Currently we have user_access block, followed by __put_user(),
deciding what the restorer will be and finally a put_user_try
block.
Moving the calculation of restorer first allows the rest
(actual copyout work) to coalesce into a single user_access block.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
What's left is just a sequence of stores to userland addresses, with all
error handling, etc. done out of line. Calling that from user_access block
is safe, but rather than teaching objtool to recognize it as such we can
just make it always_inline - it is small enough and has few enough callers,
for the space savings not to be an issue.
Rename the sucker to __unsafe_setup_sigcontext32() and provide
unsafe_put_sigcontext32() with usual kind of semantics.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
- Several MAINTAINERS updates
- Memory leak regression in ODP
- Several fixes for syzkaller related crashes. Google recently taught
syzkaller to create the software RDMA devices
- Crash fixes for HFI1
- Several fixes for mlx5 crashes
- Prevent unprivileged access to an unsafe mlx5 HW resource
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEfB7FMLh+8QxL+6i3OG33FX4gmxoFAl57oakACgkQOG33FX4g
mxqLQBAAgjBxExYAK51ImMoCOXlZ9uInoACes8+e1HjIJUPhS3/WVubCMXJxAYrc
x7xtW7DUVBjNBYdQajgzWsDRrENovTq4rPscIWVSqTffWkYYubJbGXeBKTa045J6
3rsKL5Kzd0XGN0/XrXjctXpADEvEb1mjUjEMvsVmggIHneLJ5JgUdRTISwlsntmD
BbFo67DsSmQqOCx5B1az3l/RYPuWeFEYgQOAcWUC/rzsFEvEkmdqDr6FcbtkTWe1
pSqSTVQ6knDTvadwjwbpJRJg9SR/X4cHtGLOy1sP8HQ6Do671cAtFrusLb4Zf+w6
ncOll8/YPjiTe9fkTCX4Gdhn278t8cZAn2W9vrzPF8lv8tGRtlO5nXdR044NmBst
CBid7JaxzGVq0QhEEiWpV72Q8O7wQ5mARHR2x/zR2A/fdD+lqN1rjfDAqldrgYWV
5D+IFRwwwp9J+Y1pQAmTkzixItraRLD6jjzYG+qk5zopUnHBJBk67wZpWcS1zlER
SJuG0ztYn5KBSjoTGzOXfPIXpe+N3UhWxHx5P17G7UhRjbLE6oaij3TY7et/Bfj/
7esEQCLDyzEQdXJHNojyUKuyUU88N1yAC9gQbgHWPrrJBa/Ibxukq5O8dwDBpX8g
zOtSrv9i9r8g7RrKccxy0BUkrq+0OSttSopE+ssnRFTiVX3sMX0=
=RhVe
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
Pull rdma fixes from Jason Gunthorpe:
"A small set of late-rc patches, mostly fixes for various crashers,
some syzkaller fixes and a mlx5 HW limitation:
- Several MAINTAINERS updates
- Memory leak regression in ODP
- Several fixes for syzkaller related crashes. Google recently taught
syzkaller to create the software RDMA devices
- Crash fixes for HFI1
- Several fixes for mlx5 crashes
- Prevent unprivileged access to an unsafe mlx5 HW resource"
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
RDMA/mlx5: Block delay drop to unprivileged users
RDMA/mlx5: Fix access to wrong pointer while performing flush due to error
RDMA/core: Ensure security pkey modify is not lost
MAINTAINERS: Clean RXE section and add Zhu as RXE maintainer
IB/hfi1: Ensure pq is not left on waitlist
IB/rdmavt: Free kernel completion queue when done
RDMA/mad: Do not crash if the rdma device does not have a umad interface
RDMA/core: Fix missing error check on dev_set_name()
RDMA/nl: Do not permit empty devices names during RDMA_NLDEV_CMD_NEWLINK/SET
RDMA/mlx5: Fix the number of hwcounters of a dynamic counter
MAINTAINERS: Update maintainers for HISILICON ROCE DRIVER
RDMA/odp: Fix leaking the tgid for implicit ODP
* move ata_eh_analyze_ncq_error() and ata_eh_read_log_10h() to
libata-sata.c
* add static inline for ata_eh_analyze_ncq_error() for
CONFIG_SATA_HOST=n case (link->sactive is non-zero only if
NCQ commands are actually queued so empty function body is
sufficient)
Code size savings on m68k arch using (modified) atari_defconfig:
text data bss dec hex filename
before:
16164 18 0 16182 3f36 drivers/ata/libata-eh.o
after:
15446 18 0 15464 3c68 drivers/ata/libata-eh.o
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Start separating SATA specific code from libata-scsi.c:
* un-static ata_scsi_find_dev()
* move following code to libata-sata.c:
- SATA only sysfs device attributes handling
- __ata_change_queue_depth()
- ata_scsi_change_queue_depth()
* cover with CONFIG_SATA_HOST ifdef SATA only sysfs device
attributes handling code and ATA_SHT_NCQ() macro in
<linux/libata.h>
Code size savings on m68k arch using (modified) atari_defconfig:
text data bss dec hex filename
before:
20702 105 576 21383 5387 drivers/ata/libata-scsi.o
after:
19137 23 576 19736 4d18 drivers/ata/libata-scsi.o
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Start separating SATA specific code from libata-core.c:
* move following functions to libata-sata.c:
- ata_tf_to_fis()
- ata_tf_from_fis()
- sata_link_scr_lpm()
- ata_slave_link_init()
- sata_lpm_ignore_phy_events()
* group above functions together in <linux/libata.h>
* include libata-sata.c in the build when CONFIG_SATA_HOST=y
Code size savings on m68k arch using (modified) atari_defconfig:
text data bss dec hex filename
before:
37582 572 40 38194 9532 drivers/ata/libata-core.o
after:
36762 572 40 37374 91fe drivers/ata/libata-core.o
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Add !IS_ENABLED(CONFIG_SATA_HOST) to ata_eh_set_lpm() to allow
compiler to optimize out the function for non-SATA configs (for
PATA hosts "ap && !ap->ops->set_lpm" condition is always true so
it's sufficient for the function to return zero).
Code size savings on m68k arch using (modified) atari_defconfig:
text data bss dec hex filename
before:
17353 18 0 17371 43db drivers/ata/libata-eh.o
after:
16607 18 0 16625 40f1 drivers/ata/libata-eh.o
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Add !IS_ENABLED(CONFIG_SATA_HOST) to ata_dev_config_ncq() to allow
compiler to optimize out the function for non-SATA configs.
Code size savings on m68k arch using (modified) atari_defconfig:
text data bss dec hex filename
before:
37582 572 40 38194 9532 drivers/ata/libata-core.o
after:
36462 572 40 37074 90d2 drivers/ata/libata-core.o
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Separate PATA timings code from libata-core.c:
* add PATA_TIMINGS config option and make corresponding PATA
host drivers (and ATA ACPI code) select it
* move following PATA timings code to libata-pata-timings.c:
- ata_timing_quantize()
- ata_timing_merge()
- ata_timing_find_mode()
- ata_timing_compute()
* group above functions together in <linux/libata.h>
* include libata-pata-timings.c in the build when PATA_TIMINGS
config option is enabled
* cover ata_timing_cycle2mode() with CONFIG_ATA_ACPI ifdef (it
depends on code from libata-core.c and libata-pata-timings.c
while its only user is ATA ACPI)
Code size savings on m68k arch using (modified) atari_defconfig:
text data bss dec hex filename
before:
39688 573 40 40301 9d6d drivers/ata/libata-core.o
after:
37820 572 40 38432 9620 drivers/ata/libata-core.o
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
* fix the overly long line in ata_timing_quantize()
* use standard kernel CodingStyle in ata_timing_merge()
* do not use assignment in if condition in ata_timing_compute()
* fix non-standard comment style in ata_timing_compute()
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Move EXPORT_SYMBOL_GPL()s close to exported code like it is
done in other kernel subsystems. As a nice side effect this
results in the removal of few ifdefs.
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Currently the maximum required size of the ata_scsi_rbuf[] is
576 bytes in ata_scsiop_inq_89() so modify ATA_SCSI_RBUF_SIZE
define accordingly.
Code size savings on m68k arch using (modified) atari_defconfig:
text data bss dec hex filename
before:
20782 105 4096 24983 6197 drivers/ata/libata-scsi.o
after:
20782 105 576 21463 53d7 drivers/ata/libata-scsi.o
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Optimize struct ata_force_param size by:
- using u8 for cbl and spd_limit fields
- using u16 for lflags field
Code size savings on m68k arch using (modified) atari_defconfig:
text data bss dec hex filename
before:
41064 573 40 41677 a2cd drivers/ata/libata-core.o
after:
40654 573 40 41267 a133 drivers/ata/libata-core.o
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Use COMMAND_LINE_SIZE instead PAGE_SIZE for ata_force_param_buf[]
size as libata parameters buffer doesn't need to be bigger than
the command line buffer.
For many architectures this results in decreased libata-core.o
size (COMMAND_LINE_SIZE varies from 256 to 4096 while the minimum
PAGE_SIZE is 4096).
Code size savings on m68k arch using (modified) atari_defconfig:
text data bss dec hex filename
before:
41064 4413 40 45517 b1cd drivers/ata/libata-core.o
after:
41064 573 40 41677 a2cd drivers/ata/libata-core.o
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Initialize rbuf[] directly instead of using ata_tf_to_fis(). This
results in simpler and smaller code. It also allows separating
ata_tf_to_fis() into SATA specific libata part in the future.
Code size savings on m68k arch using (modified) atari_defconfig:
text data bss dec hex filename
before:
20824 105 4096 25025 61c1 drivers/ata/libata-scsi.o
after:
20782 105 4096 24983 6197 drivers/ata/libata-scsi.o
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Use core helper instead of open-coding it.
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
There is no reason to expose SATA_PMP config option when no SATA
host drivers are enabled. To fix it add SATA_HOST config option,
make all SATA host drivers select it and finally make SATA_PMP
config options depend on it.
This also serves as preparation for the future changes which
optimize libata core code size on PATA only setups.
CC: "James E.J. Bottomley" <jejb@linux.ibm.com>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com> # for SCSI bits
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
There is no point in exposing ncq_enable_prio sysfs attribute for
devices on PATA and non-NCQ capable SATA hosts so:
* remove dev_attr_ncq_prio_enable from ata_common_sdev_attrs[]
* add ata_ncq_sdev_attrs[]
* update ATA_NCQ_SHT() macro to use ata_ncq_sdev_attrs[]
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
In commit 7634ccd2da ("libata: maintainership update") from 2018
Jens has officially taken over libata maintainership from Tejun so
remove stale information from core libata code.
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
The code in lib/ is the desired polynomial, and even includes
the 1-bit left shift in the table rather than needing to code
it explicitly.
While I'm in Kconfig, add a description of what a WILC1000 is.
Kconfig questions that require me to look up a data sheet to
find out that I probably don't have one are a pet peeve.
Cc: Adham Abozaeid <adham.abozaeid@microchip.com>
Cc: linux-wireless@vger.kernel.org
Reviewed-by: Ajay Singh <ajay.kathat@microchip.com>
Signed-off-by: George Spelvin <lkml@sdf.org>
Link: https://lore.kernel.org/r/20200326152251.19094-1-ajay.kathat@microchip.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
When a frame is transmitted via the nl80211 TX rather than as a
normal frame, IEEE80211_TX_CTRL_PORT_CTRL_PROTO wasn't set and
this will lead to wrong decisions (rate control etc.) being made
about the frame; fix this.
Fixes: 9118064914 ("mac80211: Add support for tx_control_port")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20200326155333.f183f52b02f0.I4054e2a8c11c2ddcb795a0103c87be3538690243@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
mac80211 used to check port authorization in the Data frame enqueue case
when going through start_xmit(). However, that authorization status may
change while the frame is waiting in a queue. Add a similar check in the
dequeue case to avoid sending previously accepted frames after
authorization change. This provides additional protection against
potential leaking of frames after a station has been disconnected and
the keys for it are being removed.
Cc: stable@vger.kernel.org
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Link: https://lore.kernel.org/r/20200326155133.ced84317ea29.I34d4c47cd8cc8a4042b38a76f16a601fbcbfd9b3@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
When cfg80211_update_assoc_bss_entry() is called, there is a
verification that the BSS channel actually changed. As some APs use
CSA also for bandwidth changes, this would result with a kernel
warning.
Fix this by removing the WARN_ON().
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20200326150855.96316ada0e8d.I6710376b1b4257e5f4712fc7ab16e2b638d512aa@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If we know that we have an encrypted link (based on having had
a key configured for TX in the past) then drop all data frames
in the key selection handler if there's no key anymore.
This fixes an issue with mac80211 internal TXQs - there we can
buffer frames for an encrypted link, but then if the key is no
longer there when they're dequeued, the frames are sent without
encryption. This happens if a station is disconnected while the
frames are still on the TXQ.
Detecting that a link should be encrypted based on a first key
having been configured for TX is fine as there are no use cases
for a connection going from with encryption to no encryption.
With extended key IDs, however, there is a case of having a key
configured for only decryption, so we can't just trigger this
behaviour on a key being configured.
Cc: stable@vger.kernel.org
Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20200326150855.6865c7f28a14.I9fb1d911b064262d33e33dfba730cdeef83926ca@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
We can't handle the case length > WLAN_DATA_MAXLEN.
Because the size of rxfrm->data is WLAN_DATA_MAXLEN(2312), and we can't
read more than that.
Thanks-to: Hillf Danton <hdanton@sina.com>
Reported-and-tested-by: syzbot+7d42d68643a35f71ac8a@syzkaller.appspotmail.com
Signed-off-by: Qiujun Huang <hqjagain@gmail.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200326131850.17711-1-hqjagain@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
NULL check before kfree is unnecessary so remove it.
The following Coccinelle script was used to detect this:
@@ expression E; @@
- if (E != NULL) { kfree(E); }
+ kfree(E);
@@ expression E; @@
- if (E != NULL) { kfree(E); E = NULL; }
+ kfree(E);
+ E = NULL;
Signed-off-by: Simran Singhal <singhalsimran0@gmail.com>
Link: https://lore.kernel.org/r/20200326132823.GA18625@simran-Inspiron-5558
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Assignment to a typed pointer is sufficient in C.
No cast is needed.
The following Coccinelle script was used to detect this:
@r@
expression x;
void* e;
type T;
identifier f;
@@
(
*((T *)e)
|
((T *)x)[...]
|
((T*)x)->f
|
- (T*)
e
)
Signed-off-by: Simran Singhal <singhalsimran0@gmail.com>
Link: https://lore.kernel.org/r/20200326113210.GA29951@simran-Inspiron-5558
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cleanup line over 80 characters by removing unnecessary test
'pDM_Odm->RSSI_Min <= 25'. The above test 'pDM_Odm->RSSI_Min > 25'
already guarantees that it is <= 25.
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Link: https://lore.kernel.org/r/20200326084348.15072-1-straube.linux@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
There is one one corner case at dma_fence_signal_locked
which will raise the NULL pointer problem just like below.
->dma_fence_signal
->dma_fence_signal_locked
->test_and_set_bit
here trigger dma_fence_release happen due to the zero of fence refcount.
->dma_fence_put
->dma_fence_release
->drm_sched_fence_release_scheduled
->call_rcu
here make the union fled “cb_list” at finished fence
to NULL because struct rcu_head contains two pointer
which is same as struct list_head cb_list
Therefore, to hold the reference of finished fence at drm_sched_process_job
to prevent the null pointer during finished fence dma_fence_signal
[ 732.912867] BUG: kernel NULL pointer dereference, address: 0000000000000008
[ 732.914815] #PF: supervisor write access in kernel mode
[ 732.915731] #PF: error_code(0x0002) - not-present page
[ 732.916621] PGD 0 P4D 0
[ 732.917072] Oops: 0002 [#1] SMP PTI
[ 732.917682] CPU: 7 PID: 0 Comm: swapper/7 Tainted: G OE 5.4.0-rc7 #1
[ 732.918980] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014
[ 732.920906] RIP: 0010:dma_fence_signal_locked+0x3e/0x100
[ 732.938569] Call Trace:
[ 732.939003] <IRQ>
[ 732.939364] dma_fence_signal+0x29/0x50
[ 732.940036] drm_sched_fence_finished+0x12/0x20 [gpu_sched]
[ 732.940996] drm_sched_process_job+0x34/0xa0 [gpu_sched]
[ 732.941910] dma_fence_signal_locked+0x85/0x100
[ 732.942692] dma_fence_signal+0x29/0x50
[ 732.943457] amdgpu_fence_process+0x99/0x120 [amdgpu]
[ 732.944393] sdma_v4_0_process_trap_irq+0x81/0xa0 [amdgpu]
v2: hold the finished fence at drm_sched_process_job instead of
amdgpu_fence_process
v3: resume the blank line
Signed-off-by: Yintian Tao <yttao@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
The signed 1 bit bitfields should be unsigned, so make them unsigned.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Peter Chen <peter.chen@nxp.com>
Link: https://lore.kernel.org/r/20200325125041.94769-1-colin.king@canonical.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/usb/gadget/udc/fsl_udc_core.c:56:19:
warning: 'driver_desc' defined but not used [-Wunused-const-variable=]
It is never used, so remove it.
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reviewed-by: Peter Chen <peter.chen@nxp.com>
Link: https://lore.kernel.org/r/20200326071419.19240-1-yuehaibing@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Al Viro
Linus Torvalds
Bartlomiej Zolnierkiewicz
George Spelvin
Sam Muhammed
Johannes Berg
Jouni Malinen
Ilan Peer
Qiujun Huang
Simran Singhal
R Veera Kumar
Michael Straube
Yintian Tao
Colin Ian King
YueHaibing