David S. Miller [Sat, 15 Aug 2020 00:12:23 +0000 (17:12 -0700)]
Merge git://git./pub/scm/linux/kernel/git/bpf/bpf
Daniel Borkmann says:
====================
pull-request: bpf 2020-08-15
The following pull-request contains BPF updates for your *net* tree.
We've added 23 non-merge commits during the last 4 day(s) which contain
a total of 32 files changed, 421 insertions(+), 141 deletions(-).
The main changes are:
1) Fix sock_ops ctx access splat due to register override, from John Fastabend.
2) Batch of various fixes to libbpf, bpftool, and selftests when testing build
in 32-bit mode, from Andrii Nakryiko.
3) Fix vmlinux.h generation on ARM by mapping GCC built-in types (__Poly*_t)
to equivalent ones clang can work with, from Jean-Philippe Brucker.
4) Fix build_id lookup in bpf_get_stackid() helper by walking all NOTE ELF
sections instead of just first, from Jiri Olsa.
5) Avoid use of __builtin_offsetof() in libbpf for CO-RE, from Yonghong Song.
6) Fix segfault in test_mmap due to inconsistent length params, from Jianlin Lv.
7) Don't override errno in libbpf when logging errors, from Toke Høiland-Jørgensen.
8) Fix v4_to_v6 sockaddr conversion in sk_lookup test, from Stanislav Fomichev.
9) Add link to bpf-helpers(7) man page to BPF doc, from Joe Stringer.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Fugang Duan [Thu, 13 Aug 2020 07:13:14 +0000 (15:13 +0800)]
net: fec: correct the error path for regulator disable in probe
Correct the error path for regulator disable.
Fixes:
9269e5560b26 ("net: fec: add phy-reset-gpios PROBE_DEFER check")
Signed-off-by: Fugang Duan <fugang.duan@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Nivedita Singhvi [Thu, 13 Aug 2020 05:10:05 +0000 (10:40 +0530)]
docs: networking: bonding.rst resources section cleanup
Removed obsolete resources from bonding.rst doc:
- bonding-devel@lists.sourceforge.net hasn't been used since 2008
- admin interface is 404
- Donald Becker's domain/content no longer online
Signed-off-by: Nivedita Singhvi <nivedita.singhvi@canonical.com>
Acked-by: Jay Vosburgh <jay.vosburgh@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Fri, 14 Aug 2020 23:42:23 +0000 (16:42 -0700)]
Merge branch '40GbE' of git://git./linux/kernel/git/jkirsher/net-queue
Tony Nguyen says:
====================
Intel Wired LAN Driver Updates 2020-08-14
This series contains updates to i40e and igc drivers.
Vinicius fixes an issue with PTP spinlock being accessed before
initialization.
Przemyslaw fixes an issue with trusted VFs seeing additional traffic.
Grzegorz adds a wait for pending resets on driver removal to prevent
null pointer dereference.
v2: Fix function parameter for hw/aq in patch 2. Fix fixes tag in patch 3.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Grzegorz Szczurek [Tue, 11 Aug 2020 10:56:49 +0000 (10:56 +0000)]
i40e: Fix crash during removing i40e driver
Fix the reason of crashing system by add waiting time to finish reset
recovery process before starting remove driver procedure.
Now VSI is releasing if VSI is not in reset recovery mode.
Without this fix it was possible to start remove driver if other
processing command need reset recovery procedure which resulted in
null pointer dereference. VSI used by the ethtool process has been
cleared by remove driver process.
[ 6731.508665] BUG: kernel NULL pointer dereference, address:
0000000000000000
[ 6731.508668] #PF: supervisor read access in kernel mode
[ 6731.508670] #PF: error_code(0x0000) - not-present page
[ 6731.508671] PGD 0 P4D 0
[ 6731.508674] Oops: 0000 [#1] SMP PTI
[ 6731.508679] Hardware name: Intel Corporation S2600WT2R/S2600WT2R, BIOS SE5C610.86B.01.01.0021.
032120170601 03/21/2017
[ 6731.508694] RIP: 0010:i40e_down+0x252/0x310 [i40e]
[ 6731.508696] Code: c7 78 de fa c0 e8 61 02 3a c1 66 83 bb f6 0c 00 00 00 0f 84 bf 00 00 00 45 31 e4 45 31 ff eb 03 41 89 c7 48 8b 83 98 0c 00 00 <4a> 8b 3c 20 e8 a5 79 02 00 48 83 bb d0 0c 00 00 00 74 10 48 8b 83
[ 6731.508698] RSP: 0018:
ffffb75ac7b3faf0 EFLAGS:
00010246
[ 6731.508700] RAX:
0000000000000000 RBX:
ffff9c9874bd5000 RCX:
0000000000000007
[ 6731.508701] RDX:
0000000000000000 RSI:
0000000000000096 RDI:
ffff9c987f4d9780
[ 6731.508703] RBP:
ffffb75ac7b3fb30 R08:
0000000000005b60 R09:
0000000000000004
[ 6731.508704] R10:
ffffb75ac64fbd90 R11:
0000000000000001 R12:
0000000000000000
[ 6731.508706] R13:
ffff9c97a08e0000 R14:
ffff9c97a08e0a68 R15:
0000000000000000
[ 6731.508708] FS:
00007f2617cd2740(0000) GS:
ffff9c987f4c0000(0000) knlGS:
0000000000000000
[ 6731.508710] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
[ 6731.508711] CR2:
0000000000000000 CR3:
0000001e765c4006 CR4:
00000000003606e0
[ 6731.508713] DR0:
0000000000000000 DR1:
0000000000000000 DR2:
0000000000000000
[ 6731.508714] DR3:
0000000000000000 DR6:
00000000fffe0ff0 DR7:
0000000000000400
[ 6731.508715] Call Trace:
[ 6731.508734] i40e_vsi_close+0x84/0x90 [i40e]
[ 6731.508742] i40e_quiesce_vsi.part.98+0x3c/0x40 [i40e]
[ 6731.508749] i40e_pf_quiesce_all_vsi+0x55/0x60 [i40e]
[ 6731.508757] i40e_prep_for_reset+0x59/0x130 [i40e]
[ 6731.508765] i40e_reconfig_rss_queues+0x5a/0x120 [i40e]
[ 6731.508774] i40e_set_channels+0xda/0x170 [i40e]
[ 6731.508778] ethtool_set_channels+0xe9/0x150
[ 6731.508781] dev_ethtool+0x1b94/0x2920
[ 6731.508805] dev_ioctl+0xc2/0x590
[ 6731.508811] sock_do_ioctl+0xae/0x150
[ 6731.508813] sock_ioctl+0x34f/0x3c0
[ 6731.508821] ksys_ioctl+0x98/0xb0
[ 6731.508828] __x64_sys_ioctl+0x1a/0x20
[ 6731.508831] do_syscall_64+0x57/0x1c0
[ 6731.508835] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Fixes:
4b8164467b85 ("i40e: Add common function for finding VSI by type")
Signed-off-by: Grzegorz Szczurek <grzegorzx.szczurek@intel.com>
Signed-off-by: Arkadiusz Kubalewski <arkadiusz.kubalewski@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Przemyslaw Patynowski [Thu, 6 Aug 2020 13:40:59 +0000 (13:40 +0000)]
i40e: Set RX_ONLY mode for unicast promiscuous on VLAN
Trusted VF with unicast promiscuous mode set, could listen to TX
traffic of other VFs.
Set unicast promiscuous mode to RX traffic, if VSI has port VLAN
configured. Rename misleading I40E_AQC_SET_VSI_PROMISC_TX bit to
I40E_AQC_SET_VSI_PROMISC_RX_ONLY. Aligned unicast promiscuous with
VLAN to the one without VLAN.
Fixes:
6c41a7606967 ("i40e: Add promiscuous on VLAN support")
Fixes:
3b1200891b7f ("i40e: When in promisc mode apply promisc mode to Tx Traffic as well")
Signed-off-by: Przemyslaw Patynowski <przemyslawx.patynowski@intel.com>
Signed-off-by: Aleksandr Loktionov <aleksandr.loktionov@intel.com>
Signed-off-by: Arkadiusz Kubalewski <arkadiusz.kubalewski@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Florian Westphal [Fri, 14 Aug 2020 13:56:34 +0000 (15:56 +0200)]
mptcp: sendmsg: reset iter on error
Once we've copied data from the iterator we need to revert in case we
end up not sending any data.
This bug doesn't trigger with normal 'poll' based tests, because
we only feed a small chunk of data to kernel after poll indicated
POLLOUT. With blocking IO and large writes this triggers. Receiver
ends up with less data than it should get.
Fixes:
72511aab95c94d ("mptcp: avoid blocking in tcp_sendpages")
Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Edward Cree [Fri, 14 Aug 2020 12:26:22 +0000 (13:26 +0100)]
sfc: check hash is valid before using it
On EF100, the RX hash field in the packet prefix may not be valid (e.g.
if the header parse failed), and this is indicated by a one-bit flag
elsewhere in the packet prefix. Only call skb_set_hash() if the
RSS_HASH_VALID bit is set.
Signed-off-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Fri, 14 Aug 2020 20:57:56 +0000 (13:57 -0700)]
Merge tag 'linux-can-fixes-for-5.9-
20200814' of git://git./linux/kernel/git/mkl/linux-can
Marc Kleine-Budde says:
====================
pull-request: can 2020-08-14
this is a pull request of 6 patches for net/master. All patches fix problems in
the j1939 CAN networking stack.
The first patch is by Eric Dumazet fixes a kernel-infoleak in
j1939_sk_sock2sockaddr_can().
The remaining 5 patches are by Oleksij Rempel and fix recption of j1939
messages not orginated by the stack, a use-after-free in j1939_tp_txtimer(),
ensure that the CAN driver has a ml_priv allocated. These problem were found by
google's syzbot. Further ETP sessions with block size of less than 255 are
fixed and a sanity check was added to j1939_xtp_rx_dat_one() to detect packet
corruption.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Fri, 14 Aug 2020 20:40:27 +0000 (13:40 -0700)]
Merge tag 'powerpc-5.9-2' of git://git./linux/kernel/git/powerpc/linux
Pull powerpc fix from Michael Ellerman:
"One fix for a boot crash on some platforms introduced by the recent
pkey refactoring.
Thanks to Christian Zigotzky and Aneesh Kumar K.V"
* tag 'powerpc-5.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
powerpc/pkeys: Fix boot failures with Nemo board (A-EON AmigaOne X1000)
Linus Torvalds [Fri, 14 Aug 2020 20:34:37 +0000 (13:34 -0700)]
Merge tag 'for-linus-5.9-rc1b-tag' of git://git./linux/kernel/git/xen/tip
Pull more xen updates from Juergen Gross:
- Remove support for running as 32-bit Xen PV-guest.
32-bit PV guests are rarely used, are lacking security fixes for
Meltdown, and can be easily replaced by PVH mode. Another series for
doing more cleanup will follow soon (removal of 32-bit-only pvops
functionality).
- Fixes and additional features for the Xen display frontend driver.
* tag 'for-linus-5.9-rc1b-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
drm/xen-front: Pass dumb buffer data offset to the backend
xen: Sync up with the canonical protocol definition in Xen
drm/xen-front: Add YUYV to supported formats
drm/xen-front: Fix misused IS_ERR_OR_NULL checks
xen/gntdev: Fix dmabuf import with non-zero sgt offset
x86/xen: drop tests for highmem in pv code
x86/xen: eliminate xen-asm_64.S
x86/xen: remove 32-bit Xen PV guest support
Linus Torvalds [Fri, 14 Aug 2020 20:31:25 +0000 (13:31 -0700)]
Merge tag 'hyperv-fixes-signed' of git://git./linux/kernel/git/hyperv/linux
Pull hyper-v fixes from Wei Liu:
- fix oops reporting on Hyper-V
- make objtool happy
* tag 'hyperv-fixes-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux:
x86/hyperv: Make hv_setup_sched_clock inline
Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops
Eric Dumazet [Fri, 14 Aug 2020 18:16:17 +0000 (11:16 -0700)]
x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task
syzbot found its way in 86_fsgsbase_read_task() and triggered this oops:
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 0 PID: 6866 Comm: syz-executor262 Not tainted 5.8.0-syzkaller #0
RIP: 0010:x86_fsgsbase_read_task+0x16d/0x310 arch/x86/kernel/process_64.c:393
Call Trace:
putreg32+0x3ab/0x530 arch/x86/kernel/ptrace.c:876
genregs32_set arch/x86/kernel/ptrace.c:1026 [inline]
genregs32_set+0xa4/0x100 arch/x86/kernel/ptrace.c:1006
copy_regset_from_user include/linux/regset.h:326 [inline]
ia32_arch_ptrace arch/x86/kernel/ptrace.c:1061 [inline]
compat_arch_ptrace+0x36c/0xd90 arch/x86/kernel/ptrace.c:1198
__do_compat_sys_ptrace kernel/ptrace.c:1420 [inline]
__se_compat_sys_ptrace kernel/ptrace.c:1389 [inline]
__ia32_compat_sys_ptrace+0x220/0x2f0 kernel/ptrace.c:1389
do_syscall_32_irqs_on arch/x86/entry/common.c:84 [inline]
__do_fast_syscall_32+0x57/0x80 arch/x86/entry/common.c:126
do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:149
entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
This can happen if ptrace() or sigreturn() pokes an LDT selector into FS
or GS for a task with no LDT and something tries to read the base before
a return to usermode notices the bad selector and fixes it.
The fix is to make sure ldt pointer is not NULL.
Fixes:
07e1d88adaae ("x86/fsgsbase/64: Fix ptrace() to read the FS/GS base accurately")
Co-developed-by: Jann Horn <jannh@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Acked-by: Andy Lutomirski <luto@kernel.org>
Cc: Chang S. Bae <chang.seok.bae@intel.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Markus T Metzger <markus.t.metzger@intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ravi Shankar <ravi.v.shankar@intel.com>
Cc: Rik van Riel <riel@surriel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Fri, 14 Aug 2020 20:09:15 +0000 (13:09 -0700)]
Merge branch 'linus' of git://git./linux/kernel/git/herbert/crypto-2.6
Pull crypto fix from Herbert Xu:
"This fixes a regression in af_alg"
* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: algif_aead - fix uninitialized ctx->init
Linus Torvalds [Fri, 14 Aug 2020 18:07:02 +0000 (11:07 -0700)]
Merge tag 'modules-for-v5.9' of git://git./linux/kernel/git/jeyu/linux
Pull module updates from Jessica Yu:
"The most important change would be Christoph Hellwig's patch
implementing proprietary taint inheritance, in an effort to discourage
the creation of GPL "shim" modules that interface between GPL symbols
and proprietary symbols.
Summary:
- Have modules that use symbols from proprietary modules inherit the
TAINT_PROPRIETARY_MODULE taint, in an effort to prevent GPL shim
modules that are used to circumvent _GPL exports. These are modules
that claim to be GPL licensed while also using symbols from
proprietary modules. Such modules will be rejected while non-GPL
modules will inherit the proprietary taint.
- Module export space cleanup. Unexport symbols that are unused
outside of module.c or otherwise used in only built-in code"
* tag 'modules-for-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux:
modules: inherit TAINT_PROPRIETARY_MODULE
modules: return licensing information from find_symbol
modules: rename the licence field in struct symsearch to license
modules: unexport __module_address
modules: unexport __module_text_address
modules: mark each_symbol_section static
modules: mark find_symbol static
modules: mark ref_module static
modules: linux/moduleparam.h: drop duplicated word in a comment
Linus Torvalds [Fri, 14 Aug 2020 18:04:45 +0000 (11:04 -0700)]
Merge tag 'kconfig-v5.9' of git://git./linux/kernel/git/masahiroy/linux-kbuild
Pull Kconfig updates from Masahiro Yamada:
- remove '---help---' keyword support
- fix mouse events for 'menuconfig' symbols in search view of qconf
- code cleanups of qconf
* tag 'kconfig-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: (24 commits)
kconfig: qconf: move setOptionMode() to ConfigList from ConfigView
kconfig: qconf: do not limit the pop-up menu to the first row
kconfig: qconf: refactor icon setups
kconfig: qconf: remove unused voidPix, menuInvPix
kconfig: qconf: remove ConfigItem::text/setText
kconfig: qconf: remove ConfigList::addColumn/removeColumn
kconfig: qconf: remove ConfigItem::pixmap/setPixmap
kconfig: qconf: drop more localization code
kconfig: qconf: remove 'parent' from ConfigList::updateMenuList()
kconfig: qconf: remove unused argument from ConfigView::updateList()
kconfig: qconf: remove unused argument from ConfigList::updateList()
kconfig: qconf: omit parent to QHBoxLayout()
kconfig: qconf: remove name from ConfigSearchWindow constructor
kconfig: qconf: remove unused ConfigList::listView()
kconfig: qconf: overload addToolBar() to create and insert toolbar
kconfig: qconf: remove toolBar from ConfigMainWindow members
kconfig: qconf: use 'menu' variable for (QMenu *)
kconfig: qconf: do not use 'menu' variable for (QMenuBar *)
kconfig: qconf: remove ->addSeparator() to menuBar
kconfig: add 'static' to some file-local data
...
Vinicius Costa Gomes [Mon, 3 Aug 2020 18:32:07 +0000 (11:32 -0700)]
igc: Fix PTP initialization
Right now, igc_ptp_reset() is called from igc_reset(), which is called
from igc_probe() before igc_ptp_init() has a chance to run. It is
detected as an attempt to use an spinlock without registering its key
first. See log below.
To avoid this problem, simplify the initialization: igc_ptp_init() is
only called from igc_probe(), and igc_ptp_reset() is only called from
igc_reset().
[ 2.736332] INFO: trying to register non-static key.
[ 2.736902] input: HDA Intel PCH Front Headphone as /devices/pci0000:00/0000:00:1f.3/sound/card0/input10
[ 2.737513] the code is fine but needs lockdep annotation.
[ 2.737513] turning off the locking correctness validator.
[ 2.737515] CPU: 8 PID: 239 Comm: systemd-udevd Tainted: G E 5.8.0-rc7+ #13
[ 2.737515] Hardware name: Gigabyte Technology Co., Ltd. Z390 AORUS ULTRA/Z390 AORUS ULTRA-CF, BIOS F7 03/14/2019
[ 2.737516] Call Trace:
[ 2.737521] dump_stack+0x78/0xa0
[ 2.737524] register_lock_class+0x6b1/0x6f0
[ 2.737526] ? lockdep_hardirqs_on_prepare+0xca/0x160
[ 2.739177] ? _raw_spin_unlock_irq+0x24/0x50
[ 2.739179] ? trace_hardirqs_on+0x1c/0xf0
[ 2.740820] __lock_acquire+0x56/0x1ff0
[ 2.740823] ? __schedule+0x30c/0x970
[ 2.740825] lock_acquire+0x97/0x3e0
[ 2.740830] ? igc_ptp_reset+0x35/0xf0 [igc]
[ 2.740833] ? schedule_hrtimeout_range_clock+0xb7/0x120
[ 2.742507] _raw_spin_lock_irqsave+0x3a/0x50
[ 2.742512] ? igc_ptp_reset+0x35/0xf0 [igc]
[ 2.742515] igc_ptp_reset+0x35/0xf0 [igc]
[ 2.742519] igc_reset+0x96/0xd0 [igc]
[ 2.744148] igc_probe+0x68f/0x7d0 [igc]
[ 2.745796] local_pci_probe+0x3d/0x70
[ 2.745799] pci_device_probe+0xd1/0x190
[ 2.745802] really_probe+0x15a/0x3f0
[ 2.759936] driver_probe_device+0xe1/0x150
[ 2.759937] device_driver_attach+0xa8/0xb0
[ 2.761786] __driver_attach+0x89/0x150
[ 2.761786] ? device_driver_attach+0xb0/0xb0
[ 2.761787] ? device_driver_attach+0xb0/0xb0
[ 2.761788] bus_for_each_dev+0x66/0x90
[ 2.765012] bus_add_driver+0x12e/0x1f0
[ 2.765716] driver_register+0x8b/0xe0
[ 2.766418] ? 0xffffffffc0230000
[ 2.767119] do_one_initcall+0x5a/0x310
[ 2.767826] ? kmem_cache_alloc_trace+0xe9/0x200
[ 2.768528] do_init_module+0x5c/0x260
[ 2.769206] __do_sys_finit_module+0x93/0xe0
[ 2.770048] do_syscall_64+0x46/0xa0
[ 2.770716] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 2.771396] RIP: 0033:0x7f83534589e0
[ 2.772073] Code: 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 2e 2e 2e 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 80 24 0d 00 f7 d8 64 89 01 48
[ 2.772074] RSP: 002b:
00007ffd31d0ed18 EFLAGS:
00000246 ORIG_RAX:
0000000000000139
[ 2.774854] RAX:
ffffffffffffffda RBX:
000055d52816aba0 RCX:
00007f83534589e0
[ 2.774855] RDX:
0000000000000000 RSI:
00007f83535b982f RDI:
0000000000000006
[ 2.774855] RBP:
00007ffd31d0ed60 R08:
0000000000000000 R09:
00007ffd31d0ed30
[ 2.774856] R10:
0000000000000006 R11:
0000000000000246 R12:
0000000000000000
[ 2.774856] R13:
0000000000020000 R14:
00007f83535b982f R15:
000055d527f5e120
Fixes:
5f2958052c58 ("igc: Add basic skeleton for PTP")
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
Reviewed-by: Andre Guedes <andre.guedes@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Oleksij Rempel [Fri, 7 Aug 2020 10:52:00 +0000 (12:52 +0200)]
can: j1939: transport: j1939_xtp_rx_dat_one(): compare own packets to detect corruptions
Since the stack relays on receiving own packets, it was overwriting own
transmit buffer from received packets.
At least theoretically, the received echo buffer can be corrupt or
changed and the session partner can request to resend previous data. In
this case we will re-send bad data.
With this patch we will stop to overwrite own TX buffer and use it for
sanity checking.
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://lore.kernel.org/r/20200807105200.26441-6-o.rempel@pengutronix.de
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Oleksij Rempel [Fri, 7 Aug 2020 10:51:59 +0000 (12:51 +0200)]
can: j1939: transport: add j1939_session_skb_find_by_offset() function
Sometimes it makes no sense to search the skb by pkt.dpo, since we need
next the skb within the transaction block. This may happen if we have an
ETP session with CTS set to less than 255 packets.
After this patch, we will be able to work with ETP sessions where the
block size (ETP.CM_CTS byte 2) is less than 255 packets.
Reported-by: Henrique Figueira <henrislip@gmail.com>
Reported-by: https://github.com/linux-can/can-utils/issues/228
Fixes:
9d71dd0c7009 ("can: add support of SAE J1939 protocol")
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://lore.kernel.org/r/20200807105200.26441-5-o.rempel@pengutronix.de
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Oleksij Rempel [Fri, 7 Aug 2020 10:51:58 +0000 (12:51 +0200)]
can: j1939: socket: j1939_sk_bind(): make sure ml_priv is allocated
This patch adds check to ensure that the struct net_device::ml_priv is
allocated, as it is used later by the j1939 stack.
The allocation is done by all mainline CAN network drivers, but when using
bond or team devices this is not the case.
Bail out if no ml_priv is allocated.
Reported-by: syzbot+f03d384f3455d28833eb@syzkaller.appspotmail.com
Fixes:
9d71dd0c7009 ("can: add support of SAE J1939 protocol")
Cc: linux-stable <stable@vger.kernel.org> # >= v5.4
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://lore.kernel.org/r/20200807105200.26441-4-o.rempel@pengutronix.de
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Oleksij Rempel [Fri, 7 Aug 2020 10:51:57 +0000 (12:51 +0200)]
can: j1939: transport: j1939_session_tx_dat(): fix use-after-free read in j1939_tp_txtimer()
The current stack implementation do not support ECTS requests of not
aligned TP sized blocks.
If ECTS will request a block with size and offset spanning two TP
blocks, this will cause memcpy() to read beyond the queued skb (which
does only contain one TP sized block).
Sometimes KASAN will detect this read if the memory region beyond the
skb was previously allocated and freed. In other situations it will stay
undetected. The ETP transfer in any case will be corrupted.
This patch adds a sanity check to avoid this kind of read and abort the
session with error J1939_XTP_ABORT_ECTS_TOO_BIG.
Reported-by: syzbot+5322482fe520b02aea30@syzkaller.appspotmail.com
Fixes:
9d71dd0c7009 ("can: add support of SAE J1939 protocol")
Cc: linux-stable <stable@vger.kernel.org> # >= v5.4
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://lore.kernel.org/r/20200807105200.26441-3-o.rempel@pengutronix.de
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Oleksij Rempel [Fri, 7 Aug 2020 10:51:56 +0000 (12:51 +0200)]
can: j1939: transport: j1939_simple_recv(): ignore local J1939 messages send not by J1939 stack
In current J1939 stack implementation, we process all locally send
messages as own messages. Even if it was send by CAN_RAW socket.
To reproduce it use following commands:
testj1939 -P -r can0:0x80 &
cansend can0
18238040#0123
This step will trigger false positive not critical warning:
j1939_simple_recv: Received already invalidated message
With this patch we add additional check to make sure, related skb is own
echo message.
Fixes:
9d71dd0c7009 ("can: add support of SAE J1939 protocol")
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://lore.kernel.org/r/20200807105200.26441-2-o.rempel@pengutronix.de
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Eric Dumazet [Thu, 13 Aug 2020 16:18:34 +0000 (09:18 -0700)]
can: j1939: fix kernel-infoleak in j1939_sk_sock2sockaddr_can()
syzbot found that at least 2 bytes of kernel information
were leaked during getsockname() on AF_CAN CAN_J1939 socket.
Since struct sockaddr_can has in fact two holes, simply
clear the whole area before filling it with useful data.
BUG: KMSAN: kernel-infoleak in kmsan_copy_to_user+0x81/0x90 mm/kmsan/kmsan_hooks.c:253
CPU: 0 PID: 8466 Comm: syz-executor511 Not tainted 5.8.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x21c/0x280 lib/dump_stack.c:118
kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121
kmsan_internal_check_memory+0x238/0x3d0 mm/kmsan/kmsan.c:423
kmsan_copy_to_user+0x81/0x90 mm/kmsan/kmsan_hooks.c:253
instrument_copy_to_user include/linux/instrumented.h:91 [inline]
_copy_to_user+0x18e/0x260 lib/usercopy.c:39
copy_to_user include/linux/uaccess.h:186 [inline]
move_addr_to_user+0x3de/0x670 net/socket.c:237
__sys_getsockname+0x407/0x5e0 net/socket.c:1909
__do_sys_getsockname net/socket.c:1920 [inline]
__se_sys_getsockname+0x91/0xb0 net/socket.c:1917
__x64_sys_getsockname+0x4a/0x70 net/socket.c:1917
do_syscall_64+0xad/0x160 arch/x86/entry/common.c:386
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x440219
Code: Bad RIP value.
RSP: 002b:
00007ffe5ee150c8 EFLAGS:
00000246 ORIG_RAX:
0000000000000033
RAX:
ffffffffffffffda RBX:
00000000004002c8 RCX:
0000000000440219
RDX:
0000000020000240 RSI:
0000000020000100 RDI:
0000000000000003
RBP:
00000000006ca018 R08:
0000000000000000 R09:
00000000004002c8
R10:
0000000000000000 R11:
0000000000000246 R12:
0000000000401a20
R13:
0000000000401ab0 R14:
0000000000000000 R15:
0000000000000000
Local variable ----address@__sys_getsockname created at:
__sys_getsockname+0x91/0x5e0 net/socket.c:1894
__sys_getsockname+0x91/0x5e0 net/socket.c:1894
Bytes 2-3 of 24 are uninitialized
Memory access of size 24 starts at
ffff8880ba2c7de8
Data copied to user address
0000000020000100
Fixes:
9d71dd0c7009 ("can: add support of SAE J1939 protocol")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Robin van der Gracht <robin@protonic.nl>
Cc: Oleksij Rempel <o.rempel@pengutronix.de>
Cc: Pengutronix Kernel Team <kernel@pengutronix.de>
Cc: linux-can@vger.kernel.org
Acked-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://lore.kernel.org/r/20200813161834.4021638-1-edumazet@google.com
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Masahiro Yamada [Fri, 7 Aug 2020 09:19:09 +0000 (18:19 +0900)]
kconfig: qconf: move setOptionMode() to ConfigList from ConfigView
ConfigView::setOptionMode() only gets access to the 'list' member.
Move it to the more relevant ConfigList class.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Masahiro Yamada [Fri, 7 Aug 2020 09:19:08 +0000 (18:19 +0900)]
kconfig: qconf: do not limit the pop-up menu to the first row
If you right-click the first row in the option tree, the pop-up menu
shows up, but if you right-click the second row or below, the event
is ignored due to the following check:
if (e->y() <= header()->geometry().bottom()) {
Perhaps, the intention was to show the pop-menu only when the tree
header was right-clicked, but this handler is not called in that case.
Since the origin of e->y() starts from the bottom of the header,
this check is odd.
Going forward, you can right-click anywhere in the tree to get the
pop-up menu.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Masahiro Yamada [Fri, 7 Aug 2020 09:19:07 +0000 (18:19 +0900)]
kconfig: qconf: refactor icon setups
These icon data are used by ConfigItem, but stored in each instance
of ConfigView. There is no point to keep the same data in each of 3
instances, "menu", "config", and "search".
Move the icon data to the more relevant ConfigItem class, and make
them static members.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Masahiro Yamada [Fri, 7 Aug 2020 09:19:06 +0000 (18:19 +0900)]
kconfig: qconf: remove unused voidPix, menuInvPix
These are initialized, but not used by anyone.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Masahiro Yamada [Fri, 7 Aug 2020 09:19:05 +0000 (18:19 +0900)]
kconfig: qconf: remove ConfigItem::text/setText
Use QTreeWidgetItem::text/setText directly
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Masahiro Yamada [Fri, 7 Aug 2020 09:19:04 +0000 (18:19 +0900)]
kconfig: qconf: remove ConfigList::addColumn/removeColumn
Use QTreeView::showColumn/hideColumn directly.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Masahiro Yamada [Fri, 7 Aug 2020 09:19:03 +0000 (18:19 +0900)]
kconfig: qconf: remove ConfigItem::pixmap/setPixmap
Use QTreeWidgetItem::icon/setIcon directly.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Masahiro Yamada [Fri, 7 Aug 2020 09:19:02 +0000 (18:19 +0900)]
kconfig: qconf: drop more localization code
This is a remnant of commit
694c49a7c01c ("kconfig: drop localization
support").
Get it back to the code prior to commit
3b9fa0931dd8 ("[PATCH] Kconfig
i18n support").
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Masahiro Yamada [Fri, 7 Aug 2020 09:19:01 +0000 (18:19 +0900)]
kconfig: qconf: remove 'parent' from ConfigList::updateMenuList()
All the call-sites of this function pass 'this' to the first argument.
So, 'parent' is always the 'this' pointer.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Masahiro Yamada [Fri, 7 Aug 2020 09:19:00 +0000 (18:19 +0900)]
kconfig: qconf: remove unused argument from ConfigView::updateList()
Now that ConfigList::updateList() takes no argument, the 'item' argument
ConfigView::updateList() is no longer used.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Masahiro Yamada [Fri, 7 Aug 2020 09:18:59 +0000 (18:18 +0900)]
kconfig: qconf: remove unused argument from ConfigList::updateList()
This function allocates 'item' before using it, so the argument 'item'
is always shadowed.
Remove the meaningless argument.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Masahiro Yamada [Fri, 7 Aug 2020 09:18:58 +0000 (18:18 +0900)]
kconfig: qconf: omit parent to QHBoxLayout()
Instead of passing 0 (i.e. nullptr), leave it empty.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Masahiro Yamada [Fri, 7 Aug 2020 09:18:57 +0000 (18:18 +0900)]
kconfig: qconf: remove name from ConfigSearchWindow constructor
This constructor is only called with "search" as the second argument.
Hard-code the name in the constructor, and drop it from the function
argument.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Masahiro Yamada [Fri, 7 Aug 2020 09:18:56 +0000 (18:18 +0900)]
kconfig: qconf: remove unused ConfigList::listView()
I do not know how this function can be useful. In fact, it is unsed.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Masahiro Yamada [Fri, 7 Aug 2020 09:18:55 +0000 (18:18 +0900)]
kconfig: qconf: overload addToolBar() to create and insert toolbar
Use the overloaded function, addToolBar(const QString &title)
to create a QToolBar object, setting its window title, and inserts
it into the toolbar area.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Masahiro Yamada [Fri, 7 Aug 2020 09:18:54 +0000 (18:18 +0900)]
kconfig: qconf: remove toolBar from ConfigMainWindow members
This pointer is only used in the ConfigMainWindow constructor.
Drop it from the private members.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Masahiro Yamada [Fri, 7 Aug 2020 09:18:53 +0000 (18:18 +0900)]
kconfig: qconf: use 'menu' variable for (QMenu *)
The variable 'config' for the file menu is inconsistent.
You do not need to use different variables. Use 'menu' for every menu.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Masahiro Yamada [Fri, 7 Aug 2020 09:18:52 +0000 (18:18 +0900)]
kconfig: qconf: do not use 'menu' variable for (QMenuBar *)
I think it is a bit confusing to use 'menu' to hold a QMenuBar pointer.
I want to use 'menu' for a QMenu pointer.
You do not need to use a local variable here. Use menuBar() directly.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Masahiro Yamada [Fri, 7 Aug 2020 09:18:51 +0000 (18:18 +0900)]
kconfig: qconf: remove ->addSeparator() to menuBar
I do not understand the purpose of this ->addSeparator().
It does not make any difference.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Masahiro Yamada [Wed, 29 Jul 2020 03:18:37 +0000 (12:18 +0900)]
kconfig: add 'static' to some file-local data
Fix some warnings from sparce like follows:
warning: symbol '...' was not declared. Should it be static?
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Maxime Chretien [Wed, 8 Jul 2020 13:32:15 +0000 (15:32 +0200)]
kconfig: qconf: Fix mouse events in search view
On menu properties mouse events didn't do anything in search view
(listMode).
As there are no menus in listMode we can add an exception in tests to
always change the value on mouse events if we are in listMode.
Signed-off-by: Maxime Chretien <maxime.chretien@bootlin.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Masahiro Yamada [Sat, 18 Jul 2020 06:38:47 +0000 (15:38 +0900)]
kconfig: constify XPM data
Constify arrays as well as strings.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Masahiro Yamada [Wed, 17 Jun 2020 03:02:20 +0000 (12:02 +0900)]
Revert "checkpatch: kconfig: prefer 'help' over '---help---'"
This reverts commit
84af7a6194e493fae312a2b7fa5a3b51f76d9282.
The conversion is done.
Cc: Ulf Magnusson <ulfalizer@gmail.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Masahiro Yamada [Wed, 17 Jun 2020 03:02:19 +0000 (12:02 +0900)]
kconfig: remove '---help---' support
The conversion is done. No more user of '---help---'.
Cc: Ulf Magnusson <ulfalizer@gmail.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Linus Torvalds [Fri, 14 Aug 2020 03:03:11 +0000 (20:03 -0700)]
Merge git://git./linux/kernel/git/netdev/net
Pull networking fixes from David Miller:
"Some merge window fallout, some longer term fixes:
1) Handle headroom properly in lapbether and x25_asy drivers, from
Xie He.
2) Fetch MAC address from correct r8152 device node, from Thierry
Reding.
3) In the sw kTLS path we should allow MSG_CMSG_COMPAT in sendmsg,
from Rouven Czerwinski.
4) Correct fdputs in socket layer, from Miaohe Lin.
5) Revert troublesome sockptr_t optimization, from Christoph Hellwig.
6) Fix TCP TFO key reading on big endian, from Jason Baron.
7) Missing CAP_NET_RAW check in nfc, from Qingyu Li.
8) Fix inet fastreuse optimization with tproxy sockets, from Tim
Froidcoeur.
9) Fix 64-bit divide in new SFC driver, from Edward Cree.
10) Add a tracepoint for prandom_u32 so that we can more easily
perform usage analysis. From Eric Dumazet.
11) Fix rwlock imbalance in AF_PACKET, from John Ogness"
* git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (49 commits)
net: openvswitch: introduce common code for flushing flows
af_packet: TPACKET_V3: fix fill status rwlock imbalance
random32: add a tracepoint for prandom_u32()
Revert "ipv4: tunnel: fix compilation on ARCH=um"
net: accept an empty mask in /sys/class/net/*/queues/rx-*/rps_cpus
net: ethernet: stmmac: Disable hardware multicast filter
net: stmmac: dwmac1000: provide multicast filter fallback
ipv4: tunnel: fix compilation on ARCH=um
vsock: fix potential null pointer dereference in vsock_poll()
sfc: fix ef100 design-param checking
net: initialize fastreuse on inet_inherit_port
net: refactor bind_bucket fastreuse into helper
net: phy: marvell10g: fix null pointer dereference
net: Fix potential memory leak in proto_register()
net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init
ionic_lif: Use devm_kcalloc() in ionic_qcq_alloc()
net/nfc/rawsock.c: add CAP_NET_RAW check.
hinic: fix strncpy output truncated compile warnings
drivers/net/wan/x25_asy: Added needed_headroom and a skb->len check
net/tls: Fix kmap usage
...
Linus Torvalds [Fri, 14 Aug 2020 01:41:00 +0000 (18:41 -0700)]
Merge branch 'i2c/for-5.9' of git://git./linux/kernel/git/wsa/linux
Pull i2c updates from Wolfram Sang:
- bus recovery can now be given a pinctrl handle and the I2C core will
do all the steps to switch to/from GPIO which can save quite some
boilerplate code from drivers
- "fallthrough" conversion
- driver updates, mostly ID additions
* 'i2c/for-5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: (32 commits)
i2c: iproc: fix race between client unreg and isr
i2c: eg20t: use generic power management
i2c: eg20t: Drop PCI wakeup calls from .suspend/.resume
i2c: mediatek: Fix i2c_spec_values description
i2c: mediatek: Add i2c compatible for MediaTek MT8192
dt-bindings: i2c: update bindings for MT8192 SoC
i2c: mediatek: Add access to more than 8GB dram in i2c driver
i2c: mediatek: Add apdma sync in i2c driver
i2c: i801: Add support for Intel Tiger Lake PCH-H
i2c: i801: Add support for Intel Emmitsburg PCH
i2c: bcm2835: Replace HTTP links with HTTPS ones
Documentation: i2c: dev: 'block process call' is supported
i2c: at91: Move to generic GPIO bus recovery
i2c: core: treat EPROBE_DEFER when acquiring SCL/SDA GPIOs
i2c: core: add generic I2C GPIO recovery
dt-bindings: i2c: add generic properties for GPIO bus recovery
i2c: rcar: avoid race when unregistering slave
i2c: tegra: Avoid tegra_i2c_init_dma() for Tegra210 vi i2c
i2c: tegra: Fix runtime resume to re-init VI I2C
i2c: tegra: Fix the error path in tegra_i2c_runtime_resume
...
Andrii Nakryiko [Thu, 13 Aug 2020 20:49:45 +0000 (13:49 -0700)]
selftests/bpf: Make test_varlen work with 32-bit user-space arch
Despite bpftool generating data section memory layout that will work for
32-bit architectures on user-space side, BPF programs should be careful to not
use ambiguous types like `long`, which have different size in 32-bit and
64-bit environments. Fix that in test by using __u64 explicitly, which is
a recommended approach anyway.
Signed-off-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20200813204945.1020225-10-andriin@fb.com
Andrii Nakryiko [Thu, 13 Aug 2020 20:49:44 +0000 (13:49 -0700)]
tools/bpftool: Generate data section struct with conservative alignment
The comment in the code describes this in good details. Generate such a memory
layout that would work both on 32-bit and 64-bit architectures for user-space.
Signed-off-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20200813204945.1020225-9-andriin@fb.com
Andrii Nakryiko [Thu, 13 Aug 2020 20:49:43 +0000 (13:49 -0700)]
selftests/bpf: Correct various core_reloc 64-bit assumptions
Ensure that types are memory layout- and field alignment-compatible regardless
of 32/64-bitness mix of libbpf and BPF architecture.
Signed-off-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20200813204945.1020225-8-andriin@fb.com
Andrii Nakryiko [Thu, 13 Aug 2020 20:49:42 +0000 (13:49 -0700)]
libbpf: Enforce 64-bitness of BTF for BPF object files
BPF object files are always targeting 64-bit BPF target architecture, so
enforce that at BTF level as well.
Signed-off-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20200813204945.1020225-7-andriin@fb.com
Andrii Nakryiko [Thu, 13 Aug 2020 20:49:41 +0000 (13:49 -0700)]
selftests/bpf: Fix btf_dump test cases on 32-bit arches
Fix btf_dump test cases by hard-coding BPF's pointer size of 8 bytes for cases
where it's impossible to deterimne the pointer size (no long type in BTF). In
cases where it's known, validate libbpf correctly determines it as 8.
Signed-off-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20200813204945.1020225-6-andriin@fb.com
Andrii Nakryiko [Thu, 13 Aug 2020 20:49:40 +0000 (13:49 -0700)]
libbpf: Handle BTF pointer sizes more carefully
With libbpf and BTF it is pretty common to have libbpf built for one
architecture, while BTF information was generated for a different architecture
(typically, but not always, BPF). In such case, the size of a pointer might
differ betweem architectures. libbpf previously was always making an
assumption that pointer size for BTF is the same as native architecture
pointer size, but that breaks for cases where libbpf is built as 32-bit
library, while BTF is for 64-bit architecture.
To solve this, add heuristic to determine pointer size by searching for `long`
or `unsigned long` integer type and using its size as a pointer size. Also,
allow to override the pointer size with a new API btf__set_pointer_size(), for
cases where application knows which pointer size should be used. User
application can check what libbpf "guessed" by looking at the result of
btf__pointer_size(). If it's not 0, then libbpf successfully determined a
pointer size, otherwise native arch pointer size will be used.
For cases where BTF is parsed from ELF file, use ELF's class (32-bit or
64-bit) to determine pointer size.
Fixes:
8a138aed4a80 ("bpf: btf: Add BTF support to libbpf")
Fixes:
351131b51c7a ("libbpf: add btf_dump API for BTF-to-C conversion")
Signed-off-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20200813204945.1020225-5-andriin@fb.com
Andrii Nakryiko [Thu, 13 Aug 2020 20:49:39 +0000 (13:49 -0700)]
libbpf: Fix BTF-defined map-in-map initialization on 32-bit host arches
Libbpf built in 32-bit mode should be careful about not conflating 64-bit BPF
pointers in BPF ELF file and host architecture pointers. This patch fixes
issue of incorrect initializating of map-in-map inner map slots due to such
difference.
Fixes:
646f02ffdd49 ("libbpf: Add BTF-defined map-in-map support")
Signed-off-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20200813204945.1020225-4-andriin@fb.com
Andrii Nakryiko [Thu, 13 Aug 2020 20:49:38 +0000 (13:49 -0700)]
selftest/bpf: Fix compilation warnings in 32-bit mode
Fix compilation warnings emitted when compiling selftests for 32-bit platform
(x86 in my case).
Signed-off-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20200813204945.1020225-3-andriin@fb.com
Andrii Nakryiko [Thu, 13 Aug 2020 20:49:37 +0000 (13:49 -0700)]
tools/bpftool: Fix compilation warnings in 32-bit mode
Fix few compilation warnings in bpftool when compiling in 32-bit mode.
Abstract away u64 to pointer conversion into a helper function.
Signed-off-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20200813204945.1020225-2-andriin@fb.com
Tonghao Zhang [Wed, 12 Aug 2020 09:56:39 +0000 (17:56 +0800)]
net: openvswitch: introduce common code for flushing flows
To avoid some issues, for example RCU usage warning and double free,
we should flush the flows under ovs_lock. This patch refactors
table_instance_destroy and introduces table_instance_flow_flush
which can be invoked by __dp_destroy or ovs_flow_tbl_flush.
Fixes:
50b0e61b32ee ("net: openvswitch: fix possible memleak on destroy flow-table")
Reported-by: Johan Knöös <jknoos@google.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2020-August/050489.html
Signed-off-by: Tonghao Zhang <xiangxia.m.yue@gmail.com>
Reviewed-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
John Ogness [Thu, 13 Aug 2020 19:39:25 +0000 (21:45 +0206)]
af_packet: TPACKET_V3: fix fill status rwlock imbalance
After @blk_fill_in_prog_lock is acquired there is an early out vnet
situation that can occur. In that case, the rwlock needs to be
released.
Also, since @blk_fill_in_prog_lock is only acquired when @tp_version
is exactly TPACKET_V3, only release it on that exact condition as
well.
And finally, add sparse annotation so that it is clearer that
prb_fill_curr_block() and prb_clear_blk_fill_status() are acquiring
and releasing @blk_fill_in_prog_lock, respectively. sparse is still
unable to understand the balance, but the warnings are now on a
higher level that make more sense.
Fixes:
632ca50f2cbd ("af_packet: TPACKET_V3: replace busy-wait loop")
Signed-off-by: John Ogness <john.ogness@linutronix.de>
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Thu, 13 Aug 2020 17:06:43 +0000 (10:06 -0700)]
random32: add a tracepoint for prandom_u32()
There has been some heat around prandom_u32() lately, and some people
were wondering if there was a simple way to determine how often
it was used, before considering making it maybe 10 times more expensive.
This tracepoint exports the generated pseudo random value.
Tested:
perf list | grep prandom_u32
random:prandom_u32 [Tracepoint event]
perf record -a [-g] [-C1] -e random:prandom_u32 sleep 1
[ perf record: Woken up 0 times to write data ]
[ perf record: Captured and wrote 259.748 MB perf.data (924087 samples) ]
perf report --nochildren
...
97.67% ksoftirqd/1 [kernel.vmlinux] [k] prandom_u32
|
---prandom_u32
prandom_u32
|
|--48.86%--tcp_v4_syn_recv_sock
| tcp_check_req
| tcp_v4_rcv
| ...
--48.81%--tcp_conn_request
tcp_v4_conn_request
tcp_rcv_state_process
...
perf script
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Willy Tarreau <w@1wt.eu>
Cc: Sedat Dilek <sedat.dilek@gmail.com>
Tested-by: Sedat Dilek <sedat.dilek@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Thu, 13 Aug 2020 20:57:45 +0000 (13:57 -0700)]
Merge tag 'docs-5.9-2' of git://git.lwn.net/linux
Pull documentation fixes from Jonathan Corbet:
"A handful of obvious fixes that wandered in during the merge window"
* tag 'docs-5.9-2' of git://git.lwn.net/linux:
Documentation/locking/locktypes: fix the typo
doc/zh_CN: resolve undefined label warning in admin-guide index
doc/zh_CN: fix title heading markup in admin-guide cpu-load
docs: remove the 2.6 "Upgrading I2C Drivers" guide
docs: Correct the release date of 5.2 stable
mailmap: Update comments for with format and more detalis
docs: cdrom: Fix a typo and rst markup
Doc: admin-guide: use correct legends in kernel-parameters.txt
Documentation/features: refresh RISC-V arch support files
documentation: coccinelle: Improve command example for make C={1,2}
Core-api: Documentation: Replace deprecated :c:func: Usage
Dev-tools: Documentation: Replace deprecated :c:func: Usage
Filesystems: Documentation: Replace deprecated :c:func: Usage
docs: trace: fix a typo
Joe Stringer [Thu, 13 Aug 2020 18:08:07 +0000 (11:08 -0700)]
doc: Add link to bpf helpers man page
The bpf-helpers(7) man pages provide an invaluable description of the
functions that an eBPF program can call at runtime. Link them here.
Signed-off-by: Joe Stringer <joe@wand.net.nz>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20200813180807.2821735-1-joe@wand.net.nz
Huang Shijie [Thu, 13 Aug 2020 06:02:20 +0000 (14:02 +0800)]
Documentation/locking/locktypes: fix the typo
We have three categories locks, not two.
Signed-off-by: Huang Shijie <sjhuang@iluvatar.ai>
Acked-by: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20200813060220.18199-1-sjhuang@iluvatar.ai
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
John Fastabend [Tue, 11 Aug 2020 22:05:53 +0000 (15:05 -0700)]
bpf, selftests: Add tests to sock_ops for loading sk
Add tests to directly accesse sock_ops sk field. Then use it to
ensure a bad pointer access will fault if something goes wrong.
We do three tests:
The first test ensures when we read sock_ops sk pointer into the
same register that we don't fault as described earlier. Here r9
is chosen as the temp register. The xlated code is,
36: (7b) *(u64 *)(r1 +32) = r9
37: (61) r9 = *(u32 *)(r1 +28)
38: (15) if r9 == 0x0 goto pc+3
39: (79) r9 = *(u64 *)(r1 +32)
40: (79) r1 = *(u64 *)(r1 +0)
41: (05) goto pc+1
42: (79) r9 = *(u64 *)(r1 +32)
The second test ensures the temp register selection does not collide
with in-use register r9. Shown here r8 is chosen because r9 is the
sock_ops pointer. The xlated code is as follows,
46: (7b) *(u64 *)(r9 +32) = r8
47: (61) r8 = *(u32 *)(r9 +28)
48: (15) if r8 == 0x0 goto pc+3
49: (79) r8 = *(u64 *)(r9 +32)
50: (79) r9 = *(u64 *)(r9 +0)
51: (05) goto pc+1
52: (79) r8 = *(u64 *)(r9 +32)
And finally, ensure we didn't break the base case where dst_reg does
not equal the source register,
56: (61) r2 = *(u32 *)(r1 +28)
57: (15) if r2 == 0x0 goto pc+1
58: (79) r2 = *(u64 *)(r1 +0)
Notice it takes us an extra four instructions when src reg is the
same as dst reg. One to save the reg, two to restore depending on
the branch taken and a goto to jump over the second restore.
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Song Liu <songliubraving@fb.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Link: https://lore.kernel.org/bpf/159718355325.4728.4163036953345999636.stgit@john-Precision-5820-Tower
John Fastabend [Tue, 11 Aug 2020 22:05:33 +0000 (15:05 -0700)]
bpf, selftests: Add tests for sock_ops load with r9, r8.r7 registers
Loads in sock_ops case when using high registers requires extra logic to
ensure the correct temporary value is used. We need to ensure the temp
register does not use either the src_reg or dst_reg. Lets add an asm
test to force the logic is triggered.
The xlated code is here,
30: (7b) *(u64 *)(r9 +32) = r7
31: (61) r7 = *(u32 *)(r9 +28)
32: (15) if r7 == 0x0 goto pc+2
33: (79) r7 = *(u64 *)(r9 +0)
34: (63) *(u32 *)(r7 +916) = r8
35: (79) r7 = *(u64 *)(r9 +32)
Notice r9 and r8 are not used for temp registers and r7 is chosen.
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Song Liu <songliubraving@fb.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Link: https://lore.kernel.org/bpf/159718353345.4728.8805043614257933227.stgit@john-Precision-5820-Tower
John Fastabend [Tue, 11 Aug 2020 22:05:14 +0000 (15:05 -0700)]
bpf, selftests: Add tests for ctx access in sock_ops with single register
To verify fix ("bpf: sock_ops ctx access may stomp registers in corner case")
we want to force compiler to generate the following code when accessing a
field with BPF_TCP_SOCK_GET_COMMON,
r1 = *(u32 *)(r1 + 96) // r1 is skops ptr
Rather than depend on clang to do this we add the test with inline asm to
the tcpbpf test. This saves us from having to create another runner and
ensures that if we break this again test_tcpbpf will crash.
With above code we get the xlated code,
11: (7b) *(u64 *)(r1 +32) = r9
12: (61) r9 = *(u32 *)(r1 +28)
13: (15) if r9 == 0x0 goto pc+4
14: (79) r9 = *(u64 *)(r1 +32)
15: (79) r1 = *(u64 *)(r1 +0)
16: (61) r1 = *(u32 *)(r1 +2348)
17: (05) goto pc+1
18: (79) r9 = *(u64 *)(r1 +32)
We also add the normal case where src_reg != dst_reg so we can compare
code generation easily from llvm-objdump and ensure that case continues
to work correctly. The normal code is xlated to,
20: (b7) r1 = 0
21: (61) r1 = *(u32 *)(r3 +28)
22: (15) if r1 == 0x0 goto pc+2
23: (79) r1 = *(u64 *)(r3 +0)
24: (61) r1 = *(u32 *)(r1 +2348)
Where the temp variable is not used.
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Song Liu <songliubraving@fb.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Link: https://lore.kernel.org/bpf/159718351457.4728.3295119261717842496.stgit@john-Precision-5820-Tower
John Fastabend [Tue, 11 Aug 2020 22:04:56 +0000 (15:04 -0700)]
bpf: sock_ops sk access may stomp registers when dst_reg = src_reg
Similar to patch ("bpf: sock_ops ctx access may stomp registers") if the
src_reg = dst_reg when reading the sk field of a sock_ops struct we
generate xlated code,
53: (61) r9 = *(u32 *)(r9 +28)
54: (15) if r9 == 0x0 goto pc+3
56: (79) r9 = *(u64 *)(r9 +0)
This stomps on the r9 reg to do the sk_fullsock check and then when
reading the skops->sk field instead of the sk pointer we get the
sk_fullsock. To fix use similar pattern noted in the previous fix
and use the temp field to save/restore a register used to do
sk_fullsock check.
After the fix the generated xlated code reads,
52: (7b) *(u64 *)(r9 +32) = r8
53: (61) r8 = *(u32 *)(r9 +28)
54: (15) if r9 == 0x0 goto pc+3
55: (79) r8 = *(u64 *)(r9 +32)
56: (79) r9 = *(u64 *)(r9 +0)
57: (05) goto pc+1
58: (79) r8 = *(u64 *)(r9 +32)
Here r9 register was in-use so r8 is chosen as the temporary register.
In line 52 r8 is saved in temp variable and at line 54 restored in case
fullsock != 0. Finally we handle fullsock == 0 case by restoring at
line 58.
This adds a new macro SOCK_OPS_GET_SK it is almost possible to merge
this with SOCK_OPS_GET_FIELD, but I found the extra branch logic a
bit more confusing than just adding a new macro despite a bit of
duplicating code.
Fixes:
1314ef561102e ("bpf: export bpf_sock for BPF_PROG_TYPE_SOCK_OPS prog type")
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Song Liu <songliubraving@fb.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Link: https://lore.kernel.org/bpf/159718349653.4728.6559437186853473612.stgit@john-Precision-5820-Tower
John Fastabend [Tue, 11 Aug 2020 22:04:37 +0000 (15:04 -0700)]
bpf: sock_ops ctx access may stomp registers in corner case
I had a sockmap program that after doing some refactoring started spewing
this splat at me:
[18610.807284] BUG: unable to handle kernel NULL pointer dereference at
0000000000000001
[...]
[18610.807359] Call Trace:
[18610.807370] ? 0xffffffffc114d0d5
[18610.807382] __cgroup_bpf_run_filter_sock_ops+0x7d/0xb0
[18610.807391] tcp_connect+0x895/0xd50
[18610.807400] tcp_v4_connect+0x465/0x4e0
[18610.807407] __inet_stream_connect+0xd6/0x3a0
[18610.807412] ? __inet_stream_connect+0x5/0x3a0
[18610.807417] inet_stream_connect+0x3b/0x60
[18610.807425] __sys_connect+0xed/0x120
After some debugging I was able to build this simple reproducer,
__section("sockops/reproducer_bad")
int bpf_reproducer_bad(struct bpf_sock_ops *skops)
{
volatile __maybe_unused __u32 i = skops->snd_ssthresh;
return 0;
}
And along the way noticed that below program ran without splat,
__section("sockops/reproducer_good")
int bpf_reproducer_good(struct bpf_sock_ops *skops)
{
volatile __maybe_unused __u32 i = skops->snd_ssthresh;
volatile __maybe_unused __u32 family;
compiler_barrier();
family = skops->family;
return 0;
}
So I decided to check out the code we generate for the above two
programs and noticed each generates the BPF code you would expect,
0000000000000000 <bpf_reproducer_bad>:
; volatile __maybe_unused __u32 i = skops->snd_ssthresh;
0: r1 = *(u32 *)(r1 + 96)
1: *(u32 *)(r10 - 4) = r1
; return 0;
2: r0 = 0
3: exit
0000000000000000 <bpf_reproducer_good>:
; volatile __maybe_unused __u32 i = skops->snd_ssthresh;
0: r2 = *(u32 *)(r1 + 96)
1: *(u32 *)(r10 - 4) = r2
; family = skops->family;
2: r1 = *(u32 *)(r1 + 20)
3: *(u32 *)(r10 - 8) = r1
; return 0;
4: r0 = 0
5: exit
So we get reasonable assembly, but still something was causing the null
pointer dereference. So, we load the programs and dump the xlated version
observing that line 0 above 'r* = *(u32 *)(r1 +96)' is going to be
translated by the skops access helpers.
int bpf_reproducer_bad(struct bpf_sock_ops * skops):
; volatile __maybe_unused __u32 i = skops->snd_ssthresh;
0: (61) r1 = *(u32 *)(r1 +28)
1: (15) if r1 == 0x0 goto pc+2
2: (79) r1 = *(u64 *)(r1 +0)
3: (61) r1 = *(u32 *)(r1 +2340)
; volatile __maybe_unused __u32 i = skops->snd_ssthresh;
4: (63) *(u32 *)(r10 -4) = r1
; return 0;
5: (b7) r0 = 0
6: (95) exit
int bpf_reproducer_good(struct bpf_sock_ops * skops):
; volatile __maybe_unused __u32 i = skops->snd_ssthresh;
0: (61) r2 = *(u32 *)(r1 +28)
1: (15) if r2 == 0x0 goto pc+2
2: (79) r2 = *(u64 *)(r1 +0)
3: (61) r2 = *(u32 *)(r2 +2340)
; volatile __maybe_unused __u32 i = skops->snd_ssthresh;
4: (63) *(u32 *)(r10 -4) = r2
; family = skops->family;
5: (79) r1 = *(u64 *)(r1 +0)
6: (69) r1 = *(u16 *)(r1 +16)
; family = skops->family;
7: (63) *(u32 *)(r10 -8) = r1
; return 0;
8: (b7) r0 = 0
9: (95) exit
Then we look at lines 0 and 2 above. In the good case we do the zero
check in r2 and then load 'r1 + 0' at line 2. Do a quick cross-check
into the bpf_sock_ops check and we can confirm that is the 'struct
sock *sk' pointer field. But, in the bad case,
0: (61) r1 = *(u32 *)(r1 +28)
1: (15) if r1 == 0x0 goto pc+2
2: (79) r1 = *(u64 *)(r1 +0)
Oh no, we read 'r1 +28' into r1, this is skops->fullsock and then in
line 2 we read the 'r1 +0' as a pointer. Now jumping back to our spat,
[18610.807284] BUG: unable to handle kernel NULL pointer dereference at
0000000000000001
The 0x01 makes sense because that is exactly the fullsock value. And
its not a valid dereference so we splat.
To fix we need to guard the case when a program is doing a sock_ops field
access with src_reg == dst_reg. This is already handled in the load case
where the ctx_access handler uses a tmp register being careful to
store the old value and restore it. To fix the get case test if
src_reg == dst_reg and in this case do the is_fullsock test in the
temporary register. Remembering to restore the temporary register before
writing to either dst_reg or src_reg to avoid smashing the pointer into
the struct holding the tmp variable.
Adding this inline code to test_tcpbpf_kern will now be generated
correctly from,
9: r2 = *(u32 *)(r2 + 96)
to xlated code,
12: (7b) *(u64 *)(r2 +32) = r9
13: (61) r9 = *(u32 *)(r2 +28)
14: (15) if r9 == 0x0 goto pc+4
15: (79) r9 = *(u64 *)(r2 +32)
16: (79) r2 = *(u64 *)(r2 +0)
17: (61) r2 = *(u32 *)(r2 +2348)
18: (05) goto pc+1
19: (79) r9 = *(u64 *)(r2 +32)
And in the normal case we keep the original code, because really this
is an edge case. From this,
9: r2 = *(u32 *)(r6 + 96)
to xlated code,
22: (61) r2 = *(u32 *)(r6 +28)
23: (15) if r2 == 0x0 goto pc+2
24: (79) r2 = *(u64 *)(r6 +0)
25: (61) r2 = *(u32 *)(r2 +2348)
So three additional instructions if dst == src register, but I scanned
my current code base and did not see this pattern anywhere so should
not be a big deal. Further, it seems no one else has hit this or at
least reported it so it must a fairly rare pattern.
Fixes:
9b1f3d6e5af29 ("bpf: Refactor sock_ops_convert_ctx_access")
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Song Liu <songliubraving@fb.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Link: https://lore.kernel.org/bpf/159718347772.4728.2781381670567919577.stgit@john-Precision-5820-Tower
Toke Høiland-Jørgensen [Thu, 13 Aug 2020 14:29:05 +0000 (16:29 +0200)]
libbpf: Prevent overriding errno when logging errors
Turns out there were a few more instances where libbpf didn't save the
errno before writing an error message, causing errno to be overridden by
the printf() return and the error disappearing if logging is enabled.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Andrii Nakryiko <andriin@fb.com>
Link: https://lore.kernel.org/bpf/20200813142905.160381-1-toke@redhat.com
Linus Torvalds [Thu, 13 Aug 2020 19:38:32 +0000 (12:38 -0700)]
Merge tag 's390-5.9-2' of git://git./linux/kernel/git/s390/linux
Pull more s390 updates from Heiko Carstens:
- Allow s390 debug feature to handle finally more than 256 CPU numbers,
instead of truncating the most significant bits.
- Improve THP splitting required by qemu processes by making use of
walk_page_vma() instead of calling follow_page() for every single
page within each vma.
- Add missing ZCRYPT dependency to VFIO_AP to fix potential compile
problems.
- Remove not required select CLOCKSOURCE_VALIDATE_LAST_CYCLE again.
- Set node distance to LOCAL_DISTANCE instead of 0, since e.g. libnuma
translates a node distance of 0 to "no NUMA support available".
- Couple of other minor fixes and improvements.
* tag 's390-5.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/numa: move code to arch/s390/kernel
s390/time: remove select CLOCKSOURCE_VALIDATE_LAST_CYCLE again
s390/debug: debug feature version 3
s390/Kconfig: add missing ZCRYPT dependency to VFIO_AP
s390/numa: set node distance to LOCAL_DISTANCE
s390/pkey: remove redundant variable initialization
s390/test_unwind: fix possible memleak in test_unwind()
s390/gmap: improve THP splitting
s390/atomic: circumvent gcc 10 build regression
Linus Torvalds [Thu, 13 Aug 2020 19:26:18 +0000 (12:26 -0700)]
Merge tag 'for-5.9-tag' of git://git./linux/kernel/git/kdave/linux
Pull more btrfs updates from David Sterba:
"One minor update, the rest are fixes that have arrived a bit late for
the first batch. There are also some recent fixes for bugs that were
discovered during the merge window and pop up during testing.
User visible change:
- show correct subvolume path in /proc/mounts for bind mounts
Fixes:
- fix compression messages when remounting with different level or
compression algorithm
- tree-log: fix some memory leaks on error handling paths
- restore I_VERSION on remount
- fix return values and error code mixups
- fix umount crash with quotas enabled when removing sysfs files
- fix trim range on a shrunk device"
* tag 'for-5.9-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
btrfs: trim: fix underflow in trim length to prevent access beyond device boundary
btrfs: fix return value mixup in btrfs_get_extent
btrfs: sysfs: fix NULL pointer dereference at btrfs_sysfs_del_qgroups()
btrfs: check correct variable after allocation in btrfs_backref_iter_alloc
btrfs: make sure SB_I_VERSION doesn't get unset by remount
btrfs: fix memory leaks after failure to lookup checksums during inode logging
btrfs: don't show full path of bind mounts in subvol=
btrfs: fix messages after changing compression level by remount
btrfs: only search for left_info if there is no right_info in try_merge_free_space
btrfs: inode: fix NULL pointer dereference if inode doesn't need compression
Linus Torvalds [Thu, 13 Aug 2020 19:22:19 +0000 (12:22 -0700)]
Merge tag 'xfs-5.9-merge-8' of git://git./fs/xfs/xfs-linux
Pull xfs fixes from Darrick Wong:
"Two small fixes that have come in during the past week:
- Fix duplicated words in comments
- Fix an ubsan complaint about null pointer arithmetic"
* tag 'xfs-5.9-merge-8' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init
xfs: delete duplicated words + other fixes
Linus Torvalds [Thu, 13 Aug 2020 19:18:07 +0000 (12:18 -0700)]
Merge tag 'exfat-for-5.9-rc1' of git://git./linux/kernel/git/linkinjeon/exfat
Pull exfat updates from Namjae Jeon:
- don't clear MediaFailure and VolumeDirty bit in volume flags if these
were already set before mounting
- write multiple dirty buffers at once in sync mode
- remove unneeded EXFAT_SB_DIRTY bit set
* tag 'exfat-for-5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat:
exfat: retain 'VolumeFlags' properly
exfat: optimize exfat_zeroed_cluster()
exfat: add error check when updating dir-entries
exfat: write multiple sectors at once
exfat: remove EXFAT_SB_DIRTY flag
Johannes Weiner [Thu, 13 Aug 2020 14:40:54 +0000 (10:40 -0400)]
mm: memcontrol: fix warning when allocating the root cgroup
Commit
3e38e0aaca9e ("mm: memcg: charge memcg percpu memory to the
parent cgroup") adds memory tracking to the memcg kernel structures
themselves to make cgroups liable for the memory they are consuming
through the allocation of child groups (which can be significant).
This code is a bit awkward as it's spread out through several functions:
The outermost function does memalloc_use_memcg(parent) to set up
current->active_memcg, which designates which cgroup to charge, and the
inner functions pass GFP_ACCOUNT to request charging for specific
allocations. To make sure this dependency is satisfied at all times -
to make sure we don't randomly charge whoever is calling the functions -
the inner functions warn on !current->active_memcg.
However, this triggers a false warning when the root memcg itself is
allocated. No parent exists in this case, and so current->active_memcg
is rightfully NULL. It's a false positive, not indicative of a bug.
Delete the warnings for now, we can revisit this later.
Fixes:
3e38e0aaca9e ("mm: memcg: charge memcg percpu memory to the parent cgroup")
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Acked-by: Roman Gushchin <guro@fb.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Oleksandr Andrushchenko [Thu, 13 Aug 2020 12:00:38 +0000 (14:00 +0200)]
drm/xen-front: Pass dumb buffer data offset to the backend
While importing a dmabuf it is possible that the data of the buffer
is put with offset which is indicated by the SGT offset.
Respect the offset value and forward it to the backend.
Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Acked-by: Noralf Trønnes <noralf@tronnes.org>
Signed-off-by: Juergen Gross <jgross@suse.com>
Oleksandr Andrushchenko [Thu, 13 Aug 2020 06:21:12 +0000 (09:21 +0300)]
xen: Sync up with the canonical protocol definition in Xen
This is the sync up with the canonical definition of the
display protocol in Xen.
1. Add protocol version as an integer
Version string, which is in fact an integer, is hard to handle in the
code that supports different protocol versions. To simplify that
also add the version as an integer.
2. Pass buffer offset with XENDISPL_OP_DBUF_CREATE
There are cases when display data buffer is created with non-zero
offset to the data start. Handle such cases and provide that offset
while creating a display buffer.
3. Add XENDISPL_OP_GET_EDID command
Add an optional request for reading Extended Display Identification
Data (EDID) structure which allows better configuration of the
display connectors over the configuration set in XenStore.
With this change connectors may have multiple resolutions defined
with respect to detailed timing definitions and additional properties
normally provided by displays.
If this request is not supported by the backend then visible area
is defined by the relevant XenStore's "resolution" property.
If backend provides extended display identification data (EDID) with
XENDISPL_OP_GET_EDID request then EDID values must take precedence
over the resolutions defined in XenStore.
4. Bump protocol version to 2.
Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Link: https://lore.kernel.org/r/20200813062113.11030-5-andr2000@gmail.com
Signed-off-by: Juergen Gross <jgross@suse.com>
Oleksandr Andrushchenko [Thu, 13 Aug 2020 06:21:11 +0000 (09:21 +0300)]
drm/xen-front: Add YUYV to supported formats
Add YUYV to supported formats, so the frontend can work with the
formats used by cameras and other HW.
Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Acked-by: Noralf Trønnes <noralf@tronnes.org>
Link: https://lore.kernel.org/r/20200813062113.11030-4-andr2000@gmail.com
Signed-off-by: Juergen Gross <jgross@suse.com>
Oleksandr Andrushchenko [Thu, 13 Aug 2020 06:21:10 +0000 (09:21 +0300)]
drm/xen-front: Fix misused IS_ERR_OR_NULL checks
The patch
c575b7eeb89f: "drm/xen-front: Add support for Xen PV
display frontend" from Apr 3, 2018, leads to the following static
checker warning:
drivers/gpu/drm/xen/xen_drm_front_gem.c:140 xen_drm_front_gem_create()
warn: passing zero to 'ERR_CAST'
drivers/gpu/drm/xen/xen_drm_front_gem.c
133 struct drm_gem_object *xen_drm_front_gem_create(struct drm_device *dev,
134 size_t size)
135 {
136 struct xen_gem_object *xen_obj;
137
138 xen_obj = gem_create(dev, size);
139 if (IS_ERR_OR_NULL(xen_obj))
140 return ERR_CAST(xen_obj);
Fix this and the rest of misused places with IS_ERR_OR_NULL in the
driver.
Fixes:
c575b7eeb89f: "drm/xen-front: Add support for Xen PV display frontend"
Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200813062113.11030-3-andr2000@gmail.com
Signed-off-by: Juergen Gross <jgross@suse.com>
Oleksandr Andrushchenko [Thu, 13 Aug 2020 06:21:09 +0000 (09:21 +0300)]
xen/gntdev: Fix dmabuf import with non-zero sgt offset
It is possible that the scatter-gather table during dmabuf import has
non-zero offset of the data, but user-space doesn't expect that.
Fix this by failing the import, so user-space doesn't access wrong data.
Fixes:
bf8dc55b1358 ("xen/gntdev: Implement dma-buf import functionality")
Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Acked-by: Juergen Gross <jgross@suse.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200813062113.11030-2-andr2000@gmail.com
Signed-off-by: Juergen Gross <jgross@suse.com>
Ondrej Mosnacek [Wed, 12 Aug 2020 12:58:25 +0000 (14:58 +0200)]
crypto: algif_aead - fix uninitialized ctx->init
In skcipher_accept_parent_nokey() the whole af_alg_ctx structure is
cleared by memset() after allocation, so add such memset() also to
aead_accept_parent_nokey() so that the new "init" field is also
initialized to zero. Without that the initial ctx->init checks might
randomly return true and cause errors.
While there, also remove the redundant zero assignments in both
functions.
Found via libkcapi testsuite.
Cc: Stephan Mueller <smueller@chronox.de>
Fixes:
f3c802a1f300 ("crypto: algif_aead - Only wake up when ctx->more is zero")
Suggested-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Jiri Olsa [Wed, 12 Aug 2020 12:31:02 +0000 (14:31 +0200)]
bpf: Iterate through all PT_NOTE sections when looking for build id
Currently when we look for build id within bpf_get_stackid helper
call, we check the first NOTE section and we fail if build id is
not there.
However on some system (Fedora) there can be multiple NOTE sections
in binaries and build id data is not always the first one, like:
$ readelf -a /usr/bin/ls
...
[ 2] .note.gnu.propert NOTE
0000000000000338 00000338
0000000000000020 0000000000000000 A 0 0 8358
[ 3] .note.gnu.build-i NOTE
0000000000000358 00000358
0000000000000024 0000000000000000 A 0 0 437c
[ 4] .note.ABI-tag NOTE
000000000000037c 0000037c
...
So the stack_map_get_build_id function will fail on build id retrieval
and fallback to BPF_STACK_BUILD_ID_IP.
This patch is changing the stack_map_get_build_id code to iterate
through all the NOTE sections and try to get build id data from
each of them.
When tracing on sched_switch tracepoint that does bpf_get_stackid
helper call kernel build, I can see about 60% increase of successful
build id retrieval. The rest seems fails on -EFAULT.
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Song Liu <songliubraving@fb.com>
Link: https://lore.kernel.org/bpf/20200812123102.20032-1-jolsa@kernel.org
Jean-Philippe Brucker [Wed, 12 Aug 2020 14:39:10 +0000 (16:39 +0200)]
libbpf: Handle GCC built-in types for Arm NEON
When building Arm NEON (SIMD) code from lib/raid6/neon.uc, GCC emits
DWARF information using a base type "__Poly8_t", which is internal to
GCC and not recognized by Clang. This causes build failures when
building with Clang a vmlinux.h generated from an arm64 kernel that was
built with GCC.
vmlinux.h:47284:9: error: unknown type name '__Poly8_t'
typedef __Poly8_t poly8x16_t[16];
^~~~~~~~~
The polyX_t types are defined as unsigned integers in the "Arm C
Language Extension" document (101028_Q220_00_en). Emit typedefs based on
standard integer types for the GCC internal types, similar to those
emitted by Clang.
Including linux/kernel.h to use ARRAY_SIZE() incidentally redefined
max(), causing a build bug due to different types, hence the seemingly
unrelated change.
Reported-by: Jakov Petrina <jakov.petrina@sartura.hr>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Andrii Nakryiko <andriin@fb.com>
Link: https://lore.kernel.org/bpf/20200812143909.3293280-1-jean-philippe@linaro.org
Andrii Nakryiko [Wed, 12 Aug 2020 02:59:07 +0000 (19:59 -0700)]
tools/bpftool: Make skeleton code C++17-friendly by dropping typeof()
Seems like C++17 standard mode doesn't recognize typeof() anymore. This can
be tested by compiling test_cpp test with -std=c++17 or -std=c++1z options.
The use of typeof in skeleton generated code is unnecessary, all types are
well-known at the time of code generation, so remove all typeof()'s to make
skeleton code more future-proof when interacting with C++ compilers.
Fixes:
985ead416df3 ("bpftool: Add skeleton codegen command")
Signed-off-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Song Liu <songliubraving@fb.com>
Link: https://lore.kernel.org/bpf/20200812025907.1371956-1-andriin@fb.com
Andrii Nakryiko [Wed, 12 Aug 2020 02:29:23 +0000 (19:29 -0700)]
bpf: Fix XDP FD-based attach/detach logic around XDP_FLAGS_UPDATE_IF_NOEXIST
Enforce XDP_FLAGS_UPDATE_IF_NOEXIST only if new BPF program to be attached is
non-NULL (i.e., we are not detaching a BPF program).
Fixes:
d4baa9368a5e ("bpf, xdp: Extract common XDP program attachment logic")
Reported-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Tested-by: Stanislav Fomichev <sdf@google.com>
Acked-by: Toke Høiland-Jørgensen <toke@redhat.com>
Link: https://lore.kernel.org/bpf/20200812022923.1217922-1-andriin@fb.com
Linus Torvalds [Thu, 13 Aug 2020 00:17:00 +0000 (17:17 -0700)]
Merge tag 'rtc-5.9' of git://git./linux/kernel/git/abelloni/linux
Pull RTC updates from Alexandre Belloni:
"Not much this cycle - mostly non urgent driver fixes:
- ds1374: use watchdog core
- pcf2127: add alarm and pcf2129 support"
* tag 'rtc-5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux:
rtc: pcf2127: fix alarm handling
rtc: pcf2127: add alarm support
rtc: pcf2127: add pca2129 device id
rtc: max77686: Fix wake-ups for max77620
rtc: ds1307: provide an indication that the watchdog has fired
rtc: ds1374: remove unused define
rtc: ds1374: fix RTC_DRV_DS1374_WDT dependencies
rtc: cleanup obsolete comment about struct rtc_class_ops
rtc: pl031: fix set_alarm by adding back call to alarm_irq_enable
rtc: ds1374: wdt: Use watchdog core for watchdog part
rtc: Replace HTTP links with HTTPS ones
rtc: goldfish: Enable interrupt in set_alarm() when necessary
rtc: max77686: Do not allow interrupt to fire before system resume
rtc: imxdi: fix trivial typos
rtc: cpcap: fix range
David S. Miller [Wed, 12 Aug 2020 20:26:37 +0000 (13:26 -0700)]
Revert "ipv4: tunnel: fix compilation on ARCH=um"
This reverts commit
06a7a37be55e29961c9ba2abec4d07c8e0e21861.
The bug was already fixed, this added a dup include.
Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Wed, 12 Aug 2020 01:34:40 +0000 (18:34 -0700)]
net: accept an empty mask in /sys/class/net/*/queues/rx-*/rps_cpus
We must accept an empty mask in store_rps_map(), or we are not able
to disable RPS on a queue.
Fixes:
07bbecb34106 ("net: Restrict receive packets queuing to housekeeping CPUs")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Maciej Żenczykowski <maze@google.com>
Cc: Alex Belits <abelits@marvell.com>
Cc: Nitesh Narayan Lal <nitesh@redhat.com>
Cc: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Maciej Żenczykowski <maze@google.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Nitesh Narayan Lal <nitesh@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Wed, 12 Aug 2020 20:12:52 +0000 (13:12 -0700)]
Merge branch 'net-stmmac-Fix-multicast-filter-on-IPQ806x'
Jonathan McDowell says:
====================
net: stmmac: Fix multicast filter on IPQ806x
This pair of patches are the result of discovering a failure to
correctly receive IPv6 multicast packets on such a device (in particular
DHCPv6 requests and RA solicitations). Putting the device into
promiscuous mode, or allmulti, both resulted in such packets correctly
being received. Examination of the vendor driver (nss-gmac from the
qsdk) shows that it does not enable the multicast filter and instead
falls back to allmulti.
Extend the base dwmac1000 driver to fall back when there's no suitable
hardware filter, and update the ipq806x platform to request this.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Jonathan McDowell [Wed, 12 Aug 2020 19:37:23 +0000 (20:37 +0100)]
net: ethernet: stmmac: Disable hardware multicast filter
The IPQ806x does not appear to have a functional multicast ethernet
address filter. This was observed as a failure to correctly receive IPv6
packets on a LAN to the all stations address. Checking the vendor driver
shows that it does not attempt to enable the multicast filter and
instead falls back to receiving all multicast packets, internally
setting ALLMULTI.
Use the new fallback support in the dwmac1000 driver to correctly
achieve the same with the mainline IPQ806x driver. Confirmed to fix IPv6
functionality on an RB3011 router.
Cc: stable@vger.kernel.org
Signed-off-by: Jonathan McDowell <noodles@earth.li>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jonathan McDowell [Wed, 12 Aug 2020 19:37:01 +0000 (20:37 +0100)]
net: stmmac: dwmac1000: provide multicast filter fallback
If we don't have a hardware multicast filter available then instead of
silently failing to listen for the requested ethernet broadcast
addresses fall back to receiving all multicast packets, in a similar
fashion to other drivers with no multicast filter.
Cc: stable@vger.kernel.org
Signed-off-by: Jonathan McDowell <noodles@earth.li>
Signed-off-by: David S. Miller <davem@davemloft.net>
Dhananjay Phadke [Tue, 11 Aug 2020 00:42:40 +0000 (17:42 -0700)]
i2c: iproc: fix race between client unreg and isr
When i2c client unregisters, synchronize irq before setting
iproc_i2c->slave to NULL.
(1) disable_irq()
(2) Mask event enable bits in control reg
(3) Erase slave address (avoid further writes to rx fifo)
(4) Flush tx and rx FIFOs
(5) Clear pending event (interrupt) bits in status reg
(6) enable_irq()
(7) Set client pointer to NULL
Unable to handle kernel NULL pointer dereference at virtual address
0000000000000318
[ 371.020421] pc : bcm_iproc_i2c_isr+0x530/0x11f0
[ 371.025098] lr : __handle_irq_event_percpu+0x6c/0x170
[ 371.030309] sp :
ffff800010003e40
[ 371.033727] x29:
ffff800010003e40 x28:
0000000000000060
[ 371.039206] x27:
ffff800010ca9de0 x26:
ffff800010f895df
[ 371.044686] x25:
ffff800010f18888 x24:
ffff0008f7ff3600
[ 371.050165] x23:
0000000000000003 x22:
0000000001600000
[ 371.055645] x21:
ffff800010f18888 x20:
0000000001600000
[ 371.061124] x19:
ffff0008f726f080 x18:
0000000000000000
[ 371.066603] x17:
0000000000000000 x16:
0000000000000000
[ 371.072082] x15:
0000000000000000 x14:
0000000000000000
[ 371.077561] x13:
0000000000000000 x12:
0000000000000001
[ 371.083040] x11:
0000000000000000 x10:
0000000000000040
[ 371.088519] x9 :
ffff800010f317c8 x8 :
ffff800010f317c0
[ 371.093999] x7 :
ffff0008f805b3b0 x6 :
0000000000000000
[ 371.099478] x5 :
ffff0008f7ff36a4 x4 :
ffff8008ee43d000
[ 371.104957] x3 :
0000000000000000 x2 :
ffff8000107d64c0
[ 371.110436] x1 :
00000000c00000af x0 :
0000000000000000
[ 371.115916] Call trace:
[ 371.118439] bcm_iproc_i2c_isr+0x530/0x11f0
[ 371.122754] __handle_irq_event_percpu+0x6c/0x170
[ 371.127606] handle_irq_event_percpu+0x34/0x88
[ 371.132189] handle_irq_event+0x40/0x120
[ 371.136234] handle_fasteoi_irq+0xcc/0x1a0
[ 371.140459] generic_handle_irq+0x24/0x38
[ 371.144594] __handle_domain_irq+0x60/0xb8
[ 371.148820] gic_handle_irq+0xc0/0x158
[ 371.152687] el1_irq+0xb8/0x140
[ 371.155927] arch_cpu_idle+0x10/0x18
[ 371.159615] do_idle+0x204/0x290
[ 371.162943] cpu_startup_entry+0x24/0x60
[ 371.166990] rest_init+0xb0/0xbc
[ 371.170322] arch_call_rest_init+0xc/0x14
[ 371.174458] start_kernel+0x404/0x430
Fixes:
c245d94ed106 ("i2c: iproc: Add multi byte read-write support for slave mode")
Signed-off-by: Dhananjay Phadke <dphadke@linux.microsoft.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Acked-by: Ray Jui <ray.jui@broadcom.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Johannes Berg [Wed, 12 Aug 2020 19:08:53 +0000 (21:08 +0200)]
ipv4: tunnel: fix compilation on ARCH=um
With certain configurations, a 64-bit ARCH=um errors
out here with an unknown csum_ipv6_magic() function.
Include the right header file to always have it.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stefano Garzarella [Wed, 12 Aug 2020 12:56:02 +0000 (14:56 +0200)]
vsock: fix potential null pointer dereference in vsock_poll()
syzbot reported this issue where in the vsock_poll() we find the
socket state at TCP_ESTABLISHED, but 'transport' is null:
general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097]
CPU: 0 PID: 8227 Comm: syz-executor.2 Not tainted 5.8.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:vsock_poll+0x75a/0x8e0 net/vmw_vsock/af_vsock.c:1038
Call Trace:
sock_poll+0x159/0x460 net/socket.c:1266
vfs_poll include/linux/poll.h:90 [inline]
do_pollfd fs/select.c:869 [inline]
do_poll fs/select.c:917 [inline]
do_sys_poll+0x607/0xd40 fs/select.c:1011
__do_sys_poll fs/select.c:1069 [inline]
__se_sys_poll fs/select.c:1057 [inline]
__x64_sys_poll+0x18c/0x440 fs/select.c:1057
do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:384
entry_SYSCALL_64_after_hwframe+0x44/0xa9
This issue can happen if the TCP_ESTABLISHED state is set after we read
the vsk->transport in the vsock_poll().
We could put barriers to synchronize, but this can only happen during
connection setup, so we can simply check that 'transport' is valid.
Fixes:
c0cfa2d8a788 ("vsock: add multi-transports support")
Reported-and-tested-by: syzbot+a61bac2fcc1a7c6623fe@syzkaller.appspotmail.com
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Jorgen Hansen <jhansen@vmware.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Edward Cree [Wed, 12 Aug 2020 09:32:49 +0000 (10:32 +0100)]
sfc: fix ef100 design-param checking
The handling of the RXQ/TXQ size granularity design-params had two
problems: it had a 64-bit divide that didn't build on 32-bit platforms,
and it could divide by zero if the NIC supplied 0 as the value of the
design-param. Fix both by checking for 0 and for a granularity bigger
than our min-size; if the granularity <= EFX_MIN_DMAQ_SIZE then it fits
in 32 bits, so we can cast it to u32 for the divide.
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Edward Cree <ecree@solarflare.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Wed, 12 Aug 2020 19:51:31 +0000 (12:51 -0700)]
Merge tag 'ceph-for-5.9-rc1' of git://github.com/ceph/ceph-client
Pull ceph updates from Ilya Dryomov:
"Xiubo has completed his work on filesystem client metrics, they are
sent to all available MDSes once per second now.
Other than that, we have a lot of fixes and cleanups all around the
filesystem, including a tweak to cut down on MDS request resends in
multi-MDS setups from Yanhu and fixups for SELinux symlink labeling
and MClientSession message decoding from Jeff"
* tag 'ceph-for-5.9-rc1' of git://github.com/ceph/ceph-client: (22 commits)
ceph: handle zero-length feature mask in session messages
ceph: use frag's MDS in either mode
ceph: move sb->wb_pagevec_pool to be a global mempool
ceph: set sec_context xattr on symlink creation
ceph: remove redundant initialization of variable mds
ceph: fix use-after-free for fsc->mdsc
ceph: remove unused variables in ceph_mdsmap_decode()
ceph: delete repeated words in fs/ceph/
ceph: send client provided metric flags in client metadata
ceph: periodically send perf metrics to MDSes
ceph: check the sesion state and return false in case it is closed
libceph: replace HTTP links with HTTPS ones
ceph: remove unnecessary cast in kfree()
libceph: just have osd_req_op_init() return a pointer
ceph: do not access the kiocb after aio requests
ceph: clean up and optimize ceph_check_delayed_caps()
ceph: fix potential mdsc use-after-free crash
ceph: switch to WARN_ON_ONCE in encode_supported_features()
ceph: add global total_caps to count the mdsc's total caps number
ceph: add check_session_state() helper and make it global
...
Linus Torvalds [Wed, 12 Aug 2020 19:41:15 +0000 (12:41 -0700)]
Merge branch 'parisc-5.9-2' of git://git./linux/kernel/git/deller/parisc-linux
Pull more parisc updates from Helge Deller:
- Oscar Carter contributed a patch which fixes parisc's usage of
dereference_function_descriptor() and thus will allow using the
-Wcast-function-type compiler option in the top-level Makefile
- Sven Schnelle fixed a bug in the SBA code to prevent crashes during
kexec
- John David Anglin provided implementations for __smp_store_release()
and __smp_load_acquire barriers() which avoids using the sync
assembler instruction and thus speeds up barrier paths
- Some whitespace cleanups in parisc's atomic.h header file
* 'parisc-5.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
parisc: Implement __smp_store_release and __smp_load_acquire barriers
parisc: mask out enable and reserved bits from sba imask
parisc: Whitespace cleanups in atomic.h
parisc/kernel/ftrace: Remove function callback casts
sections.h: dereference_function_descriptor() returns void pointer
Linus Torvalds [Wed, 12 Aug 2020 19:25:06 +0000 (12:25 -0700)]
Merge tag 'for-linus' of git://git./virt/kvm/kvm
Pull more KVM updates from Paolo Bonzini:
"PPC:
- Improvements and bugfixes for secure VM support, giving reduced
startup time and memory hotplug support.
- Locking fixes in nested KVM code
- Increase number of guests supported by HV KVM to 4094
- Preliminary POWER10 support
ARM:
- Split the VHE and nVHE hypervisor code bases, build the EL2 code
separately, allowing for the VHE code to now be built with
instrumentation
- Level-based TLB invalidation support
- Restructure of the vcpu register storage to accomodate the NV code
- Pointer Authentication available for guests on nVHE hosts
- Simplification of the system register table parsing
- MMU cleanups and fixes
- A number of post-32bit cleanups and other fixes
MIPS:
- compilation fixes
x86:
- bugfixes
- support for the SERIALIZE instruction"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (70 commits)
KVM: MIPS/VZ: Fix build error caused by 'kvm_run' cleanup
x86/kvm/hyper-v: Synic default SCONTROL MSR needs to be enabled
MIPS: KVM: Convert a fallthrough comment to fallthrough
MIPS: VZ: Only include loongson_regs.h for CPU_LOONGSON64
x86: Expose SERIALIZE for supported cpuid
KVM: x86: Don't attempt to load PDPTRs when 64-bit mode is enabled
KVM: arm64: Move S1PTW S2 fault logic out of io_mem_abort()
KVM: arm64: Don't skip cache maintenance for read-only memslots
KVM: arm64: Handle data and instruction external aborts the same way
KVM: arm64: Rename kvm_vcpu_dabt_isextabt()
KVM: arm: Add trace name for ARM_NISV
KVM: arm64: Ensure that all nVHE hyp code is in .hyp.text
KVM: arm64: Substitute RANDOMIZE_BASE for HARDEN_EL2_VECTORS
KVM: arm64: Make nVHE ASLR conditional on RANDOMIZE_BASE
KVM: PPC: Book3S HV: Rework secure mem slot dropping
KVM: PPC: Book3S HV: Move kvmppc_svm_page_out up
KVM: PPC: Book3S HV: Migrate hot plugged memory
KVM: PPC: Book3S HV: In H_SVM_INIT_DONE, migrate remaining normal-GFNs to secure-GFNs
KVM: PPC: Book3S HV: Track the state GFNs associated with secure VMs
KVM: PPC: Book3S HV: Disable page merging in H_SVM_INIT_START
...
Linus Torvalds [Wed, 12 Aug 2020 19:19:49 +0000 (12:19 -0700)]
Merge tag 'clk-for-linus' of git://git./linux/kernel/git/clk/linux
Pull more clk updates from Stephen Boyd:
"Here's some more updates that missed the last pull request because I
happened to tag the tree at an earlier point in the history of
clk-next. I must have fat fingered it and checked out an older version
of clk-next on this second computer I'm using.
This time it actually includes more code for Qualcomm SoCs, the AT91
major updates, and some Rockchip SoC clk driver updates as well. I've
corrected this flow so this shouldn't happen again"
* tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: (83 commits)
clk: bcm2835: Do not use prediv with bcm2711's PLLs
clk: drop unused function __clk_get_flags
clk: hsdk: Fix bad dependency on IOMEM
dt-bindings: clock: Fix YAML schemas for LPASS clocks on SC7180
clk: mmp: avoid missing prototype warning
clk: sparx5: Add Sparx5 SoC DPLL clock driver
dt-bindings: clock: sparx5: Add bindings include file
clk: qoriq: add LS1021A core pll mux options
clk: clk-atlas6: fix return value check in atlas6_clk_init()
clk: tegra: pll: Improve PLLM enable-state detection
clk: X1000: Add support for calculat REFCLK of USB PHY.
clk: JZ4780: Reformat the code to align it.
clk: JZ4780: Add functions for enable and disable USB PHY.
clk: Ingenic: Add RTC related clocks for Ingenic SoCs.
dt-bindings: clock: Add tabs to align code.
dt-bindings: clock: Add RTC related clocks for Ingenic SoCs.
clk: davinci: Use fallthrough pseudo-keyword
clk: imx: Use fallthrough pseudo-keyword
clk: qcom: gcc-sdm660: Fix up gcc_mss_mnoc_bimc_axi_clk
clk: qcom: gcc-sdm660: Add missing modem reset
...
Linus Torvalds [Wed, 12 Aug 2020 19:13:44 +0000 (12:13 -0700)]
Merge tag 'linux-watchdog-5.9-rc1' of git://linux-watchdog.org/linux-watchdog
Pull watchdog updates from Wim Van Sebroeck:
- f71808e_wdt imporvements
- dw_wdt improvements
- mlx-wdt: support new watchdog type with longer timeout period
- fallthrough pseudo-keyword replacements
- overall small fixes and improvements
* tag 'linux-watchdog-5.9-rc1' of git://www.linux-watchdog.org/linux-watchdog: (35 commits)
watchdog: rti-wdt: balance pm runtime enable calls
watchdog: rti-wdt: attach to running watchdog during probe
watchdog: add support for adjusting last known HW keepalive time
watchdog: use __watchdog_ping in startup
watchdog: softdog: Add options 'soft_reboot_cmd' and 'soft_active_on_boot'
watchdog: pcwd_usb: remove needless check before usb_free_coherent()
watchdog: Replace HTTP links with HTTPS ones
dt-bindings: watchdog: renesas,wdt: Document r8a774e1 support
watchdog: initialize device before misc_register
watchdog: booke_wdt: Add common nowayout parameter driver
watchdog: scx200_wdt: Use fallthrough pseudo-keyword
watchdog: Use fallthrough pseudo-keyword
watchdog: f71808e_wdt: do stricter parameter validation
watchdog: f71808e_wdt: clear watchdog timeout occurred flag
watchdog: f71808e_wdt: remove use of wrong watchdog_info option
watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options
docs: watchdog: codify ident.options as superset of possible status flags
dt-bindings: watchdog: Add compatible for QCS404, SC7180, SDM845, SM8150
dt-bindings: watchdog: Convert QCOM watchdog timer bindings to YAML
watchdog: dw_wdt: Add DebugFS files
...