Commit Graph

810788 Commits

Author SHA1 Message Date
Ross Lagerwall b9a74cde94 cifs: Fix potential OOB access of lock element array
If maxBuf is small but non-zero, it could result in a zero sized lock
element array which we would then try and access OOB.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
CC: Stable <stable@vger.kernel.org>
2019-01-11 07:14:40 -06:00
Ross Lagerwall 92a8109e4d cifs: Limit memory used by lock request calls to a page
The code tries to allocate a contiguous buffer with a size supplied by
the server (maxBuf). This could fail if memory is fragmented since it
results in high order allocations for commonly used server
implementations. It is also wasteful since there are probably
few locks in the usual case. Limit the buffer to be no larger than a
page to avoid memory allocation failures due to fragmentation.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2019-01-11 07:14:40 -06:00
Aurelien Aptel 15bc77f94e cifs: move large array from stack to heap
This addresses some compile warnings that you can
see depending on configuration settings.

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2019-01-11 07:14:39 -06:00
Pavel Shilovsky ee13919c2e CIFS: Do not hide EINTR after sending network packets
Currently we hide EINTR code returned from sock_sendmsg()
and return 0 instead. This makes a caller think that we
successfully completed the network operation which is not
true. Fix this by properly returning EINTR to callers.

Cc: <stable@vger.kernel.org>
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
2019-01-11 07:13:05 -06:00
Gustavo A. R. Silva 21face6f0d ARM: integrator: impd1: use struct_size() in devm_kzalloc()
One of the more common cases of allocation size calculations is finding
the size of a structure that has a zero-sized array at the end, along
with memory for some number of elements for that array. For example:

struct foo {
    int stuff;
    void *entry[];
};

instance = devm_kzalloc(dev, sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL);

Instead of leaving these open-coded and prone to type mistakes, we can
now use the new struct_size() helper:

instance = devm_kzalloc(dev, struct_size(instance, entry, count), GFP_KERNEL);

This code was detected with the help of Coccinelle.

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
2019-01-11 13:33:00 +01:00
AKASHI Takahiro 279667212a arm64: kexec_file: return successfully even if kaslr-seed doesn't exist
In kexec_file_load, kaslr-seed property of the current dtb will be deleted
any way before setting a new value if possible. It doesn't matter whether
it exists in the current dtb.

So "ret" should be reset to 0 here.

Fixes: commit 884143f60c ("arm64: kexec_file: add kaslr support")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2019-01-11 10:10:51 +00:00
Jean-Philippe Brucker c7777236dd ACPI/IORT: Fix rc_dma_get_range()
When executed for a PCI_ROOT_COMPLEX type, iort_match_node_callback()
expects the opaque pointer argument to be a PCI bus device. At the
moment rc_dma_get_range() passes the PCI endpoint instead of the bus,
and we've been lucky to have pci_domain_nr(ptr) return 0 instead of
crashing. Pass the bus device to iort_scan_node().

Fixes: 5ac65e8c89 ("ACPI/IORT: Support address size limit for root complexes")
Reported-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Acked-by: Robin Murphy <robin.murphy@arm.com>
Cc: stable@vger.kernel.org
Cc: Will Deacon <will.deacon@arm.com>
Cc: Hanjun Guo <hanjun.guo@linaro.org>
Cc: Sudeep Holla <sudeep.holla@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2019-01-11 10:02:59 +00:00
Daniel Borkmann fb4129b927 Merge branch 'bpf-fix-bitfield-printing'
Yonghong Song says:

====================
The previous BTF kind_flag support patch set introduced a bug
for kernel bpffs pretty printing and another bug for bpftool
map pretty printing. If a bitfield struct member offset is
greater than 256 bits, printed value for that struct
member will be incorrect.

- Patch #1 fixed the bug in kernel bpffs pretty printing.
- Patch #2 enhanced the test_btf test case to cover the
           issue exposed by patch #1.
- Patch #3 fixed the bug in bpftool map pretty printing.
====================

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2019-01-11 10:40:56 +01:00
Yonghong Song 298e59d322 tools/bpf: fix bpftool map dump with bitfields
Commit 8772c8bc09 ("tools: bpftool: support pretty print
with kind_flag set") added bpftool map dump with kind_flag
support. When bitfield_size can be retrieved directly from
btf_member, function btf_dumper_bitfield() is called to
dump the bitfield. The implementation passed the
wrong parameter "bit_offset" to the function. The excepted
value is the bit_offset within a byte while the passed-in
value is the struct member offset.

This commit fixed the bug with passing correct "bit_offset"
with adjusted data pointer.

Fixes: 8772c8bc09 ("tools: bpftool: support pretty print with kind_flag set")
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2019-01-11 10:40:54 +01:00
Yonghong Song e43207fa2e tools/bpf: test btf bitfield with >=256 struct member offset
This patch modified test_btf pretty print test to cover
the bitfield with struct member equal to or greater 256.

Without the previous kernel patch fix, the modified test will fail:

  $ test_btf -p
  ......
  BTF pretty print array(#1)......unexpected pprint output
  expected: 0: {0,0,0,0x3,0x0,0x3,{0|[0,0,0,0,0,0,0,0]},ENUM_ZERO,4,0x1}
      read: 0: {0,0,0,0x3,0x0,0x3,{0|[0,0,0,0,0,0,0,0]},ENUM_ZERO,4,0x0}

  BTF pretty print array(#2)......unexpected pprint output
  expected: 0: {0,0,0,0x3,0x0,0x3,{0|[0,0,0,0,0,0,0,0]},ENUM_ZERO,4,0x1}
      read: 0: {0,0,0,0x3,0x0,0x3,{0|[0,0,0,0,0,0,0,0]},ENUM_ZERO,4,0x0}

  PASS:6 SKIP:0 FAIL:2

With the kernel fix, the modified test will succeed:
  $ test_btf -p
  ......
  BTF pretty print array(#1)......OK
  BTF pretty print array(#2)......OK
  PASS:8 SKIP:0 FAIL:0

Fixes: 9d5f9f701b ("bpf: btf: fix struct/union/fwd types with kind_flag")
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2019-01-11 10:40:54 +01:00
Yonghong Song 17e3ac8125 bpf: fix bpffs bitfield pretty print
Commit 9d5f9f701b ("bpf: btf: fix struct/union/fwd types
with kind_flag") introduced kind_flag and used bitfield_size
in the btf_member to directly pretty print member values.

The commit contained a bug where the incorrect parameters could be
passed to function btf_bitfield_seq_show(). The bits_offset
parameter in the function expects a value less than 8.
Instead, the member offset in the structure is passed.

The below is btf_bitfield_seq_show() func signature:
  void btf_bitfield_seq_show(void *data, u8 bits_offset,
                             u8 nr_bits, struct seq_file *m)
both bits_offset and nr_bits are u8 type. If the bitfield
member offset is greater than 256, incorrect value will
be printed.

This patch fixed the issue by calculating correct proper
data offset and bits_offset similar to non kind_flag case.

Fixes: 9d5f9f701b ("bpf: btf: fix struct/union/fwd types with kind_flag")
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2019-01-11 10:40:54 +01:00
Greg Kroah-Hartman 06382deac2 Revert "staging: rtl8723bs: Mark ACPI table declaration as used"
This reverts commit e6d093719e.

Turns out it is not needed at all, a fix for clang was made and accepted
upstream in that project that makes this change unnecessary.  So revert
it.

Reported-by: Nick Desaulniers <ndesaulniers@google.com>
Cc: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-01-11 10:40:13 +01:00
Daniel Vetter e2d3c414ec Merge tag 'drm-intel-fixes-2019-01-11' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
i915 fixes for v5.0-rc2:
- Disable PSR for Apple panels
- Broxton ERR_PTR error state fix
- Kabylake VECS workaround fix
- Unwind failure on pinning the gen7 ppgtt
- GVT workload request allocation fix

Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
From: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/87pnt35z8h.fsf@intel.com
2019-01-11 10:26:21 +01:00
Daniel Vetter 95681cda8d Second pull request, drm-misc-fixes for v5.0-rc2:
- Fix fb-helper to work correctly with SDL 1.2 bugs.
 - Fix lockdep warning in the atomic ioctl and setproperty.
 From first pull request:
 - Fixes for the tc358767 bridge to work correctly with
   tc358867 using a DP connector.
 - Make resume work on amdgpu when a DP-MST display is unplugged.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEuXvWqAysSYEJGuVH/lWMcqZwE8MFAlw3T9MACgkQ/lWMcqZw
 E8NkNRAAp4ctGFP/1Q02Y+Eqc/lfP+K0+6/olUt3xg7mj9NPG/5ZV0GtKGQ9fR2+
 px22Fvb9ZetrnjbuwgQ0lkaOYBjB4S9PBPBnZS0HDRw6AOBvPBEcZSdYiOgkH2FX
 Lwm3G98Ue/4H8IEK2QvHNFyoqyKy+M5a1mzuXfuYfBdf/u3pZnbZZMs2fSd6C6vn
 A1D6qqdU5z0rMLPSAQ+up48u+R13MX2khL0x8Zwt2RhhHFAJ49o6S/Wgy6TkpNFp
 q3l2+ltWyEKZaLW6Aun8yLYZHn0PH88rpVB6QWx7UZqhHP2xyyuWZCRaE/HWD6dx
 PfSevNJTYF9m8H6kOek5MTy+VUo4IRfxPvfe/sEnLeYd6mVd/I2ov9jf9Zbl6HoZ
 RfKqNqJsXMekyl2vK56GRDK3Li+eUwygtyRcfQINV5pvOomWQC+A6X/CtoN2g8Zw
 4SNRJ3lnUiJhFK8aazK+k1o3AkYPdPtSCgxpqCYpUVqZ05V1cdl7EFtA4ZsZedxu
 1VoPlUS07uG/wP9AdONkmo/5aRjpWY0FGJ/ZZS6CqOKO0F5qgXjZdDkbc/4M5WV0
 2SVwi3fGCrzFg5uIoM/3iAEXEdPYAMkqmX1etjeqmejWTxlg0relCY1Q6s4tTLMI
 4isql765+ydZxk6qC2eHxohtgq5AnLUtgaqqiHZPbf4nn/s4edo=
 =7UHP
 -----END PGP SIGNATURE-----

Merge tag 'drm-misc-fixes-2019-01-10-1' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes

Second pull request, drm-misc-fixes for v5.0-rc2:
- Fix fb-helper to work correctly with SDL 1.2 bugs.
- Fix lockdep warning in the atomic ioctl and setproperty.

Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
From: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/2cf24f5c-2b1f-befa-8d08-058661146b61@linux.intel.com
2019-01-11 10:25:06 +01:00
Rafael J. Wysocki 65a4f3a1ef Merge branches 'acpi-pci', 'acpi-power' and 'acpi-misc'
* acpi-pci:
  ACPI: Fix build failure when CONFIG_NLS is set to 'n'

* acpi-power:
  ACPI: power: Skip duplicate power resource references in _PRx

* acpi-misc:
  ACPI: NUMA: Use correct type for printing addresses on i386-PAE
2019-01-11 10:12:07 +01:00
Rafael J. Wysocki 343e60e52a Merge branches 'pm-cpuidle', 'pm-cpufreq' and 'pm-sleep'
* pm-cpuidle:
  doc: trace: fix reference to cpuidle documentation file
  cpuidle / Documentation: Update cpuidle MAINTAINERS entry

* pm-cpufreq:
  cpufreq: scmi: Fix frequency invariance in slow path
  cpufreq: check if policy is inactive early in __cpufreq_get()
  cpufreq: scpi/scmi: Fix freeing of dynamic OPPs
  cpufreq / Documentation: Update cpufreq MAINTAINERS entry

* pm-sleep:
  PM: sleep: call devfreq suspend/resume
2019-01-11 10:09:51 +01:00
Wei Yongjun d04e779fb1 gpio: pca953x: Make symbol 'pca953x_i2c_regmap' static
Fixes the following sparse warning:

drivers/gpio/gpio-pca953x.c:292:28: warning:
 symbol 'pca953x_i2c_regmap' was not declared. Should it be static?

Fixes: 4942723276 ("gpio: pca953x: Perform basic regmap conversion")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Reviewed-by: Marek Vasut <marex@denx.de>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2019-01-11 09:16:40 +01:00
Dave Airlie ae5e5ae90d Merge branch 'linux-4.21' of git://github.com/skeggsb/linux into drm-fixes
3 nouveau fixes:
one backlight, falcon register access, and a fan fix.

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Ben Skeggs <skeggsb@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/CACAvsv4MHr=Rq3FkZFTYWPc7o5-dTWFysXB=wN2L91SYeFbzkQ@mail.gmail.com
2019-01-11 17:25:10 +10:00
Ingo Molnar 4e72ee8872 perf/core fixes and improvements:
perf trace:
 
   Ravi Bangoria:
 
   - Rework PowerPC syscall table generation, now using a .tbl file just like
     x86_64 and S/390, also silencing a tools build warning about headers out of
     sync with the kernel sources.
 
 tools include uapi:
 
   Arnaldo Carvalho de Melo:
 
   - Sync linux/if_link.h copy with the kernel sources, silencing a build warning.
 
 perf top:
 
   Arnaldo Carvalho de Melo:
 
   - Add 'arch_cpu_idle' to the list of kernel idle symbols, noticed on a Orange
     Pi Zero ARM board, just like with other symbols in other arches.
 
 Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQR2GiIUctdOfX2qHhGyPKLppCJ+JwUCXDd1iAAKCRCyPKLppCJ+
 J2G4AP9Ap7B1GKHJK1f9niTjTa249SKZtpXSKSkMfFJNjQAT+wD8C0+MrmjhywVv
 FoiaCMn/KPNNslPSXwhzrG3DXDSqIQg=
 =9St5
 -----END PGP SIGNATURE-----

Merge tag 'perf-core-for-mingo-5.0-20190110' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent

Pull perf/core fixes and improvements from Arnaldo Carvalho de Melo:

perf trace:

  Ravi Bangoria:

  - Rework PowerPC syscall table generation, now using a .tbl file just like
    x86_64 and S/390, also silencing a tools build warning about headers out of
    sync with the kernel sources.

tools include uapi:

  Arnaldo Carvalho de Melo:

  - Sync linux/if_link.h copy with the kernel sources, silencing a build warning.

perf top:

  Arnaldo Carvalho de Melo:

  - Add 'arch_cpu_idle' to the list of kernel idle symbols, noticed on a Orange
    Pi Zero ARM board, just like with other symbols in other arches.

Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2019-01-11 08:12:09 +01:00
Ilia Mirkin a5176a4cb8 drm/nouveau/falcon: avoid touching registers if engine is off
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=108980
Signed-off-by: Ilia Mirkin <imirkin@alum.mit.edu>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2019-01-11 16:25:54 +10:00
Takashi Iwai 118780066e drm/nouveau: Don't disable polling in fallback mode
When a fan is controlled via linear fallback without cstate, we
shouldn't stop polling.  Otherwise it won't be adjusted again and
keeps running at an initial crazy pace.

Fixes: 800efb4c28 ("drm/nouveau/drm/therm/fan: add a fallback if no fan control is specified in the vbios")
Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=1103356
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107447
Reported-by: Thomas Blume <thomas.blume@suse.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Reviewed-by: Martin Peres <martin.peres@free.fr>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2019-01-11 16:25:54 +10:00
Ben Skeggs 15f77c4ade drm/nouveau: register backlight on pascal and newer
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2019-01-11 16:25:54 +10:00
wenxu 10f4e76587 netfilter: nft_flow_offload: fix interaction with vrf slave device
In the forward chain, the iif is changed from slave device to master vrf
device. Thus, flow offload does not find a match on the lower slave
device.

This patch uses the cached route, ie. dst->dev, to update the iif and
oif fields in the flow entry.

After this patch, the following example works fine:

 # ip addr add dev eth0 1.1.1.1/24
 # ip addr add dev eth1 10.0.0.1/24
 # ip link add user1 type vrf table 1
 # ip l set user1 up
 # ip l set dev eth0 master user1
 # ip l set dev eth1 master user1

 # nft add table firewall
 # nft add flowtable f fb1 { hook ingress priority 0 \; devices = { eth0, eth1 } \; }
 # nft add chain f ftb-all {type filter hook forward priority 0 \; policy accept \; }
 # nft add rule f ftb-all ct zone 1 ip protocol tcp flow offload @fb1
 # nft add rule f ftb-all ct zone 1 ip protocol udp flow offload @fb1

Signed-off-by: wenxu <wenxu@ucloud.cn>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2019-01-11 00:55:37 +01:00
Shakeel Butt e2c8d550a9 netfilter: ebtables: account ebt_table_info to kmemcg
The [ip,ip6,arp]_tables use x_tables_info internally and the underlying
memory is already accounted to kmemcg. Do the same for ebtables. The
syzbot, by using setsockopt(EBT_SO_SET_ENTRIES), was able to OOM the
whole system from a restricted memcg, a potential DoS.

By accounting the ebt_table_info, the memory used for ebt_table_info can
be contained within the memcg of the allocating process. However the
lifetime of ebt_table_info is independent of the allocating process and
is tied to the network namespace. So, the oom-killer will not be able to
relieve the memory pressure due to ebt_table_info memory. The memory for
ebt_table_info is allocated through vmalloc. Currently vmalloc does not
handle the oom-killed allocating process correctly and one large
allocation can bypass memcg limit enforcement. So, with this patch,
at least the small allocations will be contained. For large allocations,
we need to fix vmalloc.

Reported-by: syzbot+7713f3aa67be76b1552c@syzkaller.appspotmail.com
Signed-off-by: Shakeel Butt <shakeelb@google.com>
Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2019-01-11 00:55:36 +01:00
Sowjanya Komatineni b67d4530cd i2c: tegra: Fix Maximum transfer size
Tegra194 supports maximum 64K Bytes transfer per packet.
Tegra186 and prior supports maximum 4K Bytes transfer per packet.

This patch fixes this payload difference between Tegra194 and prior
Tegra chipsets using separate i2c_adapter_quirks.

Signed-off-by: Sowjanya Komatineni <skomatineni@nvidia.com>
Acked-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
2019-01-11 00:15:04 +01:00
Yi Zeng 6ebec961d5 i2c: dev: prevent adapter retries and timeout being set as minus value
If adapter->retries is set to a minus value from user space via ioctl,
it will make __i2c_transfer and __i2c_smbus_xfer skip the calling to
adapter->algo->master_xfer and adapter->algo->smbus_xfer that is
registered by the underlying bus drivers, and return value 0 to all the
callers. The bus driver will never be accessed anymore by all users,
besides, the users may still get successful return value without any
error or information log print out.

If adapter->timeout is set to minus value from user space via ioctl,
it will make the retrying loop in __i2c_transfer and __i2c_smbus_xfer
always break after the the first try, due to the time_after always
returns true.

Signed-off-by: Yi Zeng <yizeng@asrmicro.com>
[wsa: minor grammar updates to commit message]
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Cc: stable@kernel.org
2019-01-11 00:14:55 +01:00
Fabio Estevam 2076607a20 qcom-scm: Include <linux/err.h> header
Since commit e6f6d63ed1 ("drm/msm: add headless gpu device for imx5")
the DRM_MSM symbol can be selected by SOC_IMX5 causing the following
error when building imx_v6_v7_defconfig:

In file included from ../drivers/gpu/drm/msm/adreno/a5xx_gpu.c:17:0:
../include/linux/qcom_scm.h: In function 'qcom_scm_set_cold_boot_addr':
../include/linux/qcom_scm.h:73:10: error: 'ENODEV' undeclared (first use in this function)
  return -ENODEV;

Include the <linux/err.h> header file to fix this problem.

Reported-by: kernelci.org bot <bot@kernelci.org>
Fixes: e6f6d63ed1 ("drm/msm: add headless gpu device for imx5")
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Andy Gross <andy.gross@linaro.org>
2019-01-10 17:04:45 -06:00
Jens Axboe a39c330d74 Merge branch 'nvme-5.0' of git://git.infradead.org/nvme into for-linus
Pull NVMe fixes from Christoph.

* 'nvme-5.0' of git://git.infradead.org/nvme:
  nvme: don't initlialize ctrl->cntlid twice
  nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN
  nvme: pad fake subsys NQN vid and ssvid with zeros
  nvme-multipath: zero out ANA log buffer
  nvme-fabrics: unset write/poll queues for discovery controllers
  nvme-tcp: don't ask if controller is fabrics
  nvme-tcp: remove dead code
  nvme-pci: fix out of bounds access in nvme_cqe_pending
  nvme-pci: rerun irq setup on IO queue init errors
  nvme-pci: use the same attributes when freeing host_mem_desc_bufs.
  nvme-pci: fix the wrong setting of nr_maps
2019-01-10 15:29:57 -07:00
Linus Torvalds de6629eb26 pci-v5.0-fixes-1
-----BEGIN PGP SIGNATURE-----
 
 iQJIBAABCgAyFiEEgMe7l+5h9hnxdsnuWYigwDrT+vwFAlw3tTMUHGJoZWxnYWFz
 QGdvb2dsZS5jb20ACgkQWYigwDrT+vwr5A//fhTsrQw72rWinli5YRq5tDooyrY7
 IxgUUQw812S7q60bV3Eo5UvcKMfb8vLbFSmjdfHegNC9oOl8HG1ugQjme1IUQ6c1
 hLYroDD85vC+Hmk2NoHyLiDDj51UCjarDlqt8XjbeGSc9YkZhYLXO+MLHJhJFkMM
 IIvshG6vQtBKbvhC6X3kzAfSiFX7QbPHL47QRnDJ4G0rASBNO0iiJi6t+zY/5gee
 Q0V+7BWnknNhfXPhGuA2H3nvZrmGOJxcmeZRZ8/u6DIvUqXH1bCm1hfjMpEkFivo
 y4be8I/1+jrlLS85iGK4pAz/ItSEbvdoB4d3+cG9XXkuL2qjSEo3Q4T+HuIb7zGj
 WsbPP1sV3+nMmQ5FlEHMIMxu2oL1EQ+GITwNoluT4i8IYKD6jjyP3LIzKrPIHQPY
 77uMBY2V7F9fWIrN/QJIvJxTvW7hnkH99xDniAfu9pogrmaALG59IpQl9GgRVrtm
 gUc5eA2SgYlZEKpuwgh20io+nJGt2V4twuIicpNR3ea6cFY6HJ5UujO5UD/CGXCE
 bpO0d673rmzNHhUiXdrqeRWIrLTNlq9FwfovxnLmErtzkiA6uHs7Oopu+yipQDzx
 YADJY3VargzAKJcci969RrJMtzt6J8HjN+/XGG+BbLymj/krhpSnszP+T1QZ8tER
 buz3wwge5ZT3HFc=
 =PX/M
 -----END PGP SIGNATURE-----

Merge tag 'pci-v5.0-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci

Pull PCI fix from Bjorn Helgaas:
 "Fix Amlogic Meson host controller driver build failure (Corentin
  Labbe)"

* tag 'pci-v5.0-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
  PCI: amlogic: Fix build failure due to missing gpio header
2019-01-10 14:16:47 -08:00
Heiner Kallweit b19bce0335 net: ethernet: mediatek: fix warning in phy_start_aneg
linux 5.0-rc1 shows following warning on bpi-r2/mt7623 bootup:

[ 5.170597] WARNING: CPU: 3 PID: 1 at drivers/net/phy/phy.c:548 phy_start_aneg+0x110/0x144
[ 5.178826] called from state READY
....
[ 5.264111] [<c0629fd4>] (phy_start_aneg) from [<c0e3e720>] (mtk_init+0x414/0x47c)
[ 5.271630] r7:df5f5eec r6:c0f08c48 r5:00000000 r4:dea67800
[ 5.277256] [<c0e3e30c>] (mtk_init) from [<c07dabbc>] (register_netdevice+0x98/0x51c)
[ 5.285035] r8:00000000 r7:00000000 r6:c0f97080 r5:c0f08c48 r4:dea67800
[ 5.291693] [<c07dab24>] (register_netdevice) from [<c07db06c>] (register_netdev+0x2c/0x44)
[ 5.299989] r8:00000000 r7:dea2e608 r6:deacea00 r5:dea2e604 r4:dea67800
[ 5.306646] [<c07db040>] (register_netdev) from [<c06326d8>] (mtk_probe+0x668/0x7ac)
[ 5.314336] r5:dea2e604 r4:dea2e040
[ 5.317890] [<c0632070>] (mtk_probe) from [<c05a78fc>] (platform_drv_probe+0x58/0xa8)
[ 5.325670] r10:c0f86bac r9:00000000 r8:c0fbe578 r7:00000000 r6:c0f86bac r5:00000000
[ 5.333445] r4:deacea10
[ 5.335963] [<c05a78a4>] (platform_drv_probe) from [<c05a5248>] (really_probe+0x2d8/0x424)

maybe other boards using this generic driver are affected

v2:
optimization:

- phy_set_max_speed() is only needed if you want to reduce the
  max speed, typically if the PHY supports 1Gbps but the MAC
  supports 100Mbps only.

- The pause parameters are autonegotiated. Except you have a specific
  need you normally don't need to manually fiddle with this.

- phy_start_aneg() is called implicitly by the phylib state machine,
  you shouldn't call it manually except you have a good excuse.

- netif_carrier_on/netif_carrier_off in mtk_phy_link_adjust() isn't
  needed. It's done by phy_link_change() in phylib.

Signed-off-by: Frank Wunderlich <frank-w@public-files.de>
Reviewed-by: Heiner Kallweit <hkallweit1@gmail.com>
Acked-by: Sean Wang <sean.wang@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-10 16:57:24 -05:00
Yuchung Cheng c5715b8fab tcp: change txhash on SYN-data timeout
Previously upon SYN timeouts the sender recomputes the txhash to
try a different path. However this does not apply on the initial
timeout of SYN-data (active Fast Open). Therefore an active IPv6
Fast Open connection may incur one second RTO penalty to take on
a new path after the second SYN retransmission uses a new flow label.

This patch removes this undesirable behavior so Fast Open changes
the flow label just like the regular connections. This also helps
avoid falsely disabling Fast Open on the sender which triggers
after two consecutive SYN timeouts on Fast Open.

Signed-off-by: Yuchung Cheng <ycheng@google.com>
Reviewed-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-10 16:55:41 -05:00
Andrew Lunn ea89098ef9 net: dsa: mv88x6xxx: mv88e6390 errata
The 6390 copper ports have an errata which require poking magic values
into undocumented magic registers and then performing a software
reset.

Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-10 16:53:46 -05:00
Willem de Bruijn 001e465f09 bonding: update nest level on unlink
A network device stack with multiple layers of bonding devices can
trigger a false positive lockdep warning. Adding lockdep nest levels
fixes this. Update the level on both enslave and unlink, to avoid the
following series of events ..

    ip netns add test
    ip netns exec test bash
    ip link set dev lo addr 00:11:22:33:44:55
    ip link set dev lo down

    ip link add dev bond1 type bond
    ip link add dev bond2 type bond

    ip link set dev lo master bond1
    ip link set dev bond1 master bond2

    ip link set dev bond1 nomaster
    ip link set dev bond2 master bond1

.. from still generating a splat:

    [  193.652127] ======================================================
    [  193.658231] WARNING: possible circular locking dependency detected
    [  193.664350] 4.20.0 #8 Not tainted
    [  193.668310] ------------------------------------------------------
    [  193.674417] ip/15577 is trying to acquire lock:
    [  193.678897] 00000000a40e3b69 (&(&bond->stats_lock)->rlock#3/3){+.+.}, at: bond_get_stats+0x58/0x290
    [  193.687851]
    	       but task is already holding lock:
    [  193.693625] 00000000807b9d9f (&(&bond->stats_lock)->rlock#2/2){+.+.}, at: bond_get_stats+0x58/0x290

    [..]

    [  193.851092]        lock_acquire+0xa7/0x190
    [  193.855138]        _raw_spin_lock_nested+0x2d/0x40
    [  193.859878]        bond_get_stats+0x58/0x290
    [  193.864093]        dev_get_stats+0x5a/0xc0
    [  193.868140]        bond_get_stats+0x105/0x290
    [  193.872444]        dev_get_stats+0x5a/0xc0
    [  193.876493]        rtnl_fill_stats+0x40/0x130
    [  193.880797]        rtnl_fill_ifinfo+0x6c5/0xdc0
    [  193.885271]        rtmsg_ifinfo_build_skb+0x86/0xe0
    [  193.890091]        rtnetlink_event+0x5b/0xa0
    [  193.894320]        raw_notifier_call_chain+0x43/0x60
    [  193.899225]        netdev_change_features+0x50/0xa0
    [  193.904044]        bond_compute_features.isra.46+0x1ab/0x270
    [  193.909640]        bond_enslave+0x141d/0x15b0
    [  193.913946]        do_set_master+0x89/0xa0
    [  193.918016]        do_setlink+0x37c/0xda0
    [  193.921980]        __rtnl_newlink+0x499/0x890
    [  193.926281]        rtnl_newlink+0x48/0x70
    [  193.930238]        rtnetlink_rcv_msg+0x171/0x4b0
    [  193.934801]        netlink_rcv_skb+0xd1/0x110
    [  193.939103]        rtnetlink_rcv+0x15/0x20
    [  193.943151]        netlink_unicast+0x3b5/0x520
    [  193.947544]        netlink_sendmsg+0x2fd/0x3f0
    [  193.951942]        sock_sendmsg+0x38/0x50
    [  193.955899]        ___sys_sendmsg+0x2ba/0x2d0
    [  193.960205]        __x64_sys_sendmsg+0xad/0x100
    [  193.964687]        do_syscall_64+0x5a/0x460
    [  193.968823]        entry_SYSCALL_64_after_hwframe+0x49/0xbe

Fixes: 7e2556e400 ("bonding: avoid lockdep confusion in bond_get_stats()")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-10 16:49:39 -05:00
Dave Airlie f34c48e06d Merge branch 'drm-fixes-5.0' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
- Powerplay fixes
- Virtual display pinning fixes
- Golden register updates for vega
- Pitch and gem size validation fixes
- Fix for error case in sr-iov init
- Disable page tables in system memory on RV due to issues with IOMMU
  reported on some platforms

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Alex Deucher <alexdeucher@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190109204336.3315-1-alexander.deucher@amd.com
2019-01-11 07:38:56 +10:00
Linus Torvalds 4f548c25a3 RISC-V Updates for 4.21-rc2 v2
This tag contains a handful of updates that slipped through the cracks
 during the merge window due to the holidays.  The fixes are mostly
 independent, with the exception of one larger audit-related branch.
 There's more information about the audit branch in that merge, the rest
 are:
 
 * The BSS has been moved, which shrinks flat images.
 * A fix to test-bpf so it compiles on RV64I-based systems.
 * A fix to respect the kernel commandline when there is no device tree.
 * A fix to prevent CPUs from trying to put themselves to sleep when
   bringing down the system.
 * Support for MODULE_SECTIONS on RV32I-based systems.
 * [new in v2] The addition of an SBI earlycon driver.  This is
   definately a new feature, but I'd like to include it now because I
   dropped this patch when submitting the merge window PR that removed our
   EARLY_PRINTK support.
 
 As usual, I've tested this by booting a Fedora-based image on a recent
 QEMU (this time just whatever I had lying around).
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEAM520YNJYN/OiG3470yhUCzLq0EFAlw2fYgTHHBhbG1lckBk
 YWJiZWx0LmNvbQAKCRDvTKFQLMurQaNXD/47mGXSTUWfGeW9eHh1zFYMyYWertgs
 +nB0Gkmja2sUs5DHW+JFg5TPqKw8EAK3bgrjSrFXTGBRdGeCXcHDoK0n8cQ8eL2C
 smxO2ye18db+zP76loDmvAugKsguPa0Ne7aE/aZ0qaMPQH2c6kIYgNIE09ozQWTb
 yfk/srhgQvu6WFT8dhjqK1YtCE4qPB1U7UMno3TgL/DjRQr0+uNz9MUU4kRkxEl4
 fEtV7rhDUF6gwfb4WAvlTxBrxg/ZbytHXk9swedNDLfIP2vq5C6ALtGnPBshKHWZ
 z+splwYP0g/BZ4/lXJr4vIfxS+6OuFuR8eHCh/stFijL6TkpDZOOjAb576nrpiPT
 On1h6G5/6UIGTApgDhq27FJ6s3om2gw2XiM7kbl1DoDHT4giDB6c/eK2IASRd4zC
 FHk8ya+GBdp9QFJJyL6YX392nRFEg9pLRGMYEwrvcpn5v8jz3umozv2WnWwamiR0
 kwKBJrcj2Oii5a3aBoa2EdMomC1KHNF5nKoN5W6AozIzSSLOx0wSr58ULLoGC/2h
 8Mn8hfyUCs+v+5SnXk5drrV8mXBsWAEsOPZfsnw6RUqGsjEysj9Z2UEtYY8WLPM3
 GDpsXGK1nLzgusvUoITBJi+k4zNs9mP7PBtfEHBsPH/ij5R9doCvSGco4YOXONdp
 i5ToKwmFDBJTOw==
 =WPnn
 -----END PGP SIGNATURE-----

Merge tag 'riscv-for-linus-4.21-rc2-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux

Pull RISC-V updates from Palmer Dabbelt:
 "This tag contains a handful of updates that slipped through the cracks
  during the merge window due to the holidays. The fixes are mostly
  independent, with the exception of one larger audit-related branch.

  Core RISC-V updates:

   - The BSS has been moved, which shrinks flat images.

   - A fix to test-bpf so it compiles on RV64I-based systems.

   - A fix to respect the kernel commandline when there is no device
     tree.

   - A fix to prevent CPUs from trying to put themselves to sleep when
     bringing down the system.

   - Support for MODULE_SECTIONS on RV32I-based systems.

   - [new in v2] The addition of an SBI earlycon driver. This is
     definately a new feature, but I'd like to include it now because I
     dropped this patch when submitting the merge window PR that removed
     our EARLY_PRINTK support.

  RISC-V audit updates:

   - The addition of NR_syscalls into unistd.h, which is necessary for
     CONFIG_FTRACE_SYSCALLS.

   - The definition of CREATE_TRACE_POINTS so __tracepoint_sys_{enter,exit}
     get defined.

   - A fix for trace_sys_exit() so we can enable HAVE_SYSCALL_TRACEPOINTS

  As usual, I've tested this by booting a Fedora-based image on a recent
  QEMU (this time just whatever I had lying around).

* tag 'riscv-for-linus-4.21-rc2-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux:
  tty/serial: Add RISC-V SBI earlycon support
  riscv: add HAVE_SYSCALL_TRACEPOINTS to Kconfig
  riscv: fix trace_sys_exit hook
  riscv: define CREATE_TRACE_POINTS in ptrace.c
  riscv: define NR_syscalls in unistd.h
  riscv: audit: add audit hook in do_syscall_trace_enter/exit()
  riscv: add audit support
  RISC-V: Support MODULE_SECTIONS mechanism on RV32
  MAINTAINERS: SiFive drivers: add myself as a SiFive driver maintainer
  MAINTAINERS: SiFive drivers: change the git tree to a SiFive git tree
  riscv: don't stop itself in smp_send_stop
  arch: riscv: support kernel command line forcing when no DTB passed
  tools uapi: fix RISC-V 64-bit support
  RISC-V: Make BSS section as the last section in vmlinux.lds.S
2019-01-10 13:36:53 -08:00
Dave Airlie bd86c9e66c Pull request for drm-misc-fixes for v5.0-rc2:
- Fixes for the tc358767 bridge to work correctly with
   tc358867 using a DP connector.
 - Make resume work on amdgpu when a DP-MST display is unplugged.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEuXvWqAysSYEJGuVH/lWMcqZwE8MFAlw2660ACgkQ/lWMcqZw
 E8Oe6xAAtgfGxm9swLsRqoLl/vhevtjJ4VylFH8Z+P5wOpQ/nbcFu/dIAk9+4GUh
 uqzm71t4Fw1Guv9eKJeWn2hztvlgRMygC+hGaHfEsMheKEo48d+5hA6IJKT00qo0
 sFDdNxvbTWHa7hamC2b5EK18PKlq1eRxatDCHUbaOAOIe+vdonu9xYD8aKQvEo0P
 ZjfgZHYHVmUNn1L3rO0X9GadDIDEL6NajYvU6PcqFmkREUiEKpAeIsPf6xQeOjUy
 32IoGJ7sI1ZCT9KDOoDCpL2E7ILGLDgiQnwZkjePuTdDwcz0XijAfOLICI5xs3zG
 VXi4ZrfeaoxguETEfJcDhg4lZFSeBL9zxfN1WJ7Z9njUj4sbKD31mTWnV0gIXniW
 U8+qI5qJQ3ynkVzJP1+HvQxtoesZ7wQxB9Kr6xa4oASr1+FbbSQUOOe0232ZCjUk
 AG9MgC69uac1//yfLXVCvy1DosS4QWWfUf5tDlKi5hKebkPw+3XzlHwHzhlPxrOf
 HlJQ6TMTAgqFNbKkF+CgHYBh3sMmJuc7ps6ee/z6D9FOiRYO5LZWMlz6THd+1fJ3
 3Zj56J7gbiugaEqyskiwRBLZNy4sfu7kwl+CWWpJNegj0AzZ8Sk8NDwht4oY8dA5
 z//4Xe3+dxkDVAjcJ37KGU2vvVHyGvmOHkmRyIt30MjoTxpKztk=
 =JBCs
 -----END PGP SIGNATURE-----

Merge tag 'drm-misc-fixes-2019-01-10' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes

Pull request for drm-misc-fixes for v5.0-rc2:
- Fixes for the tc358767 bridge to work correctly with
  tc358867 using a DP connector.
- Make resume work on amdgpu when a DP-MST display is unplugged.

Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/1c47722d-c416-184d-4340-0dc6a614d685@linux.intel.com
2019-01-11 06:32:44 +10:00
Pavel Shilovsky 8544f4aa9d CIFS: Fix credit computation for compounded requests
In SMB3 protocol every part of the compound chain consumes credits
individually, so we need to call wait_for_free_credits() for each
of the PDUs in the chain. If an operation is interrupted, we must
ensure we return all credits taken from the server structure back.

Without this patch server can sometimes disconnect the session
due to credit mismatches, especially when first operation(s)
are large writes.

Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
CC: Stable <stable@vger.kernel.org>
2019-01-10 14:32:38 -06:00
Pavel Shilovsky 33fa5c8b8a CIFS: Do not set credits to 1 if the server didn't grant anything
Currently we reset the number of total credits granted by the server
to 1 if the server didn't grant us anything int the response. This
violates the SMB3 protocol - we need to trust the server and use
the credit values from the response. Fix this by removing the
corresponding code.

Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
CC: Stable <stable@vger.kernel.org>
2019-01-10 14:32:36 -06:00
Pavel Shilovsky b983f7e923 CIFS: Fix adjustment of credits for MTU requests
Currently for MTU requests we allocate maximum possible credits
in advance and then adjust them according to the request size.
While we were adjusting the number of credits belonging to the
server, we were skipping adjustment of credits belonging to the
request. This patch fixes it by setting request credits to
CreditCharge field value of SMB2 packet header.

Also ask 1 credit more for async read and write operations to
increase parallelism and match the behavior of other operations.

Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
CC: Stable <stable@vger.kernel.org>
2019-01-10 14:32:32 -06:00
Dan Carpenter c715f89c4d cifs: Fix a tiny potential memory leak
The most recent "it" allocation is leaked on this error path.  I
believe that small allocations always succeed in current kernels so
this doesn't really affect run time.

Fixes: 54be1f6c1c ("cifs: Add DFS cache routines")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2019-01-10 14:32:30 -06:00
Dan Carpenter 8428817dc4 cifs: Fix a debug message
This debug message was never shown because it was checking for NULL
returns but extract_hostname() returns error pointers.

Fixes: 93d5cb517d ("cifs: Add support for failover in cifs_reconnect()")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Paulo Alcantara <palcantara@suse.de>
2019-01-10 14:32:27 -06:00
Will Deacon b89d82ef01 arm64: kpti: Avoid rewriting early page tables when KASLR is enabled
A side effect of commit c55191e96c ("arm64: mm: apply r/o permissions
of VM areas to its linear alias as well") is that the linear map is
created with page granularity, which means that transitioning the early
page table from global to non-global mappings when enabling kpti can
take a significant amount of time during boot.

Given that most CPU implementations do not require kpti, this mainly
impacts KASLR builds where kpti is forcefully enabled. However, in these
situations we know early on that non-global mappings are required and
can avoid the use of global mappings from the beginning. The only gotcha
is Cavium erratum #27456, which we must detect based on the MIDR value
of the boot CPU.

Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reported-by: John Garry <john.garry@huawei.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2019-01-10 17:49:35 +00:00
Linus Torvalds 1bdbe22749 VFIO fixes for v5.0-rc2
- Fix trace header include path for in-tree builds (Masahiro Yamada)
 
  - Fix overflow in unmap wrap-around test (Alex Williamson)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.14 (GNU/Linux)
 
 iQIcBAABAgAGBQJcN3STAAoJECObm247sIsiY2cP/AtWyCbCe+7z59DVEbfXjnBq
 DNQ1wZRGdljlw0GF9quGwkrgLDeqktBnnZslHEKHPLad9/YvsScpgQCZasHXCudT
 LpixVONSwPi2bH28W+sPgzj8Vh3B9LjjZcwdOKicUdlKCbm3iKhhwLMsmTs5ZmO1
 kQcSB6GkWTnqda5NTL1gHfVi8ej7MRf0HXElYA7bPBuBY/Dc/a4i49kziHk4MpD3
 uLfpJkmJ97IWZaP5JXtSjskqvdoqCPic7FtH6/BOxt0EKktmzDmg8+UhpG9SF47E
 CJaqWUSTWMado7Dw1qSrnpa60DjFtj6j/j6Wfg7fdN+UHXUcoNMjsSDL855o/QWq
 kHLqSqn0yKMctWvk1KjV6WF7Kud44OViLOSKIlm5hVPNahCB6ZtZUp08DZmDxrIw
 1utbG9PiD0iCEV4cbFPtObvopFdF4wgOWKeEIcxwevOkxGXBuAVMzsItAxtoDYBy
 4tJGNKPpS5tmTUbc+mkyK5BDKBy0ZJfTr7fknsK/yMBwr/DemuyZnYzEV6AmX+zV
 yfHg9YHnPqZJ5BEy3WKHaeuhHwaiI2V+D0SOm5MkePzCFnAzisFRQcvyh6oMXPNW
 +vaaKnYABsSeCeX1snwJU2rxDhac/4bzHxPTHXkNz3Smscy5sqJzyIciURs4qg7S
 4llvBFL4mVgkWoCkTxWf
 =ywyo
 -----END PGP SIGNATURE-----

Merge tag 'vfio-v5.0-rc2' of git://github.com/awilliam/linux-vfio

Pull VFIO fixes from Alex Williamson:

 - Fix trace header include path for in-tree builds (Masahiro Yamada)

 - Fix overflow in unmap wrap-around test (Alex Williamson)

* tag 'vfio-v5.0-rc2' of git://github.com/awilliam/linux-vfio:
  vfio/type1: Fix unmap overflow off-by-one
  vfio/pci: set TRACE_INCLUDE_PATH to fix the build error
2019-01-10 09:20:46 -08:00
Linus Torvalds f0ebbe9b18 sound fixes for 5.0-rc2
A collection of small fixes for USB-audio, HD-audio and cs46xx.
 The USB-audio fixes are for out-of-bound accesses and a regression
 in the recent cleanup, while HD-audio fixes are usual device-
 specific quirks.
 -----BEGIN PGP SIGNATURE-----
 
 iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAlw3TUMOHHRpd2FpQHN1
 c2UuZGUACgkQLtJE4w1nLE+sxA/+KzAzchEh/8nlK/8ZQvSN79AA2K2H0c7fdt2v
 OSXiSNf8tGSxtH57exJf+lV3WPxkjIhtjVP0MSOPs1RShg6rHqdbsd78cRzkD+wk
 8eIOHE8Epe3zgIbkBMCymqq1oDmQ5OfRNMdLYsEfjzd6VBbXSqTBmjMXZ8fQ1Pjj
 fJ+zVIBWBjDBTM/OmvSDalwGEOI0jaYDaR1wuzbU8vmhEmGptWEQklHJVuXXyJPl
 ZRdPx6FQ3uLWvsQ+4SZi4BR2PYyFs4D4XH9Gq9kdL0fKZsmYf5i07q1zut/aRhcD
 Hh8ofd8caXIFR3rsYcIeo7xkRmuY8zGlJP5uQmteCKZ8ygC1bX9ukXaH+6BPrV/7
 9fEruSajChW6fxTB6qlj3n3kr8lKpzD1X6PuBY9xcDojarx97Q00vw2g55CJygUb
 meKQY5NSPClJ1kIOuveJ5tr2Jli6aRtB0dw0mGPC4jdQ389DM5VUKK52SBCUFIO8
 ROSDB8XDpqS/pJ0iKraZQFxrYUWO4/gHzMCT1otsAM35Lm8JRpApuSCgCHTtTK8P
 sY7bdAByswKcGd1eA0TZ1sLnqAcUhAcLtk0FWmHozT4Is1mHy+ixdVlfClhDbkUn
 JNeHFm1M0QP1tuHnJpYuqzCL/2mJbNAXkiJ3X1CK68Qcyigldias2Tv86JcLpkrg
 CxYQxKc=
 =f4eE
 -----END PGP SIGNATURE-----

Merge tag 'sound-5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "A collection of small fixes for USB-audio, HD-audio and cs46xx.

  The USB-audio fixes are for out-of-bound accesses and a regression in
  the recent cleanup, while HD-audio fixes are usual device-specific
  quirks"

* tag 'sound-5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225
  ALSA: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225
  ALSA: usb-audio: fix CM6206 register definitions
  ALSA: cs46xx: Potential NULL dereference in probe
  ALSA: hda/realtek - Support Dell headset mode for New AIO platform
  ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks
  ALSA: usb-audio: Always check descriptor sizes in parser code
  ALSA: usb-audio: Check mixer unit descriptors more strictly
  ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit()
2019-01-10 09:17:48 -08:00
Linus Torvalds e7446be446 MTD Fixes:
- Fix a bug introduced when exposing MTD devs as NVMEM providers and
   check for add_mtd_device() return code everywhere
 
 raw NAND fixes:
 - Fix a memory corruption in the QCOM driver
 -----BEGIN PGP SIGNATURE-----
 
 iQJKBAABCgA0FiEEKmCqpbOU668PNA69Ze02AX4ItwAFAlw3AH4WHGJicmV6aWxs
 b25Aa2VybmVsLm9yZwAKCRBl7TYBfgi3AEbeEACdjuGgEh7rbfa1Chmi8UDZ3mUY
 FjZ29AV6u+NLHLqh5CGMCxmn0PT4EpZmd31YK9Lyxr9LTP+MU0mEBbqaHSwLmGOx
 O7bSL7Wjz6tJEfejSd/hfEohgqqXQNl9CnI0wxA6vLlkMmWsO8YzyiPf3DtkXsg+
 VWu6W1HGvjAzz4dcUGgDIEXUrns/DuMOUfsLvhGvM8HJVyrLyHiV5IZnP7eKOqPv
 9w6oxhPa+NR7Ki3GZ/vN1fPAn9mkG7nx1xPiVjW9pgkTFnsfciUHx6XRalJpIRON
 fLsAiRTyRIqhpfdcIdY9KoizcsCVmXKEDJ+KvWFl914sCqMY2vhMWN5uYcYLmwgj
 GHllBLT4u2mizGIry+9MitT9OewY71P3hVdF2bIRpgVEqLrsW2B4KqctAsH8aLL7
 fpPMO9FIYlL3VKu2jAuLxxqsXNa2L6I6ZhCcb/Fh2tXx6SHeLCaaYsFHg93AJxex
 vU3nfS+CfQzzXATmzNJZhVAGh2pNB/Bqv7y9/p50hnJri421+6Jp9f7P9KTuFQan
 1CCMxNYHZgGecBGirufhTC4SS/EFGS0VTepe8c83NAZ2F7y/KTb1D/LBrgdjUDWy
 pQq9UsepkFML42RNqaGYRzgMESHWwbW/o6BIu9rsvalRDIW+06cU14Zo4Ndi9Cbj
 0lFNjl9st8yyJ/yX7Q==
 =dFzQ
 -----END PGP SIGNATURE-----

Merge tag 'mtd/fixes-for-5.0-rc2' of git://git.infradead.org/linux-mtd

Pull mtd fixes from Boris Brezillon:
 "Core MTD Fixes:

   - Fix a bug introduced when exposing MTD devs as NVMEM providers and
     check for add_mtd_device() return code everywhere

  raw NAND fixes:

   - Fix a memory corruption in the QCOM driver"

* tag 'mtd/fixes-for-5.0-rc2' of git://git.infradead.org/linux-mtd:
  mtd: rawnand: qcom: fix memory corruption that causes panic
  mtd: Check add_mtd_device() ret code
  mtd: Fix the check on nvmem_register() ret code
2019-01-10 09:14:12 -08:00
Qu Wenruo 1b3922a8bc btrfs: Use real device structure to verify dev extent
[BUG]
Linux v5.0-rc1 will fail fstests/btrfs/163 with the following kernel
message:

  BTRFS error (device dm-6): dev extent devid 1 physical offset 13631488 len 8388608 is beyond device boundary 0
  BTRFS error (device dm-6): failed to verify dev extents against chunks: -117
  BTRFS error (device dm-6): open_ctree failed

[CAUSE]
Commit cf90d884b3 ("btrfs: Introduce mount time chunk <-> dev extent
mapping check") introduced strict check on dev extents.

We use btrfs_find_device() with dev uuid and fs uuid set to NULL, and
only dependent on @devid to find the real device.

For seed devices, we call clone_fs_devices() in open_seed_devices() to
allow us search seed devices directly.

However clone_fs_devices() just populates devices with devid and dev
uuid, without populating other essential members, like disk_total_bytes.

This makes any device returned by btrfs_find_device(fs_info, devid,
NULL, NULL) is just a dummy, with 0 disk_total_bytes, and any dev
extents on the seed device will not pass the device boundary check.

[FIX]
This patch will try to verify the device returned by btrfs_find_device()
and if it's a dummy then re-search in seed devices.

Fixes: cf90d884b3 ("btrfs: Introduce mount time chunk <-> dev extent mapping check")
CC: stable@vger.kernel.org # 4.19+
Reported-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2019-01-10 17:13:00 +01:00
Song Liu beaf3d1901 bpf: fix panic in stack_map_get_build_id() on i386 and arm32
As Naresh reported, test_stacktrace_build_id() causes panic on i386 and
arm32 systems. This is caused by page_address() returns NULL in certain
cases.

This patch fixes this error by using kmap_atomic/kunmap_atomic instead
of page_address.

Fixes: 615755a77b (" bpf: extend stackmap to save binary_build_id+offset instead of address")
Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Signed-off-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2019-01-10 16:02:17 +01:00
Anders Roxell f98937c6bb selftests: bpf: install files tcp_(server|client)*.py
When test_tcpbpf_user runs it complains that it can't find files
tcp_server.py and tcp_client.py.

Rework so that tcp_server.py and tcp_client.py gets installed, added them
to the variable TEST_PROGS_EXTENDED.

Fixes: d6d4f60c3a ("bpf: add selftest for tcpbpf")
Signed-off-by: Anders Roxell <anders.roxell@linaro.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2019-01-10 15:56:52 +01:00
Nicholas Mc Guire df209c43a0 gpio: pl061: handle failed allocations
devm_kzalloc(), devm_kstrdup() and devm_kasprintf() all can
fail internal allocation and return NULL. Using any of the assigned
objects without checking is not safe. As this is early in the boot
phase and these allocations really should not fail, any failure here
is probably an indication of a more serious issue so it makes little
sense to try and rollback the previous allocated resources or try to
continue;  but rather the probe function is simply exited with -ENOMEM.

Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
Fixes: 684284b64a ("ARM: integrator: add MMCI device to IM-PD1")
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2019-01-10 15:54:50 +01:00
Ioana Ciornei 11b36abc24 samples: bpf: user proper argument index
Use optind as index for argv instead of a hardcoded value.
When the program has options this leads to improper parameter handling.

Fixes: dc378a1ab5 ("samples: bpf: get ifindex from ifname")
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Acked-by: Matteo Croce <mcroce@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2019-01-10 15:54:47 +01:00