[PATCH 5.0 014/139] vsock/virtio: Initialize core virtio vsock before registering the driver

From: "Jorge E. Moreira" [ Upstream commit ba95e5dfd36647622d8897a2a0470dde60e59ffd ] Avoid a race in which static variables in net/vmw_vsock/af_vsock.c are accessed (while handling interrupts) before they are initialized. [4.201410] BUG: unable to handle kernel paging request at ff

[PATCH 5.0 035/139] md: add mddev->pers to avoid potential NULL pointer dereference

From: Yufen Yu commit ee37e62191a59d253fc916b9fc763deb777211e2 upstream. When doing re-add, we need to ensure rdev->mddev->pers is not NULL, which can avoid potential NULL pointer derefence in fallowing add_bound_rdev(). Fixes: a6da4ef85cef ("md: re-add a failed disk") Cc: Xiao Ni Cc: NeilBrow

[PATCH 5.0 033/139] Revert "MD: fix lock contention for flush bios"

From: NeilBrown commit 4bc034d35377196c854236133b07730a777c4aba upstream. This reverts commit 5a409b4f56d50b212334f338cb8465d65550cd85. This patch has two problems. 1/ it make multiple calls to submit_bio() from inside a make_request_fn. The bios thus submitted will be queued on current->bio_

[PATCH 5.0 044/139] media: ov6650: Fix sensor possibly not detected on probe

From: Janusz Krzysztofik commit 933c1320847f5ed6b61a7d10f0a948aa98ccd7b0 upstream. After removal of clock_start() from before soc_camera_init_i2c() in soc_camera_probe() by commit 9aea470b399d ("[media] soc-camera: switch I2C subdevice drivers to use v4l2-clk") introduced in v3.11, the ov6650 dr

[PATCH 5.0 037/139] dcache: sort the freeing-without-RCU-delay mess for good.

From: Al Viro commit 5467a68cbf6884c9a9d91e2a89140afb1839c835 upstream. For lockless accesses to dentries we don't have pinned we rely (among other things) upon having an RCU delay between dropping the last reference and actually freeing the memory. On the other hand, for things like pipes and

[PATCH 5.0 050/139] PNFS fallback to MDS if no deviceid found

From: Olga Kornievskaia commit b1029c9bc078a6f1515f55dd993b507dcc7e3440 upstream. If we fail to find a good deviceid while trying to pnfs instead of propogating an error back fallback to doing IO to the MDS. Currently, code with fals the IO with EINVAL. Signed-off-by: Olga Kornievskaia Fixes:

[PATCH 5.0 070/139] perf intel-pt: Fix instructions sampling rate

From: Adrian Hunter commit 7ba8fa20e26eb3c0c04d747f7fd2223694eac4d5 upstream. The timestamp used to determine if an instruction sample is made, is an estimate based on the number of instructions since the last known timestamp. A consequence is that it might go backwards, which results in extra s

[PATCH 5.0 051/139] clk: hi3660: Mark clk_gate_ufs_subsys as critical

From: Leo Yan commit 9f77a60669d13ed4ddfa6cd7374c9d88da378ffa upstream. clk_gate_ufs_subsys is a system bus clock, turning off it will introduce lockup issue during system suspend flow. Let's mark clk_gate_ufs_subsys as critical clock, thus keeps it on during system suspend and resume. Fixes:

[PATCH 5.0 065/139] x86_64: Allow breakpoints to emulate call instructions

From: Peter Zijlstra commit 4b33dadf37666c0860b88f9e52a16d07bf6d0b03 upstream. In order to allow breakpoints to emulate call instructions, they need to push the return address onto the stack. The x86_64 int3 handler adds a small gap to allow the stack to grow some. Use this gap to add the return

[PATCH 5.0 042/139] cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level()

From: Christoph Probst commit 6a54b2e002c9d00b398d35724c79f9fe0d9b38fb upstream. Change strcat to strncpy in the "None" case to fix a buffer overflow when cinode->oplock is reset to 0 by another thread accessing the same cinode. It is never valid to append "None" to any other message. Consolida

[PATCH 5.0 069/139] memory: tegra: Fix integer overflow on tick value calculation

From: Dmitry Osipenko commit b906c056b6023c390f18347169071193fda57dde upstream. Multiplying the Memory Controller clock rate by the tick count results in an integer overflow and in result the truncated tick value is being programmed into hardware, such that the GR3D memory client performance is

[PATCH 5.0 039/139] p54: drop device reference count if fails to enable device

From: Pan Bian commit 8149069db81853570a665f5e5648c0e526dc0e43 upstream. The function p54p_probe takes an extra reference count of the PCI device. However, the extra reference count is not dropped when it fails to enable the PCI device. This patch fixes the bug. Cc: sta...@vger.kernel.org Signe

Re: [PATCH] clocksource/drivers/ixp4xx: Implement delay timer

Hi Linus, On 23/05/2019 20:16, Linus Walleij wrote: > This adds delay timer functionality to the IXP4xx > timer driver. > > Signed-off-by: Linus Walleij The patch does not apply on tip/timers/core -- Linaro.org │ Open source software for ARM SoCs Follow Linar

[PATCH 5.0 068/139] tracing: probeevent: Fix to make the type of $comm string

From: Masami Hiramatsu commit 3dd1f7f24f8ceec00bbbc364c2ac3c893f0fdc4c upstream. Fix to make the type of $comm "string". If we set the other type to $comm argument, it shows meaningless value or wrong data. Currently probe events allow us to set string array type (e.g. ":string[2]"), or other d

[PATCH 5.0 063/139] ceph: flush dirty inodes before proceeding with remount

From: Jeff Layton commit 00abf69dd24fd185982379c5cc3bb7b6d1fc upstream. xfstest generic/452 was triggering a "Busy inodes after umount" warning. ceph was allowing the mount to go read-only without first flushing out dirty inodes in the cache. Ensure we sync out the filesystem before allowing

[PATCH 5.0 071/139] perf intel-pt: Fix improved sample timestamp

From: Adrian Hunter commit 61b6e08dc8e3ea80b7485c9b3f875ddd45c8466b upstream. The decoder uses its current timestamp in samples. Usually that is a timestamp that has already passed, but in some cases it is a timestamp for a branch that the decoder is walking towards, and consequently hasn't reac

[PATCH 5.0 059/139] fuse: honor RLIMIT_FSIZE in fuse_file_fallocate

From: Liu Bo commit 0cbade024ba501313da3b7e5dd2a188a6bc491b5 upstream. fstests generic/228 reported this failure that fuse fallocate does not honor what 'ulimit -f' has set. This adds the necessary inode_newsize_ok() check. Signed-off-by: Liu Bo Fixes: 05ba1f082300 ("fuse: add FALLOCATE opera

[PATCH 5.0 057/139] udlfb: introduce a rendering mutex

From: Mikulas Patocka commit babc250e278eac7b0e671bdaedf833759b43bb78 upstream. Rendering calls may be done simultaneously from the workqueue, dlfb_ops_write, dlfb_ops_ioctl, dlfb_ops_set_par and dlfb_dpy_deferred_io. The code is robust enough so that it won't crash on concurrent rendering. How

[PATCH 5.0 083/139] fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display

From: Yifeng Li commit 4ed7d2ccb7684510ec5f7a8f7ef534bc6a3d55b2 upstream. Loongson MIPS netbooks use 1024x600 LCD panels, which is the original target platform of this driver, but nearly all old x86 laptops have 1024x768. Lighting 768 panels using 600's timings would partially garble the display

[PATCH 5.0 084/139] fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting

From: Yifeng Li commit f627caf55b8e735dcec8fa6538e9668632b55276 upstream. On a Thinkpad s30 (Pentium III / i440MX, Lynx3DM), blanking the display or starting the X server will crash and freeze the system, or garble the display. Experiments showed this problem can mostly be solved by adjusting t

[PATCH 5.0 058/139] fuse: fix writepages on 32bit

From: Miklos Szeredi commit 9de5be06d0a89ca97b5ab902694d42dfd2bb77d2 upstream. Writepage requests were cropped to i_size & 0x, which meant that mmaped writes to any file larger than 4G might be silently discarded. Fix by storing the file size in a properly sized variable (loff_t instead

[PATCH 5.0 085/139] PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken

From: Nikolai Kostrigin commit d28ca864c493637f3c957f4ed9348a94fca6de60 upstream. ATS is broken on the Radeon R7 GPU (at least for Stoney Ridge based laptop) and causes IOMMU stalls and system failure. Disable ATS on these devices to make them usable again with IOMMU enabled. Thanks to Joerg R

[PATCH 5.0 086/139] PCI: Mark Atheros AR9462 to avoid bus reset

From: James Prestwood commit 6afb7e26978da5e86e57e540fdce65c8b04f398a upstream. When using PCI passthrough with this device, the host machine locks up completely when starting the VM, requiring a hard reboot. Add a quirk to avoid bus resets on this device. Fixes: c3e59ee4e766 ("PCI: Mark Ather

[PATCH 5.0 077/139] fbdev: sm712fb: fix brightness control on reboot, dont set SR30

From: Yifeng Li commit 5481115e25e42b9215f2619452aa99c95f08492f upstream. On a Thinkpad s30 (Pentium III / i440MX, Lynx3DM), rebooting with sm712fb framebuffer driver would cause the role of brightness up/down button to swap. Experiments showed the FPR30 register caused this behavior. Moreover,

[PATCH 5.0 053/139] clk: mediatek: Disable tuner_en before change PLL rate

From: Owen Chen commit be17ca6ac76a5cfd07cc3a0397dd05d6929fcbbb upstream. PLLs with tuner_en bit, such as APLL1, need to disable tuner_en before apply new frequency settings, or the new frequency settings (pcw) will not be applied. The tuner_en bit will be disabled during changing PLL rate and b

[PATCH 5.0 073/139] MIPS: perf: Fix build with CONFIG_CPU_BMIPS5000 enabled

From: Florian Fainelli commit 1b1f01b653b408ebe58fec78c566d1075d285c64 upstream. arch/mips/kernel/perf_event_mipsxx.c: In function 'mipsxx_pmu_enable_event': arch/mips/kernel/perf_event_mipsxx.c:326:21: error: unused variable 'event' [-Werror=unused-variable] struct perf_event *event = contai

[PATCH 5.0 087/139] PCI: Reset Lenovo ThinkPad P50 nvgpu at boot if necessary

From: Lyude Paul commit e0547c81bfcfad01cbbfa93a5e66bb98ab932f80 upstream. On ThinkPad P50 SKUs with an Nvidia Quadro M1000M instead of the M2000M variant, the BIOS does not always reset the secondary Nvidia GPU during reboot if the laptop is configured in Hybrid Graphics mode. The reason is un

[PATCH 5.0 061/139] gcc-plugins: arm_ssp_per_task_plugin: Fix for older GCC < 6

From: Chris Packham commit 259799ea5a9aa099a267f3b99e1f7078bbaf5c5e upstream. Use gen_rtx_set instead of gen_rtx_SET. The former is a wrapper macro that handles the difference between GCC versions implementing the latter. This fixes the following error on my system with g++ 5.4.0 as the host co

[PATCH 5.0 075/139] x86/mpx, mm/core: Fix recursive munmap() corruption

From: Dave Hansen commit 5a28fc94c9143db766d1ba5480cae82d856ad080 upstream. This is a bit of a mess, to put it mildly. But, it's a bug that only seems to have showed up in 4.20 but wasn't noticed until now, because nobody uses MPX. MPX has the arch_unmap() hook inside of munmap() because MPX u

RE: [PATCH] x86/MCE: Statically allocate mce_banks_array

> -Original Message- > From: Borislav Petkov > Sent: Thursday, May 23, 2019 3:28 PM > To: Ghannam, Yazen > Cc: linux-e...@vger.kernel.org; linux-kernel@vger.kernel.org; > tony.l...@intel.com; x...@kernel.org > Subject: Re: [PATCH] x86/MCE: Statically allocate mce_banks_array > > > On T

[PATCH 5.0 074/139] objtool: Allow AR to be overridden with HOSTAR

From: Nathan Chancellor commit 8ea58f1e8b11cca3087b294779bf5959bf89cc10 upstream. Currently, this Makefile hardcodes GNU ar, meaning that if it is not available, there is no way to supply a different one and the build will fail. $ make AR=llvm-ar CC=clang LD=ld.lld HOSTAR=llvm-ar HOSTCC=clang

[PATCH 5.0 060/139] ovl: fix missing upper fs freeze protection on copy up for ioctl

From: Amir Goldstein commit 3428030da004a1128cbdcf93dc03e16f184d845b upstream. Generalize the helper ovl_open_maybe_copy_up() and use it to copy up file with data before FS_IOC_SETFLAGS ioctl. The FS_IOC_SETFLAGS ioctl is a bit of an odd ball in vfs, which probably caused the confusion. File m

[PATCH 5.0 056/139] udlfb: fix sleeping inside spinlock

From: Mikulas Patocka commit 6b11f9d8433b471fdd3ebed232b43a4b723be6ff upstream. If a framebuffer device is used as a console, the rendering calls (copyarea, fillrect, imageblit) may be done with the console spinlock held. On udlfb, these function call dlfb_handle_damage that takes a blocking sem

[PATCH 5.0 104/139] xfrm: clean up xfrm protocol checks

[ Upstream commit dbb2483b2a46fbaf833cfb5deb5ed9cace9c7399 ] In commit 6a53b7593233 ("xfrm: check id proto in validate_tmpl()") I introduced a check for xfrm protocol, but according to Herbert IPSEC_PROTO_ANY should only be used as a wildcard for lookup, so it should be removed from validate_tmpl(

[PATCH 5.0 095/139] dm delay: fix a crash when invalid device is specified

From: Mikulas Patocka commit 81bc6d150ace6250503b825d9d0c10f7bbd24095 upstream. When the target line contains an invalid device, delay_ctr() will call delay_dtr() with NULL workqueue. Attempting to destroy the NULL workqueue causes a crash. Signed-off-by: Mikulas Patocka Cc: sta...@vger.kerne

[PATCH 5.0 108/139] ARC: PAE40: dont panic and instead turn off hw ioc

[ Upstream commit 99bd5fcc505d65ea9c60619202f0b2d926eabbe9 ] HSDK currently panics when built for HIGHMEM/ARC_HAS_PAE40 because ioc is enabled with default which doesn't work for the 2 non contiguous memory nodes. So get PAE working by disabling ioc instead. Tested with !PAE40 by forcing @ioc_ena

[PATCH 5.0 094/139] dm zoned: Fix zone report handling

From: Damien Le Moal commit 7aedf75ff740a98f3683439449cd91c8662d03b2 upstream. The function blkdev_report_zones() returns success even if no zone information is reported (empty report). Empty zone reports can only happen if the report start sector passed exceeds the device capacity. The conditio

[PATCH 5.0 092/139] PCI: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum

From: Stefan Mätje commit 4ec73791a64bab25cabf16a6067ee478692e506d upstream. Due to an erratum in some Pericom PCIe-to-PCI bridges in reverse mode (conventional PCI on primary side, PCIe on downstream side), the Retrain Link bit needs to be cleared manually to allow the link training to complete

[PATCH 5.0 072/139] perf intel-pt: Fix sample timestamp wrt non-taken branches

From: Adrian Hunter commit 1b6599a9d8e6c9f7e9b0476012383b1777f7fc93 upstream. The sample timestamp is updated to ensure that the timestamp represents the time of the sample and not a branch that the decoder is still walking towards. The sample timestamp is updated when the decoder returns, but t

[PATCH 5.0 079/139] fbdev: sm712fb: fix white screen of death on reboot, dont set CR3B-CR3F

From: Yifeng Li commit 8069053880e0ee3a75fd6d7e0a30293265fe3de4 upstream. On a Thinkpad s30 (Pentium III / i440MX, Lynx3DM), rebooting with sm712fb framebuffer driver would cause a white screen of death on the next POST, presumably the proper timings for the LCD panel was not reprogrammed proper

[PATCH 5.0 102/139] xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module

[ Upstream commit 6ee02a54ef990a71bf542b6f0a4e3321de9d9c66 ] When unloading xfrm6_tunnel module, xfrm6_tunnel_fini directly frees the xfrm6_tunnel_spi_kmem. Maybe someone has gotten the xfrm6_tunnel_spi, so need to wait it. Fixes: 91cc3bb0b04ff("xfrm6_tunnel: RCU conversion") Signed-off-by: Su Ya

[PATCH 5.0 080/139] fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA

From: Yifeng Li commit ec1587d5073f29820e358f3a383850d61601d981 upstream. When the machine is booted in VGA mode, loading sm712fb would cause a glitch of random pixels shown on the screen. To prevent it from happening, we first clear the entire framebuffer, and we also need to stop calling smtcf

[PATCH 5.0 106/139] xfrm: Honor original L3 slave device in xfrmi policy lookup

[ Upstream commit 025c65e119bf58b610549ca359c9ecc5dee6a8d2 ] If an xfrmi is associated to a vrf layer 3 master device, xfrm_policy_check() fails after traffic decapsulation. The input interface is replaced by the layer 3 master device, and hence xfrmi_decode_session() can't match the xfrmi anymore

[PATCH 5.0 105/139] esp4: add length check for UDP encapsulation

[ Upstream commit 8dfb4eba4100e7cdd161a8baef2d8d61b7a7e62e ] esp_output_udp_encap can produce a length that doesn't fit in the 16 bits of a UDP header's length field. In that case, we'll send a fragmented packet whose length is larger than IP_MAX_MTU (resulting in "Oversized IP packet" warnings on

[PATCH 5.0 099/139] fuse: Add FOPEN_STREAM to use stream_open()

From: Kirill Smelkov commit bbd84f33652f852ce5992d65db4d020aba21f882 upstream. Starting from commit 9c225f2655e3 ("vfs: atomic f_pos accesses as per POSIX") files opened even via nonseekable_open gate read and write via lock and do not allow them to be run simultaneously. This can create read vs

[PATCH 5.0 098/139] dm mpath: always free attached_handler_name in parse_path()

From: Martin Wilck commit 940bc471780b004a5277c1931f52af363c2fc9da upstream. Commit b592211c33f7 ("dm mpath: fix attached_handler_name leak and dangling hw_handler_name pointer") fixed a memory leak for the case where setup_scsi_dh() returns failure. But setup_scsi_dh may return success and not

[PATCH 5.0 125/139] sched/cpufreq: Fix kobject memleak

[ Upstream commit 9a4f26cc98d81b67ecc23b890c28e2df324e29f3 ] Currently the error return path from kobject_init_and_add() is not followed by a call to kobject_put() - which means we are leaking the kobject. Fix it by adding a call to kobject_put() in the error path of kobject_init_and_add(). Sign

[PATCH 5.0 121/139] tools: bpftool: fix infinite loop in map create

[ Upstream commit 8694d8c1f82cccec9380e0d3720b84eee315dfb7 ] "bpftool map create" has an infinite loop on "while (argc)". The error case is missing. Symptoms: when forgetting to type the keyword 'type' in front of 'hash': $ sudo bpftool map create /sys/fs/bpf/dir/foobar hash key 8 value 8 entries

[PATCH 5.0 127/139] KVM: fix KVM_CLEAR_DIRTY_LOG for memory slots of unaligned size

[ Upstream commit 76d58e0f07ec203bbdfcaabd9a9fc10a5a3ed5ea ] If a memory slot's size is not a multiple of 64 pages (256K), then the KVM_CLEAR_DIRTY_LOG API is unusable: clearing the final 64 pages either requires the requested page range to go beyond memslot->npages, or requires log->num_pages to

[PATCH 5.0 090/139] PCI: rcar: Add the initialization of PCIe link in resume_noirq()

From: Kazufumi Ikeda commit be20bbcb0a8cb5597cc62b3e28d275919f3431df upstream. Reestablish the PCIe link very early in the resume process in case it went down to prevent PCI accesses from hanging the bus. Such accesses can happen early in the PCI resume process, as early as the SUSPEND_RESUME_NO

[PATCH 5.0 123/139] qmi_wwan: new Wistron, ZTE and D-Link devices

[ Upstream commit 88ef66a28391ea7b624bfb7508a5b015c13b28f3 ] Adding device entries found in vendor modified versions of this driver. Function maps for some of the devices follow: WNC D16Q1, D16Q5, D18Q1 LTE CAT3 module (1435:0918) MI_00 Qualcomm HS-USB Diagnostics MI_01 Android Debug interface

[PATCH 5.0 124/139] iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb()

[ Upstream commit de1887c064b9996ac03120d90d0a909a3f678f98 ] We don't check for the validity of the lengths in the packet received from the firmware. If the MPDU length received in the rx descriptor is too short to contain the header length and the crypt length together, we may end up trying to c

[PATCH 5.0 126/139] x86/mm/mem_encrypt: Disable all instrumentation for early SME setup

[ Upstream commit b51ce3744f115850166f3d6c292b9c8cb849ad4f ] Enablement of AMD's Secure Memory Encryption feature is determined very early after start_kernel() is entered. Part of this procedure involves scanning the command line for the parameter 'mem_encrypt'. To determine intended state, the f

[PATCH 5.0 122/139] bpf: Fix preempt_enable_no_resched() abuse

[ Upstream commit 0edd6b64d1939e9e9168ff27947995bb7751db5d ] Unless the very next line is schedule(), or implies it, one must not use preempt_enable_no_resched(). It can cause a preemption to go missing and thereby cause arbitrary delays, breaking the PREEMPT=y invariant. Cc: Roman Gushchin Cc:

[PATCH 5.0 113/139] securityfs: fix use-after-free on symlink traversal

[ Upstream commit 46c874419652bbefdfed17420fd6e88d8a31d9ec ] symlink body shouldn't be freed without an RCU delay. Switch securityfs to ->destroy_inode() and use of call_rcu(); free both the inode and symlink body in the callback. Signed-off-by: Al Viro Signed-off-by: Sasha Levin --- security

[PATCH 5.0 112/139] power: supply: cpcap-battery: Fix division by zero

[ Upstream commit dbe7208c6c4aec083571f2ec742870a0d0edbea3 ] If called fast enough so samples do not increment, we can get division by zero in kernel: __div0 cpcap_battery_cc_raw_div cpcap_battery_get_property power_supply_get_property.part.1 power_supply_get_property power_supply_show_property p

[PATCH 5.0 114/139] apparmorfs: fix use-after-free on symlink traversal

[ Upstream commit f51dcd0f621caac5380ce90fbbeafc32ce4517ae ] symlink body shouldn't be freed without an RCU delay. Switch apparmorfs to ->destroy_inode() and use of call_rcu(); free both the inode and symlink body in the callback. Signed-off-by: Al Viro Signed-off-by: Sasha Levin --- security

[PATCH 5.0 116/139] x86: kvm: hyper-v: deal with buggy TLB flush requests from WS2012

[ Upstream commit da66761c2d93a46270d69001abb5692717495a68 ] It was reported that with some special Multi Processor Group configuration, e.g: bcdedit.exe /set groupsize 1 bcdedit.exe /set maxgroup on bcdedit.exe /set groupaware on for a 16-vCPU guest WS2012 shows BSOD on boot when PV TLB flush

[PATCH 5.0 118/139] net: ieee802154: fix missing checks for regmap_update_bits

[ Upstream commit 22e8860cf8f777fbf6a83f2fb7127f682a8e9de4 ] regmap_update_bits could fail and deserves a check. The patch adds the checks and if it fails, returns its error code upstream. Signed-off-by: Kangjie Lu Reviewed-by: Mukesh Ojha Signed-off-by: Stefan Schmidt Signed-off-by: Sasha Le

[PATCH 5.0 138/139] bpf: add map_lookup_elem_sys_only for lookups from syscall side

From: Daniel Borkmann commit c6110222c6f49ea68169f353565eb865488a8619 upstream. Add a callback map_lookup_elem_sys_only() that map implementations could use over map_lookup_elem() from system call side in case the map implementation needs to handle the latter differently than from the BPF data p

[PATCH 5.0 139/139] bpf, lru: avoid messing with eviction heuristics upon syscall lookup

From: Daniel Borkmann commit 50b045a8c0ccf44f76640ac3eea8d80ca53979a3 upstream. One of the biggest issues we face right now with picking LRU map over regular hash table is that a map walk out of user space, for example, to just dump the existing entries or to remove certain ones, will completely

[PATCH 5.0 131/139] perf bench numa: Add define for RUSAGE_THREAD if not present

[ Upstream commit bf561d3c13423fc54daa19b5d49dc15fafdb7acc ] While cross building perf to the ARC architecture on a fedora 30 host, we were failing with: CC /tmp/build/perf/bench/numa.o bench/numa.c: In function ‘worker_thread’: bench/numa.c:1261:12: error: ‘RUSAGE_THREAD’ undecla

[PATCH 5.0 134/139] Revert "Dont jump to compute_result state from check_result state"

From: Song Liu commit a25d8c327bb41742dbd59f8c545f59f3b9c39983 upstream. This reverts commit 4f4fd7c5798bbdd5a03a60f6269cf1177fbd11ef. Cc: Dan Williams Cc: Nigel Croxon Cc: Xiao Ni Signed-off-by: Song Liu Signed-off-by: Greg Kroah-Hartman --- drivers/md/raid5.c | 19 +++

[PATCH 5.0 133/139] perf/x86/intel: Fix race in intel_pmu_disable_event()

[ Upstream commit 6f55967ad9d9752813e36de6d5fdbd19741adfc7 ] New race in x86_pmu_stop() was introduced by replacing the atomic __test_and_clear_bit() of cpuc->active_mask by separate test_bit() and __clear_bit() calls in the following commit: 3966c3feca3f ("x86/perf/amd: Remove need to check "r

[PATCH 5.0 136/139] driver core: Postpone DMA tear-down until after devres release for probe failure

From: John Garry commit 0b777eee88d712256ba8232a9429edb17c4f9ceb upstream. In commit 376991db4b64 ("driver core: Postpone DMA tear-down until after devres release"), we changed the ordering of tearing down the device DMA ops and releasing all the device's resources; this was because the DMA ops

[PATCH 5.1 005/122] net/mlx4_core: Change the error print to info print

From: Yunjian Wang [ Upstream commit 00f9fec48157f3734e52130a119846e67a12314b ] The error print within mlx4_flow_steer_promisc_add() should be a info print. Fixes: 592e49dda812 ('net/mlx4: Implement promiscuous mode with device managed flow-steering') Signed-off-by: Yunjian Wang Reviewed-by:

[PATCH 5.1 015/122] mlxsw: core: Prevent reading unsupported slave address from SFP EEPROM

From: Vadim Pasternak [ Upstream commit f1436c8036fa3632b2ee78841cf5184b7ef0ad87 ] Prevent reading unsupported slave address from SFP EEPROM by testing Diagnostic Monitoring Type byte in EEPROM. Read only page zero of EEPROM, in case this byte is zero. If some SFP transceiver does not support D

[PATCH 5.1 002/122] ipv6: prevent possible fib6 leaks

From: Eric Dumazet [ Upstream commit 61fb0d01680771f72cc9d39783fb2c122aaad51e ] At ipv6 route dismantle, fib6_drop_pcpu_from() is responsible for finding all percpu routes and set their ->from pointer to NULL, so that fib6_ref can reach its expected value (1). The problem right now is that othe

[PATCH 5.1 018/122] net/mlx5: Fix peer pf disable hca command

From: Bodong Wang [ Upstream commit dd06486710d251140edc86ec3bbef0c25dcec1cb ] The command was mistakenly using enable_hca in embedded CPU field. Fixes: 22e939a91dcb (net/mlx5: Update enable HCA dependency) Signed-off-by: Bodong Wang Reported-by: Alex Rosenbaum Signed-off-by: Alex Rosenbaum

[PATCH 5.1 001/122] ipv6: fix src addr routing with the exception table

From: Wei Wang [ Upstream commit 510e2ceda031eed97a7a0f9aad65d271a58b460d ] When inserting route cache into the exception table, the key is generated with both src_addr and dest_addr with src addr routing. However, current logic always assumes the src_addr used to generate the key is a /128 host

[PATCH 5.1 003/122] net: Always descend into dsa/

From: Florian Fainelli [ Upstream commit 0fe9f173d6cda95874edeb413b1fa9907b5ae830 ] Jiri reported that with a kernel built with CONFIG_FIXED_PHY=y, CONFIG_NET_DSA=m and CONFIG_NET_DSA_LOOP=m, we would not get to a functional state where the mock-up driver is registered. Turns out that we are not

[PATCH 5.0 128/139] KVM: selftests: make hyperv_cpuid test pass on AMD

[ Upstream commit eba3afde1cea7dbd7881683232f2a85e2ed86bfe ] Enlightened VMCS is only supported on Intel CPUs but the test shouldn't fail completely. Signed-off-by: Vitaly Kuznetsov Signed-off-by: Paolo Bonzini Signed-off-by: Sasha Levin --- tools/testing/selftests/kvm/x86_64/hyperv_cpuid.c |

[PATCH 5.1 014/122] mlxsw: core: Prevent QSFP module initialization for old hardware

From: Vadim Pasternak [ Upstream commit c52ecff7e6439ca8c9b03282e8869a005aa94831 ] Old Mellanox silicons, like switchx-2, switch-ib do not support reading QSFP modules temperature through MTMP register. Attempt to access this register on systems equipped with the this kind of silicon will cause

[PATCH 5.1 000/122] 5.1.5-stable review

This is the start of the stable review cycle for the 5.1.5 release. There are 122 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat 25 May 2019 06:14:44 PM UTC. Anything rece

[PATCH 5.0 135/139] md/raid: raid5 preserve the writeback action after the parity check

From: Nigel Croxon commit b2176a1dfb518d870ee073445d27055fea64dfb8 upstream. The problem is that any 'uptodate' vs 'disks' check is not precise in this path. Put a "WARN_ON(!test_bit(R5_UPTODATE, &dev->flags)" on the device that might try to kick off writes and then skip the action. Better to pr

[PATCH 5.1 017/122] net/mlx5e: Fix calling wrong function to get inner vlan key and mask

From: Jianbo Liu [ Upstream commit 12d5cbf89a6599f6bbd7b373dba0e74b5bd9c505 ] When flow_rule_match_XYZ() functions were first introduced, flow_rule_match_cvlan() for inner vlan is missing. In mlx5_core driver, to get inner vlan key and mask, flow_rule_match_vlan() is just called, which is wrong

[PATCH 5.1 021/122] net/mlx5e: Additional check for flow destination comparison

From: Dmytro Linkin [ Upstream commit c979c445a88e1c9dd7d8f90838c10456ae4ecd09 ] Flow destination comparison has an inaccuracy: code see no difference between same vf ports, which belong to different pfs. Example: If start ping from VF0 (PF1) to VF1 (PF1) and mirror all traffic to VF0 (PF2), ic

[PATCH 5.1 007/122] net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions

From: Daniele Palmas [ Upstream commit b4e467c82f8c12af78b6f6fa5730cb7dea7af1b4 ] Added support for Telit LE910Cx 0x1260 and 0x1261 compositions. Signed-off-by: Daniele Palmas Acked-by: Bjørn Mork Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- drivers/net/usb/qmi_wwan

[PATCH 5.1 008/122] nfp: flower: add rcu locks when accessing netdev for tunnels

From: Pieter Jansen van Vuuren [ Upstream commit cb07d915bf278a7a3938b983bbcb4921366b5eff ] Add rcu locks when accessing netdev when processing route request and tunnel keep alive messages received from hardware. Fixes: 8e6a9046b66a ("nfp: flower vxlan neighbour offload") Fixes: 856f5b135758 ("

[PATCH 5.1 019/122] vsock/virtio: Initialize core virtio vsock before registering the driver

From: "Jorge E. Moreira" [ Upstream commit ba95e5dfd36647622d8897a2a0470dde60e59ffd ] Avoid a race in which static variables in net/vmw_vsock/af_vsock.c are accessed (while handling interrupts) before they are initialized. [4.201410] BUG: unable to handle kernel paging request at ff

[PATCH 5.1 022/122] net/mlx5: Imply MLXFW in mlx5_core

From: Saeed Mahameed [ Upstream commit bad861f31bb15a99becef31aab59640eaeb247e2 ] mlxfw can be compiled as external module while mlx5_core can be builtin, in such case mlx5 will act like mlxfw is disabled. Since mlxfw is just a service library for mlx* drivers, imply it in mlx5_core to make it

[PATCH 5.1 009/122] ppp: deflate: Fix possible crash in deflate_init

From: YueHaibing [ Upstream commit 3ebe1bca58c85325c97a22d4fc3f5b5420752e6f ] BUG: unable to handle kernel paging request at a018f000 PGD 3270067 P4D 3270067 PUD 3271063 PMD 2307eb067 PTE 0 Oops: [#1] PREEMPT SMP CPU: 0 PID: 4138 Comm: modprobe Not tainted 5.1.0-rc7+ #1 Hardware nam

[PATCH 5.1 006/122] net: test nouarg before dereferencing zerocopy pointers

From: Willem de Bruijn [ Upstream commit 185ce5c38ea76f29b6bd9c7c8c7a5e5408834920 ] Zerocopy skbs without completion notification were added for packet sockets with PACKET_TX_RING user buffers. Those signal completion through the TP_STATUS_USER bit in the ring. Zerocopy annotation was added only

[PATCH 5.1 012/122] vsock/virtio: free packets during the socket release

From: Stefano Garzarella [ Upstream commit ac03046ece2b158ebd204dfc4896fd9f39f0e6c8 ] When the socket is released, we should free all packets queued in the per-socket list in order to avoid a memory leak. Signed-off-by: Stefano Garzarella Signed-off-by: David S. Miller Signed-off-by: Greg Kro

[PATCH 5.1 024/122] blk-mq: free hw queues resource in hctxs release handler

From: Ming Lei commit c7e2d94b3d1634988a95ac4d77a72dc7487ece06 upstream. Once blk_cleanup_queue() returns, tags shouldn't be used any more, because blk_mq_free_tag_set() may be called. Commit 45a9c9d909b2 ("blk-mq: Fix a use-after-free") fixes this issue exactly. However, that commit introduces

[PATCH 5.1 037/122] Revert "MD: fix lock contention for flush bios"

From: NeilBrown commit 4bc034d35377196c854236133b07730a777c4aba upstream. This reverts commit 5a409b4f56d50b212334f338cb8465d65550cd85. This patch has two problems. 1/ it make multiple calls to submit_bio() from inside a make_request_fn. The bios thus submitted will be queued on current->bio_

[PATCH 5.1 033/122] stm class: Fix channel free in stm output free path

From: Tingwei Zhang commit ee496da4c3915de3232b5f5cd20e21ae3e46fe8d upstream. Number of free masters is not set correctly in stm free path. Fix this by properly adding the number of output channels before setting them to 0 in stm_output_disclaim(). Currently it is equivalent to doing nothing si

[PATCH 5.1 036/122] proc: prevent changes to overridden credentials

From: Paul Moore commit 35a196bef449b5824033865b963ed9a43fb8c730 upstream. Prevent userspace from changing the the /proc/PID/attr values if the task's credentials are currently overriden. This not only makes sense conceptually, it also prevents some really bizarre error cases caused when trying

[PATCH 5.1 038/122] md: batch flush requests.

From: NeilBrown commit 2bc13b83e6298486371761de503faeffd15b7534 upstream. Currently if many flush requests are submitted to an md device is quick succession, they are serialized and can take a long to process them all. We don't really need to call flush all those times - a single flush call can

[PATCH 5.1 025/122] regulator: core: fix error path for regulator_set_voltage_unlocked

From: Steve Twiss commit 70b464918e5331e488058870fcc6821d54c4e541 upstream. During several error paths in the function regulator_set_voltage_unlocked() the value of 'ret' can take on negative error values. However, in calls that go through the 'goto out' statement, this return value is lost and

[PATCH 5.1 027/122] parisc: Add memory clobber to TLB purges

From: John David Anglin commit 44224bdb99150ad17cf394973b25736cb92c246a upstream. The pdtlb and pitlb instructions are strongly ordered. The asms invoking these instructions should be compiler memory barriers to ensure the compiler doesn't reorder memory operations around these instructions. Si

[PATCH 5.1 004/122] net: avoid weird emergency message

From: Eric Dumazet [ Upstream commit d7c04b05c9ca14c55309eb139430283a45c4c25f ] When host is under high stress, it is very possible thread running netdev_wait_allrefs() returns from msleep(250) 10 seconds late. This leads to these messages in the syslog : [...] unregister_netdevice: waiting fo

[PATCH 5.1 013/122] tipc: fix modprobe tipc failed after switch order of device registration

From: Junwei Hu [ Upstream commit 532b0f7ece4cb2ffd24dc723ddf55242d1188e5e ] Error message printed: modprobe: ERROR: could not insert 'tipc': Address family not supported by protocol. when modprobe tipc after the following patch: switch order of device registration, commit 7e27e8d6130c ("tipc: s

[PATCH 5.1 026/122] parisc: Export running_on_qemu symbol for modules

From: Helge Deller commit 3e1120f4b57bc12437048494ab56648edaa5b57d upstream. Signed-off-by: Helge Deller CC: sta...@vger.kernel.org # v4.9+ Signed-off-by: Greg Kroah-Hartman --- arch/parisc/kernel/process.c |1 + 1 file changed, 1 insertion(+) --- a/arch/parisc/kernel/process.c +++ b/ar

[PATCH 5.1 029/122] parisc: Add memory barrier to asm pdc and sync instructions

From: Helge Deller commit 2d94a832e246ac00fd32eec241e6f1aa6fbc5700 upstream. Add compiler memory barriers to ensure the compiler doesn't reorder memory operations around these instructions. Cc: sta...@vger.kernel.org # v4.20+ Fixes: 3847dab77421 ("parisc: Add alternative coding infrastructure")

[PATCH 5.1 028/122] parisc: Skip registering LED when running in QEMU

From: Helge Deller commit b438749044356dd1329c45e9b5a9377b6ea13eb2 upstream. No need to spend CPU cycles when we run on QEMU. Signed-off-by: Helge Deller CC: sta...@vger.kernel.org # v4.9+ Signed-off-by: Greg Kroah-Hartman --- drivers/parisc/led.c |3 +++ 1 file changed, 3 insertions(+)

[PATCH 5.1 042/122] intel_th: msu: Fix single mode with IOMMU

From: Alexander Shishkin commit 4e0eaf239fb33ebc671303e2b736fa043462e2f4 upstream. Currently, the pages that are allocated for the single mode of MSC are not mapped into the device's dma space and the code is incorrectly using *_to_phys() in place of a dma address. This fails with IOMMU enabled

[PATCH 5.1 032/122] parisc: Rename LEVEL to PA_ASM_LEVEL to avoid name clash with DRBD code

From: Helge Deller commit 1829dda0e87f4462782ca81be474c7890efe31ce upstream. LEVEL is a very common word, and now after many years it suddenly clashed with another LEVEL define in the DRBD code. Rename it to PA_ASM_LEVEL instead. Reported-by: kbuild test robot Signed-off-by: Helge Deller Cc:

[PATCH 5.1 023/122] net/mlx5e: Fix ethtool rxfh commands when CONFIG_MLX5_EN_RXNFC is disabled

From: Saeed Mahameed [ Upstream commit 8f0916c6dc5cd5e3bc52416fa2a9ff4075080180 ] ethtool user spaces needs to know ring count via ETHTOOL_GRXRINGS when executing (ethtool -x) which is retrieved via ethtool get_rxnfc callback, in mlx5 this callback is disabled when CONFIG_MLX5_EN_RXNFC=n. This

[PATCH 5.1 056/122] RDMA/ipoib: Allow user space differentiate between valid dev_port

From: Leon Romanovsky commit b79656ed44c6865e17bcd93472ec39488bcc4984 upstream. Systemd triggers the following warning during IPoIB device load: mlx5_core :00:0c.0 ib0: "systemd-udevd" wants to know my dev_id. Should it look at dev_port instead? See Documentation/ABI/testin

<    4   5   6   7   8   9   10   11   12   13   >