The caller of rxrpc_accept_call() must release the lock on call->user_mutex
returned by that function.
Signed-off-by: David Howells <dhowells@redhat.com>
The recent conversion of the task state recording to use task_state_index()
broke the sched_switch tracepoint task state output.
task_state_index() returns surprisingly an index (0-7) which is then
printed with __print_flags() applying bitmasks. Not really working and
resulting in weird states like 'prev_state=t' instead of 'prev_state=I'.
Use TASK_REPORT_MAX instead of TASK_STATE_MAX to report preemption. Build a
bitmask from the return value of task_state_index() and store it in
entry->prev_state, which makes __print_flags() work as expected.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: stable@vger.kernel.org
Fixes: efb40f588b ("sched/tracing: Fix trace_sched_switch task-state printing")
Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1711221304180.1751@nanos
Signed-off-by: Ingo Molnar <mingo@kernel.org>
The kbuild test robot reported this build warning:
Warning: arch/x86/tools/test_get_len found difference at <jump_table>:ffffffff8103dd2c
Warning: ffffffff8103dd82: f6 09 d8 testb $0xd8,(%rcx)
Warning: objdump says 3 bytes, but insn_get_length() says 2
Warning: decoded and checked 1569014 instructions with 1 warnings
This sequence seems to be a new instruction not in the opcode map in the Intel SDM.
The instruction sequence is "F6 09 d8", means Group3(F6), MOD(00)REG(001)RM(001), and 0xd8.
Intel SDM vol2 A.4 Table A-6 said the table index in the group is "Encoding of Bits 5,4,3 of
the ModR/M Byte (bits 2,1,0 in parenthesis)"
In that table, opcodes listed by the index REG bits as:
000 001 010 011 100 101 110 111
TEST Ib/Iz,(undefined),NOT,NEG,MUL AL/rAX,IMUL AL/rAX,DIV AL/rAX,IDIV AL/rAX
So, it seems TEST Ib is assigned to 001.
Add the new pattern.
Reported-by: kbuild test robot <fengguang.wu@intel.com>
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: <stable@vger.kernel.org>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Pull networking fixes from David Miller:
1) Fix PCI IDs of 9000 series iwlwifi devices, from Luca Coelho.
2) bpf offload bug fixes from Jakub Kicinski.
3) Fix bpf verifier to NOP out code which is dead at run time because
due to branch pruning the verifier will not explore such
instructions. From Alexei Starovoitov.
4) Fix crash when deleting secondary chains in packet scheduler
classifier. From Roman Kapl.
5) Fix buffer management bugs in smc, from Ursula Braun.
6) Fix regression in anycast route handling, from David Ahern.
7) Fix link settings regression in r8169, from Tobias Jakobi.
8) Add back enough UFO support so that live migration still works, from
Willem de Bruijn.
9) Linearize enough packet data for the full extent to which the ipvlan
code will inspect the packet headers, from Gao Feng.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (46 commits)
ipvlan: Fix insufficient skb linear check for ipv6 icmp
ipvlan: Fix insufficient skb linear check for arp
geneve: only configure or fill UDP_ZERO_CSUM6_RX/TX info when CONFIG_IPV6
net: dsa: bcm_sf2: Clear IDDQ_GLOBAL_PWR bit for PHY
net: accept UFO datagrams from tuntap and packet
net: realtek: r8169: implement set_link_ksettings()
net: ipv6: Fixup device for anycast routes during copy
net/smc: Fix preinitialization of buf_desc in __smc_buf_create()
net/smc: use sk_rcvbuf as start for rmb creation
ipv6: Do not consider linkdown nexthops during multipath
net: sched: fix crash when deleting secondary chains
net: phy: cortina: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
bpf: fix branch pruning logic
bpf: change bpf_perf_event_output arg5 type to ARG_CONST_SIZE_OR_ZERO
bpf: change bpf_probe_read_str arg2 type to ARG_CONST_SIZE_OR_ZERO
bpf: remove explicit handling of 0 for arg2 in bpf_probe_read
bpf: introduce ARG_PTR_TO_MEM_OR_NULL
i40evf: Use smp_rmb rather than read_barrier_depends
fm10k: Use smp_rmb rather than read_barrier_depends
igb: Use smp_rmb rather than read_barrier_depends
...
Fix two issues resulting from the dell-smbios refactoring and
introduction of the dell-smbios-wmi dispatcher. The first ensures a
proper error code is returned when kzalloc fails. The second avoids an
issue in older Dell BIOS implementations which would fail if the more
complex calls were made by limiting those platforms to the simple calls
such as those used by the existing dell-laptop and dell-wmi drivers,
preserving their functionality prior to the addition of the
dell-smbios-wmi dispatcher.
The following is an automated git shortlog grouped by driver:
dell-laptop:
- Fix error return code in dell_init()
dell-smbios-wmi:
- Disable userspace interface if missing hotfix
-----BEGIN PGP SIGNATURE-----
iQEcBAABAgAGBQJaFg4hAAoJEKbMaAwKp3647McIALuFgfx4WCM0QDlvvvyyjayv
WtGcxGOgafPEVuHn5OyTIOYNlko009uhV/Y3D+F4/Fo4Q3zu3iBu479BALBXr9Uj
OEkFxdJnrSTCpExsBDuCOEpB1eLvr2ceWF7KAmWR7cktLCtd6E7vNzLF/VOdiC/z
yGvuAwQtMvX3RnR0DWFcx4qJPDyIZCQJ0HLYlTG6mPjR5YkyOkxhKnmIj+ljU5jV
M7/yBH8EpI6YLjN0uGdWXHYiEp45OX5CJMSHGvKI6KE5s+6dy1r5fJWw/FLSSGgv
wxBiuQuDGeDdqcKBCEAZ4fedvbQRJdSUlY/ZDgWtBzpSY/AdCexyY5zAR0XVxos=
=NK+B
-----END PGP SIGNATURE-----
Merge tag 'platform-drivers-x86-v4.15-2' of git://git.infradead.org/linux-platform-drivers-x86
Pull x86 platform driver fixes from Darren Hart:
"Fix two issues resulting from the dell-smbios refactoring and
introduction of the dell-smbios-wmi dispatcher.
The first ensures a proper error code is returned when kzalloc fails.
The second avoids an issue in older Dell BIOS implementations which
would fail if the more complex calls were made by limiting those
platforms to the simple calls such as those used by the existing
dell-laptop and dell-wmi drivers, preserving their functionality prior
to the addition of the dell-smbios-wmi dispatcher"
* tag 'platform-drivers-x86-v4.15-2' of git://git.infradead.org/linux-platform-drivers-x86:
platform/x86: dell-laptop: fix error return code in dell_init()
platform/x86: dell-smbios-wmi: Disable userspace interface if missing hotfix
Two basic fixes: one for the sparse problem with the blacklist flags
and another for a hang forever in bnx2i.
Signed-off-by: James E.J. Bottomley <jejb@linux.vnet.ibm.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJaFmsjAAoJEAVr7HOZEZN4YNEP/Al9FcWLPhjXBgXLPyubqSHP
okVIuXgDa32sNO11z9MOmPIIqHoDEBIupjIAqGaLlwkTOGEEJNsnx55kQnoYVmkU
cQ+toq6mn9nX4Sg48J/ymIKHd9d1THdmbK7q0w18yQChO0DUfppZnmfBF7fktiKO
nXPEV7kDtNSEfgdaDVGiDexDUFdHc9XReiGeHZOAKKyEZfKc5f/D7rAWEW5q/FXQ
gP6EVQJBxAUTLwwu50SUOkyPOfdCDbqPBbWKK4lgtVFIWgFC2RkQwpIcxjInvRYI
D5O58p5fnWN5jGjGcqKFzrDBjbQpX42FReyTSz/6pqqmBTjYm9Fj6umcHDc2NBpL
BmcVhYXC6Up145bGpTUD0tMI70LFkW08RIAfhFMjL1PUI1B1mxKMQ++PLRFIYprZ
rEK0EcYWPwDi3uk/250TKx3YrNS94p6/NlFhAxzIWz5sZgcDNlNGmlyliW0OuQUX
BT1nL/+RPYitm/yI9W0M6t26+ENTzmieetdtiBI1iD7KMkLAvmrYjGK6lXtpBawA
4CNAMLlhyZBY4fpV/i+hDJN5Ex90rA04JBgYRWgAQ4s8dZHMGWw86UaXXQj2ngMw
D67qEj9jSNo5pMoI3UwKhQXPV4M4gU7wM7wK71m4uY6a8UM4G+DhzO/ZPFcqxhW8
cXziiXtoFdiDNthGjpJU
=Geku
-----END PGP SIGNATURE-----
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"Two basic fixes: one for the sparse problem with the blacklist flags
and another for a hang forever in bnx2i"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: Use 'blist_flags_t' for scsi_devinfo flags
scsi: bnx2fc: Fix hung task messages when a cleanup response is not received during abort
All commits found here are small fixes for regression or stable:
- PCM timestamp behavior fix that could be seen as a regression
- Remove spurious WARN_ON() from ALSA timer 32bit compat ioctl
- HD-audio HDMI/DP channel mapping fix for 32bit archs
- Fix the previous fix for HD-audio initialization code
- More hardening USB-audio against malicious USB descriptors
- HD-audio quirks/fixes (Realtek codec, AMD controller)
- Missing help text for the recent Intel SST kconfig change
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAloWo6MOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE/ZNg//WUXr72TCs6OdO45C0tbmHTa3xYNSZGsMcbBx
9GoNk69SGpy9KHX5Xdtgax71mrUXO2BN+vU5R04oVWjcBs7L+BpbVRk9/HMgBYPz
GEnwziRXG7YiHmMsbxLhu3gjky2qwrmCZQAFMTIR1z9tFDwZwraLuvdE5iZoB8bu
r7fatcyF8Wqfg2IwqRdJ/ECheFN00TqzPSWG/p8DOrGl/lXaOWv1IJ9rXOzNdkgx
6UOS5Z6kgaxm6d7Ym7Chn3Fl7EbrKCqCFLw/yG1KB199Q+fiQNeGZgVjLbPIFGjS
K4dA7p7Ko6eqZP4t8QrvbgW6QBVrjXG5iTW4DBKs7VPUiRcNctGjdSf00ERu+HV5
NCGEpnYQ5O6mAIHUcXPaQX+0lsK5J2In1ZuBql51sSISGxKH3KZR4yubXcjRbGYL
IrcwLPdnBaG/V2C6EQwjCiJgXPZwclbZgpU+Js6VWwKKChzLexVVnJHvfPAr+Up/
uMM5qkimNUJAzCP0v3IRr9RSSscdISM5qKhTloE9q5RqnON74GMjtZ+VisHgt7Pd
elDkMMEpxVs2ydj7AxwquaXkfUtEtRswwg9CmpJ8qjUGLcqU4K7N3NdK3HCh+Tp6
EbXzaVCesXN3/MUNjpEoD80KsE2DPYgXYw24DT0LuGVXgTlVm8qkZ21rUK94U7W0
B9XAAsE=
=iYNz
-----END PGP SIGNATURE-----
Merge tag 'sound-fix-4.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"All commits found here are small fixes for regression or stable:
- PCM timestamp behavior fix that could be seen as a regression
- Remove spurious WARN_ON() from ALSA timer 32bit compat ioctl
- HD-audio HDMI/DP channel mapping fix for 32bit archs
- Fix the previous fix for HD-audio initialization code
- More hardening USB-audio against malicious USB descriptors
- HD-audio quirks/fixes (Realtek codec, AMD controller)
- Missing help text for the recent Intel SST kconfig change"
* tag 'sound-fix-4.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda: Add Raven PCI ID
ALSA: hda/realtek - Fix ALC700 family no sound issue
ALSA: hda - Fix yet remaining issue with vmaster 0dB initialization
ALSA: usb-audio: Add sanity checks in v2 clock parsers
ALSA: usb-audio: Fix potential zero-division at parsing FU
ALSA: usb-audio: Fix potential out-of-bound access at parsing SU
ALSA: usb-audio: Add sanity checks to FE parser
ALSA: timer: Remove kernel warning at compat ioctl error paths
ALSA: pcm: update tstamp only if audio_tstamp changed
ALSA: hda/realtek: Add headset mic support for Intel NUC Skull Canyon
ALSA: hda: Fix too short HDMI/DP chmap reporting
ALSA: usb-audio: uac1: Invalidate ctl on interrupt
ALSA: hda/realtek - Fix ALC275 no sound issue
ASoC: Intel: Add help text for SND_SOC_INTEL_SST_TOPLEVEL
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJaFkpiAAoJEAx081l5xIa+LOcQAJqXyh7vx++oPe5kJFC2rCoX
MqX1aJ4nH8y04QJqLmKx1SC6eyYsTM92rcg3RfHOThktzonD5l2wSO9TvCkmLtr9
2n9P/aYMcbPTZntrbJc4mQyzd82U0D4h40i5Cmhr9n4gcLPOsOpau/7eclyuEUds
PHZSTCRq0Ygk1K5VWQPyKsY1k1TqFes2YE46FJzkD8SQwKDfbWxVZG0BPnvqb5Om
PMVobnEukruzpsSqnetaEYsW89e0TJ2TW9MSCfVohzWvyCVGzmwSzqaooqOkgFe2
5ZrzA4aW6qRez4nXN2Zw+p9qhS4DZ8MVEJO8qczrR6BGx5yRlHriGhs+5FQskGBT
Idqj6YZX3x/qab/AXQy0fzn2lrZdwxTolG6BgnNOwdGhyFEfz7P7p9kcv4QLbyn5
8MynMUcLmOkpouHD0mpIwn5kS7EU4hbEPGOeBwxy54FbiLFWb81FjlGts2N+/ckI
69UlmyyFZrpxvTmL9vRzvGCeO0zdfvKtBa1GoYWbzNTs8r50F2EtdJkS64SYOVOf
o4ApcG5bznx42NfBwa3TBc+NETTYJPS0blFImPVu1qvdQn5AciX137vYbqzwuqac
2gM2m6Rdfpncw/3VRIePwXYwpNS/3fsa3V6UgzTFlDhrQCtP2XxKPhfru7pFN+te
Vav1I46Q8pa7ko8dS3A3
=P4O6
-----END PGP SIGNATURE-----
Merge tag 'drm-for-v4.15-part2' of git://people.freedesktop.org/~airlied/linux
Pull more drm updates from Dave Airlie:
"Fixes/cleanups for rc1, non-desktop flags for VR
- remove the MSM dt-bindings file Rob managed to push in the previous
pull.
- add a property/edid quirk to denote HMD devices, I had these
hanging around for a few weeks and Keith had done some work on
them, they are fairly self contained and small, and only affect
people using HTC Vive VR headsets so far.
- amdgpu, tegra, tilcdc, fsl fixes
- some imx-drm cleanups I missed, these seemed pretty small, and no
reason to hold off.
I have one TTM regression fix (fixes bochs-vga in qemu) sitting
locally awaiting review I'll probably send that in a separate pull
request tomorrow"
* tag 'drm-for-v4.15-part2' of git://people.freedesktop.org/~airlied/linux: (33 commits)
dt-bindings: remove file that was added accidentally
drm/edid: quirk HTC vive headset as non-desktop. [v2]
drm/fb: add support for not enabling fbcon on non-desktop displays [v2]
drm: add connector info/property for non-desktop displays [v2]
drm/amdgpu: fix rmmod KCQ disable failed error
drm/amdgpu: fix kernel hang when starting VNC server
drm/amdgpu: don't skip attributes when powerplay is enabled
drm/amd/pp: fix typecast error in powerplay.
drm/tilcdc: Remove obsolete "ti,tilcdc,slave" dts binding support
drm/tegra: sor: Reimplement pad clock
Revert "drm/radeon: dont switch vt on suspend"
drm/amd/amdgpu: fix over-bound accessing in amdgpu_cs_wait_any_fence
drm/amd/powerplay: fix unfreeze level smc message for smu7
drm/amdgpu:fix memleak
drm/amdgpu:fix memleak in takedown
drm/amd/pp: fix dpm randomly failed on Vega10
drm/amdgpu: set f_mapping on exported DMA-bufs
drm/amdgpu: Properly allocate VM invalidate eng v2
drm/fsl-dcu: enable IRQ before drm_atomic_helper_resume()
drm/fsl-dcu: avoid disabling pixel clock twice on suspend
...
a new "Co-Developed-by" tag described by Greg, and a build enhancement from
Willy to generate docs warnings during a kernel build (but only when
additional warnings have been requested in general).
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJaFaXjAAoJEI3ONVYwIuV6AXAQAMDinEQQBxNJmO/PkQrIxT4t
sgbLfI+Sd9zD/lEb9aC5e99XYqw+SH0H9xtEcOrhwx+fjuzkKa6NKLPWjopGzVxH
CM+N7lCE3AFuzbBCmcQvQyEelQg+p7rsY+2MGLYxMZINnaHFgTa1lvamcE/wKu5d
CSXs1K2TwFQEpippYlzTmiWU1Rt3gWKGwtBFgLtikSBqiS3HVr4yn7dgm1WTEpVo
IZPQYoglHjb8vL/vnVDDsfu1PW6Q1uE1aBSgTFBgFIv3UXJBBSlfWQJ7MQsD12Ww
ZkkAxssFm6TRa87mtgd68Du0Ebg4wZQJG9fizCSy6yIh1ExYxvG0rUmqGrZ1rRYu
4F+hukXINn7OK5L2laKNQT8ZWCPP+RoN6YUQpz2dhXC3nULZbd5GI9y8pQTdZjmK
p39SIovicQltlw8ap9MkzTKxm4mvLo/wjFWhQT4qH2QENKO8uSqA9BpLt5a1gJU5
dSLKDElph5EhliQAQfN/wXdPnTzSaGovele23zTTOLu2vr2JUSnBWWwiaOwuTHRQ
OEdzxQceoINnc/iqC1qt8F/57E8BT76YedAlmsn77umTXq3mq28wkd1RCRFcjqz5
KeqrvC5WMSbWZXZDxow7Pr+CPONUy4WpqVbHbwcQ4V8zlFfGjtQdR6zKN88Mb364
4oJpUwUMz36HchZpi1Tx
=ydAe
-----END PGP SIGNATURE-----
Merge tag 'docs-4.15-2' of git://git.lwn.net/linux
Pull documentation updates from Jonathan Corbet:
"A few late-arriving docs updates that have no real reason to wait.
There's a new "Co-Developed-by" tag described by Greg, and a build
enhancement from Willy to generate docs warnings during a kernel build
(but only when additional warnings have been requested in general)"
* tag 'docs-4.15-2' of git://git.lwn.net/linux:
Add optional check for bad kernel-doc comments
Documentation: fix profile= options in kernel-parameters.txt
documentation/svga.txt: update outdated file
kokr/memory-barriers.txt: Fix typo in paring example
kokr/memory-barriers/txt: Replace uses of "transitive"
Documentation/process: add Co-Developed-by: tag for patches with multiple authors
Pull keys update from James Morris:
"There's nothing too controversial here:
- Doc fix for keyctl_read().
- time_t -> time64_t replacement.
- Set the module licence on things to prevent tainting"
* 'next-keys' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
pkcs7: Set the module licence to prevent tainting
security: keys: Replace time_t with time64_t for struct key_preparsed_payload
security: keys: Replace time_t/timespec with time64_t
KEYS: fix in-kernel documentation for keyctl_read()
The code paths protected by the socket-lock do not use or modify the
socket in a non-atomic fashion. The actions pertaining the socket do not
even need to be handled as an atomic operation. Thus, the socket-lock
can be safely ignored.
This fixes a bug regarding scheduling in atomic as the callback function
may be invoked in interrupt context.
In addition, the sock_hold is moved before the AIO encrypt/decrypt
operation to ensure that the socket is always present. This avoids a
tiny race window where the socket is unprotected and yet used by the AIO
operation.
Finally, the release of resources for a crypto operation is moved into a
common function of af_alg_free_resources.
Cc: <stable@vger.kernel.org>
Fixes: e870456d8e ("crypto: algif_skcipher - overhaul memory management")
Fixes: d887c52d6a ("crypto: algif_aead - overhaul memory management")
Reported-by: Romain Izard <romain.izard.pro@gmail.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Tested-by: Romain Izard <romain.izard.pro@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The TX SGL may contain SGL entries that are assigned a NULL page. This
may happen if a multi-stage AIO operation is performed where the data
for each stage is pointed to by one SGL entry. Upon completion of that
stage, af_alg_pull_tsgl will assign NULL to the SGL entry.
The NULL cipher used to copy the AAD from TX SGL to the destination
buffer, however, cannot handle the case where the SGL starts with an SGL
entry having a NULL page. Thus, the code needs to advance the start
pointer into the SGL to the first non-NULL entry.
This fixes a crash visible on Intel x86 32 bit using the libkcapi test
suite.
Cc: <stable@vger.kernel.org>
Fixes: 72548b093e ("crypto: algif_aead - copy AAD from src to dst")
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
4.15 merge window fixes 1
* tag 'drm-misc-fixes-2017-11-20' of git://anongit.freedesktop.org/drm/drm-misc:
drm/edid: Don't send non-zero YQ in AVI infoframe for HDMI 1.x sinks
drm/vc4: Account for interrupts in flight
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEFWWmW3ewYy4RJOWc05gHnSar7m8FAloWlc0ACgkQ05gHnSar
7m8OaA//atcYylzdlV5pdfEcJxTu3WmT8yVE2Vmkza5ydPfi6wEes749gk0pei0l
9vBQA69QOertGfjpKyrSx+01lXdpnn8QN3s5FDZhwOlp6QHX+ak+XF0oNhemQfoL
yGp+00LYGpTdGRoILMlvisr4hOoeUuxQOyPj5bpdloGbB42qXcbz6Ee5duUXQkxM
JTavc0vm6uxmuU8+kukDJpzD+2if1kyROMyFj4yvswTwf3qqX3qSx+4WTMTnmOHg
tlsYzyifZKk7igg6dxh3ufuXdhkW7HNXWIKHbUwYBEw5o7UEuOnKGsaaV1czmV6M
sJapvjsmPdu4YNqfT2ydMgM3Xd/kUi5OarRkLakVzErz1D2YDMUMXJmkRw5B0K6+
ZXPUv6qZOjN988g5swnZyexwzCgI06iGjqM/mmxqfzJTSXKWvQrWFemSxqPoMJuB
PGQ6OVLYwCMZ8zXOr80c8Nd/P/hvZyj6iLd+lWWHfmgo7BSYuDMX7IEAT5zjXWrA
qVHI9Ddy7zpqmNGZQeLA0fjrciAtG33FTY3SwJwbhsCh+WF8uxp+ttfA4NcsTj/G
QFazWuVxccp1Eu/KuIFBCso6ppfEYVMijnc3ghViySbxPjfrFK3TC5PHBpQPW2H3
Td4rPYMDolmTwIOICJkHC5bUMl6bLdrP50kcxd0jId9LyEwmbWM=
=xo4D
-----END PGP SIGNATURE-----
Merge tag 'drm-intel-next-fixes-2017-11-23' of git://anongit.freedesktop.org/drm/drm-intel into drm-next
drm/i915 fixes for v4.15
* tag 'drm-intel-next-fixes-2017-11-23' of git://anongit.freedesktop.org/drm/drm-intel:
drm/i915: Fix init_clock_gating for resume
drm/i915: Mark the userptr invalidate workqueue as WQ_MEM_RECLAIM
drm/i915: Clear breadcrumb node when cancelling signaling
drm/i915/gvt: ensure -ve return value is handled correctly
drm/i915: Re-register PMIC bus access notifier on runtime resume
drm/i915: Fix false-positive assert_rpm_wakelock_held in i915_pmic_bus_access_notifier v2
Fix crtc_id in page_flip event.
* tag 'drm-misc-next-fixes-2017-11-23' of git://anongit.freedesktop.org/drm/drm-misc:
drm/vblank: Pass crtc_id to page_flip_ioctl.
There are no in-tree callers of ht_create_irq(), the driver interface for
HyperTransport interrupts, left. Remove the unused entry point and all the
supporting code.
See 8b955b0ddd ("[PATCH] Initial generic hypertransport interrupt
support").
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: linux-pci@vger.kernel.org
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Link: https://lkml.kernel.org/r/20171122221337.3877.23362.stgit@bhelgaas-glaptop.roam.corp.google.com
In order to save on redundant structs definitions
insn_get_code_seg_params() was made to return two 4-bit values in a char
but clang complains:
arch/x86/lib/insn-eval.c:780:10: warning: implicit conversion from 'int' to 'char'
changes value from 132 to -124 [-Wconstant-conversion]
return INSN_CODE_SEG_PARAMS(4, 8);
~~~~~~ ^~~~~~~~~~~~~~~~~~~~~~~~~~
./arch/x86/include/asm/insn-eval.h:16:57: note: expanded from macro 'INSN_CODE_SEG_PARAMS'
#define INSN_CODE_SEG_PARAMS(oper_sz, addr_sz) (oper_sz | (addr_sz << 4))
Those two values do get picked apart afterwards the opposite way of how
they were ORed so wrt to the LSByte, the return value is the same.
But this function returns -EINVAL in the error case, which is an int. So
make it return an int which is the native word size anyway and thus fix
the clang warning.
Reported-by: Kees Cook <keescook@google.com>
Reported-by: Nick Desaulniers <nick.desaulniers@gmail.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: ricardo.neri-calderon@linux.intel.com
Link: https://lkml.kernel.org/r/20171123091951.1462-1-bp@alien8.de
Noticed with a Clang build. This improves the readability of the ?:
expression, as it has lower precedence than the - expression. Show
explicitly that - is evaluated first.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20171122205645.GA27125@beast
The comparison of u32 nregs being less than zero is never true since
nregs is unsigned. Fix this by making nregs a signed integer.
Fixes: f20cc9b00c ("irqchip/qcom: Add IRQ combiner driver")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: kernel-janitors@vger.kernel.org
Cc: Jason Cooper <jason@lakedaemon.net>
Link: https://lkml.kernel.org/r/20171117183553.2739-1-colin.king@canonical.com
Gao Feng says:
====================
ipvlan: Fix insufficient skb linear check
The current ipvlan codes use pskb_may_pull to get the skb linear header in
func ipvlan_get_L3_hdr, but the size isn't enough for arp and ipv6 icmp.
So it may access the unexpected momory in ipvlan_addr_lookup.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
In the function ipvlan_get_L3_hdr, current codes use pskb_may_pull to
make sure the skb header has enough linear room for ipv6 header. But it
would use the latter memory directly without linear check when it is icmp.
So it still may access the unepxected memory in ipvlan_addr_lookup.
Now invoke the pskb_may_pull again if it is ipv6 icmp.
Signed-off-by: Gao Feng <gfree.wind@vip.163.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
In the function ipvlan_get_L3_hdr, current codes use pskb_may_pull to
make sure the skb header has enough linear room for arp header. But it
would access the arp payload in func ipvlan_addr_lookup. So it still may
access the unepxected memory.
Now use arp_hdr_len(port->dev) instead of the arp header as the param.
Signed-off-by: Gao Feng <gfree.wind@vip.163.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stefano pointed that configure or show UDP_ZERO_CSUM6_RX/TX info doesn't
make sense if we haven't enabled CONFIG_IPV6. Fix it by adding
if IS_ENABLED(CONFIG_IPV6) check.
Fixes: abe492b4f5 ("geneve: UDP checksum configuration via netlink")
Fixes: fd7eafd021 ("geneve: fix fill_info when link down")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
First set of fixes for 4.15. Most important here is the iwlwifi fix
for scan command firmware interface change.
ath10k
* fix CCMP-256, GCMP and GCMP-256 in raw mode, it was never working
wcn36xx
* fix device tree node search
iwlwifi
* fix a regression with firmware API change of scan cmd (introduced in
firmware version 34)
* add a bunch of PCI IDs and fix configuration structs for A000 devices
* fix the exported firmware name strings for 9000 and A000 devices
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJaFZQwAAoJEG4XJFUm622bOe8H/0dmodmL+nf0MUKYyXmV2l5J
3wN0Xrse1NL3bRDTGZ/KkX/OFB1FSZ8ViGW0ek9DvbbF4lC9E5WqjM5HbTY7QE6i
bBgF476qnV9Hy/ay9SEMe7HhxsU8KfVKuYgNzY8pHhlCLkr96h35YNt+LtD319zT
PTBrxURLkZotr44mDQjO8duyKZFCafWN6F5nd22+JWpOEQDK4rUNNdDT/16CwQiy
aLqCF5bHB4kOigd9YfEpx1jO6GusqGqkB0x3lwG0QR7oygFgLZbWre0TllE+ly8P
x7gy40euxBWh9Hlk+4xjxBfZraE41XzXTTHyJECVRLKJcrlEvzCc+QCOyoYjZpY=
=uYE+
-----END PGP SIGNATURE-----
Merge tag 'wireless-drivers-for-davem-2017-11-22' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers
Kalle Valo says:
====================
wireless-drivers fixes for 4.15
First set of fixes for 4.15. Most important here is the iwlwifi fix
for scan command firmware interface change.
ath10k
* fix CCMP-256, GCMP and GCMP-256 in raw mode, it was never working
wcn36xx
* fix device tree node search
iwlwifi
* fix a regression with firmware API change of scan cmd (introduced in
firmware version 34)
* add a bunch of PCI IDs and fix configuration structs for A000 devices
* fix the exported firmware name strings for 9000 and A000 devices
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Jeff Kirsher says:
====================
Intel Wired LAN Driver Fixes 2017-11-21
This series contains fixes for igb/vf, ixgbe/vf, i40e/vf and fm10k.
Jake fixes a regression issue with older firmware, where we were using
the NVM lock to synchronize NVM reads for all devices and firmware
versions, yet this caused issues with older firmware prior to version
1.5. Fixed this by only grabbing the lock for newer devices and firmware
version 1.5 or newer.
Zijie Pan fixes the calculation of the i40e VF MAC addresses, where it was
possible to increment to the next MAC entry without calling
i40e_add_mac_filter().
Amritha removes the upper limit of 64 queues on a channel VSI since the
upper bound is determined by the VSI's num_queue_pairs.
Filip fixes an issue during FLR resets, where should have been checking
for upcoming core reset and if so, just return with I40E_ERR_NOT_READY.
Alan fixes the notifying clients of l2 parameters by copying the
parameters to the client instance struct and re-organizes the priority
in which the client tasks fire so that if the flag for notifying l2
params is set, it will trigger before the client open task. Also fixed
the promiscuous settings after reset for all the VSI's.
Brian King from IBM fixes an issue seen on Power systems which would
result in skb list corruption and eventual kernel oops. Brian
provides the same fix for nearly all our drivers, to replace the
read_barrier_depends with smp_rmb() to ensure loads are ordered with
respect to the load of tx_buffer->next_to_watch.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
The PHY on BCM7278 has an additional bit that needs to be cleared:
IDDQ_GLOBAL_PWR, without doing this, the PHY remains stuck in reset out
of suspend/resume cycles.
Fixes: 0fe9933804 ("net: dsa: bcm_sf2: Add support for BCM7278 integrated switch")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel Borkmann says:
====================
pull-request: bpf 2017-11-23
The following pull-request contains BPF updates for your *net* tree.
The main changes are:
1) Several BPF offloading fixes, from Jakub. Among others:
- Limit offload to cls_bpf and XDP program types only.
- Move device validation into the driver and don't make
any assumptions about the device in the classifier due
to shared blocks semantics.
- Don't pass offloaded XDP program into the driver when
it should be run in native XDP instead. Offloaded ones
are not JITed for the host in such cases.
- Don't destroy device offload state when moved to
another namespace.
- Revert dumping offload info into user space for now,
since ifindex alone is not sufficient. This will be
redone properly for bpf-next tree.
2) Fix test_verifier to avoid using bpf_probe_write_user()
helper in test cases, since it's dumping a warning into
kernel log which may confuse users when only running tests.
Switch to use bpf_trace_printk() instead, from Yonghong.
3) Several fixes for correcting ARG_CONST_SIZE_OR_ZERO semantics
before it becomes uabi, from Gianluca. More specifically:
- Add a type ARG_PTR_TO_MEM_OR_NULL that is used only
by bpf_csum_diff(), where the argument is either a
valid pointer or NULL. The subsequent ARG_CONST_SIZE_OR_ZERO
then enforces a valid pointer in case of non-0 size
or a valid pointer or NULL in case of size 0. Given
that, the semantics for ARG_PTR_TO_MEM in combination
with ARG_CONST_SIZE_OR_ZERO are now such that in case
of size 0, the pointer must always be valid and cannot
be NULL. This fix in semantics allows for bpf_probe_read()
to drop the recently added size == 0 check in the helper
that would become part of uabi otherwise once released.
At the same time we can then fix bpf_probe_read_str() and
bpf_perf_event_output() to use ARG_CONST_SIZE_OR_ZERO
instead of ARG_CONST_SIZE in order to fix recently
reported issues by Arnaldo et al, where LLVM optimizes
two boundary checks into a single one for unknown
variables where the verifier looses track of the variable
bounds and thus rejects valid programs otherwise.
4) A fix for the verifier for the case when it detects
comparison of two constants where the branch is guaranteed
to not be taken at runtime. Verifier will rightfully prune
the exploration of such paths, but we still pass the program
to JITs, where they would complain about using reserved
fields, etc. Track such dead instructions and sanitize
them with mov r0,r0. Rejection is not possible since LLVM
may generate them for valid C code and doesn't do as much
data flow analysis as verifier. For bpf-next we might
implement removal of such dead code and adjust branches
instead. Fix from Alexei.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Tuntap and similar devices can inject GSO packets. Accept type
VIRTIO_NET_HDR_GSO_UDP, even though not generating UFO natively.
Processes are expected to use feature negotiation such as TUNSETOFFLOAD
to detect supported offload types and refrain from injecting other
packets. This process breaks down with live migration: guest kernels
do not renegotiate flags, so destination hosts need to expose all
features that the source host does.
Partially revert the UFO removal from 182e0b6b5846~1..d9d30adf5677.
This patch introduces nearly(*) no new code to simplify verification.
It brings back verbatim tuntap UFO negotiation, VIRTIO_NET_HDR_GSO_UDP
insertion and software UFO segmentation.
It does not reinstate protocol stack support, hardware offload
(NETIF_F_UFO), SKB_GSO_UDP tunneling in SKB_GSO_SOFTWARE or reception
of VIRTIO_NET_HDR_GSO_UDP packets in tuntap.
To support SKB_GSO_UDP reappearing in the stack, also reinstate
logic in act_csum and openvswitch. Achieve equivalence with v4.13 HEAD
by squashing in commit 939912216f ("net: skb_needs_check() removes
CHECKSUM_UNNECESSARY check for tx.") and reverting commit 8d63bee643
("net: avoid skb_warn_bad_offload false positives on UFO").
(*) To avoid having to bring back skb_shinfo(skb)->ip6_frag_id,
ipv6_proxy_select_ident is changed to return a __be32 and this is
assigned directly to the frag_hdr. Also, SKB_GSO_UDP is inserted
at the end of the enum to minimize code churn.
Tested
Booted a v4.13 guest kernel with QEMU. On a host kernel before this
patch `ethtool -k eth0` shows UFO disabled. After the patch, it is
enabled, same as on a v4.13 host kernel.
A UFO packet sent from the guest appears on the tap device:
host:
nc -l -p -u 8000 &
tcpdump -n -i tap0
guest:
dd if=/dev/zero of=payload.txt bs=1 count=2000
nc -u 192.16.1.1 8000 < payload.txt
Direct tap to tap transmission of VIRTIO_NET_HDR_GSO_UDP succeeds,
packets arriving fragmented:
./with_tap_pair.sh ./tap_send_ufo tap0 tap1
(from https://github.com/wdebruij/kerneltools/tree/master/tests)
Changes
v1 -> v2
- simplified set_offload change (review comment)
- documented test procedure
Link: http://lkml.kernel.org/r/<CAF=yD-LuUeDuL9YWPJD9ykOZ0QCjNeznPDr6whqZ9NGMNF12Mw@mail.gmail.com>
Fixes: fb652fdfe8 ("macvlan/macvtap: Remove NETIF_F_UFO advertisement.")
Reported-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit 6fa1ba6152 partially
implemented the new ethtool API, by replacing get_settings()
with get_link_ksettings(). This breaks ethtool, since the
userspace tool (according to the new API specs) never tries
the legacy set() call, when the new get() call succeeds.
All attempts to chance some setting from userspace result in:
> Cannot set new settings: Operation not supported
Implement the missing set() call.
Signed-off-by: Tobias Jakobi <tjakobi@math.uni-bielefeld.de>
Tested-by: Holger Hoffstätte <holger@applied-asynchrony.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Florian reported a breakage with anycast routes due to commit
4832c30d54 ("net: ipv6: put host and anycast routes on device with
address"). Prior to this commit anycast routes were added against the
loopback device causing repetitive route entries with no insight into
why they existed. e.g.:
$ ip -6 ro ls table local type anycast
anycast 2001:db8:1:: dev lo proto kernel metric 0 pref medium
anycast 2001:db8:2:: dev lo proto kernel metric 0 pref medium
anycast fe80:: dev lo proto kernel metric 0 pref medium
anycast fe80:: dev lo proto kernel metric 0 pref medium
The point of commit 4832c30d54 is to add the routes using the device
with the address which is causing the route to be added. e.g.,:
$ ip -6 ro ls table local type anycast
anycast 2001:db8:1:: dev eth1 proto kernel metric 0 pref medium
anycast 2001:db8:2:: dev eth2 proto kernel metric 0 pref medium
anycast fe80:: dev eth2 proto kernel metric 0 pref medium
anycast fe80:: dev eth1 proto kernel metric 0 pref medium
For traffic to work as it did before, the dst device needs to be switched
to the loopback when the copy is created similar to local routes.
Fixes: 4832c30d54 ("net: ipv6: put host and anycast routes on device with address")
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ursula Braun says:
====================
net/smc: fixes for smc buffer handling
here are 2 cleanup patches for smc buffer handling.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
With gcc-4.1.2:
net/smc/smc_core.c: In function ‘__smc_buf_create’:
net/smc/smc_core.c:567: warning: ‘bufsize’ may be used uninitialized in this function
Indeed, if the for-loop is never executed, bufsize is used
uninitialized. In addition, buf_desc is stored for later use, while it
is still a NULL pointer.
Before, error handling was done by checking if buf_desc is non-NULL.
The cleanup changed this to an error check, but forgot to update the
preinitialization of buf_desc to an error pointer.
Update the preinitializatin of buf_desc to fix this.
Fixes: b33982c3a6 ("net/smc: cleanup function __smc_buf_create()")
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Ursula Braun <ubraun@linux.vnet.ibm.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit 3e034725c0 ("net/smc: common functions for RMBs and send buffers")
merged handling of SMC receive and send buffers. It introduced sk_buf_size
as merged start value for size determination. But since sk_buf_size is not
used at all, sk_sndbuf is erroneously used as start for rmb creation.
This patch makes sure, sk_buf_size is really used as intended, and
sk_rcvbuf is used as start value for rmb creation.
Fixes: 3e034725c0 ("net/smc: common functions for RMBs and send buffers")
Signed-off-by: Ursula Braun <ubraun@linux.vnet.ibm.com>
Reviewed-by: Hans Wippel <hwippel@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
When the 'ignore_routes_with_linkdown' sysctl is set, we should not
consider linkdown nexthops during route lookup.
While the code correctly verifies that the initially selected route
('match') has a carrier, it does not perform the same check in the
subsequent multipath selection, resulting in a potential packet loss.
In case the chosen route does not have a carrier and the sysctl is set,
choose the initially selected route.
Fixes: 35103d1117 ("net: ipv6 sysctl option to ignore routes when nexthop link is down")
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Acked-by: David Ahern <dsahern@gmail.com>
Acked-by: Andy Gospodarek <andy@greyhouse.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
If you flush (delete) a filter chain other than chain 0 (such as when
deleting the device), the kernel may run into a use-after-free. The
chain refcount must not be decremented unless we are sure we are done
with the chain.
To reproduce the bug, run:
ip link add dtest type dummy
tc qdisc add dev dtest ingress
tc filter add dev dtest chain 1 parent ffff: flower
ip link del dtest
Introduced in: commit f93e1cdcf4 ("net/sched: fix filter flushing"),
but unless you have KAsan or luck, you won't notice it until
commit 0dadc117ac ("cls_flower: use tcf_exts_get_net() before call_rcu()")
Fixes: f93e1cdcf4 ("net/sched: fix filter flushing")
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Roman Kapl <code@rkapl.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
This change resolves a new compile-time warning
when built as a loadable module:
WARNING: modpost: missing MODULE_LICENSE() in drivers/net/phy/cortina.o
see include/linux/module.h for more information
This adds the license as "GPL", which matches the header of the file.
MODULE_DESCRIPTION and MODULE_AUTHOR are also added.
Signed-off-by: Jesse Chan <jc@linux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
$(real-objs-y) in only used in scripts/Makefile.build to form
"targets", but $(extra-y) is added to "targets" in another line.
We do not need to add $(extra-y) twice.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The "rpm" has been kept for backward compatibility since pre-git era.
I am planning to remove it after the Linux 4.18 release. Annouce the
end of the support, prompting to use "rpm-pkg" instead.
If you use "rpm", it will work like "rpm-pkg", but warning messages
will be displayed as follows:
WARNING: "rpm" target will be removed after Linux 4.18
Please use "rpm-pkg" instead.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
For rpm-pkg and deb-pkg, a source tar file is created. All paths in
the archive must be prefixed with the base name of the tar so that
everything is contained in the directory when you extract it.
Currently, scripts/package/Makefile uses a symlink for that, and
removes it after the tar is created.
If you terminate the build during the tar creation, the symlink is
left over. Then, at the next package build, you will see a warning
like follows:
ln: '.' and 'kernel-4.14.0+/.' are the same file
It is possible to fix it by adding -n (--no-dereference) option to
the "ln" command, but a cleaner way is to use --transform option
of "tar" command. This option is GNU extension, but it should not
hurt to use it in the Linux build system.
The 'S' flag is needed to exclude symlinks from the path fixup.
Without it, symlinks in the kernel are broken.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The command "make -j8 C=1 CHECK=scripts/coccicheck" produces
lots of "coccicheck failed" error messages.
Julia Lawall explained the Coccinelle behavior as follows:
"The problem on the Coccinelle side is that it uses a subdirectory
with the name of the semantic patch to store standard output and
standard error for the different threads. I didn't want to use a
name with the pid, so that one could easily find this information
while Coccinelle is running. Normally the subdirectory is cleaned
up when Coccinelle completes, so there is only one of them at a time.
Maybe it is best to just add the pid. There is the risk that these
subdirectories will accumulate if Coccinelle crashes in a way such
that they don't get cleaned up, but Coccinelle could print a warning
if it detects this case, rather than failing."
When scripts/coccicheck is used as CHECK tool and -j option is given
to Make, the whole of build process runs in parallel. So, multiple
processes try to get access to the same subdirectory.
I notice spatch creates the subdirectory only when it runs in parallel
(i.e. --jobs <N> is given and <N> is greater than 1).
Setting NPROC=1 is a reasonable solution; spatch does not create the
subdirectory. Besides, ONLINE=1 mode takes a single file input for
each spatch invocation, so there is no reason to parallelize it in
the first place.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Acked-by: Julia Lawall <Julia.Lawall@lip6.fr>
sym_arr is of type struct symbol **.
So in malloc we need sizeof(struct symbol *).
The problem was indicated by coccinelle.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
We added crtc_id to the atomic ioctl, but forgot to add it for vblank
and page flip events. Commit bd386e5180 ("drm: Reorganize
drm_pending_event to support future event types [v2]") added it to
the vblank event, but page flip event was still missing.
Correct this and add a test for making sure we always set crtc_id correctly.
Fixes: bd386e5180 ("drm: Reorganize drm_pending_event to support future event types [v2]")
Fixes: 5db06a8a98 ("drm: Pass CRTC ID in userspace vblank events")
Cc: Daniel Stone <daniels@collabora.com>
Cc: Daniel Vetter <daniel.vetter@intel.com>
Cc: Gustavo Padovan <gustavo@padovan.org>
Cc: Sean Paul <seanpaul@chromium.org>
Cc: dri-devel@lists.freedesktop.org
Cc: <stable@vger.kernel.org> # v4.12+
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch> #irc
Testcase: igt/kms_vblank/crtc_id
Signed-off-by: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20171123103737.47138-1-maarten.lankhorst@linux.intel.com
when the verifier detects that register contains a runtime constant
and it's compared with another constant it will prune exploration
of the branch that is guaranteed not to be taken at runtime.
This is all correct, but malicious program may be constructed
in such a way that it always has a constant comparison and
the other branch is never taken under any conditions.
In this case such path through the program will not be explored
by the verifier. It won't be taken at run-time either, but since
all instructions are JITed the malicious program may cause JITs
to complain about using reserved fields, etc.
To fix the issue we have to track the instructions explored by
the verifier and sanitize instructions that are dead at run time
with NOPs. We cannot reject such dead code, since llvm generates
it for valid C code, since it doesn't do as much data flow
analysis as the verifier does.
Fixes: 17a5267067 ("bpf: verifier (add verifier core)")
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>