14 Dec, 2020

10 commits

  • Jailhouse allows explicitly enabled cells to write character-wise
    messages to the hypervisor debug console. Make use of this for a
    platform-agnostic boot diagnosis channel, specifically for non-root
    cells. This also comes with earlycon support.

    Signed-off-by: Jan Kiszka

    Jan Kiszka
     
  • This is a simple demo for creating a virtio-over-ivshmem backend driver
    for a virtio block device.

    TODO:
    - resolve hacks
    - extract common bits to be shared with similar backends.

    Note: Specification work for virtio-over-ivshmem is ongoing, so details
    may still change.

    Signed-off-by: Jan Kiszka

    Jan Kiszka
     
  • This is a simple demo for creating a virtio-over-ivshmem backend driver
    for a virtio console.

    TODO:
    - resolve hacks
    - extract common bits to be shared with similar backends.

    Note: Specification work for virtio-over-ivshmem is ongoing, so details
    may still change.

    Signed-off-by: Jan Kiszka

    Jan Kiszka
     
  • This provides a virtio transport driver over the Inter-VM shared memory
    device as found in QEMU and the Jailhouse hypervisor.

    ...

    Note: Specification work for both ivshmem and the virtio transport is
    ongoing, so details may still change.

    Signed-off-by: Jan Kiszka

    Jan Kiszka
     
  • This adds a UIO driver the ivshmem device, found in QEMU and the
    Jailhouse hypervisor. It exposes the MMIO register region and all shared
    memory section to userspace. Interrupts are configured in one-shot mode
    so that userspace needs to re-enable them after each event via the
    Interrupt Control register. The driver registers all possible MSI-X
    vectors, coalescing them into the single notifier UIO provides.

    Note: Specification work for the interface is ongoing, so details may
    still change.

    Signed-off-by: Jan Kiszka

    Jan Kiszka
     
  • Common defines and structures for the ivshmem device.

    Signed-off-by: Jan Kiszka

    Jan Kiszka
     
  • This allows to tag memory regions read-only, denying userspace to map
    them writable. Default remains read/write.

    Signed-off-by: Jan Kiszka

    Jan Kiszka
     
  • Linus Torvalds
     
  • Pull x86 fixes from Thomas Gleixner:
    "A set of x86 and membarrier fixes:

    - Correct a few problems in the x86 and the generic membarrier
    implementation. Small corrections for assumptions about visibility
    which have turned out not to be true.

    - Make the PAT bits for memory encryption correct vs 4K and 2M/1G
    page table entries as they are at a different location.

    - Fix a concurrency issue in the the local bandwidth readout of
    resource control leading to incorrect values

    - Fix the ordering of allocating a vector for an interrupt. The order
    missed to respect the provided cpumask when the first attempt of
    allocating node local in the mask fails. It then tries the node
    instead of trying the full provided mask first. This leads to
    erroneous error messages and breaking the (user) supplied affinity
    request. Reorder it.

    - Make the INT3 padding detection in optprobe work correctly"

    * tag 'x86-urgent-2020-12-13' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
    x86/kprobes: Fix optprobe to detect INT3 padding correctly
    x86/apic/vector: Fix ordering in vector assignment
    x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled
    x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP
    membarrier: Execute SYNC_CORE on the calling thread
    membarrier: Explicitly sync remote cores when SYNC_CORE is requested
    membarrier: Add an actual barrier before rseq_preempt()
    x86/membarrier: Get rid of a dubious optimization

    Linus Torvalds
     
  • Pull block fixes from Jens Axboe:
    "This should be it for 5.10.

    Mike and Song looked into the warning case, and thankfully it appears
    the fix was pretty trivial - we can just change the md device chunk
    type to unsigned int to get rid of it. They cannot currently be < 0,
    and nobody is checking for that either.

    We're reverting the discard changes as the corruption reports came in
    very late, and there's just no time to attempt to deal with it at this
    point. Reverting the changes in question is the right call for 5.10"

    * tag 'block-5.10-2020-12-12' of git://git.kernel.dk/linux-block:
    md: change mddev 'chunk_sectors' from int to unsigned
    Revert "md: add md_submit_discard_bio() for submitting discard bio"
    Revert "md/raid10: extend r10bio devs to raid disks"
    Revert "md/raid10: pull codes that wait for blocked dev into one function"
    Revert "md/raid10: improve raid10 discard request"
    Revert "md/raid10: improve discard request for far layout"
    Revert "dm raid: remove unnecessary discard limits for raid10"

    Linus Torvalds
     

13 Dec, 2020

8 commits

  • Pull SCSI fixes from James Bottomley:
    "Five small fixes. Four in drivers:

    - hisi_sas: fix internal queue timeout

    - be2iscsi: revert a prior fix causing problems

    - bnx2i: add missing dependency

    - storvsc: late arriving revert of a problem fix

    and one in the core.

    The core one is a minor change to stop paying attention to the busy
    count when returning out of resources because there's a race window
    where the queue might not restart due to missing returning I/O"

    * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
    Revert "scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback()"
    scsi: hisi_sas: Select a suitable queue for internal I/Os
    scsi: core: Fix race between handling STS_RESOURCE and completion
    scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()"
    scsi: bnx2i: Requires MMU

    Linus Torvalds
     
  • Pull i2c fix from Wolfram Sang:
    "Bugfix for the AT24 EEPROM driver"

    * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
    misc: eeprom: at24: fix NVMEM name with custom AT24 device name

    Linus Torvalds
     
  • Pull kvm fixes from Paolo Bonzini:
    "Bugfixes for ARM, x86 and tools"

    * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
    tools/kvm_stat: Exempt time-based counters
    KVM: mmu: Fix SPTE encoding of MMIO generation upper half
    kvm: x86/mmu: Use cpuid to determine max gfn
    kvm: svm: de-allocate svm_cpu_data for all cpus in svm_cpu_uninit()
    selftests: kvm/set_memory_region_test: Fix race in move region test
    KVM: arm64: Add usage of stage 2 fault lookup level in user_mem_abort()
    KVM: arm64: Fix handling of merging tables into a block entry
    KVM: arm64: Fix memory leak on stage2 update of a valid PTE

    Linus Torvalds
     
  • Pull xen fixes from Juergen Gross:
    "A short series fixing a regression introduced in 5.9 for running as
    Xen dom0 on a system with NVMe backed storage"

    * tag 'for-linus-5.10c-rc8-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
    xen: don't use page->lru for ZONE_DEVICE memory
    xen: add helpers for caching grant mapping pages

    Linus Torvalds
     
  • Pull RISC-V fix from Palmer Dabbelt:
    "Just one fix. It's nothing critical, just a randconfig that wasn't
    building. That said, it does seem pretty safe and is technically a
    regression so I'm sending it along for 5.10:

    - define get_cycles64() all the time, as it's used by most
    configurations"

    * tag 'riscv-for-linus-5.10-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
    RISC-V: Define get_cycles64() regardless of M-mode

    Linus Torvalds
     
  • Pull io_uring fixes from Jens Axboe:
    "Two fixes in here, fixing issues introduced in this merge window"

    * tag 'io_uring-5.10-2020-12-11' of git://git.kernel.dk/linux-block:
    io_uring: fix file leak on error path of io ctx creation
    io_uring: fix mis-seting personality's creds

    Linus Torvalds
     
  • Pull input fixes from Dmitry Torokhov:

    - a fix for cm109 stomping on its own control URB if it tries to toggle
    buzzer immediately after userspace opens input device (found by
    syzcaller)

    - another fix for Raydium touchscreens that do not like splitting
    command transfers

    - quirks for i8042, soc_button_array, and goodix drivers to make them
    work better with certain hardware.

    * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
    Input: goodix - add upside-down quirk for Teclast X98 Pro tablet
    Input: cm109 - do not stomp on control URB
    Input: i8042 - add Acer laptops to the i8042 reset list
    Input: cros_ec_keyb - send 'scancodes' in addition to key events
    Input: soc_button_array - add Lenovo Yoga Tablet2 1051L to the dmi_use_low_level_irq list
    Input: raydium_ts_i2c - do not split tx transactions

    Linus Torvalds
     
  • Commit e2782f560c29 ("Revert "dm raid: remove unnecessary discard
    limits for raid10"") exposed compiler warnings introduced by commit
    e0910c8e4f87 ("dm raid: fix discard limits for raid1 and raid10"):

    In file included from ./include/linux/kernel.h:14,
    from ./include/asm-generic/bug.h:20,
    from ./arch/x86/include/asm/bug.h:93,
    from ./include/linux/bug.h:5,
    from ./include/linux/mmdebug.h:5,
    from ./include/linux/gfp.h:5,
    from ./include/linux/slab.h:15,
    from drivers/md/dm-raid.c:8:
    drivers/md/dm-raid.c: In function ‘raid_io_hints’:
    ./include/linux/minmax.h:18:28: warning: comparison of distinct pointer types lacks a cast
    (!!(sizeof((typeof(x) *)1 == (typeof(y) *)1)))
    ^~
    ./include/linux/minmax.h:32:4: note: in expansion of macro ‘__typecheck’
    (__typecheck(x, y) && __no_side_effects(x, y))
    ^~~~~~~~~~~
    ./include/linux/minmax.h:42:24: note: in expansion of macro ‘__safe_cmp’
    __builtin_choose_expr(__safe_cmp(x, y), \
    ^~~~~~~~~~
    ./include/linux/minmax.h:51:19: note: in expansion of macro ‘__careful_cmp’
    #define min(x, y) __careful_cmp(x, y, max_discard_sectors = min_not_zero(rs->md.chunk_sectors,
    ^~~~~~~~~~~~

    Fix this by changing the chunk_sectors member of 'struct mddev' from
    int to 'unsigned int' to match the type used for the 'chunk_sectors'
    member of 'struct queue_limits'. Various MD code still uses 'int' but
    none of it appears to ever make use of signed int; and storing
    positive signed int in unsigned is perfectly safe.

    Reported-by: Song Liu
    Fixes: e2782f560c29 ("Revert "dm raid: remove unnecessary discard limits for raid10"")
    Fixes: e0910c8e4f87 ("dm raid: fix discard limits for raid1 and raid10")
    Cc: stable@vger,kernel.org # e0910c8e4f87 was marked for stable@
    Signed-off-by: Mike Snitzer
    Reviewed-by: Song Liu
    Signed-off-by: Jens Axboe

    Mike Snitzer
     

12 Dec, 2020

22 commits

  • Commit

    7705dc855797 ("x86/vmlinux: Use INT3 instead of NOP for linker fill bytes")

    changed the padding bytes between functions from NOP to INT3. However,
    when optprobe decodes a target function it finds INT3 and gives up the
    jump optimization.

    Instead of giving up any INT3 detection, check whether the rest of the
    bytes to the end of the function are INT3. If all of them are INT3,
    those come from the linker. In that case, continue the optprobe jump
    optimization.

    [ bp: Massage commit message. ]

    Fixes: 7705dc855797 ("x86/vmlinux: Use INT3 instead of NOP for linker fill bytes")
    Reported-by: Adam Zabrocki
    Signed-off-by: Masami Hiramatsu
    Signed-off-by: Borislav Petkov
    Reviewed-by: Steven Rostedt (VMware)
    Reviewed-by: Kees Cook
    Cc: stable@vger.kernel.org
    Link: https://lkml.kernel.org/r/160767025681.3880685.16021570341428835411.stgit@devnote2

    Masami Hiramatsu
     
  • The touchscreen on the Teclast x98 Pro is also mounted upside-down in
    relation to the display orientation.

    Signed-off-by: Simon Beginn
    Signed-off-by: Bastien Nocera
    Link: https://lore.kernel.org/r/20201117004253.27A5A27EFD@localhost
    Signed-off-by: Dmitry Torokhov

    Simon Beginn
     
  • The new counters halt_poll_success_ns and halt_poll_fail_ns do not count
    events. Instead they provide a time, and mess up our statistics. Therefore,
    we should exclude them.
    Removal is currently implemented with an exempt list. If more counters like
    these appear, we can think about a more general rule like excluding all
    fields name "*_ns", in case that's a standing convention.

    Signed-off-by: Stefan Raspl
    Tested-and-reported-by: Christian Borntraeger
    Message-Id:
    Signed-off-by: Paolo Bonzini

    Stefan Raspl
     
  • Commit cae7ed3c2cb0 ("KVM: x86: Refactor the MMIO SPTE generation handling")
    cleaned up the computation of MMIO generation SPTE masks, however it
    introduced a bug how the upper part was encoded:
    SPTE bits 52-61 were supposed to contain bits 10-19 of the current
    generation number, however a missing shift encoded bits 1-10 there instead
    (mostly duplicating the lower part of the encoded generation number that
    then consisted of bits 1-9).

    In the meantime, the upper part was shrunk by one bit and moved by
    subsequent commits to become an upper half of the encoded generation number
    (bits 9-17 of bits 0-17 encoded in a SPTE).

    In addition to the above, commit 56871d444bc4 ("KVM: x86: fix overlap between SPTE_MMIO_MASK and generation")
    has changed the SPTE bit range assigned to encode the generation number and
    the total number of bits encoded but did not update them in the comment
    attached to their defines, nor in the KVM MMU doc.
    Let's do it here, too, since it is too trivial thing to warrant a separate
    commit.

    Fixes: cae7ed3c2cb0 ("KVM: x86: Refactor the MMIO SPTE generation handling")
    Signed-off-by: Maciej S. Szmigiero
    Message-Id:
    Cc: stable@vger.kernel.org
    [Reorganize macros so that everything is computed from the bit ranges. - Paolo]
    Signed-off-by: Paolo Bonzini

    Maciej S. Szmigiero
     
  • Pull mtd fixes from Miquel Raynal:
    "Second series of fixes for raw NAND drivers initiated because of a
    rework of the ECC engine subsystem.

    The location of the DT parsing logic got moved, breaking several
    drivers which in fact were not doing the ECC engine initialization at
    the right place.

    These drivers have been fixed by enforcing a particular ECC engine
    type and algorithm, software Hamming, while the algorithm may be
    overwritten by a DT property. This merge request fixes this in the
    xway, socrates, plat_nand, pasemi, orion, mpc5121, gpio, au1550 and
    ams-delta controller drivers"

    * tag 'mtd/fixes-for-5.10-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux:
    mtd: rawnand: xway: Do not force a particular software ECC engine
    mtd: rawnand: socrates: Do not force a particular software ECC engine
    mtd: rawnand: plat_nand: Do not force a particular software ECC engine
    mtd: rawnand: pasemi: Do not force a particular software ECC engine
    mtd: rawnand: orion: Do not force a particular software ECC engine
    mtd: rawnand: mpc5121: Do not force a particular software ECC engine
    mtd: rawnand: gpio: Do not force a particular software ECC engine
    mtd: rawnand: au1550: Do not force a particular software ECC engine
    mtd: rawnand: ams-delta: Do not force a particular software ECC engine

    Linus Torvalds
     
  • Pull MMC fixes from Ulf Hansson:
    "A couple of MMC fixes:

    MMC core:
    - Fixup condition for CMD13 polling for RPMB requests

    MMC host:
    - mtk-sd: Fix system suspend/resume support for CQHCI
    - mtd-sd: Extend SDIO IRQ fix to more variants
    - sdhci-of-arasan: Fix clock registration error for Keem Bay SOC
    - tmio: Bring HW to a sane state after a power off"

    * tag 'mmc-v5.10-rc4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
    mmc: mediatek: mark PM functions as __maybe_unused
    mmc: block: Fixup condition for CMD13 polling for RPMB requests
    mmc: tmio: improve bringing HW to a sane state with MMC_POWER_OFF
    mmc: sdhci-of-arasan: Fix clock registration error for Keem Bay SOC
    mmc: mediatek: Extend recheck_sdio_irq fix to more variants
    mmc: mediatek: Fix system suspend/resume support for CQHCI

    Linus Torvalds
     
  • …t/brgl/linux into i2c/for-current

    at24 fixes for v5.10

    - fix NVMEM name with custom AT24 device name

    Wolfram Sang
     
  • Pull zonefs fix from Damien Le Moal:
    "A single patch in this pull request to fix a BIO and page reference
    leak when writing sequential zone files"

    * tag 'zonefs-5.10-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/zonefs:
    zonefs: fix page reference and BIO leak

    Linus Torvalds
     
  • Remove bpf_ prefix, which causes these helpers to be reported in verifier
    dump as bpf_bpf_this_cpu_ptr() and bpf_bpf_per_cpu_ptr(), respectively. Lets
    fix it as long as it is still possible before UAPI freezes on these helpers.

    Fixes: eaa6bcb71ef6 ("bpf: Introduce bpf_per_cpu_ptr()")
    Signed-off-by: Andrii Nakryiko
    Signed-off-by: Alexei Starovoitov
    Signed-off-by: Daniel Borkmann
    Signed-off-by: Linus Torvalds

    Andrii Nakryiko
     
  • Merge misc fixes from Andrew Morton:
    "8 patches.

    Subsystems affected by this patch series: proc, selftests, kbuild, and
    mm (pagecache, kasan, hugetlb)"

    * emailed patches from Andrew Morton :
    mm/hugetlb: clear compound_nr before freeing gigantic pages
    kasan: fix object remaining in offline per-cpu quarantine
    elfcore: fix building with clang
    initramfs: fix clang build failure
    kbuild: avoid static_assert for genksyms
    selftest/fpu: avoid clang warning
    proc: use untagged_addr() for pagemap_read addresses
    revert "mm/filemap: add static for function __add_to_page_cache_locked"

    Linus Torvalds
     
  • Commit 1378a5ee451a ("mm: store compound_nr as well as compound_order")
    added compound_nr counter to first tail struct page, overlaying with
    page->mapping. The overlay itself is fine, but while freeing gigantic
    hugepages via free_contig_range(), a "bad page" check will trigger for
    non-NULL page->mapping on the first tail page:

    BUG: Bad page state in process bash pfn:380001
    page:00000000c35f0856 refcount:0 mapcount:0 mapping:00000000126b68aa index:0x0 pfn:0x380001
    aops:0x0
    flags: 0x3ffff00000000000()
    raw: 3ffff00000000000 0000000000000100 0000000000000122 0000000100000000
    raw: 0000000000000000 0000000000000000 ffffffff00000000 0000000000000000
    page dumped because: non-NULL mapping
    Modules linked in:
    CPU: 6 PID: 616 Comm: bash Not tainted 5.10.0-rc7-next-20201208 #1
    Hardware name: IBM 3906 M03 703 (LPAR)
    Call Trace:
    show_stack+0x6e/0xe8
    dump_stack+0x90/0xc8
    bad_page+0xd6/0x130
    free_pcppages_bulk+0x26a/0x800
    free_unref_page+0x6e/0x90
    free_contig_range+0x94/0xe8
    update_and_free_page+0x1c4/0x2c8
    free_pool_huge_page+0x11e/0x138
    set_max_huge_pages+0x228/0x300
    nr_hugepages_store_common+0xb8/0x130
    kernfs_fop_write+0xd2/0x218
    vfs_write+0xb0/0x2b8
    ksys_write+0xac/0xe0
    system_call+0xe6/0x288
    Disabling lock debugging due to kernel taint

    This is because only the compound_order is cleared in
    destroy_compound_gigantic_page(), and compound_nr is set to
    1U << order == 1 for order 0 in set_compound_order(page, 0).

    Fix this by explicitly clearing compound_nr for first tail page after
    calling set_compound_order(page, 0).

    Link: https://lkml.kernel.org/r/20201208182813.66391-2-gerald.schaefer@linux.ibm.com
    Fixes: 1378a5ee451a ("mm: store compound_nr as well as compound_order")
    Signed-off-by: Gerald Schaefer
    Reviewed-by: Matthew Wilcox (Oracle)
    Cc: Heiko Carstens
    Cc: Mike Kravetz
    Cc: Christian Borntraeger
    Cc: [5.9+]
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Gerald Schaefer
     
  • We hit this issue in our internal test. When enabling generic kasan, a
    kfree()'d object is put into per-cpu quarantine first. If the cpu goes
    offline, object still remains in the per-cpu quarantine. If we call
    kmem_cache_destroy() now, slub will report "Objects remaining" error.

    =============================================================================
    BUG test_module_slab (Not tainted): Objects remaining in test_module_slab on __kmem_cache_shutdown()
    -----------------------------------------------------------------------------

    Disabling lock debugging due to kernel taint
    INFO: Slab 0x(____ptrval____) objects=34 used=1 fp=0x(____ptrval____) flags=0x2ffff00000010200
    CPU: 3 PID: 176 Comm: cat Tainted: G B 5.10.0-rc1-00007-g4525c8781ec0-dirty #10
    Hardware name: linux,dummy-virt (DT)
    Call trace:
    dump_backtrace+0x0/0x2b0
    show_stack+0x18/0x68
    dump_stack+0xfc/0x168
    slab_err+0xac/0xd4
    __kmem_cache_shutdown+0x1e4/0x3c8
    kmem_cache_destroy+0x68/0x130
    test_version_show+0x84/0xf0
    module_attr_show+0x40/0x60
    sysfs_kf_seq_show+0x128/0x1c0
    kernfs_seq_show+0xa0/0xb8
    seq_read+0x1f0/0x7e8
    kernfs_fop_read+0x70/0x338
    vfs_read+0xe4/0x250
    ksys_read+0xc8/0x180
    __arm64_sys_read+0x44/0x58
    el0_svc_common.constprop.0+0xac/0x228
    do_el0_svc+0x38/0xa0
    el0_sync_handler+0x170/0x178
    el0_sync+0x174/0x180
    INFO: Object 0x(____ptrval____) @offset=15848
    INFO: Allocated in test_version_show+0x98/0xf0 age=8188 cpu=6 pid=172
    stack_trace_save+0x9c/0xd0
    set_track+0x64/0xf0
    alloc_debug_processing+0x104/0x1a0
    ___slab_alloc+0x628/0x648
    __slab_alloc.isra.0+0x2c/0x58
    kmem_cache_alloc+0x560/0x588
    test_version_show+0x98/0xf0
    module_attr_show+0x40/0x60
    sysfs_kf_seq_show+0x128/0x1c0
    kernfs_seq_show+0xa0/0xb8
    seq_read+0x1f0/0x7e8
    kernfs_fop_read+0x70/0x338
    vfs_read+0xe4/0x250
    ksys_read+0xc8/0x180
    __arm64_sys_read+0x44/0x58
    el0_svc_common.constprop.0+0xac/0x228
    kmem_cache_destroy test_module_slab: Slab cache still has objects

    Register a cpu hotplug function to remove all objects in the offline
    per-cpu quarantine when cpu is going offline. Set a per-cpu variable to
    indicate this cpu is offline.

    [qiang.zhang@windriver.com: fix slab double free when cpu-hotplug]
    Link: https://lkml.kernel.org/r/20201204102206.20237-1-qiang.zhang@windriver.com

    Link: https://lkml.kernel.org/r/1606895585-17382-2-git-send-email-Kuan-Ying.Lee@mediatek.com
    Signed-off-by: Kuan-Ying Lee
    Signed-off-by: Zqiang
    Suggested-by: Dmitry Vyukov
    Reported-by: Guangye Yang
    Reviewed-by: Dmitry Vyukov
    Cc: Andrey Ryabinin
    Cc: Alexander Potapenko
    Cc: Matthias Brugger
    Cc: Nicholas Tang
    Cc: Miles Chen
    Cc: Qian Cai
    Cc: Stephen Rothwell
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Kuan-Ying Lee
     
  • kernel/elfcore.c only contains weak symbols, which triggers a bug with
    clang in combination with recordmcount:

    Cannot find symbol for section 2: .text.
    kernel/elfcore.o: failed

    Move the empty stubs into linux/elfcore.h as inline functions. As only
    two architectures use these, just use the architecture specific Kconfig
    symbols to key off the declaration.

    Link: https://lkml.kernel.org/r/20201204165742.3815221-2-arnd@kernel.org
    Signed-off-by: Arnd Bergmann
    Cc: Nathan Chancellor
    Cc: Nick Desaulniers
    Cc: Barret Rhoden
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Arnd Bergmann
     
  • There is only one function in init/initramfs.c that is in the .text
    section, and it is marked __weak. When building with clang-12 and the
    integrated assembler, this leads to a bug with recordmcount:

    ./scripts/recordmcount "init/initramfs.o"
    Cannot find symbol for section 2: .text.
    init/initramfs.o: failed

    I'm not quite sure what exactly goes wrong, but I notice that this
    function is only ever called from an __init function, and normally
    inlined. Marking it __init as well is clearly correct and it leads to
    recordmcount no longer complaining.

    Link: https://lkml.kernel.org/r/20201204165742.3815221-1-arnd@kernel.org
    Signed-off-by: Arnd Bergmann
    Cc: Nathan Chancellor
    Cc: Nick Desaulniers
    Cc: Barret Rhoden
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Arnd Bergmann
     
  • genksyms does not know or care about the _Static_assert() built-in, and
    sometimes falls back to ignoring the later symbols, which causes
    undefined behavior such as

    WARNING: modpost: EXPORT symbol "ethtool_set_ethtool_phy_ops" [vmlinux] version generation failed, symbol will not be versioned.
    ld: net/ethtool/common.o: relocation R_AARCH64_ABS32 against `__crc_ethtool_set_ethtool_phy_ops' can not be used when making a shared object
    net/ethtool/common.o:(_ftrace_annotated_branch+0x0): dangerous relocation: unsupported relocation

    Redefine static_assert for genksyms to avoid that.

    Link: https://lkml.kernel.org/r/20201203230955.1482058-1-arnd@kernel.org
    Signed-off-by: Arnd Bergmann
    Suggested-by: Ard Biesheuvel
    Cc: Masahiro Yamada
    Cc: Michal Marek
    Cc: Kees Cook
    Cc: Rikard Falkeborn
    Cc: Marco Elver
    Cc:
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Arnd Bergmann
     
  • With extra warnings enabled, clang complains about the redundant
    -mhard-float argument:

    clang: error: argument unused during compilation: '-mhard-float' [-Werror,-Wunused-command-line-argument]

    Move this into the gcc-only part of the Makefile.

    Link: https://lkml.kernel.org/r/20201203223652.1320700-1-arnd@kernel.org
    Fixes: 4185b3b92792 ("selftests/fpu: Add an FPU selftest")
    Signed-off-by: Arnd Bergmann
    Cc: Nathan Chancellor
    Cc: Nick Desaulniers
    Cc: Petteri Aimonen
    Cc: Borislav Petkov
    Cc: Arnd Bergmann
    Cc: Andy Shevchenko
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Arnd Bergmann
     
  • When we try to visit the pagemap of a tagged userspace pointer, we find
    that the start_vaddr is not correct because of the tag.
    To fix it, we should untag the userspace pointers in pagemap_read().

    I tested with 5.10-rc4 and the issue remains.

    Explanation from Catalin in [1]:

    "Arguably, that's a user-space bug since tagged file offsets were never
    supported. In this case it's not even a tag at bit 56 as per the arm64
    tagged address ABI but rather down to bit 47. You could say that the
    problem is caused by the C library (malloc()) or whoever created the
    tagged vaddr and passed it to this function. It's not a kernel
    regression as we've never supported it.

    Now, pagemap is a special case where the offset is usually not
    generated as a classic file offset but rather derived by shifting a
    user virtual address. I guess we can make a concession for pagemap
    (only) and allow such offset with the tag at bit (56 - PAGE_SHIFT + 3)"

    My test code is based on [2]:

    A userspace pointer which has been tagged by 0xb4: 0xb400007662f541c8

    userspace program:

    uint64 OsLayer::VirtualToPhysical(void *vaddr) {
    uint64 frame, paddr, pfnmask, pagemask;
    int pagesize = sysconf(_SC_PAGESIZE);
    off64_t off = ((uintptr_t)vaddr) / pagesize * 8; // off = 0xb400007662f541c8 / pagesize * 8 = 0x5a00003b317aa0
    int fd = open(kPagemapPath, O_RDONLY);
    ...

    if (lseek64(fd, off, SEEK_SET) != off || read(fd, &frame, 8) != 8) {
    int err = errno;
    string errtxt = ErrorString(err);
    if (fd >= 0)
    close(fd);
    return 0;
    }
    ...
    }

    kernel fs/proc/task_mmu.c:

    static ssize_t pagemap_read(struct file *file, char __user *buf,
    size_t count, loff_t *ppos)
    {
    ...
    src = *ppos;
    svpfn = src / PM_ENTRY_BYTES; // svpfn == 0xb400007662f54
    start_vaddr = svpfn << PAGE_SHIFT; // start_vaddr == 0xb400007662f54000
    end_vaddr = mm->task_size;

    /* watch out for wraparound */
    // svpfn == 0xb400007662f54
    // (mm->task_size >> PAGE) == 0x8000000
    if (svpfn > mm->task_size >> PAGE_SHIFT) // the condition is true because of the tag 0xb4
    start_vaddr = end_vaddr;

    ret = 0;
    while (count && (start_vaddr < end_vaddr)) { // we cannot visit correct entry because start_vaddr is set to end_vaddr
    int len;
    unsigned long end;
    ...
    }
    ...
    }

    [1] https://lore.kernel.org/patchwork/patch/1343258/
    [2] https://github.com/stressapptest/stressapptest/blob/master/src/os.cc#L158

    Link: https://lkml.kernel.org/r/20201204024347.8295-1-miles.chen@mediatek.com
    Signed-off-by: Miles Chen
    Reviewed-by: Vincenzo Frascino
    Reviewed-by: Catalin Marinas
    Cc: Alexey Dobriyan
    Cc: Andrey Konovalov
    Cc: Alexander Potapenko
    Cc: Vincenzo Frascino
    Cc: Andrey Ryabinin
    Cc: Catalin Marinas
    Cc: Dmitry Vyukov
    Cc: Marco Elver
    Cc: Will Deacon
    Cc: Eric W. Biederman
    Cc: Song Bao Hua (Barry Song)
    Cc: [5.4-]
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Miles Chen
     
  • Revert commit 3351b16af494 ("mm/filemap: add static for function
    __add_to_page_cache_locked") due to incompatibility with
    ALLOW_ERROR_INJECTION which result in build errors.

    Link: https://lkml.kernel.org/r/CAADnVQJ6tmzBXvtroBuEH6QA0H+q7yaSKxrVvVxhqr3KBZdEXg@mail.gmail.com
    Tested-by: Justin Forbes
    Tested-by: Greg Thelen
    Acked-by: Alexei Starovoitov
    Cc: Michal Kubecek
    Cc: Alex Shi
    Cc: Souptick Joarder
    Cc: Daniel Borkmann
    Cc: Josef Bacik
    Cc: Tony Luck
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Andrew Morton
     
  • We need to make sure we are not stomping on the control URB that was
    issued when opening the device when attempting to toggle buzzer.
    To do that we need to mark it as pending in cm109_open().

    Reported-and-tested-by: syzbot+150f793ac5bc18eee150@syzkaller.appspotmail.com
    Cc: stable@vger.kernel.org
    Signed-off-by: Dmitry Torokhov

    Dmitry Torokhov
     
  • Originally, commit d7157ff49a5b ("mtd: rawnand: Use the ECC framework
    user input parsing bits") kind of broke the logic around the
    initialization of several ECC engines.

    Unfortunately, the fix (which indeed moved the ECC initialization to
    the right place) did not take into account the fact that a different
    ECC algorithm could have been used thanks to a DT property,
    considering the "Hamming" algorithm entry a configuration while it was
    only a default.

    Add the necessary logic to be sure Hamming keeps being only a default.

    Fixes: d525914b5bd8 ("mtd: rawnand: xway: Move the ECC initialization to ->attach_chip()")
    Signed-off-by: Miquel Raynal
    Link: https://lore.kernel.org/linux-mtd/20201203190340.15522-10-miquel.raynal@bootlin.com

    Miquel Raynal
     
  • Originally, commit d7157ff49a5b ("mtd: rawnand: Use the ECC framework
    user input parsing bits") kind of broke the logic around the
    initialization of several ECC engines.

    Unfortunately, the fix (which indeed moved the ECC initialization to
    the right place) did not take into account the fact that a different
    ECC algorithm could have been used thanks to a DT property,
    considering the "Hamming" algorithm entry a configuration while it was
    only a default.

    Add the necessary logic to be sure Hamming keeps being only a default.

    Fixes: b36bf0a0fe5d ("mtd: rawnand: socrates: Move the ECC initialization to ->attach_chip()")
    Signed-off-by: Miquel Raynal
    Link: https://lore.kernel.org/linux-mtd/20201203190340.15522-9-miquel.raynal@bootlin.com

    Miquel Raynal
     
  • Originally, commit d7157ff49a5b ("mtd: rawnand: Use the ECC framework
    user input parsing bits") kind of broke the logic around the
    initialization of several ECC engines.

    Unfortunately, the fix (which indeed moved the ECC initialization to
    the right place) did not take into account the fact that a different
    ECC algorithm could have been used thanks to a DT property,
    considering the "Hamming" algorithm entry a configuration while it was
    only a default.

    Add the necessary logic to be sure Hamming keeps being only a default.

    Fixes: 612e048e6aab ("mtd: rawnand: plat_nand: Move the ECC initialization to ->attach_chip()")
    Signed-off-by: Miquel Raynal
    Link: https://lore.kernel.org/linux-mtd/20201203190340.15522-8-miquel.raynal@bootlin.com

    Miquel Raynal