
ep_call_nested() in order to pass the correct subclass argument to
spin_lock_irqsave_nested(). However, ep_call_nested() adds unnecessary
checks for epoll depth and loops that are already verified when doing
EPOLL_CTL_ADD. This mirrors a conversion that was done for
!CONFIG_DEBUG_LOCK_ALLOC in: commit 37b5e5212a44 ("epoll: remove
ep_call_nested() from ep_eventpoll_poll()")
The is_maintained_obsolete function can be called twice using the same
filename. This function spawns a process using get_maintainer.pl.
Store the status of each filename when spawned and use the stored result
to eliminate the spawning of unnecessary duplicate child processes.
Example:
old:
$ time ./scripts/checkpatch.pl hp100-Move-to-staging.patch > /dev/null
real 0m1.767s
user 0m1.634s
sys 0m0.141s
new:
$ time ./scripts/checkpatch.pl hp100-Move-to-staging.patch > /dev/null
Trent Piepho [Thu, 5 Dec 2019 00:51:57 +0000 (16:51 -0800)]
lib/math/rational.c: fix possible incorrect result from rational fractions helper
In some cases the previous algorithm would not return the closest
approximation. This would happen when a semi-convergent was the
closest, as the previous algorithm would only consider convergents.
As an example, consider an initial value of 5/4, and trying to find the
closest approximation with a maximum of 4 for numerator and denominator.
The previous algorithm would return 1/1 as the closest approximation,
while this version will return the correct answer of 4/3.
To do this, the main loop performs effectively the same operations as it
did before. It must now keep track of the last three approximations,
n2/d2 .. n0/d0, while before it only needed the last two.
If an exact answer is not found, the algorithm will now calculate the
best semi-convergent term, t, which is a single expression with two
divisions:
This will be used if it is better than previous convergent. The test
for this is generally a simple comparison, 2*t > a. But in an edge
case, where the convergent's final term is even and the best allowable
semi-convergent has a final term of exactly half the convergent's final
term, the more complex comparison (d0*dp > d1*d) is used.
I also wrote some comments explaining the code. While one still needs
to look up the math elsewhere, they should help a lot to follow how the
code relates to that math.
This routine is used in two places in the video4linux code, but in those
cases it is only used to reduce a fraction to lowest terms, which the
existing code will do correctly. This could be done more efficiently
with a different library routine but it would still be the Euclidean
alogrithm at its heart. So no change.
The remain users are places where a fractional PLL divider is
programmed. What would happen is something asked for a clock of X MHz
but instead gets Y MHz, where Y is close to X but not exactly due to the
hardware limitations. After this change they might, in some cases, get
Y' MHz, where Y' is a little closer to X then Y was.
Users like this are: Three UARTs, in 8250_mid, 8250_lpss, and imx. One
GPU in vp4_hdmi. And three clock drivers, clk-cdce706, clk-si5351, and
clk-fractional-divider. The last is a generic clock driver and so would
have more users referenced via device tree entries.
I think there's a bug in that one, it's limiting an N bit field that is
offset-by-1 to the range 0 .. (1<<N)-2, when it should be (1<<N)-1 as
the upper limit.
I have an IMX system, one of the UARTs using this, so I can provide a
real example. If I request a custom baud rate of 1499978, the driver
will program the PLL to produce a baud rate of 1500000. After this
change, the fractional divider in the UART is programmed to a ratio of
65535/65536, which produces a baud rate of 1499977.0625. Closer to the
requested value.
Laura Abbott [Thu, 5 Dec 2019 00:51:53 +0000 (16:51 -0800)]
lib/test_meminit.c: add bulk alloc/free tests
kmem_cache_alloc_bulk/kmem_cache_free_bulk are used to make multiple
allocations of the same size to avoid the overhead of multiple
kmalloc/kfree calls. Extend the kmem_cache tests to make some calls to
these APIs.
Utilize for_each_set_clump8 macro, and the bitmap_set_value8 and
bitmap_get_value8 functions, where appropriate. In addition, remove the
now unnecessary temp_mask and temp_shift members of the
intel_soc_dts_sensor_entry structure.
Replace verbose implementation in set_multiple callback with
for_each_set_clump8 macro to simplify code and improve clarity. An
improvement in this case is that banks that are not masked will now be
skipped.
lib/test_bitmap.c: add for_each_set_clump8 test cases
The introduction of the for_each_set_clump8 macro warrants test cases to
verify the implementation. This patch adds test case checks for whether
an out-of-bounds clump index is returned, a zero clump is returned, or
the returned clump value differs from the expected clump value.
Pach series "Introduce the for_each_set_clump8 macro", v18.
While adding GPIO get_multiple/set_multiple callback support for various
drivers, I noticed a pattern of looping manifesting that would be useful
standardized as a macro.
This patchset introduces the for_each_set_clump8 macro and utilizes it
in several GPIO drivers. The for_each_set_clump macro8 facilitates a
for-loop syntax that iterates over a memory region entire groups of set
bits at a time.
For example, suppose you would like to iterate over a 32-bit integer 8
bits at a time, skipping over 8-bit groups with no set bit, where
XXXXXXXX represents the current 8-bit group:
Each iteration of the loop returns the next 8-bit group that has at
least one set bit.
The for_each_set_clump8 macro has four parameters:
* start: set to the bit offset of the current clump
* clump: set to the current clump value
* bits: bitmap to search within
* size: bitmap size in number of bits
In this version of the patchset, the for_each_set_clump macro has been
reimplemented and simplified based on the suggestions provided by Rasmus
Villemoes and Andy Shevchenko in the version 4 submission.
In particular, the function of the for_each_set_clump macro has been
restricted to handle only 8-bit clumps; the drivers that use the
for_each_set_clump macro only handle 8-bit ports so a generic
for_each_set_clump implementation is not necessary. Thus, a solution
for large clumps (i.e. those larger than the width of a bitmap word)
can be postponed until a driver appears that actually requires such a
generic for_each_set_clump implementation.
For what it's worth, a semi-generic for_each_set_clump (i.e. for clumps
smaller than the width of a bitmap word) can be implemented by simply
replacing the hardcoded '8' and '0xFF' instances with respective
variables. I have not yet had a need for such an implementation, and
since it falls short of a true generic for_each_set_clump function, I
have decided to forgo such an implementation for now.
In addition, the bitmap_get_value8 and bitmap_set_value8 functions are
introduced to get and set 8-bit values respectively. Their use is based
on the behavior suggested in the patchset version 4 review.
This patch (of 14):
This macro iterates for each 8-bit group of bits (clump) with set bits,
within a bitmap memory region. For each iteration, "start" is set to
the bit offset of the found clump, while the respective clump value is
stored to the location pointed by "clump". Additionally, the
bitmap_get_value8 and bitmap_set_value8 functions are introduced to
respectively get and set an 8-bit value in a bitmap memory region.
Joe Perches [Thu, 5 Dec 2019 00:50:53 +0000 (16:50 -0800)]
kernel/sys.c: avoid copying possible padding bytes in copy_to_user
Initialization is not guaranteed to zero padding bytes so use an
explicit memset instead to avoid leaking any kernel content in any
possible padding bytes.
kernel/profile.c: use cpumask_available to check for NULL cpumask
When building with clang + -Wtautological-pointer-compare, these
instances pop up:
kernel/profile.c:339:6: warning: comparison of array 'prof_cpu_mask' not equal to a null pointer is always true [-Wtautological-pointer-compare]
if (prof_cpu_mask != NULL)
^~~~~~~~~~~~~ ~~~~
kernel/profile.c:376:6: warning: comparison of array 'prof_cpu_mask' not equal to a null pointer is always true [-Wtautological-pointer-compare]
if (prof_cpu_mask != NULL)
^~~~~~~~~~~~~ ~~~~
kernel/profile.c:406:26: warning: comparison of array 'prof_cpu_mask' not equal to a null pointer is always true [-Wtautological-pointer-compare]
if (!user_mode(regs) && prof_cpu_mask != NULL &&
^~~~~~~~~~~~~ ~~~~
3 warnings generated.
This can be addressed with the cpumask_available helper, introduced in
commit f7e30f01a9e2 ("cpumask: Add helper cpumask_available()") to fix
warnings like this while keeping the code the same.
blocking_notifier_chain_cond_register() does not consider system_booting
state, which is the only difference between this function and
blocking_notifier_cain_register(). This can be a bug and is a piece of
duplicate code.
The only difference between notifier_chain_cond_register() and
notifier_chain_register() is the lack of warning hints for duplicate
registrations. Use notifier_chain_register() instead of
notifier_chain_cond_register() to avoid duplicate code
Xiaoming Ni [Thu, 5 Dec 2019 00:50:39 +0000 (16:50 -0800)]
kernel/notifier.c: intercept duplicate registrations to avoid infinite loops
Registering the same notifier to a hook repeatedly can cause the hook
list to form a ring or lose other members of the list.
case1: An infinite loop in notifier_chain_register() can cause soft lockup
atomic_notifier_chain_register(&test_notifier_list, &test1);
atomic_notifier_chain_register(&test_notifier_list, &test1);
atomic_notifier_chain_register(&test_notifier_list, &test2);
case2: An infinite loop in notifier_chain_register() can cause soft lockup
atomic_notifier_chain_register(&test_notifier_list, &test1);
atomic_notifier_chain_register(&test_notifier_list, &test1);
atomic_notifier_call_chain(&test_notifier_list, 0, NULL);
case4: Unregister returns 0, but the hook is still in the linked list,
and it is not really registered. If you call
notifier_call_chain after ko is unloaded, it will trigger oops.
If the system is configured with softlockup_panic and the same hook is
repeatedly registered on the panic_notifier_list, it will cause a loop
panic.
Add a check in notifier_chain_register(), intercepting duplicate
registrations to avoid infinite loops
Andy Shevchenko [Thu, 5 Dec 2019 00:50:36 +0000 (16:50 -0800)]
auxdisplay: charlcd: deduplicate simple_strtoul()
Like in commit 8b2303de399f ("serial: core: Fix handling of options
after MMIO address") we may use simple_strtoul() which in comparison to
kstrtoul() can do conversion in-place without additional and unnecessary
code to be written.
Andy Shevchenko [Thu, 5 Dec 2019 00:50:32 +0000 (16:50 -0800)]
kernel.h: update comment about simple_strto<foo>() functions
There were discussions in the past about use cases for
simple_strto<foo>() functions and, in some rare cases, they have a
benefit over kstrto<foo>() ones.
Update a comment to reduce confusion about special use cases.
Joe Perches [Thu, 5 Dec 2019 00:50:29 +0000 (16:50 -0800)]
scripts/get_maintainer.pl: add signatures from Fixes: <badcommit> lines in commit message
A Fixes: lines in a commit message generally indicate that a previous
commit was inadequate for whatever reason.
The signers of the previous inadequate commit should also be cc'd on
this new commit so update get_maintainer to find the old commit and add
the original signers.
Masahiro Yamada [Thu, 5 Dec 2019 00:50:23 +0000 (16:50 -0800)]
linux/scc.h: make uapi linux/scc.h self-contained
Userspace cannot compile <linux/scc.h>
CC usr/include/linux/scc.h.s
In file included from <command-line>:32:0:
usr/include/linux/scc.h:20:20: error: `SIOCDEVPRIVATE' undeclared here (not in a function)
SIOCSCCRESERVED = SIOCDEVPRIVATE,
^~~~~~~~~~~~~~
Include <linux/sockios.h> to make it self-contained, and add it to the
compile-test coverage.
Having BUILD_BUG_ON_ZERO produce a value of type size_t leads to awkward
casts in cases where the result needs to be signed, or of smaller type
than size_t. To avoid this, cast the value to int instead and rely on
implicit type conversions when a larger or unsigned type is needed.
Stephen Boyd [Thu, 5 Dec 2019 00:50:17 +0000 (16:50 -0800)]
.gitattributes: use 'dts' diff driver for dts files
Git is gaining support to display the closest node to the diff in the
hunk header via the 'dts' diff driver. Use that driver for all dts and
dtsi files so we can gain some more context on where the diff is.
Taking a recent commit in the kernel dts files you can see the
difference.
Alexey Dobriyan [Thu, 5 Dec 2019 00:49:59 +0000 (16:49 -0800)]
proc: change ->nlink under proc_subdir_lock
Currently gluing PDE into global /proc tree is done under lock, but
changing ->nlink is not. Additionally struct proc_dir_entry::nlink is
not atomic so updates can be lost.
Yu Zhao [Thu, 5 Dec 2019 00:49:56 +0000 (16:49 -0800)]
mm/memory.c: replace is_zero_pfn with is_huge_zero_pmd for thp
For hugely mapped thp, we use is_huge_zero_pmd() to check if it's zero
page or not.
We do fill ptes with my_zero_pfn() when we split zero thp pmd, but this
is not what we have in vm_normal_page_pmd() -- pmd_trans_huge_lock()
makes sure of it.
This is a trivial fix for /proc/pid/numa_maps, and AFAIK nobody
complains about it.
Gerald Schaefer asked:
: Maybe the description could also mention the symptom of this bug?
: I would assume that it affects anon/dirty accounting in gather_pte_stats(),
: for huge mappings, if zero page mappings are not correctly recognized.
I came across this while I was looking at the code, so I'm not aware of
any symptom.
mm/memcontrol: use vmstat names for printing statistics
Use common names from vmstat array when possible. This gives not much
difference in code size for now, but should help in keeping interfaces
consistent.
Names for enum writeback_stat_item are folded in the middle of
vmstat_text so this patch moves declaration into header to calculate
offset of following items.
Also this patch reuses piece of node stat names for lru list names:
const char *lru_list_name(enum lru_list lru);
This returns common lru list names: "inactive_anon", "active_anon",
"inactive_file", "active_file", "unevictable".
The problem occurs because kmem_cache_destroy() is called immediately
after deleting of a memcg, so it races with the memcg kmem_cache
deactivation.
flush_memcg_workqueue() at the beginning of kmem_cache_destroy() is
supposed to guarantee that all deactivation processes are finished, but
failed to do so. It waits for an rcu grace period, after which all
children kmem_caches should be deactivated. During the deactivation
percpu_ref_kill() is called for non root kmem_cache refcounters, but it
requires yet another rcu grace period to finish the transition to the
atomic (dead) state.
So in a rare case when not all children kmem_caches are destroyed at the
moment when the root kmem_cache is about to be gone, we need to wait
another rcu grace period before destroying the root kmem_cache.
This issue can be triggered only with dynamically created kmem_caches
which are used with memcg accounting. In this case per-memcg child
kmem_caches are created. They are deactivated from the cgroup removing
path. If the destruction of the root kmem_cache is racing with the
removal of the cgroup (both are quite complicated multi-stage
processes), the described issue can occur. The only known way to
trigger it in the real life, is to unload some kernel module which
creates a dedicated kmem_cache, used from different memory cgroups with
GFP_ACCOUNT flag. If the unloading happens immediately after calling
rmdir on the corresponding cgroup, there is some chance to trigger the
issue.
zhong jiang [Thu, 5 Dec 2019 00:49:43 +0000 (16:49 -0800)]
mm/kasan/common.c: fix compile error
I hit the following compile error in arch/x86/
mm/kasan/common.c: In function kasan_populate_vmalloc:
mm/kasan/common.c:797:2: error: implicit declaration of function flush_cache_vmap; did you mean flush_rcu_work? [-Werror=implicit-function-declaration]
flush_cache_vmap(shadow_start, shadow_end);
^~~~~~~~~~~~~~~~
flush_rcu_work
cc1: some warnings being treated as errors
Linus Torvalds [Thu, 5 Dec 2019 03:13:52 +0000 (19:13 -0800)]
Merge tag 'trace-v5.5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull more tracing updates from Steven Rostedt:
"Two fixes and one patch that was missed:
Fixes:
- Missing __print_hex_dump undef for processing new function in trace
events
- Stop WARN_ON messages when lockdown disables tracing on boot up
Enhancement:
- Debug option to inject trace events from userspace (for rasdaemon)"
The enhancement has its own config option and is non invasive. It's been
discussed for sever months and should have been added to my original
push, but I never pulled it into my queue.
* tag 'trace-v5.5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
tracing: Do not create directories if lockdown is in affect
tracing: Introduce trace event injection
tracing: Fix __print_hex_dump scope
Jens Axboe [Thu, 5 Dec 2019 02:56:40 +0000 (19:56 -0700)]
io_uring: use hash table for poll command lookups
We recently changed this from a single list to an rbtree, but for some
real life workloads, the rbtree slows down the submission/insertion
case enough so that it's the top cycle consumer on the io_uring side.
In testing, using a hash table is a more well rounded compromise. It
is fast for insertion, and as long as it's sized appropriately, it
works well for the cancellation case as well. Running TAO with a lot
of network sockets, this removes io_poll_req_insert() from spending
2% of the CPU cycles.
Jens Axboe [Thu, 5 Dec 2019 00:19:44 +0000 (17:19 -0700)]
io-wq: clear node->next on list deletion
If someone removes a node from a list, and then later adds it back to
a list, we can have invalid data in ->next. This can cause all sorts
of issues. One such use case is the IORING_OP_POLL_ADD command, which
will do just that if we race and get woken twice without any pending
events. This is a pretty rare case, but can happen under extreme loads.
Dan reports that he saw the following crash:
when running a networked workload with about 5000 sockets being polled
for. Fix this by clearing node->next when the node is being removed from
the list.
Fixes: 6206f0e180d4 ("io-wq: shrink io_wq_work a bit") Reported-by: Dan Melnic <[email protected]> Signed-off-by: Jens Axboe <[email protected]>
powerpc: Use hardware RNG for arch_get_random_seed_* not arch_get_random_*
updated arch_get_random_[int|long]() to be NOPs, and moved the hardware
RNG backing to arch_get_random_seed_[int|long]() instead. However, it
failed to take into account that arch_get_random_int() was implemented
in terms of arch_get_random_long(), and so we ended up with a version
of the former that is essentially a NOP as well.
Fix this by calling arch_get_random_seed_long() from
arch_get_random_seed_int() instead.
Wayne Lin [Tue, 3 Dec 2019 04:24:23 +0000 (12:24 +0800)]
drm/dp_mst: Correct the bug in drm_dp_update_payload_part1()
[Why]
If the payload_state is DP_PAYLOAD_DELETE_LOCAL in series, current
code doesn't delete the payload at current index and just move the
index to next one after shuffling payloads.
[How]
Drop the i++ increasing part in for loop head and decide whether
to increase the index or not according to payload_state of current
payload.
Changes since v1:
* Refine the code to have it easy reading
* Amend the commit message to meet the way code is modified now.
Linus Torvalds [Wed, 4 Dec 2019 19:08:30 +0000 (11:08 -0800)]
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull more KVM updates from Paolo Bonzini:
- PPC secure guest support
- small x86 cleanup
- fix for an x86-specific out-of-bounds write on a ioctl (not guest
triggerable, data not attacker-controlled)
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
kvm: vmx: Stop wasting a page for guest_msrs
KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)
Documentation: kvm: Fix mention to number of ioctls classes
powerpc: Ultravisor: Add PPC_UV config option
KVM: PPC: Book3S HV: Support reset of secure guest
KVM: PPC: Book3S HV: Handle memory plug/unplug to secure VM
KVM: PPC: Book3S HV: Radix changes for secure guest
KVM: PPC: Book3S HV: Shared pages support for secure guests
KVM: PPC: Book3S HV: Support for running secure guests
mm: ksm: Export ksm_madvise()
KVM x86: Move kvm cpuid support out of svm
Linus Torvalds [Wed, 4 Dec 2019 18:56:35 +0000 (10:56 -0800)]
Merge tag 'acpi-5.5-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull additional ACPI updates from Rafael Wysocki:
"These close a nasty race condition in the ACPI memory mappings
management code and an invalid parameter check in a library routing,
allow GPE 0xFF to be masked via kernel command line, add a new lid
switch blacklist entry and clean up Kconfig.
Specifics:
- Fix locking issue in acpi_os_map_cleanup() leading to a race
condition that can be harnessed for provoking a kernel panic from
user space (Francesco Ruggeri)
- Fix parameter check in acpi_bus_get_private_data() (Vamshi K
Sthambamkadi)
- Allow GPE 0xFF to be masked via kernel command line (Yunfeng Ye)
- Add a new lid switch blacklist entry for Acer Switch 10 SW5-032 to
the ACPI button driver (Hans de Goede)
- Clean up Kconfig (Krzysztof Kozlowski)"
* tag 'acpi-5.5-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data()
ACPI: Fix Kconfig indentation
ACPI: OSL: only free map once in osl.c
ACPI: button: Add DMI quirk for Acer Switch 10 SW5-032 lid-switch
ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100
Linus Torvalds [Wed, 4 Dec 2019 18:48:09 +0000 (10:48 -0800)]
Merge tag 'pm-5.5-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull additional power management updates from Rafael Wysocki:
"These fix an ACPI EC driver bug exposed by the recent rework of the
suspend-to-idle code flow, reintroduce frequency constraints into
device PM QoS (in preparation for adding QoS support to devfreq), drop
a redundant field from struct cpuidle_state and clean up Kconfig in
some places.
Specifics:
- Avoid a race condition in the ACPI EC driver that may cause systems
to be unable to leave suspend-to-idle (Rafael Wysocki)
- Drop the "disabled" field, which is redundant, from struct
cpuidle_state (Rafael Wysocki)
- Reintroduce device PM QoS frequency constraints (temporarily
introduced and than dropped during the 5.4 cycle) in preparation
for adding QoS support to devfreq (Leonard Crestez)
- Clean up indentation (in multiple places) and the cpuidle drivers
help text in Kconfig (Krzysztof Kozlowski, Randy Dunlap)"
* tag 'pm-5.5-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI: PM: s2idle: Rework ACPI events synchronization
ACPI: EC: Rework flushing of pending work
PM / devfreq: Add missing locking while setting suspend_freq
PM / QoS: Restore DEV_PM_QOS_MIN/MAX_FREQUENCY
PM / QoS: Reorder pm_qos/freq_qos/dev_pm_qos structs
PM / QoS: Initial kunit test
PM / QoS: Redefine FREQ_QOS_MAX_DEFAULT_VALUE to S32_MAX
power: avs: Fix Kconfig indentation
cpufreq: Fix Kconfig indentation
cpuidle: minor Kconfig help text fixes
cpuidle: Drop disabled field from struct cpuidle_state
cpuidle: Fix Kconfig indentation
Jens Axboe [Wed, 4 Dec 2019 18:08:05 +0000 (11:08 -0700)]
io_uring: ensure deferred timeouts copy necessary data
If we defer a timeout, we should ensure that we copy the timespec
when we have consumed the sqe. This is similar to commit f67676d160c6
for read/write requests. We already did this correctly for timeouts
deferred as links, but do it generally and use the infrastructure added
by commit 1a6b74fc8702 instead of having the timeout deferral use its
own.
Tomi Valkeinen [Thu, 14 Nov 2019 08:03:43 +0000 (10:03 +0200)]
drm/omap: fix dma_addr refcounting
cec4fa7511ef7a73eb635834e9d85b25a5b47a98 ("drm/omap: use refcount API to
track the number of users of dma_addr") changed omap_gem.c to use
refcounting API to track dma_addr uses. However, the driver only tracks
the refcounts for non-contiguous buffers, and the patch didn't fully
take this in account.
After the patch, the driver always decreased refcount in omap_gem_unpin,
instead of decreasing the refcount only for non-contiguous buffers. This
leads to refcounting mismatch.
As for the contiguous cases the refcount is never increased, fix this
issue by returning from omap_gem_unpin if the buffer being unpinned is
contiguous.
Ming Lei [Wed, 4 Dec 2019 11:31:14 +0000 (19:31 +0800)]
brd: remove max_hw_sectors queue limit
Now we depend on blk_queue_split() to respect most of queue limit
(the only one exception could be dma alignment), however
blk_queue_split() isn't used for brd, so this limit isn't respected
since v4.3.
Also max_hw_sectors limit doesn't play a big role for brd, which is
added since brd is added to tree for unknown reason.
Takashi Iwai [Wed, 4 Dec 2019 14:48:24 +0000 (15:48 +0100)]
ALSA: pcm: oss: Avoid potential buffer overflows
syzkaller reported an invalid access in PCM OSS read, and this seems
to be an overflow of the internal buffer allocated for a plugin.
Since the rate plugin adjusts its transfer size dynamically, the
calculation for the chained plugin might be bigger than the given
buffer size in some extreme cases, which lead to such an buffer
overflow as caught by KASAN.
Fix it by limiting the max transfer size properly by checking against
the destination size in each plugin transfer callback.
tracing: Do not create directories if lockdown is in affect
If lockdown is disabling tracing on boot up, it prevents the tracing files
from even bering created. But when that happens, there's several places that
will give a warning that the files were not created as that is usually a
sign of a bug.
Add in strategic locations where a check is made to see if tracing is
disabled by lockdown, and if it is, do not go further, and fail silently
(but print that tracing is disabled by lockdown, without doing a WARN_ON()).
Cc: Matthew Garrett <[email protected]> Fixes: 17911ff38aa5 ("tracing: Add locked_down checks to the open calls of files created for tracefs") Signed-off-by: Steven Rostedt (VMware) <[email protected]>
clock_getres in the vDSO library has to preserve the same behaviour
of posix_get_hrtimer_res().
In particular, posix_get_hrtimer_res() does:
sec = 0;
ns = hrtimer_resolution;
and hrtimer_resolution depends on the enablement of the high
resolution timers that can happen either at compile or at run time.
Fix the powerpc vdso implementation of clock_getres keeping a copy of
hrtimer_resolution in vdso data and using that directly.
powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts
The PCI INTx interrupts and other LSI interrupts are handled differently
under a sPAPR platform. When the interrupt source characteristics are
queried, the hypervisor returns an H_INT_ESB flag to inform the OS
that it should be using the H_INT_ESB hcall for interrupt management
and not loads and stores on the interrupt ESB pages.
A default -1 value is returned for the addresses of the ESB pages. The
driver ignores this condition today and performs a bogus IO mapping.
Recent changes and the DEBUG_VM configuration option make the bug
visible with :
Thierry Reding [Tue, 3 Dec 2019 16:19:14 +0000 (17:19 +0100)]
drm/tegra: Run hub cleanup on ->remove()
The call to tegra_display_hub_cleanup() that takes care of disabling the
window groups is missing from the driver's ->remove() callback. Call it
to make sure the runtime PM reference counts for the display controllers
are balanced.
Thierry Reding [Tue, 3 Dec 2019 16:19:13 +0000 (17:19 +0100)]
drm/tegra: sor: Make the +5V HDMI supply optional
The SOR supports multiple display modes, but only when driving an HDMI
monitor does it make sense to control the +5V power supply. eDP and DP
don't need this, so make it optional.
This fixes a crash observed during system suspend/resume.
Thierry Reding [Tue, 3 Dec 2019 16:19:11 +0000 (17:19 +0100)]
drm/tegra: vic: Export module device table
Export the module device table to ensure the VIC compatible strings are
listed in the module's aliases table. This in turn causes the driver to
be automatically loaded on boot if VIC is the only enabled subdevice of
the logical host1x DRM device.
Thierry Reding [Tue, 3 Dec 2019 16:19:10 +0000 (17:19 +0100)]
drm/tegra: sor: Implement system suspend/resume
Upon system suspend, make sure the +5V HDMI regulator is disabled. This
avoids potentially leaking current to the HDMI connector. This also
makes sure that upon resume the regulator is enabled again, which in
some cases is necessary to properly restore the state of the supply on
resume.
Thierry Reding [Tue, 3 Dec 2019 16:19:09 +0000 (17:19 +0100)]
drm/tegra: Use proper IOVA address for cursor image
The IOVA address for the cursor is the result of mapping the buffer
object for the given display controller. Make sure to use the proper
IOVA address as stored in the cursor's plane state.
All the display related blocks on Tegra require contiguous memory. Using
the DMA API, there is no knowing at import time which device will end up
using the buffer, so it's not known whether or not an IOMMU will be used
to map the buffer.
Move the check for non-contiguous buffers/mappings to the tegra_dc_pin()
function which is now the earliest point where it is known if a DMA BUF
can be used by the given device or not.
v2: add check for contiguous buffer/mapping in tegra_dc_pin()
Thierry Reding [Tue, 3 Dec 2019 16:19:07 +0000 (17:19 +0100)]
drm/tegra: gem: Properly pin imported buffers
Buffers that are imported from a DMA-BUF don't have pages allocated with
them. At the same time an SG table for them can't be derived using the
DMA API helpers because the necessary information doesn't exist. However
there's already an SG table that was created during import, so this can
simply be duplicated.
Mark Brown [Thu, 21 Nov 2019 13:51:32 +0000 (13:51 +0000)]
arm64: mm: Fix column alignment for UXN in kernel_page_tables
UXN is the only individual PTE bit other than the PTE_ATTRINDX_MASK ones
which doesn't have both a set and a clear value provided, meaning that the
columns in the table won't all be aligned. The PTE_ATTRINDX_MASK values
are all both mutually exclusive and longer so are listed last to make a
single final column for those values. Ensure everything is aligned by
providing a clear value for UXN.
This is due to an unfortunate combination of several factors.
Building with KASAN results in the compiler generating anonymous
functions to register/unregister global variables against the shadow
memory. These functions are placed in .text.startup/.text.exit, and
given mangled names like _GLOBAL__sub_{I,D}_65535_0_$OTHER_SYMBOL. The
kernel linker script places these in .init.text and .exit.text
respectively, which are both discarded at runtime as part of initmem.
Building with FTRACE_WITH_REGS uses -fpatchable-function-entry=2, which
also instruments KASAN's anonymous functions. When these are discarded
with the rest of initmem, ftrace removes dangling references to these
call sites.
Building without MODULES implicitly disables STRICT_MODULE_RWX, and
causes arm64's patch_map() function to treat any !core_kernel_text()
symbol as something that can be modified in-place. As core_kernel_text()
is only true for .text and .init.text, with the latter depending on
system_state < SYSTEM_RUNNING, we'll treat .exit.text as something that
can be patched in-place. However, .exit.text is mapped read-only.
Hence in this configuration the ftrace init code blows up while trying
to patch one of the functions generated by KASAN.
We could try to filter out the call sites in .exit.text rather than
initializing them, but this would be inconsistent with how we handle
.init.text, and requires hooking into core bits of ftrace. The behaviour
of patch_map() is also inconsistent today, so instead let's clean that
up and have it consistently handle .exit.text.
This patch teaches patch_map() to handle .exit.text at init time,
preventing the boot-time splat above. The flow of patch_map() is
reworked to make the logic clearer and minimize redundant
conditionality.
Will Deacon [Tue, 3 Dec 2019 12:10:13 +0000 (12:10 +0000)]
arm64: mm: Fix initialisation of DMA zones on non-NUMA systems
John reports that the recently merged commit 1a8e1cef7603 ("arm64: use
both ZONE_DMA and ZONE_DMA32") breaks the boot on his DB845C board:
| Booting Linux on physical CPU 0x0000000000 [0x517f803c]
| Linux version 5.4.0-mainline-10675-g957a03b9e38f
| Machine model: Thundercomm Dragonboard 845c
| [...]
| Built 1 zonelists, mobility grouping on. Total pages: -188245
| Kernel command line: earlycon
| firmware_class.path=/vendor/firmware/ androidboot.hardware=db845c
| init=/init androidboot.boot_devices=soc/1d84000.ufshc
| printk.devkmsg=on buildvariant=userdebug root=/dev/sda2
| androidboot.bootdevice=1d84000.ufshc androidboot.serialno=c4e1189c
| androidboot.baseband=sda
| msm_drm.dsi_display0=dsi_lt9611_1080_video_display:
| androidboot.slot_suffix=_a skip_initramfs rootwait ro init=/init
|
| <hangs indefinitely here>
This is because, when CONFIG_NUMA=n, zone_sizes_init() fails to handle
memblocks that fall entirely within the ZONE_DMA region and erroneously ends up
trying to add a negatively-sized region into the following ZONE_DMA32, which is
later interpreted as a large unsigned region by the core MM code.
Rework the non-NUMA implementation of zone_sizes_init() so that the start
address of the memblock being processed is adjusted according to the end of the
previous zone, which is then range-checked before updating the hole information
of subsequent zones.
docs/core-api: Remove possibly confusing sub-headings from Bit Operations
The recent commit 81d2c6f81996 ("kasan: support instrumented bitops
combined with generic bitops"), split the KASAN instrumented bitops
into separate headers for atomic, non-atomic and locking operations.
This was done to allow arches to include just the instrumented bitops
they need, while also using some of the generic bitops in
asm-generic/bitops (which are automatically instrumented). The generic
bitops are already split into atomic, non-atomic and locking headers.
This split required an update to kernel-api.rst because it included
include/asm-generic/bitops-instrumented.h, which no longer exists. So
now kernel-api.rst includes all three instrumented headers to get the
definitions for all the bitops.
When adding the three headers it seemed sensible to add sub-headings
for each, ie. "Atomic", "Non-atomic" and "Locking".
The confusion is that test_bit() is (and always has been) in
non-atomic.h, but is documented elsewhere (atomic_bitops.txt) as being
atomic. So having it appear under the "Non-atomic" heading is possibly
confusing.
Probably test_bit() should move from bitops/non-atomic.h to atomic.h,
but that has flow on effects. For now just remove the newly added
sub-headings in the documentation, so we at least aren't adding to the
confusion about whether test_bit() is atomic or not.
Corentin Labbe [Thu, 21 Nov 2019 08:14:45 +0000 (08:14 +0000)]
ia64: agp: Replace empty define with do while
It's dangerous to use empty code define.
Furthermore it lead to the following warning:
drivers/char/agp/generic.c: In function « agp_generic_destroy_page »:
drivers/char/agp/generic.c:1266:28: attention : suggest braces around empty body in an « if » statement [-Wempty-body]
Corentin Labbe [Thu, 21 Nov 2019 08:14:44 +0000 (08:14 +0000)]
agp: Add bridge parameter documentation
This patch add documentation about the bridge parameter in several
function.
This will fix the following build warning:
drivers/char/agp/generic.c:220: warning: No description found for parameter 'bridge'
drivers/char/agp/generic.c:364: warning: No description found for parameter 'bridge'
drivers/char/agp/generic.c:1283: warning: No description found for parameter 'bridge'
Corentin Labbe [Thu, 21 Nov 2019 08:14:41 +0000 (08:14 +0000)]
agp: remove unused variable size in agp_generic_create_gatt_table
This patch fix the following warning:
drivers/char/agp/generic.c:853:6: attention : variable ‘size’ set but not used [-Wunused-but-set-variable]
by removing the unused variable size in agp_generic_create_gatt_table
- Contains tag-ib-chrome-mfd-iio-input-5.5, which is the first part
of a series from Gwendal to refactor sensor code between MFD, CrOS
EC, iio and input in order to add a new sensorhub driver and FIFO
processing
Wilco EC:
- Add support for Dell's USB PowerShare policy control, keyboard
backlight LED driver, and a new test_event file.
- Fixes use after free in wilco_ec's telemetry driver.
Misc:
- bugfix in cros_usbpd_logger (missing destroy workqueue)"
* tag 'tag-chrome-platform-for-v5.5' of git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux:
platform/chrome: wilco_ec: fix use after free issue
platform/chrome: cros_ec: Add Kconfig default for cros-ec-sensorhub
Revert "Input: cros_ec_keyb: mask out extra flags in event_type"
Revert "Input: cros_ec_keyb - add back missing mask for event_type"
platform/chrome: cros_ec: handle MKBP more events flag
platform/chrome: cros_ec: Do not attempt to register a non-positive IRQ number
platform/chrome: cros-ec: Record event timestamp in the hard irq
mfd / platform / iio: cros_ec: Register sensor through sensorhub
iio / platform: cros_ec: Add cros-ec-sensorhub driver
mfd / platform: cros_ec: Add sensor_count and make check_features public
platform/chrome: cros_ec: Put docs with the code
platform/chrome: cros_usbpd_logger: add missed destroy_workqueue in remove
platform/chrome: cros_ec: Fix Kconfig indentation
platform/chrome: wilco_ec: Add keyboard backlight LED support
platform/chrome: wilco_ec: Add charging config driver
platform/chrome: wilco_ec: Add Dell's USB PowerShare Policy control
platform/chrome: wilco_ec: Add debugfs test_event file
projects / linux.git / log