Commit Graph

996864 Commits

Author SHA1 Message Date
Linus Torvalds
568099a703 MMC core:
- Fix partition switch time for eMMC
 
 MMC host:
  - mmci: Enforce R1B response to fix busy detection for the stm32 variants
  - cqhci: Fix crash when removing mmc module/card
 -----BEGIN PGP SIGNATURE-----
 
 iQJLBAABCgA1FiEEugLDXPmKSktSkQsV/iaEJXNYjCkFAmBLSbQXHHVsZi5oYW5z
 c29uQGxpbmFyby5vcmcACgkQ/iaEJXNYjCnxHxAAh6lGUoQyHp/wxUE/jZfOLyI4
 nQVnRlKYIx3K+wR2qNYWzf9L74iJ05LkvONdPIZjJIMiJ+XdvhUjsOREB7AQhb/1
 PRm9mwrXA1TnghLjJAYuMguVEhCRKZC9vwTd0IMcE0gxmMLuE1UVj8GXCOWj3Rgz
 XPGMh8sqAJttlkifff4PUSI+4o5ojLz4t9sNjK/Q/ShtFJW2ojktb2U/mAe67KLA
 GVj22t3//0Rh5n+sA/pmL/yVQgCZ3OzTLHEDwJwxTOr6/aQCIz6AzFGsXIQ/Kz83
 wRwjuTGZp0q9+mrKRcXFJqS27nid/Y9mDt3/xL+SfkRXoS8VHRfrUhAeqfEn28aF
 xtRVT+B8bD7+Lz39K8naN8aRsgPPh09Eir+dWZtNbkzo2sdfYY+J9URFjkorUyj3
 D/vIHLLZOQp5GOdEwEkcSk1eRoUDYMNeIfgVFv92nqUQYOMNm5TNO/6GToY1HBI2
 xChzDZFU1eFI+jE6WgRISpOI5vMSYbtllhK2ajoDODDduoY2BlWNzEcJ5IF+cneE
 f1OUO8gC5mb6k66TP3t/R+mcfv0UA6KbaeZdB7p93sYBZYNtCF3FWjebSEaAfaDN
 uzQVdA/Nugi99QTAIXqvZS/tDzJGggP9/z1eYeH1JR3zSGS2EvNynZ1HXkOokfTX
 6wAVa2csDB+PPJFXk/Y=
 =idaH
 -----END PGP SIGNATURE-----

Merge tag 'mmc-v5.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc

Pull MMC fixes from Ulf Hansson:
 "MMC core:

   - Fix partition switch time for eMMC

  MMC host:

   - mmci: Enforce R1B response to fix busy detection for
     the stm32 variants

   - cqhci: Fix crash when removing mmc module/card"

* tag 'mmc-v5.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
  mmc: cqhci: Fix random crash when remove mmc module/card
  mmc: core: Fix partition switch time for eMMC
  mmc: mmci: Add MMC_CAP_NEED_RSP_BUSY for the stm32 variants
2021-03-12 11:58:33 -08:00
Linus Torvalds
270c0551ab regulator: Fixes for v5.12
A small collection fo driver specific fixes that have arrived since the
 merge window.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmBLvF4ACgkQJNaLcl1U
 h9AVGwf/Vwr1w0r4P4eHKFc7W3ujEdK7+vSM4GoS+U/CAokEzDcJtuzzqH00iDUA
 poPIQNrylq0rjcurjKuMAko4cfg0WtlcYvcQcyL8hSP5Cg633XqJgJ7mUrOv5RQE
 nUYh/SNop5ACMlE/N3umt+nYIlFDSDcVq0fHmEcT4tYCh3aFKxlCIzBx/Vt8WOoW
 7/pO4n+vP55ciSyKS5lgaga8Qkz+Gy0+7bv5aK2swYrWU08lI5Ts5aRtGRmZmvI9
 4pc2/8AeuOuujWZgaRzuLEKJfnKgJv0mRDIHzQBx/wgQtrm91FHE96WTuQ/88mKB
 6aMjiugtPvSEscZ/PROX3xRm+dZoBg==
 =Ce9K
 -----END PGP SIGNATURE-----

Merge tag 'regulator-fix-v5.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator

Pull regulator fixes from Mark Brown:
 "A small collection fo driver specific fixes that have arrived since
  the merge window"

* tag 'regulator-fix-v5.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
  regulator: mt6315: Fix off-by-one for .n_voltages
  regulator: rt4831: Fix return value check in rt4831_regulator_probe()
  regulator: pca9450: Clear PRESET_EN bit to fix BUCK1/2/3 voltage setting
  regulator: qcom-rpmh: Use correct buck for S1C regulator
  regulator: qcom-rpmh: Correct the pmic5_hfsmps515 buck
  regulator: pca9450: Fix return value when failing to get sd-vsel GPIO
  regulator: mt6315: Return REGULATOR_MODE_INVALID for invalid mode
2021-03-12 11:55:58 -08:00
Linus Torvalds
8d9d53de51 configfs fix for 5.12
- fix a use-after-free in __configfs_open_file
    (Daiyue Zhang)
 -----BEGIN PGP SIGNATURE-----
 
 iQI/BAABCgApFiEEgdbnc3r/njty3Iq9D55TZVIEUYMFAmBLs9ELHGhjaEBsc3Qu
 ZGUACgkQD55TZVIEUYPlehAAxSw2zkzYxRvHQ+zhVRKu9x762/SOt+/3P+OuRoiN
 eGZnJi+ofLsoosj7F2Few0zKMWxMQivINpzsM8dMysvmULgbQ/xAlxPgvuk4B2I2
 l4mleFoah2BA/tnzdj9kdqv/WhzKVVhEmBgzpyTDGdRBduYAWmAhkrhXq+qC9ztY
 ArtY4Rvh61I5q12aIF8tFFbEJZqCKgZZ0W3bKO39upJF+kwoztbUUMpPF+YH4FW+
 7JitlaWFBAE89Vcf7BNqMNVk3DtLPy47WI+FaP1zmpy43XRNq2m6/FeLJhn2/S3X
 n31x6IAa4DiEJEn743czhCdAAltcMXxqVrVKF5tGfGh6mr8b96UwxjEN7U+Z4sgX
 gV8rQuHLdPc3dlTQjTuSvAAfrl3J8UpLVWLbva0vWaiUBu2/WVUfO6wJJ+ODUDaq
 woXrPtTqK8xQK2MhpOhPAvBHFsCSKqS7CvXcjOzTLJNUInN85WSVYA297r6IWr+G
 kRJpj6k8dC9e3/LbNEmrBeToKc7tPzYYcx2hlhfkaQRZUdddjuL98po7cJGeu0CR
 S10Zsry/8Lnhe2zIm7u4Hw4gEx73b+uCgZHK17OIRLHzUPmTmXaNh9eWN/jwp1/N
 wNhiPN2OJw9IRVkmTK8TFOeugEJo2VhUo51e36m5sskhowwEYDxtoZ8D7JbpKYS+
 sU8=
 =QljJ
 -----END PGP SIGNATURE-----

Merge tag 'configfs-for-5.12' of git://git.infradead.org/users/hch/configfs

Pull configfs fix from Christoph Hellwig:

 - fix a use-after-free in __configfs_open_file (Daiyue Zhang)

* tag 'configfs-for-5.12' of git://git.infradead.org/users/hch/configfs:
  configfs: fix a use-after-free in __configfs_open_file
2021-03-12 11:48:14 -08:00
Linus Torvalds
b77b5fdd05 Various gfs2 fixes
-----BEGIN PGP SIGNATURE-----
 
 iQJIBAABCAAyFiEEJZs3krPW0xkhLMTc1b+f6wMTZToFAmBLgwEUHGFncnVlbmJh
 QHJlZGhhdC5jb20ACgkQ1b+f6wMTZTpzCxAAhp5mbg+/oQ6c4wULu/q0nm2gaPdN
 Bq8DnkOKLAs3Ncd7Ft3nrGkQZQzwCvu3LVxu4zU6hdylCtZnBsYRWI8nOCn4eQKd
 Le2qZcb00awxd/XqzNmtNZwDAfyCLXaPhZJ1mFUL+IWLm/eCW9/Vi0W6YGb4Egs9
 nKCVmBdnvJSeqSSM5RJ2C6bLSwrWLe98n5r5O2uNeBtmvy2fX6A/dbM+3K03YJYJ
 JAwn1awcnSRyOD+UKSYV1mBz6mHaEKGaGmI3TKhpFGEeyOLWi8EASt2O1NDRkllC
 z9UN6H9V70Fuci8pEkP3ju0T4jbVDMv6PfX17Ah7YfHChgH70Rx64NVyCaftNMyu
 zHxHgn4PmSBgF3J5MxMO7kQUjL8OipbvPEMOTwFT4iBC10O2X7/w+hCPI+coEIB8
 w9KsZPl/5ESWdkrlxzQM3fgFUPosp5z0c3rj0gXR6aWbyumSBNWytJogp72LNfX5
 W+w1OH8nmsSJjlzbYrZjcgBsf9RCPBgyWcePL/7t+kKgjG6LlAumFh1cK+seJXBb
 tYp1WFRP2bztXz57rMD5glOc9mysbgUWwgKbvUgj9PPWyT1S/7f4EZhN/GfZWg/h
 fx+dYtlWgLWQkQwEJ1aE8Hqc+hjYxIqnAHo2h725jKpfOIvWPxBZEvztX2SL3wXO
 DtKPBhmyFtPkbR0=
 =6g8z
 -----END PGP SIGNATURE-----

Merge tag 'gfs2-v5.12-rc2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2

Pull gfs2 fixes from Andreas Gruenbacher:
 "Various gfs2 fixes"

* tag 'gfs2-v5.12-rc2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2:
  gfs2: bypass log flush if the journal is not live
  gfs2: bypass signal_our_withdraw if no journal
  gfs2: fix use-after-free in trans_drain
  gfs2: make function gfs2_make_fs_ro() to void type
2021-03-12 11:46:09 -08:00
Linus Torvalds
17f8fc198a arm64 fixes for -rc3
- Fix booting a 52-bit-VA-aware kernel on Qualcomm Amberwing
 
 - Fix pfn_valid() not to reject all ZONE_DEVICE memory
 
 - Fix memory tagging setup for hotplugged memory regions
 
 - Fix KASAN tagging in page_alloc() when DEBUG_VIRTUAL is enabled
 
 - Fix accidental truncation of CPU PMU event counters
 
 - Fix error code initialisation when failing probe of DMC620 PMU
 
 - Fix return value initialisation for sve-ptrace selftest
 
 - Drop broken support for CMDLINE_EXTEND
 -----BEGIN PGP SIGNATURE-----
 
 iQFEBAABCgAuFiEEPxTL6PPUbjXGY88ct6xw3ITBYzQFAmBLU98QHHdpbGxAa2Vy
 bmVsLm9yZwAKCRC3rHDchMFjNEhpB/wMahRmJQvjJtt/PqKU9m46tRbHRT5PC2WQ
 256DoYtexSrGa6DrBoSteUsaPuRo3YcfDnXf1wbTYikoXoKxbLvm/9IQivfyrd3S
 M4DjeaemhcZdg6YKrs/0s2UOzPV8O3kKWfs58gJ2oP/xHA7uqcZJxlIDd7H4/bX+
 M0wQvBnJEEb9mg3Hxo2WZLRUKK3nPtZ5hGz9RADOHkyCt+jPr3UtAe69iZcQ4Udd
 X2z3Dc1CZf3VF9Ujkylllqxo2eaLKXGie7r77o1AgXwPEedZD+Q9vn/viVuluRcc
 slZQyW/kRRGCZ92RT2DwLZsixsBKJtZxj+AEoJSBIrsCUUXXP4xv
 =e3YJ
 -----END PGP SIGNATURE-----

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fixes from Will Deacon:
 "We've got a smattering of changes all over the place which we've
  acrued since -rc1. To my knowledge, there aren't any pending issues at
  the moment, but there's still plenty of time for something else to
  crop up...

  Summary:

   - Fix booting a 52-bit-VA-aware kernel on Qualcomm Amberwing

   - Fix pfn_valid() not to reject all ZONE_DEVICE memory

   - Fix memory tagging setup for hotplugged memory regions

   - Fix KASAN tagging in page_alloc() when DEBUG_VIRTUAL is enabled

   - Fix accidental truncation of CPU PMU event counters

   - Fix error code initialisation when failing probe of DMC620 PMU

   - Fix return value initialisation for sve-ptrace selftest

   - Drop broken support for CMDLINE_EXTEND"

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  perf/arm_dmc620_pmu: Fix error return code in dmc620_pmu_device_probe()
  arm64: mm: remove unused __cpu_uses_extended_idmap[_level()]
  arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds
  arm64: perf: Fix 64-bit event counter read truncation
  arm64/mm: Fix __enable_mmu() for new TGRAN range values
  kselftest: arm64: Fix exit code of sve-ptrace
  arm64: mte: Map hotplugged memory as Normal Tagged
  arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL
  arm64/mm: Reorganize pfn_valid()
  arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory
  arm64/mm: Drop THP conditionality from FORCE_MAX_ZONEORDER
  arm64/mm: Drop redundant ARCH_WANT_HUGE_PMD_SHARE
  arm64: Drop support for CMDLINE_EXTEND
  arm64: cpufeatures: Fix handling of CONFIG_CMDLINE for idreg overrides
2021-03-12 11:39:53 -08:00
Linus Torvalds
6bf8819fed xen: branch for v5.12-rc3
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQRTLbB6QfY48x44uB6AXGG7T9hjvgUCYEsmRgAKCRCAXGG7T9hj
 vsQ9AP9oN1PKbTGn9U6FR/yJtMuD2XuX8a86PnMI8iM/bnox5QEA/kLIOBknM/nF
 bPDfBcb72BERKX+83qtd5153zcbhww4=
 =a/rf
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-5.12b-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip

Pull xen fixes from Juergen Gross:
 "Two fix series and a single cleanup:

   - a small cleanup patch to remove unneeded symbol exports

   - a series to cleanup Xen grant handling (avoiding allocations in
     some cases, and using common defines for "invalid" values)

   - a series to address a race issue in Xen event channel handling"

* tag 'for-linus-5.12b-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
  Xen/gntdev: don't needlessly use kvcalloc()
  Xen/gnttab: introduce common INVALID_GRANT_{HANDLE,REF}
  Xen/gntdev: don't needlessly allocate k{,un}map_ops[]
  Xen: drop exports of {set,clear}_foreign_p2m_mapping()
  xen/events: avoid handling the same event on two cpus at the same time
  xen/events: don't unmask an event channel when an eoi is pending
  xen/events: reset affinity of 2-level event when tearing it down
2021-03-12 11:34:36 -08:00
Wanpeng Li
35737d2db2 KVM: LAPIC: Advancing the timer expiration on guest initiated write
Advancing the timer expiration should only be necessary on guest initiated
writes. When we cancel the timer and clear .pending during state restore,
clear expired_tscdeadline as well.

Reviewed-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
Message-Id: <1614818118-965-1-git-send-email-wanpengli@tencent.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-03-12 13:18:52 -05:00
Sean Christopherson
8df9f1af2e KVM: x86/mmu: Skip !MMU-present SPTEs when removing SP in exclusive mode
If mmu_lock is held for write, don't bother setting !PRESENT SPTEs to
REMOVED_SPTE when recursively zapping SPTEs as part of shadow page
removal.  The concurrent write protections provided by REMOVED_SPTE are
not needed, there are no backing page side effects to record, and MMIO
SPTEs can be left as is since they are protected by the memslot
generation, not by ensuring that the MMIO SPTE is unreachable (which
is racy with respect to lockless walks regardless of zapping behavior).

Skipping !PRESENT drastically reduces the number of updates needed to
tear down sparsely populated MMUs, e.g. when tearing down a 6gb VM that
didn't touch much memory, 6929/7168 (~96.6%) of SPTEs were '0' and could
be skipped.

Avoiding the write itself is likely close to a wash, but avoiding
__handle_changed_spte() is a clear-cut win as that involves saving and
restoring all non-volatile GPRs (it's a subtly big function), as well as
several conditional branches before bailing out.

Cc: Ben Gardon <bgardon@google.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20210310003029.1250571-1-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-03-12 13:18:52 -05:00
Wanpeng Li
d7eb79c629 KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged
# lscpu
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                88
On-line CPU(s) list:   0-63
Off-line CPU(s) list:  64-87

# cat /proc/cmdline
BOOT_IMAGE=/vmlinuz-5.10.0-rc3-tlinux2-0050+ root=/dev/mapper/cl-root ro
rd.lvm.lv=cl/root rhgb quiet console=ttyS0 LANG=en_US .UTF-8 no-kvmclock-vsyscall

# echo 1 > /sys/devices/system/cpu/cpu76/online
-bash: echo: write error: Cannot allocate memory

The per-cpu vsyscall pvclock data pointer assigns either an element of the
static array hv_clock_boot (#vCPU <= 64) or dynamically allocated memory
hvclock_mem (vCPU > 64), the dynamically memory will not be allocated if
kvmclock vsyscall is disabled, this can result in cpu hotpluged fails in
kvmclock_setup_percpu() which returns -ENOMEM. It's broken for no-vsyscall
and sometimes you end up with vsyscall disabled if the host does something
strange. This patch fixes it by allocating this dynamically memory
unconditionally even if vsyscall is disabled.

Fixes: 6a1cac56f4 ("x86/kvm: Use __bss_decrypted attribute in shared variables")
Reported-by: Zelin Deng <zelin.deng@linux.alibaba.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: stable@vger.kernel.org#v4.19-rc5+
Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
Message-Id: <1614130683-24137-1-git-send-email-wanpengli@tencent.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-03-12 13:18:16 -05:00
Muhammad Usama Anjum
6fcd9cbc6a kvm: x86: annotate RCU pointers
This patch adds the annotation to fix the following sparse errors:
arch/x86/kvm//x86.c:8147:15: error: incompatible types in comparison expression (different address spaces):
arch/x86/kvm//x86.c:8147:15:    struct kvm_apic_map [noderef] __rcu *
arch/x86/kvm//x86.c:8147:15:    struct kvm_apic_map *
arch/x86/kvm//x86.c:10628:16: error: incompatible types in comparison expression (different address spaces):
arch/x86/kvm//x86.c:10628:16:    struct kvm_apic_map [noderef] __rcu *
arch/x86/kvm//x86.c:10628:16:    struct kvm_apic_map *
arch/x86/kvm//x86.c:10629:15: error: incompatible types in comparison expression (different address spaces):
arch/x86/kvm//x86.c:10629:15:    struct kvm_pmu_event_filter [noderef] __rcu *
arch/x86/kvm//x86.c:10629:15:    struct kvm_pmu_event_filter *
arch/x86/kvm//lapic.c:267:15: error: incompatible types in comparison expression (different address spaces):
arch/x86/kvm//lapic.c:267:15:    struct kvm_apic_map [noderef] __rcu *
arch/x86/kvm//lapic.c:267:15:    struct kvm_apic_map *
arch/x86/kvm//lapic.c:269:9: error: incompatible types in comparison expression (different address spaces):
arch/x86/kvm//lapic.c:269:9:    struct kvm_apic_map [noderef] __rcu *
arch/x86/kvm//lapic.c:269:9:    struct kvm_apic_map *
arch/x86/kvm//lapic.c:637:15: error: incompatible types in comparison expression (different address spaces):
arch/x86/kvm//lapic.c:637:15:    struct kvm_apic_map [noderef] __rcu *
arch/x86/kvm//lapic.c:637:15:    struct kvm_apic_map *
arch/x86/kvm//lapic.c:994:15: error: incompatible types in comparison expression (different address spaces):
arch/x86/kvm//lapic.c:994:15:    struct kvm_apic_map [noderef] __rcu *
arch/x86/kvm//lapic.c:994:15:    struct kvm_apic_map *
arch/x86/kvm//lapic.c:1036:15: error: incompatible types in comparison expression (different address spaces):
arch/x86/kvm//lapic.c:1036:15:    struct kvm_apic_map [noderef] __rcu *
arch/x86/kvm//lapic.c:1036:15:    struct kvm_apic_map *
arch/x86/kvm//lapic.c:1173:15: error: incompatible types in comparison expression (different address spaces):
arch/x86/kvm//lapic.c:1173:15:    struct kvm_apic_map [noderef] __rcu *
arch/x86/kvm//lapic.c:1173:15:    struct kvm_apic_map *
arch/x86/kvm//pmu.c:190:18: error: incompatible types in comparison expression (different address spaces):
arch/x86/kvm//pmu.c:190:18:    struct kvm_pmu_event_filter [noderef] __rcu *
arch/x86/kvm//pmu.c:190:18:    struct kvm_pmu_event_filter *
arch/x86/kvm//pmu.c:251:18: error: incompatible types in comparison expression (different address spaces):
arch/x86/kvm//pmu.c:251:18:    struct kvm_pmu_event_filter [noderef] __rcu *
arch/x86/kvm//pmu.c:251:18:    struct kvm_pmu_event_filter *
arch/x86/kvm//pmu.c:522:18: error: incompatible types in comparison expression (different address spaces):
arch/x86/kvm//pmu.c:522:18:    struct kvm_pmu_event_filter [noderef] __rcu *
arch/x86/kvm//pmu.c:522:18:    struct kvm_pmu_event_filter *
arch/x86/kvm//pmu.c:522:18: error: incompatible types in comparison expression (different address spaces):
arch/x86/kvm//pmu.c:522:18:    struct kvm_pmu_event_filter [noderef] __rcu *
arch/x86/kvm//pmu.c:522:18:    struct kvm_pmu_event_filter *

Signed-off-by: Muhammad Usama Anjum <musamaanjum@gmail.com>
Message-Id: <20210305191123.GA497469@LEGION>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-03-12 13:17:41 -05:00
Rafael J. Wysocki
7180323227 Merge branch 'pm-opp'
* pm-opp:
  opp: Don't drop extra references to OPPs accidentally
2021-03-12 18:47:22 +01:00
Rafael J. Wysocki
bee7359f65 Merge branch 'opp/linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/vireshk/pm
Pull an operating performance points (OPP) framework fix for 5.12
from Viresh Kumar:

"Fix OPP refcount issue noticed by Beata."

* 'opp/linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/vireshk/pm:
  opp: Don't drop extra references to OPPs accidentally
2021-03-12 18:45:44 +01:00
Pavel Begunkov
58f9937383 io_uring: fix OP_ASYNC_CANCEL across tasks
IORING_OP_ASYNC_CANCEL tries io-wq cancellation only for current task.
If it fails go over tctx_list and try it out for every single tctx.

Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-03-12 09:42:56 -07:00
Pavel Begunkov
521d6a737a io_uring: cancel sqpoll via task_work
1) The first problem is io_uring_cancel_sqpoll() ->
io_uring_cancel_task_requests() basically doing park(); park(); and so
hanging.

2) Another one is more subtle, when the master task is doing cancellations,
but SQPOLL task submits in-between the end of the cancellation but
before finish() requests taking a ref to the ctx, and so eternally
locking it up.

3) Yet another is a dying SQPOLL task doing io_uring_cancel_sqpoll() and
same io_uring_cancel_sqpoll() from the owner task, they race for
tctx->wait events. And there probably more of them.

Instead do SQPOLL cancellations from within SQPOLL task context via
task_work, see io_sqpoll_cancel_sync(). With that we don't need temporal
park()/unpark() during cancellation, which is ugly, subtle and anyway
doesn't allow to do io_run_task_work() properly.

io_uring_cancel_sqpoll() is called only from SQPOLL task context and
under sqd locking, so all parking is removed from there. And so,
io_sq_thread_[un]park() and io_sq_thread_stop() are not used now by
SQPOLL task, and that spare us from some headache.

Also remove ctx->sqd_list early to avoid 2). And kill tctx->sqpoll,
which is not used anymore.

Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-03-12 09:42:55 -07:00
Pavel Begunkov
26984fbf3a io_uring: prevent racy sqd->thread checks
SQPOLL thread to which we're trying to attach may be going away, it's
not nice but a more serious problem is if io_sq_offload_create() sees
sqd->thread==NULL, and tries to init it with a new thread. There are
tons of ways it can be exploited or fail.

Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-03-12 09:42:53 -07:00
Marc Zyngier
262b003d05 KVM: arm64: Fix exclusive limit for IPA size
When registering a memslot, we check the size and location of that
memslot against the IPA size to ensure that we can provide guest
access to the whole of the memory.

Unfortunately, this check rejects memslot that end-up at the exact
limit of the addressing capability for a given IPA size. For example,
it refuses the creation of a 2GB memslot at 0x8000000 with a 32bit
IPA space.

Fix it by relaxing the check to accept a memslot reaching the
limit of the IPA space.

Fixes: c3058d5da2 ("arm/arm64: KVM: Ensure memslots are within KVM_PHYS_SIZE")
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Cc: stable@vger.kernel.org
Reviewed-by: Andrew Jones <drjones@redhat.com>
Link: https://lore.kernel.org/r/20210311100016.3830038-3-maz@kernel.org
2021-03-12 15:43:22 +00:00
Marc Zyngier
7d717558dd KVM: arm64: Reject VM creation when the default IPA size is unsupported
KVM/arm64 has forever used a 40bit default IPA space, partially
due to its 32bit heritage (where the only choice is 40bit).

However, there are implementations in the wild that have a *cough*
much smaller *cough* IPA space, which leads to a misprogramming of
VTCR_EL2, and a guest that is stuck on its first memory access
if userspace dares to ask for the default IPA setting (which most
VMMs do).

Instead, blundly reject the creation of such VM, as we can't
satisfy the requirements from userspace (with a one-off warning).
Also clarify the boot warning, and document that the VM creation
will fail when an unsupported IPA size is provided.

Although this is an ABI change, it doesn't really change much
for userspace:

- the guest couldn't run before this change, but no error was
  returned. At least userspace knows what is happening.

- a memory slot that was accepted because it did fit the default
  IPA space now doesn't even get a chance to be registered.

The other thing that is left doing is to convince userspace to
actually use the IPA space setting instead of relying on the
antiquated default.

Fixes: 233a7cb235 ("kvm: arm64: Allow tuning the physical address size for VM")
Signed-off-by: Marc Zyngier <maz@kernel.org>
Cc: stable@vger.kernel.org
Reviewed-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Link: https://lore.kernel.org/r/20210311100016.3830038-2-maz@kernel.org
2021-03-12 15:42:57 +00:00
Bob Peterson
0efc4976e3 gfs2: bypass log flush if the journal is not live
Patch fe3e397668 ("gfs2: Rework the log space allocation logic")
changed gfs2_log_flush to reserve a set of journal blocks in case no
transaction is active.  However, gfs2_log_flush also gets called in
cases where we don't have an active journal, for example, for spectator
mounts.  In that case, trying to reserve blocks would sleep forever, but
we want gfs2_log_flush to be a no-op instead.

Fixes: fe3e397668 ("gfs2: Rework the log space allocation logic")
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
2021-03-12 15:52:48 +01:00
Pavel Begunkov
0df8ea602b io_uring: remove useless ->startup completion
We always do complete(&sqd->startup) almost right after sqd->thread
creation, either in the success path or in io_sq_thread_finish(). It's
specifically created not started for us to be able to set some stuff
like sqd->thread and io_uring_alloc_task_context() before following
right after wake_up_new_task().

Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-03-12 07:23:01 -07:00
Pavel Begunkov
e1915f76a8 io_uring: cancel deferred requests in try_cancel
As io_uring_cancel_files() and others let SQO to run between
io_uring_try_cancel_requests(), SQO may generate new deferred requests,
so it's safer to try to cancel them in it.

Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-03-12 07:23:00 -07:00
Jens Axboe
d4b64fd702 nvme fixes for 5.12:
- one more quirk (Dmitry Monakhov)
  - fix max_zone_append_sectors initialization (Chaitanya Kulkarni)
  - nvme-fc reset/create race fix (James Smart)
  - fix status code on aborts/resets (Hannes Reinecke)
  - fix the CSS check for ZNS namespaces (Chaitanya Kulkarni)
  - fix a use after free in a debug printk in nvme-rdma (Lv Yunlong)
 -----BEGIN PGP SIGNATURE-----
 
 iQI/BAABCgApFiEEgdbnc3r/njty3Iq9D55TZVIEUYMFAmBLMlwLHGhjaEBsc3Qu
 ZGUACgkQD55TZVIEUYNVLA//aay9+Jq/BTwXG69249PshsvGpw5EVpaNp5YIwxyM
 ehC7AW5vm+1wg3b8X1O+sRhJ+PSKs3hbzUxoVWsGwj4RxJB0OPRnthjtcaGz2Ly3
 5q/IGlA6Qxk0cHLRqTg+l3n4d1ctPpt+wS2IcTJpgh8Vmqj+/H3+jD26UjhvLySr
 I9zgtl27STC8nwQwWYOXvbLql3eRzilZNd4qydnZIlcj/+CW3MGehiFlaVKsUQP1
 FJwx8LVHNU3V6n21eT99Xa9Lu/vWRjPQEyEBLV9iZ/dD2JVS1Q4TI/hwtTjFLZvi
 CVw1uu8HfSlYE/lA4wclPfljdZLUt2chjVG5S/lqJJmmoy7J6xf4b0hNI2yLGjft
 yKZB+vi+nKKoj3OLiy+LpopXSb23BMDlis1EqL/rXtU1JXsonDcsTAdscACvTHTL
 2aVbyHQ2hvNOs6L7GkHGEwu7nNE31tG7+DOXnjHwfq3j2mTnHu2AniAF9llG1NuC
 nbIQZQxRDdakknJsZU8YWG3rkOFUDLs9z2V3O5bs8KlTgYTkCut0Vtgdx2vZ2iVF
 jTmbEuFyK6pcWgFEFk6IP4LawJPNpozo8NQZGMUOp3ym8CXm/NHuxj1R3w8LcAH6
 OvmQWo6AcUNyaXNhVNPADqmnY2ZDjYC6/KWoMrg/YESCYXqfpMvXfArVbyYoU9yD
 61U=
 =LkdO
 -----END PGP SIGNATURE-----

Merge tag 'nvme-5.12-2021-03-12' of git://git.infradead.org/nvme into block-5.12

Pull NVMe fixes from Christoph:

"nvme fixes for 5.12:

 - one more quirk (Dmitry Monakhov)
 - fix max_zone_append_sectors initialization (Chaitanya Kulkarni)
 - nvme-fc reset/create race fix (James Smart)
 - fix status code on aborts/resets (Hannes Reinecke)
 - fix the CSS check for ZNS namespaces (Chaitanya Kulkarni)
 - fix a use after free in a debug printk in nvme-rdma (Lv Yunlong)"

* tag 'nvme-5.12-2021-03-12' of git://git.infradead.org/nvme:
  nvme-pci: add the DISABLE_WRITE_ZEROES quirk for a Samsung PM1725a
  nvme-rdma: Fix a use after free in nvmet_rdma_write_data_done
  nvme-core: check ctrl css before setting up zns
  nvme-fc: fix racing controller reset and create association
  nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted
  nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange()
  nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request()
  nvme: simplify error logic in nvme_validate_ns()
  nvme: set max_zone_append_sectors nvme_revalidate_zones
2021-03-12 07:21:15 -07:00
Bob Peterson
d5bf630f35 gfs2: bypass signal_our_withdraw if no journal
Before this patch, function signal_our_withdraw referenced the journal
inode immediately. But corrupt file systems may have some invalid
journals, in which case our attempt to read it in will withdraw and the
resulting signal_our_withdraw would dereference the NULL value.

This patch adds a check to signal_our_withdraw so that if the journal
has not yet been initialized, it simply returns and does the old-style
withdraw.

Thanks, Andy Price, for his analysis.

Reported-by: syzbot+50a8a9cf8127f2c6f5df@syzkaller.appspotmail.com
Fixes: 601ef0d52e ("gfs2: Force withdraw to replay journals and wait for it to finish")
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
2021-03-12 14:55:23 +01:00
Wei Yongjun
c8e3866836 perf/arm_dmc620_pmu: Fix error return code in dmc620_pmu_device_probe()
Fix to return negative error code -ENOMEM from the error handling
case instead of 0, as done elsewhere in this function.

Fixes: 53c218da22 ("driver/perf: Add PMU driver for the ARM DMC-620 memory controller")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Link: https://lore.kernel.org/r/20210312080421.277562-1-weiyongjun1@huawei.com
Signed-off-by: Will Deacon <will@kernel.org>
2021-03-12 11:30:31 +00:00
Peter Zijlstra
ba08abca66 objtool,x86: Fix uaccess PUSHF/POPF validation
Commit ab234a260b ("x86/pv: Rework arch_local_irq_restore() to not
use popf") replaced "push %reg; popf" with something like: "test
$0x200, %reg; jz 1f; sti; 1:", which breaks the pushf/popf symmetry
that commit ea24213d80 ("objtool: Add UACCESS validation") relies
on.

The result is:

  drivers/gpu/drm/amd/amdgpu/si.o: warning: objtool: si_common_hw_init()+0xf36: PUSHF stack exhausted

Meanwhile, commit c9c324dc22 ("objtool: Support stack layout changes
in alternatives") makes that we can actually use stack-ops in
alternatives, which means we can revert 1ff865e343 ("x86,smap: Fix
smap_{save,restore}() alternatives").

That in turn means we can limit the PUSHF/POPF handling of
ea24213d80 to those instructions that are in alternatives.

Fixes: ab234a260b ("x86/pv: Rework arch_local_irq_restore() to not use popf")
Reported-by: Borislav Petkov <bp@alien8.de>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>
Link: https://lkml.kernel.org/r/YEY4rIbQYa5fnnEp@hirez.programming.kicks-ass.net
2021-03-12 09:15:49 +01:00
Beata Michalska
606a5d4227 opp: Don't drop extra references to OPPs accidentally
We are required to call dev_pm_opp_put() from outside of the
opp_table->lock as debugfs removal needs to happen lock-less to avoid
circular dependency issues.

commit cf1fac943c ("opp: Reduce the size of critical section in
_opp_kref_release()") tried to fix that introducing a new routine
_opp_get_next() which keeps returning OPPs that can be freed by the
callers and this routine shall be called without holding the
opp_table->lock.

Though the commit overlooked the fact that the OPPs can be referenced by
other users as well and this routine will end up dropping references
which were taken by other users and hence freeing the OPPs prematurely.

In effect, other users of the OPPs will end up having invalid pointers
at hand. We didn't see any crash reports earlier as the exact situation
never happened, though it is certainly possible.

We need a way to mark which OPPs are no longer referenced by the OPP
core, so we don't drop extra references to them accidentally.

This commit adds another OPP flag, "removed", which is used to track
this. And now we should never end up dropping extra references to the
OPPs.

Cc: v5.11+ <stable@vger.kernel.org> # v5.11+
Fixes: cf1fac943c ("opp: Reduce the size of critical section in _opp_kref_release()")
Signed-off-by: Beata Michalska <beata.michalska@arm.com>
[ Viresh: Almost rewrote entire patch, added new "removed" field,
	  rewrote commit log and added the correct Fixes tag. ]
Co-developed-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
2021-03-12 09:26:52 +05:30
Linus Torvalds
f78d76e72a drm fixes for 5.12-rc3
core:
 - Clear holes when converting compat ioctl's between 32-bits and 64-bits.
 
 docs:
 - Use gitlab for drm bugzilla now.
 
 ttm:
 - Fix ttm page pool accounting.
 
 fbdev:
 - Fix oops in drm_fbdev_cleanup()
 
 shmem:
 - Assorted fixes for shmem helpers.
 
 qxl:
 - unpin qxl bos created as pinned when freeing them,
   and make ttm only warn once on this behavior.
 - Zero head.surface_id correctly in qxl.
 
 atyfb:
 - Use LCD management for atyfb on PPC_MAC.
 
 meson:
 - Shutdown kms poll helper in meson correctly.
 
 nouveau:
 - fix regression in bo syncing
 
 i915:
 - Wedge the GPU if command parser setup fails
 
 amdgpu:
 - Fix aux backlight control
 - Add a backlight override parameter
 - Various display fixes
 - PCIe DPM fix for vega
 - Polaris watermark fixes
 - Additional S0ix fix
 
 radeon:
 - Fix GEM regression
 - Fix AGP dependency handling
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJgSsPTAAoJEAx081l5xIa+8TwP/jRf13D9movGBCOyW1R7XCNq
 TSONwIDqG0xcFaH9W0zHIkndeNGpEYsqbkXEtm0au50Jx6Rm3lFwd4tRxi+yoHmJ
 aD7bf/TN7kNQ3lt8n84VXFkjDMvKeHVc5BghqdfpXO/RfwXbSfxsEfZcqFwgEGzU
 XAfPO8PJLJ1vBRYhIdRNnq0QA54utJOeMZIa6hVT+gzZD5VpSMiHLUPLnKuL9fKe
 hEkvedXOIoh6W8mTd56lnWzbGfoqVW5OCQgCGI4Q2Xd+n2UOLluzdDrwBxLAlU58
 w+mWNoGLZlebR1e8H2h47P03/tfYTiCn8uacwvsKR2WoIPaQEZLe188WpSCXZVEq
 XWXrF0VfWUcYnGOzRNky2Z4n7w4xuVQGhXMfKkxcvFcjghFBeHANe7XbUzrJWrAR
 fjXz9p3q/DRcXI4CyKl0qPmx63zF3YFpmG09TjqxxZZfuFV+uNj12iPISRpL1UZk
 3OAx/1DOcMhRfU7e6HrgWX1UTu5FTh0m7dcVD7fxW/dCKNaOEab+V/unpbuyAEh4
 +WI6fi2x710cnwyRee9lffLqM3wO/140cIzzdWnn+6/xEzymfxGzYqEHK6w5iRld
 siOVglJQM+zfxAym0r8Ijj4g1DI/oi7jUgg77aEu1NpsXAuqYh/Ey9V8yBXH59EL
 +IHba72PM28swWPSH4/8
 =nUAy
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-2021-03-12-1' of git://anongit.freedesktop.org/drm/drm

Pull drm fixes from Dave Airlie:
 "Regular fixes for rc3. The i915 pull was based on the rc1 tag so I
  just cherry-picked the single fix from there to avoid it. The misc and
  amd trees seem to be on okay bases.

  It's a bunch of fixes across the tree, amdgpu has most of them a few
  ttm fixes around qxl, and nouveau.

  core:
   - Clear holes when converting compat ioctl's between 32-bits and
     64-bits.

  docs:
   - Use gitlab for drm bugzilla now.

  ttm:
   - Fix ttm page pool accounting.

  fbdev:
   - Fix oops in drm_fbdev_cleanup()

  shmem:
   - Assorted fixes for shmem helpers.

  qxl:
   - unpin qxl bos created as pinned when freeing them, and make ttm
     only warn once on this behavior.
   - Zero head.surface_id correctly in qxl.

  atyfb:
   - Use LCD management for atyfb on PPC_MAC.

  meson:
   - Shutdown kms poll helper in meson correctly.

  nouveau:
   - fix regression in bo syncing

  i915:
   - Wedge the GPU if command parser setup fails

  amdgpu:
   - Fix aux backlight control
   - Add a backlight override parameter
   - Various display fixes
   - PCIe DPM fix for vega
   - Polaris watermark fixes
   - Additional S0ix fix

  radeon:
   - Fix GEM regression
   - Fix AGP dependency handling"

* tag 'drm-fixes-2021-03-12-1' of git://anongit.freedesktop.org/drm/drm: (33 commits)
  drm/nouveau: fix dma syncing for loops (v2)
  drm/i915: Wedge the GPU if command parser setup fails
  drm/compat: Clear bounce structures
  drm/shmem-helpers: vunmap: Don't put pages for dma-buf
  drm: meson_drv add shutdown function
  drm/shmem-helper: Don't remove the offset in vm_area_struct pgoff
  drm/shmem-helper: Check for purged buffers in fault handler
  qxl: Fix uninitialised struct field head.surface_id
  drm/ttm: Fix TTM page pool accounting
  drm/ttm: soften TTM warnings
  drm: Use USB controller's DMA mask when importing dmabufs
  MAINTAINERS: update drm bug reporting URL
  fbdev: atyfb: use LCD management functions for PPC_PMAC also
  fbdev: atyfb: always declare aty_{ld,st}_lcd()
  drm/qxl: fix lockdep issue in qxl_alloc_release_reserved
  drm/qxl: unpin release objects
  drm/fb-helper: only unmap if buffer not null
  drm/amdgpu: fix S0ix handling when the CONFIG_AMD_PMC=m
  drm/radeon: fix AGP dependency
  drm/radeon: also init GEM funcs in radeon_gem_prime_import_sg_table
  ...
2021-03-11 17:38:49 -08:00
Dave Airlie
4042160c2e drm/nouveau: fix dma syncing for loops (v2)
The index variable should only be increased in one place.

Noticed this while trying to track down another oops.

v2: use while loop.

Fixes: f295c8cfec ("drm/nouveau: fix dma syncing warning with debugging on.")
Signed-off-by: Dave Airlie <airlied@redhat.com>
Reviewed-by: Michael J. Ruhl <michael.j.ruhl@intel.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20210311043527.5376-1-airlied@gmail.com
2021-03-12 11:21:47 +10:00
Tvrtko Ursulin
a829f033e9 drm/i915: Wedge the GPU if command parser setup fails
Commit 311a50e76a ("drm/i915: Add support for mandatory cmdparsing")
introduced mandatory command parsing but setup failures were not
translated into wedging the GPU which was probably the intent.

Possible errors come in two categories. Either the sanity check on
internal tables has failed, which should be caught in CI unless an
affected platform would be missed in testing; or memory allocation failure
happened during driver load, which should be extremely unlikely but for
correctness should still be handled.

v2:
 * Tidy coding style. (Chris)

[airlied: cherry-picked to avoid rc1 base]
Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Fixes: 311a50e76a ("drm/i915: Add support for mandatory cmdparsing")
Cc: Jon Bloomfield <jon.bloomfield@intel.com>
Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Cc: Chris Wilson <chris.p.wilson@intel.com>
Reviewed-by: Chris Wilson <chris.p.wilson@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20210302114213.1102223-1-tvrtko.ursulin@linux.intel.com
(cherry picked from commit 5a1a659762d35a6dc51047c9127c011303c77b7f)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2021-03-12 11:20:50 +10:00
Dave Airlie
fb198483ed Merge tag 'amd-drm-fixes-5.12-2021-03-10' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes
amd-drm-fixes-5.12-2021-03-10:

amdgpu:
- Fix aux backlight control
- Add a backlight override parameter
- Various display fixes
- PCIe DPM fix for vega
- Polaris watermark fixes
- Additional S0ix fix

radeon:
- Fix GEM regression
- Fix AGP dependency handling

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Alex Deucher <alexander.deucher@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20210310221141.3974-1-alexander.deucher@amd.com
2021-03-12 11:20:02 +10:00
Dave Airlie
e0da968623 drm-misc-fixes for rc3, rebased on rc2:
- Fix oops in drm_fbdev_cleanup()
 - unpin qxl bos created as pinned when freeing them,
   and make ttm only warn once on this behavior.
 - Use LCD management for atyfb on PPC_MAC.
 - Use gitlab for drm bugzilla now.
 - Fix ttm page pool accounting.
 - Zero head.surface_id correctly in qxl.
 - Assorted fixes for shmem helpers.
 - Shutdown kms poll helper in meson correctly.
 - Clear holes when converting compat ioctl's between 32-bits and 64-bits.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEuXvWqAysSYEJGuVH/lWMcqZwE8MFAmBJ9Q0ACgkQ/lWMcqZw
 E8NF1w/+JncfuejRTEPESJE58/Hqxdb8GKyLGzRd4Xj+WvWvEr//O+faNZiD7jg7
 f9Y1D9IbuvpdkenUNSvrFVjQryK/ua6jLTP5atuNf41AIF3hYMQ+BSAU10UZ27Mt
 6RpIWNR5I4rnnFLPqNenxH5JP1IvT3Yg2a/yU461N7bBLgmjKxK7XbF5I/8rn4Ff
 a5YxhsIBTerQhuy6ZqmHKwwdDkV7Y/dVMY3yiT7U7iT09qzrS41E8g3hu7wGIvU4
 p9bxfsn+FL7sHpGFxqTiNERmHYrESDwZsJnliBHj8mZBfKVRDbLq9QeFg5ooYsTb
 FvPVR19Ct+WG9lcnO1mxATozhgUnCcRB7stZSgyKzn+JsnDYG3cD2QFbZLB9DVlz
 M/iQzYGJpFrMDrGCRuIddni2ZN0qEESQmoN7N4s3UaKvJFLDKM4brzbpgaU8gb2s
 UqsfzWUCmFA1ePXqyfNXQo6q007ZhRBkAI5KTiOxEBeSKwRq5JWGo+LRMFBENHFw
 CTqnluwyRQxri5TqWQGySUgpvCSXONGUjfn53fTbPITsO+Hq/JAh+HJDcWGaQ4rr
 FEL5HY977B/dY4rl/l1MmINAmpH3GUR2HN20KupbtLGdIU0tWPBUvbrvrldnUoNm
 4m6Uo+wz5rfmQ6pcl+QbeNZw7VAiGDTEWDGz9BOFezee7YupuQk=
 =x9AW
 -----END PGP SIGNATURE-----

Merge tag 'drm-misc-fixes-2021-03-11' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes

drm-misc-fixes for rc3, rebased on rc2:
- Fix oops in drm_fbdev_cleanup()
- unpin qxl bos created as pinned when freeing them,
  and make ttm only warn once on this behavior.
- Use LCD management for atyfb on PPC_MAC.
- Use gitlab for drm bugzilla now.
- Fix ttm page pool accounting.
- Zero head.surface_id correctly in qxl.
- Assorted fixes for shmem helpers.
- Shutdown kms poll helper in meson correctly.
- Clear holes when converting compat ioctl's between 32-bits and 64-bits.

Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/4606f08e-d0e8-c543-5e96-cee2fd728a41@linux.intel.com
2021-03-12 10:30:36 +10:00
Christophe Leroy
0b736881c8 powerpc/traps: unrecoverable_exception() is not an interrupt handler
unrecoverable_exception() is called from interrupt handlers or
after an interrupt handler has failed.

Make it a standard function to avoid doubling the actions
performed on interrupt entry (e.g.: user time accounting).

Fixes: 3a96570ffc ("powerpc: convert interrupt handlers to use wrappers")
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/ae96c59fa2cb7f24a8929c58cfa2c909cb8ff1f1.1615291471.git.christophe.leroy@csgroup.eu
2021-03-12 11:02:12 +11:00
Shin'ichiro Kawasaki
e511350590 block: Discard page cache of zone reset target range
When zone reset ioctl and data read race for a same zone on zoned block
devices, the data read leaves stale page cache even though the zone
reset ioctl zero clears all the zone data on the device. To avoid
non-zero data read from the stale page cache after zone reset, discard
page cache of reset target zones in blkdev_zone_mgmt_ioctl(). Introduce
the helper function blkdev_truncate_zone_range() to discard the page
cache. Ensure the page cache discarded by calling the helper function
before and after zone reset in same manner as fallocate does.

This patch can be applied back to the stable kernel version v5.10.y.
Rework is needed for older stable kernels.

Signed-off-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
Fixes: 3ed05a987e ("blk-zoned: implement ioctls")
Cc: <stable@vger.kernel.org> # 5.10+
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Link: https://lore.kernel.org/r/20210311072546.678999-1-shinichiro.kawasaki@wdc.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-03-11 11:49:25 -07:00
Daniel Wagner
9ec491447b block: Suppress uevent for hidden device when removed
register_disk() suppress uevents for devices with the GENHD_FL_HIDDEN
but enables uevents at the end again in order to announce disk after
possible partitions are created.

When the device is removed the uevents are still on and user land sees
'remove' messages for devices which were never 'add'ed to the system.

  KERNEL[95481.571887] remove   /devices/virtual/nvme-fabrics/ctl/nvme5/nvme0c5n1 (block)

Let's suppress the uevents for GENHD_FL_HIDDEN by not enabling the
uevents at all.

Signed-off-by: Daniel Wagner <dwagner@suse.de>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Martin Wilck <mwilck@suse.com>
Link: https://lore.kernel.org/r/20210311151917.136091-1-dwagner@suse.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-03-11 11:48:25 -07:00
Linus Torvalds
28806e4d9b media fixes for v5.12-rc3
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+QmuaPwR3wnBdVwACF8+vY7k4RUFAmBJ8/0ACgkQCF8+vY7k
 4RXBdA//X+BzbkZluts1RL3uwU9Vi7CqzWCAzAmKROMrxMB15VEz4ddZN12vuAXE
 B04Dywu4rP+vsjW3gktPYYs6PDcaJATUQRFRm6J5BYZM1UuNX7bLUrKN+80trlRl
 yzOSFDfFkw4XpMSpaft+G61+5X5BCJ8SO3Sx0sdV0ru9Y4FRjvMqZQwq0eQpPpsl
 s8ciuG9KOotHiWSbak7Tf5ZDmizKGBhKKzCWheLrugpnc9quTgi1Sj08IBJR16/f
 bxWiiycBlg/tub5lkrmD+4jgf8hB/1ZmOnmJaUT6SLNqM/hYhda4IfKgFS7jafSB
 OjwwwwPe+XvrMpKEfngyqHT97puL1YF+rSbZISnepd/CwfHMt0kKOEse8nPojmay
 88mQK+KtFatyQkyG/z5B4fBUTQ30/ZZEIYca83Vgw2ca0FOnZuGCT5mZ/ElbZfZd
 0uPaZM3jNMY7zp+63Ur7oYdDOrj7tDorcyjbz7s/vXbBGK+kebUAl3BWwGq8B1uC
 mztFF7zqkDGzZyD9SxvTBE4fUV2gFfYGoY6T4m9iFT4z/8dnMXmAe/o1r7fZaFG4
 JafbCHAVKXXJKbw6P8Mi/mlJHd2zvnRmJPkQT4kAg0VeON/1oIqcgG6KU9UD8fW8
 4Pb9MCWvAA8MLs9r7YUh2L7Si1NXYgYAEO0En4Q+5wvPh+ORVLo=
 =ivNO
 -----END PGP SIGNATURE-----

Merge tag 'media/v5.12-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media

Pull media fixes from Mauro Carvalho Chehab:
 "A couple of fixes:

   - fix a build issue with CEC

   - fix a deadlock at usbtv driver

   - fix some null pointer address issues at vsp1 driver

   - fix a wrong bitmap setting at rkisp1 driver"

* tag 'media/v5.12-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media:
  media: rkisp1: params: fix wrong bits settings
  media: v4l: vsp1: Fix uif null pointer access
  media: v4l: vsp1: Fix bru null pointer access
  media: usbtv: Fix deadlock on suspend
  media: rc: compile rc-cec.c into rc-core
2021-03-11 10:39:18 -08:00
J. Bruce Fields
4f8be1f53b nfs: we don't support removing system.nfs4_acl
The NFSv4 protocol doesn't have any notion of reomoving an attribute, so
removexattr(path,"system.nfs4_acl") doesn't make sense.

There's no documented return value.  Arguably it could be EOPNOTSUPP but
I'm a little worried an application might take that to mean that we
don't support ACLs or xattrs.  How about EINVAL?

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
2021-03-11 13:17:42 -05:00
Jens Axboe
d052d1d685 io_uring: perform IOPOLL reaping if canceler is thread itself
We bypass IOPOLL completion polling (and reaping) for the SQPOLL thread,
but if it's the thread itself invoking cancelations, then we still need
to perform it or no one will.

Fixes: 9936c7c2bc ("io_uring: deduplicate core cancellations sequence")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-03-11 10:49:20 -07:00
Jens Axboe
5c2469e0a2 io_uring: force creation of separate context for ATTACH_WQ and non-threads
Earlier kernels had SQPOLL threads that could share across anything, as
we grabbed the context we needed on a per-ring basis. This is no longer
the case, so only allow attaching directly if we're in the same thread
group. That is the common use case. For non-group tasks, just setup a
new context and thread as we would've done if sharing wasn't set. This
isn't 100% ideal in terms of CPU utilization for the forked and share
case, but hopefully that isn't much of a concern. If it is, there are
plans in motion for how to improve that. Most importantly, we want to
avoid app side regressions where sharing worked before and now doesn't.
With this patch, functionality is equivalent to previous kernels that
supported IORING_SETUP_ATTACH_WQ with SQPOLL.

Reported-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-03-11 10:17:56 -07:00
Christoph Hellwig
a8affc03a9 block: rename BIO_MAX_PAGES to BIO_MAX_VECS
Ever since the addition of multipage bio_vecs BIO_MAX_PAGES has been
horribly confusingly misnamed.  Rename it to BIO_MAX_VECS to stop
confusing users of the bio API.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Link: https://lore.kernel.org/r/20210311110137.1132391-2-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-03-11 07:47:48 -07:00
Axel Lin
d450293c55
regulator: mt6315: Fix off-by-one for .n_voltages
The valid selector is 0 ~ 0xbf, so the .n_voltages should be 0xc0.

Signed-off-by: Axel Lin <axel.lin@ingics.com>
Link: https://lore.kernel.org/r/20210311020558.579597-1-axel.lin@ingics.com
Signed-off-by: Mark Brown <broonie@kernel.org>
2021-03-11 13:23:21 +00:00
Ard Biesheuvel
30b2675761 arm64: mm: remove unused __cpu_uses_extended_idmap[_level()]
These routines lost all existing users during the latest merge window so
we can remove them. This avoids the need to fix them in the context of
fixing a regression related to the ID map on 52-bit VA kernels.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20210310171515.416643-3-ardb@kernel.org
Signed-off-by: Will Deacon <will@kernel.org>
2021-03-11 13:04:28 +00:00
Ard Biesheuvel
7ba8f2b2d6 arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds
52-bit VA kernels can run on hardware that is only 48-bit capable, but
configure the ID map as 52-bit by default. This was not a problem until
recently, because the special T0SZ value for a 52-bit VA space was never
programmed into the TCR register anwyay, and because a 52-bit ID map
happens to use the same number of translation levels as a 48-bit one.

This behavior was changed by commit 1401bef703 ("arm64: mm: Always update
TCR_EL1 from __cpu_set_tcr_t0sz()"), which causes the unsupported T0SZ
value for a 52-bit VA to be programmed into TCR_EL1. While some hardware
simply ignores this, Mark reports that Amberwing systems choke on this,
resulting in a broken boot. But even before that commit, the unsupported
idmap_t0sz value was exposed to KVM and used to program TCR_EL2 incorrectly
as well.

Given that we already have to deal with address spaces being either 48-bit
or 52-bit in size, the cleanest approach seems to be to simply default to
a 48-bit VA ID map, and only switch to a 52-bit one if the placement of the
kernel in DRAM requires it. This is guaranteed not to happen unless the
system is actually 52-bit VA capable.

Fixes: 90ec95cda9 ("arm64: mm: Introduce VA_BITS_MIN")
Reported-by: Mark Salter <msalter@redhat.com>
Link: http://lore.kernel.org/r/20210310003216.410037-1-msalter@redhat.com
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20210310171515.416643-2-ardb@kernel.org
Signed-off-by: Will Deacon <will@kernel.org>
2021-03-11 13:04:28 +00:00
Mathias Nyman
d26c00e727 xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state
If port terminations are detected in suspend, but link never reaches U0
then xHCI may have an internal uncleared wake state that will cause an
immediate wake after suspend.

This wake state is normally cleared when driver clears the PORT_CSC bit,
which is set after a device is enabled and in U0.

Write 1 to clear PORT_CSC for ports that don't have anything connected
when suspending. This makes sure any pending internal wake states in
xHCI are cleared.

Cc: stable@vger.kernel.org
Tested-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20210311115353.2137560-5-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-03-11 13:03:06 +01:00
Forest Crossman
b71c669ad8 usb: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing
I've confirmed that both the ASMedia ASM1042A and ASM3242 have the same
problem as the ASM1142 and ASM2142/ASM3142, where they lose some of the
upper bits of 64-bit DMA addresses. As with the other chips, this can
cause problems on systems where the upper bits matter, and adding the
XHCI_NO_64BIT_SUPPORT quirk completely fixes the issue.

Cc: stable@vger.kernel.org
Signed-off-by: Forest Crossman <cyrozap@gmail.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20210311115353.2137560-4-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-03-11 13:03:06 +01:00
Mathias Nyman
253f588c70 xhci: Improve detection of device initiated wake signal.
A xHC USB 3 port might miss the first wake signal from a USB 3 device
if the port LFPS reveiver isn't enabled fast enough after xHC resume.

xHC host will anyway be resumed by a PME# signal, but will go back to
suspend if no port activity is seen.
The device resends the U3 LFPS wake signal after a 100ms delay, but
by then host is already suspended, starting all over from the
beginning of this issue.

USB 3 specs say U3 wake LFPS signal is sent for max 10ms, then device
needs to delay 100ms before resending the wake.

Don't suspend immediately if port activity isn't detected in resume.
Instead add a retry. If there is no port activity then delay for 120ms,
and re-check for port activity.

Cc: <stable@vger.kernel.org>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20210311115353.2137560-3-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-03-11 13:03:06 +01:00
Stanislaw Gruszka
a4a251f8c2 usb: xhci: do not perform Soft Retry for some xHCI hosts
On some systems rt2800usb and mt7601u devices are unable to operate since
commit f8f80be501 ("xhci: Use soft retry to recover faster from
transaction errors")

Seems that some xHCI controllers can not perform Soft Retry correctly,
affecting those devices.

To avoid the problem add xhci->quirks flag that restore pre soft retry
xhci behaviour for affected xHCI controllers. Currently those are
AMD_PROMONTORYA_4 and AMD_PROMONTORYA_2, since it was confirmed
by the users: on those xHCI hosts issue happen and is gone after
disabling Soft Retry.

[minor commit message rewording for checkpatch -Mathias]

Fixes: f8f80be501 ("xhci: Use soft retry to recover faster from transaction errors")
Cc: <stable@vger.kernel.org> # 4.20+
Reported-by: Bernhard <bernhard.gebetsberger@gmx.at>
Tested-by: Bernhard <bernhard.gebetsberger@gmx.at>
Signed-off-by: Stanislaw Gruszka <stf_xl@wp.pl>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=202541
Link: https://lore.kernel.org/r/20210311115353.2137560-2-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-03-11 13:03:06 +01:00
Daiyue Zhang
14fbbc8297 configfs: fix a use-after-free in __configfs_open_file
Commit b0841eefd9 ("configfs: provide exclusion between IO and removals")
uses ->frag_dead to mark the fragment state, thus no bothering with extra
refcount on config_item when opening a file. The configfs_get_config_item
was removed in __configfs_open_file, but not with config_item_put. So the
refcount on config_item will lost its balance, causing use-after-free
issues in some occasions like this:

Test:
1. Mount configfs on /config with read-only items:
drwxrwx--- 289 root   root            0 2021-04-01 11:55 /config
drwxr-xr-x   2 root   root            0 2021-04-01 11:54 /config/a
--w--w--w-   1 root   root         4096 2021-04-01 11:53 /config/a/1.txt
......

2. Then run:
for file in /config
do
echo $file
grep -R 'key' $file
done

3. __configfs_open_file will be called in parallel, the first one
got called will do:
if (file->f_mode & FMODE_READ) {
	if (!(inode->i_mode & S_IRUGO))
		goto out_put_module;
			config_item_put(buffer->item);
				kref_put()
					package_details_release()
						kfree()

the other one will run into use-after-free issues like this:
BUG: KASAN: use-after-free in __configfs_open_file+0x1bc/0x3b0
Read of size 8 at addr fffffff155f02480 by task grep/13096
CPU: 0 PID: 13096 Comm: grep VIP: 00 Tainted: G        W       4.14.116-kasan #1
TGID: 13096 Comm: grep
Call trace:
dump_stack+0x118/0x160
kasan_report+0x22c/0x294
__asan_load8+0x80/0x88
__configfs_open_file+0x1bc/0x3b0
configfs_open_file+0x28/0x34
do_dentry_open+0x2cc/0x5c0
vfs_open+0x80/0xe0
path_openat+0xd8c/0x2988
do_filp_open+0x1c4/0x2fc
do_sys_open+0x23c/0x404
SyS_openat+0x38/0x48

Allocated by task 2138:
kasan_kmalloc+0xe0/0x1ac
kmem_cache_alloc_trace+0x334/0x394
packages_make_item+0x4c/0x180
configfs_mkdir+0x358/0x740
vfs_mkdir2+0x1bc/0x2e8
SyS_mkdirat+0x154/0x23c
el0_svc_naked+0x34/0x38

Freed by task 13096:
kasan_slab_free+0xb8/0x194
kfree+0x13c/0x910
package_details_release+0x524/0x56c
kref_put+0xc4/0x104
config_item_put+0x24/0x34
__configfs_open_file+0x35c/0x3b0
configfs_open_file+0x28/0x34
do_dentry_open+0x2cc/0x5c0
vfs_open+0x80/0xe0
path_openat+0xd8c/0x2988
do_filp_open+0x1c4/0x2fc
do_sys_open+0x23c/0x404
SyS_openat+0x38/0x48
el0_svc_naked+0x34/0x38

To fix this issue, remove the config_item_put in
__configfs_open_file to balance the refcount of config_item.

Fixes: b0841eefd9 ("configfs: provide exclusion between IO and removals")
Signed-off-by: Daiyue Zhang <zhangdaiyue1@huawei.com>
Signed-off-by: Yi Chen <chenyi77@huawei.com>
Signed-off-by: Ge Qiu <qiuge@huawei.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Christoph Hellwig <hch@lst.de>
2021-03-11 12:13:48 +01:00
Dmitry Monakhov
abbb5f5929 nvme-pci: add the DISABLE_WRITE_ZEROES quirk for a Samsung PM1725a
This adds a quirk for Samsung PM1725a drive which fixes timeouts and
I/O errors due to the fact that the controller does not properly
handle the Write Zeroes command, dmesg log:

nvme nvme0: I/O 528 QID 10 timeout, aborting
nvme nvme0: I/O 529 QID 10 timeout, aborting
nvme nvme0: I/O 530 QID 10 timeout, aborting
nvme nvme0: I/O 531 QID 10 timeout, aborting
nvme nvme0: I/O 532 QID 10 timeout, aborting
nvme nvme0: I/O 533 QID 10 timeout, aborting
nvme nvme0: I/O 534 QID 10 timeout, aborting
nvme nvme0: I/O 535 QID 10 timeout, aborting
nvme nvme0: Abort status: 0x0
nvme nvme0: Abort status: 0x0
nvme nvme0: Abort status: 0x0
nvme nvme0: Abort status: 0x0
nvme nvme0: Abort status: 0x0
nvme nvme0: Abort status: 0x0
nvme nvme0: Abort status: 0x0
nvme nvme0: Abort status: 0x0
nvme nvme0: I/O 528 QID 10 timeout, reset controller
nvme nvme0: controller is down; will reset: CSTS=0x3, PCI_STATUS=0x10
nvme nvme0: Device not ready; aborting reset, CSTS=0x3
nvme nvme0: Device not ready; aborting reset, CSTS=0x3
nvme nvme0: Removing after probe failure status: -19
nvme0n1: detected capacity change from 6251233968 to 0
blk_update_request: I/O error, dev nvme0n1, sector 32776 op 0x1:(WRITE) flags 0x3000 phys_seg 6 prio class 0
blk_update_request: I/O error, dev nvme0n1, sector 113319936 op 0x9:(WRITE_ZEROES) flags 0x800 phys_seg 0 prio class 0
Buffer I/O error on dev nvme0n1p2, logical block 1, lost async page write
blk_update_request: I/O error, dev nvme0n1, sector 113319680 op 0x9:(WRITE_ZEROES) flags 0x0 phys_seg 0 prio class 0
Buffer I/O error on dev nvme0n1p2, logical block 2, lost async page write
blk_update_request: I/O error, dev nvme0n1, sector 113319424 op 0x9:(WRITE_ZEROES) flags 0x0 phys_seg 0 prio class 0
Buffer I/O error on dev nvme0n1p2, logical block 3, lost async page write
blk_update_request: I/O error, dev nvme0n1, sector 113319168 op 0x9:(WRITE_ZEROES) flags 0x0 phys_seg 0 prio class 0
Buffer I/O error on dev nvme0n1p2, logical block 4, lost async page write
blk_update_request: I/O error, dev nvme0n1, sector 113318912 op 0x9:(WRITE_ZEROES) flags 0x0 phys_seg 0 prio class 0
Buffer I/O error on dev nvme0n1p2, logical block 5, lost async page write
blk_update_request: I/O error, dev nvme0n1, sector 113318656 op 0x9:(WRITE_ZEROES) flags 0x0 phys_seg 0 prio class 0
Buffer I/O error on dev nvme0n1p2, logical block 6, lost async page write
blk_update_request: I/O error, dev nvme0n1, sector 113318400 op 0x9:(WRITE_ZEROES) flags 0x0 phys_seg 0 prio class 0
blk_update_request: I/O error, dev nvme0n1, sector 113318144 op 0x9:(WRITE_ZEROES) flags 0x0 phys_seg 0 prio class 0
blk_update_request: I/O error, dev nvme0n1, sector 113317888 op 0x9:(WRITE_ZEROES) flags 0x0 phys_seg 0 prio class 0

Signed-off-by: Dmitry Monakhov <dmtrmonakhov@yandex-team.ru>
Signed-off-by: Christoph Hellwig <hch@lst.de>
2021-03-11 11:48:54 +01:00
Lv Yunlong
abec6561fc nvme-rdma: Fix a use after free in nvmet_rdma_write_data_done
In nvmet_rdma_write_data_done, rsp is recoverd by wc->wr_cqe and freed by
nvmet_rdma_release_rsp(). But after that, pr_info() used the freed
chunk's member object and could leak the freed chunk address with
wc->wr_cqe by computing the offset.

Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Signed-off-by: Christoph Hellwig <hch@lst.de>
2021-03-11 11:48:35 +01:00
Chaitanya Kulkarni
0ec84df495 nvme-core: check ctrl css before setting up zns
Ensure multiple Command Sets are supported before starting to setup a
ZNS namespace.

Signed-off-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
[hch: move the check around a bit]
Signed-off-by: Christoph Hellwig <hch@lst.de>
2021-03-11 11:48:35 +01:00
James Smart
f20ef34d71 nvme-fc: fix racing controller reset and create association
Recent patch to prevent calling __nvme_fc_abort_outstanding_ios in
interrupt context results in a possible race condition. A controller
reset results in errored io completions, which schedules error
work. The change of error work to a work element allows it to fire
after the ctrl state transition to NVME_CTRL_CONNECTING, causing
any outstanding io (used to initialize the controller) to fail and
cause problems for connect_work.

Add a state check to only schedule error work if not in the RESETTING
state.

Fixes: 19fce0470f ("nvme-fc: avoid calling _nvme_fc_abort_outstanding_ios from interrupt context")
Signed-off-by: Nigel Kirkland <nkirkland2304@gmail.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
2021-03-11 11:48:35 +01:00