* [PATCH 5.6 000/177] 5.6.16-rc1 review
@ 2020-06-01 17:52 Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 001/177] ax25: fix setsockopt(SO_BINDTODEVICE) Greg Kroah-Hartman
` (177 more replies)
0 siblings, 178 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
ben.hutchings, lkft-triage, stable
This is the start of the stable review cycle for the 5.6.16 release.
There are 177 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 03 Jun 2020 17:38:19 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.6.16-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.6.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 5.6.16-rc1
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build
Nathan Chancellor <natechancellor@gmail.com>
netfilter: conntrack: Pass value of ctinfo to __nf_conntrack_update
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: conntrack: comparison of unsigned in cthelper confirmation
Dmitry Torokhov <dmitry.torokhov@gmail.com>
Revert "Input: i8042 - add ThinkPad S230u to i8042 nomux list"
Petr Mladek <pmladek@suse.com>
powerpc/bpf: Enable bpf_probe_read{, str}() on powerpc again
Qiushi Wu <wu000273@umn.edu>
bonding: Fix reference count leak in bond_sysfs_slave_add.
Vladimir Oltean <vladimir.oltean@nxp.com>
net: dsa: declare lockless TX feature for slave ports
David Ahern <dsahern@gmail.com>
ipv4: nexthop version of fib_info_nh_uses_dev
David Ahern <dsahern@gmail.com>
nexthop: Expand nexthop_is_multipath in a few places
Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
nexthops: don't modify published nexthop groups
David Ahern <dsahern@gmail.com>
nexthops: Move code from remove_nexthop_from_groups to remove_nh_grp_entry
Eric Dumazet <edumazet@google.com>
crypto: chelsio/chtls: properly set tp->lsndtime
Qiushi Wu <wu000273@umn.edu>
qlcnic: fix missing release in qlcnic_83xx_interrupt_test.
Björn Töpel <bjorn.topel@intel.com>
xsk: Add overflow check for u64 division, stored into u32
Jay Lang <jaytlang@mit.edu>
x86/ioperm: Prevent a memory leak when fork fails
Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
ieee80211: Fix incorrect mask for default PE duration
Edwin Peer <edwin.peer@broadcom.com>
bnxt_en: fix firmware message length endianness
Michael Chan <michael.chan@broadcom.com>
bnxt_en: Fix accumulation of bp->net_stats_prev.
Xin Long <lucien.xin@gmail.com>
esp6: get the right proto for transport mode in esp6_gso_encap
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nfnetlink_cthelper: unbreak userspace helper support
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: conntrack: make conntrack userspace helpers work again
Phil Sutter <phil@nwl.cc>
netfilter: ipset: Fix subcounter update skip
Michael Braun <michael-dev@fami-braun.de>
netfilter: nft_reject_bridge: enable reject with bridge vlan
Xin Long <lucien.xin@gmail.com>
ip_vti: receive ipip packet by calling ip_tunnel_rcv
Antony Antony <antony@phenome.org>
xfrm: fix error in comment
Xin Long <lucien.xin@gmail.com>
xfrm: fix a NULL-ptr deref in xfrm_local_error
Xin Long <lucien.xin@gmail.com>
xfrm: fix a warning in xfrm_policy_insert_list
Nicolas Dichtel <nicolas.dichtel@6wind.com>
xfrm interface: fix oops when deleting a x-netns interface
Xin Long <lucien.xin@gmail.com>
xfrm: call xfrm_output_gso when inner_protocol is set in xfrm_output
Sabrina Dubroca <sd@queasysnail.net>
xfrm: espintcp: save and call old ->sk_destruct
Xin Long <lucien.xin@gmail.com>
xfrm: remove the xfrm_state_put call becofe going to out_reset
Xin Long <lucien.xin@gmail.com>
xfrm: do pskb_pull properly in __xfrm_transport_prep
Xin Long <lucien.xin@gmail.com>
xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input
Al Viro <viro@zeniv.linux.org.uk>
copy_xstate_to_kernel(): don't leave parts of destination uninitialized
Alexander Dahl <post@lespocky.de>
x86/dma: Fix max PFN arithmetic overflow on 32 bit systems
Linus Lüssing <ll@simonwunderlich.de>
mac80211: mesh: fix discovery timer re-arming issue / crash
Johannes Berg <johannes.berg@intel.com>
cfg80211: fix debugfs rename crash
Helge Deller <deller@gmx.de>
parisc: Fix kernel panic in mem_init()
Qiushi Wu <wu000273@umn.edu>
iommu: Fix reference count leak in iommu_group_alloc.
Linus Walleij <linus.walleij@linaro.org>
gpio: fix locking open drain IRQ lines
Jens Axboe <axboe@kernel.dk>
Revert "block: end bio with BLK_STS_AGAIN in case of non-mq devs and REQ_NOWAIT"
Arnd Bergmann <arnd@arndb.de>
include/asm-generic/topology.h: guard cpumask_of_node() macro argument
Alexander Potapenko <glider@google.com>
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
mm: remove VM_BUG_ON(PageSlab()) from page_mapcount()
Hugh Dickins <hughd@google.com>
mm,thp: stop leaking unreleased file pages
Valentine Fatiev <valentinef@mellanox.com>
IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode
Aric Cyr <aric.cyr@amd.com>
drm/amd/display: Fix potential integer wraparound resulting in a hang
Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
drm/amd/display: Defer cursor lock until after VUPDATE
Aric Cyr <aric.cyr@amd.com>
drm/amd/display: Use cursor locking to prevent flip delays
Anthony Koo <Anthony.Koo@amd.com>
drm/amd/display: Added locking for atomic update stream and update planes
Anthony Koo <Anthony.Koo@amd.com>
drm/amd/display: Indicate dsc updates explicitly
Anthony Koo <Anthony.Koo@amd.com>
drm/amd/display: Split program front end part that occur outside lock
Simon Ser <contact@emersion.fr>
drm/amd/display: drop cursor position check in atomic test
Jason Gunthorpe <jgg@ziepe.ca>
RDMA/core: Fix double destruction of uobject
Jeff Layton <jlayton@kernel.org>
ceph: flush release queue when handling caps for unknown inode
Jerry Lee <leisurelysw24@gmail.com>
libceph: ignore pool overlay and cache logic on redirects
Kailang Yang <kailang@realtek.com>
ALSA: hda/realtek - Add new codec supported for ALC287
Takashi Iwai <tiwai@suse.de>
ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio
Vinod Koul <vkoul@kernel.org>
clk: qcom: gcc: Fix parent for gpll0_out_even
Eric W. Biederman <ebiederm@xmission.com>
exec: Always set cap_ambient in cap_bprm_set_creds
Chris Chiu <chiu@endlessm.com>
ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC
Takashi Iwai <tiwai@suse.de>
ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround
Changming Liu <liu.changm@northeastern.edu>
ALSA: hwdep: fix a left shifting 1 by 31 UB bug
Qiushi Wu <wu000273@umn.edu>
RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe()
Tiezhu Yang <yangtiezhu@loongson.cn>
gpio: bcm-kona: Fix return value of bcm_kona_gpio_probe()
Tiezhu Yang <yangtiezhu@loongson.cn>
gpio: pxa: Fix return value of pxa_gpio_probe()
Peng Hao <richard.peng@oppo.com>
mmc: block: Fix use-after-free issue for rpmb
Maor Gottlieb <maorg@mellanox.com>
RDMA/mlx5: Fix NULL pointer dereference in destroy_prefetch_work
Lubomir Rintel <lkundrak@v3.sk>
ARM: dts: mmp3: Drop usb-nop-xceiv from HSIC phy
Lubomir Rintel <lkundrak@v3.sk>
ARM: dts: mmp3-dell-ariel: Fix the SPI devices
Lubomir Rintel <lkundrak@v3.sk>
ARM: dts: mmp3: Use the MMP3 compatible string for /clocks
Hamish Martin <hamish.martin@alliedtelesis.co.nz>
ARM: dts: bcm: HR2: Fix PPI interrupt types
Vincent Stehlé <vincent.stehle@laposte.net>
ARM: dts: bcm2835-rpi-zero-w: Fix led polarity
Robert Beckett <bob.beckett@collabora.com>
ARM: dts/imx6q-bx50v3: Set display interface clock parents
Kaike Wan <kaike.wan@intel.com>
IB/qib: Call kobject_put() when kobject_init_and_add() fails
Paul Cercueil <paul@crapouillou.net>
gpu/drm: Ingenic: Fix opaque pointer casted to wrong type
Paul Cercueil <paul@crapouillou.net>
gpu/drm: ingenic: Fix bogus crtc_atomic_check callback
Dennis YC Hsieh <dennis-yc.hsieh@mediatek.com>
soc: mediatek: cmdq: return send msg error code
Hsin-Yi Wang <hsinyi@chromium.org>
arm64: dts: mt8173: fix vcodec-enc clock
Takashi Iwai <tiwai@suse.de>
gpio: exar: Fix bad handling for ida_simple_get error path
Russell King <rmk+kernel@armlinux.org.uk>
ARM: uaccess: fix DACR mismatch with nested exceptions
Russell King <rmk+kernel@armlinux.org.uk>
ARM: uaccess: integrate uaccess_save and uaccess_restore
Russell King <rmk+kernel@armlinux.org.uk>
ARM: uaccess: consolidate uaccess asm to asm/uaccess-asm.h
Łukasz Stelmach <l.stelmach@samsung.com>
ARM: 8970/1: decompressor: increase tag size
Wei Yongjun <weiyongjun1@huawei.com>
Input: synaptics-rmi4 - fix error return code in rmi_driver_probe()
Evan Green <evgreen@chromium.org>
Input: synaptics-rmi4 - really fix attn_data use-after-free
Kevin Locke <kevin@kevinlocke.name>
Input: i8042 - add ThinkPad S230u to i8042 reset list
Sascha Hauer <s.hauer@pengutronix.de>
gpio: mvebu: Fix probing for chips without PWM
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Input: dlink-dir685-touchkeys - fix a typo in driver name
Łukasz Patron <priv.luk@gmail.com>
Input: xpad - add custom init packet for Xbox One S controllers
Brendan Shanks <bshanks@codeweavers.com>
Input: evdev - call input_flush_device() on release(), not flush()
Kevin Locke <kevin@kevinlocke.name>
Input: i8042 - add ThinkPad S230u to i8042 nomux list
James Hilliard <james.hilliard1@gmail.com>
Input: usbtouchscreen - add support for BonXeon TP
Madhuparna Bhowmik <madhuparnabhowmik10@gmail.com>
drivers: net: hamradio: Fix suspicious RCU usage warning in bpqether.c
Matteo Croce <mcroce@redhat.com>
samples: bpf: Fix build error
Al Viro <viro@zeniv.linux.org.uk>
csky: Fixup raw_copy_from_user()
Steve French <stfrench@microsoft.com>
cifs: Fix null pointer check in cifs_read
Kefeng Wang <wangkefeng.wang@huawei.com>
riscv: pgtable: Fix __kernel_map_pages build error if NOMMU
Amy Shih <amy.shih@advantech.com.tw>
hwmon: (nct7904) Fix incorrect range of temperature limit registers
Bernard Zhao <bernard@vivo.com>
drm/meson: pm resume add return errno branch
Liu Yibin <jiulong@linux.alibaba.com>
csky: Fixup remove duplicate irq_disable
Mao Han <han_mao@linux.alibaba.com>
csky: Fixup perf callchain unwind
Liu Yibin <jiulong@linux.alibaba.com>
csky: Fixup msa highest 3 bits mask
Tero Kristo <t-kristo@ti.com>
clk: ti: am33xx: fix RTC clock parent
Kefeng Wang <wangkefeng.wang@huawei.com>
riscv: Add pgprot_writecombine/device and PAGE_SHARED defination if NOMMU
Kefeng Wang <wangkefeng.wang@huawei.com>
riscv: stacktrace: Fix undefined reference to `walk_stackframe'
Kefeng Wang <wangkefeng.wang@huawei.com>
riscv: Fix unmet direct dependencies built based on SOC_VIRT
Denis V. Lunev <den@openvz.org>
IB/i40iw: Remove bogus call to netdev_master_upper_dev_get()
Leo (Hanghong) Ma <hanghong.ma@amd.com>
drm/amd/amdgpu: Update update_config() logic
Arnd Bergmann <arnd@arndb.de>
net: freescale: select CONFIG_FIXED_PHY where needed
Masahiro Yamada <masahiroy@kernel.org>
usb: gadget: legacy: fix redundant initialization warnings
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
usb: phy: twl6030-usb: Fix a resource leak in an error handling path in 'twl6030_usb_probe()'
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
usb: dwc3: pci: Enable extcon driver for Intel Merrifield
Lei Xue <carmark.dlut@gmail.com>
cachefiles: Fix race between read_waiter and read_copier involving op->to_do
Felix Kuehling <Felix.Kuehling@amd.com>
drm/amdgpu: Use GEM obj reference for KFD BOs
Evan Quan <evan.quan@amd.com>
drm/amd/powerplay: perform PG ungate prior to CG ungate
Evan Quan <evan.quan@amd.com>
drm/amdgpu: drop unnecessary cancel_delayed_work_sync on PG ungate
Andreas Gruenbacher <agruenba@redhat.com>
gfs2: Grab glock reference sooner in gfs2_add_revoke
Bob Peterson <rpeterso@redhat.com>
gfs2: don't call quota_unhold if quotas are not locked
Bob Peterson <rpeterso@redhat.com>
gfs2: move privileged user check to gfs2_quota_lock_check
John Stultz <john.stultz@linaro.org>
kselftests: dmabuf-heaps: Fix confused return value on expected error testing
Chuhong Yuan <hslester96@gmail.com>
net: microchip: encx24j600: add missed kthread_stop
Tony Lindgren <tony@atomide.com>
ARM: dts: omap4-droid4: Fix occasional lost wakeirq for uart1
Tony Lindgren <tony@atomide.com>
ARM: dts: omap4-droid4: Fix flakey wlan by disabling internal pull for gpio
Andrew Oakley <andrew@adoakley.name>
ALSA: usb-audio: add mapping for ASRock TRX40 Creator
Stephen Warren <swarren@nvidia.com>
gpio: tegra: mask GPIO IRQs during IRQ shutdown
Johan Jonker <jbx6244@gmail.com>
ARM: dts: rockchip: fix pinctrl sub nodename for spi in rk322x.dtsi
Johan Jonker <jbx6244@gmail.com>
ARM: dts: rockchip: swap clock-names of gpu nodes
Johan Jonker <jbx6244@gmail.com>
arm64: dts: rockchip: swap interrupts interrupt-names rk3399 gpu node
Johan Jonker <jbx6244@gmail.com>
arm64: dts: rockchip: fix status for &gmac2phy in rk3328-evb.dts
Johan Jonker <jbx6244@gmail.com>
ARM: dts: rockchip: fix phy nodename for rk3229-xms6
Johan Jonker <jbx6244@gmail.com>
ARM: dts: rockchip: fix phy nodename for rk3228-evb
Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
arm64: dts: qcom: db820c: fix audio configuration
Vladimir Oltean <vladimir.oltean@nxp.com>
net: mscc: ocelot: fix address ageing time (again)
Jiri Pirko <jiri@mellanox.com>
mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload fails
Tang Bin <tangbin@cmss.chinamobile.com>
net: sgi: ioc3-eth: Fix return value check in ioc3eth_probe()
Qiushi Wu <wu000273@umn.edu>
net/mlx4_core: fix a memory leak bug.
Qiushi Wu <wu000273@umn.edu>
net: sun: fix missing release regions in cas_init_one().
Vadim Fedorenko <vfedorenko@novek.ru>
net/tls: free record only on encryption error
Vadim Fedorenko <vfedorenko@novek.ru>
net/tls: fix encryption error checking
Roi Dayan <roid@mellanox.com>
net/mlx5: Annotate mutex destroy for root ns
Eran Ben Elisha <eranbe@mellanox.com>
net/mlx5: Avoid processing commands before cmdif is ready
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Revert "virtio-balloon: Revert "virtio-balloon: Switch back to OOM handler for VIRTIO_BALLOON_F_DEFLATE_ON_OOM""
Roi Dayan <roid@mellanox.com>
net/mlx5: Fix cleaning unmanaged flow tables
Eran Ben Elisha <eranbe@mellanox.com>
net/mlx5: Fix a race when moving command interface to events mode
Heiner Kallweit <hkallweit1@gmail.com>
r8169: fix OCP access on RTL8117
Jason A. Donenfeld <Jason@zx2c4.com>
wireguard: noise: separate receive counter from send counter
Jason A. Donenfeld <Jason@zx2c4.com>
wireguard: queueing: preserve flow hash across packet scrubbing
Jason A. Donenfeld <Jason@zx2c4.com>
wireguard: noise: read preshared key while taking lock
Shay Drory <shayd@mellanox.com>
net/mlx5: Fix error flow in case of function_setup failure
Moshe Shemesh <moshe@mellanox.com>
net/mlx5e: Update netdev txq on completions during closure
Moshe Shemesh <moshe@mellanox.com>
net/mlx5: Fix memory leak in mlx5_events_init
Roi Dayan <roid@mellanox.com>
net/mlx5e: Fix inner tirs handling
Tariq Toukan <tariqt@mellanox.com>
net/mlx5e: kTLS, Destroy key object after destroying the TIS
Eric Dumazet <edumazet@google.com>
tipc: block BH before using dst_cache
Jere Leppänen <jere.leppanen@nokia.com>
sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed
Neil Horman <nhorman@tuxdriver.com>
sctp: Don't add the shutdown timer if its already been added
Marc Payne <marc.payne@mdpsys.co.uk>
r8152: support additional Microsoft Surface Ethernet Adapter variant
David Ahern <dsahern@gmail.com>
nexthop: Fix attribute checking for groups
Vinay Kumar Yadav <vinay.yadav@chelsio.com>
net/tls: fix race condition causing kernel panic
Roman Mashak <mrv@mojatatu.com>
net sched: fix reporting the first-time use timestamp
Yuqi Jin <jinyuqi@huawei.com>
net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()"
Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
net: qrtr: Fix passing invalid reference to qrtr_local_enqueue()
Stephen Worley <sworley@cumulusnetworks.com>
net: nlmsg_cancel() if put fails for nhmsg
Russell King <rmk+kernel@armlinux.org.uk>
net: mvpp2: fix RX hashing for non-10G ports
Moshe Shemesh <moshe@mellanox.com>
net/mlx5: Add command entry handling completion
Vadim Fedorenko <vfedorenko@novek.ru>
net: ipip: fix wrong address family in init error path
Martin KaFai Lau <kafai@fb.com>
net: inet_csk: Fix so_reuseport bind-address cache in tb->fast*
Boris Sukholitko <boris.sukholitko@broadcom.com>
__netif_receive_skb_core: pass skb by reference
Grygorii Strashko <grygorii.strashko@ti.com>
net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during suspend
DENG Qingfang <dqfext@gmail.com>
net: dsa: mt7530: fix roaming from DSA user ports
Sabrina Dubroca <sd@queasysnail.net>
net: don't return invalid table id error when we fall back to PF_UNSPEC
Claudiu Manoil <claudiu.manoil@nxp.com>
felix: Fix initialization of ioremap resources
Michal Kubecek <mkubecek@suse.cz>
ethtool: count header size in reply size estimate
Vladimir Oltean <vladimir.oltean@nxp.com>
dpaa_eth: fix usage as DSA master, try 3
Eric Dumazet <edumazet@google.com>
ax25: fix setsockopt(SO_BINDTODEVICE)
-------------
Diffstat:
Makefile | 4 +-
arch/arm/boot/compressed/vmlinux.lds.S | 2 +-
arch/arm/boot/dts/bcm-hr2.dtsi | 6 +-
arch/arm/boot/dts/bcm2835-rpi-zero-w.dts | 2 +-
arch/arm/boot/dts/imx6q-b450v3.dts | 7 -
arch/arm/boot/dts/imx6q-b650v3.dts | 7 -
arch/arm/boot/dts/imx6q-b850v3.dts | 11 --
arch/arm/boot/dts/imx6q-bx50v3.dtsi | 15 +++
arch/arm/boot/dts/mmp3-dell-ariel.dts | 12 +-
arch/arm/boot/dts/mmp3.dtsi | 8 +-
arch/arm/boot/dts/motorola-mapphone-common.dtsi | 43 +++++-
arch/arm/boot/dts/rk3036.dtsi | 2 +-
arch/arm/boot/dts/rk3228-evb.dts | 2 +-
arch/arm/boot/dts/rk3229-xms6.dts | 2 +-
arch/arm/boot/dts/rk322x.dtsi | 6 +-
arch/arm/boot/dts/rk3xxx.dtsi | 2 +-
arch/arm/include/asm/assembler.h | 75 +----------
arch/arm/include/asm/uaccess-asm.h | 117 ++++++++++++++++
arch/arm/kernel/entry-armv.S | 11 +-
arch/arm/kernel/entry-header.S | 9 +-
arch/arm64/boot/dts/mediatek/mt8173.dtsi | 4 +-
arch/arm64/boot/dts/qcom/apq8096-db820c.dtsi | 19 ++-
arch/arm64/boot/dts/qcom/msm8996.dtsi | 2 +
arch/arm64/boot/dts/rockchip/rk3328-evb.dts | 2 +-
arch/arm64/boot/dts/rockchip/rk3399.dtsi | 8 +-
arch/csky/abiv1/inc/abi/entry.h | 4 +-
arch/csky/abiv2/inc/abi/entry.h | 4 +-
arch/csky/include/asm/uaccess.h | 49 +++----
arch/csky/kernel/entry.S | 2 -
arch/csky/kernel/perf_callchain.c | 9 +-
arch/csky/lib/usercopy.c | 8 +-
arch/parisc/mm/init.c | 2 +-
arch/powerpc/Kconfig | 1 +
arch/riscv/Kconfig.socs | 17 +--
arch/riscv/include/asm/mmio.h | 2 +
arch/riscv/include/asm/pgtable.h | 3 +
arch/riscv/kernel/stacktrace.c | 2 +-
arch/x86/include/asm/dma.h | 2 +-
arch/x86/include/asm/io_bitmap.h | 4 +-
arch/x86/kernel/fpu/xstate.c | 86 ++++++------
arch/x86/kernel/ioport.c | 22 +--
arch/x86/kernel/process.c | 4 +-
block/blk-core.c | 11 +-
drivers/clk/qcom/gcc-sm8150.c | 3 +-
drivers/clk/ti/clk-33xx.c | 2 +-
drivers/crypto/chelsio/chtls/chtls_io.c | 2 +-
drivers/gpio/gpio-bcm-kona.c | 2 +-
drivers/gpio/gpio-exar.c | 7 +-
drivers/gpio/gpio-mvebu.c | 15 ++-
drivers/gpio/gpio-pxa.c | 4 +-
drivers/gpio/gpio-tegra.c | 1 +
drivers/gpio/gpiolib.c | 11 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 +-
drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 6 +-
drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 12 +-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 7 -
.../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 10 +-
drivers/gpu/drm/amd/display/dc/core/dc.c | 124 +++++++++++++----
drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 40 +-----
drivers/gpu/drm/amd/display/dc/dc_stream.h | 1 +
.../amd/display/dc/dce110/dce110_hw_sequencer.c | 30 ++---
.../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 148 ++++++++++++++++-----
.../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h | 13 ++
drivers/gpu/drm/amd/display/dc/dcn10/dcn10_init.c | 4 +
drivers/gpu/drm/amd/display/dc/dcn10/dcn10_mpc.c | 15 +++
drivers/gpu/drm/amd/display/dc/dcn10/dcn10_mpc.h | 20 ++-
.../gpu/drm/amd/display/dc/dcn10/dcn10_resource.c | 14 +-
drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 108 +++++++--------
drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.h | 7 +-
drivers/gpu/drm/amd/display/dc/dcn20/dcn20_init.c | 5 +-
drivers/gpu/drm/amd/display/dc/dcn20/dcn20_mpc.c | 1 +
drivers/gpu/drm/amd/display/dc/dcn20/dcn20_mpc.h | 3 +-
.../gpu/drm/amd/display/dc/dcn20/dcn20_resource.c | 4 +
drivers/gpu/drm/amd/display/dc/dcn21/dcn21_init.c | 5 +-
.../gpu/drm/amd/display/dc/dcn21/dcn21_resource.c | 4 +
drivers/gpu/drm/amd/display/dc/inc/hw/mpc.h | 16 +++
drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h | 12 +-
drivers/gpu/drm/amd/powerplay/amd_powerplay.c | 6 +-
drivers/gpu/drm/amd/powerplay/amdgpu_smu.c | 6 +-
drivers/gpu/drm/ingenic/ingenic-drm.c | 6 +-
drivers/gpu/drm/meson/meson_drv.c | 4 +-
drivers/hwmon/nct7904.c | 4 +-
drivers/infiniband/core/rdma_core.c | 20 ++-
drivers/infiniband/hw/i40iw/i40iw_cm.c | 8 --
drivers/infiniband/hw/mlx5/mr.c | 1 +
drivers/infiniband/hw/qib/qib_sysfs.c | 9 +-
drivers/infiniband/hw/vmw_pvrdma/pvrdma_main.c | 2 +-
drivers/infiniband/ulp/ipoib/ipoib.h | 4 +
drivers/infiniband/ulp/ipoib/ipoib_cm.c | 15 ++-
drivers/infiniband/ulp/ipoib/ipoib_ib.c | 9 +-
drivers/infiniband/ulp/ipoib/ipoib_main.c | 10 +-
drivers/input/evdev.c | 19 +--
drivers/input/joystick/xpad.c | 12 ++
drivers/input/keyboard/dlink-dir685-touchkeys.c | 2 +-
drivers/input/rmi4/rmi_driver.c | 5 +-
drivers/input/serio/i8042-x86ia64io.h | 7 +
drivers/input/touchscreen/usbtouchscreen.c | 1 +
drivers/iommu/iommu.c | 2 +-
drivers/mmc/core/block.c | 2 +-
drivers/net/bonding/bond_sysfs_slave.c | 4 +-
drivers/net/dsa/mt7530.c | 9 +-
drivers/net/dsa/mt7530.h | 1 +
drivers/net/dsa/ocelot/felix.c | 23 ++--
drivers/net/dsa/ocelot/felix.h | 6 +-
drivers/net/dsa/ocelot/felix_vsc9959.c | 22 ++-
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 16 +--
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 5 -
drivers/net/ethernet/freescale/Kconfig | 2 +
drivers/net/ethernet/freescale/dpaa/Kconfig | 1 +
drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2 +-
drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 +-
drivers/net/ethernet/mellanox/mlx4/fw.c | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 59 +++++++-
drivers/net/ethernet/mellanox/mlx5/core/en.h | 2 +-
.../ethernet/mellanox/mlx5/core/en_accel/ktls.c | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 12 +-
drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 4 +-
drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 9 +-
drivers/net/ethernet/mellanox/mlx5/core/eq.c | 3 +
drivers/net/ethernet/mellanox/mlx5/core/events.c | 4 +-
drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 17 ++-
.../net/ethernet/mellanox/mlx5/core/ipoib/ipoib.c | 4 +-
drivers/net/ethernet/mellanox/mlx5/core/main.c | 7 +-
drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 14 +-
drivers/net/ethernet/mellanox/mlxsw/switchx2.c | 8 ++
drivers/net/ethernet/microchip/encx24j600.c | 5 +-
drivers/net/ethernet/mscc/ocelot.c | 2 +-
.../net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c | 4 +-
drivers/net/ethernet/realtek/r8169_main.c | 17 ++-
drivers/net/ethernet/sgi/ioc3-eth.c | 8 +-
drivers/net/ethernet/sun/cassini.c | 3 +-
drivers/net/ethernet/ti/cpsw.c | 4 +
drivers/net/hamradio/bpqether.c | 3 +-
drivers/net/usb/cdc_ether.c | 11 +-
drivers/net/usb/r8152.c | 1 +
drivers/net/wireguard/messages.h | 2 +-
drivers/net/wireguard/noise.c | 22 ++-
drivers/net/wireguard/noise.h | 14 +-
drivers/net/wireguard/queueing.h | 10 +-
drivers/net/wireguard/receive.c | 44 +++---
drivers/net/wireguard/selftest/counter.c | 17 ++-
drivers/net/wireguard/send.c | 19 +--
drivers/soc/mediatek/mtk-cmdq-helper.c | 4 +-
drivers/usb/dwc3/dwc3-pci.c | 1 +
drivers/usb/gadget/legacy/inode.c | 3 +-
drivers/usb/phy/phy-twl6030-usb.c | 12 +-
drivers/virtio/virtio_balloon.c | 107 ++++++---------
fs/binfmt_elf.c | 2 +-
fs/cachefiles/rdwr.c | 2 +-
fs/ceph/caps.c | 2 +-
fs/cifs/file.c | 2 +-
fs/gfs2/log.c | 6 +-
fs/gfs2/quota.c | 6 +-
fs/gfs2/quota.h | 3 +-
include/asm-generic/topology.h | 2 +-
include/linux/ieee80211.h | 2 +-
include/linux/mlx5/driver.h | 16 +++
include/linux/mm.h | 15 ++-
include/linux/netfilter/nf_conntrack_pptp.h | 2 +-
include/net/act_api.h | 3 +-
include/net/espintcp.h | 1 +
include/net/ip_fib.h | 11 +-
include/net/nexthop.h | 67 +++++++---
include/net/tls.h | 4 +
include/rdma/uverbs_std_types.h | 2 +-
include/uapi/linux/xfrm.h | 2 +-
mm/khugepaged.c | 1 +
net/ax25/af_ax25.c | 6 +-
net/bridge/netfilter/nft_reject_bridge.c | 6 +
net/ceph/osd_client.c | 4 +-
net/core/dev.c | 20 ++-
net/dsa/slave.c | 1 +
net/dsa/tag_mtk.c | 15 +++
net/ethtool/netlink.c | 4 +-
net/ethtool/strset.c | 1 -
net/ipv4/esp4_offload.c | 4 +-
net/ipv4/fib_frontend.c | 22 +--
net/ipv4/inet_connection_sock.c | 43 +++---
net/ipv4/ip_vti.c | 23 +++-
net/ipv4/ipip.c | 2 +-
net/ipv4/ipmr.c | 2 +-
net/ipv4/netfilter/nf_nat_pptp.c | 7 +-
net/ipv4/nexthop.c | 105 +++++++++------
net/ipv4/route.c | 14 +-
net/ipv6/esp6_offload.c | 13 +-
net/ipv6/ip6_fib.c | 2 +-
net/ipv6/ip6mr.c | 2 +-
net/mac80211/mesh_hwmp.c | 7 +
net/netfilter/ipset/ip_set_list_set.c | 2 +-
net/netfilter/nf_conntrack_core.c | 80 ++++++++++-
net/netfilter/nf_conntrack_pptp.c | 62 +++++----
net/netfilter/nfnetlink_cthelper.c | 3 +-
net/qrtr/qrtr.c | 2 +-
net/sctp/sm_sideeffect.c | 14 +-
net/sctp/sm_statefuns.c | 9 +-
net/tipc/udp_media.c | 6 +-
net/tls/tls_sw.c | 50 +++++--
net/wireless/core.c | 2 +-
net/xdp/xdp_umem.c | 8 +-
net/xfrm/espintcp.c | 2 +
net/xfrm/xfrm_device.c | 8 +-
net/xfrm/xfrm_input.c | 2 +-
net/xfrm/xfrm_interface.c | 21 +++
net/xfrm/xfrm_output.c | 15 ++-
net/xfrm/xfrm_policy.c | 7 +-
samples/bpf/lwt_len_hist_user.c | 2 -
security/commoncap.c | 1 +
sound/core/hwdep.c | 4 +-
sound/pci/hda/patch_realtek.c | 39 ++++--
sound/usb/mixer.c | 8 ++
sound/usb/mixer_maps.c | 24 ++++
sound/usb/quirks-table.h | 26 ++++
tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c | 1 +
213 files changed, 1811 insertions(+), 1019 deletions(-)
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 001/177] ax25: fix setsockopt(SO_BINDTODEVICE)
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 002/177] dpaa_eth: fix usage as DSA master, try 3 Greg Kroah-Hartman
` (176 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, syzbot, David S. Miller
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 687775cec056b38a4c8f3291e0dd7a9145f7b667 ]
syzbot was able to trigger this trace [1], probably by using
a zero optlen.
While we are at it, cap optlen to IFNAMSIZ - 1 instead of IFNAMSIZ.
[1]
BUG: KMSAN: uninit-value in strnlen+0xf9/0x170 lib/string.c:569
CPU: 0 PID: 8807 Comm: syz-executor483 Not tainted 5.7.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c9/0x220 lib/dump_stack.c:118
kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121
__msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
strnlen+0xf9/0x170 lib/string.c:569
dev_name_hash net/core/dev.c:207 [inline]
netdev_name_node_lookup net/core/dev.c:277 [inline]
__dev_get_by_name+0x75/0x2b0 net/core/dev.c:778
ax25_setsockopt+0xfa3/0x1170 net/ax25/af_ax25.c:654
__compat_sys_setsockopt+0x4ed/0x910 net/compat.c:403
__do_compat_sys_setsockopt net/compat.c:413 [inline]
__se_compat_sys_setsockopt+0xdd/0x100 net/compat.c:410
__ia32_compat_sys_setsockopt+0x62/0x80 net/compat.c:410
do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline]
do_fast_syscall_32+0x3bf/0x6d0 arch/x86/entry/common.c:398
entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139
RIP: 0023:0xf7f57dd9
Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000ffae8c1c EFLAGS: 00000217 ORIG_RAX: 000000000000016e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000101
RDX: 0000000000000019 RSI: 0000000020000000 RDI: 0000000000000004
RBP: 0000000000000012 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Local variable ----devname@ax25_setsockopt created at:
ax25_setsockopt+0xe6/0x1170 net/ax25/af_ax25.c:536
ax25_setsockopt+0xe6/0x1170 net/ax25/af_ax25.c:536
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ax25/af_ax25.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -635,8 +635,10 @@ static int ax25_setsockopt(struct socket
break;
case SO_BINDTODEVICE:
- if (optlen > IFNAMSIZ)
- optlen = IFNAMSIZ;
+ if (optlen > IFNAMSIZ - 1)
+ optlen = IFNAMSIZ - 1;
+
+ memset(devname, 0, sizeof(devname));
if (copy_from_user(devname, optval, optlen)) {
res = -EFAULT;
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 002/177] dpaa_eth: fix usage as DSA master, try 3
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 001/177] ax25: fix setsockopt(SO_BINDTODEVICE) Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 003/177] ethtool: count header size in reply size estimate Greg Kroah-Hartman
` (175 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vladimir Oltean, Florian Fainelli,
David S. Miller
From: Vladimir Oltean <vladimir.oltean@nxp.com>
[ Upstream commit 5d14c304bfc14b4fd052dc83d5224376b48f52f0 ]
The dpaa-eth driver probes on compatible string for the MAC node, and
the fman/mac.c driver allocates a dpaa-ethernet platform device that
triggers the probing of the dpaa-eth net device driver.
All of this is fine, but the problem is that the struct device of the
dpaa_eth net_device is 2 parents away from the MAC which can be
referenced via of_node. So of_find_net_device_by_node can't find it, and
DSA switches won't be able to probe on top of FMan ports.
It would be a bit silly to modify a core function
(of_find_net_device_by_node) to look for dev->parent->parent->of_node
just for one driver. We're just 1 step away from implementing full
recursion.
Actually there have already been at least 2 previous attempts to make
this work:
- Commit a1a50c8e4c24 ("fsl/man: Inherit parent device and of_node")
- One or more of the patches in "[v3,0/6] adapt DPAA drivers for DSA":
https://patchwork.ozlabs.org/project/netdev/cover/1508178970-28945-1-git-send-email-madalin.bucur@nxp.com/
(I couldn't really figure out which one was supposed to solve the
problem and how).
Point being, it looks like this is still pretty much a problem today.
On T1040, the /sys/class/net/eth0 symlink currently points to
../../devices/platform/ffe000000.soc/ffe400000.fman/ffe4e6000.ethernet/dpaa-ethernet.0/net/eth0
which pretty much illustrates the problem. The closest of_node we've got
is the "fsl,fman-memac" at /soc@ffe000000/fman@400000/ethernet@e6000,
which is what we'd like to be able to reference from DSA as host port.
For of_find_net_device_by_node to find the eth0 port, we would need the
parent of the eth0 net_device to not be the "dpaa-ethernet" platform
device, but to point 1 level higher, aka the "fsl,fman-memac" node
directly. The new sysfs path would look like this:
../../devices/platform/ffe000000.soc/ffe400000.fman/ffe4e6000.ethernet/net/eth0
And this is exactly what SET_NETDEV_DEV does. It sets the parent of the
net_device. The new parent has an of_node associated with it, and
of_dev_node_match already checks for the of_node of the device or of its
parent.
Fixes: a1a50c8e4c24 ("fsl/man: Inherit parent device and of_node")
Fixes: c6e26ea8c893 ("dpaa_eth: change device used")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c
+++ b/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c
@@ -2902,7 +2902,7 @@ static int dpaa_eth_probe(struct platfor
}
/* Do this here, so we can be verbose early */
- SET_NETDEV_DEV(net_dev, dev);
+ SET_NETDEV_DEV(net_dev, dev->parent);
dev_set_drvdata(dev, net_dev);
priv = netdev_priv(net_dev);
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 003/177] ethtool: count header size in reply size estimate
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 001/177] ax25: fix setsockopt(SO_BINDTODEVICE) Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 002/177] dpaa_eth: fix usage as DSA master, try 3 Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 004/177] felix: Fix initialization of ioremap resources Greg Kroah-Hartman
` (174 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Oleksij Rempel, Michal Kubecek,
David S. Miller
From: Michal Kubecek <mkubecek@suse.cz>
[ Upstream commit 7c87e32d2e380228ada79d20ac5b7674718ef097 ]
As ethnl_request_ops::reply_size handlers do not include common header
size into calculated/estimated reply size, it needs to be added in
ethnl_default_doit() and ethnl_default_notify() before allocating the
message. On the other hand, strset_reply_size() should not add common
header size.
Fixes: 728480f12442 ("ethtool: default handlers for GET requests")
Reported-by: Oleksij Rempel <o.rempel@pengutronix.de>
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ethtool/netlink.c | 4 ++--
net/ethtool/strset.c | 1 -
2 files changed, 2 insertions(+), 3 deletions(-)
--- a/net/ethtool/netlink.c
+++ b/net/ethtool/netlink.c
@@ -334,7 +334,7 @@ static int ethnl_default_doit(struct sk_
ret = ops->reply_size(req_info, reply_data);
if (ret < 0)
goto err_cleanup;
- reply_len = ret;
+ reply_len = ret + ethnl_reply_header_size();
ret = -ENOMEM;
rskb = ethnl_reply_init(reply_len, req_info->dev, ops->reply_cmd,
ops->hdr_attr, info, &reply_payload);
@@ -573,7 +573,7 @@ static void ethnl_default_notify(struct
ret = ops->reply_size(req_info, reply_data);
if (ret < 0)
goto err_cleanup;
- reply_len = ret;
+ reply_len = ret + ethnl_reply_header_size();
ret = -ENOMEM;
skb = genlmsg_new(reply_len, GFP_KERNEL);
if (!skb)
--- a/net/ethtool/strset.c
+++ b/net/ethtool/strset.c
@@ -309,7 +309,6 @@ static int strset_reply_size(const struc
int len = 0;
int ret;
- len += ethnl_reply_header_size();
for (i = 0; i < ETH_SS_COUNT; i++) {
const struct strset_info *set_info = &data->sets[i];
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 004/177] felix: Fix initialization of ioremap resources
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 003/177] ethtool: count header size in reply size estimate Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 005/177] net: dont return invalid table id error when we fall back to PF_UNSPEC Greg Kroah-Hartman
` (173 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Claudiu Manoil, Vladimir Oltean,
David S. Miller
From: Claudiu Manoil <claudiu.manoil@nxp.com>
[ Upstream commit b4024c9e5c57902155d3b5e7de482e245f492bff ]
The caller of devm_ioremap_resource(), either accidentally
or by wrong assumption, is writing back derived resource data
to global static resource initialization tables that should
have been constant. Meaning that after it computes the final
physical start address it saves the address for no reason
in the static tables. This doesn't affect the first driver
probing after reboot, but it breaks consecutive driver reloads
(i.e. driver unbind & bind) because the initialization tables
no longer have the correct initial values. So the next probe()
will map the device registers to wrong physical addresses,
causing ARM SError async exceptions.
This patch fixes all of the above.
Fixes: 56051948773e ("net: dsa: ocelot: add driver for Felix switch family")
Signed-off-by: Claudiu Manoil <claudiu.manoil@nxp.com>
Reviewed-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Tested-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/dsa/ocelot/felix.c | 23 +++++++++++------------
drivers/net/dsa/ocelot/felix.h | 6 +++---
drivers/net/dsa/ocelot/felix_vsc9959.c | 22 ++++++++++------------
3 files changed, 24 insertions(+), 27 deletions(-)
--- a/drivers/net/dsa/ocelot/felix.c
+++ b/drivers/net/dsa/ocelot/felix.c
@@ -385,6 +385,7 @@ static int felix_init_structs(struct fel
struct ocelot *ocelot = &felix->ocelot;
phy_interface_t *port_phy_modes;
resource_size_t switch_base;
+ struct resource res;
int port, i, err;
ocelot->num_phys_ports = num_phys_ports;
@@ -416,17 +417,16 @@ static int felix_init_structs(struct fel
for (i = 0; i < TARGET_MAX; i++) {
struct regmap *target;
- struct resource *res;
if (!felix->info->target_io_res[i].name)
continue;
- res = &felix->info->target_io_res[i];
- res->flags = IORESOURCE_MEM;
- res->start += switch_base;
- res->end += switch_base;
+ memcpy(&res, &felix->info->target_io_res[i], sizeof(res));
+ res.flags = IORESOURCE_MEM;
+ res.start += switch_base;
+ res.end += switch_base;
- target = ocelot_regmap_init(ocelot, res);
+ target = ocelot_regmap_init(ocelot, &res);
if (IS_ERR(target)) {
dev_err(ocelot->dev,
"Failed to map device memory space\n");
@@ -447,7 +447,6 @@ static int felix_init_structs(struct fel
for (port = 0; port < num_phys_ports; port++) {
struct ocelot_port *ocelot_port;
void __iomem *port_regs;
- struct resource *res;
ocelot_port = devm_kzalloc(ocelot->dev,
sizeof(struct ocelot_port),
@@ -459,12 +458,12 @@ static int felix_init_structs(struct fel
return -ENOMEM;
}
- res = &felix->info->port_io_res[port];
- res->flags = IORESOURCE_MEM;
- res->start += switch_base;
- res->end += switch_base;
+ memcpy(&res, &felix->info->port_io_res[port], sizeof(res));
+ res.flags = IORESOURCE_MEM;
+ res.start += switch_base;
+ res.end += switch_base;
- port_regs = devm_ioremap_resource(ocelot->dev, res);
+ port_regs = devm_ioremap_resource(ocelot->dev, &res);
if (IS_ERR(port_regs)) {
dev_err(ocelot->dev,
"failed to map registers for port %d\n", port);
--- a/drivers/net/dsa/ocelot/felix.h
+++ b/drivers/net/dsa/ocelot/felix.h
@@ -8,9 +8,9 @@
/* Platform-specific information */
struct felix_info {
- struct resource *target_io_res;
- struct resource *port_io_res;
- struct resource *imdio_res;
+ const struct resource *target_io_res;
+ const struct resource *port_io_res;
+ const struct resource *imdio_res;
const struct reg_field *regfields;
const u32 *const *map;
const struct ocelot_ops *ops;
--- a/drivers/net/dsa/ocelot/felix_vsc9959.c
+++ b/drivers/net/dsa/ocelot/felix_vsc9959.c
@@ -328,10 +328,8 @@ static const u32 *vsc9959_regmap[] = {
[GCB] = vsc9959_gcb_regmap,
};
-/* Addresses are relative to the PCI device's base address and
- * will be fixed up at ioremap time.
- */
-static struct resource vsc9959_target_io_res[] = {
+/* Addresses are relative to the PCI device's base address */
+static const struct resource vsc9959_target_io_res[] = {
[ANA] = {
.start = 0x0280000,
.end = 0x028ffff,
@@ -374,7 +372,7 @@ static struct resource vsc9959_target_io
},
};
-static struct resource vsc9959_port_io_res[] = {
+static const struct resource vsc9959_port_io_res[] = {
{
.start = 0x0100000,
.end = 0x010ffff,
@@ -410,7 +408,7 @@ static struct resource vsc9959_port_io_r
/* Port MAC 0 Internal MDIO bus through which the SerDes acting as an
* SGMII/QSGMII MAC PCS can be found.
*/
-static struct resource vsc9959_imdio_res = {
+static const struct resource vsc9959_imdio_res = {
.start = 0x8030,
.end = 0x8040,
.name = "imdio",
@@ -984,7 +982,7 @@ static int vsc9959_mdio_bus_alloc(struct
struct device *dev = ocelot->dev;
resource_size_t imdio_base;
void __iomem *imdio_regs;
- struct resource *res;
+ struct resource res;
struct enetc_hw *hw;
struct mii_bus *bus;
int port;
@@ -1001,12 +999,12 @@ static int vsc9959_mdio_bus_alloc(struct
imdio_base = pci_resource_start(felix->pdev,
felix->info->imdio_pci_bar);
- res = felix->info->imdio_res;
- res->flags = IORESOURCE_MEM;
- res->start += imdio_base;
- res->end += imdio_base;
+ memcpy(&res, felix->info->imdio_res, sizeof(res));
+ res.flags = IORESOURCE_MEM;
+ res.start += imdio_base;
+ res.end += imdio_base;
- imdio_regs = devm_ioremap_resource(dev, res);
+ imdio_regs = devm_ioremap_resource(dev, &res);
if (IS_ERR(imdio_regs)) {
dev_err(dev, "failed to map internal MDIO registers\n");
return PTR_ERR(imdio_regs);
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 005/177] net: dont return invalid table id error when we fall back to PF_UNSPEC
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 004/177] felix: Fix initialization of ioremap resources Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 006/177] net: dsa: mt7530: fix roaming from DSA user ports Greg Kroah-Hartman
` (172 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sabrina Dubroca, David Ahern,
David S. Miller
From: Sabrina Dubroca <sd@queasysnail.net>
[ Upstream commit 41b4bd986f86331efc599b9a3f5fb86ad92e9af9 ]
In case we can't find a ->dumpit callback for the requested
(family,type) pair, we fall back to (PF_UNSPEC,type). In effect, we're
in the same situation as if userspace had requested a PF_UNSPEC
dump. For RTM_GETROUTE, that handler is rtnl_dump_all, which calls all
the registered RTM_GETROUTE handlers.
The requested table id may or may not exist for all of those
families. commit ae677bbb4441 ("net: Don't return invalid table id
error when dumping all families") fixed the problem when userspace
explicitly requests a PF_UNSPEC dump, but missed the fallback case.
For example, when we pass ipv6.disable=1 to a kernel with
CONFIG_IP_MROUTE=y and CONFIG_IP_MROUTE_MULTIPLE_TABLES=y,
the (PF_INET6, RTM_GETROUTE) handler isn't registered, so we end up in
rtnl_dump_all, and listing IPv6 routes will unexpectedly print:
# ip -6 r
Error: ipv4: MR table does not exist.
Dump terminated
commit ae677bbb4441 introduced the dump_all_families variable, which
gets set when userspace requests a PF_UNSPEC dump. However, we can't
simply set the family to PF_UNSPEC in rtnetlink_rcv_msg in the
fallback case to get dump_all_families == true, because some messages
types (for example RTM_GETRULE and RTM_GETNEIGH) only register the
PF_UNSPEC handler and use the family to filter in the kernel what is
dumped to userspace. We would then export more entries, that userspace
would have to filter. iproute does that, but other programs may not.
Instead, this patch removes dump_all_families and updates the
RTM_GETROUTE handlers to check if the family that is being dumped is
their own. When it's not, which covers both the intentional PF_UNSPEC
dumps (as dump_all_families did) and the fallback case, ignore the
missing table id error.
Fixes: cb167893f41e ("net: Plumb support for filtering ipv4 and ipv6 multicast route dumps")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Reviewed-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/ip_fib.h | 1 -
net/ipv4/fib_frontend.c | 3 +--
net/ipv4/ipmr.c | 2 +-
net/ipv6/ip6_fib.c | 2 +-
net/ipv6/ip6mr.c | 2 +-
5 files changed, 4 insertions(+), 6 deletions(-)
--- a/include/net/ip_fib.h
+++ b/include/net/ip_fib.h
@@ -257,7 +257,6 @@ struct fib_dump_filter {
u32 table_id;
/* filter_set is an optimization that an entry is set */
bool filter_set;
- bool dump_all_families;
bool dump_routes;
bool dump_exceptions;
unsigned char protocol;
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -918,7 +918,6 @@ int ip_valid_fib_dump_req(struct net *ne
else
filter->dump_exceptions = false;
- filter->dump_all_families = (rtm->rtm_family == AF_UNSPEC);
filter->flags = rtm->rtm_flags;
filter->protocol = rtm->rtm_protocol;
filter->rt_type = rtm->rtm_type;
@@ -990,7 +989,7 @@ static int inet_dump_fib(struct sk_buff
if (filter.table_id) {
tb = fib_get_table(net, filter.table_id);
if (!tb) {
- if (filter.dump_all_families)
+ if (rtnl_msg_family(cb->nlh) != PF_INET)
return skb->len;
NL_SET_ERR_MSG(cb->extack, "ipv4: FIB table does not exist");
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -2611,7 +2611,7 @@ static int ipmr_rtm_dumproute(struct sk_
mrt = ipmr_get_table(sock_net(skb->sk), filter.table_id);
if (!mrt) {
- if (filter.dump_all_families)
+ if (rtnl_msg_family(cb->nlh) != RTNL_FAMILY_IPMR)
return skb->len;
NL_SET_ERR_MSG(cb->extack, "ipv4: MR table does not exist");
--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -664,7 +664,7 @@ static int inet6_dump_fib(struct sk_buff
if (arg.filter.table_id) {
tb = fib6_get_table(net, arg.filter.table_id);
if (!tb) {
- if (arg.filter.dump_all_families)
+ if (rtnl_msg_family(cb->nlh) != PF_INET6)
goto out;
NL_SET_ERR_MSG_MOD(cb->extack, "FIB table does not exist");
--- a/net/ipv6/ip6mr.c
+++ b/net/ipv6/ip6mr.c
@@ -2501,7 +2501,7 @@ static int ip6mr_rtm_dumproute(struct sk
mrt = ip6mr_get_table(sock_net(skb->sk), filter.table_id);
if (!mrt) {
- if (filter.dump_all_families)
+ if (rtnl_msg_family(cb->nlh) != RTNL_FAMILY_IP6MR)
return skb->len;
NL_SET_ERR_MSG_MOD(cb->extack, "MR table does not exist");
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 006/177] net: dsa: mt7530: fix roaming from DSA user ports
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 005/177] net: dont return invalid table id error when we fall back to PF_UNSPEC Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 007/177] net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during suspend Greg Kroah-Hartman
` (171 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, DENG Qingfang, David S. Miller
From: DENG Qingfang <dqfext@gmail.com>
[ Upstream commit 5e5502e012b8129e11be616acb0f9c34bc8f8adb ]
When a client moves from a DSA user port to a software port in a bridge,
it cannot reach any other clients that connected to the DSA user ports.
That is because SA learning on the CPU port is disabled, so the switch
ignores the client's frames from the CPU port and still thinks it is at
the user port.
Fix it by enabling SA learning on the CPU port.
To prevent the switch from learning from flooding frames from the CPU
port, set skb->offload_fwd_mark to 1 for unicast and broadcast frames,
and let the switch flood them instead of trapping to the CPU port.
Multicast frames still need to be trapped to the CPU port for snooping,
so set the SA_DIS bit of the MTK tag to 1 when transmitting those frames
to disable SA learning.
Fixes: b8f126a8d543 ("net-next: dsa: add dsa support for Mediatek MT7530 switch")
Signed-off-by: DENG Qingfang <dqfext@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/dsa/mt7530.c | 9 ++-------
drivers/net/dsa/mt7530.h | 1 +
net/dsa/tag_mtk.c | 15 +++++++++++++++
3 files changed, 18 insertions(+), 7 deletions(-)
--- a/drivers/net/dsa/mt7530.c
+++ b/drivers/net/dsa/mt7530.c
@@ -639,11 +639,8 @@ mt7530_cpu_port_enable(struct mt7530_pri
mt7530_write(priv, MT7530_PVC_P(port),
PORT_SPEC_TAG);
- /* Disable auto learning on the cpu port */
- mt7530_set(priv, MT7530_PSC_P(port), SA_DIS);
-
- /* Unknown unicast frame fordwarding to the cpu port */
- mt7530_set(priv, MT7530_MFC, UNU_FFP(BIT(port)));
+ /* Unknown multicast frame forwarding to the cpu port */
+ mt7530_rmw(priv, MT7530_MFC, UNM_FFP_MASK, UNM_FFP(BIT(port)));
/* Set CPU port number */
if (priv->id == ID_MT7621)
@@ -1247,8 +1244,6 @@ mt7530_setup(struct dsa_switch *ds)
/* Enable and reset MIB counters */
mt7530_mib_reset(ds);
- mt7530_clear(priv, MT7530_MFC, UNU_FFP_MASK);
-
for (i = 0; i < MT7530_NUM_PORTS; i++) {
/* Disable forwarding by default on all ports */
mt7530_rmw(priv, MT7530_PCR_P(i), PCR_MATRIX_MASK,
--- a/drivers/net/dsa/mt7530.h
+++ b/drivers/net/dsa/mt7530.h
@@ -31,6 +31,7 @@ enum {
#define MT7530_MFC 0x10
#define BC_FFP(x) (((x) & 0xff) << 24)
#define UNM_FFP(x) (((x) & 0xff) << 16)
+#define UNM_FFP_MASK UNM_FFP(~0)
#define UNU_FFP(x) (((x) & 0xff) << 8)
#define UNU_FFP_MASK UNU_FFP(~0)
#define CPU_EN BIT(7)
--- a/net/dsa/tag_mtk.c
+++ b/net/dsa/tag_mtk.c
@@ -15,6 +15,7 @@
#define MTK_HDR_XMIT_TAGGED_TPID_8100 1
#define MTK_HDR_RECV_SOURCE_PORT_MASK GENMASK(2, 0)
#define MTK_HDR_XMIT_DP_BIT_MASK GENMASK(5, 0)
+#define MTK_HDR_XMIT_SA_DIS BIT(6)
static struct sk_buff *mtk_tag_xmit(struct sk_buff *skb,
struct net_device *dev)
@@ -22,6 +23,9 @@ static struct sk_buff *mtk_tag_xmit(stru
struct dsa_port *dp = dsa_slave_to_port(dev);
u8 *mtk_tag;
bool is_vlan_skb = true;
+ unsigned char *dest = eth_hdr(skb)->h_dest;
+ bool is_multicast_skb = is_multicast_ether_addr(dest) &&
+ !is_broadcast_ether_addr(dest);
/* Build the special tag after the MAC Source Address. If VLAN header
* is present, it's required that VLAN header and special tag is
@@ -47,6 +51,10 @@ static struct sk_buff *mtk_tag_xmit(stru
MTK_HDR_XMIT_UNTAGGED;
mtk_tag[1] = (1 << dp->index) & MTK_HDR_XMIT_DP_BIT_MASK;
+ /* Disable SA learning for multicast frames */
+ if (unlikely(is_multicast_skb))
+ mtk_tag[1] |= MTK_HDR_XMIT_SA_DIS;
+
/* Tag control information is kept for 802.1Q */
if (!is_vlan_skb) {
mtk_tag[2] = 0;
@@ -61,6 +69,9 @@ static struct sk_buff *mtk_tag_rcv(struc
{
int port;
__be16 *phdr, hdr;
+ unsigned char *dest = eth_hdr(skb)->h_dest;
+ bool is_multicast_skb = is_multicast_ether_addr(dest) &&
+ !is_broadcast_ether_addr(dest);
if (unlikely(!pskb_may_pull(skb, MTK_HDR_LEN)))
return NULL;
@@ -86,6 +97,10 @@ static struct sk_buff *mtk_tag_rcv(struc
if (!skb->dev)
return NULL;
+ /* Only unicast or broadcast frames are offloaded */
+ if (likely(!is_multicast_skb))
+ skb->offload_fwd_mark = 1;
+
return skb;
}
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 007/177] net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during suspend
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 006/177] net: dsa: mt7530: fix roaming from DSA user ports Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 008/177] __netif_receive_skb_core: pass skb by reference Greg Kroah-Hartman
` (170 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Grygorii Strashko, David S. Miller
From: Grygorii Strashko <grygorii.strashko@ti.com>
[ Upstream commit 4c64b83d03f4aafcdf710caad994cbc855802e74 ]
vlan_for_each() are required to be called with rtnl_lock taken, otherwise
ASSERT_RTNL() warning will be triggered - which happens now during System
resume from suspend:
cpsw_suspend()
|- cpsw_ndo_stop()
|- __hw_addr_ref_unsync_dev()
|- cpsw_purge_all_mc()
|- vlan_for_each()
|- ASSERT_RTNL();
Hence, fix it by surrounding cpsw_ndo_stop() by rtnl_lock/unlock() calls.
Fixes: 15180eca569b ("net: ethernet: ti: cpsw: fix vlan mcast")
Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/ti/cpsw.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/net/ethernet/ti/cpsw.c
+++ b/drivers/net/ethernet/ti/cpsw.c
@@ -1752,11 +1752,15 @@ static int cpsw_suspend(struct device *d
struct cpsw_common *cpsw = dev_get_drvdata(dev);
int i;
+ rtnl_lock();
+
for (i = 0; i < cpsw->data.slaves; i++)
if (cpsw->slaves[i].ndev)
if (netif_running(cpsw->slaves[i].ndev))
cpsw_ndo_stop(cpsw->slaves[i].ndev);
+ rtnl_unlock();
+
/* Select sleep pin state */
pinctrl_pm_select_sleep_state(dev);
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 008/177] __netif_receive_skb_core: pass skb by reference
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 007/177] net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during suspend Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 009/177] net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* Greg Kroah-Hartman
` (169 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Boris Sukholitko, Edward Cree,
David S. Miller
From: Boris Sukholitko <boris.sukholitko@broadcom.com>
[ Upstream commit c0bbbdc32febd4f034ecbf3ea17865785b2c0652 ]
__netif_receive_skb_core may change the skb pointer passed into it (e.g.
in rx_handler). The original skb may be freed as a result of this
operation.
The callers of __netif_receive_skb_core may further process original skb
by using pt_prev pointer returned by __netif_receive_skb_core thus
leading to unpleasant effects.
The solution is to pass skb by reference into __netif_receive_skb_core.
v2: Added Fixes tag and comment regarding ppt_prev and skb invariant.
Fixes: 88eb1944e18c ("net: core: propagate SKB lists through packet_type lookup")
Signed-off-by: Boris Sukholitko <boris.sukholitko@broadcom.com>
Acked-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/core/dev.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -4988,11 +4988,12 @@ static inline int nf_ingress(struct sk_b
return 0;
}
-static int __netif_receive_skb_core(struct sk_buff *skb, bool pfmemalloc,
+static int __netif_receive_skb_core(struct sk_buff **pskb, bool pfmemalloc,
struct packet_type **ppt_prev)
{
struct packet_type *ptype, *pt_prev;
rx_handler_func_t *rx_handler;
+ struct sk_buff *skb = *pskb;
struct net_device *orig_dev;
bool deliver_exact = false;
int ret = NET_RX_DROP;
@@ -5023,8 +5024,10 @@ another_round:
ret2 = do_xdp_generic(rcu_dereference(skb->dev->xdp_prog), skb);
preempt_enable();
- if (ret2 != XDP_PASS)
- return NET_RX_DROP;
+ if (ret2 != XDP_PASS) {
+ ret = NET_RX_DROP;
+ goto out;
+ }
skb_reset_mac_len(skb);
}
@@ -5174,6 +5177,13 @@ drop:
}
out:
+ /* The invariant here is that if *ppt_prev is not NULL
+ * then skb should also be non-NULL.
+ *
+ * Apparently *ppt_prev assignment above holds this invariant due to
+ * skb dereferencing near it.
+ */
+ *pskb = skb;
return ret;
}
@@ -5183,7 +5193,7 @@ static int __netif_receive_skb_one_core(
struct packet_type *pt_prev = NULL;
int ret;
- ret = __netif_receive_skb_core(skb, pfmemalloc, &pt_prev);
+ ret = __netif_receive_skb_core(&skb, pfmemalloc, &pt_prev);
if (pt_prev)
ret = INDIRECT_CALL_INET(pt_prev->func, ipv6_rcv, ip_rcv, skb,
skb->dev, pt_prev, orig_dev);
@@ -5261,7 +5271,7 @@ static void __netif_receive_skb_list_cor
struct packet_type *pt_prev = NULL;
skb_list_del_init(skb);
- __netif_receive_skb_core(skb, pfmemalloc, &pt_prev);
+ __netif_receive_skb_core(&skb, pfmemalloc, &pt_prev);
if (!pt_prev)
continue;
if (pt_curr != pt_prev || od_curr != orig_dev) {
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 009/177] net: inet_csk: Fix so_reuseport bind-address cache in tb->fast*
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 008/177] __netif_receive_skb_core: pass skb by reference Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 010/177] net: ipip: fix wrong address family in init error path Greg Kroah-Hartman
` (168 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Josef Bacik, Martin KaFai Lau,
David S. Miller
From: Martin KaFai Lau <kafai@fb.com>
[ Upstream commit 88d7fcfa3b1fe670f0412b95be785aafca63352b ]
The commit 637bc8bbe6c0 ("inet: reset tb->fastreuseport when adding a reuseport sk")
added a bind-address cache in tb->fast*. The tb->fast* caches the address
of a sk which has successfully been binded with SO_REUSEPORT ON. The idea
is to avoid the expensive conflict search in inet_csk_bind_conflict().
There is an issue with wildcard matching where sk_reuseport_match() should
have returned false but it is currently returning true. It ends up
hiding bind conflict. For example,
bind("[::1]:443"); /* without SO_REUSEPORT. Succeed. */
bind("[::2]:443"); /* with SO_REUSEPORT. Succeed. */
bind("[::]:443"); /* with SO_REUSEPORT. Still Succeed where it shouldn't */
The last bind("[::]:443") with SO_REUSEPORT on should have failed because
it should have a conflict with the very first bind("[::1]:443") which
has SO_REUSEPORT off. However, the address "[::2]" is cached in
tb->fast* in the second bind. In the last bind, the sk_reuseport_match()
returns true because the binding sk's wildcard addr "[::]" matches with
the "[::2]" cached in tb->fast*.
The correct bind conflict is reported by removing the second
bind such that tb->fast* cache is not involved and forces the
bind("[::]:443") to go through the inet_csk_bind_conflict():
bind("[::1]:443"); /* without SO_REUSEPORT. Succeed. */
bind("[::]:443"); /* with SO_REUSEPORT. -EADDRINUSE */
The expected behavior for sk_reuseport_match() is, it should only allow
the "cached" tb->fast* address to be used as a wildcard match but not
the address of the binding sk. To do that, the current
"bool match_wildcard" arg is split into
"bool match_sk1_wildcard" and "bool match_sk2_wildcard".
This change only affects the sk_reuseport_match() which is only
used by inet_csk (e.g. TCP).
The other use cases are calling inet_rcv_saddr_equal() and
this patch makes it pass the same "match_wildcard" arg twice to
the "ipv[46]_rcv_saddr_equal(..., match_wildcard, match_wildcard)".
Cc: Josef Bacik <jbacik@fb.com>
Fixes: 637bc8bbe6c0 ("inet: reset tb->fastreuseport when adding a reuseport sk")
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/inet_connection_sock.c | 43 ++++++++++++++++++++++------------------
1 file changed, 24 insertions(+), 19 deletions(-)
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -24,17 +24,19 @@
#include <net/addrconf.h>
#if IS_ENABLED(CONFIG_IPV6)
-/* match_wildcard == true: IPV6_ADDR_ANY equals to any IPv6 addresses if IPv6
- * only, and any IPv4 addresses if not IPv6 only
- * match_wildcard == false: addresses must be exactly the same, i.e.
- * IPV6_ADDR_ANY only equals to IPV6_ADDR_ANY,
- * and 0.0.0.0 equals to 0.0.0.0 only
+/* match_sk*_wildcard == true: IPV6_ADDR_ANY equals to any IPv6 addresses
+ * if IPv6 only, and any IPv4 addresses
+ * if not IPv6 only
+ * match_sk*_wildcard == false: addresses must be exactly the same, i.e.
+ * IPV6_ADDR_ANY only equals to IPV6_ADDR_ANY,
+ * and 0.0.0.0 equals to 0.0.0.0 only
*/
static bool ipv6_rcv_saddr_equal(const struct in6_addr *sk1_rcv_saddr6,
const struct in6_addr *sk2_rcv_saddr6,
__be32 sk1_rcv_saddr, __be32 sk2_rcv_saddr,
bool sk1_ipv6only, bool sk2_ipv6only,
- bool match_wildcard)
+ bool match_sk1_wildcard,
+ bool match_sk2_wildcard)
{
int addr_type = ipv6_addr_type(sk1_rcv_saddr6);
int addr_type2 = sk2_rcv_saddr6 ? ipv6_addr_type(sk2_rcv_saddr6) : IPV6_ADDR_MAPPED;
@@ -44,8 +46,8 @@ static bool ipv6_rcv_saddr_equal(const s
if (!sk2_ipv6only) {
if (sk1_rcv_saddr == sk2_rcv_saddr)
return true;
- if (!sk1_rcv_saddr || !sk2_rcv_saddr)
- return match_wildcard;
+ return (match_sk1_wildcard && !sk1_rcv_saddr) ||
+ (match_sk2_wildcard && !sk2_rcv_saddr);
}
return false;
}
@@ -53,11 +55,11 @@ static bool ipv6_rcv_saddr_equal(const s
if (addr_type == IPV6_ADDR_ANY && addr_type2 == IPV6_ADDR_ANY)
return true;
- if (addr_type2 == IPV6_ADDR_ANY && match_wildcard &&
+ if (addr_type2 == IPV6_ADDR_ANY && match_sk2_wildcard &&
!(sk2_ipv6only && addr_type == IPV6_ADDR_MAPPED))
return true;
- if (addr_type == IPV6_ADDR_ANY && match_wildcard &&
+ if (addr_type == IPV6_ADDR_ANY && match_sk1_wildcard &&
!(sk1_ipv6only && addr_type2 == IPV6_ADDR_MAPPED))
return true;
@@ -69,18 +71,19 @@ static bool ipv6_rcv_saddr_equal(const s
}
#endif
-/* match_wildcard == true: 0.0.0.0 equals to any IPv4 addresses
- * match_wildcard == false: addresses must be exactly the same, i.e.
- * 0.0.0.0 only equals to 0.0.0.0
+/* match_sk*_wildcard == true: 0.0.0.0 equals to any IPv4 addresses
+ * match_sk*_wildcard == false: addresses must be exactly the same, i.e.
+ * 0.0.0.0 only equals to 0.0.0.0
*/
static bool ipv4_rcv_saddr_equal(__be32 sk1_rcv_saddr, __be32 sk2_rcv_saddr,
- bool sk2_ipv6only, bool match_wildcard)
+ bool sk2_ipv6only, bool match_sk1_wildcard,
+ bool match_sk2_wildcard)
{
if (!sk2_ipv6only) {
if (sk1_rcv_saddr == sk2_rcv_saddr)
return true;
- if (!sk1_rcv_saddr || !sk2_rcv_saddr)
- return match_wildcard;
+ return (match_sk1_wildcard && !sk1_rcv_saddr) ||
+ (match_sk2_wildcard && !sk2_rcv_saddr);
}
return false;
}
@@ -96,10 +99,12 @@ bool inet_rcv_saddr_equal(const struct s
sk2->sk_rcv_saddr,
ipv6_only_sock(sk),
ipv6_only_sock(sk2),
+ match_wildcard,
match_wildcard);
#endif
return ipv4_rcv_saddr_equal(sk->sk_rcv_saddr, sk2->sk_rcv_saddr,
- ipv6_only_sock(sk2), match_wildcard);
+ ipv6_only_sock(sk2), match_wildcard,
+ match_wildcard);
}
EXPORT_SYMBOL(inet_rcv_saddr_equal);
@@ -273,10 +278,10 @@ static inline int sk_reuseport_match(str
tb->fast_rcv_saddr,
sk->sk_rcv_saddr,
tb->fast_ipv6_only,
- ipv6_only_sock(sk), true);
+ ipv6_only_sock(sk), true, false);
#endif
return ipv4_rcv_saddr_equal(tb->fast_rcv_saddr, sk->sk_rcv_saddr,
- ipv6_only_sock(sk), true);
+ ipv6_only_sock(sk), true, false);
}
/* Obtain a reference to a local port for the given sock,
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 010/177] net: ipip: fix wrong address family in init error path
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 009/177] net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 011/177] net/mlx5: Add command entry handling completion Greg Kroah-Hartman
` (167 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Vadim Fedorenko, David S. Miller
From: Vadim Fedorenko <vfedorenko@novek.ru>
[ Upstream commit 57ebc8f08504f176eb0f25b3e0fde517dec61a4f ]
In case of error with MPLS support the code is misusing AF_INET
instead of AF_MPLS.
Fixes: 1b69e7e6c4da ("ipip: support MPLS over IPv4")
Signed-off-by: Vadim Fedorenko <vfedorenko@novek.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/ipip.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/ipv4/ipip.c
+++ b/net/ipv4/ipip.c
@@ -698,7 +698,7 @@ out:
rtnl_link_failed:
#if IS_ENABLED(CONFIG_MPLS)
- xfrm4_tunnel_deregister(&mplsip_handler, AF_INET);
+ xfrm4_tunnel_deregister(&mplsip_handler, AF_MPLS);
xfrm_tunnel_mplsip_failed:
#endif
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 011/177] net/mlx5: Add command entry handling completion
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 010/177] net: ipip: fix wrong address family in init error path Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 012/177] net: mvpp2: fix RX hashing for non-10G ports Greg Kroah-Hartman
` (166 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Moshe Shemesh, Eran Ben Elisha,
Saeed Mahameed
From: Moshe Shemesh <moshe@mellanox.com>
[ Upstream commit 17d00e839d3b592da9659c1977d45f85b77f986a ]
When FW response to commands is very slow and all command entries in
use are waiting for completion we can have a race where commands can get
timeout before they get out of the queue and handled. Timeout
completion on uninitialized command will cause releasing command's
buffers before accessing it for initialization and then we will get NULL
pointer exception while trying access it. It may also cause releasing
buffers of another command since we may have timeout completion before
even allocating entry index for this command.
Add entry handling completion to avoid this race.
Fixes: e126ba97dba9 ("mlx5: Add driver for Mellanox Connect-IB adapters")
Signed-off-by: Moshe Shemesh <moshe@mellanox.com>
Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 14 ++++++++++++++
include/linux/mlx5/driver.h | 1 +
2 files changed, 15 insertions(+)
--- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
@@ -861,6 +861,7 @@ static void cmd_work_handler(struct work
int alloc_ret;
int cmd_mode;
+ complete(&ent->handling);
sem = ent->page_queue ? &cmd->pages_sem : &cmd->sem;
down(sem);
if (!ent->page_queue) {
@@ -978,6 +979,11 @@ static int wait_func(struct mlx5_core_de
struct mlx5_cmd *cmd = &dev->cmd;
int err;
+ if (!wait_for_completion_timeout(&ent->handling, timeout) &&
+ cancel_work_sync(&ent->work)) {
+ ent->ret = -ECANCELED;
+ goto out_err;
+ }
if (cmd->mode == CMD_MODE_POLLING || ent->polling) {
wait_for_completion(&ent->done);
} else if (!wait_for_completion_timeout(&ent->done, timeout)) {
@@ -985,12 +991,17 @@ static int wait_func(struct mlx5_core_de
mlx5_cmd_comp_handler(dev, 1UL << ent->idx, true);
}
+out_err:
err = ent->ret;
if (err == -ETIMEDOUT) {
mlx5_core_warn(dev, "%s(0x%x) timeout. Will cause a leak of a command resource\n",
mlx5_command_str(msg_to_opcode(ent->in)),
msg_to_opcode(ent->in));
+ } else if (err == -ECANCELED) {
+ mlx5_core_warn(dev, "%s(0x%x) canceled on out of queue timeout.\n",
+ mlx5_command_str(msg_to_opcode(ent->in)),
+ msg_to_opcode(ent->in));
}
mlx5_core_dbg(dev, "err %d, delivery status %s(%d)\n",
err, deliv_status_to_str(ent->status), ent->status);
@@ -1026,6 +1037,7 @@ static int mlx5_cmd_invoke(struct mlx5_c
ent->token = token;
ent->polling = force_polling;
+ init_completion(&ent->handling);
if (!callback)
init_completion(&ent->done);
@@ -1045,6 +1057,8 @@ static int mlx5_cmd_invoke(struct mlx5_c
err = wait_func(dev, ent);
if (err == -ETIMEDOUT)
goto out;
+ if (err == -ECANCELED)
+ goto out_free;
ds = ent->ts2 - ent->ts1;
op = MLX5_GET(mbox_in, in->first.data, opcode);
--- a/include/linux/mlx5/driver.h
+++ b/include/linux/mlx5/driver.h
@@ -761,6 +761,7 @@ struct mlx5_cmd_work_ent {
struct delayed_work cb_timeout_work;
void *context;
int idx;
+ struct completion handling;
struct completion done;
struct mlx5_cmd *cmd;
struct work_struct work;
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 012/177] net: mvpp2: fix RX hashing for non-10G ports
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 011/177] net/mlx5: Add command entry handling completion Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 013/177] net: nlmsg_cancel() if put fails for nhmsg Greg Kroah-Hartman
` (165 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matteo Croce, Russell King, David S. Miller
From: Russell King <rmk+kernel@armlinux.org.uk>
[ Upstream commit 3138a07ce219acde4c0d7ea0b6d54ba64153328b ]
When rxhash is enabled on any ethernet port except the first in each CP
block, traffic flow is prevented. The analysis is below:
I've been investigating this afternoon, and what I've found, comparing
a kernel without 895586d5dc32 and with 895586d5dc32 applied is:
- The table programmed into the hardware via mvpp22_rss_fill_table()
appears to be identical with or without the commit.
- When rxhash is enabled on eth2, mvpp2_rss_port_c2_enable() reports
that c2.attr[0] and c2.attr[2] are written back containing:
- with 895586d5dc32, failing: 00200000 40000000
- without 895586d5dc32, working: 04000000 40000000
- When disabling rxhash, c2.attr[0] and c2.attr[2] are written back as:
04000000 00000000
The second value represents the MVPP22_CLS_C2_ATTR2_RSS_EN bit, the
first value is the queue number, which comprises two fields. The high
5 bits are 24:29 and the low three are 21:23 inclusive. This comes
from:
c2.attr[0] = MVPP22_CLS_C2_ATTR0_QHIGH(qh) |
MVPP22_CLS_C2_ATTR0_QLOW(ql);
So, the working case gives eth2 a queue id of 4.0, or 32 as per
port->first_rxq, and the non-working case a queue id of 0.1, or 1.
The allocation of queue IDs seems to be in mvpp2_port_probe():
if (priv->hw_version == MVPP21)
port->first_rxq = port->id * port->nrxqs;
else
port->first_rxq = port->id * priv->max_port_rxqs;
Where:
if (priv->hw_version == MVPP21)
priv->max_port_rxqs = 8;
else
priv->max_port_rxqs = 32;
Making the port 0 (eth0 / eth1) have port->first_rxq = 0, and port 1
(eth2) be 32. It seems the idea is that the first 32 queues belong to
port 0, the second 32 queues belong to port 1, etc.
mvpp2_rss_port_c2_enable() gets the queue number from it's parameter,
'ctx', which comes from mvpp22_rss_ctx(port, 0). This returns
port->rss_ctx[0].
mvpp22_rss_context_create() is responsible for allocating that, which
it does by looking for an unallocated priv->rss_tables[] pointer. This
table is shared amongst all ports on the CP silicon.
When we write the tables in mvpp22_rss_fill_table(), the RSS table
entry is defined by:
u32 sel = MVPP22_RSS_INDEX_TABLE(rss_ctx) |
MVPP22_RSS_INDEX_TABLE_ENTRY(i);
where rss_ctx is the context ID (queue number) and i is the index in
the table.
If we look at what is written:
- The first table to be written has "sel" values of 00000000..0000001f,
containing values 0..3. This appears to be for eth1. This is table 0,
RX queue number 0.
- The second table has "sel" values of 00000100..0000011f, and appears
to be for eth2. These contain values 0x20..0x23. This is table 1,
RX queue number 0.
- The third table has "sel" values of 00000200..0000021f, and appears
to be for eth3. These contain values 0x40..0x43. This is table 2,
RX queue number 0.
How do queue numbers translate to the RSS table? There is another
table - the RXQ2RSS table, indexed by the MVPP22_RSS_INDEX_QUEUE field
of MVPP22_RSS_INDEX and accessed through the MVPP22_RXQ2RSS_TABLE
register. Before 895586d5dc32, it was:
mvpp2_write(priv, MVPP22_RSS_INDEX,
MVPP22_RSS_INDEX_QUEUE(port->first_rxq));
mvpp2_write(priv, MVPP22_RXQ2RSS_TABLE,
MVPP22_RSS_TABLE_POINTER(port->id));
and after:
mvpp2_write(priv, MVPP22_RSS_INDEX, MVPP22_RSS_INDEX_QUEUE(ctx));
mvpp2_write(priv, MVPP22_RXQ2RSS_TABLE, MVPP22_RSS_TABLE_POINTER(ctx));
Before the commit, for eth2, that would've contained '32' for the
index and '1' for the table pointer - mapping queue 32 to table 1.
Remember that this is queue-high.queue-low of 4.0.
After the commit, we appear to map queue 1 to table 1. That again
looks fine on the face of it.
Section 9.3.1 of the A8040 manual seems indicate the reason that the
queue number is separated. queue-low seems to always come from the
classifier, whereas queue-high can be from the ingress physical port
number or the classifier depending on the MVPP2_CLS_SWFWD_PCTRL_REG.
We set the port bit in MVPP2_CLS_SWFWD_PCTRL_REG, meaning that queue-high
comes from the MVPP2_CLS_SWFWD_P2HQ_REG() register... and this seems to
be where our bug comes from.
mvpp2_cls_oversize_rxq_set() sets this up as:
mvpp2_write(port->priv, MVPP2_CLS_SWFWD_P2HQ_REG(port->id),
(port->first_rxq >> MVPP2_CLS_OVERSIZE_RXQ_LOW_BITS));
val = mvpp2_read(port->priv, MVPP2_CLS_SWFWD_PCTRL_REG);
val |= MVPP2_CLS_SWFWD_PCTRL_MASK(port->id);
mvpp2_write(port->priv, MVPP2_CLS_SWFWD_PCTRL_REG, val);
Setting the MVPP2_CLS_SWFWD_PCTRL_MASK bit means that the queue-high
for eth2 is _always_ 4, so only queues 32 through 39 inclusive are
available to eth2. Yet, we're trying to tell the classifier to set
queue-high, which will be ignored, to zero. Hence, the queue-high
field (MVPP22_CLS_C2_ATTR0_QHIGH()) from the classifier will be
ignored.
This means we end up directing traffic from eth2 not to queue 1, but
to queue 33, and then we tell it to look up queue 33 in the RSS table.
However, RSS table has not been programmed for queue 33, and so it ends
up (presumably) dropping the packets.
It seems that mvpp22_rss_context_create() doesn't take account of the
fact that the upper 5 bits of the queue ID can't actually be changed
due to the settings in mvpp2_cls_oversize_rxq_set(), _or_ it seems that
mvpp2_cls_oversize_rxq_set() has been missed in this commit. Either
way, these two functions mutually disagree with what queue number
should be used.
Looking deeper into what mvpp2_cls_oversize_rxq_set() and the MTU
validation is doing, it seems that MVPP2_CLS_SWFWD_P2HQ_REG() is used
for over-sized packets attempting to egress through this port. With
the classifier having had RSS enabled and directing eth2 traffic to
queue 1, we may still have packets appearing on queue 32 for this port.
However, the only way we may end up with over-sized packets attempting
to egress through eth2 - is if the A8040 forwards frames between its
ports. From what I can see, we don't support that feature, and the
kernel restricts the egress packet size to the MTU. In any case, if we
were to attempt to transmit an oversized packet, we have no support in
the kernel to deal with that appearing in the port's receive queue.
So, this patch attempts to solve the issue by clearing the
MVPP2_CLS_SWFWD_PCTRL_MASK() bit, allowing MVPP22_CLS_C2_ATTR0_QHIGH()
from the classifier to define the queue-high field of the queue number.
My testing seems to confirm my findings above - clearing this bit
means that if I enable rxhash on eth2, the interface can then pass
traffic, as we are now directing traffic to RX queue 1 rather than
queue 33. Traffic still seems to work with rxhash off as well.
Reported-by: Matteo Croce <mcroce@redhat.com>
Tested-by: Matteo Croce <mcroce@redhat.com>
Fixes: 895586d5dc32 ("net: mvpp2: cls: Use RSS contexts to handle RSS tables")
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c
+++ b/drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c
@@ -1070,7 +1070,7 @@ void mvpp2_cls_oversize_rxq_set(struct m
(port->first_rxq >> MVPP2_CLS_OVERSIZE_RXQ_LOW_BITS));
val = mvpp2_read(port->priv, MVPP2_CLS_SWFWD_PCTRL_REG);
- val |= MVPP2_CLS_SWFWD_PCTRL_MASK(port->id);
+ val &= ~MVPP2_CLS_SWFWD_PCTRL_MASK(port->id);
mvpp2_write(port->priv, MVPP2_CLS_SWFWD_PCTRL_REG, val);
}
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 013/177] net: nlmsg_cancel() if put fails for nhmsg
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 012/177] net: mvpp2: fix RX hashing for non-10G ports Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 014/177] net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() Greg Kroah-Hartman
` (164 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephen Worley, David Ahern, David S. Miller
From: Stephen Worley <sworley@cumulusnetworks.com>
[ Upstream commit d69100b8eee27c2d60ee52df76e0b80a8d492d34 ]
Fixes data remnant seen when we fail to reserve space for a
nexthop group during a larger dump.
If we fail the reservation, we goto nla_put_failure and
cancel the message.
Reproduce with the following iproute2 commands:
=====================
ip link add dummy1 type dummy
ip link add dummy2 type dummy
ip link add dummy3 type dummy
ip link add dummy4 type dummy
ip link add dummy5 type dummy
ip link add dummy6 type dummy
ip link add dummy7 type dummy
ip link add dummy8 type dummy
ip link add dummy9 type dummy
ip link add dummy10 type dummy
ip link add dummy11 type dummy
ip link add dummy12 type dummy
ip link add dummy13 type dummy
ip link add dummy14 type dummy
ip link add dummy15 type dummy
ip link add dummy16 type dummy
ip link add dummy17 type dummy
ip link add dummy18 type dummy
ip link add dummy19 type dummy
ip link add dummy20 type dummy
ip link add dummy21 type dummy
ip link add dummy22 type dummy
ip link add dummy23 type dummy
ip link add dummy24 type dummy
ip link add dummy25 type dummy
ip link add dummy26 type dummy
ip link add dummy27 type dummy
ip link add dummy28 type dummy
ip link add dummy29 type dummy
ip link add dummy30 type dummy
ip link add dummy31 type dummy
ip link add dummy32 type dummy
ip link set dummy1 up
ip link set dummy2 up
ip link set dummy3 up
ip link set dummy4 up
ip link set dummy5 up
ip link set dummy6 up
ip link set dummy7 up
ip link set dummy8 up
ip link set dummy9 up
ip link set dummy10 up
ip link set dummy11 up
ip link set dummy12 up
ip link set dummy13 up
ip link set dummy14 up
ip link set dummy15 up
ip link set dummy16 up
ip link set dummy17 up
ip link set dummy18 up
ip link set dummy19 up
ip link set dummy20 up
ip link set dummy21 up
ip link set dummy22 up
ip link set dummy23 up
ip link set dummy24 up
ip link set dummy25 up
ip link set dummy26 up
ip link set dummy27 up
ip link set dummy28 up
ip link set dummy29 up
ip link set dummy30 up
ip link set dummy31 up
ip link set dummy32 up
ip link set dummy33 up
ip link set dummy34 up
ip link set vrf-red up
ip link set vrf-blue up
ip link set dummyVRFred up
ip link set dummyVRFblue up
ip ro add 1.1.1.1/32 dev dummy1
ip ro add 1.1.1.2/32 dev dummy2
ip ro add 1.1.1.3/32 dev dummy3
ip ro add 1.1.1.4/32 dev dummy4
ip ro add 1.1.1.5/32 dev dummy5
ip ro add 1.1.1.6/32 dev dummy6
ip ro add 1.1.1.7/32 dev dummy7
ip ro add 1.1.1.8/32 dev dummy8
ip ro add 1.1.1.9/32 dev dummy9
ip ro add 1.1.1.10/32 dev dummy10
ip ro add 1.1.1.11/32 dev dummy11
ip ro add 1.1.1.12/32 dev dummy12
ip ro add 1.1.1.13/32 dev dummy13
ip ro add 1.1.1.14/32 dev dummy14
ip ro add 1.1.1.15/32 dev dummy15
ip ro add 1.1.1.16/32 dev dummy16
ip ro add 1.1.1.17/32 dev dummy17
ip ro add 1.1.1.18/32 dev dummy18
ip ro add 1.1.1.19/32 dev dummy19
ip ro add 1.1.1.20/32 dev dummy20
ip ro add 1.1.1.21/32 dev dummy21
ip ro add 1.1.1.22/32 dev dummy22
ip ro add 1.1.1.23/32 dev dummy23
ip ro add 1.1.1.24/32 dev dummy24
ip ro add 1.1.1.25/32 dev dummy25
ip ro add 1.1.1.26/32 dev dummy26
ip ro add 1.1.1.27/32 dev dummy27
ip ro add 1.1.1.28/32 dev dummy28
ip ro add 1.1.1.29/32 dev dummy29
ip ro add 1.1.1.30/32 dev dummy30
ip ro add 1.1.1.31/32 dev dummy31
ip ro add 1.1.1.32/32 dev dummy32
ip next add id 1 via 1.1.1.1 dev dummy1
ip next add id 2 via 1.1.1.2 dev dummy2
ip next add id 3 via 1.1.1.3 dev dummy3
ip next add id 4 via 1.1.1.4 dev dummy4
ip next add id 5 via 1.1.1.5 dev dummy5
ip next add id 6 via 1.1.1.6 dev dummy6
ip next add id 7 via 1.1.1.7 dev dummy7
ip next add id 8 via 1.1.1.8 dev dummy8
ip next add id 9 via 1.1.1.9 dev dummy9
ip next add id 10 via 1.1.1.10 dev dummy10
ip next add id 11 via 1.1.1.11 dev dummy11
ip next add id 12 via 1.1.1.12 dev dummy12
ip next add id 13 via 1.1.1.13 dev dummy13
ip next add id 14 via 1.1.1.14 dev dummy14
ip next add id 15 via 1.1.1.15 dev dummy15
ip next add id 16 via 1.1.1.16 dev dummy16
ip next add id 17 via 1.1.1.17 dev dummy17
ip next add id 18 via 1.1.1.18 dev dummy18
ip next add id 19 via 1.1.1.19 dev dummy19
ip next add id 20 via 1.1.1.20 dev dummy20
ip next add id 21 via 1.1.1.21 dev dummy21
ip next add id 22 via 1.1.1.22 dev dummy22
ip next add id 23 via 1.1.1.23 dev dummy23
ip next add id 24 via 1.1.1.24 dev dummy24
ip next add id 25 via 1.1.1.25 dev dummy25
ip next add id 26 via 1.1.1.26 dev dummy26
ip next add id 27 via 1.1.1.27 dev dummy27
ip next add id 28 via 1.1.1.28 dev dummy28
ip next add id 29 via 1.1.1.29 dev dummy29
ip next add id 30 via 1.1.1.30 dev dummy30
ip next add id 31 via 1.1.1.31 dev dummy31
ip next add id 32 via 1.1.1.32 dev dummy32
i=100
while [ $i -le 200 ]
do
ip next add id $i group 1/2/3/4/5/6/7/8/9/10/11/12/13/14/15/16/17/18/19
echo $i
((i++))
done
ip next add id 999 group 1/2/3/4/5/6
ip next ls
========================
Fixes: ab84be7e54fc ("net: Initial nexthop code")
Signed-off-by: Stephen Worley <sworley@cumulusnetworks.com>
Reviewed-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/nexthop.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/ipv4/nexthop.c
+++ b/net/ipv4/nexthop.c
@@ -276,6 +276,7 @@ out:
return 0;
nla_put_failure:
+ nlmsg_cancel(skb, nlh);
return -EMSGSIZE;
}
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 014/177] net: qrtr: Fix passing invalid reference to qrtr_local_enqueue()
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 013/177] net: nlmsg_cancel() if put fails for nhmsg Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 015/177] net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" Greg Kroah-Hartman
` (163 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kbuild test robot, Julia Lawall,
Manivannan Sadhasivam, Bjorn Andersson, David S. Miller
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Upstream commit d28ea1fbbf437054ef339afec241019f2c4e2bb6 ]
Once the traversal of the list is completed with list_for_each_entry(),
the iterator (node) will point to an invalid object. So passing this to
qrtr_local_enqueue() which is outside of the iterator block is erroneous
eventhough the object is not used.
So fix this by passing NULL to qrtr_local_enqueue().
Fixes: bdabad3e363d ("net: Add Qualcomm IPC router")
Reported-by: kbuild test robot <lkp@intel.com>
Reported-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/qrtr/qrtr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/qrtr/qrtr.c
+++ b/net/qrtr/qrtr.c
@@ -855,7 +855,7 @@ static int qrtr_bcast_enqueue(struct qrt
}
mutex_unlock(&qrtr_node_lock);
- qrtr_local_enqueue(node, skb, type, from, to);
+ qrtr_local_enqueue(NULL, skb, type, from, to);
return 0;
}
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 015/177] net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()"
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 014/177] net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 016/177] net sched: fix reporting the first-time use timestamp Greg Kroah-Hartman
` (162 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Zijlstra, Eric Dumazet,
David S. Miller, Alexey Kuznetsov, Hideaki YOSHIFUJI,
Jakub Kicinski, Jiri Pirko, Arvind Sankar, Jiong Wang, Yuqi Jin,
Shaokun Zhang
From: Yuqi Jin <jinyuqi@huawei.com>
[ Upstream commit a6211caa634da39d861a47437ffcda8b38ef421b ]
Commit adb03115f459 ("net: get rid of an signed integer overflow in ip_idents_reserve()")
used atomic_cmpxchg to replace "atomic_add_return" inside the function
"ip_idents_reserve". The reason was to avoid UBSAN warning.
However, this change has caused performance degrade and in GCC-8,
fno-strict-overflow is now mapped to -fwrapv -fwrapv-pointer
and signed integer overflow is now undefined by default at all
optimization levels[1]. Moreover, it was a bug in UBSAN vs -fwrapv
/-fno-strict-overflow, so Let's revert it safely.
[1] https://gcc.gnu.org/gcc-8/changes.html
Suggested-by: Peter Zijlstra <peterz@infradead.org>
Suggested-by: Eric Dumazet <edumazet@google.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Cc: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Jiri Pirko <jiri@resnulli.us>
Cc: Arvind Sankar <nivedita@alum.mit.edu>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jiong Wang <jiongwang@huawei.com>
Signed-off-by: Yuqi Jin <jinyuqi@huawei.com>
Signed-off-by: Shaokun Zhang <zhangshaokun@hisilicon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/route.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -491,18 +491,16 @@ u32 ip_idents_reserve(u32 hash, int segs
atomic_t *p_id = ip_idents + hash % IP_IDENTS_SZ;
u32 old = READ_ONCE(*p_tstamp);
u32 now = (u32)jiffies;
- u32 new, delta = 0;
+ u32 delta = 0;
if (old != now && cmpxchg(p_tstamp, old, now) == old)
delta = prandom_u32_max(now - old);
- /* Do not use atomic_add_return() as it makes UBSAN unhappy */
- do {
- old = (u32)atomic_read(p_id);
- new = old + delta + segs;
- } while (atomic_cmpxchg(p_id, old, new) != old);
-
- return new - segs;
+ /* If UBSAN reports an error there, please make sure your compiler
+ * supports -fno-strict-overflow before reporting it that was a bug
+ * in UBSAN, and it has been fixed in GCC-8.
+ */
+ return atomic_add_return(segs + delta, p_id) - segs;
}
EXPORT_SYMBOL(ip_idents_reserve);
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 016/177] net sched: fix reporting the first-time use timestamp
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 015/177] net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 017/177] net/tls: fix race condition causing kernel panic Greg Kroah-Hartman
` (161 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jamal Hadi Salim, Roman Mashak,
David S. Miller
From: Roman Mashak <mrv@mojatatu.com>
[ Upstream commit b15e62631c5f19fea9895f7632dae9c1b27fe0cd ]
When a new action is installed, firstuse field of 'tcf_t' is explicitly set
to 0. Value of zero means "new action, not yet used"; as a packet hits the
action, 'firstuse' is stamped with the current jiffies value.
tcf_tm_dump() should return 0 for firstuse if action has not yet been hit.
Fixes: 48d8ee1694dd ("net sched actions: aggregate dumping of actions timeinfo")
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/act_api.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/include/net/act_api.h
+++ b/include/net/act_api.h
@@ -69,7 +69,8 @@ static inline void tcf_tm_dump(struct tc
{
dtm->install = jiffies_to_clock_t(jiffies - stm->install);
dtm->lastuse = jiffies_to_clock_t(jiffies - stm->lastuse);
- dtm->firstuse = jiffies_to_clock_t(jiffies - stm->firstuse);
+ dtm->firstuse = stm->firstuse ?
+ jiffies_to_clock_t(jiffies - stm->firstuse) : 0;
dtm->expires = jiffies_to_clock_t(stm->expires);
}
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 017/177] net/tls: fix race condition causing kernel panic
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 016/177] net sched: fix reporting the first-time use timestamp Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 018/177] nexthop: Fix attribute checking for groups Greg Kroah-Hartman
` (160 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vinay Kumar Yadav, Jakub Kicinski,
David S. Miller
From: Vinay Kumar Yadav <vinay.yadav@chelsio.com>
[ Upstream commit 0cada33241d9de205522e3858b18e506ca5cce2c ]
tls_sw_recvmsg() and tls_decrypt_done() can be run concurrently.
// tls_sw_recvmsg()
if (atomic_read(&ctx->decrypt_pending))
crypto_wait_req(-EINPROGRESS, &ctx->async_wait);
else
reinit_completion(&ctx->async_wait.completion);
//tls_decrypt_done()
pending = atomic_dec_return(&ctx->decrypt_pending);
if (!pending && READ_ONCE(ctx->async_notify))
complete(&ctx->async_wait.completion);
Consider the scenario tls_decrypt_done() is about to run complete()
if (!pending && READ_ONCE(ctx->async_notify))
and tls_sw_recvmsg() reads decrypt_pending == 0, does reinit_completion(),
then tls_decrypt_done() runs complete(). This sequence of execution
results in wrong completion. Consequently, for next decrypt request,
it will not wait for completion, eventually on connection close, crypto
resources freed, there is no way to handle pending decrypt response.
This race condition can be avoided by having atomic_read() mutually
exclusive with atomic_dec_return(),complete().Intoduced spin lock to
ensure the mutual exclution.
Addressed similar problem in tx direction.
v1->v2:
- More readable commit message.
- Corrected the lock to fix new race scenario.
- Removed barrier which is not needed now.
Fixes: a42055e8d2c3 ("net/tls: Add support for async encryption of records for performance")
Signed-off-by: Vinay Kumar Yadav <vinay.yadav@chelsio.com>
Reviewed-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/tls.h | 4 ++++
net/tls/tls_sw.c | 33 +++++++++++++++++++++++++++------
2 files changed, 31 insertions(+), 6 deletions(-)
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -135,6 +135,8 @@ struct tls_sw_context_tx {
struct tls_rec *open_rec;
struct list_head tx_list;
atomic_t encrypt_pending;
+ /* protect crypto_wait with encrypt_pending */
+ spinlock_t encrypt_compl_lock;
int async_notify;
u8 async_capable:1;
@@ -155,6 +157,8 @@ struct tls_sw_context_rx {
u8 async_capable:1;
u8 decrypted:1;
atomic_t decrypt_pending;
+ /* protect crypto_wait with decrypt_pending*/
+ spinlock_t decrypt_compl_lock;
bool async_notify;
};
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -206,10 +206,12 @@ static void tls_decrypt_done(struct cryp
kfree(aead_req);
+ spin_lock_bh(&ctx->decrypt_compl_lock);
pending = atomic_dec_return(&ctx->decrypt_pending);
- if (!pending && READ_ONCE(ctx->async_notify))
+ if (!pending && ctx->async_notify)
complete(&ctx->async_wait.completion);
+ spin_unlock_bh(&ctx->decrypt_compl_lock);
}
static int tls_do_decryption(struct sock *sk,
@@ -467,10 +469,12 @@ static void tls_encrypt_done(struct cryp
ready = true;
}
+ spin_lock_bh(&ctx->encrypt_compl_lock);
pending = atomic_dec_return(&ctx->encrypt_pending);
- if (!pending && READ_ONCE(ctx->async_notify))
+ if (!pending && ctx->async_notify)
complete(&ctx->async_wait.completion);
+ spin_unlock_bh(&ctx->encrypt_compl_lock);
if (!ready)
return;
@@ -926,6 +930,7 @@ int tls_sw_sendmsg(struct sock *sk, stru
int num_zc = 0;
int orig_size;
int ret = 0;
+ int pending;
if (msg->msg_flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL))
return -EOPNOTSUPP;
@@ -1092,13 +1097,19 @@ trim_sgl:
goto send_end;
} else if (num_zc) {
/* Wait for pending encryptions to get completed */
- smp_store_mb(ctx->async_notify, true);
+ spin_lock_bh(&ctx->encrypt_compl_lock);
+ ctx->async_notify = true;
- if (atomic_read(&ctx->encrypt_pending))
+ pending = atomic_read(&ctx->encrypt_pending);
+ spin_unlock_bh(&ctx->encrypt_compl_lock);
+ if (pending)
crypto_wait_req(-EINPROGRESS, &ctx->async_wait);
else
reinit_completion(&ctx->async_wait.completion);
+ /* There can be no concurrent accesses, since we have no
+ * pending encrypt operations
+ */
WRITE_ONCE(ctx->async_notify, false);
if (ctx->async_wait.err) {
@@ -1729,6 +1740,7 @@ int tls_sw_recvmsg(struct sock *sk,
bool is_kvec = iov_iter_is_kvec(&msg->msg_iter);
bool is_peek = flags & MSG_PEEK;
int num_async = 0;
+ int pending;
flags |= nonblock;
@@ -1891,8 +1903,11 @@ pick_next_record:
recv_end:
if (num_async) {
/* Wait for all previously submitted records to be decrypted */
- smp_store_mb(ctx->async_notify, true);
- if (atomic_read(&ctx->decrypt_pending)) {
+ spin_lock_bh(&ctx->decrypt_compl_lock);
+ ctx->async_notify = true;
+ pending = atomic_read(&ctx->decrypt_pending);
+ spin_unlock_bh(&ctx->decrypt_compl_lock);
+ if (pending) {
err = crypto_wait_req(-EINPROGRESS, &ctx->async_wait);
if (err) {
/* one of async decrypt failed */
@@ -1904,6 +1919,10 @@ recv_end:
} else {
reinit_completion(&ctx->async_wait.completion);
}
+
+ /* There can be no concurrent accesses, since we have no
+ * pending decrypt operations
+ */
WRITE_ONCE(ctx->async_notify, false);
/* Drain records from the rx_list & copy if required */
@@ -2290,6 +2309,7 @@ int tls_set_sw_offload(struct sock *sk,
if (tx) {
crypto_init_wait(&sw_ctx_tx->async_wait);
+ spin_lock_init(&sw_ctx_tx->encrypt_compl_lock);
crypto_info = &ctx->crypto_send.info;
cctx = &ctx->tx;
aead = &sw_ctx_tx->aead_send;
@@ -2298,6 +2318,7 @@ int tls_set_sw_offload(struct sock *sk,
sw_ctx_tx->tx_work.sk = sk;
} else {
crypto_init_wait(&sw_ctx_rx->async_wait);
+ spin_lock_init(&sw_ctx_rx->decrypt_compl_lock);
crypto_info = &ctx->crypto_recv.info;
cctx = &ctx->rx;
skb_queue_head_init(&sw_ctx_rx->rx_list);
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 018/177] nexthop: Fix attribute checking for groups
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 017/177] net/tls: fix race condition causing kernel panic Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 019/177] r8152: support additional Microsoft Surface Ethernet Adapter variant Greg Kroah-Hartman
` (159 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, ASSOGBA Emery, David Ahern, David S. Miller
From: David Ahern <dsahern@gmail.com>
[ Upstream commit 84be69b869a5a496a6cfde9b3c29509207a1f1fa ]
For nexthop groups, attributes after NHA_GROUP_TYPE are invalid, but
nh_check_attr_group starts checking at NHA_GROUP. The group type defaults
to multipath and the NHA_GROUP_TYPE is currently optional so this has
slipped through so far. Fix the attribute checking to handle support of
new group types.
Fixes: 430a049190de ("nexthop: Add support for nexthop groups")
Signed-off-by: ASSOGBA Emery <assogba.emery@gmail.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/nexthop.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/ipv4/nexthop.c
+++ b/net/ipv4/nexthop.c
@@ -434,7 +434,7 @@ static int nh_check_attr_group(struct ne
if (!valid_group_nh(nh, len, extack))
return -EINVAL;
}
- for (i = NHA_GROUP + 1; i < __NHA_MAX; ++i) {
+ for (i = NHA_GROUP_TYPE + 1; i < __NHA_MAX; ++i) {
if (!tb[i])
continue;
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 019/177] r8152: support additional Microsoft Surface Ethernet Adapter variant
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 018/177] nexthop: Fix attribute checking for groups Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 020/177] sctp: Dont add the shutdown timer if its already been added Greg Kroah-Hartman
` (158 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Marc Payne, David S. Miller
From: Marc Payne <marc.payne@mdpsys.co.uk>
[ Upstream commit c27a204383616efba5a4194075e90819961ff66a ]
Device id 0927 is the RTL8153B-based component of the 'Surface USB-C to
Ethernet and USB Adapter' and may be used as a component of other devices
in future. Tested and working with the r8152 driver.
Update the cdc_ether blacklist due to the RTL8153 'network jam on suspend'
issue which this device will cause (personally confirmed).
Signed-off-by: Marc Payne <marc.payne@mdpsys.co.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/usb/cdc_ether.c | 11 +++++++++--
drivers/net/usb/r8152.c | 1 +
2 files changed, 10 insertions(+), 2 deletions(-)
--- a/drivers/net/usb/cdc_ether.c
+++ b/drivers/net/usb/cdc_ether.c
@@ -815,14 +815,21 @@ static const struct usb_device_id produc
.driver_info = 0,
},
-/* Microsoft Surface 3 dock (based on Realtek RTL8153) */
+/* Microsoft Surface Ethernet Adapter (based on Realtek RTL8153) */
{
USB_DEVICE_AND_INTERFACE_INFO(MICROSOFT_VENDOR_ID, 0x07c6, USB_CLASS_COMM,
USB_CDC_SUBCLASS_ETHERNET, USB_CDC_PROTO_NONE),
.driver_info = 0,
},
- /* TP-LINK UE300 USB 3.0 Ethernet Adapters (based on Realtek RTL8153) */
+/* Microsoft Surface Ethernet Adapter (based on Realtek RTL8153B) */
+{
+ USB_DEVICE_AND_INTERFACE_INFO(MICROSOFT_VENDOR_ID, 0x0927, USB_CLASS_COMM,
+ USB_CDC_SUBCLASS_ETHERNET, USB_CDC_PROTO_NONE),
+ .driver_info = 0,
+},
+
+/* TP-LINK UE300 USB 3.0 Ethernet Adapters (based on Realtek RTL8153) */
{
USB_DEVICE_AND_INTERFACE_INFO(TPLINK_VENDOR_ID, 0x0601, USB_CLASS_COMM,
USB_CDC_SUBCLASS_ETHERNET, USB_CDC_PROTO_NONE),
--- a/drivers/net/usb/r8152.c
+++ b/drivers/net/usb/r8152.c
@@ -6901,6 +6901,7 @@ static const struct usb_device_id rtl815
{REALTEK_USB_DEVICE(VENDOR_ID_REALTEK, 0x8153)},
{REALTEK_USB_DEVICE(VENDOR_ID_MICROSOFT, 0x07ab)},
{REALTEK_USB_DEVICE(VENDOR_ID_MICROSOFT, 0x07c6)},
+ {REALTEK_USB_DEVICE(VENDOR_ID_MICROSOFT, 0x0927)},
{REALTEK_USB_DEVICE(VENDOR_ID_SAMSUNG, 0xa101)},
{REALTEK_USB_DEVICE(VENDOR_ID_LENOVO, 0x304f)},
{REALTEK_USB_DEVICE(VENDOR_ID_LENOVO, 0x3062)},
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 020/177] sctp: Dont add the shutdown timer if its already been added
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 019/177] r8152: support additional Microsoft Surface Ethernet Adapter variant Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 021/177] sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed Greg Kroah-Hartman
` (157 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Neil Horman, Vlad Yasevich,
David S. Miller, jere.leppanen, marcelo.leitner, netdev
From: Neil Horman <nhorman@tuxdriver.com>
[ Upstream commit 20a785aa52c82246055a089e55df9dac47d67da1 ]
This BUG halt was reported a while back, but the patch somehow got
missed:
PID: 2879 TASK: c16adaa0 CPU: 1 COMMAND: "sctpn"
#0 [f418dd28] crash_kexec at c04a7d8c
#1 [f418dd7c] oops_end at c0863e02
#2 [f418dd90] do_invalid_op at c040aaca
#3 [f418de28] error_code (via invalid_op) at c08631a5
EAX: f34baac0 EBX: 00000090 ECX: f418deb0 EDX: f5542950 EBP: 00000000
DS: 007b ESI: f34ba800 ES: 007b EDI: f418dea0 GS: 00e0
CS: 0060 EIP: c046fa5e ERR: ffffffff EFLAGS: 00010286
#4 [f418de5c] add_timer at c046fa5e
#5 [f418de68] sctp_do_sm at f8db8c77 [sctp]
#6 [f418df30] sctp_primitive_SHUTDOWN at f8dcc1b5 [sctp]
#7 [f418df48] inet_shutdown at c080baf9
#8 [f418df5c] sys_shutdown at c079eedf
#9 [f418df70] sys_socketcall at c079fe88
EAX: ffffffda EBX: 0000000d ECX: bfceea90 EDX: 0937af98
DS: 007b ESI: 0000000c ES: 007b EDI: b7150ae4
SS: 007b ESP: bfceea7c EBP: bfceeaa8 GS: 0033
CS: 0073 EIP: b775c424 ERR: 00000066 EFLAGS: 00000282
It appears that the side effect that starts the shutdown timer was processed
multiple times, which can happen as multiple paths can trigger it. This of
course leads to the BUG halt in add_timer getting called.
Fix seems pretty straightforward, just check before the timer is added if its
already been started. If it has mod the timer instead to min(current
expiration, new expiration)
Its been tested but not confirmed to fix the problem, as the issue has only
occured in production environments where test kernels are enjoined from being
installed. It appears to be a sane fix to me though. Also, recentely,
Jere found a reproducer posted on list to confirm that this resolves the
issues
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
CC: Vlad Yasevich <vyasevich@gmail.com>
CC: "David S. Miller" <davem@davemloft.net>
CC: jere.leppanen@nokia.com
CC: marcelo.leitner@gmail.com
CC: netdev@vger.kernel.org
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sctp/sm_sideeffect.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
--- a/net/sctp/sm_sideeffect.c
+++ b/net/sctp/sm_sideeffect.c
@@ -1523,9 +1523,17 @@ static int sctp_cmd_interpreter(enum sct
timeout = asoc->timeouts[cmd->obj.to];
BUG_ON(!timeout);
- timer->expires = jiffies + timeout;
- sctp_association_hold(asoc);
- add_timer(timer);
+ /*
+ * SCTP has a hard time with timer starts. Because we process
+ * timer starts as side effects, it can be hard to tell if we
+ * have already started a timer or not, which leads to BUG
+ * halts when we call add_timer. So here, instead of just starting
+ * a timer, if the timer is already started, and just mod
+ * the timer with the shorter of the two expiration times
+ */
+ if (!timer_pending(timer))
+ sctp_association_hold(asoc);
+ timer_reduce(timer, jiffies + timeout);
break;
case SCTP_CMD_TIMER_RESTART:
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 021/177] sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 020/177] sctp: Dont add the shutdown timer if its already been added Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 022/177] tipc: block BH before using dst_cache Greg Kroah-Hartman
` (156 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jere Leppänen,
Marcelo Ricardo Leitner, David S. Miller
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=UTF-8, Size: 2778 bytes --]
From: "Jere Leppänen" <jere.leppanen@nokia.com>
[ Upstream commit d3e8e4c11870413789f029a71e72ae6e971fe678 ]
Commit bdf6fa52f01b ("sctp: handle association restarts when the
socket is closed.") starts shutdown when an association is restarted,
if in SHUTDOWN-PENDING state and the socket is closed. However, the
rationale stated in that commit applies also when in SHUTDOWN-SENT
state - we don't want to move an association to ESTABLISHED state when
the socket has been closed, because that results in an association
that is unreachable from user space.
The problem scenario:
1. Client crashes and/or restarts.
2. Server (using one-to-one socket) calls close(). SHUTDOWN is lost.
3. Client reconnects using the same addresses and ports.
4. Server's association is restarted. The association and the socket
move to ESTABLISHED state, even though the server process has
closed its descriptor.
Also, after step 4 when the server process exits, some resources are
leaked in an attempt to release the underlying inet sock structure in
ESTABLISHED state:
IPv4: Attempt to release TCP socket in state 1 00000000377288c7
Fix by acting the same way as in SHUTDOWN-PENDING state. That is, if
an association is restarted in SHUTDOWN-SENT state and the socket is
closed, then start shutdown and don't move the association or the
socket to ESTABLISHED state.
Fixes: bdf6fa52f01b ("sctp: handle association restarts when the socket is closed.")
Signed-off-by: Jere Leppänen <jere.leppanen@nokia.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sctp/sm_statefuns.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -1856,12 +1856,13 @@ static enum sctp_disposition sctp_sf_do_
/* Update the content of current association. */
sctp_add_cmd_sf(commands, SCTP_CMD_UPDATE_ASSOC, SCTP_ASOC(new_asoc));
sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
- if (sctp_state(asoc, SHUTDOWN_PENDING) &&
+ if ((sctp_state(asoc, SHUTDOWN_PENDING) ||
+ sctp_state(asoc, SHUTDOWN_SENT)) &&
(sctp_sstate(asoc->base.sk, CLOSING) ||
sock_flag(asoc->base.sk, SOCK_DEAD))) {
- /* if were currently in SHUTDOWN_PENDING, but the socket
- * has been closed by user, don't transition to ESTABLISHED.
- * Instead trigger SHUTDOWN bundled with COOKIE_ACK.
+ /* If the socket has been closed by user, don't
+ * transition to ESTABLISHED. Instead trigger SHUTDOWN
+ * bundled with COOKIE_ACK.
*/
sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
return sctp_sf_do_9_2_start_shutdown(net, ep, asoc,
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 022/177] tipc: block BH before using dst_cache
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 021/177] sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 023/177] net/mlx5e: kTLS, Destroy key object after destroying the TIS Greg Kroah-Hartman
` (155 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xin Long, Jon Maloy, Eric Dumazet,
syzbot, David S. Miller
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 1378817486d6860f6a927f573491afe65287abf1 ]
dst_cache_get() documents it must be used with BH disabled.
sysbot reported :
BUG: using smp_processor_id() in preemptible [00000000] code: /21697
caller is dst_cache_get+0x3a/0xb0 net/core/dst_cache.c:68
CPU: 0 PID: 21697 Comm: Not tainted 5.7.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x188/0x20d lib/dump_stack.c:118
check_preemption_disabled lib/smp_processor_id.c:47 [inline]
debug_smp_processor_id.cold+0x88/0x9b lib/smp_processor_id.c:57
dst_cache_get+0x3a/0xb0 net/core/dst_cache.c:68
tipc_udp_xmit.isra.0+0xb9/0xad0 net/tipc/udp_media.c:164
tipc_udp_send_msg+0x3e6/0x490 net/tipc/udp_media.c:244
tipc_bearer_xmit_skb+0x1de/0x3f0 net/tipc/bearer.c:526
tipc_enable_bearer+0xb2f/0xd60 net/tipc/bearer.c:331
__tipc_nl_bearer_enable+0x2bf/0x390 net/tipc/bearer.c:995
tipc_nl_bearer_enable+0x1e/0x30 net/tipc/bearer.c:1003
genl_family_rcv_msg_doit net/netlink/genetlink.c:673 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:718 [inline]
genl_rcv_msg+0x627/0xdf0 net/netlink/genetlink.c:735
netlink_rcv_skb+0x15a/0x410 net/netlink/af_netlink.c:2469
genl_rcv+0x24/0x40 net/netlink/genetlink.c:746
netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
netlink_unicast+0x537/0x740 net/netlink/af_netlink.c:1329
netlink_sendmsg+0x882/0xe10 net/netlink/af_netlink.c:1918
sock_sendmsg_nosec net/socket.c:652 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:672
____sys_sendmsg+0x6bf/0x7e0 net/socket.c:2362
___sys_sendmsg+0x100/0x170 net/socket.c:2416
__sys_sendmsg+0xec/0x1b0 net/socket.c:2449
do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x45ca29
Fixes: e9c1a793210f ("tipc: add dst_cache support for udp media")
Cc: Xin Long <lucien.xin@gmail.com>
Cc: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/tipc/udp_media.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/net/tipc/udp_media.c
+++ b/net/tipc/udp_media.c
@@ -161,9 +161,11 @@ static int tipc_udp_xmit(struct net *net
struct udp_bearer *ub, struct udp_media_addr *src,
struct udp_media_addr *dst, struct dst_cache *cache)
{
- struct dst_entry *ndst = dst_cache_get(cache);
+ struct dst_entry *ndst;
int ttl, err = 0;
+ local_bh_disable();
+ ndst = dst_cache_get(cache);
if (dst->proto == htons(ETH_P_IP)) {
struct rtable *rt = (struct rtable *)ndst;
@@ -210,9 +212,11 @@ static int tipc_udp_xmit(struct net *net
src->port, dst->port, false);
#endif
}
+ local_bh_enable();
return err;
tx_error:
+ local_bh_enable();
kfree_skb(skb);
return err;
}
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 023/177] net/mlx5e: kTLS, Destroy key object after destroying the TIS
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 022/177] tipc: block BH before using dst_cache Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 024/177] net/mlx5e: Fix inner tirs handling Greg Kroah-Hartman
` (154 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tariq Toukan, Boris Pismenny, Saeed Mahameed
From: Tariq Toukan <tariqt@mellanox.com>
[ Upstream commit 16736e11f43b80a38f98f6add54fab3b8c297df3 ]
The TLS TIS object contains the dek/key ID.
By destroying the key first, the TIS would contain an invalid
non-existing key ID.
Reverse the destroy order, this also acheives the desired assymetry
between the destroy and the create flows.
Fixes: d2ead1f360e8 ("net/mlx5e: Add kTLS TX HW offload support")
Signed-off-by: Tariq Toukan <tariqt@mellanox.com>
Reviewed-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls.c
@@ -69,8 +69,8 @@ static void mlx5e_ktls_del(struct net_de
struct mlx5e_ktls_offload_context_tx *tx_priv =
mlx5e_get_ktls_tx_priv_ctx(tls_ctx);
- mlx5_ktls_destroy_key(priv->mdev, tx_priv->key_id);
mlx5e_destroy_tis(priv->mdev, tx_priv->tisn);
+ mlx5_ktls_destroy_key(priv->mdev, tx_priv->key_id);
kvfree(tx_priv);
}
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 024/177] net/mlx5e: Fix inner tirs handling
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 023/177] net/mlx5e: kTLS, Destroy key object after destroying the TIS Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 025/177] net/mlx5: Fix memory leak in mlx5_events_init Greg Kroah-Hartman
` (153 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Roi Dayan, Vlad Buslov, Saeed Mahameed
From: Roi Dayan <roid@mellanox.com>
[ Upstream commit a16b8e0dcf7043bee46174bed0553cc9e36b63a5 ]
In the cited commit inner_tirs argument was added to create and destroy
inner tirs, and no indication was added to mlx5e_modify_tirs_hash()
function. In order to have a consistent handling, use
inner_indir_tir[0].tirn in tirs destroy/modify function as an indication
to whether inner tirs are created.
Inner tirs are not created for representors and before this commit,
a call to mlx5e_modify_tirs_hash() was sending HW commands to
modify non-existent inner tirs.
Fixes: 46dc933cee82 ("net/mlx5e: Provide explicit directive if to create inner indirect tirs")
Signed-off-by: Roi Dayan <roid@mellanox.com>
Reviewed-by: Vlad Buslov <vladbu@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx5/core/en.h | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 12 +++++++-----
drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 4 ++--
drivers/net/ethernet/mellanox/mlx5/core/ipoib/ipoib.c | 4 ++--
4 files changed, 12 insertions(+), 10 deletions(-)
--- a/drivers/net/ethernet/mellanox/mlx5/core/en.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en.h
@@ -1104,7 +1104,7 @@ void mlx5e_close_drop_rq(struct mlx5e_rq
int mlx5e_create_indirect_rqt(struct mlx5e_priv *priv);
int mlx5e_create_indirect_tirs(struct mlx5e_priv *priv, bool inner_ttc);
-void mlx5e_destroy_indirect_tirs(struct mlx5e_priv *priv, bool inner_ttc);
+void mlx5e_destroy_indirect_tirs(struct mlx5e_priv *priv);
int mlx5e_create_direct_rqts(struct mlx5e_priv *priv, struct mlx5e_tir *tirs);
void mlx5e_destroy_direct_rqts(struct mlx5e_priv *priv, struct mlx5e_tir *tirs);
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
@@ -2747,7 +2747,8 @@ void mlx5e_modify_tirs_hash(struct mlx5e
mlx5_core_modify_tir(mdev, priv->indir_tir[tt].tirn, in, inlen);
}
- if (!mlx5e_tunnel_inner_ft_supported(priv->mdev))
+ /* Verify inner tirs resources allocated */
+ if (!priv->inner_indir_tir[0].tirn)
return;
for (tt = 0; tt < MLX5E_NUM_INDIR_TIRS; tt++) {
@@ -3394,14 +3395,15 @@ out:
return err;
}
-void mlx5e_destroy_indirect_tirs(struct mlx5e_priv *priv, bool inner_ttc)
+void mlx5e_destroy_indirect_tirs(struct mlx5e_priv *priv)
{
int i;
for (i = 0; i < MLX5E_NUM_INDIR_TIRS; i++)
mlx5e_destroy_tir(priv->mdev, &priv->indir_tir[i]);
- if (!inner_ttc || !mlx5e_tunnel_inner_ft_supported(priv->mdev))
+ /* Verify inner tirs resources allocated */
+ if (!priv->inner_indir_tir[0].tirn)
return;
for (i = 0; i < MLX5E_NUM_INDIR_TIRS; i++)
@@ -5107,7 +5109,7 @@ err_destroy_xsk_rqts:
err_destroy_direct_tirs:
mlx5e_destroy_direct_tirs(priv, priv->direct_tir);
err_destroy_indirect_tirs:
- mlx5e_destroy_indirect_tirs(priv, true);
+ mlx5e_destroy_indirect_tirs(priv);
err_destroy_direct_rqts:
mlx5e_destroy_direct_rqts(priv, priv->direct_tir);
err_destroy_indirect_rqts:
@@ -5126,7 +5128,7 @@ static void mlx5e_cleanup_nic_rx(struct
mlx5e_destroy_direct_tirs(priv, priv->xsk_tir);
mlx5e_destroy_direct_rqts(priv, priv->xsk_tir);
mlx5e_destroy_direct_tirs(priv, priv->direct_tir);
- mlx5e_destroy_indirect_tirs(priv, true);
+ mlx5e_destroy_indirect_tirs(priv);
mlx5e_destroy_direct_rqts(priv, priv->direct_tir);
mlx5e_destroy_rqt(priv, &priv->indir_rqt);
mlx5e_close_drop_rq(&priv->drop_rq);
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c
@@ -1667,7 +1667,7 @@ err_destroy_ttc_table:
err_destroy_direct_tirs:
mlx5e_destroy_direct_tirs(priv, priv->direct_tir);
err_destroy_indirect_tirs:
- mlx5e_destroy_indirect_tirs(priv, false);
+ mlx5e_destroy_indirect_tirs(priv);
err_destroy_direct_rqts:
mlx5e_destroy_direct_rqts(priv, priv->direct_tir);
err_destroy_indirect_rqts:
@@ -1684,7 +1684,7 @@ static void mlx5e_cleanup_rep_rx(struct
mlx5_del_flow_rules(rpriv->vport_rx_rule);
mlx5e_destroy_ttc_table(priv, &priv->fs.ttc);
mlx5e_destroy_direct_tirs(priv, priv->direct_tir);
- mlx5e_destroy_indirect_tirs(priv, false);
+ mlx5e_destroy_indirect_tirs(priv);
mlx5e_destroy_direct_rqts(priv, priv->direct_tir);
mlx5e_destroy_rqt(priv, &priv->indir_rqt);
mlx5e_close_drop_rq(&priv->drop_rq);
--- a/drivers/net/ethernet/mellanox/mlx5/core/ipoib/ipoib.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/ipoib/ipoib.c
@@ -396,7 +396,7 @@ static int mlx5i_init_rx(struct mlx5e_pr
err_destroy_direct_tirs:
mlx5e_destroy_direct_tirs(priv, priv->direct_tir);
err_destroy_indirect_tirs:
- mlx5e_destroy_indirect_tirs(priv, true);
+ mlx5e_destroy_indirect_tirs(priv);
err_destroy_direct_rqts:
mlx5e_destroy_direct_rqts(priv, priv->direct_tir);
err_destroy_indirect_rqts:
@@ -412,7 +412,7 @@ static void mlx5i_cleanup_rx(struct mlx5
{
mlx5i_destroy_flow_steering(priv);
mlx5e_destroy_direct_tirs(priv, priv->direct_tir);
- mlx5e_destroy_indirect_tirs(priv, true);
+ mlx5e_destroy_indirect_tirs(priv);
mlx5e_destroy_direct_rqts(priv, priv->direct_tir);
mlx5e_destroy_rqt(priv, &priv->indir_rqt);
mlx5e_close_drop_rq(&priv->drop_rq);
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 025/177] net/mlx5: Fix memory leak in mlx5_events_init
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 024/177] net/mlx5e: Fix inner tirs handling Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 026/177] net/mlx5e: Update netdev txq on completions during closure Greg Kroah-Hartman
` (152 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Moshe Shemesh, Tariq Toukan, Saeed Mahameed
From: Moshe Shemesh <moshe@mellanox.com>
[ Upstream commit df14ad1eccb04a4a28c90389214dbacab085b244 ]
Fix memory leak in mlx5_events_init(), in case
create_single_thread_workqueue() fails, events
struct should be freed.
Fixes: 5d3c537f9070 ("net/mlx5: Handle event of power detection in the PCIE slot")
Signed-off-by: Moshe Shemesh <moshe@mellanox.com>
Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx5/core/events.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/net/ethernet/mellanox/mlx5/core/events.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/events.c
@@ -346,8 +346,10 @@ int mlx5_events_init(struct mlx5_core_de
events->dev = dev;
dev->priv.events = events;
events->wq = create_singlethread_workqueue("mlx5_events");
- if (!events->wq)
+ if (!events->wq) {
+ kfree(events);
return -ENOMEM;
+ }
INIT_WORK(&events->pcie_core_work, mlx5_pcie_event);
return 0;
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 026/177] net/mlx5e: Update netdev txq on completions during closure
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 025/177] net/mlx5: Fix memory leak in mlx5_events_init Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 027/177] net/mlx5: Fix error flow in case of function_setup failure Greg Kroah-Hartman
` (151 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Moshe Shemesh, Tariq Toukan, Saeed Mahameed
From: Moshe Shemesh <moshe@mellanox.com>
[ Upstream commit 5e911e2c06bd8c17df29147a5e2d4b17fafda024 ]
On sq closure when we free its descriptors, we should also update netdev
txq on completions which would not arrive. Otherwise if we reopen sqs
and attach them back, for example on fw fatal recovery flow, we may get
tx timeout.
Fixes: 29429f3300a3 ("net/mlx5e: Timeout if SQ doesn't flush during close")
Signed-off-by: Moshe Shemesh <moshe@mellanox.com>
Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_tx.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tx.c
@@ -538,10 +538,9 @@ bool mlx5e_poll_tx_cq(struct mlx5e_cq *c
void mlx5e_free_txqsq_descs(struct mlx5e_txqsq *sq)
{
struct mlx5e_tx_wqe_info *wi;
+ u32 dma_fifo_cc, nbytes = 0;
+ u16 ci, sqcc, npkts = 0;
struct sk_buff *skb;
- u32 dma_fifo_cc;
- u16 sqcc;
- u16 ci;
int i;
sqcc = sq->cc;
@@ -566,11 +565,15 @@ void mlx5e_free_txqsq_descs(struct mlx5e
}
dev_kfree_skb_any(skb);
+ npkts++;
+ nbytes += wi->num_bytes;
sqcc += wi->num_wqebbs;
}
sq->dma_fifo_cc = dma_fifo_cc;
sq->cc = sqcc;
+
+ netdev_tx_completed_queue(sq->txq, npkts, nbytes);
}
#ifdef CONFIG_MLX5_CORE_IPOIB
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 027/177] net/mlx5: Fix error flow in case of function_setup failure
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 026/177] net/mlx5e: Update netdev txq on completions during closure Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 028/177] wireguard: noise: read preshared key while taking lock Greg Kroah-Hartman
` (150 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shay Drory, Moshe Shemesh, Saeed Mahameed
From: Shay Drory <shayd@mellanox.com>
[ Upstream commit 4f7400d5cbaef676e00cdffb0565bf731c6bb09e ]
Currently, if an error occurred during mlx5_function_setup(), we
keep dev->state as DEVICE_STATE_UP.
Fixing it by adding a goto label.
Fixes: e161105e58da ("net/mlx5: Function setup/teardown procedures")
Signed-off-by: Shay Drory <shayd@mellanox.com>
Reviewed-by: Moshe Shemesh <moshe@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx5/core/main.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/net/ethernet/mellanox/mlx5/core/main.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/main.c
@@ -1179,7 +1179,7 @@ int mlx5_load_one(struct mlx5_core_dev *
err = mlx5_function_setup(dev, boot);
if (err)
- goto out;
+ goto err_function;
if (boot) {
err = mlx5_init_once(dev);
@@ -1225,6 +1225,7 @@ err_load:
mlx5_cleanup_once(dev);
function_teardown:
mlx5_function_teardown(dev, boot);
+err_function:
dev->state = MLX5_DEVICE_STATE_INTERNAL_ERROR;
mutex_unlock(&dev->intf_state_mutex);
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 028/177] wireguard: noise: read preshared key while taking lock
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 027/177] net/mlx5: Fix error flow in case of function_setup failure Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 029/177] wireguard: queueing: preserve flow hash across packet scrubbing Greg Kroah-Hartman
` (149 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matt Dunwoodie, Jason A. Donenfeld,
David S. Miller
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
[ Upstream commit bc67d371256f5c47d824e2eec51e46c8d62d022e ]
Prior we read the preshared key after dropping the handshake lock, which
isn't an actual crypto issue if it races, but it's still not quite
correct. So copy that part of the state into a temporary like we do with
the rest of the handshake state variables. Then we can release the lock,
operate on the temporary, and zero it out at the end of the function. In
performance tests, the impact of this was entirely unnoticable, probably
because those bytes are coming from the same cacheline as other things
that are being copied out in the same manner.
Reported-by: Matt Dunwoodie <ncon@noconroy.net>
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireguard/noise.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/net/wireguard/noise.c
+++ b/drivers/net/wireguard/noise.c
@@ -715,6 +715,7 @@ wg_noise_handshake_consume_response(stru
u8 e[NOISE_PUBLIC_KEY_LEN];
u8 ephemeral_private[NOISE_PUBLIC_KEY_LEN];
u8 static_private[NOISE_PUBLIC_KEY_LEN];
+ u8 preshared_key[NOISE_SYMMETRIC_KEY_LEN];
down_read(&wg->static_identity.lock);
@@ -733,6 +734,8 @@ wg_noise_handshake_consume_response(stru
memcpy(chaining_key, handshake->chaining_key, NOISE_HASH_LEN);
memcpy(ephemeral_private, handshake->ephemeral_private,
NOISE_PUBLIC_KEY_LEN);
+ memcpy(preshared_key, handshake->preshared_key,
+ NOISE_SYMMETRIC_KEY_LEN);
up_read(&handshake->lock);
if (state != HANDSHAKE_CREATED_INITIATION)
@@ -750,7 +753,7 @@ wg_noise_handshake_consume_response(stru
goto fail;
/* psk */
- mix_psk(chaining_key, hash, key, handshake->preshared_key);
+ mix_psk(chaining_key, hash, key, preshared_key);
/* {} */
if (!message_decrypt(NULL, src->encrypted_nothing,
@@ -783,6 +786,7 @@ out:
memzero_explicit(chaining_key, NOISE_HASH_LEN);
memzero_explicit(ephemeral_private, NOISE_PUBLIC_KEY_LEN);
memzero_explicit(static_private, NOISE_PUBLIC_KEY_LEN);
+ memzero_explicit(preshared_key, NOISE_SYMMETRIC_KEY_LEN);
up_read(&wg->static_identity.lock);
return ret_peer;
}
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 029/177] wireguard: queueing: preserve flow hash across packet scrubbing
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 028/177] wireguard: noise: read preshared key while taking lock Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 030/177] wireguard: noise: separate receive counter from send counter Greg Kroah-Hartman
` (148 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dave Taht, Jason A. Donenfeld,
David S. Miller, Toke Høiland-Jørgensen
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
[ Upstream commit c78a0b4a78839d572d8a80f6a62221c0d7843135 ]
It's important that we clear most header fields during encapsulation and
decapsulation, because the packet is substantially changed, and we don't
want any info leak or logic bug due to an accidental correlation. But,
for encapsulation, it's wrong to clear skb->hash, since it's used by
fq_codel and flow dissection in general. Without it, classification does
not proceed as usual. This change might make it easier to estimate the
number of innerflows by examining clustering of out of order packets,
but this shouldn't open up anything that can't already be inferred
otherwise (e.g. syn packet size inference), and fq_codel can be disabled
anyway.
Furthermore, it might be the case that the hash isn't used or queried at
all until after wireguard transmits the encrypted UDP packet, which
means skb->hash might still be zero at this point, and thus no hash
taken over the inner packet data. In order to address this situation, we
force a calculation of skb->hash before encrypting packet data.
Of course this means that fq_codel might transmit packets slightly more
out of order than usual. Toke did some testing on beefy machines with
high quantities of parallel flows and found that increasing the
reply-attack counter to 8192 takes care of the most pathological cases
pretty well.
Reported-by: Dave Taht <dave.taht@gmail.com>
Reviewed-and-tested-by: Toke Høiland-Jørgensen <toke@toke.dk>
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireguard/messages.h | 2 +-
drivers/net/wireguard/queueing.h | 10 +++++++++-
drivers/net/wireguard/receive.c | 2 +-
drivers/net/wireguard/send.c | 7 ++++++-
4 files changed, 17 insertions(+), 4 deletions(-)
--- a/drivers/net/wireguard/messages.h
+++ b/drivers/net/wireguard/messages.h
@@ -32,7 +32,7 @@ enum cookie_values {
};
enum counter_values {
- COUNTER_BITS_TOTAL = 2048,
+ COUNTER_BITS_TOTAL = 8192,
COUNTER_REDUNDANT_BITS = BITS_PER_LONG,
COUNTER_WINDOW_SIZE = COUNTER_BITS_TOTAL - COUNTER_REDUNDANT_BITS
};
--- a/drivers/net/wireguard/queueing.h
+++ b/drivers/net/wireguard/queueing.h
@@ -87,12 +87,20 @@ static inline bool wg_check_packet_proto
return real_protocol && skb->protocol == real_protocol;
}
-static inline void wg_reset_packet(struct sk_buff *skb)
+static inline void wg_reset_packet(struct sk_buff *skb, bool encapsulating)
{
+ u8 l4_hash = skb->l4_hash;
+ u8 sw_hash = skb->sw_hash;
+ u32 hash = skb->hash;
skb_scrub_packet(skb, true);
memset(&skb->headers_start, 0,
offsetof(struct sk_buff, headers_end) -
offsetof(struct sk_buff, headers_start));
+ if (encapsulating) {
+ skb->l4_hash = l4_hash;
+ skb->sw_hash = sw_hash;
+ skb->hash = hash;
+ }
skb->queue_mapping = 0;
skb->nohdr = 0;
skb->peeked = 0;
--- a/drivers/net/wireguard/receive.c
+++ b/drivers/net/wireguard/receive.c
@@ -485,7 +485,7 @@ int wg_packet_rx_poll(struct napi_struct
if (unlikely(wg_socket_endpoint_from_skb(&endpoint, skb)))
goto next;
- wg_reset_packet(skb);
+ wg_reset_packet(skb, false);
wg_packet_consume_data_done(peer, skb, &endpoint);
free = false;
--- a/drivers/net/wireguard/send.c
+++ b/drivers/net/wireguard/send.c
@@ -170,6 +170,11 @@ static bool encrypt_packet(struct sk_buf
struct sk_buff *trailer;
int num_frags;
+ /* Force hash calculation before encryption so that flow analysis is
+ * consistent over the inner packet.
+ */
+ skb_get_hash(skb);
+
/* Calculate lengths. */
padding_len = calculate_skb_padding(skb);
trailer_len = padding_len + noise_encrypted_len(0);
@@ -298,7 +303,7 @@ void wg_packet_encrypt_worker(struct wor
skb_list_walk_safe(first, skb, next) {
if (likely(encrypt_packet(skb,
PACKET_CB(first)->keypair))) {
- wg_reset_packet(skb);
+ wg_reset_packet(skb, true);
} else {
state = PACKET_STATE_DEAD;
break;
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 030/177] wireguard: noise: separate receive counter from send counter
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 029/177] wireguard: queueing: preserve flow hash across packet scrubbing Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 031/177] r8169: fix OCP access on RTL8117 Greg Kroah-Hartman
` (147 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jason A. Donenfeld, David S. Miller
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
[ Upstream commit a9e90d9931f3a474f04bab782ccd9d77904941e9 ]
In "wireguard: queueing: preserve flow hash across packet scrubbing", we
were required to slightly increase the size of the receive replay
counter to something still fairly small, but an increase nonetheless.
It turns out that we can recoup some of the additional memory overhead
by splitting up the prior union type into two distinct types. Before, we
used the same "noise_counter" union for both sending and receiving, with
sending just using a simple atomic64_t, while receiving used the full
replay counter checker. This meant that most of the memory being
allocated for the sending counter was being wasted. Since the old
"noise_counter" type increased in size in the prior commit, now is a
good time to split up that union type into a distinct "noise_replay_
counter" for receiving and a boring atomic64_t for sending, each using
neither more nor less memory than required.
Also, since sometimes the replay counter is accessed without
necessitating additional accesses to the bitmap, we can reduce cache
misses by hoisting the always-necessary lock above the bitmap in the
struct layout. We also change a "noise_replay_counter" stack allocation
to kmalloc in a -DDEBUG selftest so that KASAN doesn't trigger a stack
frame warning.
All and all, removing a bit of abstraction in this commit makes the code
simpler and smaller, in addition to the motivating memory usage
recuperation. For example, passing around raw "noise_symmetric_key"
structs is something that really only makes sense within noise.c, in the
one place where the sending and receiving keys can safely be thought of
as the same type of object; subsequent to that, it's important that we
uniformly access these through keypair->{sending,receiving}, where their
distinct roles are always made explicit. So this patch allows us to draw
that distinction clearly as well.
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireguard/noise.c | 16 ++---------
drivers/net/wireguard/noise.h | 14 ++++------
drivers/net/wireguard/receive.c | 42 +++++++++++++++----------------
drivers/net/wireguard/selftest/counter.c | 17 ++++++++----
drivers/net/wireguard/send.c | 12 +++-----
5 files changed, 48 insertions(+), 53 deletions(-)
--- a/drivers/net/wireguard/noise.c
+++ b/drivers/net/wireguard/noise.c
@@ -104,6 +104,7 @@ static struct noise_keypair *keypair_cre
if (unlikely(!keypair))
return NULL;
+ spin_lock_init(&keypair->receiving_counter.lock);
keypair->internal_id = atomic64_inc_return(&keypair_counter);
keypair->entry.type = INDEX_HASHTABLE_KEYPAIR;
keypair->entry.peer = peer;
@@ -358,25 +359,16 @@ out:
memzero_explicit(output, BLAKE2S_HASH_SIZE + 1);
}
-static void symmetric_key_init(struct noise_symmetric_key *key)
-{
- spin_lock_init(&key->counter.receive.lock);
- atomic64_set(&key->counter.counter, 0);
- memset(key->counter.receive.backtrack, 0,
- sizeof(key->counter.receive.backtrack));
- key->birthdate = ktime_get_coarse_boottime_ns();
- key->is_valid = true;
-}
-
static void derive_keys(struct noise_symmetric_key *first_dst,
struct noise_symmetric_key *second_dst,
const u8 chaining_key[NOISE_HASH_LEN])
{
+ u64 birthdate = ktime_get_coarse_boottime_ns();
kdf(first_dst->key, second_dst->key, NULL, NULL,
NOISE_SYMMETRIC_KEY_LEN, NOISE_SYMMETRIC_KEY_LEN, 0, 0,
chaining_key);
- symmetric_key_init(first_dst);
- symmetric_key_init(second_dst);
+ first_dst->birthdate = second_dst->birthdate = birthdate;
+ first_dst->is_valid = second_dst->is_valid = true;
}
static bool __must_check mix_dh(u8 chaining_key[NOISE_HASH_LEN],
--- a/drivers/net/wireguard/noise.h
+++ b/drivers/net/wireguard/noise.h
@@ -15,18 +15,14 @@
#include <linux/mutex.h>
#include <linux/kref.h>
-union noise_counter {
- struct {
- u64 counter;
- unsigned long backtrack[COUNTER_BITS_TOTAL / BITS_PER_LONG];
- spinlock_t lock;
- } receive;
- atomic64_t counter;
+struct noise_replay_counter {
+ u64 counter;
+ spinlock_t lock;
+ unsigned long backtrack[COUNTER_BITS_TOTAL / BITS_PER_LONG];
};
struct noise_symmetric_key {
u8 key[NOISE_SYMMETRIC_KEY_LEN];
- union noise_counter counter;
u64 birthdate;
bool is_valid;
};
@@ -34,7 +30,9 @@ struct noise_symmetric_key {
struct noise_keypair {
struct index_hashtable_entry entry;
struct noise_symmetric_key sending;
+ atomic64_t sending_counter;
struct noise_symmetric_key receiving;
+ struct noise_replay_counter receiving_counter;
__le32 remote_index;
bool i_am_the_initiator;
struct kref refcount;
--- a/drivers/net/wireguard/receive.c
+++ b/drivers/net/wireguard/receive.c
@@ -246,20 +246,20 @@ static void keep_key_fresh(struct wg_pee
}
}
-static bool decrypt_packet(struct sk_buff *skb, struct noise_symmetric_key *key)
+static bool decrypt_packet(struct sk_buff *skb, struct noise_keypair *keypair)
{
struct scatterlist sg[MAX_SKB_FRAGS + 8];
struct sk_buff *trailer;
unsigned int offset;
int num_frags;
- if (unlikely(!key))
+ if (unlikely(!keypair))
return false;
- if (unlikely(!READ_ONCE(key->is_valid) ||
- wg_birthdate_has_expired(key->birthdate, REJECT_AFTER_TIME) ||
- key->counter.receive.counter >= REJECT_AFTER_MESSAGES)) {
- WRITE_ONCE(key->is_valid, false);
+ if (unlikely(!READ_ONCE(keypair->receiving.is_valid) ||
+ wg_birthdate_has_expired(keypair->receiving.birthdate, REJECT_AFTER_TIME) ||
+ keypair->receiving_counter.counter >= REJECT_AFTER_MESSAGES)) {
+ WRITE_ONCE(keypair->receiving.is_valid, false);
return false;
}
@@ -284,7 +284,7 @@ static bool decrypt_packet(struct sk_buf
if (!chacha20poly1305_decrypt_sg_inplace(sg, skb->len, NULL, 0,
PACKET_CB(skb)->nonce,
- key->key))
+ keypair->receiving.key))
return false;
/* Another ugly situation of pushing and pulling the header so as to
@@ -299,41 +299,41 @@ static bool decrypt_packet(struct sk_buf
}
/* This is RFC6479, a replay detection bitmap algorithm that avoids bitshifts */
-static bool counter_validate(union noise_counter *counter, u64 their_counter)
+static bool counter_validate(struct noise_replay_counter *counter, u64 their_counter)
{
unsigned long index, index_current, top, i;
bool ret = false;
- spin_lock_bh(&counter->receive.lock);
+ spin_lock_bh(&counter->lock);
- if (unlikely(counter->receive.counter >= REJECT_AFTER_MESSAGES + 1 ||
+ if (unlikely(counter->counter >= REJECT_AFTER_MESSAGES + 1 ||
their_counter >= REJECT_AFTER_MESSAGES))
goto out;
++their_counter;
if (unlikely((COUNTER_WINDOW_SIZE + their_counter) <
- counter->receive.counter))
+ counter->counter))
goto out;
index = their_counter >> ilog2(BITS_PER_LONG);
- if (likely(their_counter > counter->receive.counter)) {
- index_current = counter->receive.counter >> ilog2(BITS_PER_LONG);
+ if (likely(their_counter > counter->counter)) {
+ index_current = counter->counter >> ilog2(BITS_PER_LONG);
top = min_t(unsigned long, index - index_current,
COUNTER_BITS_TOTAL / BITS_PER_LONG);
for (i = 1; i <= top; ++i)
- counter->receive.backtrack[(i + index_current) &
+ counter->backtrack[(i + index_current) &
((COUNTER_BITS_TOTAL / BITS_PER_LONG) - 1)] = 0;
- counter->receive.counter = their_counter;
+ counter->counter = their_counter;
}
index &= (COUNTER_BITS_TOTAL / BITS_PER_LONG) - 1;
ret = !test_and_set_bit(their_counter & (BITS_PER_LONG - 1),
- &counter->receive.backtrack[index]);
+ &counter->backtrack[index]);
out:
- spin_unlock_bh(&counter->receive.lock);
+ spin_unlock_bh(&counter->lock);
return ret;
}
@@ -473,12 +473,12 @@ int wg_packet_rx_poll(struct napi_struct
if (unlikely(state != PACKET_STATE_CRYPTED))
goto next;
- if (unlikely(!counter_validate(&keypair->receiving.counter,
+ if (unlikely(!counter_validate(&keypair->receiving_counter,
PACKET_CB(skb)->nonce))) {
net_dbg_ratelimited("%s: Packet has invalid nonce %llu (max %llu)\n",
peer->device->dev->name,
PACKET_CB(skb)->nonce,
- keypair->receiving.counter.receive.counter);
+ keypair->receiving_counter.counter);
goto next;
}
@@ -512,8 +512,8 @@ void wg_packet_decrypt_worker(struct wor
struct sk_buff *skb;
while ((skb = ptr_ring_consume_bh(&queue->ring)) != NULL) {
- enum packet_state state = likely(decrypt_packet(skb,
- &PACKET_CB(skb)->keypair->receiving)) ?
+ enum packet_state state =
+ likely(decrypt_packet(skb, PACKET_CB(skb)->keypair)) ?
PACKET_STATE_CRYPTED : PACKET_STATE_DEAD;
wg_queue_enqueue_per_peer_napi(skb, state);
if (need_resched())
--- a/drivers/net/wireguard/selftest/counter.c
+++ b/drivers/net/wireguard/selftest/counter.c
@@ -6,18 +6,24 @@
#ifdef DEBUG
bool __init wg_packet_counter_selftest(void)
{
+ struct noise_replay_counter *counter;
unsigned int test_num = 0, i;
- union noise_counter counter;
bool success = true;
-#define T_INIT do { \
- memset(&counter, 0, sizeof(union noise_counter)); \
- spin_lock_init(&counter.receive.lock); \
+ counter = kmalloc(sizeof(*counter), GFP_KERNEL);
+ if (unlikely(!counter)) {
+ pr_err("nonce counter self-test malloc: FAIL\n");
+ return false;
+ }
+
+#define T_INIT do { \
+ memset(counter, 0, sizeof(*counter)); \
+ spin_lock_init(&counter->lock); \
} while (0)
#define T_LIM (COUNTER_WINDOW_SIZE + 1)
#define T(n, v) do { \
++test_num; \
- if (counter_validate(&counter, n) != (v)) { \
+ if (counter_validate(counter, n) != (v)) { \
pr_err("nonce counter self-test %u: FAIL\n", \
test_num); \
success = false; \
@@ -99,6 +105,7 @@ bool __init wg_packet_counter_selftest(v
if (success)
pr_info("nonce counter self-tests: pass\n");
+ kfree(counter);
return success;
}
#endif
--- a/drivers/net/wireguard/send.c
+++ b/drivers/net/wireguard/send.c
@@ -129,7 +129,7 @@ static void keep_key_fresh(struct wg_pee
rcu_read_lock_bh();
keypair = rcu_dereference_bh(peer->keypairs.current_keypair);
if (likely(keypair && READ_ONCE(keypair->sending.is_valid)) &&
- (unlikely(atomic64_read(&keypair->sending.counter.counter) >
+ (unlikely(atomic64_read(&keypair->sending_counter) >
REKEY_AFTER_MESSAGES) ||
(keypair->i_am_the_initiator &&
unlikely(wg_birthdate_has_expired(keypair->sending.birthdate,
@@ -353,7 +353,6 @@ void wg_packet_purge_staged_packets(stru
void wg_packet_send_staged_packets(struct wg_peer *peer)
{
- struct noise_symmetric_key *key;
struct noise_keypair *keypair;
struct sk_buff_head packets;
struct sk_buff *skb;
@@ -373,10 +372,9 @@ void wg_packet_send_staged_packets(struc
rcu_read_unlock_bh();
if (unlikely(!keypair))
goto out_nokey;
- key = &keypair->sending;
- if (unlikely(!READ_ONCE(key->is_valid)))
+ if (unlikely(!READ_ONCE(keypair->sending.is_valid)))
goto out_nokey;
- if (unlikely(wg_birthdate_has_expired(key->birthdate,
+ if (unlikely(wg_birthdate_has_expired(keypair->sending.birthdate,
REJECT_AFTER_TIME)))
goto out_invalid;
@@ -391,7 +389,7 @@ void wg_packet_send_staged_packets(struc
*/
PACKET_CB(skb)->ds = ip_tunnel_ecn_encap(0, ip_hdr(skb), skb);
PACKET_CB(skb)->nonce =
- atomic64_inc_return(&key->counter.counter) - 1;
+ atomic64_inc_return(&keypair->sending_counter) - 1;
if (unlikely(PACKET_CB(skb)->nonce >= REJECT_AFTER_MESSAGES))
goto out_invalid;
}
@@ -403,7 +401,7 @@ void wg_packet_send_staged_packets(struc
return;
out_invalid:
- WRITE_ONCE(key->is_valid, false);
+ WRITE_ONCE(keypair->sending.is_valid, false);
out_nokey:
wg_noise_keypair_put(keypair, false);
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 031/177] r8169: fix OCP access on RTL8117
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 030/177] wireguard: noise: separate receive counter from send counter Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 032/177] net/mlx5: Fix a race when moving command interface to events mode Greg Kroah-Hartman
` (146 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Heiner Kallweit, David S. Miller
From: Heiner Kallweit <hkallweit1@gmail.com>
[ Upstream commit 561535b0f23961ced071b82575d5e83e6351a814 ]
According to r8168 vendor driver DASHv3 chips like RTL8168fp/RTL8117
need a special addressing for OCP access.
Fix is compile-tested only due to missing test hardware.
Fixes: 1287723aa139 ("r8169: add support for RTL8117")
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/realtek/r8169_main.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/realtek/r8169_main.c
+++ b/drivers/net/ethernet/realtek/r8169_main.c
@@ -1044,6 +1044,13 @@ static u16 rtl_ephy_read(struct rtl8169_
RTL_R32(tp, EPHYAR) & EPHYAR_DATA_MASK : ~0;
}
+static void r8168fp_adjust_ocp_cmd(struct rtl8169_private *tp, u32 *cmd, int type)
+{
+ /* based on RTL8168FP_OOBMAC_BASE in vendor driver */
+ if (tp->mac_version == RTL_GIGA_MAC_VER_52 && type == ERIAR_OOB)
+ *cmd |= 0x7f0 << 18;
+}
+
DECLARE_RTL_COND(rtl_eriar_cond)
{
return RTL_R32(tp, ERIAR) & ERIAR_FLAG;
@@ -1052,9 +1059,12 @@ DECLARE_RTL_COND(rtl_eriar_cond)
static void _rtl_eri_write(struct rtl8169_private *tp, int addr, u32 mask,
u32 val, int type)
{
+ u32 cmd = ERIAR_WRITE_CMD | type | mask | addr;
+
BUG_ON((addr & 3) || (mask == 0));
RTL_W32(tp, ERIDR, val);
- RTL_W32(tp, ERIAR, ERIAR_WRITE_CMD | type | mask | addr);
+ r8168fp_adjust_ocp_cmd(tp, &cmd, type);
+ RTL_W32(tp, ERIAR, cmd);
rtl_udelay_loop_wait_low(tp, &rtl_eriar_cond, 100, 100);
}
@@ -1067,7 +1077,10 @@ static void rtl_eri_write(struct rtl8169
static u32 _rtl_eri_read(struct rtl8169_private *tp, int addr, int type)
{
- RTL_W32(tp, ERIAR, ERIAR_READ_CMD | type | ERIAR_MASK_1111 | addr);
+ u32 cmd = ERIAR_READ_CMD | type | ERIAR_MASK_1111 | addr;
+
+ r8168fp_adjust_ocp_cmd(tp, &cmd, type);
+ RTL_W32(tp, ERIAR, cmd);
return rtl_udelay_loop_wait_high(tp, &rtl_eriar_cond, 100, 100) ?
RTL_R32(tp, ERIDR) : ~0;
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 032/177] net/mlx5: Fix a race when moving command interface to events mode
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 031/177] r8169: fix OCP access on RTL8117 Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 033/177] net/mlx5: Fix cleaning unmanaged flow tables Greg Kroah-Hartman
` (145 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eran Ben Elisha, Moshe Shemesh,
Saeed Mahameed
From: Eran Ben Elisha <eranbe@mellanox.com>
[ Upstream commit d43b7007dbd1195a5b6b83213e49b1516aaf6f5e ]
After driver creates (via FW command) an EQ for commands, the driver will
be informed on new commands completion by EQE. However, due to a race in
driver's internal command mode metadata update, some new commands will
still be miss-handled by driver as if we are in polling mode. Such commands
can get two non forced completion, leading to already freed command entry
access.
CREATE_EQ command, that maps EQ to the command queue must be posted to the
command queue while it is empty and no other command should be posted.
Add SW mechanism that once the CREATE_EQ command is about to be executed,
all other commands will return error without being sent to the FW. Allow
sending other commands only after successfully changing the driver's
internal command mode metadata.
We can safely return error to all other commands while creating the command
EQ, as all other commands might be sent from the user/application during
driver load. Application can rerun them later after driver's load was
finished.
Fixes: e126ba97dba9 ("mlx5: Add driver for Mellanox Connect-IB adapters")
Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
Signed-off-by: Moshe Shemesh <moshe@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 35 +++++++++++++++++++++++---
drivers/net/ethernet/mellanox/mlx5/core/eq.c | 3 ++
include/linux/mlx5/driver.h | 6 ++++
3 files changed, 40 insertions(+), 4 deletions(-)
--- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
@@ -848,6 +848,14 @@ static void free_msg(struct mlx5_core_de
static void mlx5_free_cmd_msg(struct mlx5_core_dev *dev,
struct mlx5_cmd_msg *msg);
+static bool opcode_allowed(struct mlx5_cmd *cmd, u16 opcode)
+{
+ if (cmd->allowed_opcode == CMD_ALLOWED_OPCODE_ALL)
+ return true;
+
+ return cmd->allowed_opcode == opcode;
+}
+
static void cmd_work_handler(struct work_struct *work)
{
struct mlx5_cmd_work_ent *ent = container_of(work, struct mlx5_cmd_work_ent, work);
@@ -914,7 +922,8 @@ static void cmd_work_handler(struct work
/* Skip sending command to fw if internal error */
if (pci_channel_offline(dev->pdev) ||
- dev->state == MLX5_DEVICE_STATE_INTERNAL_ERROR) {
+ dev->state == MLX5_DEVICE_STATE_INTERNAL_ERROR ||
+ !opcode_allowed(&dev->cmd, ent->op)) {
u8 status = 0;
u32 drv_synd;
@@ -1405,6 +1414,22 @@ static void create_debugfs_files(struct
mlx5_cmdif_debugfs_init(dev);
}
+void mlx5_cmd_allowed_opcode(struct mlx5_core_dev *dev, u16 opcode)
+{
+ struct mlx5_cmd *cmd = &dev->cmd;
+ int i;
+
+ for (i = 0; i < cmd->max_reg_cmds; i++)
+ down(&cmd->sem);
+ down(&cmd->pages_sem);
+
+ cmd->allowed_opcode = opcode;
+
+ up(&cmd->pages_sem);
+ for (i = 0; i < cmd->max_reg_cmds; i++)
+ up(&cmd->sem);
+}
+
static void mlx5_cmd_change_mod(struct mlx5_core_dev *dev, int mode)
{
struct mlx5_cmd *cmd = &dev->cmd;
@@ -1681,12 +1706,13 @@ static int cmd_exec(struct mlx5_core_dev
int err;
u8 status = 0;
u32 drv_synd;
+ u16 opcode;
u8 token;
+ opcode = MLX5_GET(mbox_in, in, opcode);
if (pci_channel_offline(dev->pdev) ||
- dev->state == MLX5_DEVICE_STATE_INTERNAL_ERROR) {
- u16 opcode = MLX5_GET(mbox_in, in, opcode);
-
+ dev->state == MLX5_DEVICE_STATE_INTERNAL_ERROR ||
+ !opcode_allowed(&dev->cmd, opcode)) {
err = mlx5_internal_err_ret_value(dev, opcode, &drv_synd, &status);
MLX5_SET(mbox_out, out, status, status);
MLX5_SET(mbox_out, out, syndrome, drv_synd);
@@ -1988,6 +2014,7 @@ int mlx5_cmd_init(struct mlx5_core_dev *
mlx5_core_dbg(dev, "descriptor at dma 0x%llx\n", (unsigned long long)(cmd->dma));
cmd->mode = CMD_MODE_POLLING;
+ cmd->allowed_opcode = CMD_ALLOWED_OPCODE_ALL;
create_msg_cache(dev);
--- a/drivers/net/ethernet/mellanox/mlx5/core/eq.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/eq.c
@@ -611,11 +611,13 @@ static int create_async_eqs(struct mlx5_
.nent = MLX5_NUM_CMD_EQE,
.mask[0] = 1ull << MLX5_EVENT_TYPE_CMD,
};
+ mlx5_cmd_allowed_opcode(dev, MLX5_CMD_OP_CREATE_EQ);
err = setup_async_eq(dev, &table->cmd_eq, ¶m, "cmd");
if (err)
goto err1;
mlx5_cmd_use_events(dev);
+ mlx5_cmd_allowed_opcode(dev, CMD_ALLOWED_OPCODE_ALL);
param = (struct mlx5_eq_param) {
.irq_index = 0,
@@ -645,6 +647,7 @@ err2:
mlx5_cmd_use_polling(dev);
cleanup_async_eq(dev, &table->cmd_eq, "cmd");
err1:
+ mlx5_cmd_allowed_opcode(dev, CMD_ALLOWED_OPCODE_ALL);
mlx5_eq_notifier_unregister(dev, &table->cq_err_nb);
return err;
}
--- a/include/linux/mlx5/driver.h
+++ b/include/linux/mlx5/driver.h
@@ -301,6 +301,7 @@ struct mlx5_cmd {
struct semaphore sem;
struct semaphore pages_sem;
int mode;
+ u16 allowed_opcode;
struct mlx5_cmd_work_ent *ent_arr[MLX5_MAX_COMMANDS];
struct dma_pool *pool;
struct mlx5_cmd_debug dbg;
@@ -893,10 +894,15 @@ mlx5_frag_buf_get_idx_last_contig_stride
return min_t(u32, last_frag_stride_idx - fbc->strides_offset, fbc->sz_m1);
}
+enum {
+ CMD_ALLOWED_OPCODE_ALL,
+};
+
int mlx5_cmd_init(struct mlx5_core_dev *dev);
void mlx5_cmd_cleanup(struct mlx5_core_dev *dev);
void mlx5_cmd_use_events(struct mlx5_core_dev *dev);
void mlx5_cmd_use_polling(struct mlx5_core_dev *dev);
+void mlx5_cmd_allowed_opcode(struct mlx5_core_dev *dev, u16 opcode);
struct mlx5_async_ctx {
struct mlx5_core_dev *dev;
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 033/177] net/mlx5: Fix cleaning unmanaged flow tables
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 032/177] net/mlx5: Fix a race when moving command interface to events mode Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 034/177] Revert "virtio-balloon: Revert "virtio-balloon: Switch back to OOM handler for VIRTIO_BALLOON_F_DEFLATE_ON_OOM"" Greg Kroah-Hartman
` (144 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Roi Dayan, Mark Bloch, Paul Blakey,
Saeed Mahameed
From: Roi Dayan <roid@mellanox.com>
[ Upstream commit aee37f3d940ca732df71c3df49347bccaafc0b24 ]
Unmanaged flow tables doesn't have a parent and tree_put_node()
assume there is always a parent if cleaning is needed. fix that.
Fixes: 5281a0c90919 ("net/mlx5: fs_core: Introduce unmanaged flow tables")
Signed-off-by: Roi Dayan <roid@mellanox.com>
Reviewed-by: Mark Bloch <markb@mellanox.com>
Reviewed-by: Paul Blakey <paulb@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
--- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
@@ -323,14 +323,13 @@ static void tree_put_node(struct fs_node
if (node->del_hw_func)
node->del_hw_func(node);
if (parent_node) {
- /* Only root namespace doesn't have parent and we just
- * need to free its node.
- */
down_write_ref_node(parent_node, locked);
list_del_init(&node->list);
if (node->del_sw_func)
node->del_sw_func(node);
up_write_ref_node(parent_node, locked);
+ } else if (node->del_sw_func) {
+ node->del_sw_func(node);
} else {
kfree(node);
}
@@ -447,8 +446,10 @@ static void del_sw_flow_table(struct fs_
fs_get_obj(ft, node);
rhltable_destroy(&ft->fgs_hash);
- fs_get_obj(prio, ft->node.parent);
- prio->num_ft--;
+ if (ft->node.parent) {
+ fs_get_obj(prio, ft->node.parent);
+ prio->num_ft--;
+ }
kfree(ft);
}
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 034/177] Revert "virtio-balloon: Revert "virtio-balloon: Switch back to OOM handler for VIRTIO_BALLOON_F_DEFLATE_ON_OOM""
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 033/177] net/mlx5: Fix cleaning unmanaged flow tables Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 035/177] net/mlx5: Avoid processing commands before cmdif is ready Greg Kroah-Hartman
` (143 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiri Slaby, David Hildenbrand,
Michael S. Tsirkin, Sasha Levin
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This reverts commit 37681282be8e89ae8baf26753bf489837d74e08e which is
commit 835a6a649d0dd1b1f46759eb60fff2f63ed253a7 upstream.
Jiri and David agree that it is not needed in the 5.6.y tree, so revert
it.
Reported-by: Jiri Slaby <jslaby@suse.cz>
Reported-by: David Hildenbrand <david@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/virtio/virtio_balloon.c | 107 ++++++++++++++++------------------------
1 file changed, 44 insertions(+), 63 deletions(-)
--- a/drivers/virtio/virtio_balloon.c
+++ b/drivers/virtio/virtio_balloon.c
@@ -14,6 +14,7 @@
#include <linux/slab.h>
#include <linux/module.h>
#include <linux/balloon_compaction.h>
+#include <linux/oom.h>
#include <linux/wait.h>
#include <linux/mm.h>
#include <linux/mount.h>
@@ -27,7 +28,9 @@
*/
#define VIRTIO_BALLOON_PAGES_PER_PAGE (unsigned)(PAGE_SIZE >> VIRTIO_BALLOON_PFN_SHIFT)
#define VIRTIO_BALLOON_ARRAY_PFNS_MAX 256
-#define VIRTBALLOON_OOM_NOTIFY_PRIORITY 80
+/* Maximum number of (4k) pages to deflate on OOM notifications. */
+#define VIRTIO_BALLOON_OOM_NR_PAGES 256
+#define VIRTIO_BALLOON_OOM_NOTIFY_PRIORITY 80
#define VIRTIO_BALLOON_FREE_PAGE_ALLOC_FLAG (__GFP_NORETRY | __GFP_NOWARN | \
__GFP_NOMEMALLOC)
@@ -112,8 +115,11 @@ struct virtio_balloon {
/* Memory statistics */
struct virtio_balloon_stat stats[VIRTIO_BALLOON_S_NR];
- /* To register a shrinker to shrink memory upon memory pressure */
+ /* Shrinker to return free pages - VIRTIO_BALLOON_F_FREE_PAGE_HINT */
struct shrinker shrinker;
+
+ /* OOM notifier to deflate on OOM - VIRTIO_BALLOON_F_DEFLATE_ON_OOM */
+ struct notifier_block oom_nb;
};
static struct virtio_device_id id_table[] = {
@@ -788,50 +794,13 @@ static unsigned long shrink_free_pages(s
return blocks_freed * VIRTIO_BALLOON_HINT_BLOCK_PAGES;
}
-static unsigned long leak_balloon_pages(struct virtio_balloon *vb,
- unsigned long pages_to_free)
-{
- return leak_balloon(vb, pages_to_free * VIRTIO_BALLOON_PAGES_PER_PAGE) /
- VIRTIO_BALLOON_PAGES_PER_PAGE;
-}
-
-static unsigned long shrink_balloon_pages(struct virtio_balloon *vb,
- unsigned long pages_to_free)
-{
- unsigned long pages_freed = 0;
-
- /*
- * One invocation of leak_balloon can deflate at most
- * VIRTIO_BALLOON_ARRAY_PFNS_MAX balloon pages, so we call it
- * multiple times to deflate pages till reaching pages_to_free.
- */
- while (vb->num_pages && pages_freed < pages_to_free)
- pages_freed += leak_balloon_pages(vb,
- pages_to_free - pages_freed);
-
- update_balloon_size(vb);
-
- return pages_freed;
-}
-
static unsigned long virtio_balloon_shrinker_scan(struct shrinker *shrinker,
struct shrink_control *sc)
{
- unsigned long pages_to_free, pages_freed = 0;
struct virtio_balloon *vb = container_of(shrinker,
struct virtio_balloon, shrinker);
- pages_to_free = sc->nr_to_scan;
-
- if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_FREE_PAGE_HINT))
- pages_freed = shrink_free_pages(vb, pages_to_free);
-
- if (pages_freed >= pages_to_free)
- return pages_freed;
-
- pages_freed += shrink_balloon_pages(vb, pages_to_free - pages_freed);
-
- return pages_freed;
+ return shrink_free_pages(vb, sc->nr_to_scan);
}
static unsigned long virtio_balloon_shrinker_count(struct shrinker *shrinker,
@@ -839,26 +808,22 @@ static unsigned long virtio_balloon_shri
{
struct virtio_balloon *vb = container_of(shrinker,
struct virtio_balloon, shrinker);
- unsigned long count;
-
- count = vb->num_pages / VIRTIO_BALLOON_PAGES_PER_PAGE;
- count += vb->num_free_page_blocks * VIRTIO_BALLOON_HINT_BLOCK_PAGES;
- return count;
+ return vb->num_free_page_blocks * VIRTIO_BALLOON_HINT_BLOCK_PAGES;
}
-static void virtio_balloon_unregister_shrinker(struct virtio_balloon *vb)
+static int virtio_balloon_oom_notify(struct notifier_block *nb,
+ unsigned long dummy, void *parm)
{
- unregister_shrinker(&vb->shrinker);
-}
+ struct virtio_balloon *vb = container_of(nb,
+ struct virtio_balloon, oom_nb);
+ unsigned long *freed = parm;
-static int virtio_balloon_register_shrinker(struct virtio_balloon *vb)
-{
- vb->shrinker.scan_objects = virtio_balloon_shrinker_scan;
- vb->shrinker.count_objects = virtio_balloon_shrinker_count;
- vb->shrinker.seeks = DEFAULT_SEEKS;
+ *freed += leak_balloon(vb, VIRTIO_BALLOON_OOM_NR_PAGES) /
+ VIRTIO_BALLOON_PAGES_PER_PAGE;
+ update_balloon_size(vb);
- return register_shrinker(&vb->shrinker);
+ return NOTIFY_OK;
}
static int virtballoon_probe(struct virtio_device *vdev)
@@ -935,22 +900,35 @@ static int virtballoon_probe(struct virt
virtio_cwrite(vb->vdev, struct virtio_balloon_config,
poison_val, &poison_val);
}
- }
- /*
- * We continue to use VIRTIO_BALLOON_F_DEFLATE_ON_OOM to decide if a
- * shrinker needs to be registered to relieve memory pressure.
- */
- if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_DEFLATE_ON_OOM)) {
- err = virtio_balloon_register_shrinker(vb);
+
+ /*
+ * We're allowed to reuse any free pages, even if they are
+ * still to be processed by the host.
+ */
+ vb->shrinker.scan_objects = virtio_balloon_shrinker_scan;
+ vb->shrinker.count_objects = virtio_balloon_shrinker_count;
+ vb->shrinker.seeks = DEFAULT_SEEKS;
+ err = register_shrinker(&vb->shrinker);
if (err)
goto out_del_balloon_wq;
}
+ if (virtio_has_feature(vdev, VIRTIO_BALLOON_F_DEFLATE_ON_OOM)) {
+ vb->oom_nb.notifier_call = virtio_balloon_oom_notify;
+ vb->oom_nb.priority = VIRTIO_BALLOON_OOM_NOTIFY_PRIORITY;
+ err = register_oom_notifier(&vb->oom_nb);
+ if (err < 0)
+ goto out_unregister_shrinker;
+ }
+
virtio_device_ready(vdev);
if (towards_target(vb))
virtballoon_changed(vdev);
return 0;
+out_unregister_shrinker:
+ if (virtio_has_feature(vdev, VIRTIO_BALLOON_F_FREE_PAGE_HINT))
+ unregister_shrinker(&vb->shrinker);
out_del_balloon_wq:
if (virtio_has_feature(vdev, VIRTIO_BALLOON_F_FREE_PAGE_HINT))
destroy_workqueue(vb->balloon_wq);
@@ -989,8 +967,11 @@ static void virtballoon_remove(struct vi
{
struct virtio_balloon *vb = vdev->priv;
- if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_DEFLATE_ON_OOM))
- virtio_balloon_unregister_shrinker(vb);
+ if (virtio_has_feature(vdev, VIRTIO_BALLOON_F_DEFLATE_ON_OOM))
+ unregister_oom_notifier(&vb->oom_nb);
+ if (virtio_has_feature(vdev, VIRTIO_BALLOON_F_FREE_PAGE_HINT))
+ unregister_shrinker(&vb->shrinker);
+
spin_lock_irq(&vb->stop_update_lock);
vb->stop_update = true;
spin_unlock_irq(&vb->stop_update_lock);
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 035/177] net/mlx5: Avoid processing commands before cmdif is ready
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 034/177] Revert "virtio-balloon: Revert "virtio-balloon: Switch back to OOM handler for VIRTIO_BALLOON_F_DEFLATE_ON_OOM"" Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 036/177] net/mlx5: Annotate mutex destroy for root ns Greg Kroah-Hartman
` (142 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eran Ben Elisha, Moshe Shemesh,
Saeed Mahameed
From: Eran Ben Elisha <eranbe@mellanox.com>
commit f7936ddd35d8b849daf0372770c7c9dbe7910fca upstream.
When driver is reloading during recovery flow, it can't get new commands
till command interface is up again. Otherwise we may get to null pointer
trying to access non initialized command structures.
Add cmdif state to avoid processing commands while cmdif is not ready.
Fixes: e126ba97dba9 ("mlx5: Add driver for Mellanox Connect-IB adapters")
Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
Signed-off-by: Moshe Shemesh <moshe@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 10 ++++++++++
drivers/net/ethernet/mellanox/mlx5/core/main.c | 4 ++++
include/linux/mlx5/driver.h | 9 +++++++++
3 files changed, 23 insertions(+)
--- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
@@ -923,6 +923,7 @@ static void cmd_work_handler(struct work
/* Skip sending command to fw if internal error */
if (pci_channel_offline(dev->pdev) ||
dev->state == MLX5_DEVICE_STATE_INTERNAL_ERROR ||
+ cmd->state != MLX5_CMDIF_STATE_UP ||
!opcode_allowed(&dev->cmd, ent->op)) {
u8 status = 0;
u32 drv_synd;
@@ -1712,6 +1713,7 @@ static int cmd_exec(struct mlx5_core_dev
opcode = MLX5_GET(mbox_in, in, opcode);
if (pci_channel_offline(dev->pdev) ||
dev->state == MLX5_DEVICE_STATE_INTERNAL_ERROR ||
+ dev->cmd.state != MLX5_CMDIF_STATE_UP ||
!opcode_allowed(&dev->cmd, opcode)) {
err = mlx5_internal_err_ret_value(dev, opcode, &drv_synd, &status);
MLX5_SET(mbox_out, out, status, status);
@@ -1977,6 +1979,7 @@ int mlx5_cmd_init(struct mlx5_core_dev *
goto err_free_page;
}
+ cmd->state = MLX5_CMDIF_STATE_DOWN;
cmd->checksum_disabled = 1;
cmd->max_reg_cmds = (1 << cmd->log_sz) - 1;
cmd->bitmask = (1UL << cmd->max_reg_cmds) - 1;
@@ -2054,3 +2057,10 @@ void mlx5_cmd_cleanup(struct mlx5_core_d
dma_pool_destroy(cmd->pool);
}
EXPORT_SYMBOL(mlx5_cmd_cleanup);
+
+void mlx5_cmd_set_state(struct mlx5_core_dev *dev,
+ enum mlx5_cmdif_state cmdif_state)
+{
+ dev->cmd.state = cmdif_state;
+}
+EXPORT_SYMBOL(mlx5_cmd_set_state);
--- a/drivers/net/ethernet/mellanox/mlx5/core/main.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/main.c
@@ -962,6 +962,8 @@ static int mlx5_function_setup(struct ml
goto err_cmd_cleanup;
}
+ mlx5_cmd_set_state(dev, MLX5_CMDIF_STATE_UP);
+
err = mlx5_core_enable_hca(dev, 0);
if (err) {
mlx5_core_err(dev, "enable hca failed\n");
@@ -1023,6 +1025,7 @@ reclaim_boot_pages:
err_disable_hca:
mlx5_core_disable_hca(dev, 0);
err_cmd_cleanup:
+ mlx5_cmd_set_state(dev, MLX5_CMDIF_STATE_DOWN);
mlx5_cmd_cleanup(dev);
return err;
@@ -1040,6 +1043,7 @@ static int mlx5_function_teardown(struct
}
mlx5_reclaim_startup_pages(dev);
mlx5_core_disable_hca(dev, 0);
+ mlx5_cmd_set_state(dev, MLX5_CMDIF_STATE_DOWN);
mlx5_cmd_cleanup(dev);
return 0;
--- a/include/linux/mlx5/driver.h
+++ b/include/linux/mlx5/driver.h
@@ -230,6 +230,12 @@ struct mlx5_bfreg_info {
u32 num_dyn_bfregs;
};
+enum mlx5_cmdif_state {
+ MLX5_CMDIF_STATE_UNINITIALIZED,
+ MLX5_CMDIF_STATE_UP,
+ MLX5_CMDIF_STATE_DOWN,
+};
+
struct mlx5_cmd_first {
__be32 data[4];
};
@@ -275,6 +281,7 @@ struct mlx5_cmd_stats {
struct mlx5_cmd {
struct mlx5_nb nb;
+ enum mlx5_cmdif_state state;
void *cmd_alloc_buf;
dma_addr_t alloc_dma;
int alloc_size;
@@ -900,6 +907,8 @@ enum {
int mlx5_cmd_init(struct mlx5_core_dev *dev);
void mlx5_cmd_cleanup(struct mlx5_core_dev *dev);
+void mlx5_cmd_set_state(struct mlx5_core_dev *dev,
+ enum mlx5_cmdif_state cmdif_state);
void mlx5_cmd_use_events(struct mlx5_core_dev *dev);
void mlx5_cmd_use_polling(struct mlx5_core_dev *dev);
void mlx5_cmd_allowed_opcode(struct mlx5_core_dev *dev, u16 opcode);
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 036/177] net/mlx5: Annotate mutex destroy for root ns
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 035/177] net/mlx5: Avoid processing commands before cmdif is ready Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 037/177] net/tls: fix encryption error checking Greg Kroah-Hartman
` (141 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Roi Dayan, Mark Bloch, Saeed Mahameed
From: Roi Dayan <roid@mellanox.com>
commit 9ca415399dae133b00273a4283ef31d003a6818d upstream.
Invoke mutex_destroy() to catch any errors.
Fixes: 2cc43b494a6c ("net/mlx5_core: Managing root flow table")
Signed-off-by: Roi Dayan <roid@mellanox.com>
Reviewed-by: Mark Bloch <markb@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
@@ -416,6 +416,12 @@ static void del_sw_ns(struct fs_node *no
static void del_sw_prio(struct fs_node *node)
{
+ struct mlx5_flow_root_namespace *root_ns;
+ struct mlx5_flow_namespace *ns;
+
+ fs_get_obj(ns, node);
+ root_ns = container_of(ns, struct mlx5_flow_root_namespace, ns);
+ mutex_destroy(&root_ns->chain_lock);
kfree(node);
}
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 037/177] net/tls: fix encryption error checking
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 036/177] net/mlx5: Annotate mutex destroy for root ns Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 038/177] net/tls: free record only on encryption error Greg Kroah-Hartman
` (140 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Vadim Fedorenko, David S. Miller
From: Vadim Fedorenko <vfedorenko@novek.ru>
commit a7bff11f6f9afa87c25711db8050c9b5324db0e2 upstream.
bpf_exec_tx_verdict() can return negative value for copied
variable. In that case this value will be pushed back to caller
and the real error code will be lost. Fix it using signed type and
checking for positive value.
Fixes: d10523d0b3d7 ("net/tls: free the record on encryption error")
Fixes: d3b18ad31f93 ("tls: add bpf support to sk_msg handling")
Signed-off-by: Vadim Fedorenko <vfedorenko@novek.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/tls/tls_sw.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -784,7 +784,7 @@ static int tls_push_record(struct sock *
static int bpf_exec_tx_verdict(struct sk_msg *msg, struct sock *sk,
bool full_record, u8 record_type,
- size_t *copied, int flags)
+ ssize_t *copied, int flags)
{
struct tls_context *tls_ctx = tls_get_ctx(sk);
struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
@@ -920,7 +920,8 @@ int tls_sw_sendmsg(struct sock *sk, stru
unsigned char record_type = TLS_RECORD_TYPE_DATA;
bool is_kvec = iov_iter_is_kvec(&msg->msg_iter);
bool eor = !(msg->msg_flags & MSG_MORE);
- size_t try_to_copy, copied = 0;
+ size_t try_to_copy;
+ ssize_t copied = 0;
struct sk_msg *msg_pl, *msg_en;
struct tls_rec *rec;
int required_size;
@@ -1129,7 +1130,7 @@ send_end:
release_sock(sk);
mutex_unlock(&tls_ctx->tx_lock);
- return copied ? copied : ret;
+ return copied > 0 ? copied : ret;
}
static int tls_sw_do_sendpage(struct sock *sk, struct page *page,
@@ -1143,7 +1144,7 @@ static int tls_sw_do_sendpage(struct soc
struct sk_msg *msg_pl;
struct tls_rec *rec;
int num_async = 0;
- size_t copied = 0;
+ ssize_t copied = 0;
bool full_record;
int record_room;
int ret = 0;
@@ -1245,7 +1246,7 @@ wait_for_memory:
}
sendpage_end:
ret = sk_stream_error(sk, flags, ret);
- return copied ? copied : ret;
+ return copied > 0 ? copied : ret;
}
int tls_sw_sendpage_locked(struct sock *sk, struct page *page,
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 038/177] net/tls: free record only on encryption error
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 037/177] net/tls: fix encryption error checking Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 039/177] net: sun: fix missing release regions in cas_init_one() Greg Kroah-Hartman
` (139 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Vadim Fedorenko, David S. Miller
From: Vadim Fedorenko <vfedorenko@novek.ru>
commit 635d9398178659d8ddba79dd061f9451cec0b4d1 upstream.
We cannot free record on any transient error because it leads to
losing previos data. Check socket error to know whether record must
be freed or not.
Fixes: d10523d0b3d7 ("net/tls: free the record on encryption error")
Signed-off-by: Vadim Fedorenko <vfedorenko@novek.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/tls/tls_sw.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -800,9 +800,10 @@ static int bpf_exec_tx_verdict(struct sk
psock = sk_psock_get(sk);
if (!psock || !policy) {
err = tls_push_record(sk, flags, record_type);
- if (err && err != -EINPROGRESS) {
+ if (err && sk->sk_err == EBADMSG) {
*copied -= sk_msg_free(sk, msg);
tls_free_open_rec(sk);
+ err = -sk->sk_err;
}
if (psock)
sk_psock_put(sk, psock);
@@ -828,9 +829,10 @@ more_data:
switch (psock->eval) {
case __SK_PASS:
err = tls_push_record(sk, flags, record_type);
- if (err && err != -EINPROGRESS) {
+ if (err && sk->sk_err == EBADMSG) {
*copied -= sk_msg_free(sk, msg);
tls_free_open_rec(sk);
+ err = -sk->sk_err;
goto out_err;
}
break;
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 039/177] net: sun: fix missing release regions in cas_init_one().
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 038/177] net/tls: free record only on encryption error Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 040/177] net/mlx4_core: fix a memory leak bug Greg Kroah-Hartman
` (138 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Qiushi Wu, David S. Miller
From: Qiushi Wu <wu000273@umn.edu>
commit 5a730153984dd13f82ffae93d7170d76eba204e9 upstream.
In cas_init_one(), "pdev" is requested by "pci_request_regions", but it
was not released after a call of the function “pci_write_config_byte”
failed. Thus replace the jump target “err_write_cacheline” by
"err_out_free_res".
Fixes: 1f26dac32057 ("[NET]: Add Sun Cassini driver.")
Signed-off-by: Qiushi Wu <wu000273@umn.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/sun/cassini.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/net/ethernet/sun/cassini.c
+++ b/drivers/net/ethernet/sun/cassini.c
@@ -4971,7 +4971,7 @@ static int cas_init_one(struct pci_dev *
cas_cacheline_size)) {
dev_err(&pdev->dev, "Could not set PCI cache "
"line size\n");
- goto err_write_cacheline;
+ goto err_out_free_res;
}
}
#endif
@@ -5144,7 +5144,6 @@ err_out_iounmap:
err_out_free_res:
pci_release_regions(pdev);
-err_write_cacheline:
/* Try to restore it in case the error occurred after we
* set it.
*/
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 040/177] net/mlx4_core: fix a memory leak bug.
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 039/177] net: sun: fix missing release regions in cas_init_one() Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 041/177] net: sgi: ioc3-eth: Fix return value check in ioc3eth_probe() Greg Kroah-Hartman
` (137 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Qiushi Wu, David S. Miller
From: Qiushi Wu <wu000273@umn.edu>
commit febfd9d3c7f74063e8e630b15413ca91b567f963 upstream.
In function mlx4_opreq_action(), pointer "mailbox" is not released,
when mlx4_cmd_box() return and error, causing a memory leak bug.
Fix this issue by going to "out" label, mlx4_free_cmd_mailbox() can
free this pointer.
Fixes: fe6f700d6cbb ("net/mlx4_core: Respond to operation request by firmware")
Signed-off-by: Qiushi Wu <wu000273@umn.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx4/fw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/mellanox/mlx4/fw.c
+++ b/drivers/net/ethernet/mellanox/mlx4/fw.c
@@ -2734,7 +2734,7 @@ void mlx4_opreq_action(struct work_struc
if (err) {
mlx4_err(dev, "Failed to retrieve required operation: %d\n",
err);
- return;
+ goto out;
}
MLX4_GET(modifier, outbox, GET_OP_REQ_MODIFIER_OFFSET);
MLX4_GET(token, outbox, GET_OP_REQ_TOKEN_OFFSET);
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 041/177] net: sgi: ioc3-eth: Fix return value check in ioc3eth_probe()
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 040/177] net/mlx4_core: fix a memory leak bug Greg Kroah-Hartman
@ 2020-06-01 17:52 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 042/177] mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload fails Greg Kroah-Hartman
` (136 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Shengju, Tang Bin, David S. Miller
From: Tang Bin <tangbin@cmss.chinamobile.com>
commit a7654211d0ffeaa8eb0545ea00f8445242cbce05 upstream.
In the function devm_platform_ioremap_resource(), if get resource
failed, the return value is ERR_PTR() not NULL. Thus it must be
replaced by IS_ERR(), or else it may result in crashes if a critical
error path is encountered.
Fixes: 0ce5ebd24d25 ("mfd: ioc3: Add driver for SGI IOC3 chip")
Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com>
Signed-off-by: Tang Bin <tangbin@cmss.chinamobile.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/sgi/ioc3-eth.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/net/ethernet/sgi/ioc3-eth.c
+++ b/drivers/net/ethernet/sgi/ioc3-eth.c
@@ -865,14 +865,14 @@ static int ioc3eth_probe(struct platform
ip = netdev_priv(dev);
ip->dma_dev = pdev->dev.parent;
ip->regs = devm_platform_ioremap_resource(pdev, 0);
- if (!ip->regs) {
- err = -ENOMEM;
+ if (IS_ERR(ip->regs)) {
+ err = PTR_ERR(ip->regs);
goto out_free;
}
ip->ssram = devm_platform_ioremap_resource(pdev, 1);
- if (!ip->ssram) {
- err = -ENOMEM;
+ if (IS_ERR(ip->ssram)) {
+ err = PTR_ERR(ip->ssram);
goto out_free;
}
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 042/177] mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload fails
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2020-06-01 17:52 ` [PATCH 5.6 041/177] net: sgi: ioc3-eth: Fix return value check in ioc3eth_probe() Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 043/177] net: mscc: ocelot: fix address ageing time (again) Greg Kroah-Hartman
` (135 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Danielle Ratson, Jiri Pirko,
Ido Schimmel, David S. Miller
From: Jiri Pirko <jiri@mellanox.com>
commit 4340f42f207eacb81e7a6b6bb1e3b6afad9a2e26 upstream.
In case of reload fail, the mlxsw_sp->ports contains a pointer to a
freed memory (either by reload_down() or reload_up() error path).
Fix this by initializing the pointer to NULL and checking it before
dereferencing in split/unsplit/type_set callpaths.
Fixes: 24cc68ad6c46 ("mlxsw: core: Add support for reload")
Reported-by: Danielle Ratson <danieller@mellanox.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 14 ++++++++++++--
drivers/net/ethernet/mellanox/mlxsw/switchx2.c | 8 ++++++++
2 files changed, 20 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c
@@ -4043,6 +4043,7 @@ static void mlxsw_sp_ports_remove(struct
mlxsw_sp_port_remove(mlxsw_sp, i);
mlxsw_sp_cpu_port_remove(mlxsw_sp);
kfree(mlxsw_sp->ports);
+ mlxsw_sp->ports = NULL;
}
static int mlxsw_sp_ports_create(struct mlxsw_sp *mlxsw_sp)
@@ -4079,6 +4080,7 @@ err_port_create:
mlxsw_sp_cpu_port_remove(mlxsw_sp);
err_cpu_port_create:
kfree(mlxsw_sp->ports);
+ mlxsw_sp->ports = NULL;
return err;
}
@@ -4200,6 +4202,14 @@ static int mlxsw_sp_local_ports_offset(s
return mlxsw_core_res_get(mlxsw_core, local_ports_in_x_res_id);
}
+static struct mlxsw_sp_port *
+mlxsw_sp_port_get_by_local_port(struct mlxsw_sp *mlxsw_sp, u8 local_port)
+{
+ if (mlxsw_sp->ports && mlxsw_sp->ports[local_port])
+ return mlxsw_sp->ports[local_port];
+ return NULL;
+}
+
static int mlxsw_sp_port_split(struct mlxsw_core *mlxsw_core, u8 local_port,
unsigned int count,
struct netlink_ext_ack *extack)
@@ -4213,7 +4223,7 @@ static int mlxsw_sp_port_split(struct ml
int i;
int err;
- mlxsw_sp_port = mlxsw_sp->ports[local_port];
+ mlxsw_sp_port = mlxsw_sp_port_get_by_local_port(mlxsw_sp, local_port);
if (!mlxsw_sp_port) {
dev_err(mlxsw_sp->bus_info->dev, "Port number \"%d\" does not exist\n",
local_port);
@@ -4308,7 +4318,7 @@ static int mlxsw_sp_port_unsplit(struct
int offset;
int i;
- mlxsw_sp_port = mlxsw_sp->ports[local_port];
+ mlxsw_sp_port = mlxsw_sp_port_get_by_local_port(mlxsw_sp, local_port);
if (!mlxsw_sp_port) {
dev_err(mlxsw_sp->bus_info->dev, "Port number \"%d\" does not exist\n",
local_port);
--- a/drivers/net/ethernet/mellanox/mlxsw/switchx2.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/switchx2.c
@@ -1259,6 +1259,7 @@ static void mlxsw_sx_ports_remove(struct
if (mlxsw_sx_port_created(mlxsw_sx, i))
mlxsw_sx_port_remove(mlxsw_sx, i);
kfree(mlxsw_sx->ports);
+ mlxsw_sx->ports = NULL;
}
static int mlxsw_sx_ports_create(struct mlxsw_sx *mlxsw_sx)
@@ -1293,6 +1294,7 @@ err_port_module_info_get:
if (mlxsw_sx_port_created(mlxsw_sx, i))
mlxsw_sx_port_remove(mlxsw_sx, i);
kfree(mlxsw_sx->ports);
+ mlxsw_sx->ports = NULL;
return err;
}
@@ -1376,6 +1378,12 @@ static int mlxsw_sx_port_type_set(struct
u8 module, width;
int err;
+ if (!mlxsw_sx->ports || !mlxsw_sx->ports[local_port]) {
+ dev_err(mlxsw_sx->bus_info->dev, "Port number \"%d\" does not exist\n",
+ local_port);
+ return -EINVAL;
+ }
+
if (new_type == DEVLINK_PORT_TYPE_AUTO)
return -EOPNOTSUPP;
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 043/177] net: mscc: ocelot: fix address ageing time (again)
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 042/177] mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload fails Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 044/177] arm64: dts: qcom: db820c: fix audio configuration Greg Kroah-Hartman
` (134 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Vladimir Oltean, David S. Miller
From: Vladimir Oltean <vladimir.oltean@nxp.com>
commit bf655ba212dfd10d1c86afeee3f3372dbd731d46 upstream.
ocelot_set_ageing_time has 2 callers:
- felix_set_ageing_time: from drivers/net/dsa/ocelot/felix.c
- ocelot_port_attr_ageing_set: from drivers/net/ethernet/mscc/ocelot.c
The issue described in the fixed commit below actually happened for the
felix_set_ageing_time code path only, since ocelot_port_attr_ageing_set
was already dividing by 1000. So to make both paths symmetrical (and to
fix addresses getting aged way too fast on Ocelot), stop dividing by
1000 at caller side altogether.
Fixes: c0d7eccbc761 ("net: mscc: ocelot: ANA_AUTOAGE_AGE_PERIOD holds a value in seconds, not ms")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mscc/ocelot.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/mscc/ocelot.c
+++ b/drivers/net/ethernet/mscc/ocelot.c
@@ -1460,7 +1460,7 @@ static void ocelot_port_attr_ageing_set(
unsigned long ageing_clock_t)
{
unsigned long ageing_jiffies = clock_t_to_jiffies(ageing_clock_t);
- u32 ageing_time = jiffies_to_msecs(ageing_jiffies) / 1000;
+ u32 ageing_time = jiffies_to_msecs(ageing_jiffies);
ocelot_set_ageing_time(ocelot, ageing_time);
}
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 044/177] arm64: dts: qcom: db820c: fix audio configuration
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 043/177] net: mscc: ocelot: fix address ageing time (again) Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 045/177] ARM: dts: rockchip: fix phy nodename for rk3228-evb Greg Kroah-Hartman
` (133 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vinod Koul, Srinivas Kandagatla,
Bjorn Andersson, Sasha Levin
From: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
[ Upstream commit 7710f80ecd9c74544a22557ab581cf603e713f51 ]
After patch f864edff110d ("ASoC: qdsp6: q6routing: remove default routing")
and 9b60441692d9 ("ASoC: qdsp6: q6asm-dai: only enable dais from device tree")
asm dais and routing needs to be properly specified at device tree level.
This patch fixes this.
Tested-by: Vinod Koul <vkoul@kernel.org>
Reviewed-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20200422101922.8894-1-srinivas.kandagatla@linaro.org
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/apq8096-db820c.dtsi | 19 ++++++++++++++++++-
arch/arm64/boot/dts/qcom/msm8996.dtsi | 2 ++
2 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/apq8096-db820c.dtsi b/arch/arm64/boot/dts/qcom/apq8096-db820c.dtsi
index a85b85d85a5f..3c7c9b52623c 100644
--- a/arch/arm64/boot/dts/qcom/apq8096-db820c.dtsi
+++ b/arch/arm64/boot/dts/qcom/apq8096-db820c.dtsi
@@ -908,10 +908,27 @@
status = "okay";
};
+&q6asmdai {
+ dai@0 {
+ reg = <0>;
+ };
+
+ dai@1 {
+ reg = <1>;
+ };
+
+ dai@2 {
+ reg = <2>;
+ };
+};
+
&sound {
compatible = "qcom,apq8096-sndcard";
model = "DB820c";
- audio-routing = "RX_BIAS", "MCLK";
+ audio-routing = "RX_BIAS", "MCLK",
+ "MM_DL1", "MultiMedia1 Playback",
+ "MM_DL2", "MultiMedia2 Playback",
+ "MultiMedia3 Capture", "MM_UL3";
mm1-dai-link {
link-name = "MultiMedia1";
diff --git a/arch/arm64/boot/dts/qcom/msm8996.dtsi b/arch/arm64/boot/dts/qcom/msm8996.dtsi
index 7ae082ea14ea..f925a6c7d293 100644
--- a/arch/arm64/boot/dts/qcom/msm8996.dtsi
+++ b/arch/arm64/boot/dts/qcom/msm8996.dtsi
@@ -2053,6 +2053,8 @@
reg = <APR_SVC_ASM>;
q6asmdai: dais {
compatible = "qcom,q6asm-dais";
+ #address-cells = <1>;
+ #size-cells = <0>;
#sound-dai-cells = <1>;
iommus = <&lpass_q6_smmu 1>;
};
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 045/177] ARM: dts: rockchip: fix phy nodename for rk3228-evb
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 044/177] arm64: dts: qcom: db820c: fix audio configuration Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 046/177] ARM: dts: rockchip: fix phy nodename for rk3229-xms6 Greg Kroah-Hartman
` (132 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Jonker, Heiko Stuebner, Sasha Levin
From: Johan Jonker <jbx6244@gmail.com>
[ Upstream commit 287e0d538fcec2f6e8eb1e565bf0749f3b90186d ]
A test with the command below gives for example this error:
arch/arm/boot/dts/rk3228-evb.dt.yaml: phy@0:
'#phy-cells' is a required property
The phy nodename is normally used by a phy-handle.
This node is however compatible with
"ethernet-phy-id1234.d400", "ethernet-phy-ieee802.3-c22"
which is just been added to 'ethernet-phy.yaml'.
So change nodename to 'ethernet-phy' for which '#phy-cells'
is not a required property
make ARCH=arm dtbs_check
DT_SCHEMA_FILES=~/.local/lib/python3.5/site-packages/dtschema/schemas/
phy/phy-provider.yaml
Signed-off-by: Johan Jonker <jbx6244@gmail.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://lore.kernel.org/r/20200416170321.4216-1-jbx6244@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/rk3228-evb.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/rk3228-evb.dts b/arch/arm/boot/dts/rk3228-evb.dts
index 5670b33fd1bd..aed879db6c15 100644
--- a/arch/arm/boot/dts/rk3228-evb.dts
+++ b/arch/arm/boot/dts/rk3228-evb.dts
@@ -46,7 +46,7 @@
#address-cells = <1>;
#size-cells = <0>;
- phy: phy@0 {
+ phy: ethernet-phy@0 {
compatible = "ethernet-phy-id1234.d400", "ethernet-phy-ieee802.3-c22";
reg = <0>;
clocks = <&cru SCLK_MAC_PHY>;
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 046/177] ARM: dts: rockchip: fix phy nodename for rk3229-xms6
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 045/177] ARM: dts: rockchip: fix phy nodename for rk3228-evb Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 047/177] arm64: dts: rockchip: fix status for &gmac2phy in rk3328-evb.dts Greg Kroah-Hartman
` (131 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Jonker, Heiko Stuebner, Sasha Levin
From: Johan Jonker <jbx6244@gmail.com>
[ Upstream commit 621c8d0c233e260232278a4cfd3380caa3c1da29 ]
A test with the command below gives for example this error:
arch/arm/boot/dts/rk3229-xms6.dt.yaml: phy@0:
'#phy-cells' is a required property
The phy nodename is normally used by a phy-handle.
This node is however compatible with
"ethernet-phy-id1234.d400", "ethernet-phy-ieee802.3-c22"
which is just been added to 'ethernet-phy.yaml'.
So change nodename to 'ethernet-phy' for which '#phy-cells'
is not a required property
make ARCH=arm dtbs_check
DT_SCHEMA_FILES=~/.local/lib/python3.5/site-packages/dtschema/schemas/
phy/phy-provider.yaml
Signed-off-by: Johan Jonker <jbx6244@gmail.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://lore.kernel.org/r/20200416170321.4216-2-jbx6244@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/rk3229-xms6.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/rk3229-xms6.dts b/arch/arm/boot/dts/rk3229-xms6.dts
index 679fc2b00e5a..933ef69da32a 100644
--- a/arch/arm/boot/dts/rk3229-xms6.dts
+++ b/arch/arm/boot/dts/rk3229-xms6.dts
@@ -150,7 +150,7 @@
#address-cells = <1>;
#size-cells = <0>;
- phy: phy@0 {
+ phy: ethernet-phy@0 {
compatible = "ethernet-phy-id1234.d400",
"ethernet-phy-ieee802.3-c22";
reg = <0>;
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 047/177] arm64: dts: rockchip: fix status for &gmac2phy in rk3328-evb.dts
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 046/177] ARM: dts: rockchip: fix phy nodename for rk3229-xms6 Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 048/177] arm64: dts: rockchip: swap interrupts interrupt-names rk3399 gpu node Greg Kroah-Hartman
` (130 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Jonker, Heiko Stuebner, Sasha Levin
From: Johan Jonker <jbx6244@gmail.com>
[ Upstream commit c617ed88502d0b05149e7f32f3b3fd8a0663f7e2 ]
The status was removed of the '&gmac2phy' node with the apply
of a patch long time ago, so fix status for '&gmac2phy'
in 'rk3328-evb.dts'.
Signed-off-by: Johan Jonker <jbx6244@gmail.com>
Link: https://lore.kernel.org/r/20200425122345.12902-2-jbx6244@gmail.com
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/rockchip/rk3328-evb.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/rockchip/rk3328-evb.dts b/arch/arm64/boot/dts/rockchip/rk3328-evb.dts
index 6abc6f4a86cf..05265b38cc02 100644
--- a/arch/arm64/boot/dts/rockchip/rk3328-evb.dts
+++ b/arch/arm64/boot/dts/rockchip/rk3328-evb.dts
@@ -86,7 +86,7 @@
assigned-clock-rate = <50000000>;
assigned-clocks = <&cru SCLK_MAC2PHY>;
assigned-clock-parents = <&cru SCLK_MAC2PHY_SRC>;
-
+ status = "okay";
};
&i2c1 {
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 048/177] arm64: dts: rockchip: swap interrupts interrupt-names rk3399 gpu node
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 047/177] arm64: dts: rockchip: fix status for &gmac2phy in rk3328-evb.dts Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 049/177] ARM: dts: rockchip: swap clock-names of gpu nodes Greg Kroah-Hartman
` (129 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Jonker, Heiko Stuebner, Sasha Levin
From: Johan Jonker <jbx6244@gmail.com>
[ Upstream commit c604fd810bda667bdc20b2c041917baa7803e0fb ]
Dts files with Rockchip rk3399 'gpu' nodes were manually verified.
In order to automate this process arm,mali-midgard.txt
has been converted to yaml. In the new setup dtbs_check with
arm,mali-midgard.yaml expects interrupts and interrupt-names values
in the same order. Fix this for rk3399.
make ARCH=arm64 dtbs_check
DT_SCHEMA_FILES=Documentation/devicetree/bindings/gpu/
arm,mali-midgard.yaml
Signed-off-by: Johan Jonker <jbx6244@gmail.com>
Link: https://lore.kernel.org/r/20200425143837.18706-1-jbx6244@gmail.com
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/rockchip/rk3399.dtsi | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/boot/dts/rockchip/rk3399.dtsi b/arch/arm64/boot/dts/rockchip/rk3399.dtsi
index 5c4238a80144..c341172ec208 100644
--- a/arch/arm64/boot/dts/rockchip/rk3399.dtsi
+++ b/arch/arm64/boot/dts/rockchip/rk3399.dtsi
@@ -1890,10 +1890,10 @@
gpu: gpu@ff9a0000 {
compatible = "rockchip,rk3399-mali", "arm,mali-t860";
reg = <0x0 0xff9a0000 0x0 0x10000>;
- interrupts = <GIC_SPI 19 IRQ_TYPE_LEVEL_HIGH 0>,
- <GIC_SPI 20 IRQ_TYPE_LEVEL_HIGH 0>,
- <GIC_SPI 21 IRQ_TYPE_LEVEL_HIGH 0>;
- interrupt-names = "gpu", "job", "mmu";
+ interrupts = <GIC_SPI 20 IRQ_TYPE_LEVEL_HIGH 0>,
+ <GIC_SPI 21 IRQ_TYPE_LEVEL_HIGH 0>,
+ <GIC_SPI 19 IRQ_TYPE_LEVEL_HIGH 0>;
+ interrupt-names = "job", "mmu", "gpu";
clocks = <&cru ACLK_GPU>;
#cooling-cells = <2>;
power-domains = <&power RK3399_PD_GPU>;
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 049/177] ARM: dts: rockchip: swap clock-names of gpu nodes
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 048/177] arm64: dts: rockchip: swap interrupts interrupt-names rk3399 gpu node Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 050/177] ARM: dts: rockchip: fix pinctrl sub nodename for spi in rk322x.dtsi Greg Kroah-Hartman
` (128 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Jonker, Heiko Stuebner, Sasha Levin
From: Johan Jonker <jbx6244@gmail.com>
[ Upstream commit b14f3898d2c25a9b47a61fb879d0b1f3af92c59b ]
Dts files with Rockchip 'gpu' nodes were manually verified.
In order to automate this process arm,mali-utgard.txt
has been converted to yaml. In the new setup dtbs_check with
arm,mali-utgard.yaml expects clock-names values
in the same order, so fix that.
Signed-off-by: Johan Jonker <jbx6244@gmail.com>
Link: https://lore.kernel.org/r/20200425192500.1808-1-jbx6244@gmail.com
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/rk3036.dtsi | 2 +-
arch/arm/boot/dts/rk322x.dtsi | 2 +-
arch/arm/boot/dts/rk3xxx.dtsi | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm/boot/dts/rk3036.dtsi b/arch/arm/boot/dts/rk3036.dtsi
index cf36e25195b4..8c4b8f56c9e0 100644
--- a/arch/arm/boot/dts/rk3036.dtsi
+++ b/arch/arm/boot/dts/rk3036.dtsi
@@ -128,7 +128,7 @@
assigned-clocks = <&cru SCLK_GPU>;
assigned-clock-rates = <100000000>;
clocks = <&cru SCLK_GPU>, <&cru SCLK_GPU>;
- clock-names = "core", "bus";
+ clock-names = "bus", "core";
resets = <&cru SRST_GPU>;
status = "disabled";
};
diff --git a/arch/arm/boot/dts/rk322x.dtsi b/arch/arm/boot/dts/rk322x.dtsi
index 4e90efdc9630..729119952c68 100644
--- a/arch/arm/boot/dts/rk322x.dtsi
+++ b/arch/arm/boot/dts/rk322x.dtsi
@@ -561,7 +561,7 @@
"pp1",
"ppmmu1";
clocks = <&cru ACLK_GPU>, <&cru ACLK_GPU>;
- clock-names = "core", "bus";
+ clock-names = "bus", "core";
resets = <&cru SRST_GPU_A>;
status = "disabled";
};
diff --git a/arch/arm/boot/dts/rk3xxx.dtsi b/arch/arm/boot/dts/rk3xxx.dtsi
index 241f43e29c77..bb5ff10b9110 100644
--- a/arch/arm/boot/dts/rk3xxx.dtsi
+++ b/arch/arm/boot/dts/rk3xxx.dtsi
@@ -84,7 +84,7 @@
compatible = "arm,mali-400";
reg = <0x10090000 0x10000>;
clocks = <&cru ACLK_GPU>, <&cru ACLK_GPU>;
- clock-names = "core", "bus";
+ clock-names = "bus", "core";
assigned-clocks = <&cru ACLK_GPU>;
assigned-clock-rates = <100000000>;
resets = <&cru SRST_GPU>;
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 050/177] ARM: dts: rockchip: fix pinctrl sub nodename for spi in rk322x.dtsi
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 049/177] ARM: dts: rockchip: swap clock-names of gpu nodes Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 051/177] gpio: tegra: mask GPIO IRQs during IRQ shutdown Greg Kroah-Hartman
` (127 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Jonker, Heiko Stuebner, Sasha Levin
From: Johan Jonker <jbx6244@gmail.com>
[ Upstream commit 855bdca1781c79eb661f89c8944c4a719ce720e8 ]
A test with the command below gives these errors:
arch/arm/boot/dts/rk3229-evb.dt.yaml: spi-0:
'#address-cells' is a required property
arch/arm/boot/dts/rk3229-evb.dt.yaml: spi-1:
'#address-cells' is a required property
arch/arm/boot/dts/rk3229-xms6.dt.yaml: spi-0:
'#address-cells' is a required property
arch/arm/boot/dts/rk3229-xms6.dt.yaml: spi-1:
'#address-cells' is a required property
The $nodename pattern for spi nodes is
"^spi(@.*|-[0-9a-f])*$". To prevent warnings rename
'spi-0' and 'spi-1' pinctrl sub nodenames to
'spi0' and 'spi1' in 'rk322x.dtsi'.
make ARCH=arm dtbs_check
DT_SCHEMA_FILES=Documentation/devicetree/bindings/spi/spi-controller.yaml
Signed-off-by: Johan Jonker <jbx6244@gmail.com>
Link: https://lore.kernel.org/r/20200424123923.8192-1-jbx6244@gmail.com
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/rk322x.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/boot/dts/rk322x.dtsi b/arch/arm/boot/dts/rk322x.dtsi
index 729119952c68..a83f65486ad4 100644
--- a/arch/arm/boot/dts/rk322x.dtsi
+++ b/arch/arm/boot/dts/rk322x.dtsi
@@ -1033,7 +1033,7 @@
};
};
- spi-0 {
+ spi0 {
spi0_clk: spi0-clk {
rockchip,pins = <0 RK_PB1 2 &pcfg_pull_up>;
};
@@ -1051,7 +1051,7 @@
};
};
- spi-1 {
+ spi1 {
spi1_clk: spi1-clk {
rockchip,pins = <0 RK_PC7 2 &pcfg_pull_up>;
};
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 051/177] gpio: tegra: mask GPIO IRQs during IRQ shutdown
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 050/177] ARM: dts: rockchip: fix pinctrl sub nodename for spi in rk322x.dtsi Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 052/177] ALSA: usb-audio: add mapping for ASRock TRX40 Creator Greg Kroah-Hartman
` (126 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephen Warren, Linus Walleij, Sasha Levin
From: Stephen Warren <swarren@nvidia.com>
[ Upstream commit 0cf253eed5d2bdf7bb3152457b38f39b012955f7 ]
The driver currently leaves GPIO IRQs unmasked even when the GPIO IRQ
client has released the GPIO IRQ. This allows the HW to raise IRQs, and
SW to process them, after shutdown. Fix this by masking the IRQ when it's
shut down. This is usually taken care of by the irqchip core, but since
this driver has a custom irq_shutdown implementation, it must do this
explicitly itself.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Link: https://lore.kernel.org/r/20200427232605.11608-1-swarren@wwwdotorg.org
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpio/gpio-tegra.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpio/gpio-tegra.c b/drivers/gpio/gpio-tegra.c
index acb99eff9939..86568154cdb3 100644
--- a/drivers/gpio/gpio-tegra.c
+++ b/drivers/gpio/gpio-tegra.c
@@ -368,6 +368,7 @@ static void tegra_gpio_irq_shutdown(struct irq_data *d)
struct tegra_gpio_info *tgi = bank->tgi;
unsigned int gpio = d->hwirq;
+ tegra_gpio_irq_mask(d);
gpiochip_unlock_as_irq(&tgi->gc, gpio);
}
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 052/177] ALSA: usb-audio: add mapping for ASRock TRX40 Creator
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 051/177] gpio: tegra: mask GPIO IRQs during IRQ shutdown Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 053/177] ARM: dts: omap4-droid4: Fix flakey wlan by disabling internal pull for gpio Greg Kroah-Hartman
` (125 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrew Oakley, Takashi Iwai, Sasha Levin
From: Andrew Oakley <andrew@adoakley.name>
[ Upstream commit da7a8f1a8fc3e14c6dcc52b4098bddb8f20390be ]
This is another TRX40 based motherboard with ALC1220-VB USB-audio
that requires a static mapping table.
This motherboard also has a PCI device which advertises no codecs. The
PCI ID is 1022:1487 and PCI SSID is 1022:d102. As this is using the AMD
vendor ID, don't blacklist for now in case other boards have a working
audio device with the same ssid.
alsa-info.sh report for this board:
http://alsa-project.org/db/?f=0a742f89066527497b77ce16bca486daccf8a70c
Signed-off-by: Andrew Oakley <andrew@adoakley.name>
Link: https://lore.kernel.org/r/20200503141639.35519-1-andrew@adoakley.name
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/usb/mixer_maps.c | 5 +++++
sound/usb/quirks-table.h | 1 +
2 files changed, 6 insertions(+)
diff --git a/sound/usb/mixer_maps.c b/sound/usb/mixer_maps.c
index 0260c750e156..bfdc6ad52785 100644
--- a/sound/usb/mixer_maps.c
+++ b/sound/usb/mixer_maps.c
@@ -549,6 +549,11 @@ static const struct usbmix_ctl_map usbmix_ctl_maps[] = {
.map = trx40_mobo_map,
.connector_map = trx40_mobo_connector_map,
},
+ { /* Asrock TRX40 Creator */
+ .id = USB_ID(0x26ce, 0x0a01),
+ .map = trx40_mobo_map,
+ .connector_map = trx40_mobo_connector_map,
+ },
{ 0 } /* terminator */
};
diff --git a/sound/usb/quirks-table.h b/sound/usb/quirks-table.h
index 8c2f5c23e1b4..aa4c16ce0e57 100644
--- a/sound/usb/quirks-table.h
+++ b/sound/usb/quirks-table.h
@@ -3647,6 +3647,7 @@ AU0828_DEVICE(0x2040, 0x7270, "Hauppauge", "HVR-950Q"),
ALC1220_VB_DESKTOP(0x0414, 0xa002), /* Gigabyte TRX40 Aorus Pro WiFi */
ALC1220_VB_DESKTOP(0x0db0, 0x0d64), /* MSI TRX40 Creator */
ALC1220_VB_DESKTOP(0x0db0, 0x543d), /* MSI TRX40 */
+ALC1220_VB_DESKTOP(0x26ce, 0x0a01), /* Asrock TRX40 Creator */
#undef ALC1220_VB_DESKTOP
#undef USB_DEVICE_VENDOR_SPEC
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 053/177] ARM: dts: omap4-droid4: Fix flakey wlan by disabling internal pull for gpio
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 052/177] ALSA: usb-audio: add mapping for ASRock TRX40 Creator Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 054/177] ARM: dts: omap4-droid4: Fix occasional lost wakeirq for uart1 Greg Kroah-Hartman
` (124 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tony Lindgren, Sasha Levin
From: Tony Lindgren <tony@atomide.com>
[ Upstream commit 30fa60c678eaa27b8f2a531920d77f7184658f73 ]
The wlan on droid4 is flakey on some devices, and experiments have shown this
gets fixed if we disable the internal pull for wlan gpio interrupt line.
The symptoms are that the wlan connection is very slow and almost useless
with lots of wlcore firmware reboot warnings in the dmesg.
In addition to configuring the wlan gpio pulls, let's also configure the rest
of the wlan sd pins. We have not configured those eariler as we're booting
using kexec.
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../boot/dts/motorola-mapphone-common.dtsi | 33 +++++++++++++++++++
1 file changed, 33 insertions(+)
diff --git a/arch/arm/boot/dts/motorola-mapphone-common.dtsi b/arch/arm/boot/dts/motorola-mapphone-common.dtsi
index 9067e0ef4240..01ea9a1e2c86 100644
--- a/arch/arm/boot/dts/motorola-mapphone-common.dtsi
+++ b/arch/arm/boot/dts/motorola-mapphone-common.dtsi
@@ -367,6 +367,8 @@
};
&mmc3 {
+ pinctrl-names = "default";
+ pinctrl-0 = <&mmc3_pins>;
vmmc-supply = <&wl12xx_vmmc>;
/* uart2_tx.sdmmc3_dat1 pad as wakeirq */
interrupts-extended = <&wakeupgen GIC_SPI 94 IRQ_TYPE_LEVEL_HIGH
@@ -472,6 +474,37 @@
>;
};
+ /*
+ * Android uses PIN_OFF_INPUT_PULLDOWN | PIN_INPUT_PULLUP | MUX_MODE3
+ * for gpio_100, but the internal pull makes wlan flakey on some
+ * devices. Off mode value should be tested if we have off mode working
+ * later on.
+ */
+ mmc3_pins: pinmux_mmc3_pins {
+ pinctrl-single,pins = <
+ /* 0x4a10008e gpmc_wait2.gpio_100 d23 */
+ OMAP4_IOPAD(0x08e, PIN_INPUT | MUX_MODE3)
+
+ /* 0x4a100102 abe_mcbsp1_dx.sdmmc3_dat2 ab25 */
+ OMAP4_IOPAD(0x102, PIN_INPUT_PULLUP | MUX_MODE1)
+
+ /* 0x4a100104 abe_mcbsp1_fsx.sdmmc3_dat3 ac27 */
+ OMAP4_IOPAD(0x104, PIN_INPUT_PULLUP | MUX_MODE1)
+
+ /* 0x4a100118 uart2_cts.sdmmc3_clk ab26 */
+ OMAP4_IOPAD(0x118, PIN_INPUT | MUX_MODE1)
+
+ /* 0x4a10011a uart2_rts.sdmmc3_cmd ab27 */
+ OMAP4_IOPAD(0x11a, PIN_INPUT_PULLUP | MUX_MODE1)
+
+ /* 0x4a10011c uart2_rx.sdmmc3_dat0 aa25 */
+ OMAP4_IOPAD(0x11c, PIN_INPUT_PULLUP | MUX_MODE1)
+
+ /* 0x4a10011e uart2_tx.sdmmc3_dat1 aa26 */
+ OMAP4_IOPAD(0x11e, PIN_INPUT_PULLUP | MUX_MODE1)
+ >;
+ };
+
/* gpmc_ncs0.gpio_50 */
poweroff_gpio: pinmux_poweroff_pins {
pinctrl-single,pins = <
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 054/177] ARM: dts: omap4-droid4: Fix occasional lost wakeirq for uart1
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 053/177] ARM: dts: omap4-droid4: Fix flakey wlan by disabling internal pull for gpio Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 055/177] net: microchip: encx24j600: add missed kthread_stop Greg Kroah-Hartman
` (123 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, maemo-leste, Merlijn Wajer,
Pavel Machek, Sebastian Reichel, Tony Lindgren, Sasha Levin
From: Tony Lindgren <tony@atomide.com>
[ Upstream commit 738b150ecefbffb6e55cfa8a3b66a844f777d8fb ]
Looks like using the UART CTS pin does not always trigger for a wake-up
when the SoC is idle.
This is probably because the modem first uses gpio_149 to signal the SoC
that data will be sent, and the CTS will only get used later when the
data transfer is starting.
Let's fix the issue by configuring the gpio_149 pad as the wakeirq for
UART. We have gpio_149 managed by the USB PHY for powering up the right
USB mode, and after that, the gpio gets recycled as the modem wake-up
pin. If needeed, the USB PHY can also later on be configured to use
gpio_149 pad as the wakeirq as a shared irq.
Let's also configure the missing properties for uart-has-rtscts and
current-speed for the modem port while at it. We already configure the
hardware flow control pins with uart1_pins pinctrl setting.
Cc: maemo-leste@lists.dyne.org
Cc: Merlijn Wajer <merlijn@wizzup.org>
Cc: Pavel Machek <pavel@ucw.cz>
Cc: Sebastian Reichel <sre@kernel.org>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/motorola-mapphone-common.dtsi | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/arch/arm/boot/dts/motorola-mapphone-common.dtsi b/arch/arm/boot/dts/motorola-mapphone-common.dtsi
index 01ea9a1e2c86..06fbffa81636 100644
--- a/arch/arm/boot/dts/motorola-mapphone-common.dtsi
+++ b/arch/arm/boot/dts/motorola-mapphone-common.dtsi
@@ -723,14 +723,18 @@
};
/*
- * As uart1 is wired to mdm6600 with rts and cts, we can use the cts pin for
- * uart1 wakeirq.
+ * The uart1 port is wired to mdm6600 with rts and cts. The modem uses gpio_149
+ * for wake-up events for both the USB PHY and the UART. We can use gpio_149
+ * pad as the shared wakeirq for the UART rather than the RX or CTS pad as we
+ * have gpio_149 trigger before the UART transfer starts.
*/
&uart1 {
pinctrl-names = "default";
pinctrl-0 = <&uart1_pins>;
interrupts-extended = <&wakeupgen GIC_SPI 72 IRQ_TYPE_LEVEL_HIGH
- &omap4_pmx_core 0xfc>;
+ &omap4_pmx_core 0x110>;
+ uart-has-rtscts;
+ current-speed = <115200>;
};
&uart3 {
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 055/177] net: microchip: encx24j600: add missed kthread_stop
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 054/177] ARM: dts: omap4-droid4: Fix occasional lost wakeirq for uart1 Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 056/177] kselftests: dmabuf-heaps: Fix confused return value on expected error testing Greg Kroah-Hartman
` (122 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chuhong Yuan, David S. Miller, Sasha Levin
From: Chuhong Yuan <hslester96@gmail.com>
[ Upstream commit ff8ce319e9c25e920d994cc35236f0bb32dfc8f3 ]
This driver calls kthread_run() in probe, but forgets to call
kthread_stop() in probe failure and remove.
Add the missed kthread_stop() to fix it.
Signed-off-by: Chuhong Yuan <hslester96@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/microchip/encx24j600.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/microchip/encx24j600.c b/drivers/net/ethernet/microchip/encx24j600.c
index 39925e4bf2ec..b25a13da900a 100644
--- a/drivers/net/ethernet/microchip/encx24j600.c
+++ b/drivers/net/ethernet/microchip/encx24j600.c
@@ -1070,7 +1070,7 @@ static int encx24j600_spi_probe(struct spi_device *spi)
if (unlikely(ret)) {
netif_err(priv, probe, ndev, "Error %d initializing card encx24j600 card\n",
ret);
- goto out_free;
+ goto out_stop;
}
eidled = encx24j600_read_reg(priv, EIDLED);
@@ -1088,6 +1088,8 @@ static int encx24j600_spi_probe(struct spi_device *spi)
out_unregister:
unregister_netdev(priv->ndev);
+out_stop:
+ kthread_stop(priv->kworker_task);
out_free:
free_netdev(ndev);
@@ -1100,6 +1102,7 @@ static int encx24j600_spi_remove(struct spi_device *spi)
struct encx24j600_priv *priv = dev_get_drvdata(&spi->dev);
unregister_netdev(priv->ndev);
+ kthread_stop(priv->kworker_task);
free_netdev(priv->ndev);
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 056/177] kselftests: dmabuf-heaps: Fix confused return value on expected error testing
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 055/177] net: microchip: encx24j600: add missed kthread_stop Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 057/177] gfs2: move privileged user check to gfs2_quota_lock_check Greg Kroah-Hartman
` (121 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shuah Khan, Sumit Semwal,
Benjamin Gaignard, Brian Starkey, Laura Abbott, Andrew F. Davis,
linux-kselftest, John Stultz, Shuah Khan, Sasha Levin
From: John Stultz <john.stultz@linaro.org>
[ Upstream commit 4bb9d46d47b105a774f9dca642f5271375bca4b2 ]
When I added the expected error testing, I forgot I need to set
the return to zero when we successfully see an error.
Without this change we only end up testing a single heap
before the test quits.
Cc: Shuah Khan <shuah@kernel.org>
Cc: Sumit Semwal <sumit.semwal@linaro.org>
Cc: Benjamin Gaignard <benjamin.gaignard@linaro.org>
Cc: Brian Starkey <brian.starkey@arm.com>
Cc: Laura Abbott <labbott@redhat.com>
Cc: "Andrew F. Davis" <afd@ti.com>
Cc: linux-kselftest@vger.kernel.org
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c b/tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c
index cd5e1f602ac9..909da9cdda97 100644
--- a/tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c
+++ b/tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c
@@ -351,6 +351,7 @@ static int test_alloc_errors(char *heap_name)
}
printf("Expected error checking passed\n");
+ ret = 0;
out:
if (dmabuf_fd >= 0)
close(dmabuf_fd);
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 057/177] gfs2: move privileged user check to gfs2_quota_lock_check
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 056/177] kselftests: dmabuf-heaps: Fix confused return value on expected error testing Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 058/177] gfs2: dont call quota_unhold if quotas are not locked Greg Kroah-Hartman
` (120 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bob Peterson, Andreas Gruenbacher,
Sasha Levin
From: Bob Peterson <rpeterso@redhat.com>
[ Upstream commit 4ed0c30811cb4d30ef89850b787a53a84d5d2bcb ]
Before this patch, function gfs2_quota_lock checked if it was called
from a privileged user, and if so, it bypassed the quota check:
superuser can operate outside the quotas.
That's the wrong place for the check because the lock/unlock functions
are separate from the lock_check function, and you can do lock and
unlock without actually checking the quotas.
This patch moves the check to gfs2_quota_lock_check.
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/gfs2/quota.c | 3 +--
fs/gfs2/quota.h | 3 ++-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/gfs2/quota.c b/fs/gfs2/quota.c
index e9f93045eb01..832d44782f74 100644
--- a/fs/gfs2/quota.c
+++ b/fs/gfs2/quota.c
@@ -1040,8 +1040,7 @@ int gfs2_quota_lock(struct gfs2_inode *ip, kuid_t uid, kgid_t gid)
u32 x;
int error = 0;
- if (capable(CAP_SYS_RESOURCE) ||
- sdp->sd_args.ar_quota != GFS2_QUOTA_ON)
+ if (sdp->sd_args.ar_quota != GFS2_QUOTA_ON)
return 0;
error = gfs2_quota_hold(ip, uid, gid);
diff --git a/fs/gfs2/quota.h b/fs/gfs2/quota.h
index 765627d9a91e..fe68a91dc16f 100644
--- a/fs/gfs2/quota.h
+++ b/fs/gfs2/quota.h
@@ -44,7 +44,8 @@ static inline int gfs2_quota_lock_check(struct gfs2_inode *ip,
int ret;
ap->allowed = UINT_MAX; /* Assume we are permitted a whole lot */
- if (sdp->sd_args.ar_quota == GFS2_QUOTA_OFF)
+ if (capable(CAP_SYS_RESOURCE) ||
+ sdp->sd_args.ar_quota == GFS2_QUOTA_OFF)
return 0;
ret = gfs2_quota_lock(ip, NO_UID_QUOTA_CHANGE, NO_GID_QUOTA_CHANGE);
if (ret)
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 058/177] gfs2: dont call quota_unhold if quotas are not locked
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 057/177] gfs2: move privileged user check to gfs2_quota_lock_check Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 059/177] gfs2: Grab glock reference sooner in gfs2_add_revoke Greg Kroah-Hartman
` (119 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bob Peterson, Andreas Gruenbacher,
Sasha Levin
From: Bob Peterson <rpeterso@redhat.com>
[ Upstream commit c9cb9e381985bbbe8acd2695bbe6bd24bf06b81c ]
Before this patch, function gfs2_quota_unlock checked if quotas are
turned off, and if so, it branched to label out, which called
gfs2_quota_unhold. With the new system of gfs2_qa_get and put, we
no longer want to call gfs2_quota_unhold or we won't balance our
gets and puts.
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/gfs2/quota.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/fs/gfs2/quota.c b/fs/gfs2/quota.c
index 832d44782f74..a80b638b582e 100644
--- a/fs/gfs2/quota.c
+++ b/fs/gfs2/quota.c
@@ -1113,7 +1113,7 @@ void gfs2_quota_unlock(struct gfs2_inode *ip)
int found;
if (!test_and_clear_bit(GIF_QD_LOCKED, &ip->i_flags))
- goto out;
+ return;
for (x = 0; x < ip->i_qadata->qa_qd_num; x++) {
struct gfs2_quota_data *qd;
@@ -1150,7 +1150,6 @@ void gfs2_quota_unlock(struct gfs2_inode *ip)
qd_unlock(qda[x]);
}
-out:
gfs2_quota_unhold(ip);
}
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 059/177] gfs2: Grab glock reference sooner in gfs2_add_revoke
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 058/177] gfs2: dont call quota_unhold if quotas are not locked Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 060/177] drm/amdgpu: drop unnecessary cancel_delayed_work_sync on PG ungate Greg Kroah-Hartman
` (118 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andreas Gruenbacher, Bob Peterson,
Sasha Levin
From: Andreas Gruenbacher <agruenba@redhat.com>
[ Upstream commit f4e2f5e1a527ce58fc9f85145b03704779a3123e ]
This patch rearranges gfs2_add_revoke so that the extra glock
reference is added earlier on in the function to avoid races in which
the glock is freed before the new reference is taken.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/gfs2/log.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/gfs2/log.c b/fs/gfs2/log.c
index 60d911e293e6..2674feda1d7a 100644
--- a/fs/gfs2/log.c
+++ b/fs/gfs2/log.c
@@ -603,13 +603,13 @@ void gfs2_add_revoke(struct gfs2_sbd *sdp, struct gfs2_bufdata *bd)
struct buffer_head *bh = bd->bd_bh;
struct gfs2_glock *gl = bd->bd_gl;
+ sdp->sd_log_num_revoke++;
+ if (atomic_inc_return(&gl->gl_revokes) == 1)
+ gfs2_glock_hold(gl);
bh->b_private = NULL;
bd->bd_blkno = bh->b_blocknr;
gfs2_remove_from_ail(bd); /* drops ref on bh */
bd->bd_bh = NULL;
- sdp->sd_log_num_revoke++;
- if (atomic_inc_return(&gl->gl_revokes) == 1)
- gfs2_glock_hold(gl);
set_bit(GLF_LFLUSH, &gl->gl_flags);
list_add(&bd->bd_list, &sdp->sd_log_revokes);
}
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 060/177] drm/amdgpu: drop unnecessary cancel_delayed_work_sync on PG ungate
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 059/177] gfs2: Grab glock reference sooner in gfs2_add_revoke Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 061/177] drm/amd/powerplay: perform PG ungate prior to CG ungate Greg Kroah-Hartman
` (117 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Evan Quan, Alex Deucher, Sasha Levin
From: Evan Quan <evan.quan@amd.com>
[ Upstream commit 1fe48ec08d9f2e26d893a6c05bd6c99a3490f9ef ]
As this is already properly handled in amdgpu_gfx_off_ctrl(). In fact,
this unnecessary cancel_delayed_work_sync may leave a small time window
for race condition and is dangerous.
Signed-off-by: Evan Quan <evan.quan@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 6 +-----
drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 12 +++---------
2 files changed, 4 insertions(+), 14 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
index 02702597ddeb..012df3d574bf 100644
--- a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
@@ -4241,11 +4241,7 @@ static int gfx_v10_0_set_powergating_state(void *handle,
switch (adev->asic_type) {
case CHIP_NAVI10:
case CHIP_NAVI14:
- if (!enable) {
- amdgpu_gfx_off_ctrl(adev, false);
- cancel_delayed_work_sync(&adev->gfx.gfx_off_delay_work);
- } else
- amdgpu_gfx_off_ctrl(adev, true);
+ amdgpu_gfx_off_ctrl(adev, enable);
break;
default:
break;
diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c
index 906648fca9ef..914dbd901b98 100644
--- a/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c
@@ -4734,10 +4734,9 @@ static int gfx_v9_0_set_powergating_state(void *handle,
switch (adev->asic_type) {
case CHIP_RAVEN:
case CHIP_RENOIR:
- if (!enable) {
+ if (!enable)
amdgpu_gfx_off_ctrl(adev, false);
- cancel_delayed_work_sync(&adev->gfx.gfx_off_delay_work);
- }
+
if (adev->pg_flags & AMD_PG_SUPPORT_RLC_SMU_HS) {
gfx_v9_0_enable_sck_slow_down_on_power_up(adev, true);
gfx_v9_0_enable_sck_slow_down_on_power_down(adev, true);
@@ -4761,12 +4760,7 @@ static int gfx_v9_0_set_powergating_state(void *handle,
amdgpu_gfx_off_ctrl(adev, true);
break;
case CHIP_VEGA12:
- if (!enable) {
- amdgpu_gfx_off_ctrl(adev, false);
- cancel_delayed_work_sync(&adev->gfx.gfx_off_delay_work);
- } else {
- amdgpu_gfx_off_ctrl(adev, true);
- }
+ amdgpu_gfx_off_ctrl(adev, enable);
break;
default:
break;
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 061/177] drm/amd/powerplay: perform PG ungate prior to CG ungate
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 060/177] drm/amdgpu: drop unnecessary cancel_delayed_work_sync on PG ungate Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 062/177] drm/amdgpu: Use GEM obj reference for KFD BOs Greg Kroah-Hartman
` (116 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Evan Quan, Alex Deucher, Sasha Levin
From: Evan Quan <evan.quan@amd.com>
[ Upstream commit f4fcfa4282c1a1bf51475ebb0ffda623eebf1191 ]
Since gfxoff should be disabled first before trying to access those
GC registers.
Signed-off-by: Evan Quan <evan.quan@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/powerplay/amd_powerplay.c | 6 +++---
drivers/gpu/drm/amd/powerplay/amdgpu_smu.c | 6 +++---
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/amd/powerplay/amd_powerplay.c b/drivers/gpu/drm/amd/powerplay/amd_powerplay.c
index e4e5a53b2b4e..8e2acb4df860 100644
--- a/drivers/gpu/drm/amd/powerplay/amd_powerplay.c
+++ b/drivers/gpu/drm/amd/powerplay/amd_powerplay.c
@@ -319,12 +319,12 @@ static void pp_dpm_en_umd_pstate(struct pp_hwmgr *hwmgr,
if (*level & profile_mode_mask) {
hwmgr->saved_dpm_level = hwmgr->dpm_level;
hwmgr->en_umd_pstate = true;
- amdgpu_device_ip_set_clockgating_state(hwmgr->adev,
- AMD_IP_BLOCK_TYPE_GFX,
- AMD_CG_STATE_UNGATE);
amdgpu_device_ip_set_powergating_state(hwmgr->adev,
AMD_IP_BLOCK_TYPE_GFX,
AMD_PG_STATE_UNGATE);
+ amdgpu_device_ip_set_clockgating_state(hwmgr->adev,
+ AMD_IP_BLOCK_TYPE_GFX,
+ AMD_CG_STATE_UNGATE);
}
} else {
/* exit umd pstate, restore level, enable gfx cg*/
diff --git a/drivers/gpu/drm/amd/powerplay/amdgpu_smu.c b/drivers/gpu/drm/amd/powerplay/amdgpu_smu.c
index 96e81c7bc266..e2565967db07 100644
--- a/drivers/gpu/drm/amd/powerplay/amdgpu_smu.c
+++ b/drivers/gpu/drm/amd/powerplay/amdgpu_smu.c
@@ -1675,12 +1675,12 @@ static int smu_enable_umd_pstate(void *handle,
if (*level & profile_mode_mask) {
smu_dpm_ctx->saved_dpm_level = smu_dpm_ctx->dpm_level;
smu_dpm_ctx->enable_umd_pstate = true;
- amdgpu_device_ip_set_clockgating_state(smu->adev,
- AMD_IP_BLOCK_TYPE_GFX,
- AMD_CG_STATE_UNGATE);
amdgpu_device_ip_set_powergating_state(smu->adev,
AMD_IP_BLOCK_TYPE_GFX,
AMD_PG_STATE_UNGATE);
+ amdgpu_device_ip_set_clockgating_state(smu->adev,
+ AMD_IP_BLOCK_TYPE_GFX,
+ AMD_CG_STATE_UNGATE);
}
} else {
/* exit umd pstate, restore level, enable gfx cg*/
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 062/177] drm/amdgpu: Use GEM obj reference for KFD BOs
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 061/177] drm/amd/powerplay: perform PG ungate prior to CG ungate Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 063/177] cachefiles: Fix race between read_waiter and read_copier involving op->to_do Greg Kroah-Hartman
` (115 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Felix Kuehling, Alex Sierra,
Christian König, Alex Deucher, Sasha Levin
From: Felix Kuehling <Felix.Kuehling@amd.com>
[ Upstream commit 39b3128d7ffd44e400e581e6f49e88cb42bef9a1 ]
Releasing the AMDGPU BO ref directly leads to problems when BOs were
exported as DMA bufs. Releasing the GEM reference makes sure that the
AMDGPU/TTM BO is not freed too early.
Also take a GEM reference when importing BOs from DMABufs to keep
references to imported BOs balances properly.
Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
Tested-by: Alex Sierra <alex.sierra@amd.com>
Acked-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Alex Sierra <alex.sierra@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c
index fa8ac9d19a7a..6326c1792270 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c
@@ -1304,7 +1304,7 @@ int amdgpu_amdkfd_gpuvm_free_memory_of_gpu(
}
/* Free the BO*/
- amdgpu_bo_unref(&mem->bo);
+ drm_gem_object_put_unlocked(&mem->bo->tbo.base);
mutex_destroy(&mem->lock);
kfree(mem);
@@ -1647,7 +1647,8 @@ int amdgpu_amdkfd_gpuvm_import_dmabuf(struct kgd_dev *kgd,
ALLOC_MEM_FLAGS_VRAM : ALLOC_MEM_FLAGS_GTT) |
ALLOC_MEM_FLAGS_WRITABLE | ALLOC_MEM_FLAGS_EXECUTABLE;
- (*mem)->bo = amdgpu_bo_ref(bo);
+ drm_gem_object_get(&bo->tbo.base);
+ (*mem)->bo = bo;
(*mem)->va = va;
(*mem)->domain = (bo->preferred_domains & AMDGPU_GEM_DOMAIN_VRAM) ?
AMDGPU_GEM_DOMAIN_VRAM : AMDGPU_GEM_DOMAIN_GTT;
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 063/177] cachefiles: Fix race between read_waiter and read_copier involving op->to_do
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 062/177] drm/amdgpu: Use GEM obj reference for KFD BOs Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 064/177] usb: dwc3: pci: Enable extcon driver for Intel Merrifield Greg Kroah-Hartman
` (114 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lei Xue, Dave Wysochanski,
David Howells, Sasha Levin
From: Lei Xue <carmark.dlut@gmail.com>
[ Upstream commit 7bb0c5338436dae953622470d52689265867f032 ]
There is a potential race in fscache operation enqueuing for reading and
copying multiple pages from cachefiles to netfs. The problem can be seen
easily on a heavy loaded system (for example many processes reading files
continually on an NFS share covered by fscache triggered this problem within
a few minutes).
The race is due to cachefiles_read_waiter() adding the op to the monitor
to_do list and then then drop the object->work_lock spinlock before
completing fscache_enqueue_operation(). Once the lock is dropped,
cachefiles_read_copier() grabs the op, completes processing it, and
makes it through fscache_retrieval_complete() which sets the op->state to
the final state of FSCACHE_OP_ST_COMPLETE(4). When cachefiles_read_waiter()
finally gets through the remainder of fscache_enqueue_operation()
it sees the invalid state, and hits the ASSERTCMP and the following
oops is seen:
[ 2259.612361] FS-Cache:
[ 2259.614785] FS-Cache: Assertion failed
[ 2259.618639] FS-Cache: 4 == 5 is false
[ 2259.622456] ------------[ cut here ]------------
[ 2259.627190] kernel BUG at fs/fscache/operation.c:70!
...
[ 2259.791675] RIP: 0010:[<ffffffffc061b4cf>] [<ffffffffc061b4cf>] fscache_enqueue_operation+0xff/0x170 [fscache]
[ 2259.802059] RSP: 0000:ffffa0263d543be0 EFLAGS: 00010046
[ 2259.807521] RAX: 0000000000000019 RBX: ffffa01a4d390480 RCX: 0000000000000006
[ 2259.814847] RDX: 0000000000000000 RSI: 0000000000000046 RDI: ffffa0263d553890
[ 2259.822176] RBP: ffffa0263d543be8 R08: 0000000000000000 R09: ffffa0263c2d8708
[ 2259.829502] R10: 0000000000001e7f R11: 0000000000000000 R12: ffffa01a4d390480
[ 2259.844483] R13: ffff9fa9546c5920 R14: ffffa0263d543c80 R15: ffffa0293ff9bf10
[ 2259.859554] FS: 00007f4b6efbd700(0000) GS:ffffa0263d540000(0000) knlGS:0000000000000000
[ 2259.875571] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2259.889117] CR2: 00007f49e1624ff0 CR3: 0000012b38b38000 CR4: 00000000007607e0
[ 2259.904015] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2259.918764] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2259.933449] PKRU: 55555554
[ 2259.943654] Call Trace:
[ 2259.953592] <IRQ>
[ 2259.955577] [<ffffffffc03a7c12>] cachefiles_read_waiter+0x92/0xf0 [cachefiles]
[ 2259.978039] [<ffffffffa34d3942>] __wake_up_common+0x82/0x120
[ 2259.991392] [<ffffffffa34d3a63>] __wake_up_common_lock+0x83/0xc0
[ 2260.004930] [<ffffffffa34d3510>] ? task_rq_unlock+0x20/0x20
[ 2260.017863] [<ffffffffa34d3ab3>] __wake_up+0x13/0x20
[ 2260.030230] [<ffffffffa34c72a0>] __wake_up_bit+0x50/0x70
[ 2260.042535] [<ffffffffa35bdcdb>] unlock_page+0x2b/0x30
[ 2260.054495] [<ffffffffa35bdd09>] page_endio+0x29/0x90
[ 2260.066184] [<ffffffffa368fc81>] mpage_end_io+0x51/0x80
CPU1
cachefiles_read_waiter()
20 static int cachefiles_read_waiter(wait_queue_entry_t *wait, unsigned mode,
21 int sync, void *_key)
22 {
...
61 spin_lock(&object->work_lock);
62 list_add_tail(&monitor->op_link, &op->to_do);
63 spin_unlock(&object->work_lock);
<begin race window>
64
65 fscache_enqueue_retrieval(op);
182 static inline void fscache_enqueue_retrieval(struct fscache_retrieval *op)
183 {
184 fscache_enqueue_operation(&op->op);
185 }
58 void fscache_enqueue_operation(struct fscache_operation *op)
59 {
60 struct fscache_cookie *cookie = op->object->cookie;
61
62 _enter("{OBJ%x OP%x,%u}",
63 op->object->debug_id, op->debug_id, atomic_read(&op->usage));
64
65 ASSERT(list_empty(&op->pend_link));
66 ASSERT(op->processor != NULL);
67 ASSERT(fscache_object_is_available(op->object));
68 ASSERTCMP(atomic_read(&op->usage), >, 0);
<end race window>
CPU2
cachefiles_read_copier()
168 while (!list_empty(&op->to_do)) {
...
202 fscache_end_io(op, monitor->netfs_page, error);
203 put_page(monitor->netfs_page);
204 fscache_retrieval_complete(op, 1);
CPU1
58 void fscache_enqueue_operation(struct fscache_operation *op)
59 {
...
69 ASSERTIFCMP(op->state != FSCACHE_OP_ST_IN_PROGRESS,
70 op->state, ==, FSCACHE_OP_ST_CANCELLED);
Signed-off-by: Lei Xue <carmark.dlut@gmail.com>
Signed-off-by: Dave Wysochanski <dwysocha@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cachefiles/rdwr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/cachefiles/rdwr.c b/fs/cachefiles/rdwr.c
index d3d78176b23c..e7726f5f1241 100644
--- a/fs/cachefiles/rdwr.c
+++ b/fs/cachefiles/rdwr.c
@@ -60,9 +60,9 @@ static int cachefiles_read_waiter(wait_queue_entry_t *wait, unsigned mode,
object = container_of(op->op.object, struct cachefiles_object, fscache);
spin_lock(&object->work_lock);
list_add_tail(&monitor->op_link, &op->to_do);
+ fscache_enqueue_retrieval(op);
spin_unlock(&object->work_lock);
- fscache_enqueue_retrieval(op);
fscache_put_retrieval(op);
return 0;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 064/177] usb: dwc3: pci: Enable extcon driver for Intel Merrifield
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 063/177] cachefiles: Fix race between read_waiter and read_copier involving op->to_do Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 065/177] usb: phy: twl6030-usb: Fix a resource leak in an error handling path in twl6030_usb_probe() Greg Kroah-Hartman
` (113 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Felipe Balbi, Sasha Levin
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 066c09593454e89bc605ffdff1c9810061f9b1e1 ]
Intel Merrifield provides a DR support via PMIC which has its own
extcon driver.
Add a property string to link to that driver.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc3/dwc3-pci.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/dwc3/dwc3-pci.c b/drivers/usb/dwc3/dwc3-pci.c
index 7051611229c9..b67372737dc9 100644
--- a/drivers/usb/dwc3/dwc3-pci.c
+++ b/drivers/usb/dwc3/dwc3-pci.c
@@ -114,6 +114,7 @@ static const struct property_entry dwc3_pci_intel_properties[] = {
static const struct property_entry dwc3_pci_mrfld_properties[] = {
PROPERTY_ENTRY_STRING("dr_mode", "otg"),
+ PROPERTY_ENTRY_STRING("linux,extcon-name", "mrfld_bcove_pwrsrc"),
PROPERTY_ENTRY_BOOL("linux,sysdev_is_parent"),
{}
};
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 065/177] usb: phy: twl6030-usb: Fix a resource leak in an error handling path in twl6030_usb_probe()
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 064/177] usb: dwc3: pci: Enable extcon driver for Intel Merrifield Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 066/177] usb: gadget: legacy: fix redundant initialization warnings Greg Kroah-Hartman
` (112 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Christophe JAILLET,
Felipe Balbi, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit f058764d19000d98aef72010468db1f69faf9fa0 ]
A call to 'regulator_get()' is hidden in 'twl6030_usb_ldo_init()'. A
corresponding put must be performed in the error handling path, as
already done in the remove function.
While at it, also move a 'free_irq()' call in the error handling path in
order to be consistent.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/phy/phy-twl6030-usb.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/drivers/usb/phy/phy-twl6030-usb.c b/drivers/usb/phy/phy-twl6030-usb.c
index bfebf1f2e991..9a7e655d5280 100644
--- a/drivers/usb/phy/phy-twl6030-usb.c
+++ b/drivers/usb/phy/phy-twl6030-usb.c
@@ -377,7 +377,7 @@ static int twl6030_usb_probe(struct platform_device *pdev)
if (status < 0) {
dev_err(&pdev->dev, "can't get IRQ %d, err %d\n",
twl->irq1, status);
- return status;
+ goto err_put_regulator;
}
status = request_threaded_irq(twl->irq2, NULL, twl6030_usb_irq,
@@ -386,8 +386,7 @@ static int twl6030_usb_probe(struct platform_device *pdev)
if (status < 0) {
dev_err(&pdev->dev, "can't get IRQ %d, err %d\n",
twl->irq2, status);
- free_irq(twl->irq1, twl);
- return status;
+ goto err_free_irq1;
}
twl->asleep = 0;
@@ -396,6 +395,13 @@ static int twl6030_usb_probe(struct platform_device *pdev)
dev_info(&pdev->dev, "Initialized TWL6030 USB module\n");
return 0;
+
+err_free_irq1:
+ free_irq(twl->irq1, twl);
+err_put_regulator:
+ regulator_put(twl->usb3v3);
+
+ return status;
}
static int twl6030_usb_remove(struct platform_device *pdev)
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 066/177] usb: gadget: legacy: fix redundant initialization warnings
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 065/177] usb: phy: twl6030-usb: Fix a resource leak in an error handling path in twl6030_usb_probe() Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 067/177] net: freescale: select CONFIG_FIXED_PHY where needed Greg Kroah-Hartman
` (111 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alan Stern, kbuild test robot,
Masahiro Yamada, Felipe Balbi, Sasha Levin
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit d13cce757954fa663c69845611957396843ed87a ]
Fix the following cppcheck warnings:
drivers/usb/gadget/legacy/inode.c:1364:8: style: Redundant initialization for 'value'. The initialized value is overwritten$
value = -EOPNOTSUPP;
^
drivers/usb/gadget/legacy/inode.c:1331:15: note: value is initialized
int value = -EOPNOTSUPP;
^
drivers/usb/gadget/legacy/inode.c:1364:8: note: value is overwritten
value = -EOPNOTSUPP;
^
drivers/usb/gadget/legacy/inode.c:1817:8: style: Redundant initialization for 'value'. The initialized value is overwritten$
value = -EINVAL;
^
drivers/usb/gadget/legacy/inode.c:1787:18: note: value is initialized
ssize_t value = len, length = len;
^
drivers/usb/gadget/legacy/inode.c:1817:8: note: value is overwritten
value = -EINVAL;
^
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/legacy/inode.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/usb/gadget/legacy/inode.c b/drivers/usb/gadget/legacy/inode.c
index b47938dff1a2..238f555fe494 100644
--- a/drivers/usb/gadget/legacy/inode.c
+++ b/drivers/usb/gadget/legacy/inode.c
@@ -1361,7 +1361,6 @@ gadgetfs_setup (struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl)
req->buf = dev->rbuf;
req->context = NULL;
- value = -EOPNOTSUPP;
switch (ctrl->bRequest) {
case USB_REQ_GET_DESCRIPTOR:
@@ -1784,7 +1783,7 @@ static ssize_t
dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
{
struct dev_data *dev = fd->private_data;
- ssize_t value = len, length = len;
+ ssize_t value, length = len;
unsigned total;
u32 tag;
char *kbuf;
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 067/177] net: freescale: select CONFIG_FIXED_PHY where needed
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 066/177] usb: gadget: legacy: fix redundant initialization warnings Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 068/177] drm/amd/amdgpu: Update update_config() logic Greg Kroah-Hartman
` (110 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Florian Fainelli,
Jakub Kicinski, Sasha Levin
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 99352c79af3e5f2e4724abf37fa5a2a3299b1c81 ]
I ran into a randconfig build failure with CONFIG_FIXED_PHY=m
and CONFIG_GIANFAR=y:
x86_64-linux-ld: drivers/net/ethernet/freescale/gianfar.o:(.rodata+0x418): undefined reference to `fixed_phy_change_carrier'
It seems the same thing can happen with dpaa and ucc_geth, so change
all three to do an explicit 'select FIXED_PHY'.
The fixed-phy driver actually has an alternative stub function that
theoretically allows building network drivers when fixed-phy is
disabled, but I don't see how that would help here, as the drivers
presumably would not work then.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/freescale/Kconfig | 2 ++
drivers/net/ethernet/freescale/dpaa/Kconfig | 1 +
2 files changed, 3 insertions(+)
diff --git a/drivers/net/ethernet/freescale/Kconfig b/drivers/net/ethernet/freescale/Kconfig
index 2bd7ace0a953..bfc6bfe94d0a 100644
--- a/drivers/net/ethernet/freescale/Kconfig
+++ b/drivers/net/ethernet/freescale/Kconfig
@@ -77,6 +77,7 @@ config UCC_GETH
depends on QUICC_ENGINE && PPC32
select FSL_PQ_MDIO
select PHYLIB
+ select FIXED_PHY
---help---
This driver supports the Gigabit Ethernet mode of the QUICC Engine,
which is available on some Freescale SOCs.
@@ -90,6 +91,7 @@ config GIANFAR
depends on HAS_DMA
select FSL_PQ_MDIO
select PHYLIB
+ select FIXED_PHY
select CRC32
---help---
This driver supports the Gigabit TSEC on the MPC83xx, MPC85xx,
diff --git a/drivers/net/ethernet/freescale/dpaa/Kconfig b/drivers/net/ethernet/freescale/dpaa/Kconfig
index 3b325733a4f8..0a54c7e0e4ae 100644
--- a/drivers/net/ethernet/freescale/dpaa/Kconfig
+++ b/drivers/net/ethernet/freescale/dpaa/Kconfig
@@ -3,6 +3,7 @@ menuconfig FSL_DPAA_ETH
tristate "DPAA Ethernet"
depends on FSL_DPAA && FSL_FMAN
select PHYLIB
+ select FIXED_PHY
select FSL_FMAN_MAC
---help---
Data Path Acceleration Architecture Ethernet driver,
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 068/177] drm/amd/amdgpu: Update update_config() logic
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 067/177] net: freescale: select CONFIG_FIXED_PHY where needed Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 069/177] IB/i40iw: Remove bogus call to netdev_master_upper_dev_get() Greg Kroah-Hartman
` (109 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Harry Wentland, Bhawanpreet Lakha,
Leo (Hanghong) Ma, Alex Deucher, Sasha Levin
From: Leo (Hanghong) Ma <hanghong.ma@amd.com>
[ Upstream commit 650e723cecf2738dee828564396f3239829aba83 ]
[Why]
For MST case: when update_config is called to disable a stream,
this clears the settings for all the streams on that link.
We should only clear the settings for the stream that was disabled.
[How]
Clear the settings after the call to remove display is called.
Reviewed-by: Harry Wentland <harry.wentland@amd.com>
Reviewed-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Signed-off-by: Leo (Hanghong) Ma <hanghong.ma@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c
index 3abeff7722e3..e80371542622 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c
@@ -316,15 +316,15 @@ static void update_config(void *handle, struct cp_psp_stream_config *config)
struct mod_hdcp_display *display = &hdcp_work[link_index].display;
struct mod_hdcp_link *link = &hdcp_work[link_index].link;
- memset(display, 0, sizeof(*display));
- memset(link, 0, sizeof(*link));
-
- display->index = aconnector->base.index;
-
if (config->dpms_off) {
hdcp_remove_display(hdcp_work, link_index, aconnector);
return;
}
+
+ memset(display, 0, sizeof(*display));
+ memset(link, 0, sizeof(*link));
+
+ display->index = aconnector->base.index;
display->state = MOD_HDCP_DISPLAY_ACTIVE;
if (aconnector->dc_sink != NULL)
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 069/177] IB/i40iw: Remove bogus call to netdev_master_upper_dev_get()
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 068/177] drm/amd/amdgpu: Update update_config() logic Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 070/177] riscv: Fix unmet direct dependencies built based on SOC_VIRT Greg Kroah-Hartman
` (108 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Denis V. Lunev, Shiraz Saleem,
Jason Gunthorpe, Sasha Levin
From: Denis V. Lunev <den@openvz.org>
[ Upstream commit 856ec7f64688387b100b7083cdf480ce3ac41227 ]
Local variable netdev is not used in these calls.
It should be noted, that this change is required to work in bonded mode.
Otherwise we would get the following assert:
"RTNL: assertion failed at net/core/dev.c (5665)"
With the calltrace as follows:
dump_stack+0x19/0x1b
netdev_master_upper_dev_get+0x61/0x70
i40iw_addr_resolve_neigh+0x1e8/0x220
i40iw_make_cm_node+0x296/0x700
? i40iw_find_listener.isra.10+0xcc/0x110
i40iw_receive_ilq+0x3d4/0x810
i40iw_puda_poll_completion+0x341/0x420
i40iw_process_ceq+0xa5/0x280
i40iw_ceq_dpc+0x1e/0x40
tasklet_action+0x83/0x140
__do_softirq+0x125/0x2bb
call_softirq+0x1c/0x30
do_softirq+0x65/0xa0
irq_exit+0x105/0x110
do_IRQ+0x56/0xf0
common_interrupt+0x16a/0x16a
? cpuidle_enter_state+0x57/0xd0
cpuidle_idle_call+0xde/0x230
arch_cpu_idle+0xe/0xc0
cpu_startup_entry+0x14a/0x1e0
start_secondary+0x1f7/0x270
start_cpu+0x5/0x14
Link: https://lore.kernel.org/r/20200428131511.11049-1-den@openvz.org
Signed-off-by: Denis V. Lunev <den@openvz.org>
Acked-by: Shiraz Saleem <shiraz.saleem@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/i40iw/i40iw_cm.c | 8 --------
1 file changed, 8 deletions(-)
diff --git a/drivers/infiniband/hw/i40iw/i40iw_cm.c b/drivers/infiniband/hw/i40iw/i40iw_cm.c
index bb78d3280acc..fa7a5ff498c7 100644
--- a/drivers/infiniband/hw/i40iw/i40iw_cm.c
+++ b/drivers/infiniband/hw/i40iw/i40iw_cm.c
@@ -1987,7 +1987,6 @@ static int i40iw_addr_resolve_neigh(struct i40iw_device *iwdev,
struct rtable *rt;
struct neighbour *neigh;
int rc = arpindex;
- struct net_device *netdev = iwdev->netdev;
__be32 dst_ipaddr = htonl(dst_ip);
__be32 src_ipaddr = htonl(src_ip);
@@ -1997,9 +1996,6 @@ static int i40iw_addr_resolve_neigh(struct i40iw_device *iwdev,
return rc;
}
- if (netif_is_bond_slave(netdev))
- netdev = netdev_master_upper_dev_get(netdev);
-
neigh = dst_neigh_lookup(&rt->dst, &dst_ipaddr);
rcu_read_lock();
@@ -2065,7 +2061,6 @@ static int i40iw_addr_resolve_neigh_ipv6(struct i40iw_device *iwdev,
{
struct neighbour *neigh;
int rc = arpindex;
- struct net_device *netdev = iwdev->netdev;
struct dst_entry *dst;
struct sockaddr_in6 dst_addr;
struct sockaddr_in6 src_addr;
@@ -2086,9 +2081,6 @@ static int i40iw_addr_resolve_neigh_ipv6(struct i40iw_device *iwdev,
return rc;
}
- if (netif_is_bond_slave(netdev))
- netdev = netdev_master_upper_dev_get(netdev);
-
neigh = dst_neigh_lookup(dst, dst_addr.sin6_addr.in6_u.u6_addr32);
rcu_read_lock();
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 070/177] riscv: Fix unmet direct dependencies built based on SOC_VIRT
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 069/177] IB/i40iw: Remove bogus call to netdev_master_upper_dev_get() Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 071/177] riscv: stacktrace: Fix undefined reference to `walk_stackframe Greg Kroah-Hartman
` (107 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Kefeng Wang,
Palmer Dabbelt, Sasha Levin
From: Kefeng Wang <wangkefeng.wang@huawei.com>
[ Upstream commit ab7fbad0c7d7a4f9b320a059a171a92a34b6d409 ]
Fix unmet direct dependencies Warning and fix Kconfig indent.
WARNING: unmet direct dependencies detected for POWER_RESET_SYSCON
Depends on [n]: POWER_RESET [=n] && OF [=y] && HAS_IOMEM [=y]
Selected by [y]:
- SOC_VIRT [=y]
WARNING: unmet direct dependencies detected for POWER_RESET_SYSCON_POWEROFF
Depends on [n]: POWER_RESET [=n] && OF [=y] && HAS_IOMEM [=y]
Selected by [y]:
- SOC_VIRT [=y]
WARNING: unmet direct dependencies detected for RTC_DRV_GOLDFISH
Depends on [n]: RTC_CLASS [=n] && OF [=y] && HAS_IOMEM [=y] && (GOLDFISH [=y] || COMPILE_TEST [=n])
Selected by [y]:
- SOC_VIRT [=y]
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/Kconfig.socs | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/arch/riscv/Kconfig.socs b/arch/riscv/Kconfig.socs
index a131174a0a77..f310ad8ffcf7 100644
--- a/arch/riscv/Kconfig.socs
+++ b/arch/riscv/Kconfig.socs
@@ -11,13 +11,14 @@ config SOC_SIFIVE
This enables support for SiFive SoC platform hardware.
config SOC_VIRT
- bool "QEMU Virt Machine"
- select POWER_RESET_SYSCON
- select POWER_RESET_SYSCON_POWEROFF
- select GOLDFISH
- select RTC_DRV_GOLDFISH
- select SIFIVE_PLIC
- help
- This enables support for QEMU Virt Machine.
+ bool "QEMU Virt Machine"
+ select POWER_RESET
+ select POWER_RESET_SYSCON
+ select POWER_RESET_SYSCON_POWEROFF
+ select GOLDFISH
+ select RTC_DRV_GOLDFISH if RTC_CLASS
+ select SIFIVE_PLIC
+ help
+ This enables support for QEMU Virt Machine.
endmenu
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 071/177] riscv: stacktrace: Fix undefined reference to `walk_stackframe
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 070/177] riscv: Fix unmet direct dependencies built based on SOC_VIRT Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 072/177] riscv: Add pgprot_writecombine/device and PAGE_SHARED defination if NOMMU Greg Kroah-Hartman
` (106 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Kefeng Wang,
Palmer Dabbelt, Sasha Levin
From: Kefeng Wang <wangkefeng.wang@huawei.com>
[ Upstream commit 0502bee37cdef755d63eee60236562e5605e2480 ]
Drop static declaration to fix following build error if FRAME_POINTER disabled,
riscv64-linux-ld: arch/riscv/kernel/perf_callchain.o: in function `.L0':
perf_callchain.c:(.text+0x2b8): undefined reference to `walk_stackframe'
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/kernel/stacktrace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/riscv/kernel/stacktrace.c b/arch/riscv/kernel/stacktrace.c
index 0940681d2f68..19e46f4160cc 100644
--- a/arch/riscv/kernel/stacktrace.c
+++ b/arch/riscv/kernel/stacktrace.c
@@ -63,7 +63,7 @@ void notrace walk_stackframe(struct task_struct *task, struct pt_regs *regs,
#else /* !CONFIG_FRAME_POINTER */
-static void notrace walk_stackframe(struct task_struct *task,
+void notrace walk_stackframe(struct task_struct *task,
struct pt_regs *regs, bool (*fn)(unsigned long, void *), void *arg)
{
unsigned long sp, pc;
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 072/177] riscv: Add pgprot_writecombine/device and PAGE_SHARED defination if NOMMU
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 071/177] riscv: stacktrace: Fix undefined reference to `walk_stackframe Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 073/177] clk: ti: am33xx: fix RTC clock parent Greg Kroah-Hartman
` (105 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Kefeng Wang,
Palmer Dabbelt, Sasha Levin
From: Kefeng Wang <wangkefeng.wang@huawei.com>
[ Upstream commit fa8174aa225fe3d53b37552e5066e6f0301dbabd ]
Some drivers use PAGE_SHARED, pgprot_writecombine()/pgprot_device(),
add the defination to fix build error if NOMMU.
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/include/asm/mmio.h | 2 ++
arch/riscv/include/asm/pgtable.h | 1 +
2 files changed, 3 insertions(+)
diff --git a/arch/riscv/include/asm/mmio.h b/arch/riscv/include/asm/mmio.h
index a2c809df2733..56053c9838b2 100644
--- a/arch/riscv/include/asm/mmio.h
+++ b/arch/riscv/include/asm/mmio.h
@@ -16,6 +16,8 @@
#ifndef CONFIG_MMU
#define pgprot_noncached(x) (x)
+#define pgprot_writecombine(x) (x)
+#define pgprot_device(x) (x)
#endif /* CONFIG_MMU */
/* Generic IO read/write. These perform native-endian accesses. */
diff --git a/arch/riscv/include/asm/pgtable.h b/arch/riscv/include/asm/pgtable.h
index 393f2014dfee..05b92987f500 100644
--- a/arch/riscv/include/asm/pgtable.h
+++ b/arch/riscv/include/asm/pgtable.h
@@ -460,6 +460,7 @@ static inline int ptep_clear_flush_young(struct vm_area_struct *vma,
#else /* CONFIG_MMU */
+#define PAGE_SHARED __pgprot(0)
#define PAGE_KERNEL __pgprot(0)
#define swapper_pg_dir NULL
#define VMALLOC_START 0
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 073/177] clk: ti: am33xx: fix RTC clock parent
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 072/177] riscv: Add pgprot_writecombine/device and PAGE_SHARED defination if NOMMU Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 074/177] csky: Fixup msa highest 3 bits mask Greg Kroah-Hartman
` (104 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tony Lindgren, Tero Kristo,
Stephen Boyd, Sasha Levin
From: Tero Kristo <t-kristo@ti.com>
[ Upstream commit dc6dbd51009fc412729c307161f442c0a08618f4 ]
Right now, trying to use RTC purely with the ti-sysc / clkctrl framework
fails to enable the RTC module properly. Based on experimentation, this
appears to be because RTC is sourced from the clkdiv32k optional clock.
TRM is not very clear on this topic, but fix the RTC to use the proper
source clock nevertheless.
Reported-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Link: https://lkml.kernel.org/r/20200424152301.4018-1-t-kristo@ti.com
Acked-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/ti/clk-33xx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/ti/clk-33xx.c b/drivers/clk/ti/clk-33xx.c
index e001b9bcb6bf..7dc30dd6c8d5 100644
--- a/drivers/clk/ti/clk-33xx.c
+++ b/drivers/clk/ti/clk-33xx.c
@@ -212,7 +212,7 @@ static const struct omap_clkctrl_reg_data am3_mpu_clkctrl_regs[] __initconst = {
};
static const struct omap_clkctrl_reg_data am3_l4_rtc_clkctrl_regs[] __initconst = {
- { AM3_L4_RTC_RTC_CLKCTRL, NULL, CLKF_SW_SUP, "clk_32768_ck" },
+ { AM3_L4_RTC_RTC_CLKCTRL, NULL, CLKF_SW_SUP, "clk-24mhz-clkctrl:0000:0" },
{ 0 },
};
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 074/177] csky: Fixup msa highest 3 bits mask
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 073/177] clk: ti: am33xx: fix RTC clock parent Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 075/177] csky: Fixup perf callchain unwind Greg Kroah-Hartman
` (103 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Liu Yibin, Guo Ren, Sasha Levin
From: Liu Yibin <jiulong@linux.alibaba.com>
[ Upstream commit 165f2d2858013253042809df082b8df7e34e86d7 ]
Just as comment mentioned, the msa format:
cr<30/31, 15> MSA register format:
31 - 29 | 28 - 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0
BA Reserved SH WA B SO SEC C D V
So we should shift 29 bits not 28 bits for mask
Signed-off-by: Liu Yibin <jiulong@linux.alibaba.com>
Signed-off-by: Guo Ren <guoren@linux.alibaba.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/csky/abiv1/inc/abi/entry.h | 4 ++--
arch/csky/abiv2/inc/abi/entry.h | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/csky/abiv1/inc/abi/entry.h b/arch/csky/abiv1/inc/abi/entry.h
index 5056ebb902d1..61d94ec7dd16 100644
--- a/arch/csky/abiv1/inc/abi/entry.h
+++ b/arch/csky/abiv1/inc/abi/entry.h
@@ -167,8 +167,8 @@
* BA Reserved C D V
*/
cprcr r6, cpcr30
- lsri r6, 28
- lsli r6, 28
+ lsri r6, 29
+ lsli r6, 29
addi r6, 0xe
cpwcr r6, cpcr30
diff --git a/arch/csky/abiv2/inc/abi/entry.h b/arch/csky/abiv2/inc/abi/entry.h
index 111973c6c713..9023828ede97 100644
--- a/arch/csky/abiv2/inc/abi/entry.h
+++ b/arch/csky/abiv2/inc/abi/entry.h
@@ -225,8 +225,8 @@
*/
mfcr r6, cr<30, 15> /* Get MSA0 */
2:
- lsri r6, 28
- lsli r6, 28
+ lsri r6, 29
+ lsli r6, 29
addi r6, 0x1ce
mtcr r6, cr<30, 15> /* Set MSA0 */
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 075/177] csky: Fixup perf callchain unwind
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 074/177] csky: Fixup msa highest 3 bits mask Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 076/177] csky: Fixup remove duplicate irq_disable Greg Kroah-Hartman
` (102 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mao Han, Guo Ren, Sasha Levin
From: Mao Han <han_mao@linux.alibaba.com>
[ Upstream commit 229a0ddee1108a3f82a873e6cbbe35c92c540444 ]
[ 5221.974084] Unable to handle kernel paging request at virtual address 0xfffff000, pc: 0x8002c18e
[ 5221.985929] Oops: 00000000
[ 5221.989488]
[ 5221.989488] CURRENT PROCESS:
[ 5221.989488]
[ 5221.992877] COMM=callchain_test PID=11962
[ 5221.995213] TEXT=00008000-000087e0 DATA=00009f1c-0000a018 BSS=0000a018-0000b000
[ 5221.999037] USER-STACK=7fc18e20 KERNEL-STACK=be204680
[ 5221.999037]
[ 5222.003292] PC: 0x8002c18e (perf_callchain_kernel+0x3e/0xd4)
[ 5222.007957] LR: 0x8002c198 (perf_callchain_kernel+0x48/0xd4)
[ 5222.074873] Call Trace:
[ 5222.074873] [<800a248e>] get_perf_callchain+0x20a/0x29c
[ 5222.074873] [<8009d964>] perf_callchain+0x64/0x80
[ 5222.074873] [<8009dc1c>] perf_prepare_sample+0x29c/0x4b8
[ 5222.074873] [<8009de6e>] perf_event_output_forward+0x36/0x98
[ 5222.074873] [<800497e0>] search_exception_tables+0x20/0x44
[ 5222.074873] [<8002cbb6>] do_page_fault+0x92/0x378
[ 5222.074873] [<80098608>] __perf_event_overflow+0x54/0xdc
[ 5222.074873] [<80098778>] perf_swevent_hrtimer+0xe8/0x164
[ 5222.074873] [<8002ddd0>] update_mmu_cache+0x0/0xd8
[ 5222.074873] [<8002c014>] user_backtrace+0x58/0xc4
[ 5222.074873] [<8002c0b4>] perf_callchain_user+0x34/0xd0
[ 5222.074873] [<800a2442>] get_perf_callchain+0x1be/0x29c
[ 5222.074873] [<8009d964>] perf_callchain+0x64/0x80
[ 5222.074873] [<8009d834>] perf_output_sample+0x78c/0x858
[ 5222.074873] [<8009dc1c>] perf_prepare_sample+0x29c/0x4b8
[ 5222.074873] [<8009de94>] perf_event_output_forward+0x5c/0x98
[ 5222.097846]
[ 5222.097846] [<800a0300>] perf_event_exit_task+0x58/0x43c
[ 5222.097846] [<8006c874>] hrtimer_interrupt+0x104/0x2ec
[ 5222.097846] [<800a0300>] perf_event_exit_task+0x58/0x43c
[ 5222.097846] [<80437bb6>] dw_apb_clockevent_irq+0x2a/0x4c
[ 5222.097846] [<8006c770>] hrtimer_interrupt+0x0/0x2ec
[ 5222.097846] [<8005f2e4>] __handle_irq_event_percpu+0xac/0x19c
[ 5222.097846] [<80437bb6>] dw_apb_clockevent_irq+0x2a/0x4c
[ 5222.097846] [<8005f408>] handle_irq_event_percpu+0x34/0x88
[ 5222.097846] [<8005f480>] handle_irq_event+0x24/0x64
[ 5222.097846] [<8006218c>] handle_level_irq+0x68/0xdc
[ 5222.097846] [<8005ec76>] __handle_domain_irq+0x56/0xa8
[ 5222.097846] [<80450e90>] ck_irq_handler+0xac/0xe4
[ 5222.097846] [<80029012>] csky_do_IRQ+0x12/0x24
[ 5222.097846] [<8002a3a0>] csky_irq+0x70/0x80
[ 5222.097846] [<800ca612>] alloc_set_pte+0xd2/0x238
[ 5222.097846] [<8002ddd0>] update_mmu_cache+0x0/0xd8
[ 5222.097846] [<800a0340>] perf_event_exit_task+0x98/0x43c
The original fp check doesn't base on the real kernal stack region.
Invalid fp address may cause kernel panic.
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Signed-off-by: Guo Ren <guoren@linux.alibaba.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/csky/kernel/perf_callchain.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/arch/csky/kernel/perf_callchain.c b/arch/csky/kernel/perf_callchain.c
index e68ff375c8f8..ab55e98ee8f6 100644
--- a/arch/csky/kernel/perf_callchain.c
+++ b/arch/csky/kernel/perf_callchain.c
@@ -12,12 +12,17 @@ struct stackframe {
static int unwind_frame_kernel(struct stackframe *frame)
{
- if (kstack_end((void *)frame->fp))
+ unsigned long low = (unsigned long)task_stack_page(current);
+ unsigned long high = low + THREAD_SIZE;
+
+ if (unlikely(frame->fp < low || frame->fp > high))
return -EPERM;
- if (frame->fp & 0x3 || frame->fp < TASK_SIZE)
+
+ if (kstack_end((void *)frame->fp) || frame->fp & 0x3)
return -EPERM;
*frame = *(struct stackframe *)frame->fp;
+
if (__kernel_text_address(frame->lr)) {
int graph = 0;
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 076/177] csky: Fixup remove duplicate irq_disable
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 075/177] csky: Fixup perf callchain unwind Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 077/177] drm/meson: pm resume add return errno branch Greg Kroah-Hartman
` (101 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Liu Yibin, Guo Ren, Sasha Levin
From: Liu Yibin <jiulong@linux.alibaba.com>
[ Upstream commit 6633a5aa8eb6bda70eb3a9837efd28a67ccc6e0a ]
Interrupt has been disabled in __schedule() with local_irq_disable()
and enabled in finish_task_switch->finish_lock_switch() with
local_irq_enabled(), So needn't to disable irq here.
Signed-off-by: Liu Yibin <jiulong@linux.alibaba.com>
Signed-off-by: Guo Ren <guoren@linux.alibaba.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/csky/kernel/entry.S | 2 --
1 file changed, 2 deletions(-)
diff --git a/arch/csky/kernel/entry.S b/arch/csky/kernel/entry.S
index 007706328000..9718388448a4 100644
--- a/arch/csky/kernel/entry.S
+++ b/arch/csky/kernel/entry.S
@@ -318,8 +318,6 @@ ENTRY(__switch_to)
mfcr a2, psr /* Save PSR value */
stw a2, (a3, THREAD_SR) /* Save PSR in task struct */
- bclri a2, 6 /* Disable interrupts */
- mtcr a2, psr
SAVE_SWITCH_STACK
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 077/177] drm/meson: pm resume add return errno branch
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 076/177] csky: Fixup remove duplicate irq_disable Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 078/177] hwmon: (nct7904) Fix incorrect range of temperature limit registers Greg Kroah-Hartman
` (100 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bernard Zhao, Neil Armstrong, Sasha Levin
From: Bernard Zhao <bernard@vivo.com>
[ Upstream commit c54a8f1f329197d83d941ad84c4aa38bf282cbbd ]
pm_resump api did not handle drm_mode_config_helper_resume error.
This change add handle to return drm_mode_config_helper_resume`s
error number. This code logic is aligned with api pm_suspend.
After this change, the code maybe a bit readable.
Signed-off-by: Bernard Zhao <bernard@vivo.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200428131747.2099-1-bernard@vivo.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/meson/meson_drv.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/meson/meson_drv.c b/drivers/gpu/drm/meson/meson_drv.c
index b5f5eb7b4bb9..8c2e1b47e81a 100644
--- a/drivers/gpu/drm/meson/meson_drv.c
+++ b/drivers/gpu/drm/meson/meson_drv.c
@@ -412,9 +412,7 @@ static int __maybe_unused meson_drv_pm_resume(struct device *dev)
if (priv->afbcd.ops)
priv->afbcd.ops->init(priv);
- drm_mode_config_helper_resume(priv->drm);
-
- return 0;
+ return drm_mode_config_helper_resume(priv->drm);
}
static int compare_of(struct device *dev, void *data)
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 078/177] hwmon: (nct7904) Fix incorrect range of temperature limit registers
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 077/177] drm/meson: pm resume add return errno branch Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 079/177] riscv: pgtable: Fix __kernel_map_pages build error if NOMMU Greg Kroah-Hartman
` (99 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Amy Shih, Guenter Roeck, Sasha Levin
From: Amy Shih <amy.shih@advantech.com.tw>
[ Upstream commit 7b2fd270af27edaf02acb41a7babe805a9441914 ]
The format of temperature limitation registers are 8-bit 2's complement
and the range is -128~127.
Converts the reading value to signed char to fix the incorrect range
of temperature limitation registers.
Signed-off-by: Amy Shih <amy.shih@advantech.com.tw>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwmon/nct7904.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/hwmon/nct7904.c b/drivers/hwmon/nct7904.c
index 281c81edabc6..dfb122b5e1b7 100644
--- a/drivers/hwmon/nct7904.c
+++ b/drivers/hwmon/nct7904.c
@@ -356,6 +356,7 @@ static int nct7904_read_temp(struct device *dev, u32 attr, int channel,
struct nct7904_data *data = dev_get_drvdata(dev);
int ret, temp;
unsigned int reg1, reg2, reg3;
+ s8 temps;
switch (attr) {
case hwmon_temp_input:
@@ -461,7 +462,8 @@ static int nct7904_read_temp(struct device *dev, u32 attr, int channel,
if (ret < 0)
return ret;
- *val = ret * 1000;
+ temps = ret;
+ *val = temps * 1000;
return 0;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 079/177] riscv: pgtable: Fix __kernel_map_pages build error if NOMMU
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 078/177] hwmon: (nct7904) Fix incorrect range of temperature limit registers Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 080/177] cifs: Fix null pointer check in cifs_read Greg Kroah-Hartman
` (98 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Kefeng Wang,
Palmer Dabbelt, Sasha Levin
From: Kefeng Wang <wangkefeng.wang@huawei.com>
[ Upstream commit 9a6630aef93394ac54494c7e273e9bc026509375 ]
riscv64-none-linux-gnu-ld: mm/page_alloc.o: in function `.L0 ':
page_alloc.c:(.text+0xd34): undefined reference to `__kernel_map_pages'
riscv64-none-linux-gnu-ld: page_alloc.c:(.text+0x104a): undefined reference to `__kernel_map_pages'
riscv64-none-linux-gnu-ld: mm/page_alloc.o: in function `__pageblock_pfn_to_page':
page_alloc.c:(.text+0x145e): undefined reference to `__kernel_map_pages'
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/include/asm/pgtable.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/riscv/include/asm/pgtable.h b/arch/riscv/include/asm/pgtable.h
index 05b92987f500..31d912944d8d 100644
--- a/arch/riscv/include/asm/pgtable.h
+++ b/arch/riscv/include/asm/pgtable.h
@@ -467,6 +467,8 @@ static inline int ptep_clear_flush_young(struct vm_area_struct *vma,
#define TASK_SIZE 0xffffffffUL
+static inline void __kernel_map_pages(struct page *page, int numpages, int enable) {}
+
#endif /* !CONFIG_MMU */
#define kern_addr_valid(addr) (1) /* FIXME */
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 080/177] cifs: Fix null pointer check in cifs_read
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 079/177] riscv: pgtable: Fix __kernel_map_pages build error if NOMMU Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 081/177] csky: Fixup raw_copy_from_user() Greg Kroah-Hartman
` (97 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Coverity, Steve French,
Shyam Prasad N, Sasha Levin
From: Steve French <stfrench@microsoft.com>
[ Upstream commit 9bd21d4b1a767c3abebec203342f3820dcb84662 ]
Coverity scan noted a redundant null check
Coverity-id: 728517
Reported-by: Coverity <scan-admin@coverity.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Shyam Prasad N <nspmangalore@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cifs/file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index 5920820bfbd0..b30b03747dd6 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -4060,7 +4060,7 @@ cifs_read(struct file *file, char *read_data, size_t read_size, loff_t *offset)
* than it negotiated since it will refuse the read
* then.
*/
- if ((tcon->ses) && !(tcon->ses->capabilities &
+ if (!(tcon->ses->capabilities &
tcon->ses->server->vals->cap_large_files)) {
current_read_size = min_t(uint,
current_read_size, CIFSMaxBufSize);
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 081/177] csky: Fixup raw_copy_from_user()
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 080/177] cifs: Fix null pointer check in cifs_read Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 082/177] samples: bpf: Fix build error Greg Kroah-Hartman
` (96 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Al Viro, Guo Ren, Sasha Levin
From: Al Viro <viro@zeniv.linux.org.uk>
[ Upstream commit 51bb38cb78363fdad1f89e87357b7bc73e39ba88 ]
If raw_copy_from_user(to, from, N) returns K, callers expect
the first N - K bytes starting at to to have been replaced with
the contents of corresponding area starting at from and the last
K bytes of destination *left* *unmodified*.
What arch/sky/lib/usercopy.c is doing is broken - it can lead to e.g.
data corruption on write(2).
raw_copy_to_user() is inaccurate about return value, which is a bug,
but consequences are less drastic than for raw_copy_from_user().
And just what are those access_ok() doing in there? I mean, look into
linux/uaccess.h; that's where we do that check (as well as zero tail
on failure in the callers that need zeroing).
AFAICS, all of that shouldn't be hard to fix; something like a patch
below might make a useful starting point.
I would suggest moving these macros into usercopy.c (they are never
used anywhere else) and possibly expanding them there; if you leave
them alive, please at least rename __copy_user_zeroing(). Again,
it must not zero anything on failed read.
Said that, I'm not sure we won't be better off simply turning
usercopy.c into usercopy.S - all that is left there is a couple of
functions, each consisting only of inline asm.
Guo Ren reply:
Yes, raw_copy_from_user is wrong, it's no need zeroing code.
unsigned long _copy_from_user(void *to, const void __user *from,
unsigned long n)
{
unsigned long res = n;
might_fault();
if (likely(access_ok(from, n))) {
kasan_check_write(to, n);
res = raw_copy_from_user(to, from, n);
}
if (unlikely(res))
memset(to + (n - res), 0, res);
return res;
}
EXPORT_SYMBOL(_copy_from_user);
You are right and access_ok() should be removed.
but, how about:
do {
...
"2: stw %3, (%1, 0) \n" \
+ " subi %0, 4 \n" \
"9: stw %4, (%1, 4) \n" \
+ " subi %0, 4 \n" \
"10: stw %5, (%1, 8) \n" \
+ " subi %0, 4 \n" \
"11: stw %6, (%1, 12) \n" \
+ " subi %0, 4 \n" \
" addi %2, 16 \n" \
" addi %1, 16 \n" \
Don't expand __ex_table
AI Viro reply:
Hey, I've no idea about the instruction scheduling on csky -
if that doesn't slow the things down, all the better. It's just
that copy_to_user() and friends are on fairly hot codepaths,
and in quite a few situations they will dominate the speed of
e.g. read(2). So I tried to keep the fast path unchanged.
Up to the architecture maintainers, obviously. Which would be
you...
As for the fixups size increase (__ex_table size is unchanged)...
You have each of those macros expanded exactly once.
So the size is not a serious argument, IMO - useless complexity
would be, if it is, in fact, useless; the size... not really,
especially since those extra subi will at least offset it.
Again, up to you - asm optimizations of (essentially)
memcpy()-style loops are tricky and can depend upon the
fairly subtle details of architecture. So even on something
I know reasonably well I would resort to direct experiments
if I can't pass the buck to architecture maintainers.
It *is* worth optimizing - this is where read() from a file
that is already in page cache spends most of the time, etc.
Guo Ren reply:
Thx, after fixup some typo “sub %0, 4”, apply the patch.
TODO:
- user copy/from codes are still need optimizing.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Guo Ren <guoren@linux.alibaba.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/csky/include/asm/uaccess.h | 49 +++++++++++++++++----------------
arch/csky/lib/usercopy.c | 8 ++----
2 files changed, 28 insertions(+), 29 deletions(-)
diff --git a/arch/csky/include/asm/uaccess.h b/arch/csky/include/asm/uaccess.h
index eaa1c3403a42..60f8a4112588 100644
--- a/arch/csky/include/asm/uaccess.h
+++ b/arch/csky/include/asm/uaccess.h
@@ -254,7 +254,7 @@ do { \
extern int __get_user_bad(void);
-#define __copy_user(to, from, n) \
+#define ___copy_to_user(to, from, n) \
do { \
int w0, w1, w2, w3; \
asm volatile( \
@@ -289,31 +289,34 @@ do { \
" subi %0, 4 \n" \
" br 3b \n" \
"5: cmpnei %0, 0 \n" /* 1B */ \
- " bf 8f \n" \
+ " bf 13f \n" \
" ldb %3, (%2, 0) \n" \
"6: stb %3, (%1, 0) \n" \
" addi %2, 1 \n" \
" addi %1, 1 \n" \
" subi %0, 1 \n" \
" br 5b \n" \
- "7: br 8f \n" \
+ "7: subi %0, 4 \n" \
+ "8: subi %0, 4 \n" \
+ "12: subi %0, 4 \n" \
+ " br 13f \n" \
".section __ex_table, \"a\" \n" \
".align 2 \n" \
- ".long 2b, 7b \n" \
- ".long 9b, 7b \n" \
- ".long 10b, 7b \n" \
+ ".long 2b, 13f \n" \
+ ".long 4b, 13f \n" \
+ ".long 6b, 13f \n" \
+ ".long 9b, 12b \n" \
+ ".long 10b, 8b \n" \
".long 11b, 7b \n" \
- ".long 4b, 7b \n" \
- ".long 6b, 7b \n" \
".previous \n" \
- "8: \n" \
+ "13: \n" \
: "=r"(n), "=r"(to), "=r"(from), "=r"(w0), \
"=r"(w1), "=r"(w2), "=r"(w3) \
: "0"(n), "1"(to), "2"(from) \
: "memory"); \
} while (0)
-#define __copy_user_zeroing(to, from, n) \
+#define ___copy_from_user(to, from, n) \
do { \
int tmp; \
int nsave; \
@@ -356,22 +359,22 @@ do { \
" addi %1, 1 \n" \
" subi %0, 1 \n" \
" br 5b \n" \
- "8: mov %3, %0 \n" \
- " movi %4, 0 \n" \
- "9: stb %4, (%1, 0) \n" \
- " addi %1, 1 \n" \
- " subi %3, 1 \n" \
- " cmpnei %3, 0 \n" \
- " bt 9b \n" \
- " br 7f \n" \
+ "8: stw %3, (%1, 0) \n" \
+ " subi %0, 4 \n" \
+ " bf 7f \n" \
+ "9: subi %0, 8 \n" \
+ " bf 7f \n" \
+ "13: stw %3, (%1, 8) \n" \
+ " subi %0, 12 \n" \
+ " bf 7f \n" \
".section __ex_table, \"a\" \n" \
".align 2 \n" \
- ".long 2b, 8b \n" \
+ ".long 2b, 7f \n" \
+ ".long 4b, 7f \n" \
+ ".long 6b, 7f \n" \
".long 10b, 8b \n" \
- ".long 11b, 8b \n" \
- ".long 12b, 8b \n" \
- ".long 4b, 8b \n" \
- ".long 6b, 8b \n" \
+ ".long 11b, 9b \n" \
+ ".long 12b,13b \n" \
".previous \n" \
"7: \n" \
: "=r"(n), "=r"(to), "=r"(from), "=r"(nsave), \
diff --git a/arch/csky/lib/usercopy.c b/arch/csky/lib/usercopy.c
index 647a23986fb5..3c9bd645e643 100644
--- a/arch/csky/lib/usercopy.c
+++ b/arch/csky/lib/usercopy.c
@@ -7,10 +7,7 @@
unsigned long raw_copy_from_user(void *to, const void *from,
unsigned long n)
{
- if (access_ok(from, n))
- __copy_user_zeroing(to, from, n);
- else
- memset(to, 0, n);
+ ___copy_from_user(to, from, n);
return n;
}
EXPORT_SYMBOL(raw_copy_from_user);
@@ -18,8 +15,7 @@ EXPORT_SYMBOL(raw_copy_from_user);
unsigned long raw_copy_to_user(void *to, const void *from,
unsigned long n)
{
- if (access_ok(to, n))
- __copy_user(to, from, n);
+ ___copy_to_user(to, from, n);
return n;
}
EXPORT_SYMBOL(raw_copy_to_user);
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 082/177] samples: bpf: Fix build error
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 081/177] csky: Fixup raw_copy_from_user() Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 083/177] drivers: net: hamradio: Fix suspicious RCU usage warning in bpqether.c Greg Kroah-Hartman
` (95 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matteo Croce, Alexei Starovoitov,
Yonghong Song, Sasha Levin
From: Matteo Croce <mcroce@redhat.com>
[ Upstream commit 23ad04669f81f958e9a4121b0266228d2eb3c357 ]
GCC 10 is very strict about symbol clash, and lwt_len_hist_user contains
a symbol which clashes with libbpf:
/usr/bin/ld: samples/bpf/lwt_len_hist_user.o:(.bss+0x0): multiple definition of `bpf_log_buf'; samples/bpf/bpf_load.o:(.bss+0x8c0): first defined here
collect2: error: ld returned 1 exit status
bpf_log_buf here seems to be a leftover, so removing it.
Signed-off-by: Matteo Croce <mcroce@redhat.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20200511113234.80722-1-mcroce@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
samples/bpf/lwt_len_hist_user.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/samples/bpf/lwt_len_hist_user.c b/samples/bpf/lwt_len_hist_user.c
index 587b68b1f8dd..430a4b7e353e 100644
--- a/samples/bpf/lwt_len_hist_user.c
+++ b/samples/bpf/lwt_len_hist_user.c
@@ -15,8 +15,6 @@
#define MAX_INDEX 64
#define MAX_STARS 38
-char bpf_log_buf[BPF_LOG_BUF_SIZE];
-
static void stars(char *str, long val, long max, int width)
{
int i;
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 083/177] drivers: net: hamradio: Fix suspicious RCU usage warning in bpqether.c
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 082/177] samples: bpf: Fix build error Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 084/177] Input: usbtouchscreen - add support for BonXeon TP Greg Kroah-Hartman
` (94 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+bb82cafc737c002d11ca,
Madhuparna Bhowmik, David S. Miller, Sasha Levin
From: Madhuparna Bhowmik <madhuparnabhowmik10@gmail.com>
[ Upstream commit 95f59bf88bb75281cc626e283ecefdd5d5641427 ]
This patch fixes the following warning:
=============================
WARNING: suspicious RCU usage
5.7.0-rc5-next-20200514-syzkaller #0 Not tainted
-----------------------------
drivers/net/hamradio/bpqether.c:149 RCU-list traversed in non-reader section!!
Since rtnl lock is held, pass this cond in list_for_each_entry_rcu().
Reported-by: syzbot+bb82cafc737c002d11ca@syzkaller.appspotmail.com
Signed-off-by: Madhuparna Bhowmik <madhuparnabhowmik10@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/hamradio/bpqether.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/hamradio/bpqether.c b/drivers/net/hamradio/bpqether.c
index fbea6f232819..e2ad3c2e8df5 100644
--- a/drivers/net/hamradio/bpqether.c
+++ b/drivers/net/hamradio/bpqether.c
@@ -127,7 +127,8 @@ static inline struct net_device *bpq_get_ax25_dev(struct net_device *dev)
{
struct bpqdev *bpq;
- list_for_each_entry_rcu(bpq, &bpq_devices, bpq_list) {
+ list_for_each_entry_rcu(bpq, &bpq_devices, bpq_list,
+ lockdep_rtnl_is_held()) {
if (bpq->ethdev == dev)
return bpq->axdev;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 084/177] Input: usbtouchscreen - add support for BonXeon TP
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 083/177] drivers: net: hamradio: Fix suspicious RCU usage warning in bpqether.c Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 085/177] Input: i8042 - add ThinkPad S230u to i8042 nomux list Greg Kroah-Hartman
` (93 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, James Hilliard, Dmitry Torokhov, Sasha Levin
From: James Hilliard <james.hilliard1@gmail.com>
[ Upstream commit e3b4f94ef52ae1592cbe199bd38dbdc0d58b2217 ]
Based on available information this uses the singletouch irtouch
protocol. This is tested and confirmed to be fully functional on
the BonXeon TP hardware I have.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Link: https://lore.kernel.org/r/20200413184217.55700-1-james.hilliard1@gmail.com
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/touchscreen/usbtouchscreen.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/input/touchscreen/usbtouchscreen.c b/drivers/input/touchscreen/usbtouchscreen.c
index 16d70201de4a..397cb1d3f481 100644
--- a/drivers/input/touchscreen/usbtouchscreen.c
+++ b/drivers/input/touchscreen/usbtouchscreen.c
@@ -182,6 +182,7 @@ static const struct usb_device_id usbtouch_devices[] = {
#endif
#ifdef CONFIG_TOUCHSCREEN_USB_IRTOUCH
+ {USB_DEVICE(0x255e, 0x0001), .driver_info = DEVTYPE_IRTOUCH},
{USB_DEVICE(0x595a, 0x0001), .driver_info = DEVTYPE_IRTOUCH},
{USB_DEVICE(0x6615, 0x0001), .driver_info = DEVTYPE_IRTOUCH},
{USB_DEVICE(0x6615, 0x0012), .driver_info = DEVTYPE_IRTOUCH_HIRES},
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 085/177] Input: i8042 - add ThinkPad S230u to i8042 nomux list
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 084/177] Input: usbtouchscreen - add support for BonXeon TP Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 086/177] Input: evdev - call input_flush_device() on release(), not flush() Greg Kroah-Hartman
` (92 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kevin Locke, Dmitry Torokhov, Sasha Levin
From: Kevin Locke <kevin@kevinlocke.name>
[ Upstream commit 18931506465a762ffd3f4803d36a18d336a67da9 ]
On the Lenovo ThinkPad Twist S230u (3347-4HU) with BIOS version
"GDETC1WW (1.81 ) 06/27/2019", whether booted in UEFI or Legacy/CSM mode
the keyboard, Synaptics TouchPad, and TrackPoint either do not function
or stop functioning a few minutes after boot. This problem has been
noted before, perhaps only occurring on BIOS 1.57 and
later.[1][2][3][4][5]
This model does not have an external PS/2 port, so mux does not appear
to be useful.
Odds of a BIOS fix appear to be low: 1.57 was released over 6 years ago
and although the [BIOS changelog] notes "Fixed an issue of UEFI
touchpad/trackpoint/keyboard/touchscreen" in 1.58, it appears to be
insufficient.
Adding 33474HU to the nomux list avoids the issue on my system.
[1]: https://bugs.launchpad.net/bugs/1210748
[2]: https://bbs.archlinux.org/viewtopic.php?pid=1360425
[3]: https://forums.linuxmint.com/viewtopic.php?f=46&t=41200
[4]: https://forums.linuxmint.com/viewtopic.php?f=49&t=157115
[5]: https://forums.lenovo.com/topic/findpost/27/1337119
[BIOS changelog]: https://download.lenovo.com/pccbbs/mobiles/gduj33uc.txt
Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/feb8a8339a67025dab3850e6377eb6f3a0e782ba.1587400635.git.kevin@kevinlocke.name
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/serio/i8042-x86ia64io.h | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h
index 08e919dbeb5d..5bbc9152731d 100644
--- a/drivers/input/serio/i8042-x86ia64io.h
+++ b/drivers/input/serio/i8042-x86ia64io.h
@@ -541,6 +541,13 @@ static const struct dmi_system_id __initconst i8042_dmi_nomux_table[] = {
DMI_MATCH(DMI_PRODUCT_NAME, "Aspire 5738"),
},
},
+ {
+ /* Lenovo ThinkPad Twist S230u */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "33474HU"),
+ },
+ },
{ }
};
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 086/177] Input: evdev - call input_flush_device() on release(), not flush()
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 085/177] Input: i8042 - add ThinkPad S230u to i8042 nomux list Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 087/177] Input: xpad - add custom init packet for Xbox One S controllers Greg Kroah-Hartman
` (91 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mathieu Maret, Brendan Shanks,
Dmitry Torokhov, Sasha Levin
From: Brendan Shanks <bshanks@codeweavers.com>
[ Upstream commit 09264098ff153f60866039d60b31d39b66f55a31 ]
input_flush_device() should only be called once the struct file is being
released and no open descriptors remain, but evdev_flush() was calling
it whenever a file descriptor was closed.
This caused uploaded force-feedback effects to be erased when a process
did a dup()/close() on the event FD, called system(), etc.
Call input_flush_device() from evdev_release() instead.
Reported-by: Mathieu Maret <mathieu.maret@gmail.com>
Signed-off-by: Brendan Shanks <bshanks@codeweavers.com>
Link: https://lore.kernel.org/r/20200421231003.7935-1-bshanks@codeweavers.com
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/evdev.c | 19 ++++---------------
1 file changed, 4 insertions(+), 15 deletions(-)
diff --git a/drivers/input/evdev.c b/drivers/input/evdev.c
index cb6e3a5f509c..0d57e51b8ba1 100644
--- a/drivers/input/evdev.c
+++ b/drivers/input/evdev.c
@@ -326,20 +326,6 @@ static int evdev_fasync(int fd, struct file *file, int on)
return fasync_helper(fd, file, on, &client->fasync);
}
-static int evdev_flush(struct file *file, fl_owner_t id)
-{
- struct evdev_client *client = file->private_data;
- struct evdev *evdev = client->evdev;
-
- mutex_lock(&evdev->mutex);
-
- if (evdev->exist && !client->revoked)
- input_flush_device(&evdev->handle, file);
-
- mutex_unlock(&evdev->mutex);
- return 0;
-}
-
static void evdev_free(struct device *dev)
{
struct evdev *evdev = container_of(dev, struct evdev, dev);
@@ -453,6 +439,10 @@ static int evdev_release(struct inode *inode, struct file *file)
unsigned int i;
mutex_lock(&evdev->mutex);
+
+ if (evdev->exist && !client->revoked)
+ input_flush_device(&evdev->handle, file);
+
evdev_ungrab(evdev, client);
mutex_unlock(&evdev->mutex);
@@ -1310,7 +1300,6 @@ static const struct file_operations evdev_fops = {
.compat_ioctl = evdev_ioctl_compat,
#endif
.fasync = evdev_fasync,
- .flush = evdev_flush,
.llseek = no_llseek,
};
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 087/177] Input: xpad - add custom init packet for Xbox One S controllers
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 086/177] Input: evdev - call input_flush_device() on release(), not flush() Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 088/177] Input: dlink-dir685-touchkeys - fix a typo in driver name Greg Kroah-Hartman
` (90 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Łukasz Patron, Cameron Gutman,
Dmitry Torokhov, Sasha Levin
From: Łukasz Patron <priv.luk@gmail.com>
[ Upstream commit 764f7f911bf72450c51eb74cbb262ad9933741d8 ]
Sending [ 0x05, 0x20, 0x00, 0x0f, 0x06 ] packet for Xbox One S controllers
fixes an issue where controller is stuck in Bluetooth mode and not sending
any inputs.
Signed-off-by: Łukasz Patron <priv.luk@gmail.com>
Reviewed-by: Cameron Gutman <aicommander@gmail.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20200422075206.18229-1-priv.luk@gmail.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/joystick/xpad.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c
index 6b40a1c68f9f..c77cdb3b62b5 100644
--- a/drivers/input/joystick/xpad.c
+++ b/drivers/input/joystick/xpad.c
@@ -458,6 +458,16 @@ static const u8 xboxone_fw2015_init[] = {
0x05, 0x20, 0x00, 0x01, 0x00
};
+/*
+ * This packet is required for Xbox One S (0x045e:0x02ea)
+ * and Xbox One Elite Series 2 (0x045e:0x0b00) pads to
+ * initialize the controller that was previously used in
+ * Bluetooth mode.
+ */
+static const u8 xboxone_s_init[] = {
+ 0x05, 0x20, 0x00, 0x0f, 0x06
+};
+
/*
* This packet is required for the Titanfall 2 Xbox One pads
* (0x0e6f:0x0165) to finish initialization and for Hori pads
@@ -516,6 +526,8 @@ static const struct xboxone_init_packet xboxone_init_packets[] = {
XBOXONE_INIT_PKT(0x0e6f, 0x0165, xboxone_hori_init),
XBOXONE_INIT_PKT(0x0f0d, 0x0067, xboxone_hori_init),
XBOXONE_INIT_PKT(0x0000, 0x0000, xboxone_fw2015_init),
+ XBOXONE_INIT_PKT(0x045e, 0x02ea, xboxone_s_init),
+ XBOXONE_INIT_PKT(0x045e, 0x0b00, xboxone_s_init),
XBOXONE_INIT_PKT(0x0e6f, 0x0000, xboxone_pdp_init1),
XBOXONE_INIT_PKT(0x0e6f, 0x0000, xboxone_pdp_init2),
XBOXONE_INIT_PKT(0x24c6, 0x541a, xboxone_rumblebegin_init),
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 088/177] Input: dlink-dir685-touchkeys - fix a typo in driver name
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 087/177] Input: xpad - add custom init packet for Xbox One S controllers Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 089/177] gpio: mvebu: Fix probing for chips without PWM Greg Kroah-Hartman
` (89 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Linus Walleij,
Dmitry Torokhov, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 38347374ae3f1ec4df56dd688bd603a64e79a0ed ]
According to the file name and Kconfig, a 'k' is missing in this driver
name. It should be "dlink-dir685-touchkeys".
Fixes: 131b3de7016b ("Input: add D-Link DIR-685 touchkeys driver")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20200412213937.5287-1-christophe.jaillet@wanadoo.fr
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/keyboard/dlink-dir685-touchkeys.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/input/keyboard/dlink-dir685-touchkeys.c b/drivers/input/keyboard/dlink-dir685-touchkeys.c
index b0ead7199c40..a69dcc3bd30c 100644
--- a/drivers/input/keyboard/dlink-dir685-touchkeys.c
+++ b/drivers/input/keyboard/dlink-dir685-touchkeys.c
@@ -143,7 +143,7 @@ MODULE_DEVICE_TABLE(of, dir685_tk_of_match);
static struct i2c_driver dir685_tk_i2c_driver = {
.driver = {
- .name = "dlin-dir685-touchkeys",
+ .name = "dlink-dir685-touchkeys",
.of_match_table = of_match_ptr(dir685_tk_of_match),
},
.probe = dir685_tk_probe,
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 089/177] gpio: mvebu: Fix probing for chips without PWM
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 088/177] Input: dlink-dir685-touchkeys - fix a typo in driver name Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 090/177] Input: i8042 - add ThinkPad S230u to i8042 reset list Greg Kroah-Hartman
` (88 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sascha Hauer, Bartosz Golaszewski,
Sasha Levin
From: Sascha Hauer <s.hauer@pengutronix.de>
[ Upstream commit 19c26d90ff4ca08ef2a2fef23cc9c13cfbfd891e ]
The PWM iomem resource is optional and its presence indicates whether
the GPIO chip has a PWM or not, which is why mvebu_pwm_probe() returned
successfully when the PWM resource was not present. With f51b18d92b66
the driver switched to devm_platform_ioremap_resource_byname() and
its error return is propagated to the caller, so now a missing PWM resource
leads to a probe error in the driver.
To fix this explicitly test for the presence of the PWM resource and
return successfully when it's not there. Do this check before the check
for the clock is done (which GPIO chips without a PWM do not have). Also
move the existing comment why the PWM resource is optional up to the
actual check.
Fixes: f51b18d92b66 ("gpio: mvebu: use devm_platform_ioremap_resource_byname()")
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpio/gpio-mvebu.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/drivers/gpio/gpio-mvebu.c b/drivers/gpio/gpio-mvebu.c
index d2b999c7987f..f0c5433a327f 100644
--- a/drivers/gpio/gpio-mvebu.c
+++ b/drivers/gpio/gpio-mvebu.c
@@ -782,6 +782,15 @@ static int mvebu_pwm_probe(struct platform_device *pdev,
"marvell,armada-370-gpio"))
return 0;
+ /*
+ * There are only two sets of PWM configuration registers for
+ * all the GPIO lines on those SoCs which this driver reserves
+ * for the first two GPIO chips. So if the resource is missing
+ * we can't treat it as an error.
+ */
+ if (!platform_get_resource_byname(pdev, IORESOURCE_MEM, "pwm"))
+ return 0;
+
if (IS_ERR(mvchip->clk))
return PTR_ERR(mvchip->clk);
@@ -804,12 +813,6 @@ static int mvebu_pwm_probe(struct platform_device *pdev,
mvchip->mvpwm = mvpwm;
mvpwm->mvchip = mvchip;
- /*
- * There are only two sets of PWM configuration registers for
- * all the GPIO lines on those SoCs which this driver reserves
- * for the first two GPIO chips. So if the resource is missing
- * we can't treat it as an error.
- */
mvpwm->membase = devm_platform_ioremap_resource_byname(pdev, "pwm");
if (IS_ERR(mvpwm->membase))
return PTR_ERR(mvpwm->membase);
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 090/177] Input: i8042 - add ThinkPad S230u to i8042 reset list
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 089/177] gpio: mvebu: Fix probing for chips without PWM Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 091/177] Input: synaptics-rmi4 - really fix attn_data use-after-free Greg Kroah-Hartman
` (87 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kevin Locke, Dmitry Torokhov, Sasha Levin
From: Kevin Locke <kevin@kevinlocke.name>
[ Upstream commit 2712c91a54a1058d55c284152b4d93c979b67be6 ]
On the Lenovo ThinkPad Twist S230u (3347-4HU) with BIOS version
"GDETC1WW (1.81 ) 06/27/2019", the keyboard, Synaptics TouchPad, and
TrackPoint either do not function or stop functioning a few minutes
after boot. This problem has been noted before, perhaps only occurring
with BIOS 1.57 and later.[1][2][3][4][5]
Odds of a BIOS fix appear to be low: 1.57 was released over 6 years ago
and although the [BIOS changelog] notes "Fixed an issue of UEFI
touchpad/trackpoint/keyboard/touchscreen" in 1.58, it appears to be
insufficient.
Setting i8042.reset=1 or adding 33474HU to the reset list avoids the
issue on my system from either warm or cold boot.
[1]: https://bugs.launchpad.net/bugs/1210748
[2]: https://bbs.archlinux.org/viewtopic.php?pid=1360425
[3]: https://forums.linuxmint.com/viewtopic.php?f=46&t=41200
[4]: https://forums.linuxmint.com/viewtopic.php?f=49&t=157115
[5]: https://forums.lenovo.com/topic/findpost/27/1337119
[BIOS changelog]: https://download.lenovo.com/pccbbs/mobiles/gduj33uc.txt
Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/94f384b0f75f90f71425d7dce7ac82c59ddb87a8.1587702636.git.kevin@kevinlocke.name
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/serio/i8042-x86ia64io.h | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h
index 5bbc9152731d..c47800176534 100644
--- a/drivers/input/serio/i8042-x86ia64io.h
+++ b/drivers/input/serio/i8042-x86ia64io.h
@@ -669,6 +669,13 @@ static const struct dmi_system_id __initconst i8042_dmi_reset_table[] = {
DMI_MATCH(DMI_PRODUCT_NAME, "P65xRP"),
},
},
+ {
+ /* Lenovo ThinkPad Twist S230u */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "33474HU"),
+ },
+ },
{ }
};
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 091/177] Input: synaptics-rmi4 - really fix attn_data use-after-free
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 090/177] Input: i8042 - add ThinkPad S230u to i8042 reset list Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 092/177] Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() Greg Kroah-Hartman
` (86 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Evan Green, Dmitry Torokhov, Sasha Levin
From: Evan Green <evgreen@chromium.org>
[ Upstream commit d5a5e5b5fa7b86c05bf073acc0ba98fa280174ec ]
Fix a use-after-free noticed by running with KASAN enabled. If
rmi_irq_fn() is run twice in a row, then rmi_f11_attention() (among
others) will end up reading from drvdata->attn_data.data, which was
freed and left dangling in rmi_irq_fn().
Commit 55edde9fff1a ("Input: synaptics-rmi4 - prevent UAF reported by
KASAN") correctly identified and analyzed this bug. However the attempted
fix only NULLed out a local variable, missing the fact that
drvdata->attn_data is a struct, not a pointer.
NULL out the correct pointer in the driver data to prevent the attention
functions from copying from it.
Fixes: 55edde9fff1a ("Input: synaptics-rmi4 - prevent UAF reported by KASAN")
Fixes: b908d3cd812a ("Input: synaptics-rmi4 - allow to add attention data")
Signed-off-by: Evan Green <evgreen@chromium.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20200427145537.1.Ic8f898e0147beeee2c005ee7b20f1aebdef1e7eb@changeid
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/rmi4/rmi_driver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/input/rmi4/rmi_driver.c b/drivers/input/rmi4/rmi_driver.c
index 190b9974526b..c18e1a25bca6 100644
--- a/drivers/input/rmi4/rmi_driver.c
+++ b/drivers/input/rmi4/rmi_driver.c
@@ -205,7 +205,7 @@ static irqreturn_t rmi_irq_fn(int irq, void *dev_id)
if (count) {
kfree(attn_data.data);
- attn_data.data = NULL;
+ drvdata->attn_data.data = NULL;
}
if (!kfifo_is_empty(&drvdata->attn_fifo))
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 092/177] Input: synaptics-rmi4 - fix error return code in rmi_driver_probe()
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 091/177] Input: synaptics-rmi4 - really fix attn_data use-after-free Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 093/177] ARM: 8970/1: decompressor: increase tag size Greg Kroah-Hartman
` (85 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wei Yongjun, Dmitry Torokhov, Sasha Levin
From: Wei Yongjun <weiyongjun1@huawei.com>
[ Upstream commit 5caab2da63207d6d631007f592f5219459e3454d ]
Fix to return a negative error code from the input_register_device()
error handling case instead of 0, as done elsewhere in this function.
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Link: https://lore.kernel.org/r/20200428134948.78343-1-weiyongjun1@huawei.com
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/rmi4/rmi_driver.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/input/rmi4/rmi_driver.c b/drivers/input/rmi4/rmi_driver.c
index c18e1a25bca6..258d5fe3d395 100644
--- a/drivers/input/rmi4/rmi_driver.c
+++ b/drivers/input/rmi4/rmi_driver.c
@@ -1210,7 +1210,8 @@ static int rmi_driver_probe(struct device *dev)
if (data->input) {
rmi_driver_set_input_name(rmi_dev, data->input);
if (!rmi_dev->xport->input) {
- if (input_register_device(data->input)) {
+ retval = input_register_device(data->input);
+ if (retval) {
dev_err(dev, "%s: Failed to register input device.\n",
__func__);
goto err_destroy_functions;
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 093/177] ARM: 8970/1: decompressor: increase tag size
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 092/177] Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 094/177] ARM: uaccess: consolidate uaccess asm to asm/uaccess-asm.h Greg Kroah-Hartman
` (84 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Łukasz Stelmach, Russell King,
Sasha Levin
From: Łukasz Stelmach <l.stelmach@samsung.com>
[ Upstream commit 2c962369d72f286659e6446919f88d69b943cb4d ]
The size field of the tag header structure is supposed to be set to the
size of a tag structure including the header.
Fixes: c772568788b5f0 ("ARM: add additional table to compressed kernel")
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/compressed/vmlinux.lds.S | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/compressed/vmlinux.lds.S b/arch/arm/boot/compressed/vmlinux.lds.S
index fc7ed03d8b93..51b078604978 100644
--- a/arch/arm/boot/compressed/vmlinux.lds.S
+++ b/arch/arm/boot/compressed/vmlinux.lds.S
@@ -43,7 +43,7 @@ SECTIONS
}
.table : ALIGN(4) {
_table_start = .;
- LONG(ZIMAGE_MAGIC(2))
+ LONG(ZIMAGE_MAGIC(4))
LONG(ZIMAGE_MAGIC(0x5a534c4b))
LONG(ZIMAGE_MAGIC(__piggy_size_addr - _start))
LONG(ZIMAGE_MAGIC(_kernel_bss_size))
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 094/177] ARM: uaccess: consolidate uaccess asm to asm/uaccess-asm.h
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 093/177] ARM: 8970/1: decompressor: increase tag size Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 095/177] ARM: uaccess: integrate uaccess_save and uaccess_restore Greg Kroah-Hartman
` (83 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Russell King, Sasha Levin
From: Russell King <rmk+kernel@armlinux.org.uk>
[ Upstream commit 747ffc2fcf969eff9309d7f2d1d61cb8b9e1bb40 ]
Consolidate the user access assembly code to asm/uaccess-asm.h. This
moves the csdb, check_uaccess, uaccess_mask_range_ptr, uaccess_enable,
uaccess_disable, uaccess_save, uaccess_restore macros, and creates two
new ones for exception entry and exit - uaccess_entry and uaccess_exit.
This makes the uaccess_save and uaccess_restore macros private to
asm/uaccess-asm.h.
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/include/asm/assembler.h | 75 +-------------------
arch/arm/include/asm/uaccess-asm.h | 106 +++++++++++++++++++++++++++++
arch/arm/kernel/entry-armv.S | 11 +--
| 9 +--
4 files changed, 112 insertions(+), 89 deletions(-)
create mode 100644 arch/arm/include/asm/uaccess-asm.h
diff --git a/arch/arm/include/asm/assembler.h b/arch/arm/include/asm/assembler.h
index 99929122dad7..3546d294d55f 100644
--- a/arch/arm/include/asm/assembler.h
+++ b/arch/arm/include/asm/assembler.h
@@ -18,11 +18,11 @@
#endif
#include <asm/ptrace.h>
-#include <asm/domain.h>
#include <asm/opcodes-virt.h>
#include <asm/asm-offsets.h>
#include <asm/page.h>
#include <asm/thread_info.h>
+#include <asm/uaccess-asm.h>
#define IOMEM(x) (x)
@@ -446,79 +446,6 @@ THUMB( orr \reg , \reg , #PSR_T_BIT )
.size \name , . - \name
.endm
- .macro csdb
-#ifdef CONFIG_THUMB2_KERNEL
- .inst.w 0xf3af8014
-#else
- .inst 0xe320f014
-#endif
- .endm
-
- .macro check_uaccess, addr:req, size:req, limit:req, tmp:req, bad:req
-#ifndef CONFIG_CPU_USE_DOMAINS
- adds \tmp, \addr, #\size - 1
- sbcscc \tmp, \tmp, \limit
- bcs \bad
-#ifdef CONFIG_CPU_SPECTRE
- movcs \addr, #0
- csdb
-#endif
-#endif
- .endm
-
- .macro uaccess_mask_range_ptr, addr:req, size:req, limit:req, tmp:req
-#ifdef CONFIG_CPU_SPECTRE
- sub \tmp, \limit, #1
- subs \tmp, \tmp, \addr @ tmp = limit - 1 - addr
- addhs \tmp, \tmp, #1 @ if (tmp >= 0) {
- subshs \tmp, \tmp, \size @ tmp = limit - (addr + size) }
- movlo \addr, #0 @ if (tmp < 0) addr = NULL
- csdb
-#endif
- .endm
-
- .macro uaccess_disable, tmp, isb=1
-#ifdef CONFIG_CPU_SW_DOMAIN_PAN
- /*
- * Whenever we re-enter userspace, the domains should always be
- * set appropriately.
- */
- mov \tmp, #DACR_UACCESS_DISABLE
- mcr p15, 0, \tmp, c3, c0, 0 @ Set domain register
- .if \isb
- instr_sync
- .endif
-#endif
- .endm
-
- .macro uaccess_enable, tmp, isb=1
-#ifdef CONFIG_CPU_SW_DOMAIN_PAN
- /*
- * Whenever we re-enter userspace, the domains should always be
- * set appropriately.
- */
- mov \tmp, #DACR_UACCESS_ENABLE
- mcr p15, 0, \tmp, c3, c0, 0
- .if \isb
- instr_sync
- .endif
-#endif
- .endm
-
- .macro uaccess_save, tmp
-#ifdef CONFIG_CPU_SW_DOMAIN_PAN
- mrc p15, 0, \tmp, c3, c0, 0
- str \tmp, [sp, #SVC_DACR]
-#endif
- .endm
-
- .macro uaccess_restore
-#ifdef CONFIG_CPU_SW_DOMAIN_PAN
- ldr r0, [sp, #SVC_DACR]
- mcr p15, 0, r0, c3, c0, 0
-#endif
- .endm
-
.irp c,,eq,ne,cs,cc,mi,pl,vs,vc,hi,ls,ge,lt,gt,le,hs,lo
.macro ret\c, reg
#if __LINUX_ARM_ARCH__ < 6
diff --git a/arch/arm/include/asm/uaccess-asm.h b/arch/arm/include/asm/uaccess-asm.h
new file mode 100644
index 000000000000..d475e3e8145d
--- /dev/null
+++ b/arch/arm/include/asm/uaccess-asm.h
@@ -0,0 +1,106 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+
+#ifndef __ASM_UACCESS_ASM_H__
+#define __ASM_UACCESS_ASM_H__
+
+#include <asm/asm-offsets.h>
+#include <asm/domain.h>
+#include <asm/memory.h>
+#include <asm/thread_info.h>
+
+ .macro csdb
+#ifdef CONFIG_THUMB2_KERNEL
+ .inst.w 0xf3af8014
+#else
+ .inst 0xe320f014
+#endif
+ .endm
+
+ .macro check_uaccess, addr:req, size:req, limit:req, tmp:req, bad:req
+#ifndef CONFIG_CPU_USE_DOMAINS
+ adds \tmp, \addr, #\size - 1
+ sbcscc \tmp, \tmp, \limit
+ bcs \bad
+#ifdef CONFIG_CPU_SPECTRE
+ movcs \addr, #0
+ csdb
+#endif
+#endif
+ .endm
+
+ .macro uaccess_mask_range_ptr, addr:req, size:req, limit:req, tmp:req
+#ifdef CONFIG_CPU_SPECTRE
+ sub \tmp, \limit, #1
+ subs \tmp, \tmp, \addr @ tmp = limit - 1 - addr
+ addhs \tmp, \tmp, #1 @ if (tmp >= 0) {
+ subshs \tmp, \tmp, \size @ tmp = limit - (addr + size) }
+ movlo \addr, #0 @ if (tmp < 0) addr = NULL
+ csdb
+#endif
+ .endm
+
+ .macro uaccess_disable, tmp, isb=1
+#ifdef CONFIG_CPU_SW_DOMAIN_PAN
+ /*
+ * Whenever we re-enter userspace, the domains should always be
+ * set appropriately.
+ */
+ mov \tmp, #DACR_UACCESS_DISABLE
+ mcr p15, 0, \tmp, c3, c0, 0 @ Set domain register
+ .if \isb
+ instr_sync
+ .endif
+#endif
+ .endm
+
+ .macro uaccess_enable, tmp, isb=1
+#ifdef CONFIG_CPU_SW_DOMAIN_PAN
+ /*
+ * Whenever we re-enter userspace, the domains should always be
+ * set appropriately.
+ */
+ mov \tmp, #DACR_UACCESS_ENABLE
+ mcr p15, 0, \tmp, c3, c0, 0
+ .if \isb
+ instr_sync
+ .endif
+#endif
+ .endm
+
+ .macro uaccess_save, tmp
+#ifdef CONFIG_CPU_SW_DOMAIN_PAN
+ mrc p15, 0, \tmp, c3, c0, 0
+ str \tmp, [sp, #SVC_DACR]
+#endif
+ .endm
+
+ .macro uaccess_restore
+#ifdef CONFIG_CPU_SW_DOMAIN_PAN
+ ldr r0, [sp, #SVC_DACR]
+ mcr p15, 0, r0, c3, c0, 0
+#endif
+ .endm
+
+ /*
+ * Save the address limit on entry to a privileged exception and
+ * if using PAN, save and disable usermode access.
+ */
+ .macro uaccess_entry, tsk, tmp0, tmp1, tmp2, disable
+ ldr \tmp0, [\tsk, #TI_ADDR_LIMIT]
+ mov \tmp1, #TASK_SIZE
+ str \tmp1, [\tsk, #TI_ADDR_LIMIT]
+ str \tmp0, [sp, #SVC_ADDR_LIMIT]
+ uaccess_save \tmp0
+ .if \disable
+ uaccess_disable \tmp0
+ .endif
+ .endm
+
+ /* Restore the user access state previously saved by uaccess_entry */
+ .macro uaccess_exit, tsk, tmp0, tmp1
+ ldr \tmp1, [sp, #SVC_ADDR_LIMIT]
+ uaccess_restore
+ str \tmp1, [\tsk, #TI_ADDR_LIMIT]
+ .endm
+
+#endif /* __ASM_UACCESS_ASM_H__ */
diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S
index 77f54830554c..55a47df04773 100644
--- a/arch/arm/kernel/entry-armv.S
+++ b/arch/arm/kernel/entry-armv.S
@@ -27,6 +27,7 @@
#include <asm/unistd.h>
#include <asm/tls.h>
#include <asm/system_info.h>
+#include <asm/uaccess-asm.h>
#include "entry-header.S"
#include <asm/entry-macro-multi.S>
@@ -179,15 +180,7 @@ ENDPROC(__und_invalid)
stmia r7, {r2 - r6}
get_thread_info tsk
- ldr r0, [tsk, #TI_ADDR_LIMIT]
- mov r1, #TASK_SIZE
- str r1, [tsk, #TI_ADDR_LIMIT]
- str r0, [sp, #SVC_ADDR_LIMIT]
-
- uaccess_save r0
- .if \uaccess
- uaccess_disable r0
- .endif
+ uaccess_entry tsk, r0, r1, r2, \uaccess
.if \trace
#ifdef CONFIG_TRACE_IRQFLAGS
--git a/arch/arm/kernel/entry-header.S b/arch/arm/kernel/entry-header.S
index 32051ec5b33f..40db0f9188b6 100644
--- a/arch/arm/kernel/entry-header.S
+++ b/arch/arm/kernel/entry-header.S
@@ -6,6 +6,7 @@
#include <asm/asm-offsets.h>
#include <asm/errno.h>
#include <asm/thread_info.h>
+#include <asm/uaccess-asm.h>
#include <asm/v7m.h>
@ Bad Abort numbers
@@ -217,9 +218,7 @@
blne trace_hardirqs_off
#endif
.endif
- ldr r1, [sp, #SVC_ADDR_LIMIT]
- uaccess_restore
- str r1, [tsk, #TI_ADDR_LIMIT]
+ uaccess_exit tsk, r0, r1
#ifndef CONFIG_THUMB2_KERNEL
@ ARM mode SVC restore
@@ -263,9 +262,7 @@
@ on the stack remains correct).
@
.macro svc_exit_via_fiq
- ldr r1, [sp, #SVC_ADDR_LIMIT]
- uaccess_restore
- str r1, [tsk, #TI_ADDR_LIMIT]
+ uaccess_exit tsk, r0, r1
#ifndef CONFIG_THUMB2_KERNEL
@ ARM mode restore
mov r0, sp
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 095/177] ARM: uaccess: integrate uaccess_save and uaccess_restore
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 094/177] ARM: uaccess: consolidate uaccess asm to asm/uaccess-asm.h Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 096/177] ARM: uaccess: fix DACR mismatch with nested exceptions Greg Kroah-Hartman
` (82 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Russell King, Sasha Levin
From: Russell King <rmk+kernel@armlinux.org.uk>
[ Upstream commit 8ede890b0bcebe8c760aacfe20e934d98c3dc6aa ]
Integrate uaccess_save / uaccess_restore macros into the new
uaccess_entry / uaccess_exit macros respectively.
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/include/asm/uaccess-asm.h | 30 +++++++++++++-----------------
1 file changed, 13 insertions(+), 17 deletions(-)
diff --git a/arch/arm/include/asm/uaccess-asm.h b/arch/arm/include/asm/uaccess-asm.h
index d475e3e8145d..e46468b91eaa 100644
--- a/arch/arm/include/asm/uaccess-asm.h
+++ b/arch/arm/include/asm/uaccess-asm.h
@@ -67,30 +67,23 @@
#endif
.endm
- .macro uaccess_save, tmp
#ifdef CONFIG_CPU_SW_DOMAIN_PAN
- mrc p15, 0, \tmp, c3, c0, 0
- str \tmp, [sp, #SVC_DACR]
-#endif
- .endm
-
- .macro uaccess_restore
-#ifdef CONFIG_CPU_SW_DOMAIN_PAN
- ldr r0, [sp, #SVC_DACR]
- mcr p15, 0, r0, c3, c0, 0
+#define DACR(x...) x
+#else
+#define DACR(x...)
#endif
- .endm
/*
* Save the address limit on entry to a privileged exception and
* if using PAN, save and disable usermode access.
*/
.macro uaccess_entry, tsk, tmp0, tmp1, tmp2, disable
- ldr \tmp0, [\tsk, #TI_ADDR_LIMIT]
- mov \tmp1, #TASK_SIZE
- str \tmp1, [\tsk, #TI_ADDR_LIMIT]
- str \tmp0, [sp, #SVC_ADDR_LIMIT]
- uaccess_save \tmp0
+ ldr \tmp1, [\tsk, #TI_ADDR_LIMIT]
+ mov \tmp2, #TASK_SIZE
+ str \tmp2, [\tsk, #TI_ADDR_LIMIT]
+ DACR( mrc p15, 0, \tmp0, c3, c0, 0)
+ DACR( str \tmp0, [sp, #SVC_DACR])
+ str \tmp1, [sp, #SVC_ADDR_LIMIT]
.if \disable
uaccess_disable \tmp0
.endif
@@ -99,8 +92,11 @@
/* Restore the user access state previously saved by uaccess_entry */
.macro uaccess_exit, tsk, tmp0, tmp1
ldr \tmp1, [sp, #SVC_ADDR_LIMIT]
- uaccess_restore
+ DACR( ldr \tmp0, [sp, #SVC_DACR])
str \tmp1, [\tsk, #TI_ADDR_LIMIT]
+ DACR( mcr p15, 0, \tmp0, c3, c0, 0)
.endm
+#undef DACR
+
#endif /* __ASM_UACCESS_ASM_H__ */
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 096/177] ARM: uaccess: fix DACR mismatch with nested exceptions
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 095/177] ARM: uaccess: integrate uaccess_save and uaccess_restore Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 097/177] gpio: exar: Fix bad handling for ida_simple_get error path Greg Kroah-Hartman
` (81 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tomas Paukrt, Russell King, Sasha Levin
From: Russell King <rmk+kernel@armlinux.org.uk>
[ Upstream commit 71f8af1110101facfad68989ff91f88f8e2c3e22 ]
Tomas Paukrt reports that his SAM9X60 based system (ARM926, ARMv5TJ)
fails to fix up alignment faults, eventually resulting in a kernel
oops.
The problem occurs when using CONFIG_CPU_USE_DOMAINS with commit
e6978e4bf181 ("ARM: save and reset the address limit when entering an
exception"). This is because the address limit is set back to
TASK_SIZE on exception entry, and, although it is restored on exception
exit, the domain register is not.
Hence, this sequence can occur:
interrupt
pt_regs->addr_limit = addr_limit // USER_DS
addr_limit = USER_DS
alignment exception
__probe_kernel_read()
old_fs = get_fs() // USER_DS
set_fs(KERNEL_DS)
addr_limit = KERNEL_DS
dacr.kernel = DOMAIN_MANAGER
interrupt
pt_regs->addr_limit = addr_limit // KERNEL_DS
addr_limit = USER_DS
alignment exception
__probe_kernel_read()
old_fs = get_fs() // USER_DS
set_fs(KERNEL_DS)
addr_limit = KERNEL_DS
dacr.kernel = DOMAIN_MANAGER
...
set_fs(old_fs)
addr_limit = USER_DS
dacr.kernel = DOMAIN_CLIENT
...
addr_limit = pt_regs->addr_limit // KERNEL_DS
interrupt returns
At this point, addr_limit is correctly restored to KERNEL_DS for
__probe_kernel_read() to continue execution, but dacr.kernel is not,
it has been reset by the set_fs(old_fs) to DOMAIN_CLIENT.
This would not have happened prior to the mentioned commit, because
addr_limit would remain KERNEL_DS, so get_fs() would have returned
KERNEL_DS, and so would correctly nest.
This commit fixes the problem by also saving the DACR on exception
entry if either CONFIG_CPU_SW_DOMAIN_PAN or CONFIG_CPU_USE_DOMAINS are
enabled, and resetting the DACR appropriately on exception entry to
match addr_limit and PAN settings.
Fixes: e6978e4bf181 ("ARM: save and reset the address limit when entering an exception")
Reported-by: Tomas Paukrt <tomas.paukrt@advantech.cz>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/include/asm/uaccess-asm.h | 25 ++++++++++++++++++++-----
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git a/arch/arm/include/asm/uaccess-asm.h b/arch/arm/include/asm/uaccess-asm.h
index e46468b91eaa..907571fd05c6 100644
--- a/arch/arm/include/asm/uaccess-asm.h
+++ b/arch/arm/include/asm/uaccess-asm.h
@@ -67,15 +67,21 @@
#endif
.endm
-#ifdef CONFIG_CPU_SW_DOMAIN_PAN
+#if defined(CONFIG_CPU_SW_DOMAIN_PAN) || defined(CONFIG_CPU_USE_DOMAINS)
#define DACR(x...) x
#else
#define DACR(x...)
#endif
/*
- * Save the address limit on entry to a privileged exception and
- * if using PAN, save and disable usermode access.
+ * Save the address limit on entry to a privileged exception.
+ *
+ * If we are using the DACR for kernel access by the user accessors
+ * (CONFIG_CPU_USE_DOMAINS=y), always reset the DACR kernel domain
+ * back to client mode, whether or not \disable is set.
+ *
+ * If we are using SW PAN, set the DACR user domain to no access
+ * if \disable is set.
*/
.macro uaccess_entry, tsk, tmp0, tmp1, tmp2, disable
ldr \tmp1, [\tsk, #TI_ADDR_LIMIT]
@@ -84,8 +90,17 @@
DACR( mrc p15, 0, \tmp0, c3, c0, 0)
DACR( str \tmp0, [sp, #SVC_DACR])
str \tmp1, [sp, #SVC_ADDR_LIMIT]
- .if \disable
- uaccess_disable \tmp0
+ .if \disable && IS_ENABLED(CONFIG_CPU_SW_DOMAIN_PAN)
+ /* kernel=client, user=no access */
+ mov \tmp2, #DACR_UACCESS_DISABLE
+ mcr p15, 0, \tmp2, c3, c0, 0
+ instr_sync
+ .elseif IS_ENABLED(CONFIG_CPU_USE_DOMAINS)
+ /* kernel=client */
+ bic \tmp2, \tmp0, #domain_mask(DOMAIN_KERNEL)
+ orr \tmp2, \tmp2, #domain_val(DOMAIN_KERNEL, DOMAIN_CLIENT)
+ mcr p15, 0, \tmp2, c3, c0, 0
+ instr_sync
.endif
.endm
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 097/177] gpio: exar: Fix bad handling for ida_simple_get error path
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 096/177] ARM: uaccess: fix DACR mismatch with nested exceptions Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 098/177] arm64: dts: mt8173: fix vcodec-enc clock Greg Kroah-Hartman
` (80 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Bartosz Golaszewski,
Sasha Levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 333830aa149a87cabeb5d30fbcf12eecc8040d2c ]
The commit 7ecced0934e5 ("gpio: exar: add a check for the return value
of ida_simple_get fails") added a goto jump to the common error
handler for ida_simple_get() error, but this is wrong in two ways:
it doesn't set the proper return code and, more badly, it invokes
ida_simple_remove() with a negative index that shall lead to a kernel
panic via BUG_ON().
This patch addresses those two issues.
Fixes: 7ecced0934e5 ("gpio: exar: add a check for the return value of ida_simple_get fails")
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpio/gpio-exar.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/gpio/gpio-exar.c b/drivers/gpio/gpio-exar.c
index da1ef0b1c291..b1accfba017d 100644
--- a/drivers/gpio/gpio-exar.c
+++ b/drivers/gpio/gpio-exar.c
@@ -148,8 +148,10 @@ static int gpio_exar_probe(struct platform_device *pdev)
mutex_init(&exar_gpio->lock);
index = ida_simple_get(&ida_index, 0, 0, GFP_KERNEL);
- if (index < 0)
- goto err_destroy;
+ if (index < 0) {
+ ret = index;
+ goto err_mutex_destroy;
+ }
sprintf(exar_gpio->name, "exar_gpio%d", index);
exar_gpio->gpio_chip.label = exar_gpio->name;
@@ -176,6 +178,7 @@ static int gpio_exar_probe(struct platform_device *pdev)
err_destroy:
ida_simple_remove(&ida_index, index);
+err_mutex_destroy:
mutex_destroy(&exar_gpio->lock);
return ret;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 098/177] arm64: dts: mt8173: fix vcodec-enc clock
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 097/177] gpio: exar: Fix bad handling for ida_simple_get error path Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 099/177] soc: mediatek: cmdq: return send msg error code Greg Kroah-Hartman
` (79 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hsin-Yi Wang, Matthias Brugger, Sasha Levin
From: Hsin-Yi Wang <hsinyi@chromium.org>
[ Upstream commit 3b1f6c5e4dfaf767f6f2f120cd93b347b5a9f1aa ]
Fix the assigned-clock-parents to higher frequency clock to avoid h264
encode timeout:
[ 134.763465] mtk_vpu 10020000.vpu: vpu ipi 4 ack time out !
[ 134.769008] [MTK_VCODEC][ERROR][18]: vpu_enc_send_msg() vpu_ipi_send msg_id c002 len 32 fail -5
[ 134.777707] [MTK_VCODEC][ERROR][18]: vpu_enc_encode() AP_IPIMSG_ENC_ENCODE 0 fail
venc_sel is the clock used by h264 encoder, and venclt_sel is the clock
used by vp8 encoder. Assign venc_sel to vcodecpll_ck and venclt_sel to
vcodecpll_370p5.
vcodecpll 1482000000
vcodecpll_ck 494000000
venc_sel 494000000
...
vcodecpll_370p5 370500000
venclt_sel 370500000
Fixes: fbbad0287cec ("arm64: dts: Using standard CCF interface to set vcodec clk")
Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org>
Link: https://lore.kernel.org/r/20200504124442.208004-1-hsinyi@chromium.org
Signed-off-by: Matthias Brugger <matthias.bgg@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8173.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt8173.dtsi b/arch/arm64/boot/dts/mediatek/mt8173.dtsi
index 8b4e806d5119..125c78321ab4 100644
--- a/arch/arm64/boot/dts/mediatek/mt8173.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8173.dtsi
@@ -1401,8 +1401,8 @@
"venc_lt_sel";
assigned-clocks = <&topckgen CLK_TOP_VENC_SEL>,
<&topckgen CLK_TOP_VENC_LT_SEL>;
- assigned-clock-parents = <&topckgen CLK_TOP_VENCPLL_D2>,
- <&topckgen CLK_TOP_UNIVPLL1_D2>;
+ assigned-clock-parents = <&topckgen CLK_TOP_VCODECPLL>,
+ <&topckgen CLK_TOP_VCODECPLL_370P5>;
};
jpegdec: jpegdec@18004000 {
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 099/177] soc: mediatek: cmdq: return send msg error code
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 098/177] arm64: dts: mt8173: fix vcodec-enc clock Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 100/177] gpu/drm: ingenic: Fix bogus crtc_atomic_check callback Greg Kroah-Hartman
` (78 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dennis YC Hsieh, CK Hu,
Matthias Brugger, Sasha Levin
From: Dennis YC Hsieh <dennis-yc.hsieh@mediatek.com>
[ Upstream commit 34c4e4072603ff5c174df73b973896abb76cbb51 ]
Return error code to client if send message fail,
so that client has chance to error handling.
Fixes: 576f1b4bc802 ("soc: mediatek: Add Mediatek CMDQ helper")
Signed-off-by: Dennis YC Hsieh <dennis-yc.hsieh@mediatek.com>
Reviewed-by: CK Hu <ck.hu@mediatek.com>
Link: https://lore.kernel.org/r/1583664775-19382-6-git-send-email-dennis-yc.hsieh@mediatek.com
Signed-off-by: Matthias Brugger <matthias.bgg@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/mediatek/mtk-cmdq-helper.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/soc/mediatek/mtk-cmdq-helper.c b/drivers/soc/mediatek/mtk-cmdq-helper.c
index db37144ae98c..87ee9f767b7a 100644
--- a/drivers/soc/mediatek/mtk-cmdq-helper.c
+++ b/drivers/soc/mediatek/mtk-cmdq-helper.c
@@ -351,7 +351,9 @@ int cmdq_pkt_flush_async(struct cmdq_pkt *pkt, cmdq_async_flush_cb cb,
spin_unlock_irqrestore(&client->lock, flags);
}
- mbox_send_message(client->chan, pkt);
+ err = mbox_send_message(client->chan, pkt);
+ if (err < 0)
+ return err;
/* We can send next packet immediately, so just call txdone. */
mbox_client_txdone(client->chan, 0);
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 100/177] gpu/drm: ingenic: Fix bogus crtc_atomic_check callback
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 099/177] soc: mediatek: cmdq: return send msg error code Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 101/177] gpu/drm: Ingenic: Fix opaque pointer casted to wrong type Greg Kroah-Hartman
` (77 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paul Cercueil, Sam Ravnborg, Sasha Levin
From: Paul Cercueil <paul@crapouillou.net>
[ Upstream commit a53bcc19876498bdd3b4ef796c787295dcc498b4 ]
The code was comparing the SoC's maximum height with the mode's width,
and vice-versa. D'oh.
Cc: stable@vger.kernel.org # v5.6
Fixes: a7c909b7c037 ("gpu/drm: ingenic: Check for display size in CRTC atomic check")
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Link: https://patchwork.freedesktop.org/patch/msgid/20200516215057.392609-4-paul@crapouillou.net
Acked-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/ingenic/ingenic-drm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/ingenic/ingenic-drm.c b/drivers/gpu/drm/ingenic/ingenic-drm.c
index bcba2f024842..8f5077370a52 100644
--- a/drivers/gpu/drm/ingenic/ingenic-drm.c
+++ b/drivers/gpu/drm/ingenic/ingenic-drm.c
@@ -328,8 +328,8 @@ static int ingenic_drm_crtc_atomic_check(struct drm_crtc *crtc,
if (!drm_atomic_crtc_needs_modeset(state))
return 0;
- if (state->mode.hdisplay > priv->soc_info->max_height ||
- state->mode.vdisplay > priv->soc_info->max_width)
+ if (state->mode.hdisplay > priv->soc_info->max_width ||
+ state->mode.vdisplay > priv->soc_info->max_height)
return -EINVAL;
rate = clk_round_rate(priv->pix_clk,
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 101/177] gpu/drm: Ingenic: Fix opaque pointer casted to wrong type
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 100/177] gpu/drm: ingenic: Fix bogus crtc_atomic_check callback Greg Kroah-Hartman
@ 2020-06-01 17:53 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 102/177] IB/qib: Call kobject_put() when kobject_init_and_add() fails Greg Kroah-Hartman
` (76 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paul Cercueil, Sam Ravnborg, Sasha Levin
From: Paul Cercueil <paul@crapouillou.net>
[ Upstream commit abf56fadf0e208abfb13ad1ac0094416058da0ad ]
The opaque pointer passed to the IRQ handler is a pointer to the
drm_device, not a pointer to our ingenic_drm structure.
It still worked, because our ingenic_drm structure contains the
drm_device as its first field, so the pointer received had the same
value, but this was not semantically correct.
Cc: stable@vger.kernel.org # v5.3
Fixes: 90b86fcc47b4 ("DRM: Add KMS driver for the Ingenic JZ47xx SoCs")
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Link: https://patchwork.freedesktop.org/patch/msgid/20200516215057.392609-5-paul@crapouillou.net
Acked-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/ingenic/ingenic-drm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/ingenic/ingenic-drm.c b/drivers/gpu/drm/ingenic/ingenic-drm.c
index 8f5077370a52..e9900e078d51 100644
--- a/drivers/gpu/drm/ingenic/ingenic-drm.c
+++ b/drivers/gpu/drm/ingenic/ingenic-drm.c
@@ -474,7 +474,7 @@ static int ingenic_drm_encoder_atomic_check(struct drm_encoder *encoder,
static irqreturn_t ingenic_drm_irq_handler(int irq, void *arg)
{
- struct ingenic_drm *priv = arg;
+ struct ingenic_drm *priv = drm_device_get_priv(arg);
unsigned int state;
regmap_read(priv->map, JZ_REG_LCD_STATE, &state);
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 102/177] IB/qib: Call kobject_put() when kobject_init_and_add() fails
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2020-06-01 17:53 ` [PATCH 5.6 101/177] gpu/drm: Ingenic: Fix opaque pointer casted to wrong type Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 103/177] ARM: dts/imx6q-bx50v3: Set display interface clock parents Greg Kroah-Hartman
` (75 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lin Yi, Mike Marciniszyn, Kaike Wan,
Dennis Dalessandro, Leon Romanovsky, Jason Gunthorpe,
Sasha Levin
From: Kaike Wan <kaike.wan@intel.com>
[ Upstream commit a35cd6447effd5c239b564c80fa109d05ff3d114 ]
When kobject_init_and_add() returns an error in the function
qib_create_port_files(), the function kobject_put() is not called for the
corresponding kobject, which potentially leads to memory leak.
This patch fixes the issue by calling kobject_put() even if
kobject_init_and_add() fails. In addition, the ppd->diagc_kobj is released
along with other kobjects when the sysfs is unregistered.
Fixes: f931551bafe1 ("IB/qib: Add new qib driver for QLogic PCIe InfiniBand adapters")
Link: https://lore.kernel.org/r/20200512031328.189865.48627.stgit@awfm-01.aw.intel.com
Cc: <stable@vger.kernel.org>
Suggested-by: Lin Yi <teroincn@gmail.com>
Reviewed-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Kaike Wan <kaike.wan@intel.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/qib/qib_sysfs.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/infiniband/hw/qib/qib_sysfs.c b/drivers/infiniband/hw/qib/qib_sysfs.c
index 568b21eb6ea1..021df0654ba7 100644
--- a/drivers/infiniband/hw/qib/qib_sysfs.c
+++ b/drivers/infiniband/hw/qib/qib_sysfs.c
@@ -760,7 +760,7 @@ int qib_create_port_files(struct ib_device *ibdev, u8 port_num,
qib_dev_err(dd,
"Skipping linkcontrol sysfs info, (err %d) port %u\n",
ret, port_num);
- goto bail;
+ goto bail_link;
}
kobject_uevent(&ppd->pport_kobj, KOBJ_ADD);
@@ -770,7 +770,7 @@ int qib_create_port_files(struct ib_device *ibdev, u8 port_num,
qib_dev_err(dd,
"Skipping sl2vl sysfs info, (err %d) port %u\n",
ret, port_num);
- goto bail_link;
+ goto bail_sl;
}
kobject_uevent(&ppd->sl2vl_kobj, KOBJ_ADD);
@@ -780,7 +780,7 @@ int qib_create_port_files(struct ib_device *ibdev, u8 port_num,
qib_dev_err(dd,
"Skipping diag_counters sysfs info, (err %d) port %u\n",
ret, port_num);
- goto bail_sl;
+ goto bail_diagc;
}
kobject_uevent(&ppd->diagc_kobj, KOBJ_ADD);
@@ -793,7 +793,7 @@ int qib_create_port_files(struct ib_device *ibdev, u8 port_num,
qib_dev_err(dd,
"Skipping Congestion Control sysfs info, (err %d) port %u\n",
ret, port_num);
- goto bail_diagc;
+ goto bail_cc;
}
kobject_uevent(&ppd->pport_cc_kobj, KOBJ_ADD);
@@ -854,6 +854,7 @@ void qib_verbs_unregister_sysfs(struct qib_devdata *dd)
&cc_table_bin_attr);
kobject_put(&ppd->pport_cc_kobj);
}
+ kobject_put(&ppd->diagc_kobj);
kobject_put(&ppd->sl2vl_kobj);
kobject_put(&ppd->pport_kobj);
}
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 103/177] ARM: dts/imx6q-bx50v3: Set display interface clock parents
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 102/177] IB/qib: Call kobject_put() when kobject_init_and_add() fails Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 104/177] ARM: dts: bcm2835-rpi-zero-w: Fix led polarity Greg Kroah-Hartman
` (74 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Robert Beckett, Ian Ray,
Sebastian Reichel, Shawn Guo, Sasha Levin
From: Robert Beckett <bob.beckett@collabora.com>
[ Upstream commit 665e7c73a7724a393b4ec92d1ae1e029925ef2b7 ]
Avoid LDB and IPU DI clocks both using the same parent. LDB requires
pasthrough clock to avoid breaking timing while IPU DI does not.
Force IPU DI clocks to use IMX6QDL_CLK_PLL2_PFD0_352M as parent
and LDB to use IMX6QDL_CLK_PLL5_VIDEO_DIV.
This fixes an issue where attempting atomic modeset while using
HDMI and display port at the same time causes LDB clock programming
to destroy the programming of HDMI that was done during the same
modeset.
Cc: stable@vger.kernel.org
Signed-off-by: Robert Beckett <bob.beckett@collabora.com>
[Use IMX6QDL_CLK_PLL2_PFD0_352M instead of IMX6QDL_CLK_PLL2_PFD2_396M
originally chosen by Robert Beckett to avoid affecting eMMC clock
by DRM atomic updates]
Signed-off-by: Ian Ray <ian.ray@ge.com>
[Squash Robert's and Ian's commits for bisectability, update patch
description and add stable tag]
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6q-b450v3.dts | 7 -------
arch/arm/boot/dts/imx6q-b650v3.dts | 7 -------
arch/arm/boot/dts/imx6q-b850v3.dts | 11 -----------
arch/arm/boot/dts/imx6q-bx50v3.dtsi | 15 +++++++++++++++
4 files changed, 15 insertions(+), 25 deletions(-)
diff --git a/arch/arm/boot/dts/imx6q-b450v3.dts b/arch/arm/boot/dts/imx6q-b450v3.dts
index 95b8f2d71821..fb0980190aa0 100644
--- a/arch/arm/boot/dts/imx6q-b450v3.dts
+++ b/arch/arm/boot/dts/imx6q-b450v3.dts
@@ -65,13 +65,6 @@
};
};
-&clks {
- assigned-clocks = <&clks IMX6QDL_CLK_LDB_DI0_SEL>,
- <&clks IMX6QDL_CLK_LDB_DI1_SEL>;
- assigned-clock-parents = <&clks IMX6QDL_CLK_PLL3_USB_OTG>,
- <&clks IMX6QDL_CLK_PLL3_USB_OTG>;
-};
-
&ldb {
status = "okay";
diff --git a/arch/arm/boot/dts/imx6q-b650v3.dts b/arch/arm/boot/dts/imx6q-b650v3.dts
index 611cb7ae7e55..8f762d9c5ae9 100644
--- a/arch/arm/boot/dts/imx6q-b650v3.dts
+++ b/arch/arm/boot/dts/imx6q-b650v3.dts
@@ -65,13 +65,6 @@
};
};
-&clks {
- assigned-clocks = <&clks IMX6QDL_CLK_LDB_DI0_SEL>,
- <&clks IMX6QDL_CLK_LDB_DI1_SEL>;
- assigned-clock-parents = <&clks IMX6QDL_CLK_PLL3_USB_OTG>,
- <&clks IMX6QDL_CLK_PLL3_USB_OTG>;
-};
-
&ldb {
status = "okay";
diff --git a/arch/arm/boot/dts/imx6q-b850v3.dts b/arch/arm/boot/dts/imx6q-b850v3.dts
index e4cb118f88c6..1ea64ecf4291 100644
--- a/arch/arm/boot/dts/imx6q-b850v3.dts
+++ b/arch/arm/boot/dts/imx6q-b850v3.dts
@@ -53,17 +53,6 @@
};
};
-&clks {
- assigned-clocks = <&clks IMX6QDL_CLK_LDB_DI0_SEL>,
- <&clks IMX6QDL_CLK_LDB_DI1_SEL>,
- <&clks IMX6QDL_CLK_IPU1_DI0_PRE_SEL>,
- <&clks IMX6QDL_CLK_IPU2_DI0_PRE_SEL>;
- assigned-clock-parents = <&clks IMX6QDL_CLK_PLL5_VIDEO_DIV>,
- <&clks IMX6QDL_CLK_PLL5_VIDEO_DIV>,
- <&clks IMX6QDL_CLK_PLL2_PFD2_396M>,
- <&clks IMX6QDL_CLK_PLL2_PFD2_396M>;
-};
-
&ldb {
fsl,dual-channel;
status = "okay";
diff --git a/arch/arm/boot/dts/imx6q-bx50v3.dtsi b/arch/arm/boot/dts/imx6q-bx50v3.dtsi
index fa27dcdf06f1..1938b04199c4 100644
--- a/arch/arm/boot/dts/imx6q-bx50v3.dtsi
+++ b/arch/arm/boot/dts/imx6q-bx50v3.dtsi
@@ -377,3 +377,18 @@
#interrupt-cells = <1>;
};
};
+
+&clks {
+ assigned-clocks = <&clks IMX6QDL_CLK_LDB_DI0_SEL>,
+ <&clks IMX6QDL_CLK_LDB_DI1_SEL>,
+ <&clks IMX6QDL_CLK_IPU1_DI0_PRE_SEL>,
+ <&clks IMX6QDL_CLK_IPU1_DI1_PRE_SEL>,
+ <&clks IMX6QDL_CLK_IPU2_DI0_PRE_SEL>,
+ <&clks IMX6QDL_CLK_IPU2_DI1_PRE_SEL>;
+ assigned-clock-parents = <&clks IMX6QDL_CLK_PLL5_VIDEO_DIV>,
+ <&clks IMX6QDL_CLK_PLL5_VIDEO_DIV>,
+ <&clks IMX6QDL_CLK_PLL2_PFD0_352M>,
+ <&clks IMX6QDL_CLK_PLL2_PFD0_352M>,
+ <&clks IMX6QDL_CLK_PLL2_PFD0_352M>,
+ <&clks IMX6QDL_CLK_PLL2_PFD0_352M>;
+};
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 104/177] ARM: dts: bcm2835-rpi-zero-w: Fix led polarity
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 103/177] ARM: dts/imx6q-bx50v3: Set display interface clock parents Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 105/177] ARM: dts: bcm: HR2: Fix PPI interrupt types Greg Kroah-Hartman
` (73 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vincent Stehlé,
Stefan Wahren, Florian Fainelli, Sasha Levin
From: Vincent Stehlé <vincent.stehle@laposte.net>
[ Upstream commit 58bb90ab415562eededb932455046924e65df342 ]
The status "ACT" led on the Raspberry Pi Zero W is on when GPIO 47 is low.
This has been verified on a board and somewhat confirmed by both the GPIO
name ("STATUS_LED_N") and the reduced schematics [1].
[1]: https://www.raspberrypi.org/documentation/hardware/raspberrypi/schematics/rpi_SCH_ZeroW_1p1_reduced.pdf
Fixes: 2c7c040c73e9 ("ARM: dts: bcm2835: Add Raspberry Pi Zero W")
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Cc: Stefan Wahren <stefan.wahren@i2se.com>
Cc: Florian Fainelli <f.fainelli@gmail.com>
Tested-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/bcm2835-rpi-zero-w.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/bcm2835-rpi-zero-w.dts b/arch/arm/boot/dts/bcm2835-rpi-zero-w.dts
index 4c3f606e5b8d..f65448c01e31 100644
--- a/arch/arm/boot/dts/bcm2835-rpi-zero-w.dts
+++ b/arch/arm/boot/dts/bcm2835-rpi-zero-w.dts
@@ -24,7 +24,7 @@
leds {
act {
- gpios = <&gpio 47 GPIO_ACTIVE_HIGH>;
+ gpios = <&gpio 47 GPIO_ACTIVE_LOW>;
};
};
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 105/177] ARM: dts: bcm: HR2: Fix PPI interrupt types
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 104/177] ARM: dts: bcm2835-rpi-zero-w: Fix led polarity Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 106/177] ARM: dts: mmp3: Use the MMP3 compatible string for /clocks Greg Kroah-Hartman
` (72 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hamish Martin, Florian Fainelli, Sasha Levin
From: Hamish Martin <hamish.martin@alliedtelesis.co.nz>
[ Upstream commit be0ec060b54f0481fb95d59086c1484a949c903c ]
These error messages are output when booting on a BCM HR2 system:
GIC: PPI11 is secure or misconfigured
GIC: PPI13 is secure or misconfigured
Per ARM documentation these interrupts are triggered on a rising edge.
See ARM Cortex A-9 MPCore Technical Reference Manual, Revision r4p1,
Section 3.3.8 Interrupt Configuration Registers.
The same issue was resolved for NSP systems in commit 5f1aa51c7a1e
("ARM: dts: NSP: Fix PPI interrupt types").
Fixes: b9099ec754b5 ("ARM: dts: Add Broadcom Hurricane 2 DTS include file")
Signed-off-by: Hamish Martin <hamish.martin@alliedtelesis.co.nz>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/bcm-hr2.dtsi | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm/boot/dts/bcm-hr2.dtsi b/arch/arm/boot/dts/bcm-hr2.dtsi
index 6142c672811e..5e5f5ca3c86f 100644
--- a/arch/arm/boot/dts/bcm-hr2.dtsi
+++ b/arch/arm/boot/dts/bcm-hr2.dtsi
@@ -75,7 +75,7 @@
timer@20200 {
compatible = "arm,cortex-a9-global-timer";
reg = <0x20200 0x100>;
- interrupts = <GIC_PPI 11 IRQ_TYPE_LEVEL_HIGH>;
+ interrupts = <GIC_PPI 11 IRQ_TYPE_EDGE_RISING>;
clocks = <&periph_clk>;
};
@@ -83,7 +83,7 @@
compatible = "arm,cortex-a9-twd-timer";
reg = <0x20600 0x20>;
interrupts = <GIC_PPI 13 (GIC_CPU_MASK_SIMPLE(1) |
- IRQ_TYPE_LEVEL_HIGH)>;
+ IRQ_TYPE_EDGE_RISING)>;
clocks = <&periph_clk>;
};
@@ -91,7 +91,7 @@
compatible = "arm,cortex-a9-twd-wdt";
reg = <0x20620 0x20>;
interrupts = <GIC_PPI 14 (GIC_CPU_MASK_SIMPLE(1) |
- IRQ_TYPE_LEVEL_HIGH)>;
+ IRQ_TYPE_EDGE_RISING)>;
clocks = <&periph_clk>;
};
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 106/177] ARM: dts: mmp3: Use the MMP3 compatible string for /clocks
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 105/177] ARM: dts: bcm: HR2: Fix PPI interrupt types Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 107/177] ARM: dts: mmp3-dell-ariel: Fix the SPI devices Greg Kroah-Hartman
` (71 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lubomir Rintel, Arnd Bergmann, Sasha Levin
From: Lubomir Rintel <lkundrak@v3.sk>
[ Upstream commit ec7d12faf81de983efce8ff23f41c5d1bff14c41 ]
Clocks are in fact slightly different on MMP3. In particular, PLL2 is
fixed to a different frequency, there's an extra PLL3, and the GPU
clocks are configured differently.
Link: https://lore.kernel.org/r/20200419171157.672999-15-lkundrak@v3.sk
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Cc: <stable@vger.kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/mmp3.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/mmp3.dtsi b/arch/arm/boot/dts/mmp3.dtsi
index 59a108e49b41..3e28f0dc9df4 100644
--- a/arch/arm/boot/dts/mmp3.dtsi
+++ b/arch/arm/boot/dts/mmp3.dtsi
@@ -531,7 +531,7 @@
};
soc_clocks: clocks@d4050000 {
- compatible = "marvell,mmp2-clock";
+ compatible = "marvell,mmp3-clock";
reg = <0xd4050000 0x1000>,
<0xd4282800 0x400>,
<0xd4015000 0x1000>;
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 107/177] ARM: dts: mmp3-dell-ariel: Fix the SPI devices
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 106/177] ARM: dts: mmp3: Use the MMP3 compatible string for /clocks Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 108/177] ARM: dts: mmp3: Drop usb-nop-xceiv from HSIC phy Greg Kroah-Hartman
` (70 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lubomir Rintel, Arnd Bergmann, Sasha Levin
From: Lubomir Rintel <lkundrak@v3.sk>
[ Upstream commit 233cbffaa0b9ca874731efee67a11f005da1f87c ]
I've managed to get about everything wrong while digging these out of
OEM's board file.
Correct the bus numbers, the exact model of the NOR flash, polarity of
the chip selects and align the SPI frequency with the data sheet.
Tested that it works now, with a slight fix to the PXA SSP driver.
Link: https://lore.kernel.org/r/20200419171157.672999-16-lkundrak@v3.sk
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Cc: <stable@vger.kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/mmp3-dell-ariel.dts | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/arch/arm/boot/dts/mmp3-dell-ariel.dts b/arch/arm/boot/dts/mmp3-dell-ariel.dts
index 15449c72c042..b0ec14c42164 100644
--- a/arch/arm/boot/dts/mmp3-dell-ariel.dts
+++ b/arch/arm/boot/dts/mmp3-dell-ariel.dts
@@ -98,19 +98,19 @@
status = "okay";
};
-&ssp3 {
+&ssp1 {
status = "okay";
- cs-gpios = <&gpio 46 GPIO_ACTIVE_HIGH>;
+ cs-gpios = <&gpio 46 GPIO_ACTIVE_LOW>;
firmware-flash@0 {
- compatible = "st,m25p80", "jedec,spi-nor";
+ compatible = "winbond,w25q32", "jedec,spi-nor";
reg = <0>;
- spi-max-frequency = <40000000>;
+ spi-max-frequency = <104000000>;
m25p,fast-read;
};
};
-&ssp4 {
- cs-gpios = <&gpio 56 GPIO_ACTIVE_HIGH>;
+&ssp2 {
+ cs-gpios = <&gpio 56 GPIO_ACTIVE_LOW>;
status = "okay";
};
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 108/177] ARM: dts: mmp3: Drop usb-nop-xceiv from HSIC phy
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 107/177] ARM: dts: mmp3-dell-ariel: Fix the SPI devices Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 109/177] RDMA/mlx5: Fix NULL pointer dereference in destroy_prefetch_work Greg Kroah-Hartman
` (69 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lubomir Rintel, Arnd Bergmann, Sasha Levin
From: Lubomir Rintel <lkundrak@v3.sk>
[ Upstream commit 24cf6eef79a7e85cfd2ef9dea52f769c9192fc6e ]
"usb-nop-xceiv" is good enough if we don't lose the configuration done
by the firmware, but we'd really prefer a real driver.
Unfortunately, the PHY core is odd in that when the node is compatible
with "usb-nop-xceiv", it ignores the other compatible strings. Let's
just remove it.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Cc: <stable@vger.kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/mmp3.dtsi | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/arch/arm/boot/dts/mmp3.dtsi b/arch/arm/boot/dts/mmp3.dtsi
index 3e28f0dc9df4..1e25bf998ab5 100644
--- a/arch/arm/boot/dts/mmp3.dtsi
+++ b/arch/arm/boot/dts/mmp3.dtsi
@@ -202,8 +202,7 @@
};
hsic_phy0: hsic-phy@f0001800 {
- compatible = "marvell,mmp3-hsic-phy",
- "usb-nop-xceiv";
+ compatible = "marvell,mmp3-hsic-phy";
reg = <0xf0001800 0x40>;
#phy-cells = <0>;
status = "disabled";
@@ -224,8 +223,7 @@
};
hsic_phy1: hsic-phy@f0002800 {
- compatible = "marvell,mmp3-hsic-phy",
- "usb-nop-xceiv";
+ compatible = "marvell,mmp3-hsic-phy";
reg = <0xf0002800 0x40>;
#phy-cells = <0>;
status = "disabled";
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 109/177] RDMA/mlx5: Fix NULL pointer dereference in destroy_prefetch_work
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 108/177] ARM: dts: mmp3: Drop usb-nop-xceiv from HSIC phy Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 110/177] mmc: block: Fix use-after-free issue for rpmb Greg Kroah-Hartman
` (68 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maor Gottlieb, Leon Romanovsky,
Jason Gunthorpe, Sasha Levin
From: Maor Gottlieb <maorg@mellanox.com>
[ Upstream commit 189277f3814c36133f4ff0352f4b5194a38486b6 ]
q_deferred_work isn't initialized when creating an explicit ODP memory
region. This can lead to a NULL pointer dereference when user performs
asynchronous prefetch MR. Fix it by initializing q_deferred_work for
explicit ODP.
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] SMP PTI
CPU: 4 PID: 6074 Comm: kworker/u16:6 Not tainted 5.7.0-rc1-for-upstream-perf-2020-04-17_07-03-39-64 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014
Workqueue: events_unbound mlx5_ib_prefetch_mr_work [mlx5_ib]
RIP: 0010:__wake_up_common+0x49/0x120
Code: 04 89 54 24 0c 89 4c 24 08 74 0a 41 f6 01 04 0f 85 8e 00 00 00 48 8b 47 08 48 83 e8 18 4c 8d 67 08 48 8d 50 18 49 39 d4 74 66 <48> 8b 70 18 31 db 4c 8d 7e e8 eb 17 49 8b 47 18 48 8d 50 e8 49 8d
RSP: 0000:ffffc9000097bd88 EFLAGS: 00010082
RAX: ffffffffffffffe8 RBX: ffff888454cd9f90 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000003 RDI: ffff888454cd9f90
RBP: ffffc9000097bdd0 R08: 0000000000000000 R09: ffffc9000097bdd0
R10: 0000000000000000 R11: 0000000000000001 R12: ffff888454cd9f98
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000003
FS: 0000000000000000(0000) GS:ffff88846fd00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000044c19e002 CR4: 0000000000760ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
__wake_up_common_lock+0x7a/0xc0
destroy_prefetch_work+0x5a/0x60 [mlx5_ib]
mlx5_ib_prefetch_mr_work+0x64/0x80 [mlx5_ib]
process_one_work+0x15b/0x360
worker_thread+0x49/0x3d0
kthread+0xf5/0x130
? rescuer_thread+0x310/0x310
? kthread_bind+0x10/0x10
ret_from_fork+0x1f/0x30
Fixes: de5ed007a03d ("IB/mlx5: Fix implicit ODP race")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20200521072504.567406-1-leon@kernel.org
Signed-off-by: Maor Gottlieb <maorg@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/mlx5/mr.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/infiniband/hw/mlx5/mr.c b/drivers/infiniband/hw/mlx5/mr.c
index 6fa0a83c19de..9a1747a97fb6 100644
--- a/drivers/infiniband/hw/mlx5/mr.c
+++ b/drivers/infiniband/hw/mlx5/mr.c
@@ -1319,6 +1319,7 @@ struct ib_mr *mlx5_ib_reg_user_mr(struct ib_pd *pd, u64 start, u64 length,
if (is_odp_mr(mr)) {
to_ib_umem_odp(mr->umem)->private = mr;
+ init_waitqueue_head(&mr->q_deferred_work);
atomic_set(&mr->num_deferred_work, 0);
err = xa_err(xa_store(&dev->odp_mkeys,
mlx5_base_mkey(mr->mmkey.key), &mr->mmkey,
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 110/177] mmc: block: Fix use-after-free issue for rpmb
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 109/177] RDMA/mlx5: Fix NULL pointer dereference in destroy_prefetch_work Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 111/177] gpio: pxa: Fix return value of pxa_gpio_probe() Greg Kroah-Hartman
` (67 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peng Hao, Ulf Hansson, Sasha Levin
From: Peng Hao <richard.peng@oppo.com>
[ Upstream commit 202500d21654874aa03243e91f96de153ec61860 ]
The data structure member “rpmb->md” was passed to a call of the function
“mmc_blk_put” after a call of the function “put_device”. Reorder these
function calls to keep the data accesses consistent.
Fixes: 1c87f7357849 ("mmc: block: Fix bug when removing RPMB chardev ")
Signed-off-by: Peng Hao <richard.peng@oppo.com>
Cc: stable@vger.kernel.org
[Uffe: Fixed up mangled patch and updated commit message]
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/core/block.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
index 32db16f6debc..2d19291ebc84 100644
--- a/drivers/mmc/core/block.c
+++ b/drivers/mmc/core/block.c
@@ -2475,8 +2475,8 @@ static int mmc_rpmb_chrdev_release(struct inode *inode, struct file *filp)
struct mmc_rpmb_data *rpmb = container_of(inode->i_cdev,
struct mmc_rpmb_data, chrdev);
- put_device(&rpmb->dev);
mmc_blk_put(rpmb->md);
+ put_device(&rpmb->dev);
return 0;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 111/177] gpio: pxa: Fix return value of pxa_gpio_probe()
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 110/177] mmc: block: Fix use-after-free issue for rpmb Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 112/177] gpio: bcm-kona: Fix return value of bcm_kona_gpio_probe() Greg Kroah-Hartman
` (66 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tiezhu Yang, Bartosz Golaszewski,
Sasha Levin
From: Tiezhu Yang <yangtiezhu@loongson.cn>
[ Upstream commit 558ab2e8155e5f42ca0a6407957cd4173dc166cc ]
When call function devm_platform_ioremap_resource(), we should use IS_ERR()
to check the return value and return PTR_ERR() if failed.
Fixes: 542c25b7a209 ("drivers: gpio: pxa: use devm_platform_ioremap_resource()")
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpio/gpio-pxa.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpio/gpio-pxa.c b/drivers/gpio/gpio-pxa.c
index 9888b62f37af..432c487f77b4 100644
--- a/drivers/gpio/gpio-pxa.c
+++ b/drivers/gpio/gpio-pxa.c
@@ -663,8 +663,8 @@ static int pxa_gpio_probe(struct platform_device *pdev)
pchip->irq1 = irq1;
gpio_reg_base = devm_platform_ioremap_resource(pdev, 0);
- if (!gpio_reg_base)
- return -EINVAL;
+ if (IS_ERR(gpio_reg_base))
+ return PTR_ERR(gpio_reg_base);
clk = clk_get(&pdev->dev, NULL);
if (IS_ERR(clk)) {
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 112/177] gpio: bcm-kona: Fix return value of bcm_kona_gpio_probe()
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 111/177] gpio: pxa: Fix return value of pxa_gpio_probe() Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 113/177] RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() Greg Kroah-Hartman
` (65 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tiezhu Yang, Bartosz Golaszewski,
Sasha Levin
From: Tiezhu Yang <yangtiezhu@loongson.cn>
[ Upstream commit 98f7d1b15e87c84488b30ecc4ec753b0690b9dbf ]
Propagate the error code returned by devm_platform_ioremap_resource()
out of probe() instead of overwriting it.
Fixes: 72d8cb715477 ("drivers: gpio: bcm-kona: use devm_platform_ioremap_resource()")
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
[Bartosz: tweaked the commit message]
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpio/gpio-bcm-kona.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpio/gpio-bcm-kona.c b/drivers/gpio/gpio-bcm-kona.c
index baee8c3f06ad..cf3687a7925f 100644
--- a/drivers/gpio/gpio-bcm-kona.c
+++ b/drivers/gpio/gpio-bcm-kona.c
@@ -625,7 +625,7 @@ static int bcm_kona_gpio_probe(struct platform_device *pdev)
kona_gpio->reg_base = devm_platform_ioremap_resource(pdev, 0);
if (IS_ERR(kona_gpio->reg_base)) {
- ret = -ENXIO;
+ ret = PTR_ERR(kona_gpio->reg_base);
goto err_irq_domain;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 113/177] RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe()
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 112/177] gpio: bcm-kona: Fix return value of bcm_kona_gpio_probe() Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 114/177] ALSA: hwdep: fix a left shifting 1 by 31 UB bug Greg Kroah-Hartman
` (64 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qiushi Wu, Jason Gunthorpe, Sasha Levin
From: Qiushi Wu <wu000273@umn.edu>
[ Upstream commit db857e6ae548f0f4f4a0f63fffeeedf3cca21f9d ]
In function pvrdma_pci_probe(), pdev was not disabled in one error
path. Thus replace the jump target “err_free_device” by
"err_disable_pdev".
Fixes: 29c8d9eba550 ("IB: Add vmw_pvrdma driver")
Link: https://lore.kernel.org/r/20200523030457.16160-1-wu000273@umn.edu
Signed-off-by: Qiushi Wu <wu000273@umn.edu>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/vmw_pvrdma/pvrdma_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/vmw_pvrdma/pvrdma_main.c b/drivers/infiniband/hw/vmw_pvrdma/pvrdma_main.c
index e580ae9cc55a..780fd2dfc07e 100644
--- a/drivers/infiniband/hw/vmw_pvrdma/pvrdma_main.c
+++ b/drivers/infiniband/hw/vmw_pvrdma/pvrdma_main.c
@@ -829,7 +829,7 @@ static int pvrdma_pci_probe(struct pci_dev *pdev,
!(pci_resource_flags(pdev, 1) & IORESOURCE_MEM)) {
dev_err(&pdev->dev, "PCI BAR region not MMIO\n");
ret = -ENOMEM;
- goto err_free_device;
+ goto err_disable_pdev;
}
ret = pci_request_regions(pdev, DRV_NAME);
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 114/177] ALSA: hwdep: fix a left shifting 1 by 31 UB bug
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 113/177] RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 115/177] ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround Greg Kroah-Hartman
` (63 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Changming Liu, Takashi Iwai, Sasha Levin
From: Changming Liu <liu.changm@northeastern.edu>
[ Upstream commit fb8cd6481ffd126f35e9e146a0dcf0c4e8899f2e ]
The "info.index" variable can be 31 in "1 << info.index".
This might trigger an undefined behavior since 1 is signed.
Fix this by casting 1 to 1u just to be sure "1u << 31" is defined.
Signed-off-by: Changming Liu <liu.changm@northeastern.edu>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/BL0PR06MB4548170B842CB055C9AF695DE5B00@BL0PR06MB4548.namprd06.prod.outlook.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/core/hwdep.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/core/hwdep.c b/sound/core/hwdep.c
index b412d3b3d5ff..21edb8ac95eb 100644
--- a/sound/core/hwdep.c
+++ b/sound/core/hwdep.c
@@ -216,12 +216,12 @@ static int snd_hwdep_dsp_load(struct snd_hwdep *hw,
if (info.index >= 32)
return -EINVAL;
/* check whether the dsp was already loaded */
- if (hw->dsp_loaded & (1 << info.index))
+ if (hw->dsp_loaded & (1u << info.index))
return -EBUSY;
err = hw->ops.dsp_load(hw, &info);
if (err < 0)
return err;
- hw->dsp_loaded |= (1 << info.index);
+ hw->dsp_loaded |= (1u << info.index);
return 0;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 115/177] ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 114/177] ALSA: hwdep: fix a left shifting 1 by 31 UB bug Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 116/177] ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC Greg Kroah-Hartman
` (62 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Sasha Levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 399c01aa49e548c82d40f8161915a5941dd3c60e ]
We fixed the regression of the speaker volume for some Thinkpad models
(e.g. T570) by the commit 54947cd64c1b ("ALSA: hda/realtek - Fix
speaker output regression on Thinkpad T570"). Essentially it fixes
the DAC / pin pairing by a static table. It was confirmed and merged
to stable kernel later.
Now, interestingly, we got another regression report for the very same
model (T570) about the similar problem, and the commit above was the
culprit. That is, by some reason, there are devices that prefer the
DAC1, and another device DAC2!
Unfortunately those have the same ID and we have no idea what can
differentiate, in this patch, a new fixup model "tpt470-dock-fix" is
provided, so that users with such a machine can apply it manually.
When model=tpt470-dock-fix option is passed to snd-hda-intel module,
it avoids the fixed DAC pairing and the DAC1 is assigned to the
speaker like the earlier versions.
Fixes: 54947cd64c1b ("ALSA: hda/realtek - Fix speaker output regression on Thinkpad T570")
BugLink: https://apibugzilla.suse.com/show_bug.cgi?id=1172017
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200526062406.9799-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_realtek.c | 36 +++++++++++++++++++++++++----------
1 file changed, 26 insertions(+), 10 deletions(-)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 041d2a32059b..92c6e58c3862 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -5484,18 +5484,9 @@ static void alc_fixup_tpt470_dock(struct hda_codec *codec,
{ 0x19, 0x21a11010 }, /* dock mic */
{ }
};
- /* Assure the speaker pin to be coupled with DAC NID 0x03; otherwise
- * the speaker output becomes too low by some reason on Thinkpads with
- * ALC298 codec
- */
- static const hda_nid_t preferred_pairs[] = {
- 0x14, 0x03, 0x17, 0x02, 0x21, 0x02,
- 0
- };
struct alc_spec *spec = codec->spec;
if (action == HDA_FIXUP_ACT_PRE_PROBE) {
- spec->gen.preferred_dacs = preferred_pairs;
spec->parse_flags = HDA_PINCFG_NO_HP_FIXUP;
snd_hda_apply_pincfgs(codec, pincfgs);
} else if (action == HDA_FIXUP_ACT_INIT) {
@@ -5508,6 +5499,23 @@ static void alc_fixup_tpt470_dock(struct hda_codec *codec,
}
}
+static void alc_fixup_tpt470_dacs(struct hda_codec *codec,
+ const struct hda_fixup *fix, int action)
+{
+ /* Assure the speaker pin to be coupled with DAC NID 0x03; otherwise
+ * the speaker output becomes too low by some reason on Thinkpads with
+ * ALC298 codec
+ */
+ static const hda_nid_t preferred_pairs[] = {
+ 0x14, 0x03, 0x17, 0x02, 0x21, 0x02,
+ 0
+ };
+ struct alc_spec *spec = codec->spec;
+
+ if (action == HDA_FIXUP_ACT_PRE_PROBE)
+ spec->gen.preferred_dacs = preferred_pairs;
+}
+
static void alc_shutup_dell_xps13(struct hda_codec *codec)
{
struct alc_spec *spec = codec->spec;
@@ -6063,6 +6071,7 @@ enum {
ALC700_FIXUP_INTEL_REFERENCE,
ALC274_FIXUP_DELL_BIND_DACS,
ALC274_FIXUP_DELL_AIO_LINEOUT_VERB,
+ ALC298_FIXUP_TPT470_DOCK_FIX,
ALC298_FIXUP_TPT470_DOCK,
ALC255_FIXUP_DUMMY_LINEOUT_VERB,
ALC255_FIXUP_DELL_HEADSET_MIC,
@@ -6994,12 +7003,18 @@ static const struct hda_fixup alc269_fixups[] = {
.chained = true,
.chain_id = ALC274_FIXUP_DELL_BIND_DACS
},
- [ALC298_FIXUP_TPT470_DOCK] = {
+ [ALC298_FIXUP_TPT470_DOCK_FIX] = {
.type = HDA_FIXUP_FUNC,
.v.func = alc_fixup_tpt470_dock,
.chained = true,
.chain_id = ALC293_FIXUP_LENOVO_SPK_NOISE
},
+ [ALC298_FIXUP_TPT470_DOCK] = {
+ .type = HDA_FIXUP_FUNC,
+ .v.func = alc_fixup_tpt470_dacs,
+ .chained = true,
+ .chain_id = ALC298_FIXUP_TPT470_DOCK_FIX
+ },
[ALC255_FIXUP_DUMMY_LINEOUT_VERB] = {
.type = HDA_FIXUP_PINS,
.v.pins = (const struct hda_pintbl[]) {
@@ -7638,6 +7653,7 @@ static const struct hda_model_fixup alc269_fixup_models[] = {
{.id = ALC292_FIXUP_TPT440_DOCK, .name = "tpt440-dock"},
{.id = ALC292_FIXUP_TPT440, .name = "tpt440"},
{.id = ALC292_FIXUP_TPT460, .name = "tpt460"},
+ {.id = ALC298_FIXUP_TPT470_DOCK_FIX, .name = "tpt470-dock-fix"},
{.id = ALC298_FIXUP_TPT470_DOCK, .name = "tpt470-dock"},
{.id = ALC233_FIXUP_LENOVO_MULTI_CODECS, .name = "dual-codecs"},
{.id = ALC700_FIXUP_INTEL_REFERENCE, .name = "alc700-ref"},
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 116/177] ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 115/177] ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 117/177] exec: Always set cap_ambient in cap_bprm_set_creds Greg Kroah-Hartman
` (61 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chris Chiu, Takashi Iwai, Sasha Levin
From: Chris Chiu <chiu@endlessm.com>
[ Upstream commit 4020d1ccbe55bdf67b31d718d2400506eaf4b43f ]
The Asus USB DAC is a USB type-C audio dongle for connecting to
the headset and headphone. The volume minimum value -23040 which
is 0xa600 in hexadecimal with the resolution value 1 indicates
this should be endianness issue caused by the firmware bug. Add
a volume quirk to fix the volume control problem.
Also fixes this warning:
Warning! Unlikely big volume range (=23040), cval->res is probably wrong.
[5] FU [Headset Capture Volume] ch = 1, val = -23040/0/1
Warning! Unlikely big volume range (=23040), cval->res is probably wrong.
[7] FU [Headset Playback Volume] ch = 1, val = -23040/0/1
Signed-off-by: Chris Chiu <chiu@endlessm.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200526062613.55401-1-chiu@endlessm.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/usb/mixer.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/sound/usb/mixer.c b/sound/usb/mixer.c
index 7a2961ad60de..68fefe55e5c0 100644
--- a/sound/usb/mixer.c
+++ b/sound/usb/mixer.c
@@ -1171,6 +1171,14 @@ static void volume_control_quirks(struct usb_mixer_elem_info *cval,
cval->res = 384;
}
break;
+ case USB_ID(0x0495, 0x3042): /* ESS Technology Asus USB DAC */
+ if ((strstr(kctl->id.name, "Playback Volume") != NULL) ||
+ strstr(kctl->id.name, "Capture Volume") != NULL) {
+ cval->min >>= 8;
+ cval->max = 0;
+ cval->res = 1;
+ }
+ break;
}
}
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 117/177] exec: Always set cap_ambient in cap_bprm_set_creds
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 116/177] ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 118/177] clk: qcom: gcc: Fix parent for gpll0_out_even Greg Kroah-Hartman
` (60 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Lutomirski, Eric W. Biederman,
Sasha Levin
From: Eric W. Biederman <ebiederm@xmission.com>
[ Upstream commit a4ae32c71fe90794127b32d26d7ad795813b502e ]
An invariant of cap_bprm_set_creds is that every field in the new cred
structure that cap_bprm_set_creds might set, needs to be set every
time to ensure the fields does not get a stale value.
The field cap_ambient is not set every time cap_bprm_set_creds is
called, which means that if there is a suid or sgid script with an
interpreter that has neither the suid nor the sgid bits set the
interpreter should be able to accept ambient credentials.
Unfortuantely because cap_ambient is not reset to it's original value
the interpreter can not accept ambient credentials.
Given that the ambient capability set is expected to be controlled by
the caller, I don't think this is particularly serious. But it is
definitely worth fixing so the code works correctly.
I have tested to verify my reading of the code is correct and the
interpreter of a sgid can receive ambient capabilities with this
change and cannot receive ambient capabilities without this change.
Cc: stable@vger.kernel.org
Cc: Andy Lutomirski <luto@kernel.org>
Fixes: 58319057b784 ("capabilities: ambient capabilities")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/commoncap.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/commoncap.c b/security/commoncap.c
index f4ee0ae106b2..0ca31c8bc0b1 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -812,6 +812,7 @@ int cap_bprm_set_creds(struct linux_binprm *bprm)
int ret;
kuid_t root_uid;
+ new->cap_ambient = old->cap_ambient;
if (WARN_ON(!cap_ambient_invariant_ok(old)))
return -EPERM;
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 118/177] clk: qcom: gcc: Fix parent for gpll0_out_even
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 117/177] exec: Always set cap_ambient in cap_bprm_set_creds Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 119/177] ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio Greg Kroah-Hartman
` (59 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonathan Marek, Vinod Koul,
Bjorn Andersson, Stephen Boyd, Sasha Levin
From: Vinod Koul <vkoul@kernel.org>
[ Upstream commit a76f274182f054481182c81cd62bb8794a5450a6 ]
Documentation says that gpll0 is parent of gpll0_out_even, somehow
driver coded that as bi_tcxo, so fix it
Fixes: 2a1d7eb854bb ("clk: qcom: gcc: Add global clock controller driver for SM8150")
Reported-by: Jonathan Marek <jonathan@marek.ca>
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Link: https://lkml.kernel.org/r/20200521052728.2141377-1-vkoul@kernel.org
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/gcc-sm8150.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/clk/qcom/gcc-sm8150.c b/drivers/clk/qcom/gcc-sm8150.c
index 20877214acff..e3959ff5cb55 100644
--- a/drivers/clk/qcom/gcc-sm8150.c
+++ b/drivers/clk/qcom/gcc-sm8150.c
@@ -75,8 +75,7 @@ static struct clk_alpha_pll_postdiv gpll0_out_even = {
.clkr.hw.init = &(struct clk_init_data){
.name = "gpll0_out_even",
.parent_data = &(const struct clk_parent_data){
- .fw_name = "bi_tcxo",
- .name = "bi_tcxo",
+ .hw = &gpll0.clkr.hw,
},
.num_parents = 1,
.ops = &clk_trion_pll_postdiv_ops,
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 119/177] ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 118/177] clk: qcom: gcc: Fix parent for gpll0_out_even Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 120/177] ALSA: hda/realtek - Add new codec supported for ALC287 Greg Kroah-Hartman
` (58 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Linus Torvalds, Takashi Iwai, Sasha Levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 7f5ad9c9003425175f46c94df380e8c9e558cfb5 ]
Gigabyte TRX40 Aorus Master is equipped with two USB-audio devices,
a Realtek ALC1220-VB codec (USB ID 0414:a001) and an ESS SABRE9218 DAC
(USB ID 0414:a000). The latter serves solely for the headphone output
on the front panel while the former serves for the rest I/Os (mostly
for the I/Os in the rear panel but also including the front mic).
Both chips do work more or less with the unmodified USB-audio driver,
but there are a few glitches. The ALC1220-VB returns an error for an
inquiry to some jacks, as already seen on other TRX40-based mobos.
However this machine has a slightly incompatible configuration, hence
the existing mapping cannot be used as is.
Meanwhile the ESS chip seems working without any quirk. But since
both audio devices don't provide any specific names, both cards appear
as "USB-Audio", and it's quite confusing for users.
This patch is an attempt to overcome those issues:
- The specific mapping table for ALC1220-VB is provided, reducing the
non-working nodes and renaming the badly chosen controls.
The connector map isn't needed here unlike other TRX40 quirks.
- For both USB IDs (0414:a000 and 0414:a001), provide specific card
name strings, so that user-space can identify more easily; and more
importantly, UCM profile can be applied to each.
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200526082810.29506-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/usb/mixer_maps.c | 19 +++++++++++++++++++
sound/usb/quirks-table.h | 25 +++++++++++++++++++++++++
2 files changed, 44 insertions(+)
diff --git a/sound/usb/mixer_maps.c b/sound/usb/mixer_maps.c
index bfdc6ad52785..9af7aa93f6fa 100644
--- a/sound/usb/mixer_maps.c
+++ b/sound/usb/mixer_maps.c
@@ -397,6 +397,21 @@ static const struct usbmix_connector_map trx40_mobo_connector_map[] = {
{}
};
+/* Rear panel + front mic on Gigabyte TRX40 Aorus Master with ALC1220-VB */
+static const struct usbmix_name_map aorus_master_alc1220vb_map[] = {
+ { 17, NULL }, /* OT, IEC958?, disabled */
+ { 19, NULL, 12 }, /* FU, Input Gain Pad - broken response, disabled */
+ { 16, "Line Out" }, /* OT */
+ { 22, "Line Out Playback" }, /* FU */
+ { 7, "Line" }, /* IT */
+ { 19, "Line Capture" }, /* FU */
+ { 8, "Mic" }, /* IT */
+ { 20, "Mic Capture" }, /* FU */
+ { 9, "Front Mic" }, /* IT */
+ { 21, "Front Mic Capture" }, /* FU */
+ {}
+};
+
/*
* Control map entries
*/
@@ -526,6 +541,10 @@ static const struct usbmix_ctl_map usbmix_ctl_maps[] = {
.id = USB_ID(0x1b1c, 0x0a42),
.map = corsair_virtuoso_map,
},
+ { /* Gigabyte TRX40 Aorus Master (rear panel + front mic) */
+ .id = USB_ID(0x0414, 0xa001),
+ .map = aorus_master_alc1220vb_map,
+ },
{ /* Gigabyte TRX40 Aorus Pro WiFi */
.id = USB_ID(0x0414, 0xa002),
.map = trx40_mobo_map,
diff --git a/sound/usb/quirks-table.h b/sound/usb/quirks-table.h
index aa4c16ce0e57..bbae11605a4c 100644
--- a/sound/usb/quirks-table.h
+++ b/sound/usb/quirks-table.h
@@ -3650,4 +3650,29 @@ ALC1220_VB_DESKTOP(0x0db0, 0x543d), /* MSI TRX40 */
ALC1220_VB_DESKTOP(0x26ce, 0x0a01), /* Asrock TRX40 Creator */
#undef ALC1220_VB_DESKTOP
+/* Two entries for Gigabyte TRX40 Aorus Master:
+ * TRX40 Aorus Master has two USB-audio devices, one for the front headphone
+ * with ESS SABRE9218 DAC chip, while another for the rest I/O (the rear
+ * panel and the front mic) with Realtek ALC1220-VB.
+ * Here we provide two distinct names for making UCM profiles easier.
+ */
+{
+ USB_DEVICE(0x0414, 0xa000),
+ .driver_info = (unsigned long) & (const struct snd_usb_audio_quirk) {
+ .vendor_name = "Gigabyte",
+ .product_name = "Aorus Master Front Headphone",
+ .profile_name = "Gigabyte-Aorus-Master-Front-Headphone",
+ .ifnum = QUIRK_NO_INTERFACE
+ }
+},
+{
+ USB_DEVICE(0x0414, 0xa001),
+ .driver_info = (unsigned long) & (const struct snd_usb_audio_quirk) {
+ .vendor_name = "Gigabyte",
+ .product_name = "Aorus Master Main Audio",
+ .profile_name = "Gigabyte-Aorus-Master-Main-Audio",
+ .ifnum = QUIRK_NO_INTERFACE
+ }
+},
+
#undef USB_DEVICE_VENDOR_SPEC
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 120/177] ALSA: hda/realtek - Add new codec supported for ALC287
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 119/177] ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 121/177] libceph: ignore pool overlay and cache logic on redirects Greg Kroah-Hartman
` (57 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kailang Yang, Takashi Iwai, Sasha Levin
From: Kailang Yang <kailang@realtek.com>
[ Upstream commit 630e36126e420e1756378b3427b42711ce0b9ddd ]
Enable new codec supported for ALC287.
Signed-off-by: Kailang Yang <kailang@realtek.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/dcf5ce5507104d0589a917cbb71dc3c6@realtek.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_realtek.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 92c6e58c3862..e62d58872b6e 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -384,6 +384,7 @@ static void alc_fill_eapd_coef(struct hda_codec *codec)
case 0x10ec0282:
case 0x10ec0283:
case 0x10ec0286:
+ case 0x10ec0287:
case 0x10ec0288:
case 0x10ec0285:
case 0x10ec0298:
@@ -8292,6 +8293,7 @@ static int patch_alc269(struct hda_codec *codec)
case 0x10ec0215:
case 0x10ec0245:
case 0x10ec0285:
+ case 0x10ec0287:
case 0x10ec0289:
spec->codec_variant = ALC269_TYPE_ALC215;
spec->shutup = alc225_shutup;
@@ -9570,6 +9572,7 @@ static const struct hda_device_id snd_hda_id_realtek[] = {
HDA_CODEC_ENTRY(0x10ec0284, "ALC284", patch_alc269),
HDA_CODEC_ENTRY(0x10ec0285, "ALC285", patch_alc269),
HDA_CODEC_ENTRY(0x10ec0286, "ALC286", patch_alc269),
+ HDA_CODEC_ENTRY(0x10ec0287, "ALC287", patch_alc269),
HDA_CODEC_ENTRY(0x10ec0288, "ALC288", patch_alc269),
HDA_CODEC_ENTRY(0x10ec0289, "ALC289", patch_alc269),
HDA_CODEC_ENTRY(0x10ec0290, "ALC290", patch_alc269),
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 121/177] libceph: ignore pool overlay and cache logic on redirects
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 120/177] ALSA: hda/realtek - Add new codec supported for ALC287 Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 122/177] ceph: flush release queue when handling caps for unknown inode Greg Kroah-Hartman
` (56 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jerry Lee, Ilya Dryomov, Sasha Levin
From: Jerry Lee <leisurelysw24@gmail.com>
[ Upstream commit 890bd0f8997ae6ac0a367dd5146154a3963306dd ]
OSD client should ignore cache/overlay flag if got redirect reply.
Otherwise, the client hangs when the cache tier is in forward mode.
[ idryomov: Redirects are effectively deprecated and no longer
used or tested. The original tiering modes based on redirects
are inherently flawed because redirects can race and reorder,
potentially resulting in data corruption. The new proxy and
readproxy tiering modes should be used instead of forward and
readforward. Still marking for stable as obviously correct,
though. ]
Cc: stable@vger.kernel.org
URL: https://tracker.ceph.com/issues/23296
URL: https://tracker.ceph.com/issues/36406
Signed-off-by: Jerry Lee <leisurelysw24@gmail.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ceph/osd_client.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c
index af868d3923b9..834019dbc6b1 100644
--- a/net/ceph/osd_client.c
+++ b/net/ceph/osd_client.c
@@ -3652,7 +3652,9 @@ static void handle_reply(struct ceph_osd *osd, struct ceph_msg *msg)
* supported.
*/
req->r_t.target_oloc.pool = m.redirect.oloc.pool;
- req->r_flags |= CEPH_OSD_FLAG_REDIRECTED;
+ req->r_flags |= CEPH_OSD_FLAG_REDIRECTED |
+ CEPH_OSD_FLAG_IGNORE_OVERLAY |
+ CEPH_OSD_FLAG_IGNORE_CACHE;
req->r_tid = 0;
__submit_request(req, false);
goto out_unlock_osdc;
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 122/177] ceph: flush release queue when handling caps for unknown inode
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 121/177] libceph: ignore pool overlay and cache logic on redirects Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 123/177] RDMA/core: Fix double destruction of uobject Greg Kroah-Hartman
` (55 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yan, Zheng, Jeff Layton,
Ilya Dryomov, Sasha Levin, Andrej Filipčič
From: Jeff Layton <jlayton@kernel.org>
[ Upstream commit fb33c114d3ed5bdac230716f5b0a93b56b92a90d ]
It's possible for the VFS to completely forget about an inode, but for
it to still be sitting on the cap release queue. If the MDS sends the
client a cap message for such an inode, it just ignores it today, which
can lead to a stall of up to 5s until the cap release queue is flushed.
If we get a cap message for an inode that can't be located, then go
ahead and flush the cap release queue.
Cc: stable@vger.kernel.org
URL: https://tracker.ceph.com/issues/45532
Fixes: 1e9c2eb6811e ("ceph: delete stale dentry when last reference is dropped")
Reported-and-Tested-by: Andrej Filipčič <andrej.filipcic@ijs.si>
Suggested-by: Yan, Zheng <zyan@redhat.com>
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ceph/caps.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c
index f50204380a65..3ae88ca03ccd 100644
--- a/fs/ceph/caps.c
+++ b/fs/ceph/caps.c
@@ -3952,7 +3952,7 @@ void ceph_handle_caps(struct ceph_mds_session *session,
__ceph_queue_cap_release(session, cap);
spin_unlock(&session->s_cap_lock);
}
- goto done;
+ goto flush_cap_releases;
}
/* these will work even if we don't have a cap yet */
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 123/177] RDMA/core: Fix double destruction of uobject
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 122/177] ceph: flush release queue when handling caps for unknown inode Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 124/177] drm/amd/display: drop cursor position check in atomic test Greg Kroah-Hartman
` (54 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maor Gottlieb, Leon Romanovsky,
Jason Gunthorpe, Sasha Levin
From: Jason Gunthorpe <jgg@mellanox.com>
[ Upstream commit c85f4abe66bea0b5db8d28d55da760c4fe0a0301 ]
Fix use after free when user user space request uobject concurrently for
the same object, within the RCU grace period.
In that case, remove_handle_idr_uobject() is called twice and we will have
an extra put on the uobject which cause use after free. Fix it by leaving
the uobject write locked after it was removed from the idr.
Call to rdma_lookup_put_uobject with UVERBS_LOOKUP_DESTROY instead of
UVERBS_LOOKUP_WRITE will do the work.
refcount_t: underflow; use-after-free.
WARNING: CPU: 0 PID: 1381 at lib/refcount.c:28 refcount_warn_saturate+0xfe/0x1a0
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 1381 Comm: syz-executor.0 Not tainted 5.5.0-rc3 #8
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014
Call Trace:
dump_stack+0x94/0xce
panic+0x234/0x56f
__warn+0x1cc/0x1e1
report_bug+0x200/0x310
fixup_bug.part.11+0x32/0x80
do_error_trap+0xd3/0x100
do_invalid_op+0x31/0x40
invalid_op+0x1e/0x30
RIP: 0010:refcount_warn_saturate+0xfe/0x1a0
Code: 0f 0b eb 9b e8 23 f6 6d ff 80 3d 6c d4 19 03 00 75 8d e8 15 f6 6d ff 48 c7 c7 c0 02 55 bd c6 05 57 d4 19 03 01 e8 a2 58 49 ff <0f> 0b e9 6e ff ff ff e8 f6 f5 6d ff 80 3d 42 d4 19 03 00 0f 85 5c
RSP: 0018:ffffc90002df7b98 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff88810f6a193c RCX: ffffffffba649009
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88811b0283cc
RBP: 0000000000000003 R08: ffffed10236060e3 R09: ffffed10236060e3
R10: 0000000000000001 R11: ffffed10236060e2 R12: ffff88810f6a193c
R13: ffffc90002df7d60 R14: 0000000000000000 R15: ffff888116ae6a08
uverbs_uobject_put+0xfd/0x140
__uobj_perform_destroy+0x3d/0x60
ib_uverbs_close_xrcd+0x148/0x170
ib_uverbs_write+0xaa5/0xdf0
__vfs_write+0x7c/0x100
vfs_write+0x168/0x4a0
ksys_write+0xc8/0x200
do_syscall_64+0x9c/0x390
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x465b49
Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f759d122c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000073bfa8 RCX: 0000000000465b49
RDX: 000000000000000c RSI: 0000000020000080 RDI: 0000000000000003
RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f759d1236bc
R13: 00000000004ca27c R14: 000000000070de40 R15: 00000000ffffffff
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: 0x39400000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
Fixes: 7452a3c745a2 ("IB/uverbs: Allow RDMA_REMOVE_DESTROY to work concurrently with disassociate")
Link: https://lore.kernel.org/r/20200527135534.482279-1-leon@kernel.org
Signed-off-by: Maor Gottlieb <maorg@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/core/rdma_core.c | 20 +++++++++++++-------
include/rdma/uverbs_std_types.h | 2 +-
2 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/drivers/infiniband/core/rdma_core.c b/drivers/infiniband/core/rdma_core.c
index bf8e149d3191..e0a5e897e4b1 100644
--- a/drivers/infiniband/core/rdma_core.c
+++ b/drivers/infiniband/core/rdma_core.c
@@ -153,9 +153,9 @@ static int uverbs_destroy_uobject(struct ib_uobject *uobj,
uobj->context = NULL;
/*
- * For DESTROY the usecnt is held write locked, the caller is expected
- * to put it unlock and put the object when done with it. Only DESTROY
- * can remove the IDR handle.
+ * For DESTROY the usecnt is not changed, the caller is expected to
+ * manage it via uobj_put_destroy(). Only DESTROY can remove the IDR
+ * handle.
*/
if (reason != RDMA_REMOVE_DESTROY)
atomic_set(&uobj->usecnt, 0);
@@ -187,7 +187,7 @@ static int uverbs_destroy_uobject(struct ib_uobject *uobj,
/*
* This calls uverbs_destroy_uobject() using the RDMA_REMOVE_DESTROY
* sequence. It should only be used from command callbacks. On success the
- * caller must pair this with rdma_lookup_put_uobject(LOOKUP_WRITE). This
+ * caller must pair this with uobj_put_destroy(). This
* version requires the caller to have already obtained an
* LOOKUP_DESTROY uobject kref.
*/
@@ -198,6 +198,13 @@ int uobj_destroy(struct ib_uobject *uobj, struct uverbs_attr_bundle *attrs)
down_read(&ufile->hw_destroy_rwsem);
+ /*
+ * Once the uobject is destroyed by RDMA_REMOVE_DESTROY then it is left
+ * write locked as the callers put it back with UVERBS_LOOKUP_DESTROY.
+ * This is because any other concurrent thread can still see the object
+ * in the xarray due to RCU. Leaving it locked ensures nothing else will
+ * touch it.
+ */
ret = uverbs_try_lock_object(uobj, UVERBS_LOOKUP_WRITE);
if (ret)
goto out_unlock;
@@ -216,7 +223,7 @@ out_unlock:
/*
* uobj_get_destroy destroys the HW object and returns a handle to the uobj
* with a NULL object pointer. The caller must pair this with
- * uverbs_put_destroy.
+ * uobj_put_destroy().
*/
struct ib_uobject *__uobj_get_destroy(const struct uverbs_api_object *obj,
u32 id, struct uverbs_attr_bundle *attrs)
@@ -250,8 +257,7 @@ int __uobj_perform_destroy(const struct uverbs_api_object *obj, u32 id,
uobj = __uobj_get_destroy(obj, id, attrs);
if (IS_ERR(uobj))
return PTR_ERR(uobj);
-
- rdma_lookup_put_uobject(uobj, UVERBS_LOOKUP_WRITE);
+ uobj_put_destroy(uobj);
return 0;
}
diff --git a/include/rdma/uverbs_std_types.h b/include/rdma/uverbs_std_types.h
index 1b28ce1aba07..325fdaa3bb66 100644
--- a/include/rdma/uverbs_std_types.h
+++ b/include/rdma/uverbs_std_types.h
@@ -88,7 +88,7 @@ struct ib_uobject *__uobj_get_destroy(const struct uverbs_api_object *obj,
static inline void uobj_put_destroy(struct ib_uobject *uobj)
{
- rdma_lookup_put_uobject(uobj, UVERBS_LOOKUP_WRITE);
+ rdma_lookup_put_uobject(uobj, UVERBS_LOOKUP_DESTROY);
}
static inline void uobj_put_read(struct ib_uobject *uobj)
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 124/177] drm/amd/display: drop cursor position check in atomic test
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 123/177] RDMA/core: Fix double destruction of uobject Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 125/177] drm/amd/display: Split program front end part that occur outside lock Greg Kroah-Hartman
` (53 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Simon Ser, Alex Deucher,
Nicholas Kazlauskas, Sasha Levin
From: Simon Ser <contact@emersion.fr>
[ Upstream commit f7d5991b92ff824798693ddf231cf814c9d5a88b ]
get_cursor_position already handles the case where the cursor has
negative off-screen coordinates by not setting
dc_cursor_position.enabled.
Signed-off-by: Simon Ser <contact@emersion.fr>
Fixes: 626bf90fe03f ("drm/amd/display: add basic atomic check for cursor plane")
Cc: Alex Deucher <alexander.deucher@amd.com>
Cc: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
index 0cd11d3d4cf4..8e7cffe10cc5 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -7746,13 +7746,6 @@ static int dm_update_plane_state(struct dc *dc,
return -EINVAL;
}
- if (new_plane_state->crtc_x <= -new_acrtc->max_cursor_width ||
- new_plane_state->crtc_y <= -new_acrtc->max_cursor_height) {
- DRM_DEBUG_ATOMIC("Bad cursor position %d, %d\n",
- new_plane_state->crtc_x, new_plane_state->crtc_y);
- return -EINVAL;
- }
-
return 0;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 125/177] drm/amd/display: Split program front end part that occur outside lock
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 124/177] drm/amd/display: drop cursor position check in atomic test Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 126/177] drm/amd/display: Indicate dsc updates explicitly Greg Kroah-Hartman
` (52 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anthony Koo, Aric Cyr,
Bhawanpreet Lakha, Alex Deucher, Sasha Levin
From: Anthony Koo <Anthony.Koo@amd.com>
[ Upstream commit bbf5f6c3f83bedd71006473849138a446ad4d9a3 ]
[Why]
Eventually want to lock at a higher level in stack.
To do this, we need to be able to isolate the parts that need to be done
after pipe unlock.
[How]
Split out programming that is done post unlock.
Signed-off-by: Anthony Koo <Anthony.Koo@amd.com>
Reviewed-by: Aric Cyr <Aric.Cyr@amd.com>
Acked-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/core/dc.c | 24 +++++++++---
.../display/dc/dce110/dce110_hw_sequencer.c | 6 +++
.../amd/display/dc/dcn10/dcn10_hw_sequencer.c | 39 ++++++++++++++++---
.../amd/display/dc/dcn10/dcn10_hw_sequencer.h | 3 ++
.../gpu/drm/amd/display/dc/dcn10/dcn10_init.c | 1 +
.../drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11 +++++-
.../drm/amd/display/dc/dcn20/dcn20_hwseq.h | 3 ++
.../gpu/drm/amd/display/dc/dcn20/dcn20_init.c | 1 +
.../gpu/drm/amd/display/dc/dcn21/dcn21_init.c | 1 +
.../gpu/drm/amd/display/dc/inc/hw_sequencer.h | 2 +
10 files changed, 79 insertions(+), 12 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c
index b3987124183a..66be2920fab0 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc.c
@@ -788,11 +788,15 @@ static void disable_dangling_plane(struct dc *dc, struct dc_state *context)
if (should_disable && old_stream) {
dc_rem_all_planes_for_stream(dc, old_stream, dangling_context);
disable_all_writeback_pipes_for_stream(dc, old_stream, dangling_context);
- if (dc->hwss.apply_ctx_for_surface)
+ if (dc->hwss.apply_ctx_for_surface) {
dc->hwss.apply_ctx_for_surface(dc, old_stream, 0, dangling_context);
+ dc->hwss.post_unlock_program_front_end(dc, dangling_context);
+ }
+ if (dc->hwss.program_front_end_for_ctx) {
+ dc->hwss.program_front_end_for_ctx(dc, dangling_context);
+ dc->hwss.post_unlock_program_front_end(dc, dangling_context);
+ }
}
- if (dc->hwss.program_front_end_for_ctx)
- dc->hwss.program_front_end_for_ctx(dc, dangling_context);
}
current_ctx = dc->current_state;
@@ -1220,6 +1224,7 @@ static enum dc_status dc_commit_state_no_check(struct dc *dc, struct dc_state *c
dc, context->streams[i],
context->stream_status[i].plane_count,
context); /* use new pipe config in new context */
+ dc->hwss.post_unlock_program_front_end(dc, context);
}
/* Program hardware */
@@ -1239,19 +1244,24 @@ static enum dc_status dc_commit_state_no_check(struct dc *dc, struct dc_state *c
}
/* Program all planes within new context*/
- if (dc->hwss.program_front_end_for_ctx)
+ if (dc->hwss.program_front_end_for_ctx) {
dc->hwss.program_front_end_for_ctx(dc, context);
+ dc->hwss.post_unlock_program_front_end(dc, context);
+ }
+
for (i = 0; i < context->stream_count; i++) {
const struct dc_link *link = context->streams[i]->link;
if (!context->streams[i]->mode_changed)
continue;
- if (dc->hwss.apply_ctx_for_surface)
+ if (dc->hwss.apply_ctx_for_surface) {
dc->hwss.apply_ctx_for_surface(
dc, context->streams[i],
context->stream_status[i].plane_count,
context);
+ dc->hwss.post_unlock_program_front_end(dc, context);
+ }
/*
* enable stereo
@@ -2190,6 +2200,7 @@ static void commit_planes_for_stream(struct dc *dc,
if (dc->hwss.program_front_end_for_ctx)
dc->hwss.program_front_end_for_ctx(dc, context);
+ dc->hwss.post_unlock_program_front_end(dc, context);
return;
}
@@ -2322,6 +2333,9 @@ static void commit_planes_for_stream(struct dc *dc,
dc->hwss.pipe_control_lock(dc, top_pipe_to_program, false);
}
+ if (update_type != UPDATE_TYPE_FAST)
+ dc->hwss.post_unlock_program_front_end(dc, context);
+
// Fire manual trigger only when bottom plane is flipped
for (j = 0; j < dc->res_pool->pipe_count; j++) {
struct pipe_ctx *pipe_ctx = &context->res_ctx.pipe_ctx[j];
diff --git a/drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c b/drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c
index 5b689273ff44..a961b94aefd9 100644
--- a/drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c
+++ b/drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c
@@ -2621,6 +2621,11 @@ static void dce110_apply_ctx_for_surface(
enable_fbc(dc, context);
}
+static void dce110_post_unlock_program_front_end(
+ struct dc *dc,
+ struct dc_state *context)
+{
+}
static void dce110_power_down_fe(struct dc *dc, struct pipe_ctx *pipe_ctx)
{
struct dce_hwseq *hws = dc->hwseq;
@@ -2722,6 +2727,7 @@ static const struct hw_sequencer_funcs dce110_funcs = {
.init_hw = init_hw,
.apply_ctx_to_hw = dce110_apply_ctx_to_hw,
.apply_ctx_for_surface = dce110_apply_ctx_for_surface,
+ .post_unlock_program_front_end = dce110_post_unlock_program_front_end,
.update_plane_addr = update_plane_addr,
.update_pending_status = dce110_update_pending_status,
.enable_accelerated_mode = dce110_enable_accelerated_mode,
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
index 1008ac8a0f2a..a9a5a13d5edf 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
@@ -2512,7 +2512,6 @@ void dcn10_apply_ctx_for_surface(
int i;
struct timing_generator *tg;
uint32_t underflow_check_delay_us;
- bool removed_pipe[4] = { false };
bool interdependent_update = false;
struct pipe_ctx *top_pipe_to_program =
dcn10_find_top_pipe_for_stream(dc, context, stream);
@@ -2552,6 +2551,9 @@ void dcn10_apply_ctx_for_surface(
struct pipe_ctx *pipe_ctx = &context->res_ctx.pipe_ctx[i];
struct pipe_ctx *old_pipe_ctx =
&dc->current_state->res_ctx.pipe_ctx[i];
+
+ pipe_ctx->update_flags.raw = 0;
+
/*
* Powergate reused pipes that are not powergated
* fairly hacky right now, using opp_id as indicator
@@ -2571,7 +2573,7 @@ void dcn10_apply_ctx_for_surface(
old_pipe_ctx->stream_res.tg == tg) {
hws->funcs.plane_atomic_disconnect(dc, old_pipe_ctx);
- removed_pipe[i] = true;
+ pipe_ctx->update_flags.bits.disable = 1;
DC_LOG_DC("Reset mpcc for pipe %d\n",
old_pipe_ctx->pipe_idx);
@@ -2602,16 +2604,41 @@ void dcn10_apply_ctx_for_surface(
dcn10_lock_all_pipes(dc, context, false);
else
dcn10_pipe_control_lock(dc, top_pipe_to_program, false);
+}
+
+void dcn10_post_unlock_program_front_end(
+ struct dc *dc,
+ struct dc_state *context)
+{
+ int i, j;
+
+ DC_LOGGER_INIT(dc->ctx->logger);
- if (num_planes == 0)
- false_optc_underflow_wa(dc, stream, tg);
+ for (i = 0; i < dc->res_pool->pipe_count; i++) {
+ struct pipe_ctx *pipe_ctx = &context->res_ctx.pipe_ctx[i];
+
+ if (!pipe_ctx->top_pipe &&
+ !pipe_ctx->prev_odm_pipe &&
+ pipe_ctx->stream) {
+ struct dc_stream_status *stream_status = NULL;
+ struct timing_generator *tg = pipe_ctx->stream_res.tg;
+
+ for (j = 0; j < context->stream_count; j++) {
+ if (pipe_ctx->stream == context->streams[j])
+ stream_status = &context->stream_status[j];
+ }
+
+ if (context->stream_status[i].plane_count == 0)
+ false_optc_underflow_wa(dc, pipe_ctx->stream, tg);
+ }
+ }
for (i = 0; i < dc->res_pool->pipe_count; i++)
- if (removed_pipe[i])
+ if (context->res_ctx.pipe_ctx[i].update_flags.bits.disable)
dc->hwss.disable_plane(dc, &dc->current_state->res_ctx.pipe_ctx[i]);
for (i = 0; i < dc->res_pool->pipe_count; i++)
- if (removed_pipe[i]) {
+ if (context->res_ctx.pipe_ctx[i].update_flags.bits.disable) {
dc->hwss.optimize_bandwidth(dc, context);
break;
}
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h
index 4d20f6586bb5..b523f0b8dc23 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h
@@ -75,6 +75,9 @@ void dcn10_apply_ctx_for_surface(
const struct dc_stream_state *stream,
int num_planes,
struct dc_state *context);
+void dcn10_post_unlock_program_front_end(
+ struct dc *dc,
+ struct dc_state *context);
void dcn10_hubp_pg_control(
struct dce_hwseq *hws,
unsigned int hubp_inst,
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_init.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_init.c
index e7e5352ec424..681db997a532 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_init.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_init.c
@@ -32,6 +32,7 @@ static const struct hw_sequencer_funcs dcn10_funcs = {
.init_hw = dcn10_init_hw,
.apply_ctx_to_hw = dce110_apply_ctx_to_hw,
.apply_ctx_for_surface = dcn10_apply_ctx_for_surface,
+ .post_unlock_program_front_end = dcn10_post_unlock_program_front_end,
.update_plane_addr = dcn10_update_plane_addr,
.update_dchub = dcn10_update_dchub,
.update_pending_status = dcn10_update_pending_status,
diff --git a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c
index ad422e00f9fe..0c4a8c37ce84 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c
@@ -1551,7 +1551,6 @@ void dcn20_program_front_end_for_ctx(
struct dc *dc,
struct dc_state *context)
{
- const unsigned int TIMEOUT_FOR_PIPE_ENABLE_MS = 100;
int i;
struct dce_hwseq *hws = dc->hwseq;
bool pipe_locked[MAX_PIPES] = {false};
@@ -1626,6 +1625,16 @@ void dcn20_program_front_end_for_ctx(
if (!pipe_ctx->update_flags.bits.enable)
dc->hwss.pipe_control_lock(dc, &dc->current_state->res_ctx.pipe_ctx[i], false);
}
+}
+
+void dcn20_post_unlock_program_front_end(
+ struct dc *dc,
+ struct dc_state *context)
+{
+ int i;
+ const unsigned int TIMEOUT_FOR_PIPE_ENABLE_MS = 100;
+
+ DC_LOGGER_INIT(dc->ctx->logger);
for (i = 0; i < dc->res_pool->pipe_count; i++)
if (context->res_ctx.pipe_ctx[i].update_flags.bits.disable)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.h b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.h
index 02c9be5ebd47..80f192b8b3a2 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.h
+++ b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.h
@@ -35,6 +35,9 @@ bool dcn20_set_shaper_3dlut(
void dcn20_program_front_end_for_ctx(
struct dc *dc,
struct dc_state *context);
+void dcn20_post_unlock_program_front_end(
+ struct dc *dc,
+ struct dc_state *context);
void dcn20_update_plane_addr(const struct dc *dc, struct pipe_ctx *pipe_ctx);
void dcn20_update_mpcc(struct dc *dc, struct pipe_ctx *pipe_ctx);
bool dcn20_set_input_transfer_func(struct dc *dc, struct pipe_ctx *pipe_ctx,
diff --git a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_init.c b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_init.c
index 5e640f17d3d4..c0a7cf1ba3a0 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_init.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_init.c
@@ -33,6 +33,7 @@ static const struct hw_sequencer_funcs dcn20_funcs = {
.apply_ctx_to_hw = dce110_apply_ctx_to_hw,
.apply_ctx_for_surface = NULL,
.program_front_end_for_ctx = dcn20_program_front_end_for_ctx,
+ .post_unlock_program_front_end = dcn20_post_unlock_program_front_end,
.update_plane_addr = dcn20_update_plane_addr,
.update_dchub = dcn10_update_dchub,
.update_pending_status = dcn10_update_pending_status,
diff --git a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_init.c b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_init.c
index fddbd59bf4f9..bb8309513964 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_init.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_init.c
@@ -34,6 +34,7 @@ static const struct hw_sequencer_funcs dcn21_funcs = {
.apply_ctx_to_hw = dce110_apply_ctx_to_hw,
.apply_ctx_for_surface = NULL,
.program_front_end_for_ctx = dcn20_program_front_end_for_ctx,
+ .post_unlock_program_front_end = dcn20_post_unlock_program_front_end,
.update_plane_addr = dcn20_update_plane_addr,
.update_dchub = dcn10_update_dchub,
.update_pending_status = dcn10_update_pending_status,
diff --git a/drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h b/drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h
index 209118f9f193..63919866ba38 100644
--- a/drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h
+++ b/drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h
@@ -66,6 +66,8 @@ struct hw_sequencer_funcs {
int num_planes, struct dc_state *context);
void (*program_front_end_for_ctx)(struct dc *dc,
struct dc_state *context);
+ void (*post_unlock_program_front_end)(struct dc *dc,
+ struct dc_state *context);
void (*update_plane_addr)(const struct dc *dc,
struct pipe_ctx *pipe_ctx);
void (*update_dchub)(struct dce_hwseq *hws,
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 126/177] drm/amd/display: Indicate dsc updates explicitly
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 125/177] drm/amd/display: Split program front end part that occur outside lock Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 127/177] drm/amd/display: Added locking for atomic update stream and update planes Greg Kroah-Hartman
` (51 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anthony Koo, Aric Cyr,
Bhawanpreet Lakha, Alex Deucher, Sasha Levin
From: Anthony Koo <Anthony.Koo@amd.com>
[ Upstream commit acdac228c4d1b9ff8ac778835719d3381c198aad ]
[Why]
DSC updates only set type to FULL UPDATE, but doesn't
flag the change
[How]
Add DSC flag update flag
Signed-off-by: Anthony Koo <Anthony.Koo@amd.com>
Reviewed-by: Aric Cyr <Aric.Cyr@amd.com>
Acked-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/core/dc.c | 19 ++++++++++++-------
drivers/gpu/drm/amd/display/dc/dc_stream.h | 1 +
2 files changed, 13 insertions(+), 7 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c
index 66be2920fab0..2667691ba2aa 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc.c
@@ -1745,14 +1745,15 @@ static enum surface_update_type check_update_surfaces_for_stream(
if (stream_update->wb_update)
su_flags->bits.wb_update = 1;
+
+ if (stream_update->dsc_config)
+ su_flags->bits.dsc_changed = 1;
+
if (su_flags->raw != 0)
overall_type = UPDATE_TYPE_FULL;
if (stream_update->output_csc_transform || stream_update->output_color_space)
su_flags->bits.out_csc = 1;
-
- if (stream_update->dsc_config)
- overall_type = UPDATE_TYPE_FULL;
}
for (i = 0 ; i < surface_count; i++) {
@@ -1787,8 +1788,11 @@ enum surface_update_type dc_check_update_surfaces_for_stream(
type = check_update_surfaces_for_stream(dc, updates, surface_count, stream_update, stream_status);
if (type == UPDATE_TYPE_FULL) {
- if (stream_update)
+ if (stream_update) {
+ uint32_t dsc_changed = stream_update->stream->update_flags.bits.dsc_changed;
stream_update->stream->update_flags.raw = 0xFFFFFFFF;
+ stream_update->stream->update_flags.bits.dsc_changed = dsc_changed;
+ }
for (i = 0; i < surface_count; i++)
updates[i].surface->update_flags.raw = 0xFFFFFFFF;
}
@@ -2104,14 +2108,15 @@ static void commit_planes_do_stream_update(struct dc *dc,
}
}
+ /* Full fe update*/
+ if (update_type == UPDATE_TYPE_FAST)
+ continue;
+
if (stream_update->dsc_config && dc->hwss.pipe_control_lock_global) {
dc->hwss.pipe_control_lock_global(dc, pipe_ctx, true);
dp_update_dsc_config(pipe_ctx);
dc->hwss.pipe_control_lock_global(dc, pipe_ctx, false);
}
- /* Full fe update*/
- if (update_type == UPDATE_TYPE_FAST)
- continue;
if (stream_update->dpms_off) {
dc->hwss.pipe_control_lock(dc, pipe_ctx, true);
diff --git a/drivers/gpu/drm/amd/display/dc/dc_stream.h b/drivers/gpu/drm/amd/display/dc/dc_stream.h
index 92096de79dec..a5c7ef47b8d3 100644
--- a/drivers/gpu/drm/amd/display/dc/dc_stream.h
+++ b/drivers/gpu/drm/amd/display/dc/dc_stream.h
@@ -118,6 +118,7 @@ union stream_update_flags {
uint32_t dpms_off:1;
uint32_t gamut_remap:1;
uint32_t wb_update:1;
+ uint32_t dsc_changed : 1;
} bits;
uint32_t raw;
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 127/177] drm/amd/display: Added locking for atomic update stream and update planes
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (125 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 126/177] drm/amd/display: Indicate dsc updates explicitly Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 128/177] drm/amd/display: Use cursor locking to prevent flip delays Greg Kroah-Hartman
` (50 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anthony Koo, Lucy Li, Aric Cyr,
Bhawanpreet Lakha, Alex Deucher, Sasha Levin
From: Anthony Koo <Anthony.Koo@amd.com>
[ Upstream commit 009114f6df84150a567b05537aa29b9d660e419b ]
[Why]
Screen flickering when HDR switches between FP16 and ARGB2101010
[How]
Moved pipe_control_lock so stream update and plane update occur atomically
Signed-off-by: Anthony Koo <Anthony.Koo@amd.com>
Signed-off-by: Lucy Li <lucy.li@amd.com>
Reviewed-by: Aric Cyr <Aric.Cyr@amd.com>
Acked-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/core/dc.c | 87 +++++++++++----
.../display/dc/dce110/dce110_hw_sequencer.c | 23 +---
.../amd/display/dc/dcn10/dcn10_hw_sequencer.c | 32 +-----
.../amd/display/dc/dcn10/dcn10_hw_sequencer.h | 4 +
.../gpu/drm/amd/display/dc/dcn10/dcn10_init.c | 1 +
.../drm/amd/display/dc/dcn20/dcn20_hwseq.c | 101 ++++++++----------
.../drm/amd/display/dc/dcn20/dcn20_hwseq.h | 4 -
.../gpu/drm/amd/display/dc/dcn20/dcn20_init.c | 2 +-
.../gpu/drm/amd/display/dc/dcn21/dcn21_init.c | 2 +-
.../gpu/drm/amd/display/dc/inc/hw_sequencer.h | 4 +-
10 files changed, 125 insertions(+), 135 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c
index 2667691ba2aa..32a07665863f 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc.c
@@ -763,6 +763,29 @@ static bool disable_all_writeback_pipes_for_stream(
return true;
}
+void apply_ctx_interdependent_lock(struct dc *dc, struct dc_state *context, struct dc_stream_state *stream, bool lock)
+{
+ int i = 0;
+
+ /* Checks if interdependent update function pointer is NULL or not, takes care of DCE110 case */
+ if (dc->hwss.interdependent_update_lock)
+ dc->hwss.interdependent_update_lock(dc, context, lock);
+ else {
+ for (i = 0; i < dc->res_pool->pipe_count; i++) {
+ struct pipe_ctx *pipe_ctx = &context->res_ctx.pipe_ctx[i];
+ struct pipe_ctx *old_pipe_ctx = &dc->current_state->res_ctx.pipe_ctx[i];
+
+ // Copied conditions that were previously in dce110_apply_ctx_for_surface
+ if (stream == pipe_ctx->stream) {
+ if (!pipe_ctx->top_pipe &&
+ (pipe_ctx->plane_state || old_pipe_ctx->plane_state))
+ dc->hwss.pipe_control_lock(dc, pipe_ctx, lock);
+ break;
+ }
+ }
+ }
+}
+
static void disable_dangling_plane(struct dc *dc, struct dc_state *context)
{
int i, j;
@@ -788,12 +811,17 @@ static void disable_dangling_plane(struct dc *dc, struct dc_state *context)
if (should_disable && old_stream) {
dc_rem_all_planes_for_stream(dc, old_stream, dangling_context);
disable_all_writeback_pipes_for_stream(dc, old_stream, dangling_context);
+
if (dc->hwss.apply_ctx_for_surface) {
+ apply_ctx_interdependent_lock(dc, dc->current_state, old_stream, true);
dc->hwss.apply_ctx_for_surface(dc, old_stream, 0, dangling_context);
+ apply_ctx_interdependent_lock(dc, dc->current_state, old_stream, false);
dc->hwss.post_unlock_program_front_end(dc, dangling_context);
}
if (dc->hwss.program_front_end_for_ctx) {
+ dc->hwss.interdependent_update_lock(dc, dc->current_state, true);
dc->hwss.program_front_end_for_ctx(dc, dangling_context);
+ dc->hwss.interdependent_update_lock(dc, dc->current_state, false);
dc->hwss.post_unlock_program_front_end(dc, dangling_context);
}
}
@@ -1215,17 +1243,19 @@ static enum dc_status dc_commit_state_no_check(struct dc *dc, struct dc_state *c
/* re-program planes for existing stream, in case we need to
* free up plane resource for later use
*/
- if (dc->hwss.apply_ctx_for_surface)
+ if (dc->hwss.apply_ctx_for_surface) {
for (i = 0; i < context->stream_count; i++) {
if (context->streams[i]->mode_changed)
continue;
-
+ apply_ctx_interdependent_lock(dc, context, context->streams[i], true);
dc->hwss.apply_ctx_for_surface(
dc, context->streams[i],
context->stream_status[i].plane_count,
context); /* use new pipe config in new context */
+ apply_ctx_interdependent_lock(dc, context, context->streams[i], false);
dc->hwss.post_unlock_program_front_end(dc, context);
}
+ }
/* Program hardware */
for (i = 0; i < dc->res_pool->pipe_count; i++) {
@@ -1245,10 +1275,11 @@ static enum dc_status dc_commit_state_no_check(struct dc *dc, struct dc_state *c
/* Program all planes within new context*/
if (dc->hwss.program_front_end_for_ctx) {
+ dc->hwss.interdependent_update_lock(dc, context, true);
dc->hwss.program_front_end_for_ctx(dc, context);
+ dc->hwss.interdependent_update_lock(dc, context, false);
dc->hwss.post_unlock_program_front_end(dc, context);
}
-
for (i = 0; i < context->stream_count; i++) {
const struct dc_link *link = context->streams[i]->link;
@@ -1256,10 +1287,12 @@ static enum dc_status dc_commit_state_no_check(struct dc *dc, struct dc_state *c
continue;
if (dc->hwss.apply_ctx_for_surface) {
+ apply_ctx_interdependent_lock(dc, context, context->streams[i], true);
dc->hwss.apply_ctx_for_surface(
dc, context->streams[i],
context->stream_status[i].plane_count,
context);
+ apply_ctx_interdependent_lock(dc, context, context->streams[i], false);
dc->hwss.post_unlock_program_front_end(dc, context);
}
@@ -2112,15 +2145,10 @@ static void commit_planes_do_stream_update(struct dc *dc,
if (update_type == UPDATE_TYPE_FAST)
continue;
- if (stream_update->dsc_config && dc->hwss.pipe_control_lock_global) {
- dc->hwss.pipe_control_lock_global(dc, pipe_ctx, true);
+ if (stream_update->dsc_config)
dp_update_dsc_config(pipe_ctx);
- dc->hwss.pipe_control_lock_global(dc, pipe_ctx, false);
- }
if (stream_update->dpms_off) {
- dc->hwss.pipe_control_lock(dc, pipe_ctx, true);
-
if (*stream_update->dpms_off) {
core_link_disable_stream(pipe_ctx);
/* for dpms, keep acquired resources*/
@@ -2134,8 +2162,6 @@ static void commit_planes_do_stream_update(struct dc *dc,
core_link_enable_stream(dc->current_state, pipe_ctx);
}
-
- dc->hwss.pipe_control_lock(dc, pipe_ctx, false);
}
if (stream_update->abm_level && pipe_ctx->stream_res.abm) {
@@ -2191,6 +2217,27 @@ static void commit_planes_for_stream(struct dc *dc,
context_clock_trace(dc, context);
}
+ for (j = 0; j < dc->res_pool->pipe_count; j++) {
+ struct pipe_ctx *pipe_ctx = &context->res_ctx.pipe_ctx[j];
+
+ if (!pipe_ctx->top_pipe &&
+ !pipe_ctx->prev_odm_pipe &&
+ pipe_ctx->stream &&
+ pipe_ctx->stream == stream) {
+ top_pipe_to_program = pipe_ctx;
+ }
+ }
+
+ if ((update_type != UPDATE_TYPE_FAST) && dc->hwss.interdependent_update_lock)
+ dc->hwss.interdependent_update_lock(dc, context, true);
+ else
+ /* Lock the top pipe while updating plane addrs, since freesync requires
+ * plane addr update event triggers to be synchronized.
+ * top_pipe_to_program is expected to never be NULL
+ */
+ dc->hwss.pipe_control_lock(dc, top_pipe_to_program, true);
+
+
// Stream updates
if (stream_update)
commit_planes_do_stream_update(dc, stream, stream_update, update_type, context);
@@ -2205,6 +2252,11 @@ static void commit_planes_for_stream(struct dc *dc,
if (dc->hwss.program_front_end_for_ctx)
dc->hwss.program_front_end_for_ctx(dc, context);
+ if ((update_type != UPDATE_TYPE_FAST) && dc->hwss.interdependent_update_lock)
+ dc->hwss.interdependent_update_lock(dc, context, false);
+ else
+ dc->hwss.pipe_control_lock(dc, top_pipe_to_program, false);
+
dc->hwss.post_unlock_program_front_end(dc, context);
return;
}
@@ -2241,8 +2293,6 @@ static void commit_planes_for_stream(struct dc *dc,
pipe_ctx->stream == stream) {
struct dc_stream_status *stream_status = NULL;
- top_pipe_to_program = pipe_ctx;
-
if (!pipe_ctx->plane_state)
continue;
@@ -2287,12 +2337,6 @@ static void commit_planes_for_stream(struct dc *dc,
// Update Type FAST, Surface updates
if (update_type == UPDATE_TYPE_FAST) {
- /* Lock the top pipe while updating plane addrs, since freesync requires
- * plane addr update event triggers to be synchronized.
- * top_pipe_to_program is expected to never be NULL
- */
- dc->hwss.pipe_control_lock(dc, top_pipe_to_program, true);
-
if (dc->hwss.set_flip_control_gsl)
for (i = 0; i < surface_count; i++) {
struct dc_plane_state *plane_state = srf_updates[i].surface;
@@ -2334,9 +2378,12 @@ static void commit_planes_for_stream(struct dc *dc,
dc->hwss.update_plane_addr(dc, pipe_ctx);
}
}
+ }
+ if ((update_type != UPDATE_TYPE_FAST) && dc->hwss.interdependent_update_lock)
+ dc->hwss.interdependent_update_lock(dc, context, false);
+ else
dc->hwss.pipe_control_lock(dc, top_pipe_to_program, false);
- }
if (update_type != UPDATE_TYPE_FAST)
dc->hwss.post_unlock_program_front_end(dc, context);
diff --git a/drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c b/drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c
index a961b94aefd9..56d4ec7bdad7 100644
--- a/drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c
+++ b/drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c
@@ -2574,17 +2574,6 @@ static void dce110_apply_ctx_for_surface(
if (dc->fbc_compressor)
dc->fbc_compressor->funcs->disable_fbc(dc->fbc_compressor);
- for (i = 0; i < dc->res_pool->pipe_count; i++) {
- struct pipe_ctx *pipe_ctx = &context->res_ctx.pipe_ctx[i];
- struct pipe_ctx *old_pipe_ctx = &dc->current_state->res_ctx.pipe_ctx[i];
-
- if (stream == pipe_ctx->stream) {
- if (!pipe_ctx->top_pipe &&
- (pipe_ctx->plane_state || old_pipe_ctx->plane_state))
- dc->hwss.pipe_control_lock(dc, pipe_ctx, true);
- }
- }
-
for (i = 0; i < dc->res_pool->pipe_count; i++) {
struct pipe_ctx *pipe_ctx = &context->res_ctx.pipe_ctx[i];
@@ -2607,16 +2596,6 @@ static void dce110_apply_ctx_for_surface(
}
- for (i = 0; i < dc->res_pool->pipe_count; i++) {
- struct pipe_ctx *pipe_ctx = &context->res_ctx.pipe_ctx[i];
- struct pipe_ctx *old_pipe_ctx = &dc->current_state->res_ctx.pipe_ctx[i];
-
- if ((stream == pipe_ctx->stream) &&
- (!pipe_ctx->top_pipe) &&
- (pipe_ctx->plane_state || old_pipe_ctx->plane_state))
- dc->hwss.pipe_control_lock(dc, pipe_ctx, false);
- }
-
if (dc->fbc_compressor)
enable_fbc(dc, context);
}
@@ -2626,6 +2605,7 @@ static void dce110_post_unlock_program_front_end(
struct dc_state *context)
{
}
+
static void dce110_power_down_fe(struct dc *dc, struct pipe_ctx *pipe_ctx)
{
struct dce_hwseq *hws = dc->hwseq;
@@ -2742,6 +2722,7 @@ static const struct hw_sequencer_funcs dce110_funcs = {
.disable_audio_stream = dce110_disable_audio_stream,
.disable_plane = dce110_power_down_fe,
.pipe_control_lock = dce_pipe_control_lock,
+ .interdependent_update_lock = NULL,
.prepare_bandwidth = dce110_prepare_bandwidth,
.optimize_bandwidth = dce110_optimize_bandwidth,
.set_drr = set_drr,
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
index a9a5a13d5edf..7fc559acffcd 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
@@ -82,7 +82,7 @@ void print_microsec(struct dc_context *dc_ctx,
us_x10 % frac);
}
-static void dcn10_lock_all_pipes(struct dc *dc,
+void dcn10_lock_all_pipes(struct dc *dc,
struct dc_state *context,
bool lock)
{
@@ -93,6 +93,7 @@ static void dcn10_lock_all_pipes(struct dc *dc,
for (i = 0; i < dc->res_pool->pipe_count; i++) {
pipe_ctx = &context->res_ctx.pipe_ctx[i];
tg = pipe_ctx->stream_res.tg;
+
/*
* Only lock the top pipe's tg to prevent redundant
* (un)locking. Also skip if pipe is disabled.
@@ -103,9 +104,9 @@ static void dcn10_lock_all_pipes(struct dc *dc,
continue;
if (lock)
- tg->funcs->lock(tg);
+ dc->hwss.pipe_control_lock(dc, pipe_ctx, true);
else
- tg->funcs->unlock(tg);
+ dc->hwss.pipe_control_lock(dc, pipe_ctx, false);
}
}
@@ -1576,7 +1577,7 @@ void dcn10_pipe_control_lock(
/* use TG master update lock to lock everything on the TG
* therefore only top pipe need to lock
*/
- if (pipe->top_pipe)
+ if (!pipe || pipe->top_pipe)
return;
if (dc->debug.sanity_checks)
@@ -2530,11 +2531,6 @@ void dcn10_apply_ctx_for_surface(
if (underflow_check_delay_us != 0xFFFFFFFF && hws->funcs.did_underflow_occur)
ASSERT(hws->funcs.did_underflow_occur(dc, top_pipe_to_program));
- if (interdependent_update)
- dcn10_lock_all_pipes(dc, context, true);
- else
- dcn10_pipe_control_lock(dc, top_pipe_to_program, true);
-
if (underflow_check_delay_us != 0xFFFFFFFF)
udelay(underflow_check_delay_us);
@@ -2554,19 +2550,6 @@ void dcn10_apply_ctx_for_surface(
pipe_ctx->update_flags.raw = 0;
- /*
- * Powergate reused pipes that are not powergated
- * fairly hacky right now, using opp_id as indicator
- * TODO: After move dc_post to dc_update, this will
- * be removed.
- */
- if (pipe_ctx->plane_state && !old_pipe_ctx->plane_state) {
- if (old_pipe_ctx->stream_res.tg == tg &&
- old_pipe_ctx->plane_res.hubp &&
- old_pipe_ctx->plane_res.hubp->opp_id != OPP_ID_INVALID)
- dc->hwss.disable_plane(dc, old_pipe_ctx);
- }
-
if ((!pipe_ctx->plane_state ||
pipe_ctx->stream_res.tg != old_pipe_ctx->stream_res.tg) &&
old_pipe_ctx->plane_state &&
@@ -2599,11 +2582,6 @@ void dcn10_apply_ctx_for_surface(
&pipe_ctx->dlg_regs,
&pipe_ctx->ttu_regs);
}
-
- if (interdependent_update)
- dcn10_lock_all_pipes(dc, context, false);
- else
- dcn10_pipe_control_lock(dc, top_pipe_to_program, false);
}
void dcn10_post_unlock_program_front_end(
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h
index b523f0b8dc23..16a50e05ffbf 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h
@@ -70,6 +70,10 @@ void dcn10_reset_hw_ctx_wrap(
struct dc *dc,
struct dc_state *context);
void dcn10_disable_plane(struct dc *dc, struct pipe_ctx *pipe_ctx);
+void dcn10_lock_all_pipes(
+ struct dc *dc,
+ struct dc_state *context,
+ bool lock);
void dcn10_apply_ctx_for_surface(
struct dc *dc,
const struct dc_stream_state *stream,
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_init.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_init.c
index 681db997a532..b88ef9703b2b 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_init.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_init.c
@@ -50,6 +50,7 @@ static const struct hw_sequencer_funcs dcn10_funcs = {
.disable_audio_stream = dce110_disable_audio_stream,
.disable_plane = dcn10_disable_plane,
.pipe_control_lock = dcn10_pipe_control_lock,
+ .interdependent_update_lock = dcn10_lock_all_pipes,
.prepare_bandwidth = dcn10_prepare_bandwidth,
.optimize_bandwidth = dcn10_optimize_bandwidth,
.set_drr = dcn10_set_drr,
diff --git a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c
index 0c4a8c37ce84..611dac544bfe 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c
@@ -1088,40 +1088,18 @@ void dcn20_enable_plane(
// }
}
-
-void dcn20_pipe_control_lock_global(
- struct dc *dc,
- struct pipe_ctx *pipe,
- bool lock)
-{
- if (lock) {
- pipe->stream_res.tg->funcs->lock_doublebuffer_enable(
- pipe->stream_res.tg);
- pipe->stream_res.tg->funcs->lock(pipe->stream_res.tg);
- } else {
- pipe->stream_res.tg->funcs->unlock(pipe->stream_res.tg);
- pipe->stream_res.tg->funcs->wait_for_state(pipe->stream_res.tg,
- CRTC_STATE_VACTIVE);
- pipe->stream_res.tg->funcs->wait_for_state(pipe->stream_res.tg,
- CRTC_STATE_VBLANK);
- pipe->stream_res.tg->funcs->wait_for_state(pipe->stream_res.tg,
- CRTC_STATE_VACTIVE);
- pipe->stream_res.tg->funcs->lock_doublebuffer_disable(
- pipe->stream_res.tg);
- }
-}
-
void dcn20_pipe_control_lock(
struct dc *dc,
struct pipe_ctx *pipe,
bool lock)
{
bool flip_immediate = false;
+ bool dig_update_required = false;
/* use TG master update lock to lock everything on the TG
* therefore only top pipe need to lock
*/
- if (pipe->top_pipe)
+ if (!pipe || pipe->top_pipe)
return;
if (pipe->plane_state != NULL)
@@ -1154,6 +1132,19 @@ void dcn20_pipe_control_lock(
(!flip_immediate && pipe->stream_res.gsl_group > 0))
dcn20_setup_gsl_group_as_lock(dc, pipe, flip_immediate);
+ if (pipe->stream && pipe->stream->update_flags.bits.dsc_changed)
+ dig_update_required = true;
+
+ /* Need double buffer lock mode in order to synchronize front end pipe
+ * updates with dig updates.
+ */
+ if (dig_update_required) {
+ if (lock) {
+ pipe->stream_res.tg->funcs->lock_doublebuffer_enable(
+ pipe->stream_res.tg);
+ }
+ }
+
if (pipe->plane_state != NULL && pipe->plane_state->triplebuffer_flips) {
if (lock)
pipe->stream_res.tg->funcs->triplebuffer_lock(pipe->stream_res.tg);
@@ -1165,6 +1156,19 @@ void dcn20_pipe_control_lock(
else
pipe->stream_res.tg->funcs->unlock(pipe->stream_res.tg);
}
+
+ if (dig_update_required) {
+ if (!lock) {
+ pipe->stream_res.tg->funcs->wait_for_state(pipe->stream_res.tg,
+ CRTC_STATE_VACTIVE);
+ pipe->stream_res.tg->funcs->wait_for_state(pipe->stream_res.tg,
+ CRTC_STATE_VBLANK);
+ pipe->stream_res.tg->funcs->wait_for_state(pipe->stream_res.tg,
+ CRTC_STATE_VACTIVE);
+ pipe->stream_res.tg->funcs->lock_doublebuffer_disable(
+ pipe->stream_res.tg);
+ }
+ }
}
static void dcn20_detect_pipe_changes(struct pipe_ctx *old_pipe, struct pipe_ctx *new_pipe)
@@ -1536,26 +1540,28 @@ static void dcn20_program_pipe(
}
}
-static bool does_pipe_need_lock(struct pipe_ctx *pipe)
-{
- if ((pipe->plane_state && pipe->plane_state->update_flags.raw)
- || pipe->update_flags.raw)
- return true;
- if (pipe->bottom_pipe)
- return does_pipe_need_lock(pipe->bottom_pipe);
-
- return false;
-}
-
void dcn20_program_front_end_for_ctx(
struct dc *dc,
struct dc_state *context)
{
int i;
struct dce_hwseq *hws = dc->hwseq;
- bool pipe_locked[MAX_PIPES] = {false};
DC_LOGGER_INIT(dc->ctx->logger);
+ for (i = 0; i < dc->res_pool->pipe_count; i++) {
+ struct pipe_ctx *pipe_ctx = &context->res_ctx.pipe_ctx[i];
+
+ if (!pipe_ctx->top_pipe && !pipe_ctx->prev_odm_pipe && pipe_ctx->plane_state) {
+ ASSERT(!pipe_ctx->plane_state->triplebuffer_flips);
+ if (dc->hwss.program_triplebuffer != NULL &&
+ !dc->debug.disable_tri_buf) {
+ /*turn off triple buffer for full update*/
+ dc->hwss.program_triplebuffer(
+ dc, pipe_ctx, pipe_ctx->plane_state->triplebuffer_flips);
+ }
+ }
+ }
+
/* Carry over GSL groups in case the context is changing. */
for (i = 0; i < dc->res_pool->pipe_count; i++)
if (context->res_ctx.pipe_ctx[i].stream == dc->current_state->res_ctx.pipe_ctx[i].stream)
@@ -1566,17 +1572,6 @@ void dcn20_program_front_end_for_ctx(
for (i = 0; i < dc->res_pool->pipe_count; i++)
dcn20_detect_pipe_changes(&dc->current_state->res_ctx.pipe_ctx[i],
&context->res_ctx.pipe_ctx[i]);
- for (i = 0; i < dc->res_pool->pipe_count; i++)
- if (!context->res_ctx.pipe_ctx[i].top_pipe &&
- does_pipe_need_lock(&context->res_ctx.pipe_ctx[i])) {
- struct pipe_ctx *pipe_ctx = &context->res_ctx.pipe_ctx[i];
-
- if (pipe_ctx->update_flags.bits.tg_changed || pipe_ctx->update_flags.bits.enable)
- dc->hwss.pipe_control_lock(dc, pipe_ctx, true);
- if (!pipe_ctx->update_flags.bits.enable)
- dc->hwss.pipe_control_lock(dc, &dc->current_state->res_ctx.pipe_ctx[i], true);
- pipe_locked[i] = true;
- }
/* OTG blank before disabling all front ends */
for (i = 0; i < dc->res_pool->pipe_count; i++)
@@ -1614,17 +1609,6 @@ void dcn20_program_front_end_for_ctx(
hws->funcs.program_all_writeback_pipes_in_tree(dc, pipe->stream, context);
}
}
-
- /* Unlock all locked pipes */
- for (i = 0; i < dc->res_pool->pipe_count; i++)
- if (pipe_locked[i]) {
- struct pipe_ctx *pipe_ctx = &context->res_ctx.pipe_ctx[i];
-
- if (pipe_ctx->update_flags.bits.tg_changed || pipe_ctx->update_flags.bits.enable)
- dc->hwss.pipe_control_lock(dc, pipe_ctx, false);
- if (!pipe_ctx->update_flags.bits.enable)
- dc->hwss.pipe_control_lock(dc, &dc->current_state->res_ctx.pipe_ctx[i], false);
- }
}
void dcn20_post_unlock_program_front_end(
@@ -1664,7 +1648,6 @@ void dcn20_post_unlock_program_front_end(
dc->res_pool->hubbub->funcs->apply_DEDCN21_147_wa(dc->res_pool->hubbub);
}
-
void dcn20_prepare_bandwidth(
struct dc *dc,
struct dc_state *context)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.h b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.h
index 80f192b8b3a2..63ce763f148e 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.h
+++ b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.h
@@ -61,10 +61,6 @@ void dcn20_pipe_control_lock(
struct dc *dc,
struct pipe_ctx *pipe,
bool lock);
-void dcn20_pipe_control_lock_global(
- struct dc *dc,
- struct pipe_ctx *pipe,
- bool lock);
void dcn20_prepare_bandwidth(
struct dc *dc,
struct dc_state *context);
diff --git a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_init.c b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_init.c
index c0a7cf1ba3a0..1642bf546ceb 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_init.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_init.c
@@ -51,7 +51,7 @@ static const struct hw_sequencer_funcs dcn20_funcs = {
.disable_audio_stream = dce110_disable_audio_stream,
.disable_plane = dcn20_disable_plane,
.pipe_control_lock = dcn20_pipe_control_lock,
- .pipe_control_lock_global = dcn20_pipe_control_lock_global,
+ .interdependent_update_lock = dcn10_lock_all_pipes,
.prepare_bandwidth = dcn20_prepare_bandwidth,
.optimize_bandwidth = dcn20_optimize_bandwidth,
.update_bandwidth = dcn20_update_bandwidth,
diff --git a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_init.c b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_init.c
index bb8309513964..8b91445389df 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_init.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_init.c
@@ -52,7 +52,7 @@ static const struct hw_sequencer_funcs dcn21_funcs = {
.disable_audio_stream = dce110_disable_audio_stream,
.disable_plane = dcn20_disable_plane,
.pipe_control_lock = dcn20_pipe_control_lock,
- .pipe_control_lock_global = dcn20_pipe_control_lock_global,
+ .interdependent_update_lock = dcn10_lock_all_pipes,
.prepare_bandwidth = dcn20_prepare_bandwidth,
.optimize_bandwidth = dcn20_optimize_bandwidth,
.update_bandwidth = dcn20_update_bandwidth,
diff --git a/drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h b/drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h
index 63919866ba38..d4c1fb242c63 100644
--- a/drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h
+++ b/drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h
@@ -80,10 +80,10 @@ struct hw_sequencer_funcs {
void (*update_pending_status)(struct pipe_ctx *pipe_ctx);
/* Pipe Lock Related */
- void (*pipe_control_lock_global)(struct dc *dc,
- struct pipe_ctx *pipe, bool lock);
void (*pipe_control_lock)(struct dc *dc,
struct pipe_ctx *pipe, bool lock);
+ void (*interdependent_update_lock)(struct dc *dc,
+ struct dc_state *context, bool lock);
void (*set_flip_control_gsl)(struct pipe_ctx *pipe_ctx,
bool flip_immediate);
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 128/177] drm/amd/display: Use cursor locking to prevent flip delays
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 127/177] drm/amd/display: Added locking for atomic update stream and update planes Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 129/177] drm/amd/display: Defer cursor lock until after VUPDATE Greg Kroah-Hartman
` (49 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aric Cyr, Nicholas Kazlauskas,
Aurabindo Pillai, Alex Deucher, Sasha Levin
From: Aric Cyr <aric.cyr@amd.com>
[ Upstream commit b2a7b0ce0773bfa4406bc0a78e41979532a1edd7 ]
[Why]
Current locking scheme for cursor can result in a flip missing
its vsync, deferring it for one or more vsyncs. Result is a
potential for stuttering when cursor is moved.
[How]
Use cursor update lock so that flips are not blocked while cursor
is being programmed.
Signed-off-by: Aric Cyr <aric.cyr@amd.com>
Reviewed-by: Nicholas Kazlauskas <Nicholas.Kazlauskas@amd.com>
Acked-by: Aurabindo Pillai <aurabindo.pillai@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../gpu/drm/amd/display/dc/core/dc_stream.c | 40 ++-----------------
.../display/dc/dce110/dce110_hw_sequencer.c | 1 +
.../amd/display/dc/dcn10/dcn10_hw_sequencer.c | 10 +++++
.../amd/display/dc/dcn10/dcn10_hw_sequencer.h | 1 +
.../gpu/drm/amd/display/dc/dcn10/dcn10_init.c | 1 +
.../gpu/drm/amd/display/dc/dcn10/dcn10_mpc.c | 15 +++++++
.../gpu/drm/amd/display/dc/dcn10/dcn10_mpc.h | 20 +++++++---
.../drm/amd/display/dc/dcn10/dcn10_resource.c | 14 ++++++-
.../gpu/drm/amd/display/dc/dcn20/dcn20_init.c | 1 +
.../gpu/drm/amd/display/dc/dcn20/dcn20_mpc.c | 1 +
.../gpu/drm/amd/display/dc/dcn20/dcn20_mpc.h | 3 +-
.../drm/amd/display/dc/dcn20/dcn20_resource.c | 4 ++
.../gpu/drm/amd/display/dc/dcn21/dcn21_init.c | 1 +
.../drm/amd/display/dc/dcn21/dcn21_resource.c | 4 ++
drivers/gpu/drm/amd/display/dc/inc/hw/mpc.h | 16 ++++++++
.../gpu/drm/amd/display/dc/inc/hw_sequencer.h | 1 +
16 files changed, 88 insertions(+), 45 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_stream.c b/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
index 8c20e9e907b2..4f0e7203dba4 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
@@ -231,34 +231,6 @@ struct dc_stream_status *dc_stream_get_status(
return dc_stream_get_status_from_state(dc->current_state, stream);
}
-static void delay_cursor_until_vupdate(struct pipe_ctx *pipe_ctx, struct dc *dc)
-{
-#if defined(CONFIG_DRM_AMD_DC_DCN)
- unsigned int vupdate_line;
- unsigned int lines_to_vupdate, us_to_vupdate, vpos, nvpos;
- struct dc_stream_state *stream = pipe_ctx->stream;
- unsigned int us_per_line;
-
- if (!dc->hwss.get_vupdate_offset_from_vsync)
- return;
-
- vupdate_line = dc->hwss.get_vupdate_offset_from_vsync(pipe_ctx);
- if (!dc_stream_get_crtc_position(dc, &stream, 1, &vpos, &nvpos))
- return;
-
- if (vpos >= vupdate_line)
- return;
-
- us_per_line =
- stream->timing.h_total * 10000 / stream->timing.pix_clk_100hz;
- lines_to_vupdate = vupdate_line - vpos;
- us_to_vupdate = lines_to_vupdate * us_per_line;
-
- /* 70 us is a conservative estimate of cursor update time*/
- if (us_to_vupdate < 70)
- udelay(us_to_vupdate);
-#endif
-}
/**
* dc_stream_set_cursor_attributes() - Update cursor attributes and set cursor surface address
@@ -298,9 +270,7 @@ bool dc_stream_set_cursor_attributes(
if (!pipe_to_program) {
pipe_to_program = pipe_ctx;
-
- delay_cursor_until_vupdate(pipe_ctx, dc);
- dc->hwss.pipe_control_lock(dc, pipe_to_program, true);
+ dc->hwss.cursor_lock(dc, pipe_to_program, true);
}
dc->hwss.set_cursor_attribute(pipe_ctx);
@@ -309,7 +279,7 @@ bool dc_stream_set_cursor_attributes(
}
if (pipe_to_program)
- dc->hwss.pipe_control_lock(dc, pipe_to_program, false);
+ dc->hwss.cursor_lock(dc, pipe_to_program, false);
return true;
}
@@ -349,16 +319,14 @@ bool dc_stream_set_cursor_position(
if (!pipe_to_program) {
pipe_to_program = pipe_ctx;
-
- delay_cursor_until_vupdate(pipe_ctx, dc);
- dc->hwss.pipe_control_lock(dc, pipe_to_program, true);
+ dc->hwss.cursor_lock(dc, pipe_to_program, true);
}
dc->hwss.set_cursor_position(pipe_ctx);
}
if (pipe_to_program)
- dc->hwss.pipe_control_lock(dc, pipe_to_program, false);
+ dc->hwss.cursor_lock(dc, pipe_to_program, false);
return true;
}
diff --git a/drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c b/drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c
index 56d4ec7bdad7..454a123b92fc 100644
--- a/drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c
+++ b/drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c
@@ -2723,6 +2723,7 @@ static const struct hw_sequencer_funcs dce110_funcs = {
.disable_plane = dce110_power_down_fe,
.pipe_control_lock = dce_pipe_control_lock,
.interdependent_update_lock = NULL,
+ .cursor_lock = dce_pipe_control_lock,
.prepare_bandwidth = dce110_prepare_bandwidth,
.optimize_bandwidth = dce110_optimize_bandwidth,
.set_drr = set_drr,
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
index 7fc559acffcd..97a820b90541 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
@@ -1592,6 +1592,16 @@ void dcn10_pipe_control_lock(
hws->funcs.verify_allow_pstate_change_high(dc);
}
+void dcn10_cursor_lock(struct dc *dc, struct pipe_ctx *pipe, bool lock)
+{
+ /* cursor lock is per MPCC tree, so only need to lock one pipe per stream */
+ if (!pipe || pipe->top_pipe)
+ return;
+
+ dc->res_pool->mpc->funcs->cursor_lock(dc->res_pool->mpc,
+ pipe->stream_res.opp->inst, lock);
+}
+
static bool wait_for_reset_trigger_to_occur(
struct dc_context *dc_ctx,
struct timing_generator *tg)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h
index 16a50e05ffbf..af51424315d5 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h
@@ -49,6 +49,7 @@ void dcn10_pipe_control_lock(
struct dc *dc,
struct pipe_ctx *pipe,
bool lock);
+void dcn10_cursor_lock(struct dc *dc, struct pipe_ctx *pipe, bool lock);
void dcn10_blank_pixel_data(
struct dc *dc,
struct pipe_ctx *pipe_ctx,
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_init.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_init.c
index b88ef9703b2b..4a8e4b797bea 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_init.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_init.c
@@ -50,6 +50,7 @@ static const struct hw_sequencer_funcs dcn10_funcs = {
.disable_audio_stream = dce110_disable_audio_stream,
.disable_plane = dcn10_disable_plane,
.pipe_control_lock = dcn10_pipe_control_lock,
+ .cursor_lock = dcn10_cursor_lock,
.interdependent_update_lock = dcn10_lock_all_pipes,
.prepare_bandwidth = dcn10_prepare_bandwidth,
.optimize_bandwidth = dcn10_optimize_bandwidth,
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_mpc.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_mpc.c
index 04f863499cfb..3fcd408e9103 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_mpc.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_mpc.c
@@ -223,6 +223,9 @@ struct mpcc *mpc1_insert_plane(
REG_SET(MPCC_TOP_SEL[mpcc_id], 0, MPCC_TOP_SEL, dpp_id);
REG_SET(MPCC_OPP_ID[mpcc_id], 0, MPCC_OPP_ID, tree->opp_id);
+ /* Configure VUPDATE lock set for this MPCC to map to the OPP */
+ REG_SET(MPCC_UPDATE_LOCK_SEL[mpcc_id], 0, MPCC_UPDATE_LOCK_SEL, tree->opp_id);
+
/* update mpc tree mux setting */
if (tree->opp_list == insert_above_mpcc) {
/* insert the toppest mpcc */
@@ -318,6 +321,7 @@ void mpc1_remove_mpcc(
REG_SET(MPCC_TOP_SEL[mpcc_id], 0, MPCC_TOP_SEL, 0xf);
REG_SET(MPCC_BOT_SEL[mpcc_id], 0, MPCC_BOT_SEL, 0xf);
REG_SET(MPCC_OPP_ID[mpcc_id], 0, MPCC_OPP_ID, 0xf);
+ REG_SET(MPCC_UPDATE_LOCK_SEL[mpcc_id], 0, MPCC_UPDATE_LOCK_SEL, 0xf);
/* mark this mpcc as not in use */
mpc10->mpcc_in_use_mask &= ~(1 << mpcc_id);
@@ -328,6 +332,7 @@ void mpc1_remove_mpcc(
REG_SET(MPCC_TOP_SEL[mpcc_id], 0, MPCC_TOP_SEL, 0xf);
REG_SET(MPCC_BOT_SEL[mpcc_id], 0, MPCC_BOT_SEL, 0xf);
REG_SET(MPCC_OPP_ID[mpcc_id], 0, MPCC_OPP_ID, 0xf);
+ REG_SET(MPCC_UPDATE_LOCK_SEL[mpcc_id], 0, MPCC_UPDATE_LOCK_SEL, 0xf);
}
}
@@ -361,6 +366,7 @@ void mpc1_mpc_init(struct mpc *mpc)
REG_SET(MPCC_TOP_SEL[mpcc_id], 0, MPCC_TOP_SEL, 0xf);
REG_SET(MPCC_BOT_SEL[mpcc_id], 0, MPCC_BOT_SEL, 0xf);
REG_SET(MPCC_OPP_ID[mpcc_id], 0, MPCC_OPP_ID, 0xf);
+ REG_SET(MPCC_UPDATE_LOCK_SEL[mpcc_id], 0, MPCC_UPDATE_LOCK_SEL, 0xf);
mpc1_init_mpcc(&(mpc->mpcc_array[mpcc_id]), mpcc_id);
}
@@ -381,6 +387,7 @@ void mpc1_mpc_init_single_inst(struct mpc *mpc, unsigned int mpcc_id)
REG_SET(MPCC_TOP_SEL[mpcc_id], 0, MPCC_TOP_SEL, 0xf);
REG_SET(MPCC_BOT_SEL[mpcc_id], 0, MPCC_BOT_SEL, 0xf);
REG_SET(MPCC_OPP_ID[mpcc_id], 0, MPCC_OPP_ID, 0xf);
+ REG_SET(MPCC_UPDATE_LOCK_SEL[mpcc_id], 0, MPCC_UPDATE_LOCK_SEL, 0xf);
mpc1_init_mpcc(&(mpc->mpcc_array[mpcc_id]), mpcc_id);
@@ -453,6 +460,13 @@ void mpc1_read_mpcc_state(
MPCC_BUSY, &s->busy);
}
+void mpc1_cursor_lock(struct mpc *mpc, int opp_id, bool lock)
+{
+ struct dcn10_mpc *mpc10 = TO_DCN10_MPC(mpc);
+
+ REG_SET(CUR[opp_id], 0, CUR_VUPDATE_LOCK_SET, lock ? 1 : 0);
+}
+
static const struct mpc_funcs dcn10_mpc_funcs = {
.read_mpcc_state = mpc1_read_mpcc_state,
.insert_plane = mpc1_insert_plane,
@@ -464,6 +478,7 @@ static const struct mpc_funcs dcn10_mpc_funcs = {
.assert_mpcc_idle_before_connect = mpc1_assert_mpcc_idle_before_connect,
.init_mpcc_list_from_hw = mpc1_init_mpcc_list_from_hw,
.update_blending = mpc1_update_blending,
+ .cursor_lock = mpc1_cursor_lock,
.set_denorm = NULL,
.set_denorm_clamp = NULL,
.set_output_csc = NULL,
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_mpc.h b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_mpc.h
index 962a68e322ee..66a4719c22a0 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_mpc.h
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_mpc.h
@@ -39,11 +39,12 @@
SRII(MPCC_BG_G_Y, MPCC, inst),\
SRII(MPCC_BG_R_CR, MPCC, inst),\
SRII(MPCC_BG_B_CB, MPCC, inst),\
- SRII(MPCC_BG_B_CB, MPCC, inst),\
- SRII(MPCC_SM_CONTROL, MPCC, inst)
+ SRII(MPCC_SM_CONTROL, MPCC, inst),\
+ SRII(MPCC_UPDATE_LOCK_SEL, MPCC, inst)
#define MPC_OUT_MUX_COMMON_REG_LIST_DCN1_0(inst) \
- SRII(MUX, MPC_OUT, inst)
+ SRII(MUX, MPC_OUT, inst),\
+ VUPDATE_SRII(CUR, VUPDATE_LOCK_SET, inst)
#define MPC_COMMON_REG_VARIABLE_LIST \
uint32_t MPCC_TOP_SEL[MAX_MPCC]; \
@@ -55,7 +56,9 @@
uint32_t MPCC_BG_R_CR[MAX_MPCC]; \
uint32_t MPCC_BG_B_CB[MAX_MPCC]; \
uint32_t MPCC_SM_CONTROL[MAX_MPCC]; \
- uint32_t MUX[MAX_OPP];
+ uint32_t MUX[MAX_OPP]; \
+ uint32_t MPCC_UPDATE_LOCK_SEL[MAX_MPCC]; \
+ uint32_t CUR[MAX_OPP];
#define MPC_COMMON_MASK_SH_LIST_DCN1_0(mask_sh)\
SF(MPCC0_MPCC_TOP_SEL, MPCC_TOP_SEL, mask_sh),\
@@ -78,7 +81,8 @@
SF(MPCC0_MPCC_SM_CONTROL, MPCC_SM_FIELD_ALT, mask_sh),\
SF(MPCC0_MPCC_SM_CONTROL, MPCC_SM_FORCE_NEXT_FRAME_POL, mask_sh),\
SF(MPCC0_MPCC_SM_CONTROL, MPCC_SM_FORCE_NEXT_TOP_POL, mask_sh),\
- SF(MPC_OUT0_MUX, MPC_OUT_MUX, mask_sh)
+ SF(MPC_OUT0_MUX, MPC_OUT_MUX, mask_sh),\
+ SF(MPCC0_MPCC_UPDATE_LOCK_SEL, MPCC_UPDATE_LOCK_SEL, mask_sh)
#define MPC_REG_FIELD_LIST(type) \
type MPCC_TOP_SEL;\
@@ -101,7 +105,9 @@
type MPCC_SM_FIELD_ALT;\
type MPCC_SM_FORCE_NEXT_FRAME_POL;\
type MPCC_SM_FORCE_NEXT_TOP_POL;\
- type MPC_OUT_MUX;
+ type MPC_OUT_MUX;\
+ type MPCC_UPDATE_LOCK_SEL;\
+ type CUR_VUPDATE_LOCK_SET;
struct dcn_mpc_registers {
MPC_COMMON_REG_VARIABLE_LIST
@@ -192,4 +198,6 @@ void mpc1_read_mpcc_state(
int mpcc_inst,
struct mpcc_state *s);
+void mpc1_cursor_lock(struct mpc *mpc, int opp_id, bool lock);
+
#endif
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c
index 3b71898e859e..e3c4c06ac191 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c
@@ -181,6 +181,14 @@ enum dcn10_clk_src_array_id {
.reg_name[id] = BASE(mm ## block ## id ## _ ## reg_name ## _BASE_IDX) + \
mm ## block ## id ## _ ## reg_name
+#define VUPDATE_SRII(reg_name, block, id)\
+ .reg_name[id] = BASE(mm ## reg_name ## 0 ## _ ## block ## id ## _BASE_IDX) + \
+ mm ## reg_name ## 0 ## _ ## block ## id
+
+/* set field/register/bitfield name */
+#define SFRB(field_name, reg_name, bitfield, post_fix)\
+ .field_name = reg_name ## __ ## bitfield ## post_fix
+
/* NBIO */
#define NBIO_BASE_INNER(seg) \
NBIF_BASE__INST0_SEG ## seg
@@ -419,11 +427,13 @@ static const struct dcn_mpc_registers mpc_regs = {
};
static const struct dcn_mpc_shift mpc_shift = {
- MPC_COMMON_MASK_SH_LIST_DCN1_0(__SHIFT)
+ MPC_COMMON_MASK_SH_LIST_DCN1_0(__SHIFT),\
+ SFRB(CUR_VUPDATE_LOCK_SET, CUR0_VUPDATE_LOCK_SET0, CUR0_VUPDATE_LOCK_SET, __SHIFT)
};
static const struct dcn_mpc_mask mpc_mask = {
- MPC_COMMON_MASK_SH_LIST_DCN1_0(_MASK),
+ MPC_COMMON_MASK_SH_LIST_DCN1_0(_MASK),\
+ SFRB(CUR_VUPDATE_LOCK_SET, CUR0_VUPDATE_LOCK_SET0, CUR0_VUPDATE_LOCK_SET, _MASK)
};
#define tg_regs(id)\
diff --git a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_init.c b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_init.c
index 1642bf546ceb..0cae0c2f84c4 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_init.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_init.c
@@ -52,6 +52,7 @@ static const struct hw_sequencer_funcs dcn20_funcs = {
.disable_plane = dcn20_disable_plane,
.pipe_control_lock = dcn20_pipe_control_lock,
.interdependent_update_lock = dcn10_lock_all_pipes,
+ .cursor_lock = dcn10_cursor_lock,
.prepare_bandwidth = dcn20_prepare_bandwidth,
.optimize_bandwidth = dcn20_optimize_bandwidth,
.update_bandwidth = dcn20_update_bandwidth,
diff --git a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_mpc.c b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_mpc.c
index de9c857ab3e9..570dfd9a243f 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_mpc.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_mpc.c
@@ -545,6 +545,7 @@ const struct mpc_funcs dcn20_mpc_funcs = {
.mpc_init = mpc1_mpc_init,
.mpc_init_single_inst = mpc1_mpc_init_single_inst,
.update_blending = mpc2_update_blending,
+ .cursor_lock = mpc1_cursor_lock,
.get_mpcc_for_dpp = mpc2_get_mpcc_for_dpp,
.wait_for_idle = mpc2_assert_idle_mpcc,
.assert_mpcc_idle_before_connect = mpc2_assert_mpcc_idle_before_connect,
diff --git a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_mpc.h b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_mpc.h
index c78fd5123497..496658f420db 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_mpc.h
+++ b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_mpc.h
@@ -179,7 +179,8 @@
SF(MPC_OUT0_DENORM_CLAMP_G_Y, MPC_OUT_DENORM_CLAMP_MAX_G_Y, mask_sh),\
SF(MPC_OUT0_DENORM_CLAMP_G_Y, MPC_OUT_DENORM_CLAMP_MIN_G_Y, mask_sh),\
SF(MPC_OUT0_DENORM_CLAMP_B_CB, MPC_OUT_DENORM_CLAMP_MAX_B_CB, mask_sh),\
- SF(MPC_OUT0_DENORM_CLAMP_B_CB, MPC_OUT_DENORM_CLAMP_MIN_B_CB, mask_sh)
+ SF(MPC_OUT0_DENORM_CLAMP_B_CB, MPC_OUT_DENORM_CLAMP_MIN_B_CB, mask_sh),\
+ SF(CUR_VUPDATE_LOCK_SET0, CUR_VUPDATE_LOCK_SET, mask_sh)
/*
* DCN2 MPC_OCSC debug status register:
diff --git a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c
index 1b0bca9587d0..1ba47f3a6857 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c
@@ -506,6 +506,10 @@ enum dcn20_clk_src_array_id {
.block ## _ ## reg_name[id] = BASE(mm ## block ## id ## _ ## reg_name ## _BASE_IDX) + \
mm ## block ## id ## _ ## reg_name
+#define VUPDATE_SRII(reg_name, block, id)\
+ .reg_name[id] = BASE(mm ## reg_name ## _ ## block ## id ## _BASE_IDX) + \
+ mm ## reg_name ## _ ## block ## id
+
/* NBIO */
#define NBIO_BASE_INNER(seg) \
NBIO_BASE__INST0_SEG ## seg
diff --git a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_init.c b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_init.c
index 8b91445389df..8fe8ec7c0882 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_init.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_init.c
@@ -53,6 +53,7 @@ static const struct hw_sequencer_funcs dcn21_funcs = {
.disable_plane = dcn20_disable_plane,
.pipe_control_lock = dcn20_pipe_control_lock,
.interdependent_update_lock = dcn10_lock_all_pipes,
+ .cursor_lock = dcn10_cursor_lock,
.prepare_bandwidth = dcn20_prepare_bandwidth,
.optimize_bandwidth = dcn20_optimize_bandwidth,
.update_bandwidth = dcn20_update_bandwidth,
diff --git a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c
index 122d3e734c59..5286cc7d1261 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c
@@ -306,6 +306,10 @@ struct _vcs_dpi_soc_bounding_box_st dcn2_1_soc = {
.block ## _ ## reg_name[id] = BASE(mm ## block ## id ## _ ## reg_name ## _BASE_IDX) + \
mm ## block ## id ## _ ## reg_name
+#define VUPDATE_SRII(reg_name, block, id)\
+ .reg_name[id] = BASE(mm ## reg_name ## _ ## block ## id ## _BASE_IDX) + \
+ mm ## reg_name ## _ ## block ## id
+
/* NBIO */
#define NBIO_BASE_INNER(seg) \
NBIF0_BASE__INST0_SEG ## seg
diff --git a/drivers/gpu/drm/amd/display/dc/inc/hw/mpc.h b/drivers/gpu/drm/amd/display/dc/inc/hw/mpc.h
index 094afc4c8173..50ee8aa7ec3b 100644
--- a/drivers/gpu/drm/amd/display/dc/inc/hw/mpc.h
+++ b/drivers/gpu/drm/amd/display/dc/inc/hw/mpc.h
@@ -210,6 +210,22 @@ struct mpc_funcs {
struct mpcc_blnd_cfg *blnd_cfg,
int mpcc_id);
+ /*
+ * Lock cursor updates for the specified OPP.
+ * OPP defines the set of MPCC that are locked together for cursor.
+ *
+ * Parameters:
+ * [in] mpc - MPC context.
+ * [in] opp_id - The OPP to lock cursor updates on
+ * [in] lock - lock/unlock the OPP
+ *
+ * Return: void
+ */
+ void (*cursor_lock)(
+ struct mpc *mpc,
+ int opp_id,
+ bool lock);
+
struct mpcc* (*get_mpcc_for_dpp)(
struct mpc_tree *tree,
int dpp_id);
diff --git a/drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h b/drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h
index d4c1fb242c63..e57467d99d66 100644
--- a/drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h
+++ b/drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h
@@ -86,6 +86,7 @@ struct hw_sequencer_funcs {
struct dc_state *context, bool lock);
void (*set_flip_control_gsl)(struct pipe_ctx *pipe_ctx,
bool flip_immediate);
+ void (*cursor_lock)(struct dc *dc, struct pipe_ctx *pipe, bool lock);
/* Timing Related */
void (*get_position)(struct pipe_ctx **pipe_ctx, int num_pipes,
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 129/177] drm/amd/display: Defer cursor lock until after VUPDATE
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 128/177] drm/amd/display: Use cursor locking to prevent flip delays Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 130/177] drm/amd/display: Fix potential integer wraparound resulting in a hang Greg Kroah-Hartman
` (48 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicholas Kazlauskas, Aric Cyr,
Rodrigo Siqueira, Alex Deucher, Sasha Levin
From: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
[ Upstream commit 31ecebee9c36d5e5e113a357a655d993fa916174 ]
[Why]
We dropped the delay after changed the cursor functions locking the
entire pipe to locking just the CURSOR registers to fix page flip
stuttering - this introduced cursor stuttering instead, and an underflow
issue.
The cursor update can be delayed indefinitely if the cursor update
repeatedly happens right around VUPDATE.
The underflow issue can happen if we do a viewport update on a pipe
on the same frame where a cursor update happens around VUPDATE - the
old cursor registers are retained which can be in an invalid position.
This can cause a pipe hang and indefinite underflow.
[How]
The complex, ideal solution to the problem would be a software
triple buffering mechanism from the DM layer to program only one cursor
update per frame just before VUPDATE.
The simple workaround until we have that infrastructure in place is
this change - bring back the delay until VUPDATE before locking, but
with some corrections to the calculations.
This didn't work for all timings before because the calculation for
VUPDATE was wrong - it was using the offset from VSTARTUP instead and
didn't correctly handle the case where VUPDATE could be in the back
porch.
Add a new hardware sequencer function to use the existing helper to
calculate the real VUPDATE start and VUPDATE end - VUPDATE can last
multiple lines after all.
Change the udelay to incorporate the width of VUPDATE as well.
Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
Reviewed-by: Aric Cyr <Aric.Cyr@amd.com>
Acked-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../amd/display/dc/dcn10/dcn10_hw_sequencer.c | 69 ++++++++++++++++++-
.../amd/display/dc/dcn10/dcn10_hw_sequencer.h | 5 ++
.../gpu/drm/amd/display/dc/dcn10/dcn10_init.c | 1 +
.../gpu/drm/amd/display/dc/dcn20/dcn20_init.c | 1 +
.../gpu/drm/amd/display/dc/dcn21/dcn21_init.c | 1 +
.../gpu/drm/amd/display/dc/inc/hw_sequencer.h | 5 ++
6 files changed, 81 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
index 97a820b90541..60cea910759b 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
@@ -1592,12 +1592,79 @@ void dcn10_pipe_control_lock(
hws->funcs.verify_allow_pstate_change_high(dc);
}
+/**
+ * delay_cursor_until_vupdate() - Delay cursor update if too close to VUPDATE.
+ *
+ * Software keepout workaround to prevent cursor update locking from stalling
+ * out cursor updates indefinitely or from old values from being retained in
+ * the case where the viewport changes in the same frame as the cursor.
+ *
+ * The idea is to calculate the remaining time from VPOS to VUPDATE. If it's
+ * too close to VUPDATE, then stall out until VUPDATE finishes.
+ *
+ * TODO: Optimize cursor programming to be once per frame before VUPDATE
+ * to avoid the need for this workaround.
+ */
+static void delay_cursor_until_vupdate(struct dc *dc, struct pipe_ctx *pipe_ctx)
+{
+ struct dc_stream_state *stream = pipe_ctx->stream;
+ struct crtc_position position;
+ uint32_t vupdate_start, vupdate_end;
+ unsigned int lines_to_vupdate, us_to_vupdate, vpos;
+ unsigned int us_per_line, us_vupdate;
+
+ if (!dc->hwss.calc_vupdate_position || !dc->hwss.get_position)
+ return;
+
+ if (!pipe_ctx->stream_res.stream_enc || !pipe_ctx->stream_res.tg)
+ return;
+
+ dc->hwss.calc_vupdate_position(dc, pipe_ctx, &vupdate_start,
+ &vupdate_end);
+
+ dc->hwss.get_position(&pipe_ctx, 1, &position);
+ vpos = position.vertical_count;
+
+ /* Avoid wraparound calculation issues */
+ vupdate_start += stream->timing.v_total;
+ vupdate_end += stream->timing.v_total;
+ vpos += stream->timing.v_total;
+
+ if (vpos <= vupdate_start) {
+ /* VPOS is in VACTIVE or back porch. */
+ lines_to_vupdate = vupdate_start - vpos;
+ } else if (vpos > vupdate_end) {
+ /* VPOS is in the front porch. */
+ return;
+ } else {
+ /* VPOS is in VUPDATE. */
+ lines_to_vupdate = 0;
+ }
+
+ /* Calculate time until VUPDATE in microseconds. */
+ us_per_line =
+ stream->timing.h_total * 10000u / stream->timing.pix_clk_100hz;
+ us_to_vupdate = lines_to_vupdate * us_per_line;
+
+ /* 70 us is a conservative estimate of cursor update time*/
+ if (us_to_vupdate > 70)
+ return;
+
+ /* Stall out until the cursor update completes. */
+ us_vupdate = (vupdate_end - vupdate_start + 1) * us_per_line;
+ udelay(us_to_vupdate + us_vupdate);
+}
+
void dcn10_cursor_lock(struct dc *dc, struct pipe_ctx *pipe, bool lock)
{
/* cursor lock is per MPCC tree, so only need to lock one pipe per stream */
if (!pipe || pipe->top_pipe)
return;
+ /* Prevent cursor lock from stalling out cursor updates. */
+ if (lock)
+ delay_cursor_until_vupdate(dc, pipe);
+
dc->res_pool->mpc->funcs->cursor_lock(dc->res_pool->mpc,
pipe->stream_res.opp->inst, lock);
}
@@ -3142,7 +3209,7 @@ int dcn10_get_vupdate_offset_from_vsync(struct pipe_ctx *pipe_ctx)
return vertical_line_start;
}
-static void dcn10_calc_vupdate_position(
+void dcn10_calc_vupdate_position(
struct dc *dc,
struct pipe_ctx *pipe_ctx,
uint32_t *start_line,
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h
index af51424315d5..42b6e016d71e 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h
@@ -34,6 +34,11 @@ struct dc;
void dcn10_hw_sequencer_construct(struct dc *dc);
int dcn10_get_vupdate_offset_from_vsync(struct pipe_ctx *pipe_ctx);
+void dcn10_calc_vupdate_position(
+ struct dc *dc,
+ struct pipe_ctx *pipe_ctx,
+ uint32_t *start_line,
+ uint32_t *end_line);
void dcn10_setup_vupdate_interrupt(struct dc *dc, struct pipe_ctx *pipe_ctx);
enum dc_status dcn10_enable_stream_timing(
struct pipe_ctx *pipe_ctx,
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_init.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_init.c
index 4a8e4b797bea..0900c861204f 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_init.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_init.c
@@ -72,6 +72,7 @@ static const struct hw_sequencer_funcs dcn10_funcs = {
.set_clock = dcn10_set_clock,
.get_clock = dcn10_get_clock,
.get_vupdate_offset_from_vsync = dcn10_get_vupdate_offset_from_vsync,
+ .calc_vupdate_position = dcn10_calc_vupdate_position,
};
static const struct hwseq_private_funcs dcn10_private_funcs = {
diff --git a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_init.c b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_init.c
index 0cae0c2f84c4..71bfde2cf646 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_init.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_init.c
@@ -83,6 +83,7 @@ static const struct hw_sequencer_funcs dcn20_funcs = {
.init_vm_ctx = dcn20_init_vm_ctx,
.set_flip_control_gsl = dcn20_set_flip_control_gsl,
.get_vupdate_offset_from_vsync = dcn10_get_vupdate_offset_from_vsync,
+ .calc_vupdate_position = dcn10_calc_vupdate_position,
};
static const struct hwseq_private_funcs dcn20_private_funcs = {
diff --git a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_init.c b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_init.c
index 8fe8ec7c0882..7f53bf724fce 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_init.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_init.c
@@ -86,6 +86,7 @@ static const struct hw_sequencer_funcs dcn21_funcs = {
.optimize_pwr_state = dcn21_optimize_pwr_state,
.exit_optimized_pwr_state = dcn21_exit_optimized_pwr_state,
.get_vupdate_offset_from_vsync = dcn10_get_vupdate_offset_from_vsync,
+ .calc_vupdate_position = dcn10_calc_vupdate_position,
.set_cursor_position = dcn10_set_cursor_position,
.set_cursor_attribute = dcn10_set_cursor_attribute,
.set_cursor_sdr_white_level = dcn10_set_cursor_sdr_white_level,
diff --git a/drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h b/drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h
index e57467d99d66..08307f3796e3 100644
--- a/drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h
+++ b/drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h
@@ -92,6 +92,11 @@ struct hw_sequencer_funcs {
void (*get_position)(struct pipe_ctx **pipe_ctx, int num_pipes,
struct crtc_position *position);
int (*get_vupdate_offset_from_vsync)(struct pipe_ctx *pipe_ctx);
+ void (*calc_vupdate_position)(
+ struct dc *dc,
+ struct pipe_ctx *pipe_ctx,
+ uint32_t *start_line,
+ uint32_t *end_line);
void (*enable_per_frame_crtc_position_reset)(struct dc *dc,
int group_size, struct pipe_ctx *grouped_pipes[]);
void (*enable_timing_synchronization)(struct dc *dc,
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 130/177] drm/amd/display: Fix potential integer wraparound resulting in a hang
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 129/177] drm/amd/display: Defer cursor lock until after VUPDATE Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 131/177] IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode Greg Kroah-Hartman
` (47 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aric Cyr, Nicholas Kazlauskas,
Qingqing Zhuo, Alex Deucher, Sasha Levin
From: Aric Cyr <aric.cyr@amd.com>
[ Upstream commit 4e5183200d9b66695c754ef214933402056e7b95 ]
[Why]
If VUPDATE_END is before VUPDATE_START the delay calculated can become
very large, causing a soft hang.
[How]
Take the absolute value of the difference between START and END.
Signed-off-by: Aric Cyr <aric.cyr@amd.com>
Reviewed-by: Nicholas Kazlauskas <Nicholas.Kazlauskas@amd.com>
Acked-by: Qingqing Zhuo <qingqing.zhuo@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
index 60cea910759b..0c987b5d68e2 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
@@ -1651,6 +1651,8 @@ static void delay_cursor_until_vupdate(struct dc *dc, struct pipe_ctx *pipe_ctx)
return;
/* Stall out until the cursor update completes. */
+ if (vupdate_end < vupdate_start)
+ vupdate_end += stream->timing.v_total;
us_vupdate = (vupdate_end - vupdate_start + 1) * us_per_line;
udelay(us_to_vupdate + us_vupdate);
}
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 131/177] IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 130/177] drm/amd/display: Fix potential integer wraparound resulting in a hang Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 132/177] mm,thp: stop leaking unreleased file pages Greg Kroah-Hartman
` (46 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Valentine Fatiev, Alaa Hleihel,
Leon Romanovsky, Doug Ledford, Jason Gunthorpe, Sasha Levin
From: Valentine Fatiev <valentinef@mellanox.com>
[ Upstream commit 1acba6a817852d4aa7916d5c4f2c82f702ee9224 ]
When connected mode is set, and we have connected and datagram traffic in
parallel, ipoib might crash with double free of datagram skb.
The current mechanism assumes that the order in the completion queue is
the same as the order of sent packets for all QPs. Order is kept only for
specific QP, in case of mixed UD and CM traffic we have few QPs (one UD and
few CM's) in parallel.
The problem:
----------------------------------------------------------
Transmit queue:
-----------------
UD skb pointer kept in queue itself, CM skb kept in spearate queue and
uses transmit queue as a placeholder to count the number of total
transmitted packets.
0 1 2 3 4 5 6 7 8 9 10 11 12 13 .........127
------------------------------------------------------------
NL ud1 UD2 CM1 ud3 cm2 cm3 ud4 cm4 ud5 NL NL NL ...........
------------------------------------------------------------
^ ^
tail head
Completion queue (problematic scenario) - the order not the same as in
the transmit queue:
1 2 3 4 5 6 7 8 9
------------------------------------
ud1 CM1 UD2 ud3 cm2 cm3 ud4 cm4 ud5
------------------------------------
1. CM1 'wc' processing
- skb freed in cm separate ring.
- tx_tail of transmit queue increased although UD2 is not freed.
Now driver assumes UD2 index is already freed and it could be used for
new transmitted skb.
0 1 2 3 4 5 6 7 8 9 10 11 12 13 .........127
------------------------------------------------------------
NL NL UD2 CM1 ud3 cm2 cm3 ud4 cm4 ud5 NL NL NL ...........
------------------------------------------------------------
^ ^ ^
(Bad)tail head
(Bad - Could be used for new SKB)
In this case (due to heavy load) UD2 skb pointer could be replaced by new
transmitted packet UD_NEW, as the driver assumes its free. At this point
we will have to process two 'wc' with same index but we have only one
pointer to free.
During second attempt to free the same skb we will have NULL pointer
exception.
2. UD2 'wc' processing
- skb freed according the index we got from 'wc', but it was already
overwritten by mistake. So actually the skb that was released is the
skb of the new transmitted packet and not the original one.
3. UD_NEW 'wc' processing
- attempt to free already freed skb. NUll pointer exception.
The fix:
-----------------------------------------------------------------------
The fix is to stop using the UD ring as a placeholder for CM packets, the
cyclic ring variables tx_head and tx_tail will manage the UD tx_ring, a
new cyclic variables global_tx_head and global_tx_tail are introduced for
managing and counting the overall outstanding sent packets, then the send
queue will be stopped and waken based on these variables only.
Note that no locking is needed since global_tx_head is updated in the xmit
flow and global_tx_tail is updated in the NAPI flow only. A previous
attempt tried to use one variable to count the outstanding sent packets,
but it did not work since xmit and NAPI flows can run at the same time and
the counter will be updated wrongly. Thus, we use the same simple cyclic
head and tail scheme that we have today for the UD tx_ring.
Fixes: 2c104ea68350 ("IB/ipoib: Get rid of the tx_outstanding variable in all modes")
Link: https://lore.kernel.org/r/20200527134705.480068-1-leon@kernel.org
Signed-off-by: Valentine Fatiev <valentinef@mellanox.com>
Signed-off-by: Alaa Hleihel <alaa@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Acked-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/ulp/ipoib/ipoib.h | 4 ++++
drivers/infiniband/ulp/ipoib/ipoib_cm.c | 15 +++++++++------
drivers/infiniband/ulp/ipoib/ipoib_ib.c | 9 +++++++--
drivers/infiniband/ulp/ipoib/ipoib_main.c | 10 ++++++----
4 files changed, 26 insertions(+), 12 deletions(-)
diff --git a/drivers/infiniband/ulp/ipoib/ipoib.h b/drivers/infiniband/ulp/ipoib/ipoib.h
index 2aa3457a30ce..0e5f27caf2b2 100644
--- a/drivers/infiniband/ulp/ipoib/ipoib.h
+++ b/drivers/infiniband/ulp/ipoib/ipoib.h
@@ -377,8 +377,12 @@ struct ipoib_dev_priv {
struct ipoib_rx_buf *rx_ring;
struct ipoib_tx_buf *tx_ring;
+ /* cyclic ring variables for managing tx_ring, for UD only */
unsigned int tx_head;
unsigned int tx_tail;
+ /* cyclic ring variables for counting overall outstanding send WRs */
+ unsigned int global_tx_head;
+ unsigned int global_tx_tail;
struct ib_sge tx_sge[MAX_SKB_FRAGS + 1];
struct ib_ud_wr tx_wr;
struct ib_wc send_wc[MAX_SEND_CQE];
diff --git a/drivers/infiniband/ulp/ipoib/ipoib_cm.c b/drivers/infiniband/ulp/ipoib/ipoib_cm.c
index c59e00a0881f..9bf0fa30df28 100644
--- a/drivers/infiniband/ulp/ipoib/ipoib_cm.c
+++ b/drivers/infiniband/ulp/ipoib/ipoib_cm.c
@@ -756,7 +756,8 @@ void ipoib_cm_send(struct net_device *dev, struct sk_buff *skb, struct ipoib_cm_
return;
}
- if ((priv->tx_head - priv->tx_tail) == ipoib_sendq_size - 1) {
+ if ((priv->global_tx_head - priv->global_tx_tail) ==
+ ipoib_sendq_size - 1) {
ipoib_dbg(priv, "TX ring 0x%x full, stopping kernel net queue\n",
tx->qp->qp_num);
netif_stop_queue(dev);
@@ -786,7 +787,7 @@ void ipoib_cm_send(struct net_device *dev, struct sk_buff *skb, struct ipoib_cm_
} else {
netif_trans_update(dev);
++tx->tx_head;
- ++priv->tx_head;
+ ++priv->global_tx_head;
}
}
@@ -820,10 +821,11 @@ void ipoib_cm_handle_tx_wc(struct net_device *dev, struct ib_wc *wc)
netif_tx_lock(dev);
++tx->tx_tail;
- ++priv->tx_tail;
+ ++priv->global_tx_tail;
if (unlikely(netif_queue_stopped(dev) &&
- (priv->tx_head - priv->tx_tail) <= ipoib_sendq_size >> 1 &&
+ ((priv->global_tx_head - priv->global_tx_tail) <=
+ ipoib_sendq_size >> 1) &&
test_bit(IPOIB_FLAG_ADMIN_UP, &priv->flags)))
netif_wake_queue(dev);
@@ -1232,8 +1234,9 @@ timeout:
dev_kfree_skb_any(tx_req->skb);
netif_tx_lock_bh(p->dev);
++p->tx_tail;
- ++priv->tx_tail;
- if (unlikely(priv->tx_head - priv->tx_tail == ipoib_sendq_size >> 1) &&
+ ++priv->global_tx_tail;
+ if (unlikely((priv->global_tx_head - priv->global_tx_tail) <=
+ ipoib_sendq_size >> 1) &&
netif_queue_stopped(p->dev) &&
test_bit(IPOIB_FLAG_ADMIN_UP, &priv->flags))
netif_wake_queue(p->dev);
diff --git a/drivers/infiniband/ulp/ipoib/ipoib_ib.c b/drivers/infiniband/ulp/ipoib/ipoib_ib.c
index c332b4761816..da3c5315bbb5 100644
--- a/drivers/infiniband/ulp/ipoib/ipoib_ib.c
+++ b/drivers/infiniband/ulp/ipoib/ipoib_ib.c
@@ -407,9 +407,11 @@ static void ipoib_ib_handle_tx_wc(struct net_device *dev, struct ib_wc *wc)
dev_kfree_skb_any(tx_req->skb);
++priv->tx_tail;
+ ++priv->global_tx_tail;
if (unlikely(netif_queue_stopped(dev) &&
- ((priv->tx_head - priv->tx_tail) <= ipoib_sendq_size >> 1) &&
+ ((priv->global_tx_head - priv->global_tx_tail) <=
+ ipoib_sendq_size >> 1) &&
test_bit(IPOIB_FLAG_ADMIN_UP, &priv->flags)))
netif_wake_queue(dev);
@@ -634,7 +636,8 @@ int ipoib_send(struct net_device *dev, struct sk_buff *skb,
else
priv->tx_wr.wr.send_flags &= ~IB_SEND_IP_CSUM;
/* increase the tx_head after send success, but use it for queue state */
- if (priv->tx_head - priv->tx_tail == ipoib_sendq_size - 1) {
+ if ((priv->global_tx_head - priv->global_tx_tail) ==
+ ipoib_sendq_size - 1) {
ipoib_dbg(priv, "TX ring full, stopping kernel net queue\n");
netif_stop_queue(dev);
}
@@ -662,6 +665,7 @@ int ipoib_send(struct net_device *dev, struct sk_buff *skb,
rc = priv->tx_head;
++priv->tx_head;
+ ++priv->global_tx_head;
}
return rc;
}
@@ -807,6 +811,7 @@ int ipoib_ib_dev_stop_default(struct net_device *dev)
ipoib_dma_unmap_tx(priv, tx_req);
dev_kfree_skb_any(tx_req->skb);
++priv->tx_tail;
+ ++priv->global_tx_tail;
}
for (i = 0; i < ipoib_recvq_size; ++i) {
diff --git a/drivers/infiniband/ulp/ipoib/ipoib_main.c b/drivers/infiniband/ulp/ipoib/ipoib_main.c
index 4a0d3a9e72e1..70d6d476ba90 100644
--- a/drivers/infiniband/ulp/ipoib/ipoib_main.c
+++ b/drivers/infiniband/ulp/ipoib/ipoib_main.c
@@ -1188,9 +1188,11 @@ static void ipoib_timeout(struct net_device *dev, unsigned int txqueue)
ipoib_warn(priv, "transmit timeout: latency %d msecs\n",
jiffies_to_msecs(jiffies - dev_trans_start(dev)));
- ipoib_warn(priv, "queue stopped %d, tx_head %u, tx_tail %u\n",
- netif_queue_stopped(dev),
- priv->tx_head, priv->tx_tail);
+ ipoib_warn(priv,
+ "queue stopped %d, tx_head %u, tx_tail %u, global_tx_head %u, global_tx_tail %u\n",
+ netif_queue_stopped(dev), priv->tx_head, priv->tx_tail,
+ priv->global_tx_head, priv->global_tx_tail);
+
/* XXX reset QP, etc. */
}
@@ -1705,7 +1707,7 @@ static int ipoib_dev_init_default(struct net_device *dev)
goto out_rx_ring_cleanup;
}
- /* priv->tx_head, tx_tail & tx_outstanding are already 0 */
+ /* priv->tx_head, tx_tail and global_tx_tail/head are already 0 */
if (ipoib_transport_dev_init(dev, priv->ca)) {
pr_warn("%s: ipoib_transport_dev_init failed\n",
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 132/177] mm,thp: stop leaking unreleased file pages
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (130 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 131/177] IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 133/177] mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() Greg Kroah-Hartman
` (45 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hugh Dickins, Andrew Morton,
Song Liu, Kirill A. Shutemov, Johannes Weiner, Rik van Riel,
Linus Torvalds, Sasha Levin
From: Hugh Dickins <hughd@google.com>
[ Upstream commit 2f33a706027c94cd4f70fcd3e3f4a17c1ce4ea4b ]
When collapse_file() calls try_to_release_page(), it has already isolated
the page: so if releasing buffers happens to fail (as it sometimes does),
remember to putback_lru_page(): otherwise that page is left unreclaimable
and unfreeable, and the file extent uncollapsible.
Fixes: 99cb0dbd47a1 ("mm,thp: add read-only THP support for (non-shmem) FS")
Signed-off-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Song Liu <songliubraving@fb.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: Rik van Riel <riel@surriel.com>
Cc: <stable@vger.kernel.org> [5.4+]
Link: http://lkml.kernel.org/r/alpine.LSU.2.11.2005231837500.1766@eggly.anvils
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
mm/khugepaged.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/mm/khugepaged.c b/mm/khugepaged.c
index b679908743cb..ba059e68cf50 100644
--- a/mm/khugepaged.c
+++ b/mm/khugepaged.c
@@ -1673,6 +1673,7 @@ static void collapse_file(struct mm_struct *mm,
if (page_has_private(page) &&
!try_to_release_page(page, GFP_KERNEL)) {
result = SCAN_PAGE_HAS_PRIVATE;
+ putback_lru_page(page);
goto out_unlock;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 133/177] mm: remove VM_BUG_ON(PageSlab()) from page_mapcount()
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 132/177] mm,thp: stop leaking unreleased file pages Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 134/177] fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() Greg Kroah-Hartman
` (44 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Konstantin Khlebnikov, Andrew Morton,
Hugh Dickins, Kirill A. Shutemov, Vlastimil Babka,
David Rientjes, Linus Torvalds, Sasha Levin
From: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
[ Upstream commit 6988f31d558aa8c744464a7f6d91d34ada48ad12 ]
Replace superfluous VM_BUG_ON() with comment about correct usage.
Technically reverts commit 1d148e218a0d ("mm: add VM_BUG_ON_PAGE() to
page_mapcount()"), but context lines have changed.
Function isolate_migratepages_block() runs some checks out of lru_lock
when choose pages for migration. After checking PageLRU() it checks
extra page references by comparing page_count() and page_mapcount().
Between these two checks page could be removed from lru, freed and taken
by slab.
As a result this race triggers VM_BUG_ON(PageSlab()) in page_mapcount().
Race window is tiny. For certain workload this happens around once a
year.
page:ffffea0105ca9380 count:1 mapcount:0 mapping:ffff88ff7712c180 index:0x0 compound_mapcount: 0
flags: 0x500000000008100(slab|head)
raw: 0500000000008100 dead000000000100 dead000000000200 ffff88ff7712c180
raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
page dumped because: VM_BUG_ON_PAGE(PageSlab(page))
------------[ cut here ]------------
kernel BUG at ./include/linux/mm.h:628!
invalid opcode: 0000 [#1] SMP NOPTI
CPU: 77 PID: 504 Comm: kcompactd1 Tainted: G W 4.19.109-27 #1
Hardware name: Yandex T175-N41-Y3N/MY81-EX0-Y3N, BIOS R05 06/20/2019
RIP: 0010:isolate_migratepages_block+0x986/0x9b0
The code in isolate_migratepages_block() was added in commit
119d6d59dcc0 ("mm, compaction: avoid isolating pinned pages") before
adding VM_BUG_ON into page_mapcount().
This race has been predicted in 2015 by Vlastimil Babka (see link
below).
[akpm@linux-foundation.org: comment tweaks, per Hugh]
Fixes: 1d148e218a0d ("mm: add VM_BUG_ON_PAGE() to page_mapcount()")
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Hugh Dickins <hughd@google.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Cc: David Rientjes <rientjes@google.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/159032779896.957378.7852761411265662220.stgit@buzz
Link: https://lore.kernel.org/lkml/557710E1.6060103@suse.cz/
Link: https://lore.kernel.org/linux-mm/158937872515.474360.5066096871639561424.stgit@buzz/T/ (v1)
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/mm.h | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/include/linux/mm.h b/include/linux/mm.h
index c54fb96cb1e6..96deeecd9179 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -670,6 +670,11 @@ static inline void *kvcalloc(size_t n, size_t size, gfp_t flags)
extern void kvfree(const void *addr);
+/*
+ * Mapcount of compound page as a whole, does not include mapped sub-pages.
+ *
+ * Must be called only for compound pages or any their tail sub-pages.
+ */
static inline int compound_mapcount(struct page *page)
{
VM_BUG_ON_PAGE(!PageCompound(page), page);
@@ -689,10 +694,16 @@ static inline void page_mapcount_reset(struct page *page)
int __page_mapcount(struct page *page);
+/*
+ * Mapcount of 0-order page; when compound sub-page, includes
+ * compound_mapcount().
+ *
+ * Result is undefined for pages which cannot be mapped into userspace.
+ * For example SLAB or special types of pages. See function page_has_type().
+ * They use this place in struct page differently.
+ */
static inline int page_mapcount(struct page *page)
{
- VM_BUG_ON_PAGE(PageSlab(page), page);
-
if (unlikely(PageCompound(page)))
return __page_mapcount(page);
return atomic_read(&page->_mapcount) + 1;
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 134/177] fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 133/177] mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 135/177] include/asm-generic/topology.h: guard cpumask_of_node() macro argument Greg Kroah-Hartman
` (43 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, sam, Alexander Potapenko,
Andrew Morton, Kees Cook, Al Viro, Alexey Dobriyan,
Linus Torvalds, Sasha Levin
From: Alexander Potapenko <glider@google.com>
[ Upstream commit 1d605416fb7175e1adf094251466caa52093b413 ]
KMSAN reported uninitialized data being written to disk when dumping
core. As a result, several kilobytes of kmalloc memory may be written
to the core file and then read by a non-privileged user.
Reported-by: sam <sunhaoyl@outlook.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200419100848.63472-1-glider@google.com
Link: https://github.com/google/kmsan/issues/76
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/binfmt_elf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index f4713ea76e82..54f888ddb8cc 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -1733,7 +1733,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
(!regset->active || regset->active(t->task, regset) > 0)) {
int ret;
size_t size = regset_size(t->task, regset);
- void *data = kmalloc(size, GFP_KERNEL);
+ void *data = kzalloc(size, GFP_KERNEL);
if (unlikely(!data))
return 0;
ret = regset->get(t->task, regset,
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 135/177] include/asm-generic/topology.h: guard cpumask_of_node() macro argument
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 134/177] fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 136/177] Revert "block: end bio with BLK_STS_AGAIN in case of non-mq devs and REQ_NOWAIT" Greg Kroah-Hartman
` (42 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Andrew Morton,
Guenter Roeck, Linus Torvalds, Sasha Levin
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 4377748c7b5187c3342a60fa2ceb60c8a57a8488 ]
drivers/hwmon/amd_energy.c:195:15: error: invalid operands to binary expression ('void' and 'int')
(channel - data->nr_cpus));
~~~~~~~~~^~~~~~~~~~~~~~~~~
include/asm-generic/topology.h:51:42: note: expanded from macro 'cpumask_of_node'
#define cpumask_of_node(node) ((void)node, cpu_online_mask)
^~~~
include/linux/cpumask.h:618:72: note: expanded from macro 'cpumask_first_and'
#define cpumask_first_and(src1p, src2p) cpumask_next_and(-1, (src1p), (src2p))
^~~~~
Fixes: f0b848ce6fe9 ("cpumask: Introduce cpumask_of_{node,pcibus} to replace {node,pcibus}_to_cpumask")
Fixes: 8abee9566b7e ("hwmon: Add amd_energy driver to report energy counters")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Guenter Roeck <linux@roeck-us.net>
Link: http://lkml.kernel.org/r/20200527134623.930247-1-arnd@arndb.de
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/asm-generic/topology.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/asm-generic/topology.h b/include/asm-generic/topology.h
index 238873739550..5aa8705df87e 100644
--- a/include/asm-generic/topology.h
+++ b/include/asm-generic/topology.h
@@ -48,7 +48,7 @@
#ifdef CONFIG_NEED_MULTIPLE_NODES
#define cpumask_of_node(node) ((node) == 0 ? cpu_online_mask : cpu_none_mask)
#else
- #define cpumask_of_node(node) ((void)node, cpu_online_mask)
+ #define cpumask_of_node(node) ((void)(node), cpu_online_mask)
#endif
#endif
#ifndef pcibus_to_node
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 136/177] Revert "block: end bio with BLK_STS_AGAIN in case of non-mq devs and REQ_NOWAIT"
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 135/177] include/asm-generic/topology.h: guard cpumask_of_node() macro argument Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 137/177] gpio: fix locking open drain IRQ lines Greg Kroah-Hartman
` (41 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bijan Mottahedeh, Jens Axboe, Sasha Levin
From: Jens Axboe <axboe@kernel.dk>
[ Upstream commit b0beb28097fa04177b3769f4bb7a0d0d9c4ae76e ]
This reverts commit c58c1f83436b501d45d4050fd1296d71a9760bcb.
io_uring does do the right thing for this case, and we're still returning
-EAGAIN to userspace for the cases we don't support. Revert this change
to avoid doing endless spins of resubmits.
Cc: stable@vger.kernel.org # v5.6
Reported-by: Bijan Mottahedeh <bijan.mottahedeh@oracle.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-core.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/block/blk-core.c b/block/blk-core.c
index 60dc9552ef8d..92232907605c 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -885,14 +885,11 @@ generic_make_request_checks(struct bio *bio)
}
/*
- * Non-mq queues do not honor REQ_NOWAIT, so complete a bio
- * with BLK_STS_AGAIN status in order to catch -EAGAIN and
- * to give a chance to the caller to repeat request gracefully.
+ * For a REQ_NOWAIT based request, return -EOPNOTSUPP
+ * if queue is not a request based queue.
*/
- if ((bio->bi_opf & REQ_NOWAIT) && !queue_is_mq(q)) {
- status = BLK_STS_AGAIN;
- goto end_io;
- }
+ if ((bio->bi_opf & REQ_NOWAIT) && !queue_is_mq(q))
+ goto not_supported;
if (should_fail_bio(bio))
goto end_io;
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 137/177] gpio: fix locking open drain IRQ lines
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 136/177] Revert "block: end bio with BLK_STS_AGAIN in case of non-mq devs and REQ_NOWAIT" Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 138/177] iommu: Fix reference count leak in iommu_group_alloc Greg Kroah-Hartman
` (40 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Linus Walleij,
Russell King, Sasha Levin
From: Linus Walleij <linus.walleij@linaro.org>
[ Upstream commit e9bdf7e655b9ee81ee912fae1d59df48ce7311b6 ]
We provided the right semantics on open drain lines being
by definition output but incidentally the irq set up function
would only allow IRQs on lines that were "not output".
Fix the semantics to allow output open drain lines to be used
for IRQs.
Reported-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Tested-by: Hans Verkuil <hverkuil@xs4all.nl>
Cc: Russell King <linux@armlinux.org.uk>
Cc: stable@vger.kernel.org # v5.3+
Link: https://lore.kernel.org/r/20200527140758.162280-1-linus.walleij@linaro.org
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpio/gpiolib.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
index 00fb91feba70..2f350e3df965 100644
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
@@ -4025,7 +4025,9 @@ int gpiochip_lock_as_irq(struct gpio_chip *chip, unsigned int offset)
}
}
- if (test_bit(FLAG_IS_OUT, &desc->flags)) {
+ /* To be valid for IRQ the line needs to be input or open drain */
+ if (test_bit(FLAG_IS_OUT, &desc->flags) &&
+ !test_bit(FLAG_OPEN_DRAIN, &desc->flags)) {
chip_err(chip,
"%s: tried to flag a GPIO set as output for IRQ\n",
__func__);
@@ -4088,7 +4090,12 @@ void gpiochip_enable_irq(struct gpio_chip *chip, unsigned int offset)
if (!IS_ERR(desc) &&
!WARN_ON(!test_bit(FLAG_USED_AS_IRQ, &desc->flags))) {
- WARN_ON(test_bit(FLAG_IS_OUT, &desc->flags));
+ /*
+ * We must not be output when using IRQ UNLESS we are
+ * open drain.
+ */
+ WARN_ON(test_bit(FLAG_IS_OUT, &desc->flags) &&
+ !test_bit(FLAG_OPEN_DRAIN, &desc->flags));
set_bit(FLAG_IRQ_IS_ENABLED, &desc->flags);
}
}
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 138/177] iommu: Fix reference count leak in iommu_group_alloc.
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 137/177] gpio: fix locking open drain IRQ lines Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 139/177] parisc: Fix kernel panic in mem_init() Greg Kroah-Hartman
` (39 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qiushi Wu, Joerg Roedel, Sasha Levin
From: Qiushi Wu <wu000273@umn.edu>
[ Upstream commit 7cc31613734c4870ae32f5265d576ef296621343 ]
kobject_init_and_add() takes reference even when it fails.
Thus, when kobject_init_and_add() returns an error,
kobject_put() must be called to properly clean up the kobject.
Fixes: d72e31c93746 ("iommu: IOMMU Groups")
Signed-off-by: Qiushi Wu <wu000273@umn.edu>
Link: https://lore.kernel.org/r/20200527210020.6522-1-wu000273@umn.edu
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/iommu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
index 22b28076d48e..b09de25df02e 100644
--- a/drivers/iommu/iommu.c
+++ b/drivers/iommu/iommu.c
@@ -509,7 +509,7 @@ struct iommu_group *iommu_group_alloc(void)
NULL, "%d", group->id);
if (ret) {
ida_simple_remove(&iommu_group_ida, group->id);
- kfree(group);
+ kobject_put(&group->kobj);
return ERR_PTR(ret);
}
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 139/177] parisc: Fix kernel panic in mem_init()
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 138/177] iommu: Fix reference count leak in iommu_group_alloc Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 140/177] cfg80211: fix debugfs rename crash Greg Kroah-Hartman
` (38 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Helge Deller, Sasha Levin
From: Helge Deller <deller@gmx.de>
[ Upstream commit bf71bc16e02162388808949b179d59d0b571b965 ]
The Debian kernel v5.6 triggers this kernel panic:
Kernel panic - not syncing: Bad Address (null pointer deref?)
Bad Address (null pointer deref?): Code=26 (Data memory access rights trap) at addr 0000000000000000
CPU: 0 PID: 0 Comm: swapper Not tainted 5.6.0-2-parisc64 #1 Debian 5.6.14-1
IAOQ[0]: mem_init+0xb0/0x150
IAOQ[1]: mem_init+0xb4/0x150
RP(r2): start_kernel+0x6c8/0x1190
Backtrace:
[<0000000040101ab4>] start_kernel+0x6c8/0x1190
[<0000000040108574>] start_parisc+0x158/0x1b8
on a HP-PARISC rp3440 machine with this memory layout:
Memory Ranges:
0) Start 0x0000000000000000 End 0x000000003fffffff Size 1024 MB
1) Start 0x0000004040000000 End 0x00000040ffdfffff Size 3070 MB
Fix the crash by avoiding virt_to_page() and similar functions in
mem_init() until the memory zones have been fully set up.
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: stable@vger.kernel.org # v5.0+
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/parisc/mm/init.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/parisc/mm/init.c b/arch/parisc/mm/init.c
index 5224fb38d766..01d7071b23f7 100644
--- a/arch/parisc/mm/init.c
+++ b/arch/parisc/mm/init.c
@@ -562,7 +562,7 @@ void __init mem_init(void)
> BITS_PER_LONG);
high_memory = __va((max_pfn << PAGE_SHIFT));
- set_max_mapnr(page_to_pfn(virt_to_page(high_memory - 1)) + 1);
+ set_max_mapnr(max_low_pfn);
memblock_free_all();
#ifdef CONFIG_PA11
--
2.25.1
^ permalink raw reply related [flat|nested] 179+ messages in thread
* [PATCH 5.6 140/177] cfg80211: fix debugfs rename crash
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 139/177] parisc: Fix kernel panic in mem_init() Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 141/177] mac80211: mesh: fix discovery timer re-arming issue / crash Greg Kroah-Hartman
` (37 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+fd5332e429401bf42d18, Johannes Berg
From: Johannes Berg <johannes.berg@intel.com>
commit 0bbab5f0301587cad4e923ccc49bb910db86162c upstream.
Removing the "if (IS_ERR(dir)) dir = NULL;" check only works
if we adjust the remaining code to not rely on it being NULL.
Check IS_ERR_OR_NULL() before attempting to dereference it.
I'm not actually entirely sure this fixes the syzbot crash as
the kernel config indicates that they do have DEBUG_FS in the
kernel, but this is what I found when looking there.
Cc: stable@vger.kernel.org
Fixes: d82574a8e5a4 ("cfg80211: no need to check return value of debugfs_create functions")
Reported-by: syzbot+fd5332e429401bf42d18@syzkaller.appspotmail.com
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Link: https://lore.kernel.org/r/20200525113816.fc4da3ec3d4b.Ica63a110679819eaa9fb3bc1b7437d96b1fd187d@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/wireless/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -142,7 +142,7 @@ int cfg80211_dev_rename(struct cfg80211_
if (result)
return result;
- if (rdev->wiphy.debugfsdir)
+ if (!IS_ERR_OR_NULL(rdev->wiphy.debugfsdir))
debugfs_rename(rdev->wiphy.debugfsdir->d_parent,
rdev->wiphy.debugfsdir,
rdev->wiphy.debugfsdir->d_parent, newname);
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 141/177] mac80211: mesh: fix discovery timer re-arming issue / crash
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 140/177] cfg80211: fix debugfs rename crash Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 142/177] x86/dma: Fix max PFN arithmetic overflow on 32 bit systems Greg Kroah-Hartman
` (36 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Simon Wunderlich, Linus Lüssing,
Johannes Berg
From: Linus Lüssing <ll@simonwunderlich.de>
commit e2d4a80f93fcfaf72e2e20daf6a28e39c3b90677 upstream.
On a non-forwarding 802.11s link between two fairly busy
neighboring nodes (iperf with -P 16 at ~850MBit/s TCP;
1733.3 MBit/s VHT-MCS 9 80MHz short GI VHT-NSS 4), so with
frequent PREQ retries, usually after around 30-40 seconds the
following crash would occur:
[ 1110.822428] Unable to handle kernel read from unreadable memory at virtual address 00000000
[ 1110.830786] Mem abort info:
[ 1110.833573] Exception class = IABT (current EL), IL = 32 bits
[ 1110.839494] SET = 0, FnV = 0
[ 1110.842546] EA = 0, S1PTW = 0
[ 1110.845678] user pgtable: 4k pages, 48-bit VAs, pgd = ffff800076386000
[ 1110.852204] [0000000000000000] *pgd=00000000f6322003, *pud=00000000f62de003, *pmd=0000000000000000
[ 1110.861167] Internal error: Oops: 86000004 [#1] PREEMPT SMP
[ 1110.866730] Modules linked in: pppoe ppp_async batman_adv ath10k_pci ath10k_core ath pppox ppp_generic nf_conntrack_ipv6 mac80211 iptable_nat ipt_REJECT ipt_MASQUERADE cfg80211 xt_time xt_tcpudp xt_state xt_nat xt_multiport xt_mark xt_mac xt_limit xt_conntrack xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_FLOWOFFLOAD slhc nf_reject_ipv4 nf_nat_redirect nf_nat_masquerade_ipv4 nf_conntrack_ipv4 nf_nat_ipv4 nf_nat nf_log_ipv4 nf_flow_table_hw nf_flow_table nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_rtcache nf_conntrack iptable_mangle iptable_filter ip_tables crc_ccitt compat nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables ip6t_REJECT x_tables nf_reject_ipv6 usb_storage xhci_plat_hcd xhci_pci xhci_hcd dwc3 usbcore usb_common
[ 1110.932190] Process swapper/3 (pid: 0, stack limit = 0xffff0000090c8000)
[ 1110.938884] CPU: 3 PID: 0 Comm: swapper/3 Not tainted 4.14.162 #0
[ 1110.944965] Hardware name: LS1043A RGW Board (DT)
[ 1110.949658] task: ffff8000787a81c0 task.stack: ffff0000090c8000
[ 1110.955568] PC is at 0x0
[ 1110.958097] LR is at call_timer_fn.isra.27+0x24/0x78
[ 1110.963055] pc : [<0000000000000000>] lr : [<ffff0000080ff29c>] pstate: 00400145
[ 1110.970440] sp : ffff00000801be10
[ 1110.973744] x29: ffff00000801be10 x28: ffff000008bf7018
[ 1110.979047] x27: ffff000008bf87c8 x26: ffff000008c160c0
[ 1110.984352] x25: 0000000000000000 x24: 0000000000000000
[ 1110.989657] x23: dead000000000200 x22: 0000000000000000
[ 1110.994959] x21: 0000000000000000 x20: 0000000000000101
[ 1111.000262] x19: ffff8000787a81c0 x18: 0000000000000000
[ 1111.005565] x17: ffff0000089167b0 x16: 0000000000000058
[ 1111.010868] x15: ffff0000089167b0 x14: 0000000000000000
[ 1111.016172] x13: ffff000008916788 x12: 0000000000000040
[ 1111.021475] x11: ffff80007fda9af0 x10: 0000000000000001
[ 1111.026777] x9 : ffff00000801bea0 x8 : 0000000000000004
[ 1111.032080] x7 : 0000000000000000 x6 : ffff80007fda9aa8
[ 1111.037383] x5 : ffff00000801bea0 x4 : 0000000000000010
[ 1111.042685] x3 : ffff00000801be98 x2 : 0000000000000614
[ 1111.047988] x1 : 0000000000000000 x0 : 0000000000000000
[ 1111.053290] Call trace:
[ 1111.055728] Exception stack(0xffff00000801bcd0 to 0xffff00000801be10)
[ 1111.062158] bcc0: 0000000000000000 0000000000000000
[ 1111.069978] bce0: 0000000000000614 ffff00000801be98 0000000000000010 ffff00000801bea0
[ 1111.077798] bd00: ffff80007fda9aa8 0000000000000000 0000000000000004 ffff00000801bea0
[ 1111.085618] bd20: 0000000000000001 ffff80007fda9af0 0000000000000040 ffff000008916788
[ 1111.093437] bd40: 0000000000000000 ffff0000089167b0 0000000000000058 ffff0000089167b0
[ 1111.101256] bd60: 0000000000000000 ffff8000787a81c0 0000000000000101 0000000000000000
[ 1111.109075] bd80: 0000000000000000 dead000000000200 0000000000000000 0000000000000000
[ 1111.116895] bda0: ffff000008c160c0 ffff000008bf87c8 ffff000008bf7018 ffff00000801be10
[ 1111.124715] bdc0: ffff0000080ff29c ffff00000801be10 0000000000000000 0000000000400145
[ 1111.132534] bde0: ffff8000787a81c0 ffff00000801bde8 0000ffffffffffff 000001029eb19be8
[ 1111.140353] be00: ffff00000801be10 0000000000000000
[ 1111.145220] [< (null)>] (null)
[ 1111.149917] [<ffff0000080ff77c>] run_timer_softirq+0x184/0x398
[ 1111.155741] [<ffff000008081938>] __do_softirq+0x100/0x1fc
[ 1111.161130] [<ffff0000080a2e28>] irq_exit+0x80/0xd8
[ 1111.166002] [<ffff0000080ea708>] __handle_domain_irq+0x88/0xb0
[ 1111.171825] [<ffff000008081678>] gic_handle_irq+0x68/0xb0
[ 1111.177213] Exception stack(0xffff0000090cbe30 to 0xffff0000090cbf70)
[ 1111.183642] be20: 0000000000000020 0000000000000000
[ 1111.191461] be40: 0000000000000001 0000000000000000 00008000771af000 0000000000000000
[ 1111.199281] be60: ffff000008c95180 0000000000000000 ffff000008c19360 ffff0000090cbef0
[ 1111.207101] be80: 0000000000000810 0000000000000400 0000000000000098 ffff000000000000
[ 1111.214920] bea0: 0000000000000001 ffff0000089167b0 0000000000000000 ffff0000089167b0
[ 1111.222740] bec0: 0000000000000000 ffff000008c198e8 ffff000008bf7018 ffff000008c19000
[ 1111.230559] bee0: 0000000000000000 0000000000000000 ffff8000787a81c0 ffff000008018000
[ 1111.238380] bf00: ffff00000801c000 ffff00000913ba34 ffff8000787a81c0 ffff0000090cbf70
[ 1111.246199] bf20: ffff0000080857cc ffff0000090cbf70 ffff0000080857d0 0000000000400145
[ 1111.254020] bf40: ffff000008018000 ffff00000801c000 ffffffffffffffff ffff0000080fa574
[ 1111.261838] bf60: ffff0000090cbf70 ffff0000080857d0
[ 1111.266706] [<ffff0000080832e8>] el1_irq+0xe8/0x18c
[ 1111.271576] [<ffff0000080857d0>] arch_cpu_idle+0x10/0x18
[ 1111.276880] [<ffff0000080d7de4>] do_idle+0xec/0x1b8
[ 1111.281748] [<ffff0000080d8020>] cpu_startup_entry+0x20/0x28
[ 1111.287399] [<ffff00000808f81c>] secondary_start_kernel+0x104/0x110
[ 1111.293662] Code: bad PC value
[ 1111.296710] ---[ end trace 555b6ca4363c3edd ]---
[ 1111.301318] Kernel panic - not syncing: Fatal exception in interrupt
[ 1111.307661] SMP: stopping secondary CPUs
[ 1111.311574] Kernel Offset: disabled
[ 1111.315053] CPU features: 0x0002000
[ 1111.318530] Memory Limit: none
[ 1111.321575] Rebooting in 3 seconds..
With some added debug output / delays we were able to push the crash from
the timer callback runner into the callback function and by that shedding
some light on which object holding the timer gets corrupted:
[ 401.720899] Unable to handle kernel read from unreadable memory at virtual address 00000868
[...]
[ 402.335836] [<ffff0000088fafa4>] _raw_spin_lock_bh+0x14/0x48
[ 402.341548] [<ffff000000dbe684>] mesh_path_timer+0x10c/0x248 [mac80211]
[ 402.348154] [<ffff0000080ff29c>] call_timer_fn.isra.27+0x24/0x78
[ 402.354150] [<ffff0000080ff77c>] run_timer_softirq+0x184/0x398
[ 402.359974] [<ffff000008081938>] __do_softirq+0x100/0x1fc
[ 402.365362] [<ffff0000080a2e28>] irq_exit+0x80/0xd8
[ 402.370231] [<ffff0000080ea708>] __handle_domain_irq+0x88/0xb0
[ 402.376053] [<ffff000008081678>] gic_handle_irq+0x68/0xb0
The issue happens due to the following sequence of events:
1) mesh_path_start_discovery():
-> spin_unlock_bh(&mpath->state_lock) before mesh_path_sel_frame_tx()
2) mesh_path_free_rcu()
-> del_timer_sync(&mpath->timer)
[...]
-> kfree_rcu(mpath)
3) mesh_path_start_discovery():
-> mod_timer(&mpath->timer, ...)
[...]
-> rcu_read_unlock()
4) mesh_path_free_rcu()'s kfree_rcu():
-> kfree(mpath)
5) mesh_path_timer() starts after timeout, using freed mpath object
So a use-after-free issue due to a timer re-arming bug caused by an
early spin-unlocking.
This patch fixes this issue by re-checking if mpath is about to be
free'd and if so bails out of re-arming the timer.
Cc: stable@vger.kernel.org
Fixes: 050ac52cbe1f ("mac80211: code for on-demand Hybrid Wireless Mesh Protocol")
Cc: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Linus Lüssing <ll@simonwunderlich.de>
Link: https://lore.kernel.org/r/20200522170413.14973-1-linus.luessing@c0d3.blue
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/mesh_hwmp.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/net/mac80211/mesh_hwmp.c
+++ b/net/mac80211/mesh_hwmp.c
@@ -1103,7 +1103,14 @@ void mesh_path_start_discovery(struct ie
mesh_path_sel_frame_tx(MPATH_PREQ, 0, sdata->vif.addr, ifmsh->sn,
target_flags, mpath->dst, mpath->sn, da, 0,
ttl, lifetime, 0, ifmsh->preq_id++, sdata);
+
+ spin_lock_bh(&mpath->state_lock);
+ if (mpath->flags & MESH_PATH_DELETED) {
+ spin_unlock_bh(&mpath->state_lock);
+ goto enddiscovery;
+ }
mod_timer(&mpath->timer, jiffies + mpath->discovery_timeout);
+ spin_unlock_bh(&mpath->state_lock);
enddiscovery:
rcu_read_unlock();
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 142/177] x86/dma: Fix max PFN arithmetic overflow on 32 bit systems
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 141/177] mac80211: mesh: fix discovery timer re-arming issue / crash Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 143/177] copy_xstate_to_kernel(): dont leave parts of destination uninitialized Greg Kroah-Hartman
` (35 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alan Jenkins, Robin Murphy,
Alexander Dahl, Borislav Petkov
From: Alexander Dahl <post@lespocky.de>
commit 88743470668ef5eb6b7ba9e0f99888e5999bf172 upstream.
The intermediate result of the old term (4UL * 1024 * 1024 * 1024) is
4 294 967 296 or 0x100000000 which is no problem on 64 bit systems.
The patch does not change the later overall result of 0x100000 for
MAX_DMA32_PFN (after it has been shifted by PAGE_SHIFT). The new
calculation yields the same result, but does not require 64 bit
arithmetic.
On 32 bit systems the old calculation suffers from an arithmetic
overflow in that intermediate term in braces: 4UL aka unsigned long int
is 4 byte wide and an arithmetic overflow happens (the 0x100000000 does
not fit in 4 bytes), the in braces result is truncated to zero, the
following right shift does not alter that, so MAX_DMA32_PFN evaluates to
0 on 32 bit systems.
That wrong value is a problem in a comparision against MAX_DMA32_PFN in
the init code for swiotlb in pci_swiotlb_detect_4gb() to decide if
swiotlb should be active. That comparison yields the opposite result,
when compiling on 32 bit systems.
This was not possible before
1b7e03ef7570 ("x86, NUMA: Enable emulation on 32bit too")
when that MAX_DMA32_PFN was first made visible to x86_32 (and which
landed in v3.0).
In practice this wasn't a problem, unless CONFIG_SWIOTLB is active on
x86-32.
However if one has set CONFIG_IOMMU_INTEL, since
c5a5dc4cbbf4 ("iommu/vt-d: Don't switch off swiotlb if bounce page is used")
there's a dependency on CONFIG_SWIOTLB, which was not necessarily
active before. That landed in v5.4, where we noticed it in the fli4l
Linux distribution. We have CONFIG_IOMMU_INTEL active on both 32 and 64
bit kernel configs there (I could not find out why, so let's just say
historical reasons).
The effect is at boot time 64 MiB (default size) were allocated for
bounce buffers now, which is a noticeable amount of memory on small
systems like pcengines ALIX 2D3 with 256 MiB memory, which are still
frequently used as home routers.
We noticed this effect when migrating from kernel v4.19 (LTS) to v5.4
(LTS) in fli4l and got that kernel messages for example:
Linux version 5.4.22 (buildroot@buildroot) (gcc version 7.3.0 (Buildroot 2018.02.8)) #1 SMP Mon Nov 26 23:40:00 CET 2018
…
Memory: 183484K/261756K available (4594K kernel code, 393K rwdata, 1660K rodata, 536K init, 456K bss , 78272K reserved, 0K cma-reserved, 0K highmem)
…
PCI-DMA: Using software bounce buffering for IO (SWIOTLB)
software IO TLB: mapped [mem 0x0bb78000-0x0fb78000] (64MB)
The initial analysis and the suggested fix was done by user 'sourcejedi'
at stackoverflow and explicitly marked as GPLv2 for inclusion in the
Linux kernel:
https://unix.stackexchange.com/a/520525/50007
The new calculation, which does not suffer from that overflow, is the
same as for arch/mips now as suggested by Robin Murphy.
The fix was tested by fli4l users on round about two dozen different
systems, including both 32 and 64 bit archs, bare metal and virtualized
machines.
[ bp: Massage commit message. ]
Fixes: 1b7e03ef7570 ("x86, NUMA: Enable emulation on 32bit too")
Reported-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Suggested-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: stable@vger.kernel.org
Link: https://unix.stackexchange.com/q/520065/50007
Link: https://web.nettworks.org/bugs/browse/FFL-2560
Link: https://lkml.kernel.org/r/20200526175749.20742-1-post@lespocky.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/dma.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/include/asm/dma.h
+++ b/arch/x86/include/asm/dma.h
@@ -74,7 +74,7 @@
#define MAX_DMA_PFN ((16UL * 1024 * 1024) >> PAGE_SHIFT)
/* 4GB broken PCI/AGP hardware bus master zone */
-#define MAX_DMA32_PFN ((4UL * 1024 * 1024 * 1024) >> PAGE_SHIFT)
+#define MAX_DMA32_PFN (1UL << (32 - PAGE_SHIFT))
#ifdef CONFIG_X86_32
/* The maximum address that we can perform a DMA transfer to on this platform */
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 143/177] copy_xstate_to_kernel(): dont leave parts of destination uninitialized
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 142/177] x86/dma: Fix max PFN arithmetic overflow on 32 bit systems Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 144/177] xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input Greg Kroah-Hartman
` (34 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Alexander Potapenko,
Borislav Petkov, Al Viro
From: Al Viro <viro@zeniv.linux.org.uk>
commit 9e4636545933131de15e1ecd06733538ae939b2f upstream.
copy the corresponding pieces of init_fpstate into the gaps instead.
Cc: stable@kernel.org
Tested-by: Alexander Potapenko <glider@google.com>
Acked-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/fpu/xstate.c | 86 ++++++++++++++++++++++++-------------------
1 file changed, 48 insertions(+), 38 deletions(-)
--- a/arch/x86/kernel/fpu/xstate.c
+++ b/arch/x86/kernel/fpu/xstate.c
@@ -954,18 +954,31 @@ static inline bool xfeatures_mxcsr_quirk
return true;
}
-/*
- * This is similar to user_regset_copyout(), but will not add offset to
- * the source data pointer or increment pos, count, kbuf, and ubuf.
- */
-static inline void
-__copy_xstate_to_kernel(void *kbuf, const void *data,
- unsigned int offset, unsigned int size, unsigned int size_total)
+static void fill_gap(unsigned to, void **kbuf, unsigned *pos, unsigned *count)
{
- if (offset < size_total) {
- unsigned int copy = min(size, size_total - offset);
+ if (*pos < to) {
+ unsigned size = to - *pos;
+
+ if (size > *count)
+ size = *count;
+ memcpy(*kbuf, (void *)&init_fpstate.xsave + *pos, size);
+ *kbuf += size;
+ *pos += size;
+ *count -= size;
+ }
+}
- memcpy(kbuf + offset, data, copy);
+static void copy_part(unsigned offset, unsigned size, void *from,
+ void **kbuf, unsigned *pos, unsigned *count)
+{
+ fill_gap(offset, kbuf, pos, count);
+ if (size > *count)
+ size = *count;
+ if (size) {
+ memcpy(*kbuf, from, size);
+ *kbuf += size;
+ *pos += size;
+ *count -= size;
}
}
@@ -978,8 +991,9 @@ __copy_xstate_to_kernel(void *kbuf, cons
*/
int copy_xstate_to_kernel(void *kbuf, struct xregs_state *xsave, unsigned int offset_start, unsigned int size_total)
{
- unsigned int offset, size;
struct xstate_header header;
+ const unsigned off_mxcsr = offsetof(struct fxregs_state, mxcsr);
+ unsigned count = size_total;
int i;
/*
@@ -995,46 +1009,42 @@ int copy_xstate_to_kernel(void *kbuf, st
header.xfeatures = xsave->header.xfeatures;
header.xfeatures &= ~XFEATURE_MASK_SUPERVISOR;
+ if (header.xfeatures & XFEATURE_MASK_FP)
+ copy_part(0, off_mxcsr,
+ &xsave->i387, &kbuf, &offset_start, &count);
+ if (header.xfeatures & (XFEATURE_MASK_SSE | XFEATURE_MASK_YMM))
+ copy_part(off_mxcsr, MXCSR_AND_FLAGS_SIZE,
+ &xsave->i387.mxcsr, &kbuf, &offset_start, &count);
+ if (header.xfeatures & XFEATURE_MASK_FP)
+ copy_part(offsetof(struct fxregs_state, st_space), 128,
+ &xsave->i387.st_space, &kbuf, &offset_start, &count);
+ if (header.xfeatures & XFEATURE_MASK_SSE)
+ copy_part(xstate_offsets[XFEATURE_MASK_SSE], 256,
+ &xsave->i387.xmm_space, &kbuf, &offset_start, &count);
+ /*
+ * Fill xsave->i387.sw_reserved value for ptrace frame:
+ */
+ copy_part(offsetof(struct fxregs_state, sw_reserved), 48,
+ xstate_fx_sw_bytes, &kbuf, &offset_start, &count);
/*
* Copy xregs_state->header:
*/
- offset = offsetof(struct xregs_state, header);
- size = sizeof(header);
-
- __copy_xstate_to_kernel(kbuf, &header, offset, size, size_total);
+ copy_part(offsetof(struct xregs_state, header), sizeof(header),
+ &header, &kbuf, &offset_start, &count);
- for (i = 0; i < XFEATURE_MAX; i++) {
+ for (i = FIRST_EXTENDED_XFEATURE; i < XFEATURE_MAX; i++) {
/*
* Copy only in-use xstates:
*/
if ((header.xfeatures >> i) & 1) {
void *src = __raw_xsave_addr(xsave, i);
- offset = xstate_offsets[i];
- size = xstate_sizes[i];
-
- /* The next component has to fit fully into the output buffer: */
- if (offset + size > size_total)
- break;
-
- __copy_xstate_to_kernel(kbuf, src, offset, size, size_total);
+ copy_part(xstate_offsets[i], xstate_sizes[i],
+ src, &kbuf, &offset_start, &count);
}
}
-
- if (xfeatures_mxcsr_quirk(header.xfeatures)) {
- offset = offsetof(struct fxregs_state, mxcsr);
- size = MXCSR_AND_FLAGS_SIZE;
- __copy_xstate_to_kernel(kbuf, &xsave->i387.mxcsr, offset, size, size_total);
- }
-
- /*
- * Fill xsave->i387.sw_reserved value for ptrace frame:
- */
- offset = offsetof(struct fxregs_state, sw_reserved);
- size = sizeof(xstate_fx_sw_bytes);
-
- __copy_xstate_to_kernel(kbuf, xstate_fx_sw_bytes, offset, size, size_total);
+ fill_gap(size_total, &kbuf, &offset_start, &count);
return 0;
}
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 144/177] xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 143/177] copy_xstate_to_kernel(): dont leave parts of destination uninitialized Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 145/177] xfrm: do pskb_pull properly in __xfrm_transport_prep Greg Kroah-Hartman
` (33 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xin Long, Steffen Klassert
From: Xin Long <lucien.xin@gmail.com>
commit afcaf61be9d1dbdee5ec186d1dcc67b6b692180f upstream.
For beet mode, when it's ipv6 inner address with nexthdrs set,
the packet format might be:
----------------------------------------------------
| outer | | dest | | | ESP | ESP |
| IP hdr | ESP | opts.| TCP | Data | Trailer | ICV |
----------------------------------------------------
The nexthdr from ESP could be NEXTHDR_HOP(0), so it should
continue processing the packet when nexthdr returns 0 in
xfrm_input(). Otherwise, when ipv6 nexthdr is set, the
packet will be dropped.
I don't see any error cases that nexthdr may return 0. So
fix it by removing the check for nexthdr == 0.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/xfrm/xfrm_input.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -644,7 +644,7 @@ resume:
dev_put(skb->dev);
spin_lock(&x->lock);
- if (nexthdr <= 0) {
+ if (nexthdr < 0) {
if (nexthdr == -EBADMSG) {
xfrm_audit_state_icvfail(x, skb,
x->type->proto);
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 145/177] xfrm: do pskb_pull properly in __xfrm_transport_prep
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 144/177] xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 146/177] xfrm: remove the xfrm_state_put call becofe going to out_reset Greg Kroah-Hartman
` (32 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xin Long, Steffen Klassert
From: Xin Long <lucien.xin@gmail.com>
commit 06a0afcfe2f551ff755849ea2549b0d8409fd9a0 upstream.
For transport mode, when ipv6 nexthdr is set, the packet format might
be like:
----------------------------------------------------
| | dest | | | | ESP | ESP |
| IP6 hdr| opts.| ESP | TCP | Data | Trailer | ICV |
----------------------------------------------------
and in __xfrm_transport_prep():
pskb_pull(skb, skb->mac_len + sizeof(ip6hdr) + x->props.header_len);
it will pull the data pointer to the wrong position, as it missed the
nexthdrs/dest opts.
This patch is to fix it by using:
pskb_pull(skb, skb_transport_offset(skb) + x->props.header_len);
as we can be sure transport_header points to ESP header at that moment.
It also fixes a panic when packets with ipv6 nexthdr are sent over
esp6 transport mode:
[ 100.473845] kernel BUG at net/core/skbuff.c:4325!
[ 100.478517] RIP: 0010:__skb_to_sgvec+0x252/0x260
[ 100.494355] Call Trace:
[ 100.494829] skb_to_sgvec+0x11/0x40
[ 100.495492] esp6_output_tail+0x12e/0x550 [esp6]
[ 100.496358] esp6_xmit+0x1d5/0x260 [esp6_offload]
[ 100.498029] validate_xmit_xfrm+0x22f/0x2e0
[ 100.499604] __dev_queue_xmit+0x589/0x910
[ 100.502928] ip6_finish_output2+0x2a5/0x5a0
[ 100.503718] ip6_output+0x6c/0x120
[ 100.505198] xfrm_output_resume+0x4bf/0x530
[ 100.508683] xfrm6_output+0x3a/0xc0
[ 100.513446] inet6_csk_xmit+0xa1/0xf0
[ 100.517335] tcp_sendmsg+0x27/0x40
[ 100.517977] sock_sendmsg+0x3e/0x60
[ 100.518648] __sys_sendto+0xee/0x160
Fixes: c35fe4106b92 ("xfrm: Add mode handlers for IPsec on layer 2")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/xfrm/xfrm_device.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
--- a/net/xfrm/xfrm_device.c
+++ b/net/xfrm/xfrm_device.c
@@ -25,12 +25,10 @@ static void __xfrm_transport_prep(struct
struct xfrm_offload *xo = xfrm_offload(skb);
skb_reset_mac_len(skb);
- pskb_pull(skb, skb->mac_len + hsize + x->props.header_len);
-
- if (xo->flags & XFRM_GSO_SEGMENT) {
- skb_reset_transport_header(skb);
+ if (xo->flags & XFRM_GSO_SEGMENT)
skb->transport_header -= x->props.header_len;
- }
+
+ pskb_pull(skb, skb_transport_offset(skb) + x->props.header_len);
}
static void __xfrm_mode_tunnel_prep(struct xfrm_state *x, struct sk_buff *skb,
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 146/177] xfrm: remove the xfrm_state_put call becofe going to out_reset
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 145/177] xfrm: do pskb_pull properly in __xfrm_transport_prep Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 147/177] xfrm: espintcp: save and call old ->sk_destruct Greg Kroah-Hartman
` (31 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xin Long, Steffen Klassert
From: Xin Long <lucien.xin@gmail.com>
commit db87668ad1e4917cfe04e217307ba6ed9390716e upstream.
This xfrm_state_put call in esp4/6_gro_receive() will cause
double put for state, as in out_reset path secpath_reset()
will put all states set in skb sec_path.
So fix it by simply remove the xfrm_state_put call.
Fixes: 6ed69184ed9c ("xfrm: Reset secpath in xfrm failure")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/esp4_offload.c | 4 +---
net/ipv6/esp6_offload.c | 4 +---
2 files changed, 2 insertions(+), 6 deletions(-)
--- a/net/ipv4/esp4_offload.c
+++ b/net/ipv4/esp4_offload.c
@@ -63,10 +63,8 @@ static struct sk_buff *esp4_gro_receive(
sp->olen++;
xo = xfrm_offload(skb);
- if (!xo) {
- xfrm_state_put(x);
+ if (!xo)
goto out_reset;
- }
}
xo->flags |= XFRM_GRO;
--- a/net/ipv6/esp6_offload.c
+++ b/net/ipv6/esp6_offload.c
@@ -85,10 +85,8 @@ static struct sk_buff *esp6_gro_receive(
sp->olen++;
xo = xfrm_offload(skb);
- if (!xo) {
- xfrm_state_put(x);
+ if (!xo)
goto out_reset;
- }
}
xo->flags |= XFRM_GRO;
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 147/177] xfrm: espintcp: save and call old ->sk_destruct
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 146/177] xfrm: remove the xfrm_state_put call becofe going to out_reset Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 148/177] xfrm: call xfrm_output_gso when inner_protocol is set in xfrm_output Greg Kroah-Hartman
` (30 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sabrina Dubroca, Steffen Klassert
From: Sabrina Dubroca <sd@queasysnail.net>
commit 9f0cadc32d738f0f0c8e30be83be7087c7b85ee5 upstream.
When ESP encapsulation is enabled on a TCP socket, I'm replacing the
existing ->sk_destruct callback with espintcp_destruct. We still need to
call the old callback to perform the other cleanups when the socket is
destroyed. Save the old callback, and call it from espintcp_destruct.
Fixes: e27cca96cd68 ("xfrm: add espintcp (RFC 8229)")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/espintcp.h | 1 +
net/xfrm/espintcp.c | 2 ++
2 files changed, 3 insertions(+)
--- a/include/net/espintcp.h
+++ b/include/net/espintcp.h
@@ -25,6 +25,7 @@ struct espintcp_ctx {
struct espintcp_msg partial;
void (*saved_data_ready)(struct sock *sk);
void (*saved_write_space)(struct sock *sk);
+ void (*saved_destruct)(struct sock *sk);
struct work_struct work;
bool tx_running;
};
--- a/net/xfrm/espintcp.c
+++ b/net/xfrm/espintcp.c
@@ -379,6 +379,7 @@ static void espintcp_destruct(struct soc
{
struct espintcp_ctx *ctx = espintcp_getctx(sk);
+ ctx->saved_destruct(sk);
kfree(ctx);
}
@@ -419,6 +420,7 @@ static int espintcp_init_sk(struct sock
sk->sk_socket->ops = &espintcp_ops;
ctx->saved_data_ready = sk->sk_data_ready;
ctx->saved_write_space = sk->sk_write_space;
+ ctx->saved_destruct = sk->sk_destruct;
sk->sk_data_ready = espintcp_data_ready;
sk->sk_write_space = espintcp_write_space;
sk->sk_destruct = espintcp_destruct;
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 148/177] xfrm: call xfrm_output_gso when inner_protocol is set in xfrm_output
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 147/177] xfrm: espintcp: save and call old ->sk_destruct Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 149/177] xfrm interface: fix oops when deleting a x-netns interface Greg Kroah-Hartman
` (29 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiumei Mu, Xin Long, Steffen Klassert
From: Xin Long <lucien.xin@gmail.com>
commit a204aef9fd77dce1efd9066ca4e44eede99cd858 upstream.
An use-after-free crash can be triggered when sending big packets over
vxlan over esp with esp offload enabled:
[] BUG: KASAN: use-after-free in ipv6_gso_pull_exthdrs.part.8+0x32c/0x4e0
[] Call Trace:
[] dump_stack+0x75/0xa0
[] kasan_report+0x37/0x50
[] ipv6_gso_pull_exthdrs.part.8+0x32c/0x4e0
[] ipv6_gso_segment+0x2c8/0x13c0
[] skb_mac_gso_segment+0x1cb/0x420
[] skb_udp_tunnel_segment+0x6b5/0x1c90
[] inet_gso_segment+0x440/0x1380
[] skb_mac_gso_segment+0x1cb/0x420
[] esp4_gso_segment+0xae8/0x1709 [esp4_offload]
[] inet_gso_segment+0x440/0x1380
[] skb_mac_gso_segment+0x1cb/0x420
[] __skb_gso_segment+0x2d7/0x5f0
[] validate_xmit_skb+0x527/0xb10
[] __dev_queue_xmit+0x10f8/0x2320 <---
[] ip_finish_output2+0xa2e/0x1b50
[] ip_output+0x1a8/0x2f0
[] xfrm_output_resume+0x110e/0x15f0
[] __xfrm4_output+0xe1/0x1b0
[] xfrm4_output+0xa0/0x200
[] iptunnel_xmit+0x5a7/0x920
[] vxlan_xmit_one+0x1658/0x37a0 [vxlan]
[] vxlan_xmit+0x5e4/0x3ec8 [vxlan]
[] dev_hard_start_xmit+0x125/0x540
[] __dev_queue_xmit+0x17bd/0x2320 <---
[] ip6_finish_output2+0xb20/0x1b80
[] ip6_output+0x1b3/0x390
[] ip6_xmit+0xb82/0x17e0
[] inet6_csk_xmit+0x225/0x3d0
[] __tcp_transmit_skb+0x1763/0x3520
[] tcp_write_xmit+0xd64/0x5fe0
[] __tcp_push_pending_frames+0x8c/0x320
[] tcp_sendmsg_locked+0x2245/0x3500
[] tcp_sendmsg+0x27/0x40
As on the tx path of vxlan over esp, skb->inner_network_header would be
set on vxlan_xmit() and xfrm4_tunnel_encap_add(), and the later one can
overwrite the former one. It causes skb_udp_tunnel_segment() to use a
wrong skb->inner_network_header, then the issue occurs.
This patch is to fix it by calling xfrm_output_gso() instead when the
inner_protocol is set, in which gso_segment of inner_protocol will be
done first.
While at it, also improve some code around.
Fixes: 7862b4058b9f ("esp: Add gso handlers for esp4 and esp6")
Reported-by: Xiumei Mu <xmu@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/xfrm/xfrm_output.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -583,18 +583,20 @@ int xfrm_output(struct sock *sk, struct
xfrm_state_hold(x);
if (skb_is_gso(skb)) {
- skb_shinfo(skb)->gso_type |= SKB_GSO_ESP;
+ if (skb->inner_protocol)
+ return xfrm_output_gso(net, sk, skb);
- return xfrm_output2(net, sk, skb);
+ skb_shinfo(skb)->gso_type |= SKB_GSO_ESP;
+ goto out;
}
if (x->xso.dev && x->xso.dev->features & NETIF_F_HW_ESP_TX_CSUM)
goto out;
+ } else {
+ if (skb_is_gso(skb))
+ return xfrm_output_gso(net, sk, skb);
}
- if (skb_is_gso(skb))
- return xfrm_output_gso(net, sk, skb);
-
if (skb->ip_summed == CHECKSUM_PARTIAL) {
err = skb_checksum_help(skb);
if (err) {
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 149/177] xfrm interface: fix oops when deleting a x-netns interface
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 148/177] xfrm: call xfrm_output_gso when inner_protocol is set in xfrm_output Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 150/177] xfrm: fix a warning in xfrm_policy_insert_list Greg Kroah-Hartman
` (28 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe Gouault, Nicolas Dichtel,
Steffen Klassert
From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
commit c95c5f58b35ef995f66cb55547eee6093ab5fcb8 upstream.
Here is the steps to reproduce the problem:
ip netns add foo
ip netns add bar
ip -n foo link add xfrmi0 type xfrm dev lo if_id 42
ip -n foo link set xfrmi0 netns bar
ip netns del foo
ip netns del bar
Which results to:
[ 186.686395] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6bd3: 0000 [#1] SMP PTI
[ 186.687665] CPU: 7 PID: 232 Comm: kworker/u16:2 Not tainted 5.6.0+ #1
[ 186.688430] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 186.689420] Workqueue: netns cleanup_net
[ 186.689903] RIP: 0010:xfrmi_dev_uninit+0x1b/0x4b [xfrm_interface]
[ 186.690657] Code: 44 f6 ff ff 31 c0 5b 5d 41 5c 41 5d 41 5e c3 48 8d 8f c0 08 00 00 8b 05 ce 14 00 00 48 8b 97 d0 08 00 00 48 8b 92 c0 0e 00 00 <48> 8b 14 c2 48 8b 02 48 85 c0 74 19 48 39 c1 75 0c 48 8b 87 c0 08
[ 186.692838] RSP: 0018:ffffc900003b7d68 EFLAGS: 00010286
[ 186.693435] RAX: 000000000000000d RBX: ffff8881b0f31000 RCX: ffff8881b0f318c0
[ 186.694334] RDX: 6b6b6b6b6b6b6b6b RSI: 0000000000000246 RDI: ffff8881b0f31000
[ 186.695190] RBP: ffffc900003b7df0 R08: ffff888236c07740 R09: 0000000000000040
[ 186.696024] R10: ffffffff81fce1b8 R11: 0000000000000002 R12: ffffc900003b7d80
[ 186.696859] R13: ffff8881edcc6a40 R14: ffff8881a1b6e780 R15: ffffffff81ed47c8
[ 186.697738] FS: 0000000000000000(0000) GS:ffff888237dc0000(0000) knlGS:0000000000000000
[ 186.698705] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 186.699408] CR2: 00007f2129e93148 CR3: 0000000001e0a000 CR4: 00000000000006e0
[ 186.700221] Call Trace:
[ 186.700508] rollback_registered_many+0x32b/0x3fd
[ 186.701058] ? __rtnl_unlock+0x20/0x3d
[ 186.701494] ? arch_local_irq_save+0x11/0x17
[ 186.702012] unregister_netdevice_many+0x12/0x55
[ 186.702594] default_device_exit_batch+0x12b/0x150
[ 186.703160] ? prepare_to_wait_exclusive+0x60/0x60
[ 186.703719] cleanup_net+0x17d/0x234
[ 186.704138] process_one_work+0x196/0x2e8
[ 186.704652] worker_thread+0x1a4/0x249
[ 186.705087] ? cancel_delayed_work+0x92/0x92
[ 186.705620] kthread+0x105/0x10f
[ 186.706000] ? __kthread_bind_mask+0x57/0x57
[ 186.706501] ret_from_fork+0x35/0x40
[ 186.706978] Modules linked in: xfrm_interface nfsv3 nfs_acl auth_rpcgss nfsv4 nfs lockd grace fscache sunrpc button parport_pc parport serio_raw evdev pcspkr loop ext4 crc16 mbcache jbd2 crc32c_generic 8139too ide_cd_mod cdrom ide_gd_mod ata_generic ata_piix libata scsi_mod piix psmouse i2c_piix4 ide_core 8139cp i2c_core mii floppy
[ 186.710423] ---[ end trace 463bba18105537e5 ]---
The problem is that x-netns xfrm interface are not removed when the link
netns is removed. This causes later this oops when thoses interfaces are
removed.
Let's add a handler to remove all interfaces related to a netns when this
netns is removed.
Fixes: f203b76d7809 ("xfrm: Add virtual xfrm interfaces")
Reported-by: Christophe Gouault <christophe.gouault@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/xfrm/xfrm_interface.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
--- a/net/xfrm/xfrm_interface.c
+++ b/net/xfrm/xfrm_interface.c
@@ -750,7 +750,28 @@ static struct rtnl_link_ops xfrmi_link_o
.get_link_net = xfrmi_get_link_net,
};
+static void __net_exit xfrmi_exit_batch_net(struct list_head *net_exit_list)
+{
+ struct net *net;
+ LIST_HEAD(list);
+
+ rtnl_lock();
+ list_for_each_entry(net, net_exit_list, exit_list) {
+ struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
+ struct xfrm_if __rcu **xip;
+ struct xfrm_if *xi;
+
+ for (xip = &xfrmn->xfrmi[0];
+ (xi = rtnl_dereference(*xip)) != NULL;
+ xip = &xi->next)
+ unregister_netdevice_queue(xi->dev, &list);
+ }
+ unregister_netdevice_many(&list);
+ rtnl_unlock();
+}
+
static struct pernet_operations xfrmi_net_ops = {
+ .exit_batch = xfrmi_exit_batch_net,
.id = &xfrmi_net_id,
.size = sizeof(struct xfrmi_net),
};
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 150/177] xfrm: fix a warning in xfrm_policy_insert_list
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 149/177] xfrm interface: fix oops when deleting a x-netns interface Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 151/177] xfrm: fix a NULL-ptr deref in xfrm_local_error Greg Kroah-Hartman
` (27 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiumei Mu, Xin Long, Steffen Klassert
From: Xin Long <lucien.xin@gmail.com>
commit ed17b8d377eaf6b4a01d46942b4c647378a79bdd upstream.
This waring can be triggered simply by:
# ip xfrm policy update src 192.168.1.1/24 dst 192.168.1.2/24 dir in \
priority 1 mark 0 mask 0x10 #[1]
# ip xfrm policy update src 192.168.1.1/24 dst 192.168.1.2/24 dir in \
priority 2 mark 0 mask 0x1 #[2]
# ip xfrm policy update src 192.168.1.1/24 dst 192.168.1.2/24 dir in \
priority 2 mark 0 mask 0x10 #[3]
Then dmesg shows:
[ ] WARNING: CPU: 1 PID: 7265 at net/xfrm/xfrm_policy.c:1548
[ ] RIP: 0010:xfrm_policy_insert_list+0x2f2/0x1030
[ ] Call Trace:
[ ] xfrm_policy_inexact_insert+0x85/0xe50
[ ] xfrm_policy_insert+0x4ba/0x680
[ ] xfrm_add_policy+0x246/0x4d0
[ ] xfrm_user_rcv_msg+0x331/0x5c0
[ ] netlink_rcv_skb+0x121/0x350
[ ] xfrm_netlink_rcv+0x66/0x80
[ ] netlink_unicast+0x439/0x630
[ ] netlink_sendmsg+0x714/0xbf0
[ ] sock_sendmsg+0xe2/0x110
The issue was introduced by Commit 7cb8a93968e3 ("xfrm: Allow inserting
policies with matching mark and different priorities"). After that, the
policies [1] and [2] would be able to be added with different priorities.
However, policy [3] will actually match both [1] and [2]. Policy [1]
was matched due to the 1st 'return true' in xfrm_policy_mark_match(),
and policy [2] was matched due to the 2nd 'return true' in there. It
caused WARN_ON() in xfrm_policy_insert_list().
This patch is to fix it by only (the same value and priority) as the
same policy in xfrm_policy_mark_match().
Thanks to Yuehaibing, we could make this fix better.
v1->v2:
- check policy->mark.v == pol->mark.v only without mask.
Fixes: 7cb8a93968e3 ("xfrm: Allow inserting policies with matching mark and different priorities")
Reported-by: Xiumei Mu <xmu@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/xfrm/xfrm_policy.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1436,12 +1436,7 @@ static void xfrm_policy_requeue(struct x
static bool xfrm_policy_mark_match(struct xfrm_policy *policy,
struct xfrm_policy *pol)
{
- u32 mark = policy->mark.v & policy->mark.m;
-
- if (policy->mark.v == pol->mark.v && policy->mark.m == pol->mark.m)
- return true;
-
- if ((mark & pol->mark.m) == pol->mark.v &&
+ if (policy->mark.v == pol->mark.v &&
policy->priority == pol->priority)
return true;
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 151/177] xfrm: fix a NULL-ptr deref in xfrm_local_error
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 150/177] xfrm: fix a warning in xfrm_policy_insert_list Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 152/177] xfrm: fix error in comment Greg Kroah-Hartman
` (26 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiumei Mu, Xin Long, Steffen Klassert
From: Xin Long <lucien.xin@gmail.com>
commit f6a23d85d078c2ffde79c66ca81d0a1dde451649 upstream.
This patch is to fix a crash:
[ ] kasan: GPF could be caused by NULL-ptr deref or user memory access
[ ] general protection fault: 0000 [#1] SMP KASAN PTI
[ ] RIP: 0010:ipv6_local_error+0xac/0x7a0
[ ] Call Trace:
[ ] xfrm6_local_error+0x1eb/0x300
[ ] xfrm_local_error+0x95/0x130
[ ] __xfrm6_output+0x65f/0xb50
[ ] xfrm6_output+0x106/0x46f
[ ] udp_tunnel6_xmit_skb+0x618/0xbf0 [ip6_udp_tunnel]
[ ] vxlan_xmit_one+0xbc6/0x2c60 [vxlan]
[ ] vxlan_xmit+0x6a0/0x4276 [vxlan]
[ ] dev_hard_start_xmit+0x165/0x820
[ ] __dev_queue_xmit+0x1ff0/0x2b90
[ ] ip_finish_output2+0xd3e/0x1480
[ ] ip_do_fragment+0x182d/0x2210
[ ] ip_output+0x1d0/0x510
[ ] ip_send_skb+0x37/0xa0
[ ] raw_sendmsg+0x1b4c/0x2b80
[ ] sock_sendmsg+0xc0/0x110
This occurred when sending a v4 skb over vxlan6 over ipsec, in which case
skb->protocol == htons(ETH_P_IPV6) while skb->sk->sk_family == AF_INET in
xfrm_local_error(). Then it will go to xfrm6_local_error() where it tries
to get ipv6 info from a ipv4 sk.
This issue was actually fixed by Commit 628e341f319f ("xfrm: make local
error reporting more robust"), but brought back by Commit 844d48746e4b
("xfrm: choose protocol family by skb protocol").
So to fix it, we should call xfrm6_local_error() only when skb->protocol
is htons(ETH_P_IPV6) and skb->sk->sk_family is AF_INET6.
Fixes: 844d48746e4b ("xfrm: choose protocol family by skb protocol")
Reported-by: Xiumei Mu <xmu@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/xfrm/xfrm_output.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -642,7 +642,8 @@ void xfrm_local_error(struct sk_buff *sk
if (skb->protocol == htons(ETH_P_IP))
proto = AF_INET;
- else if (skb->protocol == htons(ETH_P_IPV6))
+ else if (skb->protocol == htons(ETH_P_IPV6) &&
+ skb->sk->sk_family == AF_INET6)
proto = AF_INET6;
else
return;
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 152/177] xfrm: fix error in comment
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 151/177] xfrm: fix a NULL-ptr deref in xfrm_local_error Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 153/177] ip_vti: receive ipip packet by calling ip_tunnel_rcv Greg Kroah-Hartman
` (25 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Antony Antony, Steffen Klassert
From: Antony Antony <antony@phenome.org>
commit 29e4276667e24ee6b91d9f91064d8fda9a210ea1 upstream.
s/xfrm_state_offload/xfrm_user_offload/
Fixes: d77e38e612a ("xfrm: Add an IPsec hardware offloading API")
Signed-off-by: Antony Antony <antony@phenome.org>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/uapi/linux/xfrm.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/include/uapi/linux/xfrm.h
+++ b/include/uapi/linux/xfrm.h
@@ -304,7 +304,7 @@ enum xfrm_attr_type_t {
XFRMA_PROTO, /* __u8 */
XFRMA_ADDRESS_FILTER, /* struct xfrm_address_filter */
XFRMA_PAD,
- XFRMA_OFFLOAD_DEV, /* struct xfrm_state_offload */
+ XFRMA_OFFLOAD_DEV, /* struct xfrm_user_offload */
XFRMA_SET_MARK, /* __u32 */
XFRMA_SET_MARK_MASK, /* __u32 */
XFRMA_IF_ID, /* __u32 */
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 153/177] ip_vti: receive ipip packet by calling ip_tunnel_rcv
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 152/177] xfrm: fix error in comment Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 154/177] netfilter: nft_reject_bridge: enable reject with bridge vlan Greg Kroah-Hartman
` (24 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiumei Mu, Xin Long, Steffen Klassert
From: Xin Long <lucien.xin@gmail.com>
commit 976eba8ab596bab94b9714cd46d38d5c6a2c660d upstream.
In Commit dd9ee3444014 ("vti4: Fix a ipip packet processing bug in
'IPCOMP' virtual tunnel"), it tries to receive IPIP packets in vti
by calling xfrm_input(). This case happens when a small packet or
frag sent by peer is too small to get compressed.
However, xfrm_input() will still get to the IPCOMP path where skb
sec_path is set, but never dropped while it should have been done
in vti_ipcomp4_protocol.cb_handler(vti_rcv_cb), as it's not an
ipcomp4 packet. This will cause that the packet can never pass
xfrm4_policy_check() in the upper protocol rcv functions.
So this patch is to call ip_tunnel_rcv() to process IPIP packets
instead.
Fixes: dd9ee3444014 ("vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel")
Reported-by: Xiumei Mu <xmu@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/ip_vti.c | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
--- a/net/ipv4/ip_vti.c
+++ b/net/ipv4/ip_vti.c
@@ -93,7 +93,28 @@ static int vti_rcv_proto(struct sk_buff
static int vti_rcv_tunnel(struct sk_buff *skb)
{
- return vti_rcv(skb, ip_hdr(skb)->saddr, true);
+ struct ip_tunnel_net *itn = net_generic(dev_net(skb->dev), vti_net_id);
+ const struct iphdr *iph = ip_hdr(skb);
+ struct ip_tunnel *tunnel;
+
+ tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
+ iph->saddr, iph->daddr, 0);
+ if (tunnel) {
+ struct tnl_ptk_info tpi = {
+ .proto = htons(ETH_P_IP),
+ };
+
+ if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
+ goto drop;
+ if (iptunnel_pull_header(skb, 0, tpi.proto, false))
+ goto drop;
+ return ip_tunnel_rcv(tunnel, skb, &tpi, NULL, false);
+ }
+
+ return -EINVAL;
+drop:
+ kfree_skb(skb);
+ return 0;
}
static int vti_rcv_cb(struct sk_buff *skb, int err)
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 154/177] netfilter: nft_reject_bridge: enable reject with bridge vlan
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (152 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 153/177] ip_vti: receive ipip packet by calling ip_tunnel_rcv Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 155/177] netfilter: ipset: Fix subcounter update skip Greg Kroah-Hartman
` (23 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michael Braun, Pablo Neira Ayuso
From: Michael Braun <michael-dev@fami-braun.de>
commit e9c284ec4b41c827f4369973d2792992849e4fa5 upstream.
Currently, using the bridge reject target with tagged packets
results in untagged packets being sent back.
Fix this by mirroring the vlan id as well.
Fixes: 85f5b3086a04 ("netfilter: bridge: add reject support")
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/bridge/netfilter/nft_reject_bridge.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/net/bridge/netfilter/nft_reject_bridge.c
+++ b/net/bridge/netfilter/nft_reject_bridge.c
@@ -31,6 +31,12 @@ static void nft_reject_br_push_etherhdr(
ether_addr_copy(eth->h_dest, eth_hdr(oldskb)->h_source);
eth->h_proto = eth_hdr(oldskb)->h_proto;
skb_pull(nskb, ETH_HLEN);
+
+ if (skb_vlan_tag_present(oldskb)) {
+ u16 vid = skb_vlan_tag_get(oldskb);
+
+ __vlan_hwaccel_put_tag(nskb, oldskb->vlan_proto, vid);
+ }
}
static int nft_bridge_iphdr_validate(struct sk_buff *skb)
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 155/177] netfilter: ipset: Fix subcounter update skip
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 154/177] netfilter: nft_reject_bridge: enable reject with bridge vlan Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 156/177] netfilter: conntrack: make conntrack userspace helpers work again Greg Kroah-Hartman
` (22 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Phil Sutter, Pablo Neira Ayuso
From: Phil Sutter <phil@nwl.cc>
commit a164b95ad6055c50612795882f35e0efda1f1390 upstream.
If IPSET_FLAG_SKIP_SUBCOUNTER_UPDATE is set, user requested to not
update counters in sub sets. Therefore IPSET_FLAG_SKIP_COUNTER_UPDATE
must be set, not unset.
Fixes: 6e01781d1c80e ("netfilter: ipset: set match: add support to match the counters")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/ipset/ip_set_list_set.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/netfilter/ipset/ip_set_list_set.c
+++ b/net/netfilter/ipset/ip_set_list_set.c
@@ -59,7 +59,7 @@ list_set_ktest(struct ip_set *set, const
/* Don't lookup sub-counters at all */
opt->cmdflags &= ~IPSET_FLAG_MATCH_COUNTERS;
if (opt->cmdflags & IPSET_FLAG_SKIP_SUBCOUNTER_UPDATE)
- opt->cmdflags &= ~IPSET_FLAG_SKIP_COUNTER_UPDATE;
+ opt->cmdflags |= IPSET_FLAG_SKIP_COUNTER_UPDATE;
list_for_each_entry_rcu(e, &map->members, list) {
ret = ip_set_test(e->id, skb, par, opt);
if (ret <= 0)
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 156/177] netfilter: conntrack: make conntrack userspace helpers work again
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 155/177] netfilter: ipset: Fix subcounter update skip Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 157/177] netfilter: nfnetlink_cthelper: unbreak userspace helper support Greg Kroah-Hartman
` (21 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Florian Westphal, Pablo Neira Ayuso
From: Pablo Neira Ayuso <pablo@netfilter.org>
commit ee04805ff54a63ffd90bc6749ebfe73473734ddb upstream.
Florian Westphal says:
"Problem is that after the helper hook was merged back into the confirm
one, the queueing itself occurs from the confirm hook, i.e. we queue
from the last netfilter callback in the hook-list.
Therefore, on return, the packet bypasses the confirm action and the
connection is never committed to the main conntrack table.
To fix this there are several ways:
1. revert the 'Fixes' commit and have a extra helper hook again.
Works, but has the drawback of adding another indirect call for
everyone.
2. Special case this: split the hooks only when userspace helper
gets added, so queueing occurs at a lower priority again,
and normal enqueue reinject would eventually call the last hook.
3. Extend the existing nf_queue ct update hook to allow a forced
confirmation (plus run the seqadj code).
This goes for 3)."
Fixes: 827318feb69cb ("netfilter: conntrack: remove helper hook again")
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_conntrack_core.c | 78 +++++++++++++++++++++++++++++++++++---
1 file changed, 72 insertions(+), 6 deletions(-)
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -2014,22 +2014,18 @@ static void nf_conntrack_attach(struct s
nf_conntrack_get(skb_nfct(nskb));
}
-static int nf_conntrack_update(struct net *net, struct sk_buff *skb)
+static int __nf_conntrack_update(struct net *net, struct sk_buff *skb,
+ struct nf_conn *ct)
{
struct nf_conntrack_tuple_hash *h;
struct nf_conntrack_tuple tuple;
enum ip_conntrack_info ctinfo;
struct nf_nat_hook *nat_hook;
unsigned int status;
- struct nf_conn *ct;
int dataoff;
u16 l3num;
u8 l4num;
- ct = nf_ct_get(skb, &ctinfo);
- if (!ct || nf_ct_is_confirmed(ct))
- return 0;
-
l3num = nf_ct_l3num(ct);
dataoff = get_l4proto(skb, skb_network_offset(skb), l3num, &l4num);
@@ -2086,6 +2082,76 @@ static int nf_conntrack_update(struct ne
return 0;
}
+/* This packet is coming from userspace via nf_queue, complete the packet
+ * processing after the helper invocation in nf_confirm().
+ */
+static int nf_confirm_cthelper(struct sk_buff *skb, struct nf_conn *ct,
+ enum ip_conntrack_info ctinfo)
+{
+ const struct nf_conntrack_helper *helper;
+ const struct nf_conn_help *help;
+ unsigned int protoff;
+
+ help = nfct_help(ct);
+ if (!help)
+ return 0;
+
+ helper = rcu_dereference(help->helper);
+ if (!(helper->flags & NF_CT_HELPER_F_USERSPACE))
+ return 0;
+
+ switch (nf_ct_l3num(ct)) {
+ case NFPROTO_IPV4:
+ protoff = skb_network_offset(skb) + ip_hdrlen(skb);
+ break;
+#if IS_ENABLED(CONFIG_IPV6)
+ case NFPROTO_IPV6: {
+ __be16 frag_off;
+ u8 pnum;
+
+ pnum = ipv6_hdr(skb)->nexthdr;
+ protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &pnum,
+ &frag_off);
+ if (protoff < 0 || (frag_off & htons(~0x7)) != 0)
+ return 0;
+ break;
+ }
+#endif
+ default:
+ return 0;
+ }
+
+ if (test_bit(IPS_SEQ_ADJUST_BIT, &ct->status) &&
+ !nf_is_loopback_packet(skb)) {
+ if (!nf_ct_seq_adjust(skb, ct, ctinfo, protoff)) {
+ NF_CT_STAT_INC_ATOMIC(nf_ct_net(ct), drop);
+ return -1;
+ }
+ }
+
+ /* We've seen it coming out the other side: confirm it */
+ return nf_conntrack_confirm(skb) == NF_DROP ? - 1 : 0;
+}
+
+static int nf_conntrack_update(struct net *net, struct sk_buff *skb)
+{
+ enum ip_conntrack_info ctinfo;
+ struct nf_conn *ct;
+ int err;
+
+ ct = nf_ct_get(skb, &ctinfo);
+ if (!ct)
+ return 0;
+
+ if (!nf_ct_is_confirmed(ct)) {
+ err = __nf_conntrack_update(net, skb, ct);
+ if (err < 0)
+ return err;
+ }
+
+ return nf_confirm_cthelper(skb, ct, ctinfo);
+}
+
static bool nf_conntrack_get_tuple_skb(struct nf_conntrack_tuple *dst_tuple,
const struct sk_buff *skb)
{
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 157/177] netfilter: nfnetlink_cthelper: unbreak userspace helper support
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 156/177] netfilter: conntrack: make conntrack userspace helpers work again Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 158/177] netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code Greg Kroah-Hartman
` (20 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Florian Westphal, Pablo Neira Ayuso
From: Pablo Neira Ayuso <pablo@netfilter.org>
commit 703acd70f2496537457186211c2f03e792409e68 upstream.
Restore helper data size initialization and fix memcopy of the helper
data size.
Fixes: 157ffffeb5dc ("netfilter: nfnetlink_cthelper: reject too large userspace allocation requests")
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nfnetlink_cthelper.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/netfilter/nfnetlink_cthelper.c
+++ b/net/netfilter/nfnetlink_cthelper.c
@@ -103,7 +103,7 @@ nfnl_cthelper_from_nlattr(struct nlattr
if (help->helper->data_len == 0)
return -EINVAL;
- nla_memcpy(help->data, nla_data(attr), sizeof(help->data));
+ nla_memcpy(help->data, attr, sizeof(help->data));
return 0;
}
@@ -240,6 +240,7 @@ nfnl_cthelper_create(const struct nlattr
ret = -ENOMEM;
goto err2;
}
+ helper->data_len = size;
helper->flags |= NF_CT_HELPER_F_USERSPACE;
memcpy(&helper->tuple, tuple, sizeof(struct nf_conntrack_tuple));
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 158/177] netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 157/177] netfilter: nfnetlink_cthelper: unbreak userspace helper support Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 159/177] esp6: get the right proto for transport mode in esp6_gso_encap Greg Kroah-Hartman
` (19 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Pablo Neira Ayuso
From: Pablo Neira Ayuso <pablo@netfilter.org>
commit 4c559f15efcc43b996f4da528cd7f9483aaca36d upstream.
Dan Carpenter says: "Smatch complains that the value for "cmd" comes
from the network and can't be trusted."
Add pptp_msg_name() helper function that checks for the array boundary.
Fixes: f09943fefe6b ("[NETFILTER]: nf_conntrack/nf_nat: add PPTP helper port")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/netfilter/nf_conntrack_pptp.h | 2
net/ipv4/netfilter/nf_nat_pptp.c | 7 ---
net/netfilter/nf_conntrack_pptp.c | 62 +++++++++++++++-------------
3 files changed, 38 insertions(+), 33 deletions(-)
--- a/include/linux/netfilter/nf_conntrack_pptp.h
+++ b/include/linux/netfilter/nf_conntrack_pptp.h
@@ -10,7 +10,7 @@
#include <net/netfilter/nf_conntrack_expect.h>
#include <uapi/linux/netfilter/nf_conntrack_tuple_common.h>
-extern const char *const pptp_msg_name[];
+extern const char *const pptp_msg_name(u_int16_t msg);
/* state of the control session */
enum pptp_ctrlsess_state {
--- a/net/ipv4/netfilter/nf_nat_pptp.c
+++ b/net/ipv4/netfilter/nf_nat_pptp.c
@@ -166,8 +166,7 @@ pptp_outbound_pkt(struct sk_buff *skb,
break;
default:
pr_debug("unknown outbound packet 0x%04x:%s\n", msg,
- msg <= PPTP_MSG_MAX ? pptp_msg_name[msg] :
- pptp_msg_name[0]);
+ pptp_msg_name(msg));
/* fall through */
case PPTP_SET_LINK_INFO:
/* only need to NAT in case PAC is behind NAT box */
@@ -268,9 +267,7 @@ pptp_inbound_pkt(struct sk_buff *skb,
pcid_off = offsetof(union pptp_ctrl_union, setlink.peersCallID);
break;
default:
- pr_debug("unknown inbound packet %s\n",
- msg <= PPTP_MSG_MAX ? pptp_msg_name[msg] :
- pptp_msg_name[0]);
+ pr_debug("unknown inbound packet %s\n", pptp_msg_name(msg));
/* fall through */
case PPTP_START_SESSION_REQUEST:
case PPTP_START_SESSION_REPLY:
--- a/net/netfilter/nf_conntrack_pptp.c
+++ b/net/netfilter/nf_conntrack_pptp.c
@@ -72,24 +72,32 @@ EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_expec
#if defined(DEBUG) || defined(CONFIG_DYNAMIC_DEBUG)
/* PptpControlMessageType names */
-const char *const pptp_msg_name[] = {
- "UNKNOWN_MESSAGE",
- "START_SESSION_REQUEST",
- "START_SESSION_REPLY",
- "STOP_SESSION_REQUEST",
- "STOP_SESSION_REPLY",
- "ECHO_REQUEST",
- "ECHO_REPLY",
- "OUT_CALL_REQUEST",
- "OUT_CALL_REPLY",
- "IN_CALL_REQUEST",
- "IN_CALL_REPLY",
- "IN_CALL_CONNECT",
- "CALL_CLEAR_REQUEST",
- "CALL_DISCONNECT_NOTIFY",
- "WAN_ERROR_NOTIFY",
- "SET_LINK_INFO"
+static const char *const pptp_msg_name_array[PPTP_MSG_MAX + 1] = {
+ [0] = "UNKNOWN_MESSAGE",
+ [PPTP_START_SESSION_REQUEST] = "START_SESSION_REQUEST",
+ [PPTP_START_SESSION_REPLY] = "START_SESSION_REPLY",
+ [PPTP_STOP_SESSION_REQUEST] = "STOP_SESSION_REQUEST",
+ [PPTP_STOP_SESSION_REPLY] = "STOP_SESSION_REPLY",
+ [PPTP_ECHO_REQUEST] = "ECHO_REQUEST",
+ [PPTP_ECHO_REPLY] = "ECHO_REPLY",
+ [PPTP_OUT_CALL_REQUEST] = "OUT_CALL_REQUEST",
+ [PPTP_OUT_CALL_REPLY] = "OUT_CALL_REPLY",
+ [PPTP_IN_CALL_REQUEST] = "IN_CALL_REQUEST",
+ [PPTP_IN_CALL_REPLY] = "IN_CALL_REPLY",
+ [PPTP_IN_CALL_CONNECT] = "IN_CALL_CONNECT",
+ [PPTP_CALL_CLEAR_REQUEST] = "CALL_CLEAR_REQUEST",
+ [PPTP_CALL_DISCONNECT_NOTIFY] = "CALL_DISCONNECT_NOTIFY",
+ [PPTP_WAN_ERROR_NOTIFY] = "WAN_ERROR_NOTIFY",
+ [PPTP_SET_LINK_INFO] = "SET_LINK_INFO"
};
+
+const char *const pptp_msg_name(u_int16_t msg)
+{
+ if (msg > PPTP_MSG_MAX)
+ return pptp_msg_name_array[0];
+
+ return pptp_msg_name_array[msg];
+}
EXPORT_SYMBOL(pptp_msg_name);
#endif
@@ -276,7 +284,7 @@ pptp_inbound_pkt(struct sk_buff *skb, un
typeof(nf_nat_pptp_hook_inbound) nf_nat_pptp_inbound;
msg = ntohs(ctlh->messageType);
- pr_debug("inbound control message %s\n", pptp_msg_name[msg]);
+ pr_debug("inbound control message %s\n", pptp_msg_name(msg));
switch (msg) {
case PPTP_START_SESSION_REPLY:
@@ -311,7 +319,7 @@ pptp_inbound_pkt(struct sk_buff *skb, un
pcid = pptpReq->ocack.peersCallID;
if (info->pns_call_id != pcid)
goto invalid;
- pr_debug("%s, CID=%X, PCID=%X\n", pptp_msg_name[msg],
+ pr_debug("%s, CID=%X, PCID=%X\n", pptp_msg_name(msg),
ntohs(cid), ntohs(pcid));
if (pptpReq->ocack.resultCode == PPTP_OUTCALL_CONNECT) {
@@ -328,7 +336,7 @@ pptp_inbound_pkt(struct sk_buff *skb, un
goto invalid;
cid = pptpReq->icreq.callID;
- pr_debug("%s, CID=%X\n", pptp_msg_name[msg], ntohs(cid));
+ pr_debug("%s, CID=%X\n", pptp_msg_name(msg), ntohs(cid));
info->cstate = PPTP_CALL_IN_REQ;
info->pac_call_id = cid;
break;
@@ -347,7 +355,7 @@ pptp_inbound_pkt(struct sk_buff *skb, un
if (info->pns_call_id != pcid)
goto invalid;
- pr_debug("%s, PCID=%X\n", pptp_msg_name[msg], ntohs(pcid));
+ pr_debug("%s, PCID=%X\n", pptp_msg_name(msg), ntohs(pcid));
info->cstate = PPTP_CALL_IN_CONF;
/* we expect a GRE connection from PAC to PNS */
@@ -357,7 +365,7 @@ pptp_inbound_pkt(struct sk_buff *skb, un
case PPTP_CALL_DISCONNECT_NOTIFY:
/* server confirms disconnect */
cid = pptpReq->disc.callID;
- pr_debug("%s, CID=%X\n", pptp_msg_name[msg], ntohs(cid));
+ pr_debug("%s, CID=%X\n", pptp_msg_name(msg), ntohs(cid));
info->cstate = PPTP_CALL_NONE;
/* untrack this call id, unexpect GRE packets */
@@ -384,7 +392,7 @@ pptp_inbound_pkt(struct sk_buff *skb, un
invalid:
pr_debug("invalid %s: type=%d cid=%u pcid=%u "
"cstate=%d sstate=%d pns_cid=%u pac_cid=%u\n",
- msg <= PPTP_MSG_MAX ? pptp_msg_name[msg] : pptp_msg_name[0],
+ pptp_msg_name(msg),
msg, ntohs(cid), ntohs(pcid), info->cstate, info->sstate,
ntohs(info->pns_call_id), ntohs(info->pac_call_id));
return NF_ACCEPT;
@@ -404,7 +412,7 @@ pptp_outbound_pkt(struct sk_buff *skb, u
typeof(nf_nat_pptp_hook_outbound) nf_nat_pptp_outbound;
msg = ntohs(ctlh->messageType);
- pr_debug("outbound control message %s\n", pptp_msg_name[msg]);
+ pr_debug("outbound control message %s\n", pptp_msg_name(msg));
switch (msg) {
case PPTP_START_SESSION_REQUEST:
@@ -426,7 +434,7 @@ pptp_outbound_pkt(struct sk_buff *skb, u
info->cstate = PPTP_CALL_OUT_REQ;
/* track PNS call id */
cid = pptpReq->ocreq.callID;
- pr_debug("%s, CID=%X\n", pptp_msg_name[msg], ntohs(cid));
+ pr_debug("%s, CID=%X\n", pptp_msg_name(msg), ntohs(cid));
info->pns_call_id = cid;
break;
@@ -440,7 +448,7 @@ pptp_outbound_pkt(struct sk_buff *skb, u
pcid = pptpReq->icack.peersCallID;
if (info->pac_call_id != pcid)
goto invalid;
- pr_debug("%s, CID=%X PCID=%X\n", pptp_msg_name[msg],
+ pr_debug("%s, CID=%X PCID=%X\n", pptp_msg_name(msg),
ntohs(cid), ntohs(pcid));
if (pptpReq->icack.resultCode == PPTP_INCALL_ACCEPT) {
@@ -480,7 +488,7 @@ pptp_outbound_pkt(struct sk_buff *skb, u
invalid:
pr_debug("invalid %s: type=%d cid=%u pcid=%u "
"cstate=%d sstate=%d pns_cid=%u pac_cid=%u\n",
- msg <= PPTP_MSG_MAX ? pptp_msg_name[msg] : pptp_msg_name[0],
+ pptp_msg_name(msg),
msg, ntohs(cid), ntohs(pcid), info->cstate, info->sstate,
ntohs(info->pns_call_id), ntohs(info->pac_call_id));
return NF_ACCEPT;
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 159/177] esp6: get the right proto for transport mode in esp6_gso_encap
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 158/177] netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 160/177] bnxt_en: Fix accumulation of bp->net_stats_prev Greg Kroah-Hartman
` (18 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xin Long, Steffen Klassert
From: Xin Long <lucien.xin@gmail.com>
commit 3c96ec56828922e3fe5477f75eb3fc02f98f98b5 upstream.
For transport mode, when ipv6 nexthdr is set, the packet format might
be like:
----------------------------------------------------
| | dest | | | | ESP | ESP |
| IP6 hdr| opts.| ESP | TCP | Data | Trailer | ICV |
----------------------------------------------------
What it wants to get for x-proto in esp6_gso_encap() is the proto that
will be set in ESP nexthdr. So it should skip all ipv6 nexthdrs and
get the real transport protocol. Othersize, the wrong proto number
will be set into ESP nexthdr.
This patch is to skip all ipv6 nexthdrs by calling ipv6_skip_exthdr()
in esp6_gso_encap().
Fixes: 7862b4058b9f ("esp: Add gso handlers for esp4 and esp6")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv6/esp6_offload.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- a/net/ipv6/esp6_offload.c
+++ b/net/ipv6/esp6_offload.c
@@ -121,9 +121,16 @@ static void esp6_gso_encap(struct xfrm_s
struct ip_esp_hdr *esph;
struct ipv6hdr *iph = ipv6_hdr(skb);
struct xfrm_offload *xo = xfrm_offload(skb);
- int proto = iph->nexthdr;
+ u8 proto = iph->nexthdr;
skb_push(skb, -skb_network_offset(skb));
+
+ if (x->outer_mode.encap == XFRM_MODE_TRANSPORT) {
+ __be16 frag;
+
+ ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &proto, &frag);
+ }
+
esph = ip_esp_hdr(skb);
*skb_mac_header(skb) = IPPROTO_ESP;
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 160/177] bnxt_en: Fix accumulation of bp->net_stats_prev.
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 159/177] esp6: get the right proto for transport mode in esp6_gso_encap Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 161/177] bnxt_en: fix firmware message length endianness Greg Kroah-Hartman
` (17 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vijayendra Suman, Michael Chan,
David S. Miller
From: Michael Chan <michael.chan@broadcom.com>
commit b8056e8434b037fdab08158fea99ed7bc8ef3a74 upstream.
We have logic to maintain network counters across resets by storing
the counters in bp->net_stats_prev before reset. But not all resets
will clear the counters. Certain resets that don't need to change
the number of rings do not clear the counters. The current logic
accumulates the counters before all resets, causing big jumps in
the counters after some resets, such as ethtool -G.
Fix it by only accumulating the counters during reset if the irq_re_init
parameter is set. The parameter signifies that all rings and interrupts
will be reset and that means that the counters will also be reset.
Reported-by: Vijayendra Suman <vijayendra.suman@oracle.com>
Fixes: b8875ca356f1 ("bnxt_en: Save ring statistics before reset.")
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -9324,7 +9324,7 @@ static void __bnxt_close_nic(struct bnxt
bnxt_free_skbs(bp);
/* Save ring stats before shutdown */
- if (bp->bnapi)
+ if (bp->bnapi && irq_re_init)
bnxt_get_ring_stats(bp, &bp->net_stats_prev);
if (irq_re_init) {
bnxt_free_irq(bp);
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 161/177] bnxt_en: fix firmware message length endianness
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 160/177] bnxt_en: Fix accumulation of bp->net_stats_prev Greg Kroah-Hartman
@ 2020-06-01 17:54 ` Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 162/177] ieee80211: Fix incorrect mask for default PE duration Greg Kroah-Hartman
` (16 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Edwin Peer, Michael Chan, David S. Miller
From: Edwin Peer <edwin.peer@broadcom.com>
commit 2a5a8800fa915bd9bc272c91ca64728e6aa84c0a upstream.
The explicit mask and shift is not the appropriate way to parse fields
out of a little endian struct. The length field is internally __le16
and the strategy employed only happens to work on little endian machines
because the offset used is actually incorrect (length is at offset 6).
Also remove the related and no longer used definitions from bnxt.h.
Fixes: 845adfe40c2a ("bnxt_en: Improve valid bit checking in firmware response message.")
Signed-off-by: Edwin Peer <edwin.peer@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 14 ++++----------
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 5 -----
2 files changed, 4 insertions(+), 15 deletions(-)
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -4184,14 +4184,12 @@ static int bnxt_hwrm_do_send_msg(struct
int i, intr_process, rc, tmo_count;
struct input *req = msg;
u32 *data = msg;
- __le32 *resp_len;
u8 *valid;
u16 cp_ring_id, len = 0;
struct hwrm_err_output *resp = bp->hwrm_cmd_resp_addr;
u16 max_req_len = BNXT_HWRM_MAX_REQ_LEN;
struct hwrm_short_input short_input = {0};
u32 doorbell_offset = BNXT_GRCPF_REG_CHIMP_COMM_TRIGGER;
- u8 *resp_addr = (u8 *)bp->hwrm_cmd_resp_addr;
u32 bar_offset = BNXT_GRCPF_REG_CHIMP_COMM;
u16 dst = BNXT_HWRM_CHNL_CHIMP;
@@ -4209,7 +4207,6 @@ static int bnxt_hwrm_do_send_msg(struct
bar_offset = BNXT_GRCPF_REG_KONG_COMM;
doorbell_offset = BNXT_GRCPF_REG_KONG_COMM_TRIGGER;
resp = bp->hwrm_cmd_kong_resp_addr;
- resp_addr = (u8 *)bp->hwrm_cmd_kong_resp_addr;
}
memset(resp, 0, PAGE_SIZE);
@@ -4278,7 +4275,6 @@ static int bnxt_hwrm_do_send_msg(struct
tmo_count = HWRM_SHORT_TIMEOUT_COUNTER;
timeout = timeout - HWRM_SHORT_MIN_TIMEOUT * HWRM_SHORT_TIMEOUT_COUNTER;
tmo_count += DIV_ROUND_UP(timeout, HWRM_MIN_TIMEOUT);
- resp_len = (__le32 *)(resp_addr + HWRM_RESP_LEN_OFFSET);
if (intr_process) {
u16 seq_id = bp->hwrm_intr_seq_id;
@@ -4306,9 +4302,8 @@ static int bnxt_hwrm_do_send_msg(struct
le16_to_cpu(req->req_type));
return -EBUSY;
}
- len = (le32_to_cpu(*resp_len) & HWRM_RESP_LEN_MASK) >>
- HWRM_RESP_LEN_SFT;
- valid = resp_addr + len - 1;
+ len = le16_to_cpu(resp->resp_len);
+ valid = ((u8 *)resp) + len - 1;
} else {
int j;
@@ -4319,8 +4314,7 @@ static int bnxt_hwrm_do_send_msg(struct
*/
if (test_bit(BNXT_STATE_FW_FATAL_COND, &bp->state))
return -EBUSY;
- len = (le32_to_cpu(*resp_len) & HWRM_RESP_LEN_MASK) >>
- HWRM_RESP_LEN_SFT;
+ len = le16_to_cpu(resp->resp_len);
if (len)
break;
/* on first few passes, just barely sleep */
@@ -4342,7 +4336,7 @@ static int bnxt_hwrm_do_send_msg(struct
}
/* Last byte of resp contains valid bit */
- valid = resp_addr + len - 1;
+ valid = ((u8 *)resp) + len - 1;
for (j = 0; j < HWRM_VALID_BIT_DELAY_USEC; j++) {
/* make sure we read from updated DMA memory */
dma_rmb();
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -654,11 +654,6 @@ struct nqe_cn {
#define HWRM_CMD_TIMEOUT (bp->hwrm_cmd_timeout)
#define HWRM_RESET_TIMEOUT ((HWRM_CMD_TIMEOUT) * 4)
#define HWRM_COREDUMP_TIMEOUT ((HWRM_CMD_TIMEOUT) * 12)
-#define HWRM_RESP_ERR_CODE_MASK 0xffff
-#define HWRM_RESP_LEN_OFFSET 4
-#define HWRM_RESP_LEN_MASK 0xffff0000
-#define HWRM_RESP_LEN_SFT 16
-#define HWRM_RESP_VALID_MASK 0xff000000
#define BNXT_HWRM_REQ_MAX_SIZE 128
#define BNXT_HWRM_REQS_PER_PAGE (BNXT_PAGE_SIZE / \
BNXT_HWRM_REQ_MAX_SIZE)
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 162/177] ieee80211: Fix incorrect mask for default PE duration
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2020-06-01 17:54 ` [PATCH 5.6 161/177] bnxt_en: fix firmware message length endianness Greg Kroah-Hartman
@ 2020-06-01 17:55 ` Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 163/177] x86/ioperm: Prevent a memory leak when fork fails Greg Kroah-Hartman
` (15 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pradeep Kumar Chitrapu, Johannes Berg
From: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
commit d031781bdabe1027858a3220f868866586bf6e7c upstream.
Fixes bitmask for HE opration's default PE duration.
Fixes: daa5b83513a7 ("mac80211: update HE operation fields to D3.0")
Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
Link: https://lore.kernel.org/r/20200506102430.5153-1-pradeepc@codeaurora.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/ieee80211.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -2047,7 +2047,7 @@ ieee80211_he_ppe_size(u8 ppe_thres_hdr,
}
/* HE Operation defines */
-#define IEEE80211_HE_OPERATION_DFLT_PE_DURATION_MASK 0x00000003
+#define IEEE80211_HE_OPERATION_DFLT_PE_DURATION_MASK 0x00000007
#define IEEE80211_HE_OPERATION_TWT_REQUIRED 0x00000008
#define IEEE80211_HE_OPERATION_RTS_THRESHOLD_MASK 0x00003ff0
#define IEEE80211_HE_OPERATION_RTS_THRESHOLD_OFFSET 4
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 163/177] x86/ioperm: Prevent a memory leak when fork fails
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (161 preceding siblings ...)
2020-06-01 17:55 ` [PATCH 5.6 162/177] ieee80211: Fix incorrect mask for default PE duration Greg Kroah-Hartman
@ 2020-06-01 17:55 ` Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 164/177] xsk: Add overflow check for u64 division, stored into u32 Greg Kroah-Hartman
` (14 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jay Lang, Thomas Gleixner, stable#
From: Jay Lang <jaytlang@mit.edu>
commit 4bfe6cce133cad82cea04490c308795275857782 upstream.
In the copy_process() routine called by _do_fork(), failure to allocate
a PID (or further along in the function) will trigger an invocation to
exit_thread(). This is done to clean up from an earlier call to
copy_thread_tls(). Naturally, the child task is passed into exit_thread(),
however during the process, io_bitmap_exit() nullifies the parent's
io_bitmap rather than the child's.
As copy_thread_tls() has been called ahead of the failure, the reference
count on the calling thread's io_bitmap is incremented as we would expect.
However, io_bitmap_exit() doesn't accept any arguments, and thus assumes
it should trash the current thread's io_bitmap reference rather than the
child's. This is pretty sneaky in practice, because in all instances but
this one, exit_thread() is called with respect to the current task and
everything works out.
A determined attacker can issue an appropriate ioctl (i.e. KDENABIO) to
get a bitmap allocated, and force a clone3() syscall to fail by passing
in a zeroed clone_args structure. The kernel handles the erroneous struct
and the buggy code path is followed, and even though the parent's reference
to the io_bitmap is trashed, the child still holds a reference and thus
the structure will never be freed.
Fix this by tweaking io_bitmap_exit() and its subroutines to accept a
task_struct argument which to operate on.
Fixes: ea5f1cd7ab49 ("x86/ioperm: Remove bitmap if all permissions dropped")
Signed-off-by: Jay Lang <jaytlang@mit.edu>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable#@vger.kernel.org
Link: https://lkml.kernel.org/r/20200524162742.253727-1-jaytlang@mit.edu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/io_bitmap.h | 4 ++--
arch/x86/kernel/ioport.c | 22 +++++++++++-----------
arch/x86/kernel/process.c | 4 ++--
3 files changed, 15 insertions(+), 15 deletions(-)
--- a/arch/x86/include/asm/io_bitmap.h
+++ b/arch/x86/include/asm/io_bitmap.h
@@ -17,7 +17,7 @@ struct task_struct;
#ifdef CONFIG_X86_IOPL_IOPERM
void io_bitmap_share(struct task_struct *tsk);
-void io_bitmap_exit(void);
+void io_bitmap_exit(struct task_struct *tsk);
void native_tss_update_io_bitmap(void);
@@ -29,7 +29,7 @@ void native_tss_update_io_bitmap(void);
#else
static inline void io_bitmap_share(struct task_struct *tsk) { }
-static inline void io_bitmap_exit(void) { }
+static inline void io_bitmap_exit(struct task_struct *tsk) { }
static inline void tss_update_io_bitmap(void) { }
#endif
--- a/arch/x86/kernel/ioport.c
+++ b/arch/x86/kernel/ioport.c
@@ -32,15 +32,15 @@ void io_bitmap_share(struct task_struct
set_tsk_thread_flag(tsk, TIF_IO_BITMAP);
}
-static void task_update_io_bitmap(void)
+static void task_update_io_bitmap(struct task_struct *tsk)
{
- struct thread_struct *t = ¤t->thread;
+ struct thread_struct *t = &tsk->thread;
if (t->iopl_emul == 3 || t->io_bitmap) {
/* TSS update is handled on exit to user space */
- set_thread_flag(TIF_IO_BITMAP);
+ set_tsk_thread_flag(tsk, TIF_IO_BITMAP);
} else {
- clear_thread_flag(TIF_IO_BITMAP);
+ clear_tsk_thread_flag(tsk, TIF_IO_BITMAP);
/* Invalidate TSS */
preempt_disable();
tss_update_io_bitmap();
@@ -48,12 +48,12 @@ static void task_update_io_bitmap(void)
}
}
-void io_bitmap_exit(void)
+void io_bitmap_exit(struct task_struct *tsk)
{
- struct io_bitmap *iobm = current->thread.io_bitmap;
+ struct io_bitmap *iobm = tsk->thread.io_bitmap;
- current->thread.io_bitmap = NULL;
- task_update_io_bitmap();
+ tsk->thread.io_bitmap = NULL;
+ task_update_io_bitmap(tsk);
if (iobm && refcount_dec_and_test(&iobm->refcnt))
kfree(iobm);
}
@@ -101,7 +101,7 @@ long ksys_ioperm(unsigned long from, uns
if (!iobm)
return -ENOMEM;
refcount_set(&iobm->refcnt, 1);
- io_bitmap_exit();
+ io_bitmap_exit(current);
}
/*
@@ -133,7 +133,7 @@ long ksys_ioperm(unsigned long from, uns
}
/* All permissions dropped? */
if (max_long == UINT_MAX) {
- io_bitmap_exit();
+ io_bitmap_exit(current);
return 0;
}
@@ -191,7 +191,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, leve
}
t->iopl_emul = level;
- task_update_io_bitmap();
+ task_update_io_bitmap(current);
return 0;
}
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -97,7 +97,7 @@ int arch_dup_task_struct(struct task_str
}
/*
- * Free current thread data structures etc..
+ * Free thread data structures etc..
*/
void exit_thread(struct task_struct *tsk)
{
@@ -105,7 +105,7 @@ void exit_thread(struct task_struct *tsk
struct fpu *fpu = &t->fpu;
if (test_thread_flag(TIF_IO_BITMAP))
- io_bitmap_exit();
+ io_bitmap_exit(tsk);
free_vm86(t);
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 164/177] xsk: Add overflow check for u64 division, stored into u32
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (162 preceding siblings ...)
2020-06-01 17:55 ` [PATCH 5.6 163/177] x86/ioperm: Prevent a memory leak when fork fails Greg Kroah-Hartman
@ 2020-06-01 17:55 ` Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 165/177] qlcnic: fix missing release in qlcnic_83xx_interrupt_test Greg Kroah-Hartman
` (13 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Minh Bùi Quang,
Björn Töpel, Daniel Borkmann, Jonathan Lemon
From: Björn Töpel <bjorn.topel@intel.com>
commit b16a87d0aef7a6be766f6618976dc5ff2c689291 upstream.
The npgs member of struct xdp_umem is an u32 entity, and stores the
number of pages the UMEM consumes. The calculation of npgs
npgs = size / PAGE_SIZE
can overflow.
To avoid overflow scenarios, the division is now first stored in a
u64, and the result is verified to fit into 32b.
An alternative would be storing the npgs as a u64, however, this
wastes memory and is an unrealisticly large packet area.
Fixes: c0c77d8fb787 ("xsk: add user memory registration support sockopt")
Reported-by: "Minh Bùi Quang" <minhquangbui99@gmail.com>
Signed-off-by: Björn Töpel <bjorn.topel@intel.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Jonathan Lemon <jonathan.lemon@gmail.com>
Link: https://lore.kernel.org/bpf/CACtPs=GGvV-_Yj6rbpzTVnopgi5nhMoCcTkSkYrJHGQHJWFZMQ@mail.gmail.com/
Link: https://lore.kernel.org/bpf/20200525080400.13195-1-bjorn.topel@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/xdp/xdp_umem.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/net/xdp/xdp_umem.c
+++ b/net/xdp/xdp_umem.c
@@ -341,8 +341,8 @@ static int xdp_umem_reg(struct xdp_umem
{
bool unaligned_chunks = mr->flags & XDP_UMEM_UNALIGNED_CHUNK_FLAG;
u32 chunk_size = mr->chunk_size, headroom = mr->headroom;
+ u64 npgs, addr = mr->addr, size = mr->len;
unsigned int chunks, chunks_per_page;
- u64 addr = mr->addr, size = mr->len;
int err;
if (chunk_size < XDP_UMEM_MIN_CHUNK_SIZE || chunk_size > PAGE_SIZE) {
@@ -372,6 +372,10 @@ static int xdp_umem_reg(struct xdp_umem
if ((addr + size) < addr)
return -EINVAL;
+ npgs = div_u64(size, PAGE_SIZE);
+ if (npgs > U32_MAX)
+ return -EINVAL;
+
chunks = (unsigned int)div_u64(size, chunk_size);
if (chunks == 0)
return -EINVAL;
@@ -391,7 +395,7 @@ static int xdp_umem_reg(struct xdp_umem
umem->size = size;
umem->headroom = headroom;
umem->chunk_size_nohr = chunk_size - headroom;
- umem->npgs = size / PAGE_SIZE;
+ umem->npgs = (u32)npgs;
umem->pgs = NULL;
umem->user = NULL;
umem->flags = mr->flags;
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 165/177] qlcnic: fix missing release in qlcnic_83xx_interrupt_test.
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (163 preceding siblings ...)
2020-06-01 17:55 ` [PATCH 5.6 164/177] xsk: Add overflow check for u64 division, stored into u32 Greg Kroah-Hartman
@ 2020-06-01 17:55 ` Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 166/177] crypto: chelsio/chtls: properly set tp->lsndtime Greg Kroah-Hartman
` (12 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:55 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Qiushi Wu, David S. Miller
From: Qiushi Wu <wu000273@umn.edu>
commit 15c973858903009e995b2037683de29dfe968621 upstream.
In function qlcnic_83xx_interrupt_test(), function
qlcnic_83xx_diag_alloc_res() is not handled by function
qlcnic_83xx_diag_free_res() after a call of the function
qlcnic_alloc_mbx_args() failed. Fix this issue by adding
a jump target "fail_mbx_args", and jump to this new target
when qlcnic_alloc_mbx_args() failed.
Fixes: b6b4316c8b2f ("qlcnic: Handle qlcnic_alloc_mbx_args() failure")
Signed-off-by: Qiushi Wu <wu000273@umn.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c
+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c
@@ -3651,7 +3651,7 @@ int qlcnic_83xx_interrupt_test(struct ne
ahw->diag_cnt = 0;
ret = qlcnic_alloc_mbx_args(&cmd, adapter, QLCNIC_CMD_INTRPT_TEST);
if (ret)
- goto fail_diag_irq;
+ goto fail_mbx_args;
if (adapter->flags & QLCNIC_MSIX_ENABLED)
intrpt_id = ahw->intr_tbl[0].id;
@@ -3681,6 +3681,8 @@ int qlcnic_83xx_interrupt_test(struct ne
done:
qlcnic_free_mbx_args(&cmd);
+
+fail_mbx_args:
qlcnic_83xx_diag_free_res(netdev, drv_sds_rings);
fail_diag_irq:
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 166/177] crypto: chelsio/chtls: properly set tp->lsndtime
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (164 preceding siblings ...)
2020-06-01 17:55 ` [PATCH 5.6 165/177] qlcnic: fix missing release in qlcnic_83xx_interrupt_test Greg Kroah-Hartman
@ 2020-06-01 17:55 ` Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 167/177] nexthops: Move code from remove_nexthop_from_groups to remove_nh_grp_entry Greg Kroah-Hartman
` (11 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Ayush Sawal,
Vinay Kumar Yadav, David S. Miller
From: Eric Dumazet <edumazet@google.com>
commit a4976a3ef844c510ae9120290b23e9f3f47d6bce upstream.
TCP tp->lsndtime unit/base is tcp_jiffies32, not tcp_time_stamp()
Fixes: 36bedb3f2e5b ("crypto: chtls - Inline TLS record Tx")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Ayush Sawal <ayush.sawal@chelsio.com>
Cc: Vinay Kumar Yadav <vinay.yadav@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/crypto/chelsio/chtls/chtls_io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/crypto/chelsio/chtls/chtls_io.c
+++ b/drivers/crypto/chelsio/chtls/chtls_io.c
@@ -682,7 +682,7 @@ int chtls_push_frames(struct chtls_sock
make_tx_data_wr(sk, skb, immdlen, len,
credits_needed, completion);
tp->snd_nxt += len;
- tp->lsndtime = tcp_time_stamp(tp);
+ tp->lsndtime = tcp_jiffies32;
if (completion)
ULP_SKB_CB(skb)->flags &= ~ULPCB_FLAG_NEED_HDR;
} else {
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 167/177] nexthops: Move code from remove_nexthop_from_groups to remove_nh_grp_entry
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (165 preceding siblings ...)
2020-06-01 17:55 ` [PATCH 5.6 166/177] crypto: chelsio/chtls: properly set tp->lsndtime Greg Kroah-Hartman
@ 2020-06-01 17:55 ` Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 168/177] nexthops: dont modify published nexthop groups Greg Kroah-Hartman
` (10 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Ahern, Nikolay Aleksandrov,
David S. Miller
From: David Ahern <dsahern@gmail.com>
commit ac21753a5c2c9a6a2019997481a2ac12bbde48c8 upstream.
Move nh_grp dereference and check for removing nexthop group due to
all members gone into remove_nh_grp_entry.
Fixes: 430a049190de ("nexthop: Add support for nexthop groups")
Signed-off-by: David Ahern <dsahern@gmail.com>
Acked-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/nexthop.c | 27 +++++++++++++--------------
1 file changed, 13 insertions(+), 14 deletions(-)
--- a/net/ipv4/nexthop.c
+++ b/net/ipv4/nexthop.c
@@ -694,17 +694,21 @@ static void nh_group_rebalance(struct nh
}
}
-static void remove_nh_grp_entry(struct nh_grp_entry *nhge,
- struct nh_group *nhg,
+static void remove_nh_grp_entry(struct net *net, struct nh_grp_entry *nhge,
struct nl_info *nlinfo)
{
+ struct nexthop *nhp = nhge->nh_parent;
struct nexthop *nh = nhge->nh;
struct nh_grp_entry *nhges;
+ struct nh_group *nhg;
bool found = false;
int i;
WARN_ON(!nh);
+ list_del(&nhge->nh_list);
+
+ nhg = rtnl_dereference(nhp->nh_grp);
nhges = nhg->nh_entries;
for (i = 0; i < nhg->num_nh; ++i) {
if (found) {
@@ -728,7 +732,11 @@ static void remove_nh_grp_entry(struct n
nexthop_put(nh);
if (nlinfo)
- nexthop_notify(RTM_NEWNEXTHOP, nhge->nh_parent, nlinfo);
+ nexthop_notify(RTM_NEWNEXTHOP, nhp, nlinfo);
+
+ /* if this group has no more entries then remove it */
+ if (!nhg->num_nh)
+ remove_nexthop(net, nhp, nlinfo);
}
static void remove_nexthop_from_groups(struct net *net, struct nexthop *nh,
@@ -736,17 +744,8 @@ static void remove_nexthop_from_groups(s
{
struct nh_grp_entry *nhge, *tmp;
- list_for_each_entry_safe(nhge, tmp, &nh->grp_list, nh_list) {
- struct nh_group *nhg;
-
- list_del(&nhge->nh_list);
- nhg = rtnl_dereference(nhge->nh_parent->nh_grp);
- remove_nh_grp_entry(nhge, nhg, nlinfo);
-
- /* if this group has no more entries then remove it */
- if (!nhg->num_nh)
- remove_nexthop(net, nhge->nh_parent, nlinfo);
- }
+ list_for_each_entry_safe(nhge, tmp, &nh->grp_list, nh_list)
+ remove_nh_grp_entry(net, nhge, nlinfo);
}
static void remove_nexthop_group(struct nexthop *nh, struct nl_info *nlinfo)
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 168/177] nexthops: dont modify published nexthop groups
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (166 preceding siblings ...)
2020-06-01 17:55 ` [PATCH 5.6 167/177] nexthops: Move code from remove_nexthop_from_groups to remove_nh_grp_entry Greg Kroah-Hartman
@ 2020-06-01 17:55 ` Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 169/177] nexthop: Expand nexthop_is_multipath in a few places Greg Kroah-Hartman
` (9 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nikolay Aleksandrov, David Ahern,
David S. Miller
From: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
commit 90f33bffa382598a32cc82abfeb20adc92d041b6 upstream.
We must avoid modifying published nexthop groups while they might be
in use, otherwise we might see NULL ptr dereferences. In order to do
that we allocate 2 nexthoup group structures upon nexthop creation
and swap between them when we have to delete an entry. The reason is
that we can't fail nexthop group removal, so we can't handle allocation
failure thus we move the extra allocation on creation where we can
safely fail and return ENOMEM.
Fixes: 430a049190de ("nexthop: Add support for nexthop groups")
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/nexthop.h | 1
net/ipv4/nexthop.c | 91 +++++++++++++++++++++++++++++++-------------------
2 files changed, 59 insertions(+), 33 deletions(-)
--- a/include/net/nexthop.h
+++ b/include/net/nexthop.h
@@ -70,6 +70,7 @@ struct nh_grp_entry {
};
struct nh_group {
+ struct nh_group *spare; /* spare group for removals */
u16 num_nh;
bool mpath;
bool has_v4;
--- a/net/ipv4/nexthop.c
+++ b/net/ipv4/nexthop.c
@@ -63,9 +63,16 @@ static void nexthop_free_mpath(struct ne
int i;
nhg = rcu_dereference_raw(nh->nh_grp);
- for (i = 0; i < nhg->num_nh; ++i)
- WARN_ON(nhg->nh_entries[i].nh);
+ for (i = 0; i < nhg->num_nh; ++i) {
+ struct nh_grp_entry *nhge = &nhg->nh_entries[i];
+ WARN_ON(!list_empty(&nhge->nh_list));
+ nexthop_put(nhge->nh);
+ }
+
+ WARN_ON(nhg->spare == nhg);
+
+ kfree(nhg->spare);
kfree(nhg);
}
@@ -697,46 +704,53 @@ static void nh_group_rebalance(struct nh
static void remove_nh_grp_entry(struct net *net, struct nh_grp_entry *nhge,
struct nl_info *nlinfo)
{
+ struct nh_grp_entry *nhges, *new_nhges;
struct nexthop *nhp = nhge->nh_parent;
struct nexthop *nh = nhge->nh;
- struct nh_grp_entry *nhges;
- struct nh_group *nhg;
- bool found = false;
- int i;
+ struct nh_group *nhg, *newg;
+ int i, j;
WARN_ON(!nh);
- list_del(&nhge->nh_list);
-
nhg = rtnl_dereference(nhp->nh_grp);
- nhges = nhg->nh_entries;
- for (i = 0; i < nhg->num_nh; ++i) {
- if (found) {
- nhges[i-1].nh = nhges[i].nh;
- nhges[i-1].weight = nhges[i].weight;
- list_del(&nhges[i].nh_list);
- list_add(&nhges[i-1].nh_list, &nhges[i-1].nh->grp_list);
- } else if (nhg->nh_entries[i].nh == nh) {
- found = true;
- }
- }
+ newg = nhg->spare;
- if (WARN_ON(!found))
+ /* last entry, keep it visible and remove the parent */
+ if (nhg->num_nh == 1) {
+ remove_nexthop(net, nhp, nlinfo);
return;
+ }
- nhg->num_nh--;
- nhg->nh_entries[nhg->num_nh].nh = NULL;
+ newg->has_v4 = nhg->has_v4;
+ newg->mpath = nhg->mpath;
+ newg->num_nh = nhg->num_nh;
- nh_group_rebalance(nhg);
+ /* copy old entries to new except the one getting removed */
+ nhges = nhg->nh_entries;
+ new_nhges = newg->nh_entries;
+ for (i = 0, j = 0; i < nhg->num_nh; ++i) {
+ /* current nexthop getting removed */
+ if (nhg->nh_entries[i].nh == nh) {
+ newg->num_nh--;
+ continue;
+ }
- nexthop_put(nh);
+ list_del(&nhges[i].nh_list);
+ new_nhges[j].nh_parent = nhges[i].nh_parent;
+ new_nhges[j].nh = nhges[i].nh;
+ new_nhges[j].weight = nhges[i].weight;
+ list_add(&new_nhges[j].nh_list, &new_nhges[j].nh->grp_list);
+ j++;
+ }
+
+ nh_group_rebalance(newg);
+ rcu_assign_pointer(nhp->nh_grp, newg);
+
+ list_del(&nhge->nh_list);
+ nexthop_put(nhge->nh);
if (nlinfo)
nexthop_notify(RTM_NEWNEXTHOP, nhp, nlinfo);
-
- /* if this group has no more entries then remove it */
- if (!nhg->num_nh)
- remove_nexthop(net, nhp, nlinfo);
}
static void remove_nexthop_from_groups(struct net *net, struct nexthop *nh,
@@ -746,6 +760,9 @@ static void remove_nexthop_from_groups(s
list_for_each_entry_safe(nhge, tmp, &nh->grp_list, nh_list)
remove_nh_grp_entry(net, nhge, nlinfo);
+
+ /* make sure all see the newly published array before releasing rtnl */
+ synchronize_rcu();
}
static void remove_nexthop_group(struct nexthop *nh, struct nl_info *nlinfo)
@@ -759,10 +776,7 @@ static void remove_nexthop_group(struct
if (WARN_ON(!nhge->nh))
continue;
- list_del(&nhge->nh_list);
- nexthop_put(nhge->nh);
- nhge->nh = NULL;
- nhg->num_nh--;
+ list_del_init(&nhge->nh_list);
}
}
@@ -1085,6 +1099,7 @@ static struct nexthop *nexthop_create_gr
{
struct nlattr *grps_attr = cfg->nh_grp;
struct nexthop_grp *entry = nla_data(grps_attr);
+ u16 num_nh = nla_len(grps_attr) / sizeof(*entry);
struct nh_group *nhg;
struct nexthop *nh;
int i;
@@ -1095,12 +1110,21 @@ static struct nexthop *nexthop_create_gr
nh->is_group = 1;
- nhg = nexthop_grp_alloc(nla_len(grps_attr) / sizeof(*entry));
+ nhg = nexthop_grp_alloc(num_nh);
if (!nhg) {
kfree(nh);
return ERR_PTR(-ENOMEM);
}
+ /* spare group used for removals */
+ nhg->spare = nexthop_grp_alloc(num_nh);
+ if (!nhg) {
+ kfree(nhg);
+ kfree(nh);
+ return NULL;
+ }
+ nhg->spare->spare = nhg;
+
for (i = 0; i < nhg->num_nh; ++i) {
struct nexthop *nhe;
struct nh_info *nhi;
@@ -1132,6 +1156,7 @@ out_no_nh:
for (; i >= 0; --i)
nexthop_put(nhg->nh_entries[i].nh);
+ kfree(nhg->spare);
kfree(nhg);
kfree(nh);
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 169/177] nexthop: Expand nexthop_is_multipath in a few places
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (167 preceding siblings ...)
2020-06-01 17:55 ` [PATCH 5.6 168/177] nexthops: dont modify published nexthop groups Greg Kroah-Hartman
@ 2020-06-01 17:55 ` Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 170/177] ipv4: nexthop version of fib_info_nh_uses_dev Greg Kroah-Hartman
` (8 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Ahern, Nikolay Aleksandrov,
David S. Miller
From: David Ahern <dsahern@gmail.com>
commit 0b5e2e39739e861fa5fc84ab27a35dbe62a15330 upstream.
I got too fancy consolidating checks on multipath type. The result
is that path lookups can access 2 different nh_grp structs as exposed
by Nik's torture tests. Expand nexthop_is_multipath within nexthop.h to
avoid multiple, nh_grp dereferences and make decisions based on the
consistent struct.
Only 2 places left using nexthop_is_multipath are within IPv6, both
only check that the nexthop is a multipath for a branching decision
which are acceptable.
Fixes: 430a049190de ("nexthop: Add support for nexthop groups")
Signed-off-by: David Ahern <dsahern@gmail.com>
Acked-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/nexthop.h | 41 +++++++++++++++++++++++++----------------
1 file changed, 25 insertions(+), 16 deletions(-)
--- a/include/net/nexthop.h
+++ b/include/net/nexthop.h
@@ -137,21 +137,20 @@ static inline unsigned int nexthop_num_p
{
unsigned int rc = 1;
- if (nexthop_is_multipath(nh)) {
+ if (nh->is_group) {
struct nh_group *nh_grp;
nh_grp = rcu_dereference_rtnl(nh->nh_grp);
- rc = nh_grp->num_nh;
+ if (nh_grp->mpath)
+ rc = nh_grp->num_nh;
}
return rc;
}
static inline
-struct nexthop *nexthop_mpath_select(const struct nexthop *nh, int nhsel)
+struct nexthop *nexthop_mpath_select(const struct nh_group *nhg, int nhsel)
{
- const struct nh_group *nhg = rcu_dereference_rtnl(nh->nh_grp);
-
/* for_nexthops macros in fib_semantics.c grabs a pointer to
* the nexthop before checking nhsel
*/
@@ -186,12 +185,14 @@ static inline bool nexthop_is_blackhole(
{
const struct nh_info *nhi;
- if (nexthop_is_multipath(nh)) {
- if (nexthop_num_path(nh) > 1)
- return false;
- nh = nexthop_mpath_select(nh, 0);
- if (!nh)
+ if (nh->is_group) {
+ struct nh_group *nh_grp;
+
+ nh_grp = rcu_dereference_rtnl(nh->nh_grp);
+ if (nh_grp->num_nh > 1)
return false;
+
+ nh = nh_grp->nh_entries[0].nh;
}
nhi = rcu_dereference_rtnl(nh->nh_info);
@@ -217,10 +218,15 @@ struct fib_nh_common *nexthop_fib_nhc(st
BUILD_BUG_ON(offsetof(struct fib_nh, nh_common) != 0);
BUILD_BUG_ON(offsetof(struct fib6_nh, nh_common) != 0);
- if (nexthop_is_multipath(nh)) {
- nh = nexthop_mpath_select(nh, nhsel);
- if (!nh)
- return NULL;
+ if (nh->is_group) {
+ struct nh_group *nh_grp;
+
+ nh_grp = rcu_dereference_rtnl(nh->nh_grp);
+ if (nh_grp->mpath) {
+ nh = nexthop_mpath_select(nh_grp, nhsel);
+ if (!nh)
+ return NULL;
+ }
}
nhi = rcu_dereference_rtnl(nh->nh_info);
@@ -264,8 +270,11 @@ static inline struct fib6_nh *nexthop_fi
{
struct nh_info *nhi;
- if (nexthop_is_multipath(nh)) {
- nh = nexthop_mpath_select(nh, 0);
+ if (nh->is_group) {
+ struct nh_group *nh_grp;
+
+ nh_grp = rcu_dereference_rtnl(nh->nh_grp);
+ nh = nexthop_mpath_select(nh_grp, 0);
if (!nh)
return NULL;
}
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 170/177] ipv4: nexthop version of fib_info_nh_uses_dev
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (168 preceding siblings ...)
2020-06-01 17:55 ` [PATCH 5.6 169/177] nexthop: Expand nexthop_is_multipath in a few places Greg Kroah-Hartman
@ 2020-06-01 17:55 ` Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 171/177] net: dsa: declare lockless TX feature for slave ports Greg Kroah-Hartman
` (7 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Ahern, Nikolay Aleksandrov,
David S. Miller
From: David Ahern <dsahern@gmail.com>
commit 1fd1c768f3624a5e66766e7b4ddb9b607cd834a5 upstream.
Similar to the last path, need to fix fib_info_nh_uses_dev for
external nexthops to avoid referencing multiple nh_grp structs.
Move the device check in fib_info_nh_uses_dev to a helper and
create a nexthop version that is called if the fib_info uses an
external nexthop.
Fixes: 430a049190de ("nexthop: Add support for nexthop groups")
Signed-off-by: David Ahern <dsahern@gmail.com>
Acked-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/ip_fib.h | 10 ++++++++++
include/net/nexthop.h | 25 +++++++++++++++++++++++++
net/ipv4/fib_frontend.c | 19 ++++++++++---------
3 files changed, 45 insertions(+), 9 deletions(-)
--- a/include/net/ip_fib.h
+++ b/include/net/ip_fib.h
@@ -447,6 +447,16 @@ static inline int fib_num_tclassid_users
#endif
int fib_unmerge(struct net *net);
+static inline bool nhc_l3mdev_matches_dev(const struct fib_nh_common *nhc,
+const struct net_device *dev)
+{
+ if (nhc->nhc_dev == dev ||
+ l3mdev_master_ifindex_rcu(nhc->nhc_dev) == dev->ifindex)
+ return true;
+
+ return false;
+}
+
/* Exported by fib_semantics.c */
int ip_fib_check_default(__be32 gw, struct net_device *dev);
int fib_sync_down_dev(struct net_device *dev, unsigned long event, bool force);
--- a/include/net/nexthop.h
+++ b/include/net/nexthop.h
@@ -233,6 +233,31 @@ struct fib_nh_common *nexthop_fib_nhc(st
return &nhi->fib_nhc;
}
+static inline bool nexthop_uses_dev(const struct nexthop *nh,
+ const struct net_device *dev)
+{
+ struct nh_info *nhi;
+
+ if (nh->is_group) {
+ struct nh_group *nhg = rcu_dereference(nh->nh_grp);
+ int i;
+
+ for (i = 0; i < nhg->num_nh; i++) {
+ struct nexthop *nhe = nhg->nh_entries[i].nh;
+
+ nhi = rcu_dereference(nhe->nh_info);
+ if (nhc_l3mdev_matches_dev(&nhi->fib_nhc, dev))
+ return true;
+ }
+ } else {
+ nhi = rcu_dereference(nh->nh_info);
+ if (nhc_l3mdev_matches_dev(&nhi->fib_nhc, dev))
+ return true;
+ }
+
+ return false;
+}
+
static inline unsigned int fib_info_num_path(const struct fib_info *fi)
{
if (unlikely(fi->nh))
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -309,17 +309,18 @@ bool fib_info_nh_uses_dev(struct fib_inf
{
bool dev_match = false;
#ifdef CONFIG_IP_ROUTE_MULTIPATH
- int ret;
+ if (unlikely(fi->nh)) {
+ dev_match = nexthop_uses_dev(fi->nh, dev);
+ } else {
+ int ret;
- for (ret = 0; ret < fib_info_num_path(fi); ret++) {
- const struct fib_nh_common *nhc = fib_info_nhc(fi, ret);
+ for (ret = 0; ret < fib_info_num_path(fi); ret++) {
+ const struct fib_nh_common *nhc = fib_info_nhc(fi, ret);
- if (nhc->nhc_dev == dev) {
- dev_match = true;
- break;
- } else if (l3mdev_master_ifindex_rcu(nhc->nhc_dev) == dev->ifindex) {
- dev_match = true;
- break;
+ if (nhc_l3mdev_matches_dev(nhc, dev)) {
+ dev_match = true;
+ break;
+ }
}
}
#else
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 171/177] net: dsa: declare lockless TX feature for slave ports
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (169 preceding siblings ...)
2020-06-01 17:55 ` [PATCH 5.6 170/177] ipv4: nexthop version of fib_info_nh_uses_dev Greg Kroah-Hartman
@ 2020-06-01 17:55 ` Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 172/177] bonding: Fix reference count leak in bond_sysfs_slave_add Greg Kroah-Hartman
` (6 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Taehee Yoo, Vladimir Oltean,
Florian Fainelli, David S. Miller
From: Vladimir Oltean <vladimir.oltean@nxp.com>
commit 2b86cb8299765688c5119fd18d5f436716c81010 upstream.
Be there a platform with the following layout:
Regular NIC
|
+----> DSA master for switch port
|
+----> DSA master for another switch port
After changing DSA back to static lockdep class keys in commit
1a33e10e4a95 ("net: partially revert dynamic lockdep key changes"), this
kernel splat can be seen:
[ 13.361198] ============================================
[ 13.366524] WARNING: possible recursive locking detected
[ 13.371851] 5.7.0-rc4-02121-gc32a05ecd7af-dirty #988 Not tainted
[ 13.377874] --------------------------------------------
[ 13.383201] swapper/0/0 is trying to acquire lock:
[ 13.388004] ffff0000668ff298 (&dsa_slave_netdev_xmit_lock_key){+.-.}-{2:2}, at: __dev_queue_xmit+0x84c/0xbe0
[ 13.397879]
[ 13.397879] but task is already holding lock:
[ 13.403727] ffff0000661a1698 (&dsa_slave_netdev_xmit_lock_key){+.-.}-{2:2}, at: __dev_queue_xmit+0x84c/0xbe0
[ 13.413593]
[ 13.413593] other info that might help us debug this:
[ 13.420140] Possible unsafe locking scenario:
[ 13.420140]
[ 13.426075] CPU0
[ 13.428523] ----
[ 13.430969] lock(&dsa_slave_netdev_xmit_lock_key);
[ 13.435946] lock(&dsa_slave_netdev_xmit_lock_key);
[ 13.440924]
[ 13.440924] *** DEADLOCK ***
[ 13.440924]
[ 13.446860] May be due to missing lock nesting notation
[ 13.446860]
[ 13.453668] 6 locks held by swapper/0/0:
[ 13.457598] #0: ffff800010003de0 ((&idev->mc_ifc_timer)){+.-.}-{0:0}, at: call_timer_fn+0x0/0x400
[ 13.466593] #1: ffffd4d3fb478700 (rcu_read_lock){....}-{1:2}, at: mld_sendpack+0x0/0x560
[ 13.474803] #2: ffffd4d3fb478728 (rcu_read_lock_bh){....}-{1:2}, at: ip6_finish_output2+0x64/0xb10
[ 13.483886] #3: ffffd4d3fb478728 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x6c/0xbe0
[ 13.492793] #4: ffff0000661a1698 (&dsa_slave_netdev_xmit_lock_key){+.-.}-{2:2}, at: __dev_queue_xmit+0x84c/0xbe0
[ 13.503094] #5: ffffd4d3fb478728 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x6c/0xbe0
[ 13.512000]
[ 13.512000] stack backtrace:
[ 13.516369] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.7.0-rc4-02121-gc32a05ecd7af-dirty #988
[ 13.530421] Call trace:
[ 13.532871] dump_backtrace+0x0/0x1d8
[ 13.536539] show_stack+0x24/0x30
[ 13.539862] dump_stack+0xe8/0x150
[ 13.543271] __lock_acquire+0x1030/0x1678
[ 13.547290] lock_acquire+0xf8/0x458
[ 13.550873] _raw_spin_lock+0x44/0x58
[ 13.554543] __dev_queue_xmit+0x84c/0xbe0
[ 13.558562] dev_queue_xmit+0x24/0x30
[ 13.562232] dsa_slave_xmit+0xe0/0x128
[ 13.565988] dev_hard_start_xmit+0xf4/0x448
[ 13.570182] __dev_queue_xmit+0x808/0xbe0
[ 13.574200] dev_queue_xmit+0x24/0x30
[ 13.577869] neigh_resolve_output+0x15c/0x220
[ 13.582237] ip6_finish_output2+0x244/0xb10
[ 13.586430] __ip6_finish_output+0x1dc/0x298
[ 13.590709] ip6_output+0x84/0x358
[ 13.594116] mld_sendpack+0x2bc/0x560
[ 13.597786] mld_ifc_timer_expire+0x210/0x390
[ 13.602153] call_timer_fn+0xcc/0x400
[ 13.605822] run_timer_softirq+0x588/0x6e0
[ 13.609927] __do_softirq+0x118/0x590
[ 13.613597] irq_exit+0x13c/0x148
[ 13.616918] __handle_domain_irq+0x6c/0xc0
[ 13.621023] gic_handle_irq+0x6c/0x160
[ 13.624779] el1_irq+0xbc/0x180
[ 13.627927] cpuidle_enter_state+0xb4/0x4d0
[ 13.632120] cpuidle_enter+0x3c/0x50
[ 13.635703] call_cpuidle+0x44/0x78
[ 13.639199] do_idle+0x228/0x2c8
[ 13.642433] cpu_startup_entry+0x2c/0x48
[ 13.646363] rest_init+0x1ac/0x280
[ 13.649773] arch_call_rest_init+0x14/0x1c
[ 13.653878] start_kernel+0x490/0x4bc
Lockdep keys themselves were added in commit ab92d68fc22f ("net: core:
add generic lockdep keys"), and it's very likely that this splat existed
since then, but I have no real way to check, since this stacked platform
wasn't supported by mainline back then.
>From Taehee's own words:
This patch was considered that all stackable devices have LLTX flag.
But the dsa doesn't have LLTX, so this splat happened.
After this patch, dsa shares the same lockdep class key.
On the nested dsa interface architecture, which you illustrated,
the same lockdep class key will be used in __dev_queue_xmit() because
dsa doesn't have LLTX.
So that lockdep detects deadlock because the same lockdep class key is
used recursively although actually the different locks are used.
There are some ways to fix this problem.
1. using NETIF_F_LLTX flag.
If possible, using the LLTX flag is a very clear way for it.
But I'm so sorry I don't know whether the dsa could have LLTX or not.
2. using dynamic lockdep again.
It means that each interface uses a separate lockdep class key.
So, lockdep will not detect recursive locking.
But this way has a problem that it could consume lockdep class key
too many.
Currently, lockdep can have 8192 lockdep class keys.
- you can see this number with the following command.
cat /proc/lockdep_stats
lock-classes: 1251 [max: 8192]
...
The [max: 8192] means that the maximum number of lockdep class keys.
If too many lockdep class keys are registered, lockdep stops to work.
So, using a dynamic(separated) lockdep class key should be considered
carefully.
In addition, updating lockdep class key routine might have to be existing.
(lockdep_register_key(), lockdep_set_class(), lockdep_unregister_key())
3. Using lockdep subclass.
A lockdep class key could have 8 subclasses.
The different subclass is considered different locks by lockdep
infrastructure.
But "lock-classes" is not counted by subclasses.
So, it could avoid stopping lockdep infrastructure by an overflow of
lockdep class keys.
This approach should also have an updating lockdep class key routine.
(lockdep_set_subclass())
4. Using nonvalidate lockdep class key.
The lockdep infrastructure supports nonvalidate lockdep class key type.
It means this lockdep is not validated by lockdep infrastructure.
So, the splat will not happen but lockdep couldn't detect real deadlock
case because lockdep really doesn't validate it.
I think this should be used for really special cases.
(lockdep_set_novalidate_class())
Further discussion here:
https://patchwork.ozlabs.org/project/netdev/patch/20200503052220.4536-2-xiyou.wangcong@gmail.com/
There appears to be no negative side-effect to declaring lockless TX for
the DSA virtual interfaces, which means they handle their own locking.
So that's what we do to make the splat go away.
Patch tested in a wide variety of cases: unicast, multicast, PTP, etc.
Fixes: ab92d68fc22f ("net: core: add generic lockdep keys")
Suggested-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/dsa/slave.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/dsa/slave.c
+++ b/net/dsa/slave.c
@@ -1393,6 +1393,7 @@ int dsa_slave_create(struct dsa_port *po
if (ds->ops->port_vlan_add && ds->ops->port_vlan_del)
slave_dev->features |= NETIF_F_HW_VLAN_CTAG_FILTER;
slave_dev->hw_features |= NETIF_F_HW_TC;
+ slave_dev->features |= NETIF_F_LLTX;
slave_dev->ethtool_ops = &dsa_slave_ethtool_ops;
if (!IS_ERR_OR_NULL(port->mac))
ether_addr_copy(slave_dev->dev_addr, port->mac);
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 172/177] bonding: Fix reference count leak in bond_sysfs_slave_add.
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (170 preceding siblings ...)
2020-06-01 17:55 ` [PATCH 5.6 171/177] net: dsa: declare lockless TX feature for slave ports Greg Kroah-Hartman
@ 2020-06-01 17:55 ` Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 173/177] powerpc/bpf: Enable bpf_probe_read{, str}() on powerpc again Greg Kroah-Hartman
` (5 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qiushi Wu, Jay Vosburgh, David S. Miller
From: Qiushi Wu <wu000273@umn.edu>
commit a068aab42258e25094bc2c159948d263ed7d7a77 upstream.
kobject_init_and_add() takes reference even when it fails.
If this function returns an error, kobject_put() must be called to
properly clean up the memory associated with the object. Previous
commit "b8eb718348b8" fixed a similar problem.
Fixes: 07699f9a7c8d ("bonding: add sysfs /slave dir for bond slave devices.")
Signed-off-by: Qiushi Wu <wu000273@umn.edu>
Acked-by: Jay Vosburgh <jay.vosburgh@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/bonding/bond_sysfs_slave.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/net/bonding/bond_sysfs_slave.c
+++ b/drivers/net/bonding/bond_sysfs_slave.c
@@ -149,8 +149,10 @@ int bond_sysfs_slave_add(struct slave *s
err = kobject_init_and_add(&slave->kobj, &slave_ktype,
&(slave->dev->dev.kobj), "bonding_slave");
- if (err)
+ if (err) {
+ kobject_put(&slave->kobj);
return err;
+ }
for (a = slave_attrs; *a; ++a) {
err = sysfs_create_file(&slave->kobj, &((*a)->attr));
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 173/177] powerpc/bpf: Enable bpf_probe_read{, str}() on powerpc again
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (171 preceding siblings ...)
2020-06-01 17:55 ` [PATCH 5.6 172/177] bonding: Fix reference count leak in bond_sysfs_slave_add Greg Kroah-Hartman
@ 2020-06-01 17:55 ` Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 174/177] Revert "Input: i8042 - add ThinkPad S230u to i8042 nomux list" Greg Kroah-Hartman
` (4 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Petr Mladek, Daniel Borkmann,
Michael Ellerman
From: Petr Mladek <pmladek@suse.com>
commit d195b1d1d1196681ac4775e0361e9cca70f740c2 upstream.
The commit 0ebeea8ca8a4d1d453a ("bpf: Restrict bpf_probe_read{, str}() only
to archs where they work") caused that bpf_probe_read{, str}() functions
were not longer available on architectures where the same logical address
might have different content in kernel and user memory mapping. These
architectures should use probe_read_{user,kernel}_str helpers.
For backward compatibility, the problematic functions are still available
on architectures where the user and kernel address spaces are not
overlapping. This is defined CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE.
At the moment, these backward compatible functions are enabled only on x86_64,
arm, and arm64. Let's do it also on powerpc that has the non overlapping
address space as well.
Fixes: 0ebeea8ca8a4 ("bpf: Restrict bpf_probe_read{, str}() only to archs where they work")
Signed-off-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/lkml/20200527122844.19524-1-pmladek@suse.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/Kconfig | 1 +
1 file changed, 1 insertion(+)
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -125,6 +125,7 @@ config PPC
select ARCH_HAS_MMIOWB if PPC64
select ARCH_HAS_PHYS_TO_DMA
select ARCH_HAS_PMEM_API
+ select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
select ARCH_HAS_PTE_DEVMAP if PPC_BOOK3S_64
select ARCH_HAS_PTE_SPECIAL
select ARCH_HAS_MEMBARRIER_CALLBACKS
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 174/177] Revert "Input: i8042 - add ThinkPad S230u to i8042 nomux list"
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (172 preceding siblings ...)
2020-06-01 17:55 ` [PATCH 5.6 173/177] powerpc/bpf: Enable bpf_probe_read{, str}() on powerpc again Greg Kroah-Hartman
@ 2020-06-01 17:55 ` Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 175/177] netfilter: conntrack: comparison of unsigned in cthelper confirmation Greg Kroah-Hartman
` (3 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:55 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
commit f4dec2d6160976b14e54be9c3950ce0f52385741 upstream.
This reverts commit 18931506465a762ffd3f4803d36a18d336a67da9. From Kevin
Locke:
"... nomux only appeared to fix the issue because the controller
continued working after warm reboots. After more thorough testing from
both warm and cold start, I now believe the entry should be added to
i8042_dmi_reset_table rather than i8042_dmi_nomux_table as i8042.reset=1
alone is sufficient to avoid the issue from both states while
i8042.nomux is not."
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/input/serio/i8042-x86ia64io.h | 7 -------
1 file changed, 7 deletions(-)
--- a/drivers/input/serio/i8042-x86ia64io.h
+++ b/drivers/input/serio/i8042-x86ia64io.h
@@ -541,13 +541,6 @@ static const struct dmi_system_id __init
DMI_MATCH(DMI_PRODUCT_NAME, "Aspire 5738"),
},
},
- {
- /* Lenovo ThinkPad Twist S230u */
- .matches = {
- DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
- DMI_MATCH(DMI_PRODUCT_NAME, "33474HU"),
- },
- },
{ }
};
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 175/177] netfilter: conntrack: comparison of unsigned in cthelper confirmation
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (173 preceding siblings ...)
2020-06-01 17:55 ` [PATCH 5.6 174/177] Revert "Input: i8042 - add ThinkPad S230u to i8042 nomux list" Greg Kroah-Hartman
@ 2020-06-01 17:55 ` Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 176/177] netfilter: conntrack: Pass value of ctinfo to __nf_conntrack_update Greg Kroah-Hartman
` (2 subsequent siblings)
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Ian King, Pablo Neira Ayuso
From: Pablo Neira Ayuso <pablo@netfilter.org>
commit 94945ad2b330207cded0fd8d4abebde43a776dfb upstream.
net/netfilter/nf_conntrack_core.c: In function nf_confirm_cthelper:
net/netfilter/nf_conntrack_core.c:2117:15: warning: comparison of unsigned expression in < 0 is always false [-Wtype-limits]
2117 | if (protoff < 0 || (frag_off & htons(~0x7)) != 0)
| ^
ipv6_skip_exthdr() returns a signed integer.
Reported-by: Colin Ian King <colin.king@canonical.com>
Fixes: 703acd70f249 ("netfilter: nfnetlink_cthelper: unbreak userspace helper support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_conntrack_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -2090,7 +2090,7 @@ static int nf_confirm_cthelper(struct sk
{
const struct nf_conntrack_helper *helper;
const struct nf_conn_help *help;
- unsigned int protoff;
+ int protoff;
help = nfct_help(ct);
if (!help)
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 176/177] netfilter: conntrack: Pass value of ctinfo to __nf_conntrack_update
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (174 preceding siblings ...)
2020-06-01 17:55 ` [PATCH 5.6 175/177] netfilter: conntrack: comparison of unsigned in cthelper confirmation Greg Kroah-Hartman
@ 2020-06-01 17:55 ` Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 177/177] netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build Greg Kroah-Hartman
2020-06-02 6:47 ` [PATCH 5.6 000/177] 5.6.16-rc1 review Naresh Kamboju
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nathan Chancellor, Pablo Neira Ayuso
From: Nathan Chancellor <natechancellor@gmail.com>
commit 46c1e0621a72e0469ec4edfdb6ed4d387ec34f8a upstream.
Clang warns:
net/netfilter/nf_conntrack_core.c:2068:21: warning: variable 'ctinfo' is
uninitialized when used here [-Wuninitialized]
nf_ct_set(skb, ct, ctinfo);
^~~~~~
net/netfilter/nf_conntrack_core.c:2024:2: note: variable 'ctinfo' is
declared here
enum ip_conntrack_info ctinfo;
^
1 warning generated.
nf_conntrack_update was split up into nf_conntrack_update and
__nf_conntrack_update, where the assignment of ctinfo is in
nf_conntrack_update but it is used in __nf_conntrack_update.
Pass the value of ctinfo from nf_conntrack_update to
__nf_conntrack_update so that uninitialized memory is not used
and everything works properly.
Fixes: ee04805ff54a ("netfilter: conntrack: make conntrack userspace helpers work again")
Link: https://github.com/ClangBuiltLinux/linux/issues/1039
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_conntrack_core.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -2015,11 +2015,11 @@ static void nf_conntrack_attach(struct s
}
static int __nf_conntrack_update(struct net *net, struct sk_buff *skb,
- struct nf_conn *ct)
+ struct nf_conn *ct,
+ enum ip_conntrack_info ctinfo)
{
struct nf_conntrack_tuple_hash *h;
struct nf_conntrack_tuple tuple;
- enum ip_conntrack_info ctinfo;
struct nf_nat_hook *nat_hook;
unsigned int status;
int dataoff;
@@ -2144,7 +2144,7 @@ static int nf_conntrack_update(struct ne
return 0;
if (!nf_ct_is_confirmed(ct)) {
- err = __nf_conntrack_update(net, skb, ct);
+ err = __nf_conntrack_update(net, skb, ct, ctinfo);
if (err < 0)
return err;
}
^ permalink raw reply [flat|nested] 179+ messages in thread
* [PATCH 5.6 177/177] netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (175 preceding siblings ...)
2020-06-01 17:55 ` [PATCH 5.6 176/177] netfilter: conntrack: Pass value of ctinfo to __nf_conntrack_update Greg Kroah-Hartman
@ 2020-06-01 17:55 ` Greg Kroah-Hartman
2020-06-02 6:47 ` [PATCH 5.6 000/177] 5.6.16-rc1 review Naresh Kamboju
177 siblings, 0 replies; 179+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-01 17:55 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kbuild test robot, Pablo Neira Ayuso
From: Pablo Neira Ayuso <pablo@netfilter.org>
commit 4946ea5c1237036155c3b3a24f049fd5f849f8f6 upstream.
>> include/linux/netfilter/nf_conntrack_pptp.h:13:20: warning: 'const' type qualifier on return type has no effect [-Wignored-qualifiers]
extern const char *const pptp_msg_name(u_int16_t msg);
^~~~~~
Reported-by: kbuild test robot <lkp@intel.com>
Fixes: 4c559f15efcc ("netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/netfilter/nf_conntrack_pptp.h | 2 +-
net/netfilter/nf_conntrack_pptp.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--- a/include/linux/netfilter/nf_conntrack_pptp.h
+++ b/include/linux/netfilter/nf_conntrack_pptp.h
@@ -10,7 +10,7 @@
#include <net/netfilter/nf_conntrack_expect.h>
#include <uapi/linux/netfilter/nf_conntrack_tuple_common.h>
-extern const char *const pptp_msg_name(u_int16_t msg);
+const char *pptp_msg_name(u_int16_t msg);
/* state of the control session */
enum pptp_ctrlsess_state {
--- a/net/netfilter/nf_conntrack_pptp.c
+++ b/net/netfilter/nf_conntrack_pptp.c
@@ -91,7 +91,7 @@ static const char *const pptp_msg_name_a
[PPTP_SET_LINK_INFO] = "SET_LINK_INFO"
};
-const char *const pptp_msg_name(u_int16_t msg)
+const char *pptp_msg_name(u_int16_t msg)
{
if (msg > PPTP_MSG_MAX)
return pptp_msg_name_array[0];
^ permalink raw reply [flat|nested] 179+ messages in thread
* Re: [PATCH 5.6 000/177] 5.6.16-rc1 review
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
` (176 preceding siblings ...)
2020-06-01 17:55 ` [PATCH 5.6 177/177] netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build Greg Kroah-Hartman
@ 2020-06-02 6:47 ` Naresh Kamboju
177 siblings, 0 replies; 179+ messages in thread
From: Naresh Kamboju @ 2020-06-02 6:47 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: open list, Linus Torvalds, Andrew Morton, Guenter Roeck,
Shuah Khan, patches, Ben Hutchings, lkft-triage, linux- stable
On Mon, 1 Jun 2020 at 23:43, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 5.6.16 release.
> There are 177 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 03 Jun 2020 17:38:19 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.6.16-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.6.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.
Summary
------------------------------------------------------------------------
kernel: 5.6.16-rc1
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-5.6.y
git commit: c72fcbc7d224903b8241afc1202a414575c1e557
git describe: v5.6.15-178-gc72fcbc7d224
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-5.6-oe/build/v5.6.15-178-gc72fcbc7d224
No regressions (compared to build v5.6.15)
No fixes (compared to build v5.6.15)
Ran 31253 total tests in the following environments and test suites.
Environments
--------------
- dragonboard-410c
- hi6220-hikey
- i386
- juno-r2
- juno-r2-compat
- juno-r2-kasan
- nxp-ls2088
- qemu_arm
- qemu_arm64
- qemu_i386
- qemu_x86_64
- x15
- x86
- x86-kasan
Test Suites
-----------
* build
* install-android-platform-tools-r2600
* install-android-platform-tools-r2800
* kselftest
* kselftest/drivers
* kselftest/filesystems
* libgpiod
* libhugetlbfs
* linux-log-parser
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-containers-tests
* ltp-cpuhotplug-tests
* ltp-crypto-tests
* ltp-dio-tests
* ltp-fs-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* ltp-sched-tests
* ltp-syscalls-tests
* perf
* v4l2-compliance
* ltp-cve-tests
* ltp-nptl-tests
* ltp-pty-tests
* ltp-securebits-tests
* kselftest/net
* kselftest/networking
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-open-posix-tests
* network-basic-tests
* kvm-unit-tests
* kselftest-vsyscall-mode-native
* kselftest-vsyscall-mode-native/drivers
* kselftest-vsyscall-mode-native/filesystems
* kselftest-vsyscall-mode-native/net
* kselftest-vsyscall-mode-native/networking
* kselftest-vsyscall-mode-none
* kselftest-vsyscall-mode-none/drivers
* kselftest-vsyscall-mode-none/filesystems
* kselftest-vsyscall-mode-none/net
* kselftest-vsyscall-mode-none/networking
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 179+ messages in thread
end of thread, other threads:[~2020-06-02 6:47 UTC | newest]
Thread overview: 179+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-01 17:52 [PATCH 5.6 000/177] 5.6.16-rc1 review Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 001/177] ax25: fix setsockopt(SO_BINDTODEVICE) Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 002/177] dpaa_eth: fix usage as DSA master, try 3 Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 003/177] ethtool: count header size in reply size estimate Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 004/177] felix: Fix initialization of ioremap resources Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 005/177] net: dont return invalid table id error when we fall back to PF_UNSPEC Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 006/177] net: dsa: mt7530: fix roaming from DSA user ports Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 007/177] net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during suspend Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 008/177] __netif_receive_skb_core: pass skb by reference Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 009/177] net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 010/177] net: ipip: fix wrong address family in init error path Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 011/177] net/mlx5: Add command entry handling completion Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 012/177] net: mvpp2: fix RX hashing for non-10G ports Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 013/177] net: nlmsg_cancel() if put fails for nhmsg Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 014/177] net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 015/177] net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 016/177] net sched: fix reporting the first-time use timestamp Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 017/177] net/tls: fix race condition causing kernel panic Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 018/177] nexthop: Fix attribute checking for groups Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 019/177] r8152: support additional Microsoft Surface Ethernet Adapter variant Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 020/177] sctp: Dont add the shutdown timer if its already been added Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 021/177] sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 022/177] tipc: block BH before using dst_cache Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 023/177] net/mlx5e: kTLS, Destroy key object after destroying the TIS Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 024/177] net/mlx5e: Fix inner tirs handling Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 025/177] net/mlx5: Fix memory leak in mlx5_events_init Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 026/177] net/mlx5e: Update netdev txq on completions during closure Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 027/177] net/mlx5: Fix error flow in case of function_setup failure Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 028/177] wireguard: noise: read preshared key while taking lock Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 029/177] wireguard: queueing: preserve flow hash across packet scrubbing Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 030/177] wireguard: noise: separate receive counter from send counter Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 031/177] r8169: fix OCP access on RTL8117 Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 032/177] net/mlx5: Fix a race when moving command interface to events mode Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 033/177] net/mlx5: Fix cleaning unmanaged flow tables Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 034/177] Revert "virtio-balloon: Revert "virtio-balloon: Switch back to OOM handler for VIRTIO_BALLOON_F_DEFLATE_ON_OOM"" Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 035/177] net/mlx5: Avoid processing commands before cmdif is ready Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 036/177] net/mlx5: Annotate mutex destroy for root ns Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 037/177] net/tls: fix encryption error checking Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 038/177] net/tls: free record only on encryption error Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 039/177] net: sun: fix missing release regions in cas_init_one() Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 040/177] net/mlx4_core: fix a memory leak bug Greg Kroah-Hartman
2020-06-01 17:52 ` [PATCH 5.6 041/177] net: sgi: ioc3-eth: Fix return value check in ioc3eth_probe() Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 042/177] mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload fails Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 043/177] net: mscc: ocelot: fix address ageing time (again) Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 044/177] arm64: dts: qcom: db820c: fix audio configuration Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 045/177] ARM: dts: rockchip: fix phy nodename for rk3228-evb Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 046/177] ARM: dts: rockchip: fix phy nodename for rk3229-xms6 Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 047/177] arm64: dts: rockchip: fix status for &gmac2phy in rk3328-evb.dts Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 048/177] arm64: dts: rockchip: swap interrupts interrupt-names rk3399 gpu node Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 049/177] ARM: dts: rockchip: swap clock-names of gpu nodes Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 050/177] ARM: dts: rockchip: fix pinctrl sub nodename for spi in rk322x.dtsi Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 051/177] gpio: tegra: mask GPIO IRQs during IRQ shutdown Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 052/177] ALSA: usb-audio: add mapping for ASRock TRX40 Creator Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 053/177] ARM: dts: omap4-droid4: Fix flakey wlan by disabling internal pull for gpio Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 054/177] ARM: dts: omap4-droid4: Fix occasional lost wakeirq for uart1 Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 055/177] net: microchip: encx24j600: add missed kthread_stop Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 056/177] kselftests: dmabuf-heaps: Fix confused return value on expected error testing Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 057/177] gfs2: move privileged user check to gfs2_quota_lock_check Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 058/177] gfs2: dont call quota_unhold if quotas are not locked Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 059/177] gfs2: Grab glock reference sooner in gfs2_add_revoke Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 060/177] drm/amdgpu: drop unnecessary cancel_delayed_work_sync on PG ungate Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 061/177] drm/amd/powerplay: perform PG ungate prior to CG ungate Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 062/177] drm/amdgpu: Use GEM obj reference for KFD BOs Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 063/177] cachefiles: Fix race between read_waiter and read_copier involving op->to_do Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 064/177] usb: dwc3: pci: Enable extcon driver for Intel Merrifield Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 065/177] usb: phy: twl6030-usb: Fix a resource leak in an error handling path in twl6030_usb_probe() Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 066/177] usb: gadget: legacy: fix redundant initialization warnings Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 067/177] net: freescale: select CONFIG_FIXED_PHY where needed Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 068/177] drm/amd/amdgpu: Update update_config() logic Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 069/177] IB/i40iw: Remove bogus call to netdev_master_upper_dev_get() Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 070/177] riscv: Fix unmet direct dependencies built based on SOC_VIRT Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 071/177] riscv: stacktrace: Fix undefined reference to `walk_stackframe Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 072/177] riscv: Add pgprot_writecombine/device and PAGE_SHARED defination if NOMMU Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 073/177] clk: ti: am33xx: fix RTC clock parent Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 074/177] csky: Fixup msa highest 3 bits mask Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 075/177] csky: Fixup perf callchain unwind Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 076/177] csky: Fixup remove duplicate irq_disable Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 077/177] drm/meson: pm resume add return errno branch Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 078/177] hwmon: (nct7904) Fix incorrect range of temperature limit registers Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 079/177] riscv: pgtable: Fix __kernel_map_pages build error if NOMMU Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 080/177] cifs: Fix null pointer check in cifs_read Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 081/177] csky: Fixup raw_copy_from_user() Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 082/177] samples: bpf: Fix build error Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 083/177] drivers: net: hamradio: Fix suspicious RCU usage warning in bpqether.c Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 084/177] Input: usbtouchscreen - add support for BonXeon TP Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 085/177] Input: i8042 - add ThinkPad S230u to i8042 nomux list Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 086/177] Input: evdev - call input_flush_device() on release(), not flush() Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 087/177] Input: xpad - add custom init packet for Xbox One S controllers Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 088/177] Input: dlink-dir685-touchkeys - fix a typo in driver name Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 089/177] gpio: mvebu: Fix probing for chips without PWM Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 090/177] Input: i8042 - add ThinkPad S230u to i8042 reset list Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 091/177] Input: synaptics-rmi4 - really fix attn_data use-after-free Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 092/177] Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 093/177] ARM: 8970/1: decompressor: increase tag size Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 094/177] ARM: uaccess: consolidate uaccess asm to asm/uaccess-asm.h Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 095/177] ARM: uaccess: integrate uaccess_save and uaccess_restore Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 096/177] ARM: uaccess: fix DACR mismatch with nested exceptions Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 097/177] gpio: exar: Fix bad handling for ida_simple_get error path Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 098/177] arm64: dts: mt8173: fix vcodec-enc clock Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 099/177] soc: mediatek: cmdq: return send msg error code Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 100/177] gpu/drm: ingenic: Fix bogus crtc_atomic_check callback Greg Kroah-Hartman
2020-06-01 17:53 ` [PATCH 5.6 101/177] gpu/drm: Ingenic: Fix opaque pointer casted to wrong type Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 102/177] IB/qib: Call kobject_put() when kobject_init_and_add() fails Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 103/177] ARM: dts/imx6q-bx50v3: Set display interface clock parents Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 104/177] ARM: dts: bcm2835-rpi-zero-w: Fix led polarity Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 105/177] ARM: dts: bcm: HR2: Fix PPI interrupt types Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 106/177] ARM: dts: mmp3: Use the MMP3 compatible string for /clocks Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 107/177] ARM: dts: mmp3-dell-ariel: Fix the SPI devices Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 108/177] ARM: dts: mmp3: Drop usb-nop-xceiv from HSIC phy Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 109/177] RDMA/mlx5: Fix NULL pointer dereference in destroy_prefetch_work Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 110/177] mmc: block: Fix use-after-free issue for rpmb Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 111/177] gpio: pxa: Fix return value of pxa_gpio_probe() Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 112/177] gpio: bcm-kona: Fix return value of bcm_kona_gpio_probe() Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 113/177] RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 114/177] ALSA: hwdep: fix a left shifting 1 by 31 UB bug Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 115/177] ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 116/177] ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 117/177] exec: Always set cap_ambient in cap_bprm_set_creds Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 118/177] clk: qcom: gcc: Fix parent for gpll0_out_even Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 119/177] ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 120/177] ALSA: hda/realtek - Add new codec supported for ALC287 Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 121/177] libceph: ignore pool overlay and cache logic on redirects Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 122/177] ceph: flush release queue when handling caps for unknown inode Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 123/177] RDMA/core: Fix double destruction of uobject Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 124/177] drm/amd/display: drop cursor position check in atomic test Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 125/177] drm/amd/display: Split program front end part that occur outside lock Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 126/177] drm/amd/display: Indicate dsc updates explicitly Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 127/177] drm/amd/display: Added locking for atomic update stream and update planes Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 128/177] drm/amd/display: Use cursor locking to prevent flip delays Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 129/177] drm/amd/display: Defer cursor lock until after VUPDATE Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 130/177] drm/amd/display: Fix potential integer wraparound resulting in a hang Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 131/177] IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 132/177] mm,thp: stop leaking unreleased file pages Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 133/177] mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 134/177] fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 135/177] include/asm-generic/topology.h: guard cpumask_of_node() macro argument Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 136/177] Revert "block: end bio with BLK_STS_AGAIN in case of non-mq devs and REQ_NOWAIT" Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 137/177] gpio: fix locking open drain IRQ lines Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 138/177] iommu: Fix reference count leak in iommu_group_alloc Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 139/177] parisc: Fix kernel panic in mem_init() Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 140/177] cfg80211: fix debugfs rename crash Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 141/177] mac80211: mesh: fix discovery timer re-arming issue / crash Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 142/177] x86/dma: Fix max PFN arithmetic overflow on 32 bit systems Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 143/177] copy_xstate_to_kernel(): dont leave parts of destination uninitialized Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 144/177] xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 145/177] xfrm: do pskb_pull properly in __xfrm_transport_prep Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 146/177] xfrm: remove the xfrm_state_put call becofe going to out_reset Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 147/177] xfrm: espintcp: save and call old ->sk_destruct Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 148/177] xfrm: call xfrm_output_gso when inner_protocol is set in xfrm_output Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 149/177] xfrm interface: fix oops when deleting a x-netns interface Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 150/177] xfrm: fix a warning in xfrm_policy_insert_list Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 151/177] xfrm: fix a NULL-ptr deref in xfrm_local_error Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 152/177] xfrm: fix error in comment Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 153/177] ip_vti: receive ipip packet by calling ip_tunnel_rcv Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 154/177] netfilter: nft_reject_bridge: enable reject with bridge vlan Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 155/177] netfilter: ipset: Fix subcounter update skip Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 156/177] netfilter: conntrack: make conntrack userspace helpers work again Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 157/177] netfilter: nfnetlink_cthelper: unbreak userspace helper support Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 158/177] netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 159/177] esp6: get the right proto for transport mode in esp6_gso_encap Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 160/177] bnxt_en: Fix accumulation of bp->net_stats_prev Greg Kroah-Hartman
2020-06-01 17:54 ` [PATCH 5.6 161/177] bnxt_en: fix firmware message length endianness Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 162/177] ieee80211: Fix incorrect mask for default PE duration Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 163/177] x86/ioperm: Prevent a memory leak when fork fails Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 164/177] xsk: Add overflow check for u64 division, stored into u32 Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 165/177] qlcnic: fix missing release in qlcnic_83xx_interrupt_test Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 166/177] crypto: chelsio/chtls: properly set tp->lsndtime Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 167/177] nexthops: Move code from remove_nexthop_from_groups to remove_nh_grp_entry Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 168/177] nexthops: dont modify published nexthop groups Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 169/177] nexthop: Expand nexthop_is_multipath in a few places Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 170/177] ipv4: nexthop version of fib_info_nh_uses_dev Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 171/177] net: dsa: declare lockless TX feature for slave ports Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 172/177] bonding: Fix reference count leak in bond_sysfs_slave_add Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 173/177] powerpc/bpf: Enable bpf_probe_read{, str}() on powerpc again Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 174/177] Revert "Input: i8042 - add ThinkPad S230u to i8042 nomux list" Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 175/177] netfilter: conntrack: comparison of unsigned in cthelper confirmation Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 176/177] netfilter: conntrack: Pass value of ctinfo to __nf_conntrack_update Greg Kroah-Hartman
2020-06-01 17:55 ` [PATCH 5.6 177/177] netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build Greg Kroah-Hartman
2020-06-02 6:47 ` [PATCH 5.6 000/177] 5.6.16-rc1 review Naresh Kamboju
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.