Skip to content
Tree: 9939f56ee6
Commits on Jun 18, 2019
  1. usb, kcov: annotate hub_event

    xairy committed Jan 17, 2019
    Signed-off-by: Andrey Konovalov <>
  2. kcov: remote coverage support

    xairy committed Jan 17, 2019
    Signed-off-by: Andrey Konovalov <>
  3. xhci: detect USB 3.2 capable host controllers correctly

    matnyman authored and gregkh committed Jun 18, 2019
    USB 3.2 capability in a host can be detected from the
    xHCI Supported Protocol Capability major and minor revision fields.
    If major is 0x3 and minor 0x20 then the host is USB 3.2 capable.
    For USB 3.2 capable hosts set the root hub lane count to 2.
    The Major Revision and Minor Revision fields contain a BCD version number.
    The value of the Major Revision field is JJh and the value of the Minor
    Revision field is MNh for version JJ.M.N, where JJ = major revision number,
    M - minor version number, N = sub-minor version number,
    e.g. version 3.1 is represented with a value of 0310h.
    Also fix the extra whitespace printed out when announcing regular
    SuperSpeed hosts.
    Cc: <> # v4.18+
    Signed-off-by: Mathias Nyman <>
    Signed-off-by: Greg Kroah-Hartman <>
  4. usb: xhci: Don't try to recover an endpoint if port is in error state.

    matnyman authored and gregkh committed Jun 18, 2019
    A USB3 device needs to be reset and re-enumarated if the port it
    connects to goes to a error state, with link state inactive.
    There is no use in trying to recover failed transactions by resetting
    endpoints at this stage. Tests show that in rare cases, after multiple
    endpoint resets of a roothub port the whole host controller might stop
    Several retries to recover from transaction error can happen as
    it can take a long time before the hub thread discovers the USB3
    port error and inactive link.
    We can't reliably detect the port error from slot or endpoint context
    due to a limitation in xhci, see xhci specs section 4.8.3:
    "There are several cases where the EP State field in the Output
    Endpoint Context may not reflect the current state of an endpoint"
    "Software should maintain an accurate value for EP State, by tracking it
    with an internal variable that is driven by Events and Doorbell accesses"
    Same appears to be true for slot state.
    set a flag to the corresponding slot if a USB3 roothub port link goes
    inactive to prevent both queueing new URBs and resetting endpoints.
    Reported-by: Rapolu Chiranjeevi <>
    Tested-by: Rapolu Chiranjeevi <>
    Cc: <>
    Signed-off-by: Mathias Nyman <>
    Signed-off-by: Greg Kroah-Hartman <>
Commits on Jun 17, 2019
  1. usb: chipidea: udc: workaround for endpoint conflict issue

    Peter Chen authored and gregkh committed Jun 17, 2019
    An endpoint conflict occurs when the USB is working in device mode
    during an isochronous communication. When the endpointA IN direction
    is an isochronous IN endpoint, and the host sends an IN token to
    endpointA on another device, then the OUT transaction may be missed
    regardless the OUT endpoint number. Generally, this occurs when the
    device is connected to the host through a hub and other devices are
    connected to the same hub.
    The affected OUT endpoint can be either control, bulk, isochronous, or
    an interrupt endpoint. After the OUT endpoint is primed, if an IN token
    to the same endpoint number on another device is received, then the OUT
    endpoint may be unprimed (cannot be detected by software), which causes
    this endpoint to no longer respond to the host OUT token, and thus, no
    corresponding interrupt occurs.
    There is no good workaround for this issue, the only thing the software
    could do is numbering isochronous IN from the highest endpoint since we
    have observed most of device number endpoint from the lowest.
    Cc: <> #v3.14+
    Cc: Fabio Estevam <>
    Cc: Greg KH <>
    Cc: Sergei Shtylyov <>
    Cc: Jun Li <>
    Signed-off-by: Peter Chen <>
    Signed-off-by: Greg Kroah-Hartman <>
Commits on Jun 16, 2019
  1. Linux 5.2-rc5

    torvalds committed Jun 16, 2019
  2. Merge branch 'x86-urgent-for-linus' of git://…

    torvalds committed Jun 16, 2019
    Pull x86 fixes from Thomas Gleixner:
     "The accumulated fixes from this and last week:
       - Fix vmalloc TLB flush and map range calculations which lead to
         stale TLBs, spurious faults and other hard to diagnose issues.
       - Use fault_in_pages_writable() for prefaulting the user stack in the
         FPU code as it's less fragile than the current solution
       - Use the PF_KTHREAD flag when checking for a kernel thread instead
         of current->mm as the latter can give the wrong answer due to
       - Compute the vmemmap size correctly for KASLR and 5-Level paging.
         Otherwise this can end up with a way too small vmemmap area.
       - Make KASAN and 5-level paging work again by making sure that all
         invalid bits are masked out when computing the P4D offset. This
         worked before but got broken recently when the LDT remap area was
       - Prevent a NULL pointer dereference in the resource control code
         which can be triggered with certain mount options when the
         requested resource is not available.
       - Enforce ordering of microcode loading vs. perf initialization on
         secondary CPUs. Otherwise perf tries to access a non-existing MSR
         as the boot CPU marked it as available.
       - Don't stop the resource control group walk early otherwise the
         control bitmaps are not updated correctly and become inconsistent.
       - Unbreak kgdb by returning 0 on success from
         kgdb_arch_set_breakpoint() instead of an error code.
       - Add more Icelake CPU model defines so depending changes can be
         queued in other trees"
    * 'x86-urgent-for-linus' of git://
      x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback
      x86/kasan: Fix boot with 5-level paging and KASAN
      x86/fpu: Don't use current->mm to check for a kthread
      x86/kgdb: Return 0 from kgdb_arch_set_breakpoint()
      x86/resctrl: Prevent NULL pointer dereference when local MBM is disabled
      x86/resctrl: Don't stop walking closids when a locksetup group is found
      x86/fpu: Update kernel's FPU state before using for the fsave header
      x86/mm/KASLR: Compute the size of the vmemmap section properly
      x86/fpu: Use fault_in_pages_writeable() for pre-faulting
      x86/CPU: Add more Icelake model numbers
      mm/vmalloc: Avoid rare case of flushing TLB with weird arguments
      mm/vmalloc: Fix calculation of direct map addr range
  3. Merge branch 'timers-urgent-for-linus' of git://…

    torvalds committed Jun 16, 2019
    Pull timer fixes from Thomas Gleixner:
     "A set of small fixes:
       - Repair the ktime_get_coarse() functions so they actually deliver
         what they are supposed to: tick granular time stamps. The current
         code missed to add the accumulated nanoseconds part of the
         timekeeper so the resulting granularity was 1 second.
       - Prevent the tracer from infinitely recursing into time getter
         functions in the arm architectured timer by marking these functions
       - Fix a trivial compiler warning caused by wrong qualifier ordering"
    * 'timers-urgent-for-linus' of git://
      timekeeping: Repair ktime_get_coarse*() granularity
      clocksource/drivers/arm_arch_timer: Don't trace count reader functions
      clocksource/drivers/timer-ti-dm: Change to new style declaration
  4. Merge branch 'ras-urgent-for-linus' of git://…

    torvalds committed Jun 16, 2019
    Pull RAS fixes from Thomas Gleixner:
     "Two small fixes for RAS:
       - Use a proper search algorithm to find the correct element in the
         CEC array. The replacement was a better choice than fixing the
         crash causes by the original search function with horrible duct
       - Move the timer based decay function into thread context so it can
         actually acquire the mutex which protects the CEC array to prevent
    * 'ras-urgent-for-linus' of git://
      RAS/CEC: Convert the timer callback to a workqueue
      RAS/CEC: Fix binary search function
Commits on Jun 15, 2019
  1. Merge tag 'platform-drivers-x86-v5.2-3' of git://…

    torvalds committed Jun 15, 2019
    Pull x86 platform driver fixes from Andy Shevchenko:
     - fix a couple of Mellanox driver enumeration issues
     - fix ASUS laptop regression with backlight
     - fix Dell computers that got a wrong mode (tablet versus laptop) after
    * tag 'platform-drivers-x86-v5.2-3' of git://
      platform/mellanox: mlxreg-hotplug: Add devm_free_irq call to remove flow
      platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration
      platform/x86: intel-vbtn: Report switch events when event wakes device
      platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi
  2. Merge tag 'usb-5.2-rc5' of git://…

    torvalds committed Jun 15, 2019
    Pull USB fixes from Greg KH:
     "Here are some small USB driver fixes for 5.2-rc5
      Nothing major, just some small gadget fixes, usb-serial new device
      ids, a few new quirks, and some small fixes for some regressions that
      have been found after the big 5.2-rc1 merge.
      All of these have been in linux-next for a while with no reported
    * tag 'usb-5.2-rc5' of git://
      usb: typec: Make sure an alt mode exist before getting its partner
      usb: gadget: udc: lpc32xx: fix return value check in lpc32xx_udc_probe()
      usb: gadget: dwc2: fix zlp handling
      usb: dwc2: Set actual frame number for completed ISOC transfer for none DDMA
      usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC
      usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i]
      usb: phy: mxs: Disable external charger detect in mxs_phy_hw_init()
      usb: dwc2: Fix DMA cache alignment issues
      usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression)
      USB: Fix chipmunk-like voice when using Logitech C270 for recording audio.
      USB: usb-storage: Add new ID to ums-realtek
      usb: typec: ucsi: ccg: fix memory leak in do_flash
      USB: serial: option: add Telit 0x1260 and 0x1261 compositions
      USB: serial: pl2303: add Allied Telesis VT-Kit3
      USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode
  3. Merge tag 'powerpc-5.2-4' of git://…

    torvalds committed Jun 15, 2019
    Pull powerpc fixes from Michael Ellerman:
     "One fix for a regression introduced by our 32-bit KASAN support, which
      broke booting on machines with "bootx" early debugging enabled.
      A fix for a bug which broke kexec on 32-bit, introduced by changes to
      the 32-bit STRICT_KERNEL_RWX support in v5.1.
      Finally two fixes going to stable for our THP split/collapse handling,
      discovered by Nick. The first fixes random crashes and/or corruption
      in guests under sufficient load.
      Thanks to: Nicholas Piggin, Christophe Leroy, Aaro Koskinen, Mathieu
    * tag 'powerpc-5.2-4' of git://
      powerpc/32s: fix booting with CONFIG_PPC_EARLY_DEBUG_BOOTX
      powerpc/64s: __find_linux_pte() synchronization vs pmdp_invalidate()
      powerpc/64s: Fix THP PMD collapse serialisation
      powerpc: Fix kexec failure on book3s/32
  4. Merge tag 'trace-v5.2-rc4' of git://…

    torvalds committed Jun 15, 2019
    Pull tracing fixes from Steven Rostedt:
     - Out of range read of stack trace output
     - Fix for NULL pointer dereference in trace_uprobe_create()
     - Fix to a livepatching / ftrace permission race in the module code
     - Fix for NULL pointer dereference in free_ftrace_func_mapper()
     - A couple of build warning clean ups
    * tag 'trace-v5.2-rc4' of git://
      ftrace: Fix NULL pointer dereference in free_ftrace_func_mapper()
      module: Fix livepatch/ftrace module text permissions race
      tracing/uprobe: Fix obsolete comment on trace_uprobe_create()
      tracing/uprobe: Fix NULL pointer dereference in trace_uprobe_create()
      tracing: Make two symbols static
      tracing: avoid build warning with HAVE_NOP_MCOUNT
      tracing: Fix out-of-range read in trace_stack_print()
  5. x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback

    Borislav Petkov
    Borislav Petkov committed Jun 13, 2019
    Adric Blake reported the following warning during suspend-resume:
      Enabling non-boot CPUs ...
      x86: Booting SMP configuration:
      smpboot: Booting Node 0 Processor 1 APIC 0x2
      unchecked MSR access error: WRMSR to 0x10f (tried to write 0x0000000000000000) \
       at rIP: 0xffffffff8d267924 (native_write_msr+0x4/0x20)
      Call Trace:
       ? x86_pmu_dead_cpu
       ? _raw_spin_lock_irqsave
      microcode: sig=0x806ea, pf=0x80, revision=0x96
      microcode: updated to revision 0xb4, date = 2019-04-01
      CPU1 is up
    The MSR in question is MSR_TFA_RTM_FORCE_ABORT and that MSR is emulated
    by microcode. The log above shows that the microcode loader callback
    happens after the PMU restoration, leading to the conjecture that
    because the microcode hasn't been updated yet, that MSR is not present
    yet, leading to the #GP.
    Add a microcode loader-specific hotplug vector which comes before
    the PERF vectors and thus executes earlier and makes sure the MSR is
    Fixes: 400816f ("perf/x86/intel: Implement support for TSX Force Abort")
    Reported-by: Adric Blake <>
    Signed-off-by: Borislav Petkov <>
    Reviewed-by: Thomas Gleixner <>
    Cc: Peter Zijlstra <>
    Cc: <>
  6. Merge branch 'for-5.2-fixes' of git://…

    torvalds committed Jun 15, 2019
    Pull cgroup fixes from Tejun Heo:
     "This has an unusually high density of tricky fixes:
       - task_get_css() could deadlock when it races against a dying cgroup.
       - cgroup.procs didn't list thread group leaders with live threads.
         This could mislead readers to think that a cgroup is empty when
         it's not. Fixed by making PROCS iterator include dead tasks. I made
         a couple mistakes making this change and this pull request contains
         a couple follow-up patches.
       - When cpusets run out of online cpus, it updates cpusmasks of member
         tasks in bizarre ways. Joel improved the behavior significantly"
    * 'for-5.2-fixes' of git://
      cpuset: restore sanity to cpuset_cpus_allowed_fallback()
      cgroup: Fix css_task_iter_advance_css_set() cset skip condition
      cgroup: css_task_iter_skip()'d iterators must be advanced before accessed
      cgroup: Include dying leaders with live threads in PROCS iterations
      cgroup: Implement css_task_iter_skip()
      cgroup: Call cgroup_release() before __exit_signal()
      docs cgroups: add another example size for hugetlb
      cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css()
  7. Merge tag 'drm-fixes-2019-06-14' of git://…

    torvalds committed Jun 15, 2019
    Pull drm fixes from Daniel Vetter:
     "Nothing unsettling here, also not aware of anything serious still
      The edid override regression fix took a bit longer since this seems to
      be an area with an overabundance of bad options. But the fix we have
      now seems like a good path forward.
      Next week it should be back to Dave.
       - fix regression on amdgpu on SI
       - fix edid override regression
       - driver fixes: amdgpu, i915, mediatek, meson, panfrost
       - fix writecombine for vmap in gem-shmem helper (used by panfrost)
       - add more panel quirks"
    * tag 'drm-fixes-2019-06-14' of git:// (25 commits)
      drm/amdgpu: return 0 by default in amdgpu_pm_load_smu_firmware
      drm/amdgpu: Fix bounds checking in amdgpu_ras_is_supported()
      drm: add fallback override/firmware EDID modes workaround
      drm/edid: abstract override/firmware EDID retrieval
      drm/i915/perf: fix whitelist on Gen10+
      drm/i915/sdvo: Implement proper HDMI audio support for SDVO
      drm/i915: Fix per-pixel alpha with CCS
      drm/i915/dmc: protect against reading random memory
      drm/i915/dsi: Use a fuzzy check for burst mode clock check
      drm/amdgpu/{uvd,vcn}: fetch ring's read_ptr after alloc
      drm/panfrost: Require the simple_ondemand governor
      drm/panfrost: make devfreq optional again
      drm/gem_shmem: Use a writecombine mapping for ->vaddr
      drm: panel-orientation-quirks: Add quirk for GPD MicroPC
      drm: panel-orientation-quirks: Add quirk for GPD pocket2
      drm/meson: fix G12A primary plane disabling
      drm/meson: fix primary plane disabling
      drm/meson: fix G12A HDMI PLL settings for 4K60 1000/1001 variations
      drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable()
      drm/mediatek: clear num_pipes when unbind driver
  8. Merge tag 'gfs2-v5.2.fixes2' of git://…

    torvalds committed Jun 15, 2019
    Pull gfs2 fix from Andreas Gruenbacher:
     "Fix rounding error in gfs2_iomap_page_prepare"
    * tag 'gfs2-v5.2.fixes2' of git://
      gfs2: Fix rounding error in gfs2_iomap_page_prepare
  9. Merge tag 'scsi-fixes' of git://…

    torvalds committed Jun 15, 2019
    Pull SCSI fix from James Bottomley:
     "A single bug fix for hpsa.
      The user visible consequences aren't clear, but the ioaccel2 raid
      acceleration may misfire on the malformed request assuming the payload
      is big enough to require chaining (more than 31 sg entries)"
    * tag 'scsi-fixes' of git://
      scsi: hpsa: correct ioaccel2 chaining
  10. Merge tag 'for-linus-20190614' of git://

    torvalds committed Jun 15, 2019
    Pull block fixes from Jens Axboe:
     - Remove references to old schedulers for the scheduler switching and
       blkio controller documentation (Andreas)
     - Kill duplicate check for report zone for null_blk (Chaitanya)
     - Two bcache fixes (Coly)
     - Ensure that mq-deadline is selected if zoned block device is enabled,
       as we need that to support them (Damien)
     - Fix io_uring memory leak (Eric)
     - ps3vram fallout from LBDAF removal (Geert)
     - Redundant blk-mq debugfs debugfs_create return check cleanup (Greg)
     - Extend NOPLM quirk for ST1000LM024 drives (Hans)
     - Remove error path warning that can now trigger after the queue
       removal/addition fixes (Ming)
    * tag 'for-linus-20190614' of git://
      block/ps3vram: Use %llu to format sector_t after LBDAF removal
      libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk
      bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached
      bcache: fix stack corruption by PRECEDING_KEY()
      blk-mq: remove WARN_ON(!q->elevator) from blk_mq_sched_free_requests
      blkio-controller.txt: Remove references to CFQ
      block/switching-sched.txt: Update to blk-mq schedulers
      null_blk: remove duplicate check for report zone
      blk-mq: no need to check return value of debugfs_create functions
      io_uring: fix memory leak of UNIX domain socket inode
      block: force select mq-deadline for zoned block devices
  11. Merge branch 'i2c/for-current' of git://…

    torvalds committed Jun 15, 2019
    Pull i2c fixes from Wolfram Sang:
     "I2C has two simple but wanted driver fixes for you"
    * 'i2c/for-current' of git://
      i2c: pca-platform: Fix GPIO lookup code
      i2c: acorn: fix i2c warning
  12. Smack: Restore the smackfsdef mount option and add missing prefixes

    cschaufler authored and torvalds committed May 31, 2019
    The 5.1 mount system rework changed the smackfsdef mount option to
    smackfsdefault.  This fixes the regression by making smackfsdef treated
    the same way as smackfsdefault.
    Also fix the smack_param_specs[] to have "smack" prefixes on all the
    names.  This isn't visible to a user unless they either:
     (a) Try to mount a filesystem that's converted to the internal mount API
         and that implements the ->parse_monolithic() context operation - and
         only then if they call security_fs_context_parse_param() rather than
         There are no examples of this upstream yet, but nfs will probably want
         to do this for nfs2 or nfs3.
     (b) Use fsconfig() to configure the filesystem - in which case
         security_fs_context_parse_param() will be called.
    This issue is that smack_sb_eat_lsm_opts() checks for the "smack" prefix
    on the options, but smack_fs_context_parse_param() does not.
    Fixes: c3300aa ("smack: get rid of match_token()")
    Fixes: 2febd25 ("smack: Implement filesystem context security hooks")
    Reported-by: Jose Bollo <>
    Signed-off-by: Casey Schaufler <>
    Signed-off-by: David Howells <>
    Tested-by: Casey Schaufler <>
    Signed-off-by: Linus Torvalds <>
Commits on Jun 14, 2019
  1. ftrace: Fix NULL pointer dereference in free_ftrace_func_mapper()

    Wei Li authored and rostedt committed Jun 6, 2019
    The mapper may be NULL when called from register_ftrace_function_probe()
    with probe->data == NULL.
    This issue can be reproduced as follow (it may be covered by compiler
    optimization sometime):
    / # cat /sys/kernel/debug/tracing/set_ftrace_filter
    #### all functions enabled ####
    / # echo foo_bar:dump > /sys/kernel/debug/tracing/set_ftrace_filter
    [  206.949100] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
    [  206.952402] Mem abort info:
    [  206.952819]   ESR = 0x96000006
    [  206.955326]   Exception class = DABT (current EL), IL = 32 bits
    [  206.955844]   SET = 0, FnV = 0
    [  206.956272]   EA = 0, S1PTW = 0
    [  206.956652] Data abort info:
    [  206.957320]   ISV = 0, ISS = 0x00000006
    [  206.959271]   CM = 0, WnR = 0
    [  206.959938] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000419f3a000
    [  206.960483] [0000000000000000] pgd=0000000411a87003, pud=0000000411a83003, pmd=0000000000000000
    [  206.964953] Internal error: Oops: 96000006 [#1] SMP
    [  206.971122] Dumping ftrace buffer:
    [  206.973677]    (ftrace buffer empty)
    [  206.975258] Modules linked in:
    [  206.976631] Process sh (pid: 281, stack limit = 0x(____ptrval____))
    [  206.978449] CPU: 10 PID: 281 Comm: sh Not tainted 5.2.0-rc1+ #17
    [  206.978955] Hardware name: linux,dummy-virt (DT)
    [  206.979883] pstate: 60000005 (nZCv daif -PAN -UAO)
    [  206.980499] pc : free_ftrace_func_mapper+0x2c/0x118
    [  206.980874] lr : ftrace_count_free+0x68/0x80
    [  206.982539] sp : ffff0000182f3ab0
    [  206.983102] x29: ffff0000182f3ab0 x28: ffff8003d0ec1700
    [  206.983632] x27: ffff000013054b40 x26: 0000000000000001
    [  206.984000] x25: ffff00001385f000 x24: 0000000000000000
    [  206.984394] x23: ffff000013453000 x22: ffff000013054000
    [  206.984775] x21: 0000000000000000 x20: ffff00001385fe28
    [  206.986575] x19: ffff000013872c30 x18: 0000000000000000
    [  206.987111] x17: 0000000000000000 x16: 0000000000000000
    [  206.987491] x15: ffffffffffffffb0 x14: 0000000000000000
    [  206.987850] x13: 000000000017430e x12: 0000000000000580
    [  206.988251] x11: 0000000000000000 x10: cccccccccccccccc
    [  206.988740] x9 : 0000000000000000 x8 : ffff000013917550
    [  206.990198] x7 : ffff000012fac2e8 x6 : ffff000012fac000
    [  206.991008] x5 : ffff0000103da588 x4 : 0000000000000001
    [  206.991395] x3 : 0000000000000001 x2 : ffff000013872a28
    [  206.991771] x1 : 0000000000000000 x0 : 0000000000000000
    [  206.992557] Call trace:
    [  206.993101]  free_ftrace_func_mapper+0x2c/0x118
    [  206.994827]  ftrace_count_free+0x68/0x80
    [  206.995238]  release_probe+0xfc/0x1d0
    [  206.995555]  register_ftrace_function_probe+0x4a8/0x868
    [  206.995923]  ftrace_trace_probe_callback.isra.4+0xb8/0x180
    [  206.996330]  ftrace_dump_callback+0x50/0x70
    [  206.996663]  ftrace_regex_write.isra.29+0x290/0x3a8
    [  206.997157]  ftrace_filter_write+0x44/0x60
    [  206.998971]  __vfs_write+0x64/0xf0
    [  206.999285]  vfs_write+0x14c/0x2f0
    [  206.999591]  ksys_write+0xbc/0x1b0
    [  206.999888]  __arm64_sys_write+0x3c/0x58
    [  207.000246]  el0_svc_common.constprop.0+0x408/0x5f0
    [  207.000607]  el0_svc_handler+0x144/0x1c8
    [  207.000916]  el0_svc+0x8/0xc
    [  207.003699] Code: aa0003f8 a9025bf5 aa0103f5 f946ea80 (f9400303)
    [  207.008388] ---[ end trace 7b6d11b5f542bdf1 ]---
    [  207.010126] Kernel panic - not syncing: Fatal exception
    [  207.011322] SMP: stopping secondary CPUs
    [  207.013956] Dumping ftrace buffer:
    [  207.014595]    (ftrace buffer empty)
    [  207.015632] Kernel Offset: disabled
    [  207.017187] CPU features: 0x002,20006008
    [  207.017985] Memory Limit: none
    [  207.019825] ---[ end Kernel panic - not syncing: Fatal exception ]---
    Signed-off-by: Wei Li <>
    Signed-off-by: Steven Rostedt (VMware) <>
  2. module: Fix livepatch/ftrace module text permissions race

    jpoimboe authored and rostedt committed Jun 14, 2019
    It's possible for livepatch and ftrace to be toggling a module's text
    permissions at the same time, resulting in the following panic:
      BUG: unable to handle page fault for address: ffffffffc005b1d9
      #PF: supervisor write access in kernel mode
      #PF: error_code(0x0003) - permissions violation
      PGD 3ea0c067 P4D 3ea0c067 PUD 3ea0e067 PMD 3cc13067 PTE 3b8a1061
      Oops: 0003 [#1] PREEMPT SMP PTI
      CPU: 1 PID: 453 Comm: insmod Tainted: G           O  K   5.2.0-rc1-a188339ca5 #1
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-20181126_142135-anatol 04/01/2014
      RIP: 0010:apply_relocate_add+0xbe/0x14c
      Code: fa 0b 74 21 48 83 fa 18 74 38 48 83 fa 0a 75 40 eb 08 48 83 38 00 74 33 eb 53 83 38 00 75 4e 89 08 89 c8 eb 0a 83 38 00 75 43 <89> 08 48 63 c1 48 39 c8 74 2e eb 48 83 38 00 75 32 48 29 c1 89 08
      RSP: 0018:ffffb223c00dbb10 EFLAGS: 00010246
      RAX: ffffffffc005b1d9 RBX: 0000000000000000 RCX: ffffffff8b200060
      RDX: 000000000000000b RSI: 0000004b0000000b RDI: ffff96bdfcd33000
      RBP: ffffb223c00dbb38 R08: ffffffffc005d040 R09: ffffffffc005c1f0
      R10: ffff96bdfcd33c40 R11: ffff96bdfcd33b80 R12: 0000000000000018
      R13: ffffffffc005c1f0 R14: ffffffffc005e708 R15: ffffffff8b2fbc74
      FS:  00007f5f447beba8(0000) GS:ffff96bdff900000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: ffffffffc005b1d9 CR3: 000000003cedc002 CR4: 0000000000360ea0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       ? preempt_latency_start+0x21/0x57
       ? virt_to_head_page+0x3a/0x3c
       ? kfree+0x8c/0x126
       patch_init+0x2ed/0x1000 [livepatch_test02]
       ? 0xffffffffc0060000
       ? kmem_cache_alloc_trace+0xc4/0xd4
       ? do_init_module+0x27/0x210
       ? fsnotify_path+0x3b/0x42
       ? strstarts+0x2b/0x2b
       ? kernel_read+0x58/0x65
       ? __do_sys_finit_module+0x9f/0xc3
    The above panic occurs when loading two modules at the same time with
    ftrace enabled, where at least one of the modules is a livepatch module:
    CPU0					CPU1
    	  *patches read-only code* - BOOM
    A similar race exists when toggling ftrace while loading a livepatch
    Fix it by ensuring that the livepatch and ftrace code patching
    operations -- and their respective permissions changes -- are protected
    by the text_mutex.
    Reported-by: Johannes Erdfelt <>
    Fixes: 444d13f ("modules: add ro_after_init support")
    Acked-by: Jessica Yu <>
    Reviewed-by: Petr Mladek <>
    Reviewed-by: Miroslav Benes <>
    Signed-off-by: Josh Poimboeuf <>
    Signed-off-by: Steven Rostedt (VMware) <>
  3. tracing/uprobe: Fix obsolete comment on trace_uprobe_create()

    Etsukata authored and rostedt committed Jun 14, 2019
    Commit 0597c49 ("tracing/uprobes: Use dyn_event framework for
    uprobe events") cleaned up the usage of trace_uprobe_create(), and the
    function has been no longer used for removing uprobe/uretprobe.
    Reviewed-by: Srikar Dronamraju <>
    Signed-off-by: Eiichi Tsukata <>
    Signed-off-by: Steven Rostedt (VMware) <>
  4. tracing/uprobe: Fix NULL pointer dereference in trace_uprobe_create()

    Etsukata authored and rostedt committed Jun 14, 2019
    Just like the case of commit 8b05a3a ("tracing/kprobes: Fix NULL
    pointer dereference in trace_kprobe_create()"), writing an incorrectly
    formatted string to uprobe_events can trigger NULL pointer dereference.
      # echo r > /sys/kernel/debug/tracing/uprobe_events
      BUG: kernel NULL pointer dereference, address: 0000000000000000
      #PF: supervisor read access in kernel mode
      #PF: error_code(0x0000) - not-present page
      PGD 8000000079d12067 P4D 8000000079d12067 PUD 7b7ab067 PMD 0
      Oops: 0000 [#1] PREEMPT SMP PTI
      CPU: 0 PID: 1903 Comm: bash Not tainted 5.2.0-rc3+ #15
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-2.fc30 04/01/2014
      RIP: 0010:strchr+0x0/0x30
      Code: c0 eb 0d 84 c9 74 18 48 83 c0 01 48 39 d0 74 0f 0f b6 0c 07 3a 0c 06 74 ea 19 c0 83 c8 01 c3 31 c0 c3 0f 1f 84 00 00 00 00 00 <0f> b6 07 89 f2 40 38 f0 75 0e eb 13 0f b6 47 01 48 83 c
      RSP: 0018:ffffb55fc0403d10 EFLAGS: 00010293
      RAX: ffff993ffb793400 RBX: 0000000000000000 RCX: ffffffffa4852625
      RDX: 0000000000000000 RSI: 000000000000002f RDI: 0000000000000000
      RBP: ffffb55fc0403dd0 R08: ffff993ffb793400 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
      R13: ffff993ff9cc1668 R14: 0000000000000001 R15: 0000000000000000
      FS:  00007f30c5147700(0000) GS:ffff993ffda00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000000000000000 CR3: 000000007b628000 CR4: 00000000000006f0
      Call Trace:
       ? __kmalloc_track_caller+0xe6/0x1c0
       ? __kmalloc+0xf0/0x1d0
       ? trace_uprobe_create+0xb10/0xb10
       ? trace_uprobe_create+0xb10/0xb10
       ? probes_open+0x80/0x80
    Fixes: 0597c49 ("tracing/uprobes: Use dyn_event framework for uprobe events")
    Reviewed-by: Srikar Dronamraju <>
    Signed-off-by: Eiichi Tsukata <>
    Signed-off-by: Steven Rostedt (VMware) <>
  5. tracing: Make two symbols static

    YueHaibing authored and rostedt committed Jun 14, 2019
    Fix sparse warnings:
    kernel/trace/trace.c:6927:24: warning:
     symbol 'get_tracing_log_err' was not declared. Should it be static?
    kernel/trace/trace.c:8196:15: warning:
     symbol 'trace_instance_dir' was not declared. Should it be static?
    Acked-by: Tom Zanussi <>
    Reported-by: Hulk Robot <>
    Signed-off-by: YueHaibing <>
    Signed-off-by: Steven Rostedt (VMware) <>
  6. tracing: avoid build warning with HAVE_NOP_MCOUNT

    Vasily Gorbik authored and rostedt committed Jun 5, 2019
    Selecting HAVE_NOP_MCOUNT enables -mnop-mcount (if gcc supports it)
    and sets CC_USING_NOP_MCOUNT. Reuse __is_defined (which is suitable for
    testing CC_USING_* defines) to avoid conditional compilation and fix
    the following gcc 9 warning on s390:
    kernel/trace/ftrace.c:2514:1: warning: ‘ftrace_code_disable’ defined
    but not used [-Wunused-function]
    Fixes: 2f4df00 ("tracing: Add -mcount-nop option support")
    Signed-off-by: Vasily Gorbik <>
    Signed-off-by: Steven Rostedt (VMware) <>
  7. tracing: Fix out-of-range read in trace_stack_print()

    Etsukata authored and rostedt committed Jun 10, 2019
    Puts range check before dereferencing the pointer.
      # echo stacktrace > trace_options
      # echo 1 > events/enable
      # cat trace > /dev/null
    KASAN report:
      BUG: KASAN: use-after-free in trace_stack_print+0x26b/0x2c0
      Read of size 8 at addr ffff888069d20000 by task cat/1953
      CPU: 0 PID: 1953 Comm: cat Not tainted 5.2.0-rc3+ #5
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-2.fc30 04/01/2014
      Call Trace:
       ? trace_stack_print+0x26b/0x2c0
       ? trace_stack_print+0x26b/0x2c0
       ? trace_stack_print+0x26b/0x2c0
       ? tracing_buffers_read+0x700/0x700
       ? trace_find_next_entry_inc+0x158/0x1d0
       ? seq_escape+0x230/0x230
       ? kernel_write+0x110/0x110
       ? perf_trace_sys_enter+0x8a0/0x8a0
       ? syscall_slow_exit_work+0xa9/0x410
       ? prepare_exit_to_usermode+0x165/0x200
      RIP: 0033:0x7f867681f910
      Code: b6 fe ff ff 48 8d 3d 0f be 08 00 48 83 ec 08 e8 06 db 01 00 66 0f 1f 44 00 00 83 3d f9 2d 2c 00 00 75 10 b8 00 00 00 00 04
      RSP: 002b:00007ffdabf23488 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
      RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007f867681f910
      RDX: 0000000000020000 RSI: 00007f8676cde000 RDI: 0000000000000003
      RBP: 00007f8676cde000 R08: ffffffffffffffff R09: 0000000000000000
      R10: 0000000000000871 R11: 0000000000000246 R12: 00007f8676cde000
      R13: 0000000000000003 R14: 0000000000020000 R15: 0000000000000ec0
      Allocated by task 1214:
      Freed by task 1214:
      The buggy address belongs to the object at ffff888069d20000
       which belongs to the cache names_cache of size 4096
      The buggy address is located 0 bytes inside of
       4096-byte region [ffff888069d20000, ffff888069d21000)
      The buggy address belongs to the page:
      page:ffffea0001a74800 refcount:1 mapcount:0 mapping:ffff88806ccd1380 index:0x0 compound_mapcount: 0
      flags: 0x100000000010200(slab|head)
      raw: 0100000000010200 dead000000000100 dead000000000200 ffff88806ccd1380
      raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000
      page dumped because: kasan: bad access detected
      Memory state around the buggy address:
       ffff888069d1ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
       ffff888069d1ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      >ffff888069d20000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
       ffff888069d20080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
       ffff888069d20100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
    Fixes: 4285f2f ("tracing: Remove the ULONG_MAX stack trace hackery")
    Signed-off-by: Eiichi Tsukata <>
    Signed-off-by: Steven Rostedt (VMware) <>
  8. gfs2: Fix rounding error in gfs2_iomap_page_prepare

    Andreas Gruenbacher
    Andreas Gruenbacher committed Jun 8, 2019
    The pos and len arguments to the iomap page_prepare callback are not
    block aligned, so we need to take that into account when computing the
    number of blocks.
    Fixes: d0a22a4 ("gfs2: Fix iomap write page reclaim deadlock")
    Signed-off-by: Andreas Gruenbacher <>
  9. Merge tag 'arm64-fixes' of git://…

    torvalds committed Jun 14, 2019
    Pull arm64 fixes from Will Deacon:
     "Here are some arm64 fixes for -rc5.
      The only non-trivial change (in terms of the diffstat) is fixing our
      SVE ptrace API for big-endian machines, but the majority of this is
      actually the addition of much-needed comments and updates to the
      documentation to try to avoid this mess biting us again in future.
      There are still a couple of small things on the horizon, but nothing
      major at this point.
       - Fix broken SVE ptrace API when running in a big-endian configuration
       - Fix performance regression due to off-by-one in TLBI range checking
       - Fix build regression when using Clang"
    * tag 'arm64-fixes' of git://
      arm64/sve: Fix missing SVE/FPSIMD endianness conversions
      arm64: tlbflush: Ensure start/end of address range are aligned to stride
      arm64: Don't unconditionally add -Wno-psabi to KBUILD_CFLAGS
  10. Merge branch 'akpm' (patches from Andrew)

    torvalds committed Jun 14, 2019
    Merge misc fixes from Andrew Morton:
     "16 fixes"
    * emailed patches from Andrew Morton <>:
      mm/devm_memremap_pages: fix final page put race
      PCI/P2PDMA: track pgmap references per resource, not globally
      lib/genalloc: introduce chunk owners
      PCI/P2PDMA: fix the gen_pool_add_virt() failure path
      mm/devm_memremap_pages: introduce devm_memunmap_pages
      drivers/base/devres: introduce devm_release_action()
      mm/vmscan.c: fix trying to reclaim unevictable LRU page
      coredump: fix race condition between collapse_huge_page() and core dumping
      mm/mlock.c: change count_mm_mlocked_page_nr return type
      mm: mmu_gather: remove __tlb_reset_range() for force flush
      fs/ocfs2: fix race in ocfs2_dentry_attach_lock()
      mm/vmscan.c: fix recent_rotated history
      mm/mlock.c: mlockall error for flag MCL_ONFAULT
      scripts/ prefix addr2line with $CROSS_COMPILE
      mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node
      mm: memcontrol: don't batch updates of local VM stats and events
  11. Merge branch 'drm-fixes-5.2' of git://…

    danvet committed Jun 14, 2019
    …inux into drm-fixes
    Fixes for 5.2:
    - Extend previous vce fix for resume to uvd and vcn
    - Fix bounds checking in ras debugfs interface
    - Fix a regression on SI using amdgpu
    Signed-off-by: Daniel Vetter <>
    From: Alex Deucher <>
  12. Merge tag 'iommu-fixes-v5.2-rc4' of git://…

    torvalds committed Jun 14, 2019
    Pull iommu fixes from Joerg Roedel:
     - three fixes for Intel VT-d to fix a potential dead-lock, a formatting
       fix and a bit setting fix
     - one fix for the ARM-SMMU to make it work on some platforms with
       sub-optimal SMMU emulation
    * tag 'iommu-fixes-v5.2-rc4' of git://
      iommu/arm-smmu: Avoid constant zero in TLBI writes
      iommu/vt-d: Set the right field for Page Walk Snoop
      iommu/vt-d: Fix lock inversion between iommu->lock and device_domain_lock
      iommu: Add missing new line for dma type
  13. Merge tag 'gpio-v5.2-3' of git://…

    torvalds committed Jun 14, 2019
    Pull GPIO fix from Linus Walleij:
     "A single fix for the PCA953x driver affecting some fringe variants of
      the chip"
    * tag 'gpio-v5.2-3' of git://
      gpio: pca953x: hack to fix 24 bit gpio expanders
You can’t perform that action at this time.