* [PATCH 5.5 000/170] 5.5.14-rc1 review
@ 2020-03-31 8:56 Greg Kroah-Hartman
2020-03-31 8:56 ` [PATCH 5.5 001/170] mmc: core: Allow host controllers to require R1B for CMD6 Greg Kroah-Hartman
` (169 more replies)
0 siblings, 170 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
ben.hutchings, lkft-triage, stable
This is the start of the stable review cycle for the 5.5.14 release.
There are 170 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 02 Apr 2020 08:50:37 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.5.14-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.5.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 5.5.14-rc1
Dafna Hirschfeld <dafna.hirschfeld@collabora.com>
media: v4l2-core: fix a use-after-free bug of sd->devnode
Johan Hovold <johan@kernel.org>
media: xirlink_cit: add missing descriptor sanity checks
Johan Hovold <johan@kernel.org>
media: stv06xx: add missing descriptor sanity checks
Johan Hovold <johan@kernel.org>
media: dib0700: fix rc endpoint lookup
Johan Hovold <johan@kernel.org>
media: ov519: add missing endpoint sanity checks
Eric Biggers <ebiggers@google.com>
libfs: fix infoleak in simple_attr_read()
Kai-Heng Feng <kai.heng.feng@canonical.com>
ahci: Add Intel Comet Lake H RAID PCI ID
Michał Mirosław <mirq-linux@rere.qmqm.pl>
staging: wfx: annotate nested gc_list vs tx queue locking
Michał Mirosław <mirq-linux@rere.qmqm.pl>
staging: wfx: fix init/remove vs IRQ race
Michał Mirosław <mirq-linux@rere.qmqm.pl>
staging: wfx: add proper "compatible" string
Qiujun Huang <hqjagain@gmail.com>
staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback
Qiujun Huang <hqjagain@gmail.com>
staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb
Larry Finger <Larry.Finger@lwfinger.net>
staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table
Dan Carpenter <dan.carpenter@oracle.com>
staging: kpc2000: prevent underflow in cpld_reconfigure()
Johan Hovold <johan@kernel.org>
media: usbtv: fix control-message timeouts
Johan Hovold <johan@kernel.org>
media: flexcop-usb: fix endpoint sanity check
Mans Rullgard <mans@mansr.com>
usb: musb: fix crash with highmen PIO and usbmon
Qiujun Huang <hqjagain@gmail.com>
USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback
Matthias Reichl <hias@horus.com>
USB: cdc-acm: restore capability check order
Pawel Dembicki <paweldembicki@gmail.com>
USB: serial: option: add Wistron Neweb D19Q1
Pawel Dembicki <paweldembicki@gmail.com>
USB: serial: option: add BroadMobi BM806U
Pawel Dembicki <paweldembicki@gmail.com>
USB: serial: option: add support for ASKEY WWHC050
Daniel Borkmann <daniel@iogearbox.net>
bpf: Undo incorrect __reg_bound_offset32 handling
Yubo Xie <yuboxie@microsoft.com>
clocksource/drivers/hyper-v: Untangle stimers and timesync from clocksources
Heiner Kallweit <hkallweit1@gmail.com>
r8169: fix PHY driver check on platforms w/o module softdeps
Torsten Hilbrich <torsten.hilbrich@secunet.com>
vti6: Fix memory leak of skb if input policy check fails
Ondrej Jirman <megous@megous.com>
ARM: dts: sun8i-a83t-tbs-a711: Fix USB OTG mode detection
John Fastabend <john.fastabend@gmail.com>
bpf, sockmap: Remove bucket->lock from sock_{hash|map}_free
Yoshiki Komachi <komachi.yoshiki@gmail.com>
bpf/btf: Fix BTF verification of enum members in struct/union
Andrii Nakryiko <andriin@fb.com>
bpf: Initialize storage pointers to NULL to prevent freeing garbage pointer
Luke Nelson <lukenels@cs.washington.edu>
bpf, x32: Fix bug with JMP32 JSET BPF_X checking upper bits
Kai-Heng Feng <kai.heng.feng@canonical.com>
i2c: nvidia-gpu: Handle timeout correctly in gpu_i2c_check_status()
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nft_fwd_netdev: allow to redirect to ifb via ingress
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nft_fwd_netdev: validate family and chain type
Edward Cree <ecree@solarflare.com>
netfilter: flowtable: populate addr_type mask
Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
netfilter: flowtable: reload ip{v6}h in nf_flow_tuple_ip{v6}
Johannes Berg <johannes.berg@intel.com>
mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX
Johannes Berg <johannes.berg@intel.com>
ieee80211: fix HE SPR size calculation
David Howells <dhowells@redhat.com>
afs: Fix unpinned address list during probing
David Howells <dhowells@redhat.com>
afs: Fix some tracing details
David Howells <dhowells@redhat.com>
afs: Fix client call Rx-phase signal handling
YueHaibing <yuehaibing@huawei.com>
xfrm: policy: Fix doulbe free in xfrm_policy_timer
Xin Long <lucien.xin@gmail.com>
xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire
Xin Long <lucien.xin@gmail.com>
xfrm: fix uctx len check in verify_sec_ctx_len
Maor Gottlieb <maorg@mellanox.com>
RDMA/mlx5: Block delay drop to unprivileged users
Leon Romanovsky <leon@kernel.org>
RDMA/mlx5: Fix access to wrong pointer while performing flush due to error
Mark Zhang <markz@mellanox.com>
RDMA/mlx5: Fix the number of hwcounters of a dynamic counter
Nicolas Dichtel <nicolas.dichtel@6wind.com>
vti[6]: fix packet tx through bpf_redirect() in XinY cases
Raed Salem <raeds@mellanox.com>
xfrm: handle NETDEV_UNREGISTER for xfrm device
Edward Cree <ecree@solarflare.com>
genirq: Fix reference leaks on irq affinity notifiers
David Howells <dhowells@redhat.com>
afs: Fix handling of an abort from a service handler
Mike Marciniszyn <mike.marciniszyn@intel.com>
RDMA/core: Ensure security pkey modify is not lost
Andrii Nakryiko <andriin@fb.com>
bpf: Fix cgroup ref leak in cgroup_bpf_inherit on out-of-memory
Hans de Goede <hdegoede@redhat.com>
gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model
Hans de Goede <hdegoede@redhat.com>
gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option
Hans de Goede <hdegoede@redhat.com>
gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk
Roman Gushchin <guro@fb.com>
mm: fork: fix kernel_stack memcg stats for various stack implementations
Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
mm/sparse: fix kernel crash with pfn_section_valid check
David Hildenbrand <david@redhat.com>
drivers/base/memory.c: indicate all memory blocks as removable
Naohiro Aota <naohiro.aota@wdc.com>
mm/swapfile.c: move inode_lock out of claim_swapfile
Johannes Berg <johannes.berg@intel.com>
mac80211: mark station unauthorized before key removal
Johannes Berg <johannes.berg@intel.com>
mac80211: drop data frames without key on encrypted links
Johannes Berg <johannes.berg@intel.com>
nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type
Martin K. Petersen <martin.petersen@oracle.com>
scsi: sd: Fix optimal I/O size for devices that change reported values
Marek Szyprowski <m.szyprowski@samsung.com>
soc: samsung: chipid: Fix return value on non-Exynos platforms
Shane Francis <bigbeeshane@gmail.com>
drm/radeon: fix scatter-gather mapping with user pages
Shane Francis <bigbeeshane@gmail.com>
drm/amdgpu: fix scatter-gather mapping with user pages
Shane Francis <bigbeeshane@gmail.com>
drm/prime: use dma length macro when mapping sg
Dirk Mueller <dmueller@suse.com>
scripts/dtc: Remove redundant YYLOC global declaration
Masami Hiramatsu <mhiramat@kernel.org>
tools: Let O= makes handle a relative path with -C option
Larry Finger <Larry.Finger@lwfinger.net>
rtlwifi: rtl8188ee: Fix regression due to commit d1d1a96bdb44
Masami Hiramatsu <mhiramat@kernel.org>
perf probe: Do not depend on dwfl_module_addrsym()
Masami Hiramatsu <mhiramat@kernel.org>
perf probe: Fix to delete multiple probe event
Borislav Petkov <bp@suse.de>
x86/ioremap: Fix CONFIG_EFI=n build
Roger Quadros <rogerq@ti.com>
ARM: dts: omap5: Add bus_dma_limit for L3 bus
Roger Quadros <rogerq@ti.com>
ARM: dts: dra7: Add bus_dma_limit for L3 bus
Tom Lendacky <thomas.lendacky@amd.com>
KVM: SVM: Issue WBINVD after deactivating an SEV guest
Luis Henriques <lhenriques@suse.com>
ceph: fix memory leak in ceph_cleanup_snapid_map()
Ilya Dryomov <idryomov@gmail.com>
ceph: check POOL_FLAG_FULL/NEARFULL in addition to OSDMAP_FULL/NEARFULL
Jason Gunthorpe <jgg@ziepe.ca>
RDMA/mad: Do not crash if the rdma device does not have a umad interface
Jason Gunthorpe <jgg@ziepe.ca>
RDMA/nl: Do not permit empty devices names during RDMA_NLDEV_CMD_NEWLINK/SET
Linus Walleij <linus.walleij@linaro.org>
gpiolib: Fix irq_disable() semantics
Jason Gunthorpe <jgg@ziepe.ca>
RDMA/odp: Fix leaking the tgid for implicit ODP
Jason Gunthorpe <jgg@ziepe.ca>
RDMA/core: Fix missing error check on dev_set_name()
Kaike Wan <kaike.wan@intel.com>
IB/rdmavt: Free kernel completion queue when done
Eugene Syromiatnikov <esyr@redhat.com>
Input: avoid BIT() macro usage in the serio.h UAPI header
Yussuf Khalil <dev@pp3345.net>
Input: synaptics - enable RMI on HP Envy 13-ad105ng
Dmitry Torokhov <dmitry.torokhov@gmail.com>
Input: fix stale timestamp on key autorepeat events
Dan Carpenter <dan.carpenter@oracle.com>
Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger()
Chuhong Yuan <hslester96@gmail.com>
i2c: hix5hd2: add missed clk_disable_unprepare in remove
Megha Dey <megha.dey@linux.intel.com>
iommu/vt-d: Populate debugfs if IOMMUs are detected
Megha Dey <megha.dey@linux.intel.com>
iommu/vt-d: Fix debugfs register reads
Dominik Czarnota <dominik.b.czarnota@gmail.com>
sxgbe: Fix off by one in samsung driver strncpy size arg
Nathan Chancellor <natechancellor@gmail.com>
dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom
Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
mac80211: Do not send mesh HWMP PREQ if HWMP is disabled
Wen Xiong <wenxiong@linux.vnet.ibm.com>
scsi: ipr: Fix softlockup when rescanning devices in petitboot
Juliet Kim <julietk@linux.vnet.ibm.com>
ibmvnic: Do not process device remove during device reset
Qian Cai <cai@lca.pw>
iommu/vt-d: Silence RCU-list debugging warnings
Marek Szyprowski <m.szyprowski@samsung.com>
drm/exynos: Fix cleanup of IOMMU related objects
Hawking Zhang <Hawking.Zhang@amd.com>
drm/amdgpu: correct ROM_INDEX/DATA offset for VEGA20
Martin Leung <martin.leung@amd.com>
drm/amd/display: update soc bb for nv14
Jiang Lidong <jianglidong3@jd.com>
veth: ignore peer tx_dropped when counting local rx_dropped
Tycho Andersen <tycho@tycho.ws>
cgroup1: don't call release_agent when it is ""
Dajun Jin <adajunjin@gmail.com>
drivers/of/of_mdio.c:fix of_mdiobus_register()
Mike Gilbert <floppym@gentoo.org>
cpupower: avoid multiple definition with gcc -fno-common
Scott Mayhew <smayhew@redhat.com>
nfs: add minor version to nfs_server_key for fscache
Vasily Averin <vvs@virtuozzo.com>
cgroup-v1: cgroup_pidlist_next should update position index
Sebastian Hense <sebastian.hense1@ibm.com>
net/mlx5e: Fix endianness handling in pedit mask
Tariq Toukan <tariqt@mellanox.com>
net/mlx5e: kTLS, Fix TCP seq off-by-1 issue in TX resync flow
Leon Romanovsky <leon@kernel.org>
net/mlx5_core: Set IB capability mask1 to fix ib_srpt connection failure
Aya Levin <ayal@mellanox.com>
net/mlx5e: Do not recover from a non-fatal syndrome
Aya Levin <ayal@mellanox.com>
net/mlx5e: Fix ICOSQ recovery flow with Striding RQ
Aya Levin <ayal@mellanox.com>
net/mlx5e: Fix missing reset of SW metadata in Striding RQ reset
Aya Levin <ayal@mellanox.com>
net/mlx5e: Enhance ICOSQ WQE info fields
Hamdan Igbaria <hamdani@mellanox.com>
net/mlx5: DR, Fix postsend actions write length
Taehee Yoo <ap420073@gmail.com>
hsr: set .netnsok flag
Taehee Yoo <ap420073@gmail.com>
hsr: add restart routine into hsr_get_node_list()
Taehee Yoo <ap420073@gmail.com>
hsr: use rcu_read_lock() in hsr_get_node_{list/status}()
Petr Machata <petrm@mellanox.com>
net: ip_gre: Accept IFLA_INFO_DATA-less configuration
Petr Machata <petrm@mellanox.com>
net: ip_gre: Separate ERSPAN newlink / changelink callbacks
Arthur Kiyanovski <akiyano@amazon.com>
net: ena: fix continuous keep-alive resets
Arthur Kiyanovski <akiyano@amazon.com>
net: ena: avoid memory access violation by validating req_id properly
Arthur Kiyanovski <akiyano@amazon.com>
net: ena: fix request of incorrect number of IRQ vectors
Arthur Kiyanovski <akiyano@amazon.com>
net: ena: fix incorrect setting of the number of msix vectors
Vasundhara Volam <vasundhara-v.volam@broadcom.com>
bnxt_en: Reset rings if ring reservation fails during open()
Michael Chan <michael.chan@broadcom.com>
bnxt_en: Free context memory after disabling PCI in probe error path.
Michael Chan <michael.chan@broadcom.com>
bnxt_en: Return error if bnxt_alloc_ctx_mem() fails.
Edwin Peer <edwin.peer@broadcom.com>
bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets()
Michael Chan <michael.chan@broadcom.com>
bnxt_en: Fix Priority Bytes and Packets counters in ethtool -S.
Doug Berger <opendmb@gmail.com>
net: bcmgenet: keep MAC in reset until PHY is up
Doug Berger <opendmb@gmail.com>
Revert "net: bcmgenet: use RGMII loopback for MAC reset"
Taehee Yoo <ap420073@gmail.com>
vxlan: check return value of gro_cells_init()
Eric Dumazet <edumazet@google.com>
tcp: repair: fix TCP_QUEUE_SEQ implementation
Eric Dumazet <edumazet@google.com>
tcp: ensure skb->dev is NULL before leaving TCP stack
Florian Westphal <fw@strlen.de>
tcp: also NULL skb->dev when copy was needed
Oliver Hartkopp <socketcan@hartkopp.net>
slcan: not call free_netdev before rtnl_unlock in slcan_open
Heiner Kallweit <hkallweit1@gmail.com>
r8169: re-enable MSI on RTL8168c
Dan Carpenter <dan.carpenter@oracle.com>
NFC: fdp: Fix a signedness bug in fdp_nci_send_patch()
Emil Renner Berthing <kernel@esmil.dk>
net: stmmac: dwmac-rk: fix error path in rk_gmac_probe
Cong Wang <xiyou.wangcong@gmail.com>
net_sched: keep alloc_hash updated after hash allocation
Cong Wang <xiyou.wangcong@gmail.com>
net_sched: hold rtnl lock in tcindex_partial_destroy_work()
Cong Wang <xiyou.wangcong@gmail.com>
net_sched: cls_route: remove the right filter from hashtable
Paul Blakey <paulb@mellanox.com>
net/sched: act_ct: Fix leak of ct zone template on replace
Pawel Dembicki <paweldembicki@gmail.com>
net: qmi_wwan: add support for ASKEY WWHC050
Rayagonda Kokatanur <rayagonda.kokatanur@broadcom.com>
net: phy: mdio-mux-bcm-iproc: check clk_prepare_enable() return value
Andre Przywara <andre.przywara@arm.com>
net: phy: mdio-bcm-unimac: Fix clock handling
Grygorii Strashko <grygorii.strashko@ti.com>
net: phy: dp83867: w/a for fld detect threshold bootstrapping issue
Willem de Bruijn <willemb@google.com>
net/packet: tpacket_rcv: avoid a producer race condition
Jisheng Zhang <Jisheng.Zhang@synaptics.com>
net: mvneta: Fix the case where the last poll did not process all rx
Guilherme G. Piccoli <gpiccoli@canonical.com>
net: ena: Add PCI shutdown handler to allow safe kexec
Vladimir Oltean <vladimir.oltean@nxp.com>
net: dsa: tag_8021q: replace dsa_8021q_remove_header with __skb_vlan_pop
René van Dorst <opensource@vdorst.com>
net: dsa: mt7530: Change the LINK bit to reflect the link status
Florian Fainelli <f.fainelli@gmail.com>
net: dsa: Fix duplicate frames flooded by learning
Zh-yuan Ye <ye.zh-yuan@socionext.com>
net: cbs: Fix software cbs to consider packet sending time
Bruno Meneguele <bmeneg@redhat.com>
net/bpfilter: fix dprintf usage for /dev/kmsg
Ido Schimmel <idosch@mellanox.com>
mlxsw: spectrum_mr: Fix list iteration in error path
Ido Schimmel <idosch@mellanox.com>
mlxsw: pci: Only issue reset when system is ready
Willem de Bruijn <willemb@google.com>
macsec: restrict to ethernet devices
Qian Cai <cai@lca.pw>
ipv4: fix a RCU-list lock in inet_dump_fib()
Taehee Yoo <ap420073@gmail.com>
hsr: fix general protection fault in hsr_addr_is_self()
Florian Westphal <fw@strlen.de>
geneve: move debug check after netdev unregister
Rahul Lakkireddy <rahul.lakkireddy@chelsio.com>
cxgb4: fix Txq restart check during backpressure
Rahul Lakkireddy <rahul.lakkireddy@chelsio.com>
cxgb4: fix throughput drop during Tx backpressure
Jason A. Donenfeld <Jason@zx2c4.com>
crypto: arm64/chacha - correctly walk through blocks
Jason A. Donenfeld <Jason@zx2c4.com>
crypto: chacha20poly1305 - add back missing test vectors and test chunking
Ulf Hansson <ulf.hansson@linaro.org>
mmc: sdhci-tegra: Fix busy detection by enabling MMC_CAP_NEED_RSP_BUSY
Ulf Hansson <ulf.hansson@linaro.org>
mmc: sdhci-omap: Fix busy detection by enabling MMC_CAP_NEED_RSP_BUSY
Ulf Hansson <ulf.hansson@linaro.org>
mmc: core: Respect MMC_CAP_NEED_RSP_BUSY for eMMC sleep command
Ulf Hansson <ulf.hansson@linaro.org>
mmc: core: Respect MMC_CAP_NEED_RSP_BUSY for erase/trim/discard
Ulf Hansson <ulf.hansson@linaro.org>
mmc: core: Allow host controllers to require R1B for CMD6
-------------
Diffstat:
Makefile | 4 +-
arch/arm/boot/dts/dra7.dtsi | 1 +
arch/arm/boot/dts/omap5.dtsi | 1 +
arch/arm/boot/dts/sun8i-a83t-tbs-a711.dts | 3 +-
arch/arm64/crypto/chacha-neon-glue.c | 8 +-
arch/x86/kvm/svm.c | 22 +-
arch/x86/mm/ioremap.c | 3 +
arch/x86/net/bpf_jit_comp32.c | 10 +-
drivers/ata/ahci.c | 1 +
drivers/base/memory.c | 23 +-
drivers/clocksource/hyperv_timer.c | 6 +-
drivers/gpio/gpiolib-acpi.c | 125 +-
drivers/gpio/gpiolib.c | 9 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 2 +-
drivers/gpu/drm/amd/amdgpu/soc15.c | 25 +-
.../gpu/drm/amd/display/dc/dcn20/dcn20_resource.c | 114 ++
drivers/gpu/drm/drm_prime.c | 2 +-
drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 5 +-
drivers/gpu/drm/exynos/exynos7_drm_decon.c | 5 +-
drivers/gpu/drm/exynos/exynos_drm_dma.c | 28 +-
drivers/gpu/drm/exynos/exynos_drm_drv.h | 6 +-
drivers/gpu/drm/exynos/exynos_drm_fimc.c | 5 +-
drivers/gpu/drm/exynos/exynos_drm_fimd.c | 5 +-
drivers/gpu/drm/exynos/exynos_drm_g2d.c | 5 +-
drivers/gpu/drm/exynos/exynos_drm_gsc.c | 5 +-
drivers/gpu/drm/exynos/exynos_drm_rotator.c | 5 +-
drivers/gpu/drm/exynos/exynos_drm_scaler.c | 6 +-
drivers/gpu/drm/exynos/exynos_mixer.c | 7 +-
drivers/gpu/drm/radeon/radeon_ttm.c | 2 +-
drivers/i2c/busses/i2c-hix5hd2.c | 1 +
drivers/i2c/busses/i2c-nvidia-gpu.c | 20 +-
drivers/infiniband/core/device.c | 4 +-
drivers/infiniband/core/nldev.c | 6 +-
drivers/infiniband/core/security.c | 11 +-
drivers/infiniband/core/umem_odp.c | 2 +-
drivers/infiniband/core/user_mad.c | 33 +-
drivers/infiniband/hw/mlx5/cq.c | 27 +-
drivers/infiniband/hw/mlx5/main.c | 5 +-
drivers/infiniband/hw/mlx5/mlx5_ib.h | 1 +
drivers/infiniband/hw/mlx5/qp.c | 5 +
drivers/infiniband/sw/rdmavt/cq.c | 2 +-
drivers/input/input.c | 1 +
drivers/input/mouse/synaptics.c | 1 +
drivers/input/touchscreen/raydium_i2c_ts.c | 8 +-
drivers/iommu/dmar.c | 3 +-
drivers/iommu/intel-iommu-debugfs.c | 51 +-
drivers/iommu/intel-iommu.c | 4 +-
drivers/media/usb/b2c2/flexcop-usb.c | 6 +-
drivers/media/usb/dvb-usb/dib0700_core.c | 4 +-
drivers/media/usb/gspca/ov519.c | 10 +
drivers/media/usb/gspca/stv06xx/stv06xx.c | 19 +-
drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c | 4 +
drivers/media/usb/gspca/xirlink_cit.c | 18 +-
drivers/media/usb/usbtv/usbtv-core.c | 2 +-
drivers/media/usb/usbtv/usbtv-video.c | 5 +-
drivers/media/v4l2-core/v4l2-device.c | 1 +
drivers/mmc/core/core.c | 5 +-
drivers/mmc/core/mmc.c | 7 +-
drivers/mmc/core/mmc_ops.c | 8 +-
drivers/mmc/host/sdhci-omap.c | 3 +
drivers/mmc/host/sdhci-tegra.c | 3 +
drivers/net/can/slcan.c | 3 +
drivers/net/dsa/mt7530.c | 4 +-
drivers/net/ethernet/amazon/ena/ena_netdev.c | 78 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 28 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 15 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 8 +-
drivers/net/ethernet/broadcom/genet/bcmgenet.c | 10 +-
drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 6 +-
drivers/net/ethernet/broadcom/genet/bcmmii.c | 40 +-
drivers/net/ethernet/chelsio/cxgb4/sge.c | 52 +-
drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 4 +-
drivers/net/ethernet/ibm/ibmvnic.c | 24 +-
drivers/net/ethernet/ibm/ibmvnic.h | 6 +-
drivers/net/ethernet/marvell/mvneta.c | 3 +-
drivers/net/ethernet/mellanox/mlx5/core/en.h | 2 +
.../net/ethernet/mellanox/mlx5/core/en/health.h | 3 +-
.../ethernet/mellanox/mlx5/core/en/reporter_rx.c | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/en/txrx.h | 6 +-
.../ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 31 +-
drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 11 +-
drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 5 +-
drivers/net/ethernet/mellanox/mlx5/core/en_txrx.c | 1 +
.../mellanox/mlx5/core/steering/dr_action.c | 1 -
.../ethernet/mellanox/mlx5/core/steering/dr_send.c | 3 +-
drivers/net/ethernet/mellanox/mlx5/core/vport.c | 3 +
drivers/net/ethernet/mellanox/mlxsw/pci.c | 50 +-
drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8 +-
drivers/net/ethernet/realtek/r8169_main.c | 18 +-
drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 2 +-
drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 2 +-
drivers/net/geneve.c | 8 +-
drivers/net/macsec.c | 3 +
drivers/net/phy/dp83867.c | 21 +-
drivers/net/phy/mdio-bcm-unimac.c | 6 +-
drivers/net/phy/mdio-mux-bcm-iproc.c | 7 +-
drivers/net/usb/qmi_wwan.c | 1 +
drivers/net/veth.c | 2 +-
drivers/net/vxlan.c | 11 +-
.../net/wireless/realtek/rtlwifi/rtl8188ee/trx.h | 1 +
drivers/nfc/fdp/fdp.c | 5 +-
drivers/of/of_mdio.c | 1 +
drivers/scsi/ipr.c | 3 +-
drivers/scsi/ipr.h | 1 +
drivers/scsi/sd.c | 4 +-
drivers/soc/samsung/exynos-chipid.c | 2 +-
drivers/staging/kpc2000/kpc2000/core.c | 4 +-
drivers/staging/rtl8188eu/os_dep/usb_intf.c | 1 +
.../bindings/net/wireless/siliabs,wfx.txt | 7 +-
drivers/staging/wfx/bus_sdio.c | 15 +-
drivers/staging/wfx/bus_spi.c | 41 +-
drivers/staging/wfx/main.c | 21 +-
drivers/staging/wfx/main.h | 1 -
drivers/staging/wfx/queue.c | 16 +-
drivers/staging/wlan-ng/hfa384x_usb.c | 2 +
drivers/staging/wlan-ng/prism2usb.c | 1 +
drivers/usb/class/cdc-acm.c | 18 +-
drivers/usb/musb/musb_host.c | 17 +-
drivers/usb/serial/io_edgeport.c | 2 +-
drivers/usb/serial/option.c | 6 +
fs/afs/cmservice.c | 14 +-
fs/afs/fs_probe.c | 2 +
fs/afs/internal.h | 12 +-
fs/afs/rxrpc.c | 71 +-
fs/ceph/file.c | 14 +-
fs/ceph/snap.c | 1 +
fs/libfs.c | 8 +-
fs/nfs/client.c | 1 +
fs/nfs/fscache.c | 2 +
fs/nfs/nfs4client.c | 1 -
include/linux/ceph/osdmap.h | 4 +
include/linux/ceph/rados.h | 6 +-
include/linux/dmar.h | 6 +-
include/linux/dsa/8021q.h | 7 -
include/linux/ieee80211.h | 4 +-
include/linux/intel-iommu.h | 2 +
include/linux/memcontrol.h | 12 +
include/linux/mmc/host.h | 1 +
include/net/af_rxrpc.h | 4 +-
include/trace/events/afs.h | 2 +-
include/uapi/linux/serio.h | 10 +-
kernel/bpf/btf.c | 2 +-
kernel/bpf/cgroup.c | 7 +-
kernel/bpf/verifier.c | 19 -
kernel/cgroup/cgroup-v1.c | 3 +-
kernel/fork.c | 4 +-
kernel/irq/manage.c | 11 +-
lib/crypto/chacha20poly1305-selftest.c | 1717 +++++++++++++++++++-
mm/memcontrol.c | 38 +
mm/sparse.c | 6 +
mm/swapfile.c | 39 +-
net/bpfilter/main.c | 14 +-
net/ceph/osdmap.c | 9 +
net/core/sock_map.c | 12 +-
net/dsa/tag_8021q.c | 43 -
net/dsa/tag_brcm.c | 2 +
net/dsa/tag_sja1105.c | 19 +-
net/hsr/hsr_framereg.c | 9 +-
net/hsr/hsr_netlink.c | 70 +-
net/hsr/hsr_slave.c | 8 +-
net/ipv4/Kconfig | 1 +
net/ipv4/fib_frontend.c | 2 +
net/ipv4/ip_gre.c | 105 +-
net/ipv4/ip_vti.c | 38 +-
net/ipv4/tcp.c | 4 +-
net/ipv4/tcp_output.c | 12 +-
net/ipv6/ip6_vti.c | 34 +-
net/mac80211/debugfs_sta.c | 3 +-
net/mac80211/key.c | 20 +-
net/mac80211/mesh_hwmp.c | 3 +-
net/mac80211/sta_info.c | 7 +-
net/mac80211/sta_info.h | 1 +
net/mac80211/tx.c | 20 +-
net/netfilter/nf_flow_table_ip.c | 2 +
net/netfilter/nf_flow_table_offload.c | 1 +
net/netfilter/nft_fwd_netdev.c | 13 +
net/packet/af_packet.c | 21 +
net/packet/internal.h | 5 +-
net/rxrpc/af_rxrpc.c | 33 +-
net/rxrpc/ar-internal.h | 1 -
net/rxrpc/input.c | 1 -
net/sched/act_ct.c | 2 +-
net/sched/cls_route.c | 4 +-
net/sched/cls_tcindex.c | 3 +
net/sched/sch_cbs.c | 12 +-
net/wireless/nl80211.c | 2 +-
net/xfrm/xfrm_device.c | 1 +
net/xfrm/xfrm_policy.c | 2 +
net/xfrm/xfrm_user.c | 6 +-
scripts/dtc/dtc-lexer.l | 1 -
tools/perf/Makefile | 2 +-
tools/perf/util/probe-file.c | 3 +
tools/perf/util/probe-finder.c | 11 +-
.../cpupower/utils/idle_monitor/amd_fam14h_idle.c | 2 +-
.../cpupower/utils/idle_monitor/cpuidle_sysfs.c | 2 +-
.../cpupower/utils/idle_monitor/cpupower-monitor.c | 2 +
.../cpupower/utils/idle_monitor/cpupower-monitor.h | 2 +-
tools/scripts/Makefile.include | 4 +-
200 files changed, 3183 insertions(+), 805 deletions(-)
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 001/170] mmc: core: Allow host controllers to require R1B for CMD6
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
@ 2020-03-31 8:56 ` Greg Kroah-Hartman
2020-03-31 8:56 ` [PATCH 5.5 002/170] mmc: core: Respect MMC_CAP_NEED_RSP_BUSY for erase/trim/discard Greg Kroah-Hartman
` (168 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sowjanya Komatineni, Anders Roxell,
Faiz Abbas, Peter Geis, Ulf Hansson, Sasha Levin
From: Ulf Hansson <ulf.hansson@linaro.org>
[ Upstream commit 1292e3efb149ee21d8d33d725eeed4e6b1ade963 ]
It has turned out that some host controllers can't use R1B for CMD6 and
other commands that have R1B associated with them. Therefore invent a new
host cap, MMC_CAP_NEED_RSP_BUSY to let them specify this.
In __mmc_switch(), let's check the flag and use it to prevent R1B responses
from being converted into R1. Note that, this also means that the host are
on its own, when it comes to manage the busy timeout.
Suggested-by: Sowjanya Komatineni <skomatineni@nvidia.com>
Cc: <stable@vger.kernel.org>
Tested-by: Anders Roxell <anders.roxell@linaro.org>
Tested-by: Sowjanya Komatineni <skomatineni@nvidia.com>
Tested-by: Faiz Abbas <faiz_abbas@ti.com>
Tested-By: Peter Geis <pgwipeout@gmail.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/core/mmc_ops.c | 8 +++++---
include/linux/mmc/host.h | 1 +
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/mmc/core/mmc_ops.c b/drivers/mmc/core/mmc_ops.c
index 09113b9ad6790..18a7afb2a5b23 100644
--- a/drivers/mmc/core/mmc_ops.c
+++ b/drivers/mmc/core/mmc_ops.c
@@ -538,10 +538,12 @@ int __mmc_switch(struct mmc_card *card, u8 set, u8 index, u8 value,
* If the cmd timeout and the max_busy_timeout of the host are both
* specified, let's validate them. A failure means we need to prevent
* the host from doing hw busy detection, which is done by converting
- * to a R1 response instead of a R1B.
+ * to a R1 response instead of a R1B. Note, some hosts requires R1B,
+ * which also means they are on their own when it comes to deal with the
+ * busy timeout.
*/
- if (timeout_ms && host->max_busy_timeout &&
- (timeout_ms > host->max_busy_timeout))
+ if (!(host->caps & MMC_CAP_NEED_RSP_BUSY) && timeout_ms &&
+ host->max_busy_timeout && (timeout_ms > host->max_busy_timeout))
use_r1b_resp = false;
cmd.opcode = MMC_SWITCH;
diff --git a/include/linux/mmc/host.h b/include/linux/mmc/host.h
index ba703384bea0c..4c5eb3aa8e723 100644
--- a/include/linux/mmc/host.h
+++ b/include/linux/mmc/host.h
@@ -333,6 +333,7 @@ struct mmc_host {
MMC_CAP_UHS_SDR50 | MMC_CAP_UHS_SDR104 | \
MMC_CAP_UHS_DDR50)
#define MMC_CAP_SYNC_RUNTIME_PM (1 << 21) /* Synced runtime PM suspends. */
+#define MMC_CAP_NEED_RSP_BUSY (1 << 22) /* Commands with R1B can't use R1. */
#define MMC_CAP_DRIVER_TYPE_A (1 << 23) /* Host supports Driver Type A */
#define MMC_CAP_DRIVER_TYPE_C (1 << 24) /* Host supports Driver Type C */
#define MMC_CAP_DRIVER_TYPE_D (1 << 25) /* Host supports Driver Type D */
--
2.20.1
^ permalink raw reply related [flat|nested] 180+ messages in thread
* [PATCH 5.5 002/170] mmc: core: Respect MMC_CAP_NEED_RSP_BUSY for erase/trim/discard
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
2020-03-31 8:56 ` [PATCH 5.5 001/170] mmc: core: Allow host controllers to require R1B for CMD6 Greg Kroah-Hartman
@ 2020-03-31 8:56 ` Greg Kroah-Hartman
2020-03-31 8:56 ` [PATCH 5.5 003/170] mmc: core: Respect MMC_CAP_NEED_RSP_BUSY for eMMC sleep command Greg Kroah-Hartman
` (167 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sowjanya Komatineni, Anders Roxell,
Faiz Abbas, Peter Geis, Ulf Hansson, Sasha Levin
From: Ulf Hansson <ulf.hansson@linaro.org>
[ Upstream commit 43cc64e5221cc6741252b64bc4531dd1eefb733d ]
The busy timeout that is computed for each erase/trim/discard operation,
can become quite long and may thus exceed the host->max_busy_timeout. If
that becomes the case, mmc_do_erase() converts from using an R1B response
to an R1 response, as to prevent the host from doing HW busy detection.
However, it has turned out that some hosts requires an R1B response no
matter what, so let's respect that via checking MMC_CAP_NEED_RSP_BUSY. Note
that, if the R1B gets enforced, the host becomes fully responsible of
managing the needed busy timeout, in one way or the other.
Suggested-by: Sowjanya Komatineni <skomatineni@nvidia.com>
Cc: <stable@vger.kernel.org>
Tested-by: Anders Roxell <anders.roxell@linaro.org>
Tested-by: Sowjanya Komatineni <skomatineni@nvidia.com>
Tested-by: Faiz Abbas <faiz_abbas@ti.com>
Tested-By: Peter Geis <pgwipeout@gmail.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/core/core.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/core/core.c b/drivers/mmc/core/core.c
index abf8f5eb0a1c8..26644b7ec13e3 100644
--- a/drivers/mmc/core/core.c
+++ b/drivers/mmc/core/core.c
@@ -1732,8 +1732,11 @@ static int mmc_do_erase(struct mmc_card *card, unsigned int from,
* the erase operation does not exceed the max_busy_timeout, we should
* use R1B response. Or we need to prevent the host from doing hw busy
* detection, which is done by converting to a R1 response instead.
+ * Note, some hosts requires R1B, which also means they are on their own
+ * when it comes to deal with the busy timeout.
*/
- if (card->host->max_busy_timeout &&
+ if (!(card->host->caps & MMC_CAP_NEED_RSP_BUSY) &&
+ card->host->max_busy_timeout &&
busy_timeout > card->host->max_busy_timeout) {
cmd.flags = MMC_RSP_SPI_R1 | MMC_RSP_R1 | MMC_CMD_AC;
} else {
--
2.20.1
^ permalink raw reply related [flat|nested] 180+ messages in thread
* [PATCH 5.5 003/170] mmc: core: Respect MMC_CAP_NEED_RSP_BUSY for eMMC sleep command
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
2020-03-31 8:56 ` [PATCH 5.5 001/170] mmc: core: Allow host controllers to require R1B for CMD6 Greg Kroah-Hartman
2020-03-31 8:56 ` [PATCH 5.5 002/170] mmc: core: Respect MMC_CAP_NEED_RSP_BUSY for erase/trim/discard Greg Kroah-Hartman
@ 2020-03-31 8:56 ` Greg Kroah-Hartman
2020-03-31 8:56 ` [PATCH 5.5 004/170] mmc: sdhci-omap: Fix busy detection by enabling MMC_CAP_NEED_RSP_BUSY Greg Kroah-Hartman
` (166 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sowjanya Komatineni, Ulf Hansson,
Sasha Levin
From: Ulf Hansson <ulf.hansson@linaro.org>
[ Upstream commit 18d200460cd73636d4f20674085c39e32b4e0097 ]
The busy timeout for the CMD5 to put the eMMC into sleep state, is specific
to the card. Potentially the timeout may exceed the host->max_busy_timeout.
If that becomes the case, mmc_sleep() converts from using an R1B response
to an R1 response, as to prevent the host from doing HW busy detection.
However, it has turned out that some hosts requires an R1B response no
matter what, so let's respect that via checking MMC_CAP_NEED_RSP_BUSY. Note
that, if the R1B gets enforced, the host becomes fully responsible of
managing the needed busy timeout, in one way or the other.
Suggested-by: Sowjanya Komatineni <skomatineni@nvidia.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200311092036.16084-1-ulf.hansson@linaro.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/core/mmc.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/mmc/core/mmc.c b/drivers/mmc/core/mmc.c
index f6912ded652dc..de14b5845f525 100644
--- a/drivers/mmc/core/mmc.c
+++ b/drivers/mmc/core/mmc.c
@@ -1910,9 +1910,12 @@ static int mmc_sleep(struct mmc_host *host)
* If the max_busy_timeout of the host is specified, validate it against
* the sleep cmd timeout. A failure means we need to prevent the host
* from doing hw busy detection, which is done by converting to a R1
- * response instead of a R1B.
+ * response instead of a R1B. Note, some hosts requires R1B, which also
+ * means they are on their own when it comes to deal with the busy
+ * timeout.
*/
- if (host->max_busy_timeout && (timeout_ms > host->max_busy_timeout)) {
+ if (!(host->caps & MMC_CAP_NEED_RSP_BUSY) && host->max_busy_timeout &&
+ (timeout_ms > host->max_busy_timeout)) {
cmd.flags = MMC_RSP_R1 | MMC_CMD_AC;
} else {
cmd.flags = MMC_RSP_R1B | MMC_CMD_AC;
--
2.20.1
^ permalink raw reply related [flat|nested] 180+ messages in thread
* [PATCH 5.5 004/170] mmc: sdhci-omap: Fix busy detection by enabling MMC_CAP_NEED_RSP_BUSY
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2020-03-31 8:56 ` [PATCH 5.5 003/170] mmc: core: Respect MMC_CAP_NEED_RSP_BUSY for eMMC sleep command Greg Kroah-Hartman
@ 2020-03-31 8:56 ` Greg Kroah-Hartman
2020-03-31 8:56 ` [PATCH 5.5 005/170] mmc: sdhci-tegra: " Greg Kroah-Hartman
` (165 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Naresh Kamboju, Anders Roxell,
Faiz Abbas, Ulf Hansson, Sasha Levin
From: Ulf Hansson <ulf.hansson@linaro.org>
[ Upstream commit 055e04830d4544c57f2a5192a26c9e25915c29c0 ]
It has turned out that the sdhci-omap controller requires the R1B response,
for commands that has this response associated with them. So, converting
from an R1B to an R1 response for a CMD6 for example, leads to problems
with the HW busy detection support.
Fix this by informing the mmc core about the requirement, via setting the
host cap, MMC_CAP_NEED_RSP_BUSY.
Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Reported-by: Anders Roxell <anders.roxell@linaro.org>
Reported-by: Faiz Abbas <faiz_abbas@ti.com>
Cc: <stable@vger.kernel.org>
Tested-by: Anders Roxell <anders.roxell@linaro.org>
Tested-by: Faiz Abbas <faiz_abbas@ti.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/sdhci-omap.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/mmc/host/sdhci-omap.c b/drivers/mmc/host/sdhci-omap.c
index 083e7e053c954..d3135249b2e40 100644
--- a/drivers/mmc/host/sdhci-omap.c
+++ b/drivers/mmc/host/sdhci-omap.c
@@ -1134,6 +1134,9 @@ static int sdhci_omap_probe(struct platform_device *pdev)
host->mmc_host_ops.execute_tuning = sdhci_omap_execute_tuning;
host->mmc_host_ops.enable_sdio_irq = sdhci_omap_enable_sdio_irq;
+ /* R1B responses is required to properly manage HW busy detection. */
+ mmc->caps |= MMC_CAP_NEED_RSP_BUSY;
+
ret = sdhci_setup_host(host);
if (ret)
goto err_put_sync;
--
2.20.1
^ permalink raw reply related [flat|nested] 180+ messages in thread
* [PATCH 5.5 005/170] mmc: sdhci-tegra: Fix busy detection by enabling MMC_CAP_NEED_RSP_BUSY
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2020-03-31 8:56 ` [PATCH 5.5 004/170] mmc: sdhci-omap: Fix busy detection by enabling MMC_CAP_NEED_RSP_BUSY Greg Kroah-Hartman
@ 2020-03-31 8:56 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 006/170] crypto: chacha20poly1305 - add back missing test vectors and test chunking Greg Kroah-Hartman
` (164 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:56 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bitan Biswas, Peter Geis,
Sowjanya Komatineni, Ulf Hansson, Sasha Levin
From: Ulf Hansson <ulf.hansson@linaro.org>
[ Upstream commit d2f8bfa4bff5028bc40ed56b4497c32e05b0178f ]
It has turned out that the sdhci-tegra controller requires the R1B response,
for commands that has this response associated with them. So, converting
from an R1B to an R1 response for a CMD6 for example, leads to problems
with the HW busy detection support.
Fix this by informing the mmc core about the requirement, via setting the
host cap, MMC_CAP_NEED_RSP_BUSY.
Reported-by: Bitan Biswas <bbiswas@nvidia.com>
Reported-by: Peter Geis <pgwipeout@gmail.com>
Suggested-by: Sowjanya Komatineni <skomatineni@nvidia.com>
Cc: <stable@vger.kernel.org>
Tested-by: Sowjanya Komatineni <skomatineni@nvidia.com>
Tested-By: Peter Geis <pgwipeout@gmail.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/sdhci-tegra.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/mmc/host/sdhci-tegra.c b/drivers/mmc/host/sdhci-tegra.c
index 403ac44a73782..a25c3a4d3f6cb 100644
--- a/drivers/mmc/host/sdhci-tegra.c
+++ b/drivers/mmc/host/sdhci-tegra.c
@@ -1552,6 +1552,9 @@ static int sdhci_tegra_probe(struct platform_device *pdev)
if (tegra_host->soc_data->nvquirks & NVQUIRK_ENABLE_DDR50)
host->mmc->caps |= MMC_CAP_1_8V_DDR;
+ /* R1B responses is required to properly manage HW busy detection. */
+ host->mmc->caps |= MMC_CAP_NEED_RSP_BUSY;
+
tegra_sdhci_parse_dt(host);
tegra_host->power_gpio = devm_gpiod_get_optional(&pdev->dev, "power",
--
2.20.1
^ permalink raw reply related [flat|nested] 180+ messages in thread
* [PATCH 5.5 006/170] crypto: chacha20poly1305 - add back missing test vectors and test chunking
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2020-03-31 8:56 ` [PATCH 5.5 005/170] mmc: sdhci-tegra: " Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 007/170] crypto: arm64/chacha - correctly walk through blocks Greg Kroah-Hartman
` (163 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jason A. Donenfeld, Herbert Xu
From: Jason A. Donenfeld <Jason@zx2c4.com>
commit 72c7943792c9e7788ddd182337bcf8f650cf56f5 upstream.
When this was originally ported, the 12-byte nonce vectors were left out
to keep things simple. I agree that we don't need nor want a library
interface for 12-byte nonces. But these test vectors were specially
crafted to look at issues in the underlying primitives and related
interactions. Therefore, we actually want to keep around all of the
test vectors, and simply have a helper function to test them with.
Secondly, the sglist-based chunking code in the library interface is
rather complicated, so this adds a developer-only test for ensuring that
all the book keeping is correct, across a wide array of possibilities.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/crypto/chacha20poly1305-selftest.c | 1712 ++++++++++++++++++++++++++++++++-
1 file changed, 1698 insertions(+), 14 deletions(-)
--- a/lib/crypto/chacha20poly1305-selftest.c
+++ b/lib/crypto/chacha20poly1305-selftest.c
@@ -4,6 +4,7 @@
*/
#include <crypto/chacha20poly1305.h>
+#include <crypto/chacha.h>
#include <crypto/poly1305.h>
#include <asm/unaligned.h>
@@ -1926,6 +1927,1104 @@ static const u8 enc_key012[] __initconst
0x65, 0x91, 0x6e, 0x2a, 0x79, 0x22, 0xda, 0x64
};
+/* wycheproof - rfc7539 */
+static const u8 enc_input013[] __initconst = {
+ 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
+ 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
+ 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
+ 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
+ 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
+ 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
+ 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
+ 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
+ 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
+ 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
+ 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
+ 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
+ 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
+ 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
+ 0x74, 0x2e
+};
+static const u8 enc_output013[] __initconst = {
+ 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
+ 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
+ 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
+ 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
+ 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
+ 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
+ 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
+ 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
+ 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
+ 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
+ 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
+ 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
+ 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
+ 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
+ 0x61, 0x16, 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09,
+ 0xe2, 0x6a, 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60,
+ 0x06, 0x91
+};
+static const u8 enc_assoc013[] __initconst = {
+ 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
+ 0xc4, 0xc5, 0xc6, 0xc7
+};
+static const u8 enc_nonce013[] __initconst = {
+ 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43,
+ 0x44, 0x45, 0x46, 0x47
+};
+static const u8 enc_key013[] __initconst = {
+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+ 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
+};
+
+/* wycheproof - misc */
+static const u8 enc_input014[] __initconst = { };
+static const u8 enc_output014[] __initconst = {
+ 0x76, 0xac, 0xb3, 0x42, 0xcf, 0x31, 0x66, 0xa5,
+ 0xb6, 0x3c, 0x0c, 0x0e, 0xa1, 0x38, 0x3c, 0x8d
+};
+static const u8 enc_assoc014[] __initconst = { };
+static const u8 enc_nonce014[] __initconst = {
+ 0x4d, 0xa5, 0xbf, 0x8d, 0xfd, 0x58, 0x52, 0xc1,
+ 0xea, 0x12, 0x37, 0x9d
+};
+static const u8 enc_key014[] __initconst = {
+ 0x80, 0xba, 0x31, 0x92, 0xc8, 0x03, 0xce, 0x96,
+ 0x5e, 0xa3, 0x71, 0xd5, 0xff, 0x07, 0x3c, 0xf0,
+ 0xf4, 0x3b, 0x6a, 0x2a, 0xb5, 0x76, 0xb2, 0x08,
+ 0x42, 0x6e, 0x11, 0x40, 0x9c, 0x09, 0xb9, 0xb0
+};
+
+/* wycheproof - misc */
+static const u8 enc_input015[] __initconst = { };
+static const u8 enc_output015[] __initconst = {
+ 0x90, 0x6f, 0xa6, 0x28, 0x4b, 0x52, 0xf8, 0x7b,
+ 0x73, 0x59, 0xcb, 0xaa, 0x75, 0x63, 0xc7, 0x09
+};
+static const u8 enc_assoc015[] __initconst = {
+ 0xbd, 0x50, 0x67, 0x64, 0xf2, 0xd2, 0xc4, 0x10
+};
+static const u8 enc_nonce015[] __initconst = {
+ 0xa9, 0x2e, 0xf0, 0xac, 0x99, 0x1d, 0xd5, 0x16,
+ 0xa3, 0xc6, 0xf6, 0x89
+};
+static const u8 enc_key015[] __initconst = {
+ 0x7a, 0x4c, 0xd7, 0x59, 0x17, 0x2e, 0x02, 0xeb,
+ 0x20, 0x4d, 0xb2, 0xc3, 0xf5, 0xc7, 0x46, 0x22,
+ 0x7d, 0xf5, 0x84, 0xfc, 0x13, 0x45, 0x19, 0x63,
+ 0x91, 0xdb, 0xb9, 0x57, 0x7a, 0x25, 0x07, 0x42
+};
+
+/* wycheproof - misc */
+static const u8 enc_input016[] __initconst = {
+ 0x2a
+};
+static const u8 enc_output016[] __initconst = {
+ 0x3a, 0xca, 0xc2, 0x7d, 0xec, 0x09, 0x68, 0x80,
+ 0x1e, 0x9f, 0x6e, 0xde, 0xd6, 0x9d, 0x80, 0x75,
+ 0x22
+};
+static const u8 enc_assoc016[] __initconst = { };
+static const u8 enc_nonce016[] __initconst = {
+ 0x99, 0xe2, 0x3e, 0xc4, 0x89, 0x85, 0xbc, 0xcd,
+ 0xee, 0xab, 0x60, 0xf1
+};
+static const u8 enc_key016[] __initconst = {
+ 0xcc, 0x56, 0xb6, 0x80, 0x55, 0x2e, 0xb7, 0x50,
+ 0x08, 0xf5, 0x48, 0x4b, 0x4c, 0xb8, 0x03, 0xfa,
+ 0x50, 0x63, 0xeb, 0xd6, 0xea, 0xb9, 0x1f, 0x6a,
+ 0xb6, 0xae, 0xf4, 0x91, 0x6a, 0x76, 0x62, 0x73
+};
+
+/* wycheproof - misc */
+static const u8 enc_input017[] __initconst = {
+ 0x51
+};
+static const u8 enc_output017[] __initconst = {
+ 0xc4, 0x16, 0x83, 0x10, 0xca, 0x45, 0xb1, 0xf7,
+ 0xc6, 0x6c, 0xad, 0x4e, 0x99, 0xe4, 0x3f, 0x72,
+ 0xb9
+};
+static const u8 enc_assoc017[] __initconst = {
+ 0x91, 0xca, 0x6c, 0x59, 0x2c, 0xbc, 0xca, 0x53
+};
+static const u8 enc_nonce017[] __initconst = {
+ 0xab, 0x0d, 0xca, 0x71, 0x6e, 0xe0, 0x51, 0xd2,
+ 0x78, 0x2f, 0x44, 0x03
+};
+static const u8 enc_key017[] __initconst = {
+ 0x46, 0xf0, 0x25, 0x49, 0x65, 0xf7, 0x69, 0xd5,
+ 0x2b, 0xdb, 0x4a, 0x70, 0xb4, 0x43, 0x19, 0x9f,
+ 0x8e, 0xf2, 0x07, 0x52, 0x0d, 0x12, 0x20, 0xc5,
+ 0x5e, 0x4b, 0x70, 0xf0, 0xfd, 0xa6, 0x20, 0xee
+};
+
+/* wycheproof - misc */
+static const u8 enc_input018[] __initconst = {
+ 0x5c, 0x60
+};
+static const u8 enc_output018[] __initconst = {
+ 0x4d, 0x13, 0x91, 0xe8, 0xb6, 0x1e, 0xfb, 0x39,
+ 0xc1, 0x22, 0x19, 0x54, 0x53, 0x07, 0x7b, 0x22,
+ 0xe5, 0xe2
+};
+static const u8 enc_assoc018[] __initconst = { };
+static const u8 enc_nonce018[] __initconst = {
+ 0x46, 0x1a, 0xf1, 0x22, 0xe9, 0xf2, 0xe0, 0x34,
+ 0x7e, 0x03, 0xf2, 0xdb
+};
+static const u8 enc_key018[] __initconst = {
+ 0x2f, 0x7f, 0x7e, 0x4f, 0x59, 0x2b, 0xb3, 0x89,
+ 0x19, 0x49, 0x89, 0x74, 0x35, 0x07, 0xbf, 0x3e,
+ 0xe9, 0xcb, 0xde, 0x17, 0x86, 0xb6, 0x69, 0x5f,
+ 0xe6, 0xc0, 0x25, 0xfd, 0x9b, 0xa4, 0xc1, 0x00
+};
+
+/* wycheproof - misc */
+static const u8 enc_input019[] __initconst = {
+ 0xdd, 0xf2
+};
+static const u8 enc_output019[] __initconst = {
+ 0xb6, 0x0d, 0xea, 0xd0, 0xfd, 0x46, 0x97, 0xec,
+ 0x2e, 0x55, 0x58, 0x23, 0x77, 0x19, 0xd0, 0x24,
+ 0x37, 0xa2
+};
+static const u8 enc_assoc019[] __initconst = {
+ 0x88, 0x36, 0x4f, 0xc8, 0x06, 0x05, 0x18, 0xbf
+};
+static const u8 enc_nonce019[] __initconst = {
+ 0x61, 0x54, 0x6b, 0xa5, 0xf1, 0x72, 0x05, 0x90,
+ 0xb6, 0x04, 0x0a, 0xc6
+};
+static const u8 enc_key019[] __initconst = {
+ 0xc8, 0x83, 0x3d, 0xce, 0x5e, 0xa9, 0xf2, 0x48,
+ 0xaa, 0x20, 0x30, 0xea, 0xcf, 0xe7, 0x2b, 0xff,
+ 0xe6, 0x9a, 0x62, 0x0c, 0xaf, 0x79, 0x33, 0x44,
+ 0xe5, 0x71, 0x8f, 0xe0, 0xd7, 0xab, 0x1a, 0x58
+};
+
+/* wycheproof - misc */
+static const u8 enc_input020[] __initconst = {
+ 0xab, 0x85, 0xe9, 0xc1, 0x57, 0x17, 0x31
+};
+static const u8 enc_output020[] __initconst = {
+ 0x5d, 0xfe, 0x34, 0x40, 0xdb, 0xb3, 0xc3, 0xed,
+ 0x7a, 0x43, 0x4e, 0x26, 0x02, 0xd3, 0x94, 0x28,
+ 0x1e, 0x0a, 0xfa, 0x9f, 0xb7, 0xaa, 0x42
+};
+static const u8 enc_assoc020[] __initconst = { };
+static const u8 enc_nonce020[] __initconst = {
+ 0x3c, 0x4e, 0x65, 0x4d, 0x66, 0x3f, 0xa4, 0x59,
+ 0x6d, 0xc5, 0x5b, 0xb7
+};
+static const u8 enc_key020[] __initconst = {
+ 0x55, 0x56, 0x81, 0x58, 0xd3, 0xa6, 0x48, 0x3f,
+ 0x1f, 0x70, 0x21, 0xea, 0xb6, 0x9b, 0x70, 0x3f,
+ 0x61, 0x42, 0x51, 0xca, 0xdc, 0x1a, 0xf5, 0xd3,
+ 0x4a, 0x37, 0x4f, 0xdb, 0xfc, 0x5a, 0xda, 0xc7
+};
+
+/* wycheproof - misc */
+static const u8 enc_input021[] __initconst = {
+ 0x4e, 0xe5, 0xcd, 0xa2, 0x0d, 0x42, 0x90
+};
+static const u8 enc_output021[] __initconst = {
+ 0x4b, 0xd4, 0x72, 0x12, 0x94, 0x1c, 0xe3, 0x18,
+ 0x5f, 0x14, 0x08, 0xee, 0x7f, 0xbf, 0x18, 0xf5,
+ 0xab, 0xad, 0x6e, 0x22, 0x53, 0xa1, 0xba
+};
+static const u8 enc_assoc021[] __initconst = {
+ 0x84, 0xe4, 0x6b, 0xe8, 0xc0, 0x91, 0x90, 0x53
+};
+static const u8 enc_nonce021[] __initconst = {
+ 0x58, 0x38, 0x93, 0x75, 0xc6, 0x9e, 0xe3, 0x98,
+ 0xde, 0x94, 0x83, 0x96
+};
+static const u8 enc_key021[] __initconst = {
+ 0xe3, 0xc0, 0x9e, 0x7f, 0xab, 0x1a, 0xef, 0xb5,
+ 0x16, 0xda, 0x6a, 0x33, 0x02, 0x2a, 0x1d, 0xd4,
+ 0xeb, 0x27, 0x2c, 0x80, 0xd5, 0x40, 0xc5, 0xda,
+ 0x52, 0xa7, 0x30, 0xf3, 0x4d, 0x84, 0x0d, 0x7f
+};
+
+/* wycheproof - misc */
+static const u8 enc_input022[] __initconst = {
+ 0xbe, 0x33, 0x08, 0xf7, 0x2a, 0x2c, 0x6a, 0xed
+};
+static const u8 enc_output022[] __initconst = {
+ 0x8e, 0x94, 0x39, 0xa5, 0x6e, 0xee, 0xc8, 0x17,
+ 0xfb, 0xe8, 0xa6, 0xed, 0x8f, 0xab, 0xb1, 0x93,
+ 0x75, 0x39, 0xdd, 0x6c, 0x00, 0xe9, 0x00, 0x21
+};
+static const u8 enc_assoc022[] __initconst = { };
+static const u8 enc_nonce022[] __initconst = {
+ 0x4f, 0x07, 0xaf, 0xed, 0xfd, 0xc3, 0xb6, 0xc2,
+ 0x36, 0x18, 0x23, 0xd3
+};
+static const u8 enc_key022[] __initconst = {
+ 0x51, 0xe4, 0xbf, 0x2b, 0xad, 0x92, 0xb7, 0xaf,
+ 0xf1, 0xa4, 0xbc, 0x05, 0x55, 0x0b, 0xa8, 0x1d,
+ 0xf4, 0xb9, 0x6f, 0xab, 0xf4, 0x1c, 0x12, 0xc7,
+ 0xb0, 0x0e, 0x60, 0xe4, 0x8d, 0xb7, 0xe1, 0x52
+};
+
+/* wycheproof - misc */
+static const u8 enc_input023[] __initconst = {
+ 0xa4, 0xc9, 0xc2, 0x80, 0x1b, 0x71, 0xf7, 0xdf
+};
+static const u8 enc_output023[] __initconst = {
+ 0xb9, 0xb9, 0x10, 0x43, 0x3a, 0xf0, 0x52, 0xb0,
+ 0x45, 0x30, 0xf5, 0x1a, 0xee, 0xe0, 0x24, 0xe0,
+ 0xa4, 0x45, 0xa6, 0x32, 0x8f, 0xa6, 0x7a, 0x18
+};
+static const u8 enc_assoc023[] __initconst = {
+ 0x66, 0xc0, 0xae, 0x70, 0x07, 0x6c, 0xb1, 0x4d
+};
+static const u8 enc_nonce023[] __initconst = {
+ 0xb4, 0xea, 0x66, 0x6e, 0xe1, 0x19, 0x56, 0x33,
+ 0x66, 0x48, 0x4a, 0x78
+};
+static const u8 enc_key023[] __initconst = {
+ 0x11, 0x31, 0xc1, 0x41, 0x85, 0x77, 0xa0, 0x54,
+ 0xde, 0x7a, 0x4a, 0xc5, 0x51, 0x95, 0x0f, 0x1a,
+ 0x05, 0x3f, 0x9a, 0xe4, 0x6e, 0x5b, 0x75, 0xfe,
+ 0x4a, 0xbd, 0x56, 0x08, 0xd7, 0xcd, 0xda, 0xdd
+};
+
+/* wycheproof - misc */
+static const u8 enc_input024[] __initconst = {
+ 0x42, 0xba, 0xae, 0x59, 0x78, 0xfe, 0xaf, 0x5c,
+ 0x36, 0x8d, 0x14, 0xe0
+};
+static const u8 enc_output024[] __initconst = {
+ 0xff, 0x7d, 0xc2, 0x03, 0xb2, 0x6c, 0x46, 0x7a,
+ 0x6b, 0x50, 0xdb, 0x33, 0x57, 0x8c, 0x0f, 0x27,
+ 0x58, 0xc2, 0xe1, 0x4e, 0x36, 0xd4, 0xfc, 0x10,
+ 0x6d, 0xcb, 0x29, 0xb4
+};
+static const u8 enc_assoc024[] __initconst = { };
+static const u8 enc_nonce024[] __initconst = {
+ 0x9a, 0x59, 0xfc, 0xe2, 0x6d, 0xf0, 0x00, 0x5e,
+ 0x07, 0x53, 0x86, 0x56
+};
+static const u8 enc_key024[] __initconst = {
+ 0x99, 0xb6, 0x2b, 0xd5, 0xaf, 0xbe, 0x3f, 0xb0,
+ 0x15, 0xbd, 0xe9, 0x3f, 0x0a, 0xbf, 0x48, 0x39,
+ 0x57, 0xa1, 0xc3, 0xeb, 0x3c, 0xa5, 0x9c, 0xb5,
+ 0x0b, 0x39, 0xf7, 0xf8, 0xa9, 0xcc, 0x51, 0xbe
+};
+
+/* wycheproof - misc */
+static const u8 enc_input025[] __initconst = {
+ 0xfd, 0xc8, 0x5b, 0x94, 0xa4, 0xb2, 0xa6, 0xb7,
+ 0x59, 0xb1, 0xa0, 0xda
+};
+static const u8 enc_output025[] __initconst = {
+ 0x9f, 0x88, 0x16, 0xde, 0x09, 0x94, 0xe9, 0x38,
+ 0xd9, 0xe5, 0x3f, 0x95, 0xd0, 0x86, 0xfc, 0x6c,
+ 0x9d, 0x8f, 0xa9, 0x15, 0xfd, 0x84, 0x23, 0xa7,
+ 0xcf, 0x05, 0x07, 0x2f
+};
+static const u8 enc_assoc025[] __initconst = {
+ 0xa5, 0x06, 0xe1, 0xa5, 0xc6, 0x90, 0x93, 0xf9
+};
+static const u8 enc_nonce025[] __initconst = {
+ 0x58, 0xdb, 0xd4, 0xad, 0x2c, 0x4a, 0xd3, 0x5d,
+ 0xd9, 0x06, 0xe9, 0xce
+};
+static const u8 enc_key025[] __initconst = {
+ 0x85, 0xf3, 0x5b, 0x62, 0x82, 0xcf, 0xf4, 0x40,
+ 0xbc, 0x10, 0x20, 0xc8, 0x13, 0x6f, 0xf2, 0x70,
+ 0x31, 0x11, 0x0f, 0xa6, 0x3e, 0xc1, 0x6f, 0x1e,
+ 0x82, 0x51, 0x18, 0xb0, 0x06, 0xb9, 0x12, 0x57
+};
+
+/* wycheproof - misc */
+static const u8 enc_input026[] __initconst = {
+ 0x51, 0xf8, 0xc1, 0xf7, 0x31, 0xea, 0x14, 0xac,
+ 0xdb, 0x21, 0x0a, 0x6d, 0x97, 0x3e, 0x07
+};
+static const u8 enc_output026[] __initconst = {
+ 0x0b, 0x29, 0x63, 0x8e, 0x1f, 0xbd, 0xd6, 0xdf,
+ 0x53, 0x97, 0x0b, 0xe2, 0x21, 0x00, 0x42, 0x2a,
+ 0x91, 0x34, 0x08, 0x7d, 0x67, 0xa4, 0x6e, 0x79,
+ 0x17, 0x8d, 0x0a, 0x93, 0xf5, 0xe1, 0xd2
+};
+static const u8 enc_assoc026[] __initconst = { };
+static const u8 enc_nonce026[] __initconst = {
+ 0x68, 0xab, 0x7f, 0xdb, 0xf6, 0x19, 0x01, 0xda,
+ 0xd4, 0x61, 0xd2, 0x3c
+};
+static const u8 enc_key026[] __initconst = {
+ 0x67, 0x11, 0x96, 0x27, 0xbd, 0x98, 0x8e, 0xda,
+ 0x90, 0x62, 0x19, 0xe0, 0x8c, 0x0d, 0x0d, 0x77,
+ 0x9a, 0x07, 0xd2, 0x08, 0xce, 0x8a, 0x4f, 0xe0,
+ 0x70, 0x9a, 0xf7, 0x55, 0xee, 0xec, 0x6d, 0xcb
+};
+
+/* wycheproof - misc */
+static const u8 enc_input027[] __initconst = {
+ 0x97, 0x46, 0x9d, 0xa6, 0x67, 0xd6, 0x11, 0x0f,
+ 0x9c, 0xbd, 0xa1, 0xd1, 0xa2, 0x06, 0x73
+};
+static const u8 enc_output027[] __initconst = {
+ 0x32, 0xdb, 0x66, 0xc4, 0xa3, 0x81, 0x9d, 0x81,
+ 0x55, 0x74, 0x55, 0xe5, 0x98, 0x0f, 0xed, 0xfe,
+ 0xae, 0x30, 0xde, 0xc9, 0x4e, 0x6a, 0xd3, 0xa9,
+ 0xee, 0xa0, 0x6a, 0x0d, 0x70, 0x39, 0x17
+};
+static const u8 enc_assoc027[] __initconst = {
+ 0x64, 0x53, 0xa5, 0x33, 0x84, 0x63, 0x22, 0x12
+};
+static const u8 enc_nonce027[] __initconst = {
+ 0xd9, 0x5b, 0x32, 0x43, 0xaf, 0xae, 0xf7, 0x14,
+ 0xc5, 0x03, 0x5b, 0x6a
+};
+static const u8 enc_key027[] __initconst = {
+ 0xe6, 0xf1, 0x11, 0x8d, 0x41, 0xe4, 0xb4, 0x3f,
+ 0xb5, 0x82, 0x21, 0xb7, 0xed, 0x79, 0x67, 0x38,
+ 0x34, 0xe0, 0xd8, 0xac, 0x5c, 0x4f, 0xa6, 0x0b,
+ 0xbc, 0x8b, 0xc4, 0x89, 0x3a, 0x58, 0x89, 0x4d
+};
+
+/* wycheproof - misc */
+static const u8 enc_input028[] __initconst = {
+ 0x54, 0x9b, 0x36, 0x5a, 0xf9, 0x13, 0xf3, 0xb0,
+ 0x81, 0x13, 0x1c, 0xcb, 0x6b, 0x82, 0x55, 0x88
+};
+static const u8 enc_output028[] __initconst = {
+ 0xe9, 0x11, 0x0e, 0x9f, 0x56, 0xab, 0x3c, 0xa4,
+ 0x83, 0x50, 0x0c, 0xea, 0xba, 0xb6, 0x7a, 0x13,
+ 0x83, 0x6c, 0xca, 0xbf, 0x15, 0xa6, 0xa2, 0x2a,
+ 0x51, 0xc1, 0x07, 0x1c, 0xfa, 0x68, 0xfa, 0x0c
+};
+static const u8 enc_assoc028[] __initconst = { };
+static const u8 enc_nonce028[] __initconst = {
+ 0x2f, 0xcb, 0x1b, 0x38, 0xa9, 0x9e, 0x71, 0xb8,
+ 0x47, 0x40, 0xad, 0x9b
+};
+static const u8 enc_key028[] __initconst = {
+ 0x59, 0xd4, 0xea, 0xfb, 0x4d, 0xe0, 0xcf, 0xc7,
+ 0xd3, 0xdb, 0x99, 0xa8, 0xf5, 0x4b, 0x15, 0xd7,
+ 0xb3, 0x9f, 0x0a, 0xcc, 0x8d, 0xa6, 0x97, 0x63,
+ 0xb0, 0x19, 0xc1, 0x69, 0x9f, 0x87, 0x67, 0x4a
+};
+
+/* wycheproof - misc */
+static const u8 enc_input029[] __initconst = {
+ 0x55, 0xa4, 0x65, 0x64, 0x4f, 0x5b, 0x65, 0x09,
+ 0x28, 0xcb, 0xee, 0x7c, 0x06, 0x32, 0x14, 0xd6
+};
+static const u8 enc_output029[] __initconst = {
+ 0xe4, 0xb1, 0x13, 0xcb, 0x77, 0x59, 0x45, 0xf3,
+ 0xd3, 0xa8, 0xae, 0x9e, 0xc1, 0x41, 0xc0, 0x0c,
+ 0x7c, 0x43, 0xf1, 0x6c, 0xe0, 0x96, 0xd0, 0xdc,
+ 0x27, 0xc9, 0x58, 0x49, 0xdc, 0x38, 0x3b, 0x7d
+};
+static const u8 enc_assoc029[] __initconst = {
+ 0x03, 0x45, 0x85, 0x62, 0x1a, 0xf8, 0xd7, 0xff
+};
+static const u8 enc_nonce029[] __initconst = {
+ 0x11, 0x8a, 0x69, 0x64, 0xc2, 0xd3, 0xe3, 0x80,
+ 0x07, 0x1f, 0x52, 0x66
+};
+static const u8 enc_key029[] __initconst = {
+ 0xb9, 0x07, 0xa4, 0x50, 0x75, 0x51, 0x3f, 0xe8,
+ 0xa8, 0x01, 0x9e, 0xde, 0xe3, 0xf2, 0x59, 0x14,
+ 0x87, 0xb2, 0xa0, 0x30, 0xb0, 0x3c, 0x6e, 0x1d,
+ 0x77, 0x1c, 0x86, 0x25, 0x71, 0xd2, 0xea, 0x1e
+};
+
+/* wycheproof - misc */
+static const u8 enc_input030[] __initconst = {
+ 0x3f, 0xf1, 0x51, 0x4b, 0x1c, 0x50, 0x39, 0x15,
+ 0x91, 0x8f, 0x0c, 0x0c, 0x31, 0x09, 0x4a, 0x6e,
+ 0x1f
+};
+static const u8 enc_output030[] __initconst = {
+ 0x02, 0xcc, 0x3a, 0xcb, 0x5e, 0xe1, 0xfc, 0xdd,
+ 0x12, 0xa0, 0x3b, 0xb8, 0x57, 0x97, 0x64, 0x74,
+ 0xd3, 0xd8, 0x3b, 0x74, 0x63, 0xa2, 0xc3, 0x80,
+ 0x0f, 0xe9, 0x58, 0xc2, 0x8e, 0xaa, 0x29, 0x08,
+ 0x13
+};
+static const u8 enc_assoc030[] __initconst = { };
+static const u8 enc_nonce030[] __initconst = {
+ 0x45, 0xaa, 0xa3, 0xe5, 0xd1, 0x6d, 0x2d, 0x42,
+ 0xdc, 0x03, 0x44, 0x5d
+};
+static const u8 enc_key030[] __initconst = {
+ 0x3b, 0x24, 0x58, 0xd8, 0x17, 0x6e, 0x16, 0x21,
+ 0xc0, 0xcc, 0x24, 0xc0, 0xc0, 0xe2, 0x4c, 0x1e,
+ 0x80, 0xd7, 0x2f, 0x7e, 0xe9, 0x14, 0x9a, 0x4b,
+ 0x16, 0x61, 0x76, 0x62, 0x96, 0x16, 0xd0, 0x11
+};
+
+/* wycheproof - misc */
+static const u8 enc_input031[] __initconst = {
+ 0x63, 0x85, 0x8c, 0xa3, 0xe2, 0xce, 0x69, 0x88,
+ 0x7b, 0x57, 0x8a, 0x3c, 0x16, 0x7b, 0x42, 0x1c,
+ 0x9c
+};
+static const u8 enc_output031[] __initconst = {
+ 0x35, 0x76, 0x64, 0x88, 0xd2, 0xbc, 0x7c, 0x2b,
+ 0x8d, 0x17, 0xcb, 0xbb, 0x9a, 0xbf, 0xad, 0x9e,
+ 0x6d, 0x1f, 0x39, 0x1e, 0x65, 0x7b, 0x27, 0x38,
+ 0xdd, 0xa0, 0x84, 0x48, 0xcb, 0xa2, 0x81, 0x1c,
+ 0xeb
+};
+static const u8 enc_assoc031[] __initconst = {
+ 0x9a, 0xaf, 0x29, 0x9e, 0xee, 0xa7, 0x8f, 0x79
+};
+static const u8 enc_nonce031[] __initconst = {
+ 0xf0, 0x38, 0x4f, 0xb8, 0x76, 0x12, 0x14, 0x10,
+ 0x63, 0x3d, 0x99, 0x3d
+};
+static const u8 enc_key031[] __initconst = {
+ 0xf6, 0x0c, 0x6a, 0x1b, 0x62, 0x57, 0x25, 0xf7,
+ 0x6c, 0x70, 0x37, 0xb4, 0x8f, 0xe3, 0x57, 0x7f,
+ 0xa7, 0xf7, 0xb8, 0x7b, 0x1b, 0xd5, 0xa9, 0x82,
+ 0x17, 0x6d, 0x18, 0x23, 0x06, 0xff, 0xb8, 0x70
+};
+
+/* wycheproof - misc */
+static const u8 enc_input032[] __initconst = {
+ 0x10, 0xf1, 0xec, 0xf9, 0xc6, 0x05, 0x84, 0x66,
+ 0x5d, 0x9a, 0xe5, 0xef, 0xe2, 0x79, 0xe7, 0xf7,
+ 0x37, 0x7e, 0xea, 0x69, 0x16, 0xd2, 0xb1, 0x11
+};
+static const u8 enc_output032[] __initconst = {
+ 0x42, 0xf2, 0x6c, 0x56, 0xcb, 0x4b, 0xe2, 0x1d,
+ 0x9d, 0x8d, 0x0c, 0x80, 0xfc, 0x99, 0xdd, 0xe0,
+ 0x0d, 0x75, 0xf3, 0x80, 0x74, 0xbf, 0xe7, 0x64,
+ 0x54, 0xaa, 0x7e, 0x13, 0xd4, 0x8f, 0xff, 0x7d,
+ 0x75, 0x57, 0x03, 0x94, 0x57, 0x04, 0x0a, 0x3a
+};
+static const u8 enc_assoc032[] __initconst = { };
+static const u8 enc_nonce032[] __initconst = {
+ 0xe6, 0xb1, 0xad, 0xf2, 0xfd, 0x58, 0xa8, 0x76,
+ 0x2c, 0x65, 0xf3, 0x1b
+};
+static const u8 enc_key032[] __initconst = {
+ 0x02, 0x12, 0xa8, 0xde, 0x50, 0x07, 0xed, 0x87,
+ 0xb3, 0x3f, 0x1a, 0x70, 0x90, 0xb6, 0x11, 0x4f,
+ 0x9e, 0x08, 0xce, 0xfd, 0x96, 0x07, 0xf2, 0xc2,
+ 0x76, 0xbd, 0xcf, 0xdb, 0xc5, 0xce, 0x9c, 0xd7
+};
+
+/* wycheproof - misc */
+static const u8 enc_input033[] __initconst = {
+ 0x92, 0x22, 0xf9, 0x01, 0x8e, 0x54, 0xfd, 0x6d,
+ 0xe1, 0x20, 0x08, 0x06, 0xa9, 0xee, 0x8e, 0x4c,
+ 0xc9, 0x04, 0xd2, 0x9f, 0x25, 0xcb, 0xa1, 0x93
+};
+static const u8 enc_output033[] __initconst = {
+ 0x12, 0x30, 0x32, 0x43, 0x7b, 0x4b, 0xfd, 0x69,
+ 0x20, 0xe8, 0xf7, 0xe7, 0xe0, 0x08, 0x7a, 0xe4,
+ 0x88, 0x9e, 0xbe, 0x7a, 0x0a, 0xd0, 0xe9, 0x00,
+ 0x3c, 0xf6, 0x8f, 0x17, 0x95, 0x50, 0xda, 0x63,
+ 0xd3, 0xb9, 0x6c, 0x2d, 0x55, 0x41, 0x18, 0x65
+};
+static const u8 enc_assoc033[] __initconst = {
+ 0x3e, 0x8b, 0xc5, 0xad, 0xe1, 0x82, 0xff, 0x08
+};
+static const u8 enc_nonce033[] __initconst = {
+ 0x6b, 0x28, 0x2e, 0xbe, 0xcc, 0x54, 0x1b, 0xcd,
+ 0x78, 0x34, 0xed, 0x55
+};
+static const u8 enc_key033[] __initconst = {
+ 0xc5, 0xbc, 0x09, 0x56, 0x56, 0x46, 0xe7, 0xed,
+ 0xda, 0x95, 0x4f, 0x1f, 0x73, 0x92, 0x23, 0xda,
+ 0xda, 0x20, 0xb9, 0x5c, 0x44, 0xab, 0x03, 0x3d,
+ 0x0f, 0xae, 0x4b, 0x02, 0x83, 0xd1, 0x8b, 0xe3
+};
+
+/* wycheproof - misc */
+static const u8 enc_input034[] __initconst = {
+ 0xb0, 0x53, 0x99, 0x92, 0x86, 0xa2, 0x82, 0x4f,
+ 0x42, 0xcc, 0x8c, 0x20, 0x3a, 0xb2, 0x4e, 0x2c,
+ 0x97, 0xa6, 0x85, 0xad, 0xcc, 0x2a, 0xd3, 0x26,
+ 0x62, 0x55, 0x8e, 0x55, 0xa5, 0xc7, 0x29
+};
+static const u8 enc_output034[] __initconst = {
+ 0x45, 0xc7, 0xd6, 0xb5, 0x3a, 0xca, 0xd4, 0xab,
+ 0xb6, 0x88, 0x76, 0xa6, 0xe9, 0x6a, 0x48, 0xfb,
+ 0x59, 0x52, 0x4d, 0x2c, 0x92, 0xc9, 0xd8, 0xa1,
+ 0x89, 0xc9, 0xfd, 0x2d, 0xb9, 0x17, 0x46, 0x56,
+ 0x6d, 0x3c, 0xa1, 0x0e, 0x31, 0x1b, 0x69, 0x5f,
+ 0x3e, 0xae, 0x15, 0x51, 0x65, 0x24, 0x93
+};
+static const u8 enc_assoc034[] __initconst = { };
+static const u8 enc_nonce034[] __initconst = {
+ 0x04, 0xa9, 0xbe, 0x03, 0x50, 0x8a, 0x5f, 0x31,
+ 0x37, 0x1a, 0x6f, 0xd2
+};
+static const u8 enc_key034[] __initconst = {
+ 0x2e, 0xb5, 0x1c, 0x46, 0x9a, 0xa8, 0xeb, 0x9e,
+ 0x6c, 0x54, 0xa8, 0x34, 0x9b, 0xae, 0x50, 0xa2,
+ 0x0f, 0x0e, 0x38, 0x27, 0x11, 0xbb, 0xa1, 0x15,
+ 0x2c, 0x42, 0x4f, 0x03, 0xb6, 0x67, 0x1d, 0x71
+};
+
+/* wycheproof - misc */
+static const u8 enc_input035[] __initconst = {
+ 0xf4, 0x52, 0x06, 0xab, 0xc2, 0x55, 0x52, 0xb2,
+ 0xab, 0xc9, 0xab, 0x7f, 0xa2, 0x43, 0x03, 0x5f,
+ 0xed, 0xaa, 0xdd, 0xc3, 0xb2, 0x29, 0x39, 0x56,
+ 0xf1, 0xea, 0x6e, 0x71, 0x56, 0xe7, 0xeb
+};
+static const u8 enc_output035[] __initconst = {
+ 0x46, 0xa8, 0x0c, 0x41, 0x87, 0x02, 0x47, 0x20,
+ 0x08, 0x46, 0x27, 0x58, 0x00, 0x80, 0xdd, 0xe5,
+ 0xa3, 0xf4, 0xa1, 0x10, 0x93, 0xa7, 0x07, 0x6e,
+ 0xd6, 0xf3, 0xd3, 0x26, 0xbc, 0x7b, 0x70, 0x53,
+ 0x4d, 0x4a, 0xa2, 0x83, 0x5a, 0x52, 0xe7, 0x2d,
+ 0x14, 0xdf, 0x0e, 0x4f, 0x47, 0xf2, 0x5f
+};
+static const u8 enc_assoc035[] __initconst = {
+ 0x37, 0x46, 0x18, 0xa0, 0x6e, 0xa9, 0x8a, 0x48
+};
+static const u8 enc_nonce035[] __initconst = {
+ 0x47, 0x0a, 0x33, 0x9e, 0xcb, 0x32, 0x19, 0xb8,
+ 0xb8, 0x1a, 0x1f, 0x8b
+};
+static const u8 enc_key035[] __initconst = {
+ 0x7f, 0x5b, 0x74, 0xc0, 0x7e, 0xd1, 0xb4, 0x0f,
+ 0xd1, 0x43, 0x58, 0xfe, 0x2f, 0xf2, 0xa7, 0x40,
+ 0xc1, 0x16, 0xc7, 0x70, 0x65, 0x10, 0xe6, 0xa4,
+ 0x37, 0xf1, 0x9e, 0xa4, 0x99, 0x11, 0xce, 0xc4
+};
+
+/* wycheproof - misc */
+static const u8 enc_input036[] __initconst = {
+ 0xb9, 0xc5, 0x54, 0xcb, 0xc3, 0x6a, 0xc1, 0x8a,
+ 0xe8, 0x97, 0xdf, 0x7b, 0xee, 0xca, 0xc1, 0xdb,
+ 0xeb, 0x4e, 0xaf, 0xa1, 0x56, 0xbb, 0x60, 0xce,
+ 0x2e, 0x5d, 0x48, 0xf0, 0x57, 0x15, 0xe6, 0x78
+};
+static const u8 enc_output036[] __initconst = {
+ 0xea, 0x29, 0xaf, 0xa4, 0x9d, 0x36, 0xe8, 0x76,
+ 0x0f, 0x5f, 0xe1, 0x97, 0x23, 0xb9, 0x81, 0x1e,
+ 0xd5, 0xd5, 0x19, 0x93, 0x4a, 0x44, 0x0f, 0x50,
+ 0x81, 0xac, 0x43, 0x0b, 0x95, 0x3b, 0x0e, 0x21,
+ 0x22, 0x25, 0x41, 0xaf, 0x46, 0xb8, 0x65, 0x33,
+ 0xc6, 0xb6, 0x8d, 0x2f, 0xf1, 0x08, 0xa7, 0xea
+};
+static const u8 enc_assoc036[] __initconst = { };
+static const u8 enc_nonce036[] __initconst = {
+ 0x72, 0xcf, 0xd9, 0x0e, 0xf3, 0x02, 0x6c, 0xa2,
+ 0x2b, 0x7e, 0x6e, 0x6a
+};
+static const u8 enc_key036[] __initconst = {
+ 0xe1, 0x73, 0x1d, 0x58, 0x54, 0xe1, 0xb7, 0x0c,
+ 0xb3, 0xff, 0xe8, 0xb7, 0x86, 0xa2, 0xb3, 0xeb,
+ 0xf0, 0x99, 0x43, 0x70, 0x95, 0x47, 0x57, 0xb9,
+ 0xdc, 0x8c, 0x7b, 0xc5, 0x35, 0x46, 0x34, 0xa3
+};
+
+/* wycheproof - misc */
+static const u8 enc_input037[] __initconst = {
+ 0x6b, 0x26, 0x04, 0x99, 0x6c, 0xd3, 0x0c, 0x14,
+ 0xa1, 0x3a, 0x52, 0x57, 0xed, 0x6c, 0xff, 0xd3,
+ 0xbc, 0x5e, 0x29, 0xd6, 0xb9, 0x7e, 0xb1, 0x79,
+ 0x9e, 0xb3, 0x35, 0xe2, 0x81, 0xea, 0x45, 0x1e
+};
+static const u8 enc_output037[] __initconst = {
+ 0x6d, 0xad, 0x63, 0x78, 0x97, 0x54, 0x4d, 0x8b,
+ 0xf6, 0xbe, 0x95, 0x07, 0xed, 0x4d, 0x1b, 0xb2,
+ 0xe9, 0x54, 0xbc, 0x42, 0x7e, 0x5d, 0xe7, 0x29,
+ 0xda, 0xf5, 0x07, 0x62, 0x84, 0x6f, 0xf2, 0xf4,
+ 0x7b, 0x99, 0x7d, 0x93, 0xc9, 0x82, 0x18, 0x9d,
+ 0x70, 0x95, 0xdc, 0x79, 0x4c, 0x74, 0x62, 0x32
+};
+static const u8 enc_assoc037[] __initconst = {
+ 0x23, 0x33, 0xe5, 0xce, 0x0f, 0x93, 0xb0, 0x59
+};
+static const u8 enc_nonce037[] __initconst = {
+ 0x26, 0x28, 0x80, 0xd4, 0x75, 0xf3, 0xda, 0xc5,
+ 0x34, 0x0d, 0xd1, 0xb8
+};
+static const u8 enc_key037[] __initconst = {
+ 0x27, 0xd8, 0x60, 0x63, 0x1b, 0x04, 0x85, 0xa4,
+ 0x10, 0x70, 0x2f, 0xea, 0x61, 0xbc, 0x87, 0x3f,
+ 0x34, 0x42, 0x26, 0x0c, 0xad, 0xed, 0x4a, 0xbd,
+ 0xe2, 0x5b, 0x78, 0x6a, 0x2d, 0x97, 0xf1, 0x45
+};
+
+/* wycheproof - misc */
+static const u8 enc_input038[] __initconst = {
+ 0x97, 0x3d, 0x0c, 0x75, 0x38, 0x26, 0xba, 0xe4,
+ 0x66, 0xcf, 0x9a, 0xbb, 0x34, 0x93, 0x15, 0x2e,
+ 0x9d, 0xe7, 0x81, 0x9e, 0x2b, 0xd0, 0xc7, 0x11,
+ 0x71, 0x34, 0x6b, 0x4d, 0x2c, 0xeb, 0xf8, 0x04,
+ 0x1a, 0xa3, 0xce, 0xdc, 0x0d, 0xfd, 0x7b, 0x46,
+ 0x7e, 0x26, 0x22, 0x8b, 0xc8, 0x6c, 0x9a
+};
+static const u8 enc_output038[] __initconst = {
+ 0xfb, 0xa7, 0x8a, 0xe4, 0xf9, 0xd8, 0x08, 0xa6,
+ 0x2e, 0x3d, 0xa4, 0x0b, 0xe2, 0xcb, 0x77, 0x00,
+ 0xc3, 0x61, 0x3d, 0x9e, 0xb2, 0xc5, 0x29, 0xc6,
+ 0x52, 0xe7, 0x6a, 0x43, 0x2c, 0x65, 0x8d, 0x27,
+ 0x09, 0x5f, 0x0e, 0xb8, 0xf9, 0x40, 0xc3, 0x24,
+ 0x98, 0x1e, 0xa9, 0x35, 0xe5, 0x07, 0xf9, 0x8f,
+ 0x04, 0x69, 0x56, 0xdb, 0x3a, 0x51, 0x29, 0x08,
+ 0xbd, 0x7a, 0xfc, 0x8f, 0x2a, 0xb0, 0xa9
+};
+static const u8 enc_assoc038[] __initconst = { };
+static const u8 enc_nonce038[] __initconst = {
+ 0xe7, 0x4a, 0x51, 0x5e, 0x7e, 0x21, 0x02, 0xb9,
+ 0x0b, 0xef, 0x55, 0xd2
+};
+static const u8 enc_key038[] __initconst = {
+ 0xcf, 0x0d, 0x40, 0xa4, 0x64, 0x4e, 0x5f, 0x51,
+ 0x81, 0x51, 0x65, 0xd5, 0x30, 0x1b, 0x22, 0x63,
+ 0x1f, 0x45, 0x44, 0xc4, 0x9a, 0x18, 0x78, 0xe3,
+ 0xa0, 0xa5, 0xe8, 0xe1, 0xaa, 0xe0, 0xf2, 0x64
+};
+
+/* wycheproof - misc */
+static const u8 enc_input039[] __initconst = {
+ 0xa9, 0x89, 0x95, 0x50, 0x4d, 0xf1, 0x6f, 0x74,
+ 0x8b, 0xfb, 0x77, 0x85, 0xff, 0x91, 0xee, 0xb3,
+ 0xb6, 0x60, 0xea, 0x9e, 0xd3, 0x45, 0x0c, 0x3d,
+ 0x5e, 0x7b, 0x0e, 0x79, 0xef, 0x65, 0x36, 0x59,
+ 0xa9, 0x97, 0x8d, 0x75, 0x54, 0x2e, 0xf9, 0x1c,
+ 0x45, 0x67, 0x62, 0x21, 0x56, 0x40, 0xb9
+};
+static const u8 enc_output039[] __initconst = {
+ 0xa1, 0xff, 0xed, 0x80, 0x76, 0x18, 0x29, 0xec,
+ 0xce, 0x24, 0x2e, 0x0e, 0x88, 0xb1, 0x38, 0x04,
+ 0x90, 0x16, 0xbc, 0xa0, 0x18, 0xda, 0x2b, 0x6e,
+ 0x19, 0x98, 0x6b, 0x3e, 0x31, 0x8c, 0xae, 0x8d,
+ 0x80, 0x61, 0x98, 0xfb, 0x4c, 0x52, 0x7c, 0xc3,
+ 0x93, 0x50, 0xeb, 0xdd, 0xea, 0xc5, 0x73, 0xc4,
+ 0xcb, 0xf0, 0xbe, 0xfd, 0xa0, 0xb7, 0x02, 0x42,
+ 0xc6, 0x40, 0xd7, 0xcd, 0x02, 0xd7, 0xa3
+};
+static const u8 enc_assoc039[] __initconst = {
+ 0xb3, 0xe4, 0x06, 0x46, 0x83, 0xb0, 0x2d, 0x84
+};
+static const u8 enc_nonce039[] __initconst = {
+ 0xd4, 0xd8, 0x07, 0x34, 0x16, 0x83, 0x82, 0x5b,
+ 0x31, 0xcd, 0x4d, 0x95
+};
+static const u8 enc_key039[] __initconst = {
+ 0x6c, 0xbf, 0xd7, 0x1c, 0x64, 0x5d, 0x18, 0x4c,
+ 0xf5, 0xd2, 0x3c, 0x40, 0x2b, 0xdb, 0x0d, 0x25,
+ 0xec, 0x54, 0x89, 0x8c, 0x8a, 0x02, 0x73, 0xd4,
+ 0x2e, 0xb5, 0xbe, 0x10, 0x9f, 0xdc, 0xb2, 0xac
+};
+
+/* wycheproof - misc */
+static const u8 enc_input040[] __initconst = {
+ 0xd0, 0x96, 0x80, 0x31, 0x81, 0xbe, 0xef, 0x9e,
+ 0x00, 0x8f, 0xf8, 0x5d, 0x5d, 0xdc, 0x38, 0xdd,
+ 0xac, 0xf0, 0xf0, 0x9e, 0xe5, 0xf7, 0xe0, 0x7f,
+ 0x1e, 0x40, 0x79, 0xcb, 0x64, 0xd0, 0xdc, 0x8f,
+ 0x5e, 0x67, 0x11, 0xcd, 0x49, 0x21, 0xa7, 0x88,
+ 0x7d, 0xe7, 0x6e, 0x26, 0x78, 0xfd, 0xc6, 0x76,
+ 0x18, 0xf1, 0x18, 0x55, 0x86, 0xbf, 0xea, 0x9d,
+ 0x4c, 0x68, 0x5d, 0x50, 0xe4, 0xbb, 0x9a, 0x82
+};
+static const u8 enc_output040[] __initconst = {
+ 0x9a, 0x4e, 0xf2, 0x2b, 0x18, 0x16, 0x77, 0xb5,
+ 0x75, 0x5c, 0x08, 0xf7, 0x47, 0xc0, 0xf8, 0xd8,
+ 0xe8, 0xd4, 0xc1, 0x8a, 0x9c, 0xc2, 0x40, 0x5c,
+ 0x12, 0xbb, 0x51, 0xbb, 0x18, 0x72, 0xc8, 0xe8,
+ 0xb8, 0x77, 0x67, 0x8b, 0xec, 0x44, 0x2c, 0xfc,
+ 0xbb, 0x0f, 0xf4, 0x64, 0xa6, 0x4b, 0x74, 0x33,
+ 0x2c, 0xf0, 0x72, 0x89, 0x8c, 0x7e, 0x0e, 0xdd,
+ 0xf6, 0x23, 0x2e, 0xa6, 0xe2, 0x7e, 0xfe, 0x50,
+ 0x9f, 0xf3, 0x42, 0x7a, 0x0f, 0x32, 0xfa, 0x56,
+ 0x6d, 0x9c, 0xa0, 0xa7, 0x8a, 0xef, 0xc0, 0x13
+};
+static const u8 enc_assoc040[] __initconst = { };
+static const u8 enc_nonce040[] __initconst = {
+ 0xd6, 0x10, 0x40, 0xa3, 0x13, 0xed, 0x49, 0x28,
+ 0x23, 0xcc, 0x06, 0x5b
+};
+static const u8 enc_key040[] __initconst = {
+ 0x5b, 0x1d, 0x10, 0x35, 0xc0, 0xb1, 0x7e, 0xe0,
+ 0xb0, 0x44, 0x47, 0x67, 0xf8, 0x0a, 0x25, 0xb8,
+ 0xc1, 0xb7, 0x41, 0xf4, 0xb5, 0x0a, 0x4d, 0x30,
+ 0x52, 0x22, 0x6b, 0xaa, 0x1c, 0x6f, 0xb7, 0x01
+};
+
+/* wycheproof - misc */
+static const u8 enc_input041[] __initconst = {
+ 0x94, 0xee, 0x16, 0x6d, 0x6d, 0x6e, 0xcf, 0x88,
+ 0x32, 0x43, 0x71, 0x36, 0xb4, 0xae, 0x80, 0x5d,
+ 0x42, 0x88, 0x64, 0x35, 0x95, 0x86, 0xd9, 0x19,
+ 0x3a, 0x25, 0x01, 0x62, 0x93, 0xed, 0xba, 0x44,
+ 0x3c, 0x58, 0xe0, 0x7e, 0x7b, 0x71, 0x95, 0xec,
+ 0x5b, 0xd8, 0x45, 0x82, 0xa9, 0xd5, 0x6c, 0x8d,
+ 0x4a, 0x10, 0x8c, 0x7d, 0x7c, 0xe3, 0x4e, 0x6c,
+ 0x6f, 0x8e, 0xa1, 0xbe, 0xc0, 0x56, 0x73, 0x17
+};
+static const u8 enc_output041[] __initconst = {
+ 0x5f, 0xbb, 0xde, 0xcc, 0x34, 0xbe, 0x20, 0x16,
+ 0x14, 0xf6, 0x36, 0x03, 0x1e, 0xeb, 0x42, 0xf1,
+ 0xca, 0xce, 0x3c, 0x79, 0xa1, 0x2c, 0xff, 0xd8,
+ 0x71, 0xee, 0x8e, 0x73, 0x82, 0x0c, 0x82, 0x97,
+ 0x49, 0xf1, 0xab, 0xb4, 0x29, 0x43, 0x67, 0x84,
+ 0x9f, 0xb6, 0xc2, 0xaa, 0x56, 0xbd, 0xa8, 0xa3,
+ 0x07, 0x8f, 0x72, 0x3d, 0x7c, 0x1c, 0x85, 0x20,
+ 0x24, 0xb0, 0x17, 0xb5, 0x89, 0x73, 0xfb, 0x1e,
+ 0x09, 0x26, 0x3d, 0xa7, 0xb4, 0xcb, 0x92, 0x14,
+ 0x52, 0xf9, 0x7d, 0xca, 0x40, 0xf5, 0x80, 0xec
+};
+static const u8 enc_assoc041[] __initconst = {
+ 0x71, 0x93, 0xf6, 0x23, 0x66, 0x33, 0x21, 0xa2
+};
+static const u8 enc_nonce041[] __initconst = {
+ 0xd3, 0x1c, 0x21, 0xab, 0xa1, 0x75, 0xb7, 0x0d,
+ 0xe4, 0xeb, 0xb1, 0x9c
+};
+static const u8 enc_key041[] __initconst = {
+ 0x97, 0xd6, 0x35, 0xc4, 0xf4, 0x75, 0x74, 0xd9,
+ 0x99, 0x8a, 0x90, 0x87, 0x5d, 0xa1, 0xd3, 0xa2,
+ 0x84, 0xb7, 0x55, 0xb2, 0xd3, 0x92, 0x97, 0xa5,
+ 0x72, 0x52, 0x35, 0x19, 0x0e, 0x10, 0xa9, 0x7e
+};
+
+/* wycheproof - misc */
+static const u8 enc_input042[] __initconst = {
+ 0xb4, 0x29, 0xeb, 0x80, 0xfb, 0x8f, 0xe8, 0xba,
+ 0xed, 0xa0, 0xc8, 0x5b, 0x9c, 0x33, 0x34, 0x58,
+ 0xe7, 0xc2, 0x99, 0x2e, 0x55, 0x84, 0x75, 0x06,
+ 0x9d, 0x12, 0xd4, 0x5c, 0x22, 0x21, 0x75, 0x64,
+ 0x12, 0x15, 0x88, 0x03, 0x22, 0x97, 0xef, 0xf5,
+ 0x67, 0x83, 0x74, 0x2a, 0x5f, 0xc2, 0x2d, 0x74,
+ 0x10, 0xff, 0xb2, 0x9d, 0x66, 0x09, 0x86, 0x61,
+ 0xd7, 0x6f, 0x12, 0x6c, 0x3c, 0x27, 0x68, 0x9e,
+ 0x43, 0xb3, 0x72, 0x67, 0xca, 0xc5, 0xa3, 0xa6,
+ 0xd3, 0xab, 0x49, 0xe3, 0x91, 0xda, 0x29, 0xcd,
+ 0x30, 0x54, 0xa5, 0x69, 0x2e, 0x28, 0x07, 0xe4,
+ 0xc3, 0xea, 0x46, 0xc8, 0x76, 0x1d, 0x50, 0xf5,
+ 0x92
+};
+static const u8 enc_output042[] __initconst = {
+ 0xd0, 0x10, 0x2f, 0x6c, 0x25, 0x8b, 0xf4, 0x97,
+ 0x42, 0xce, 0xc3, 0x4c, 0xf2, 0xd0, 0xfe, 0xdf,
+ 0x23, 0xd1, 0x05, 0xfb, 0x4c, 0x84, 0xcf, 0x98,
+ 0x51, 0x5e, 0x1b, 0xc9, 0xa6, 0x4f, 0x8a, 0xd5,
+ 0xbe, 0x8f, 0x07, 0x21, 0xbd, 0xe5, 0x06, 0x45,
+ 0xd0, 0x00, 0x83, 0xc3, 0xa2, 0x63, 0xa3, 0x10,
+ 0x53, 0xb7, 0x60, 0x24, 0x5f, 0x52, 0xae, 0x28,
+ 0x66, 0xa5, 0xec, 0x83, 0xb1, 0x9f, 0x61, 0xbe,
+ 0x1d, 0x30, 0xd5, 0xc5, 0xd9, 0xfe, 0xcc, 0x4c,
+ 0xbb, 0xe0, 0x8f, 0xd3, 0x85, 0x81, 0x3a, 0x2a,
+ 0xa3, 0x9a, 0x00, 0xff, 0x9c, 0x10, 0xf7, 0xf2,
+ 0x37, 0x02, 0xad, 0xd1, 0xe4, 0xb2, 0xff, 0xa3,
+ 0x1c, 0x41, 0x86, 0x5f, 0xc7, 0x1d, 0xe1, 0x2b,
+ 0x19, 0x61, 0x21, 0x27, 0xce, 0x49, 0x99, 0x3b,
+ 0xb0
+};
+static const u8 enc_assoc042[] __initconst = { };
+static const u8 enc_nonce042[] __initconst = {
+ 0x17, 0xc8, 0x6a, 0x8a, 0xbb, 0xb7, 0xe0, 0x03,
+ 0xac, 0xde, 0x27, 0x99
+};
+static const u8 enc_key042[] __initconst = {
+ 0xfe, 0x6e, 0x55, 0xbd, 0xae, 0xd1, 0xf7, 0x28,
+ 0x4c, 0xa5, 0xfc, 0x0f, 0x8c, 0x5f, 0x2b, 0x8d,
+ 0xf5, 0x6d, 0xc0, 0xf4, 0x9e, 0x8c, 0xa6, 0x6a,
+ 0x41, 0x99, 0x5e, 0x78, 0x33, 0x51, 0xf9, 0x01
+};
+
+/* wycheproof - misc */
+static const u8 enc_input043[] __initconst = {
+ 0xce, 0xb5, 0x34, 0xce, 0x50, 0xdc, 0x23, 0xff,
+ 0x63, 0x8a, 0xce, 0x3e, 0xf6, 0x3a, 0xb2, 0xcc,
+ 0x29, 0x73, 0xee, 0xad, 0xa8, 0x07, 0x85, 0xfc,
+ 0x16, 0x5d, 0x06, 0xc2, 0xf5, 0x10, 0x0f, 0xf5,
+ 0xe8, 0xab, 0x28, 0x82, 0xc4, 0x75, 0xaf, 0xcd,
+ 0x05, 0xcc, 0xd4, 0x9f, 0x2e, 0x7d, 0x8f, 0x55,
+ 0xef, 0x3a, 0x72, 0xe3, 0xdc, 0x51, 0xd6, 0x85,
+ 0x2b, 0x8e, 0x6b, 0x9e, 0x7a, 0xec, 0xe5, 0x7b,
+ 0xe6, 0x55, 0x6b, 0x0b, 0x6d, 0x94, 0x13, 0xe3,
+ 0x3f, 0xc5, 0xfc, 0x24, 0xa9, 0xa2, 0x05, 0xad,
+ 0x59, 0x57, 0x4b, 0xb3, 0x9d, 0x94, 0x4a, 0x92,
+ 0xdc, 0x47, 0x97, 0x0d, 0x84, 0xa6, 0xad, 0x31,
+ 0x76
+};
+static const u8 enc_output043[] __initconst = {
+ 0x75, 0x45, 0x39, 0x1b, 0x51, 0xde, 0x01, 0xd5,
+ 0xc5, 0x3d, 0xfa, 0xca, 0x77, 0x79, 0x09, 0x06,
+ 0x3e, 0x58, 0xed, 0xee, 0x4b, 0xb1, 0x22, 0x7e,
+ 0x71, 0x10, 0xac, 0x4d, 0x26, 0x20, 0xc2, 0xae,
+ 0xc2, 0xf8, 0x48, 0xf5, 0x6d, 0xee, 0xb0, 0x37,
+ 0xa8, 0xdc, 0xed, 0x75, 0xaf, 0xa8, 0xa6, 0xc8,
+ 0x90, 0xe2, 0xde, 0xe4, 0x2f, 0x95, 0x0b, 0xb3,
+ 0x3d, 0x9e, 0x24, 0x24, 0xd0, 0x8a, 0x50, 0x5d,
+ 0x89, 0x95, 0x63, 0x97, 0x3e, 0xd3, 0x88, 0x70,
+ 0xf3, 0xde, 0x6e, 0xe2, 0xad, 0xc7, 0xfe, 0x07,
+ 0x2c, 0x36, 0x6c, 0x14, 0xe2, 0xcf, 0x7c, 0xa6,
+ 0x2f, 0xb3, 0xd3, 0x6b, 0xee, 0x11, 0x68, 0x54,
+ 0x61, 0xb7, 0x0d, 0x44, 0xef, 0x8c, 0x66, 0xc5,
+ 0xc7, 0xbb, 0xf1, 0x0d, 0xca, 0xdd, 0x7f, 0xac,
+ 0xf6
+};
+static const u8 enc_assoc043[] __initconst = {
+ 0xa1, 0x1c, 0x40, 0xb6, 0x03, 0x76, 0x73, 0x30
+};
+static const u8 enc_nonce043[] __initconst = {
+ 0x46, 0x36, 0x2f, 0x45, 0xd6, 0x37, 0x9e, 0x63,
+ 0xe5, 0x22, 0x94, 0x60
+};
+static const u8 enc_key043[] __initconst = {
+ 0xaa, 0xbc, 0x06, 0x34, 0x74, 0xe6, 0x5c, 0x4c,
+ 0x3e, 0x9b, 0xdc, 0x48, 0x0d, 0xea, 0x97, 0xb4,
+ 0x51, 0x10, 0xc8, 0x61, 0x88, 0x46, 0xff, 0x6b,
+ 0x15, 0xbd, 0xd2, 0xa4, 0xa5, 0x68, 0x2c, 0x4e
+};
+
+/* wycheproof - misc */
+static const u8 enc_input044[] __initconst = {
+ 0xe5, 0xcc, 0xaa, 0x44, 0x1b, 0xc8, 0x14, 0x68,
+ 0x8f, 0x8f, 0x6e, 0x8f, 0x28, 0xb5, 0x00, 0xb2
+};
+static const u8 enc_output044[] __initconst = {
+ 0x7e, 0x72, 0xf5, 0xa1, 0x85, 0xaf, 0x16, 0xa6,
+ 0x11, 0x92, 0x1b, 0x43, 0x8f, 0x74, 0x9f, 0x0b,
+ 0x12, 0x42, 0xc6, 0x70, 0x73, 0x23, 0x34, 0x02,
+ 0x9a, 0xdf, 0xe1, 0xc5, 0x00, 0x16, 0x51, 0xe4
+};
+static const u8 enc_assoc044[] __initconst = {
+ 0x02
+};
+static const u8 enc_nonce044[] __initconst = {
+ 0x87, 0x34, 0x5f, 0x10, 0x55, 0xfd, 0x9e, 0x21,
+ 0x02, 0xd5, 0x06, 0x56
+};
+static const u8 enc_key044[] __initconst = {
+ 0x7d, 0x00, 0xb4, 0x80, 0x95, 0xad, 0xfa, 0x32,
+ 0x72, 0x05, 0x06, 0x07, 0xb2, 0x64, 0x18, 0x50,
+ 0x02, 0xba, 0x99, 0x95, 0x7c, 0x49, 0x8b, 0xe0,
+ 0x22, 0x77, 0x0f, 0x2c, 0xe2, 0xf3, 0x14, 0x3c
+};
+
+/* wycheproof - misc */
+static const u8 enc_input045[] __initconst = {
+ 0x02, 0xcd, 0xe1, 0x68, 0xfb, 0xa3, 0xf5, 0x44,
+ 0xbb, 0xd0, 0x33, 0x2f, 0x7a, 0xde, 0xad, 0xa8
+};
+static const u8 enc_output045[] __initconst = {
+ 0x85, 0xf2, 0x9a, 0x71, 0x95, 0x57, 0xcd, 0xd1,
+ 0x4d, 0x1f, 0x8f, 0xff, 0xab, 0x6d, 0x9e, 0x60,
+ 0x73, 0x2c, 0xa3, 0x2b, 0xec, 0xd5, 0x15, 0xa1,
+ 0xed, 0x35, 0x3f, 0x54, 0x2e, 0x99, 0x98, 0x58
+};
+static const u8 enc_assoc045[] __initconst = {
+ 0xb6, 0x48
+};
+static const u8 enc_nonce045[] __initconst = {
+ 0x87, 0xa3, 0x16, 0x3e, 0xc0, 0x59, 0x8a, 0xd9,
+ 0x5b, 0x3a, 0xa7, 0x13
+};
+static const u8 enc_key045[] __initconst = {
+ 0x64, 0x32, 0x71, 0x7f, 0x1d, 0xb8, 0x5e, 0x41,
+ 0xac, 0x78, 0x36, 0xbc, 0xe2, 0x51, 0x85, 0xa0,
+ 0x80, 0xd5, 0x76, 0x2b, 0x9e, 0x2b, 0x18, 0x44,
+ 0x4b, 0x6e, 0xc7, 0x2c, 0x3b, 0xd8, 0xe4, 0xdc
+};
+
+/* wycheproof - misc */
+static const u8 enc_input046[] __initconst = {
+ 0x16, 0xdd, 0xd2, 0x3f, 0xf5, 0x3f, 0x3d, 0x23,
+ 0xc0, 0x63, 0x34, 0x48, 0x70, 0x40, 0xeb, 0x47
+};
+static const u8 enc_output046[] __initconst = {
+ 0xc1, 0xb2, 0x95, 0x93, 0x6d, 0x56, 0xfa, 0xda,
+ 0xc0, 0x3e, 0x5f, 0x74, 0x2b, 0xff, 0x73, 0xa1,
+ 0x39, 0xc4, 0x57, 0xdb, 0xab, 0x66, 0x38, 0x2b,
+ 0xab, 0xb3, 0xb5, 0x58, 0x00, 0xcd, 0xa5, 0xb8
+};
+static const u8 enc_assoc046[] __initconst = {
+ 0xbd, 0x4c, 0xd0, 0x2f, 0xc7, 0x50, 0x2b, 0xbd,
+ 0xbd, 0xf6, 0xc9, 0xa3, 0xcb, 0xe8, 0xf0
+};
+static const u8 enc_nonce046[] __initconst = {
+ 0x6f, 0x57, 0x3a, 0xa8, 0x6b, 0xaa, 0x49, 0x2b,
+ 0xa4, 0x65, 0x96, 0xdf
+};
+static const u8 enc_key046[] __initconst = {
+ 0x8e, 0x34, 0xcf, 0x73, 0xd2, 0x45, 0xa1, 0x08,
+ 0x2a, 0x92, 0x0b, 0x86, 0x36, 0x4e, 0xb8, 0x96,
+ 0xc4, 0x94, 0x64, 0x67, 0xbc, 0xb3, 0xd5, 0x89,
+ 0x29, 0xfc, 0xb3, 0x66, 0x90, 0xe6, 0x39, 0x4f
+};
+
+/* wycheproof - misc */
+static const u8 enc_input047[] __initconst = {
+ 0x62, 0x3b, 0x78, 0x50, 0xc3, 0x21, 0xe2, 0xcf,
+ 0x0c, 0x6f, 0xbc, 0xc8, 0xdf, 0xd1, 0xaf, 0xf2
+};
+static const u8 enc_output047[] __initconst = {
+ 0xc8, 0x4c, 0x9b, 0xb7, 0xc6, 0x1c, 0x1b, 0xcb,
+ 0x17, 0x77, 0x2a, 0x1c, 0x50, 0x0c, 0x50, 0x95,
+ 0xdb, 0xad, 0xf7, 0xa5, 0x13, 0x8c, 0xa0, 0x34,
+ 0x59, 0xa2, 0xcd, 0x65, 0x83, 0x1e, 0x09, 0x2f
+};
+static const u8 enc_assoc047[] __initconst = {
+ 0x89, 0xcc, 0xe9, 0xfb, 0x47, 0x44, 0x1d, 0x07,
+ 0xe0, 0x24, 0x5a, 0x66, 0xfe, 0x8b, 0x77, 0x8b
+};
+static const u8 enc_nonce047[] __initconst = {
+ 0x1a, 0x65, 0x18, 0xf0, 0x2e, 0xde, 0x1d, 0xa6,
+ 0x80, 0x92, 0x66, 0xd9
+};
+static const u8 enc_key047[] __initconst = {
+ 0xcb, 0x55, 0x75, 0xf5, 0xc7, 0xc4, 0x5c, 0x91,
+ 0xcf, 0x32, 0x0b, 0x13, 0x9f, 0xb5, 0x94, 0x23,
+ 0x75, 0x60, 0xd0, 0xa3, 0xe6, 0xf8, 0x65, 0xa6,
+ 0x7d, 0x4f, 0x63, 0x3f, 0x2c, 0x08, 0xf0, 0x16
+};
+
+/* wycheproof - misc */
+static const u8 enc_input048[] __initconst = {
+ 0x87, 0xb3, 0xa4, 0xd7, 0xb2, 0x6d, 0x8d, 0x32,
+ 0x03, 0xa0, 0xde, 0x1d, 0x64, 0xef, 0x82, 0xe3
+};
+static const u8 enc_output048[] __initconst = {
+ 0x94, 0xbc, 0x80, 0x62, 0x1e, 0xd1, 0xe7, 0x1b,
+ 0x1f, 0xd2, 0xb5, 0xc3, 0xa1, 0x5e, 0x35, 0x68,
+ 0x33, 0x35, 0x11, 0x86, 0x17, 0x96, 0x97, 0x84,
+ 0x01, 0x59, 0x8b, 0x96, 0x37, 0x22, 0xf5, 0xb3
+};
+static const u8 enc_assoc048[] __initconst = {
+ 0xd1, 0x9f, 0x2d, 0x98, 0x90, 0x95, 0xf7, 0xab,
+ 0x03, 0xa5, 0xfd, 0xe8, 0x44, 0x16, 0xe0, 0x0c,
+ 0x0e
+};
+static const u8 enc_nonce048[] __initconst = {
+ 0x56, 0x4d, 0xee, 0x49, 0xab, 0x00, 0xd2, 0x40,
+ 0xfc, 0x10, 0x68, 0xc3
+};
+static const u8 enc_key048[] __initconst = {
+ 0xa5, 0x56, 0x9e, 0x72, 0x9a, 0x69, 0xb2, 0x4b,
+ 0xa6, 0xe0, 0xff, 0x15, 0xc4, 0x62, 0x78, 0x97,
+ 0x43, 0x68, 0x24, 0xc9, 0x41, 0xe9, 0xd0, 0x0b,
+ 0x2e, 0x93, 0xfd, 0xdc, 0x4b, 0xa7, 0x76, 0x57
+};
+
+/* wycheproof - misc */
+static const u8 enc_input049[] __initconst = {
+ 0xe6, 0x01, 0xb3, 0x85, 0x57, 0x79, 0x7d, 0xa2,
+ 0xf8, 0xa4, 0x10, 0x6a, 0x08, 0x9d, 0x1d, 0xa6
+};
+static const u8 enc_output049[] __initconst = {
+ 0x29, 0x9b, 0x5d, 0x3f, 0x3d, 0x03, 0xc0, 0x87,
+ 0x20, 0x9a, 0x16, 0xe2, 0x85, 0x14, 0x31, 0x11,
+ 0x4b, 0x45, 0x4e, 0xd1, 0x98, 0xde, 0x11, 0x7e,
+ 0x83, 0xec, 0x49, 0xfa, 0x8d, 0x85, 0x08, 0xd6
+};
+static const u8 enc_assoc049[] __initconst = {
+ 0x5e, 0x64, 0x70, 0xfa, 0xcd, 0x99, 0xc1, 0xd8,
+ 0x1e, 0x37, 0xcd, 0x44, 0x01, 0x5f, 0xe1, 0x94,
+ 0x80, 0xa2, 0xa4, 0xd3, 0x35, 0x2a, 0x4f, 0xf5,
+ 0x60, 0xc0, 0x64, 0x0f, 0xdb, 0xda
+};
+static const u8 enc_nonce049[] __initconst = {
+ 0xdf, 0x87, 0x13, 0xe8, 0x7e, 0xc3, 0xdb, 0xcf,
+ 0xad, 0x14, 0xd5, 0x3e
+};
+static const u8 enc_key049[] __initconst = {
+ 0x56, 0x20, 0x74, 0x65, 0xb4, 0xe4, 0x8e, 0x6d,
+ 0x04, 0x63, 0x0f, 0x4a, 0x42, 0xf3, 0x5c, 0xfc,
+ 0x16, 0x3a, 0xb2, 0x89, 0xc2, 0x2a, 0x2b, 0x47,
+ 0x84, 0xf6, 0xf9, 0x29, 0x03, 0x30, 0xbe, 0xe0
+};
+
+/* wycheproof - misc */
+static const u8 enc_input050[] __initconst = {
+ 0xdc, 0x9e, 0x9e, 0xaf, 0x11, 0xe3, 0x14, 0x18,
+ 0x2d, 0xf6, 0xa4, 0xeb, 0xa1, 0x7a, 0xec, 0x9c
+};
+static const u8 enc_output050[] __initconst = {
+ 0x60, 0x5b, 0xbf, 0x90, 0xae, 0xb9, 0x74, 0xf6,
+ 0x60, 0x2b, 0xc7, 0x78, 0x05, 0x6f, 0x0d, 0xca,
+ 0x38, 0xea, 0x23, 0xd9, 0x90, 0x54, 0xb4, 0x6b,
+ 0x42, 0xff, 0xe0, 0x04, 0x12, 0x9d, 0x22, 0x04
+};
+static const u8 enc_assoc050[] __initconst = {
+ 0xba, 0x44, 0x6f, 0x6f, 0x9a, 0x0c, 0xed, 0x22,
+ 0x45, 0x0f, 0xeb, 0x10, 0x73, 0x7d, 0x90, 0x07,
+ 0xfd, 0x69, 0xab, 0xc1, 0x9b, 0x1d, 0x4d, 0x90,
+ 0x49, 0xa5, 0x55, 0x1e, 0x86, 0xec, 0x2b, 0x37
+};
+static const u8 enc_nonce050[] __initconst = {
+ 0x8d, 0xf4, 0xb1, 0x5a, 0x88, 0x8c, 0x33, 0x28,
+ 0x6a, 0x7b, 0x76, 0x51
+};
+static const u8 enc_key050[] __initconst = {
+ 0x39, 0x37, 0x98, 0x6a, 0xf8, 0x6d, 0xaf, 0xc1,
+ 0xba, 0x0c, 0x46, 0x72, 0xd8, 0xab, 0xc4, 0x6c,
+ 0x20, 0x70, 0x62, 0x68, 0x2d, 0x9c, 0x26, 0x4a,
+ 0xb0, 0x6d, 0x6c, 0x58, 0x07, 0x20, 0x51, 0x30
+};
+
+/* wycheproof - misc */
+static const u8 enc_input051[] __initconst = {
+ 0x81, 0xce, 0x84, 0xed, 0xe9, 0xb3, 0x58, 0x59,
+ 0xcc, 0x8c, 0x49, 0xa8, 0xf6, 0xbe, 0x7d, 0xc6
+};
+static const u8 enc_output051[] __initconst = {
+ 0x7b, 0x7c, 0xe0, 0xd8, 0x24, 0x80, 0x9a, 0x70,
+ 0xde, 0x32, 0x56, 0x2c, 0xcf, 0x2c, 0x2b, 0xbd,
+ 0x15, 0xd4, 0x4a, 0x00, 0xce, 0x0d, 0x19, 0xb4,
+ 0x23, 0x1f, 0x92, 0x1e, 0x22, 0xbc, 0x0a, 0x43
+};
+static const u8 enc_assoc051[] __initconst = {
+ 0xd4, 0x1a, 0x82, 0x8d, 0x5e, 0x71, 0x82, 0x92,
+ 0x47, 0x02, 0x19, 0x05, 0x40, 0x2e, 0xa2, 0x57,
+ 0xdc, 0xcb, 0xc3, 0xb8, 0x0f, 0xcd, 0x56, 0x75,
+ 0x05, 0x6b, 0x68, 0xbb, 0x59, 0xe6, 0x2e, 0x88,
+ 0x73
+};
+static const u8 enc_nonce051[] __initconst = {
+ 0xbe, 0x40, 0xe5, 0xf1, 0xa1, 0x18, 0x17, 0xa0,
+ 0xa8, 0xfa, 0x89, 0x49
+};
+static const u8 enc_key051[] __initconst = {
+ 0x36, 0x37, 0x2a, 0xbc, 0xdb, 0x78, 0xe0, 0x27,
+ 0x96, 0x46, 0xac, 0x3d, 0x17, 0x6b, 0x96, 0x74,
+ 0xe9, 0x15, 0x4e, 0xec, 0xf0, 0xd5, 0x46, 0x9c,
+ 0x65, 0x1e, 0xc7, 0xe1, 0x6b, 0x4c, 0x11, 0x99
+};
+
+/* wycheproof - misc */
+static const u8 enc_input052[] __initconst = {
+ 0xa6, 0x67, 0x47, 0xc8, 0x9e, 0x85, 0x7a, 0xf3,
+ 0xa1, 0x8e, 0x2c, 0x79, 0x50, 0x00, 0x87, 0xed
+};
+static const u8 enc_output052[] __initconst = {
+ 0xca, 0x82, 0xbf, 0xf3, 0xe2, 0xf3, 0x10, 0xcc,
+ 0xc9, 0x76, 0x67, 0x2c, 0x44, 0x15, 0xe6, 0x9b,
+ 0x57, 0x63, 0x8c, 0x62, 0xa5, 0xd8, 0x5d, 0xed,
+ 0x77, 0x4f, 0x91, 0x3c, 0x81, 0x3e, 0xa0, 0x32
+};
+static const u8 enc_assoc052[] __initconst = {
+ 0x3f, 0x2d, 0xd4, 0x9b, 0xbf, 0x09, 0xd6, 0x9a,
+ 0x78, 0xa3, 0xd8, 0x0e, 0xa2, 0x56, 0x66, 0x14,
+ 0xfc, 0x37, 0x94, 0x74, 0x19, 0x6c, 0x1a, 0xae,
+ 0x84, 0x58, 0x3d, 0xa7, 0x3d, 0x7f, 0xf8, 0x5c,
+ 0x6f, 0x42, 0xca, 0x42, 0x05, 0x6a, 0x97, 0x92,
+ 0xcc, 0x1b, 0x9f, 0xb3, 0xc7, 0xd2, 0x61
+};
+static const u8 enc_nonce052[] __initconst = {
+ 0x84, 0xc8, 0x7d, 0xae, 0x4e, 0xee, 0x27, 0x73,
+ 0x0e, 0xc3, 0x5d, 0x12
+};
+static const u8 enc_key052[] __initconst = {
+ 0x9f, 0x14, 0x79, 0xed, 0x09, 0x7d, 0x7f, 0xe5,
+ 0x29, 0xc1, 0x1f, 0x2f, 0x5a, 0xdd, 0x9a, 0xaf,
+ 0xf4, 0xa1, 0xca, 0x0b, 0x68, 0x99, 0x7a, 0x2c,
+ 0xb7, 0xf7, 0x97, 0x49, 0xbd, 0x90, 0xaa, 0xf4
+};
+
/* wycheproof - misc */
static const u8 enc_input053[] __initconst = {
0x25, 0x6d, 0x40, 0x88, 0x80, 0x94, 0x17, 0x83,
@@ -2760,6 +3859,126 @@ static const u8 enc_key073[] __initconst
};
/* wycheproof - checking for int overflows */
+static const u8 enc_input074[] __initconst = {
+ 0xd4, 0x50, 0x0b, 0xf0, 0x09, 0x49, 0x35, 0x51,
+ 0xc3, 0x80, 0xad, 0xf5, 0x2c, 0x57, 0x3a, 0x69,
+ 0xdf, 0x7e, 0x8b, 0x76, 0x24, 0x63, 0x33, 0x0f,
+ 0xac, 0xc1, 0x6a, 0x57, 0x26, 0xbe, 0x71, 0x90,
+ 0xc6, 0x3c, 0x5a, 0x1c, 0x92, 0x65, 0x84, 0xa0,
+ 0x96, 0x75, 0x68, 0x28, 0xdc, 0xdc, 0x64, 0xac,
+ 0xdf, 0x96, 0x3d, 0x93, 0x1b, 0xf1, 0xda, 0xe2,
+ 0x38, 0xf3, 0xf1, 0x57, 0x22, 0x4a, 0xc4, 0xb5,
+ 0x42, 0xd7, 0x85, 0xb0, 0xdd, 0x84, 0xdb, 0x6b,
+ 0xe3, 0xbc, 0x5a, 0x36, 0x63, 0xe8, 0x41, 0x49,
+ 0xff, 0xbe, 0xd0, 0x9e, 0x54, 0xf7, 0x8f, 0x16,
+ 0xa8, 0x22, 0x3b, 0x24, 0xcb, 0x01, 0x9f, 0x58,
+ 0xb2, 0x1b, 0x0e, 0x55, 0x1e, 0x7a, 0xa0, 0x73,
+ 0x27, 0x62, 0x95, 0x51, 0x37, 0x6c, 0xcb, 0xc3,
+ 0x93, 0x76, 0x71, 0xa0, 0x62, 0x9b, 0xd9, 0x5c,
+ 0x99, 0x15, 0xc7, 0x85, 0x55, 0x77, 0x1e, 0x7a
+};
+static const u8 enc_output074[] __initconst = {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x0b, 0x30, 0x0d, 0x8d, 0xa5, 0x6c, 0x21, 0x85,
+ 0x75, 0x52, 0x79, 0x55, 0x3c, 0x4c, 0x82, 0xca
+};
+static const u8 enc_assoc074[] __initconst = {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
+};
+static const u8 enc_nonce074[] __initconst = {
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x00, 0x02, 0x50, 0x6e
+};
+static const u8 enc_key074[] __initconst = {
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30
+};
+
+/* wycheproof - checking for int overflows */
+static const u8 enc_input075[] __initconst = {
+ 0x7d, 0xe8, 0x7f, 0x67, 0x29, 0x94, 0x52, 0x75,
+ 0xd0, 0x65, 0x5d, 0xa4, 0xc7, 0xfd, 0xe4, 0x56,
+ 0x9e, 0x16, 0xf1, 0x11, 0xb5, 0xeb, 0x26, 0xc2,
+ 0x2d, 0x85, 0x9e, 0x3f, 0xf8, 0x22, 0xec, 0xed,
+ 0x3a, 0x6d, 0xd9, 0xa6, 0x0f, 0x22, 0x95, 0x7f,
+ 0x7b, 0x7c, 0x85, 0x7e, 0x88, 0x22, 0xeb, 0x9f,
+ 0xe0, 0xb8, 0xd7, 0x02, 0x21, 0x41, 0xf2, 0xd0,
+ 0xb4, 0x8f, 0x4b, 0x56, 0x12, 0xd3, 0x22, 0xa8,
+ 0x8d, 0xd0, 0xfe, 0x0b, 0x4d, 0x91, 0x79, 0x32,
+ 0x4f, 0x7c, 0x6c, 0x9e, 0x99, 0x0e, 0xfb, 0xd8,
+ 0x0e, 0x5e, 0xd6, 0x77, 0x58, 0x26, 0x49, 0x8b,
+ 0x1e, 0xfe, 0x0f, 0x71, 0xa0, 0xf3, 0xec, 0x5b,
+ 0x29, 0xcb, 0x28, 0xc2, 0x54, 0x0a, 0x7d, 0xcd,
+ 0x51, 0xb7, 0xda, 0xae, 0xe0, 0xff, 0x4a, 0x7f,
+ 0x3a, 0xc1, 0xee, 0x54, 0xc2, 0x9e, 0xe4, 0xc1,
+ 0x70, 0xde, 0x40, 0x8f, 0x66, 0x69, 0x21, 0x94
+};
+static const u8 enc_output075[] __initconst = {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xc5, 0x78, 0xe2, 0xaa, 0x44, 0xd3, 0x09, 0xb7,
+ 0xb6, 0xa5, 0x19, 0x3b, 0xdc, 0x61, 0x18, 0xf5
+};
+static const u8 enc_assoc075[] __initconst = {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
+};
+static const u8 enc_nonce075[] __initconst = {
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x00, 0x03, 0x18, 0xa5
+};
+static const u8 enc_key075[] __initconst = {
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30
+};
+
+/* wycheproof - checking for int overflows */
static const u8 enc_input076[] __initconst = {
0x1b, 0x99, 0x6f, 0x9a, 0x3c, 0xcc, 0x67, 0x85,
0xde, 0x22, 0xff, 0x5b, 0x8a, 0xdd, 0x95, 0x02,
@@ -3349,6 +4568,286 @@ static const u8 enc_key085[] __initconst
0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
};
+/* wycheproof - special case tag */
+static const u8 enc_input086[] __initconst = {
+ 0x9a, 0x49, 0xc4, 0x0f, 0x8b, 0x48, 0xd7, 0xc6,
+ 0x6d, 0x1d, 0xb4, 0xe5, 0x3f, 0x20, 0xf2, 0xdd,
+ 0x4a, 0xaa, 0x24, 0x1d, 0xda, 0xb2, 0x6b, 0x5b,
+ 0xc0, 0xe2, 0x18, 0xb7, 0x2c, 0x33, 0x90, 0xf2,
+ 0xdf, 0x3e, 0xbd, 0x01, 0x76, 0x70, 0x44, 0x19,
+ 0x97, 0x2b, 0xcd, 0xbc, 0x6b, 0xbc, 0xb3, 0xe4,
+ 0xe7, 0x4a, 0x71, 0x52, 0x8e, 0xf5, 0x12, 0x63,
+ 0xce, 0x24, 0xe0, 0xd5, 0x75, 0xe0, 0xe4, 0x4d
+};
+static const u8 enc_output086[] __initconst = {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+};
+static const u8 enc_assoc086[] __initconst = {
+ 0x85, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xa6, 0x90, 0x2f, 0xcb, 0xc8, 0x83, 0xbb, 0xc1,
+ 0x80, 0xb2, 0x56, 0xae, 0x34, 0xad, 0x7f, 0x00
+};
+static const u8 enc_nonce086[] __initconst = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b
+};
+static const u8 enc_key086[] __initconst = {
+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+ 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
+};
+
+/* wycheproof - special case tag */
+static const u8 enc_input087[] __initconst = {
+ 0x9a, 0x49, 0xc4, 0x0f, 0x8b, 0x48, 0xd7, 0xc6,
+ 0x6d, 0x1d, 0xb4, 0xe5, 0x3f, 0x20, 0xf2, 0xdd,
+ 0x4a, 0xaa, 0x24, 0x1d, 0xda, 0xb2, 0x6b, 0x5b,
+ 0xc0, 0xe2, 0x18, 0xb7, 0x2c, 0x33, 0x90, 0xf2,
+ 0xdf, 0x3e, 0xbd, 0x01, 0x76, 0x70, 0x44, 0x19,
+ 0x97, 0x2b, 0xcd, 0xbc, 0x6b, 0xbc, 0xb3, 0xe4,
+ 0xe7, 0x4a, 0x71, 0x52, 0x8e, 0xf5, 0x12, 0x63,
+ 0xce, 0x24, 0xe0, 0xd5, 0x75, 0xe0, 0xe4, 0x4d
+};
+static const u8 enc_output087[] __initconst = {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+static const u8 enc_assoc087[] __initconst = {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x24, 0x7e, 0x50, 0x64, 0x2a, 0x1c, 0x0a, 0x2f,
+ 0x8f, 0x77, 0x21, 0x96, 0x09, 0xdb, 0xa9, 0x58
+};
+static const u8 enc_nonce087[] __initconst = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b
+};
+static const u8 enc_key087[] __initconst = {
+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+ 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
+};
+
+/* wycheproof - special case tag */
+static const u8 enc_input088[] __initconst = {
+ 0x9a, 0x49, 0xc4, 0x0f, 0x8b, 0x48, 0xd7, 0xc6,
+ 0x6d, 0x1d, 0xb4, 0xe5, 0x3f, 0x20, 0xf2, 0xdd,
+ 0x4a, 0xaa, 0x24, 0x1d, 0xda, 0xb2, 0x6b, 0x5b,
+ 0xc0, 0xe2, 0x18, 0xb7, 0x2c, 0x33, 0x90, 0xf2,
+ 0xdf, 0x3e, 0xbd, 0x01, 0x76, 0x70, 0x44, 0x19,
+ 0x97, 0x2b, 0xcd, 0xbc, 0x6b, 0xbc, 0xb3, 0xe4,
+ 0xe7, 0x4a, 0x71, 0x52, 0x8e, 0xf5, 0x12, 0x63,
+ 0xce, 0x24, 0xe0, 0xd5, 0x75, 0xe0, 0xe4, 0x4d
+};
+static const u8 enc_output088[] __initconst = {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
+};
+static const u8 enc_assoc088[] __initconst = {
+ 0x7c, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xd9, 0xe7, 0x2c, 0x06, 0x4a, 0xc8, 0x96, 0x1f,
+ 0x3f, 0xa5, 0x85, 0xe0, 0xe2, 0xab, 0xd6, 0x00
+};
+static const u8 enc_nonce088[] __initconst = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b
+};
+static const u8 enc_key088[] __initconst = {
+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+ 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
+};
+
+/* wycheproof - special case tag */
+static const u8 enc_input089[] __initconst = {
+ 0x9a, 0x49, 0xc4, 0x0f, 0x8b, 0x48, 0xd7, 0xc6,
+ 0x6d, 0x1d, 0xb4, 0xe5, 0x3f, 0x20, 0xf2, 0xdd,
+ 0x4a, 0xaa, 0x24, 0x1d, 0xda, 0xb2, 0x6b, 0x5b,
+ 0xc0, 0xe2, 0x18, 0xb7, 0x2c, 0x33, 0x90, 0xf2,
+ 0xdf, 0x3e, 0xbd, 0x01, 0x76, 0x70, 0x44, 0x19,
+ 0x97, 0x2b, 0xcd, 0xbc, 0x6b, 0xbc, 0xb3, 0xe4,
+ 0xe7, 0x4a, 0x71, 0x52, 0x8e, 0xf5, 0x12, 0x63,
+ 0xce, 0x24, 0xe0, 0xd5, 0x75, 0xe0, 0xe4, 0x4d
+};
+static const u8 enc_output089[] __initconst = {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80,
+ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80
+};
+static const u8 enc_assoc089[] __initconst = {
+ 0x65, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x95, 0xaf, 0x0f, 0x4d, 0x0b, 0x68, 0x6e, 0xae,
+ 0xcc, 0xca, 0x43, 0x07, 0xd5, 0x96, 0xf5, 0x02
+};
+static const u8 enc_nonce089[] __initconst = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b
+};
+static const u8 enc_key089[] __initconst = {
+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+ 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
+};
+
+/* wycheproof - special case tag */
+static const u8 enc_input090[] __initconst = {
+ 0x9a, 0x49, 0xc4, 0x0f, 0x8b, 0x48, 0xd7, 0xc6,
+ 0x6d, 0x1d, 0xb4, 0xe5, 0x3f, 0x20, 0xf2, 0xdd,
+ 0x4a, 0xaa, 0x24, 0x1d, 0xda, 0xb2, 0x6b, 0x5b,
+ 0xc0, 0xe2, 0x18, 0xb7, 0x2c, 0x33, 0x90, 0xf2,
+ 0xdf, 0x3e, 0xbd, 0x01, 0x76, 0x70, 0x44, 0x19,
+ 0x97, 0x2b, 0xcd, 0xbc, 0x6b, 0xbc, 0xb3, 0xe4,
+ 0xe7, 0x4a, 0x71, 0x52, 0x8e, 0xf5, 0x12, 0x63,
+ 0xce, 0x24, 0xe0, 0xd5, 0x75, 0xe0, 0xe4, 0x4d
+};
+static const u8 enc_output090[] __initconst = {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f,
+ 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f
+};
+static const u8 enc_assoc090[] __initconst = {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x85, 0x40, 0xb4, 0x64, 0x35, 0x77, 0x07, 0xbe,
+ 0x3a, 0x39, 0xd5, 0x5c, 0x34, 0xf8, 0xbc, 0xb3
+};
+static const u8 enc_nonce090[] __initconst = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b
+};
+static const u8 enc_key090[] __initconst = {
+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+ 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
+};
+
+/* wycheproof - special case tag */
+static const u8 enc_input091[] __initconst = {
+ 0x9a, 0x49, 0xc4, 0x0f, 0x8b, 0x48, 0xd7, 0xc6,
+ 0x6d, 0x1d, 0xb4, 0xe5, 0x3f, 0x20, 0xf2, 0xdd,
+ 0x4a, 0xaa, 0x24, 0x1d, 0xda, 0xb2, 0x6b, 0x5b,
+ 0xc0, 0xe2, 0x18, 0xb7, 0x2c, 0x33, 0x90, 0xf2,
+ 0xdf, 0x3e, 0xbd, 0x01, 0x76, 0x70, 0x44, 0x19,
+ 0x97, 0x2b, 0xcd, 0xbc, 0x6b, 0xbc, 0xb3, 0xe4,
+ 0xe7, 0x4a, 0x71, 0x52, 0x8e, 0xf5, 0x12, 0x63,
+ 0xce, 0x24, 0xe0, 0xd5, 0x75, 0xe0, 0xe4, 0x4d
+};
+static const u8 enc_output091[] __initconst = {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+ 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00
+};
+static const u8 enc_assoc091[] __initconst = {
+ 0x4f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x66, 0x23, 0xd9, 0x90, 0xb8, 0x98, 0xd8, 0x30,
+ 0xd2, 0x12, 0xaf, 0x23, 0x83, 0x33, 0x07, 0x01
+};
+static const u8 enc_nonce091[] __initconst = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b
+};
+static const u8 enc_key091[] __initconst = {
+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+ 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
+};
+
+/* wycheproof - special case tag */
+static const u8 enc_input092[] __initconst = {
+ 0x9a, 0x49, 0xc4, 0x0f, 0x8b, 0x48, 0xd7, 0xc6,
+ 0x6d, 0x1d, 0xb4, 0xe5, 0x3f, 0x20, 0xf2, 0xdd,
+ 0x4a, 0xaa, 0x24, 0x1d, 0xda, 0xb2, 0x6b, 0x5b,
+ 0xc0, 0xe2, 0x18, 0xb7, 0x2c, 0x33, 0x90, 0xf2,
+ 0xdf, 0x3e, 0xbd, 0x01, 0x76, 0x70, 0x44, 0x19,
+ 0x97, 0x2b, 0xcd, 0xbc, 0x6b, 0xbc, 0xb3, 0xe4,
+ 0xe7, 0x4a, 0x71, 0x52, 0x8e, 0xf5, 0x12, 0x63,
+ 0xce, 0x24, 0xe0, 0xd5, 0x75, 0xe0, 0xe4, 0x4d
+};
+static const u8 enc_output092[] __initconst = {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+static const u8 enc_assoc092[] __initconst = {
+ 0x83, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x5f, 0x16, 0xd0, 0x9f, 0x17, 0x78, 0x72, 0x11,
+ 0xb7, 0xd4, 0x84, 0xe0, 0x24, 0xf8, 0x97, 0x01
+};
+static const u8 enc_nonce092[] __initconst = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b
+};
+static const u8 enc_key092[] __initconst = {
+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+ 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
+};
+
/* wycheproof - edge case intermediate sums in poly1305 */
static const u8 enc_input093[] __initconst = {
0x00, 0x52, 0x35, 0xd2, 0xa9, 0x19, 0xf2, 0x8d,
@@ -4455,6 +5954,86 @@ chacha20poly1305_enc_vectors[] __initcon
sizeof(enc_input011), sizeof(enc_assoc011), sizeof(enc_nonce011) },
{ enc_input012, enc_output012, enc_assoc012, enc_nonce012, enc_key012,
sizeof(enc_input012), sizeof(enc_assoc012), sizeof(enc_nonce012) },
+ { enc_input013, enc_output013, enc_assoc013, enc_nonce013, enc_key013,
+ sizeof(enc_input013), sizeof(enc_assoc013), sizeof(enc_nonce013) },
+ { enc_input014, enc_output014, enc_assoc014, enc_nonce014, enc_key014,
+ sizeof(enc_input014), sizeof(enc_assoc014), sizeof(enc_nonce014) },
+ { enc_input015, enc_output015, enc_assoc015, enc_nonce015, enc_key015,
+ sizeof(enc_input015), sizeof(enc_assoc015), sizeof(enc_nonce015) },
+ { enc_input016, enc_output016, enc_assoc016, enc_nonce016, enc_key016,
+ sizeof(enc_input016), sizeof(enc_assoc016), sizeof(enc_nonce016) },
+ { enc_input017, enc_output017, enc_assoc017, enc_nonce017, enc_key017,
+ sizeof(enc_input017), sizeof(enc_assoc017), sizeof(enc_nonce017) },
+ { enc_input018, enc_output018, enc_assoc018, enc_nonce018, enc_key018,
+ sizeof(enc_input018), sizeof(enc_assoc018), sizeof(enc_nonce018) },
+ { enc_input019, enc_output019, enc_assoc019, enc_nonce019, enc_key019,
+ sizeof(enc_input019), sizeof(enc_assoc019), sizeof(enc_nonce019) },
+ { enc_input020, enc_output020, enc_assoc020, enc_nonce020, enc_key020,
+ sizeof(enc_input020), sizeof(enc_assoc020), sizeof(enc_nonce020) },
+ { enc_input021, enc_output021, enc_assoc021, enc_nonce021, enc_key021,
+ sizeof(enc_input021), sizeof(enc_assoc021), sizeof(enc_nonce021) },
+ { enc_input022, enc_output022, enc_assoc022, enc_nonce022, enc_key022,
+ sizeof(enc_input022), sizeof(enc_assoc022), sizeof(enc_nonce022) },
+ { enc_input023, enc_output023, enc_assoc023, enc_nonce023, enc_key023,
+ sizeof(enc_input023), sizeof(enc_assoc023), sizeof(enc_nonce023) },
+ { enc_input024, enc_output024, enc_assoc024, enc_nonce024, enc_key024,
+ sizeof(enc_input024), sizeof(enc_assoc024), sizeof(enc_nonce024) },
+ { enc_input025, enc_output025, enc_assoc025, enc_nonce025, enc_key025,
+ sizeof(enc_input025), sizeof(enc_assoc025), sizeof(enc_nonce025) },
+ { enc_input026, enc_output026, enc_assoc026, enc_nonce026, enc_key026,
+ sizeof(enc_input026), sizeof(enc_assoc026), sizeof(enc_nonce026) },
+ { enc_input027, enc_output027, enc_assoc027, enc_nonce027, enc_key027,
+ sizeof(enc_input027), sizeof(enc_assoc027), sizeof(enc_nonce027) },
+ { enc_input028, enc_output028, enc_assoc028, enc_nonce028, enc_key028,
+ sizeof(enc_input028), sizeof(enc_assoc028), sizeof(enc_nonce028) },
+ { enc_input029, enc_output029, enc_assoc029, enc_nonce029, enc_key029,
+ sizeof(enc_input029), sizeof(enc_assoc029), sizeof(enc_nonce029) },
+ { enc_input030, enc_output030, enc_assoc030, enc_nonce030, enc_key030,
+ sizeof(enc_input030), sizeof(enc_assoc030), sizeof(enc_nonce030) },
+ { enc_input031, enc_output031, enc_assoc031, enc_nonce031, enc_key031,
+ sizeof(enc_input031), sizeof(enc_assoc031), sizeof(enc_nonce031) },
+ { enc_input032, enc_output032, enc_assoc032, enc_nonce032, enc_key032,
+ sizeof(enc_input032), sizeof(enc_assoc032), sizeof(enc_nonce032) },
+ { enc_input033, enc_output033, enc_assoc033, enc_nonce033, enc_key033,
+ sizeof(enc_input033), sizeof(enc_assoc033), sizeof(enc_nonce033) },
+ { enc_input034, enc_output034, enc_assoc034, enc_nonce034, enc_key034,
+ sizeof(enc_input034), sizeof(enc_assoc034), sizeof(enc_nonce034) },
+ { enc_input035, enc_output035, enc_assoc035, enc_nonce035, enc_key035,
+ sizeof(enc_input035), sizeof(enc_assoc035), sizeof(enc_nonce035) },
+ { enc_input036, enc_output036, enc_assoc036, enc_nonce036, enc_key036,
+ sizeof(enc_input036), sizeof(enc_assoc036), sizeof(enc_nonce036) },
+ { enc_input037, enc_output037, enc_assoc037, enc_nonce037, enc_key037,
+ sizeof(enc_input037), sizeof(enc_assoc037), sizeof(enc_nonce037) },
+ { enc_input038, enc_output038, enc_assoc038, enc_nonce038, enc_key038,
+ sizeof(enc_input038), sizeof(enc_assoc038), sizeof(enc_nonce038) },
+ { enc_input039, enc_output039, enc_assoc039, enc_nonce039, enc_key039,
+ sizeof(enc_input039), sizeof(enc_assoc039), sizeof(enc_nonce039) },
+ { enc_input040, enc_output040, enc_assoc040, enc_nonce040, enc_key040,
+ sizeof(enc_input040), sizeof(enc_assoc040), sizeof(enc_nonce040) },
+ { enc_input041, enc_output041, enc_assoc041, enc_nonce041, enc_key041,
+ sizeof(enc_input041), sizeof(enc_assoc041), sizeof(enc_nonce041) },
+ { enc_input042, enc_output042, enc_assoc042, enc_nonce042, enc_key042,
+ sizeof(enc_input042), sizeof(enc_assoc042), sizeof(enc_nonce042) },
+ { enc_input043, enc_output043, enc_assoc043, enc_nonce043, enc_key043,
+ sizeof(enc_input043), sizeof(enc_assoc043), sizeof(enc_nonce043) },
+ { enc_input044, enc_output044, enc_assoc044, enc_nonce044, enc_key044,
+ sizeof(enc_input044), sizeof(enc_assoc044), sizeof(enc_nonce044) },
+ { enc_input045, enc_output045, enc_assoc045, enc_nonce045, enc_key045,
+ sizeof(enc_input045), sizeof(enc_assoc045), sizeof(enc_nonce045) },
+ { enc_input046, enc_output046, enc_assoc046, enc_nonce046, enc_key046,
+ sizeof(enc_input046), sizeof(enc_assoc046), sizeof(enc_nonce046) },
+ { enc_input047, enc_output047, enc_assoc047, enc_nonce047, enc_key047,
+ sizeof(enc_input047), sizeof(enc_assoc047), sizeof(enc_nonce047) },
+ { enc_input048, enc_output048, enc_assoc048, enc_nonce048, enc_key048,
+ sizeof(enc_input048), sizeof(enc_assoc048), sizeof(enc_nonce048) },
+ { enc_input049, enc_output049, enc_assoc049, enc_nonce049, enc_key049,
+ sizeof(enc_input049), sizeof(enc_assoc049), sizeof(enc_nonce049) },
+ { enc_input050, enc_output050, enc_assoc050, enc_nonce050, enc_key050,
+ sizeof(enc_input050), sizeof(enc_assoc050), sizeof(enc_nonce050) },
+ { enc_input051, enc_output051, enc_assoc051, enc_nonce051, enc_key051,
+ sizeof(enc_input051), sizeof(enc_assoc051), sizeof(enc_nonce051) },
+ { enc_input052, enc_output052, enc_assoc052, enc_nonce052, enc_key052,
+ sizeof(enc_input052), sizeof(enc_assoc052), sizeof(enc_nonce052) },
{ enc_input053, enc_output053, enc_assoc053, enc_nonce053, enc_key053,
sizeof(enc_input053), sizeof(enc_assoc053), sizeof(enc_nonce053) },
{ enc_input054, enc_output054, enc_assoc054, enc_nonce054, enc_key054,
@@ -4497,6 +6076,10 @@ chacha20poly1305_enc_vectors[] __initcon
sizeof(enc_input072), sizeof(enc_assoc072), sizeof(enc_nonce072) },
{ enc_input073, enc_output073, enc_assoc073, enc_nonce073, enc_key073,
sizeof(enc_input073), sizeof(enc_assoc073), sizeof(enc_nonce073) },
+ { enc_input074, enc_output074, enc_assoc074, enc_nonce074, enc_key074,
+ sizeof(enc_input074), sizeof(enc_assoc074), sizeof(enc_nonce074) },
+ { enc_input075, enc_output075, enc_assoc075, enc_nonce075, enc_key075,
+ sizeof(enc_input075), sizeof(enc_assoc075), sizeof(enc_nonce075) },
{ enc_input076, enc_output076, enc_assoc076, enc_nonce076, enc_key076,
sizeof(enc_input076), sizeof(enc_assoc076), sizeof(enc_nonce076) },
{ enc_input077, enc_output077, enc_assoc077, enc_nonce077, enc_key077,
@@ -4517,6 +6100,20 @@ chacha20poly1305_enc_vectors[] __initcon
sizeof(enc_input084), sizeof(enc_assoc084), sizeof(enc_nonce084) },
{ enc_input085, enc_output085, enc_assoc085, enc_nonce085, enc_key085,
sizeof(enc_input085), sizeof(enc_assoc085), sizeof(enc_nonce085) },
+ { enc_input086, enc_output086, enc_assoc086, enc_nonce086, enc_key086,
+ sizeof(enc_input086), sizeof(enc_assoc086), sizeof(enc_nonce086) },
+ { enc_input087, enc_output087, enc_assoc087, enc_nonce087, enc_key087,
+ sizeof(enc_input087), sizeof(enc_assoc087), sizeof(enc_nonce087) },
+ { enc_input088, enc_output088, enc_assoc088, enc_nonce088, enc_key088,
+ sizeof(enc_input088), sizeof(enc_assoc088), sizeof(enc_nonce088) },
+ { enc_input089, enc_output089, enc_assoc089, enc_nonce089, enc_key089,
+ sizeof(enc_input089), sizeof(enc_assoc089), sizeof(enc_nonce089) },
+ { enc_input090, enc_output090, enc_assoc090, enc_nonce090, enc_key090,
+ sizeof(enc_input090), sizeof(enc_assoc090), sizeof(enc_nonce090) },
+ { enc_input091, enc_output091, enc_assoc091, enc_nonce091, enc_key091,
+ sizeof(enc_input091), sizeof(enc_assoc091), sizeof(enc_nonce091) },
+ { enc_input092, enc_output092, enc_assoc092, enc_nonce092, enc_key092,
+ sizeof(enc_input092), sizeof(enc_assoc092), sizeof(enc_nonce092) },
{ enc_input093, enc_output093, enc_assoc093, enc_nonce093, enc_key093,
sizeof(enc_input093), sizeof(enc_assoc093), sizeof(enc_nonce093) },
{ enc_input094, enc_output094, enc_assoc094, enc_nonce094, enc_key094,
@@ -7224,6 +8821,43 @@ xchacha20poly1305_dec_vectors[] __initco
sizeof(xdec_input001), sizeof(xdec_assoc001), sizeof(xdec_nonce001) }
};
+/* This is for the selftests-only, since it is only useful for the purpose of
+ * testing the underlying primitives and interactions.
+ */
+static void __init
+chacha20poly1305_encrypt_bignonce(u8 *dst, const u8 *src, const size_t src_len,
+ const u8 *ad, const size_t ad_len,
+ const u8 nonce[12],
+ const u8 key[CHACHA20POLY1305_KEY_SIZE])
+{
+ const u8 *pad0 = page_address(ZERO_PAGE(0));
+ struct poly1305_desc_ctx poly1305_state;
+ u32 chacha20_state[CHACHA_STATE_WORDS];
+ union {
+ u8 block0[POLY1305_KEY_SIZE];
+ __le64 lens[2];
+ } b = {{ 0 }};
+ u8 bottom_row[16] = { 0 };
+ u32 le_key[8];
+ int i;
+
+ memcpy(&bottom_row[4], nonce, 12);
+ for (i = 0; i < 8; ++i)
+ le_key[i] = get_unaligned_le32(key + sizeof(le_key[i]) * i);
+ chacha_init(chacha20_state, le_key, bottom_row);
+ chacha20_crypt(chacha20_state, b.block0, b.block0, sizeof(b.block0));
+ poly1305_init(&poly1305_state, b.block0);
+ poly1305_update(&poly1305_state, ad, ad_len);
+ poly1305_update(&poly1305_state, pad0, (0x10 - ad_len) & 0xf);
+ chacha20_crypt(chacha20_state, dst, src, src_len);
+ poly1305_update(&poly1305_state, dst, src_len);
+ poly1305_update(&poly1305_state, pad0, (0x10 - src_len) & 0xf);
+ b.lens[0] = cpu_to_le64(ad_len);
+ b.lens[1] = cpu_to_le64(src_len);
+ poly1305_update(&poly1305_state, (u8 *)b.lens, sizeof(b.lens));
+ poly1305_final(&poly1305_state, dst + src_len);
+}
+
static void __init
chacha20poly1305_selftest_encrypt(u8 *dst, const u8 *src, const size_t src_len,
const u8 *ad, const size_t ad_len,
@@ -7233,6 +8867,9 @@ chacha20poly1305_selftest_encrypt(u8 *ds
if (nonce_len == 8)
chacha20poly1305_encrypt(dst, src, src_len, ad, ad_len,
get_unaligned_le64(nonce), key);
+ else if (nonce_len == 12)
+ chacha20poly1305_encrypt_bignonce(dst, src, src_len, ad,
+ ad_len, nonce, key);
else
BUG();
}
@@ -7248,14 +8885,14 @@ decryption_success(bool func_ret, bool e
bool __init chacha20poly1305_selftest(void)
{
enum { MAXIMUM_TEST_BUFFER_LEN = 1UL << 12 };
- size_t i;
- u8 *computed_output = NULL, *heap_src = NULL;
- struct scatterlist sg_src;
+ size_t i, j, k, total_len;
+ u8 *computed_output = NULL, *input = NULL;
bool success = true, ret;
+ struct scatterlist sg_src[3];
- heap_src = kmalloc(MAXIMUM_TEST_BUFFER_LEN, GFP_KERNEL);
computed_output = kmalloc(MAXIMUM_TEST_BUFFER_LEN, GFP_KERNEL);
- if (!heap_src || !computed_output) {
+ input = kmalloc(MAXIMUM_TEST_BUFFER_LEN, GFP_KERNEL);
+ if (!computed_output || !input) {
pr_err("chacha20poly1305 self-test malloc: FAIL\n");
success = false;
goto out;
@@ -7284,17 +8921,17 @@ bool __init chacha20poly1305_selftest(vo
for (i = 0; i < ARRAY_SIZE(chacha20poly1305_enc_vectors); ++i) {
if (chacha20poly1305_enc_vectors[i].nlen != 8)
continue;
- memcpy(heap_src, chacha20poly1305_enc_vectors[i].input,
+ memcpy(computed_output, chacha20poly1305_enc_vectors[i].input,
chacha20poly1305_enc_vectors[i].ilen);
- sg_init_one(&sg_src, heap_src,
+ sg_init_one(sg_src, computed_output,
chacha20poly1305_enc_vectors[i].ilen + POLY1305_DIGEST_SIZE);
- chacha20poly1305_encrypt_sg_inplace(&sg_src,
+ ret = chacha20poly1305_encrypt_sg_inplace(sg_src,
chacha20poly1305_enc_vectors[i].ilen,
chacha20poly1305_enc_vectors[i].assoc,
chacha20poly1305_enc_vectors[i].alen,
get_unaligned_le64(chacha20poly1305_enc_vectors[i].nonce),
chacha20poly1305_enc_vectors[i].key);
- if (memcmp(heap_src,
+ if (!ret || memcmp(computed_output,
chacha20poly1305_enc_vectors[i].output,
chacha20poly1305_enc_vectors[i].ilen +
POLY1305_DIGEST_SIZE)) {
@@ -7326,11 +8963,11 @@ bool __init chacha20poly1305_selftest(vo
}
for (i = 0; i < ARRAY_SIZE(chacha20poly1305_dec_vectors); ++i) {
- memcpy(heap_src, chacha20poly1305_dec_vectors[i].input,
+ memcpy(computed_output, chacha20poly1305_dec_vectors[i].input,
chacha20poly1305_dec_vectors[i].ilen);
- sg_init_one(&sg_src, heap_src,
+ sg_init_one(sg_src, computed_output,
chacha20poly1305_dec_vectors[i].ilen);
- ret = chacha20poly1305_decrypt_sg_inplace(&sg_src,
+ ret = chacha20poly1305_decrypt_sg_inplace(sg_src,
chacha20poly1305_dec_vectors[i].ilen,
chacha20poly1305_dec_vectors[i].assoc,
chacha20poly1305_dec_vectors[i].alen,
@@ -7338,7 +8975,7 @@ bool __init chacha20poly1305_selftest(vo
chacha20poly1305_dec_vectors[i].key);
if (!decryption_success(ret,
chacha20poly1305_dec_vectors[i].failure,
- memcmp(heap_src, chacha20poly1305_dec_vectors[i].output,
+ memcmp(computed_output, chacha20poly1305_dec_vectors[i].output,
chacha20poly1305_dec_vectors[i].ilen -
POLY1305_DIGEST_SIZE))) {
pr_err("chacha20poly1305 sg decryption self-test %zu: FAIL\n",
@@ -7365,6 +9002,7 @@ bool __init chacha20poly1305_selftest(vo
success = false;
}
}
+
for (i = 0; i < ARRAY_SIZE(xchacha20poly1305_dec_vectors); ++i) {
memset(computed_output, 0, MAXIMUM_TEST_BUFFER_LEN);
ret = xchacha20poly1305_decrypt(computed_output,
@@ -7386,8 +9024,54 @@ bool __init chacha20poly1305_selftest(vo
}
}
+ for (total_len = POLY1305_DIGEST_SIZE; IS_ENABLED(DEBUG_CHACHA20POLY1305_SLOW_CHUNK_TEST)
+ && total_len <= 1 << 10; ++total_len) {
+ for (i = 0; i <= total_len; ++i) {
+ for (j = i; j <= total_len; ++j) {
+ sg_init_table(sg_src, 3);
+ sg_set_buf(&sg_src[0], input, i);
+ sg_set_buf(&sg_src[1], input + i, j - i);
+ sg_set_buf(&sg_src[2], input + j, total_len - j);
+ memset(computed_output, 0, total_len);
+ memset(input, 0, total_len);
+
+ if (!chacha20poly1305_encrypt_sg_inplace(sg_src,
+ total_len - POLY1305_DIGEST_SIZE, NULL, 0,
+ 0, enc_key001))
+ goto chunkfail;
+ chacha20poly1305_encrypt(computed_output,
+ computed_output,
+ total_len - POLY1305_DIGEST_SIZE, NULL, 0, 0,
+ enc_key001);
+ if (memcmp(computed_output, input, total_len))
+ goto chunkfail;
+ if (!chacha20poly1305_decrypt(computed_output,
+ input, total_len, NULL, 0, 0, enc_key001))
+ goto chunkfail;
+ for (k = 0; k < total_len - POLY1305_DIGEST_SIZE; ++k) {
+ if (computed_output[k])
+ goto chunkfail;
+ }
+ if (!chacha20poly1305_decrypt_sg_inplace(sg_src,
+ total_len, NULL, 0, 0, enc_key001))
+ goto chunkfail;
+ for (k = 0; k < total_len - POLY1305_DIGEST_SIZE; ++k) {
+ if (input[k])
+ goto chunkfail;
+ }
+ continue;
+
+ chunkfail:
+ pr_err("chacha20poly1305 chunked self-test %zu/%zu/%zu: FAIL\n",
+ total_len, i, j);
+ success = false;
+ }
+
+ }
+ }
+
out:
- kfree(heap_src);
kfree(computed_output);
+ kfree(input);
return success;
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 007/170] crypto: arm64/chacha - correctly walk through blocks
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 006/170] crypto: chacha20poly1305 - add back missing test vectors and test chunking Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 008/170] cxgb4: fix throughput drop during Tx backpressure Greg Kroah-Hartman
` (162 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ard Biesheuvel, Jason A. Donenfeld,
Eric Biggers, Herbert Xu, Emil Renner Berthing
From: Jason A. Donenfeld <Jason@zx2c4.com>
commit c8cfcb78c65877313cda7bcbace624d3dbd1f3b3 upstream.
Prior, passing in chunks of 2, 3, or 4, followed by any additional
chunks would result in the chacha state counter getting out of sync,
resulting in incorrect encryption/decryption, which is a pretty nasty
crypto vuln: "why do images look weird on webpages?" WireGuard users
never experienced this prior, because we have always, out of tree, used
a different crypto library, until the recent Frankenzinc addition. This
commit fixes the issue by advancing the pointers and state counter by
the actual size processed. It also fixes up a bug in the (optional,
costly) stride test that prevented it from running on arm64.
Fixes: b3aad5bad26a ("crypto: arm64/chacha - expose arm64 ChaCha routine as library function")
Reported-and-tested-by: Emil Renner Berthing <kernel@esmil.dk>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: stable@vger.kernel.org # v5.5+
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/crypto/chacha-neon-glue.c | 8 ++++----
lib/crypto/chacha20poly1305-selftest.c | 11 ++++++++---
2 files changed, 12 insertions(+), 7 deletions(-)
--- a/arch/arm64/crypto/chacha-neon-glue.c
+++ b/arch/arm64/crypto/chacha-neon-glue.c
@@ -55,10 +55,10 @@ static void chacha_doneon(u32 *state, u8
break;
}
chacha_4block_xor_neon(state, dst, src, nrounds, l);
- bytes -= CHACHA_BLOCK_SIZE * 5;
- src += CHACHA_BLOCK_SIZE * 5;
- dst += CHACHA_BLOCK_SIZE * 5;
- state[12] += 5;
+ bytes -= l;
+ src += l;
+ dst += l;
+ state[12] += DIV_ROUND_UP(l, CHACHA_BLOCK_SIZE);
}
}
--- a/lib/crypto/chacha20poly1305-selftest.c
+++ b/lib/crypto/chacha20poly1305-selftest.c
@@ -9028,10 +9028,15 @@ bool __init chacha20poly1305_selftest(vo
&& total_len <= 1 << 10; ++total_len) {
for (i = 0; i <= total_len; ++i) {
for (j = i; j <= total_len; ++j) {
+ k = 0;
sg_init_table(sg_src, 3);
- sg_set_buf(&sg_src[0], input, i);
- sg_set_buf(&sg_src[1], input + i, j - i);
- sg_set_buf(&sg_src[2], input + j, total_len - j);
+ if (i)
+ sg_set_buf(&sg_src[k++], input, i);
+ if (j - i)
+ sg_set_buf(&sg_src[k++], input + i, j - i);
+ if (total_len - j)
+ sg_set_buf(&sg_src[k++], input + j, total_len - j);
+ sg_init_marker(sg_src, k);
memset(computed_output, 0, total_len);
memset(input, 0, total_len);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 008/170] cxgb4: fix throughput drop during Tx backpressure
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 007/170] crypto: arm64/chacha - correctly walk through blocks Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 009/170] cxgb4: fix Txq restart check during backpressure Greg Kroah-Hartman
` (161 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rahul Lakkireddy, David S. Miller
From: Rahul Lakkireddy <rahul.lakkireddy@chelsio.com>
[ Upstream commit 7affd80802afb6ca92dba47d768632fbde365241 ]
commit 7c3bebc3d868 ("cxgb4: request the TX CIDX updates to status page")
reverted back to getting Tx CIDX updates via DMA, instead of interrupts,
introduced by commit d429005fdf2c ("cxgb4/cxgb4vf: Add support for SGE
doorbell queue timer")
However, it missed reverting back several code changes where Tx CIDX
updates are not explicitly requested during backpressure when using
interrupt mode. These missed changes cause slow recovery during
backpressure because the corresponding interrupt no longer comes and
hence results in Tx throughput drop.
So, revert back these missed code changes, as well, which will allow
explicitly requesting Tx CIDX updates when backpressure happens.
This enables the corresponding interrupt with Tx CIDX update message
to get generated and hence speed up recovery and restore back
throughput.
Fixes: 7c3bebc3d868 ("cxgb4: request the TX CIDX updates to status page")
Fixes: d429005fdf2c ("cxgb4/cxgb4vf: Add support for SGE doorbell queue timer")
Signed-off-by: Rahul Lakkireddy <rahul.lakkireddy@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/chelsio/cxgb4/sge.c | 42 +------------------------------
1 file changed, 2 insertions(+), 40 deletions(-)
--- a/drivers/net/ethernet/chelsio/cxgb4/sge.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/sge.c
@@ -1486,16 +1486,7 @@ static netdev_tx_t cxgb4_eth_xmit(struct
* has opened up.
*/
eth_txq_stop(q);
-
- /* If we're using the SGE Doorbell Queue Timer facility, we
- * don't need to ask the Firmware to send us Egress Queue CIDX
- * Updates: the Hardware will do this automatically. And
- * since we send the Ingress Queue CIDX Updates to the
- * corresponding Ethernet Response Queue, we'll get them very
- * quickly.
- */
- if (!q->dbqt)
- wr_mid |= FW_WR_EQUEQ_F | FW_WR_EQUIQ_F;
+ wr_mid |= FW_WR_EQUEQ_F | FW_WR_EQUIQ_F;
}
wr = (void *)&q->q.desc[q->q.pidx];
@@ -1805,16 +1796,7 @@ static netdev_tx_t cxgb4_vf_eth_xmit(str
* has opened up.
*/
eth_txq_stop(txq);
-
- /* If we're using the SGE Doorbell Queue Timer facility, we
- * don't need to ask the Firmware to send us Egress Queue CIDX
- * Updates: the Hardware will do this automatically. And
- * since we send the Ingress Queue CIDX Updates to the
- * corresponding Ethernet Response Queue, we'll get them very
- * quickly.
- */
- if (!txq->dbqt)
- wr_mid |= FW_WR_EQUEQ_F | FW_WR_EQUIQ_F;
+ wr_mid |= FW_WR_EQUEQ_F | FW_WR_EQUIQ_F;
}
/* Start filling in our Work Request. Note that we do _not_ handle
@@ -3370,26 +3352,6 @@ static void t4_tx_completion_handler(str
}
txq = &s->ethtxq[pi->first_qset + rspq->idx];
-
- /* We've got the Hardware Consumer Index Update in the Egress Update
- * message. If we're using the SGE Doorbell Queue Timer mechanism,
- * these Egress Update messages will be our sole CIDX Updates we get
- * since we don't want to chew up PCIe bandwidth for both Ingress
- * Messages and Status Page writes. However, The code which manages
- * reclaiming successfully DMA'ed TX Work Requests uses the CIDX value
- * stored in the Status Page at the end of the TX Queue. It's easiest
- * to simply copy the CIDX Update value from the Egress Update message
- * to the Status Page. Also note that no Endian issues need to be
- * considered here since both are Big Endian and we're just copying
- * bytes consistently ...
- */
- if (txq->dbqt) {
- struct cpl_sge_egr_update *egr;
-
- egr = (struct cpl_sge_egr_update *)rsp;
- WRITE_ONCE(txq->q.stat->cidx, egr->cidx);
- }
-
t4_sge_eth_txq_egress_update(adapter, txq, -1);
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 009/170] cxgb4: fix Txq restart check during backpressure
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 008/170] cxgb4: fix throughput drop during Tx backpressure Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 010/170] geneve: move debug check after netdev unregister Greg Kroah-Hartman
` (160 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rahul Lakkireddy, David S. Miller
From: Rahul Lakkireddy <rahul.lakkireddy@chelsio.com>
[ Upstream commit f1f20a8666c55cb534b8f3fc1130eebf01a06155 ]
Driver reclaims descriptors in much smaller batches, even if hardware
indicates more to reclaim, during backpressure. So, fix the check to
restart the Txq during backpressure, by looking at how many
descriptors hardware had indicated to reclaim, and not on how many
descriptors that driver had actually reclaimed. Once the Txq is
restarted, driver will reclaim even more descriptors when Tx path
is entered again.
Fixes: d429005fdf2c ("cxgb4/cxgb4vf: Add support for SGE doorbell queue timer")
Signed-off-by: Rahul Lakkireddy <rahul.lakkireddy@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/chelsio/cxgb4/sge.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/chelsio/cxgb4/sge.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/sge.c
@@ -1307,8 +1307,9 @@ static inline void *write_tso_wr(struct
int t4_sge_eth_txq_egress_update(struct adapter *adap, struct sge_eth_txq *eq,
int maxreclaim)
{
+ unsigned int reclaimed, hw_cidx;
struct sge_txq *q = &eq->q;
- unsigned int reclaimed;
+ int hw_in_use;
if (!q->in_use || !__netif_tx_trylock(eq->txq))
return 0;
@@ -1316,12 +1317,17 @@ int t4_sge_eth_txq_egress_update(struct
/* Reclaim pending completed TX Descriptors. */
reclaimed = reclaim_completed_tx(adap, &eq->q, maxreclaim, true);
+ hw_cidx = ntohs(READ_ONCE(q->stat->cidx));
+ hw_in_use = q->pidx - hw_cidx;
+ if (hw_in_use < 0)
+ hw_in_use += q->size;
+
/* If the TX Queue is currently stopped and there's now more than half
* the queue available, restart it. Otherwise bail out since the rest
* of what we want do here is with the possibility of shipping any
* currently buffered Coalesced TX Work Request.
*/
- if (netif_tx_queue_stopped(eq->txq) && txq_avail(q) > (q->size / 2)) {
+ if (netif_tx_queue_stopped(eq->txq) && hw_in_use < (q->size / 2)) {
netif_tx_wake_queue(eq->txq);
eq->q.restarts++;
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 010/170] geneve: move debug check after netdev unregister
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 009/170] cxgb4: fix Txq restart check during backpressure Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 011/170] hsr: fix general protection fault in hsr_addr_is_self() Greg Kroah-Hartman
` (159 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Haishuang Yan, Florian Westphal,
David S. Miller, syzbot+68a8ed58e3d17c700de5
From: Florian Westphal <fw@strlen.de>
[ Upstream commit 0fda7600c2e174fe27e9cf02e78e345226e441fa ]
The debug check must be done after unregister_netdevice_many() call --
the list_del() for this is done inside .ndo_stop.
Fixes: 2843a25348f8 ("geneve: speedup geneve tunnels dismantle")
Reported-and-tested-by: <syzbot+68a8ed58e3d17c700de5@syzkaller.appspotmail.com>
Cc: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/geneve.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/drivers/net/geneve.c
+++ b/drivers/net/geneve.c
@@ -1845,8 +1845,6 @@ static void geneve_destroy_tunnels(struc
if (!net_eq(dev_net(geneve->dev), net))
unregister_netdevice_queue(geneve->dev, head);
}
-
- WARN_ON_ONCE(!list_empty(&gn->sock_list));
}
static void __net_exit geneve_exit_batch_net(struct list_head *net_list)
@@ -1861,6 +1859,12 @@ static void __net_exit geneve_exit_batch
/* unregister the devices gathered above */
unregister_netdevice_many(&list);
rtnl_unlock();
+
+ list_for_each_entry(net, net_list, exit_list) {
+ const struct geneve_net *gn = net_generic(net, geneve_net_id);
+
+ WARN_ON_ONCE(!list_empty(&gn->sock_list));
+ }
}
static struct pernet_operations geneve_net_ops = {
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 011/170] hsr: fix general protection fault in hsr_addr_is_self()
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 010/170] geneve: move debug check after netdev unregister Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 012/170] ipv4: fix a RCU-list lock in inet_dump_fib() Greg Kroah-Hartman
` (158 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+fcf5dd39282ceb27108d,
Taehee Yoo, David S. Miller
From: Taehee Yoo <ap420073@gmail.com>
[ Upstream commit 3a303cfdd28d5f930a307c82e8a9d996394d5ebd ]
The port->hsr is used in the hsr_handle_frame(), which is a
callback of rx_handler.
hsr master and slaves are initialized in hsr_add_port().
This function initializes several pointers, which includes port->hsr after
registering rx_handler.
So, in the rx_handler routine, un-initialized pointer would be used.
In order to fix this, pointers should be initialized before
registering rx_handler.
Test commands:
ip netns del left
ip netns del right
modprobe -rv veth
modprobe -rv hsr
killall ping
modprobe hsr
ip netns add left
ip netns add right
ip link add veth0 type veth peer name veth1
ip link add veth2 type veth peer name veth3
ip link add veth4 type veth peer name veth5
ip link set veth1 netns left
ip link set veth3 netns right
ip link set veth4 netns left
ip link set veth5 netns right
ip link set veth0 up
ip link set veth2 up
ip link set veth0 address fc:00:00:00:00:01
ip link set veth2 address fc:00:00:00:00:02
ip netns exec left ip link set veth1 up
ip netns exec left ip link set veth4 up
ip netns exec right ip link set veth3 up
ip netns exec right ip link set veth5 up
ip link add hsr0 type hsr slave1 veth0 slave2 veth2
ip a a 192.168.100.1/24 dev hsr0
ip link set hsr0 up
ip netns exec left ip link add hsr1 type hsr slave1 veth1 slave2 veth4
ip netns exec left ip a a 192.168.100.2/24 dev hsr1
ip netns exec left ip link set hsr1 up
ip netns exec left ip n a 192.168.100.1 dev hsr1 lladdr \
fc:00:00:00:00:01 nud permanent
ip netns exec left ip n r 192.168.100.1 dev hsr1 lladdr \
fc:00:00:00:00:01 nud permanent
for i in {1..100}
do
ip netns exec left ping 192.168.100.1 &
done
ip netns exec left hping3 192.168.100.1 -2 --flood &
ip netns exec right ip link add hsr2 type hsr slave1 veth3 slave2 veth5
ip netns exec right ip a a 192.168.100.3/24 dev hsr2
ip netns exec right ip link set hsr2 up
ip netns exec right ip n a 192.168.100.1 dev hsr2 lladdr \
fc:00:00:00:00:02 nud permanent
ip netns exec right ip n r 192.168.100.1 dev hsr2 lladdr \
fc:00:00:00:00:02 nud permanent
for i in {1..100}
do
ip netns exec right ping 192.168.100.1 &
done
ip netns exec right hping3 192.168.100.1 -2 --flood &
while :
do
ip link add hsr0 type hsr slave1 veth0 slave2 veth2
ip a a 192.168.100.1/24 dev hsr0
ip link set hsr0 up
ip link del hsr0
done
Splat looks like:
[ 120.954938][ C0] general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1]I
[ 120.957761][ C0] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
[ 120.959064][ C0] CPU: 0 PID: 1511 Comm: hping3 Not tainted 5.6.0-rc5+ #460
[ 120.960054][ C0] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[ 120.962261][ C0] RIP: 0010:hsr_addr_is_self+0x65/0x2a0 [hsr]
[ 120.963149][ C0] Code: 44 24 18 70 73 2f c0 48 c1 eb 03 48 8d 04 13 c7 00 f1 f1 f1 f1 c7 40 04 00 f2 f2 f2 4
[ 120.966277][ C0] RSP: 0018:ffff8880d9c09af0 EFLAGS: 00010206
[ 120.967293][ C0] RAX: 0000000000000006 RBX: 1ffff1101b38135f RCX: 0000000000000000
[ 120.968516][ C0] RDX: dffffc0000000000 RSI: ffff8880d17cb208 RDI: 0000000000000000
[ 120.969718][ C0] RBP: 0000000000000030 R08: ffffed101b3c0e3c R09: 0000000000000001
[ 120.972203][ C0] R10: 0000000000000001 R11: ffffed101b3c0e3b R12: 0000000000000000
[ 120.973379][ C0] R13: ffff8880aaf80100 R14: ffff8880aaf800f2 R15: ffff8880aaf80040
[ 120.974410][ C0] FS: 00007f58e693f740(0000) GS:ffff8880d9c00000(0000) knlGS:0000000000000000
[ 120.979794][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 120.980773][ C0] CR2: 00007ffcb8b38f29 CR3: 00000000afe8e001 CR4: 00000000000606f0
[ 120.981945][ C0] Call Trace:
[ 120.982411][ C0] <IRQ>
[ 120.982848][ C0] ? hsr_add_node+0x8c0/0x8c0 [hsr]
[ 120.983522][ C0] ? rcu_read_lock_held+0x90/0xa0
[ 120.984159][ C0] ? rcu_read_lock_sched_held+0xc0/0xc0
[ 120.984944][ C0] hsr_handle_frame+0x1db/0x4e0 [hsr]
[ 120.985597][ C0] ? hsr_nl_nodedown+0x2b0/0x2b0 [hsr]
[ 120.986289][ C0] __netif_receive_skb_core+0x6bf/0x3170
[ 120.992513][ C0] ? check_chain_key+0x236/0x5d0
[ 120.993223][ C0] ? do_xdp_generic+0x1460/0x1460
[ 120.993875][ C0] ? register_lock_class+0x14d0/0x14d0
[ 120.994609][ C0] ? __netif_receive_skb_one_core+0x8d/0x160
[ 120.995377][ C0] __netif_receive_skb_one_core+0x8d/0x160
[ 120.996204][ C0] ? __netif_receive_skb_core+0x3170/0x3170
[ ... ]
Reported-by: syzbot+fcf5dd39282ceb27108d@syzkaller.appspotmail.com
Fixes: c5a759117210 ("net/hsr: Use list_head (and rcu) instead of array for slave devices.")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/hsr/hsr_slave.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/net/hsr/hsr_slave.c
+++ b/net/hsr/hsr_slave.c
@@ -145,16 +145,16 @@ int hsr_add_port(struct hsr_priv *hsr, s
if (!port)
return -ENOMEM;
+ port->hsr = hsr;
+ port->dev = dev;
+ port->type = type;
+
if (type != HSR_PT_MASTER) {
res = hsr_portdev_setup(dev, port);
if (res)
goto fail_dev_setup;
}
- port->hsr = hsr;
- port->dev = dev;
- port->type = type;
-
list_add_tail_rcu(&port->port_list, &hsr->ports);
synchronize_rcu();
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 012/170] ipv4: fix a RCU-list lock in inet_dump_fib()
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 011/170] hsr: fix general protection fault in hsr_addr_is_self() Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 013/170] macsec: restrict to ethernet devices Greg Kroah-Hartman
` (157 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qian Cai, David Ahern, David S. Miller
From: Qian Cai <cai@lca.pw>
[ Upstream commit dddeb30bfc43926620f954266fd12c65a7206f07 ]
There is a place,
inet_dump_fib()
fib_table_dump
fn_trie_dump_leaf()
hlist_for_each_entry_rcu()
without rcu_read_lock() will trigger a warning,
WARNING: suspicious RCU usage
-----------------------------
net/ipv4/fib_trie.c:2216 RCU-list traversed in non-reader section!!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
1 lock held by ip/1923:
#0: ffffffff8ce76e40 (rtnl_mutex){+.+.}, at: netlink_dump+0xd6/0x840
Call Trace:
dump_stack+0xa1/0xea
lockdep_rcu_suspicious+0x103/0x10d
fn_trie_dump_leaf+0x581/0x590
fib_table_dump+0x15f/0x220
inet_dump_fib+0x4ad/0x5d0
netlink_dump+0x350/0x840
__netlink_dump_start+0x315/0x3e0
rtnetlink_rcv_msg+0x4d1/0x720
netlink_rcv_skb+0xf0/0x220
rtnetlink_rcv+0x15/0x20
netlink_unicast+0x306/0x460
netlink_sendmsg+0x44b/0x770
__sys_sendto+0x259/0x270
__x64_sys_sendto+0x80/0xa0
do_syscall_64+0x69/0xf4
entry_SYSCALL_64_after_hwframe+0x49/0xb3
Fixes: 18a8021a7be3 ("net/ipv4: Plumb support for filtering route dumps")
Signed-off-by: Qian Cai <cai@lca.pw>
Reviewed-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/fib_frontend.c | 2 ++
1 file changed, 2 insertions(+)
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -997,7 +997,9 @@ static int inet_dump_fib(struct sk_buff
return -ENOENT;
}
+ rcu_read_lock();
err = fib_table_dump(tb, skb, cb, &filter);
+ rcu_read_unlock();
return skb->len ? : err;
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 013/170] macsec: restrict to ethernet devices
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 012/170] ipv4: fix a RCU-list lock in inet_dump_fib() Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 014/170] mlxsw: pci: Only issue reset when system is ready Greg Kroah-Hartman
` (156 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot, Willem de Bruijn, David S. Miller
From: Willem de Bruijn <willemb@google.com>
[ Upstream commit b06d072ccc4b1acd0147b17914b7ad1caa1818bb ]
Only attach macsec to ethernet devices.
Syzbot was able to trigger a KMSAN warning in macsec_handle_frame
by attaching to a phonet device.
Macvlan has a similar check in macvlan_port_create.
v1->v2
- fix commit message typo
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/macsec.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -16,6 +16,7 @@
#include <net/genetlink.h>
#include <net/sock.h>
#include <net/gro_cells.h>
+#include <linux/if_arp.h>
#include <uapi/linux/if_macsec.h>
@@ -3236,6 +3237,8 @@ static int macsec_newlink(struct net *ne
real_dev = __dev_get_by_index(net, nla_get_u32(tb[IFLA_LINK]));
if (!real_dev)
return -ENODEV;
+ if (real_dev->type != ARPHRD_ETHER)
+ return -EINVAL;
dev->priv_flags |= IFF_MACSEC;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 014/170] mlxsw: pci: Only issue reset when system is ready
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 013/170] macsec: restrict to ethernet devices Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 015/170] mlxsw: spectrum_mr: Fix list iteration in error path Greg Kroah-Hartman
` (155 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ido Schimmel, Jiri Pirko, David S. Miller
From: Ido Schimmel <idosch@mellanox.com>
[ Upstream commit 6002059d7882c3512e6ac52fa82424272ddfcd5c ]
During initialization the driver issues a software reset command and
then waits for the system status to change back to "ready" state.
However, before issuing the reset command the driver does not check that
the system is actually in "ready" state. On Spectrum-{1,2} systems this
was always the case as the hardware initialization time is very short.
On Spectrum-3 systems this is no longer the case. This results in the
software reset command timing-out and the driver failing to load:
[ 6.347591] mlxsw_spectrum3 0000:06:00.0: Cmd exec timed-out (opcode=40(ACCESS_REG),opcode_mod=0,in_mod=0)
[ 6.358382] mlxsw_spectrum3 0000:06:00.0: Reg cmd access failed (reg_id=9023(mrsr),type=write)
[ 6.368028] mlxsw_spectrum3 0000:06:00.0: cannot register bus device
[ 6.375274] mlxsw_spectrum3: probe of 0000:06:00.0 failed with error -110
Fix this by waiting for the system to become ready both before issuing
the reset command and afterwards. In case of failure, print the last
system status to aid in debugging.
Fixes: da382875c616 ("mlxsw: spectrum: Extend to support Spectrum-3 ASIC")
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlxsw/pci.c | 50 +++++++++++++++++++++++-------
1 file changed, 39 insertions(+), 11 deletions(-)
--- a/drivers/net/ethernet/mellanox/mlxsw/pci.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/pci.c
@@ -1322,36 +1322,64 @@ static void mlxsw_pci_mbox_free(struct m
mbox->mapaddr);
}
-static int mlxsw_pci_sw_reset(struct mlxsw_pci *mlxsw_pci,
- const struct pci_device_id *id)
+static int mlxsw_pci_sys_ready_wait(struct mlxsw_pci *mlxsw_pci,
+ const struct pci_device_id *id,
+ u32 *p_sys_status)
{
unsigned long end;
- char mrsr_pl[MLXSW_REG_MRSR_LEN];
- int err;
+ u32 val;
- mlxsw_reg_mrsr_pack(mrsr_pl);
- err = mlxsw_reg_write(mlxsw_pci->core, MLXSW_REG(mrsr), mrsr_pl);
- if (err)
- return err;
if (id->device == PCI_DEVICE_ID_MELLANOX_SWITCHX2) {
msleep(MLXSW_PCI_SW_RESET_TIMEOUT_MSECS);
return 0;
}
- /* We must wait for the HW to become responsive once again. */
+ /* We must wait for the HW to become responsive. */
msleep(MLXSW_PCI_SW_RESET_WAIT_MSECS);
end = jiffies + msecs_to_jiffies(MLXSW_PCI_SW_RESET_TIMEOUT_MSECS);
do {
- u32 val = mlxsw_pci_read32(mlxsw_pci, FW_READY);
-
+ val = mlxsw_pci_read32(mlxsw_pci, FW_READY);
if ((val & MLXSW_PCI_FW_READY_MASK) == MLXSW_PCI_FW_READY_MAGIC)
return 0;
cond_resched();
} while (time_before(jiffies, end));
+
+ *p_sys_status = val & MLXSW_PCI_FW_READY_MASK;
+
return -EBUSY;
}
+static int mlxsw_pci_sw_reset(struct mlxsw_pci *mlxsw_pci,
+ const struct pci_device_id *id)
+{
+ struct pci_dev *pdev = mlxsw_pci->pdev;
+ char mrsr_pl[MLXSW_REG_MRSR_LEN];
+ u32 sys_status;
+ int err;
+
+ err = mlxsw_pci_sys_ready_wait(mlxsw_pci, id, &sys_status);
+ if (err) {
+ dev_err(&pdev->dev, "Failed to reach system ready status before reset. Status is 0x%x\n",
+ sys_status);
+ return err;
+ }
+
+ mlxsw_reg_mrsr_pack(mrsr_pl);
+ err = mlxsw_reg_write(mlxsw_pci->core, MLXSW_REG(mrsr), mrsr_pl);
+ if (err)
+ return err;
+
+ err = mlxsw_pci_sys_ready_wait(mlxsw_pci, id, &sys_status);
+ if (err) {
+ dev_err(&pdev->dev, "Failed to reach system ready status after reset. Status is 0x%x\n",
+ sys_status);
+ return err;
+ }
+
+ return 0;
+}
+
static int mlxsw_pci_alloc_irq_vectors(struct mlxsw_pci *mlxsw_pci)
{
int err;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 015/170] mlxsw: spectrum_mr: Fix list iteration in error path
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 014/170] mlxsw: pci: Only issue reset when system is ready Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 016/170] net/bpfilter: fix dprintf usage for /dev/kmsg Greg Kroah-Hartman
` (154 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ido Schimmel, Jiri Pirko, David S. Miller
From: Ido Schimmel <idosch@mellanox.com>
[ Upstream commit f6bf1bafdc2152bb22aff3a4e947f2441a1d49e2 ]
list_for_each_entry_from_reverse() iterates backwards over the list from
the current position, but in the error path we should start from the
previous position.
Fix this by using list_for_each_entry_continue_reverse() instead.
This suppresses the following error from coccinelle:
drivers/net/ethernet/mellanox/mlxsw//spectrum_mr.c:655:34-38: ERROR:
invalid reference to the index variable of the iterator on line 636
Fixes: c011ec1bbfd6 ("mlxsw: spectrum: Add the multicast routing offloading logic")
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c
@@ -637,12 +637,12 @@ static int mlxsw_sp_mr_vif_resolve(struc
return 0;
err_erif_unresolve:
- list_for_each_entry_from_reverse(erve, &mr_vif->route_evif_list,
- vif_node)
+ list_for_each_entry_continue_reverse(erve, &mr_vif->route_evif_list,
+ vif_node)
mlxsw_sp_mr_route_evif_unresolve(mr_table, erve);
err_irif_unresolve:
- list_for_each_entry_from_reverse(irve, &mr_vif->route_ivif_list,
- vif_node)
+ list_for_each_entry_continue_reverse(irve, &mr_vif->route_ivif_list,
+ vif_node)
mlxsw_sp_mr_route_ivif_unresolve(mr_table, irve);
mr_vif->rif = NULL;
return err;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 016/170] net/bpfilter: fix dprintf usage for /dev/kmsg
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 015/170] mlxsw: spectrum_mr: Fix list iteration in error path Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 017/170] net: cbs: Fix software cbs to consider packet sending time Greg Kroah-Hartman
` (153 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Bruno Meneguele, David S. Miller
From: Bruno Meneguele <bmeneg@redhat.com>
[ Upstream commit 13d0f7b814d9b4c67e60d8c2820c86ea181e7d99 ]
The bpfilter UMH code was recently changed to log its informative messages to
/dev/kmsg, however this interface doesn't support SEEK_CUR yet, used by
dprintf(). As result dprintf() returns -EINVAL and doesn't log anything.
However there already had some discussions about supporting SEEK_CUR into
/dev/kmsg interface in the past it wasn't concluded. Since the only user of
that from userspace perspective inside the kernel is the bpfilter UMH
(userspace) module it's better to correct it here instead waiting a conclusion
on the interface.
Fixes: 36c4357c63f3 ("net: bpfilter: print umh messages to /dev/kmsg")
Signed-off-by: Bruno Meneguele <bmeneg@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/bpfilter/main.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
--- a/net/bpfilter/main.c
+++ b/net/bpfilter/main.c
@@ -10,7 +10,7 @@
#include <asm/unistd.h>
#include "msgfmt.h"
-int debug_fd;
+FILE *debug_f;
static int handle_get_cmd(struct mbox_request *cmd)
{
@@ -35,9 +35,10 @@ static void loop(void)
struct mbox_reply reply;
int n;
+ fprintf(debug_f, "testing the buffer\n");
n = read(0, &req, sizeof(req));
if (n != sizeof(req)) {
- dprintf(debug_fd, "invalid request %d\n", n);
+ fprintf(debug_f, "invalid request %d\n", n);
return;
}
@@ -47,7 +48,7 @@ static void loop(void)
n = write(1, &reply, sizeof(reply));
if (n != sizeof(reply)) {
- dprintf(debug_fd, "reply failed %d\n", n);
+ fprintf(debug_f, "reply failed %d\n", n);
return;
}
}
@@ -55,9 +56,10 @@ static void loop(void)
int main(void)
{
- debug_fd = open("/dev/kmsg", 00000002);
- dprintf(debug_fd, "Started bpfilter\n");
+ debug_f = fopen("/dev/kmsg", "w");
+ setvbuf(debug_f, 0, _IOLBF, 0);
+ fprintf(debug_f, "Started bpfilter\n");
loop();
- close(debug_fd);
+ fclose(debug_f);
return 0;
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 017/170] net: cbs: Fix software cbs to consider packet sending time
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 016/170] net/bpfilter: fix dprintf usage for /dev/kmsg Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 018/170] net: dsa: Fix duplicate frames flooded by learning Greg Kroah-Hartman
` (152 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zh-yuan Ye, Vinicius Costa Gomes,
David S. Miller
From: Zh-yuan Ye <ye.zh-yuan@socionext.com>
[ Upstream commit 961d0e5b32946703125964f9f5b6321d60f4d706 ]
Currently the software CBS does not consider the packet sending time
when depleting the credits. It caused the throughput to be
Idleslope[kbps] * (Port transmit rate[kbps] / |Sendslope[kbps]|) where
Idleslope * (Port transmit rate / (Idleslope + |Sendslope|)) = Idleslope
is expected. In order to fix the issue above, this patch takes the time
when the packet sending completes into account by moving the anchor time
variable "last" ahead to the send completion time upon transmission and
adding wait when the next dequeue request comes before the send
completion time of the previous packet.
changelog:
V2->V3:
- remove unnecessary whitespace cleanup
- add the checks if port_rate is 0 before division
V1->V2:
- combine variable "send_completed" into "last"
- add the comment for estimate of the packet sending
Fixes: 585d763af09c ("net/sched: Introduce Credit Based Shaper (CBS) qdisc")
Signed-off-by: Zh-yuan Ye <ye.zh-yuan@socionext.com>
Reviewed-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sched/sch_cbs.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
--- a/net/sched/sch_cbs.c
+++ b/net/sched/sch_cbs.c
@@ -181,6 +181,11 @@ static struct sk_buff *cbs_dequeue_soft(
s64 credits;
int len;
+ /* The previous packet is still being sent */
+ if (now < q->last) {
+ qdisc_watchdog_schedule_ns(&q->watchdog, q->last);
+ return NULL;
+ }
if (q->credits < 0) {
credits = timediff_to_credits(now - q->last, q->idleslope);
@@ -212,7 +217,12 @@ static struct sk_buff *cbs_dequeue_soft(
credits += q->credits;
q->credits = max_t(s64, credits, q->locredit);
- q->last = now;
+ /* Estimate of the transmission of the last byte of the packet in ns */
+ if (unlikely(atomic64_read(&q->port_rate) == 0))
+ q->last = now;
+ else
+ q->last = now + div64_s64(len * NSEC_PER_SEC,
+ atomic64_read(&q->port_rate));
return skb;
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 018/170] net: dsa: Fix duplicate frames flooded by learning
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 017/170] net: cbs: Fix software cbs to consider packet sending time Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 019/170] net: dsa: mt7530: Change the LINK bit to reflect the link status Greg Kroah-Hartman
` (151 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxime Bizon, Florian Fainelli,
Vivien Didelot, David S. Miller
From: Florian Fainelli <f.fainelli@gmail.com>
[ Upstream commit 0e62f543bed03a64495bd2651d4fe1aa4bcb7fe5 ]
When both the switch and the bridge are learning about new addresses,
switch ports attached to the bridge would see duplicate ARP frames
because both entities would attempt to send them.
Fixes: 5037d532b83d ("net: dsa: add Broadcom tag RX/TX handler")
Reported-by: Maxime Bizon <mbizon@freebox.fr>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Reviewed-by: Vivien Didelot <vivien.didelot@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/dsa/tag_brcm.c | 2 ++
1 file changed, 2 insertions(+)
--- a/net/dsa/tag_brcm.c
+++ b/net/dsa/tag_brcm.c
@@ -140,6 +140,8 @@ static struct sk_buff *brcm_tag_rcv_ll(s
/* Remove Broadcom tag and update checksum */
skb_pull_rcsum(skb, BRCM_TAG_LEN);
+ skb->offload_fwd_mark = 1;
+
return skb;
}
#endif
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 019/170] net: dsa: mt7530: Change the LINK bit to reflect the link status
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 018/170] net: dsa: Fix duplicate frames flooded by learning Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 020/170] net: dsa: tag_8021q: replace dsa_8021q_remove_header with __skb_vlan_pop Greg Kroah-Hartman
` (150 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrew Smith, René van Dorst,
Vivien Didelot, Florian Fainelli, David S. Miller
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=UTF-8, Size: 2114 bytes --]
From: "René van Dorst" <opensource@vdorst.com>
[ Upstream commit 22259471b51925353bd7b16f864c79fdd76e425e ]
Andrew reported:
After a number of network port link up/down changes, sometimes the switch
port gets stuck in a state where it thinks it is still transmitting packets
but the cpu port is not actually transmitting anymore. In this state you
will see a message on the console
"mtk_soc_eth 1e100000.ethernet eth0: transmit timed out" and the Tx counter
in ifconfig will be incrementing on virtual port, but not incrementing on
cpu port.
The issue is that MAC TX/RX status has no impact on the link status or
queue manager of the switch. So the queue manager just queues up packets
of a disabled port and sends out pause frames when the queue is full.
Change the LINK bit to reflect the link status.
Fixes: b8f126a8d543 ("net-next: dsa: add dsa support for Mediatek MT7530 switch")
Reported-by: Andrew Smith <andrew.smith@digi.com>
Signed-off-by: René van Dorst <opensource@vdorst.com>
Reviewed-by: Vivien Didelot <vivien.didelot@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/dsa/mt7530.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/dsa/mt7530.c
+++ b/drivers/net/dsa/mt7530.c
@@ -566,7 +566,7 @@ mt7530_mib_reset(struct dsa_switch *ds)
static void
mt7530_port_set_status(struct mt7530_priv *priv, int port, int enable)
{
- u32 mask = PMCR_TX_EN | PMCR_RX_EN;
+ u32 mask = PMCR_TX_EN | PMCR_RX_EN | PMCR_FORCE_LNK;
if (enable)
mt7530_set(priv, MT7530_PMCR_P(port), mask);
@@ -1443,7 +1443,7 @@ static void mt7530_phylink_mac_config(st
mcr_new &= ~(PMCR_FORCE_SPEED_1000 | PMCR_FORCE_SPEED_100 |
PMCR_FORCE_FDX | PMCR_TX_FC_EN | PMCR_RX_FC_EN);
mcr_new |= PMCR_IFG_XMIT(1) | PMCR_MAC_MODE | PMCR_BACKOFF_EN |
- PMCR_BACKPR_EN | PMCR_FORCE_MODE | PMCR_FORCE_LNK;
+ PMCR_BACKPR_EN | PMCR_FORCE_MODE;
/* Are we connected to external phy */
if (port == 5 && dsa_is_user_port(ds, 5))
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 020/170] net: dsa: tag_8021q: replace dsa_8021q_remove_header with __skb_vlan_pop
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 019/170] net: dsa: mt7530: Change the LINK bit to reflect the link status Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 021/170] net: ena: Add PCI shutdown handler to allow safe kexec Greg Kroah-Hartman
` (149 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Vladimir Oltean, David S. Miller
From: Vladimir Oltean <vladimir.oltean@nxp.com>
[ Upstream commit e80f40cbe4dd51371818e967d40da8fe305db5e4 ]
Not only did this wheel did not need reinventing, but there is also
an issue with it: It doesn't remove the VLAN header in a way that
preserves the L2 payload checksum when that is being provided by the DSA
master hw. It should recalculate checksum both for the push, before
removing the header, and for the pull afterwards. But the current
implementation is quite dizzying, with pulls followed immediately
afterwards by pushes, the memmove is done before the push, etc. This
makes a DSA master with RX checksumming offload to print stack traces
with the infamous 'hw csum failure' message.
So remove the dsa_8021q_remove_header function and replace it with
something that actually works with inet checksumming.
Fixes: d461933638ae ("net: dsa: tag_8021q: Create helper function for removing VLAN header")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/dsa/8021q.h | 7 -------
net/dsa/tag_8021q.c | 43 -------------------------------------------
net/dsa/tag_sja1105.c | 19 +++++++++----------
3 files changed, 9 insertions(+), 60 deletions(-)
--- a/include/linux/dsa/8021q.h
+++ b/include/linux/dsa/8021q.h
@@ -28,8 +28,6 @@ int dsa_8021q_rx_switch_id(u16 vid);
int dsa_8021q_rx_source_port(u16 vid);
-struct sk_buff *dsa_8021q_remove_header(struct sk_buff *skb);
-
#else
int dsa_port_setup_8021q_tagging(struct dsa_switch *ds, int index,
@@ -64,11 +62,6 @@ int dsa_8021q_rx_source_port(u16 vid)
return 0;
}
-struct sk_buff *dsa_8021q_remove_header(struct sk_buff *skb)
-{
- return NULL;
-}
-
#endif /* IS_ENABLED(CONFIG_NET_DSA_TAG_8021Q) */
#endif /* _NET_DSA_8021Q_H */
--- a/net/dsa/tag_8021q.c
+++ b/net/dsa/tag_8021q.c
@@ -298,47 +298,4 @@ struct sk_buff *dsa_8021q_xmit(struct sk
}
EXPORT_SYMBOL_GPL(dsa_8021q_xmit);
-/* In the DSA packet_type handler, skb->data points in the middle of the VLAN
- * tag, after tpid and before tci. This is because so far, ETH_HLEN
- * (DMAC, SMAC, EtherType) bytes were pulled.
- * There are 2 bytes of VLAN tag left in skb->data, and upper
- * layers expect the 'real' EtherType to be consumed as well.
- * Coincidentally, a VLAN header is also of the same size as
- * the number of bytes that need to be pulled.
- *
- * skb_mac_header skb->data
- * | |
- * v v
- * | | | | | | | | | | | | | | | | | | |
- * +-----------------------+-----------------------+-------+-------+-------+
- * | Destination MAC | Source MAC | TPID | TCI | EType |
- * +-----------------------+-----------------------+-------+-------+-------+
- * ^ | |
- * |<--VLAN_HLEN-->to <---VLAN_HLEN--->
- * from |
- * >>>>>>> v
- * >>>>>>> | | | | | | | | | | | | | | |
- * >>>>>>> +-----------------------+-----------------------+-------+
- * >>>>>>> | Destination MAC | Source MAC | EType |
- * +-----------------------+-----------------------+-------+
- * ^ ^
- * (now part of | |
- * skb->head) skb_mac_header skb->data
- */
-struct sk_buff *dsa_8021q_remove_header(struct sk_buff *skb)
-{
- u8 *from = skb_mac_header(skb);
- u8 *dest = from + VLAN_HLEN;
-
- memmove(dest, from, ETH_HLEN - VLAN_HLEN);
- skb_pull(skb, VLAN_HLEN);
- skb_push(skb, ETH_HLEN);
- skb_reset_mac_header(skb);
- skb_reset_mac_len(skb);
- skb_pull_rcsum(skb, ETH_HLEN);
-
- return skb;
-}
-EXPORT_SYMBOL_GPL(dsa_8021q_remove_header);
-
MODULE_LICENSE("GPL v2");
--- a/net/dsa/tag_sja1105.c
+++ b/net/dsa/tag_sja1105.c
@@ -238,14 +238,14 @@ static struct sk_buff *sja1105_rcv(struc
{
struct sja1105_meta meta = {0};
int source_port, switch_id;
- struct vlan_ethhdr *hdr;
+ struct ethhdr *hdr;
u16 tpid, vid, tci;
bool is_link_local;
bool is_tagged;
bool is_meta;
- hdr = vlan_eth_hdr(skb);
- tpid = ntohs(hdr->h_vlan_proto);
+ hdr = eth_hdr(skb);
+ tpid = ntohs(hdr->h_proto);
is_tagged = (tpid == ETH_P_SJA1105);
is_link_local = sja1105_is_link_local(skb);
is_meta = sja1105_is_meta_frame(skb);
@@ -254,7 +254,12 @@ static struct sk_buff *sja1105_rcv(struc
if (is_tagged) {
/* Normal traffic path. */
- tci = ntohs(hdr->h_vlan_TCI);
+ skb_push_rcsum(skb, ETH_HLEN);
+ __skb_vlan_pop(skb, &tci);
+ skb_pull_rcsum(skb, ETH_HLEN);
+ skb_reset_network_header(skb);
+ skb_reset_transport_header(skb);
+
vid = tci & VLAN_VID_MASK;
source_port = dsa_8021q_rx_source_port(vid);
switch_id = dsa_8021q_rx_switch_id(vid);
@@ -283,12 +288,6 @@ static struct sk_buff *sja1105_rcv(struc
return NULL;
}
- /* Delete/overwrite fake VLAN header, DSA expects to not find
- * it there, see dsa_switch_rcv: skb_push(skb, ETH_HLEN).
- */
- if (is_tagged)
- skb = dsa_8021q_remove_header(skb);
-
return sja1105_rcv_meta_state_machine(skb, &meta, is_link_local,
is_meta);
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 021/170] net: ena: Add PCI shutdown handler to allow safe kexec
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 020/170] net: dsa: tag_8021q: replace dsa_8021q_remove_header with __skb_vlan_pop Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 022/170] net: mvneta: Fix the case where the last poll did not process all rx Greg Kroah-Hartman
` (148 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gavin Shan, Guilherme G. Piccoli,
Sameeh Jubran, David S. Miller
From: "Guilherme G. Piccoli" <gpiccoli@canonical.com>
[ Upstream commit 428c491332bca498c8eb2127669af51506c346c7 ]
Currently ENA only provides the PCI remove() handler, used during rmmod
for example. This is not called on shutdown/kexec path; we are potentially
creating a failure scenario on kexec:
(a) Kexec is triggered, no shutdown() / remove() handler is called for ENA;
instead pci_device_shutdown() clears the master bit of the PCI device,
stopping all DMA transactions;
(b) Kexec reboot happens and the device gets enabled again, likely having
its FW with that DMA transaction buffered; then it may trigger the (now
invalid) memory operation in the new kernel, corrupting kernel memory area.
This patch aims to prevent this, by implementing a shutdown() handler
quite similar to the remove() one - the difference being the handling
of the netdev, which is unregistered on remove(), but following the
convention observed in other drivers, it's only detached on shutdown().
This prevents an odd issue in AWS Nitro instances, in which after the 2nd
kexec the next one will fail with an initrd corruption, caused by a wild
DMA write to invalid kernel memory. The lspci output for the adapter
present in my instance is:
00:05.0 Ethernet controller [0200]: Amazon.com, Inc. Elastic Network
Adapter (ENA) [1d0f:ec20]
Suggested-by: Gavin Shan <gshan@redhat.com>
Signed-off-by: Guilherme G. Piccoli <gpiccoli@canonical.com>
Acked-by: Sameeh Jubran <sameehj@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/amazon/ena/ena_netdev.c | 51 +++++++++++++++++++++------
1 file changed, 41 insertions(+), 10 deletions(-)
--- a/drivers/net/ethernet/amazon/ena/ena_netdev.c
+++ b/drivers/net/ethernet/amazon/ena/ena_netdev.c
@@ -3662,13 +3662,15 @@ err_disable_device:
/*****************************************************************************/
-/* ena_remove - Device Removal Routine
+/* __ena_shutoff - Helper used in both PCI remove/shutdown routines
* @pdev: PCI device information struct
+ * @shutdown: Is it a shutdown operation? If false, means it is a removal
*
- * ena_remove is called by the PCI subsystem to alert the driver
- * that it should release a PCI device.
+ * __ena_shutoff is a helper routine that does the real work on shutdown and
+ * removal paths; the difference between those paths is with regards to whether
+ * dettach or unregister the netdevice.
*/
-static void ena_remove(struct pci_dev *pdev)
+static void __ena_shutoff(struct pci_dev *pdev, bool shutdown)
{
struct ena_adapter *adapter = pci_get_drvdata(pdev);
struct ena_com_dev *ena_dev;
@@ -3687,13 +3689,17 @@ static void ena_remove(struct pci_dev *p
cancel_work_sync(&adapter->reset_task);
- rtnl_lock();
+ rtnl_lock(); /* lock released inside the below if-else block */
ena_destroy_device(adapter, true);
- rtnl_unlock();
-
- unregister_netdev(netdev);
-
- free_netdev(netdev);
+ if (shutdown) {
+ netif_device_detach(netdev);
+ dev_close(netdev);
+ rtnl_unlock();
+ } else {
+ rtnl_unlock();
+ unregister_netdev(netdev);
+ free_netdev(netdev);
+ }
ena_com_rss_destroy(ena_dev);
@@ -3708,6 +3714,30 @@ static void ena_remove(struct pci_dev *p
vfree(ena_dev);
}
+/* ena_remove - Device Removal Routine
+ * @pdev: PCI device information struct
+ *
+ * ena_remove is called by the PCI subsystem to alert the driver
+ * that it should release a PCI device.
+ */
+
+static void ena_remove(struct pci_dev *pdev)
+{
+ __ena_shutoff(pdev, false);
+}
+
+/* ena_shutdown - Device Shutdown Routine
+ * @pdev: PCI device information struct
+ *
+ * ena_shutdown is called by the PCI subsystem to alert the driver that
+ * a shutdown/reboot (or kexec) is happening and device must be disabled.
+ */
+
+static void ena_shutdown(struct pci_dev *pdev)
+{
+ __ena_shutoff(pdev, true);
+}
+
#ifdef CONFIG_PM
/* ena_suspend - PM suspend callback
* @pdev: PCI device information struct
@@ -3757,6 +3787,7 @@ static struct pci_driver ena_pci_driver
.id_table = ena_pci_tbl,
.probe = ena_probe,
.remove = ena_remove,
+ .shutdown = ena_shutdown,
#ifdef CONFIG_PM
.suspend = ena_suspend,
.resume = ena_resume,
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 022/170] net: mvneta: Fix the case where the last poll did not process all rx
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 021/170] net: ena: Add PCI shutdown handler to allow safe kexec Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 023/170] net/packet: tpacket_rcv: avoid a producer race condition Greg Kroah-Hartman
` (147 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jisheng Zhang, David S. Miller
From: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
[ Upstream commit 065fd83e1be2e1ba0d446a257fd86a3cc7bddb51 ]
For the case where the last mvneta_poll did not process all
RX packets, we need to xor the pp->cause_rx_tx or port->cause_rx_tx
before claculating the rx_queue.
Fixes: 2dcf75e2793c ("net: mvneta: Associate RX queues with each CPU")
Signed-off-by: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/marvell/mvneta.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/net/ethernet/marvell/mvneta.c
+++ b/drivers/net/ethernet/marvell/mvneta.c
@@ -3036,11 +3036,10 @@ static int mvneta_poll(struct napi_struc
/* For the case where the last mvneta_poll did not process all
* RX packets
*/
- rx_queue = fls(((cause_rx_tx >> 8) & 0xff));
-
cause_rx_tx |= pp->neta_armada3700 ? pp->cause_rx_tx :
port->cause_rx_tx;
+ rx_queue = fls(((cause_rx_tx >> 8) & 0xff));
if (rx_queue) {
rx_queue = rx_queue - 1;
if (pp->bm_priv)
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 023/170] net/packet: tpacket_rcv: avoid a producer race condition
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 022/170] net: mvneta: Fix the case where the last poll did not process all rx Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 024/170] net: phy: dp83867: w/a for fld detect threshold bootstrapping issue Greg Kroah-Hartman
` (146 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jon Rosen, Willem de Bruijn, David S. Miller
From: Willem de Bruijn <willemb@google.com>
[ Upstream commit 61fad6816fc10fb8793a925d5c1256d1c3db0cd2 ]
PACKET_RX_RING can cause multiple writers to access the same slot if a
fast writer wraps the ring while a slow writer is still copying. This
is particularly likely with few, large, slots (e.g., GSO packets).
Synchronize kernel thread ownership of rx ring slots with a bitmap.
Writers acquire a slot race-free by testing tp_status TP_STATUS_KERNEL
while holding the sk receive queue lock. They release this lock before
copying and set tp_status to TP_STATUS_USER to release to userspace
when done. During copying, another writer may take the lock, also see
TP_STATUS_KERNEL, and start writing to the same slot.
Introduce a new rx_owner_map bitmap with a bit per slot. To acquire a
slot, test and set with the lock held. To release race-free, update
tp_status and owner bit as a transaction, so take the lock again.
This is the one of a variety of discussed options (see Link below):
* instead of a shadow ring, embed the data in the slot itself, such as
in tp_padding. But any test for this field may match a value left by
userspace, causing deadlock.
* avoid the lock on release. This leaves a small race if releasing the
shadow slot before setting TP_STATUS_USER. The below reproducer showed
that this race is not academic. If releasing the slot after tp_status,
the race is more subtle. See the first link for details.
* add a new tp_status TP_KERNEL_OWNED to avoid the transactional store
of two fields. But, legacy applications may interpret all non-zero
tp_status as owned by the user. As libpcap does. So this is possible
only opt-in by newer processes. It can be added as an optional mode.
* embed the struct at the tail of pg_vec to avoid extra allocation.
The implementation proved no less complex than a separate field.
The additional locking cost on release adds contention, no different
than scaling on multicore or multiqueue h/w. In practice, below
reproducer nor small packet tcpdump showed a noticeable change in
perf report in cycles spent in spinlock. Where contention is
problematic, packet sockets support mitigation through PACKET_FANOUT.
And we can consider adding opt-in state TP_KERNEL_OWNED.
Easy to reproduce by running multiple netperf or similar TCP_STREAM
flows concurrently with `tcpdump -B 129 -n greater 60000`.
Based on an earlier patchset by Jon Rosen. See links below.
I believe this issue goes back to the introduction of tpacket_rcv,
which predates git history.
Link: https://www.mail-archive.com/netdev@vger.kernel.org/msg237222.html
Suggested-by: Jon Rosen <jrosen@cisco.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Jon Rosen <jrosen@cisco.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/packet/af_packet.c | 21 +++++++++++++++++++++
net/packet/internal.h | 5 ++++-
2 files changed, 25 insertions(+), 1 deletion(-)
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -2172,6 +2172,7 @@ static int tpacket_rcv(struct sk_buff *s
struct timespec ts;
__u32 ts_status;
bool is_drop_n_account = false;
+ unsigned int slot_id = 0;
bool do_vnet = false;
/* struct tpacket{2,3}_hdr is aligned to a multiple of TPACKET_ALIGNMENT.
@@ -2274,6 +2275,13 @@ static int tpacket_rcv(struct sk_buff *s
if (!h.raw)
goto drop_n_account;
+ if (po->tp_version <= TPACKET_V2) {
+ slot_id = po->rx_ring.head;
+ if (test_bit(slot_id, po->rx_ring.rx_owner_map))
+ goto drop_n_account;
+ __set_bit(slot_id, po->rx_ring.rx_owner_map);
+ }
+
if (do_vnet &&
virtio_net_hdr_from_skb(skb, h.raw + macoff -
sizeof(struct virtio_net_hdr),
@@ -2379,7 +2387,10 @@ static int tpacket_rcv(struct sk_buff *s
#endif
if (po->tp_version <= TPACKET_V2) {
+ spin_lock(&sk->sk_receive_queue.lock);
__packet_set_status(po, h.raw, status);
+ __clear_bit(slot_id, po->rx_ring.rx_owner_map);
+ spin_unlock(&sk->sk_receive_queue.lock);
sk->sk_data_ready(sk);
} else {
prb_clear_blk_fill_status(&po->rx_ring);
@@ -4276,6 +4287,7 @@ static int packet_set_ring(struct sock *
{
struct pgv *pg_vec = NULL;
struct packet_sock *po = pkt_sk(sk);
+ unsigned long *rx_owner_map = NULL;
int was_running, order = 0;
struct packet_ring_buffer *rb;
struct sk_buff_head *rb_queue;
@@ -4361,6 +4373,12 @@ static int packet_set_ring(struct sock *
}
break;
default:
+ if (!tx_ring) {
+ rx_owner_map = bitmap_alloc(req->tp_frame_nr,
+ GFP_KERNEL | __GFP_NOWARN | __GFP_ZERO);
+ if (!rx_owner_map)
+ goto out_free_pg_vec;
+ }
break;
}
}
@@ -4390,6 +4408,8 @@ static int packet_set_ring(struct sock *
err = 0;
spin_lock_bh(&rb_queue->lock);
swap(rb->pg_vec, pg_vec);
+ if (po->tp_version <= TPACKET_V2)
+ swap(rb->rx_owner_map, rx_owner_map);
rb->frame_max = (req->tp_frame_nr - 1);
rb->head = 0;
rb->frame_size = req->tp_frame_size;
@@ -4421,6 +4441,7 @@ static int packet_set_ring(struct sock *
}
out_free_pg_vec:
+ bitmap_free(rx_owner_map);
if (pg_vec)
free_pg_vec(pg_vec, order, req->tp_block_nr);
out:
--- a/net/packet/internal.h
+++ b/net/packet/internal.h
@@ -70,7 +70,10 @@ struct packet_ring_buffer {
unsigned int __percpu *pending_refcnt;
- struct tpacket_kbdq_core prb_bdqc;
+ union {
+ unsigned long *rx_owner_map;
+ struct tpacket_kbdq_core prb_bdqc;
+ };
};
extern struct mutex fanout_mutex;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 024/170] net: phy: dp83867: w/a for fld detect threshold bootstrapping issue
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 023/170] net/packet: tpacket_rcv: avoid a producer race condition Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 025/170] net: phy: mdio-bcm-unimac: Fix clock handling Greg Kroah-Hartman
` (145 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Grygorii Strashko, David S. Miller
From: Grygorii Strashko <grygorii.strashko@ti.com>
[ Upstream commit 749f6f6843115b424680f1aada3c0dd613ad807c ]
When the DP83867 PHY is strapped to enable Fast Link Drop (FLD) feature
STRAP_STS2.STRAP_ FLD (reg 0x006F bit 10), the Energy Lost Threshold for
FLD Energy Lost Mode FLD_THR_CFG.ENERGY_LOST_FLD_THR (reg 0x002e bits 2:0)
will be defaulted to 0x2. This may cause the phy link to be unstable. The
new DP83867 DM recommends to always restore ENERGY_LOST_FLD_THR to 0x1.
Hence, restore default value of FLD_THR_CFG.ENERGY_LOST_FLD_THR to 0x1 when
FLD is enabled by bootstrapping as recommended by DM.
Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/phy/dp83867.c | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
--- a/drivers/net/phy/dp83867.c
+++ b/drivers/net/phy/dp83867.c
@@ -28,7 +28,8 @@
#define DP83867_CTRL 0x1f
/* Extended Registers */
-#define DP83867_CFG4 0x0031
+#define DP83867_FLD_THR_CFG 0x002e
+#define DP83867_CFG4 0x0031
#define DP83867_CFG4_SGMII_ANEG_MASK (BIT(5) | BIT(6))
#define DP83867_CFG4_SGMII_ANEG_TIMER_11MS (3 << 5)
#define DP83867_CFG4_SGMII_ANEG_TIMER_800US (2 << 5)
@@ -91,6 +92,7 @@
#define DP83867_STRAP_STS2_CLK_SKEW_RX_MASK GENMASK(2, 0)
#define DP83867_STRAP_STS2_CLK_SKEW_RX_SHIFT 0
#define DP83867_STRAP_STS2_CLK_SKEW_NONE BIT(2)
+#define DP83867_STRAP_STS2_STRAP_FLD BIT(10)
/* PHY CTRL bits */
#define DP83867_PHYCR_FIFO_DEPTH_SHIFT 14
@@ -123,6 +125,9 @@
/* CFG4 bits */
#define DP83867_CFG4_PORT_MIRROR_EN BIT(0)
+/* FLD_THR_CFG */
+#define DP83867_FLD_THR_CFG_ENERGY_LOST_THR_MASK 0x7
+
enum {
DP83867_PORT_MIRROING_KEEP,
DP83867_PORT_MIRROING_EN,
@@ -459,6 +464,20 @@ static int dp83867_config_init(struct ph
phy_clear_bits_mmd(phydev, DP83867_DEVADDR, DP83867_CFG4,
BIT(7));
+ bs = phy_read_mmd(phydev, DP83867_DEVADDR, DP83867_STRAP_STS2);
+ if (bs & DP83867_STRAP_STS2_STRAP_FLD) {
+ /* When using strap to enable FLD, the ENERGY_LOST_FLD_THR will
+ * be set to 0x2. This may causes the PHY link to be unstable -
+ * the default value 0x1 need to be restored.
+ */
+ ret = phy_modify_mmd(phydev, DP83867_DEVADDR,
+ DP83867_FLD_THR_CFG,
+ DP83867_FLD_THR_CFG_ENERGY_LOST_THR_MASK,
+ 0x1);
+ if (ret)
+ return ret;
+ }
+
if (phy_interface_is_rgmii(phydev)) {
val = phy_read(phydev, MII_DP83867_PHYCTRL);
if (val < 0)
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 025/170] net: phy: mdio-bcm-unimac: Fix clock handling
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 024/170] net: phy: dp83867: w/a for fld detect threshold bootstrapping issue Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 026/170] net: phy: mdio-mux-bcm-iproc: check clk_prepare_enable() return value Greg Kroah-Hartman
` (144 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andre Przywara, Andrew Lunn,
Florian Fainelli, David S. Miller
From: Andre Przywara <andre.przywara@arm.com>
[ Upstream commit c312c7818b86b663d32ec5d4b512abf06b23899a ]
The DT binding for this PHY describes an *optional* clock property.
Due to a bug in the error handling logic, we are actually ignoring this
clock *all* of the time so far.
Fix this by using devm_clk_get_optional() to handle this clock properly.
Fixes: b78ac6ecd1b6b ("net: phy: mdio-bcm-unimac: Allow configuring MDIO clock divider")
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/phy/mdio-bcm-unimac.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
--- a/drivers/net/phy/mdio-bcm-unimac.c
+++ b/drivers/net/phy/mdio-bcm-unimac.c
@@ -242,11 +242,9 @@ static int unimac_mdio_probe(struct plat
return -ENOMEM;
}
- priv->clk = devm_clk_get(&pdev->dev, NULL);
- if (PTR_ERR(priv->clk) == -EPROBE_DEFER)
+ priv->clk = devm_clk_get_optional(&pdev->dev, NULL);
+ if (IS_ERR(priv->clk))
return PTR_ERR(priv->clk);
- else
- priv->clk = NULL;
ret = clk_prepare_enable(priv->clk);
if (ret)
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 026/170] net: phy: mdio-mux-bcm-iproc: check clk_prepare_enable() return value
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 025/170] net: phy: mdio-bcm-unimac: Fix clock handling Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 027/170] net: qmi_wwan: add support for ASKEY WWHC050 Greg Kroah-Hartman
` (143 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rayagonda Kokatanur, Andrew Lunn,
David S. Miller
From: Rayagonda Kokatanur <rayagonda.kokatanur@broadcom.com>
[ Upstream commit 872307abbd0d9afd72171929806c2fa33dc34179 ]
Check clk_prepare_enable() return value.
Fixes: 2c7230446bc9 ("net: phy: Add pm support to Broadcom iProc mdio mux driver")
Signed-off-by: Rayagonda Kokatanur <rayagonda.kokatanur@broadcom.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/phy/mdio-mux-bcm-iproc.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/drivers/net/phy/mdio-mux-bcm-iproc.c
+++ b/drivers/net/phy/mdio-mux-bcm-iproc.c
@@ -288,8 +288,13 @@ static int mdio_mux_iproc_suspend(struct
static int mdio_mux_iproc_resume(struct device *dev)
{
struct iproc_mdiomux_desc *md = dev_get_drvdata(dev);
+ int rc;
- clk_prepare_enable(md->core_clk);
+ rc = clk_prepare_enable(md->core_clk);
+ if (rc) {
+ dev_err(md->dev, "failed to enable core clk\n");
+ return rc;
+ }
mdio_mux_iproc_config(md);
return 0;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 027/170] net: qmi_wwan: add support for ASKEY WWHC050
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 026/170] net: phy: mdio-mux-bcm-iproc: check clk_prepare_enable() return value Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 028/170] net/sched: act_ct: Fix leak of ct zone template on replace Greg Kroah-Hartman
` (142 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Cezary Jackiewicz, Pawel Dembicki,
Bjørn Mork, David S. Miller
From: Pawel Dembicki <paweldembicki@gmail.com>
[ Upstream commit 12a5ba5a1994568d4ceaff9e78c6b0329d953386 ]
ASKEY WWHC050 is a mcie LTE modem.
The oem configuration states:
T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 2 Spd=480 MxCh= 0
D: Ver= 2.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=1690 ProdID=7588 Rev=ff.ff
S: Manufacturer=Android
S: Product=Android
S: SerialNumber=813f0eef6e6e
C:* #Ifs= 6 Cfg#= 1 Atr=80 MxPwr=500mA
I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none)
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
E: Ad=88(I) Atr=03(Int.) MxPS= 8 Ivl=32ms
E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 5 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=(none)
E: Ad=89(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=125us
Tested on openwrt distribution.
Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Acked-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/usb/qmi_wwan.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/usb/qmi_wwan.c
+++ b/drivers/net/usb/qmi_wwan.c
@@ -1210,6 +1210,7 @@ static const struct usb_device_id produc
{QMI_FIXED_INTF(0x1435, 0xd182, 5)}, /* Wistron NeWeb D18 */
{QMI_FIXED_INTF(0x1435, 0xd191, 4)}, /* Wistron NeWeb D19Q1 */
{QMI_QUIRK_SET_DTR(0x1508, 0x1001, 4)}, /* Fibocom NL668 series */
+ {QMI_FIXED_INTF(0x1690, 0x7588, 4)}, /* ASKEY WWHC050 */
{QMI_FIXED_INTF(0x16d8, 0x6003, 0)}, /* CMOTech 6003 */
{QMI_FIXED_INTF(0x16d8, 0x6007, 0)}, /* CMOTech CHE-628S */
{QMI_FIXED_INTF(0x16d8, 0x6008, 0)}, /* CMOTech CMU-301 */
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 028/170] net/sched: act_ct: Fix leak of ct zone template on replace
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 027/170] net: qmi_wwan: add support for ASKEY WWHC050 Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 029/170] net_sched: cls_route: remove the right filter from hashtable Greg Kroah-Hartman
` (141 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Paul Blakey, David S. Miller
From: Paul Blakey <paulb@mellanox.com>
[ Upstream commit dd2af10402684cb5840a127caec9e7cdcff6d167 ]
Currently, on replace, the previous action instance params
is swapped with a newly allocated params. The old params is
only freed (via kfree_rcu), without releasing the allocated
ct zone template related to it.
Call tcf_ct_params_free (via call_rcu) for the old params,
so it will release it.
Fixes: b57dc7c13ea9 ("net/sched: Introduce action ct")
Signed-off-by: Paul Blakey <paulb@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sched/act_ct.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/sched/act_ct.c
+++ b/net/sched/act_ct.c
@@ -739,7 +739,7 @@ static int tcf_ct_init(struct net *net,
if (goto_ch)
tcf_chain_put_by_act(goto_ch);
if (params)
- kfree_rcu(params, rcu);
+ call_rcu(¶ms->rcu, tcf_ct_params_free);
if (res == ACT_P_CREATED)
tcf_idr_insert(tn, *a);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 029/170] net_sched: cls_route: remove the right filter from hashtable
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 028/170] net/sched: act_ct: Fix leak of ct zone template on replace Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 030/170] net_sched: hold rtnl lock in tcindex_partial_destroy_work() Greg Kroah-Hartman
` (140 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jamal Hadi Salim, Jiri Pirko,
John Fastabend, Cong Wang, David S. Miller,
syzbot+f9b32aaacd60305d9687, syzbot+2f8c233f131943d6056d,
syzbot+9c2df9fd5e9445b74e01
From: Cong Wang <xiyou.wangcong@gmail.com>
[ Upstream commit ef299cc3fa1a9e1288665a9fdc8bff55629fd359 ]
route4_change() allocates a new filter and copies values from
the old one. After the new filter is inserted into the hash
table, the old filter should be removed and freed, as the final
step of the update.
However, the current code mistakenly removes the new one. This
looks apparently wrong to me, and it causes double "free" and
use-after-free too, as reported by syzbot.
Reported-and-tested-by: syzbot+f9b32aaacd60305d9687@syzkaller.appspotmail.com
Reported-and-tested-by: syzbot+2f8c233f131943d6056d@syzkaller.appspotmail.com
Reported-and-tested-by: syzbot+9c2df9fd5e9445b74e01@syzkaller.appspotmail.com
Fixes: 1109c00547fc ("net: sched: RCU cls_route")
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Cc: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sched/cls_route.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/net/sched/cls_route.c
+++ b/net/sched/cls_route.c
@@ -534,8 +534,8 @@ static int route4_change(struct net *net
fp = &b->ht[h];
for (pfp = rtnl_dereference(*fp); pfp;
fp = &pfp->next, pfp = rtnl_dereference(*fp)) {
- if (pfp == f) {
- *fp = f->next;
+ if (pfp == fold) {
+ rcu_assign_pointer(*fp, fold->next);
break;
}
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 030/170] net_sched: hold rtnl lock in tcindex_partial_destroy_work()
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 029/170] net_sched: cls_route: remove the right filter from hashtable Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 031/170] net_sched: keep alloc_hash updated after hash allocation Greg Kroah-Hartman
` (139 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jamal Hadi Salim, Jiri Pirko,
Cong Wang, David S. Miller, syzbot+653090db2562495901dc
From: Cong Wang <xiyou.wangcong@gmail.com>
[ Upstream commit b1be2e8cd290f620777bfdb8aa00890cd2fa02b5 ]
syzbot reported a use-after-free in tcindex_dump(). This is due to
the lack of RTNL in the deferred rcu work. We queue this work with
RTNL in tcindex_change(), later, tcindex_dump() is called:
fh = tp->ops->get(tp, t->tcm_handle);
...
err = tp->ops->change(..., &fh, ...);
tfilter_notify(..., fh, ...);
but there is nothing to serialize the pending
tcindex_partial_destroy_work() with tcindex_dump().
Fix this by simply holding RTNL in tcindex_partial_destroy_work(),
so that it won't be called until RTNL is released after
tc_new_tfilter() is completed.
Reported-and-tested-by: syzbot+653090db2562495901dc@syzkaller.appspotmail.com
Fixes: 3d210534cc93 ("net_sched: fix a race condition in tcindex_destroy()")
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sched/cls_tcindex.c | 2 ++
1 file changed, 2 insertions(+)
--- a/net/sched/cls_tcindex.c
+++ b/net/sched/cls_tcindex.c
@@ -261,8 +261,10 @@ static void tcindex_partial_destroy_work
struct tcindex_data,
rwork);
+ rtnl_lock();
kfree(p->perfect);
kfree(p);
+ rtnl_unlock();
}
static void tcindex_free_perfect_hash(struct tcindex_data *cp)
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 031/170] net_sched: keep alloc_hash updated after hash allocation
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 030/170] net_sched: hold rtnl lock in tcindex_partial_destroy_work() Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 032/170] net: stmmac: dwmac-rk: fix error path in rk_gmac_probe Greg Kroah-Hartman
` (138 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jamal Hadi Salim, Jiri Pirko,
Cong Wang, David S. Miller, syzbot+dcc34d54d68ef7d2d53d,
syzbot+c72da7b9ed57cde6fca2
From: Cong Wang <xiyou.wangcong@gmail.com>
[ Upstream commit 0d1c3530e1bd38382edef72591b78e877e0edcd3 ]
In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex")
I moved cp->hash calculation before the first
tcindex_alloc_perfect_hash(), but cp->alloc_hash is left untouched.
This difference could lead to another out of bound access.
cp->alloc_hash should always be the size allocated, we should
update it after this tcindex_alloc_perfect_hash().
Reported-and-tested-by: syzbot+dcc34d54d68ef7d2d53d@syzkaller.appspotmail.com
Reported-and-tested-by: syzbot+c72da7b9ed57cde6fca2@syzkaller.appspotmail.com
Fixes: 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex")
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sched/cls_tcindex.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/sched/cls_tcindex.c
+++ b/net/sched/cls_tcindex.c
@@ -359,6 +359,7 @@ tcindex_set_parms(struct net *net, struc
if (tcindex_alloc_perfect_hash(net, cp) < 0)
goto errout;
+ cp->alloc_hash = cp->hash;
for (i = 0; i < min(cp->hash, p->hash); i++)
cp->perfect[i].res = p->perfect[i].res;
balloc = 1;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 032/170] net: stmmac: dwmac-rk: fix error path in rk_gmac_probe
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 031/170] net_sched: keep alloc_hash updated after hash allocation Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 033/170] NFC: fdp: Fix a signedness bug in fdp_nci_send_patch() Greg Kroah-Hartman
` (137 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Emil Renner Berthing, David S. Miller
From: Emil Renner Berthing <kernel@esmil.dk>
[ Upstream commit 9de9aa487daff7a5c73434c24269b44ed6a428e6 ]
Make sure we clean up devicetree related configuration
also when clock init fails.
Fixes: fecd4d7eef8b ("net: stmmac: dwmac-rk: Add integrated PHY support")
Signed-off-by: Emil Renner Berthing <kernel@esmil.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c
+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c
@@ -1411,7 +1411,7 @@ static int rk_gmac_probe(struct platform
ret = rk_gmac_clk_init(plat_dat);
if (ret)
- return ret;
+ goto err_remove_config_dt;
ret = rk_gmac_powerup(plat_dat->bsp_priv);
if (ret)
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 033/170] NFC: fdp: Fix a signedness bug in fdp_nci_send_patch()
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 032/170] net: stmmac: dwmac-rk: fix error path in rk_gmac_probe Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 034/170] r8169: re-enable MSI on RTL8168c Greg Kroah-Hartman
` (136 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dan Carpenter, David S. Miller
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 0dcdf9f64028ec3b75db6b691560f8286f3898bf ]
The nci_conn_max_data_pkt_payload_size() function sometimes returns
-EPROTO so "max_size" needs to be signed for the error handling to
work. We can make "payload_size" an int as well.
Fixes: a06347c04c13 ("NFC: Add Intel Fields Peak NFC solution driver")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nfc/fdp/fdp.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
--- a/drivers/nfc/fdp/fdp.c
+++ b/drivers/nfc/fdp/fdp.c
@@ -184,7 +184,7 @@ static int fdp_nci_send_patch(struct nci
const struct firmware *fw;
struct sk_buff *skb;
unsigned long len;
- u8 max_size, payload_size;
+ int max_size, payload_size;
int rc = 0;
if ((type == NCI_PATCH_TYPE_OTP && !info->otp_patch) ||
@@ -207,8 +207,7 @@ static int fdp_nci_send_patch(struct nci
while (len) {
- payload_size = min_t(unsigned long, (unsigned long) max_size,
- len);
+ payload_size = min_t(unsigned long, max_size, len);
skb = nci_skb_alloc(ndev, (NCI_CTRL_HDR_SIZE + payload_size),
GFP_KERNEL);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 034/170] r8169: re-enable MSI on RTL8168c
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 033/170] NFC: fdp: Fix a signedness bug in fdp_nci_send_patch() Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 035/170] slcan: not call free_netdev before rtnl_unlock in slcan_open Greg Kroah-Hartman
` (135 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Heiner Kallweit, David S. Miller
From: Heiner Kallweit <hkallweit1@gmail.com>
[ Upstream commit f13bc68131b0c0d67a77fb43444e109828a983bf ]
The original change fixed an issue on RTL8168b by mimicking the vendor
driver behavior to disable MSI on chip versions before RTL8168d.
This however now caused an issue on a system with RTL8168c, see [0].
Therefore leave MSI disabled on RTL8168b, but re-enable it on RTL8168c.
[0] https://bugzilla.redhat.com/show_bug.cgi?id=1792839
Fixes: 003bd5b4a7b4 ("r8169: don't use MSI before RTL8168d")
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/realtek/r8169_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/realtek/r8169_main.c
+++ b/drivers/net/ethernet/realtek/r8169_main.c
@@ -6579,7 +6579,7 @@ static int rtl_alloc_irq(struct rtl8169_
RTL_W8(tp, Config2, RTL_R8(tp, Config2) & ~MSIEnable);
rtl_lock_config_regs(tp);
/* fall through */
- case RTL_GIGA_MAC_VER_07 ... RTL_GIGA_MAC_VER_24:
+ case RTL_GIGA_MAC_VER_07 ... RTL_GIGA_MAC_VER_17:
flags = PCI_IRQ_LEGACY;
break;
default:
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 035/170] slcan: not call free_netdev before rtnl_unlock in slcan_open
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 034/170] r8169: re-enable MSI on RTL8168c Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 036/170] tcp: also NULL skb->dev when copy was needed Greg Kroah-Hartman
` (134 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, yangerkun, Oliver Hartkopp, David S. Miller
From: Oliver Hartkopp <socketcan@hartkopp.net>
[ Upstream commit 2091a3d42b4f339eaeed11228e0cbe9d4f92f558 ]
As the description before netdev_run_todo, we cannot call free_netdev
before rtnl_unlock, fix it by reorder the code.
This patch is a 1:1 copy of upstream slip.c commit f596c87005f7
("slip: not call free_netdev before rtnl_unlock in slip_open").
Reported-by: yangerkun <yangerkun@huawei.com>
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/can/slcan.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/net/can/slcan.c
+++ b/drivers/net/can/slcan.c
@@ -625,7 +625,10 @@ err_free_chan:
tty->disc_data = NULL;
clear_bit(SLF_INUSE, &sl->flags);
slc_free_netdev(sl->dev);
+ /* do not call free_netdev before rtnl_unlock */
+ rtnl_unlock();
free_netdev(sl->dev);
+ return err;
err_exit:
rtnl_unlock();
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 036/170] tcp: also NULL skb->dev when copy was needed
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 035/170] slcan: not call free_netdev before rtnl_unlock in slcan_open Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 037/170] tcp: ensure skb->dev is NULL before leaving TCP stack Greg Kroah-Hartman
` (133 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Florian Westphal,
David S. Miller
From: Florian Westphal <fw@strlen.de>
[ Upstream commit 07f8e4d0fddbf2f87e4cefb551278abc38db8cdd ]
In rare cases retransmit logic will make a full skb copy, which will not
trigger the zeroing added in recent change
b738a185beaa ("tcp: ensure skb->dev is NULL before leaving TCP stack").
Cc: Eric Dumazet <edumazet@google.com>
Fixes: 75c119afe14f ("tcp: implement rb-tree based retransmit queue")
Fixes: 28f8bfd1ac94 ("netfilter: Support iif matches in POSTROUTING")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/tcp_output.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -2976,8 +2976,12 @@ int __tcp_retransmit_skb(struct sock *sk
tcp_skb_tsorted_save(skb) {
nskb = __pskb_copy(skb, MAX_TCP_HEADER, GFP_ATOMIC);
- err = nskb ? tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC) :
- -ENOBUFS;
+ if (nskb) {
+ nskb->dev = NULL;
+ err = tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC);
+ } else {
+ err = -ENOBUFS;
+ }
} tcp_skb_tsorted_restore(skb);
if (!err) {
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 037/170] tcp: ensure skb->dev is NULL before leaving TCP stack
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 036/170] tcp: also NULL skb->dev when copy was needed Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 038/170] tcp: repair: fix TCP_QUEUE_SEQ implementation Greg Kroah-Hartman
` (132 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Martin Zaharinov,
Florian Westphal, Pablo Neira Ayuso, David S. Miller
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit b738a185beaab8728943acdb3e67371b8a88185e ]
skb->rbnode is sharing three skb fields : next, prev, dev
When a packet is sent, TCP keeps the original skb (master)
in a rtx queue, which was converted to rbtree a while back.
__tcp_transmit_skb() is responsible to clone the master skb,
and add the TCP header to the clone before sending it
to network layer.
skb_clone() already clears skb->next and skb->prev, but copies
the master oskb->dev into the clone.
We need to clear skb->dev, otherwise lower layers could interpret
the value as a pointer to a netdev.
This old bug surfaced recently when commit 28f8bfd1ac94
("netfilter: Support iif matches in POSTROUTING") was merged.
Before this netfilter commit, skb->dev value was ignored and
changed before reaching dev_queue_xmit()
Fixes: 75c119afe14f ("tcp: implement rb-tree based retransmit queue")
Fixes: 28f8bfd1ac94 ("netfilter: Support iif matches in POSTROUTING")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Martin Zaharinov <micron10@gmail.com>
Cc: Florian Westphal <fw@strlen.de>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/tcp_output.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -1048,6 +1048,10 @@ static int __tcp_transmit_skb(struct soc
if (unlikely(!skb))
return -ENOBUFS;
+ /* retransmit skbs might have a non zero value in skb->dev
+ * because skb->dev is aliased with skb->rbnode.rb_left
+ */
+ skb->dev = NULL;
}
inet = inet_sk(sk);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 038/170] tcp: repair: fix TCP_QUEUE_SEQ implementation
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 037/170] tcp: ensure skb->dev is NULL before leaving TCP stack Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 039/170] vxlan: check return value of gro_cells_init() Greg Kroah-Hartman
` (131 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, syzbot, David S. Miller
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 6cd6cbf593bfa3ae6fc3ed34ac21da4d35045425 ]
When application uses TCP_QUEUE_SEQ socket option to
change tp->rcv_next, we must also update tp->copied_seq.
Otherwise, stuff relying on tcp_inq() being precise can
eventually be confused.
For example, tcp_zerocopy_receive() might crash because
it does not expect tcp_recv_skb() to return NULL.
We could add tests in various places to fix the issue,
or simply make sure tcp_inq() wont return a random value,
and leave fast path as it is.
Note that this fixes ioctl(fd, SIOCINQ, &val) at the same
time.
Fixes: ee9952831cfd ("tcp: Initial repair mode")
Fixes: 05255b823a61 ("tcp: add TCP_ZEROCOPY_RECEIVE support for zerocopy receive")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/tcp.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -2947,8 +2947,10 @@ static int do_tcp_setsockopt(struct sock
err = -EPERM;
else if (tp->repair_queue == TCP_SEND_QUEUE)
WRITE_ONCE(tp->write_seq, val);
- else if (tp->repair_queue == TCP_RECV_QUEUE)
+ else if (tp->repair_queue == TCP_RECV_QUEUE) {
WRITE_ONCE(tp->rcv_nxt, val);
+ WRITE_ONCE(tp->copied_seq, val);
+ }
else
err = -EINVAL;
break;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 039/170] vxlan: check return value of gro_cells_init()
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 038/170] tcp: repair: fix TCP_QUEUE_SEQ implementation Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 040/170] Revert "net: bcmgenet: use RGMII loopback for MAC reset" Greg Kroah-Hartman
` (130 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Taehee Yoo, David S. Miller
From: Taehee Yoo <ap420073@gmail.com>
[ Upstream commit 384d91c267e621e0926062cfb3f20cb72dc16928 ]
gro_cells_init() returns error if memory allocation is failed.
But the vxlan module doesn't check the return value of gro_cells_init().
Fixes: 58ce31cca1ff ("vxlan: GRO support at tunnel layer")`
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/vxlan.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -2778,10 +2778,19 @@ static void vxlan_vs_add_dev(struct vxla
/* Setup stats when device is created */
static int vxlan_init(struct net_device *dev)
{
+ struct vxlan_dev *vxlan = netdev_priv(dev);
+ int err;
+
dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats);
if (!dev->tstats)
return -ENOMEM;
+ err = gro_cells_init(&vxlan->gro_cells, dev);
+ if (err) {
+ free_percpu(dev->tstats);
+ return err;
+ }
+
return 0;
}
@@ -3042,8 +3051,6 @@ static void vxlan_setup(struct net_devic
vxlan->dev = dev;
- gro_cells_init(&vxlan->gro_cells, dev);
-
for (h = 0; h < FDB_HASH_SIZE; ++h) {
spin_lock_init(&vxlan->hash_lock[h]);
INIT_HLIST_HEAD(&vxlan->fdb_head[h]);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 040/170] Revert "net: bcmgenet: use RGMII loopback for MAC reset"
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 039/170] vxlan: check return value of gro_cells_init() Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 041/170] net: bcmgenet: keep MAC in reset until PHY is up Greg Kroah-Hartman
` (129 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Doug Berger, Florian Fainelli,
David S. Miller
From: Doug Berger <opendmb@gmail.com>
[ Upstream commit 612eb1c3b9e504de24136c947ed7c07bc342f3aa ]
This reverts commit 3a55402c93877d291b0a612d25edb03d1b4b93ac.
This is not a good solution when connecting to an external switch
that may not support the isolation of the TXC signal resulting in
output driver contention on the pin.
A different solution is necessary.
Signed-off-by: Doug Berger <opendmb@gmail.com>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/broadcom/genet/bcmgenet.c | 2 +
drivers/net/ethernet/broadcom/genet/bcmmii.c | 34 -------------------------
2 files changed, 2 insertions(+), 34 deletions(-)
--- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c
+++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
@@ -1996,6 +1996,8 @@ static void reset_umac(struct bcmgenet_p
/* issue soft reset with (rg)mii loopback to ensure a stable rxclk */
bcmgenet_umac_writel(priv, CMD_SW_RESET | CMD_LCL_LOOP_EN, UMAC_CMD);
+ udelay(2);
+ bcmgenet_umac_writel(priv, 0, UMAC_CMD);
}
static void bcmgenet_intr_disable(struct bcmgenet_priv *priv)
--- a/drivers/net/ethernet/broadcom/genet/bcmmii.c
+++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c
@@ -181,38 +181,8 @@ int bcmgenet_mii_config(struct net_devic
const char *phy_name = NULL;
u32 id_mode_dis = 0;
u32 port_ctrl;
- int bmcr = -1;
- int ret;
u32 reg;
- /* MAC clocking workaround during reset of umac state machines */
- reg = bcmgenet_umac_readl(priv, UMAC_CMD);
- if (reg & CMD_SW_RESET) {
- /* An MII PHY must be isolated to prevent TXC contention */
- if (priv->phy_interface == PHY_INTERFACE_MODE_MII) {
- ret = phy_read(phydev, MII_BMCR);
- if (ret >= 0) {
- bmcr = ret;
- ret = phy_write(phydev, MII_BMCR,
- bmcr | BMCR_ISOLATE);
- }
- if (ret) {
- netdev_err(dev, "failed to isolate PHY\n");
- return ret;
- }
- }
- /* Switch MAC clocking to RGMII generated clock */
- bcmgenet_sys_writel(priv, PORT_MODE_EXT_GPHY, SYS_PORT_CTRL);
- /* Ensure 5 clks with Rx disabled
- * followed by 5 clks with Reset asserted
- */
- udelay(4);
- reg &= ~(CMD_SW_RESET | CMD_LCL_LOOP_EN);
- bcmgenet_umac_writel(priv, reg, UMAC_CMD);
- /* Ensure 5 more clocks before Rx is enabled */
- udelay(2);
- }
-
switch (priv->phy_interface) {
case PHY_INTERFACE_MODE_INTERNAL:
phy_name = "internal PHY";
@@ -282,10 +252,6 @@ int bcmgenet_mii_config(struct net_devic
bcmgenet_sys_writel(priv, port_ctrl, SYS_PORT_CTRL);
- /* Restore the MII PHY after isolation */
- if (bmcr >= 0)
- phy_write(phydev, MII_BMCR, bmcr);
-
priv->ext_phy = !priv->internal_phy &&
(priv->phy_interface != PHY_INTERFACE_MODE_MOCA);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 041/170] net: bcmgenet: keep MAC in reset until PHY is up
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 040/170] Revert "net: bcmgenet: use RGMII loopback for MAC reset" Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 042/170] bnxt_en: Fix Priority Bytes and Packets counters in ethtool -S Greg Kroah-Hartman
` (128 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Doug Berger, Florian Fainelli,
David S. Miller
From: Doug Berger <opendmb@gmail.com>
[ Upstream commit 88f6c8bf1aaed5039923fb4c701cab4d42176275 ]
As noted in commit 28c2d1a7a0bf ("net: bcmgenet: enable loopback
during UniMAC sw_reset") the UniMAC must be clocked at least 5
cycles while the sw_reset is asserted to ensure a clean reset.
That commit enabled local loopback to provide an Rx clock from the
GENET sourced Tx clk. However, when connected in MII mode the Tx
clk is sourced by the PHY so if an EPHY is not supplying clocks
(e.g. when the link is down) the UniMAC does not receive the
necessary clocks.
This commit extends the sw_reset window until the PHY reports that
the link is up thereby ensuring that the clocks are being provided
to the MAC to produce a clean reset.
One consequence is that if the system attempts to enter a Wake on
LAN suspend state when the PHY link has not been active the MAC
may not have had a chance to initialize cleanly. In this case, we
remove the sw_reset and enable the WoL reception path as normal
with the hope that the PHY will provide the necessary clocks to
drive the WoL blocks if the link becomes active after the system
has entered suspend.
Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file")
Signed-off-by: Doug Berger <opendmb@gmail.com>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/broadcom/genet/bcmgenet.c | 10 ++++------
drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 6 +++++-
drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 ++++++
3 files changed, 15 insertions(+), 7 deletions(-)
--- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c
+++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
@@ -1972,6 +1972,8 @@ static void umac_enable_set(struct bcmge
u32 reg;
reg = bcmgenet_umac_readl(priv, UMAC_CMD);
+ if (reg & CMD_SW_RESET)
+ return;
if (enable)
reg |= mask;
else
@@ -1991,13 +1993,9 @@ static void reset_umac(struct bcmgenet_p
bcmgenet_rbuf_ctrl_set(priv, 0);
udelay(10);
- /* disable MAC while updating its registers */
- bcmgenet_umac_writel(priv, 0, UMAC_CMD);
-
- /* issue soft reset with (rg)mii loopback to ensure a stable rxclk */
- bcmgenet_umac_writel(priv, CMD_SW_RESET | CMD_LCL_LOOP_EN, UMAC_CMD);
+ /* issue soft reset and disable MAC while updating its registers */
+ bcmgenet_umac_writel(priv, CMD_SW_RESET, UMAC_CMD);
udelay(2);
- bcmgenet_umac_writel(priv, 0, UMAC_CMD);
}
static void bcmgenet_intr_disable(struct bcmgenet_priv *priv)
--- a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c
+++ b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c
@@ -132,8 +132,12 @@ int bcmgenet_wol_power_down_cfg(struct b
return -EINVAL;
}
- /* disable RX */
+ /* Can't suspend with WoL if MAC is still in reset */
reg = bcmgenet_umac_readl(priv, UMAC_CMD);
+ if (reg & CMD_SW_RESET)
+ reg &= ~CMD_SW_RESET;
+
+ /* disable RX */
reg &= ~CMD_RX_EN;
bcmgenet_umac_writel(priv, reg, UMAC_CMD);
mdelay(10);
--- a/drivers/net/ethernet/broadcom/genet/bcmmii.c
+++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c
@@ -95,6 +95,12 @@ void bcmgenet_mii_setup(struct net_devic
CMD_HD_EN |
CMD_RX_PAUSE_IGNORE | CMD_TX_PAUSE_IGNORE);
reg |= cmd_bits;
+ if (reg & CMD_SW_RESET) {
+ reg &= ~CMD_SW_RESET;
+ bcmgenet_umac_writel(priv, reg, UMAC_CMD);
+ udelay(2);
+ reg |= CMD_TX_EN | CMD_RX_EN;
+ }
bcmgenet_umac_writel(priv, reg, UMAC_CMD);
} else {
/* done if nothing has changed */
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 042/170] bnxt_en: Fix Priority Bytes and Packets counters in ethtool -S.
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 041/170] net: bcmgenet: keep MAC in reset until PHY is up Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 043/170] bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets() Greg Kroah-Hartman
` (127 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michael Chan, David S. Miller
From: Michael Chan <michael.chan@broadcom.com>
[ Upstream commit a24ec3220f369aa0b94c863b6b310685a727151c ]
There is an indexing bug in determining these ethtool priority
counters. Instead of using the queue ID to index, we need to
normalize by modulo 10 to get the index. This index is then used
to obtain the proper CoS queue counter. Rename bp->pri2cos to
bp->pri2cos_idx to make this more clear.
Fixes: e37fed790335 ("bnxt_en: Add ethtool -S priority counters.")
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 10 +++++++++-
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 2 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 8 ++++----
3 files changed, 14 insertions(+), 6 deletions(-)
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -7406,14 +7406,22 @@ static int bnxt_hwrm_port_qstats_ext(str
pri2cos = &resp2->pri0_cos_queue_id;
for (i = 0; i < 8; i++) {
u8 queue_id = pri2cos[i];
+ u8 queue_idx;
+ /* Per port queue IDs start from 0, 10, 20, etc */
+ queue_idx = queue_id % 10;
+ if (queue_idx > BNXT_MAX_QUEUE) {
+ bp->pri2cos_valid = false;
+ goto qstats_done;
+ }
for (j = 0; j < bp->max_q; j++) {
if (bp->q_ids[j] == queue_id)
- bp->pri2cos[i] = j;
+ bp->pri2cos_idx[i] = queue_idx;
}
}
bp->pri2cos_valid = 1;
}
+qstats_done:
mutex_unlock(&bp->hwrm_cmd_lock);
return rc;
}
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -1714,7 +1714,7 @@ struct bnxt {
u16 fw_rx_stats_ext_size;
u16 fw_tx_stats_ext_size;
u16 hw_ring_stats_size;
- u8 pri2cos[8];
+ u8 pri2cos_idx[8];
u8 pri2cos_valid;
u16 hwrm_max_req_len;
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
@@ -589,25 +589,25 @@ skip_ring_stats:
if (bp->pri2cos_valid) {
for (i = 0; i < 8; i++, j++) {
long n = bnxt_rx_bytes_pri_arr[i].base_off +
- bp->pri2cos[i];
+ bp->pri2cos_idx[i];
buf[j] = le64_to_cpu(*(rx_port_stats_ext + n));
}
for (i = 0; i < 8; i++, j++) {
long n = bnxt_rx_pkts_pri_arr[i].base_off +
- bp->pri2cos[i];
+ bp->pri2cos_idx[i];
buf[j] = le64_to_cpu(*(rx_port_stats_ext + n));
}
for (i = 0; i < 8; i++, j++) {
long n = bnxt_tx_bytes_pri_arr[i].base_off +
- bp->pri2cos[i];
+ bp->pri2cos_idx[i];
buf[j] = le64_to_cpu(*(tx_port_stats_ext + n));
}
for (i = 0; i < 8; i++, j++) {
long n = bnxt_tx_pkts_pri_arr[i].base_off +
- bp->pri2cos[i];
+ bp->pri2cos_idx[i];
buf[j] = le64_to_cpu(*(tx_port_stats_ext + n));
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 043/170] bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets()
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 042/170] bnxt_en: Fix Priority Bytes and Packets counters in ethtool -S Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 044/170] bnxt_en: Return error if bnxt_alloc_ctx_mem() fails Greg Kroah-Hartman
` (126 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Edwin Peer, Michael Chan, David S. Miller
From: Edwin Peer <edwin.peer@broadcom.com>
[ Upstream commit 62d4073e86e62e316bea2c53e77db10418fd5dd7 ]
The allocated ieee_ets structure goes out of scope without being freed,
leaking memory. Appropriate result codes should be returned so that
callers do not rely on invalid data passed by reference.
Also cache the ETS config retrieved from the device so that it doesn't
need to be freed. The balance of the code was clearly written with the
intent of having the results of querying the hardware cached in the
device structure. The commensurate store was evidently missed though.
Fixes: 7df4ae9fe855 ("bnxt_en: Implement DCBNL to support host-based DCBX.")
Signed-off-by: Edwin Peer <edwin.peer@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c
@@ -479,24 +479,26 @@ static int bnxt_dcbnl_ieee_getets(struct
{
struct bnxt *bp = netdev_priv(dev);
struct ieee_ets *my_ets = bp->ieee_ets;
+ int rc;
ets->ets_cap = bp->max_tc;
if (!my_ets) {
- int rc;
-
if (bp->dcbx_cap & DCB_CAP_DCBX_HOST)
return 0;
my_ets = kzalloc(sizeof(*my_ets), GFP_KERNEL);
if (!my_ets)
- return 0;
+ return -ENOMEM;
rc = bnxt_hwrm_queue_cos2bw_qcfg(bp, my_ets);
if (rc)
- return 0;
+ goto error;
rc = bnxt_hwrm_queue_pri2cos_qcfg(bp, my_ets);
if (rc)
- return 0;
+ goto error;
+
+ /* cache result */
+ bp->ieee_ets = my_ets;
}
ets->cbs = my_ets->cbs;
@@ -505,6 +507,9 @@ static int bnxt_dcbnl_ieee_getets(struct
memcpy(ets->tc_tsa, my_ets->tc_tsa, sizeof(ets->tc_tsa));
memcpy(ets->prio_tc, my_ets->prio_tc, sizeof(ets->prio_tc));
return 0;
+error:
+ kfree(my_ets);
+ return rc;
}
static int bnxt_dcbnl_ieee_setets(struct net_device *dev, struct ieee_ets *ets)
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 044/170] bnxt_en: Return error if bnxt_alloc_ctx_mem() fails.
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 043/170] bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets() Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 045/170] bnxt_en: Free context memory after disabling PCI in probe error path Greg Kroah-Hartman
` (125 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michael Chan, David S. Miller
From: Michael Chan <michael.chan@broadcom.com>
[ Upstream commit 0b5b561cea32d5bb1e0a82d65b755a3cb5212141 ]
The current code ignores the return value from
bnxt_hwrm_func_backing_store_cfg(), causing the driver to proceed in
the init path even when this vital firmware call has failed. Fix it
by propagating the error code to the caller.
Fixes: 1b9394e5a2ad ("bnxt_en: Configure context memory on new devices.")
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -6880,12 +6880,12 @@ skip_rdma:
}
ena |= FUNC_BACKING_STORE_CFG_REQ_DFLT_ENABLES;
rc = bnxt_hwrm_func_backing_store_cfg(bp, ena);
- if (rc)
+ if (rc) {
netdev_err(bp->dev, "Failed configuring context mem, rc = %d.\n",
rc);
- else
- ctx->flags |= BNXT_CTX_FLAG_INITED;
-
+ return rc;
+ }
+ ctx->flags |= BNXT_CTX_FLAG_INITED;
return 0;
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 045/170] bnxt_en: Free context memory after disabling PCI in probe error path.
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 044/170] bnxt_en: Return error if bnxt_alloc_ctx_mem() fails Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 046/170] bnxt_en: Reset rings if ring reservation fails during open() Greg Kroah-Hartman
` (124 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michael Chan, David S. Miller
From: Michael Chan <michael.chan@broadcom.com>
[ Upstream commit 62bfb932a51f6d08eb409248e69f8d6428c2cabd ]
Other shutdown code paths will always disable PCI first to shutdown DMA
before freeing context memory. Do the same sequence in the error path
of probe to be safe and consistent.
Fixes: c20dc142dd7b ("bnxt_en: Disable bus master during PCI shutdown and driver unload.")
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -11959,12 +11959,12 @@ init_err_pci_clean:
bnxt_hwrm_func_drv_unrgtr(bp);
bnxt_free_hwrm_short_cmd_req(bp);
bnxt_free_hwrm_resources(bp);
- bnxt_free_ctx_mem(bp);
- kfree(bp->ctx);
- bp->ctx = NULL;
kfree(bp->fw_health);
bp->fw_health = NULL;
bnxt_cleanup_pci(bp);
+ bnxt_free_ctx_mem(bp);
+ kfree(bp->ctx);
+ bp->ctx = NULL;
init_err_free:
free_netdev(dev);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 046/170] bnxt_en: Reset rings if ring reservation fails during open()
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 045/170] bnxt_en: Free context memory after disabling PCI in probe error path Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 047/170] net: ena: fix incorrect setting of the number of msix vectors Greg Kroah-Hartman
` (123 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vasundhara Volam, Michael Chan,
David S. Miller
From: Vasundhara Volam <vasundhara-v.volam@broadcom.com>
[ Upstream commit 5d765a5e4bd7c368e564e11402bba74cf7f03ac1 ]
If ring counts are not reset when ring reservation fails,
bnxt_init_dflt_ring_mode() will not be called again to reinitialise
IRQs when open() is called and results in system crash as napi will
also be not initialised. This patch fixes it by resetting the ring
counts.
Fixes: 47558acd56a7 ("bnxt_en: Reserve rings at driver open if none was reserved at probe time.")
Signed-off-by: Vasundhara Volam <vasundhara-v.volam@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -11666,6 +11666,10 @@ static int bnxt_set_dflt_rings(struct bn
bp->rx_nr_rings++;
bp->cp_nr_rings++;
}
+ if (rc) {
+ bp->tx_nr_rings = 0;
+ bp->rx_nr_rings = 0;
+ }
return rc;
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 047/170] net: ena: fix incorrect setting of the number of msix vectors
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 046/170] bnxt_en: Reset rings if ring reservation fails during open() Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 048/170] net: ena: fix request of incorrect number of IRQ vectors Greg Kroah-Hartman
` (122 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sameeh Jubran, Arthur Kiyanovski,
David S. Miller
From: Arthur Kiyanovski <akiyano@amazon.com>
[ Upstream commit ce1f352162828ba07470328828a32f47aa759020 ]
Overview:
We don't frequently change the msix vectors throughout the life cycle of
the driver. We do so in two functions: ena_probe() and ena_restore().
ena_probe() is only called when the driver is loaded. ena_restore() on the
other hand is called during device reset / resume operations.
We use num_io_queues for calculating and allocating the number of msix
vectors. At ena_probe() this value is equal to max_num_io_queues and thus
this is not an issue, however ena_restore() might be called after the
number of io queues has changed.
A possible bug scenario is as follows:
* Change number of queues from 8 to 4.
(num_io_queues = 4, max_num_io_queues = 8, msix_vecs = 9,)
* Trigger reset occurs -> ena_restore is called.
(num_io_queues = 4, max_num_io_queues =8 , msix_vecs = 5)
* Change number of queues from 4 to 6.
(num_io_queues = 6, max_num_io_queues = 8, msix_vecs = 5)
* The driver will reset due to failure of check_for_rx_interrupt_queue()
Fix:
This can be easily fixed by always using max_num_io_queues to init the
msix_vecs, since this number won't change as opposed to num_io_queues.
Fixes: 4d19266022ec ("net: ena: multiple queue creation related cleanups")
Signed-off-by: Sameeh Jubran <sameehj@amazon.com>
Signed-off-by: Arthur Kiyanovski <akiyano@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/amazon/ena/ena_netdev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/amazon/ena/ena_netdev.c
+++ b/drivers/net/ethernet/amazon/ena/ena_netdev.c
@@ -1346,7 +1346,7 @@ static int ena_enable_msix(struct ena_ad
}
/* Reserved the max msix vectors we might need */
- msix_vecs = ENA_MAX_MSIX_VEC(adapter->num_io_queues);
+ msix_vecs = ENA_MAX_MSIX_VEC(adapter->max_num_io_queues);
netif_dbg(adapter, probe, adapter->netdev,
"trying to enable MSI-X, vectors %d\n", msix_vecs);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 048/170] net: ena: fix request of incorrect number of IRQ vectors
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 047/170] net: ena: fix incorrect setting of the number of msix vectors Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 049/170] net: ena: avoid memory access violation by validating req_id properly Greg Kroah-Hartman
` (121 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sameeh Jubran, Arthur Kiyanovski,
David S. Miller
From: Arthur Kiyanovski <akiyano@amazon.com>
[ Upstream commit e02ae6ed51be3d28923bfd318ae57000f5643da5 ]
Bug:
In short the main issue is caused by the fact that the number of queues
is changed using ethtool after ena_probe() has been called and before
ena_up() was executed. Here is the full scenario in detail:
* ena_probe() is called when the driver is loaded, the driver is not up
yet at the end of ena_probe().
* The number of queues is changed -> io_queue_count is changed as well -
ena_up() is not called since the "dev_was_up" boolean in
ena_update_queue_count() is false.
* ena_up() is called by the kernel (it's called asynchronously some
time after ena_probe()). ena_setup_io_intr() is called by ena_up() and
it uses io_queue_count to get the suitable irq lines for each msix
vector. The function ena_request_io_irq() is called right after that
and it uses msix_vecs - This value only changes during ena_probe() and
ena_restore() - to request the irq vectors. This results in "Failed to
request I/O IRQ" error for i > io_queue_count.
Numeric example:
* After ena_probe() io_queue_count = 8, msix_vecs = 9.
* The number of queues changes to 4 -> io_queue_count = 4, msix_vecs = 9.
* ena_up() is executed for the first time:
** ena_setup_io_intr() inits the vectors only up to io_queue_count.
** ena_request_io_irq() calls request_irq() and fails for i = 5.
How to reproduce:
simply run the following commands:
sudo rmmod ena && sudo insmod ena.ko;
sudo ethtool -L eth1 combined 3;
Fix:
Use ENA_MAX_MSIX_VEC(adapter->num_io_queues + adapter->xdp_num_queues)
instead of adapter->msix_vecs. We need to take XDP queues into
consideration as they need to have msix vectors assigned to them as well.
Note that the XDP cannot be attached before the driver is up and running
but in XDP mode the issue might occur when the number of queues changes
right after a reset trigger.
The ENA_MAX_MSIX_VEC simply adds one to the argument since the first msix
vector is reserved for management queue.
Fixes: 1738cd3ed342 ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)")
Signed-off-by: Sameeh Jubran <sameehj@amazon.com>
Signed-off-by: Arthur Kiyanovski <akiyano@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/amazon/ena/ena_netdev.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/drivers/net/ethernet/amazon/ena/ena_netdev.c
+++ b/drivers/net/ethernet/amazon/ena/ena_netdev.c
@@ -1444,6 +1444,7 @@ static int ena_request_mgmnt_irq(struct
static int ena_request_io_irq(struct ena_adapter *adapter)
{
+ u32 io_queue_count = adapter->num_io_queues;
unsigned long flags = 0;
struct ena_irq *irq;
int rc = 0, i, k;
@@ -1454,7 +1455,7 @@ static int ena_request_io_irq(struct ena
return -EINVAL;
}
- for (i = ENA_IO_IRQ_FIRST_IDX; i < adapter->msix_vecs; i++) {
+ for (i = ENA_IO_IRQ_FIRST_IDX; i < ENA_MAX_MSIX_VEC(io_queue_count); i++) {
irq = &adapter->irq_tbl[i];
rc = request_irq(irq->vector, irq->handler, flags, irq->name,
irq->data);
@@ -1495,6 +1496,7 @@ static void ena_free_mgmnt_irq(struct en
static void ena_free_io_irq(struct ena_adapter *adapter)
{
+ u32 io_queue_count = adapter->num_io_queues;
struct ena_irq *irq;
int i;
@@ -1505,7 +1507,7 @@ static void ena_free_io_irq(struct ena_a
}
#endif /* CONFIG_RFS_ACCEL */
- for (i = ENA_IO_IRQ_FIRST_IDX; i < adapter->msix_vecs; i++) {
+ for (i = ENA_IO_IRQ_FIRST_IDX; i < ENA_MAX_MSIX_VEC(io_queue_count); i++) {
irq = &adapter->irq_tbl[i];
irq_set_affinity_hint(irq->vector, NULL);
free_irq(irq->vector, irq->data);
@@ -1520,12 +1522,13 @@ static void ena_disable_msix(struct ena_
static void ena_disable_io_intr_sync(struct ena_adapter *adapter)
{
+ u32 io_queue_count = adapter->num_io_queues;
int i;
if (!netif_running(adapter->netdev))
return;
- for (i = ENA_IO_IRQ_FIRST_IDX; i < adapter->msix_vecs; i++)
+ for (i = ENA_IO_IRQ_FIRST_IDX; i < ENA_MAX_MSIX_VEC(io_queue_count); i++)
synchronize_irq(adapter->irq_tbl[i].vector);
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 049/170] net: ena: avoid memory access violation by validating req_id properly
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 048/170] net: ena: fix request of incorrect number of IRQ vectors Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 050/170] net: ena: fix continuous keep-alive resets Greg Kroah-Hartman
` (120 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Noam Dagan, Arthur Kiyanovski,
David S. Miller
From: Arthur Kiyanovski <akiyano@amazon.com>
[ Upstream commit 30623e1ed116bcd1785217d0a98eec643687e091 ]
Rx req_id is an index in struct ena_eth_io_rx_cdesc_base.
The driver should validate that the Rx req_id it received from
the device is in range [0, ring_size -1]. Failure to do so could
yield to potential memory access violoation.
The validation was mistakenly done when refilling
the Rx submission queue and not in Rx completion queue.
Fixes: ad974baef2a1 ("net: ena: add support for out of order rx buffers refill")
Signed-off-by: Noam Dagan <ndagan@amazon.com>
Signed-off-by: Arthur Kiyanovski <akiyano@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/amazon/ena/ena_netdev.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
--- a/drivers/net/ethernet/amazon/ena/ena_netdev.c
+++ b/drivers/net/ethernet/amazon/ena/ena_netdev.c
@@ -532,13 +532,9 @@ static int ena_refill_rx_bufs(struct ena
struct ena_rx_buffer *rx_info;
req_id = rx_ring->free_ids[next_to_use];
- rc = validate_rx_req_id(rx_ring, req_id);
- if (unlikely(rc < 0))
- break;
rx_info = &rx_ring->rx_buffer_info[req_id];
-
rc = ena_alloc_rx_page(rx_ring, rx_info,
GFP_ATOMIC | __GFP_COMP);
if (unlikely(rc < 0)) {
@@ -868,9 +864,15 @@ static struct sk_buff *ena_rx_skb(struct
struct ena_rx_buffer *rx_info;
u16 len, req_id, buf = 0;
void *va;
+ int rc;
len = ena_bufs[buf].len;
req_id = ena_bufs[buf].req_id;
+
+ rc = validate_rx_req_id(rx_ring, req_id);
+ if (unlikely(rc < 0))
+ return NULL;
+
rx_info = &rx_ring->rx_buffer_info[req_id];
if (unlikely(!rx_info->page)) {
@@ -943,6 +945,11 @@ static struct sk_buff *ena_rx_skb(struct
buf++;
len = ena_bufs[buf].len;
req_id = ena_bufs[buf].req_id;
+
+ rc = validate_rx_req_id(rx_ring, req_id);
+ if (unlikely(rc < 0))
+ return NULL;
+
rx_info = &rx_ring->rx_buffer_info[req_id];
} while (1);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 050/170] net: ena: fix continuous keep-alive resets
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 049/170] net: ena: avoid memory access violation by validating req_id properly Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 051/170] net: ip_gre: Separate ERSPAN newlink / changelink callbacks Greg Kroah-Hartman
` (119 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Noam Dagan, Arthur Kiyanovski,
David S. Miller
From: Arthur Kiyanovski <akiyano@amazon.com>
[ Upstream commit dfdde1345bc124816f0fd42fa91b8748051e758e ]
last_keep_alive_jiffies is updated in probe and when a keep-alive
event is received. In case the driver times-out on a keep-alive event,
it has high chances of continuously timing-out on keep-alive events.
This is because when the driver recovers from the keep-alive-timeout reset
the value of last_keep_alive_jiffies is very old, and if a keep-alive
event is not received before the next timer expires, the value of
last_keep_alive_jiffies will cause another keep-alive-timeout reset
and so forth in a loop.
Solution:
Update last_keep_alive_jiffies whenever the device is restored after
reset.
Fixes: 1738cd3ed342 ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)")
Signed-off-by: Noam Dagan <ndagan@amazon.com>
Signed-off-by: Arthur Kiyanovski <akiyano@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/amazon/ena/ena_netdev.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/ethernet/amazon/ena/ena_netdev.c
+++ b/drivers/net/ethernet/amazon/ena/ena_netdev.c
@@ -2832,6 +2832,7 @@ static int ena_restore_device(struct ena
netif_carrier_on(adapter->netdev);
mod_timer(&adapter->timer_service, round_jiffies(jiffies + HZ));
+ adapter->last_keep_alive_jiffies = jiffies;
dev_err(&pdev->dev,
"Device reset completed successfully, Driver info: %s\n",
version);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 051/170] net: ip_gre: Separate ERSPAN newlink / changelink callbacks
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 050/170] net: ena: fix continuous keep-alive resets Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 052/170] net: ip_gre: Accept IFLA_INFO_DATA-less configuration Greg Kroah-Hartman
` (118 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Petr Machata, David S. Miller
From: Petr Machata <petrm@mellanox.com>
[ Upstream commit e1f8f78ffe9854308b9e12a73ebe4e909074fc33 ]
ERSPAN shares most of the code path with GRE and gretap code. While that
helps keep the code compact, it is also error prone. Currently a broken
userspace can turn a gretap tunnel into a de facto ERSPAN one by passing
IFLA_GRE_ERSPAN_VER. There has been a similar issue in ip6gretap in the
past.
To prevent these problems in future, split the newlink and changelink code
paths. Split the ERSPAN code out of ipgre_netlink_parms() into a new
function erspan_netlink_parms(). Extract a piece of common logic from
ipgre_newlink() and ipgre_changelink() into ipgre_newlink_encap_setup().
Add erspan_newlink() and erspan_changelink().
Fixes: 84e54fe0a5ea ("gre: introduce native tunnel support for ERSPAN")
Signed-off-by: Petr Machata <petrm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/ip_gre.c | 103 ++++++++++++++++++++++++++++++++++++++++++++----------
1 file changed, 85 insertions(+), 18 deletions(-)
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -1153,6 +1153,22 @@ static int ipgre_netlink_parms(struct ne
if (data[IFLA_GRE_FWMARK])
*fwmark = nla_get_u32(data[IFLA_GRE_FWMARK]);
+ return 0;
+}
+
+static int erspan_netlink_parms(struct net_device *dev,
+ struct nlattr *data[],
+ struct nlattr *tb[],
+ struct ip_tunnel_parm *parms,
+ __u32 *fwmark)
+{
+ struct ip_tunnel *t = netdev_priv(dev);
+ int err;
+
+ err = ipgre_netlink_parms(dev, data, tb, parms, fwmark);
+ if (err)
+ return err;
+
if (data[IFLA_GRE_ERSPAN_VER]) {
t->erspan_ver = nla_get_u8(data[IFLA_GRE_ERSPAN_VER]);
@@ -1276,45 +1292,70 @@ static void ipgre_tap_setup(struct net_d
ip_tunnel_setup(dev, gre_tap_net_id);
}
-static int ipgre_newlink(struct net *src_net, struct net_device *dev,
- struct nlattr *tb[], struct nlattr *data[],
- struct netlink_ext_ack *extack)
+static int
+ipgre_newlink_encap_setup(struct net_device *dev, struct nlattr *data[])
{
- struct ip_tunnel_parm p;
struct ip_tunnel_encap ipencap;
- __u32 fwmark = 0;
- int err;
if (ipgre_netlink_encap_parms(data, &ipencap)) {
struct ip_tunnel *t = netdev_priv(dev);
- err = ip_tunnel_encap_setup(t, &ipencap);
+ int err = ip_tunnel_encap_setup(t, &ipencap);
if (err < 0)
return err;
}
+ return 0;
+}
+
+static int ipgre_newlink(struct net *src_net, struct net_device *dev,
+ struct nlattr *tb[], struct nlattr *data[],
+ struct netlink_ext_ack *extack)
+{
+ struct ip_tunnel_parm p;
+ __u32 fwmark = 0;
+ int err;
+
+ err = ipgre_newlink_encap_setup(dev, data);
+ if (err)
+ return err;
+
err = ipgre_netlink_parms(dev, data, tb, &p, &fwmark);
if (err < 0)
return err;
return ip_tunnel_newlink(dev, tb, &p, fwmark);
}
+static int erspan_newlink(struct net *src_net, struct net_device *dev,
+ struct nlattr *tb[], struct nlattr *data[],
+ struct netlink_ext_ack *extack)
+{
+ struct ip_tunnel_parm p;
+ __u32 fwmark = 0;
+ int err;
+
+ err = ipgre_newlink_encap_setup(dev, data);
+ if (err)
+ return err;
+
+ err = erspan_netlink_parms(dev, data, tb, &p, &fwmark);
+ if (err)
+ return err;
+ return ip_tunnel_newlink(dev, tb, &p, fwmark);
+}
+
static int ipgre_changelink(struct net_device *dev, struct nlattr *tb[],
struct nlattr *data[],
struct netlink_ext_ack *extack)
{
struct ip_tunnel *t = netdev_priv(dev);
- struct ip_tunnel_encap ipencap;
__u32 fwmark = t->fwmark;
struct ip_tunnel_parm p;
int err;
- if (ipgre_netlink_encap_parms(data, &ipencap)) {
- err = ip_tunnel_encap_setup(t, &ipencap);
-
- if (err < 0)
- return err;
- }
+ err = ipgre_newlink_encap_setup(dev, data);
+ if (err)
+ return err;
err = ipgre_netlink_parms(dev, data, tb, &p, &fwmark);
if (err < 0)
@@ -1327,8 +1368,34 @@ static int ipgre_changelink(struct net_d
t->parms.i_flags = p.i_flags;
t->parms.o_flags = p.o_flags;
- if (strcmp(dev->rtnl_link_ops->kind, "erspan"))
- ipgre_link_update(dev, !tb[IFLA_MTU]);
+ ipgre_link_update(dev, !tb[IFLA_MTU]);
+
+ return 0;
+}
+
+static int erspan_changelink(struct net_device *dev, struct nlattr *tb[],
+ struct nlattr *data[],
+ struct netlink_ext_ack *extack)
+{
+ struct ip_tunnel *t = netdev_priv(dev);
+ __u32 fwmark = t->fwmark;
+ struct ip_tunnel_parm p;
+ int err;
+
+ err = ipgre_newlink_encap_setup(dev, data);
+ if (err)
+ return err;
+
+ err = erspan_netlink_parms(dev, data, tb, &p, &fwmark);
+ if (err < 0)
+ return err;
+
+ err = ip_tunnel_changelink(dev, tb, &p, fwmark);
+ if (err < 0)
+ return err;
+
+ t->parms.i_flags = p.i_flags;
+ t->parms.o_flags = p.o_flags;
return 0;
}
@@ -1519,8 +1586,8 @@ static struct rtnl_link_ops erspan_link_
.priv_size = sizeof(struct ip_tunnel),
.setup = erspan_setup,
.validate = erspan_validate,
- .newlink = ipgre_newlink,
- .changelink = ipgre_changelink,
+ .newlink = erspan_newlink,
+ .changelink = erspan_changelink,
.dellink = ip_tunnel_dellink,
.get_size = ipgre_get_size,
.fill_info = ipgre_fill_info,
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 052/170] net: ip_gre: Accept IFLA_INFO_DATA-less configuration
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 051/170] net: ip_gre: Separate ERSPAN newlink / changelink callbacks Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 053/170] hsr: use rcu_read_lock() in hsr_get_node_{list/status}() Greg Kroah-Hartman
` (117 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+1b4ebf4dae4e510dd219,
Petr Machata, David S. Miller
From: Petr Machata <petrm@mellanox.com>
[ Upstream commit 32ca98feab8c9076c89c0697c5a85e46fece809d ]
The fix referenced below causes a crash when an ERSPAN tunnel is created
without passing IFLA_INFO_DATA. Fix by validating passed-in data in the
same way as ipgre does.
Fixes: e1f8f78ffe98 ("net: ip_gre: Separate ERSPAN newlink / changelink callbacks")
Reported-by: syzbot+1b4ebf4dae4e510dd219@syzkaller.appspotmail.com
Signed-off-by: Petr Machata <petrm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/ip_gre.c | 2 ++
1 file changed, 2 insertions(+)
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -1168,6 +1168,8 @@ static int erspan_netlink_parms(struct n
err = ipgre_netlink_parms(dev, data, tb, parms, fwmark);
if (err)
return err;
+ if (!data)
+ return 0;
if (data[IFLA_GRE_ERSPAN_VER]) {
t->erspan_ver = nla_get_u8(data[IFLA_GRE_ERSPAN_VER]);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 053/170] hsr: use rcu_read_lock() in hsr_get_node_{list/status}()
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 052/170] net: ip_gre: Accept IFLA_INFO_DATA-less configuration Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 054/170] hsr: add restart routine into hsr_get_node_list() Greg Kroah-Hartman
` (116 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Taehee Yoo, David S. Miller
From: Taehee Yoo <ap420073@gmail.com>
[ Upstream commit 173756b86803655d70af7732079b3aa935e6ab68 ]
hsr_get_node_{list/status}() are not under rtnl_lock() because
they are callback functions of generic netlink.
But they use __dev_get_by_index() without rtnl_lock().
So, it would use unsafe data.
In order to fix it, rcu_read_lock() and dev_get_by_index_rcu()
are used instead of __dev_get_by_index().
Fixes: f421436a591d ("net/hsr: Add support for the High-availability Seamless Redundancy protocol (HSRv0)")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/hsr/hsr_framereg.c | 9 ++-------
net/hsr/hsr_netlink.c | 39 +++++++++++++++++++++------------------
2 files changed, 23 insertions(+), 25 deletions(-)
--- a/net/hsr/hsr_framereg.c
+++ b/net/hsr/hsr_framereg.c
@@ -482,12 +482,9 @@ int hsr_get_node_data(struct hsr_priv *h
struct hsr_port *port;
unsigned long tdiff;
- rcu_read_lock();
node = find_node_by_addr_A(&hsr->node_db, addr);
- if (!node) {
- rcu_read_unlock();
- return -ENOENT; /* No such entry */
- }
+ if (!node)
+ return -ENOENT;
ether_addr_copy(addr_b, node->macaddress_B);
@@ -522,7 +519,5 @@ int hsr_get_node_data(struct hsr_priv *h
*addr_b_ifindex = -1;
}
- rcu_read_unlock();
-
return 0;
}
--- a/net/hsr/hsr_netlink.c
+++ b/net/hsr/hsr_netlink.c
@@ -251,15 +251,16 @@ static int hsr_get_node_status(struct sk
if (!na)
goto invalid;
- hsr_dev = __dev_get_by_index(genl_info_net(info),
- nla_get_u32(info->attrs[HSR_A_IFINDEX]));
+ rcu_read_lock();
+ hsr_dev = dev_get_by_index_rcu(genl_info_net(info),
+ nla_get_u32(info->attrs[HSR_A_IFINDEX]));
if (!hsr_dev)
- goto invalid;
+ goto rcu_unlock;
if (!is_hsr_master(hsr_dev))
- goto invalid;
+ goto rcu_unlock;
/* Send reply */
- skb_out = genlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
+ skb_out = genlmsg_new(NLMSG_GOODSIZE, GFP_ATOMIC);
if (!skb_out) {
res = -ENOMEM;
goto fail;
@@ -313,12 +314,10 @@ static int hsr_get_node_status(struct sk
res = nla_put_u16(skb_out, HSR_A_IF1_SEQ, hsr_node_if1_seq);
if (res < 0)
goto nla_put_failure;
- rcu_read_lock();
port = hsr_port_get_hsr(hsr, HSR_PT_SLAVE_A);
if (port)
res = nla_put_u32(skb_out, HSR_A_IF1_IFINDEX,
port->dev->ifindex);
- rcu_read_unlock();
if (res < 0)
goto nla_put_failure;
@@ -328,20 +327,22 @@ static int hsr_get_node_status(struct sk
res = nla_put_u16(skb_out, HSR_A_IF2_SEQ, hsr_node_if2_seq);
if (res < 0)
goto nla_put_failure;
- rcu_read_lock();
port = hsr_port_get_hsr(hsr, HSR_PT_SLAVE_B);
if (port)
res = nla_put_u32(skb_out, HSR_A_IF2_IFINDEX,
port->dev->ifindex);
- rcu_read_unlock();
if (res < 0)
goto nla_put_failure;
+ rcu_read_unlock();
+
genlmsg_end(skb_out, msg_head);
genlmsg_unicast(genl_info_net(info), skb_out, info->snd_portid);
return 0;
+rcu_unlock:
+ rcu_read_unlock();
invalid:
netlink_ack(skb_in, nlmsg_hdr(skb_in), -EINVAL, NULL);
return 0;
@@ -351,6 +352,7 @@ nla_put_failure:
/* Fall through */
fail:
+ rcu_read_unlock();
return res;
}
@@ -377,15 +379,16 @@ static int hsr_get_node_list(struct sk_b
if (!na)
goto invalid;
- hsr_dev = __dev_get_by_index(genl_info_net(info),
- nla_get_u32(info->attrs[HSR_A_IFINDEX]));
+ rcu_read_lock();
+ hsr_dev = dev_get_by_index_rcu(genl_info_net(info),
+ nla_get_u32(info->attrs[HSR_A_IFINDEX]));
if (!hsr_dev)
- goto invalid;
+ goto rcu_unlock;
if (!is_hsr_master(hsr_dev))
- goto invalid;
+ goto rcu_unlock;
/* Send reply */
- skb_out = genlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
+ skb_out = genlmsg_new(NLMSG_GOODSIZE, GFP_ATOMIC);
if (!skb_out) {
res = -ENOMEM;
goto fail;
@@ -405,14 +408,11 @@ static int hsr_get_node_list(struct sk_b
hsr = netdev_priv(hsr_dev);
- rcu_read_lock();
pos = hsr_get_next_node(hsr, NULL, addr);
while (pos) {
res = nla_put(skb_out, HSR_A_NODE_ADDR, ETH_ALEN, addr);
- if (res < 0) {
- rcu_read_unlock();
+ if (res < 0)
goto nla_put_failure;
- }
pos = hsr_get_next_node(hsr, pos, addr);
}
rcu_read_unlock();
@@ -422,6 +422,8 @@ static int hsr_get_node_list(struct sk_b
return 0;
+rcu_unlock:
+ rcu_read_unlock();
invalid:
netlink_ack(skb_in, nlmsg_hdr(skb_in), -EINVAL, NULL);
return 0;
@@ -431,6 +433,7 @@ nla_put_failure:
/* Fall through */
fail:
+ rcu_read_unlock();
return res;
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 054/170] hsr: add restart routine into hsr_get_node_list()
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 053/170] hsr: use rcu_read_lock() in hsr_get_node_{list/status}() Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 055/170] hsr: set .netnsok flag Greg Kroah-Hartman
` (115 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Taehee Yoo, David S. Miller
From: Taehee Yoo <ap420073@gmail.com>
[ Upstream commit ca19c70f5225771c05bcdcb832b4eb84d7271c5e ]
The hsr_get_node_list() is to send node addresses to the userspace.
If there are so many nodes, it could fail because of buffer size.
In order to avoid this failure, the restart routine is added.
Fixes: f421436a591d ("net/hsr: Add support for the High-availability Seamless Redundancy protocol (HSRv0)")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/hsr/hsr_netlink.c | 38 ++++++++++++++++++++++++--------------
1 file changed, 24 insertions(+), 14 deletions(-)
--- a/net/hsr/hsr_netlink.c
+++ b/net/hsr/hsr_netlink.c
@@ -360,16 +360,14 @@ fail:
*/
static int hsr_get_node_list(struct sk_buff *skb_in, struct genl_info *info)
{
- /* For receiving */
- struct nlattr *na;
+ unsigned char addr[ETH_ALEN];
struct net_device *hsr_dev;
-
- /* For sending */
struct sk_buff *skb_out;
- void *msg_head;
struct hsr_priv *hsr;
- void *pos;
- unsigned char addr[ETH_ALEN];
+ bool restart = false;
+ struct nlattr *na;
+ void *pos = NULL;
+ void *msg_head;
int res;
if (!info)
@@ -387,8 +385,9 @@ static int hsr_get_node_list(struct sk_b
if (!is_hsr_master(hsr_dev))
goto rcu_unlock;
+restart:
/* Send reply */
- skb_out = genlmsg_new(NLMSG_GOODSIZE, GFP_ATOMIC);
+ skb_out = genlmsg_new(GENLMSG_DEFAULT_SIZE, GFP_ATOMIC);
if (!skb_out) {
res = -ENOMEM;
goto fail;
@@ -402,17 +401,28 @@ static int hsr_get_node_list(struct sk_b
goto nla_put_failure;
}
- res = nla_put_u32(skb_out, HSR_A_IFINDEX, hsr_dev->ifindex);
- if (res < 0)
- goto nla_put_failure;
+ if (!restart) {
+ res = nla_put_u32(skb_out, HSR_A_IFINDEX, hsr_dev->ifindex);
+ if (res < 0)
+ goto nla_put_failure;
+ }
hsr = netdev_priv(hsr_dev);
- pos = hsr_get_next_node(hsr, NULL, addr);
+ if (!pos)
+ pos = hsr_get_next_node(hsr, NULL, addr);
while (pos) {
res = nla_put(skb_out, HSR_A_NODE_ADDR, ETH_ALEN, addr);
- if (res < 0)
+ if (res < 0) {
+ if (res == -EMSGSIZE) {
+ genlmsg_end(skb_out, msg_head);
+ genlmsg_unicast(genl_info_net(info), skb_out,
+ info->snd_portid);
+ restart = true;
+ goto restart;
+ }
goto nla_put_failure;
+ }
pos = hsr_get_next_node(hsr, pos, addr);
}
rcu_read_unlock();
@@ -429,7 +439,7 @@ invalid:
return 0;
nla_put_failure:
- kfree_skb(skb_out);
+ nlmsg_free(skb_out);
/* Fall through */
fail:
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 055/170] hsr: set .netnsok flag
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 054/170] hsr: add restart routine into hsr_get_node_list() Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 056/170] net/mlx5: DR, Fix postsend actions write length Greg Kroah-Hartman
` (114 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Taehee Yoo, David S. Miller
From: Taehee Yoo <ap420073@gmail.com>
[ Upstream commit 09e91dbea0aa32be02d8877bd50490813de56b9a ]
The hsr module has been supporting the list and status command.
(HSR_C_GET_NODE_LIST and HSR_C_GET_NODE_STATUS)
These commands send node information to the user-space via generic netlink.
But, in the non-init_net namespace, these commands are not allowed
because .netnsok flag is false.
So, there is no way to get node information in the non-init_net namespace.
Fixes: f421436a591d ("net/hsr: Add support for the High-availability Seamless Redundancy protocol (HSRv0)")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/hsr/hsr_netlink.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/hsr/hsr_netlink.c
+++ b/net/hsr/hsr_netlink.c
@@ -470,6 +470,7 @@ static struct genl_family hsr_genl_famil
.version = 1,
.maxattr = HSR_A_MAX,
.policy = hsr_genl_policy,
+ .netnsok = true,
.module = THIS_MODULE,
.ops = hsr_ops,
.n_ops = ARRAY_SIZE(hsr_ops),
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 056/170] net/mlx5: DR, Fix postsend actions write length
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 055/170] hsr: set .netnsok flag Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 057/170] net/mlx5e: Enhance ICOSQ WQE info fields Greg Kroah-Hartman
` (113 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hamdan Igbaria, Alex Vesker,
Saeed Mahameed, David S. Miller
From: Hamdan Igbaria <hamdani@mellanox.com>
[ Upstream commit 692b0399a22530b2de8490bea75a7d20d59391d0 ]
Fix the send info write length to be (actions x action) size in bytes.
Fixes: 297cccebdc5a ("net/mlx5: DR, Expose an internal API to issue RDMA operations")
Signed-off-by: Hamdan Igbaria <hamdani@mellanox.com>
Reviewed-by: Alex Vesker <valex@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx5/core/steering/dr_action.c | 1 -
drivers/net/ethernet/mellanox/mlx5/core/steering/dr_send.c | 3 ++-
2 files changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_action.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_action.c
@@ -930,7 +930,6 @@ static int dr_actions_l2_rewrite(struct
action->rewrite.data = (void *)ops;
action->rewrite.num_of_actions = i;
- action->rewrite.chunk->byte_size = i * sizeof(*ops);
ret = mlx5dr_send_postsend_action(dmn, action);
if (ret) {
--- a/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_send.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_send.c
@@ -558,7 +558,8 @@ int mlx5dr_send_postsend_action(struct m
int ret;
send_info.write.addr = (uintptr_t)action->rewrite.data;
- send_info.write.length = action->rewrite.chunk->byte_size;
+ send_info.write.length = action->rewrite.num_of_actions *
+ DR_MODIFY_ACTION_SIZE;
send_info.write.lkey = 0;
send_info.remote_addr = action->rewrite.chunk->mr_addr;
send_info.rkey = action->rewrite.chunk->rkey;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 057/170] net/mlx5e: Enhance ICOSQ WQE info fields
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 056/170] net/mlx5: DR, Fix postsend actions write length Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 058/170] net/mlx5e: Fix missing reset of SW metadata in Striding RQ reset Greg Kroah-Hartman
` (112 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aya Levin, Tariq Toukan,
Saeed Mahameed, David S. Miller
From: Aya Levin <ayal@mellanox.com>
[ Upstream commit 1de0306c3a05d305e45b1f1fabe2f4e94222eb6b ]
Add number of WQEBBs (WQE's Basic Block) to WQE info struct. Set the
number of WQEBBs on WQE post, and increment the consumer counter (cc)
on completion.
In case of error completions, the cc was mistakenly not incremented,
keeping a gap between cc and pc (producer counter). This failed the
recovery flow on the ICOSQ from a CQE error which timed-out waiting for
the cc and pc to meet.
Fixes: be5323c8379f ("net/mlx5e: Report and recover from CQE error on ICOSQ")
Signed-off-by: Aya Levin <ayal@mellanox.com>
Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx5/core/en.h | 1 +
drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 11 +++++------
drivers/net/ethernet/mellanox/mlx5/core/en_txrx.c | 1 +
3 files changed, 7 insertions(+), 6 deletions(-)
--- a/drivers/net/ethernet/mellanox/mlx5/core/en.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en.h
@@ -371,6 +371,7 @@ enum {
struct mlx5e_sq_wqe_info {
u8 opcode;
+ u8 num_wqebbs;
/* Auxiliary data for different opcodes. */
union {
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_rx.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_rx.c
@@ -477,6 +477,7 @@ static inline void mlx5e_fill_icosq_frag
/* fill sq frag edge with nops to avoid wqe wrapping two pages */
for (; wi < edge_wi; wi++) {
wi->opcode = MLX5_OPCODE_NOP;
+ wi->num_wqebbs = 1;
mlx5e_post_nop(wq, sq->sqn, &sq->pc);
}
}
@@ -525,6 +526,7 @@ static int mlx5e_alloc_rx_mpwqe(struct m
umr_wqe->uctrl.xlt_offset = cpu_to_be16(xlt_offset);
sq->db.ico_wqe[pi].opcode = MLX5_OPCODE_UMR;
+ sq->db.ico_wqe[pi].num_wqebbs = MLX5E_UMR_WQEBBS;
sq->db.ico_wqe[pi].umr.rq = rq;
sq->pc += MLX5E_UMR_WQEBBS;
@@ -621,6 +623,7 @@ void mlx5e_poll_ico_cq(struct mlx5e_cq *
ci = mlx5_wq_cyc_ctr2ix(&sq->wq, sqcc);
wi = &sq->db.ico_wqe[ci];
+ sqcc += wi->num_wqebbs;
if (last_wqe && unlikely(get_cqe_opcode(cqe) != MLX5_CQE_REQ)) {
netdev_WARN_ONCE(cq->channel->netdev,
@@ -631,16 +634,12 @@ void mlx5e_poll_ico_cq(struct mlx5e_cq *
break;
}
- if (likely(wi->opcode == MLX5_OPCODE_UMR)) {
- sqcc += MLX5E_UMR_WQEBBS;
+ if (likely(wi->opcode == MLX5_OPCODE_UMR))
wi->umr.rq->mpwqe.umr_completed++;
- } else if (likely(wi->opcode == MLX5_OPCODE_NOP)) {
- sqcc++;
- } else {
+ else if (unlikely(wi->opcode != MLX5_OPCODE_NOP))
netdev_WARN_ONCE(cq->channel->netdev,
"Bad OPCODE in ICOSQ WQE info: 0x%x\n",
wi->opcode);
- }
} while (!last_wqe);
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_txrx.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_txrx.c
@@ -78,6 +78,7 @@ void mlx5e_trigger_irq(struct mlx5e_icos
u16 pi = mlx5_wq_cyc_ctr2ix(wq, sq->pc);
sq->db.ico_wqe[pi].opcode = MLX5_OPCODE_NOP;
+ sq->db.ico_wqe[pi].num_wqebbs = 1;
nopwqe = mlx5e_post_nop(wq, sq->sqn, &sq->pc);
mlx5e_notify_hw(wq, sq->pc, sq->uar_map, &nopwqe->ctrl);
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 058/170] net/mlx5e: Fix missing reset of SW metadata in Striding RQ reset
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 057/170] net/mlx5e: Enhance ICOSQ WQE info fields Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 059/170] net/mlx5e: Fix ICOSQ recovery flow with Striding RQ Greg Kroah-Hartman
` (111 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aya Levin, Tariq Toukan,
Saeed Mahameed, David S. Miller
From: Aya Levin <ayal@mellanox.com>
[ Upstream commit 39369fd536d485a99a59d8e357c0d4d3ce19a3b8 ]
When resetting the RQ (moving RQ state from RST to RDY), the driver
resets the WQ's SW metadata.
In striding RQ mode, we maintain a field that reflects the actual
expected WQ head (including in progress WQEs posted to the ICOSQ).
It was mistakenly not reset together with the WQ. Fix this here.
Fixes: 8276ea1353a4 ("net/mlx5e: Report and recover from CQE with error on RQ")
Signed-off-by: Aya Levin <ayal@mellanox.com>
Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx5/core/en/txrx.h | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/txrx.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/txrx.h
@@ -181,10 +181,12 @@ mlx5e_tx_dma_unmap(struct device *pdev,
static inline void mlx5e_rqwq_reset(struct mlx5e_rq *rq)
{
- if (rq->wq_type == MLX5_WQ_TYPE_LINKED_LIST_STRIDING_RQ)
+ if (rq->wq_type == MLX5_WQ_TYPE_LINKED_LIST_STRIDING_RQ) {
mlx5_wq_ll_reset(&rq->mpwqe.wq);
- else
+ rq->mpwqe.actual_wq_head = 0;
+ } else {
mlx5_wq_cyc_reset(&rq->wqe.wq);
+ }
}
/* SW parser related functions */
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 059/170] net/mlx5e: Fix ICOSQ recovery flow with Striding RQ
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 058/170] net/mlx5e: Fix missing reset of SW metadata in Striding RQ reset Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 060/170] net/mlx5e: Do not recover from a non-fatal syndrome Greg Kroah-Hartman
` (110 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aya Levin, Tariq Toukan,
Saeed Mahameed, David S. Miller
From: Aya Levin <ayal@mellanox.com>
[ Upstream commit e239c6d686e1c37fb2ab143162dfb57471a8643f ]
In striding RQ mode, the buffers of an RX WQE are first
prepared and posted to the HW using a UMR WQEs via the ICOSQ.
We maintain the state of these in-progress WQEs in the RQ
SW struct.
In the flow of ICOSQ recovery, the corresponding RQ is not
in error state, hence:
- The buffers of the in-progress WQEs must be released
and the RQ metadata should reflect it.
- Existing RX WQEs in the RQ should not be affected.
For this, wrap the dealloc of the in-progress WQEs in
a function, and use it in the ICOSQ recovery flow
instead of mlx5e_free_rx_descs().
Fixes: be5323c8379f ("net/mlx5e: Report and recover from CQE error on ICOSQ")
Signed-off-by: Aya Levin <ayal@mellanox.com>
Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx5/core/en.h | 1
drivers/net/ethernet/mellanox/mlx5/core/en/reporter_rx.c | 2
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 31 +++++++++++----
3 files changed, 26 insertions(+), 8 deletions(-)
--- a/drivers/net/ethernet/mellanox/mlx5/core/en.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en.h
@@ -1059,6 +1059,7 @@ int mlx5e_modify_rq_state(struct mlx5e_r
void mlx5e_activate_rq(struct mlx5e_rq *rq);
void mlx5e_deactivate_rq(struct mlx5e_rq *rq);
void mlx5e_free_rx_descs(struct mlx5e_rq *rq);
+void mlx5e_free_rx_in_progress_descs(struct mlx5e_rq *rq);
void mlx5e_activate_icosq(struct mlx5e_icosq *icosq);
void mlx5e_deactivate_icosq(struct mlx5e_icosq *icosq);
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/reporter_rx.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/reporter_rx.c
@@ -90,7 +90,7 @@ static int mlx5e_rx_reporter_err_icosq_c
goto out;
mlx5e_reset_icosq_cc_pc(icosq);
- mlx5e_free_rx_descs(rq);
+ mlx5e_free_rx_in_progress_descs(rq);
clear_bit(MLX5E_SQ_STATE_RECOVERING, &icosq->state);
mlx5e_activate_icosq(icosq);
mlx5e_activate_rq(rq);
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
@@ -822,6 +822,29 @@ int mlx5e_wait_for_min_rx_wqes(struct ml
return -ETIMEDOUT;
}
+void mlx5e_free_rx_in_progress_descs(struct mlx5e_rq *rq)
+{
+ struct mlx5_wq_ll *wq;
+ u16 head;
+ int i;
+
+ if (rq->wq_type != MLX5_WQ_TYPE_LINKED_LIST_STRIDING_RQ)
+ return;
+
+ wq = &rq->mpwqe.wq;
+ head = wq->head;
+
+ /* Outstanding UMR WQEs (in progress) start at wq->head */
+ for (i = 0; i < rq->mpwqe.umr_in_progress; i++) {
+ rq->dealloc_wqe(rq, head);
+ head = mlx5_wq_ll_get_wqe_next_ix(wq, head);
+ }
+
+ rq->mpwqe.actual_wq_head = wq->head;
+ rq->mpwqe.umr_in_progress = 0;
+ rq->mpwqe.umr_completed = 0;
+}
+
void mlx5e_free_rx_descs(struct mlx5e_rq *rq)
{
__be16 wqe_ix_be;
@@ -829,14 +852,8 @@ void mlx5e_free_rx_descs(struct mlx5e_rq
if (rq->wq_type == MLX5_WQ_TYPE_LINKED_LIST_STRIDING_RQ) {
struct mlx5_wq_ll *wq = &rq->mpwqe.wq;
- u16 head = wq->head;
- int i;
- /* Outstanding UMR WQEs (in progress) start at wq->head */
- for (i = 0; i < rq->mpwqe.umr_in_progress; i++) {
- rq->dealloc_wqe(rq, head);
- head = mlx5_wq_ll_get_wqe_next_ix(wq, head);
- }
+ mlx5e_free_rx_in_progress_descs(rq);
while (!mlx5_wq_ll_is_empty(wq)) {
struct mlx5e_rx_wqe_ll *wqe;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 060/170] net/mlx5e: Do not recover from a non-fatal syndrome
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 059/170] net/mlx5e: Fix ICOSQ recovery flow with Striding RQ Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 061/170] net/mlx5_core: Set IB capability mask1 to fix ib_srpt connection failure Greg Kroah-Hartman
` (109 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aya Levin, Tariq Toukan,
Saeed Mahameed, David S. Miller
From: Aya Levin <ayal@mellanox.com>
[ Upstream commit 187a9830c921d92c4a9a8e2921ecc4b35a97532c ]
For non-fatal syndromes like LOCAL_LENGTH_ERR, recovery shouldn't be
triggered. In these scenarios, the RQ is not actually in ERR state.
This misleads the recovery flow which assumes that the RQ is really in
error state and no more completions arrive, causing crashes on bad page
state.
Fixes: 8276ea1353a4 ("net/mlx5e: Report and recover from CQE with error on RQ")
Signed-off-by: Aya Levin <ayal@mellanox.com>
Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx5/core/en/health.h | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/health.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/health.h
@@ -10,8 +10,7 @@
static inline bool cqe_syndrome_needs_recover(u8 syndrome)
{
- return syndrome == MLX5_CQE_SYNDROME_LOCAL_LENGTH_ERR ||
- syndrome == MLX5_CQE_SYNDROME_LOCAL_QP_OP_ERR ||
+ return syndrome == MLX5_CQE_SYNDROME_LOCAL_QP_OP_ERR ||
syndrome == MLX5_CQE_SYNDROME_LOCAL_PROT_ERR ||
syndrome == MLX5_CQE_SYNDROME_WR_FLUSH_ERR;
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 061/170] net/mlx5_core: Set IB capability mask1 to fix ib_srpt connection failure
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 060/170] net/mlx5e: Do not recover from a non-fatal syndrome Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 062/170] net/mlx5e: kTLS, Fix TCP seq off-by-1 issue in TX resync flow Greg Kroah-Hartman
` (108 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Leon Romanovsky, Saeed Mahameed,
David S. Miller
From: Leon Romanovsky <leonro@mellanox.com>
[ Upstream commit 306f354c67397b3138300cde875c5cab45b857f7 ]
The cap_mask1 isn't protected by field_select and not listed among RW
fields, but it is required to be written to properly initialize ports
in IB virtualization mode.
Link: https://lore.kernel.org/linux-rdma/88bab94d2fd72f3145835b4518bc63dda587add6.camel@redhat.com
Fixes: ab118da4c10a ("net/mlx5: Don't write read-only fields in MODIFY_HCA_VPORT_CONTEXT command")
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx5/core/vport.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/net/ethernet/mellanox/mlx5/core/vport.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/vport.c
@@ -1071,6 +1071,9 @@ int mlx5_core_modify_hca_vport_context(s
MLX5_SET64(hca_vport_context, ctx, port_guid, req->port_guid);
if (req->field_select & MLX5_HCA_VPORT_SEL_NODE_GUID)
MLX5_SET64(hca_vport_context, ctx, node_guid, req->node_guid);
+ MLX5_SET(hca_vport_context, ctx, cap_mask1, req->cap_mask1);
+ MLX5_SET(hca_vport_context, ctx, cap_mask1_field_select,
+ req->cap_mask1_perm);
err = mlx5_cmd_exec(dev, in, in_sz, out, sizeof(out));
ex:
kfree(in);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 062/170] net/mlx5e: kTLS, Fix TCP seq off-by-1 issue in TX resync flow
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 061/170] net/mlx5_core: Set IB capability mask1 to fix ib_srpt connection failure Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 063/170] net/mlx5e: Fix endianness handling in pedit mask Greg Kroah-Hartman
` (107 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tariq Toukan, Boris Pismenny,
Saeed Mahameed, David S. Miller
From: Tariq Toukan <tariqt@mellanox.com>
[ Upstream commit 56917766def72f5afdf4235adb91b6897ff26d9d ]
We have an off-by-1 issue in the TCP seq comparison.
The last sequence number that belongs to the TCP packet's payload
is not "start_seq + len", but one byte before it.
Fix it so the 'ends_before' is evaluated properly.
This fixes a bug that results in error completions in the
kTLS HW offload flows.
Fixes: ffbd9ca94e2e ("net/mlx5e: kTLS, Fix corner-case checks in TX resync flow")
Signed-off-by: Tariq Toukan <tariqt@mellanox.com>
Reviewed-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c
@@ -218,7 +218,7 @@ tx_sync_info_get(struct mlx5e_ktls_offlo
* this packet was already acknowledged and its record info
* was released.
*/
- ends_before = before(tcp_seq + datalen, tls_record_start_seq(record));
+ ends_before = before(tcp_seq + datalen - 1, tls_record_start_seq(record));
if (unlikely(tls_record_is_start_marker(record))) {
ret = ends_before ? MLX5E_KTLS_SYNC_SKIP_NO_DATA : MLX5E_KTLS_SYNC_FAIL;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 063/170] net/mlx5e: Fix endianness handling in pedit mask
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 062/170] net/mlx5e: kTLS, Fix TCP seq off-by-1 issue in TX resync flow Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 064/170] cgroup-v1: cgroup_pidlist_next should update position index Greg Kroah-Hartman
` (106 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sebastian Hense, Roi Dayan,
Saeed Mahameed, David S. Miller
From: Sebastian Hense <sebastian.hense1@ibm.com>
[ Upstream commit 404402abd5f90aa90a134eb9604b1750c1941529 ]
The mask value is provided as 64 bit and has to be casted in
either 32 or 16 bit. On big endian systems the wrong half was
casted which resulted in an all zero mask.
Fixes: 2b64beba0251 ("net/mlx5e: Support header re-write of partial fields in TC pedit offload")
Signed-off-by: Sebastian Hense <sebastian.hense1@ibm.com>
Reviewed-by: Roi Dayan <roid@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
@@ -2432,10 +2432,11 @@ static int offload_pedit_fields(struct p
continue;
if (f->field_bsize == 32) {
- mask_be32 = *(__be32 *)&mask;
+ mask_be32 = (__be32)mask;
mask = (__force unsigned long)cpu_to_le32(be32_to_cpu(mask_be32));
} else if (f->field_bsize == 16) {
- mask_be16 = *(__be16 *)&mask;
+ mask_be32 = (__be32)mask;
+ mask_be16 = *(__be16 *)&mask_be32;
mask = (__force unsigned long)cpu_to_le16(be16_to_cpu(mask_be16));
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 064/170] cgroup-v1: cgroup_pidlist_next should update position index
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 063/170] net/mlx5e: Fix endianness handling in pedit mask Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 065/170] nfs: add minor version to nfs_server_key for fscache Greg Kroah-Hartman
` (105 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vasily Averin, Tejun Heo, Sasha Levin
From: Vasily Averin <vvs@virtuozzo.com>
[ Upstream commit db8dd9697238be70a6b4f9d0284cd89f59c0e070 ]
if seq_file .next fuction does not change position index,
read after some lseek can generate unexpected output.
# mount | grep cgroup
# dd if=/mnt/cgroup.procs bs=1 # normal output
...
1294
1295
1296
1304
1382
584+0 records in
584+0 records out
584 bytes copied
dd: /mnt/cgroup.procs: cannot skip to specified offset
83 <<< generates end of last line
1383 <<< ... and whole last line once again
0+1 records in
0+1 records out
8 bytes copied
dd: /mnt/cgroup.procs: cannot skip to specified offset
1386 <<< generates last line anyway
0+1 records in
0+1 records out
5 bytes copied
https://bugzilla.kernel.org/show_bug.cgi?id=206283
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/cgroup/cgroup-v1.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/cgroup/cgroup-v1.c b/kernel/cgroup/cgroup-v1.c
index 09f3a413f6f89..84bedb87ae137 100644
--- a/kernel/cgroup/cgroup-v1.c
+++ b/kernel/cgroup/cgroup-v1.c
@@ -473,6 +473,7 @@ static void *cgroup_pidlist_next(struct seq_file *s, void *v, loff_t *pos)
*/
p++;
if (p >= end) {
+ (*pos)++;
return NULL;
} else {
*pos = *p;
--
2.20.1
^ permalink raw reply related [flat|nested] 180+ messages in thread
* [PATCH 5.5 065/170] nfs: add minor version to nfs_server_key for fscache
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 064/170] cgroup-v1: cgroup_pidlist_next should update position index Greg Kroah-Hartman
@ 2020-03-31 8:57 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 066/170] cpupower: avoid multiple definition with gcc -fno-common Greg Kroah-Hartman
` (104 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Scott Mayhew, Dave Wysochanski,
Anna Schumaker, Sasha Levin
From: Scott Mayhew <smayhew@redhat.com>
[ Upstream commit 55dee1bc0d72877b99805e42e0205087e98b9edd ]
An NFS client that mounts multiple exports from the same NFS
server with higher NFSv4 versions disabled (i.e. 4.2) and without
forcing a specific NFS version results in fscache index cookie
collisions and the following messages:
[ 570.004348] FS-Cache: Duplicate cookie detected
Each nfs_client structure should have its own fscache index cookie,
so add the minorversion to nfs_server_key.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=200145
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Dave Wysochanski <dwysocha@redhat.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/client.c | 1 +
fs/nfs/fscache.c | 2 ++
fs/nfs/nfs4client.c | 1 -
3 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/nfs/client.c b/fs/nfs/client.c
index 02110a30a49ea..a851339defeb5 100644
--- a/fs/nfs/client.c
+++ b/fs/nfs/client.c
@@ -153,6 +153,7 @@ struct nfs_client *nfs_alloc_client(const struct nfs_client_initdata *cl_init)
if ((clp = kzalloc(sizeof(*clp), GFP_KERNEL)) == NULL)
goto error_0;
+ clp->cl_minorversion = cl_init->minorversion;
clp->cl_nfs_mod = cl_init->nfs_mod;
if (!try_module_get(clp->cl_nfs_mod->owner))
goto error_dealloc;
diff --git a/fs/nfs/fscache.c b/fs/nfs/fscache.c
index 3800ab6f08fa8..a6dcc2151e779 100644
--- a/fs/nfs/fscache.c
+++ b/fs/nfs/fscache.c
@@ -31,6 +31,7 @@ static DEFINE_SPINLOCK(nfs_fscache_keys_lock);
struct nfs_server_key {
struct {
uint16_t nfsversion; /* NFS protocol version */
+ uint32_t minorversion; /* NFSv4 minor version */
uint16_t family; /* address family */
__be16 port; /* IP port */
} hdr;
@@ -55,6 +56,7 @@ void nfs_fscache_get_client_cookie(struct nfs_client *clp)
memset(&key, 0, sizeof(key));
key.hdr.nfsversion = clp->rpc_ops->version;
+ key.hdr.minorversion = clp->cl_minorversion;
key.hdr.family = clp->cl_addr.ss_family;
switch (clp->cl_addr.ss_family) {
diff --git a/fs/nfs/nfs4client.c b/fs/nfs/nfs4client.c
index 460d6251c405f..2c274fea80937 100644
--- a/fs/nfs/nfs4client.c
+++ b/fs/nfs/nfs4client.c
@@ -216,7 +216,6 @@ struct nfs_client *nfs4_alloc_client(const struct nfs_client_initdata *cl_init)
INIT_LIST_HEAD(&clp->cl_ds_clients);
rpc_init_wait_queue(&clp->cl_rpcwaitq, "NFS client");
clp->cl_state = 1 << NFS4CLNT_LEASE_EXPIRED;
- clp->cl_minorversion = cl_init->minorversion;
clp->cl_mvops = nfs_v4_minor_ops[cl_init->minorversion];
clp->cl_mig_gen = 1;
#if IS_ENABLED(CONFIG_NFS_V4_1)
--
2.20.1
^ permalink raw reply related [flat|nested] 180+ messages in thread
* [PATCH 5.5 066/170] cpupower: avoid multiple definition with gcc -fno-common
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2020-03-31 8:57 ` [PATCH 5.5 065/170] nfs: add minor version to nfs_server_key for fscache Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 067/170] drivers/of/of_mdio.c:fix of_mdiobus_register() Greg Kroah-Hartman
` (103 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Gilbert, Shuah Khan, Sasha Levin
From: Mike Gilbert <floppym@gentoo.org>
[ Upstream commit 2de7fb60a4740135e03cf55c1982e393ccb87b6b ]
Building cpupower with -fno-common in CFLAGS results in errors due to
multiple definitions of the 'cpu_count' and 'start_time' variables.
./utils/idle_monitor/snb_idle.o:./utils/idle_monitor/cpupower-monitor.h:28:
multiple definition of `cpu_count';
./utils/idle_monitor/nhm_idle.o:./utils/idle_monitor/cpupower-monitor.h:28:
first defined here
...
./utils/idle_monitor/cpuidle_sysfs.o:./utils/idle_monitor/cpuidle_sysfs.c:22:
multiple definition of `start_time';
./utils/idle_monitor/amd_fam14h_idle.o:./utils/idle_monitor/amd_fam14h_idle.c:85:
first defined here
The -fno-common option will be enabled by default in GCC 10.
Bug: https://bugs.gentoo.org/707462
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/power/cpupower/utils/idle_monitor/amd_fam14h_idle.c | 2 +-
tools/power/cpupower/utils/idle_monitor/cpuidle_sysfs.c | 2 +-
tools/power/cpupower/utils/idle_monitor/cpupower-monitor.c | 2 ++
tools/power/cpupower/utils/idle_monitor/cpupower-monitor.h | 2 +-
4 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/tools/power/cpupower/utils/idle_monitor/amd_fam14h_idle.c b/tools/power/cpupower/utils/idle_monitor/amd_fam14h_idle.c
index 33dc34db4f3cc..20f46348271b1 100644
--- a/tools/power/cpupower/utils/idle_monitor/amd_fam14h_idle.c
+++ b/tools/power/cpupower/utils/idle_monitor/amd_fam14h_idle.c
@@ -82,7 +82,7 @@ static struct pci_access *pci_acc;
static struct pci_dev *amd_fam14h_pci_dev;
static int nbp1_entered;
-struct timespec start_time;
+static struct timespec start_time;
static unsigned long long timediff;
#ifdef DEBUG
diff --git a/tools/power/cpupower/utils/idle_monitor/cpuidle_sysfs.c b/tools/power/cpupower/utils/idle_monitor/cpuidle_sysfs.c
index 3c4cee160b0e6..a65f7d011513a 100644
--- a/tools/power/cpupower/utils/idle_monitor/cpuidle_sysfs.c
+++ b/tools/power/cpupower/utils/idle_monitor/cpuidle_sysfs.c
@@ -19,7 +19,7 @@ struct cpuidle_monitor cpuidle_sysfs_monitor;
static unsigned long long **previous_count;
static unsigned long long **current_count;
-struct timespec start_time;
+static struct timespec start_time;
static unsigned long long timediff;
static int cpuidle_get_count_percent(unsigned int id, double *percent,
diff --git a/tools/power/cpupower/utils/idle_monitor/cpupower-monitor.c b/tools/power/cpupower/utils/idle_monitor/cpupower-monitor.c
index 6d44fec55ad5a..7c77045fef52f 100644
--- a/tools/power/cpupower/utils/idle_monitor/cpupower-monitor.c
+++ b/tools/power/cpupower/utils/idle_monitor/cpupower-monitor.c
@@ -27,6 +27,8 @@ struct cpuidle_monitor *all_monitors[] = {
0
};
+int cpu_count;
+
static struct cpuidle_monitor *monitors[MONITORS_MAX];
static unsigned int avail_monitors;
diff --git a/tools/power/cpupower/utils/idle_monitor/cpupower-monitor.h b/tools/power/cpupower/utils/idle_monitor/cpupower-monitor.h
index 5b5eb1da0cce3..c559d3115330a 100644
--- a/tools/power/cpupower/utils/idle_monitor/cpupower-monitor.h
+++ b/tools/power/cpupower/utils/idle_monitor/cpupower-monitor.h
@@ -25,7 +25,7 @@
#endif
#define CSTATE_DESC_LEN 60
-int cpu_count;
+extern int cpu_count;
/* Hard to define the right names ...: */
enum power_range_e {
--
2.20.1
^ permalink raw reply related [flat|nested] 180+ messages in thread
* [PATCH 5.5 067/170] drivers/of/of_mdio.c:fix of_mdiobus_register()
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 066/170] cpupower: avoid multiple definition with gcc -fno-common Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 068/170] cgroup1: dont call release_agent when it is "" Greg Kroah-Hartman
` (102 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dajun Jin, Andrew Lunn,
David S. Miller, Sasha Levin
From: Dajun Jin <adajunjin@gmail.com>
[ Upstream commit 209c65b61d94344522c41a83cd6ce51aac5fd0a4 ]
When registers a phy_device successful, should terminate the loop
or the phy_device would be registered in other addr. If there are
multiple PHYs without reg properties, it will go wrong.
Signed-off-by: Dajun Jin <adajunjin@gmail.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/of/of_mdio.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/of/of_mdio.c b/drivers/of/of_mdio.c
index fc757ef6eadc5..a27234c58ec56 100644
--- a/drivers/of/of_mdio.c
+++ b/drivers/of/of_mdio.c
@@ -269,6 +269,7 @@ int of_mdiobus_register(struct mii_bus *mdio, struct device_node *np)
rc = of_mdiobus_register_phy(mdio, child, addr);
if (rc && rc != -ENODEV)
goto unregister;
+ break;
}
}
}
--
2.20.1
^ permalink raw reply related [flat|nested] 180+ messages in thread
* [PATCH 5.5 068/170] cgroup1: dont call release_agent when it is ""
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 067/170] drivers/of/of_mdio.c:fix of_mdiobus_register() Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 069/170] veth: ignore peer tx_dropped when counting local rx_dropped Greg Kroah-Hartman
` (101 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tycho Andersen, Tejun Heo, Sasha Levin
From: Tycho Andersen <tycho@tycho.ws>
[ Upstream commit 2e5383d7904e60529136727e49629a82058a5607 ]
Older (and maybe current) versions of systemd set release_agent to "" when
shutting down, but do not set notify_on_release to 0.
Since 64e90a8acb85 ("Introduce STATIC_USERMODEHELPER to mediate
call_usermodehelper()"), we filter out such calls when the user mode helper
path is "". However, when used in conjunction with an actual (i.e. non "")
STATIC_USERMODEHELPER, the path is never "", so the real usermode helper
will be called with argv[0] == "".
Let's avoid this by not invoking the release_agent when it is "".
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/cgroup/cgroup-v1.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/cgroup/cgroup-v1.c b/kernel/cgroup/cgroup-v1.c
index 84bedb87ae137..a1fbf500d0af7 100644
--- a/kernel/cgroup/cgroup-v1.c
+++ b/kernel/cgroup/cgroup-v1.c
@@ -785,7 +785,7 @@ void cgroup1_release_agent(struct work_struct *work)
pathbuf = kmalloc(PATH_MAX, GFP_KERNEL);
agentbuf = kstrdup(cgrp->root->release_agent_path, GFP_KERNEL);
- if (!pathbuf || !agentbuf)
+ if (!pathbuf || !agentbuf || !strlen(agentbuf))
goto out;
spin_lock_irq(&css_set_lock);
--
2.20.1
^ permalink raw reply related [flat|nested] 180+ messages in thread
* [PATCH 5.5 069/170] veth: ignore peer tx_dropped when counting local rx_dropped
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 068/170] cgroup1: dont call release_agent when it is "" Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 070/170] drm/amd/display: update soc bb for nv14 Greg Kroah-Hartman
` (100 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiang Lidong, David S. Miller, Sasha Levin
From: Jiang Lidong <jianglidong3@jd.com>
[ Upstream commit e25d5dbcffae62c9a7fa03517dfa4b8e67670e3d ]
When local NET_RX backlog is full due to traffic overrun,
peer veth tx_dropped counter increases. At that time, list
local veth stats, rx_dropped has double value of peer
tx_dropped, even bigger than transmit packets by peer.
In NET_RX softirq process, if any packet drop case happens,
it increases dev's rx_dropped counter and returns NET_RX_DROP.
At veth tx side, it records any error returned from peer netif_rx
into local dev tx_dropped counter.
In veth get stats process, it puts local dev rx_dropped and
peer dev tx_dropped into together as local rx_drpped value.
So that it shows double value of real dropped packets number in
this case.
This patch ignores peer tx_dropped when counting local rx_dropped,
since peer tx_dropped is duplicated to local rx_dropped at most cases.
Signed-off-by: Jiang Lidong <jianglidong3@jd.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/veth.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/veth.c b/drivers/net/veth.c
index a552df37a347c..bad9e03cd32e7 100644
--- a/drivers/net/veth.c
+++ b/drivers/net/veth.c
@@ -328,7 +328,7 @@ static void veth_get_stats64(struct net_device *dev,
rcu_read_lock();
peer = rcu_dereference(priv->peer);
if (peer) {
- tot->rx_dropped += veth_stats_tx(peer, &packets, &bytes);
+ veth_stats_tx(peer, &packets, &bytes);
tot->rx_bytes += bytes;
tot->rx_packets += packets;
--
2.20.1
^ permalink raw reply related [flat|nested] 180+ messages in thread
* [PATCH 5.5 070/170] drm/amd/display: update soc bb for nv14
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 069/170] veth: ignore peer tx_dropped when counting local rx_dropped Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 071/170] drm/amdgpu: correct ROM_INDEX/DATA offset for VEGA20 Greg Kroah-Hartman
` (99 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Leung, Jun Lei,
Rodrigo Siqueira, Alex Deucher, Sasha Levin
From: Martin Leung <martin.leung@amd.com>
[ Upstream commit d5349775c1726ce997b8eb4982cd85a01f1c8b42 ]
[why]
nv14 previously inherited soc bb from generic dcn 2, did not match
watermark values according to memory team
[how]
add nv14 specific soc bb: copy nv2 generic that it was
using from before, but changed num channels to 8
Signed-off-by: Martin Leung <martin.leung@amd.com>
Reviewed-by: Jun Lei <Jun.Lei@amd.com>
Acked-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../drm/amd/display/dc/dcn20/dcn20_resource.c | 114 ++++++++++++++++++
1 file changed, 114 insertions(+)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c
index 23ff2f1c75b5c..41c4ee84f8bb5 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c
@@ -337,6 +337,117 @@ struct _vcs_dpi_soc_bounding_box_st dcn2_0_soc = {
.use_urgent_burst_bw = 0
};
+struct _vcs_dpi_soc_bounding_box_st dcn2_0_nv14_soc = {
+ .clock_limits = {
+ {
+ .state = 0,
+ .dcfclk_mhz = 560.0,
+ .fabricclk_mhz = 560.0,
+ .dispclk_mhz = 513.0,
+ .dppclk_mhz = 513.0,
+ .phyclk_mhz = 540.0,
+ .socclk_mhz = 560.0,
+ .dscclk_mhz = 171.0,
+ .dram_speed_mts = 8960.0,
+ },
+ {
+ .state = 1,
+ .dcfclk_mhz = 694.0,
+ .fabricclk_mhz = 694.0,
+ .dispclk_mhz = 642.0,
+ .dppclk_mhz = 642.0,
+ .phyclk_mhz = 600.0,
+ .socclk_mhz = 694.0,
+ .dscclk_mhz = 214.0,
+ .dram_speed_mts = 11104.0,
+ },
+ {
+ .state = 2,
+ .dcfclk_mhz = 875.0,
+ .fabricclk_mhz = 875.0,
+ .dispclk_mhz = 734.0,
+ .dppclk_mhz = 734.0,
+ .phyclk_mhz = 810.0,
+ .socclk_mhz = 875.0,
+ .dscclk_mhz = 245.0,
+ .dram_speed_mts = 14000.0,
+ },
+ {
+ .state = 3,
+ .dcfclk_mhz = 1000.0,
+ .fabricclk_mhz = 1000.0,
+ .dispclk_mhz = 1100.0,
+ .dppclk_mhz = 1100.0,
+ .phyclk_mhz = 810.0,
+ .socclk_mhz = 1000.0,
+ .dscclk_mhz = 367.0,
+ .dram_speed_mts = 16000.0,
+ },
+ {
+ .state = 4,
+ .dcfclk_mhz = 1200.0,
+ .fabricclk_mhz = 1200.0,
+ .dispclk_mhz = 1284.0,
+ .dppclk_mhz = 1284.0,
+ .phyclk_mhz = 810.0,
+ .socclk_mhz = 1200.0,
+ .dscclk_mhz = 428.0,
+ .dram_speed_mts = 16000.0,
+ },
+ /*Extra state, no dispclk ramping*/
+ {
+ .state = 5,
+ .dcfclk_mhz = 1200.0,
+ .fabricclk_mhz = 1200.0,
+ .dispclk_mhz = 1284.0,
+ .dppclk_mhz = 1284.0,
+ .phyclk_mhz = 810.0,
+ .socclk_mhz = 1200.0,
+ .dscclk_mhz = 428.0,
+ .dram_speed_mts = 16000.0,
+ },
+ },
+ .num_states = 5,
+ .sr_exit_time_us = 8.6,
+ .sr_enter_plus_exit_time_us = 10.9,
+ .urgent_latency_us = 4.0,
+ .urgent_latency_pixel_data_only_us = 4.0,
+ .urgent_latency_pixel_mixed_with_vm_data_us = 4.0,
+ .urgent_latency_vm_data_only_us = 4.0,
+ .urgent_out_of_order_return_per_channel_pixel_only_bytes = 4096,
+ .urgent_out_of_order_return_per_channel_pixel_and_vm_bytes = 4096,
+ .urgent_out_of_order_return_per_channel_vm_only_bytes = 4096,
+ .pct_ideal_dram_sdp_bw_after_urgent_pixel_only = 40.0,
+ .pct_ideal_dram_sdp_bw_after_urgent_pixel_and_vm = 40.0,
+ .pct_ideal_dram_sdp_bw_after_urgent_vm_only = 40.0,
+ .max_avg_sdp_bw_use_normal_percent = 40.0,
+ .max_avg_dram_bw_use_normal_percent = 40.0,
+ .writeback_latency_us = 12.0,
+ .ideal_dram_bw_after_urgent_percent = 40.0,
+ .max_request_size_bytes = 256,
+ .dram_channel_width_bytes = 2,
+ .fabric_datapath_to_dcn_data_return_bytes = 64,
+ .dcn_downspread_percent = 0.5,
+ .downspread_percent = 0.38,
+ .dram_page_open_time_ns = 50.0,
+ .dram_rw_turnaround_time_ns = 17.5,
+ .dram_return_buffer_per_channel_bytes = 8192,
+ .round_trip_ping_latency_dcfclk_cycles = 131,
+ .urgent_out_of_order_return_per_channel_bytes = 256,
+ .channel_interleave_bytes = 256,
+ .num_banks = 8,
+ .num_chans = 8,
+ .vmm_page_size_bytes = 4096,
+ .dram_clock_change_latency_us = 404.0,
+ .dummy_pstate_latency_us = 5.0,
+ .writeback_dram_clock_change_latency_us = 23.0,
+ .return_bus_width_bytes = 64,
+ .dispclk_dppclk_vco_speed_mhz = 3850,
+ .xfc_bus_transport_time_us = 20,
+ .xfc_xbuf_latency_tolerance_us = 4,
+ .use_urgent_burst_bw = 0
+};
+
struct _vcs_dpi_soc_bounding_box_st dcn2_0_nv12_soc = { 0 };
#ifndef mmDP0_DP_DPHY_INTERNAL_CTRL
@@ -3282,6 +3393,9 @@ void dcn20_patch_bounding_box(struct dc *dc, struct _vcs_dpi_soc_bounding_box_st
static struct _vcs_dpi_soc_bounding_box_st *get_asic_rev_soc_bb(
uint32_t hw_internal_rev)
{
+ if (ASICREV_IS_NAVI14_M(hw_internal_rev))
+ return &dcn2_0_nv14_soc;
+
if (ASICREV_IS_NAVI12_P(hw_internal_rev))
return &dcn2_0_nv12_soc;
--
2.20.1
^ permalink raw reply related [flat|nested] 180+ messages in thread
* [PATCH 5.5 071/170] drm/amdgpu: correct ROM_INDEX/DATA offset for VEGA20
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 070/170] drm/amd/display: update soc bb for nv14 Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 072/170] drm/exynos: Fix cleanup of IOMMU related objects Greg Kroah-Hartman
` (98 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hawking Zhang, Candice Li,
Alex Deucher, Sasha Levin
From: Hawking Zhang <Hawking.Zhang@amd.com>
[ Upstream commit f1c2cd3f8fb959123a9beba18c0e8112dcb2e137 ]
The ROMC_INDEX/DATA offset was changed to e4/e5 since
from smuio_v11 (vega20/arcturus).
Signed-off-by: Hawking Zhang <Hawking.Zhang@amd.com>
Tested-by: Candice Li <Candice.Li@amd.com>
Reviewed-by: Candice Li <Candice.Li@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/soc15.c | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/soc15.c b/drivers/gpu/drm/amd/amdgpu/soc15.c
index 624e223175c21..d6f4f825b439c 100644
--- a/drivers/gpu/drm/amd/amdgpu/soc15.c
+++ b/drivers/gpu/drm/amd/amdgpu/soc15.c
@@ -87,6 +87,13 @@
#define HDP_MEM_POWER_CTRL__RC_MEM_POWER_CTRL_EN_MASK 0x00010000L
#define HDP_MEM_POWER_CTRL__RC_MEM_POWER_LS_EN_MASK 0x00020000L
#define mmHDP_MEM_POWER_CTRL_BASE_IDX 0
+
+/* for Vega20/arcturus regiter offset change */
+#define mmROM_INDEX_VG20 0x00e4
+#define mmROM_INDEX_VG20_BASE_IDX 0
+#define mmROM_DATA_VG20 0x00e5
+#define mmROM_DATA_VG20_BASE_IDX 0
+
/*
* Indirect registers accessor
*/
@@ -307,6 +314,8 @@ static bool soc15_read_bios_from_rom(struct amdgpu_device *adev,
{
u32 *dw_ptr;
u32 i, length_dw;
+ uint32_t rom_index_offset;
+ uint32_t rom_data_offset;
if (bios == NULL)
return false;
@@ -319,11 +328,23 @@ static bool soc15_read_bios_from_rom(struct amdgpu_device *adev,
dw_ptr = (u32 *)bios;
length_dw = ALIGN(length_bytes, 4) / 4;
+ switch (adev->asic_type) {
+ case CHIP_VEGA20:
+ case CHIP_ARCTURUS:
+ rom_index_offset = SOC15_REG_OFFSET(SMUIO, 0, mmROM_INDEX_VG20);
+ rom_data_offset = SOC15_REG_OFFSET(SMUIO, 0, mmROM_DATA_VG20);
+ break;
+ default:
+ rom_index_offset = SOC15_REG_OFFSET(SMUIO, 0, mmROM_INDEX);
+ rom_data_offset = SOC15_REG_OFFSET(SMUIO, 0, mmROM_DATA);
+ break;
+ }
+
/* set rom index to 0 */
- WREG32(SOC15_REG_OFFSET(SMUIO, 0, mmROM_INDEX), 0);
+ WREG32(rom_index_offset, 0);
/* read out the rom data */
for (i = 0; i < length_dw; i++)
- dw_ptr[i] = RREG32(SOC15_REG_OFFSET(SMUIO, 0, mmROM_DATA));
+ dw_ptr[i] = RREG32(rom_data_offset);
return true;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 180+ messages in thread
* [PATCH 5.5 072/170] drm/exynos: Fix cleanup of IOMMU related objects
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 071/170] drm/amdgpu: correct ROM_INDEX/DATA offset for VEGA20 Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 073/170] iommu/vt-d: Silence RCU-list debugging warnings Greg Kroah-Hartman
` (97 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Szyprowski, Lukasz Luba,
Inki Dae, Sasha Levin
From: Marek Szyprowski <m.szyprowski@samsung.com>
[ Upstream commit 07dc3678bacc2a75b1900febea7d996a31f178a2 ]
Store the IOMMU mapping created by the device core of each Exynos DRM
sub-device and restore it when the Exynos DRM driver is unbound. This
fixes IOMMU initialization failure for the second time when a deferred
probe is triggered from the bind() callback of master's compound DRM
driver. This also fixes the following issue found using kmemleak
detector:
unreferenced object 0xc2137640 (size 64):
comm "swapper/0", pid 1, jiffies 4294937900 (age 3127.400s)
hex dump (first 32 bytes):
50 a3 14 c2 80 a2 14 c2 01 00 00 00 20 00 00 00 P........... ...
00 10 00 00 00 80 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<3acd268d>] arch_setup_dma_ops+0x4c/0x104
[<9f7d2cce>] of_dma_configure+0x19c/0x3a4
[<ba07704b>] really_probe+0xb0/0x47c
[<4f510e4f>] driver_probe_device+0x78/0x1c4
[<7481a0cf>] device_driver_attach+0x58/0x60
[<0ff8f5c1>] __driver_attach+0xb8/0x158
[<86006144>] bus_for_each_dev+0x74/0xb4
[<10159dca>] bus_add_driver+0x1c0/0x200
[<8a265265>] driver_register+0x74/0x108
[<e0f3451a>] exynos_drm_init+0xb0/0x134
[<db3fc7ba>] do_one_initcall+0x90/0x458
[<6da35917>] kernel_init_freeable+0x188/0x200
[<db3f74d4>] kernel_init+0x8/0x110
[<1f3cddf9>] ret_from_fork+0x14/0x20
[<8cd12507>] 0x0
unreferenced object 0xc214a280 (size 128):
comm "swapper/0", pid 1, jiffies 4294937900 (age 3127.400s)
hex dump (first 32 bytes):
00 a0 ec ed 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<3acd268d>] arch_setup_dma_ops+0x4c/0x104
[<9f7d2cce>] of_dma_configure+0x19c/0x3a4
[<ba07704b>] really_probe+0xb0/0x47c
[<4f510e4f>] driver_probe_device+0x78/0x1c4
[<7481a0cf>] device_driver_attach+0x58/0x60
[<0ff8f5c1>] __driver_attach+0xb8/0x158
[<86006144>] bus_for_each_dev+0x74/0xb4
[<10159dca>] bus_add_driver+0x1c0/0x200
[<8a265265>] driver_register+0x74/0x108
[<e0f3451a>] exynos_drm_init+0xb0/0x134
[<db3fc7ba>] do_one_initcall+0x90/0x458
[<6da35917>] kernel_init_freeable+0x188/0x200
[<db3f74d4>] kernel_init+0x8/0x110
[<1f3cddf9>] ret_from_fork+0x14/0x20
[<8cd12507>] 0x0
unreferenced object 0xedeca000 (size 4096):
comm "swapper/0", pid 1, jiffies 4294937900 (age 3127.400s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<3acd268d>] arch_setup_dma_ops+0x4c/0x104
[<9f7d2cce>] of_dma_configure+0x19c/0x3a4
[<ba07704b>] really_probe+0xb0/0x47c
[<4f510e4f>] driver_probe_device+0x78/0x1c4
[<7481a0cf>] device_driver_attach+0x58/0x60
[<0ff8f5c1>] __driver_attach+0xb8/0x158
[<86006144>] bus_for_each_dev+0x74/0xb4
[<10159dca>] bus_add_driver+0x1c0/0x200
[<8a265265>] driver_register+0x74/0x108
[<e0f3451a>] exynos_drm_init+0xb0/0x134
[<db3fc7ba>] do_one_initcall+0x90/0x458
[<6da35917>] kernel_init_freeable+0x188/0x200
[<db3f74d4>] kernel_init+0x8/0x110
[<1f3cddf9>] ret_from_fork+0x14/0x20
[<8cd12507>] 0x0
unreferenced object 0xc214a300 (size 128):
comm "swapper/0", pid 1, jiffies 4294937900 (age 3127.400s)
hex dump (first 32 bytes):
00 a3 14 c2 00 a3 14 c2 00 40 18 c2 00 80 18 c2 .........@......
02 00 02 00 ad 4e ad de ff ff ff ff ff ff ff ff .....N..........
backtrace:
[<08cbd8bc>] iommu_domain_alloc+0x24/0x50
[<b835abee>] arm_iommu_create_mapping+0xe4/0x134
[<3acd268d>] arch_setup_dma_ops+0x4c/0x104
[<9f7d2cce>] of_dma_configure+0x19c/0x3a4
[<ba07704b>] really_probe+0xb0/0x47c
[<4f510e4f>] driver_probe_device+0x78/0x1c4
[<7481a0cf>] device_driver_attach+0x58/0x60
[<0ff8f5c1>] __driver_attach+0xb8/0x158
[<86006144>] bus_for_each_dev+0x74/0xb4
[<10159dca>] bus_add_driver+0x1c0/0x200
[<8a265265>] driver_register+0x74/0x108
[<e0f3451a>] exynos_drm_init+0xb0/0x134
[<db3fc7ba>] do_one_initcall+0x90/0x458
[<6da35917>] kernel_init_freeable+0x188/0x200
[<db3f74d4>] kernel_init+0x8/0x110
[<1f3cddf9>] ret_from_fork+0x14/0x20
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Lukasz Luba <lukasz.luba@arm.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 5 ++--
drivers/gpu/drm/exynos/exynos7_drm_decon.c | 5 ++--
drivers/gpu/drm/exynos/exynos_drm_dma.c | 28 +++++++++++++------
drivers/gpu/drm/exynos/exynos_drm_drv.h | 6 ++--
drivers/gpu/drm/exynos/exynos_drm_fimc.c | 5 ++--
drivers/gpu/drm/exynos/exynos_drm_fimd.c | 5 ++--
drivers/gpu/drm/exynos/exynos_drm_g2d.c | 5 ++--
drivers/gpu/drm/exynos/exynos_drm_gsc.c | 5 ++--
drivers/gpu/drm/exynos/exynos_drm_rotator.c | 5 ++--
drivers/gpu/drm/exynos/exynos_drm_scaler.c | 6 ++--
drivers/gpu/drm/exynos/exynos_mixer.c | 7 +++--
11 files changed, 53 insertions(+), 29 deletions(-)
diff --git a/drivers/gpu/drm/exynos/exynos5433_drm_decon.c b/drivers/gpu/drm/exynos/exynos5433_drm_decon.c
index 2d5cbfda3ca79..9c262daf5816e 100644
--- a/drivers/gpu/drm/exynos/exynos5433_drm_decon.c
+++ b/drivers/gpu/drm/exynos/exynos5433_drm_decon.c
@@ -55,6 +55,7 @@ static const char * const decon_clks_name[] = {
struct decon_context {
struct device *dev;
struct drm_device *drm_dev;
+ void *dma_priv;
struct exynos_drm_crtc *crtc;
struct exynos_drm_plane planes[WINDOWS_NR];
struct exynos_drm_plane_config configs[WINDOWS_NR];
@@ -644,7 +645,7 @@ static int decon_bind(struct device *dev, struct device *master, void *data)
decon_clear_channels(ctx->crtc);
- return exynos_drm_register_dma(drm_dev, dev);
+ return exynos_drm_register_dma(drm_dev, dev, &ctx->dma_priv);
}
static void decon_unbind(struct device *dev, struct device *master, void *data)
@@ -654,7 +655,7 @@ static void decon_unbind(struct device *dev, struct device *master, void *data)
decon_disable(ctx->crtc);
/* detach this sub driver from iommu mapping if supported. */
- exynos_drm_unregister_dma(ctx->drm_dev, ctx->dev);
+ exynos_drm_unregister_dma(ctx->drm_dev, ctx->dev, &ctx->dma_priv);
}
static const struct component_ops decon_component_ops = {
diff --git a/drivers/gpu/drm/exynos/exynos7_drm_decon.c b/drivers/gpu/drm/exynos/exynos7_drm_decon.c
index f0640950bd465..6fd40410dfd2e 100644
--- a/drivers/gpu/drm/exynos/exynos7_drm_decon.c
+++ b/drivers/gpu/drm/exynos/exynos7_drm_decon.c
@@ -40,6 +40,7 @@
struct decon_context {
struct device *dev;
struct drm_device *drm_dev;
+ void *dma_priv;
struct exynos_drm_crtc *crtc;
struct exynos_drm_plane planes[WINDOWS_NR];
struct exynos_drm_plane_config configs[WINDOWS_NR];
@@ -127,13 +128,13 @@ static int decon_ctx_initialize(struct decon_context *ctx,
decon_clear_channels(ctx->crtc);
- return exynos_drm_register_dma(drm_dev, ctx->dev);
+ return exynos_drm_register_dma(drm_dev, ctx->dev, &ctx->dma_priv);
}
static void decon_ctx_remove(struct decon_context *ctx)
{
/* detach this sub driver from iommu mapping if supported. */
- exynos_drm_unregister_dma(ctx->drm_dev, ctx->dev);
+ exynos_drm_unregister_dma(ctx->drm_dev, ctx->dev, &ctx->dma_priv);
}
static u32 decon_calc_clkdiv(struct decon_context *ctx,
diff --git a/drivers/gpu/drm/exynos/exynos_drm_dma.c b/drivers/gpu/drm/exynos/exynos_drm_dma.c
index 9ebc02768847e..619f81435c1b2 100644
--- a/drivers/gpu/drm/exynos/exynos_drm_dma.c
+++ b/drivers/gpu/drm/exynos/exynos_drm_dma.c
@@ -58,7 +58,7 @@ static inline void clear_dma_max_seg_size(struct device *dev)
* mapping.
*/
static int drm_iommu_attach_device(struct drm_device *drm_dev,
- struct device *subdrv_dev)
+ struct device *subdrv_dev, void **dma_priv)
{
struct exynos_drm_private *priv = drm_dev->dev_private;
int ret;
@@ -74,7 +74,14 @@ static int drm_iommu_attach_device(struct drm_device *drm_dev,
return ret;
if (IS_ENABLED(CONFIG_ARM_DMA_USE_IOMMU)) {
- if (to_dma_iommu_mapping(subdrv_dev))
+ /*
+ * Keep the original DMA mapping of the sub-device and
+ * restore it on Exynos DRM detach, otherwise the DMA
+ * framework considers it as IOMMU-less during the next
+ * probe (in case of deferred probe or modular build)
+ */
+ *dma_priv = to_dma_iommu_mapping(subdrv_dev);
+ if (*dma_priv)
arm_iommu_detach_device(subdrv_dev);
ret = arm_iommu_attach_device(subdrv_dev, priv->mapping);
@@ -98,19 +105,21 @@ static int drm_iommu_attach_device(struct drm_device *drm_dev,
* mapping
*/
static void drm_iommu_detach_device(struct drm_device *drm_dev,
- struct device *subdrv_dev)
+ struct device *subdrv_dev, void **dma_priv)
{
struct exynos_drm_private *priv = drm_dev->dev_private;
- if (IS_ENABLED(CONFIG_ARM_DMA_USE_IOMMU))
+ if (IS_ENABLED(CONFIG_ARM_DMA_USE_IOMMU)) {
arm_iommu_detach_device(subdrv_dev);
- else if (IS_ENABLED(CONFIG_IOMMU_DMA))
+ arm_iommu_attach_device(subdrv_dev, *dma_priv);
+ } else if (IS_ENABLED(CONFIG_IOMMU_DMA))
iommu_detach_device(priv->mapping, subdrv_dev);
clear_dma_max_seg_size(subdrv_dev);
}
-int exynos_drm_register_dma(struct drm_device *drm, struct device *dev)
+int exynos_drm_register_dma(struct drm_device *drm, struct device *dev,
+ void **dma_priv)
{
struct exynos_drm_private *priv = drm->dev_private;
@@ -137,13 +146,14 @@ int exynos_drm_register_dma(struct drm_device *drm, struct device *dev)
priv->mapping = mapping;
}
- return drm_iommu_attach_device(drm, dev);
+ return drm_iommu_attach_device(drm, dev, dma_priv);
}
-void exynos_drm_unregister_dma(struct drm_device *drm, struct device *dev)
+void exynos_drm_unregister_dma(struct drm_device *drm, struct device *dev,
+ void **dma_priv)
{
if (IS_ENABLED(CONFIG_EXYNOS_IOMMU))
- drm_iommu_detach_device(drm, dev);
+ drm_iommu_detach_device(drm, dev, dma_priv);
}
void exynos_drm_cleanup_dma(struct drm_device *drm)
diff --git a/drivers/gpu/drm/exynos/exynos_drm_drv.h b/drivers/gpu/drm/exynos/exynos_drm_drv.h
index d4014ba592fdc..735f436c857cc 100644
--- a/drivers/gpu/drm/exynos/exynos_drm_drv.h
+++ b/drivers/gpu/drm/exynos/exynos_drm_drv.h
@@ -223,8 +223,10 @@ static inline bool is_drm_iommu_supported(struct drm_device *drm_dev)
return priv->mapping ? true : false;
}
-int exynos_drm_register_dma(struct drm_device *drm, struct device *dev);
-void exynos_drm_unregister_dma(struct drm_device *drm, struct device *dev);
+int exynos_drm_register_dma(struct drm_device *drm, struct device *dev,
+ void **dma_priv);
+void exynos_drm_unregister_dma(struct drm_device *drm, struct device *dev,
+ void **dma_priv);
void exynos_drm_cleanup_dma(struct drm_device *drm);
#ifdef CONFIG_DRM_EXYNOS_DPI
diff --git a/drivers/gpu/drm/exynos/exynos_drm_fimc.c b/drivers/gpu/drm/exynos/exynos_drm_fimc.c
index 8ea2e1d77802a..29ab8be8604c9 100644
--- a/drivers/gpu/drm/exynos/exynos_drm_fimc.c
+++ b/drivers/gpu/drm/exynos/exynos_drm_fimc.c
@@ -97,6 +97,7 @@ struct fimc_scaler {
struct fimc_context {
struct exynos_drm_ipp ipp;
struct drm_device *drm_dev;
+ void *dma_priv;
struct device *dev;
struct exynos_drm_ipp_task *task;
struct exynos_drm_ipp_formats *formats;
@@ -1133,7 +1134,7 @@ static int fimc_bind(struct device *dev, struct device *master, void *data)
ctx->drm_dev = drm_dev;
ipp->drm_dev = drm_dev;
- exynos_drm_register_dma(drm_dev, dev);
+ exynos_drm_register_dma(drm_dev, dev, &ctx->dma_priv);
exynos_drm_ipp_register(dev, ipp, &ipp_funcs,
DRM_EXYNOS_IPP_CAP_CROP | DRM_EXYNOS_IPP_CAP_ROTATE |
@@ -1153,7 +1154,7 @@ static void fimc_unbind(struct device *dev, struct device *master,
struct exynos_drm_ipp *ipp = &ctx->ipp;
exynos_drm_ipp_unregister(dev, ipp);
- exynos_drm_unregister_dma(drm_dev, dev);
+ exynos_drm_unregister_dma(drm_dev, dev, &ctx->dma_priv);
}
static const struct component_ops fimc_component_ops = {
diff --git a/drivers/gpu/drm/exynos/exynos_drm_fimd.c b/drivers/gpu/drm/exynos/exynos_drm_fimd.c
index 8d0a929104e53..34e6b22173fae 100644
--- a/drivers/gpu/drm/exynos/exynos_drm_fimd.c
+++ b/drivers/gpu/drm/exynos/exynos_drm_fimd.c
@@ -167,6 +167,7 @@ static struct fimd_driver_data exynos5420_fimd_driver_data = {
struct fimd_context {
struct device *dev;
struct drm_device *drm_dev;
+ void *dma_priv;
struct exynos_drm_crtc *crtc;
struct exynos_drm_plane planes[WINDOWS_NR];
struct exynos_drm_plane_config configs[WINDOWS_NR];
@@ -1090,7 +1091,7 @@ static int fimd_bind(struct device *dev, struct device *master, void *data)
if (is_drm_iommu_supported(drm_dev))
fimd_clear_channels(ctx->crtc);
- return exynos_drm_register_dma(drm_dev, dev);
+ return exynos_drm_register_dma(drm_dev, dev, &ctx->dma_priv);
}
static void fimd_unbind(struct device *dev, struct device *master,
@@ -1100,7 +1101,7 @@ static void fimd_unbind(struct device *dev, struct device *master,
fimd_disable(ctx->crtc);
- exynos_drm_unregister_dma(ctx->drm_dev, ctx->dev);
+ exynos_drm_unregister_dma(ctx->drm_dev, ctx->dev, &ctx->dma_priv);
if (ctx->encoder)
exynos_dpi_remove(ctx->encoder);
diff --git a/drivers/gpu/drm/exynos/exynos_drm_g2d.c b/drivers/gpu/drm/exynos/exynos_drm_g2d.c
index 2a3382d43bc90..fcee33a43aca3 100644
--- a/drivers/gpu/drm/exynos/exynos_drm_g2d.c
+++ b/drivers/gpu/drm/exynos/exynos_drm_g2d.c
@@ -232,6 +232,7 @@ struct g2d_runqueue_node {
struct g2d_data {
struct device *dev;
+ void *dma_priv;
struct clk *gate_clk;
void __iomem *regs;
int irq;
@@ -1409,7 +1410,7 @@ static int g2d_bind(struct device *dev, struct device *master, void *data)
return ret;
}
- ret = exynos_drm_register_dma(drm_dev, dev);
+ ret = exynos_drm_register_dma(drm_dev, dev, &g2d->dma_priv);
if (ret < 0) {
dev_err(dev, "failed to enable iommu.\n");
g2d_fini_cmdlist(g2d);
@@ -1434,7 +1435,7 @@ static void g2d_unbind(struct device *dev, struct device *master, void *data)
priv->g2d_dev = NULL;
cancel_work_sync(&g2d->runqueue_work);
- exynos_drm_unregister_dma(g2d->drm_dev, dev);
+ exynos_drm_unregister_dma(g2d->drm_dev, dev, &g2d->dma_priv);
}
static const struct component_ops g2d_component_ops = {
diff --git a/drivers/gpu/drm/exynos/exynos_drm_gsc.c b/drivers/gpu/drm/exynos/exynos_drm_gsc.c
index 88b6fcaa20be0..45e9aee8366a8 100644
--- a/drivers/gpu/drm/exynos/exynos_drm_gsc.c
+++ b/drivers/gpu/drm/exynos/exynos_drm_gsc.c
@@ -97,6 +97,7 @@ struct gsc_scaler {
struct gsc_context {
struct exynos_drm_ipp ipp;
struct drm_device *drm_dev;
+ void *dma_priv;
struct device *dev;
struct exynos_drm_ipp_task *task;
struct exynos_drm_ipp_formats *formats;
@@ -1169,7 +1170,7 @@ static int gsc_bind(struct device *dev, struct device *master, void *data)
ctx->drm_dev = drm_dev;
ctx->drm_dev = drm_dev;
- exynos_drm_register_dma(drm_dev, dev);
+ exynos_drm_register_dma(drm_dev, dev, &ctx->dma_priv);
exynos_drm_ipp_register(dev, ipp, &ipp_funcs,
DRM_EXYNOS_IPP_CAP_CROP | DRM_EXYNOS_IPP_CAP_ROTATE |
@@ -1189,7 +1190,7 @@ static void gsc_unbind(struct device *dev, struct device *master,
struct exynos_drm_ipp *ipp = &ctx->ipp;
exynos_drm_ipp_unregister(dev, ipp);
- exynos_drm_unregister_dma(drm_dev, dev);
+ exynos_drm_unregister_dma(drm_dev, dev, &ctx->dma_priv);
}
static const struct component_ops gsc_component_ops = {
diff --git a/drivers/gpu/drm/exynos/exynos_drm_rotator.c b/drivers/gpu/drm/exynos/exynos_drm_rotator.c
index b98482990d1ad..dafa87b820529 100644
--- a/drivers/gpu/drm/exynos/exynos_drm_rotator.c
+++ b/drivers/gpu/drm/exynos/exynos_drm_rotator.c
@@ -56,6 +56,7 @@ struct rot_variant {
struct rot_context {
struct exynos_drm_ipp ipp;
struct drm_device *drm_dev;
+ void *dma_priv;
struct device *dev;
void __iomem *regs;
struct clk *clock;
@@ -243,7 +244,7 @@ static int rotator_bind(struct device *dev, struct device *master, void *data)
rot->drm_dev = drm_dev;
ipp->drm_dev = drm_dev;
- exynos_drm_register_dma(drm_dev, dev);
+ exynos_drm_register_dma(drm_dev, dev, &rot->dma_priv);
exynos_drm_ipp_register(dev, ipp, &ipp_funcs,
DRM_EXYNOS_IPP_CAP_CROP | DRM_EXYNOS_IPP_CAP_ROTATE,
@@ -261,7 +262,7 @@ static void rotator_unbind(struct device *dev, struct device *master,
struct exynos_drm_ipp *ipp = &rot->ipp;
exynos_drm_ipp_unregister(dev, ipp);
- exynos_drm_unregister_dma(rot->drm_dev, rot->dev);
+ exynos_drm_unregister_dma(rot->drm_dev, rot->dev, &rot->dma_priv);
}
static const struct component_ops rotator_component_ops = {
diff --git a/drivers/gpu/drm/exynos/exynos_drm_scaler.c b/drivers/gpu/drm/exynos/exynos_drm_scaler.c
index 497973e9b2c55..93c43c8d914ee 100644
--- a/drivers/gpu/drm/exynos/exynos_drm_scaler.c
+++ b/drivers/gpu/drm/exynos/exynos_drm_scaler.c
@@ -39,6 +39,7 @@ struct scaler_data {
struct scaler_context {
struct exynos_drm_ipp ipp;
struct drm_device *drm_dev;
+ void *dma_priv;
struct device *dev;
void __iomem *regs;
struct clk *clock[SCALER_MAX_CLK];
@@ -450,7 +451,7 @@ static int scaler_bind(struct device *dev, struct device *master, void *data)
scaler->drm_dev = drm_dev;
ipp->drm_dev = drm_dev;
- exynos_drm_register_dma(drm_dev, dev);
+ exynos_drm_register_dma(drm_dev, dev, &scaler->dma_priv);
exynos_drm_ipp_register(dev, ipp, &ipp_funcs,
DRM_EXYNOS_IPP_CAP_CROP | DRM_EXYNOS_IPP_CAP_ROTATE |
@@ -470,7 +471,8 @@ static void scaler_unbind(struct device *dev, struct device *master,
struct exynos_drm_ipp *ipp = &scaler->ipp;
exynos_drm_ipp_unregister(dev, ipp);
- exynos_drm_unregister_dma(scaler->drm_dev, scaler->dev);
+ exynos_drm_unregister_dma(scaler->drm_dev, scaler->dev,
+ &scaler->dma_priv);
}
static const struct component_ops scaler_component_ops = {
diff --git a/drivers/gpu/drm/exynos/exynos_mixer.c b/drivers/gpu/drm/exynos/exynos_mixer.c
index 6cfdb95fef2fa..57e5e60577527 100644
--- a/drivers/gpu/drm/exynos/exynos_mixer.c
+++ b/drivers/gpu/drm/exynos/exynos_mixer.c
@@ -94,6 +94,7 @@ struct mixer_context {
struct platform_device *pdev;
struct device *dev;
struct drm_device *drm_dev;
+ void *dma_priv;
struct exynos_drm_crtc *crtc;
struct exynos_drm_plane planes[MIXER_WIN_NR];
unsigned long flags;
@@ -894,12 +895,14 @@ static int mixer_initialize(struct mixer_context *mixer_ctx,
}
}
- return exynos_drm_register_dma(drm_dev, mixer_ctx->dev);
+ return exynos_drm_register_dma(drm_dev, mixer_ctx->dev,
+ &mixer_ctx->dma_priv);
}
static void mixer_ctx_remove(struct mixer_context *mixer_ctx)
{
- exynos_drm_unregister_dma(mixer_ctx->drm_dev, mixer_ctx->dev);
+ exynos_drm_unregister_dma(mixer_ctx->drm_dev, mixer_ctx->dev,
+ &mixer_ctx->dma_priv);
}
static int mixer_enable_vblank(struct exynos_drm_crtc *crtc)
--
2.20.1
^ permalink raw reply related [flat|nested] 180+ messages in thread
* [PATCH 5.5 073/170] iommu/vt-d: Silence RCU-list debugging warnings
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 072/170] drm/exynos: Fix cleanup of IOMMU related objects Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 074/170] ibmvnic: Do not process device remove during device reset Greg Kroah-Hartman
` (96 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qian Cai, Lu Baolu, Joerg Roedel,
Sasha Levin
From: Qian Cai <cai@lca.pw>
[ Upstream commit f5152416528c2295f35dd9c9bd4fb27c4032413d ]
Similar to the commit 02d715b4a818 ("iommu/vt-d: Fix RCU list debugging
warnings"), there are several other places that call
list_for_each_entry_rcu() outside of an RCU read side critical section
but with dmar_global_lock held. Silence those false positives as well.
drivers/iommu/intel-iommu.c:4288 RCU-list traversed in non-reader section!!
1 lock held by swapper/0/1:
#0: ffffffff935892c8 (dmar_global_lock){+.+.}, at: intel_iommu_init+0x1ad/0xb97
drivers/iommu/dmar.c:366 RCU-list traversed in non-reader section!!
1 lock held by swapper/0/1:
#0: ffffffff935892c8 (dmar_global_lock){+.+.}, at: intel_iommu_init+0x125/0xb97
drivers/iommu/intel-iommu.c:5057 RCU-list traversed in non-reader section!!
1 lock held by swapper/0/1:
#0: ffffffffa71892c8 (dmar_global_lock){++++}, at: intel_iommu_init+0x61a/0xb13
Signed-off-by: Qian Cai <cai@lca.pw>
Acked-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/dmar.c | 3 ++-
include/linux/dmar.h | 6 ++++--
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/iommu/dmar.c b/drivers/iommu/dmar.c
index 93f8e646cb0b0..f7a86652a9841 100644
--- a/drivers/iommu/dmar.c
+++ b/drivers/iommu/dmar.c
@@ -371,7 +371,8 @@ dmar_find_dmaru(struct acpi_dmar_hardware_unit *drhd)
{
struct dmar_drhd_unit *dmaru;
- list_for_each_entry_rcu(dmaru, &dmar_drhd_units, list)
+ list_for_each_entry_rcu(dmaru, &dmar_drhd_units, list,
+ dmar_rcu_check())
if (dmaru->segment == drhd->segment &&
dmaru->reg_base_addr == drhd->address)
return dmaru;
diff --git a/include/linux/dmar.h b/include/linux/dmar.h
index 712be8bc6a7c8..d7bf029df737d 100644
--- a/include/linux/dmar.h
+++ b/include/linux/dmar.h
@@ -74,11 +74,13 @@ extern struct list_head dmar_drhd_units;
dmar_rcu_check())
#define for_each_active_drhd_unit(drhd) \
- list_for_each_entry_rcu(drhd, &dmar_drhd_units, list) \
+ list_for_each_entry_rcu(drhd, &dmar_drhd_units, list, \
+ dmar_rcu_check()) \
if (drhd->ignored) {} else
#define for_each_active_iommu(i, drhd) \
- list_for_each_entry_rcu(drhd, &dmar_drhd_units, list) \
+ list_for_each_entry_rcu(drhd, &dmar_drhd_units, list, \
+ dmar_rcu_check()) \
if (i=drhd->iommu, drhd->ignored) {} else
#define for_each_iommu(i, drhd) \
--
2.20.1
^ permalink raw reply related [flat|nested] 180+ messages in thread
* [PATCH 5.5 074/170] ibmvnic: Do not process device remove during device reset
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 073/170] iommu/vt-d: Silence RCU-list debugging warnings Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 075/170] scsi: ipr: Fix softlockup when rescanning devices in petitboot Greg Kroah-Hartman
` (95 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Juliet Kim, David S. Miller, Sasha Levin
From: Juliet Kim <julietk@linux.vnet.ibm.com>
[ Upstream commit 7d7195a026bac47ac9943f11f84b7546276209dd ]
The ibmvnic driver does not check the device state when the device
is removed. If the device is removed while a device reset is being
processed, the remove may free structures needed by the reset,
causing an oops.
Fix this by checking the device state before processing device remove.
Signed-off-by: Juliet Kim <julietk@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/ibm/ibmvnic.c | 24 ++++++++++++++++++++++--
drivers/net/ethernet/ibm/ibmvnic.h | 6 +++++-
2 files changed, 27 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/ibm/ibmvnic.c b/drivers/net/ethernet/ibm/ibmvnic.c
index 830791ab4619c..3c7295056c85d 100644
--- a/drivers/net/ethernet/ibm/ibmvnic.c
+++ b/drivers/net/ethernet/ibm/ibmvnic.c
@@ -2142,6 +2142,8 @@ static void __ibmvnic_reset(struct work_struct *work)
{
struct ibmvnic_rwi *rwi;
struct ibmvnic_adapter *adapter;
+ bool saved_state = false;
+ unsigned long flags;
u32 reset_state;
int rc = 0;
@@ -2153,17 +2155,25 @@ static void __ibmvnic_reset(struct work_struct *work)
return;
}
- reset_state = adapter->state;
-
rwi = get_next_rwi(adapter);
while (rwi) {
+ spin_lock_irqsave(&adapter->state_lock, flags);
+
if (adapter->state == VNIC_REMOVING ||
adapter->state == VNIC_REMOVED) {
+ spin_unlock_irqrestore(&adapter->state_lock, flags);
kfree(rwi);
rc = EBUSY;
break;
}
+ if (!saved_state) {
+ reset_state = adapter->state;
+ adapter->state = VNIC_RESETTING;
+ saved_state = true;
+ }
+ spin_unlock_irqrestore(&adapter->state_lock, flags);
+
if (rwi->reset_reason == VNIC_RESET_CHANGE_PARAM) {
/* CHANGE_PARAM requestor holds rtnl_lock */
rc = do_change_param_reset(adapter, rwi, reset_state);
@@ -5091,6 +5101,7 @@ static int ibmvnic_probe(struct vio_dev *dev, const struct vio_device_id *id)
__ibmvnic_delayed_reset);
INIT_LIST_HEAD(&adapter->rwi_list);
spin_lock_init(&adapter->rwi_lock);
+ spin_lock_init(&adapter->state_lock);
mutex_init(&adapter->fw_lock);
init_completion(&adapter->init_done);
init_completion(&adapter->fw_done);
@@ -5163,8 +5174,17 @@ static int ibmvnic_remove(struct vio_dev *dev)
{
struct net_device *netdev = dev_get_drvdata(&dev->dev);
struct ibmvnic_adapter *adapter = netdev_priv(netdev);
+ unsigned long flags;
+
+ spin_lock_irqsave(&adapter->state_lock, flags);
+ if (adapter->state == VNIC_RESETTING) {
+ spin_unlock_irqrestore(&adapter->state_lock, flags);
+ return -EBUSY;
+ }
adapter->state = VNIC_REMOVING;
+ spin_unlock_irqrestore(&adapter->state_lock, flags);
+
rtnl_lock();
unregister_netdevice(netdev);
diff --git a/drivers/net/ethernet/ibm/ibmvnic.h b/drivers/net/ethernet/ibm/ibmvnic.h
index 60eccaf91b122..f8416e1d4cf09 100644
--- a/drivers/net/ethernet/ibm/ibmvnic.h
+++ b/drivers/net/ethernet/ibm/ibmvnic.h
@@ -941,7 +941,8 @@ enum vnic_state {VNIC_PROBING = 1,
VNIC_CLOSING,
VNIC_CLOSED,
VNIC_REMOVING,
- VNIC_REMOVED};
+ VNIC_REMOVED,
+ VNIC_RESETTING};
enum ibmvnic_reset_reason {VNIC_RESET_FAILOVER = 1,
VNIC_RESET_MOBILITY,
@@ -1090,4 +1091,7 @@ struct ibmvnic_adapter {
struct ibmvnic_tunables desired;
struct ibmvnic_tunables fallback;
+
+ /* Used for serializatin of state field */
+ spinlock_t state_lock;
};
--
2.20.1
^ permalink raw reply related [flat|nested] 180+ messages in thread
* [PATCH 5.5 075/170] scsi: ipr: Fix softlockup when rescanning devices in petitboot
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 074/170] ibmvnic: Do not process device remove during device reset Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 076/170] mac80211: Do not send mesh HWMP PREQ if HWMP is disabled Greg Kroah-Hartman
` (94 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Xiong, Martin K. Petersen, Sasha Levin
From: Wen Xiong <wenxiong@linux.vnet.ibm.com>
[ Upstream commit 394b61711f3ce33f75bf70a3e22938464a13b3ee ]
When trying to rescan disks in petitboot shell, we hit the following
softlockup stacktrace:
Kernel panic - not syncing: System is deadlocked on memory
[ 241.223394] CPU: 32 PID: 693 Comm: sh Not tainted 5.4.16-openpower1 #1
[ 241.223406] Call Trace:
[ 241.223415] [c0000003f07c3180] [c000000000493fc4] dump_stack+0xa4/0xd8 (unreliable)
[ 241.223432] [c0000003f07c31c0] [c00000000007d4ac] panic+0x148/0x3cc
[ 241.223446] [c0000003f07c3260] [c000000000114b10] out_of_memory+0x468/0x4c4
[ 241.223461] [c0000003f07c3300] [c0000000001472b0] __alloc_pages_slowpath+0x594/0x6d8
[ 241.223476] [c0000003f07c3420] [c00000000014757c] __alloc_pages_nodemask+0x188/0x1a4
[ 241.223492] [c0000003f07c34a0] [c000000000153e10] alloc_pages_current+0xcc/0xd8
[ 241.223508] [c0000003f07c34e0] [c0000000001577ac] alloc_slab_page+0x30/0x98
[ 241.223524] [c0000003f07c3520] [c0000000001597fc] new_slab+0x138/0x40c
[ 241.223538] [c0000003f07c35f0] [c00000000015b204] ___slab_alloc+0x1e4/0x404
[ 241.223552] [c0000003f07c36c0] [c00000000015b450] __slab_alloc+0x2c/0x48
[ 241.223566] [c0000003f07c36f0] [c00000000015b754] kmem_cache_alloc_node+0x9c/0x1b4
[ 241.223582] [c0000003f07c3760] [c000000000218c48] blk_alloc_queue_node+0x34/0x270
[ 241.223599] [c0000003f07c37b0] [c000000000226574] blk_mq_init_queue+0x2c/0x78
[ 241.223615] [c0000003f07c37e0] [c0000000002ff710] scsi_mq_alloc_queue+0x28/0x70
[ 241.223631] [c0000003f07c3810] [c0000000003005b8] scsi_alloc_sdev+0x184/0x264
[ 241.223647] [c0000003f07c38a0] [c000000000300ba0] scsi_probe_and_add_lun+0x288/0xa3c
[ 241.223663] [c0000003f07c3a00] [c000000000301768] __scsi_scan_target+0xcc/0x478
[ 241.223679] [c0000003f07c3b20] [c000000000301c64] scsi_scan_channel.part.9+0x74/0x7c
[ 241.223696] [c0000003f07c3b70] [c000000000301df4] scsi_scan_host_selected+0xe0/0x158
[ 241.223712] [c0000003f07c3bd0] [c000000000303f04] store_scan+0x104/0x114
[ 241.223727] [c0000003f07c3cb0] [c0000000002d5ac4] dev_attr_store+0x30/0x4c
[ 241.223741] [c0000003f07c3cd0] [c0000000001dbc34] sysfs_kf_write+0x64/0x78
[ 241.223756] [c0000003f07c3cf0] [c0000000001da858] kernfs_fop_write+0x170/0x1b8
[ 241.223773] [c0000003f07c3d40] [c0000000001621fc] __vfs_write+0x34/0x60
[ 241.223787] [c0000003f07c3d60] [c000000000163c2c] vfs_write+0xa8/0xcc
[ 241.223802] [c0000003f07c3db0] [c000000000163df4] ksys_write+0x70/0xbc
[ 241.223816] [c0000003f07c3e20] [c00000000000b40c] system_call+0x5c/0x68
As a part of the scan process Linux will allocate and configure a
scsi_device for each target to be scanned. If the device is not present,
then the scsi_device is torn down. As a part of scsi_device teardown a
workqueue item will be scheduled and the lockups we see are because there
are 250k workqueue items to be processed. Accoding to the specification of
SIS-64 sas controller, max_channel should be decreased on SIS-64 adapters
to 4.
The patch fixes softlockup issue.
Thanks for Oliver Halloran's help with debugging and explanation!
Link: https://lore.kernel.org/r/1583510248-23672-1-git-send-email-wenxiong@linux.vnet.ibm.com
Signed-off-by: Wen Xiong <wenxiong@linux.vnet.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/ipr.c | 3 ++-
drivers/scsi/ipr.h | 1 +
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/ipr.c b/drivers/scsi/ipr.c
index 079c04bc448af..7a57b61f0340e 100644
--- a/drivers/scsi/ipr.c
+++ b/drivers/scsi/ipr.c
@@ -9947,6 +9947,7 @@ static void ipr_init_ioa_cfg(struct ipr_ioa_cfg *ioa_cfg,
ioa_cfg->max_devs_supported = ipr_max_devs;
if (ioa_cfg->sis64) {
+ host->max_channel = IPR_MAX_SIS64_BUSES;
host->max_id = IPR_MAX_SIS64_TARGETS_PER_BUS;
host->max_lun = IPR_MAX_SIS64_LUNS_PER_TARGET;
if (ipr_max_devs > IPR_MAX_SIS64_DEVS)
@@ -9955,6 +9956,7 @@ static void ipr_init_ioa_cfg(struct ipr_ioa_cfg *ioa_cfg,
+ ((sizeof(struct ipr_config_table_entry64)
* ioa_cfg->max_devs_supported)));
} else {
+ host->max_channel = IPR_VSET_BUS;
host->max_id = IPR_MAX_NUM_TARGETS_PER_BUS;
host->max_lun = IPR_MAX_NUM_LUNS_PER_TARGET;
if (ipr_max_devs > IPR_MAX_PHYSICAL_DEVS)
@@ -9964,7 +9966,6 @@ static void ipr_init_ioa_cfg(struct ipr_ioa_cfg *ioa_cfg,
* ioa_cfg->max_devs_supported)));
}
- host->max_channel = IPR_VSET_BUS;
host->unique_id = host->host_no;
host->max_cmd_len = IPR_MAX_CDB_LEN;
host->can_queue = ioa_cfg->max_cmds;
diff --git a/drivers/scsi/ipr.h b/drivers/scsi/ipr.h
index a67baeb36d1f7..b97aa9ac2ffe5 100644
--- a/drivers/scsi/ipr.h
+++ b/drivers/scsi/ipr.h
@@ -1300,6 +1300,7 @@ struct ipr_resource_entry {
#define IPR_ARRAY_VIRTUAL_BUS 0x1
#define IPR_VSET_VIRTUAL_BUS 0x2
#define IPR_IOAFP_VIRTUAL_BUS 0x3
+#define IPR_MAX_SIS64_BUSES 0x4
#define IPR_GET_RES_PHYS_LOC(res) \
(((res)->bus << 24) | ((res)->target << 8) | (res)->lun)
--
2.20.1
^ permalink raw reply related [flat|nested] 180+ messages in thread
* [PATCH 5.5 076/170] mac80211: Do not send mesh HWMP PREQ if HWMP is disabled
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 075/170] scsi: ipr: Fix softlockup when rescanning devices in petitboot Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 077/170] dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom Greg Kroah-Hartman
` (93 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Cavallari, Johannes Berg,
Sasha Levin
From: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
[ Upstream commit ba32679cac50c38fdf488296f96b1f3175532b8e ]
When trying to transmit to an unknown destination, the mesh code would
unconditionally transmit a HWMP PREQ even if HWMP is not the current
path selection algorithm.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Link: https://lore.kernel.org/r/20200305140409.12204-1-cavallar@lri.fr
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/mesh_hwmp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c
index d699833703819..38a0383dfbcfa 100644
--- a/net/mac80211/mesh_hwmp.c
+++ b/net/mac80211/mesh_hwmp.c
@@ -1152,7 +1152,8 @@ int mesh_nexthop_resolve(struct ieee80211_sub_if_data *sdata,
}
}
- if (!(mpath->flags & MESH_PATH_RESOLVING))
+ if (!(mpath->flags & MESH_PATH_RESOLVING) &&
+ mesh_path_sel_is_hwmp(sdata))
mesh_queue_preq(mpath, PREQ_Q_F_START);
if (skb_queue_len(&mpath->frame_queue) >= MESH_FRAME_QUEUE_LEN)
--
2.20.1
^ permalink raw reply related [flat|nested] 180+ messages in thread
* [PATCH 5.5 077/170] dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 076/170] mac80211: Do not send mesh HWMP PREQ if HWMP is disabled Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 078/170] sxgbe: Fix off by one in samsung driver strncpy size arg Greg Kroah-Hartman
` (92 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nathan Chancellor, Madalin Bucur,
David S. Miller, Sasha Levin
From: Nathan Chancellor <natechancellor@gmail.com>
[ Upstream commit 7395f62d95aafacdb9bd4996ec2f95b4a655d7e6 ]
Clang warns:
drivers/net/ethernet/freescale/dpaa/dpaa_eth.c:2860:9: warning:
converting the result of '?:' with integer constants to a boolean always
evaluates to 'true' [-Wtautological-constant-compare]
return DPAA_FD_DATA_ALIGNMENT ? ALIGN(headroom,
^
drivers/net/ethernet/freescale/dpaa/dpaa_eth.c:131:34: note: expanded
from macro 'DPAA_FD_DATA_ALIGNMENT'
\#define DPAA_FD_DATA_ALIGNMENT (fman_has_errata_a050385() ? 64 : 16)
^
1 warning generated.
This was exposed by commit 3c68b8fffb48 ("dpaa_eth: FMan erratum A050385
workaround") even though it appears to have been an issue since the
introductory commit 9ad1a3749333 ("dpaa_eth: add support for DPAA
Ethernet") since DPAA_FD_DATA_ALIGNMENT has never been able to be zero.
Just replace the whole boolean expression with the true branch, as it is
always been true.
Link: https://github.com/ClangBuiltLinux/linux/issues/928
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Reviewed-by: Madalin Bucur <madalin.bucur@oss.nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c b/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c
index 36e2e28fa6e38..1e8dcae5f4b40 100644
--- a/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c
+++ b/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c
@@ -2845,9 +2845,7 @@ static inline u16 dpaa_get_headroom(struct dpaa_buffer_layout *bl)
headroom = (u16)(bl->priv_data_size + DPAA_PARSE_RESULTS_SIZE +
DPAA_TIME_STAMP_SIZE + DPAA_HASH_RESULTS_SIZE);
- return DPAA_FD_DATA_ALIGNMENT ? ALIGN(headroom,
- DPAA_FD_DATA_ALIGNMENT) :
- headroom;
+ return ALIGN(headroom, DPAA_FD_DATA_ALIGNMENT);
}
static int dpaa_eth_probe(struct platform_device *pdev)
--
2.20.1
^ permalink raw reply related [flat|nested] 180+ messages in thread
* [PATCH 5.5 078/170] sxgbe: Fix off by one in samsung driver strncpy size arg
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 077/170] dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 079/170] iommu/vt-d: Fix debugfs register reads Greg Kroah-Hartman
` (91 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dominik Czarnota, David S. Miller,
Sasha Levin
From: Dominik Czarnota <dominik.b.czarnota@gmail.com>
[ Upstream commit f3cc008bf6d59b8d93b4190e01d3e557b0040e15 ]
This patch fixes an off-by-one error in strncpy size argument in
drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c. The issue is that in:
strncmp(opt, "eee_timer:", 6)
the passed string literal: "eee_timer:" has 10 bytes (without the NULL
byte) and the passed size argument is 6. As a result, the logic will
also accept other, malformed strings, e.g. "eee_tiXXX:".
This bug doesn't seem to have any security impact since its present in
module's cmdline parsing code.
Signed-off-by: Dominik Czarnota <dominik.b.czarnota@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c b/drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c
index 52ed111d98f4d..15e3f668218b1 100644
--- a/drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c
+++ b/drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c
@@ -2279,7 +2279,7 @@ static int __init sxgbe_cmdline_opt(char *str)
if (!str || !*str)
return -EINVAL;
while ((opt = strsep(&str, ",")) != NULL) {
- if (!strncmp(opt, "eee_timer:", 6)) {
+ if (!strncmp(opt, "eee_timer:", 10)) {
if (kstrtoint(opt + 10, 0, &eee_timer))
goto err;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 180+ messages in thread
* [PATCH 5.5 079/170] iommu/vt-d: Fix debugfs register reads
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 078/170] sxgbe: Fix off by one in samsung driver strncpy size arg Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 080/170] iommu/vt-d: Populate debugfs if IOMMUs are detected Greg Kroah-Hartman
` (90 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Megha Dey, Lu Baolu, Joerg Roedel,
Sasha Levin
From: Megha Dey <megha.dey@linux.intel.com>
[ Upstream commit ba3b01d7a6f4ab9f8a0557044c9a7678f64ae070 ]
Commit 6825d3ea6cde ("iommu/vt-d: Add debugfs support to show register
contents") dumps the register contents for all IOMMU devices.
Currently, a 64 bit read(dmar_readq) is done for all the IOMMU registers,
even though some of the registers are 32 bits, which is incorrect.
Use the correct read function variant (dmar_readl/dmar_readq) while
reading the contents of 32/64 bit registers respectively.
Signed-off-by: Megha Dey <megha.dey@linux.intel.com>
Link: https://lore.kernel.org/r/1583784587-26126-2-git-send-email-megha.dey@linux.intel.com
Acked-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/intel-iommu-debugfs.c | 40 ++++++++++++++++++-----------
include/linux/intel-iommu.h | 2 ++
2 files changed, 27 insertions(+), 15 deletions(-)
diff --git a/drivers/iommu/intel-iommu-debugfs.c b/drivers/iommu/intel-iommu-debugfs.c
index 471f05d452e01..80378c10dd77a 100644
--- a/drivers/iommu/intel-iommu-debugfs.c
+++ b/drivers/iommu/intel-iommu-debugfs.c
@@ -32,38 +32,42 @@ struct iommu_regset {
#define IOMMU_REGSET_ENTRY(_reg_) \
{ DMAR_##_reg_##_REG, __stringify(_reg_) }
-static const struct iommu_regset iommu_regs[] = {
+
+static const struct iommu_regset iommu_regs_32[] = {
IOMMU_REGSET_ENTRY(VER),
- IOMMU_REGSET_ENTRY(CAP),
- IOMMU_REGSET_ENTRY(ECAP),
IOMMU_REGSET_ENTRY(GCMD),
IOMMU_REGSET_ENTRY(GSTS),
- IOMMU_REGSET_ENTRY(RTADDR),
- IOMMU_REGSET_ENTRY(CCMD),
IOMMU_REGSET_ENTRY(FSTS),
IOMMU_REGSET_ENTRY(FECTL),
IOMMU_REGSET_ENTRY(FEDATA),
IOMMU_REGSET_ENTRY(FEADDR),
IOMMU_REGSET_ENTRY(FEUADDR),
- IOMMU_REGSET_ENTRY(AFLOG),
IOMMU_REGSET_ENTRY(PMEN),
IOMMU_REGSET_ENTRY(PLMBASE),
IOMMU_REGSET_ENTRY(PLMLIMIT),
+ IOMMU_REGSET_ENTRY(ICS),
+ IOMMU_REGSET_ENTRY(PRS),
+ IOMMU_REGSET_ENTRY(PECTL),
+ IOMMU_REGSET_ENTRY(PEDATA),
+ IOMMU_REGSET_ENTRY(PEADDR),
+ IOMMU_REGSET_ENTRY(PEUADDR),
+};
+
+static const struct iommu_regset iommu_regs_64[] = {
+ IOMMU_REGSET_ENTRY(CAP),
+ IOMMU_REGSET_ENTRY(ECAP),
+ IOMMU_REGSET_ENTRY(RTADDR),
+ IOMMU_REGSET_ENTRY(CCMD),
+ IOMMU_REGSET_ENTRY(AFLOG),
IOMMU_REGSET_ENTRY(PHMBASE),
IOMMU_REGSET_ENTRY(PHMLIMIT),
IOMMU_REGSET_ENTRY(IQH),
IOMMU_REGSET_ENTRY(IQT),
IOMMU_REGSET_ENTRY(IQA),
- IOMMU_REGSET_ENTRY(ICS),
IOMMU_REGSET_ENTRY(IRTA),
IOMMU_REGSET_ENTRY(PQH),
IOMMU_REGSET_ENTRY(PQT),
IOMMU_REGSET_ENTRY(PQA),
- IOMMU_REGSET_ENTRY(PRS),
- IOMMU_REGSET_ENTRY(PECTL),
- IOMMU_REGSET_ENTRY(PEDATA),
- IOMMU_REGSET_ENTRY(PEADDR),
- IOMMU_REGSET_ENTRY(PEUADDR),
IOMMU_REGSET_ENTRY(MTRRCAP),
IOMMU_REGSET_ENTRY(MTRRDEF),
IOMMU_REGSET_ENTRY(MTRR_FIX64K_00000),
@@ -126,10 +130,16 @@ static int iommu_regset_show(struct seq_file *m, void *unused)
* by adding the offset to the pointer (virtual address).
*/
raw_spin_lock_irqsave(&iommu->register_lock, flag);
- for (i = 0 ; i < ARRAY_SIZE(iommu_regs); i++) {
- value = dmar_readq(iommu->reg + iommu_regs[i].offset);
+ for (i = 0 ; i < ARRAY_SIZE(iommu_regs_32); i++) {
+ value = dmar_readl(iommu->reg + iommu_regs_32[i].offset);
+ seq_printf(m, "%-16s\t0x%02x\t\t0x%016llx\n",
+ iommu_regs_32[i].regs, iommu_regs_32[i].offset,
+ value);
+ }
+ for (i = 0 ; i < ARRAY_SIZE(iommu_regs_64); i++) {
+ value = dmar_readq(iommu->reg + iommu_regs_64[i].offset);
seq_printf(m, "%-16s\t0x%02x\t\t0x%016llx\n",
- iommu_regs[i].regs, iommu_regs[i].offset,
+ iommu_regs_64[i].regs, iommu_regs_64[i].offset,
value);
}
raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
diff --git a/include/linux/intel-iommu.h b/include/linux/intel-iommu.h
index 6d8bf4bdf240d..1e5dad8b8e59b 100644
--- a/include/linux/intel-iommu.h
+++ b/include/linux/intel-iommu.h
@@ -120,6 +120,8 @@
#define dmar_readq(a) readq(a)
#define dmar_writeq(a,v) writeq(v,a)
+#define dmar_readl(a) readl(a)
+#define dmar_writel(a, v) writel(v, a)
#define DMAR_VER_MAJOR(v) (((v) & 0xf0) >> 4)
#define DMAR_VER_MINOR(v) ((v) & 0x0f)
--
2.20.1
^ permalink raw reply related [flat|nested] 180+ messages in thread
* [PATCH 5.5 080/170] iommu/vt-d: Populate debugfs if IOMMUs are detected
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 079/170] iommu/vt-d: Fix debugfs register reads Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 081/170] i2c: hix5hd2: add missed clk_disable_unprepare in remove Greg Kroah-Hartman
` (89 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Megha Dey, Lu Baolu,
Joerg Roedel, Sasha Levin
From: Megha Dey <megha.dey@linux.intel.com>
[ Upstream commit 1da8347d8505c137fb07ff06bbcd3f2bf37409bc ]
Currently, the intel iommu debugfs directory(/sys/kernel/debug/iommu/intel)
gets populated only when DMA remapping is enabled (dmar_disabled = 0)
irrespective of whether interrupt remapping is enabled or not.
Instead, populate the intel iommu debugfs directory if any IOMMUs are
detected.
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Fixes: ee2636b8670b1 ("iommu/vt-d: Enable base Intel IOMMU debugfs support")
Signed-off-by: Megha Dey <megha.dey@linux.intel.com>
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/intel-iommu-debugfs.c | 11 ++++++++++-
drivers/iommu/intel-iommu.c | 4 +++-
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/drivers/iommu/intel-iommu-debugfs.c b/drivers/iommu/intel-iommu-debugfs.c
index 80378c10dd77a..bdf095e9dbe03 100644
--- a/drivers/iommu/intel-iommu-debugfs.c
+++ b/drivers/iommu/intel-iommu-debugfs.c
@@ -281,9 +281,16 @@ static int dmar_translation_struct_show(struct seq_file *m, void *unused)
{
struct dmar_drhd_unit *drhd;
struct intel_iommu *iommu;
+ u32 sts;
rcu_read_lock();
for_each_active_iommu(iommu, drhd) {
+ sts = dmar_readl(iommu->reg + DMAR_GSTS_REG);
+ if (!(sts & DMA_GSTS_TES)) {
+ seq_printf(m, "DMA Remapping is not enabled on %s\n",
+ iommu->name);
+ continue;
+ }
root_tbl_walk(m, iommu);
seq_putc(m, '\n');
}
@@ -353,6 +360,7 @@ static int ir_translation_struct_show(struct seq_file *m, void *unused)
struct dmar_drhd_unit *drhd;
struct intel_iommu *iommu;
u64 irta;
+ u32 sts;
rcu_read_lock();
for_each_active_iommu(iommu, drhd) {
@@ -362,7 +370,8 @@ static int ir_translation_struct_show(struct seq_file *m, void *unused)
seq_printf(m, "Remapped Interrupt supported on IOMMU: %s\n",
iommu->name);
- if (iommu->ir_table) {
+ sts = dmar_readl(iommu->reg + DMAR_GSTS_REG);
+ if (iommu->ir_table && (sts & DMA_GSTS_IRES)) {
irta = virt_to_phys(iommu->ir_table->base);
seq_printf(m, " IR table address:%llx\n", irta);
ir_tbl_remap_entry_show(m, iommu);
diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
index 10176d8ea3e65..7f31775e9b554 100644
--- a/drivers/iommu/intel-iommu.c
+++ b/drivers/iommu/intel-iommu.c
@@ -5005,6 +5005,9 @@ int __init intel_iommu_init(void)
down_write(&dmar_global_lock);
+ if (!no_iommu)
+ intel_iommu_debugfs_init();
+
if (no_iommu || dmar_disabled) {
/*
* We exit the function here to ensure IOMMU's remapping and
@@ -5100,7 +5103,6 @@ int __init intel_iommu_init(void)
pr_info("Intel(R) Virtualization Technology for Directed I/O\n");
intel_iommu_enabled = 1;
- intel_iommu_debugfs_init();
return 0;
--
2.20.1
^ permalink raw reply related [flat|nested] 180+ messages in thread
* [PATCH 5.5 081/170] i2c: hix5hd2: add missed clk_disable_unprepare in remove
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 080/170] iommu/vt-d: Populate debugfs if IOMMUs are detected Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 082/170] Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger() Greg Kroah-Hartman
` (88 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chuhong Yuan, Wolfram Sang, stable
From: Chuhong Yuan <hslester96@gmail.com>
commit e1b9f99ff8c40bba6e59de9ad4a659447b1e4112 upstream.
The driver forgets to disable and unprepare clk when remove.
Add a call to clk_disable_unprepare to fix it.
Signed-off-by: Chuhong Yuan <hslester96@gmail.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/i2c/busses/i2c-hix5hd2.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/i2c/busses/i2c-hix5hd2.c
+++ b/drivers/i2c/busses/i2c-hix5hd2.c
@@ -477,6 +477,7 @@ static int hix5hd2_i2c_remove(struct pla
i2c_del_adapter(&priv->adap);
pm_runtime_disable(priv->dev);
pm_runtime_set_suspended(priv->dev);
+ clk_disable_unprepare(priv->clk);
return 0;
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 082/170] Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger()
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 081/170] i2c: hix5hd2: add missed clk_disable_unprepare in remove Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 083/170] Input: fix stale timestamp on key autorepeat events Greg Kroah-Hartman
` (87 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Dmitry Torokhov
From: Dan Carpenter <dan.carpenter@oracle.com>
commit 32cf3a610c35cb21e3157f4bbf29d89960e30a36 upstream.
These functions are supposed to return negative error codes but instead
it returns true on failure and false on success. The error codes are
eventually propagated back to user space.
Fixes: 48a2b783483b ("Input: add Raydium I2C touchscreen driver")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20200303101306.4potflz7na2nn3od@kili.mountain
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/input/touchscreen/raydium_i2c_ts.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/input/touchscreen/raydium_i2c_ts.c
+++ b/drivers/input/touchscreen/raydium_i2c_ts.c
@@ -432,7 +432,7 @@ static int raydium_i2c_write_object(stru
return 0;
}
-static bool raydium_i2c_boot_trigger(struct i2c_client *client)
+static int raydium_i2c_boot_trigger(struct i2c_client *client)
{
static const u8 cmd[7][6] = {
{ 0x08, 0x0C, 0x09, 0x00, 0x50, 0xD7 },
@@ -457,10 +457,10 @@ static bool raydium_i2c_boot_trigger(str
}
}
- return false;
+ return 0;
}
-static bool raydium_i2c_fw_trigger(struct i2c_client *client)
+static int raydium_i2c_fw_trigger(struct i2c_client *client)
{
static const u8 cmd[5][11] = {
{ 0, 0x09, 0x71, 0x0C, 0x09, 0x00, 0x50, 0xD7, 0, 0, 0 },
@@ -483,7 +483,7 @@ static bool raydium_i2c_fw_trigger(struc
}
}
- return false;
+ return 0;
}
static int raydium_i2c_check_path(struct i2c_client *client)
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 083/170] Input: fix stale timestamp on key autorepeat events
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 082/170] Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger() Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 084/170] Input: synaptics - enable RMI on HP Envy 13-ad105ng Greg Kroah-Hartman
` (86 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, teika kazura, Dmitry Torokhov
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
commit 4134252ab7e2c339a54302b88496cb5a89cdbaec upstream.
We need to refresh timestamp when emitting key autorepeat events, otherwise
they will carry timestamp of the original key press event.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=206929
Fixes: 3b51c44bd693 ("Input: allow drivers specify timestamp for input events")
Cc: stable@vger.kernel.org
Reported-by: teika kazura <teika@gmx.com>
Tested-by: teika kazura <teika@gmx.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/input/input.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/input/input.c
+++ b/drivers/input/input.c
@@ -190,6 +190,7 @@ static void input_repeat_key(struct time
input_value_sync
};
+ input_set_timestamp(dev, ktime_get());
input_pass_values(dev, vals, ARRAY_SIZE(vals));
if (dev->rep[REP_PERIOD])
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 084/170] Input: synaptics - enable RMI on HP Envy 13-ad105ng
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 083/170] Input: fix stale timestamp on key autorepeat events Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 085/170] Input: avoid BIT() macro usage in the serio.h UAPI header Greg Kroah-Hartman
` (85 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Yussuf Khalil, Dmitry Torokhov
From: Yussuf Khalil <dev@pp3345.net>
commit 1369d0abe469fb4cdea8a5bce219d38cb857a658 upstream.
This laptop (and perhaps other variants of the same model) reports an
SMBus-capable Synaptics touchpad. Everything (including suspend and
resume) works fine when RMI is enabled via the kernel command line, so
let's add it to the whitelist.
Signed-off-by: Yussuf Khalil <dev@pp3345.net>
Link: https://lore.kernel.org/r/20200307213508.267187-1-dev@pp3345.net
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/input/mouse/synaptics.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/input/mouse/synaptics.c
+++ b/drivers/input/mouse/synaptics.c
@@ -186,6 +186,7 @@ static const char * const smbus_pnp_ids[
"SYN3052", /* HP EliteBook 840 G4 */
"SYN3221", /* HP 15-ay000 */
"SYN323d", /* HP Spectre X360 13-w013dx */
+ "SYN3257", /* HP Envy 13-ad105ng */
NULL
};
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 085/170] Input: avoid BIT() macro usage in the serio.h UAPI header
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 084/170] Input: synaptics - enable RMI on HP Envy 13-ad105ng Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 086/170] IB/rdmavt: Free kernel completion queue when done Greg Kroah-Hartman
` (84 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eugene Syromiatnikov, Dmitry Torokhov
From: Eugene Syromiatnikov <esyr@redhat.com>
commit 52afa505a03d914081f40cb869a3248567a57573 upstream.
The commit 19ba1eb15a2a ("Input: psmouse - add a custom serio protocol
to send extra information") introduced usage of the BIT() macro
for SERIO_* flags; this macro is not provided in UAPI headers.
Replace if with similarly defined _BITUL() macro defined
in <linux/const.h>.
Fixes: 19ba1eb15a2a ("Input: psmouse - add a custom serio protocol to send extra information")
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
Cc: <stable@vger.kernel.org> # v5.0+
Link: https://lore.kernel.org/r/20200324041341.GA32335@asgard.redhat.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/uapi/linux/serio.h | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/include/uapi/linux/serio.h
+++ b/include/uapi/linux/serio.h
@@ -9,7 +9,7 @@
#ifndef _UAPI_SERIO_H
#define _UAPI_SERIO_H
-
+#include <linux/const.h>
#include <linux/ioctl.h>
#define SPIOCSTYPE _IOW('q', 0x01, unsigned long)
@@ -18,10 +18,10 @@
/*
* bit masks for use in "interrupt" flags (3rd argument)
*/
-#define SERIO_TIMEOUT BIT(0)
-#define SERIO_PARITY BIT(1)
-#define SERIO_FRAME BIT(2)
-#define SERIO_OOB_DATA BIT(3)
+#define SERIO_TIMEOUT _BITUL(0)
+#define SERIO_PARITY _BITUL(1)
+#define SERIO_FRAME _BITUL(2)
+#define SERIO_OOB_DATA _BITUL(3)
/*
* Serio types
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 086/170] IB/rdmavt: Free kernel completion queue when done
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 085/170] Input: avoid BIT() macro usage in the serio.h UAPI header Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 087/170] RDMA/core: Fix missing error check on dev_set_name() Greg Kroah-Hartman
` (83 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yi Zhang, Mike Marciniszyn,
Dennis Dalessandro, Kaike Wan, Jason Gunthorpe
From: Kaike Wan <kaike.wan@intel.com>
commit 941224e09483ea3428ffc6402de56a4a2e2cb6da upstream.
When a kernel ULP requests the rdmavt to create a completion queue, it
allocated the queue and set cq->kqueue to point to it. However, when the
completion queue is destroyed, cq->queue is freed instead, leading to a
memory leak:
https://lore.kernel.org/r/215235485.15264050.1583334487658.JavaMail.zimbra@redhat.com
unreferenced object 0xffffc90006639000 (size 12288):
comm "kworker/u128:0", pid 8, jiffies 4295777598 (age 589.085s)
hex dump (first 32 bytes):
4d 00 00 00 4d 00 00 00 00 c0 08 ac 8b 88 ff ff M...M...........
00 00 00 00 80 00 00 00 00 00 00 00 10 00 00 00 ................
backtrace:
[<0000000035a3d625>] __vmalloc_node_range+0x361/0x720
[<000000002942ce4f>] __vmalloc_node.constprop.30+0x63/0xb0
[<00000000f228f784>] rvt_create_cq+0x98a/0xd80 [rdmavt]
[<00000000b84aec66>] __ib_alloc_cq_user+0x281/0x1260 [ib_core]
[<00000000ef3764be>] nvme_rdma_cm_handler+0xdb7/0x1b80 [nvme_rdma]
[<00000000936b401c>] cma_cm_event_handler+0xb7/0x550 [rdma_cm]
[<00000000d9c40b7b>] addr_handler+0x195/0x310 [rdma_cm]
[<00000000c7398a03>] process_one_req+0xdd/0x600 [ib_core]
[<000000004d29675b>] process_one_work+0x920/0x1740
[<00000000efedcdb5>] worker_thread+0x87/0xb40
[<000000005688b340>] kthread+0x327/0x3f0
[<0000000043a168d6>] ret_from_fork+0x3a/0x50
This patch fixes the issue by freeing cq->kqueue instead.
Fixes: 239b0e52d8aa ("IB/hfi1: Move rvt_cq_wc struct into uapi directory")
Link: https://lore.kernel.org/r/20200313123957.14343.43879.stgit@awfm-01.aw.intel.com
Cc: <stable@vger.kernel.org> # 5.4.x
Reported-by: Yi Zhang <yi.zhang@redhat.com>
Reviewed-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Reviewed-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Kaike Wan <kaike.wan@intel.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/sw/rdmavt/cq.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/infiniband/sw/rdmavt/cq.c
+++ b/drivers/infiniband/sw/rdmavt/cq.c
@@ -327,7 +327,7 @@ void rvt_destroy_cq(struct ib_cq *ibcq,
if (cq->ip)
kref_put(&cq->ip->ref, rvt_release_mmap_info);
else
- vfree(cq->queue);
+ vfree(cq->kqueue);
}
/**
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 087/170] RDMA/core: Fix missing error check on dev_set_name()
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 086/170] IB/rdmavt: Free kernel completion queue when done Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 088/170] RDMA/odp: Fix leaking the tgid for implicit ODP Greg Kroah-Hartman
` (82 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, syzbot+ab4dae63f7d310641ded,
Jason Gunthorpe
From: Jason Gunthorpe <jgg@mellanox.com>
commit f2f2b3bbf0d9f8d090b9a019679223b2bd1c66c4 upstream.
If name memory allocation fails the name will be left empty and
device_add_one() will crash:
kobject: (0000000004952746): attempted to be registered with empty name!
WARNING: CPU: 0 PID: 329 at lib/kobject.c:234 kobject_add_internal+0x7ac/0x9a0 lib/kobject.c:234
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 329 Comm: syz-executor.5 Not tainted 5.6.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x197/0x210 lib/dump_stack.c:118
panic+0x2e3/0x75c kernel/panic.c:221
__warn.cold+0x2f/0x3e kernel/panic.c:582
report_bug+0x289/0x300 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
fixup_bug arch/x86/kernel/traps.c:169 [inline]
do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:267
do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:kobject_add_internal+0x7ac/0x9a0 lib/kobject.c:234
Code: 1a 98 ca f9 e9 f0 f8 ff ff 4c 89 f7 e8 6d 98 ca f9 e9 95 f9 ff ff e8 c3 f0 8b f9 4c 89 e6 48 c7 c7 a0 0e 1a 89 e8 e3 41 5c f9 <0f> 0b 41 bd ea ff ff ff e9 52 ff ff ff e8 a2 f0 8b f9 0f 0b e8 9b
RSP: 0018:ffffc90005b27908 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000040000 RSI: ffffffff815eae46 RDI: fffff52000b64f13
RBP: ffffc90005b27960 R08: ffff88805aeba480 R09: ffffed1015d06659
R10: ffffed1015d06658 R11: ffff8880ae8332c7 R12: ffff8880a37fd000
R13: 0000000000000000 R14: ffff888096691780 R15: 0000000000000001
kobject_add_varg lib/kobject.c:390 [inline]
kobject_add+0x150/0x1c0 lib/kobject.c:442
device_add+0x3be/0x1d00 drivers/base/core.c:2412
add_one_compat_dev drivers/infiniband/core/device.c:901 [inline]
add_one_compat_dev+0x46a/0x7e0 drivers/infiniband/core/device.c:857
rdma_dev_init_net+0x2eb/0x490 drivers/infiniband/core/device.c:1120
ops_init+0xb3/0x420 net/core/net_namespace.c:137
setup_net+0x2d5/0x8b0 net/core/net_namespace.c:327
copy_net_ns+0x29e/0x5a0 net/core/net_namespace.c:468
create_new_namespaces+0x403/0xb50 kernel/nsproxy.c:108
unshare_nsproxy_namespaces+0xc2/0x200 kernel/nsproxy.c:229
ksys_unshare+0x444/0x980 kernel/fork.c:2955
__do_sys_unshare kernel/fork.c:3023 [inline]
__se_sys_unshare kernel/fork.c:3021 [inline]
__x64_sys_unshare+0x31/0x40 kernel/fork.c:3021
do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Link: https://lore.kernel.org/r/20200309193200.GA10633@ziepe.ca
Cc: stable@kernel.org
Fixes: 4e0f7b907072 ("RDMA/core: Implement compat device/sysfs tree in net namespace")
Reported-by: syzbot+ab4dae63f7d310641ded@syzkaller.appspotmail.com
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/core/device.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/infiniband/core/device.c
+++ b/drivers/infiniband/core/device.c
@@ -896,7 +896,9 @@ static int add_one_compat_dev(struct ib_
cdev->dev.parent = device->dev.parent;
rdma_init_coredev(cdev, device, read_pnet(&rnet->net));
cdev->dev.release = compatdev_release;
- dev_set_name(&cdev->dev, "%s", dev_name(&device->dev));
+ ret = dev_set_name(&cdev->dev, "%s", dev_name(&device->dev));
+ if (ret)
+ goto add_err;
ret = device_add(&cdev->dev);
if (ret)
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 088/170] RDMA/odp: Fix leaking the tgid for implicit ODP
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 087/170] RDMA/core: Fix missing error check on dev_set_name() Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 089/170] gpiolib: Fix irq_disable() semantics Greg Kroah-Hartman
` (81 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, stable, Jason Gunthorpe
From: Jason Gunthorpe <jgg@mellanox.com>
commit 0f9826f4753f74f935e18c2a640484ecbd941346 upstream.
The tgid used to be part of ib_umem_free_notifier(), when it was reworked
it got moved to release, but it should have been unconditional as all umem
alloc paths get the tgid.
As is, creating an implicit ODP will leak the tgid reference.
Link: https://lore.kernel.org/r/20200304181607.GA22412@ziepe.ca
Cc: stable@kernel.org
Fixes: f25a546e6529 ("RDMA/odp: Use mmu_interval_notifier_insert()")
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/core/umem_odp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/infiniband/core/umem_odp.c
+++ b/drivers/infiniband/core/umem_odp.c
@@ -290,8 +290,8 @@ void ib_umem_odp_release(struct ib_umem_
mmu_interval_notifier_remove(&umem_odp->notifier);
kvfree(umem_odp->dma_list);
kvfree(umem_odp->page_list);
- put_pid(umem_odp->tgid);
}
+ put_pid(umem_odp->tgid);
kfree(umem_odp);
}
EXPORT_SYMBOL(ib_umem_odp_release);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 089/170] gpiolib: Fix irq_disable() semantics
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 088/170] RDMA/odp: Fix leaking the tgid for implicit ODP Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 090/170] RDMA/nl: Do not permit empty devices names during RDMA_NLDEV_CMD_NEWLINK/SET Greg Kroah-Hartman
` (80 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian Masney, Hans Verkuil,
Bartosz Golaszewski, Linus Walleij
From: Linus Walleij <linus.walleij@linaro.org>
commit 8959b304c7062889b1276092cc8590dc1ba98f65 upstream.
The implementation if .irq_disable() which kicks in between
the gpiolib and the driver is not properly mimicking the
expected semantics of the irqchip core: the irqchip will
call .irq_disable() if that exists, else it will call
mask_irq() which first checks if .irq_mask() is defined
before calling it.
Since we are calling it unconditionally, we get this bug
from drivers/pinctrl/qcom/pinctrl-ssbi-gpio.c, as it only
defines .irq_mask_ack and not .irq_mask:
Unable to handle kernel NULL pointer dereference at virtual address 00000000
pgd = (ptrval)
(...)
PC is at 0x0
LR is at gpiochip_irq_disable+0x20/0x30
Fix this by only calling .irq_mask() if it exists.
Cc: Brian Masney <masneyb@onstation.org>
Cc: Hans Verkuil <hans.verkuil@cisco.com>
Cc: stable@vger.kernel.org
Reviewed-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Fixes: 461c1a7d4733 ("gpiolib: override irq_enable/disable")
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20200306132326.1329640-1-linus.walleij@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpio/gpiolib.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
@@ -2323,9 +2323,16 @@ static void gpiochip_irq_disable(struct
{
struct gpio_chip *chip = irq_data_get_irq_chip_data(d);
+ /*
+ * Since we override .irq_disable() we need to mimic the
+ * behaviour of __irq_disable() in irq/chip.c.
+ * First call .irq_disable() if it exists, else mimic the
+ * behaviour of mask_irq() which calls .irq_mask() if
+ * it exists.
+ */
if (chip->irq.irq_disable)
chip->irq.irq_disable(d);
- else
+ else if (chip->irq.chip->irq_mask)
chip->irq.chip->irq_mask(d);
gpiochip_disable_irq(chip, d->hwirq);
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 090/170] RDMA/nl: Do not permit empty devices names during RDMA_NLDEV_CMD_NEWLINK/SET
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 089/170] gpiolib: Fix irq_disable() semantics Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 091/170] RDMA/mad: Do not crash if the rdma device does not have a umad interface Greg Kroah-Hartman
` (79 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Jason Gunthorpe,
syzbot+da615ac67d4dbea32cbc
From: Jason Gunthorpe <jgg@mellanox.com>
commit 7aefa6237cfe4a6fcf06a8656eee988b36f8fefc upstream.
Empty device names cannot be added to sysfs and crash with:
kobject: (00000000f9de3792): attempted to be registered with empty name!
WARNING: CPU: 1 PID: 10856 at lib/kobject.c:234 kobject_add_internal+0x7ac/0x9a0 lib/kobject.c:234
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 10856 Comm: syz-executor459 Not tainted 5.6.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x197/0x210 lib/dump_stack.c:118
panic+0x2e3/0x75c kernel/panic.c:221
__warn.cold+0x2f/0x3e kernel/panic.c:582
report_bug+0x289/0x300 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
fixup_bug arch/x86/kernel/traps.c:169 [inline]
do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:267
do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:kobject_add_internal+0x7ac/0x9a0 lib/kobject.c:234
Code: 7a ca ca f9 e9 f0 f8 ff ff 4c 89 f7 e8 cd ca ca f9 e9 95 f9 ff ff e8 13 25 8c f9 4c 89 e6 48 c7 c7 a0 08 1a 89 e8 a3 76 5c f9 <0f> 0b 41 bd ea ff ff ff e9 52 ff ff ff e8 f2 24 8c f9 0f 0b e8 eb
RSP: 0018:ffffc90002006eb0 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff815eae46 RDI: fffff52000400dc8
RBP: ffffc90002006f08 R08: ffff8880972ac500 R09: ffffed1015d26659
R10: ffffed1015d26658 R11: ffff8880ae9332c7 R12: ffff888093034668
R13: 0000000000000000 R14: ffff8880a69d7600 R15: 0000000000000001
kobject_add_varg lib/kobject.c:390 [inline]
kobject_add+0x150/0x1c0 lib/kobject.c:442
device_add+0x3be/0x1d00 drivers/base/core.c:2412
ib_register_device drivers/infiniband/core/device.c:1371 [inline]
ib_register_device+0x93e/0xe40 drivers/infiniband/core/device.c:1343
rxe_register_device+0x52e/0x655 drivers/infiniband/sw/rxe/rxe_verbs.c:1231
rxe_add+0x122b/0x1661 drivers/infiniband/sw/rxe/rxe.c:302
rxe_net_add+0x91/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:539
rxe_newlink+0x39/0x90 drivers/infiniband/sw/rxe/rxe.c:318
nldev_newlink+0x28a/0x430 drivers/infiniband/core/nldev.c:1538
rdma_nl_rcv_msg drivers/infiniband/core/netlink.c:195 [inline]
rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]
rdma_nl_rcv+0x5d9/0x980 drivers/infiniband/core/netlink.c:259
netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
netlink_unicast+0x59e/0x7e0 net/netlink/af_netlink.c:1329
netlink_sendmsg+0x91c/0xea0 net/netlink/af_netlink.c:1918
sock_sendmsg_nosec net/socket.c:652 [inline]
sock_sendmsg+0xd7/0x130 net/socket.c:672
____sys_sendmsg+0x753/0x880 net/socket.c:2343
___sys_sendmsg+0x100/0x170 net/socket.c:2397
__sys_sendmsg+0x105/0x1d0 net/socket.c:2430
__do_sys_sendmsg net/socket.c:2439 [inline]
__se_sys_sendmsg net/socket.c:2437 [inline]
__x64_sys_sendmsg+0x78/0xb0 net/socket.c:2437
do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Prevent empty names when checking the name provided from userspace during
newlink and rename.
Fixes: 3856ec4b93c9 ("RDMA/core: Add RDMA_NLDEV_CMD_NEWLINK/DELLINK support")
Fixes: 05d940d3a3ec ("RDMA/nldev: Allow IB device rename through RDMA netlink")
Cc: stable@kernel.org
Link: https://lore.kernel.org/r/20200309191648.GA30852@ziepe.ca
Reported-and-tested-by: syzbot+da615ac67d4dbea32cbc@syzkaller.appspotmail.com
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/core/nldev.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/infiniband/core/nldev.c
+++ b/drivers/infiniband/core/nldev.c
@@ -917,6 +917,10 @@ static int nldev_set_doit(struct sk_buff
nla_strlcpy(name, tb[RDMA_NLDEV_ATTR_DEV_NAME],
IB_DEVICE_NAME_MAX);
+ if (strlen(name) == 0) {
+ err = -EINVAL;
+ goto done;
+ }
err = ib_device_rename(device, name);
goto done;
}
@@ -1513,7 +1517,7 @@ static int nldev_newlink(struct sk_buff
nla_strlcpy(ibdev_name, tb[RDMA_NLDEV_ATTR_DEV_NAME],
sizeof(ibdev_name));
- if (strchr(ibdev_name, '%'))
+ if (strchr(ibdev_name, '%') || strlen(ibdev_name) == 0)
return -EINVAL;
nla_strlcpy(type, tb[RDMA_NLDEV_ATTR_LINK_TYPE], sizeof(type));
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 091/170] RDMA/mad: Do not crash if the rdma device does not have a umad interface
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 090/170] RDMA/nl: Do not permit empty devices names during RDMA_NLDEV_CMD_NEWLINK/SET Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 092/170] ceph: check POOL_FLAG_FULL/NEARFULL in addition to OSDMAP_FULL/NEARFULL Greg Kroah-Hartman
` (78 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, syzbot+46fe08363dbba223dec5,
Leon Romanovsky, Jason Gunthorpe
From: Jason Gunthorpe <jgg@mellanox.com>
commit 5bdfa854013ce4193de0d097931fd841382c76a7 upstream.
Non-IB devices do not have a umad interface and the client_data will be
left set to NULL. In this case calling get_nl_info() will try to kref a
NULL cdev causing a crash:
general protection fault, probably for non-canonical address 0xdffffc00000000ba: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x00000000000005d0-0x00000000000005d7]
CPU: 0 PID: 20851 Comm: syz-executor.0 Not tainted 5.6.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:kobject_get+0x35/0x150 lib/kobject.c:640
Code: 53 e8 3f b0 8b f9 4d 85 e4 0f 84 a2 00 00 00 e8 31 b0 8b f9 49 8d 7c 24 3c 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f b6 04 02 48 89 fa
+83 e2 07 38 d0 7f 08 84 c0 0f 85 eb 00 00 00
RSP: 0018:ffffc9000946f1a0 EFLAGS: 00010203
RAX: dffffc0000000000 RBX: ffffffff85bdbbb0 RCX: ffffc9000bf22000
RDX: 00000000000000ba RSI: ffffffff87e9d78f RDI: 00000000000005d4
RBP: ffffc9000946f1b8 R08: ffff8880581a6440 R09: ffff8880581a6cd0
R10: fffffbfff154b838 R11: ffffffff8aa5c1c7 R12: 0000000000000598
R13: 0000000000000000 R14: ffffc9000946f278 R15: ffff88805cb0c4d0
FS: 00007faa9e8af700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b30121000 CR3: 000000004515d000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
get_device+0x25/0x40 drivers/base/core.c:2574
__ib_get_client_nl_info+0x205/0x2e0 drivers/infiniband/core/device.c:1861
ib_get_client_nl_info+0x35/0x180 drivers/infiniband/core/device.c:1881
nldev_get_chardev+0x575/0xac0 drivers/infiniband/core/nldev.c:1621
rdma_nl_rcv_msg drivers/infiniband/core/netlink.c:195 [inline]
rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]
rdma_nl_rcv+0x5d9/0x980 drivers/infiniband/core/netlink.c:259
netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
netlink_unicast+0x59e/0x7e0 net/netlink/af_netlink.c:1329
netlink_sendmsg+0x91c/0xea0 net/netlink/af_netlink.c:1918
sock_sendmsg_nosec net/socket.c:652 [inline]
sock_sendmsg+0xd7/0x130 net/socket.c:672
____sys_sendmsg+0x753/0x880 net/socket.c:2343
___sys_sendmsg+0x100/0x170 net/socket.c:2397
__sys_sendmsg+0x105/0x1d0 net/socket.c:2430
__do_sys_sendmsg net/socket.c:2439 [inline]
__se_sys_sendmsg net/socket.c:2437 [inline]
__x64_sys_sendmsg+0x78/0xb0 net/socket.c:2437
do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Cc: stable@kernel.org
Fixes: 8f71bb0030b8 ("RDMA: Report available cdevs through RDMA_NLDEV_CMD_GET_CHARDEV")
Link: https://lore.kernel.org/r/20200310075339.238090-1-leon@kernel.org
Reported-by: syzbot+46fe08363dbba223dec5@syzkaller.appspotmail.com
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/core/user_mad.c | 33 ++++++++++++++++++++++-----------
1 file changed, 22 insertions(+), 11 deletions(-)
--- a/drivers/infiniband/core/user_mad.c
+++ b/drivers/infiniband/core/user_mad.c
@@ -1129,17 +1129,30 @@ static const struct file_operations umad
.llseek = no_llseek,
};
+static struct ib_umad_port *get_port(struct ib_device *ibdev,
+ struct ib_umad_device *umad_dev,
+ unsigned int port)
+{
+ if (!umad_dev)
+ return ERR_PTR(-EOPNOTSUPP);
+ if (!rdma_is_port_valid(ibdev, port))
+ return ERR_PTR(-EINVAL);
+ if (!rdma_cap_ib_mad(ibdev, port))
+ return ERR_PTR(-EOPNOTSUPP);
+
+ return &umad_dev->ports[port - rdma_start_port(ibdev)];
+}
+
static int ib_umad_get_nl_info(struct ib_device *ibdev, void *client_data,
struct ib_client_nl_info *res)
{
- struct ib_umad_device *umad_dev = client_data;
+ struct ib_umad_port *port = get_port(ibdev, client_data, res->port);
- if (!rdma_is_port_valid(ibdev, res->port))
- return -EINVAL;
+ if (IS_ERR(port))
+ return PTR_ERR(port);
res->abi = IB_USER_MAD_ABI_VERSION;
- res->cdev = &umad_dev->ports[res->port - rdma_start_port(ibdev)].dev;
-
+ res->cdev = &port->dev;
return 0;
}
@@ -1154,15 +1167,13 @@ MODULE_ALIAS_RDMA_CLIENT("umad");
static int ib_issm_get_nl_info(struct ib_device *ibdev, void *client_data,
struct ib_client_nl_info *res)
{
- struct ib_umad_device *umad_dev =
- ib_get_client_data(ibdev, &umad_client);
+ struct ib_umad_port *port = get_port(ibdev, client_data, res->port);
- if (!rdma_is_port_valid(ibdev, res->port))
- return -EINVAL;
+ if (IS_ERR(port))
+ return PTR_ERR(port);
res->abi = IB_USER_MAD_ABI_VERSION;
- res->cdev = &umad_dev->ports[res->port - rdma_start_port(ibdev)].sm_dev;
-
+ res->cdev = &port->sm_dev;
return 0;
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 092/170] ceph: check POOL_FLAG_FULL/NEARFULL in addition to OSDMAP_FULL/NEARFULL
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 091/170] RDMA/mad: Do not crash if the rdma device does not have a umad interface Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 093/170] ceph: fix memory leak in ceph_cleanup_snapid_map() Greg Kroah-Hartman
` (77 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yanhu Cao, Ilya Dryomov, Jeff Layton,
Sage Weil
From: Ilya Dryomov <idryomov@gmail.com>
commit 7614209736fbc4927584d4387faade4f31444fce upstream.
CEPH_OSDMAP_FULL/NEARFULL aren't set since mimic, so we need to consult
per-pool flags as well. Unfortunately the backwards compatibility here
is lacking:
- the change that deprecated OSDMAP_FULL/NEARFULL went into mimic, but
was guarded by require_osd_release >= RELEASE_LUMINOUS
- it was subsequently backported to luminous in v12.2.2, but that makes
no difference to clients that only check OSDMAP_FULL/NEARFULL because
require_osd_release is not client-facing -- it is for OSDs
Since all kernels are affected, the best we can do here is just start
checking both map flags and pool flags and send that to stable.
These checks are best effort, so take osdc->lock and look up pool flags
just once. Remove the FIXME, since filesystem quotas are checked above
and RADOS quotas are reflected in POOL_FLAG_FULL: when the pool reaches
its quota, both POOL_FLAG_FULL and POOL_FLAG_FULL_QUOTA are set.
Cc: stable@vger.kernel.org
Reported-by: Yanhu Cao <gmayyyha@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Acked-by: Sage Weil <sage@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ceph/file.c | 14 +++++++++++---
include/linux/ceph/osdmap.h | 4 ++++
include/linux/ceph/rados.h | 6 ++++--
net/ceph/osdmap.c | 9 +++++++++
4 files changed, 28 insertions(+), 5 deletions(-)
--- a/fs/ceph/file.c
+++ b/fs/ceph/file.c
@@ -1415,10 +1415,13 @@ static ssize_t ceph_write_iter(struct ki
struct inode *inode = file_inode(file);
struct ceph_inode_info *ci = ceph_inode(inode);
struct ceph_fs_client *fsc = ceph_inode_to_client(inode);
+ struct ceph_osd_client *osdc = &fsc->client->osdc;
struct ceph_cap_flush *prealloc_cf;
ssize_t count, written = 0;
int err, want, got;
bool direct_lock = false;
+ u32 map_flags;
+ u64 pool_flags;
loff_t pos;
loff_t limit = max(i_size_read(inode), fsc->max_file_size);
@@ -1481,8 +1484,12 @@ retry_snap:
goto out;
}
- /* FIXME: not complete since it doesn't account for being at quota */
- if (ceph_osdmap_flag(&fsc->client->osdc, CEPH_OSDMAP_FULL)) {
+ down_read(&osdc->lock);
+ map_flags = osdc->osdmap->flags;
+ pool_flags = ceph_pg_pool_flags(osdc->osdmap, ci->i_layout.pool_id);
+ up_read(&osdc->lock);
+ if ((map_flags & CEPH_OSDMAP_FULL) ||
+ (pool_flags & CEPH_POOL_FLAG_FULL)) {
err = -ENOSPC;
goto out;
}
@@ -1575,7 +1582,8 @@ retry_snap:
}
if (written >= 0) {
- if (ceph_osdmap_flag(&fsc->client->osdc, CEPH_OSDMAP_NEARFULL))
+ if ((map_flags & CEPH_OSDMAP_NEARFULL) ||
+ (pool_flags & CEPH_POOL_FLAG_NEARFULL))
iocb->ki_flags |= IOCB_DSYNC;
written = generic_write_sync(iocb, written);
}
--- a/include/linux/ceph/osdmap.h
+++ b/include/linux/ceph/osdmap.h
@@ -37,6 +37,9 @@ int ceph_spg_compare(const struct ceph_s
#define CEPH_POOL_FLAG_HASHPSPOOL (1ULL << 0) /* hash pg seed and pool id
together */
#define CEPH_POOL_FLAG_FULL (1ULL << 1) /* pool is full */
+#define CEPH_POOL_FLAG_FULL_QUOTA (1ULL << 10) /* pool ran out of quota,
+ will set FULL too */
+#define CEPH_POOL_FLAG_NEARFULL (1ULL << 11) /* pool is nearfull */
struct ceph_pg_pool_info {
struct rb_node node;
@@ -304,5 +307,6 @@ extern struct ceph_pg_pool_info *ceph_pg
extern const char *ceph_pg_pool_name_by_id(struct ceph_osdmap *map, u64 id);
extern int ceph_pg_poolid_by_name(struct ceph_osdmap *map, const char *name);
+u64 ceph_pg_pool_flags(struct ceph_osdmap *map, u64 id);
#endif
--- a/include/linux/ceph/rados.h
+++ b/include/linux/ceph/rados.h
@@ -143,8 +143,10 @@ extern const char *ceph_osd_state_name(i
/*
* osd map flag bits
*/
-#define CEPH_OSDMAP_NEARFULL (1<<0) /* sync writes (near ENOSPC) */
-#define CEPH_OSDMAP_FULL (1<<1) /* no data writes (ENOSPC) */
+#define CEPH_OSDMAP_NEARFULL (1<<0) /* sync writes (near ENOSPC),
+ not set since ~luminous */
+#define CEPH_OSDMAP_FULL (1<<1) /* no data writes (ENOSPC),
+ not set since ~luminous */
#define CEPH_OSDMAP_PAUSERD (1<<2) /* pause all reads */
#define CEPH_OSDMAP_PAUSEWR (1<<3) /* pause all writes */
#define CEPH_OSDMAP_PAUSEREC (1<<4) /* pause recovery */
--- a/net/ceph/osdmap.c
+++ b/net/ceph/osdmap.c
@@ -710,6 +710,15 @@ int ceph_pg_poolid_by_name(struct ceph_o
}
EXPORT_SYMBOL(ceph_pg_poolid_by_name);
+u64 ceph_pg_pool_flags(struct ceph_osdmap *map, u64 id)
+{
+ struct ceph_pg_pool_info *pi;
+
+ pi = __lookup_pg_pool(&map->pg_pools, id);
+ return pi ? pi->flags : 0;
+}
+EXPORT_SYMBOL(ceph_pg_pool_flags);
+
static void __remove_pg_pool(struct rb_root *root, struct ceph_pg_pool_info *pi)
{
rb_erase(&pi->node, root);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 093/170] ceph: fix memory leak in ceph_cleanup_snapid_map()
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 092/170] ceph: check POOL_FLAG_FULL/NEARFULL in addition to OSDMAP_FULL/NEARFULL Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 094/170] KVM: SVM: Issue WBINVD after deactivating an SEV guest Greg Kroah-Hartman
` (76 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Luis Henriques, Jeff Layton, Ilya Dryomov
From: Luis Henriques <lhenriques@suse.com>
commit c8d6ee01449cd0d2f30410681cccb616a88f50b1 upstream.
kmemleak reports the following memory leak:
unreferenced object 0xffff88821feac8a0 (size 96):
comm "kworker/1:0", pid 17, jiffies 4294896362 (age 20.512s)
hex dump (first 32 bytes):
a0 c8 ea 1f 82 88 ff ff 00 c9 ea 1f 82 88 ff ff ................
00 00 00 00 00 00 00 00 00 01 00 00 00 00 ad de ................
backtrace:
[<00000000b3ea77fb>] ceph_get_snapid_map+0x75/0x2a0
[<00000000d4060942>] fill_inode+0xb26/0x1010
[<0000000049da6206>] ceph_readdir_prepopulate+0x389/0xc40
[<00000000e2fe2549>] dispatch+0x11ab/0x1521
[<000000007700b894>] ceph_con_workfn+0xf3d/0x3240
[<0000000039138a41>] process_one_work+0x24d/0x590
[<00000000eb751f34>] worker_thread+0x4a/0x3d0
[<000000007e8f0d42>] kthread+0xfb/0x130
[<00000000d49bd1fa>] ret_from_fork+0x3a/0x50
A kfree is missing while looping the 'to_free' list of ceph_snapid_map
objects.
Cc: stable@vger.kernel.org
Fixes: 75c9627efb72 ("ceph: map snapid to anonymous bdev ID")
Signed-off-by: Luis Henriques <lhenriques@suse.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ceph/snap.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/ceph/snap.c
+++ b/fs/ceph/snap.c
@@ -1155,5 +1155,6 @@ void ceph_cleanup_snapid_map(struct ceph
pr_err("snapid map %llx -> %x still in use\n",
sm->snap, sm->dev);
}
+ kfree(sm);
}
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 094/170] KVM: SVM: Issue WBINVD after deactivating an SEV guest
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 093/170] ceph: fix memory leak in ceph_cleanup_snapid_map() Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 095/170] ARM: dts: dra7: Add bus_dma_limit for L3 bus Greg Kroah-Hartman
` (75 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tom Lendacky, Paolo Bonzini
From: Tom Lendacky <thomas.lendacky@amd.com>
commit 2e2409afe5f0c284c7dfe5504058e8d115806a7d upstream.
Currently, CLFLUSH is used to flush SEV guest memory before the guest is
terminated (or a memory hotplug region is removed). However, CLFLUSH is
not enough to ensure that SEV guest tagged data is flushed from the cache.
With 33af3a7ef9e6 ("KVM: SVM: Reduce WBINVD/DF_FLUSH invocations"), the
original WBINVD was removed. This then exposed crashes at random times
because of a cache flush race with a page that had both a hypervisor and
a guest tag in the cache.
Restore the WBINVD when destroying an SEV guest and add a WBINVD to the
svm_unregister_enc_region() function to ensure hotplug memory is flushed
when removed. The DF_FLUSH can still be avoided at this point.
Fixes: 33af3a7ef9e6 ("KVM: SVM: Reduce WBINVD/DF_FLUSH invocations")
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Message-Id: <c8bf9087ca3711c5770bdeaafa3e45b717dc5ef4.1584720426.git.thomas.lendacky@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/svm.c | 22 ++++++++++++++--------
1 file changed, 14 insertions(+), 8 deletions(-)
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -1920,14 +1920,6 @@ static void sev_clflush_pages(struct pag
static void __unregister_enc_region_locked(struct kvm *kvm,
struct enc_region *region)
{
- /*
- * The guest may change the memory encryption attribute from C=0 -> C=1
- * or vice versa for this memory range. Lets make sure caches are
- * flushed to ensure that guest data gets written into memory with
- * correct C-bit.
- */
- sev_clflush_pages(region->pages, region->npages);
-
sev_unpin_memory(kvm, region->pages, region->npages);
list_del(®ion->list);
kfree(region);
@@ -1958,6 +1950,13 @@ static void sev_vm_destroy(struct kvm *k
mutex_lock(&kvm->lock);
/*
+ * Ensure that all guest tagged cache entries are flushed before
+ * releasing the pages back to the system for use. CLFLUSH will
+ * not do this, so issue a WBINVD.
+ */
+ wbinvd_on_all_cpus();
+
+ /*
* if userspace was terminated before unregistering the memory regions
* then lets unpin all the registered memory.
*/
@@ -7212,6 +7211,13 @@ static int svm_unregister_enc_region(str
goto failed;
}
+ /*
+ * Ensure that all guest tagged cache entries are flushed before
+ * releasing the pages back to the system for use. CLFLUSH will
+ * not do this, so issue a WBINVD.
+ */
+ wbinvd_on_all_cpus();
+
__unregister_enc_region_locked(kvm, region);
mutex_unlock(&kvm->lock);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 095/170] ARM: dts: dra7: Add bus_dma_limit for L3 bus
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 094/170] KVM: SVM: Issue WBINVD after deactivating an SEV guest Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 096/170] ARM: dts: omap5: " Greg Kroah-Hartman
` (74 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Roger Quadros, stable, Tony Lindgren
From: Roger Quadros <rogerq@ti.com>
commit cfb5d65f25959f724081bae8445a0241db606af6 upstream.
The L3 interconnect's memory map is from 0x0 to
0xffffffff. Out of this, System memory (SDRAM) can be
accessed from 0x80000000 to 0xffffffff (2GB)
DRA7 does support 4GB of SDRAM but upper 2GB can only be
accessed by the MPU subsystem.
Add the dma-ranges property to reflect the physical address limit
of the L3 bus.
Issues ere observed only with SATA on DRA7-EVM with 4GB RAM
and CONFIG_ARM_LPAE enabled. This is because the controller
supports 64-bit DMA and its driver sets the dma_mask to 64-bit
thus resulting in DMA accesses beyond L3 limit of 2G.
Setting the correct bus_dma_limit fixes the issue.
Signed-off-by: Roger Quadros <rogerq@ti.com>
Cc: stable@kernel.org
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/dra7.dtsi | 1 +
1 file changed, 1 insertion(+)
--- a/arch/arm/boot/dts/dra7.dtsi
+++ b/arch/arm/boot/dts/dra7.dtsi
@@ -148,6 +148,7 @@
#address-cells = <1>;
#size-cells = <1>;
ranges = <0x0 0x0 0x0 0xc0000000>;
+ dma-ranges = <0x80000000 0x0 0x80000000 0x80000000>;
ti,hwmods = "l3_main_1", "l3_main_2";
reg = <0x0 0x44000000 0x0 0x1000000>,
<0x0 0x45000000 0x0 0x1000>;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 096/170] ARM: dts: omap5: Add bus_dma_limit for L3 bus
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 095/170] ARM: dts: dra7: Add bus_dma_limit for L3 bus Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 097/170] x86/ioremap: Fix CONFIG_EFI=n build Greg Kroah-Hartman
` (73 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Roger Quadros, Tony Lindgren
From: Roger Quadros <rogerq@ti.com>
commit dfa7ea303f56a3a8b1ed3b91ef35af2da67ca4ee upstream.
The L3 interconnect's memory map is from 0x0 to
0xffffffff. Out of this, System memory (SDRAM) can be
accessed from 0x80000000 to 0xffffffff (2GB)
OMAP5 does support 4GB of SDRAM but upper 2GB can only be
accessed by the MPU subsystem.
Add the dma-ranges property to reflect the physical address limit
of the L3 bus.
Cc: stable@kernel.org
Signed-off-by: Roger Quadros <rogerq@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/omap5.dtsi | 1 +
1 file changed, 1 insertion(+)
--- a/arch/arm/boot/dts/omap5.dtsi
+++ b/arch/arm/boot/dts/omap5.dtsi
@@ -143,6 +143,7 @@
#address-cells = <1>;
#size-cells = <1>;
ranges = <0 0 0 0xc0000000>;
+ dma-ranges = <0x80000000 0x0 0x80000000 0x80000000>;
ti,hwmods = "l3_main_1", "l3_main_2", "l3_main_3";
reg = <0 0x44000000 0 0x2000>,
<0 0x44800000 0 0x3000>,
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 097/170] x86/ioremap: Fix CONFIG_EFI=n build
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 096/170] ARM: dts: omap5: " Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 098/170] perf probe: Fix to delete multiple probe event Greg Kroah-Hartman
` (72 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Borislav Petkov, Tom Lendacky
From: Borislav Petkov <bp@suse.de>
commit 870b4333a62e45b0b2000d14b301b7b8b8cad9da upstream.
In order to use efi_mem_type(), one needs CONFIG_EFI enabled. Otherwise
that function is undefined. Use IS_ENABLED() to check and avoid the
ifdeffery as the compiler optimizes away the following unreachable code
then.
Fixes: 985e537a4082 ("x86/ioremap: Map EFI runtime services data as encrypted for SEV")
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Tested-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: <stable@vger.kernel.org>
Link: https://lkml.kernel.org/r/7561e981-0d9b-d62c-0ef2-ce6007aff1ab@infradead.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/mm/ioremap.c | 3 +++
1 file changed, 3 insertions(+)
--- a/arch/x86/mm/ioremap.c
+++ b/arch/x86/mm/ioremap.c
@@ -115,6 +115,9 @@ static void __ioremap_check_other(resour
if (!sev_active())
return;
+ if (!IS_ENABLED(CONFIG_EFI))
+ return;
+
if (efi_mem_type(addr) == EFI_RUNTIME_SERVICES_DATA)
desc->flags |= IORES_MAP_ENCRYPTED;
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 098/170] perf probe: Fix to delete multiple probe event
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 097/170] x86/ioremap: Fix CONFIG_EFI=n build Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 099/170] perf probe: Do not depend on dwfl_module_addrsym() Greg Kroah-Hartman
` (71 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnaldo Carvalho de Melo, He Zhe,
Masami Hiramatsu, Arnaldo Carvalho de Melo, Adrian Hunter,
Jiri Olsa, Namhyung Kim
From: Masami Hiramatsu <mhiramat@kernel.org>
commit 6b8d68f1ce9266b05a55e93c62923ff51daae4c1 upstream.
When we put an event with multiple probes, perf-probe fails to delete
with filters. This comes from a failure to list up the event name
because of overwrapping its name.
To fix this issue, skip to list up the event which has same name.
Without this patch:
# perf probe -l \*
probe_perf:map__map_ip (on perf_sample__fprintf_brstackoff:21@
probe_perf:map__map_ip (on perf_sample__fprintf_brstackoff:25@
probe_perf:map__map_ip (on append_inlines:12@util/machine.c in
probe_perf:map__map_ip (on unwind_entry:19@util/machine.c in /
probe_perf:map__map_ip (on map__map_ip@util/map.h in /home/mhi
probe_perf:map__map_ip (on map__map_ip@util/map.h in /home/mhi
# perf probe -d \*
"*" does not hit any event.
Error: Failed to delete events. Reason: No such file or directory (Code: -2)
With it:
# perf probe -d \*
Removed event: probe_perf:map__map_ip
#
Fixes: 72363540c009 ("perf probe: Support multiprobe event")
Reported-by: Arnaldo Carvalho de Melo <acme@kernel.org>
Reported-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: stable@vger.kernel.org
Link: http://lore.kernel.org/lkml/158287666197.16697.7514373548551863562.stgit@devnote2
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/util/probe-file.c | 3 +++
1 file changed, 3 insertions(+)
--- a/tools/perf/util/probe-file.c
+++ b/tools/perf/util/probe-file.c
@@ -206,6 +206,9 @@ static struct strlist *__probe_file__get
} else
ret = strlist__add(sl, tev.event);
clear_probe_trace_event(&tev);
+ /* Skip if there is same name multi-probe event in the list */
+ if (ret == -EEXIST)
+ ret = 0;
if (ret < 0)
break;
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 099/170] perf probe: Do not depend on dwfl_module_addrsym()
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 098/170] perf probe: Fix to delete multiple probe event Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 100/170] rtlwifi: rtl8188ee: Fix regression due to commit d1d1a96bdb44 Greg Kroah-Hartman
` (70 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexandre Ghiti, Masami Hiramatsu,
Alexander Shishkin, Jiri Olsa, Namhyung Kim, Peter Zijlstra,
Sasha Levin, Arnaldo Carvalho de Melo
From: Masami Hiramatsu <mhiramat@kernel.org>
commit 1efde2754275dbd9d11c6e0132a4f09facf297ab upstream.
Do not depend on dwfl_module_addrsym() because it can fail on user-space
shared libraries.
Actually, same bug was fixed by commit 664fee3dc379 ("perf probe: Do not
use dwfl_module_addrsym if dwarf_diename finds symbol name"), but commit
07d369857808 ("perf probe: Fix wrong address verification) reverted to
get actual symbol address from symtab.
This fixes it again by getting symbol address from DIE, and only if the
DIE has only address range, it uses dwfl_module_addrsym().
Fixes: 07d369857808 ("perf probe: Fix wrong address verification)
Reported-by: Alexandre Ghiti <alex@ghiti.fr>
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Tested-by: Alexandre Ghiti <alex@ghiti.fr>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Sasha Levin <sashal@kernel.org>
Link: http://lore.kernel.org/lkml/158281812176.476.14164573830975116234.stgit@devnote2
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/util/probe-finder.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
--- a/tools/perf/util/probe-finder.c
+++ b/tools/perf/util/probe-finder.c
@@ -636,14 +636,19 @@ static int convert_to_trace_point(Dwarf_
return -EINVAL;
}
- /* Try to get actual symbol name from symtab */
- symbol = dwfl_module_addrsym(mod, paddr, &sym, NULL);
+ if (dwarf_entrypc(sp_die, &eaddr) == 0) {
+ /* If the DIE has entrypc, use it. */
+ symbol = dwarf_diename(sp_die);
+ } else {
+ /* Try to get actual symbol name and address from symtab */
+ symbol = dwfl_module_addrsym(mod, paddr, &sym, NULL);
+ eaddr = sym.st_value;
+ }
if (!symbol) {
pr_warning("Failed to find symbol at 0x%lx\n",
(unsigned long)paddr);
return -ENOENT;
}
- eaddr = sym.st_value;
tp->offset = (unsigned long)(paddr - eaddr);
tp->address = (unsigned long)paddr;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 100/170] rtlwifi: rtl8188ee: Fix regression due to commit d1d1a96bdb44
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 099/170] perf probe: Do not depend on dwfl_module_addrsym() Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 101/170] tools: Let O= makes handle a relative path with -C option Greg Kroah-Hartman
` (69 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ashish, Larry Finger, Kalle Valo
From: Larry Finger <Larry.Finger@lwfinger.net>
commit c80b18cbb04b7b101af9bd14550f13d9866c646a upstream.
For some unexplained reason, commit d1d1a96bdb44 ("rtlwifi: rtl8188ee:
Remove local configuration variable") broke at least one system. As
the only net effect of the change was to remove 2 bytes from the start
of struct phy_status_rpt, this patch adds 2 bytes of padding at the
beginning of the struct.
Fixes: d1d1a96bdb44 ("rtlwifi: rtl8188ee: Remove local configuration variable")
Cc: Stable <stable@vger.kernel.org> # V5.4+
Reported-by: Ashish <ashishkumar.yadav@students.iiserpune.ac.in>
Tested-by: Ashish <ashishkumar.yadav@students.iiserpune.ac.in>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/realtek/rtlwifi/rtl8188ee/trx.h | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/wireless/realtek/rtlwifi/rtl8188ee/trx.h
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8188ee/trx.h
@@ -561,6 +561,7 @@ static inline void clear_pci_tx_desc_con
rxmcs == DESC92C_RATE11M)
struct phy_status_rpt {
+ u8 padding[2];
u8 ch_corr[2];
u8 cck_sig_qual_ofdm_pwdb_all;
u8 cck_agc_rpt_ofdm_cfosho_a;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 101/170] tools: Let O= makes handle a relative path with -C option
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 100/170] rtlwifi: rtl8188ee: Fix regression due to commit d1d1a96bdb44 Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 102/170] scripts/dtc: Remove redundant YYLOC global declaration Greg Kroah-Hartman
` (68 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Masami Hiramatsu,
Andrew Morton, Borislav Petkov, Geert Uytterhoeven, Jiri Olsa,
Masahiro Yamada, Michal Marek, Peter Zijlstra, Sasha Levin,
Steven Rostedt (VMware),
Arnaldo Carvalho de Melo
From: Masami Hiramatsu <mhiramat@kernel.org>
commit be40920fbf1003c38ccdc02b571e01a75d890c82 upstream.
When I tried to compile tools/perf from the top directory with the -C
option, the O= option didn't work correctly if I passed a relative path:
$ make O=BUILD -C tools/perf/
make: Entering directory '/home/mhiramat/ksrc/linux/tools/perf'
BUILD: Doing 'make -j8' parallel build
../scripts/Makefile.include:4: *** O=/home/mhiramat/ksrc/linux/tools/perf/BUILD does not exist. Stop.
make: *** [Makefile:70: all] Error 2
make: Leaving directory '/home/mhiramat/ksrc/linux/tools/perf'
The O= directory existence check failed because the check script ran in
the build target directory instead of the directory where I ran the make
command.
To fix that, once change directory to $(PWD) and check O= directory,
since the PWD is set to where the make command runs.
Fixes: c883122acc0d ("perf tools: Let O= makes handle relative paths")
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: Michal Marek <michal.lkml@markovi.net>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Sasha Levin <sashal@kernel.org>
Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
Cc: stable@vger.kernel.org
Link: http://lore.kernel.org/lkml/158351957799.3363.15269768530697526765.stgit@devnote2
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/Makefile | 2 +-
tools/scripts/Makefile.include | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
--- a/tools/perf/Makefile
+++ b/tools/perf/Makefile
@@ -35,7 +35,7 @@ endif
# Only pass canonical directory names as the output directory:
#
ifneq ($(O),)
- FULL_O := $(shell readlink -f $(O) || echo $(O))
+ FULL_O := $(shell cd $(PWD); readlink -f $(O) || echo $(O))
endif
#
--- a/tools/scripts/Makefile.include
+++ b/tools/scripts/Makefile.include
@@ -1,8 +1,8 @@
# SPDX-License-Identifier: GPL-2.0
ifneq ($(O),)
ifeq ($(origin O), command line)
- dummy := $(if $(shell test -d $(O) || echo $(O)),$(error O=$(O) does not exist),)
- ABSOLUTE_O := $(shell cd $(O) ; pwd)
+ dummy := $(if $(shell cd $(PWD); test -d $(O) || echo $(O)),$(error O=$(O) does not exist),)
+ ABSOLUTE_O := $(shell cd $(PWD); cd $(O) ; pwd)
OUTPUT := $(ABSOLUTE_O)/$(if $(subdir),$(subdir)/)
COMMAND_O := O=$(ABSOLUTE_O)
ifeq ($(objtree),)
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 102/170] scripts/dtc: Remove redundant YYLOC global declaration
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 101/170] tools: Let O= makes handle a relative path with -C option Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 9:53 ` Nathan Chancellor
2020-03-31 8:58 ` [PATCH 5.5 103/170] drm/prime: use dma length macro when mapping sg Greg Kroah-Hartman
` (67 subsequent siblings)
169 siblings, 1 reply; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dirk Mueller, David Gibson, Rob Herring
From: Dirk Mueller <dmueller@suse.com>
commit e33a814e772cdc36436c8c188d8c42d019fda639 upstream.
gcc 10 will default to -fno-common, which causes this error at link
time:
(.text+0x0): multiple definition of `yylloc'; dtc-lexer.lex.o (symbol from plugin):(.text+0x0): first defined here
This is because both dtc-lexer as well as dtc-parser define the same
global symbol yyloc. Before with -fcommon those were merged into one
defintion. The proper solution would be to to mark this as "extern",
however that leads to:
dtc-lexer.l:26:16: error: redundant redeclaration of 'yylloc' [-Werror=redundant-decls]
26 | extern YYLTYPE yylloc;
| ^~~~~~
In file included from dtc-lexer.l:24:
dtc-parser.tab.h:127:16: note: previous declaration of 'yylloc' was here
127 | extern YYLTYPE yylloc;
| ^~~~~~
cc1: all warnings being treated as errors
which means the declaration is completely redundant and can just be
dropped.
Signed-off-by: Dirk Mueller <dmueller@suse.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[robh: cherry-pick from upstream]
Cc: stable@vger.kernel.org
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
scripts/dtc/dtc-lexer.l | 1 -
1 file changed, 1 deletion(-)
--- a/scripts/dtc/dtc-lexer.l
+++ b/scripts/dtc/dtc-lexer.l
@@ -23,7 +23,6 @@ LINECOMMENT "//".*\n
#include "srcpos.h"
#include "dtc-parser.tab.h"
-YYLTYPE yylloc;
extern bool treesource_error;
/* CAUTION: this will stop working if we ever use yyless() or yyunput() */
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 103/170] drm/prime: use dma length macro when mapping sg
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 102/170] scripts/dtc: Remove redundant YYLOC global declaration Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 104/170] drm/amdgpu: fix scatter-gather mapping with user pages Greg Kroah-Hartman
` (66 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shane Francis, Michael J. Ruhl, Alex Deucher
From: Shane Francis <bigbeeshane@gmail.com>
commit 42e67b479eab6d26459b80b4867298232b0435e7 upstream.
As dma_map_sg can reorganize scatter-gather lists in a
way that can cause some later segments to be empty we should
always use the sg_dma_len macro to fetch the actual length.
This could now be 0 and not need to be mapped to a page or
address array
Fixes: be62dbf554c5 ("iommu/amd: Convert AMD iommu driver to the dma-iommu api")
Bug: https://bugzilla.kernel.org/show_bug.cgi?id=206461
Bug: https://bugzilla.kernel.org/show_bug.cgi?id=206895
Bug: https://gitlab.freedesktop.org/drm/amd/issues/1056
Signed-off-by: Shane Francis <bigbeeshane@gmail.com>
Reviewed-by: Michael J. Ruhl <michael.j.ruhl@intel.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200325090741.21957-2-bigbeeshane@gmail.com
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/drm_prime.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/drm_prime.c
+++ b/drivers/gpu/drm/drm_prime.c
@@ -964,7 +964,7 @@ int drm_prime_sg_to_page_addr_arrays(str
index = 0;
for_each_sg(sgt->sgl, sg, sgt->nents, count) {
- len = sg->length;
+ len = sg_dma_len(sg);
page = sg_page(sg);
addr = sg_dma_address(sg);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 104/170] drm/amdgpu: fix scatter-gather mapping with user pages
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 103/170] drm/prime: use dma length macro when mapping sg Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 105/170] drm/radeon: " Greg Kroah-Hartman
` (65 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shane Francis, Michael J. Ruhl, Alex Deucher
From: Shane Francis <bigbeeshane@gmail.com>
commit 0199172f933342d8b1011aae2054a695c25726f4 upstream.
Calls to dma_map_sg may return less segments / entries than requested
if they fall on page bounderies. The old implementation did not
support this use case.
Fixes: be62dbf554c5 ("iommu/amd: Convert AMD iommu driver to the dma-iommu api")
Bug: https://bugzilla.kernel.org/show_bug.cgi?id=206461
Bug: https://bugzilla.kernel.org/show_bug.cgi?id=206895
Bug: https://gitlab.freedesktop.org/drm/amd/issues/1056
Signed-off-by: Shane Francis <bigbeeshane@gmail.com>
Reviewed-by: Michael J. Ruhl <michael.j.ruhl@intel.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200325090741.21957-3-bigbeeshane@gmail.com
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
@@ -973,7 +973,7 @@ static int amdgpu_ttm_tt_pin_userptr(str
/* Map SG to device */
r = -ENOMEM;
nents = dma_map_sg(adev->dev, ttm->sg->sgl, ttm->sg->nents, direction);
- if (nents != ttm->sg->nents)
+ if (nents == 0)
goto release_sg;
/* convert SG to linear array of pages and dma addresses */
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 105/170] drm/radeon: fix scatter-gather mapping with user pages
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 104/170] drm/amdgpu: fix scatter-gather mapping with user pages Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 106/170] soc: samsung: chipid: Fix return value on non-Exynos platforms Greg Kroah-Hartman
` (64 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shane Francis, Michael J. Ruhl, Alex Deucher
From: Shane Francis <bigbeeshane@gmail.com>
commit 47f7826c520ecd92ffbffe59ecaa2fe61e42ec70 upstream.
Calls to dma_map_sg may return less segments / entries than requested
if they fall on page bounderies. The old implementation did not
support this use case.
Fixes: be62dbf554c5 ("iommu/amd: Convert AMD iommu driver to the dma-iommu api")
Bug: https://bugzilla.kernel.org/show_bug.cgi?id=206461
Bug: https://bugzilla.kernel.org/show_bug.cgi?id=206895
Bug: https://gitlab.freedesktop.org/drm/amd/issues/1056
Signed-off-by: Shane Francis <bigbeeshane@gmail.com>
Reviewed-by: Michael J. Ruhl <michael.j.ruhl@intel.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200325090741.21957-4-bigbeeshane@gmail.com
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/radeon/radeon_ttm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/radeon/radeon_ttm.c
+++ b/drivers/gpu/drm/radeon/radeon_ttm.c
@@ -528,7 +528,7 @@ static int radeon_ttm_tt_pin_userptr(str
r = -ENOMEM;
nents = dma_map_sg(rdev->dev, ttm->sg->sgl, ttm->sg->nents, direction);
- if (nents != ttm->sg->nents)
+ if (nents == 0)
goto release_sg;
drm_prime_sg_to_page_addr_arrays(ttm->sg, ttm->pages,
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 106/170] soc: samsung: chipid: Fix return value on non-Exynos platforms
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 105/170] drm/radeon: " Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 107/170] scsi: sd: Fix optimal I/O size for devices that change reported values Greg Kroah-Hartman
` (63 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Szyprowski,
Krzysztof Kozlowski, Arnd Bergmann
From: Marek Szyprowski <m.szyprowski@samsung.com>
commit c8042d1e5cb3e654b47447229ace3cd092a8fc27 upstream.
Correct the probe return value to -ENODEV on non-Exynos platforms.
Link: https://lore.kernel.org/r/20200316175652.5604-4-krzk@kernel.org
Fixes: 02fb29882d5c ("soc: samsung: chipid: Drop "syscon" compatible requirement")
Cc: <stable@vger.kernel.org>
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/soc/samsung/exynos-chipid.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/soc/samsung/exynos-chipid.c
+++ b/drivers/soc/samsung/exynos-chipid.c
@@ -59,7 +59,7 @@ static int __init exynos_chipid_early_in
syscon = of_find_compatible_node(NULL, NULL,
"samsung,exynos4210-chipid");
if (!syscon)
- return ENODEV;
+ return -ENODEV;
regmap = device_node_to_regmap(syscon);
of_node_put(syscon);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 107/170] scsi: sd: Fix optimal I/O size for devices that change reported values
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 106/170] soc: samsung: chipid: Fix return value on non-Exynos platforms Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 108/170] nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type Greg Kroah-Hartman
` (62 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bryan Gurney, Bernhard Sulzer,
Martin K. Petersen
From: Martin K. Petersen <martin.petersen@oracle.com>
commit ea697a8bf5a4161e59806fab14f6e4a46dc7dcb0 upstream.
Some USB bridge devices will return a default set of characteristics during
initialization. And then, once an attached drive has spun up, substitute
the actual parameters reported by the drive. According to the SCSI spec,
the device should return a UNIT ATTENTION in case any reported parameters
change. But in this case the change is made silently after a small window
where default values are reported.
Commit a83da8a4509d ("scsi: sd: Optimal I/O size should be a multiple of
physical block size") validated the reported optimal I/O size against the
physical block size to overcome problems with devices reporting nonsensical
transfer sizes. However, this validation did not account for the fact that
aforementioned devices will return default values during a brief window
during spin-up. The subsequent change in reported characteristics would
invalidate the checking that had previously been performed.
Unset a previously configured optimal I/O size should the sanity checking
fail on subsequent revalidate attempts.
Link: https://lore.kernel.org/r/33fb522e-4f61-1b76-914f-c9e6a3553c9b@gmail.com
Cc: Bryan Gurney <bgurney@redhat.com>
Cc: <stable@vger.kernel.org>
Reported-by: Bernhard Sulzer <micraft.b@gmail.com>
Tested-by: Bernhard Sulzer <micraft.b@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/sd.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -3181,9 +3181,11 @@ static int sd_revalidate_disk(struct gen
if (sd_validate_opt_xfer_size(sdkp, dev_max)) {
q->limits.io_opt = logical_to_bytes(sdp, sdkp->opt_xfer_blocks);
rw_max = logical_to_sectors(sdp, sdkp->opt_xfer_blocks);
- } else
+ } else {
+ q->limits.io_opt = 0;
rw_max = min_not_zero(logical_to_sectors(sdp, dev_max),
(sector_t)BLK_DEF_MAX_SECTORS);
+ }
/* Do not exceed controller limit */
rw_max = min(rw_max, queue_max_hw_sectors(q));
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 108/170] nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 107/170] scsi: sd: Fix optimal I/O size for devices that change reported values Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 109/170] mac80211: drop data frames without key on encrypted links Greg Kroah-Hartman
` (61 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johannes Berg
From: Johannes Berg <johannes.berg@intel.com>
commit 0016d3201753b59f3ae84b868fe66c86ad256f19 upstream.
The new opmode notification used this attribute with a u8, when
it's documented as a u32 and indeed used in userspace as such,
it just happens to work on little-endian systems since userspace
isn't doing any strict size validation, and the u8 goes into the
lower byte. Fix this.
Cc: stable@vger.kernel.org
Fixes: 466b9936bf93 ("cfg80211: Add support to notify station's opmode change to userspace")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20200325090531.be124f0a11c7.Iedbf4e197a85471ebd729b186d5365c0343bf7a8@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/wireless/nl80211.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -16416,7 +16416,7 @@ void cfg80211_sta_opmode_change_notify(s
goto nla_put_failure;
if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
- nla_put_u8(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
+ nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
goto nla_put_failure;
if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 109/170] mac80211: drop data frames without key on encrypted links
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 108/170] nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 110/170] mac80211: mark station unauthorized before key removal Greg Kroah-Hartman
` (60 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jouni Malinen, Johannes Berg, Luca Coelho
From: Johannes Berg <johannes.berg@intel.com>
commit a0761a301746ec2d92d7fcb82af69c0a6a4339aa upstream.
If we know that we have an encrypted link (based on having had
a key configured for TX in the past) then drop all data frames
in the key selection handler if there's no key anymore.
This fixes an issue with mac80211 internal TXQs - there we can
buffer frames for an encrypted link, but then if the key is no
longer there when they're dequeued, the frames are sent without
encryption. This happens if a station is disconnected while the
frames are still on the TXQ.
Detecting that a link should be encrypted based on a first key
having been configured for TX is fine as there are no use cases
for a connection going from with encryption to no encryption.
With extended key IDs, however, there is a case of having a key
configured for only decryption, so we can't just trigger this
behaviour on a key being configured.
Cc: stable@vger.kernel.org
Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20200326150855.6865c7f28a14.I9fb1d911b064262d33e33dfba730cdeef83926ca@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/debugfs_sta.c | 3 ++-
net/mac80211/key.c | 20 ++++++++++++--------
net/mac80211/sta_info.h | 1 +
net/mac80211/tx.c | 12 +++++++++---
4 files changed, 24 insertions(+), 12 deletions(-)
--- a/net/mac80211/debugfs_sta.c
+++ b/net/mac80211/debugfs_sta.c
@@ -5,7 +5,7 @@
* Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
* Copyright 2013-2014 Intel Mobile Communications GmbH
* Copyright(c) 2016 Intel Deutschland GmbH
- * Copyright (C) 2018 - 2019 Intel Corporation
+ * Copyright (C) 2018 - 2020 Intel Corporation
*/
#include <linux/debugfs.h>
@@ -78,6 +78,7 @@ static const char * const sta_flag_names
FLAG(MPSP_OWNER),
FLAG(MPSP_RECIPIENT),
FLAG(PS_DELIVER),
+ FLAG(USES_ENCRYPTION),
#undef FLAG
};
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -6,7 +6,7 @@
* Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net>
* Copyright 2013-2014 Intel Mobile Communications GmbH
* Copyright 2015-2017 Intel Deutschland GmbH
- * Copyright 2018-2019 Intel Corporation
+ * Copyright 2018-2020 Intel Corporation
*/
#include <linux/if_ether.h>
@@ -262,22 +262,29 @@ static void ieee80211_key_disable_hw_acc
sta ? sta->sta.addr : bcast_addr, ret);
}
-int ieee80211_set_tx_key(struct ieee80211_key *key)
+static int _ieee80211_set_tx_key(struct ieee80211_key *key, bool force)
{
struct sta_info *sta = key->sta;
struct ieee80211_local *local = key->local;
assert_key_lock(local);
+ set_sta_flag(sta, WLAN_STA_USES_ENCRYPTION);
+
sta->ptk_idx = key->conf.keyidx;
- if (!ieee80211_hw_check(&local->hw, AMPDU_KEYBORDER_SUPPORT))
+ if (force || !ieee80211_hw_check(&local->hw, AMPDU_KEYBORDER_SUPPORT))
clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
ieee80211_check_fast_xmit(sta);
return 0;
}
+int ieee80211_set_tx_key(struct ieee80211_key *key)
+{
+ return _ieee80211_set_tx_key(key, false);
+}
+
static void ieee80211_pairwise_rekey(struct ieee80211_key *old,
struct ieee80211_key *new)
{
@@ -441,11 +448,8 @@ static int ieee80211_key_replace(struct
if (pairwise) {
rcu_assign_pointer(sta->ptk[idx], new);
if (new &&
- !(new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX)) {
- sta->ptk_idx = idx;
- clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
- ieee80211_check_fast_xmit(sta);
- }
+ !(new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX))
+ _ieee80211_set_tx_key(new, true);
} else {
rcu_assign_pointer(sta->gtk[idx], new);
}
--- a/net/mac80211/sta_info.h
+++ b/net/mac80211/sta_info.h
@@ -98,6 +98,7 @@ enum ieee80211_sta_info_flags {
WLAN_STA_MPSP_OWNER,
WLAN_STA_MPSP_RECIPIENT,
WLAN_STA_PS_DELIVER,
+ WLAN_STA_USES_ENCRYPTION,
NUM_WLAN_STA_FLAGS,
};
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -590,10 +590,13 @@ ieee80211_tx_h_select_key(struct ieee802
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
- if (unlikely(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT))
+ if (unlikely(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)) {
tx->key = NULL;
- else if (tx->sta &&
- (key = rcu_dereference(tx->sta->ptk[tx->sta->ptk_idx])))
+ return TX_CONTINUE;
+ }
+
+ if (tx->sta &&
+ (key = rcu_dereference(tx->sta->ptk[tx->sta->ptk_idx])))
tx->key = key;
else if (ieee80211_is_group_privacy_action(tx->skb) &&
(key = rcu_dereference(tx->sdata->default_multicast_key)))
@@ -654,6 +657,9 @@ ieee80211_tx_h_select_key(struct ieee802
if (!skip_hw && tx->key &&
tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
info->control.hw_key = &tx->key->conf;
+ } else if (!ieee80211_is_mgmt(hdr->frame_control) && tx->sta &&
+ test_sta_flag(tx->sta, WLAN_STA_USES_ENCRYPTION)) {
+ return TX_DROP;
}
return TX_CONTINUE;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 110/170] mac80211: mark station unauthorized before key removal
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 109/170] mac80211: drop data frames without key on encrypted links Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 111/170] mm/swapfile.c: move inode_lock out of claim_swapfile Greg Kroah-Hartman
` (59 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johannes Berg
From: Johannes Berg <johannes.berg@intel.com>
commit b16798f5b907733966fd1a558fca823b3c67e4a1 upstream.
If a station is still marked as authorized, mark it as no longer
so before removing its keys. This allows frames transmitted to it
to be rejected, providing additional protection against leaking
plain text data during the disconnection flow.
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20200326155133.ccb4fb0bb356.If48f0f0504efdcf16b8921f48c6d3bb2cb763c99@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/sta_info.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -4,7 +4,7 @@
* Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
* Copyright 2013-2014 Intel Mobile Communications GmbH
* Copyright (C) 2015 - 2017 Intel Deutschland GmbH
- * Copyright (C) 2018-2019 Intel Corporation
+ * Copyright (C) 2018-2020 Intel Corporation
*/
#include <linux/module.h>
@@ -1049,6 +1049,11 @@ static void __sta_info_destroy_part2(str
might_sleep();
lockdep_assert_held(&local->sta_mtx);
+ while (sta->sta_state == IEEE80211_STA_AUTHORIZED) {
+ ret = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
+ WARN_ON_ONCE(ret);
+ }
+
/* now keys can no longer be reached */
ieee80211_free_sta_keys(local, sta);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 111/170] mm/swapfile.c: move inode_lock out of claim_swapfile
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 110/170] mac80211: mark station unauthorized before key removal Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 112/170] drivers/base/memory.c: indicate all memory blocks as removable Greg Kroah-Hartman
` (58 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Naohiro Aota, Andrew Morton,
Qais Youef, Darrick J. Wong, Christoph Hellwig, Linus Torvalds
From: Naohiro Aota <naohiro.aota@wdc.com>
commit d795a90e2ba024dbf2f22107ae89c210b98b08b8 upstream.
claim_swapfile() currently keeps the inode locked when it is successful,
or the file is already swapfile (with -EBUSY). And, on the other error
cases, it does not lock the inode.
This inconsistency of the lock state and return value is quite confusing
and actually causing a bad unlock balance as below in the "bad_swap"
section of __do_sys_swapon().
This commit fixes this issue by moving the inode_lock() and IS_SWAPFILE
check out of claim_swapfile(). The inode is unlocked in
"bad_swap_unlock_inode" section, so that the inode is ensured to be
unlocked at "bad_swap". Thus, error handling codes after the locking now
jumps to "bad_swap_unlock_inode" instead of "bad_swap".
=====================================
WARNING: bad unlock balance detected!
5.5.0-rc7+ #176 Not tainted
-------------------------------------
swapon/4294 is trying to release lock (&sb->s_type->i_mutex_key) at: __do_sys_swapon+0x94b/0x3550
but there are no more locks to release!
other info that might help us debug this:
no locks held by swapon/4294.
stack backtrace:
CPU: 5 PID: 4294 Comm: swapon Not tainted 5.5.0-rc7-BTRFS-ZNS+ #176
Hardware name: ASUS All Series/H87-PRO, BIOS 2102 07/29/2014
Call Trace:
dump_stack+0xa1/0xea
print_unlock_imbalance_bug.cold+0x114/0x123
lock_release+0x562/0xed0
up_write+0x2d/0x490
__do_sys_swapon+0x94b/0x3550
__x64_sys_swapon+0x54/0x80
do_syscall_64+0xa4/0x4b0
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f15da0a0dc7
Fixes: 1638045c3677 ("mm: set S_SWAPFILE on blockdev swap devices")
Signed-off-by: Naohiro Aota <naohiro.aota@wdc.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Tested-by: Qais Youef <qais.yousef@arm.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200206090132.154869-1-naohiro.aota@wdc.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/swapfile.c | 39 +++++++++++++++++++--------------------
1 file changed, 19 insertions(+), 20 deletions(-)
--- a/mm/swapfile.c
+++ b/mm/swapfile.c
@@ -2899,10 +2899,6 @@ static int claim_swapfile(struct swap_in
p->bdev = inode->i_sb->s_bdev;
}
- inode_lock(inode);
- if (IS_SWAPFILE(inode))
- return -EBUSY;
-
return 0;
}
@@ -3157,17 +3153,22 @@ SYSCALL_DEFINE2(swapon, const char __use
mapping = swap_file->f_mapping;
inode = mapping->host;
- /* If S_ISREG(inode->i_mode) will do inode_lock(inode); */
error = claim_swapfile(p, inode);
if (unlikely(error))
goto bad_swap;
+ inode_lock(inode);
+ if (IS_SWAPFILE(inode)) {
+ error = -EBUSY;
+ goto bad_swap_unlock_inode;
+ }
+
/*
* Read the swap header.
*/
if (!mapping->a_ops->readpage) {
error = -EINVAL;
- goto bad_swap;
+ goto bad_swap_unlock_inode;
}
page = read_mapping_page(mapping, 0, swap_file);
if (IS_ERR(page)) {
@@ -3179,14 +3180,14 @@ SYSCALL_DEFINE2(swapon, const char __use
maxpages = read_swap_header(p, swap_header, inode);
if (unlikely(!maxpages)) {
error = -EINVAL;
- goto bad_swap;
+ goto bad_swap_unlock_inode;
}
/* OK, set up the swap map and apply the bad block list */
swap_map = vzalloc(maxpages);
if (!swap_map) {
error = -ENOMEM;
- goto bad_swap;
+ goto bad_swap_unlock_inode;
}
if (bdi_cap_stable_pages_required(inode_to_bdi(inode)))
@@ -3211,7 +3212,7 @@ SYSCALL_DEFINE2(swapon, const char __use
GFP_KERNEL);
if (!cluster_info) {
error = -ENOMEM;
- goto bad_swap;
+ goto bad_swap_unlock_inode;
}
for (ci = 0; ci < nr_cluster; ci++)
@@ -3220,7 +3221,7 @@ SYSCALL_DEFINE2(swapon, const char __use
p->percpu_cluster = alloc_percpu(struct percpu_cluster);
if (!p->percpu_cluster) {
error = -ENOMEM;
- goto bad_swap;
+ goto bad_swap_unlock_inode;
}
for_each_possible_cpu(cpu) {
struct percpu_cluster *cluster;
@@ -3234,13 +3235,13 @@ SYSCALL_DEFINE2(swapon, const char __use
error = swap_cgroup_swapon(p->type, maxpages);
if (error)
- goto bad_swap;
+ goto bad_swap_unlock_inode;
nr_extents = setup_swap_map_and_extents(p, swap_header, swap_map,
cluster_info, maxpages, &span);
if (unlikely(nr_extents < 0)) {
error = nr_extents;
- goto bad_swap;
+ goto bad_swap_unlock_inode;
}
/* frontswap enabled? set up bit-per-page map for frontswap */
if (IS_ENABLED(CONFIG_FRONTSWAP))
@@ -3280,7 +3281,7 @@ SYSCALL_DEFINE2(swapon, const char __use
error = init_swap_address_space(p->type, maxpages);
if (error)
- goto bad_swap;
+ goto bad_swap_unlock_inode;
/*
* Flush any pending IO and dirty mappings before we start using this
@@ -3290,7 +3291,7 @@ SYSCALL_DEFINE2(swapon, const char __use
error = inode_drain_writes(inode);
if (error) {
inode->i_flags &= ~S_SWAPFILE;
- goto bad_swap;
+ goto bad_swap_unlock_inode;
}
mutex_lock(&swapon_mutex);
@@ -3315,6 +3316,8 @@ SYSCALL_DEFINE2(swapon, const char __use
error = 0;
goto out;
+bad_swap_unlock_inode:
+ inode_unlock(inode);
bad_swap:
free_percpu(p->percpu_cluster);
p->percpu_cluster = NULL;
@@ -3322,6 +3325,7 @@ bad_swap:
set_blocksize(p->bdev, p->old_block_size);
blkdev_put(p->bdev, FMODE_READ | FMODE_WRITE | FMODE_EXCL);
}
+ inode = NULL;
destroy_swap_extents(p);
swap_cgroup_swapoff(p->type);
spin_lock(&swap_lock);
@@ -3333,13 +3337,8 @@ bad_swap:
kvfree(frontswap_map);
if (inced_nr_rotate_swap)
atomic_dec(&nr_rotate_swap);
- if (swap_file) {
- if (inode) {
- inode_unlock(inode);
- inode = NULL;
- }
+ if (swap_file)
filp_close(swap_file, NULL);
- }
out:
if (page && !IS_ERR(page)) {
kunmap(page);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 112/170] drivers/base/memory.c: indicate all memory blocks as removable
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 111/170] mm/swapfile.c: move inode_lock out of claim_swapfile Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 113/170] mm/sparse: fix kernel crash with pfn_section_valid check Greg Kroah-Hartman
` (57 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Scargall, Steve, Michal Hocko,
David Hildenbrand, Andrew Morton, Nathan Fontenot, Michal Hocko,
Dan Williams, Rafael J. Wysocki, Badari Pulavarty,
Robert Jennings, Heiko Carstens, Karel Zak, Linus Torvalds
From: David Hildenbrand <david@redhat.com>
commit 53cdc1cb29e87ce5a61de5bb393eb08925d14ede upstream.
We see multiple issues with the implementation/interface to compute
whether a memory block can be offlined (exposed via
/sys/devices/system/memory/memoryX/removable) and would like to simplify
it (remove the implementation).
1. It runs basically lockless. While this might be good for performance,
we see possible races with memory offlining that will require at
least some sort of locking to fix.
2. Nowadays, more false positives are possible. No arch-specific checks
are performed that validate if memory offlining will not be denied
right away (and such check will require locking). For example, arm64
won't allow to offline any memory block that was added during boot -
which will imply a very high error rate. Other archs have other
constraints.
3. The interface is inherently racy. E.g., if a memory block is detected
to be removable (and was not a false positive at that time), there is
still no guarantee that offlining will actually succeed. So any
caller already has to deal with false positives.
4. It is unclear which performance benefit this interface actually
provides. The introducing commit 5c755e9fd813 ("memory-hotplug: add
sysfs removable attribute for hotplug memory remove") mentioned
"A user-level agent must be able to identify which sections
of memory are likely to be removable before attempting the
potentially expensive operation."
However, no actual performance comparison was included.
Known users:
- lsmem: Will group memory blocks based on the "removable" property. [1]
- chmem: Indirect user. It has a RANGE mode where one can specify
removable ranges identified via lsmem to be offlined. However,
it also has a "SIZE" mode, which allows a sysadmin to skip the
manual "identify removable blocks" step. [2]
- powerpc-utils: Uses the "removable" attribute to skip some memory
blocks right away when trying to find some to offline+remove.
However, with ballooning enabled, it already skips this
information completely (because it once resulted in many false
negatives). Therefore, the implementation can deal with false
positives properly already. [3]
According to Nathan Fontenot, DLPAR on powerpc is nowadays no longer
driven from userspace via the drmgr command (powerpc-utils). Nowadays
it's managed in the kernel - including onlining/offlining of memory
blocks - triggered by drmgr writing to /sys/kernel/dlpar. So the
affected legacy userspace handling is only active on old kernels. Only
very old versions of drmgr on a new kernel (unlikely) might execute
slower - totally acceptable.
With CONFIG_MEMORY_HOTREMOVE, always indicating "removable" should not
break any user space tool. We implement a very bad heuristic now.
Without CONFIG_MEMORY_HOTREMOVE we cannot offline anything, so report
"not removable" as before.
Original discussion can be found in [4] ("[PATCH RFC v1] mm:
is_mem_section_removable() overhaul").
Other users of is_mem_section_removable() will be removed next, so that
we can remove is_mem_section_removable() completely.
[1] http://man7.org/linux/man-pages/man1/lsmem.1.html
[2] http://man7.org/linux/man-pages/man8/chmem.8.html
[3] https://github.com/ibm-power-utilities/powerpc-utils
[4] https://lkml.kernel.org/r/20200117105759.27905-1-david@redhat.com
Also, this patch probably fixes a crash reported by Steve.
http://lkml.kernel.org/r/CAPcyv4jpdaNvJ67SkjyUJLBnBnXXQv686BiVW042g03FUmWLXw@mail.gmail.com
Reported-by: "Scargall, Steve" <steve.scargall@intel.com>
Suggested-by: Michal Hocko <mhocko@kernel.org>
Signed-off-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Nathan Fontenot <ndfont@gmail.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: "Rafael J. Wysocki" <rafael@kernel.org>
Cc: Badari Pulavarty <pbadari@us.ibm.com>
Cc: Robert Jennings <rcj@linux.vnet.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Karel Zak <kzak@redhat.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200128093542.6908-1-david@redhat.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/base/memory.c | 23 +++--------------------
1 file changed, 3 insertions(+), 20 deletions(-)
--- a/drivers/base/memory.c
+++ b/drivers/base/memory.c
@@ -111,30 +111,13 @@ static ssize_t phys_index_show(struct de
}
/*
- * Show whether the memory block is likely to be offlineable (or is already
- * offline). Once offline, the memory block could be removed. The return
- * value does, however, not indicate that there is a way to remove the
- * memory block.
+ * Legacy interface that we cannot remove. Always indicate "removable"
+ * with CONFIG_MEMORY_HOTREMOVE - bad heuristic.
*/
static ssize_t removable_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
- struct memory_block *mem = to_memory_block(dev);
- unsigned long pfn;
- int ret = 1, i;
-
- if (mem->state != MEM_ONLINE)
- goto out;
-
- for (i = 0; i < sections_per_block; i++) {
- if (!present_section_nr(mem->start_section_nr + i))
- continue;
- pfn = section_nr_to_pfn(mem->start_section_nr + i);
- ret &= is_mem_section_removable(pfn, PAGES_PER_SECTION);
- }
-
-out:
- return sprintf(buf, "%d\n", ret);
+ return sprintf(buf, "%d\n", (int)IS_ENABLED(CONFIG_MEMORY_HOTREMOVE));
}
/*
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 113/170] mm/sparse: fix kernel crash with pfn_section_valid check
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 112/170] drivers/base/memory.c: indicate all memory blocks as removable Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 114/170] mm: fork: fix kernel_stack memcg stats for various stack implementations Greg Kroah-Hartman
` (56 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sachin Sant, Aneesh Kumar K.V,
Andrew Morton, Baoquan He, Wei Yang, Michal Hocko, Pankaj Gupta,
Michael Ellerman, Dan Williams, David Hildenbrand,
Oscar Salvador, Mike Rapoport, Linus Torvalds
From: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
commit b943f045a9af9fd02f923e43fe8d7517e9961701 upstream.
Fix the crash like this:
BUG: Kernel NULL pointer dereference on read at 0x00000000
Faulting instruction address: 0xc000000000c3447c
Oops: Kernel access of bad area, sig: 11 [#1]
LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries
CPU: 11 PID: 7519 Comm: lt-ndctl Not tainted 5.6.0-rc7-autotest #1
...
NIP [c000000000c3447c] vmemmap_populated+0x98/0xc0
LR [c000000000088354] vmemmap_free+0x144/0x320
Call Trace:
section_deactivate+0x220/0x240
__remove_pages+0x118/0x170
arch_remove_memory+0x3c/0x150
memunmap_pages+0x1cc/0x2f0
devm_action_release+0x30/0x50
release_nodes+0x2f8/0x3e0
device_release_driver_internal+0x168/0x270
unbind_store+0x130/0x170
drv_attr_store+0x44/0x60
sysfs_kf_write+0x68/0x80
kernfs_fop_write+0x100/0x290
__vfs_write+0x3c/0x70
vfs_write+0xcc/0x240
ksys_write+0x7c/0x140
system_call+0x5c/0x68
The crash is due to NULL dereference at
test_bit(idx, ms->usage->subsection_map);
due to ms->usage = NULL in pfn_section_valid()
With commit d41e2f3bd546 ("mm/hotplug: fix hot remove failure in
SPARSEMEM|!VMEMMAP case") section_mem_map is set to NULL after
depopulate_section_mem(). This was done so that pfn_page() can work
correctly with kernel config that disables SPARSEMEM_VMEMMAP. With that
config pfn_to_page does
__section_mem_map_addr(__sec) + __pfn;
where
static inline struct page *__section_mem_map_addr(struct mem_section *section)
{
unsigned long map = section->section_mem_map;
map &= SECTION_MAP_MASK;
return (struct page *)map;
}
Now with SPASEMEM_VMEMAP enabled, mem_section->usage->subsection_map is
used to check the pfn validity (pfn_valid()). Since section_deactivate
release mem_section->usage if a section is fully deactivated,
pfn_valid() check after a subsection_deactivate cause a kernel crash.
static inline int pfn_valid(unsigned long pfn)
{
...
return early_section(ms) || pfn_section_valid(ms, pfn);
}
where
static inline int pfn_section_valid(struct mem_section *ms, unsigned long pfn)
{
int idx = subsection_map_index(pfn);
return test_bit(idx, ms->usage->subsection_map);
}
Avoid this by clearing SECTION_HAS_MEM_MAP when mem_section->usage is
freed. For architectures like ppc64 where large pages are used for
vmmemap mapping (16MB), a specific vmemmap mapping can cover multiple
sections. Hence before a vmemmap mapping page can be freed, the kernel
needs to make sure there are no valid sections within that mapping.
Clearing the section valid bit before depopulate_section_memap enables
this.
[aneesh.kumar@linux.ibm.com: add comment]
Link: http://lkml.kernel.org/r/20200326133235.343616-1-aneesh.kumar@linux.ibm.comLink: http://lkml.kernel.org/r/20200325031914.107660-1-aneesh.kumar@linux.ibm.com
Fixes: d41e2f3bd546 ("mm/hotplug: fix hot remove failure in SPARSEMEM|!VMEMMAP case")
Reported-by: Sachin Sant <sachinp@linux.vnet.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Tested-by: Sachin Sant <sachinp@linux.vnet.ibm.com>
Reviewed-by: Baoquan He <bhe@redhat.com>
Reviewed-by: Wei Yang <richard.weiyang@gmail.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Acked-by: Pankaj Gupta <pankaj.gupta.linux@gmail.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: Oscar Salvador <osalvador@suse.de>
Cc: Mike Rapoport <rppt@linux.ibm.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/sparse.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/mm/sparse.c
+++ b/mm/sparse.c
@@ -791,6 +791,12 @@ static void section_deactivate(unsigned
ms->usage = NULL;
}
memmap = sparse_decode_mem_map(ms->section_mem_map, section_nr);
+ /*
+ * Mark the section invalid so that valid_section()
+ * return false. This prevents code from dereferencing
+ * ms->usage array.
+ */
+ ms->section_mem_map &= ~SECTION_HAS_MEM_MAP;
}
if (section_is_early && memmap)
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 114/170] mm: fork: fix kernel_stack memcg stats for various stack implementations
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 113/170] mm/sparse: fix kernel crash with pfn_section_valid check Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 115/170] gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk Greg Kroah-Hartman
` (55 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Roman Gushchin, Andrew Morton,
Shakeel Butt, Johannes Weiner, Michal Hocko, Bharata B Rao,
Linus Torvalds
From: Roman Gushchin <guro@fb.com>
commit 8380ce479010f2f779587b462a9b4681934297c3 upstream.
Depending on CONFIG_VMAP_STACK and the THREAD_SIZE / PAGE_SIZE ratio the
space for task stacks can be allocated using __vmalloc_node_range(),
alloc_pages_node() and kmem_cache_alloc_node().
In the first and the second cases page->mem_cgroup pointer is set, but
in the third it's not: memcg membership of a slab page should be
determined using the memcg_from_slab_page() function, which looks at
page->slab_cache->memcg_params.memcg . In this case, using
mod_memcg_page_state() (as in account_kernel_stack()) is incorrect:
page->mem_cgroup pointer is NULL even for pages charged to a non-root
memory cgroup.
It can lead to kernel_stack per-memcg counters permanently showing 0 on
some architectures (depending on the configuration).
In order to fix it, let's introduce a mod_memcg_obj_state() helper,
which takes a pointer to a kernel object as a first argument, uses
mem_cgroup_from_obj() to get a RCU-protected memcg pointer and calls
mod_memcg_state(). It allows to handle all possible configurations
(CONFIG_VMAP_STACK and various THREAD_SIZE/PAGE_SIZE values) without
spilling any memcg/kmem specifics into fork.c .
Note: This is a special version of the patch created for stable
backports. It contains code from the following two patches:
- mm: memcg/slab: introduce mem_cgroup_from_obj()
- mm: fork: fix kernel_stack memcg stats for various stack implementations
[guro@fb.com: introduce mem_cgroup_from_obj()]
Link: http://lkml.kernel.org/r/20200324004221.GA36662@carbon.dhcp.thefacebook.com
Fixes: 4d96ba353075 ("mm: memcg/slab: stop setting page->mem_cgroup pointer for slab pages")
Signed-off-by: Roman Gushchin <guro@fb.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Shakeel Butt <shakeelb@google.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Bharata B Rao <bharata@linux.ibm.com>
Cc: Shakeel Butt <shakeelb@google.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200303233550.251375-1-guro@fb.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/memcontrol.h | 12 ++++++++++++
kernel/fork.c | 4 ++--
mm/memcontrol.c | 38 ++++++++++++++++++++++++++++++++++++++
3 files changed, 52 insertions(+), 2 deletions(-)
--- a/include/linux/memcontrol.h
+++ b/include/linux/memcontrol.h
@@ -695,6 +695,7 @@ static inline unsigned long lruvec_page_
void __mod_lruvec_state(struct lruvec *lruvec, enum node_stat_item idx,
int val);
void __mod_lruvec_slab_state(void *p, enum node_stat_item idx, int val);
+void mod_memcg_obj_state(void *p, int idx, int val);
static inline void mod_lruvec_state(struct lruvec *lruvec,
enum node_stat_item idx, int val)
@@ -1123,6 +1124,10 @@ static inline void __mod_lruvec_slab_sta
__mod_node_page_state(page_pgdat(page), idx, val);
}
+static inline void mod_memcg_obj_state(void *p, int idx, int val)
+{
+}
+
static inline
unsigned long mem_cgroup_soft_limit_reclaim(pg_data_t *pgdat, int order,
gfp_t gfp_mask,
@@ -1427,6 +1432,8 @@ static inline int memcg_cache_id(struct
return memcg ? memcg->kmemcg_id : -1;
}
+struct mem_cgroup *mem_cgroup_from_obj(void *p);
+
#else
static inline int memcg_kmem_charge(struct page *page, gfp_t gfp, int order)
@@ -1468,6 +1475,11 @@ static inline void memcg_put_cache_ids(v
{
}
+static inline struct mem_cgroup *mem_cgroup_from_obj(void *p)
+{
+ return NULL;
+}
+
#endif /* CONFIG_MEMCG_KMEM */
#endif /* _LINUX_MEMCONTROL_H */
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -397,8 +397,8 @@ static void account_kernel_stack(struct
mod_zone_page_state(page_zone(first_page), NR_KERNEL_STACK_KB,
THREAD_SIZE / 1024 * account);
- mod_memcg_page_state(first_page, MEMCG_KERNEL_STACK_KB,
- account * (THREAD_SIZE / 1024));
+ mod_memcg_obj_state(stack, MEMCG_KERNEL_STACK_KB,
+ account * (THREAD_SIZE / 1024));
}
}
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -777,6 +777,17 @@ void __mod_lruvec_slab_state(void *p, en
rcu_read_unlock();
}
+void mod_memcg_obj_state(void *p, int idx, int val)
+{
+ struct mem_cgroup *memcg;
+
+ rcu_read_lock();
+ memcg = mem_cgroup_from_obj(p);
+ if (memcg)
+ mod_memcg_state(memcg, idx, val);
+ rcu_read_unlock();
+}
+
/**
* __count_memcg_events - account VM events in a cgroup
* @memcg: the memory cgroup
@@ -2661,6 +2672,33 @@ static void commit_charge(struct page *p
}
#ifdef CONFIG_MEMCG_KMEM
+/*
+ * Returns a pointer to the memory cgroup to which the kernel object is charged.
+ *
+ * The caller must ensure the memcg lifetime, e.g. by taking rcu_read_lock(),
+ * cgroup_mutex, etc.
+ */
+struct mem_cgroup *mem_cgroup_from_obj(void *p)
+{
+ struct page *page;
+
+ if (mem_cgroup_disabled())
+ return NULL;
+
+ page = virt_to_head_page(p);
+
+ /*
+ * Slab pages don't have page->mem_cgroup set because corresponding
+ * kmem caches can be reparented during the lifetime. That's why
+ * memcg_from_slab_page() should be used instead.
+ */
+ if (PageSlab(page))
+ return memcg_from_slab_page(page);
+
+ /* All other pages use page->mem_cgroup */
+ return page->mem_cgroup;
+}
+
static int memcg_alloc_cache_id(void)
{
int id, size;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 115/170] gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 114/170] mm: fork: fix kernel_stack memcg stats for various stack implementations Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 116/170] gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option Greg Kroah-Hartman
` (54 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Mika Westerberg,
Linus Walleij
From: Hans de Goede <hdegoede@redhat.com>
commit efaa87fa0947d525cf7c075316adde4e3ac7720b upstream.
Commit aa23ca3d98f7 ("gpiolib: acpi: Add honor_wakeup module-option +
quirk mechanism") added a quirk for some models of the HP x2 10 series.
There are 2 issues with the comment describing the quirk:
1) The comment claims the DMI quirk applies to all Cherry Trail based HP x2
10 models. In the mean time I have learned that there are at least 3
models of the HP x2 10 models:
Bay Trail SoC + AXP288 PMIC
Cherry Trail SoC + AXP288 PMIC
Cherry Trail SoC + TI PMIC
And this quirk's DMI matches only match the Cherry Trail SoC + TI PMIC
SoC, which is good because we want a slightly different quirk for the
others. This commit updates the comment to make it clear that the quirk
is only for the Cherry Trail SoC + TI PMIC models.
2) The comment says that it is ok to disable wakeup on all ACPI GPIO event
handlers, because there is only the one for the embedded-controller
events. This is not true, there also is a handler for the special
INT0002 device which is related to USB wakeups. We need to also disable
wakeups on that one because the device turns of the USB-keyboard built
into the dock when closing the lid. The XHCI controller takes a while
to notice this, so it only notices it when already suspended, causing
a spurious wakeup because of this. So disabling wakeup on all handlers
is the right thing to do, but not because there only is the one handler
for the EC events. This commit updates the comment to correctly reflect
this.
Fixes: aa23ca3d98f7 ("gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism")
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20200302111225.6641-1-hdegoede@redhat.com
Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpio/gpiolib-acpi.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
--- a/drivers/gpio/gpiolib-acpi.c
+++ b/drivers/gpio/gpiolib-acpi.c
@@ -1345,12 +1345,14 @@ static const struct dmi_system_id gpioli
},
{
/*
- * Various HP X2 10 Cherry Trail models use an external
- * embedded-controller connected via I2C + an ACPI GPIO
- * event handler. The embedded controller generates various
- * spurious wakeup events when suspended. So disable wakeup
- * for its handler (it uses the only ACPI GPIO event handler).
- * This breaks wakeup when opening the lid, the user needs
+ * HP X2 10 models with Cherry Trail SoC + TI PMIC use an
+ * external embedded-controller connected via I2C + an ACPI GPIO
+ * event handler on INT33FF:01 pin 0, causing spurious wakeups.
+ * When suspending by closing the LID, the power to the USB
+ * keyboard is turned off, causing INT0002 ACPI events to
+ * trigger once the XHCI controller notices the keyboard is
+ * gone. So INT0002 events cause spurious wakeups too. Ignoring
+ * EC wakes breaks wakeup when opening the lid, the user needs
* to press the power-button to wakeup the system. The
* alternative is suspend simply not working, which is worse.
*/
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 116/170] gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 115/170] gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 117/170] gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model Greg Kroah-Hartman
` (53 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Mika Westerberg,
Andy Shevchenko, Linus Walleij
From: Hans de Goede <hdegoede@redhat.com>
commit 2ccb21f5516afef5e251184eeefbf36db90206d7 upstream.
Commit aa23ca3d98f7 ("gpiolib: acpi: Add honor_wakeup module-option +
quirk mechanism") was added to deal with spurious wakeups on one specific
model of the HP x2 10 series.
The approach taken there was to add a bool controlling wakeup support for
all ACPI GPIO events. This was sufficient for the specific HP x2 10 model
the commit was trying to fix, but in the mean time other models have
turned up which need a similar workaround to avoid spurious wakeups from
suspend, but only for one of the pins on which the ACPI tables request
ACPI GPIO events.
Since the honor_wakeup option was added to be able to ignore wake events,
the name was perhaps not the best, this commit renames it to ignore_wake
and changes it to a string with the following format:
gpiolib_acpi.ignore_wake=controller@pin[,controller@pin[,...]]
This allows working around spurious wakeup issues on a per pin basis.
This commit also reworks the existing quirk for the HP x2 10 so that
it functions as before.
Note:
-This removes the honor_wakeup parameter. This has only been upstream for
a short time and to the best of my knowledge there are no users using
this module parameter.
-The controller@pin[,controller@pin[,...]] syntax is based on an existing
kernel module parameter using the same controller@pin format. That version
uses ';' as separator, but in practice that is problematic because grub2
cannot handle this without taking special care to escape the ';', so here
we are using a ',' as separator instead which does not have this issue.
Fixes: aa23ca3d98f7 ("gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism")
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20200302111225.6641-2-hdegoede@redhat.com
Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpio/gpiolib-acpi.c | 96 ++++++++++++++++++++++++++++++++++----------
1 file changed, 76 insertions(+), 20 deletions(-)
--- a/drivers/gpio/gpiolib-acpi.c
+++ b/drivers/gpio/gpiolib-acpi.c
@@ -21,18 +21,21 @@
#include "gpiolib.h"
#include "gpiolib-acpi.h"
-#define QUIRK_NO_EDGE_EVENTS_ON_BOOT 0x01l
-#define QUIRK_NO_WAKEUP 0x02l
-
static int run_edge_events_on_boot = -1;
module_param(run_edge_events_on_boot, int, 0444);
MODULE_PARM_DESC(run_edge_events_on_boot,
"Run edge _AEI event-handlers at boot: 0=no, 1=yes, -1=auto");
-static int honor_wakeup = -1;
-module_param(honor_wakeup, int, 0444);
-MODULE_PARM_DESC(honor_wakeup,
- "Honor the ACPI wake-capable flag: 0=no, 1=yes, -1=auto");
+static char *ignore_wake;
+module_param(ignore_wake, charp, 0444);
+MODULE_PARM_DESC(ignore_wake,
+ "controller@pin combos on which to ignore the ACPI wake flag "
+ "ignore_wake=controller@pin[,controller@pin[,...]]");
+
+struct acpi_gpiolib_dmi_quirk {
+ bool no_edge_events_on_boot;
+ char *ignore_wake;
+};
/**
* struct acpi_gpio_event - ACPI GPIO event handler data
@@ -202,6 +205,57 @@ static void acpi_gpiochip_request_irqs(s
acpi_gpiochip_request_irq(acpi_gpio, event);
}
+static bool acpi_gpio_in_ignore_list(const char *controller_in, int pin_in)
+{
+ const char *controller, *pin_str;
+ int len, pin;
+ char *endp;
+
+ controller = ignore_wake;
+ while (controller) {
+ pin_str = strchr(controller, '@');
+ if (!pin_str)
+ goto err;
+
+ len = pin_str - controller;
+ if (len == strlen(controller_in) &&
+ strncmp(controller, controller_in, len) == 0) {
+ pin = simple_strtoul(pin_str + 1, &endp, 10);
+ if (*endp != 0 && *endp != ',')
+ goto err;
+
+ if (pin == pin_in)
+ return true;
+ }
+
+ controller = strchr(controller, ',');
+ if (controller)
+ controller++;
+ }
+
+ return false;
+err:
+ pr_err_once("Error invalid value for gpiolib_acpi.ignore_wake: %s\n",
+ ignore_wake);
+ return false;
+}
+
+static bool acpi_gpio_irq_is_wake(struct device *parent,
+ struct acpi_resource_gpio *agpio)
+{
+ int pin = agpio->pin_table[0];
+
+ if (agpio->wake_capable != ACPI_WAKE_CAPABLE)
+ return false;
+
+ if (acpi_gpio_in_ignore_list(dev_name(parent), pin)) {
+ dev_info(parent, "Ignoring wakeup on pin %d\n", pin);
+ return false;
+ }
+
+ return true;
+}
+
/* Always returns AE_OK so that we keep looping over the resources */
static acpi_status acpi_gpiochip_alloc_event(struct acpi_resource *ares,
void *context)
@@ -289,7 +343,7 @@ static acpi_status acpi_gpiochip_alloc_e
event->handle = evt_handle;
event->handler = handler;
event->irq = irq;
- event->irq_is_wake = honor_wakeup && agpio->wake_capable == ACPI_WAKE_CAPABLE;
+ event->irq_is_wake = acpi_gpio_irq_is_wake(chip->parent, agpio);
event->pin = pin;
event->desc = desc;
@@ -1328,7 +1382,9 @@ static const struct dmi_system_id gpioli
DMI_MATCH(DMI_SYS_VENDOR, "MINIX"),
DMI_MATCH(DMI_PRODUCT_NAME, "Z83-4"),
},
- .driver_data = (void *)QUIRK_NO_EDGE_EVENTS_ON_BOOT,
+ .driver_data = &(struct acpi_gpiolib_dmi_quirk) {
+ .no_edge_events_on_boot = true,
+ },
},
{
/*
@@ -1341,7 +1397,9 @@ static const struct dmi_system_id gpioli
DMI_MATCH(DMI_SYS_VENDOR, "Wortmann_AG"),
DMI_MATCH(DMI_PRODUCT_NAME, "TERRA_PAD_1061"),
},
- .driver_data = (void *)QUIRK_NO_EDGE_EVENTS_ON_BOOT,
+ .driver_data = &(struct acpi_gpiolib_dmi_quirk) {
+ .no_edge_events_on_boot = true,
+ },
},
{
/*
@@ -1360,33 +1418,31 @@ static const struct dmi_system_id gpioli
DMI_MATCH(DMI_SYS_VENDOR, "HP"),
DMI_MATCH(DMI_PRODUCT_NAME, "HP x2 Detachable 10-p0XX"),
},
- .driver_data = (void *)QUIRK_NO_WAKEUP,
+ .driver_data = &(struct acpi_gpiolib_dmi_quirk) {
+ .ignore_wake = "INT33FF:01@0,INT0002:00@2",
+ },
},
{} /* Terminating entry */
};
static int acpi_gpio_setup_params(void)
{
+ const struct acpi_gpiolib_dmi_quirk *quirk = NULL;
const struct dmi_system_id *id;
- long quirks = 0;
id = dmi_first_match(gpiolib_acpi_quirks);
if (id)
- quirks = (long)id->driver_data;
+ quirk = id->driver_data;
if (run_edge_events_on_boot < 0) {
- if (quirks & QUIRK_NO_EDGE_EVENTS_ON_BOOT)
+ if (quirk && quirk->no_edge_events_on_boot)
run_edge_events_on_boot = 0;
else
run_edge_events_on_boot = 1;
}
- if (honor_wakeup < 0) {
- if (quirks & QUIRK_NO_WAKEUP)
- honor_wakeup = 0;
- else
- honor_wakeup = 1;
- }
+ if (ignore_wake == NULL && quirk && quirk->ignore_wake)
+ ignore_wake = quirk->ignore_wake;
return 0;
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 117/170] gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 116/170] gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 118/170] bpf: Fix cgroup ref leak in cgroup_bpf_inherit on out-of-memory Greg Kroah-Hartman
` (52 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Mika Westerberg,
Linus Walleij
From: Hans de Goede <hdegoede@redhat.com>
commit 0e91506ba00730f088961a8d39f8693b0f8e3fea upstream.
Commit aa23ca3d98f7 ("gpiolib: acpi: Add honor_wakeup module-option +
quirk mechanism") was added to deal with spurious wakeups on one specific
model of the HP x2 10 series. In the mean time I have learned that there
are at least 3 different HP x2 10 models:
Bay Trail SoC + AXP288 PMIC
Cherry Trail SoC + AXP288 PMIC
Cherry Trail SoC + TI PMIC
And the original quirk is only correct for (and only matches the)
Cherry Trail SoC + TI PMIC model.
The Bay Trail SoC + AXP288 PMIC model has different DMI strings, has
the external EC interrupt on a different GPIO pin and only needs to ignore
wakeups on the EC interrupt, the INT0002 device works fine on this model.
This commit adds an extra DMI based quirk for the HP x2 10 BYT + AXP288
model, ignoring wakeups for ACPI GPIO events on the EC interrupt pin
on this model. This fixes spurious wakeups from suspend on this model.
Fixes: aa23ca3d98f7 ("gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism")
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20200302111225.6641-3-hdegoede@redhat.com
Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpio/gpiolib-acpi.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
--- a/drivers/gpio/gpiolib-acpi.c
+++ b/drivers/gpio/gpiolib-acpi.c
@@ -1422,6 +1422,21 @@ static const struct dmi_system_id gpioli
.ignore_wake = "INT33FF:01@0,INT0002:00@2",
},
},
+ {
+ /*
+ * HP X2 10 models with Bay Trail SoC + AXP288 PMIC use an
+ * external embedded-controller connected via I2C + an ACPI GPIO
+ * event handler on INT33FC:02 pin 28, causing spurious wakeups.
+ */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "HP Pavilion x2 Detachable"),
+ DMI_MATCH(DMI_BOARD_NAME, "815D"),
+ },
+ .driver_data = &(struct acpi_gpiolib_dmi_quirk) {
+ .ignore_wake = "INT33FC:02@28",
+ },
+ },
{} /* Terminating entry */
};
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 118/170] bpf: Fix cgroup ref leak in cgroup_bpf_inherit on out-of-memory
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 117/170] gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 119/170] RDMA/core: Ensure security pkey modify is not lost Greg Kroah-Hartman
` (51 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrii Nakryiko, Alexei Starovoitov,
Roman Gushchin
From: Andrii Nakryiko <andriin@fb.com>
commit 1d8006abaab4cb90f81add86e8d1bf9411add05a upstream.
There is no compensating cgroup_bpf_put() for each ancestor cgroup in
cgroup_bpf_inherit(). If compute_effective_progs returns error, those cgroups
won't be freed ever. Fix it by putting them in cleanup code path.
Fixes: e10360f815ca ("bpf: cgroup: prevent out-of-order release of cgroup bpf")
Signed-off-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Roman Gushchin <guro@fb.com>
Link: https://lore.kernel.org/bpf/20200309224017.1063297-1-andriin@fb.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/bpf/cgroup.c | 3 +++
1 file changed, 3 insertions(+)
--- a/kernel/bpf/cgroup.c
+++ b/kernel/bpf/cgroup.c
@@ -228,6 +228,9 @@ cleanup:
for (i = 0; i < NR; i++)
bpf_prog_array_free(arrays[i]);
+ for (p = cgroup_parent(cgrp); p; p = cgroup_parent(p))
+ cgroup_bpf_put(p);
+
percpu_ref_exit(&cgrp->bpf.refcnt);
return -ENOMEM;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 119/170] RDMA/core: Ensure security pkey modify is not lost
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 118/170] bpf: Fix cgroup ref leak in cgroup_bpf_inherit on out-of-memory Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 120/170] afs: Fix handling of an abort from a service handler Greg Kroah-Hartman
` (50 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kaike Wan, Mike Marciniszyn,
Leon Romanovsky, Jason Gunthorpe
From: Mike Marciniszyn <mike.marciniszyn@intel.com>
commit 2d47fbacf2725a67869f4d3634c2415e7dfab2f4 upstream.
The following modify sequence (loosely based on ipoib) will lose a pkey
modifcation:
- Modify (pkey index, port)
- Modify (new pkey index, NO port)
After the first modify, the qp_pps list will have saved the pkey and the
unit on the main list.
During the second modify, get_new_pps() will fetch the port from qp_pps
and read the new pkey index from qp_attr->pkey_index. The state will
still be zero, or IB_PORT_PKEY_NOT_VALID. Because of the invalid state,
the new values will never replace the one in the qp pps list, losing the
new pkey.
This happens because the following if statements will never correct the
state because the first term will be false. If the code had been executed,
it would incorrectly overwrite valid values.
if ((qp_attr_mask & IB_QP_PKEY_INDEX) && (qp_attr_mask & IB_QP_PORT))
new_pps->main.state = IB_PORT_PKEY_VALID;
if (!(qp_attr_mask & (IB_QP_PKEY_INDEX | IB_QP_PORT)) && qp_pps) {
new_pps->main.port_num = qp_pps->main.port_num;
new_pps->main.pkey_index = qp_pps->main.pkey_index;
if (qp_pps->main.state != IB_PORT_PKEY_NOT_VALID)
new_pps->main.state = IB_PORT_PKEY_VALID;
}
Fix by joining the two if statements with an or test to see if qp_pps is
non-NULL and in the correct state.
Fixes: 1dd017882e01 ("RDMA/core: Fix protection fault in get_pkey_idx_qp_list")
Link: https://lore.kernel.org/r/20200313124704.14982.55907.stgit@awfm-01.aw.intel.com
Reviewed-by: Kaike Wan <kaike.wan@intel.com>
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/core/security.c | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
--- a/drivers/infiniband/core/security.c
+++ b/drivers/infiniband/core/security.c
@@ -349,16 +349,11 @@ static struct ib_ports_pkeys *get_new_pp
else if (qp_pps)
new_pps->main.pkey_index = qp_pps->main.pkey_index;
- if ((qp_attr_mask & IB_QP_PKEY_INDEX) && (qp_attr_mask & IB_QP_PORT))
+ if (((qp_attr_mask & IB_QP_PKEY_INDEX) &&
+ (qp_attr_mask & IB_QP_PORT)) ||
+ (qp_pps && qp_pps->main.state != IB_PORT_PKEY_NOT_VALID))
new_pps->main.state = IB_PORT_PKEY_VALID;
- if (!(qp_attr_mask & (IB_QP_PKEY_INDEX | IB_QP_PORT)) && qp_pps) {
- new_pps->main.port_num = qp_pps->main.port_num;
- new_pps->main.pkey_index = qp_pps->main.pkey_index;
- if (qp_pps->main.state != IB_PORT_PKEY_NOT_VALID)
- new_pps->main.state = IB_PORT_PKEY_VALID;
- }
-
if (qp_attr_mask & IB_QP_ALT_PATH) {
new_pps->alt.port_num = qp_attr->alt_port_num;
new_pps->alt.pkey_index = qp_attr->alt_pkey_index;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 120/170] afs: Fix handling of an abort from a service handler
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 119/170] RDMA/core: Ensure security pkey modify is not lost Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 121/170] genirq: Fix reference leaks on irq affinity notifiers Greg Kroah-Hartman
` (49 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, David Howells
From: David Howells <dhowells@redhat.com>
commit dde9f095583b3f375ba23979045ee10dfcebec2f upstream.
When an AFS service handler function aborts a call, AF_RXRPC marks the call
as complete - which means that it's not going to get any more packets from
the receiver. This is a problem because reception of the final ACK is what
triggers afs_deliver_to_call() to drop the final ref on the afs_call
object.
Instead, aborted AFS service calls may then just sit around waiting for
ever or until they're displaced by a new call on the same connection
channel or a connection-level abort.
Fix this by calling afs_set_call_complete() to finalise the afs_call struct
representing the call.
However, we then need to drop the ref that stops the call from being
deallocated. We can do this in afs_set_call_complete(), as the work queue
is holding a separate ref of its own, but then we shouldn't do it in
afs_process_async_call() and afs_delete_async_call().
call->drop_ref is set to indicate that a ref needs dropping for a call and
this is dealt with when we transition a call to AFS_CALL_COMPLETE.
But then we also need to get rid of the ref that pins an asynchronous
client call. We can do this by the same mechanism, setting call->drop_ref
for an async client call too.
We can also get rid of call->incoming since nothing ever sets it and only
one thing ever checks it (futilely).
A trace of the rxrpc_call and afs_call struct ref counting looks like:
<idle>-0 [001] ..s5 164.764892: rxrpc_call: c=00000002 SEE u=3 sp=rxrpc_new_incoming_call+0x473/0xb34 a=00000000442095b5
<idle>-0 [001] .Ns5 164.766001: rxrpc_call: c=00000002 QUE u=4 sp=rxrpc_propose_ACK+0xbe/0x551 a=00000000442095b5
<idle>-0 [001] .Ns4 164.766005: rxrpc_call: c=00000002 PUT u=3 sp=rxrpc_new_incoming_call+0xa3f/0xb34 a=00000000442095b5
<idle>-0 [001] .Ns7 164.766433: afs_call: c=00000002 WAKE u=2 o=11 sp=rxrpc_notify_socket+0x196/0x33c
kworker/1:2-1810 [001] ...1 164.768409: rxrpc_call: c=00000002 SEE u=3 sp=rxrpc_process_call+0x25/0x7ae a=00000000442095b5
kworker/1:2-1810 [001] ...1 164.769439: rxrpc_tx_packet: c=00000002 e9f1a7a8:95786a88:00000008:09c5 00000001 00000000 02 22 ACK CallAck
kworker/1:2-1810 [001] ...1 164.769459: rxrpc_call: c=00000002 PUT u=2 sp=rxrpc_process_call+0x74f/0x7ae a=00000000442095b5
kworker/1:2-1810 [001] ...1 164.770794: afs_call: c=00000002 QUEUE u=3 o=12 sp=afs_deliver_to_call+0x449/0x72c
kworker/1:2-1810 [001] ...1 164.770829: afs_call: c=00000002 PUT u=2 o=12 sp=afs_process_async_call+0xdb/0x11e
kworker/1:2-1810 [001] ...2 164.771084: rxrpc_abort: c=00000002 95786a88:00000008 s=0 a=1 e=1 K-1
kworker/1:2-1810 [001] ...1 164.771461: rxrpc_tx_packet: c=00000002 e9f1a7a8:95786a88:00000008:09c5 00000002 00000000 04 00 ABORT CallAbort
kworker/1:2-1810 [001] ...1 164.771466: afs_call: c=00000002 PUT u=1 o=12 sp=SRXAFSCB_ProbeUuid+0xc1/0x106
The abort generated in SRXAFSCB_ProbeUuid(), labelled "K-1", indicates that
the local filesystem/cache manager didn't recognise the UUID as its own.
Fixes: 2067b2b3f484 ("afs: Fix the CB.ProbeUuid service handler to reply correctly")
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/afs/cmservice.c | 14 ++++++++++++--
fs/afs/internal.h | 12 ++++++++++--
fs/afs/rxrpc.c | 33 ++++-----------------------------
3 files changed, 26 insertions(+), 33 deletions(-)
--- a/fs/afs/cmservice.c
+++ b/fs/afs/cmservice.c
@@ -244,6 +244,17 @@ static void afs_cm_destructor(struct afs
}
/*
+ * Abort a service call from within an action function.
+ */
+static void afs_abort_service_call(struct afs_call *call, u32 abort_code, int error,
+ const char *why)
+{
+ rxrpc_kernel_abort_call(call->net->socket, call->rxcall,
+ abort_code, error, why);
+ afs_set_call_complete(call, error, 0);
+}
+
+/*
* The server supplied a list of callbacks that it wanted to break.
*/
static void SRXAFSCB_CallBack(struct work_struct *work)
@@ -510,8 +521,7 @@ static void SRXAFSCB_ProbeUuid(struct wo
if (memcmp(r, &call->net->uuid, sizeof(call->net->uuid)) == 0)
afs_send_empty_reply(call);
else
- rxrpc_kernel_abort_call(call->net->socket, call->rxcall,
- 1, 1, "K-1");
+ afs_abort_service_call(call, 1, 1, "K-1");
afs_put_call(call);
_leave("");
--- a/fs/afs/internal.h
+++ b/fs/afs/internal.h
@@ -154,7 +154,7 @@ struct afs_call {
};
unsigned char unmarshall; /* unmarshalling phase */
unsigned char addr_ix; /* Address in ->alist */
- bool incoming; /* T if incoming call */
+ bool drop_ref; /* T if need to drop ref for incoming call */
bool send_pages; /* T if data from mapping should be sent */
bool need_attention; /* T if RxRPC poked us */
bool async; /* T if asynchronous */
@@ -1209,8 +1209,16 @@ static inline void afs_set_call_complete
ok = true;
}
spin_unlock_bh(&call->state_lock);
- if (ok)
+ if (ok) {
trace_afs_call_done(call);
+
+ /* Asynchronous calls have two refs to release - one from the alloc and
+ * one queued with the work item - and we can't just deallocate the
+ * call because the work item may be queued again.
+ */
+ if (call->drop_ref)
+ afs_put_call(call);
+ }
}
/*
--- a/fs/afs/rxrpc.c
+++ b/fs/afs/rxrpc.c
@@ -18,7 +18,6 @@ struct workqueue_struct *afs_async_calls
static void afs_wake_up_call_waiter(struct sock *, struct rxrpc_call *, unsigned long);
static void afs_wake_up_async_call(struct sock *, struct rxrpc_call *, unsigned long);
-static void afs_delete_async_call(struct work_struct *);
static void afs_process_async_call(struct work_struct *);
static void afs_rx_new_call(struct sock *, struct rxrpc_call *, unsigned long);
static void afs_rx_discard_new_call(struct rxrpc_call *, unsigned long);
@@ -402,8 +401,10 @@ void afs_make_call(struct afs_addr_curso
/* If the call is going to be asynchronous, we need an extra ref for
* the call to hold itself so the caller need not hang on to its ref.
*/
- if (call->async)
+ if (call->async) {
afs_get_call(call, afs_call_trace_get);
+ call->drop_ref = true;
+ }
/* create a call */
rxcall = rxrpc_kernel_begin_call(call->net->socket, srx, call->key,
@@ -584,8 +585,6 @@ static void afs_deliver_to_call(struct a
done:
if (call->type->done)
call->type->done(call);
- if (state == AFS_CALL_COMPLETE && call->incoming)
- afs_put_call(call);
out:
_leave("");
return;
@@ -745,21 +744,6 @@ static void afs_wake_up_async_call(struc
}
/*
- * Delete an asynchronous call. The work item carries a ref to the call struct
- * that we need to release.
- */
-static void afs_delete_async_call(struct work_struct *work)
-{
- struct afs_call *call = container_of(work, struct afs_call, async_work);
-
- _enter("");
-
- afs_put_call(call);
-
- _leave("");
-}
-
-/*
* Perform I/O processing on an asynchronous call. The work item carries a ref
* to the call struct that we either need to release or to pass on.
*/
@@ -774,16 +758,6 @@ static void afs_process_async_call(struc
afs_deliver_to_call(call);
}
- if (call->state == AFS_CALL_COMPLETE) {
- /* We have two refs to release - one from the alloc and one
- * queued with the work item - and we can't just deallocate the
- * call because the work item may be queued again.
- */
- call->async_work.func = afs_delete_async_call;
- if (!queue_work(afs_async_calls, &call->async_work))
- afs_put_call(call);
- }
-
afs_put_call(call);
_leave("");
}
@@ -810,6 +784,7 @@ void afs_charge_preallocation(struct wor
if (!call)
break;
+ call->drop_ref = true;
call->async = true;
call->state = AFS_CALL_SV_AWAIT_OP_ID;
init_waitqueue_head(&call->waitq);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 121/170] genirq: Fix reference leaks on irq affinity notifiers
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 120/170] afs: Fix handling of an abort from a service handler Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 122/170] xfrm: handle NETDEV_UNREGISTER for xfrm device Greg Kroah-Hartman
` (48 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Edward Cree, Thomas Gleixner, Ben Hutchings
From: Edward Cree <ecree@solarflare.com>
commit df81dfcfd6991d547653d46c051bac195cd182c1 upstream.
The handling of notify->work did not properly maintain notify->kref in two
cases:
1) where the work was already scheduled, another irq_set_affinity_locked()
would get the ref and (no-op-ly) schedule the work. Thus when
irq_affinity_notify() ran, it would drop the original ref but not the
additional one.
2) when cancelling the (old) work in irq_set_affinity_notifier(), if there
was outstanding work a ref had been got for it but was never put.
Fix both by checking the return values of the work handling functions
(schedule_work() for (1) and cancel_work_sync() for (2)) and put the
extra ref if the return value indicates preexisting work.
Fixes: cd7eab44e994 ("genirq: Add IRQ affinity notifiers")
Fixes: 59c39840f5ab ("genirq: Prevent use-after-free and work list corruption")
Signed-off-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Ben Hutchings <ben@decadent.org.uk>
Link: https://lkml.kernel.org/r/24f5983f-2ab5-e83a-44ee-a45b5f9300f5@solarflare.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/irq/manage.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
--- a/kernel/irq/manage.c
+++ b/kernel/irq/manage.c
@@ -284,7 +284,11 @@ int irq_set_affinity_locked(struct irq_d
if (desc->affinity_notify) {
kref_get(&desc->affinity_notify->kref);
- schedule_work(&desc->affinity_notify->work);
+ if (!schedule_work(&desc->affinity_notify->work)) {
+ /* Work was already scheduled, drop our extra ref */
+ kref_put(&desc->affinity_notify->kref,
+ desc->affinity_notify->release);
+ }
}
irqd_set(data, IRQD_AFFINITY_SET);
@@ -384,7 +388,10 @@ irq_set_affinity_notifier(unsigned int i
raw_spin_unlock_irqrestore(&desc->lock, flags);
if (old_notify) {
- cancel_work_sync(&old_notify->work);
+ if (cancel_work_sync(&old_notify->work)) {
+ /* Pending work had a ref, put that one too */
+ kref_put(&old_notify->kref, old_notify->release);
+ }
kref_put(&old_notify->kref, old_notify->release);
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 122/170] xfrm: handle NETDEV_UNREGISTER for xfrm device
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 121/170] genirq: Fix reference leaks on irq affinity notifiers Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 123/170] vti[6]: fix packet tx through bpf_redirect() in XinY cases Greg Kroah-Hartman
` (47 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Raed Salem, Boris Pismenny,
Saeed Mahameed, Steffen Klassert
From: Raed Salem <raeds@mellanox.com>
commit 03891f820c2117b19e80b370281eb924a09cf79f upstream.
This patch to handle the asynchronous unregister
device event so the device IPsec offload resources
could be cleanly released.
Fixes: e4db5b61c572 ("xfrm: policy: remove pcpu policy cache")
Signed-off-by: Raed Salem <raeds@mellanox.com>
Reviewed-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/xfrm/xfrm_device.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/xfrm/xfrm_device.c
+++ b/net/xfrm/xfrm_device.c
@@ -390,6 +390,7 @@ static int xfrm_dev_event(struct notifie
return xfrm_dev_feat_change(dev);
case NETDEV_DOWN:
+ case NETDEV_UNREGISTER:
return xfrm_dev_down(dev);
}
return NOTIFY_DONE;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 123/170] vti[6]: fix packet tx through bpf_redirect() in XinY cases
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 122/170] xfrm: handle NETDEV_UNREGISTER for xfrm device Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 124/170] RDMA/mlx5: Fix the number of hwcounters of a dynamic counter Greg Kroah-Hartman
` (46 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Dichtel, Steffen Klassert
From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
commit f1ed10264ed6b66b9cd5e8461cffce69be482356 upstream.
I forgot the 4in6/6in4 cases in my previous patch. Let's fix them.
Fixes: 95224166a903 ("vti[6]: fix packet tx through bpf_redirect()")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/Kconfig | 1 +
net/ipv4/ip_vti.c | 36 +++++++++++++++++++++++++++++-------
net/ipv6/ip6_vti.c | 32 +++++++++++++++++++++++++-------
3 files changed, 55 insertions(+), 14 deletions(-)
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -303,6 +303,7 @@ config SYN_COOKIES
config NET_IPVTI
tristate "Virtual (secure) IP: tunneling"
+ depends on IPV6 || IPV6=n
select INET_TUNNEL
select NET_IP_TUNNEL
select XFRM
--- a/net/ipv4/ip_vti.c
+++ b/net/ipv4/ip_vti.c
@@ -187,17 +187,39 @@ static netdev_tx_t vti_xmit(struct sk_bu
int mtu;
if (!dst) {
- struct rtable *rt;
+ switch (skb->protocol) {
+ case htons(ETH_P_IP): {
+ struct rtable *rt;
- fl->u.ip4.flowi4_oif = dev->ifindex;
- fl->u.ip4.flowi4_flags |= FLOWI_FLAG_ANYSRC;
- rt = __ip_route_output_key(dev_net(dev), &fl->u.ip4);
- if (IS_ERR(rt)) {
+ fl->u.ip4.flowi4_oif = dev->ifindex;
+ fl->u.ip4.flowi4_flags |= FLOWI_FLAG_ANYSRC;
+ rt = __ip_route_output_key(dev_net(dev), &fl->u.ip4);
+ if (IS_ERR(rt)) {
+ dev->stats.tx_carrier_errors++;
+ goto tx_error_icmp;
+ }
+ dst = &rt->dst;
+ skb_dst_set(skb, dst);
+ break;
+ }
+#if IS_ENABLED(CONFIG_IPV6)
+ case htons(ETH_P_IPV6):
+ fl->u.ip6.flowi6_oif = dev->ifindex;
+ fl->u.ip6.flowi6_flags |= FLOWI_FLAG_ANYSRC;
+ dst = ip6_route_output(dev_net(dev), NULL, &fl->u.ip6);
+ if (dst->error) {
+ dst_release(dst);
+ dst = NULL;
+ dev->stats.tx_carrier_errors++;
+ goto tx_error_icmp;
+ }
+ skb_dst_set(skb, dst);
+ break;
+#endif
+ default:
dev->stats.tx_carrier_errors++;
goto tx_error_icmp;
}
- dst = &rt->dst;
- skb_dst_set(skb, dst);
}
dst_hold(dst);
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -450,15 +450,33 @@ vti6_xmit(struct sk_buff *skb, struct ne
int mtu;
if (!dst) {
- fl->u.ip6.flowi6_oif = dev->ifindex;
- fl->u.ip6.flowi6_flags |= FLOWI_FLAG_ANYSRC;
- dst = ip6_route_output(dev_net(dev), NULL, &fl->u.ip6);
- if (dst->error) {
- dst_release(dst);
- dst = NULL;
+ switch (skb->protocol) {
+ case htons(ETH_P_IP): {
+ struct rtable *rt;
+
+ fl->u.ip4.flowi4_oif = dev->ifindex;
+ fl->u.ip4.flowi4_flags |= FLOWI_FLAG_ANYSRC;
+ rt = __ip_route_output_key(dev_net(dev), &fl->u.ip4);
+ if (IS_ERR(rt))
+ goto tx_err_link_failure;
+ dst = &rt->dst;
+ skb_dst_set(skb, dst);
+ break;
+ }
+ case htons(ETH_P_IPV6):
+ fl->u.ip6.flowi6_oif = dev->ifindex;
+ fl->u.ip6.flowi6_flags |= FLOWI_FLAG_ANYSRC;
+ dst = ip6_route_output(dev_net(dev), NULL, &fl->u.ip6);
+ if (dst->error) {
+ dst_release(dst);
+ dst = NULL;
+ goto tx_err_link_failure;
+ }
+ skb_dst_set(skb, dst);
+ break;
+ default:
goto tx_err_link_failure;
}
- skb_dst_set(skb, dst);
}
dst_hold(dst);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 124/170] RDMA/mlx5: Fix the number of hwcounters of a dynamic counter
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 123/170] vti[6]: fix packet tx through bpf_redirect() in XinY cases Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 125/170] RDMA/mlx5: Fix access to wrong pointer while performing flush due to error Greg Kroah-Hartman
` (45 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Zhang, Leon Romanovsky, Jason Gunthorpe
From: Mark Zhang <markz@mellanox.com>
commit ec16b6bbdab1ce2b03f46271460efc7f450658cd upstream.
When we read the global counter and there's any dynamic counter allocated,
the value of a hwcounter is the sum of the default counter and all dynamic
counters. So the number of hwcounters of a dynamically allocated counter
must be same as of the default counter, otherwise there will be read
violations.
This fixes the KASAN slab-out-of-bounds bug:
BUG: KASAN: slab-out-of-bounds in rdma_counter_get_hwstat_value+0x36d/0x390 [ib_core]
Read of size 8 at addr ffff8884192a5778 by task rdma/10138
CPU: 7 PID: 10138 Comm: rdma Not tainted 5.5.0-for-upstream-dbg-2020-02-06_18-30-19-27 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014
Call Trace:
dump_stack+0xb7/0x10b
print_address_description.constprop.4+0x1e2/0x400
? rdma_counter_get_hwstat_value+0x36d/0x390 [ib_core]
__kasan_report+0x15c/0x1e0
? mlx5_ib_query_q_counters+0x13f/0x270 [mlx5_ib]
? rdma_counter_get_hwstat_value+0x36d/0x390 [ib_core]
kasan_report+0xe/0x20
rdma_counter_get_hwstat_value+0x36d/0x390 [ib_core]
? rdma_counter_query_stats+0xd0/0xd0 [ib_core]
? memcpy+0x34/0x50
? nla_put+0xe2/0x170
nldev_stat_get_doit+0x9c7/0x14f0 [ib_core]
...
do_syscall_64+0x95/0x490
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fcc457fe65a
Code: bb 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 8b 05 fa f1 2b 00 45 89 c9 4c 63 d1 48 63 ff 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 76 f3 c3 0f 1f 40 00 41 55 41 54 4d 89 c5 55
RSP: 002b:00007ffc0586f868 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcc457fe65a
RDX: 0000000000000020 RSI: 00000000013db920 RDI: 0000000000000003
RBP: 00007ffc0586fa90 R08: 00007fcc45ac10e0 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004089c0
R13: 0000000000000000 R14: 00007ffc0586fab0 R15: 00000000013dc9a0
Allocated by task 9700:
save_stack+0x19/0x80
__kasan_kmalloc.constprop.7+0xa0/0xd0
mlx5_ib_counter_alloc_stats+0xd1/0x1d0 [mlx5_ib]
rdma_counter_alloc+0x16d/0x3f0 [ib_core]
rdma_counter_bind_qpn_alloc+0x216/0x4e0 [ib_core]
nldev_stat_set_doit+0x8c2/0xb10 [ib_core]
rdma_nl_rcv_msg+0x3d2/0x730 [ib_core]
rdma_nl_rcv+0x2a8/0x400 [ib_core]
netlink_unicast+0x448/0x620
netlink_sendmsg+0x731/0xd10
sock_sendmsg+0xb1/0xf0
__sys_sendto+0x25d/0x2c0
__x64_sys_sendto+0xdd/0x1b0
do_syscall_64+0x95/0x490
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Fixes: 18d422ce8ccf ("IB/mlx5: Add counter_alloc_stats() and counter_update_stats() support")
Link: https://lore.kernel.org/r/20200305124052.196688-1-leon@kernel.org
Signed-off-by: Mark Zhang <markz@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/mlx5/main.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/infiniband/hw/mlx5/main.c
+++ b/drivers/infiniband/hw/mlx5/main.c
@@ -5666,9 +5666,10 @@ mlx5_ib_counter_alloc_stats(struct rdma_
const struct mlx5_ib_counters *cnts =
get_counters(dev, counter->port - 1);
- /* Q counters are in the beginning of all counters */
return rdma_alloc_hw_stats_struct(cnts->names,
- cnts->num_q_counters,
+ cnts->num_q_counters +
+ cnts->num_cong_counters +
+ cnts->num_ext_ppcnt_counters,
RDMA_HW_STATS_DEFAULT_LIFESPAN);
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 125/170] RDMA/mlx5: Fix access to wrong pointer while performing flush due to error
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 124/170] RDMA/mlx5: Fix the number of hwcounters of a dynamic counter Greg Kroah-Hartman
@ 2020-03-31 8:58 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 126/170] RDMA/mlx5: Block delay drop to unprivileged users Greg Kroah-Hartman
` (44 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Leon Romanovsky, Jason Gunthorpe
From: Leon Romanovsky <leonro@mellanox.com>
commit 950bf4f17725556bbc773a5b71e88a6c14c9ff25 upstream.
The main difference between send and receive SW completions is related to
separate treatment of WQ queue. For receive completions, the initial index
to be flushed is stored in "tail", while for send completions, it is in
deleted "last_poll".
CPU: 54 PID: 53405 Comm: kworker/u161:0 Kdump: loaded Tainted: G OE --------- -t - 4.18.0-147.el8.ppc64le #1
Workqueue: ib-comp-unb-wq ib_cq_poll_work [ib_core]
NIP: c000003c7c00a000 LR: c00800000e586af4 CTR: c000003c7c00a000
REGS: c0000036cc9db940 TRAP: 0400 Tainted: G OE --------- -t - (4.18.0-147.el8.ppc64le)
MSR: 9000000010009033 <SF,HV,EE,ME,IR,DR,RI,LE> CR: 24004488 XER: 20040000
CFAR: c00800000e586af0 IRQMASK: 0
GPR00: c00800000e586ab4 c0000036cc9dbbc0 c00800000e5f1a00 c0000037d8433800
GPR04: c000003895a26800 c0000037293f2000 0000000000000201 0000000000000011
GPR08: c000003895a26c80 c000003c7c00a000 0000000000000000 c00800000ed30438
GPR12: c000003c7c00a000 c000003fff684b80 c00000000017c388 c00000396ec4be40
GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR20: c00000000151e498 0000000000000010 c000003895a26848 0000000000000010
GPR24: 0000000000000010 0000000000010000 c000003895a26800 0000000000000000
GPR28: 0000000000000010 c0000037d8433800 c000003895a26c80 c000003895a26800
NIP [c000003c7c00a000] 0xc000003c7c00a000
LR [c00800000e586af4] __ib_process_cq+0xec/0x1b0 [ib_core]
Call Trace:
[c0000036cc9dbbc0] [c00800000e586ab4] __ib_process_cq+0xac/0x1b0 [ib_core] (unreliable)
[c0000036cc9dbc40] [c00800000e586c88] ib_cq_poll_work+0x40/0xb0 [ib_core]
[c0000036cc9dbc70] [c000000000171f44] process_one_work+0x2f4/0x5c0
[c0000036cc9dbd10] [c000000000172a0c] worker_thread+0xcc/0x760
[c0000036cc9dbdc0] [c00000000017c52c] kthread+0x1ac/0x1c0
[c0000036cc9dbe30] [c00000000000b75c] ret_from_kernel_thread+0x5c/0x80
Fixes: 8e3b68830186 ("RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW completion")
Link: https://lore.kernel.org/r/20200318091640.44069-1-leon@kernel.org
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/mlx5/cq.c | 27 +++++++++++++++++++++++++--
drivers/infiniband/hw/mlx5/mlx5_ib.h | 1 +
drivers/infiniband/hw/mlx5/qp.c | 1 +
3 files changed, 27 insertions(+), 2 deletions(-)
--- a/drivers/infiniband/hw/mlx5/cq.c
+++ b/drivers/infiniband/hw/mlx5/cq.c
@@ -330,6 +330,22 @@ static void mlx5_handle_error_cqe(struct
dump_cqe(dev, cqe);
}
+static void handle_atomics(struct mlx5_ib_qp *qp, struct mlx5_cqe64 *cqe64,
+ u16 tail, u16 head)
+{
+ u16 idx;
+
+ do {
+ idx = tail & (qp->sq.wqe_cnt - 1);
+ if (idx == head)
+ break;
+
+ tail = qp->sq.w_list[idx].next;
+ } while (1);
+ tail = qp->sq.w_list[idx].next;
+ qp->sq.last_poll = tail;
+}
+
static void free_cq_buf(struct mlx5_ib_dev *dev, struct mlx5_ib_cq_buf *buf)
{
mlx5_frag_buf_free(dev->mdev, &buf->frag_buf);
@@ -368,7 +384,7 @@ static void get_sig_err_item(struct mlx5
}
static void sw_comp(struct mlx5_ib_qp *qp, int num_entries, struct ib_wc *wc,
- int *npolled, int is_send)
+ int *npolled, bool is_send)
{
struct mlx5_ib_wq *wq;
unsigned int cur;
@@ -383,10 +399,16 @@ static void sw_comp(struct mlx5_ib_qp *q
return;
for (i = 0; i < cur && np < num_entries; i++) {
- wc->wr_id = wq->wrid[wq->tail & (wq->wqe_cnt - 1)];
+ unsigned int idx;
+
+ idx = (is_send) ? wq->last_poll : wq->tail;
+ idx &= (wq->wqe_cnt - 1);
+ wc->wr_id = wq->wrid[idx];
wc->status = IB_WC_WR_FLUSH_ERR;
wc->vendor_err = MLX5_CQE_SYNDROME_WR_FLUSH_ERR;
wq->tail++;
+ if (is_send)
+ wq->last_poll = wq->w_list[idx].next;
np++;
wc->qp = &qp->ibqp;
wc++;
@@ -473,6 +495,7 @@ repoll:
wqe_ctr = be16_to_cpu(cqe64->wqe_counter);
idx = wqe_ctr & (wq->wqe_cnt - 1);
handle_good_req(wc, cqe64, wq, idx);
+ handle_atomics(*cur_qp, cqe64, wq->last_poll, idx);
wc->wr_id = wq->wrid[idx];
wq->tail = wq->wqe_head[idx] + 1;
wc->status = IB_WC_SUCCESS;
--- a/drivers/infiniband/hw/mlx5/mlx5_ib.h
+++ b/drivers/infiniband/hw/mlx5/mlx5_ib.h
@@ -282,6 +282,7 @@ struct mlx5_ib_wq {
unsigned head;
unsigned tail;
u16 cur_post;
+ u16 last_poll;
void *cur_edge;
};
--- a/drivers/infiniband/hw/mlx5/qp.c
+++ b/drivers/infiniband/hw/mlx5/qp.c
@@ -3728,6 +3728,7 @@ static int __mlx5_ib_modify_qp(struct ib
qp->sq.cur_post = 0;
if (qp->sq.wqe_cnt)
qp->sq.cur_edge = get_sq_edge(&qp->sq, 0);
+ qp->sq.last_poll = 0;
qp->db.db[MLX5_RCV_DBR] = 0;
qp->db.db[MLX5_SND_DBR] = 0;
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 126/170] RDMA/mlx5: Block delay drop to unprivileged users
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2020-03-31 8:58 ` [PATCH 5.5 125/170] RDMA/mlx5: Fix access to wrong pointer while performing flush due to error Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 127/170] xfrm: fix uctx len check in verify_sec_ctx_len Greg Kroah-Hartman
` (43 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maor Gottlieb, Leon Romanovsky,
Jason Gunthorpe
From: Maor Gottlieb <maorg@mellanox.com>
commit ba80013fba656b9830ef45cd40a6a1e44707f47a upstream.
It has been discovered that this feature can globally block the RX port,
so it should be allowed for highly privileged users only.
Fixes: 03404e8ae652("IB/mlx5: Add support to dropless RQ")
Link: https://lore.kernel.org/r/20200322124906.1173790-1-leon@kernel.org
Signed-off-by: Maor Gottlieb <maorg@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/mlx5/qp.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/infiniband/hw/mlx5/qp.c
+++ b/drivers/infiniband/hw/mlx5/qp.c
@@ -6158,6 +6158,10 @@ struct ib_wq *mlx5_ib_create_wq(struct i
if (udata->outlen && udata->outlen < min_resp_len)
return ERR_PTR(-EINVAL);
+ if (!capable(CAP_SYS_RAWIO) &&
+ init_attr->create_flags & IB_WQ_FLAGS_DELAY_DROP)
+ return ERR_PTR(-EPERM);
+
dev = to_mdev(pd->device);
switch (init_attr->wq_type) {
case IB_WQT_RQ:
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 127/170] xfrm: fix uctx len check in verify_sec_ctx_len
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (125 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 126/170] RDMA/mlx5: Block delay drop to unprivileged users Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 128/170] xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire Greg Kroah-Hartman
` (42 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xin Long, Steffen Klassert
From: Xin Long <lucien.xin@gmail.com>
commit 171d449a028573b2f0acdc7f31ecbb045391b320 upstream.
It's not sufficient to do 'uctx->len != (sizeof(struct xfrm_user_sec_ctx) +
uctx->ctx_len)' check only, as uctx->len may be greater than nla_len(rt),
in which case it will cause slab-out-of-bounds when accessing uctx->ctx_str
later.
This patch is to fix it by return -EINVAL when uctx->len > nla_len(rt).
Fixes: df71837d5024 ("[LSM-IPSec]: Security association restriction.")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/xfrm/xfrm_user.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -110,7 +110,8 @@ static inline int verify_sec_ctx_len(str
return 0;
uctx = nla_data(rt);
- if (uctx->len != (sizeof(struct xfrm_user_sec_ctx) + uctx->ctx_len))
+ if (uctx->len > nla_len(rt) ||
+ uctx->len != (sizeof(struct xfrm_user_sec_ctx) + uctx->ctx_len))
return -EINVAL;
return 0;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 128/170] xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 127/170] xfrm: fix uctx len check in verify_sec_ctx_len Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 129/170] xfrm: policy: Fix doulbe free in xfrm_policy_timer Greg Kroah-Hartman
` (41 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hangbin Liu, Xin Long, Steffen Klassert
From: Xin Long <lucien.xin@gmail.com>
commit a1a7e3a36e01ca6e67014f8cf673cb8e47be5550 upstream.
Without doing verify_sec_ctx_len() check in xfrm_add_acquire(), it may be
out-of-bounds to access uctx->ctx_str with uctx->ctx_len, as noticed by
syz:
BUG: KASAN: slab-out-of-bounds in selinux_xfrm_alloc_user+0x237/0x430
Read of size 768 at addr ffff8880123be9b4 by task syz-executor.1/11650
Call Trace:
dump_stack+0xe8/0x16e
print_address_description.cold.3+0x9/0x23b
kasan_report.cold.4+0x64/0x95
memcpy+0x1f/0x50
selinux_xfrm_alloc_user+0x237/0x430
security_xfrm_policy_alloc+0x5c/0xb0
xfrm_policy_construct+0x2b1/0x650
xfrm_add_acquire+0x21d/0xa10
xfrm_user_rcv_msg+0x431/0x6f0
netlink_rcv_skb+0x15a/0x410
xfrm_netlink_rcv+0x6d/0x90
netlink_unicast+0x50e/0x6a0
netlink_sendmsg+0x8ae/0xd40
sock_sendmsg+0x133/0x170
___sys_sendmsg+0x834/0x9a0
__sys_sendmsg+0x100/0x1e0
do_syscall_64+0xe5/0x660
entry_SYSCALL_64_after_hwframe+0x6a/0xdf
So fix it by adding the missing verify_sec_ctx_len check there.
Fixes: 980ebd25794f ("[IPSEC]: Sync series - acquire insert")
Reported-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/xfrm/xfrm_user.c | 3 +++
1 file changed, 3 insertions(+)
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2276,6 +2276,9 @@ static int xfrm_add_acquire(struct sk_bu
err = verify_newpolicy_info(&ua->policy);
if (err)
goto free_state;
+ err = verify_sec_ctx_len(attrs);
+ if (err)
+ goto free_state;
/* build an XP */
xp = xfrm_policy_construct(net, &ua->policy, attrs, &err);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 129/170] xfrm: policy: Fix doulbe free in xfrm_policy_timer
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 128/170] xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 130/170] afs: Fix client call Rx-phase signal handling Greg Kroah-Hartman
` (40 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, YueHaibing, Timo Teräs,
Herbert Xu, Steffen Klassert
From: YueHaibing <yuehaibing@huawei.com>
commit 4c59406ed00379c8663f8663d82b2537467ce9d7 upstream.
After xfrm_add_policy add a policy, its ref is 2, then
xfrm_policy_timer
read_lock
xp->walk.dead is 0
....
mod_timer()
xfrm_policy_kill
policy->walk.dead = 1
....
del_timer(&policy->timer)
xfrm_pol_put //ref is 1
xfrm_pol_put //ref is 0
xfrm_policy_destroy
call_rcu
xfrm_pol_hold //ref is 1
read_unlock
xfrm_pol_put //ref is 0
xfrm_policy_destroy
call_rcu
xfrm_policy_destroy is called twice, which may leads to
double free.
Call Trace:
RIP: 0010:refcount_warn_saturate+0x161/0x210
...
xfrm_policy_timer+0x522/0x600
call_timer_fn+0x1b3/0x5e0
? __xfrm_decode_session+0x2990/0x2990
? msleep+0xb0/0xb0
? _raw_spin_unlock_irq+0x24/0x40
? __xfrm_decode_session+0x2990/0x2990
? __xfrm_decode_session+0x2990/0x2990
run_timer_softirq+0x5c5/0x10e0
Fix this by use write_lock_bh in xfrm_policy_kill.
Fixes: ea2dea9dacc2 ("xfrm: remove policy lock when accessing policy->walk.dead")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Acked-by: Timo Teräs <timo.teras@iki.fi>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/xfrm/xfrm_policy.c | 2 ++
1 file changed, 2 insertions(+)
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -431,7 +431,9 @@ EXPORT_SYMBOL(xfrm_policy_destroy);
static void xfrm_policy_kill(struct xfrm_policy *policy)
{
+ write_lock_bh(&policy->lock);
policy->walk.dead = 1;
+ write_unlock_bh(&policy->lock);
atomic_inc(&policy->genid);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 130/170] afs: Fix client call Rx-phase signal handling
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 129/170] xfrm: policy: Fix doulbe free in xfrm_policy_timer Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 131/170] afs: Fix some tracing details Greg Kroah-Hartman
` (39 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, David Howells
From: David Howells <dhowells@redhat.com>
commit 7d7587db0d7fd1138f2afcffdc46a8e15630b944 upstream.
Fix the handling of signals in client rxrpc calls made by the afs
filesystem. Ignore signals completely, leaving call abandonment or
connection loss to be detected by timeouts inside AF_RXRPC.
Allowing a filesystem call to be interrupted after the entire request has
been transmitted and an abort sent means that the server may or may not
have done the action - and we don't know. It may even be worse than that
for older servers.
Fixes: bc5e3a546d55 ("rxrpc: Use MSG_WAITALL to tell sendmsg() to temporarily ignore signals")
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/afs/rxrpc.c | 34 ++--------------------------------
include/net/af_rxrpc.h | 4 +---
net/rxrpc/af_rxrpc.c | 33 +++------------------------------
net/rxrpc/ar-internal.h | 1 -
net/rxrpc/input.c | 1 -
5 files changed, 6 insertions(+), 67 deletions(-)
--- a/fs/afs/rxrpc.c
+++ b/fs/afs/rxrpc.c
@@ -603,11 +603,7 @@ call_complete:
long afs_wait_for_call_to_complete(struct afs_call *call,
struct afs_addr_cursor *ac)
{
- signed long rtt2, timeout;
long ret;
- bool stalled = false;
- u64 rtt;
- u32 life, last_life;
bool rxrpc_complete = false;
DECLARE_WAITQUEUE(myself, current);
@@ -618,14 +614,6 @@ long afs_wait_for_call_to_complete(struc
if (ret < 0)
goto out;
- rtt = rxrpc_kernel_get_rtt(call->net->socket, call->rxcall);
- rtt2 = nsecs_to_jiffies64(rtt) * 2;
- if (rtt2 < 2)
- rtt2 = 2;
-
- timeout = rtt2;
- rxrpc_kernel_check_life(call->net->socket, call->rxcall, &last_life);
-
add_wait_queue(&call->waitq, &myself);
for (;;) {
set_current_state(TASK_UNINTERRUPTIBLE);
@@ -636,37 +624,19 @@ long afs_wait_for_call_to_complete(struc
call->need_attention = false;
__set_current_state(TASK_RUNNING);
afs_deliver_to_call(call);
- timeout = rtt2;
continue;
}
if (afs_check_call_state(call, AFS_CALL_COMPLETE))
break;
- if (!rxrpc_kernel_check_life(call->net->socket, call->rxcall, &life)) {
+ if (!rxrpc_kernel_check_life(call->net->socket, call->rxcall)) {
/* rxrpc terminated the call. */
rxrpc_complete = true;
break;
}
- if (call->intr && timeout == 0 &&
- life == last_life && signal_pending(current)) {
- if (stalled)
- break;
- __set_current_state(TASK_RUNNING);
- rxrpc_kernel_probe_life(call->net->socket, call->rxcall);
- timeout = rtt2;
- stalled = true;
- continue;
- }
-
- if (life != last_life) {
- timeout = rtt2;
- last_life = life;
- stalled = false;
- }
-
- timeout = schedule_timeout(timeout);
+ schedule();
}
remove_wait_queue(&call->waitq, &myself);
--- a/include/net/af_rxrpc.h
+++ b/include/net/af_rxrpc.h
@@ -58,9 +58,7 @@ int rxrpc_kernel_charge_accept(struct so
rxrpc_user_attach_call_t, unsigned long, gfp_t,
unsigned int);
void rxrpc_kernel_set_tx_length(struct socket *, struct rxrpc_call *, s64);
-bool rxrpc_kernel_check_life(const struct socket *, const struct rxrpc_call *,
- u32 *);
-void rxrpc_kernel_probe_life(struct socket *, struct rxrpc_call *);
+bool rxrpc_kernel_check_life(const struct socket *, const struct rxrpc_call *);
u32 rxrpc_kernel_get_epoch(struct socket *, struct rxrpc_call *);
bool rxrpc_kernel_get_reply_time(struct socket *, struct rxrpc_call *,
ktime_t *);
--- a/net/rxrpc/af_rxrpc.c
+++ b/net/rxrpc/af_rxrpc.c
@@ -371,45 +371,18 @@ EXPORT_SYMBOL(rxrpc_kernel_end_call);
* rxrpc_kernel_check_life - Check to see whether a call is still alive
* @sock: The socket the call is on
* @call: The call to check
- * @_life: Where to store the life value
*
- * Allow a kernel service to find out whether a call is still alive - ie. we're
- * getting ACKs from the server. Passes back in *_life a number representing
- * the life state which can be compared to that returned by a previous call and
- * return true if the call is still alive.
- *
- * If the life state stalls, rxrpc_kernel_probe_life() should be called and
- * then 2RTT waited.
+ * Allow a kernel service to find out whether a call is still alive -
+ * ie. whether it has completed.
*/
bool rxrpc_kernel_check_life(const struct socket *sock,
- const struct rxrpc_call *call,
- u32 *_life)
+ const struct rxrpc_call *call)
{
- *_life = call->acks_latest;
return call->state != RXRPC_CALL_COMPLETE;
}
EXPORT_SYMBOL(rxrpc_kernel_check_life);
/**
- * rxrpc_kernel_probe_life - Poke the peer to see if it's still alive
- * @sock: The socket the call is on
- * @call: The call to check
- *
- * In conjunction with rxrpc_kernel_check_life(), allow a kernel service to
- * find out whether a call is still alive by pinging it. This should cause the
- * life state to be bumped in about 2*RTT.
- *
- * The must be called in TASK_RUNNING state on pain of might_sleep() objecting.
- */
-void rxrpc_kernel_probe_life(struct socket *sock, struct rxrpc_call *call)
-{
- rxrpc_propose_ACK(call, RXRPC_ACK_PING, 0, true, false,
- rxrpc_propose_ack_ping_for_check_life);
- rxrpc_send_ack_packet(call, true, NULL);
-}
-EXPORT_SYMBOL(rxrpc_kernel_probe_life);
-
-/**
* rxrpc_kernel_get_epoch - Retrieve the epoch value from a call.
* @sock: The socket the call is on
* @call: The call to query
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -675,7 +675,6 @@ struct rxrpc_call {
/* transmission-phase ACK management */
ktime_t acks_latest_ts; /* Timestamp of latest ACK received */
- rxrpc_serial_t acks_latest; /* serial number of latest ACK received */
rxrpc_seq_t acks_lowest_nak; /* Lowest NACK in the buffer (or ==tx_hard_ack) */
rxrpc_seq_t acks_lost_top; /* tx_top at the time lost-ack ping sent */
rxrpc_serial_t acks_lost_ping; /* Serial number of probe ACK */
--- a/net/rxrpc/input.c
+++ b/net/rxrpc/input.c
@@ -882,7 +882,6 @@ static void rxrpc_input_ack(struct rxrpc
before(prev_pkt, call->ackr_prev_seq))
goto out;
call->acks_latest_ts = skb->tstamp;
- call->acks_latest = sp->hdr.serial;
call->ackr_first_seq = first_soft_ack;
call->ackr_prev_seq = prev_pkt;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 131/170] afs: Fix some tracing details
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 130/170] afs: Fix client call Rx-phase signal handling Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 132/170] afs: Fix unpinned address list during probing Greg Kroah-Hartman
` (38 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, David Howells
From: David Howells <dhowells@redhat.com>
commit 4636cf184d6d9a92a56c2554681ea520dd4fe49a upstream.
Fix a couple of tracelines to indicate the usage count after the atomic op,
not the usage count before it to be consistent with other afs and rxrpc
trace lines.
Change the wording of the afs_call_trace_work trace ID label from "WORK" to
"QUEUE" to reflect the fact that it's queueing work, not doing work.
Fixes: 341f741f04be ("afs: Refcount the afs_call struct")
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/afs/rxrpc.c | 4 ++--
include/trace/events/afs.h | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
--- a/fs/afs/rxrpc.c
+++ b/fs/afs/rxrpc.c
@@ -168,7 +168,7 @@ void afs_put_call(struct afs_call *call)
int n = atomic_dec_return(&call->usage);
int o = atomic_read(&net->nr_outstanding_calls);
- trace_afs_call(call, afs_call_trace_put, n + 1, o,
+ trace_afs_call(call, afs_call_trace_put, n, o,
__builtin_return_address(0));
ASSERTCMP(n, >=, 0);
@@ -704,7 +704,7 @@ static void afs_wake_up_async_call(struc
u = atomic_fetch_add_unless(&call->usage, 1, 0);
if (u != 0) {
- trace_afs_call(call, afs_call_trace_wake, u,
+ trace_afs_call(call, afs_call_trace_wake, u + 1,
atomic_read(&call->net->nr_outstanding_calls),
__builtin_return_address(0));
--- a/include/trace/events/afs.h
+++ b/include/trace/events/afs.h
@@ -233,7 +233,7 @@ enum afs_cb_break_reason {
EM(afs_call_trace_get, "GET ") \
EM(afs_call_trace_put, "PUT ") \
EM(afs_call_trace_wake, "WAKE ") \
- E_(afs_call_trace_work, "WORK ")
+ E_(afs_call_trace_work, "QUEUE")
#define afs_server_traces \
EM(afs_server_trace_alloc, "ALLOC ") \
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 132/170] afs: Fix unpinned address list during probing
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (130 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 131/170] afs: Fix some tracing details Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 133/170] ieee80211: fix HE SPR size calculation Greg Kroah-Hartman
` (37 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Howells, Marc Dionne, Linus Torvalds
From: David Howells <dhowells@redhat.com>
commit 9efcc4a129363187c9bf15338692f107c5c9b6f0 upstream.
When it's probing all of a fileserver's interfaces to find which one is
best to use, afs_do_probe_fileserver() takes a lock on the server record
and notes the pointer to the address list.
It doesn't, however, pin the address list, so as soon as it drops the
lock, there's nothing to stop the address list from being freed under
us.
Fix this by taking a ref on the address list inside the locked section
and dropping it at the end of the function.
Fixes: 3bf0fb6f33dd ("afs: Probe multiple fileservers simultaneously")
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/afs/fs_probe.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/afs/fs_probe.c
+++ b/fs/afs/fs_probe.c
@@ -145,6 +145,7 @@ static int afs_do_probe_fileserver(struc
read_lock(&server->fs_lock);
ac.alist = rcu_dereference_protected(server->addresses,
lockdep_is_held(&server->fs_lock));
+ afs_get_addrlist(ac.alist);
read_unlock(&server->fs_lock);
atomic_set(&server->probe_outstanding, ac.alist->nr_addrs);
@@ -163,6 +164,7 @@ static int afs_do_probe_fileserver(struc
if (!in_progress)
afs_fs_probe_done(server);
+ afs_put_addrlist(ac.alist);
return in_progress;
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 133/170] ieee80211: fix HE SPR size calculation
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 132/170] afs: Fix unpinned address list during probing Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 134/170] mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX Greg Kroah-Hartman
` (36 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johannes Berg
From: Johannes Berg <johannes.berg@intel.com>
commit 575a97acc3b7446094b0dcaf6285c7c6934c2477 upstream.
The he_sr_control field is just a u8, so le32_to_cpu()
shouldn't be applied to it; this was evidently copied
from ieee80211_he_oper_size(). Fix it, and also adjust
the type of the local variable.
Fixes: ef11a931bd1c ("mac80211: HE: add Spatial Reuse element parsing support")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20200325090918.dfe483b49e06.Ia53622f23b2610a2ae6ea39a199866196fe946c1@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/ieee80211.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -2102,14 +2102,14 @@ ieee80211_he_spr_size(const u8 *he_spr_i
{
struct ieee80211_he_spr *he_spr = (void *)he_spr_ie;
u8 spr_len = sizeof(struct ieee80211_he_spr);
- u32 he_spr_params;
+ u8 he_spr_params;
/* Make sure the input is not NULL */
if (!he_spr_ie)
return 0;
/* Calc required length */
- he_spr_params = le32_to_cpu(he_spr->he_sr_control);
+ he_spr_params = he_spr->he_sr_control;
if (he_spr_params & IEEE80211_HE_SPR_NON_SRG_OFFSET_PRESENT)
spr_len++;
if (he_spr_params & IEEE80211_HE_SPR_SRG_INFORMATION_PRESENT)
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 134/170] mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 133/170] ieee80211: fix HE SPR size calculation Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 135/170] netfilter: flowtable: reload ip{v6}h in nf_flow_tuple_ip{v6} Greg Kroah-Hartman
` (35 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johannes Berg
From: Johannes Berg <johannes.berg@intel.com>
commit b95d2ccd2ccb834394d50347d0e40dc38a954e4a upstream.
When a frame is transmitted via the nl80211 TX rather than as a
normal frame, IEEE80211_TX_CTRL_PORT_CTRL_PROTO wasn't set and
this will lead to wrong decisions (rate control etc.) being made
about the frame; fix this.
Fixes: 911806491425 ("mac80211: Add support for tx_control_port")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20200326155333.f183f52b02f0.I4054e2a8c11c2ddcb795a0103c87be3538690243@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/tx.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -5,7 +5,7 @@
* Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
* Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
* Copyright 2013-2014 Intel Mobile Communications GmbH
- * Copyright (C) 2018 Intel Corporation
+ * Copyright (C) 2018, 2020 Intel Corporation
*
* Transmit and frame generation functions.
*/
@@ -5135,6 +5135,7 @@ int ieee80211_tx_control_port(struct wip
struct ieee80211_local *local = sdata->local;
struct sk_buff *skb;
struct ethhdr *ehdr;
+ u32 ctrl_flags = 0;
u32 flags;
/* Only accept CONTROL_PORT_PROTOCOL configured in CONNECT/ASSOCIATE
@@ -5144,6 +5145,9 @@ int ieee80211_tx_control_port(struct wip
proto != cpu_to_be16(ETH_P_PREAUTH))
return -EINVAL;
+ if (proto == sdata->control_port_protocol)
+ ctrl_flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO;
+
if (unencrypted)
flags = IEEE80211_TX_INTFL_DONT_ENCRYPT;
else
@@ -5169,7 +5173,7 @@ int ieee80211_tx_control_port(struct wip
skb_reset_mac_header(skb);
local_bh_disable();
- __ieee80211_subif_start_xmit(skb, skb->dev, flags, 0);
+ __ieee80211_subif_start_xmit(skb, skb->dev, flags, ctrl_flags);
local_bh_enable();
return 0;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 135/170] netfilter: flowtable: reload ip{v6}h in nf_flow_tuple_ip{v6}
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 134/170] mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 136/170] netfilter: flowtable: populate addr_type mask Greg Kroah-Hartman
` (34 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Haishuang Yan, Pablo Neira Ayuso
From: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
commit 41e9ec5a54f95eee1a57c8d26ab70e0492548c1b upstream.
Since pskb_may_pull may change skb->data, so we need to reload ip{v6}h at
the right place.
Fixes: a908fdec3dda ("netfilter: nf_flow_table: move ipv6 offload hook code to nf_flow_table")
Fixes: 7d2086871762 ("netfilter: nf_flow_table: move ipv4 offload hook code to nf_flow_table")
Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_flow_table_ip.c | 2 ++
1 file changed, 2 insertions(+)
--- a/net/netfilter/nf_flow_table_ip.c
+++ b/net/netfilter/nf_flow_table_ip.c
@@ -189,6 +189,7 @@ static int nf_flow_tuple_ip(struct sk_bu
if (!pskb_may_pull(skb, thoff + sizeof(*ports)))
return -1;
+ iph = ip_hdr(skb);
ports = (struct flow_ports *)(skb_network_header(skb) + thoff);
tuple->src_v4.s_addr = iph->saddr;
@@ -449,6 +450,7 @@ static int nf_flow_tuple_ipv6(struct sk_
if (!pskb_may_pull(skb, thoff + sizeof(*ports)))
return -1;
+ ip6h = ipv6_hdr(skb);
ports = (struct flow_ports *)(skb_network_header(skb) + thoff);
tuple->src_v6 = ip6h->saddr;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 136/170] netfilter: flowtable: populate addr_type mask
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 135/170] netfilter: flowtable: reload ip{v6}h in nf_flow_tuple_ip{v6} Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 137/170] netfilter: nft_fwd_netdev: validate family and chain type Greg Kroah-Hartman
` (33 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Edward Cree, Pablo Neira Ayuso
From: Edward Cree <ecree@solarflare.com>
commit 15ff197237e76c4dab06b7b518afaa4ebb1c43e0 upstream.
nf_flow_rule_match() sets control.addr_type in key, so needs to also set
the corresponding mask. An exact match is wanted, so mask is all ones.
Fixes: c29f74e0df7a ("netfilter: nf_flow_table: hardware offload support")
Signed-off-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_flow_table_offload.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -87,6 +87,7 @@ static int nf_flow_rule_match(struct nf_
default:
return -EOPNOTSUPP;
}
+ mask->control.addr_type = 0xffff;
match->dissector.used_keys |= BIT(key->control.addr_type);
mask->basic.n_proto = 0xffff;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 137/170] netfilter: nft_fwd_netdev: validate family and chain type
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 136/170] netfilter: flowtable: populate addr_type mask Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 138/170] netfilter: nft_fwd_netdev: allow to redirect to ifb via ingress Greg Kroah-Hartman
` (32 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pablo Neira Ayuso
From: Pablo Neira Ayuso <pablo@netfilter.org>
commit 76a109fac206e158eb3c967af98c178cff738e6a upstream.
Make sure the forward action is only used from ingress.
Fixes: 39e6dea28adc ("netfilter: nf_tables: add forward expression to the netdev family")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nft_fwd_netdev.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/net/netfilter/nft_fwd_netdev.c
+++ b/net/netfilter/nft_fwd_netdev.c
@@ -190,6 +190,13 @@ nla_put_failure:
return -1;
}
+static int nft_fwd_validate(const struct nft_ctx *ctx,
+ const struct nft_expr *expr,
+ const struct nft_data **data)
+{
+ return nft_chain_validate_hooks(ctx->chain, (1 << NF_NETDEV_INGRESS));
+}
+
static struct nft_expr_type nft_fwd_netdev_type;
static const struct nft_expr_ops nft_fwd_neigh_netdev_ops = {
.type = &nft_fwd_netdev_type,
@@ -197,6 +204,7 @@ static const struct nft_expr_ops nft_fwd
.eval = nft_fwd_neigh_eval,
.init = nft_fwd_neigh_init,
.dump = nft_fwd_neigh_dump,
+ .validate = nft_fwd_validate,
};
static const struct nft_expr_ops nft_fwd_netdev_ops = {
@@ -205,6 +213,7 @@ static const struct nft_expr_ops nft_fwd
.eval = nft_fwd_netdev_eval,
.init = nft_fwd_netdev_init,
.dump = nft_fwd_netdev_dump,
+ .validate = nft_fwd_validate,
.offload = nft_fwd_netdev_offload,
};
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 138/170] netfilter: nft_fwd_netdev: allow to redirect to ifb via ingress
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 137/170] netfilter: nft_fwd_netdev: validate family and chain type Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 10:16 ` Pablo Neira Ayuso
2020-03-31 8:59 ` [PATCH 5.5 139/170] i2c: nvidia-gpu: Handle timeout correctly in gpu_i2c_check_status() Greg Kroah-Hartman
` (31 subsequent siblings)
169 siblings, 1 reply; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pablo Neira Ayuso
From: Pablo Neira Ayuso <pablo@netfilter.org>
commit bcfabee1afd99484b6ba067361b8678e28bbc065 upstream.
Set skb->tc_redirected to 1, otherwise the ifb driver drops the packet.
Set skb->tc_from_ingress to 1 to reinject the packet back to the ingress
path after leaving the ifb egress path.
This patch inconditionally sets on these two skb fields that are
meaningful to the ifb driver. The existing forward action is guaranteed
to run from ingress path.
Fixes: 39e6dea28adc ("netfilter: nf_tables: add forward expression to the netdev family")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nft_fwd_netdev.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/net/netfilter/nft_fwd_netdev.c
+++ b/net/netfilter/nft_fwd_netdev.c
@@ -28,6 +28,10 @@ static void nft_fwd_netdev_eval(const st
struct nft_fwd_netdev *priv = nft_expr_priv(expr);
int oif = regs->data[priv->sreg_dev];
+ /* These are used by ifb only. */
+ pkt->skb->tc_redirected = 1;
+ pkt->skb->tc_from_ingress = 1;
+
nf_fwd_netdev_egress(pkt, oif);
regs->verdict.code = NF_STOLEN;
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 139/170] i2c: nvidia-gpu: Handle timeout correctly in gpu_i2c_check_status()
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 138/170] netfilter: nft_fwd_netdev: allow to redirect to ifb via ingress Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 140/170] bpf, x32: Fix bug with JMP32 JSET BPF_X checking upper bits Greg Kroah-Hartman
` (30 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Kai-Heng Feng,
Ajay Gupta, Wolfram Sang
From: Kai-Heng Feng <kai.heng.feng@canonical.com>
commit d944b27df121e2ee854a6c2fad13d6c6300792d4 upstream.
Nvidia card may come with a "phantom" UCSI device, and its driver gets
stuck in probe routine, prevents any system PM operations like suspend.
There's an unaccounted case that the target time can equal to jiffies in
gpu_i2c_check_status(), let's solve that by using readl_poll_timeout()
instead of jiffies comparison functions.
Fixes: c71bcdcb42a7 ("i2c: add i2c bus driver for NVIDIA GPU")
Suggested-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Ajay Gupta <ajayg@nvidia.com>
Tested-by: Ajay Gupta <ajayg@nvidia.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/i2c/busses/i2c-nvidia-gpu.c | 18 +++++++-----------
1 file changed, 7 insertions(+), 11 deletions(-)
--- a/drivers/i2c/busses/i2c-nvidia-gpu.c
+++ b/drivers/i2c/busses/i2c-nvidia-gpu.c
@@ -8,6 +8,7 @@
#include <linux/delay.h>
#include <linux/i2c.h>
#include <linux/interrupt.h>
+#include <linux/iopoll.h>
#include <linux/module.h>
#include <linux/pci.h>
#include <linux/platform_device.h>
@@ -75,20 +76,15 @@ static void gpu_enable_i2c_bus(struct gp
static int gpu_i2c_check_status(struct gpu_i2c_dev *i2cd)
{
- unsigned long target = jiffies + msecs_to_jiffies(1000);
u32 val;
+ int ret;
- do {
- val = readl(i2cd->regs + I2C_MST_CNTL);
- if (!(val & I2C_MST_CNTL_CYCLE_TRIGGER))
- break;
- if ((val & I2C_MST_CNTL_STATUS) !=
- I2C_MST_CNTL_STATUS_BUS_BUSY)
- break;
- usleep_range(500, 600);
- } while (time_is_after_jiffies(target));
+ ret = readl_poll_timeout(i2cd->regs + I2C_MST_CNTL, val,
+ !(val & I2C_MST_CNTL_CYCLE_TRIGGER) ||
+ (val & I2C_MST_CNTL_STATUS) != I2C_MST_CNTL_STATUS_BUS_BUSY,
+ 500, 1000 * USEC_PER_MSEC);
- if (time_is_before_jiffies(target)) {
+ if (ret) {
dev_err(i2cd->dev, "i2c timeout error %x\n", val);
return -ETIMEDOUT;
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 140/170] bpf, x32: Fix bug with JMP32 JSET BPF_X checking upper bits
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 139/170] i2c: nvidia-gpu: Handle timeout correctly in gpu_i2c_check_status() Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 141/170] bpf: Initialize storage pointers to NULL to prevent freeing garbage pointer Greg Kroah-Hartman
` (29 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xi Wang, Luke Nelson, Daniel Borkmann
From: Luke Nelson <lukenels@cs.washington.edu>
commit 80f1f85036355e5581ec0b99913410345ad3491b upstream.
The current x32 BPF JIT is incorrect for JMP32 JSET BPF_X when the upper
32 bits of operand registers are non-zero in certain situations.
The problem is in the following code:
case BPF_JMP | BPF_JSET | BPF_X:
case BPF_JMP32 | BPF_JSET | BPF_X:
...
/* and dreg_lo,sreg_lo */
EMIT2(0x23, add_2reg(0xC0, sreg_lo, dreg_lo));
/* and dreg_hi,sreg_hi */
EMIT2(0x23, add_2reg(0xC0, sreg_hi, dreg_hi));
/* or dreg_lo,dreg_hi */
EMIT2(0x09, add_2reg(0xC0, dreg_lo, dreg_hi));
This code checks the upper bits of the operand registers regardless if
the BPF instruction is BPF_JMP32 or BPF_JMP64. Registers dreg_hi and
dreg_lo are not loaded from the stack for BPF_JMP32, however, they can
still be polluted with values from previous instructions.
The following BPF program demonstrates the bug. The jset64 instruction
loads the temporary registers and performs the jump, since ((u64)r7 &
(u64)r8) is non-zero. The jset32 should _not_ be taken, as the lower
32 bits are all zero, however, the current JIT will take the branch due
the pollution of temporary registers from the earlier jset64.
mov64 r0, 0
ld64 r7, 0x8000000000000000
ld64 r8, 0x8000000000000000
jset64 r7, r8, 1
exit
jset32 r7, r8, 1
mov64 r0, 2
exit
The expected return value of this program is 2; under the buggy x32 JIT
it returns 0. The fix is to skip using the upper 32 bits for jset32 and
compare the upper 32 bits for jset64 only.
All tests in test_bpf.ko and selftests/bpf/test_verifier continue to
pass with this change.
We found this bug using our automated verification tool, Serval.
Fixes: 69f827eb6e14 ("x32: bpf: implement jitting of JMP32")
Co-developed-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Luke Nelson <luke.r.nels@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20200305234416.31597-1-luke.r.nels@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/net/bpf_jit_comp32.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/arch/x86/net/bpf_jit_comp32.c
+++ b/arch/x86/net/bpf_jit_comp32.c
@@ -2039,10 +2039,12 @@ static int do_jit(struct bpf_prog *bpf_p
}
/* and dreg_lo,sreg_lo */
EMIT2(0x23, add_2reg(0xC0, sreg_lo, dreg_lo));
- /* and dreg_hi,sreg_hi */
- EMIT2(0x23, add_2reg(0xC0, sreg_hi, dreg_hi));
- /* or dreg_lo,dreg_hi */
- EMIT2(0x09, add_2reg(0xC0, dreg_lo, dreg_hi));
+ if (is_jmp64) {
+ /* and dreg_hi,sreg_hi */
+ EMIT2(0x23, add_2reg(0xC0, sreg_hi, dreg_hi));
+ /* or dreg_lo,dreg_hi */
+ EMIT2(0x09, add_2reg(0xC0, dreg_lo, dreg_hi));
+ }
goto emit_cond_jmp;
}
case BPF_JMP | BPF_JSET | BPF_K:
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 141/170] bpf: Initialize storage pointers to NULL to prevent freeing garbage pointer
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 140/170] bpf, x32: Fix bug with JMP32 JSET BPF_X checking upper bits Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 142/170] bpf/btf: Fix BTF verification of enum members in struct/union Greg Kroah-Hartman
` (28 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrii Nakryiko, Alexei Starovoitov
From: Andrii Nakryiko <andriin@fb.com>
commit 62039c30c19dcab96621e074aeeb90da7100def7 upstream.
Local storage array isn't initialized, so if cgroup storage allocation fails
for BPF_CGROUP_STORAGE_SHARED, error handling code will attempt to free
uninitialized pointer for BPF_CGROUP_STORAGE_PERCPU storage type. Avoid this
by always initializing storage pointers to NULLs.
Fixes: 8bad74f9840f ("bpf: extend cgroup bpf core to allow multiple cgroup storage types")
Signed-off-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20200309222756.1018737-1-andriin@fb.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/bpf/cgroup.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/kernel/bpf/cgroup.c
+++ b/kernel/bpf/cgroup.c
@@ -303,8 +303,8 @@ int __cgroup_bpf_attach(struct cgroup *c
{
struct list_head *progs = &cgrp->bpf.progs[type];
struct bpf_prog *old_prog = NULL;
- struct bpf_cgroup_storage *storage[MAX_BPF_CGROUP_STORAGE_TYPE],
- *old_storage[MAX_BPF_CGROUP_STORAGE_TYPE] = {NULL};
+ struct bpf_cgroup_storage *storage[MAX_BPF_CGROUP_STORAGE_TYPE] = {};
+ struct bpf_cgroup_storage *old_storage[MAX_BPF_CGROUP_STORAGE_TYPE] = {};
enum bpf_cgroup_storage_type stype;
struct bpf_prog_list *pl;
bool pl_was_allocated;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 142/170] bpf/btf: Fix BTF verification of enum members in struct/union
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 141/170] bpf: Initialize storage pointers to NULL to prevent freeing garbage pointer Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 143/170] bpf, sockmap: Remove bucket->lock from sock_{hash|map}_free Greg Kroah-Hartman
` (27 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yoshiki Komachi, Alexei Starovoitov
From: Yoshiki Komachi <komachi.yoshiki@gmail.com>
commit da6c7faeb103c493e505e87643272f70be586635 upstream.
btf_enum_check_member() was currently sure to recognize the size of
"enum" type members in struct/union as the size of "int" even if
its size was packed.
This patch fixes BTF enum verification to use the correct size
of member in BPF programs.
Fixes: 179cde8cef7e ("bpf: btf: Check members of struct/union")
Signed-off-by: Yoshiki Komachi <komachi.yoshiki@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/1583825550-18606-2-git-send-email-komachi.yoshiki@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/bpf/btf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -2383,7 +2383,7 @@ static int btf_enum_check_member(struct
struct_size = struct_type->size;
bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
- if (struct_size - bytes_offset < sizeof(int)) {
+ if (struct_size - bytes_offset < member_type->size) {
btf_verifier_log_member(env, struct_type, member,
"Member exceeds struct_size");
return -EINVAL;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 143/170] bpf, sockmap: Remove bucket->lock from sock_{hash|map}_free
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 142/170] bpf/btf: Fix BTF verification of enum members in struct/union Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 144/170] ARM: dts: sun8i-a83t-tbs-a711: Fix USB OTG mode detection Greg Kroah-Hartman
` (26 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jakub Sitnicki, John Fastabend,
Daniel Borkmann
From: John Fastabend <john.fastabend@gmail.com>
commit 90db6d772f749e38171d04619a5e3cd8804a6d02 upstream.
The bucket->lock is not needed in the sock_hash_free and sock_map_free
calls, in fact it is causing a splat due to being inside rcu block.
| BUG: sleeping function called from invalid context at net/core/sock.c:2935
| in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 62, name: kworker/0:1
| 3 locks held by kworker/0:1/62:
| #0: ffff88813b019748 ((wq_completion)events){+.+.}, at: process_one_work+0x1d7/0x5e0
| #1: ffffc900000abe50 ((work_completion)(&map->work)){+.+.}, at: process_one_work+0x1d7/0x5e0
| #2: ffff8881381f6df8 (&stab->lock){+...}, at: sock_map_free+0x26/0x180
| CPU: 0 PID: 62 Comm: kworker/0:1 Not tainted 5.5.0-04008-g7b083332376e #454
| Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014
| Workqueue: events bpf_map_free_deferred
| Call Trace:
| dump_stack+0x71/0xa0
| ___might_sleep.cold+0xa6/0xb6
| lock_sock_nested+0x28/0x90
| sock_map_free+0x5f/0x180
| bpf_map_free_deferred+0x58/0x80
| process_one_work+0x260/0x5e0
| worker_thread+0x4d/0x3e0
| kthread+0x108/0x140
| ? process_one_work+0x5e0/0x5e0
| ? kthread_park+0x90/0x90
| ret_from_fork+0x3a/0x50
The reason we have stab->lock and bucket->locks in sockmap code is to
handle checking EEXIST in update/delete cases. We need to be careful during
an update operation that we check for EEXIST and we need to ensure that the
psock object is not in some partial state of removal/insertion while we do
this. So both map_update_common and sock_map_delete need to guard from being
run together potentially deleting an entry we are checking, etc. But by the
time we get to the tear-down code in sock_{ma[|hash}_free we have already
disconnected the map and we just did synchronize_rcu() in the line above so
no updates/deletes should be in flight. Because of this we can drop the
bucket locks from the map free'ing code, noting no update/deletes can be
in-flight.
Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface")
Reported-by: Jakub Sitnicki <jakub@cloudflare.com>
Suggested-by: Jakub Sitnicki <jakub@cloudflare.com>
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/158385850787.30597.8346421465837046618.stgit@john-Precision-5820-Tower
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/core/sock_map.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
--- a/net/core/sock_map.c
+++ b/net/core/sock_map.c
@@ -233,8 +233,11 @@ static void sock_map_free(struct bpf_map
struct bpf_stab *stab = container_of(map, struct bpf_stab, map);
int i;
+ /* After the sync no updates or deletes will be in-flight so it
+ * is safe to walk map and remove entries without risking a race
+ * in EEXIST update case.
+ */
synchronize_rcu();
- raw_spin_lock_bh(&stab->lock);
for (i = 0; i < stab->map.max_entries; i++) {
struct sock **psk = &stab->sks[i];
struct sock *sk;
@@ -248,7 +251,6 @@ static void sock_map_free(struct bpf_map
release_sock(sk);
}
}
- raw_spin_unlock_bh(&stab->lock);
/* wait for psock readers accessing its map link */
synchronize_rcu();
@@ -863,10 +865,13 @@ static void sock_hash_free(struct bpf_ma
struct hlist_node *node;
int i;
+ /* After the sync no updates or deletes will be in-flight so it
+ * is safe to walk map and remove entries without risking a race
+ * in EEXIST update case.
+ */
synchronize_rcu();
for (i = 0; i < htab->buckets_num; i++) {
bucket = sock_hash_select_bucket(htab, i);
- raw_spin_lock_bh(&bucket->lock);
hlist_for_each_entry_safe(elem, node, &bucket->head, node) {
hlist_del_rcu(&elem->node);
lock_sock(elem->sk);
@@ -875,7 +880,6 @@ static void sock_hash_free(struct bpf_ma
rcu_read_unlock();
release_sock(elem->sk);
}
- raw_spin_unlock_bh(&bucket->lock);
}
/* wait for psock readers accessing its map link */
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 144/170] ARM: dts: sun8i-a83t-tbs-a711: Fix USB OTG mode detection
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 143/170] bpf, sockmap: Remove bucket->lock from sock_{hash|map}_free Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 145/170] vti6: Fix memory leak of skb if input policy check fails Greg Kroah-Hartman
` (25 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ondrej Jirman, Maxime Ripard
From: Ondrej Jirman <megous@megous.com>
commit b642d4825441bf30c72b72deb739bd2d5f53af08 upstream.
USB-ID signal has a pullup on the schematic, but in reality it's not
pulled up, so add a GPIO pullup. And we also need a usb0_vbus_power-supply
for VBUS detection.
This fixes OTG mode detection and charging issues on TBS A711 tablet.
The issues came from ID pin reading 0, causing host mode to be enabled,
when it should not be, leading to DRVVBUS being enabled, which disabled
the charger.
Fixes: f2f221c7810b824e ("ARM: dts: sun8i: a711: Enable USB OTG")
Signed-off-by: Ondrej Jirman <megous@megous.com>
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/sun8i-a83t-tbs-a711.dts | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/arch/arm/boot/dts/sun8i-a83t-tbs-a711.dts
+++ b/arch/arm/boot/dts/sun8i-a83t-tbs-a711.dts
@@ -498,7 +498,8 @@
};
&usbphy {
- usb0_id_det-gpios = <&pio 7 11 GPIO_ACTIVE_HIGH>; /* PH11 */
+ usb0_id_det-gpios = <&pio 7 11 (GPIO_ACTIVE_HIGH | GPIO_PULL_UP)>; /* PH11 */
+ usb0_vbus_power-supply = <&usb_power_supply>;
usb0_vbus-supply = <®_drivevbus>;
usb1_vbus-supply = <®_vmain>;
usb2_vbus-supply = <®_vmain>;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 145/170] vti6: Fix memory leak of skb if input policy check fails
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 144/170] ARM: dts: sun8i-a83t-tbs-a711: Fix USB OTG mode detection Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 146/170] r8169: fix PHY driver check on platforms w/o module softdeps Greg Kroah-Hartman
` (24 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Torsten Hilbrich, Nicolas Dichtel,
Steffen Klassert
From: Torsten Hilbrich <torsten.hilbrich@secunet.com>
commit 2a9de3af21aa8c31cd68b0b39330d69f8c1e59df upstream.
The vti6_rcv function performs some tests on the retrieved tunnel
including checking the IP protocol, the XFRM input policy, the
source and destination address.
In all but one places the skb is released in the error case. When
the input policy check fails the network packet is leaked.
Using the same goto-label discard in this case to fix this problem.
Fixes: ed1efb2aefbb ("ipv6: Add support for IPsec virtual tunnel interfaces")
Signed-off-by: Torsten Hilbrich <torsten.hilbrich@secunet.com>
Reviewed-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv6/ip6_vti.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -311,7 +311,7 @@ static int vti6_rcv(struct sk_buff *skb)
if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
rcu_read_unlock();
- return 0;
+ goto discard;
}
ipv6h = ipv6_hdr(skb);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 146/170] r8169: fix PHY driver check on platforms w/o module softdeps
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 145/170] vti6: Fix memory leak of skb if input policy check fails Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 147/170] clocksource/drivers/hyper-v: Untangle stimers and timesync from clocksources Greg Kroah-Hartman
` (23 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chih-Wei Huang, Heiner Kallweit,
David S. Miller
From: Heiner Kallweit <hkallweit1@gmail.com>
commit 2e8c339b4946490a922a21aa8cd869c6cfad2023 upstream.
On Android/x86 the module loading infrastructure can't deal with
softdeps. Therefore the check for presence of the Realtek PHY driver
module fails. mdiobus_register() will try to load the PHY driver
module, therefore move the check to after this call and explicitly
check that a dedicated PHY driver is bound to the PHY device.
Fixes: f32593773549 ("r8169: check that Realtek PHY driver module is loaded")
Reported-by: Chih-Wei Huang <cwhuang@android-x86.org>
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/realtek/r8169_main.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
--- a/drivers/net/ethernet/realtek/r8169_main.c
+++ b/drivers/net/ethernet/realtek/r8169_main.c
@@ -6670,6 +6670,13 @@ static int r8169_mdio_register(struct rt
if (!tp->phydev) {
mdiobus_unregister(new_bus);
return -ENODEV;
+ } else if (!tp->phydev->drv) {
+ /* Most chip versions fail with the genphy driver.
+ * Therefore ensure that the dedicated PHY driver is loaded.
+ */
+ dev_err(&pdev->dev, "realtek.ko not loaded, maybe it needs to be added to initramfs?\n");
+ mdiobus_unregister(new_bus);
+ return -EUNATCH;
}
/* PHY will be woken up in rtl_open() */
@@ -6831,15 +6838,6 @@ static int rtl_init_one(struct pci_dev *
int chipset, region;
int jumbo_max, rc;
- /* Some tools for creating an initramfs don't consider softdeps, then
- * r8169.ko may be in initramfs, but realtek.ko not. Then the generic
- * PHY driver is used that doesn't work with most chip versions.
- */
- if (!driver_find("RTL8201CP Ethernet", &mdio_bus_type)) {
- dev_err(&pdev->dev, "realtek.ko not loaded, maybe it needs to be added to initramfs?\n");
- return -ENOENT;
- }
-
dev = devm_alloc_etherdev(&pdev->dev, sizeof (*tp));
if (!dev)
return -ENOMEM;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 147/170] clocksource/drivers/hyper-v: Untangle stimers and timesync from clocksources
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 146/170] r8169: fix PHY driver check on platforms w/o module softdeps Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 148/170] bpf: Undo incorrect __reg_bound_offset32 handling Greg Kroah-Hartman
` (22 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Kelley, Andrea Parri,
Daniel Lezcano, Sasha Levin
From: Yubo Xie <yuboxie@microsoft.com>
[ Upstream commit 0af3e137c144377fbaf5025ba784ff5ba7ad40c9 ]
hyperv_timer.c exports hyperv_cs, which is used by stimers and the
timesync mechanism. However, the clocksource dependency is not
needed: these mechanisms only depend on the partition reference
counter (which can be read via a MSR or via the TSC Reference Page).
Introduce the (function) pointer hv_read_reference_counter, as an
embodiment of the partition reference counter read, and export it
in place of the hyperv_cs pointer. The latter can be removed.
This should clarify that there's no relationship between Hyper-V
stimers & timesync and the Linux clocksource abstractions. No
functional or semantic change.
Suggested-by: Michael Kelley <mikelley@microsoft.com>
Signed-off-by: Andrea Parri <parri.andrea@gmail.com>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Link: https://lore.kernel.org/r/20200109160650.16150-2-parri.andrea@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clocksource/hyperv_timer.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/clocksource/hyperv_timer.c
+++ b/drivers/clocksource/hyperv_timer.c
@@ -327,7 +327,8 @@ static u64 notrace read_hv_clock_tsc(str
static u64 read_hv_sched_clock_tsc(void)
{
- return read_hv_clock_tsc(NULL) - hv_sched_clock_offset;
+ return (read_hv_clock_tsc(NULL) - hv_sched_clock_offset) *
+ (NSEC_PER_SEC / HV_CLOCK_HZ);
}
static struct clocksource hyperv_cs_tsc = {
@@ -352,7 +353,8 @@ static u64 notrace read_hv_clock_msr(str
static u64 read_hv_sched_clock_msr(void)
{
- return read_hv_clock_msr(NULL) - hv_sched_clock_offset;
+ return (read_hv_clock_msr(NULL) - hv_sched_clock_offset) *
+ (NSEC_PER_SEC / HV_CLOCK_HZ);
}
static struct clocksource hyperv_cs_msr = {
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 148/170] bpf: Undo incorrect __reg_bound_offset32 handling
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 147/170] clocksource/drivers/hyper-v: Untangle stimers and timesync from clocksources Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 149/170] USB: serial: option: add support for ASKEY WWHC050 Greg Kroah-Hartman
` (21 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anatoly Trosinenko, Daniel Borkmann,
Alexei Starovoitov
From: Daniel Borkmann <daniel@iogearbox.net>
commit f2d67fec0b43edce8c416101cdc52e71145b5fef upstream.
Anatoly has been fuzzing with kBdysch harness and reported a hang in
one of the outcomes:
0: (b7) r0 = 808464432
1: (7f) r0 >>= r0
2: (14) w0 -= 808464432
3: (07) r0 += 808464432
4: (b7) r1 = 808464432
5: (de) if w1 s<= w0 goto pc+0
R0_w=invP(id=0,umin_value=808464432,umax_value=5103431727,var_off=(0x30303020;0x10000001f)) R1_w=invP808464432 R10=fp0
6: (07) r0 += -2144337872
7: (14) w0 -= -1607454672
8: (25) if r0 > 0x30303030 goto pc+0
R0_w=invP(id=0,umin_value=271581184,umax_value=271581311,var_off=(0x10300000;0x7f)) R1_w=invP808464432 R10=fp0
9: (76) if w0 s>= 0x303030 goto pc+2
12: (95) exit
from 8 to 9: safe
from 5 to 6: R0_w=invP(id=0,umin_value=808464432,umax_value=5103431727,var_off=(0x30303020;0x10000001f)) R1_w=invP808464432 R10=fp0
6: (07) r0 += -2144337872
7: (14) w0 -= -1607454672
8: (25) if r0 > 0x30303030 goto pc+0
R0_w=invP(id=0,umin_value=271581184,umax_value=271581311,var_off=(0x10300000;0x7f)) R1_w=invP808464432 R10=fp0
9: safe
from 8 to 9: safe
verification time 589 usec
stack depth 0
processed 17 insns (limit 1000000) [...]
The underlying program was xlated as follows:
# bpftool p d x i 9
0: (b7) r0 = 808464432
1: (7f) r0 >>= r0
2: (14) w0 -= 808464432
3: (07) r0 += 808464432
4: (b7) r1 = 808464432
5: (de) if w1 s<= w0 goto pc+0
6: (07) r0 += -2144337872
7: (14) w0 -= -1607454672
8: (25) if r0 > 0x30303030 goto pc+0
9: (76) if w0 s>= 0x303030 goto pc+2
10: (05) goto pc-1
11: (05) goto pc-1
12: (95) exit
The verifier rewrote original instructions it recognized as dead code with
'goto pc-1', but reality differs from verifier simulation in that we're
actually able to trigger a hang due to hitting the 'goto pc-1' instructions.
Taking different examples to make the issue more obvious: in this example
we're probing bounds on a completely unknown scalar variable in r1:
[...]
5: R0_w=inv1 R1_w=inv(id=0) R10=fp0
5: (18) r2 = 0x4000000000
7: R0_w=inv1 R1_w=inv(id=0) R2_w=inv274877906944 R10=fp0
7: (18) r3 = 0x2000000000
9: R0_w=inv1 R1_w=inv(id=0) R2_w=inv274877906944 R3_w=inv137438953472 R10=fp0
9: (18) r4 = 0x400
11: R0_w=inv1 R1_w=inv(id=0) R2_w=inv274877906944 R3_w=inv137438953472 R4_w=inv1024 R10=fp0
11: (18) r5 = 0x200
13: R0_w=inv1 R1_w=inv(id=0) R2_w=inv274877906944 R3_w=inv137438953472 R4_w=inv1024 R5_w=inv512 R10=fp0
13: (2d) if r1 > r2 goto pc+4
R0_w=inv1 R1_w=inv(id=0,umax_value=274877906944,var_off=(0x0; 0x7fffffffff)) R2_w=inv274877906944 R3_w=inv137438953472 R4_w=inv1024 R5_w=inv512 R10=fp0
14: R0_w=inv1 R1_w=inv(id=0,umax_value=274877906944,var_off=(0x0; 0x7fffffffff)) R2_w=inv274877906944 R3_w=inv137438953472 R4_w=inv1024 R5_w=inv512 R10=fp0
14: (ad) if r1 < r3 goto pc+3
R0_w=inv1 R1_w=inv(id=0,umin_value=137438953472,umax_value=274877906944,var_off=(0x0; 0x7fffffffff)) R2_w=inv274877906944 R3_w=inv137438953472 R4_w=inv1024 R5_w=inv512 R10=fp0
15: R0=inv1 R1=inv(id=0,umin_value=137438953472,umax_value=274877906944,var_off=(0x0; 0x7fffffffff)) R2=inv274877906944 R3=inv137438953472 R4=inv1024 R5=inv512 R10=fp0
15: (2e) if w1 > w4 goto pc+2
R0=inv1 R1=inv(id=0,umin_value=137438953472,umax_value=274877906944,var_off=(0x0; 0x7f00000000)) R2=inv274877906944 R3=inv137438953472 R4=inv1024 R5=inv512 R10=fp0
16: R0=inv1 R1=inv(id=0,umin_value=137438953472,umax_value=274877906944,var_off=(0x0; 0x7f00000000)) R2=inv274877906944 R3=inv137438953472 R4=inv1024 R5=inv512 R10=fp0
16: (ae) if w1 < w5 goto pc+1
R0=inv1 R1=inv(id=0,umin_value=137438953472,umax_value=274877906944,var_off=(0x0; 0x7f00000000)) R2=inv274877906944 R3=inv137438953472 R4=inv1024 R5=inv512 R10=fp0
[...]
We're first probing lower/upper bounds via jmp64, later we do a similar
check via jmp32 and examine the resulting var_off there. After fall-through
in insn 14, we get the following bounded r1 with 0x7fffffffff unknown marked
bits in the variable section.
Thus, after knowing r1 <= 0x4000000000 and r1 >= 0x2000000000:
max: 0b100000000000000000000000000000000000000 / 0x4000000000
var: 0b111111111111111111111111111111111111111 / 0x7fffffffff
min: 0b010000000000000000000000000000000000000 / 0x2000000000
Now, in insn 15 and 16, we perform a similar probe with lower/upper bounds
in jmp32.
Thus, after knowing r1 <= 0x4000000000 and r1 >= 0x2000000000 and
w1 <= 0x400 and w1 >= 0x200:
max: 0b100000000000000000000000000000000000000 / 0x4000000000
var: 0b111111100000000000000000000000000000000 / 0x7f00000000
min: 0b010000000000000000000000000000000000000 / 0x2000000000
The lower/upper bounds haven't changed since they have high bits set in
u64 space and the jmp32 tests can only refine bounds in the low bits.
However, for the var part the expectation would have been 0x7f000007ff
or something less precise up to 0x7fffffffff. A outcome of 0x7f00000000
is not correct since it would contradict the earlier probed bounds
where we know that the result should have been in [0x200,0x400] in u32
space. Therefore, tests with such info will lead to wrong verifier
assumptions later on like falsely predicting conditional jumps to be
always taken, etc.
The issue here is that __reg_bound_offset32()'s implementation from
commit 581738a681b6 ("bpf: Provide better register bounds after jmp32
instructions") makes an incorrect range assumption:
static void __reg_bound_offset32(struct bpf_reg_state *reg)
{
u64 mask = 0xffffFFFF;
struct tnum range = tnum_range(reg->umin_value & mask,
reg->umax_value & mask);
struct tnum lo32 = tnum_cast(reg->var_off, 4);
struct tnum hi32 = tnum_lshift(tnum_rshift(reg->var_off, 32), 32);
reg->var_off = tnum_or(hi32, tnum_intersect(lo32, range));
}
In the above walk-through example, __reg_bound_offset32() as-is chose
a range after masking with 0xffffffff of [0x0,0x0] since umin:0x2000000000
and umax:0x4000000000 and therefore the lo32 part was clamped to 0x0 as
well. However, in the umin:0x2000000000 and umax:0x4000000000 range above
we'd end up with an actual possible interval of [0x0,0xffffffff] for u32
space instead.
In case of the original reproducer, the situation looked as follows at
insn 5 for r0:
[...]
5: R0_w=invP(id=0,umin_value=808464432,umax_value=5103431727,var_off=(0x0; 0x1ffffffff)) R1_w=invP808464432 R10=fp0
0x30303030 0x13030302f
5: (de) if w1 s<= w0 goto pc+0
R0_w=invP(id=0,umin_value=808464432,umax_value=5103431727,var_off=(0x30303020; 0x10000001f)) R1_w=invP808464432 R10=fp0
0x30303030 0x13030302f
[...]
After the fall-through, we similarly forced the var_off result into
the wrong range [0x30303030,0x3030302f] suggesting later on that fixed
bits must only be of 0x30303020 with 0x10000001f unknowns whereas such
assumption can only be made when both bounds in hi32 range match.
Originally, I was thinking to fix this by moving reg into a temp reg and
use proper coerce_reg_to_size() helper on the temp reg where we can then
based on that define the range tnum for later intersection:
static void __reg_bound_offset32(struct bpf_reg_state *reg)
{
struct bpf_reg_state tmp = *reg;
struct tnum lo32, hi32, range;
coerce_reg_to_size(&tmp, 4);
range = tnum_range(tmp.umin_value, tmp.umax_value);
lo32 = tnum_cast(reg->var_off, 4);
hi32 = tnum_lshift(tnum_rshift(reg->var_off, 32), 32);
reg->var_off = tnum_or(hi32, tnum_intersect(lo32, range));
}
In the case of the concrete example, this gives us a more conservative unknown
section. Thus, after knowing r1 <= 0x4000000000 and r1 >= 0x2000000000 and
w1 <= 0x400 and w1 >= 0x200:
max: 0b100000000000000000000000000000000000000 / 0x4000000000
var: 0b111111111111111111111111111111111111111 / 0x7fffffffff
min: 0b010000000000000000000000000000000000000 / 0x2000000000
However, above new __reg_bound_offset32() has no effect on refining the
knowledge of the register contents. Meaning, if the bounds in hi32 range
mismatch we'll get the identity function given the range reg spans
[0x0,0xffffffff] and we cast var_off into lo32 only to later on binary
or it again with the hi32.
Likewise, if the bounds in hi32 range match, then we mask both bounds
with 0xffffffff, use the resulting umin/umax for the range to later
intersect the lo32 with it. However, _prior_ called __reg_bound_offset()
did already such intersection on the full reg and we therefore would only
repeat the same operation on the lo32 part twice.
Given this has no effect and the original commit had false assumptions,
this patch reverts the code entirely which is also more straight forward
for stable trees: apparently 581738a681b6 got auto-selected by Sasha's
ML system and misclassified as a fix, so it got sucked into v5.4 where
it should never have landed. A revert is low-risk also from a user PoV
since it requires a recent kernel and llc to opt-into -mcpu=v3 BPF CPU
to generate jmp32 instructions. A proper bounds refinement would need a
significantly more complex approach which is currently being worked, but
no stable material [0]. Hence revert is best option for stable. After the
revert, the original reported program gets rejected as follows:
1: (7f) r0 >>= r0
2: (14) w0 -= 808464432
3: (07) r0 += 808464432
4: (b7) r1 = 808464432
5: (de) if w1 s<= w0 goto pc+0
R0_w=invP(id=0,umin_value=808464432,umax_value=5103431727,var_off=(0x0; 0x1ffffffff)) R1_w=invP808464432 R10=fp0
6: (07) r0 += -2144337872
7: (14) w0 -= -1607454672
8: (25) if r0 > 0x30303030 goto pc+0
R0_w=invP(id=0,umax_value=808464432,var_off=(0x0; 0x3fffffff)) R1_w=invP808464432 R10=fp0
9: (76) if w0 s>= 0x303030 goto pc+2
R0=invP(id=0,umax_value=3158063,var_off=(0x0; 0x3fffff)) R1=invP808464432 R10=fp0
10: (30) r0 = *(u8 *)skb[808464432]
BPF_LD_[ABS|IND] uses reserved fields
processed 11 insns (limit 1000000) [...]
[0] https://lore.kernel.org/bpf/158507130343.15666.8018068546764556975.stgit@john-Precision-5820-Tower/T/
Fixes: 581738a681b6 ("bpf: Provide better register bounds after jmp32 instructions")
Reported-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20200330160324.15259-2-daniel@iogearbox.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/bpf/verifier.c | 19 -------------------
1 file changed, 19 deletions(-)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -1034,17 +1034,6 @@ static void __reg_bound_offset(struct bp
reg->umax_value));
}
-static void __reg_bound_offset32(struct bpf_reg_state *reg)
-{
- u64 mask = 0xffffFFFF;
- struct tnum range = tnum_range(reg->umin_value & mask,
- reg->umax_value & mask);
- struct tnum lo32 = tnum_cast(reg->var_off, 4);
- struct tnum hi32 = tnum_lshift(tnum_rshift(reg->var_off, 32), 32);
-
- reg->var_off = tnum_or(hi32, tnum_intersect(lo32, range));
-}
-
/* Reset the min/max bounds of a register */
static void __mark_reg_unbounded(struct bpf_reg_state *reg)
{
@@ -5677,10 +5666,6 @@ static void reg_set_min_max(struct bpf_r
/* We might have learned some bits from the bounds. */
__reg_bound_offset(false_reg);
__reg_bound_offset(true_reg);
- if (is_jmp32) {
- __reg_bound_offset32(false_reg);
- __reg_bound_offset32(true_reg);
- }
/* Intersecting with the old var_off might have improved our bounds
* slightly. e.g. if umax was 0x7f...f and var_off was (0; 0xf...fc),
* then new var_off is (0; 0x7f...fc) which improves our umax.
@@ -5790,10 +5775,6 @@ static void reg_set_min_max_inv(struct b
/* We might have learned some bits from the bounds. */
__reg_bound_offset(false_reg);
__reg_bound_offset(true_reg);
- if (is_jmp32) {
- __reg_bound_offset32(false_reg);
- __reg_bound_offset32(true_reg);
- }
/* Intersecting with the old var_off might have improved our bounds
* slightly. e.g. if umax was 0x7f...f and var_off was (0; 0xf...fc),
* then new var_off is (0; 0x7f...fc) which improves our umax.
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 149/170] USB: serial: option: add support for ASKEY WWHC050
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 148/170] bpf: Undo incorrect __reg_bound_offset32 handling Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 150/170] USB: serial: option: add BroadMobi BM806U Greg Kroah-Hartman
` (20 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Cezary Jackiewicz, Pawel Dembicki,
Johan Hovold
From: Pawel Dembicki <paweldembicki@gmail.com>
commit 007d20dca2376a751b1dad03442f118438b7e65e upstream.
ASKEY WWHC050 is a mcie LTE modem.
The oem configuration states:
T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 2 Spd=480 MxCh= 0
D: Ver= 2.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=1690 ProdID=7588 Rev=ff.ff
S: Manufacturer=Android
S: Product=Android
S: SerialNumber=813f0eef6e6e
C:* #Ifs= 6 Cfg#= 1 Atr=80 MxPwr=500mA
I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none)
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
E: Ad=88(I) Atr=03(Int.) MxPS= 8 Ivl=32ms
E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 5 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=(none)
E: Ad=89(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=125us
Tested on openwrt distribution.
Co-developed-by: Cezary Jackiewicz <cezary@eko.one.pl>
Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/option.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -1992,6 +1992,8 @@ static const struct usb_device_id option
{ USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x3e01, 0xff, 0xff, 0xff) }, /* D-Link DWM-152/C1 */
{ USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x3e02, 0xff, 0xff, 0xff) }, /* D-Link DWM-156/C1 */
{ USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x7e11, 0xff, 0xff, 0xff) }, /* D-Link DWM-156/A3 */
+ { USB_DEVICE_INTERFACE_CLASS(0x1690, 0x7588, 0xff), /* ASKEY WWHC050 */
+ .driver_info = RSVD(1) | RSVD(4) },
{ USB_DEVICE_INTERFACE_CLASS(0x2020, 0x2031, 0xff), /* Olicard 600 */
.driver_info = RSVD(4) },
{ USB_DEVICE_INTERFACE_CLASS(0x2020, 0x2060, 0xff), /* BroadMobi BM818 */
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 150/170] USB: serial: option: add BroadMobi BM806U
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 149/170] USB: serial: option: add support for ASKEY WWHC050 Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 151/170] USB: serial: option: add Wistron Neweb D19Q1 Greg Kroah-Hartman
` (19 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Cezary Jackiewicz, Pawel Dembicki,
Johan Hovold
From: Pawel Dembicki <paweldembicki@gmail.com>
commit 6cb2669cb97fc4fdf526127159ac59caae052247 upstream.
BroadMobi BM806U is an Qualcomm MDM9225 based 3G/4G modem.
Tested hardware BM806U is mounted on D-Link DWR-921-C3 router.
T: Bus=01 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 2 Spd=480 MxCh= 0
D: Ver= 2.01 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=2020 ProdID=2033 Rev= 2.28
S: Manufacturer=Mobile Connect
S: Product=Mobile Connect
S: SerialNumber=f842866cfd5a
C:* #Ifs= 5 Cfg#= 1 Atr=80 MxPwr=500mA
I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
E: Ad=89(I) Atr=03(Int.) MxPS= 8 Ivl=32ms
E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
Co-developed-by: Cezary Jackiewicz <cezary@eko.one.pl>
Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/option.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -1996,6 +1996,8 @@ static const struct usb_device_id option
.driver_info = RSVD(1) | RSVD(4) },
{ USB_DEVICE_INTERFACE_CLASS(0x2020, 0x2031, 0xff), /* Olicard 600 */
.driver_info = RSVD(4) },
+ { USB_DEVICE_INTERFACE_CLASS(0x2020, 0x2033, 0xff), /* BroadMobi BM806U */
+ .driver_info = RSVD(4) },
{ USB_DEVICE_INTERFACE_CLASS(0x2020, 0x2060, 0xff), /* BroadMobi BM818 */
.driver_info = RSVD(4) },
{ USB_DEVICE_INTERFACE_CLASS(0x2020, 0x4000, 0xff) }, /* OLICARD300 - MT6225 */
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 151/170] USB: serial: option: add Wistron Neweb D19Q1
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 150/170] USB: serial: option: add BroadMobi BM806U Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 152/170] USB: cdc-acm: restore capability check order Greg Kroah-Hartman
` (18 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pawel Dembicki, Johan Hovold
From: Pawel Dembicki <paweldembicki@gmail.com>
commit dfee7e2f478346b12ea651d5c28b069f6a4af563 upstream.
This modem is embedded on dlink dwr-960 router.
The oem configuration states:
T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 2 Spd=480 MxCh= 0
D: Ver= 2.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=1435 ProdID=d191 Rev=ff.ff
S: Manufacturer=Android
S: Product=Android
S: SerialNumber=0123456789ABCDEF
C:* #Ifs= 6 Cfg#= 1 Atr=80 MxPwr=500mA
I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none)
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none)
E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none)
E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
E: Ad=88(I) Atr=03(Int.) MxPS= 8 Ivl=32ms
E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 5 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=(none)
E: Ad=89(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=125us
Tested on openwrt distribution
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/option.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -1992,6 +1992,8 @@ static const struct usb_device_id option
{ USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x3e01, 0xff, 0xff, 0xff) }, /* D-Link DWM-152/C1 */
{ USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x3e02, 0xff, 0xff, 0xff) }, /* D-Link DWM-156/C1 */
{ USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x7e11, 0xff, 0xff, 0xff) }, /* D-Link DWM-156/A3 */
+ { USB_DEVICE_INTERFACE_CLASS(0x1435, 0xd191, 0xff), /* Wistron Neweb D19Q1 */
+ .driver_info = RSVD(1) | RSVD(4) },
{ USB_DEVICE_INTERFACE_CLASS(0x1690, 0x7588, 0xff), /* ASKEY WWHC050 */
.driver_info = RSVD(1) | RSVD(4) },
{ USB_DEVICE_INTERFACE_CLASS(0x2020, 0x2031, 0xff), /* Olicard 600 */
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 152/170] USB: cdc-acm: restore capability check order
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 151/170] USB: serial: option: add Wistron Neweb D19Q1 Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 153/170] USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback Greg Kroah-Hartman
` (17 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anthony Mallet, Oliver Neukum,
Matthias Reichl
From: Matthias Reichl <hias@horus.com>
commit 62d65bdd9d05158aa2547f8ef72375535f3bc6e3 upstream.
commit b401f8c4f492c ("USB: cdc-acm: fix rounding error in TIOCSSERIAL")
introduced a regression by changing the order of capability and close
settings change checks. When running with CAP_SYS_ADMIN setting the
close settings to the values already set resulted in -EOPNOTSUPP.
Fix this by changing the check order back to how it was before.
Fixes: b401f8c4f492c ("USB: cdc-acm: fix rounding error in TIOCSSERIAL")
Cc: Anthony Mallet <anthony.mallet@laas.fr>
Cc: stable <stable@vger.kernel.org>
Cc: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Matthias Reichl <hias@horus.com>
Link: https://lore.kernel.org/r/20200327150350.3657-1-hias@horus.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/class/cdc-acm.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -923,16 +923,16 @@ static int set_serial_info(struct tty_st
mutex_lock(&acm->port.mutex);
- if ((ss->close_delay != old_close_delay) ||
- (ss->closing_wait != old_closing_wait)) {
- if (!capable(CAP_SYS_ADMIN))
+ if (!capable(CAP_SYS_ADMIN)) {
+ if ((ss->close_delay != old_close_delay) ||
+ (ss->closing_wait != old_closing_wait))
retval = -EPERM;
- else {
- acm->port.close_delay = close_delay;
- acm->port.closing_wait = closing_wait;
- }
- } else
- retval = -EOPNOTSUPP;
+ else
+ retval = -EOPNOTSUPP;
+ } else {
+ acm->port.close_delay = close_delay;
+ acm->port.closing_wait = closing_wait;
+ }
mutex_unlock(&acm->port.mutex);
return retval;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 153/170] USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 152/170] USB: cdc-acm: restore capability check order Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 154/170] usb: musb: fix crash with highmen PIO and usbmon Greg Kroah-Hartman
` (16 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qiujun Huang, Johan Hovold,
syzbot+37ba33391ad5f3935bbd
From: Qiujun Huang <hqjagain@gmail.com>
commit 57aa9f294b09463492f604feaa5cc719beaace32 upstream.
Fix slab-out-of-bounds read in the interrupt-URB completion handler.
The boundary condition should be (length - 1) as we access
data[position + 1].
Reported-and-tested-by: syzbot+37ba33391ad5f3935bbd@syzkaller.appspotmail.com
Signed-off-by: Qiujun Huang <hqjagain@gmail.com>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/io_edgeport.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/serial/io_edgeport.c
+++ b/drivers/usb/serial/io_edgeport.c
@@ -710,7 +710,7 @@ static void edge_interrupt_callback(stru
/* grab the txcredits for the ports if available */
position = 2;
portNumber = 0;
- while ((position < length) &&
+ while ((position < length - 1) &&
(portNumber < edge_serial->serial->num_ports)) {
txCredits = data[position] | (data[position+1] << 8);
if (txCredits) {
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 154/170] usb: musb: fix crash with highmen PIO and usbmon
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (152 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 153/170] USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 155/170] media: flexcop-usb: fix endpoint sanity check Greg Kroah-Hartman
` (15 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mans Rullgard, Bin Liu
From: Mans Rullgard <mans@mansr.com>
commit 52974d94a206ce428d9d9b6eaa208238024be82a upstream.
When handling a PIO bulk transfer with highmem buffer, a temporary
mapping is assigned to urb->transfer_buffer. After the transfer is
complete, an invalid address is left behind in this pointer. This is
not ordinarily a problem since nothing touches that buffer before the
urb is released. However, when usbmon is active, usbmon_urb_complete()
calls (indirectly) mon_bin_get_data() which does access the transfer
buffer if it is set. To prevent an invalid memory access here, reset
urb->transfer_buffer to NULL when finished (musb_host_rx()), or do not
set it at all (musb_host_tx()).
Fixes: 8e8a55165469 ("usb: musb: host: Handle highmem in PIO mode")
Signed-off-by: Mans Rullgard <mans@mansr.com>
Cc: stable@vger.kernel.org
Signed-off-by: Bin Liu <b-liu@ti.com>
Link: https://lore.kernel.org/r/20200316211136.2274-8-b-liu@ti.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/musb/musb_host.c | 17 +++++------------
1 file changed, 5 insertions(+), 12 deletions(-)
--- a/drivers/usb/musb/musb_host.c
+++ b/drivers/usb/musb/musb_host.c
@@ -1462,10 +1462,7 @@ done:
* We need to map sg if the transfer_buffer is
* NULL.
*/
- if (!urb->transfer_buffer)
- qh->use_sg = true;
-
- if (qh->use_sg) {
+ if (!urb->transfer_buffer) {
/* sg_miter_start is already done in musb_ep_program */
if (!sg_miter_next(&qh->sg_miter)) {
dev_err(musb->controller, "error: sg list empty\n");
@@ -1473,9 +1470,8 @@ done:
status = -EINVAL;
goto done;
}
- urb->transfer_buffer = qh->sg_miter.addr;
length = min_t(u32, length, qh->sg_miter.length);
- musb_write_fifo(hw_ep, length, urb->transfer_buffer);
+ musb_write_fifo(hw_ep, length, qh->sg_miter.addr);
qh->sg_miter.consumed = length;
sg_miter_stop(&qh->sg_miter);
} else {
@@ -1484,11 +1480,6 @@ done:
qh->segsize = length;
- if (qh->use_sg) {
- if (offset + length >= urb->transfer_buffer_length)
- qh->use_sg = false;
- }
-
musb_ep_select(mbase, epnum);
musb_writew(epio, MUSB_TXCSR,
MUSB_TXCSR_H_WZC_BITS | MUSB_TXCSR_TXPKTRDY);
@@ -2003,8 +1994,10 @@ finish:
urb->actual_length += xfer_len;
qh->offset += xfer_len;
if (done) {
- if (qh->use_sg)
+ if (qh->use_sg) {
qh->use_sg = false;
+ urb->transfer_buffer = NULL;
+ }
if (urb->status == -EINPROGRESS)
urb->status = status;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 155/170] media: flexcop-usb: fix endpoint sanity check
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 154/170] usb: musb: fix crash with highmen PIO and usbmon Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 156/170] media: usbtv: fix control-message timeouts Greg Kroah-Hartman
` (14 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Oliver Neukum, Johan Hovold,
Sean Young, Mauro Carvalho Chehab
From: Johan Hovold <johan@kernel.org>
commit bca243b1ce0e46be26f7c63b5591dfbb41f558e5 upstream.
commit 1b976fc6d684 ("media: b2c2-flexcop-usb: add sanity checking") added
an endpoint sanity check to address a NULL-pointer dereference on probe.
Unfortunately the check was done on the current altsetting which was later
changed.
Fix this by moving the sanity check to after the altsetting is changed.
Fixes: 1b976fc6d684 ("media: b2c2-flexcop-usb: add sanity checking")
Cc: Oliver Neukum <oneukum@suse.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/b2c2/flexcop-usb.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/media/usb/b2c2/flexcop-usb.c
+++ b/drivers/media/usb/b2c2/flexcop-usb.c
@@ -511,6 +511,9 @@ static int flexcop_usb_init(struct flexc
return ret;
}
+ if (fc_usb->uintf->cur_altsetting->desc.bNumEndpoints < 1)
+ return -ENODEV;
+
switch (fc_usb->udev->speed) {
case USB_SPEED_LOW:
err("cannot handle USB speed because it is too slow.");
@@ -544,9 +547,6 @@ static int flexcop_usb_probe(struct usb_
struct flexcop_device *fc = NULL;
int ret;
- if (intf->cur_altsetting->desc.bNumEndpoints < 1)
- return -ENODEV;
-
if ((fc = flexcop_device_kmalloc(sizeof(struct flexcop_usb))) == NULL) {
err("out of memory\n");
return -ENOMEM;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 156/170] media: usbtv: fix control-message timeouts
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 155/170] media: flexcop-usb: fix endpoint sanity check Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 157/170] staging: kpc2000: prevent underflow in cpld_reconfigure() Greg Kroah-Hartman
` (13 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Lubomir Rintel,
Hans Verkuil, Mauro Carvalho Chehab
From: Johan Hovold <johan@kernel.org>
commit 536f561d871c5781bc33d26d415685211b94032e upstream.
The driver was issuing synchronous uninterruptible control requests
without using a timeout. This could lead to the driver hanging on
various user requests due to a malfunctioning (or malicious) device
until the device is physically disconnected.
The USB upper limit of five seconds per request should be more than
enough.
Fixes: f3d27f34fdd7 ("[media] usbtv: Add driver for Fushicai USBTV007 video frame grabber")
Fixes: c53a846c48f2 ("[media] usbtv: add video controls")
Cc: stable <stable@vger.kernel.org> # 3.11
Signed-off-by: Johan Hovold <johan@kernel.org>
Acked-by: Lubomir Rintel <lkundrak@v3.sk>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/usbtv/usbtv-core.c | 2 +-
drivers/media/usb/usbtv/usbtv-video.c | 5 +++--
2 files changed, 4 insertions(+), 3 deletions(-)
--- a/drivers/media/usb/usbtv/usbtv-core.c
+++ b/drivers/media/usb/usbtv/usbtv-core.c
@@ -56,7 +56,7 @@ int usbtv_set_regs(struct usbtv *usbtv,
ret = usb_control_msg(usbtv->udev, pipe, USBTV_REQUEST_REG,
USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
- value, index, NULL, 0, 0);
+ value, index, NULL, 0, USB_CTRL_GET_TIMEOUT);
if (ret < 0)
return ret;
}
--- a/drivers/media/usb/usbtv/usbtv-video.c
+++ b/drivers/media/usb/usbtv/usbtv-video.c
@@ -800,7 +800,8 @@ static int usbtv_s_ctrl(struct v4l2_ctrl
ret = usb_control_msg(usbtv->udev,
usb_rcvctrlpipe(usbtv->udev, 0), USBTV_CONTROL_REG,
USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
- 0, USBTV_BASE + 0x0244, (void *)data, 3, 0);
+ 0, USBTV_BASE + 0x0244, (void *)data, 3,
+ USB_CTRL_GET_TIMEOUT);
if (ret < 0)
goto error;
}
@@ -851,7 +852,7 @@ static int usbtv_s_ctrl(struct v4l2_ctrl
ret = usb_control_msg(usbtv->udev, usb_sndctrlpipe(usbtv->udev, 0),
USBTV_CONTROL_REG,
USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
- 0, index, (void *)data, size, 0);
+ 0, index, (void *)data, size, USB_CTRL_SET_TIMEOUT);
error:
if (ret < 0)
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 157/170] staging: kpc2000: prevent underflow in cpld_reconfigure()
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 156/170] media: usbtv: fix control-message timeouts Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 158/170] staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table Greg Kroah-Hartman
` (12 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dan Carpenter
From: Dan Carpenter <dan.carpenter@oracle.com>
commit 72db61d7d17a475d3cc9de1a7c871d518fcd82f0 upstream.
This function should not allow negative values of "wr_val". If
negatives are allowed then capping the upper bound at 7 is
meaningless. Let's make it unsigned.
Fixes: 7dc7967fc39a ("staging: kpc2000: add initial set of Daktronics drivers")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200224103325.hrxdnaeqsthplu42@kili.mountain
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/kpc2000/kpc2000/core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/staging/kpc2000/kpc2000/core.c
+++ b/drivers/staging/kpc2000/kpc2000/core.c
@@ -110,10 +110,10 @@ static ssize_t cpld_reconfigure(struct d
const char *buf, size_t count)
{
struct kp2000_device *pcard = dev_get_drvdata(dev);
- long wr_val;
+ unsigned long wr_val;
int rv;
- rv = kstrtol(buf, 0, &wr_val);
+ rv = kstrtoul(buf, 0, &wr_val);
if (rv < 0)
return rv;
if (wr_val > 7)
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 158/170] staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 157/170] staging: kpc2000: prevent underflow in cpld_reconfigure() Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 159/170] staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb Greg Kroah-Hartman
` (11 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Larry Finger, kovi
From: Larry Finger <Larry.Finger@lwfinger.net>
commit 38ef48f7d4b7342f145a1b4f96023bde99aeb245 upstream.
The ASUS USB-N10 Nano B1 has been reported as a new RTL8188EU device.
Add it to the device tables.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Reported-by: kovi <zraetn@gmail.com>
Cc: Stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200321180011.26153-1-Larry.Finger@lwfinger.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/rtl8188eu/os_dep/usb_intf.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/staging/rtl8188eu/os_dep/usb_intf.c
+++ b/drivers/staging/rtl8188eu/os_dep/usb_intf.c
@@ -32,6 +32,7 @@ static const struct usb_device_id rtw_us
/****** 8188EUS ********/
{USB_DEVICE(0x056e, 0x4008)}, /* Elecom WDC-150SU2M */
{USB_DEVICE(0x07b8, 0x8179)}, /* Abocom - Abocom */
+ {USB_DEVICE(0x0B05, 0x18F0)}, /* ASUS USB-N10 Nano B1 */
{USB_DEVICE(0x2001, 0x330F)}, /* DLink DWA-125 REV D1 */
{USB_DEVICE(0x2001, 0x3310)}, /* Dlink DWA-123 REV D1 */
{USB_DEVICE(0x2001, 0x3311)}, /* DLink GO-USB-N150 REV B1 */
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 159/170] staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 158/170] staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 160/170] staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback Greg Kroah-Hartman
` (10 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+6d2e7f6fa90e27be9d62, Qiujun Huang
From: Qiujun Huang <hqjagain@gmail.com>
commit a1f165a6b738f0c9d744bad4af7a53909278f5fc upstream.
We should cancel hw->usb_work before kfree(hw).
Reported-by: syzbot+6d2e7f6fa90e27be9d62@syzkaller.appspotmail.com
Signed-off-by: Qiujun Huang <hqjagain@gmail.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/1585120006-30042-1-git-send-email-hqjagain@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/wlan-ng/prism2usb.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/staging/wlan-ng/prism2usb.c
+++ b/drivers/staging/wlan-ng/prism2usb.c
@@ -180,6 +180,7 @@ static void prism2sta_disconnect_usb(str
cancel_work_sync(&hw->link_bh);
cancel_work_sync(&hw->commsqual_bh);
+ cancel_work_sync(&hw->usb_work);
/* Now we complete any outstanding commands
* and tell everyone who is waiting for their
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 160/170] staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 159/170] staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 161/170] staging: wfx: add proper "compatible" string Greg Kroah-Hartman
` (9 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qiujun Huang, syzbot+7d42d68643a35f71ac8a
From: Qiujun Huang <hqjagain@gmail.com>
commit 1165dd73e811a07d947aee218510571f516081f6 upstream.
We can't handle the case length > WLAN_DATA_MAXLEN.
Because the size of rxfrm->data is WLAN_DATA_MAXLEN(2312), and we can't
read more than that.
Thanks-to: Hillf Danton <hdanton@sina.com>
Reported-and-tested-by: syzbot+7d42d68643a35f71ac8a@syzkaller.appspotmail.com
Signed-off-by: Qiujun Huang <hqjagain@gmail.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200326131850.17711-1-hqjagain@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/wlan-ng/hfa384x_usb.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/staging/wlan-ng/hfa384x_usb.c
+++ b/drivers/staging/wlan-ng/hfa384x_usb.c
@@ -3372,6 +3372,8 @@ static void hfa384x_int_rxmonitor(struct
WLAN_HDR_A4_LEN + WLAN_DATA_MAXLEN + WLAN_CRC_LEN)) {
pr_debug("overlen frm: len=%zd\n",
skblen - sizeof(struct p80211_caphdr));
+
+ return;
}
skb = dev_alloc_skb(skblen);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 161/170] staging: wfx: add proper "compatible" string
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 160/170] staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 162/170] staging: wfx: fix init/remove vs IRQ race Greg Kroah-Hartman
` (8 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michał Mirosław
From: Michał Mirosław <mirq-linux@rere.qmqm.pl>
commit eec6e3ee636ec3adaa85ebe4b4acaacfcf06277e upstream.
Add "compatible" string matching "vendor,chip" template and proper
GPIO flags handling. Keep support for old name and reset polarity
for older devicetrees.
Cc: stable@vger.kernel.org # d3a5bcb4a17f ("gpio: add gpiod_toggle_active_low()")
Cc: stable@vger.kernel.org
Fixes: 0096214a59a7 ("staging: wfx: add support for I/O access")
Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
Link: https://lore.kernel.org/r/0e6dda06f145676861860f073a53dc95987c7ab5.1581416843.git.mirq-linux@rere.qmqm.pl
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/wfx/Documentation/devicetree/bindings/net/wireless/siliabs,wfx.txt | 7 ++---
drivers/staging/wfx/bus_spi.c | 14 +++++++---
2 files changed, 14 insertions(+), 7 deletions(-)
--- a/drivers/staging/wfx/Documentation/devicetree/bindings/net/wireless/siliabs,wfx.txt
+++ b/drivers/staging/wfx/Documentation/devicetree/bindings/net/wireless/siliabs,wfx.txt
@@ -6,7 +6,7 @@ SPI
You have to declare the WFxxx chip in your device tree.
Required properties:
- - compatible: Should be "silabs,wfx-spi"
+ - compatible: Should be "silabs,wf200"
- reg: Chip select address of device
- spi-max-frequency: Maximum SPI clocking speed of device in Hz
- interrupts-extended: Should contain interrupt line (interrupt-parent +
@@ -15,6 +15,7 @@ Required properties:
Optional properties:
- reset-gpios: phandle of gpio that will be used to reset chip during probe.
Without this property, you may encounter issues with warm boot.
+ (Legacy: when compatible == "silabs,wfx-spi", the gpio is inverted.)
Please consult Documentation/devicetree/bindings/spi/spi-bus.txt for optional
SPI connection related properties,
@@ -23,12 +24,12 @@ Example:
&spi1 {
wfx {
- compatible = "silabs,wfx-spi";
+ compatible = "silabs,wf200";
pinctrl-names = "default";
pinctrl-0 = <&wfx_irq &wfx_gpios>;
interrupts-extended = <&gpio 16 IRQ_TYPE_EDGE_RISING>;
wakeup-gpios = <&gpio 12 GPIO_ACTIVE_HIGH>;
- reset-gpios = <&gpio 13 GPIO_ACTIVE_HIGH>;
+ reset-gpios = <&gpio 13 GPIO_ACTIVE_LOW>;
reg = <0>;
spi-max-frequency = <42000000>;
};
--- a/drivers/staging/wfx/bus_spi.c
+++ b/drivers/staging/wfx/bus_spi.c
@@ -27,6 +27,8 @@ MODULE_PARM_DESC(gpio_reset, "gpio numbe
#define SET_WRITE 0x7FFF /* usage: and operation */
#define SET_READ 0x8000 /* usage: or operation */
+#define WFX_RESET_INVERTED 1
+
static const struct wfx_platform_data wfx_spi_pdata = {
.file_fw = "wfm_wf200",
.file_pds = "wf200.pds",
@@ -199,9 +201,11 @@ static int wfx_spi_probe(struct spi_devi
if (!bus->gpio_reset) {
dev_warn(&func->dev, "try to load firmware anyway\n");
} else {
- gpiod_set_value(bus->gpio_reset, 0);
- udelay(100);
+ if (spi_get_device_id(func)->driver_data & WFX_RESET_INVERTED)
+ gpiod_toggle_active_low(bus->gpio_reset);
gpiod_set_value(bus->gpio_reset, 1);
+ udelay(100);
+ gpiod_set_value(bus->gpio_reset, 0);
udelay(2000);
}
@@ -243,14 +247,16 @@ static int wfx_spi_disconnect(struct spi
* stripped.
*/
static const struct spi_device_id wfx_spi_id[] = {
- { "wfx-spi", 0 },
+ { "wfx-spi", WFX_RESET_INVERTED },
+ { "wf200", 0 },
{ },
};
MODULE_DEVICE_TABLE(spi, wfx_spi_id);
#ifdef CONFIG_OF
static const struct of_device_id wfx_spi_of_match[] = {
- { .compatible = "silabs,wfx-spi" },
+ { .compatible = "silabs,wfx-spi", .data = (void *)WFX_RESET_INVERTED },
+ { .compatible = "silabs,wf200" },
{ },
};
MODULE_DEVICE_TABLE(of, wfx_spi_of_match);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 162/170] staging: wfx: fix init/remove vs IRQ race
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 161/170] staging: wfx: add proper "compatible" string Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 163/170] staging: wfx: annotate nested gc_list vs tx queue locking Greg Kroah-Hartman
` (7 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michał Mirosław,
Jérôme Pouiller
From: Michał Mirosław <mirq-linux@rere.qmqm.pl>
commit 4033714d6cbe04893aa0708d1fcaa45dd8eb3f53 upstream.
Current code races in init/exit with interrupt handlers. This is noticed
by the warning below. Fix it by using devres for ordering allocations and
IRQ de/registration.
WARNING: CPU: 0 PID: 827 at drivers/staging/wfx/bus_spi.c:142 wfx_spi_irq_handler+0x5c/0x64 [wfx]
race condition in driver init/deinit
Cc: stable@vger.kernel.org
Fixes: 0096214a59a7 ("staging: wfx: add support for I/O access")
Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
Reviewed-by: Jérôme Pouiller <jerome.pouiller@silabs.com>
Link: https://lore.kernel.org/r/f0c66cbb3110c2736cd4357c753fba8c14ee3aee.1581416843.git.mirq-linux@rere.qmqm.pl
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/wfx/bus_sdio.c | 15 ++++++---------
drivers/staging/wfx/bus_spi.c | 27 ++++++++++++++-------------
drivers/staging/wfx/main.c | 21 +++++++++++++--------
drivers/staging/wfx/main.h | 1 -
4 files changed, 33 insertions(+), 31 deletions(-)
--- a/drivers/staging/wfx/bus_sdio.c
+++ b/drivers/staging/wfx/bus_sdio.c
@@ -200,25 +200,23 @@ static int wfx_sdio_probe(struct sdio_fu
if (ret)
goto err0;
- ret = wfx_sdio_irq_subscribe(bus);
- if (ret)
- goto err1;
-
bus->core = wfx_init_common(&func->dev, &wfx_sdio_pdata,
&wfx_sdio_hwbus_ops, bus);
if (!bus->core) {
ret = -EIO;
- goto err2;
+ goto err1;
}
+ ret = wfx_sdio_irq_subscribe(bus);
+ if (ret)
+ goto err1;
+
ret = wfx_probe(bus->core);
if (ret)
- goto err3;
+ goto err2;
return 0;
-err3:
- wfx_free_common(bus->core);
err2:
wfx_sdio_irq_unsubscribe(bus);
err1:
@@ -234,7 +232,6 @@ static void wfx_sdio_remove(struct sdio_
struct wfx_sdio_priv *bus = sdio_get_drvdata(func);
wfx_release(bus->core);
- wfx_free_common(bus->core);
wfx_sdio_irq_unsubscribe(bus);
sdio_claim_host(func);
sdio_disable_func(func);
--- a/drivers/staging/wfx/bus_spi.c
+++ b/drivers/staging/wfx/bus_spi.c
@@ -154,6 +154,11 @@ static void wfx_spi_request_rx(struct wo
wfx_bh_request_rx(bus->core);
}
+static void wfx_flush_irq_work(void *w)
+{
+ flush_work(w);
+}
+
static size_t wfx_spi_align_size(void *priv, size_t size)
{
// Most of SPI controllers avoid DMA if buffer size is not 32bit aligned
@@ -209,22 +214,23 @@ static int wfx_spi_probe(struct spi_devi
udelay(2000);
}
- ret = devm_request_irq(&func->dev, func->irq, wfx_spi_irq_handler,
- IRQF_TRIGGER_RISING, "wfx", bus);
- if (ret)
- return ret;
-
INIT_WORK(&bus->request_rx, wfx_spi_request_rx);
bus->core = wfx_init_common(&func->dev, &wfx_spi_pdata,
&wfx_spi_hwbus_ops, bus);
if (!bus->core)
return -EIO;
- ret = wfx_probe(bus->core);
+ ret = devm_add_action_or_reset(&func->dev, wfx_flush_irq_work,
+ &bus->request_rx);
if (ret)
- wfx_free_common(bus->core);
+ return ret;
+
+ ret = devm_request_irq(&func->dev, func->irq, wfx_spi_irq_handler,
+ IRQF_TRIGGER_RISING, "wfx", bus);
+ if (ret)
+ return ret;
- return ret;
+ return wfx_probe(bus->core);
}
/* Disconnect Function to be called by SPI stack when device is disconnected */
@@ -233,11 +239,6 @@ static int wfx_spi_disconnect(struct spi
struct wfx_spi_priv *bus = spi_get_drvdata(func);
wfx_release(bus->core);
- wfx_free_common(bus->core);
- // A few IRQ will be sent during device release. Hopefully, no IRQ
- // should happen after wdev/wvif are released.
- devm_free_irq(&func->dev, func->irq, bus);
- flush_work(&bus->request_rx);
return 0;
}
--- a/drivers/staging/wfx/main.c
+++ b/drivers/staging/wfx/main.c
@@ -261,6 +261,16 @@ static int wfx_send_pdata_pds(struct wfx
return ret;
}
+static void wfx_free_common(void *data)
+{
+ struct wfx_dev *wdev = data;
+
+ mutex_destroy(&wdev->rx_stats_lock);
+ mutex_destroy(&wdev->conf_mutex);
+ wfx_tx_queues_deinit(wdev);
+ ieee80211_free_hw(wdev->hw);
+}
+
struct wfx_dev *wfx_init_common(struct device *dev,
const struct wfx_platform_data *pdata,
const struct hwbus_ops *hwbus_ops,
@@ -326,15 +336,10 @@ struct wfx_dev *wfx_init_common(struct d
wfx_init_hif_cmd(&wdev->hif_cmd);
wfx_tx_queues_init(wdev);
- return wdev;
-}
+ if (devm_add_action_or_reset(dev, wfx_free_common, wdev))
+ return NULL;
-void wfx_free_common(struct wfx_dev *wdev)
-{
- mutex_destroy(&wdev->rx_stats_lock);
- mutex_destroy(&wdev->conf_mutex);
- wfx_tx_queues_deinit(wdev);
- ieee80211_free_hw(wdev->hw);
+ return wdev;
}
int wfx_probe(struct wfx_dev *wdev)
--- a/drivers/staging/wfx/main.h
+++ b/drivers/staging/wfx/main.h
@@ -34,7 +34,6 @@ struct wfx_dev *wfx_init_common(struct d
const struct wfx_platform_data *pdata,
const struct hwbus_ops *hwbus_ops,
void *hwbus_priv);
-void wfx_free_common(struct wfx_dev *wdev);
int wfx_probe(struct wfx_dev *wdev);
void wfx_release(struct wfx_dev *wdev);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 163/170] staging: wfx: annotate nested gc_list vs tx queue locking
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (161 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 162/170] staging: wfx: fix init/remove vs IRQ race Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 164/170] ahci: Add Intel Comet Lake H RAID PCI ID Greg Kroah-Hartman
` (6 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michał Mirosław
From: Michał Mirosław <mirq-linux@rere.qmqm.pl>
commit e2525a95cc0887c7dc0549cb5d0ac3e796e1d54c upstream.
Lockdep is complaining about recursive locking, because it can't make
a difference between locked skb_queues. Annotate nested locks and avoid
double bh_disable/enable.
[...]
insmod/815 is trying to acquire lock:
cb7d6418 (&(&list->lock)->rlock){+...}, at: wfx_tx_queues_clear+0xfc/0x198 [wfx]
but task is already holding lock:
cb7d61f4 (&(&list->lock)->rlock){+...}, at: wfx_tx_queues_clear+0xa0/0x198 [wfx]
[...]
Possible unsafe locking scenario:
CPU0
----
lock(&(&list->lock)->rlock);
lock(&(&list->lock)->rlock);
Cc: stable@vger.kernel.org
Fixes: 9bca45f3d692 ("staging: wfx: allow to send 802.11 frames")
Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
Link: https://lore.kernel.org/r/5e30397af95854b4a7deea073b730c00229f42ba.1581416843.git.mirq-linux@rere.qmqm.pl
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/wfx/queue.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
--- a/drivers/staging/wfx/queue.c
+++ b/drivers/staging/wfx/queue.c
@@ -132,12 +132,12 @@ static void wfx_tx_queue_clear(struct wf
spin_lock_bh(&queue->queue.lock);
while ((item = __skb_dequeue(&queue->queue)) != NULL)
skb_queue_head(gc_list, item);
- spin_lock_bh(&stats->pending.lock);
+ spin_lock_nested(&stats->pending.lock, 1);
for (i = 0; i < ARRAY_SIZE(stats->link_map_cache); ++i) {
stats->link_map_cache[i] -= queue->link_map_cache[i];
queue->link_map_cache[i] = 0;
}
- spin_unlock_bh(&stats->pending.lock);
+ spin_unlock(&stats->pending.lock);
spin_unlock_bh(&queue->queue.lock);
}
@@ -213,9 +213,9 @@ void wfx_tx_queue_put(struct wfx_dev *wd
++queue->link_map_cache[tx_priv->link_id];
- spin_lock_bh(&stats->pending.lock);
+ spin_lock_nested(&stats->pending.lock, 1);
++stats->link_map_cache[tx_priv->link_id];
- spin_unlock_bh(&stats->pending.lock);
+ spin_unlock(&stats->pending.lock);
spin_unlock_bh(&queue->queue.lock);
}
@@ -244,11 +244,11 @@ static struct sk_buff *wfx_tx_queue_get(
__skb_unlink(skb, &queue->queue);
--queue->link_map_cache[tx_priv->link_id];
- spin_lock_bh(&stats->pending.lock);
+ spin_lock_nested(&stats->pending.lock, 1);
__skb_queue_tail(&stats->pending, skb);
if (!--stats->link_map_cache[tx_priv->link_id])
wakeup_stats = true;
- spin_unlock_bh(&stats->pending.lock);
+ spin_unlock(&stats->pending.lock);
}
spin_unlock_bh(&queue->queue.lock);
if (wakeup_stats)
@@ -266,10 +266,10 @@ int wfx_pending_requeue(struct wfx_dev *
spin_lock_bh(&queue->queue.lock);
++queue->link_map_cache[tx_priv->link_id];
- spin_lock_bh(&stats->pending.lock);
+ spin_lock_nested(&stats->pending.lock, 1);
++stats->link_map_cache[tx_priv->link_id];
__skb_unlink(skb, &stats->pending);
- spin_unlock_bh(&stats->pending.lock);
+ spin_unlock(&stats->pending.lock);
__skb_queue_tail(&queue->queue, skb);
spin_unlock_bh(&queue->queue.lock);
return 0;
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 164/170] ahci: Add Intel Comet Lake H RAID PCI ID
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (162 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 163/170] staging: wfx: annotate nested gc_list vs tx queue locking Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 165/170] libfs: fix infoleak in simple_attr_read() Greg Kroah-Hartman
` (5 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Kai-Heng Feng, Jens Axboe
From: Kai-Heng Feng <kai.heng.feng@canonical.com>
commit 32d2545462c6cede998267b86e57cda5d1dc2225 upstream.
Add the PCI ID to the driver list to support this new device.
Cc: stable@vger.kernel.org
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ata/ahci.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/ata/ahci.c
+++ b/drivers/ata/ahci.c
@@ -401,6 +401,7 @@ static const struct pci_device_id ahci_p
{ PCI_VDEVICE(INTEL, 0xa252), board_ahci }, /* Lewisburg RAID*/
{ PCI_VDEVICE(INTEL, 0xa256), board_ahci }, /* Lewisburg RAID*/
{ PCI_VDEVICE(INTEL, 0xa356), board_ahci }, /* Cannon Lake PCH-H RAID */
+ { PCI_VDEVICE(INTEL, 0x06d7), board_ahci }, /* Comet Lake-H RAID */
{ PCI_VDEVICE(INTEL, 0x0f22), board_ahci_mobile }, /* Bay Trail AHCI */
{ PCI_VDEVICE(INTEL, 0x0f23), board_ahci_mobile }, /* Bay Trail AHCI */
{ PCI_VDEVICE(INTEL, 0x22a3), board_ahci_mobile }, /* Cherry Tr. AHCI */
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 165/170] libfs: fix infoleak in simple_attr_read()
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (163 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 164/170] ahci: Add Intel Comet Lake H RAID PCI ID Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 166/170] media: ov519: add missing endpoint sanity checks Greg Kroah-Hartman
` (4 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+fcab69d1ada3e8d6f06b,
Alexander Potapenko, Eric Biggers, Kees Cook
From: Eric Biggers <ebiggers@google.com>
commit a65cab7d7f05c2061a3e2490257d3086ff3202c6 upstream.
Reading from a debugfs file at a nonzero position, without first reading
at position 0, leaks uninitialized memory to userspace.
It's a bit tricky to do this, since lseek() and pread() aren't allowed
on these files, and write() doesn't update the position on them. But
writing to them with splice() *does* update the position:
#define _GNU_SOURCE 1
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
int main()
{
int pipes[2], fd, n, i;
char buf[32];
pipe(pipes);
write(pipes[1], "0", 1);
fd = open("/sys/kernel/debug/fault_around_bytes", O_RDWR);
splice(pipes[0], NULL, fd, NULL, 1, 0);
n = read(fd, buf, sizeof(buf));
for (i = 0; i < n; i++)
printf("%02x", buf[i]);
printf("\n");
}
Output:
5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a30
Fix the infoleak by making simple_attr_read() always fill
simple_attr::get_buf if it hasn't been filled yet.
Reported-by: syzbot+fcab69d1ada3e8d6f06b@syzkaller.appspotmail.com
Reported-by: Alexander Potapenko <glider@google.com>
Fixes: acaefc25d21f ("[PATCH] libfs: add simple attribute files")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20200308023849.988264-1-ebiggers@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/libfs.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/fs/libfs.c
+++ b/fs/libfs.c
@@ -821,7 +821,7 @@ int simple_attr_open(struct inode *inode
{
struct simple_attr *attr;
- attr = kmalloc(sizeof(*attr), GFP_KERNEL);
+ attr = kzalloc(sizeof(*attr), GFP_KERNEL);
if (!attr)
return -ENOMEM;
@@ -861,9 +861,11 @@ ssize_t simple_attr_read(struct file *fi
if (ret)
return ret;
- if (*ppos) { /* continued read */
+ if (*ppos && attr->get_buf[0]) {
+ /* continued read */
size = strlen(attr->get_buf);
- } else { /* first read */
+ } else {
+ /* first read */
u64 val;
ret = attr->get(attr->data, &val);
if (ret)
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 166/170] media: ov519: add missing endpoint sanity checks
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (164 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 165/170] libfs: fix infoleak in simple_attr_read() Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 167/170] media: dib0700: fix rc endpoint lookup Greg Kroah-Hartman
` (3 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Johan Hovold,
Hans Verkuil, Mauro Carvalho Chehab
From: Johan Hovold <johan@kernel.org>
commit 998912346c0da53a6dbb71fab3a138586b596b30 upstream.
Make sure to check that we have at least one endpoint before accessing
the endpoint array to avoid dereferencing a NULL-pointer on stream
start.
Note that these sanity checks are not redundant as the driver is mixing
looking up altsettings by index and by number, which need not coincide.
Fixes: 1876bb923c98 ("V4L/DVB (12079): gspca_ov519: add support for the ov511 bridge")
Fixes: b282d87332f5 ("V4L/DVB (12080): gspca_ov519: Fix ov518+ with OV7620AE (Trust spacecam 320)")
Cc: stable <stable@vger.kernel.org> # 2.6.31
Cc: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/gspca/ov519.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/drivers/media/usb/gspca/ov519.c
+++ b/drivers/media/usb/gspca/ov519.c
@@ -3477,6 +3477,11 @@ static void ov511_mode_init_regs(struct
return;
}
+ if (alt->desc.bNumEndpoints < 1) {
+ sd->gspca_dev.usb_err = -ENODEV;
+ return;
+ }
+
packet_size = le16_to_cpu(alt->endpoint[0].desc.wMaxPacketSize);
reg_w(sd, R51x_FIFO_PSIZE, packet_size >> 5);
@@ -3603,6 +3608,11 @@ static void ov518_mode_init_regs(struct
return;
}
+ if (alt->desc.bNumEndpoints < 1) {
+ sd->gspca_dev.usb_err = -ENODEV;
+ return;
+ }
+
packet_size = le16_to_cpu(alt->endpoint[0].desc.wMaxPacketSize);
ov518_reg_w32(sd, R51x_FIFO_PSIZE, packet_size & ~7, 2);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 167/170] media: dib0700: fix rc endpoint lookup
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (165 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 166/170] media: ov519: add missing endpoint sanity checks Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 168/170] media: stv06xx: add missing descriptor sanity checks Greg Kroah-Hartman
` (2 subsequent siblings)
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Sean Young,
Mauro Carvalho Chehab
From: Johan Hovold <johan@kernel.org>
commit f52981019ad8d6718de79b425a574c6bddf81f7c upstream.
Make sure to use the current alternate setting when verifying the
interface descriptors to avoid submitting an URB to an invalid endpoint.
Failing to do so could cause the driver to misbehave or trigger a WARN()
in usb_submit_urb() that kernels with panic_on_warn set would choke on.
Fixes: c4018fa2e4c0 ("[media] dib0700: fix RC support on Hauppauge Nova-TD")
Cc: stable <stable@vger.kernel.org> # 3.16
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/dvb-usb/dib0700_core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/media/usb/dvb-usb/dib0700_core.c
+++ b/drivers/media/usb/dvb-usb/dib0700_core.c
@@ -818,7 +818,7 @@ int dib0700_rc_setup(struct dvb_usb_devi
/* Starting in firmware 1.20, the RC info is provided on a bulk pipe */
- if (intf->altsetting[0].desc.bNumEndpoints < rc_ep + 1)
+ if (intf->cur_altsetting->desc.bNumEndpoints < rc_ep + 1)
return -ENODEV;
purb = usb_alloc_urb(0, GFP_KERNEL);
@@ -838,7 +838,7 @@ int dib0700_rc_setup(struct dvb_usb_devi
* Some devices like the Hauppauge NovaTD model 52009 use an interrupt
* endpoint, while others use a bulk one.
*/
- e = &intf->altsetting[0].endpoint[rc_ep].desc;
+ e = &intf->cur_altsetting->endpoint[rc_ep].desc;
if (usb_endpoint_dir_in(e)) {
if (usb_endpoint_xfer_bulk(e)) {
pipe = usb_rcvbulkpipe(d->udev, rc_ep);
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 168/170] media: stv06xx: add missing descriptor sanity checks
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (166 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 167/170] media: dib0700: fix rc endpoint lookup Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 169/170] media: xirlink_cit: " Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 170/170] media: v4l2-core: fix a use-after-free bug of sd->devnode Greg Kroah-Hartman
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Johan Hovold,
Hans Verkuil, Mauro Carvalho Chehab
From: Johan Hovold <johan@kernel.org>
commit 485b06aadb933190f4bc44e006076bc27a23f205 upstream.
Make sure to check that we have two alternate settings and at least one
endpoint before accessing the second altsetting structure and
dereferencing the endpoint arrays.
This specifically avoids dereferencing NULL-pointers or corrupting
memory when a device does not have the expected descriptors.
Note that the sanity checks in stv06xx_start() and pb0100_start() are
not redundant as the driver is mixing looking up altsettings by index
and by number, which may not coincide.
Fixes: 8668d504d72c ("V4L/DVB (12082): gspca_stv06xx: Add support for st6422 bridge and sensor")
Fixes: c0b33bdc5b8d ("[media] gspca-stv06xx: support bandwidth changing")
Cc: stable <stable@vger.kernel.org> # 2.6.31
Cc: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/gspca/stv06xx/stv06xx.c | 19 ++++++++++++++++++-
drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c | 4 ++++
2 files changed, 22 insertions(+), 1 deletion(-)
--- a/drivers/media/usb/gspca/stv06xx/stv06xx.c
+++ b/drivers/media/usb/gspca/stv06xx/stv06xx.c
@@ -282,6 +282,9 @@ static int stv06xx_start(struct gspca_de
return -EIO;
}
+ if (alt->desc.bNumEndpoints < 1)
+ return -ENODEV;
+
packet_size = le16_to_cpu(alt->endpoint[0].desc.wMaxPacketSize);
err = stv06xx_write_bridge(sd, STV_ISO_SIZE_L, packet_size);
if (err < 0)
@@ -306,11 +309,21 @@ out:
static int stv06xx_isoc_init(struct gspca_dev *gspca_dev)
{
+ struct usb_interface_cache *intfc;
struct usb_host_interface *alt;
struct sd *sd = (struct sd *) gspca_dev;
+ intfc = gspca_dev->dev->actconfig->intf_cache[0];
+
+ if (intfc->num_altsetting < 2)
+ return -ENODEV;
+
+ alt = &intfc->altsetting[1];
+
+ if (alt->desc.bNumEndpoints < 1)
+ return -ENODEV;
+
/* Start isoc bandwidth "negotiation" at max isoc bandwidth */
- alt = &gspca_dev->dev->actconfig->intf_cache[0]->altsetting[1];
alt->endpoint[0].desc.wMaxPacketSize =
cpu_to_le16(sd->sensor->max_packet_size[gspca_dev->curr_mode]);
@@ -323,6 +336,10 @@ static int stv06xx_isoc_nego(struct gspc
struct usb_host_interface *alt;
struct sd *sd = (struct sd *) gspca_dev;
+ /*
+ * Existence of altsetting and endpoint was verified in
+ * stv06xx_isoc_init()
+ */
alt = &gspca_dev->dev->actconfig->intf_cache[0]->altsetting[1];
packet_size = le16_to_cpu(alt->endpoint[0].desc.wMaxPacketSize);
min_packet_size = sd->sensor->min_packet_size[gspca_dev->curr_mode];
--- a/drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c
+++ b/drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c
@@ -185,6 +185,10 @@ static int pb0100_start(struct sd *sd)
alt = usb_altnum_to_altsetting(intf, sd->gspca_dev.alt);
if (!alt)
return -ENODEV;
+
+ if (alt->desc.bNumEndpoints < 1)
+ return -ENODEV;
+
packet_size = le16_to_cpu(alt->endpoint[0].desc.wMaxPacketSize);
/* If we don't have enough bandwidth use a lower framerate */
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 169/170] media: xirlink_cit: add missing descriptor sanity checks
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (167 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 168/170] media: stv06xx: add missing descriptor sanity checks Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 170/170] media: v4l2-core: fix a use-after-free bug of sd->devnode Greg Kroah-Hartman
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Johan Hovold,
Hans Verkuil, Mauro Carvalho Chehab
From: Johan Hovold <johan@kernel.org>
commit a246b4d547708f33ff4d4b9a7a5dbac741dc89d8 upstream.
Make sure to check that we have two alternate settings and at least one
endpoint before accessing the second altsetting structure and
dereferencing the endpoint arrays.
This specifically avoids dereferencing NULL-pointers or corrupting
memory when a device does not have the expected descriptors.
Note that the sanity check in cit_get_packet_size() is not redundant as
the driver is mixing looking up altsettings by index and by number,
which may not coincide.
Fixes: 659fefa0eb17 ("V4L/DVB: gspca_xirlink_cit: Add support for camera with a bcd version of 0.01")
Fixes: 59f8b0bf3c12 ("V4L/DVB: gspca_xirlink_cit: support bandwidth changing for devices with 1 alt setting")
Cc: stable <stable@vger.kernel.org> # 2.6.37
Cc: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/gspca/xirlink_cit.c | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
--- a/drivers/media/usb/gspca/xirlink_cit.c
+++ b/drivers/media/usb/gspca/xirlink_cit.c
@@ -1442,6 +1442,9 @@ static int cit_get_packet_size(struct gs
return -EIO;
}
+ if (alt->desc.bNumEndpoints < 1)
+ return -ENODEV;
+
return le16_to_cpu(alt->endpoint[0].desc.wMaxPacketSize);
}
@@ -2626,6 +2629,7 @@ static int sd_start(struct gspca_dev *gs
static int sd_isoc_init(struct gspca_dev *gspca_dev)
{
+ struct usb_interface_cache *intfc;
struct usb_host_interface *alt;
int max_packet_size;
@@ -2641,8 +2645,17 @@ static int sd_isoc_init(struct gspca_dev
break;
}
+ intfc = gspca_dev->dev->actconfig->intf_cache[0];
+
+ if (intfc->num_altsetting < 2)
+ return -ENODEV;
+
+ alt = &intfc->altsetting[1];
+
+ if (alt->desc.bNumEndpoints < 1)
+ return -ENODEV;
+
/* Start isoc bandwidth "negotiation" at max isoc bandwidth */
- alt = &gspca_dev->dev->actconfig->intf_cache[0]->altsetting[1];
alt->endpoint[0].desc.wMaxPacketSize = cpu_to_le16(max_packet_size);
return 0;
@@ -2665,6 +2678,9 @@ static int sd_isoc_nego(struct gspca_dev
break;
}
+ /*
+ * Existence of altsetting and endpoint was verified in sd_isoc_init()
+ */
alt = &gspca_dev->dev->actconfig->intf_cache[0]->altsetting[1];
packet_size = le16_to_cpu(alt->endpoint[0].desc.wMaxPacketSize);
if (packet_size <= min_packet_size)
^ permalink raw reply [flat|nested] 180+ messages in thread
* [PATCH 5.5 170/170] media: v4l2-core: fix a use-after-free bug of sd->devnode
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
` (168 preceding siblings ...)
2020-03-31 8:59 ` [PATCH 5.5 169/170] media: xirlink_cit: " Greg Kroah-Hartman
@ 2020-03-31 8:59 ` Greg Kroah-Hartman
169 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 8:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dafna Hirschfeld, Ezequiel Garcia,
Hans Verkuil, Mauro Carvalho Chehab
From: Dafna Hirschfeld <dafna.hirschfeld@collabora.com>
commit 6990570f7e0a6078e11b9c5dc13f4b6e3f49a398 upstream.
sd->devnode is released after calling
v4l2_subdev_release. Therefore it should be set
to NULL so that the subdev won't hold a pointer
to a released object. This fixes a reference
after free bug in function
v4l2_device_unregister_subdev
Fixes: 0e43734d4c46e ("media: v4l2-subdev: add release() internal op")
Cc: stable@vger.kernel.org
Signed-off-by: Dafna Hirschfeld <dafna.hirschfeld@collabora.com>
Reviewed-by: Ezequiel Garcia <ezequiel@collabora.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/v4l2-core/v4l2-device.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/media/v4l2-core/v4l2-device.c
+++ b/drivers/media/v4l2-core/v4l2-device.c
@@ -179,6 +179,7 @@ static void v4l2_subdev_release(struct v
if (sd->internal_ops && sd->internal_ops->release)
sd->internal_ops->release(sd);
+ sd->devnode = NULL;
module_put(owner);
}
^ permalink raw reply [flat|nested] 180+ messages in thread
* Re: [PATCH 5.5 102/170] scripts/dtc: Remove redundant YYLOC global declaration
2020-03-31 8:58 ` [PATCH 5.5 102/170] scripts/dtc: Remove redundant YYLOC global declaration Greg Kroah-Hartman
@ 2020-03-31 9:53 ` Nathan Chancellor
2020-03-31 10:02 ` Greg Kroah-Hartman
0 siblings, 1 reply; 180+ messages in thread
From: Nathan Chancellor @ 2020-03-31 9:53 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Dirk Mueller, David Gibson, Rob Herring
On Tue, Mar 31, 2020 at 10:58:36AM +0200, Greg Kroah-Hartman wrote:
> From: Dirk Mueller <dmueller@suse.com>
>
> commit e33a814e772cdc36436c8c188d8c42d019fda639 upstream.
>
> gcc 10 will default to -fno-common, which causes this error at link
> time:
>
> (.text+0x0): multiple definition of `yylloc'; dtc-lexer.lex.o (symbol from plugin):(.text+0x0): first defined here
>
> This is because both dtc-lexer as well as dtc-parser define the same
> global symbol yyloc. Before with -fcommon those were merged into one
> defintion. The proper solution would be to to mark this as "extern",
> however that leads to:
>
> dtc-lexer.l:26:16: error: redundant redeclaration of 'yylloc' [-Werror=redundant-decls]
> 26 | extern YYLTYPE yylloc;
> | ^~~~~~
> In file included from dtc-lexer.l:24:
> dtc-parser.tab.h:127:16: note: previous declaration of 'yylloc' was here
> 127 | extern YYLTYPE yylloc;
> | ^~~~~~
> cc1: all warnings being treated as errors
>
> which means the declaration is completely redundant and can just be
> dropped.
>
> Signed-off-by: Dirk Mueller <dmueller@suse.com>
> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> [robh: cherry-pick from upstream]
> Cc: stable@vger.kernel.org
> Signed-off-by: Rob Herring <robh@kernel.org>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>
> ---
> scripts/dtc/dtc-lexer.l | 1 -
> 1 file changed, 1 deletion(-)
>
> --- a/scripts/dtc/dtc-lexer.l
> +++ b/scripts/dtc/dtc-lexer.l
> @@ -23,7 +23,6 @@ LINECOMMENT "//".*\n
> #include "srcpos.h"
> #include "dtc-parser.tab.h"
>
> -YYLTYPE yylloc;
> extern bool treesource_error;
>
> /* CAUTION: this will stop working if we ever use yyless() or yyunput() */
>
>
Hi Greg,
Replying here simply because I am not subscribed to the stable-commits
mailing list and there does not appear to be an easy way to reply to one
of those emails through the existing archives because they are not as
nice as lore.kernel.org.
This patch is fine for the current releases in review but 4.4, 4.9, and
4.14 need to have the patch applied to scripts/dtc/dtc-lexer.lex.c_shipped
because prior to commit e039139be8c2 ("scripts/dtc: generate lexer and
parser during build instead of shipping"), that was the file that was
being built. Running the command below in the stable-queue repo works
for me and I have tested all of the patches to make sure they still
apply (albeit with some fuzz).
$ sed -i 's;scripts/dtc/dtc-lexer.l;scripts/dtc/dtc-lexer.lex.c_shipped;g' \
queue-{4.4,4.9,4.14}/scripts-dtc-remove-redundant-yyloc-global-declaration.patch
If you would prefer a set of patches, let me know.
Cheers,
Nathan
^ permalink raw reply [flat|nested] 180+ messages in thread
* Re: [PATCH 5.5 102/170] scripts/dtc: Remove redundant YYLOC global declaration
2020-03-31 9:53 ` Nathan Chancellor
@ 2020-03-31 10:02 ` Greg Kroah-Hartman
2020-03-31 11:45 ` Dirk Müller
0 siblings, 1 reply; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 10:02 UTC (permalink / raw)
To: Nathan Chancellor
Cc: linux-kernel, stable, Dirk Mueller, David Gibson, Rob Herring
On Tue, Mar 31, 2020 at 02:53:23AM -0700, Nathan Chancellor wrote:
> On Tue, Mar 31, 2020 at 10:58:36AM +0200, Greg Kroah-Hartman wrote:
> > From: Dirk Mueller <dmueller@suse.com>
> >
> > commit e33a814e772cdc36436c8c188d8c42d019fda639 upstream.
> >
> > gcc 10 will default to -fno-common, which causes this error at link
> > time:
> >
> > (.text+0x0): multiple definition of `yylloc'; dtc-lexer.lex.o (symbol from plugin):(.text+0x0): first defined here
> >
> > This is because both dtc-lexer as well as dtc-parser define the same
> > global symbol yyloc. Before with -fcommon those were merged into one
> > defintion. The proper solution would be to to mark this as "extern",
> > however that leads to:
> >
> > dtc-lexer.l:26:16: error: redundant redeclaration of 'yylloc' [-Werror=redundant-decls]
> > 26 | extern YYLTYPE yylloc;
> > | ^~~~~~
> > In file included from dtc-lexer.l:24:
> > dtc-parser.tab.h:127:16: note: previous declaration of 'yylloc' was here
> > 127 | extern YYLTYPE yylloc;
> > | ^~~~~~
> > cc1: all warnings being treated as errors
> >
> > which means the declaration is completely redundant and can just be
> > dropped.
> >
> > Signed-off-by: Dirk Mueller <dmueller@suse.com>
> > Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> > [robh: cherry-pick from upstream]
> > Cc: stable@vger.kernel.org
> > Signed-off-by: Rob Herring <robh@kernel.org>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> >
> > ---
> > scripts/dtc/dtc-lexer.l | 1 -
> > 1 file changed, 1 deletion(-)
> >
> > --- a/scripts/dtc/dtc-lexer.l
> > +++ b/scripts/dtc/dtc-lexer.l
> > @@ -23,7 +23,6 @@ LINECOMMENT "//".*\n
> > #include "srcpos.h"
> > #include "dtc-parser.tab.h"
> >
> > -YYLTYPE yylloc;
> > extern bool treesource_error;
> >
> > /* CAUTION: this will stop working if we ever use yyless() or yyunput() */
> >
> >
>
> Hi Greg,
>
> Replying here simply because I am not subscribed to the stable-commits
> mailing list and there does not appear to be an easy way to reply to one
> of those emails through the existing archives because they are not as
> nice as lore.kernel.org.
>
> This patch is fine for the current releases in review but 4.4, 4.9, and
> 4.14 need to have the patch applied to scripts/dtc/dtc-lexer.lex.c_shipped
> because prior to commit e039139be8c2 ("scripts/dtc: generate lexer and
> parser during build instead of shipping"), that was the file that was
> being built. Running the command below in the stable-queue repo works
> for me and I have tested all of the patches to make sure they still
> apply (albeit with some fuzz).
>
> $ sed -i 's;scripts/dtc/dtc-lexer.l;scripts/dtc/dtc-lexer.lex.c_shipped;g' \
> queue-{4.4,4.9,4.14}/scripts-dtc-remove-redundant-yyloc-global-declaration.patch
>
> If you would prefer a set of patches, let me know.
Should I just drop the patch from 4.4, 4.9, and 4.14 instead?
If not, yes, I can run the above script on the patches.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 180+ messages in thread
* Re: [PATCH 5.5 138/170] netfilter: nft_fwd_netdev: allow to redirect to ifb via ingress
2020-03-31 8:59 ` [PATCH 5.5 138/170] netfilter: nft_fwd_netdev: allow to redirect to ifb via ingress Greg Kroah-Hartman
@ 2020-03-31 10:16 ` Pablo Neira Ayuso
2020-03-31 12:12 ` Greg Kroah-Hartman
0 siblings, 1 reply; 180+ messages in thread
From: Pablo Neira Ayuso @ 2020-03-31 10:16 UTC (permalink / raw)
To: Greg Kroah-Hartman; +Cc: linux-kernel, stable, netfilter-devel
On Tue, Mar 31, 2020 at 10:59:12AM +0200, Greg Kroah-Hartman wrote:
> From: Pablo Neira Ayuso <pablo@netfilter.org>
>
> commit bcfabee1afd99484b6ba067361b8678e28bbc065 upstream.
>
> Set skb->tc_redirected to 1, otherwise the ifb driver drops the packet.
> Set skb->tc_from_ingress to 1 to reinject the packet back to the ingress
> path after leaving the ifb egress path.
>
> This patch inconditionally sets on these two skb fields that are
> meaningful to the ifb driver. The existing forward action is guaranteed
> to run from ingress path.
>
> Fixes: 39e6dea28adc ("netfilter: nf_tables: add forward expression to the netdev family")
> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>
> ---
> net/netfilter/nft_fwd_netdev.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> --- a/net/netfilter/nft_fwd_netdev.c
> +++ b/net/netfilter/nft_fwd_netdev.c
> @@ -28,6 +28,10 @@ static void nft_fwd_netdev_eval(const st
> struct nft_fwd_netdev *priv = nft_expr_priv(expr);
> int oif = regs->data[priv->sreg_dev];
>
> + /* These are used by ifb only. */
> + pkt->skb->tc_redirected = 1;
> + pkt->skb->tc_from_ingress = 1;
This patch also requires:
2c64605b590e net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build
Otherwise build breaks with CONFIG_NET_CLS_ACT=n.
Thanks.
^ permalink raw reply [flat|nested] 180+ messages in thread
* Re: [PATCH 5.5 102/170] scripts/dtc: Remove redundant YYLOC global declaration
2020-03-31 10:02 ` Greg Kroah-Hartman
@ 2020-03-31 11:45 ` Dirk Müller
2020-03-31 12:09 ` Greg Kroah-Hartman
0 siblings, 1 reply; 180+ messages in thread
From: Dirk Müller @ 2020-03-31 11:45 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Nathan Chancellor, linux-kernel, stable, David Gibson, Rob Herring
Hi Greg,
>> $ sed -i 's;scripts/dtc/dtc-lexer.l;scripts/dtc/dtc-lexer.lex.c_shipped;g' \
>> queue-{4.4,4.9,4.14}/scripts-dtc-remove-redundant-yyloc-global-declaration.patch
>> If you would prefer a set of patches, let me know.
> Should I just drop the patch from 4.4, 4.9, and 4.14 instead?
as the original author of the patch, I am not sure why it was backported to the LTS releases (unless enablement for gcc 10.x or
other new toolchains is a requirement, which I'm not aware of).
However I think the sed above on the *patch* means that the patch will *only* modify the generated sources, not the input sources. I think
it would be better to patch both *input* and *generated* sources, or backport the generate-at-runtime patch as well (which might be
even further outside the stable policy).
Not knowing why it was backported, I would suggest to just dequeue the patch from the older trees.
Greetings,
Dirk
^ permalink raw reply [flat|nested] 180+ messages in thread
* Re: [PATCH 5.5 102/170] scripts/dtc: Remove redundant YYLOC global declaration
2020-03-31 11:45 ` Dirk Müller
@ 2020-03-31 12:09 ` Greg Kroah-Hartman
2020-03-31 19:25 ` Nathan Chancellor
2020-03-31 21:35 ` Dirk Müller
0 siblings, 2 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 12:09 UTC (permalink / raw)
To: Dirk Müller
Cc: Nathan Chancellor, linux-kernel, stable, David Gibson, Rob Herring
On Tue, Mar 31, 2020 at 01:45:09PM +0200, Dirk Müller wrote:
> Hi Greg,
>
> >> $ sed -i 's;scripts/dtc/dtc-lexer.l;scripts/dtc/dtc-lexer.lex.c_shipped;g' \
> >> queue-{4.4,4.9,4.14}/scripts-dtc-remove-redundant-yyloc-global-declaration.patch
> >> If you would prefer a set of patches, let me know.
> > Should I just drop the patch from 4.4, 4.9, and 4.14 instead?
>
> as the original author of the patch, I am not sure why it was backported to the LTS releases (unless enablement for gcc 10.x or
> other new toolchains is a requirement, which I'm not aware of).
Keeping the older kernels building with newer compilers is something
that we do. It's needed as our build systems "age-out" the older
compilers a lot :)
> However I think the sed above on the *patch* means that the patch will *only* modify the generated sources, not the input sources. I think
> it would be better to patch both *input* and *generated* sources, or backport the generate-at-runtime patch as well (which might be
> even further outside the stable policy).
What do you mean by "input sources" here?
> Not knowing why it was backported, I would suggest to just dequeue the patch from the older trees.
If I drop it for now, I'll have to add it back when gcc10 is pushed out
to my build systems and laptops :(
thanks,
greg k-h
^ permalink raw reply [flat|nested] 180+ messages in thread
* Re: [PATCH 5.5 138/170] netfilter: nft_fwd_netdev: allow to redirect to ifb via ingress
2020-03-31 10:16 ` Pablo Neira Ayuso
@ 2020-03-31 12:12 ` Greg Kroah-Hartman
0 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-31 12:12 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: linux-kernel, stable, netfilter-devel
On Tue, Mar 31, 2020 at 12:16:03PM +0200, Pablo Neira Ayuso wrote:
> On Tue, Mar 31, 2020 at 10:59:12AM +0200, Greg Kroah-Hartman wrote:
> > From: Pablo Neira Ayuso <pablo@netfilter.org>
> >
> > commit bcfabee1afd99484b6ba067361b8678e28bbc065 upstream.
> >
> > Set skb->tc_redirected to 1, otherwise the ifb driver drops the packet.
> > Set skb->tc_from_ingress to 1 to reinject the packet back to the ingress
> > path after leaving the ifb egress path.
> >
> > This patch inconditionally sets on these two skb fields that are
> > meaningful to the ifb driver. The existing forward action is guaranteed
> > to run from ingress path.
> >
> > Fixes: 39e6dea28adc ("netfilter: nf_tables: add forward expression to the netdev family")
> > Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> >
> > ---
> > net/netfilter/nft_fwd_netdev.c | 4 ++++
> > 1 file changed, 4 insertions(+)
> >
> > --- a/net/netfilter/nft_fwd_netdev.c
> > +++ b/net/netfilter/nft_fwd_netdev.c
> > @@ -28,6 +28,10 @@ static void nft_fwd_netdev_eval(const st
> > struct nft_fwd_netdev *priv = nft_expr_priv(expr);
> > int oif = regs->data[priv->sreg_dev];
> >
> > + /* These are used by ifb only. */
> > + pkt->skb->tc_redirected = 1;
> > + pkt->skb->tc_from_ingress = 1;
>
> This patch also requires:
>
> 2c64605b590e net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build
>
> Otherwise build breaks with CONFIG_NET_CLS_ACT=n.
Thanks for the hint, will go do that now.
greg k-h
^ permalink raw reply [flat|nested] 180+ messages in thread
* Re: [PATCH 5.5 102/170] scripts/dtc: Remove redundant YYLOC global declaration
2020-03-31 12:09 ` Greg Kroah-Hartman
@ 2020-03-31 19:25 ` Nathan Chancellor
2020-04-02 17:40 ` Greg Kroah-Hartman
2020-03-31 21:35 ` Dirk Müller
1 sibling, 1 reply; 180+ messages in thread
From: Nathan Chancellor @ 2020-03-31 19:25 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Dirk Müller, linux-kernel, stable, David Gibson, Rob Herring
[-- Attachment #1: Type: text/plain, Size: 2282 bytes --]
On Tue, Mar 31, 2020 at 02:09:17PM +0200, Greg Kroah-Hartman wrote:
> On Tue, Mar 31, 2020 at 01:45:09PM +0200, Dirk Müller wrote:
> > Hi Greg,
> >
> > >> $ sed -i 's;scripts/dtc/dtc-lexer.l;scripts/dtc/dtc-lexer.lex.c_shipped;g' \
> > >> queue-{4.4,4.9,4.14}/scripts-dtc-remove-redundant-yyloc-global-declaration.patch
> > >> If you would prefer a set of patches, let me know.
> > > Should I just drop the patch from 4.4, 4.9, and 4.14 instead?
> >
> > as the original author of the patch, I am not sure why it was backported to the LTS releases (unless enablement for gcc 10.x or
> > other new toolchains is a requirement, which I'm not aware of).
The reason I am commenting on this is that Clang 11 is matching GCC's
-fno-common change. Google will run into this when they do their
toolchain uprev on Android (sooner rather than later) so it'd be good
to deal with this now:
https://android.googlesource.com/kernel/build/+/refs/heads/master/build.sh#226
Their devices back to 4.4 see builds with newer and newer toolchains so
we need this back to 4.4. I am sure Chrome OS will also run into this
shortly as well.
> > However I think the sed above on the *patch* means that the patch will *only* modify the generated sources, not the input sources. I think
> > it would be better to patch both *input* and *generated* sources, or backport the generate-at-runtime patch as well (which might be
> > even further outside the stable policy).
>
> What do you mean by "input sources" here?
dtc-lexer.l is the input source for dtc-lexer.lex.c, which was then
copied to dtc-lexer.lex.c_shipped prior to e039139be8c2 ("scripts/dtc:
generate lexer and parser during build instead of shipping"). In other
words, prior to 4.17, dtc-lexer.l is not used at all in the build
system.
However, I agree with Dirk that it would be most proper to apply the fix
to both dtc-lexer.l and dtc-lexer.lex.c_shipped so I have attached a
backport for 4.4, 4.9, and 4.14 that has does just that.
> > Not knowing why it was backported, I would suggest to just dequeue the patch from the older trees.
>
> If I drop it for now, I'll have to add it back when gcc10 is pushed out
> to my build systems and laptops :(
>
> thanks,
>
> greg k-h
Hope this makes sense/isn't confusing.
Cheers,
Nathan
[-- Attachment #2: 4.4-0001-scripts-dtc-Remove-redundant-YYLOC-global-declaratio.patch --]
[-- Type: text/x-diff, Size: 2480 bytes --]
From c5607dedb1e9636e76c8d026b5209c54a52087d2 Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dmueller@suse.com>
Date: Tue, 14 Jan 2020 18:53:41 +0100
Subject: [PATCH 4.4] scripts/dtc: Remove redundant YYLOC global declaration
commit e33a814e772cdc36436c8c188d8c42d019fda639 upstream.
gcc 10 will default to -fno-common, which causes this error at link
time:
(.text+0x0): multiple definition of `yylloc'; dtc-lexer.lex.o (symbol from plugin):(.text+0x0): first defined here
This is because both dtc-lexer as well as dtc-parser define the same
global symbol yyloc. Before with -fcommon those were merged into one
defintion. The proper solution would be to to mark this as "extern",
however that leads to:
dtc-lexer.l:26:16: error: redundant redeclaration of 'yylloc' [-Werror=redundant-decls]
26 | extern YYLTYPE yylloc;
| ^~~~~~
In file included from dtc-lexer.l:24:
dtc-parser.tab.h:127:16: note: previous declaration of 'yylloc' was here
127 | extern YYLTYPE yylloc;
| ^~~~~~
cc1: all warnings being treated as errors
which means the declaration is completely redundant and can just be
dropped.
Signed-off-by: Dirk Mueller <dmueller@suse.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[robh: cherry-pick from upstream]
Cc: stable@vger.kernel.org
Signed-off-by: Rob Herring <robh@kernel.org>
[nc: Also apply to dtc-lexer.lex.c_shipped due to a lack of
e039139be8c2, where dtc-lexer.l started being used]
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
---
scripts/dtc/dtc-lexer.l | 1 -
scripts/dtc/dtc-lexer.lex.c_shipped | 1 -
2 files changed, 2 deletions(-)
diff --git a/scripts/dtc/dtc-lexer.l b/scripts/dtc/dtc-lexer.l
index 790fbf6cf2d7..e4e0f6a8d07b 100644
--- a/scripts/dtc/dtc-lexer.l
+++ b/scripts/dtc/dtc-lexer.l
@@ -38,7 +38,6 @@ LINECOMMENT "//".*\n
#include "srcpos.h"
#include "dtc-parser.tab.h"
-YYLTYPE yylloc;
extern bool treesource_error;
/* CAUTION: this will stop working if we ever use yyless() or yyunput() */
diff --git a/scripts/dtc/dtc-lexer.lex.c_shipped b/scripts/dtc/dtc-lexer.lex.c_shipped
index ba525c2f9fc2..750f7a4e3ece 100644
--- a/scripts/dtc/dtc-lexer.lex.c_shipped
+++ b/scripts/dtc/dtc-lexer.lex.c_shipped
@@ -637,7 +637,6 @@ char *yytext;
#include "srcpos.h"
#include "dtc-parser.tab.h"
-YYLTYPE yylloc;
extern bool treesource_error;
/* CAUTION: this will stop working if we ever use yyless() or yyunput() */
--
2.26.0
[-- Attachment #3: 4.9-0001-scripts-dtc-Remove-redundant-YYLOC-global-declaratio.patch --]
[-- Type: text/x-diff, Size: 2480 bytes --]
From c5607dedb1e9636e76c8d026b5209c54a52087d2 Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dmueller@suse.com>
Date: Tue, 14 Jan 2020 18:53:41 +0100
Subject: [PATCH 4.9] scripts/dtc: Remove redundant YYLOC global declaration
commit e33a814e772cdc36436c8c188d8c42d019fda639 upstream.
gcc 10 will default to -fno-common, which causes this error at link
time:
(.text+0x0): multiple definition of `yylloc'; dtc-lexer.lex.o (symbol from plugin):(.text+0x0): first defined here
This is because both dtc-lexer as well as dtc-parser define the same
global symbol yyloc. Before with -fcommon those were merged into one
defintion. The proper solution would be to to mark this as "extern",
however that leads to:
dtc-lexer.l:26:16: error: redundant redeclaration of 'yylloc' [-Werror=redundant-decls]
26 | extern YYLTYPE yylloc;
| ^~~~~~
In file included from dtc-lexer.l:24:
dtc-parser.tab.h:127:16: note: previous declaration of 'yylloc' was here
127 | extern YYLTYPE yylloc;
| ^~~~~~
cc1: all warnings being treated as errors
which means the declaration is completely redundant and can just be
dropped.
Signed-off-by: Dirk Mueller <dmueller@suse.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[robh: cherry-pick from upstream]
Cc: stable@vger.kernel.org
Signed-off-by: Rob Herring <robh@kernel.org>
[nc: Also apply to dtc-lexer.lex.c_shipped due to a lack of
e039139be8c2, where dtc-lexer.l started being used]
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
---
scripts/dtc/dtc-lexer.l | 1 -
scripts/dtc/dtc-lexer.lex.c_shipped | 1 -
2 files changed, 2 deletions(-)
diff --git a/scripts/dtc/dtc-lexer.l b/scripts/dtc/dtc-lexer.l
index 790fbf6cf2d7..e4e0f6a8d07b 100644
--- a/scripts/dtc/dtc-lexer.l
+++ b/scripts/dtc/dtc-lexer.l
@@ -38,7 +38,6 @@ LINECOMMENT "//".*\n
#include "srcpos.h"
#include "dtc-parser.tab.h"
-YYLTYPE yylloc;
extern bool treesource_error;
/* CAUTION: this will stop working if we ever use yyless() or yyunput() */
diff --git a/scripts/dtc/dtc-lexer.lex.c_shipped b/scripts/dtc/dtc-lexer.lex.c_shipped
index ba525c2f9fc2..750f7a4e3ece 100644
--- a/scripts/dtc/dtc-lexer.lex.c_shipped
+++ b/scripts/dtc/dtc-lexer.lex.c_shipped
@@ -637,7 +637,6 @@ char *yytext;
#include "srcpos.h"
#include "dtc-parser.tab.h"
-YYLTYPE yylloc;
extern bool treesource_error;
/* CAUTION: this will stop working if we ever use yyless() or yyunput() */
--
2.26.0
[-- Attachment #4: 4.14-0001-scripts-dtc-Remove-redundant-YYLOC-global-declaratio.patch --]
[-- Type: text/x-diff, Size: 2481 bytes --]
From c5607dedb1e9636e76c8d026b5209c54a52087d2 Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dmueller@suse.com>
Date: Tue, 14 Jan 2020 18:53:41 +0100
Subject: [PATCH 4.14] scripts/dtc: Remove redundant YYLOC global declaration
commit e33a814e772cdc36436c8c188d8c42d019fda639 upstream.
gcc 10 will default to -fno-common, which causes this error at link
time:
(.text+0x0): multiple definition of `yylloc'; dtc-lexer.lex.o (symbol from plugin):(.text+0x0): first defined here
This is because both dtc-lexer as well as dtc-parser define the same
global symbol yyloc. Before with -fcommon those were merged into one
defintion. The proper solution would be to to mark this as "extern",
however that leads to:
dtc-lexer.l:26:16: error: redundant redeclaration of 'yylloc' [-Werror=redundant-decls]
26 | extern YYLTYPE yylloc;
| ^~~~~~
In file included from dtc-lexer.l:24:
dtc-parser.tab.h:127:16: note: previous declaration of 'yylloc' was here
127 | extern YYLTYPE yylloc;
| ^~~~~~
cc1: all warnings being treated as errors
which means the declaration is completely redundant and can just be
dropped.
Signed-off-by: Dirk Mueller <dmueller@suse.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[robh: cherry-pick from upstream]
Cc: stable@vger.kernel.org
Signed-off-by: Rob Herring <robh@kernel.org>
[nc: Also apply to dtc-lexer.lex.c_shipped due to a lack of
e039139be8c2, where dtc-lexer.l started being used]
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
---
scripts/dtc/dtc-lexer.l | 1 -
scripts/dtc/dtc-lexer.lex.c_shipped | 1 -
2 files changed, 2 deletions(-)
diff --git a/scripts/dtc/dtc-lexer.l b/scripts/dtc/dtc-lexer.l
index 790fbf6cf2d7..e4e0f6a8d07b 100644
--- a/scripts/dtc/dtc-lexer.l
+++ b/scripts/dtc/dtc-lexer.l
@@ -38,7 +38,6 @@ LINECOMMENT "//".*\n
#include "srcpos.h"
#include "dtc-parser.tab.h"
-YYLTYPE yylloc;
extern bool treesource_error;
/* CAUTION: this will stop working if we ever use yyless() or yyunput() */
diff --git a/scripts/dtc/dtc-lexer.lex.c_shipped b/scripts/dtc/dtc-lexer.lex.c_shipped
index ba525c2f9fc2..750f7a4e3ece 100644
--- a/scripts/dtc/dtc-lexer.lex.c_shipped
+++ b/scripts/dtc/dtc-lexer.lex.c_shipped
@@ -637,7 +637,6 @@ char *yytext;
#include "srcpos.h"
#include "dtc-parser.tab.h"
-YYLTYPE yylloc;
extern bool treesource_error;
/* CAUTION: this will stop working if we ever use yyless() or yyunput() */
--
2.26.0
^ permalink raw reply related [flat|nested] 180+ messages in thread
* Re: [PATCH 5.5 102/170] scripts/dtc: Remove redundant YYLOC global declaration
2020-03-31 12:09 ` Greg Kroah-Hartman
2020-03-31 19:25 ` Nathan Chancellor
@ 2020-03-31 21:35 ` Dirk Müller
1 sibling, 0 replies; 180+ messages in thread
From: Dirk Müller @ 2020-03-31 21:35 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Nathan Chancellor, linux-kernel, stable, David Gibson, Rob Herring
Hi Greg,
>> However I think the sed above on the *patch* means that the patch will *only* modify the generated sources, not the input sources. I think
>> it would be better to patch both *input* and *generated* sources, or backport the generate-at-runtime patch as well (which might be
>> even further outside the stable policy).
>
> What do you mean by "input sources" here?
scripts/dtc/update-dtc-source.sh in older kernel generates a _shipped variant of the files from the .l/.y files:
$ ls -1 scripts/dtc/dtc-lexer.l*
scripts/dtc/dtc-lexer.l
scripts/dtc/dtc-lexer.lex.c_shipped
in newer kernels these _shipped files are generated at build time from dtc-lexer.l, which my patch is updating. I suggested
to modify the patches for older release to *both* patch dtc-lexer.l as well as update the *generated* files that are tracked
in git as dtc-lexer.lex.c_shipped rather than just in/place modifying the generated file (which would then at some later point
in time get lost as other changes regenerate the _shipped file then, reintroducing the bug).
> If I drop it for now, I'll have to add it back when gcc10 is pushed out
> to my build systems and laptops :(
Let me know if I can help with a backportable patch.
Greetings,
Dirk
^ permalink raw reply [flat|nested] 180+ messages in thread
* Re: [PATCH 5.5 102/170] scripts/dtc: Remove redundant YYLOC global declaration
2020-03-31 19:25 ` Nathan Chancellor
@ 2020-04-02 17:40 ` Greg Kroah-Hartman
0 siblings, 0 replies; 180+ messages in thread
From: Greg Kroah-Hartman @ 2020-04-02 17:40 UTC (permalink / raw)
To: Nathan Chancellor
Cc: Dirk Müller, linux-kernel, stable, David Gibson, Rob Herring
On Tue, Mar 31, 2020 at 12:25:15PM -0700, Nathan Chancellor wrote:
> On Tue, Mar 31, 2020 at 02:09:17PM +0200, Greg Kroah-Hartman wrote:
> > On Tue, Mar 31, 2020 at 01:45:09PM +0200, Dirk Müller wrote:
> > > Hi Greg,
> > >
> > > >> $ sed -i 's;scripts/dtc/dtc-lexer.l;scripts/dtc/dtc-lexer.lex.c_shipped;g' \
> > > >> queue-{4.4,4.9,4.14}/scripts-dtc-remove-redundant-yyloc-global-declaration.patch
> > > >> If you would prefer a set of patches, let me know.
> > > > Should I just drop the patch from 4.4, 4.9, and 4.14 instead?
> > >
> > > as the original author of the patch, I am not sure why it was backported to the LTS releases (unless enablement for gcc 10.x or
> > > other new toolchains is a requirement, which I'm not aware of).
>
> The reason I am commenting on this is that Clang 11 is matching GCC's
> -fno-common change. Google will run into this when they do their
> toolchain uprev on Android (sooner rather than later) so it'd be good
> to deal with this now:
>
> https://android.googlesource.com/kernel/build/+/refs/heads/master/build.sh#226
>
> Their devices back to 4.4 see builds with newer and newer toolchains so
> we need this back to 4.4. I am sure Chrome OS will also run into this
> shortly as well.
>
> > > However I think the sed above on the *patch* means that the patch will *only* modify the generated sources, not the input sources. I think
> > > it would be better to patch both *input* and *generated* sources, or backport the generate-at-runtime patch as well (which might be
> > > even further outside the stable policy).
> >
> > What do you mean by "input sources" here?
>
> dtc-lexer.l is the input source for dtc-lexer.lex.c, which was then
> copied to dtc-lexer.lex.c_shipped prior to e039139be8c2 ("scripts/dtc:
> generate lexer and parser during build instead of shipping"). In other
> words, prior to 4.17, dtc-lexer.l is not used at all in the build
> system.
>
> However, I agree with Dirk that it would be most proper to apply the fix
> to both dtc-lexer.l and dtc-lexer.lex.c_shipped so I have attached a
> backport for 4.4, 4.9, and 4.14 that has does just that.
>
> > > Not knowing why it was backported, I would suggest to just dequeue the patch from the older trees.
> >
> > If I drop it for now, I'll have to add it back when gcc10 is pushed out
> > to my build systems and laptops :(
> >
> > thanks,
> >
> > greg k-h
>
> Hope this makes sense/isn't confusing.
Makes sense, thanks for the patches, I've now updated the tree with the
versions you provided.
greg k-h
^ permalink raw reply [flat|nested] 180+ messages in thread
end of thread, other threads:[~2020-04-02 17:40 UTC | newest]
Thread overview: 180+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-31 8:56 [PATCH 5.5 000/170] 5.5.14-rc1 review Greg Kroah-Hartman
2020-03-31 8:56 ` [PATCH 5.5 001/170] mmc: core: Allow host controllers to require R1B for CMD6 Greg Kroah-Hartman
2020-03-31 8:56 ` [PATCH 5.5 002/170] mmc: core: Respect MMC_CAP_NEED_RSP_BUSY for erase/trim/discard Greg Kroah-Hartman
2020-03-31 8:56 ` [PATCH 5.5 003/170] mmc: core: Respect MMC_CAP_NEED_RSP_BUSY for eMMC sleep command Greg Kroah-Hartman
2020-03-31 8:56 ` [PATCH 5.5 004/170] mmc: sdhci-omap: Fix busy detection by enabling MMC_CAP_NEED_RSP_BUSY Greg Kroah-Hartman
2020-03-31 8:56 ` [PATCH 5.5 005/170] mmc: sdhci-tegra: " Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 006/170] crypto: chacha20poly1305 - add back missing test vectors and test chunking Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 007/170] crypto: arm64/chacha - correctly walk through blocks Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 008/170] cxgb4: fix throughput drop during Tx backpressure Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 009/170] cxgb4: fix Txq restart check during backpressure Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 010/170] geneve: move debug check after netdev unregister Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 011/170] hsr: fix general protection fault in hsr_addr_is_self() Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 012/170] ipv4: fix a RCU-list lock in inet_dump_fib() Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 013/170] macsec: restrict to ethernet devices Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 014/170] mlxsw: pci: Only issue reset when system is ready Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 015/170] mlxsw: spectrum_mr: Fix list iteration in error path Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 016/170] net/bpfilter: fix dprintf usage for /dev/kmsg Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 017/170] net: cbs: Fix software cbs to consider packet sending time Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 018/170] net: dsa: Fix duplicate frames flooded by learning Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 019/170] net: dsa: mt7530: Change the LINK bit to reflect the link status Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 020/170] net: dsa: tag_8021q: replace dsa_8021q_remove_header with __skb_vlan_pop Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 021/170] net: ena: Add PCI shutdown handler to allow safe kexec Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 022/170] net: mvneta: Fix the case where the last poll did not process all rx Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 023/170] net/packet: tpacket_rcv: avoid a producer race condition Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 024/170] net: phy: dp83867: w/a for fld detect threshold bootstrapping issue Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 025/170] net: phy: mdio-bcm-unimac: Fix clock handling Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 026/170] net: phy: mdio-mux-bcm-iproc: check clk_prepare_enable() return value Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 027/170] net: qmi_wwan: add support for ASKEY WWHC050 Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 028/170] net/sched: act_ct: Fix leak of ct zone template on replace Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 029/170] net_sched: cls_route: remove the right filter from hashtable Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 030/170] net_sched: hold rtnl lock in tcindex_partial_destroy_work() Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 031/170] net_sched: keep alloc_hash updated after hash allocation Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 032/170] net: stmmac: dwmac-rk: fix error path in rk_gmac_probe Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 033/170] NFC: fdp: Fix a signedness bug in fdp_nci_send_patch() Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 034/170] r8169: re-enable MSI on RTL8168c Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 035/170] slcan: not call free_netdev before rtnl_unlock in slcan_open Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 036/170] tcp: also NULL skb->dev when copy was needed Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 037/170] tcp: ensure skb->dev is NULL before leaving TCP stack Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 038/170] tcp: repair: fix TCP_QUEUE_SEQ implementation Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 039/170] vxlan: check return value of gro_cells_init() Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 040/170] Revert "net: bcmgenet: use RGMII loopback for MAC reset" Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 041/170] net: bcmgenet: keep MAC in reset until PHY is up Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 042/170] bnxt_en: Fix Priority Bytes and Packets counters in ethtool -S Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 043/170] bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets() Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 044/170] bnxt_en: Return error if bnxt_alloc_ctx_mem() fails Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 045/170] bnxt_en: Free context memory after disabling PCI in probe error path Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 046/170] bnxt_en: Reset rings if ring reservation fails during open() Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 047/170] net: ena: fix incorrect setting of the number of msix vectors Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 048/170] net: ena: fix request of incorrect number of IRQ vectors Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 049/170] net: ena: avoid memory access violation by validating req_id properly Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 050/170] net: ena: fix continuous keep-alive resets Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 051/170] net: ip_gre: Separate ERSPAN newlink / changelink callbacks Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 052/170] net: ip_gre: Accept IFLA_INFO_DATA-less configuration Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 053/170] hsr: use rcu_read_lock() in hsr_get_node_{list/status}() Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 054/170] hsr: add restart routine into hsr_get_node_list() Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 055/170] hsr: set .netnsok flag Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 056/170] net/mlx5: DR, Fix postsend actions write length Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 057/170] net/mlx5e: Enhance ICOSQ WQE info fields Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 058/170] net/mlx5e: Fix missing reset of SW metadata in Striding RQ reset Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 059/170] net/mlx5e: Fix ICOSQ recovery flow with Striding RQ Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 060/170] net/mlx5e: Do not recover from a non-fatal syndrome Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 061/170] net/mlx5_core: Set IB capability mask1 to fix ib_srpt connection failure Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 062/170] net/mlx5e: kTLS, Fix TCP seq off-by-1 issue in TX resync flow Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 063/170] net/mlx5e: Fix endianness handling in pedit mask Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 064/170] cgroup-v1: cgroup_pidlist_next should update position index Greg Kroah-Hartman
2020-03-31 8:57 ` [PATCH 5.5 065/170] nfs: add minor version to nfs_server_key for fscache Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 066/170] cpupower: avoid multiple definition with gcc -fno-common Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 067/170] drivers/of/of_mdio.c:fix of_mdiobus_register() Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 068/170] cgroup1: dont call release_agent when it is "" Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 069/170] veth: ignore peer tx_dropped when counting local rx_dropped Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 070/170] drm/amd/display: update soc bb for nv14 Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 071/170] drm/amdgpu: correct ROM_INDEX/DATA offset for VEGA20 Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 072/170] drm/exynos: Fix cleanup of IOMMU related objects Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 073/170] iommu/vt-d: Silence RCU-list debugging warnings Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 074/170] ibmvnic: Do not process device remove during device reset Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 075/170] scsi: ipr: Fix softlockup when rescanning devices in petitboot Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 076/170] mac80211: Do not send mesh HWMP PREQ if HWMP is disabled Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 077/170] dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 078/170] sxgbe: Fix off by one in samsung driver strncpy size arg Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 079/170] iommu/vt-d: Fix debugfs register reads Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 080/170] iommu/vt-d: Populate debugfs if IOMMUs are detected Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 081/170] i2c: hix5hd2: add missed clk_disable_unprepare in remove Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 082/170] Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger() Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 083/170] Input: fix stale timestamp on key autorepeat events Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 084/170] Input: synaptics - enable RMI on HP Envy 13-ad105ng Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 085/170] Input: avoid BIT() macro usage in the serio.h UAPI header Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 086/170] IB/rdmavt: Free kernel completion queue when done Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 087/170] RDMA/core: Fix missing error check on dev_set_name() Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 088/170] RDMA/odp: Fix leaking the tgid for implicit ODP Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 089/170] gpiolib: Fix irq_disable() semantics Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 090/170] RDMA/nl: Do not permit empty devices names during RDMA_NLDEV_CMD_NEWLINK/SET Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 091/170] RDMA/mad: Do not crash if the rdma device does not have a umad interface Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 092/170] ceph: check POOL_FLAG_FULL/NEARFULL in addition to OSDMAP_FULL/NEARFULL Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 093/170] ceph: fix memory leak in ceph_cleanup_snapid_map() Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 094/170] KVM: SVM: Issue WBINVD after deactivating an SEV guest Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 095/170] ARM: dts: dra7: Add bus_dma_limit for L3 bus Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 096/170] ARM: dts: omap5: " Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 097/170] x86/ioremap: Fix CONFIG_EFI=n build Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 098/170] perf probe: Fix to delete multiple probe event Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 099/170] perf probe: Do not depend on dwfl_module_addrsym() Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 100/170] rtlwifi: rtl8188ee: Fix regression due to commit d1d1a96bdb44 Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 101/170] tools: Let O= makes handle a relative path with -C option Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 102/170] scripts/dtc: Remove redundant YYLOC global declaration Greg Kroah-Hartman
2020-03-31 9:53 ` Nathan Chancellor
2020-03-31 10:02 ` Greg Kroah-Hartman
2020-03-31 11:45 ` Dirk Müller
2020-03-31 12:09 ` Greg Kroah-Hartman
2020-03-31 19:25 ` Nathan Chancellor
2020-04-02 17:40 ` Greg Kroah-Hartman
2020-03-31 21:35 ` Dirk Müller
2020-03-31 8:58 ` [PATCH 5.5 103/170] drm/prime: use dma length macro when mapping sg Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 104/170] drm/amdgpu: fix scatter-gather mapping with user pages Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 105/170] drm/radeon: " Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 106/170] soc: samsung: chipid: Fix return value on non-Exynos platforms Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 107/170] scsi: sd: Fix optimal I/O size for devices that change reported values Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 108/170] nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 109/170] mac80211: drop data frames without key on encrypted links Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 110/170] mac80211: mark station unauthorized before key removal Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 111/170] mm/swapfile.c: move inode_lock out of claim_swapfile Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 112/170] drivers/base/memory.c: indicate all memory blocks as removable Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 113/170] mm/sparse: fix kernel crash with pfn_section_valid check Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 114/170] mm: fork: fix kernel_stack memcg stats for various stack implementations Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 115/170] gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 116/170] gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 117/170] gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 118/170] bpf: Fix cgroup ref leak in cgroup_bpf_inherit on out-of-memory Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 119/170] RDMA/core: Ensure security pkey modify is not lost Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 120/170] afs: Fix handling of an abort from a service handler Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 121/170] genirq: Fix reference leaks on irq affinity notifiers Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 122/170] xfrm: handle NETDEV_UNREGISTER for xfrm device Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 123/170] vti[6]: fix packet tx through bpf_redirect() in XinY cases Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 124/170] RDMA/mlx5: Fix the number of hwcounters of a dynamic counter Greg Kroah-Hartman
2020-03-31 8:58 ` [PATCH 5.5 125/170] RDMA/mlx5: Fix access to wrong pointer while performing flush due to error Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 126/170] RDMA/mlx5: Block delay drop to unprivileged users Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 127/170] xfrm: fix uctx len check in verify_sec_ctx_len Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 128/170] xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 129/170] xfrm: policy: Fix doulbe free in xfrm_policy_timer Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 130/170] afs: Fix client call Rx-phase signal handling Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 131/170] afs: Fix some tracing details Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 132/170] afs: Fix unpinned address list during probing Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 133/170] ieee80211: fix HE SPR size calculation Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 134/170] mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 135/170] netfilter: flowtable: reload ip{v6}h in nf_flow_tuple_ip{v6} Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 136/170] netfilter: flowtable: populate addr_type mask Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 137/170] netfilter: nft_fwd_netdev: validate family and chain type Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 138/170] netfilter: nft_fwd_netdev: allow to redirect to ifb via ingress Greg Kroah-Hartman
2020-03-31 10:16 ` Pablo Neira Ayuso
2020-03-31 12:12 ` Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 139/170] i2c: nvidia-gpu: Handle timeout correctly in gpu_i2c_check_status() Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 140/170] bpf, x32: Fix bug with JMP32 JSET BPF_X checking upper bits Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 141/170] bpf: Initialize storage pointers to NULL to prevent freeing garbage pointer Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 142/170] bpf/btf: Fix BTF verification of enum members in struct/union Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 143/170] bpf, sockmap: Remove bucket->lock from sock_{hash|map}_free Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 144/170] ARM: dts: sun8i-a83t-tbs-a711: Fix USB OTG mode detection Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 145/170] vti6: Fix memory leak of skb if input policy check fails Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 146/170] r8169: fix PHY driver check on platforms w/o module softdeps Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 147/170] clocksource/drivers/hyper-v: Untangle stimers and timesync from clocksources Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 148/170] bpf: Undo incorrect __reg_bound_offset32 handling Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 149/170] USB: serial: option: add support for ASKEY WWHC050 Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 150/170] USB: serial: option: add BroadMobi BM806U Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 151/170] USB: serial: option: add Wistron Neweb D19Q1 Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 152/170] USB: cdc-acm: restore capability check order Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 153/170] USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 154/170] usb: musb: fix crash with highmen PIO and usbmon Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 155/170] media: flexcop-usb: fix endpoint sanity check Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 156/170] media: usbtv: fix control-message timeouts Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 157/170] staging: kpc2000: prevent underflow in cpld_reconfigure() Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 158/170] staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 159/170] staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 160/170] staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 161/170] staging: wfx: add proper "compatible" string Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 162/170] staging: wfx: fix init/remove vs IRQ race Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 163/170] staging: wfx: annotate nested gc_list vs tx queue locking Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 164/170] ahci: Add Intel Comet Lake H RAID PCI ID Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 165/170] libfs: fix infoleak in simple_attr_read() Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 166/170] media: ov519: add missing endpoint sanity checks Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 167/170] media: dib0700: fix rc endpoint lookup Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 168/170] media: stv06xx: add missing descriptor sanity checks Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 169/170] media: xirlink_cit: " Greg Kroah-Hartman
2020-03-31 8:59 ` [PATCH 5.5 170/170] media: v4l2-core: fix a use-after-free bug of sd->devnode Greg Kroah-Hartman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.