Some late fixes for drivers:
- memory leak in ti crossbar dma driver
- cleanup of omap dma probe
- Fix for link list configuration in sprd dma driver
- Handling fixed for DMACHCLR if iommu is mapped in rcar dma
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJdc2UTAAoJEHwUBw8lI4NHOyMP/R/rB6DdQ1TLbe+NciH/0WZT
OL0oTSQ3K3pCiA9XqPa1VXaOwPo0w3151Fzd44pfhoQkKGXUpBNHDRSfsV4kvajA
E9weDEfvatrsh9N5R7ml+sWpsu+dd28NyCIOydDVOx+QjS4f9qZyNcUsnKNKlEij
N2ZCQpBozQa8kXhDymI5V1ldJSA8OzOqTgdRGKJFwg69hzpUSrkfSbjjhCubA943
LFLrQ1yp2lRwvd1HAKQutWGzzbXV9PiFCYWTcxHClaYjjhqNY/HBRppAw/Nfi4Qt
C4JV2fi7IXTqNU5VJD6bfDtL4K2+oA0xkhuqdolrWFu0n1KBDDzC99zPEcjysQrK
TWaGSNzR0oH9Xgk2IM75Srjorn3ErU5VSW0M8TSVBCoEj8Jt/R2GVFOrtCNMF8KN
7Lv48FZQsv8SoMeEgH6Kq4GuqRtFbqVzJdkeHpjfNe0hih5PNNW1+VM2RTkoJkPd
qG7YavUqKbOTbR+QXVY9TLyV14/fp5OnDhrBWZ4vJxU0waHkxNbNLIlEChs8Pa9O
6UVnpl3bnKzDdFUEf6am5kjOEzTfxlbWcm5AA8rNyGHStDucgq/3c/FLZCuEPLtf
VPrbR8oMe9iHZjRLwjSgVc1EjfWhmYeAOEBnAhi4duhgq+sXBfomrp8Y1B4voCkA
m1UxFdLiAl+n1p4MQ9vA
=rSgu
-----END PGP SIGNATURE-----
Merge tag 'dmaengine-fix-5.3' of git://git.infradead.org/users/vkoul/slave-dma
Pull dmaengine fixes from Vinod Koul:
"Some late fixes for drivers:
- memory leak in ti crossbar dma driver
- cleanup of omap dma probe
- Fix for link list configuration in sprd dma driver
- Handling fixed for DMACHCLR if iommu is mapped in rcar dma"
* tag 'dmaengine-fix-5.3' of git://git.infradead.org/users/vkoul/slave-dma:
dmaengine: rcar-dmac: Fix DMACHCLR handling if iommu is mapped
dmaengine: sprd: Fix the DMA link-list configuration
dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe()
dmaengine: ti: dma-crossbar: Fix a memory leak bug
Flower control message replies are handled in different locations. The truly
high priority replies are handled in the BH (tasklet) context, while the
remaining replies are handled in a predefined Linux work queue. The work
queue handler orders replies into high and low priority groups, and always
start servicing the high priority replies within the received batch first.
Reply Type: Rtnl Lock: Handler:
CMSG_TYPE_PORT_MOD no BH tasklet (mtu)
CMSG_TYPE_TUN_NEIGH no BH tasklet
CMSG_TYPE_FLOW_STATS no BH tasklet
CMSG_TYPE_PORT_REIFY no WQ high
CMSG_TYPE_PORT_MOD yes WQ high (link/mtu)
CMSG_TYPE_MERGE_HINT yes WQ low
CMSG_TYPE_NO_NEIGH no WQ low
CMSG_TYPE_ACTIVE_TUNS no WQ low
CMSG_TYPE_QOS_STATS no WQ low
CMSG_TYPE_LAG_CONFIG no WQ low
A subset of control messages can block waiting for an rtnl lock (from both
work queue priority groups). The rtnl lock is heavily contended for by
external processes such as systemd-udevd, systemd-network and libvirtd,
especially during netdev creation, such as when flower VFs and representors
are instantiated.
Kernel netlink instrumentation shows that external processes (such as
systemd-udevd) often use successive rtnl_trylock() sequences, which can result
in an rtnl_lock() blocked control message to starve for longer periods of time
during rtnl lock contention, i.e. netdev creation.
In the current design a single blocked control message will block the entire
work queue (both priorities), and introduce a latency which is
nondeterministic and dependent on system wide rtnl lock usage.
In some extreme cases, one blocked control message at exactly the wrong time,
just before the maximum number of VFs are instantiated, can block the work
queue for long enough to prevent VF representor REIFY replies from getting
handled in time for the 40ms timeout.
The firmware will deliver the total maximum number of REIFY message replies in
around 300us.
Only REIFY and MTU update messages require replies within a timeout period (of
40ms). The MTU-only updates are already done directly in the BH (tasklet)
handler.
Move the REIFY handler down into the BH (tasklet) in order to resolve timeouts
caused by a blocked work queue waiting on rtnl locks.
Signed-off-by: Fred Lotter <frederik.lotter@netronome.com>
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Historically, support for frag_list packets entering skb_segment() was
limited to frag_list members terminating on exact same gso_size
boundaries. This is verified with a BUG_ON since commit 89319d3801
("net: Add frag_list support to skb_segment"), quote:
As such we require all frag_list members terminate on exact MSS
boundaries. This is checked using BUG_ON.
As there should only be one producer in the kernel of such packets,
namely GRO, this requirement should not be difficult to maintain.
However, since commit 6578171a7f ("bpf: add bpf_skb_change_proto helper"),
the "exact MSS boundaries" assumption no longer holds:
An eBPF program using bpf_skb_change_proto() DOES modify 'gso_size', but
leaves the frag_list members as originally merged by GRO with the
original 'gso_size'. Example of such programs are bpf-based NAT46 or
NAT64.
This lead to a kernel BUG_ON for flows involving:
- GRO generating a frag_list skb
- bpf program performing bpf_skb_change_proto() or bpf_skb_adjust_room()
- skb_segment() of the skb
See example BUG_ON reports in [0].
In commit 13acc94eff ("net: permit skb_segment on head_frag frag_list skb"),
skb_segment() was modified to support the "gso_size mangling" case of
a frag_list GRO'ed skb, but *only* for frag_list members having
head_frag==true (having a page-fragment head).
Alas, GRO packets having frag_list members with a linear kmalloced head
(head_frag==false) still hit the BUG_ON.
This commit adds support to skb_segment() for a 'head_skb' packet having
a frag_list whose members are *non* head_frag, with gso_size mangled, by
disabling SG and thus falling-back to copying the data from the given
'head_skb' into the generated segmented skbs - as suggested by Willem de
Bruijn [1].
Since this approach involves the penalty of skb_copy_and_csum_bits()
when building the segments, care was taken in order to enable this
solution only when required:
- untrusted gso_size, by testing SKB_GSO_DODGY is set
(SKB_GSO_DODGY is set by any gso_size mangling functions in
net/core/filter.c)
- the frag_list is non empty, its item is a non head_frag, *and* the
headlen of the given 'head_skb' does not match the gso_size.
[0]
https://lore.kernel.org/netdev/20190826170724.25ff616f@pixies/https://lore.kernel.org/netdev/9265b93f-253d-6b8c-f2b8-4b54eff1835c@fb.com/
[1]
https://lore.kernel.org/netdev/CA+FuTSfVsgNDi7c=GUU8nMg2hWxF2SjCNLXetHeVPdnxAW5K-w@mail.gmail.com/
Fixes: 6578171a7f ("bpf: add bpf_skb_change_proto helper")
Suggested-by: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Alexander Duyck <alexander.duyck@gmail.com>
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@gmail.com>
Reviewed-by: Willem de Bruijn <willemb@google.com>
Reviewed-by: Alexander Duyck <alexander.h.duyck@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fixes a stupid bug I recently introduced...
ip6_route_info_create() returns an ERR_PTR(err) and not a NULL on error.
Fixes: d55a2e374a ("net-ipv6: fix excessive RTF_ADDRCONF flag on ::1/128 local route (and others)'")
Cc: David Ahern <dsahern@gmail.com>
Cc: Lorenzo Colitti <lorenzo@google.com>
Cc: Eric Dumazet <edumazet@google.com>
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
syzbot reported:
BUG: KMSAN: uninit-value in capi_write+0x791/0xa90 drivers/isdn/capi/capi.c:700
CPU: 0 PID: 10025 Comm: syz-executor379 Not tainted 4.20.0-rc7+ #2
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x173/0x1d0 lib/dump_stack.c:113
kmsan_report+0x12e/0x2a0 mm/kmsan/kmsan.c:613
__msan_warning+0x82/0xf0 mm/kmsan/kmsan_instr.c:313
capi_write+0x791/0xa90 drivers/isdn/capi/capi.c:700
do_loop_readv_writev fs/read_write.c:703 [inline]
do_iter_write+0x83e/0xd80 fs/read_write.c:961
vfs_writev fs/read_write.c:1004 [inline]
do_writev+0x397/0x840 fs/read_write.c:1039
__do_sys_writev fs/read_write.c:1112 [inline]
__se_sys_writev+0x9b/0xb0 fs/read_write.c:1109
__x64_sys_writev+0x4a/0x70 fs/read_write.c:1109
do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291
entry_SYSCALL_64_after_hwframe+0x63/0xe7
[...]
The problem is that capi_write() is reading past the end of the message.
Fix it by checking the message's length in the needed places.
Reported-and-tested-by: syzbot+0849c524d9c634f5ae66@syzkaller.appspotmail.com
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit 36f1031c51 ("ibmvnic: Do not process reset during or after
device removal") made the change to exit reset if the driver has been
removed, but does not free reset work items of the adapter from queue.
Ensure all reset work items are freed when breaking out of the loop early.
Fixes: 36f1031c51 ("ibmnvic: Do not process reset during or after device removal”)
Signed-off-by: Juliet Kim <julietk@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Regarding to IEEE 802.3-2015 standard section 2
28B.3 Priority resolution - Table 28-3 - Pause resolution
In case of Local device Pause=1 AsymDir=0, Link partner
Pause=1 AsymDir=1, Local device resolution should be enable PAUSE
transmit, disable PAUSE receive.
And in case of Local device Pause=1 AsymDir=1, Link partner
Pause=1 AsymDir=0, Local device resolution should be enable PAUSE
receive, disable PAUSE transmit.
Fixes: 9525ae8395 ("phylink: add phylink infrastructure")
Signed-off-by: Stefan Chulski <stefanc@marvell.com>
Reported-by: Shaul Ben-Mayor <shaulb@marvell.com>
Acked-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
We 'allocate' 'count' bytes here. In fact, 'dev_alloc_skb' already add some
extra space for padding, so a bit more is allocated.
However, we use 1 byte for the KISS command, then copy 'count' bytes, so
count+1 bytes.
Explicitly allocate and use 1 more byte to be safe.
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Alexei Starovoitov says:
====================
pull-request: bpf 2019-09-06
The following pull-request contains BPF updates for your *net* tree.
The main changes are:
1) verifier precision tracking fix, from Alexei.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Just a single lpfc fix adjusting the number of available queues for
high CPU count systems.
Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com>
-----BEGIN PGP SIGNATURE-----
iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCXXK/9iYcamFtZXMuYm90
dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishUTCAP9C9a9W
sUBdDpe1bedPFJBBqT3540rucXGlSINXpm20RAEA7C9BkrHk7wFpCmieZscdDG2v
T5o0P6RYDEShcm91HLk=
=lrs3
-----END PGP SIGNATURE-----
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fix from James Bottomley:
"Just a single lpfc fix adjusting the number of available queues for
high CPU count systems"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: lpfc: Raise config max for lpfc_fcp_mq_threshold variable
- Restore support for 1GB alignment namespaces, truncate the end of
misaligned namespaces.
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJdcrYBAAoJEB7SkWpmfYgCIdoQAISVni+8vLZBWe9em1oCeFRP
xcb/2uyI3r0Ctmc8MrUKP58z1LBexhxomdAPK2gtnKkQ7zP8W/M2cFhpoA9bdp5A
+yAlCg1N+WjjJ19AEaxicDhtuOzDnPUVJu4AHmGfhTYyunz/+lcMeyBKrpIXrou4
NxU1SNm7/fQw9k6/aKBbEOYwrYplhxtcVMmNW1p70unHvaS0tIG7qdVYph8GVdbz
JnMVBz2hW1KlqGo4PVkglNeK65eolX/8be5VJSVQrSu7phsCbICFQCViz73dnrt7
0rpcdb8HlW1zh/n/7rxHVTBwWdIylMVm1DXX0BiXcj+vX64Nt5vbfSZAxIm+wzJu
yr8vJ7LmWWMlza0gqwPkeOMCeUuHUeGgjn0OFohsN0S+XmoyBIyNUxwYvbJdpIf0
8n31HWMMC76TwE5elO1Z3HjXfCfEV9kKpNLdAhi//xuHVKh9nQOYvidm/kTDEKJR
+9r4Df4IZtQJIS5o10Q4kffiokxPEIy7QNrwn4/p53v4vSK65yiSTHajbxgcUFcC
SFB1db3tv4TmWnVrzvqKowJE1TtSHyW9pHr33EVRaiCFnWgnsQsWPqdP5SmO+WZX
lH4PhUMaVSN2ROZTQFg4EYreh2X/+IlOfhKyLFsoN+wQjMv3VXK8wxpsUtFVllmF
Ja9QGiNImyW0kId//IKK
=CEfh
-----END PGP SIGNATURE-----
Merge tag 'libnvdimm-fix-5.3-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm
Pull libnvdimm fix from Dan Williams:
"Restore support for 1GB alignment namespaces, truncate the end of
misaligned namespaces"
* tag 'libnvdimm-fix-5.3-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
libnvdimm/pfn: Fix namespace creation on misaligned addresses
Pull input fix from Dmitry Torokhov:
"A tiny update from Benjamin removing a mistakenly added Elan PNP ID so
that the device is again handled by hid-multitouch"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: elan_i2c - remove Lenovo Legion Y7000 PnpID
Looks like the Bios of the Lenovo Legion Y7000 is using ELAN061B
when the actual device is supposed to be used with hid-multitouch.
Remove it from the list of the supported device, hoping that
no one will complain about the loss in functionality.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=203467
Fixes: 738c06d0e4 ("Input: elan_i2c - add hardware ID for multiple Lenovo laptops")
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
There are three more fixes for this week:
- The Windows-on-ARM laptops require a workaround to
prevent crashing at boot from ACPI
- The Renesas "draak" board needs one bugfix for
the backlight regulator
- Also for Renesas, the "hihope" board accidentally
had its eMMC turned off in the 5.3 merge window.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJdcrXdAAoJEJpsee/mABjZ99QP/0Js6+FE+JXOsiUuREdiU8JC
CmKPbtPT+IyOP+068bpkU1cWWVJ0fyF126D7mfsQfL/VrQTnqCAqkytBidUmh5kX
LT0392kaB+zLlbCgxX3xdBOBpMT2j/kFE9YbtBQG59867zH1Y5q6U/Pek0lWze39
llraW2Nlwr/SW+Ffw0tGLXi8dl9FVYNl3jNKfK2/EM51kEeqwTcJvI0WXgOtsUK3
oiEamod7mQNGEcqnxWf/W9Pj76Y8dlw5H7Q2aTqsb4bYOB0QdCUZqiLfXhyQn0qZ
wy3bnC5Y+nIg9N2I4GRp0MLQ54xdN41gZtX25OdmPIvawxnf2dfwinN9EeGxUn3G
RTgv4eBRRNVlheEdUkoyvLaz9jtOO5NCebti9foYcZv9HDEoIHhCqCjgmU7DrW+2
eP+6pTwnbokbCDtsQ4okfJrAlMkOz4ynGs3sDwzqyxwXKr8Ez0Gho7nVbrRakH4A
fOmDAZEqcNNGCUC5S1LLZNVLC0hp7HDb50uqJnVcirSxw2Qr/RPxw7lY4iaG1Gcd
g8NXmLlkWIGpKe4VofPDqRq7Z5UrpAlefpaO3YVV5k1GH3Z6qmDZpP2ItEdue4yr
wagaHBuv/eJD8xdEij4uPzx+TshZ7JHcO4IjnTE9rUaPi62tyNigJsuik8LNq5zv
Lm3ZJwXLhzUDG3XUS+JD
=f5ge
-----END PGP SIGNATURE-----
Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
Pull ARM SoC fixes from Arnd Bergmann:
"There are three more fixes for this week:
- The Windows-on-ARM laptops require a workaround to prevent crashing
at boot from ACPI
- The Renesas 'draak' board needs one bugfix for the backlight
regulator
- Also for Renesas, the 'hihope' board accidentally had its eMMC
turned off in the 5.3 merge window"
* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
soc: qcom: geni: Provide parameter error checking
arm64: dts: renesas: hihope-common: Fix eMMC status
arm64: dts: renesas: r8a77995: draak: Fix backlight regulator name
As Vincent noticed, the y2038 conversion of semtimedop in linux-5.1
broke when commit 00bf25d693 ("y2038: use time32 syscall names on
32-bit") changed all system calls on all architectures that take
a 32-bit time_t to point to the _time32 implementation, but left out
semtimedop in the asm-generic header.
This affects all 32-bit architectures using asm-generic/unistd.h:
h8300, unicore32, openrisc, nios2, hexagon, c6x, arc, nds32 and csky.
The notable exception is riscv32, which has dropped support for the
time32 system calls entirely.
Reported-by: Vincent Chen <deanbo422@gmail.com>
Cc: stable@vger.kernel.org
Cc: Vincent Chen <deanbo422@gmail.com>
Cc: Greentime Hu <green.hu@gmail.com>
Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
Cc: Guan Xuetao <gxt@pku.edu.cn>
Cc: Stafford Horne <shorne@gmail.com>
Cc: Jonas Bonn <jonas@southpole.se>
Cc: Stefan Kristiansson <stefan.kristiansson@saunalahti.fi>
Cc: Ley Foon Tan <lftan@altera.com>
Cc: Richard Kuo <rkuo@codeaurora.org>
Cc: Mark Salter <msalter@redhat.com>
Cc: Aurelien Jacquiot <jacquiot.aurelien@gmail.com>
Cc: Guo Ren <guoren@kernel.org>
Fixes: 00bf25d693 ("y2038: use time32 syscall names on 32-bit")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
- fix removal vs attribute read/write races (Al Viro)
-----BEGIN PGP SIGNATURE-----
iQI/BAABCgApFiEEgdbnc3r/njty3Iq9D55TZVIEUYMFAl1yfl8LHGhjaEBsc3Qu
ZGUACgkQD55TZVIEUYMXug//bsbudYEZVq1eInmMx6WJkHpYj1jc/gsNxtQiK00P
dEsUg6GmwrXWcYefEl21hZi8Q7bij0uACmfZ6hxO/PjG1NjElkpUNsZC5WBZMkUg
IiebsdzPr0KfnIZs7yvQfPYW0l9wvnGr8pGvgT+oWLlcHlPxS7+HBb86vlLWFsxO
lxWShN3LhyPndPwItauXIZ4Zux6IonsQQpouJm/P1xcK206d3n9rB2hH45XupI9S
2PhOY6YWfe5wgQN7GgXuMdwnvH+v1M/ELzbiz80aAnlTLQKDsi2n+g2KtYdoJBzD
6pCzHgQDaW6O2XZJKTQ1xgAnIVKKO1GeRVZ2aZrXe588hJMe9JyJmj/uAltUJ0hJ
YoIPZIXcU/Tl9O/4uPvqXgxcTCGCBYwHKQJa3d9krJtjrrUU/Secw57YLW0RLm1K
FkPUSugEAb79l4f5L6dgowLaJwQ7RA+oDfXyvadJNi+Bb6E6PCQcb3rSDINPm4GB
SXwzh2x1WlEVYz/1XaXYDf0YvmDpvTtRfNJmYng+OJscDkzQF8D2Jk5sjRxjUYys
yjwDI++z/L0+iwl/BPIFZM/im+Tl8/MVzgB45pG1k8VBKB5L2a2G9CMty4WGkZSs
rq9XiLbpsGapGoif+nVLoECLLDJmHULqa+wzI04FNpjhWihirqoK2JAV8rQ8MoOo
1LE=
=7/hj
-----END PGP SIGNATURE-----
Merge tag 'configfs-for-5.3' of git://git.infradead.org/users/hch/configfs
Pull configfs fixes from Christoph Hellwig:
"Late configfs fixes from Al that fix pretty nasty removal vs attribute
access races"
* tag 'configfs-for-5.3' of git://git.infradead.org/users/hch/configfs:
configfs: provide exclusion between IO and removals
configfs: new object reprsenting tree fragments
configfs_register_group() shouldn't be (and isn't) called in rmdirable parts
configfs: stash the data we need into configfs_buffer at open time
Including:
* Revert for an Intel VT-d patch that caused problems for some
users.
* Removal of a feature in the Intel VT-d driver that was never
supported in hardware. This qualifies as a fix because the
code for this feature sets reserved bits in the invalidation
queue descriptor, causing failed invalidations on real
hardware.
* Two fixes for AMD IOMMU driver to fix a race condition and to
add a missing IOTLB flush when kernel is booted in kdump mode.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEr9jSbILcajRFYWYyK/BELZcBGuMFAl1ydqsACgkQK/BELZcB
GuMXZg//TbZjRmobBbtk+7yotzYS7S3W9WNcT97T7x+xKluCjh41j5QDRCajHZQI
q+b8Dl0kzvydFOCdS4au7lF9sX/QV0yA20JIxgHQ4RiX5L9C7TAuCzXZxASYwryv
CSHo5dHcIVLtfClW5wIAmo+PPDgQkZV6eY2BnTF1fkked+tf+rpH0MohdafFn9Oy
gXKblNR6NMIDt7QnuhHLqF3/7aU8TVLQsk7zmieqEXxZN6FIEl4OeOADX/2zYjJh
G2YaHGdyG8vvQuKarUMiEADKLMaxM8kfGcDCu0HJeXlz6cLiw3joM2E6V2FvEfTA
25Jwc22784EG2DoosV6HMMGFrYIcMIhb4tXVsSTU2W+mypsPfad2IYk3TrBG9QV3
Lb3AnpqcY79HEE6GtE1D8iX0b0rFIkEwMj7zxIX2najgsOxkNt9C8UnWrIPOtWvs
eEaUFRnA/lKVsXWl09WD5gMboRZqRSMmmQWp0sIKtdscHLo8TmdTPefSPMNDQLG5
odjxg91w/3Rbx11j49AqO6gZ9gpcYGnTBFpIVemC8WGmts6+R9QZ9OnkfWdUxXf2
FKOBaWPYnsoh71pXsz9v9tW4iQPD5+81hR/92Nf8PdFgGgCyOhhf+PtbkFBCbXo5
r40y8jQ21SIHYOF06m3u24DUK+KETvpNHmyS65r5C6yDWPJMoq8=
=SEs8
-----END PGP SIGNATURE-----
Merge tag 'iommu-fixes-v5.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu
Pull IOMMU fixes from Joerg Roedel:
- Revert an Intel VT-d patch that caused problems for some users.
- Removal of a feature in the Intel VT-d driver that was never
supported in hardware. This qualifies as a fix because the code for
this feature sets reserved bits in the invalidation queue descriptor,
causing failed invalidations on real hardware.
- Two fixes for AMD IOMMU driver to fix a race condition and to add a
missing IOTLB flush when kernel is booted in kdump mode.
* tag 'iommu-fixes-v5.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
iommu/amd: Fix race in increase_address_space()
iommu/amd: Flush old domains in kdump kernel
iommu/vt-d: Remove global page flush support
Revert "iommu/vt-d: Avoid duplicated pci dma alias consideration"
- Fix card init for some eMMCs that need retries for CMD6
-----BEGIN PGP SIGNATURE-----
iQJLBAABCgA1FiEEugLDXPmKSktSkQsV/iaEJXNYjCkFAl1yMP4XHHVsZi5oYW5z
c29uQGxpbmFyby5vcmcACgkQ/iaEJXNYjCklcBAAlaHw4FDXLwOzj9O5d1slPK3U
wttFl0REMY8KQSVckIVBbt3jtv3SO6Zb3mDL76ELPJPoooiXLTzjoQXTj0Oxrdv7
E9y96gohFLLioiN5NfNfYNnVyMYUKwZqkFhR+t9DuMofkxW2K1Nh8CRThXpNhowT
TT9B7cXlCyByLp1JyXRzt2A+4fhp/xSAfrD88iiPjBLcaGB8Z7BJT9G//VeIr0Xm
JDLokxw6exyWjUQUATmPNFBeT6vykK26hXYZS4NnXXNlBfSTZpTId7lI3pF3QZrN
RQUAU4oMw8k9Snv+ZNtPKufx86QmpbXBa7Ilzh9Qcpyopn7YiaSEo2hABBcLgJVl
q7v0jr0LfpEzsxiX4rPibrYuJhOg8Hv1eSQtTLMAi4bFJHhhiLR7UVz6DT6MPwnp
VrpUL6kLt9lXwm6sVcUCxiZ3GvQOqs++XJGyR+JWCt1/nJi57UnOX4qbtc8X9IaW
6xfdVn4Vr/jfNJfBtyI1FMo1Aqhg0yWSiGkdag0bwXVHL7UUHS1CVCTYCN8FXMrW
iKqRcriSN+C+5C6pbXtGbCM2O3fwpIas2Mj7hrcoRERMBNa6GGn99si7dWwQPJ1h
6rBnss0g6+17K4yvN09YwYaQixp3bLVmktCCvz+EgUYGrAXAdkOc1WD3TuHnoMQI
cjOxBinCiPDUyRUm9/A=
=jpf+
-----END PGP SIGNATURE-----
Merge tag 'mmc-v5.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc
Pull MMC fix from Ulf Hansson:
"Revert in order to fix card init for some eMMCs that need retries for
CMD6"
* tag 'mmc-v5.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
Revert "mmc: core: do not retry CMD6 in __mmc_switch()"
nouveau:
- add missing MODULE_FIRMWARE definitions
igenic:
- hardcode panel type DPI
vmwgfx:
- double free fix
core:
- command line mode parser fixes
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJdcgYAAAoJEAx081l5xIa+Td4QAKUcxyaAMbAjJde49nsrWQvY
pyLdNLLDmE3xBPCetERn8QMgGr9K4c0mcVZ2deWVU/WS10BWEe5T0JlwfTqH7VnH
rmCWh5dJiHCN9sjcoM9XbOJGbOiO6b0vNd4SMwHtMLfdeIHWHJovPhsfbD89NSux
NxYQRYh9l1+vsbJC6kznAi/9Itg4xQ6BCeGFgq/vJjRA23E6+D7lKeZK9cykEV7Q
fevjePoFtdmuzurbWS8gEWF/1mBTp7beAUTJYn5hdh3mj4HXtrmy71XaCwzj1nqd
ssn3tOmmIvTmqvoU3aR7WbOsHIiaynU0HGh4sAUoZ8BLbuk6LtqGtGSuXrevYtS0
q2QYCL0fSd2qUP64zz/hQAF0Pbfw0kUoyec/AQdVl+0Uk4rcrtLmpYNsw/2l2fKZ
t5rq1quZ5FnD2GSNSi308ZhmHhjlluQzsd4oezYZndIiIG9mEPGfgrlvfWJqiFO4
MAvVhP/NilvUnTvocVZtDe+kU3WGeqOUKK5T4aKaQeR1pbh4YF5aJpAoiOHtMldq
W9Dm4sXu2PSdCzFl77k9QJ7XrUC9/dlr2SZ69K7G49LKTraVaQfNeXgvSftYKjWk
eO8Kxk9QvGFdtwr2K5AOHOCcBtOQOl5l8RmrgAr9nGe3OZRP4+Bc1EEhYaTFdc6n
EVIZe4yo/G8yX52/wR6L
=dOSF
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-2019-09-06' of git://anongit.freedesktop.org/drm/drm
Pull drm fixes from Dave Airlie:
"Live from my friend's couch in Barcelona, latest round of drm fixes.
The command line parser regression fixes look a bit larger because
they come with selftests included for the bugs they fix. Otherwise a
single nouveau, single ingenic and single vmwgfx fix:
nouveau:
- add missing MODULE_FIRMWARE definitions
igenic:
- hardcode panel type DPI
vmwgfx:
- double free fix
core:
- command line mode parser fixes"
* tag 'drm-fixes-2019-09-06' of git://anongit.freedesktop.org/drm/drm:
drm/vmwgfx: Fix double free in vmw_recv_msg()
drm/nouveau/sec2/gp102: add missing MODULE_FIRMWAREs
drm/selftests: modes: Add more unit tests for the cmdline parser
drm/modes: Introduce a whitelist for the named modes
drm/modes: Fix the command line parser to take force options into account
drm/modes: Add a switch to differentiate free standing options
drm/ingenic: Hardcode panel type to DPI
A couple of last minute bugfixes. And a revert of a failed attempt at
metadata access optimization - we'll try again in the next cycle.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
iQEcBAABAgAGBQJdb6MSAAoJECgfDbjSjVRpWq0IALJqn4RTQJiFUg4pa6qV1Uxb
DJtHCmYhW+m9VB+5gmKJ9ugFcBbdbSEy81kwrc6lKywTttevk+whrlRry49ufbMx
htoRFGG4gm2RgmXNkV92RQwrz0ajtG0hjm3/Gaxi2OzOudpB4/DJnUcXJKEa2UvD
qAH4n9SN6QXQ6zfU20EvNyA0++RwIkg9xx0r5IZ8eddOlS5tqFasr7TkMBr7Tj9V
a1QkCVGfCDUBpthMwrOuJpYkTWf2vRyarqWUvxsJbFqyECossHIYM7EWGu8apFYW
pbQbn8bXVNNJoA8ERmCkiptHQALK8qeONu0MOarnDVRXvGni4OHTuXJfMYyCkEY=
=RqIf
-----END PGP SIGNATURE-----
Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost
Pull virtio fixes from Michael Tsirkin:
"virtio, vhost, and balloon bugfixes.
A couple of last minute bugfixes. And a revert of a failed attempt at
metadata access optimization - we'll try again in the next cycle"
* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
mm/balloon_compaction: suppress allocation warnings
Revert "vhost: access vq metadata through kernel virtual address"
vhost: Remove unnecessary variable
virtio-net: lower min ring num_free for efficiency
vhost/test: fix build for vhost test
vhost/test: fix build for vhost test
The commit 3764137906 ("drm/modes: Introduce a whitelist for the named
modes") introduced a whitelist in the named modes lookup code in order to
be a bit more robust.
However, even though the char pointers were made const, the array itself
was not. Let's fix that.
Fixes: 3764137906 ("drm/modes: Introduce a whitelist for the named modes")
Suggested-by: Jani Nikula <jani.nikula@linux.intel.com>
Reviewed-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Maxime Ripard <mripard@kernel.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20190906074614.30608-1-mripard@kernel.org
One fix for a boot hang on some Freescale machines when PREEMPT is enabled.
Two CVE fixes for bugs in our handling of FP registers and transactional memory,
both of which can result in corrupted FP state, or FP state leaking between
processes.
Thanks to:
Chris Packham, Christophe Leroy, Gustavo Romero, Michael Neuling.
-----BEGIN PGP SIGNATURE-----
iQJHBAABCAAxFiEEJFGtCPCthwEv2Y/bUevqPMjhpYAFAl1x06oTHG1wZUBlbGxl
cm1hbi5pZC5hdQAKCRBR6+o8yOGlgCZzD/90EyaWJVS8WPZopoIdnuOfB/F7EZFY
Lhgd640S1p4o8BUZaQ1T19JOzp6HlO38myOptBufY0BsIJW0M2GwngnBPzSPW8r7
ImTTf5cU0CDe2m3OJdfBrVpnGmUsmoWxwrsFJZ9wbsXhCwbbUzOUuxD/B9wBIGi/
sPpTlaYZBhu3cKs9EWPKAODJhtEf55Q1c62gftfj8Y5u8uxQGinYInCghAUr+3Zv
uCw1CSxOV7yGxfgc1sbOptidOiG4Pljw4EDCUFLpjWTYgPVERASbPHs3C4xuAHGq
IYuNDUJbwrxMU9BKLFzvL4MKWa5XtzLE34oY8SuyyVAbIQTszgCn2rIwlJXH88PO
UtId9accmS+dy2lRI+90dC0qeTgUUIZXS1NF0cl5YNRN0TlMyjHL2/sRxCZF2svF
EaGNjTQLAsfX0ccO9xQr8+KBSfFURMEkO8QQAR0lzJmIgbvSuzfjlZpbcYd2Nqfe
EiYU4GeAQSn14vi0ZMdRWxc1rki9pPhGkrUwToDALsiEedRB03olM955uecf7fra
S8MzHFBYh8Apd/lsAj53uAbL2rIHDJ5+6/eezYp7bRbo6FlvWDs9kmYTX3p3ixq1
Q4gDHfbwnWxxhjUBri5QNZF9YHgkyGPURGpIbdXk9R4Hc7ihQWwDBcSrueca51Ug
m97SLF5/+yWx0A==
=C+wa
-----END PGP SIGNATURE-----
Merge tag 'powerpc-5.3-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
Pull powerpc fixes from Michael Ellerman:
"One fix for a boot hang on some Freescale machines when PREEMPT is
enabled.
Two CVE fixes for bugs in our handling of FP registers and
transactional memory, both of which can result in corrupted FP state,
or FP state leaking between processes.
Thanks to: Chris Packham, Christophe Leroy, Gustavo Romero, Michael
Neuling"
* tag 'powerpc-5.3-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
powerpc/tm: Fix restoring FP/VMX facility incorrectly on interrupts
powerpc/tm: Fix FP/VMX unavailable exceptions inside a transaction
powerpc/64e: Drop stale call to smp_processor_id() which hangs SMP startup
Fourth set of fixes for 5.3, and hopefully really the last one. Quite
a few CVE fixes this time but at least to my knowledge none of them
have a known exploit.
mt76
* workaround firmware hang by disabling hardware encryption on MT7630E
* disable 5GHz band for MT7630E as it's not working properly
mwifiex
* fix IE parsing to avoid a heap buffer overflow
iwlwifi
* fix for QuZ device initialisation
rt2x00
* another fix for rekeying
* revert a commit causing degradation in rx signal levels
rsi
* fix a double free
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJdcRNmAAoJEG4XJFUm622bGicIAINfu1/7FcDXXEcBmA3ySXM+
VwH9+RF/pW+2bzlPDDFD97i9F6E/9cLnJyJBk0ESpXmdBBRuMw5jQnhpcVUAx7+z
q/Xr5YUyqQYR86HK3UISvF2cgZtern/zhArJL4KJIyzYNX6iHxB8ApGGPHntU5vv
3zdIWqGMWcYpD2IGBs1IPQqn0q3LL/LigZ5v4WMoFNgCVmPfGcjaLFdaiwG/xDFU
2sduxv0hT+JqAbqjDBC/LWCeUGN3W55MEmgGZBjTDuZWZGn+obLcvOLbxJWpSM0d
By3j1FpJ4bEDntvlxdobkjFUcQAWSkvDXXS89b2j1uKEDQ0/MFkj+0QA6dx/bmI=
=0uUN
-----END PGP SIGNATURE-----
Merge tag 'wireless-drivers-for-davem-2019-09-05' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers
Kalle Valo says:
====================
wireless-drivers fixes for 5.3
Fourth set of fixes for 5.3, and hopefully really the last one. Quite
a few CVE fixes this time but at least to my knowledge none of them
have a known exploit.
mt76
* workaround firmware hang by disabling hardware encryption on MT7630E
* disable 5GHz band for MT7630E as it's not working properly
mwifiex
* fix IE parsing to avoid a heap buffer overflow
iwlwifi
* fix for QuZ device initialisation
rt2x00
* another fix for rekeying
* revert a commit causing degradation in rx signal levels
rsi
* fix a double free
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
I am maintaining xilinx axiethernet driver in xilinx tree and would like
to maintain it in the mainline kernel as well. Hence adding myself as a
maintainer. Also Anirudha and John has moved to new roles, so based on
request removing them from the maintainer list.
Signed-off-by: Radhey Shyam Pandey <radhey.shyam.pandey@xilinx.com>
Acked-by: John Linn <john.linn@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Whenever MQ is not used on a multiqueue device, we experience
serious reordering problems. Bisection found the cited
commit.
The issue can be described this way :
- A single qdisc hierarchy is shared by all transmit queues.
(eg : tc qdisc replace dev eth0 root fq_codel)
- When/if try_bulk_dequeue_skb_slow() dequeues a packet targetting
a different transmit queue than the one used to build a packet train,
we stop building the current list and save the 'bad' skb (P1) in a
special queue. (bad_txq)
- When dequeue_skb() calls qdisc_dequeue_skb_bad_txq() and finds this
skb (P1), it checks if the associated transmit queues is still in frozen
state. If the queue is still blocked (by BQL or NIC tx ring full),
we leave the skb in bad_txq and return NULL.
- dequeue_skb() calls q->dequeue() to get another packet (P2)
The other packet can target the problematic queue (that we found
in frozen state for the bad_txq packet), but another cpu just ran
TX completion and made room in the txq that is now ready to accept
new packets.
- Packet P2 is sent while P1 is still held in bad_txq, P1 might be sent
at next round. In practice P2 is the lead of a big packet train
(P2,P3,P4 ...) filling the BQL budget and delaying P1 by many packets :/
To solve this problem, we have to block the dequeue process as long
as the first packet in bad_txq can not be sent. Reordering issues
disappear and no side effects have been seen.
Fixes: a53851e2c3 ("net: sched: explicit locking in gso_cpu fallback")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: John Fastabend <john.fastabend@gmail.com>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Steffen Klassert says:
====================
pull request (net): ipsec 2019-09-05
1) Several xfrm interface fixes from Nicolas Dichtel:
- Avoid an interface ID corruption on changelink.
- Fix wrong intterface names in the logs.
- Fix a list corruption when changing network namespaces.
- Fix unregistation of the underying phydev.
2) Fix a potential warning when merging xfrm_plocy nodes.
From Florian Westphal.
Please pull or let me know if there are problems.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
When testing with a background iperf pushing 1Gbit/sec traffic and running
both ifconfig and netstat to collect statistics, some deadlocks occurred.
Ifconfig and netstat will call nv_get_stats64 to get software xmit/recv
statistics. In the commit f5d827aece ("forcedeth: implement
ndo_get_stats64() API"), the normal tx/rx variables is to collect tx/rx
statistics. The fix is to replace normal tx/rx variables with per
cpu 64-bit variable to collect xmit/recv statistics. The per cpu variable
will avoid deadlocks and provide fast efficient statistics updates.
In nv_probe, the per cpu variable is initialized. In nv_remove, this
per cpu variable is freed.
In xmit/recv process, this per cpu variable will be updated.
In nv_get_stats64, this per cpu variable on each cpu is added up. Then
the driver can get xmit/recv packets statistics.
A test runs for several days with this commit, the deadlocks disappear
and the performance is better.
Tested:
- iperf SMP x86_64 ->
Client connecting to 1.1.1.108, TCP port 5001
TCP window size: 85.0 KByte (default)
------------------------------------------------------------
[ 3] local 1.1.1.105 port 38888 connected with 1.1.1.108 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-10.0 sec 1.10 GBytes 943 Mbits/sec
ifconfig results:
enp0s9 Link encap:Ethernet HWaddr 00:21:28:6f:de:0f
inet addr:1.1.1.105 Bcast:0.0.0.0 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5774764531 errors:0 dropped:0 overruns:0 frame:0
TX packets:633534193 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7646159340904 (7.6 TB) TX bytes:11425340407722 (11.4 TB)
netstat results:
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
...
enp0s9 1500 0 5774764531 0 0 0 633534193 0 0 0 BMRU
...
Fixes: f5d827aece ("forcedeth: implement ndo_get_stats64() API")
CC: Joe Jin <joe.jin@oracle.com>
CC: JUNXIAO_BI <junxiao.bi@oracle.com>
Reported-and-tested-by: Nan san <nan.1986san@gmail.com>
Signed-off-by: Zhu Yanjun <yanjun.zhu@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
NETDEV_TX_BUSY really should only be used by drivers that call
netif_tx_stop_queue() at the wrong moment. If dma_map_single() is
failed to map tx DMA buffer, it might trigger an infinite loop.
This patch use NETDEV_TX_OK instead of NETDEV_TX_BUSY, and change
printk to pr_err_ratelimited.
Fixes: d9fb9f3842 ("*sonic/natsemi/ns83829: Move the National Semi-conductor drivers")
Signed-off-by: Mao Wenan <maowenan@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
When booting with ACPI, the Geni Serial Engine is not set as the I2C/SPI
parent and thus, the wrapper (parent device) is unassigned. This causes
the kernel to crash with a null dereference error.
Link: https://lore.kernel.org/r/20190905082555.15020-1-lee.jones@linaro.org
Fixes: 8bc529b253 ("soc: qcom: geni: Add support for ACPI")
Acked-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Reviewed-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
After the conversion to lock-less dma-api call the
increase_address_space() function can be called without any
locking. Multiple CPUs could potentially race for increasing
the address space, leading to invalid domain->mode settings
and invalid page-tables. This has been happening in the wild
under high IO load and memory pressure.
Fix the race by locking this operation. The function is
called infrequently so that this does not introduce
a performance regression in the dma-api path again.
Reported-by: Qian Cai <cai@lca.pw>
Fixes: 256e4621c2 ('iommu/amd: Make use of the generic IOVA allocator')
Signed-off-by: Joerg Roedel <jroedel@suse.de>
When devices are attached to the amd_iommu in a kdump kernel, the old device
table entries (DTEs), which were copied from the crashed kernel, will be
overwritten with a new domain number. When the new DTE is written, the IOMMU
is told to flush the DTE from its internal cache--but it is not told to flush
the translation cache entries for the old domain number.
Without this patch, AMD systems using the tg3 network driver fail when kdump
tries to save the vmcore to a network system, showing network timeouts and
(sometimes) IOMMU errors in the kernel log.
This patch will flush IOMMU translation cache entries for the old domain when
a DTE gets overwritten with a new domain number.
Signed-off-by: Stuart Hayes <stuart.w.hayes@gmail.com>
Fixes: 3ac3e5ee5e ('iommu/amd: Copy old trans table from old kernel')
Signed-off-by: Joerg Roedel <jroedel@suse.de>
The last change to this Makefile caused relocation errors when loading
a kdump kernel. Restore -mcmodel=large (not -mcmodel=kernel),
-ffreestanding, and -fno-zero-initialized-bsss, without reverting to
the former practice of resetting KBUILD_CFLAGS.
Purgatory.ro is a standalone binary that is not linked against the
rest of the kernel. Its image is copied into an array that is linked
to the kernel, and from there kexec relocates it wherever it desires.
With the previous change to compiler flags, the error "kexec: Overflow
in relocation type 11 value 0x11fffd000" was encountered when trying
to load the crash kernel. This is from kexec code trying to relocate
the purgatory.ro object.
From the error message, relocation type 11 is R_X86_64_32S. The
x86_64 ABI says:
"The R_X86_64_32 and R_X86_64_32S relocations truncate the
computed value to 32-bits. The linker must verify that the
generated value for the R_X86_64_32 (R_X86_64_32S) relocation
zero-extends (sign-extends) to the original 64-bit value."
This type of relocation doesn't work when kexec chooses to place the
purgatory binary in memory that is not reachable with 32 bit
addresses.
The compiler flag -mcmodel=kernel allows those type of relocations to
be emitted, so revert to using -mcmodel=large as was done before.
Also restore the -ffreestanding and -fno-zero-initialized-bss flags
because they are appropriate for a stand alone piece of object code
which doesn't explicitly zero the bss, and one other report has said
undefined symbols are encountered without -ffreestanding.
These identical compiler flag changes need to happen for every object
that becomes part of the purgatory.ro object, so gather them together
first into PURGATORY_CFLAGS_REMOVE and PURGATORY_CFLAGS, and then
apply them to each of the objects that have C source. Do not apply
any of these flags to kexec-purgatory.o, which is not part of the
standalone object but part of the kernel proper.
Tested-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
Tested-by: Andreas Smas <andreas@lonelycoder.com>
Signed-off-by: Steve Wahl <steve.wahl@hpe.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: None
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: clang-built-linux@googlegroups.com
Cc: dimitri.sivanich@hpe.com
Cc: mike.travis@hpe.com
Cc: russ.anderson@hpe.com
Fixes: b059f801a9 ("x86/purgatory: Use CFLAGS_REMOVE rather than reset KBUILD_CFLAGS")
Link: https://lkml.kernel.org/r/20190905202346.GA26595@swahl-linux
Signed-off-by: Ingo Molnar <mingo@kernel.org>
- Make ingenic panel type DPI insteado f unknown.
- Fixes for command line parser modes.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEuXvWqAysSYEJGuVH/lWMcqZwE8MFAl1xOnsACgkQ/lWMcqZw
E8O5Gw//fo85tbQwbKH59QwT96oZ/r7DWchQpLz8EJDfxbHgSeAhu6xgJaB/DZ6+
Hqp091OIFHuufXW5Xl7teXixs67ChLrtJc2iokA/RbMnLt7xWtSbf4w1Y3nYJ/p+
kG2kfvjimGQDMB3WL+gUpaRXBD2adc7S0EFsf4VVhVw1CfHG8RYrARtsPMV7SCox
F3d+J6ZHj2zyTZuSeDDg11N/bPrNTLKV7/cCX/cg5hKdDBkK0jfyLMwMqGB6Nd1D
s2kMyjqL7HEJpf6cXTqpWd/Du5fUgKi7sX7UWtW6vyd0IUnCWOUNmY4uRgKFRf2O
YeTH+Qt5gfBdg4vUe4iZLiILfgS9N2p806v3yMQodrXWD47DrXD1NFEQNq0AfIUV
nfyaccU1cgoBts/m9vJOOFgZGu8+b5YCVTdtgUi96o7P4+XZcy/85nE4c/c0fBUK
D30tlrCzqv9zrhotf60atN/eqbiMW4wJycSk4QNx1kFb8R9+ZzQvQN7FfZkO4oiU
qzO9c3fmE7qeHZdAm5g9OzamjOIw5esj7L0kEhczZ/9MU7XnJz2eKrE3SxhT3mdf
r2l5K02q0GZ54KmmhScVOeVAI8B/Fp0An3r7vpsIumPevtgQfLHcj88iT9Q23wZz
y5L9eS77DeZiJftcQB6FzGQ810bl9O24nNByW3+yu46SX+hfLS8=
=cZhy
-----END PGP SIGNATURE-----
Merge tag 'drm-misc-fixes-2019-09-05' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes
drm-misc-fixes for v5.3 final:
- Make ingenic panel type DPI insteado f unknown.
- Fixes for command line parser modes.
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/606d87b2-1840-c893-eb30-d6c471c9e50a@linux.intel.com
If we disable the compiler's auto-initialization feature, if
-fplugin-arg-structleak_plugin-byref or -ftrivial-auto-var-init=pattern
are disabled, arch_hw_breakpoint may be used before initialization after:
9a4903dde2 ("perf/hw_breakpoint: Split attribute parse and commit")
On our ARM platform, the struct step_ctrl in arch_hw_breakpoint, which
used to be zero-initialized by kzalloc(), may be used in
arch_install_hw_breakpoint() without initialization.
Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Alix Wu <alix.wu@mediatek.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: YJ Chiang <yj.chiang@mediatek.com>
Link: https://lkml.kernel.org/r/20190906060115.9460-1-mark-pk.tsai@mediatek.com
[ Minor edits. ]
Signed-off-by: Ingo Molnar <mingo@kernel.org>
If a request_key authentication token key gets revoked, there's a window in
which request_key_auth_describe() can see it with a NULL payload - but it
makes no check for this and something like the following oops may occur:
BUG: Kernel NULL pointer dereference at 0x00000038
Faulting instruction address: 0xc0000000004ddf30
Oops: Kernel access of bad area, sig: 11 [#1]
...
NIP [...] request_key_auth_describe+0x90/0xd0
LR [...] request_key_auth_describe+0x54/0xd0
Call Trace:
[...] request_key_auth_describe+0x54/0xd0 (unreliable)
[...] proc_keys_show+0x308/0x4c0
[...] seq_read+0x3d0/0x540
[...] proc_reg_read+0x90/0x110
[...] __vfs_read+0x3c/0x70
[...] vfs_read+0xb4/0x1b0
[...] ksys_read+0x7c/0x130
[...] system_call+0x5c/0x70
Fix this by checking for a NULL pointer when describing such a key.
Also make the read routine check for a NULL pointer to be on the safe side.
[DH: Modified to not take already-held rcu lock and modified to also check
in the read routine]
Fixes: 04c567d931 ("[PATCH] Keys: Fix race between two instantiators of a key")
Reported-by: Sachin Sant <sachinp@linux.vnet.ibm.com>
Signed-off-by: Hillf Danton <hdanton@sina.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Sachin Sant <sachinp@linux.vnet.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The following crash was observed:
Unable to handle kernel NULL pointer dereference at 0000000000000158
Internal error: Oops: 96000004 [#1] SMP
pc : resend_irqs+0x68/0xb0
lr : resend_irqs+0x64/0xb0
...
Call trace:
resend_irqs+0x68/0xb0
tasklet_action_common.isra.6+0x84/0x138
tasklet_action+0x2c/0x38
__do_softirq+0x120/0x324
run_ksoftirqd+0x44/0x60
smpboot_thread_fn+0x1ac/0x1e8
kthread+0x134/0x138
ret_from_fork+0x10/0x18
The reason for this is that the interrupt resend mechanism happens in soft
interrupt context, which is a asynchronous mechanism versus other
operations on interrupts. free_irq() does not take resend handling into
account. Thus, the irq descriptor might be already freed before the resend
tasklet is executed. resend_irqs() does not check the return value of the
interrupt descriptor lookup and derefences the return value
unconditionally.
1):
__setup_irq
irq_startup
check_irq_resend // activate softirq to handle resend irq
2):
irq_domain_free_irqs
irq_free_descs
free_desc
call_rcu(&desc->rcu, delayed_free_desc)
3):
__do_softirq
tasklet_action
resend_irqs
desc = irq_to_desc(irq)
desc->handle_irq(desc) // desc is NULL --> Ooops
Fix this by adding a NULL pointer check in resend_irqs() before derefencing
the irq descriptor.
Fixes: a4633adcdb ("[PATCH] genirq: add genirq sw IRQ-retrigger")
Signed-off-by: Yunfeng Ye <yeyunfeng@huawei.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/1630ae13-5c8e-901e-de09-e740b6a426a7@huawei.com
A collection of small HD-audio fixes:
- A regression fix for Realtek codecs due to the recent initialization
procedure change
- A fix for potential endless loop at the quirk table lookup
- Quirks for Lenovo, ASUS and HP machines
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAl1xCjYOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE9WChAAiCWz7aBTrLz4fxj/t/QC2mADXgulrKBlP4qt
ACMcxnZdwyJUDw5d38BH8/ATPPzzrhExtUKcAJ9rkzEjyLB3GfhfnAsPW5bCl9Mv
XPZp55b7Tju6WotKwkNWVDSXfGexlEmVVW67+JkjyNtK5kAIwc7TTP3aMawQ7acv
Gpsu7TSyXaqQax8GdVUuVypQB/PVR7ow6yW+7uz46jeeZiNIdbuZj2Mo7WawgCnz
lJDjOFbsJyI/Oa1ZkNI1RrN4UkLvtqawh+qnUJJ2k4KLJdDpo5Q2oHZqokxWnDxT
fzbHRB00MAjjA4bg2LiRhkdb0+9AV/fl5bf5DnMCExaE+rzDH5avmnjwQBJ1R6SK
u9Ca1pPpMcbn352mibkqdFG8l0BwKUtPX/x60HyRtA0Mzel9Bi3nshjrUzQ/11Y4
cqwiVbxw4k0jPvm97xElFWusraspLb7ehCHsap+0Y5irDl1IcvE6+16cqKivIeof
DVYZ0KW8EKPa0ULF3PEMRBqBWeJspX8zu65em89HiQv2G6wLb7cARx6nuO9ItiTn
JMx9bo3aMe3xe5a+DpBXECGw3V7snsMhTNNW7b9so2aKgbw6yfdJvEz0hYqEqMcM
u9ef6F50WayPe4dreV9Ed5+mjjAXMxrExjzOLzYeAOCUlFaVw7PXW4UE5L7xn1Lj
bCuMAtY=
=SHx5
-----END PGP SIGNATURE-----
Merge tag 'sound-5.3-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"A collection of small HD-audio fixes:
- A regression fix for Realtek codecs due to the recent
initialization procedure change
- A fix for potential endless loop at the quirk table lookup
- Quirks for Lenovo, ASUS and HP machines"
* tag 'sound-5.3-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre
ALSA: hda/realtek - Enable internal speaker & headset mic of ASUS UX431FL
ALSA: hda/realtek - Add quirk for HP Pavilion 15
ALSA: hda/realtek - Fix overridden device-specific initialization
ALSA: hda - Fix potential endless loop at applying quirks
Pull x86 fixes from Ingo Molnar:
"Misc fixes:
- EFI boot fix for signed kernels
- an AC flags fix related to UBSAN
- Hyper-V infinite loop fix"
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/hyper-v: Fix overflow bug in fill_gva_list()
x86/uaccess: Don't leak the AC flags into __get_user() argument evaluation
x86/boot: Preserve boot_params.secure_boot from sanitizing
Pull scheduler fixes from Ingo Molnar:
"This fixes an ABI bug introduced this cycle, plus fixes a throttling
bug"
* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
sched/core: Fix uclamp ABI bug, clean up and robustify sched_read_attr() ABI logic and code
sched/fair: Don't assign runtime for throttled cfs_rq
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEPjU5OPd5QIZ9jqqOGXyLc2htIW0FAl1wAawACgkQGXyLc2ht
IW18Kw//bBBF1AfQ1PQUITjC11r+bNZIavCIK/DogL4Q68Oa7byhUX9zoKCpZMKz
YkRFQ3QRQ+IiIr88GuSzkeMktqNgN4cu1mvcc544uw7T6FVMaXe8HhPm89kAXJgu
ABHn3mhpv9ziTMZCVeTtdgV28FtF3PnkJ93ul8+4y260JaY/Zx3x0pp6aVX+UkCZ
82V5zGu1B4jF2eqXjBTvj2ZwfSFXRiiFWswswBZZhiyFecv4VZ9xFnD5aR4DCbWy
yOsejXdU8h94nnm91Bt90qR2aqrGHpEWsKAyopqM8pXU1ZmMjB+qvrgbcDFqt3RC
lsK8DHK3WVbwwPN6UnFkysVy3QTP9Ru2ih6ZQA+bhb+//VGen/BXLW3NRauJqwqi
4FF3OCvUO6d2ZHWvA69KNF6PRFBXRbxuFLFpaHXlPEOr8R4y03mEXqk375e6DH++
ZvOQQ5r1FFSUoE4tZYgeftZF9mYdkcZgJs0FS5C9YzzrEAGQB0ZunlOftuw0NgOV
ZxjN1rHMF1eoFKYOgWIlI+xZc83G6ZWWdEy7yw3qcM/4ymtPfLYf+sWzFxyA5ylF
VXt6zuRP5y+0JQi2o5t/5nBmCD4uDie31yRcAqv0uo+cRH11pw5KUXt8TV5rCLnZ
qBaWX817U51qHq3rLmp5tvaxX/Yyz3Mj4hi9eppddjUQLAQlWu4=
=Q7CS
-----END PGP SIGNATURE-----
Merge tag 'clang-format-for-linus-v5.3-rc8' of git://github.com/ojeda/linux
Pull clang-format update from Miguel Ojeda:
"Update with the latest for_each macro list"
* tag 'clang-format-for-linus-v5.3-rc8' of git://github.com/ojeda/linux:
clang-format: Update with the latest for_each macro list
* RZ/G2M based HiHope main board
- Re-enabled accidently disabled SDHI3 (eMMC) support
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE4nzZofWswv9L/nKF189kaWo3T74FAl1w1ksACgkQ189kaWo3
T75WQBAAoPH+Gt2LUEhfya7cVbCEVAX6kkbVh5qSwmaGG3ZF3jBFlCZBaORQh4LA
Ymm/WGWA9hzamNTDeGH0cePKN1QGGNRy4Z9ICxt8+uDiaCFJilKLD3q3wq0NVNRY
SvepE82KYn3CVXL+3pZAi4za2VbJqSSFBWyTrEURXLmOjWdmg0IsARbW5JDgcCwY
NPK4Ohc2GKdIMtGagDZ3EzkeU7f0N2sbyMqSKbe/AXhI3qF8FTiR0Lmj7ik4HAay
UXLV/IPlupN+cTY4QW6PzziTZ1A2drrYigO5H9QFoyvSRyHswiXAN/36QYPx5Lir
i/PH7+x9CxkSM42h1ujLURxdlhUfV6pErSMhcp9BBJRhVhrz0BDRSmuiBOzmN3xi
eDPC/gc66KXv4rTMOYXb12WfT59O6dVXKaGQVYMFWqO3hf2Y6Uo6SWg07JGjvdNQ
Oapi2oJPWVOV2xPZMQuAqTffnUYJekdkLrjrEUUaWV7Gip+3mXILNWiJOGVZ4j8/
Z2/yEYpJdSnhRiaZemvNDqcbR1spnOsxlBQKaWvC2Q2DOUb694Fp1cfAOJ5+XoQA
wlddZYujZj0mnZ557rOQbWOxAxkwdzBl8tgLQ5fnRFrtmqHLTHnOhXiFuz6cPM3e
tfihOemfp3wJUb1QZuELHaAKcTDcwIwhIjqV7jc//sAOIUcG/Fg=
=rBep
-----END PGP SIGNATURE-----
Merge tag 'renesas-fixes2-for-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas into arm/fixes
Second Round of Renesas ARM Based SoC Fixes for v5.3
* RZ/G2M based HiHope main board
- Re-enabled accidently disabled SDHI3 (eMMC) support
* tag 'renesas-fixes2-for-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas:
arm64: dts: renesas: hihope-common: Fix eMMC status
Link: https://lore.kernel.org/r/cover.1567675986.git.horms+renesas@verge.net.au
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
We recently added a kfree() after the end of the loop:
if (retries == RETRIES) {
kfree(reply);
return -EINVAL;
}
There are two problems. First the test is wrong and because retries
equals RETRIES if we succeed on the last iteration through the loop.
Second if we fail on the last iteration through the loop then the kfree
is a double free.
When you're reading this code, please note the break statement at the
end of the while loop. This patch changes the loop so that if it's not
successful then "reply" is NULL and we can test for that afterward.
Cc: <stable@vger.kernel.org>
Fixes: 6b7c3b86f0 ("drm/vmwgfx: fix memory leak when too many retries have occurred")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
The problem can be seen in the following two tests:
0: (bf) r3 = r10
1: (55) if r3 != 0x7b goto pc+0
2: (7a) *(u64 *)(r3 -8) = 0
3: (79) r4 = *(u64 *)(r10 -8)
..
0: (85) call bpf_get_prandom_u32#7
1: (bf) r3 = r10
2: (55) if r3 != 0x7b goto pc+0
3: (7b) *(u64 *)(r3 -8) = r0
4: (79) r4 = *(u64 *)(r10 -8)
When backtracking need to mark R4 it will mark slot fp-8.
But ST or STX into fp-8 could belong to the same block of instructions.
When backtracing is done the parent state may have fp-8 slot
as "unallocated stack". Which will cause verifier to warn
and incorrectly reject such programs.
Writes into stack via non-R10 register are rare. llvm always
generates canonical stack spill/fill.
For such pathological case fall back to conservative precision
tracking instead of rejecting.
Reported-by: syzbot+c8d66267fd2b5955287e@syzkaller.appspotmail.com
Fixes: b5dc0163d8 ("bpf: precise scalar_value tracking")
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
When creating a v4 route that uses a v6 nexthop from a nexthop group.
Allow the kernel to properly send the nexthop as v6 via the RTA_VIA
attribute.
Broken behavior:
$ ip nexthop add via fe80::9 dev eth0
$ ip nexthop show
id 1 via fe80::9 dev eth0 scope link
$ ip route add 4.5.6.7/32 nhid 1
$ ip route show
default via 10.0.2.2 dev eth0
4.5.6.7 nhid 1 via 254.128.0.0 dev eth0
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15
$
Fixed behavior:
$ ip nexthop add via fe80::9 dev eth0
$ ip nexthop show
id 1 via fe80::9 dev eth0 scope link
$ ip route add 4.5.6.7/32 nhid 1
$ ip route show
default via 10.0.2.2 dev eth0
4.5.6.7 nhid 1 via inet6 fe80::9 dev eth0
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15
$
v2, v3: Addresses code review comments from David Ahern
Fixes: dcb1ecb50e (“ipv4: Prepare for fib6_nh from a nexthop object”)
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Reviewed-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David Ahern says:
====================
nexthops: Fix multipath notifications for IPv6 and selftests
A couple of bug fixes noticed while testing Donald's patch.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Cleanups of the tests in fib_nexthops.sh
1. Several tests noted unexpected route output, but the
discrepancy was not showing in the summary output and
overlooked in the verbose output. Add a WARNING message
to the summary output to make it clear a test is not showing
expected output.
2. Several check_* calls are missing extra data like scope and metric
causing mismatches when the nexthops or routes are correct - some of
them are a side effect of the evolving iproute2 command. Update the
data to the expected output.
3. Several check_routes are checking for the wrong nexthop data,
most likely a copy-paste-update error.
4. A couple of tests were re-using a nexthop id that already existed.
Fix those to use a new id.
Fixes: 6345266a99 ("selftests: Add test cases for nexthop objects")
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
A change to the core nla helpers was missed during the push of
the nexthop changes. rt6_fill_node_nexthop should be calling
nla_nest_start_noflag not nla_nest_start. Currently, iproute2
does not print multipath data because of parsing issues with
the attribute.
Fixes: f88d8ea67f ("ipv6: Plumb support for nexthop object in a fib6_info")
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Trilok Soni