Various driver updates for platforms:
- Nvidia: Fuse support for Tegra194, continued memory controller pieces
for Tegra30
- NXP/FSL: Refactorings of QuickEngine drivers to support ARM/ARM64/PPC
- NXP/FSL: i.MX8MP SoC driver pieces
- TI Keystone: ring accelerator driver
- Qualcomm: SCM driver cleanup/refactoring + support for new SoCs.
- Xilinx ZynqMP: feature checking interface for firmware. Mailbox
communication for power management
- Overall support patch set for cpuidle on more complex hierarchies
(PSCI-based)
+ Misc cleanups, refactorings of Marvell, TI, other platforms.
-----BEGIN PGP SIGNATURE-----
iQJDBAABCAAtFiEElf+HevZ4QCAJmMQ+jBrnPN6EHHcFAl4+lTYPHG9sb2ZAbGl4
b20ubmV0AAoJEIwa5zzehBx3nQcQAJm91+6hZbmMjlBySGS7ISjYvOcrI/hMgiOl
uhhEP0Dcylvf9A9x3wcIbLwixe+2pvie9DQh2u5F80ShYimidtFi/2xCfuTb9fKu
sxxKjrXWyVKhkpW0z+tedY08ftVhkwwcyD4m2C7uVl6AwTP7c367vFeU7XjF2APn
drfgmgbjm8U3XbSyAqv+k6z6tyqaCnFM7vbPupSKHgHJ3mfByxOa+XyBN2RdgBbs
0KrVfbXGv80zFIFrMPwaWG7G52bu7K68nVdgy44MpKdRZ6QTjhnR+kerFxHsYgV4
bM55Fya52nTCSTGdKaQakDtKwbAUdCDTSkxgOHGcQoyFi0R/VaEUJtcysnvLbI6c
+n/yFIzGyEdXcvIzfv2SoDYhogw19I6RR/M9K5Ni29eazkDVYx2z3rI+2QYeqCiF
u7cq52gW6JLP0SI/9kuUrRFiR8v19Ixap7qokAxgqQwYB3NzT8a7WsYPkzdpDZGQ
ETSDFMyBWT6UvBe/HWkQluBabbet53rG8BF0OHFrQuMK0u/ieKgSGuTB9XN2djEW
PHMOMz2vhi+8XTfpkskhF2tTxlA/k4R6QwCdIMpIkMRVnVQCh1XdPr3Fi2NrgB+S
kIXHD4vV6zLYh04zHyKewSPHAXWgraFpg2qKnvL5+KWMTnW6QH+RNjOt9xKDNXOd
+iDXpOad
=ONtb
-----END PGP SIGNATURE-----
Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
Pull ARM SoC-related driver updates from Olof Johansson:
"Various driver updates for platforms:
- Nvidia: Fuse support for Tegra194, continued memory controller
pieces for Tegra30
- NXP/FSL: Refactorings of QuickEngine drivers to support
ARM/ARM64/PPC
- NXP/FSL: i.MX8MP SoC driver pieces
- TI Keystone: ring accelerator driver
- Qualcomm: SCM driver cleanup/refactoring + support for new SoCs.
- Xilinx ZynqMP: feature checking interface for firmware. Mailbox
communication for power management
- Overall support patch set for cpuidle on more complex hierarchies
(PSCI-based)
and misc cleanups, refactorings of Marvell, TI, other platforms"
* tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (166 commits)
drivers: soc: xilinx: Use mailbox IPI callback
dt-bindings: power: reset: xilinx: Add bindings for ipi mailbox
drivers: soc: ti: knav_qmss_queue: Pass lockdep expression to RCU lists
MAINTAINERS: Add brcmstb PCIe controller entry
soc/tegra: fuse: Unmap registers once they are not needed anymore
soc/tegra: fuse: Correct straps' address for older Tegra124 device trees
soc/tegra: fuse: Warn if straps are not ready
soc/tegra: fuse: Cache values of straps and Chip ID registers
memory: tegra30-emc: Correct error message for timed out auto calibration
memory: tegra30-emc: Firm up hardware programming sequence
memory: tegra30-emc: Firm up suspend/resume sequence
soc/tegra: regulators: Do nothing if voltage is unchanged
memory: tegra: Correct reset value of xusb_hostr
soc/tegra: fuse: Add APB DMA dependency for Tegra20
bus: tegra-aconnect: Remove PM_CLK dependency
dt-bindings: mediatek: add MT6765 power dt-bindings
soc: mediatek: cmdq: delete not used define
memory: tegra: Add support for the Tegra194 memory controller
memory: tegra: Only include support for enabled SoCs
memory: tegra: Support DVFS on Tegra186 and later
...
Most of these are smaller fixes that have accrued, and some continued
cleanup of OMAP platforms towards shared frameworks.
One new SoC from Atmel/Microchip: sam9x60.
-----BEGIN PGP SIGNATURE-----
iQJDBAABCAAtFiEElf+HevZ4QCAJmMQ+jBrnPN6EHHcFAl45edcPHG9sb2ZAbGl4
b20ubmV0AAoJEIwa5zzehBx3qpMQAICcEmRfRPKHW7Uwmw1cEhcX7VxnPH0Y2Dnw
ZIoWEdYvE3N9T0UWe2hi3e/ji8R09OttHH9/qLo3+VpgsN8LuaBKMx3vCbiWdJeh
GCva5aFquwImG+EO/jri4CgjbTIxjR/nv6ZSE0FwG0Mg8xHg/MiXE/oCE++a2xz9
snYR5kVZBkgvrsUblPNb1FCIxiWIAytooEvd8H+2LFrXx3A6VvZOFTAPtLSX+Zvo
28VoloOdYyrcn+syyVw0vv/wONqvlgssjOLtG5DrMkjfF9oeqDkuPOcUFJVeI45S
d1uxzPGKoVjYK+fY0Z3VYV+ZwJ5AcDagFdF/vh7PvOuV148UikFOEDWl9SEpFwEI
E9W040UGxDfX8JG/Np3Nvm6WFQntixjfbWWeRVi0io4lwx9HCxrNMgRqCUPyYrXl
3aWBJSRq7tEJgIcba+Q/Urvsh7HjGEHpoFb3FzEp94iJej4R0WN5FNSUNEVgV5Dx
14bz/IRuHgqhRPgLbOtK3/J+LxYVJBiuog1ahLfUID4Vxw9Don48gPJAmyCECVkz
VD7i3VnLQlEtDlhzOVD9NCdVnr7u72iqd3VJQSj7gpDJdHDVGwipl2B664X8cs12
FAQUeJx3UezTUiq4C143vb1SqbgKa6rEYlTEflcQzN1eYA60vtI6p4Xlip02bMy0
wTYIt6Xk
=fIjZ
-----END PGP SIGNATURE-----
Merge tag 'armsoc-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
Pull ARM SoC platform updates from Olof Johansson:
"Most of these are smaller fixes that have accrued, and some continued
cleanup of OMAP platforms towards shared frameworks.
One new SoC from Atmel/Microchip: sam9x60"
* tag 'armsoc-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (35 commits)
ARM: OMAP2+: Fix undefined reference to omap_secure_init
ARM: s3c64xx: Drop unneeded select of TIMER_OF
ARM: exynos: Drop unneeded select of MIGHT_HAVE_CACHE_L2X0
ARM: s3c24xx: Switch to atomic pwm API in rx1950
ARM: OMAP2+: sleep43xx: Call secure suspend/resume handlers
ARM: OMAP2+: Use ARM SMC Calling Convention when OP-TEE is available
ARM: OMAP2+: Introduce check for OP-TEE in omap_secure_init()
ARM: OMAP2+: Add omap_secure_init callback hook for secure initialization
ARM: at91: Documentation: add sam9x60 product and datasheet
ARM: at91: pm: use of_device_id array to find the proper shdwc node
ARM: at91: pm: use SAM9X60 PMC's compatible
ARM: imx: only select ARM_ERRATA_814220 for ARMv7-A
ARM: zynq: use physical cpuid in zynq_slcr_cpu_stop/start
ARM: tegra: Use clk_m CPU on Tegra124 LP1 resume
ARM: tegra: Modify reshift divider during LP1
ARM: tegra: Enable PLLP bypass during Tegra124 LP1
ARM: samsung: Rename Samsung and Exynos to lowercase
ARM: exynos: Correct the help text for platform Kconfig option
ARM: bcm: Select ARM_AMBA for ARCH_BRCMSTB
ARM: brcmstb: Add debug UART entry for 7216
...
One patch in the compat-ioctl series broke 32-bit rootfs for multiple
people testing on 64-bit kernels. Let's fix it in -rc1 before others
run into the same issue.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJePyKSAAoJEGCrR//JCVInFMEP/0fH0rI/M2xL4neSjp50qV7Q
M86gLTmatgNFLZGdC+xbaImaxpZHEMIF93JgOzN+0IRfdc7MbD23JEm5yzCZEc2I
NCAsmjcoA+mq8ntOl8o2J1pgLpVOe4BoBRvAGYFIM2kS63JXloCi9mD/3svDJF8C
WVPOskzoNT1pO9mRUKsAE740qdI86US/ksvrGOQQHVFVm3Iwm3srot4OBQYRaErw
bVEl8vqSOEKtXQwk3r7QcW9Bi83WZuqTbkLxqTtWm/U/8JreA82qH1/6zDbKj7d5
IH/J8D4FJ2LLRP5860bLj0vGl5mKBEJaou2S8ak7sRNu4K8DZJlTYu7YNMTgocQE
kbNylNqftKastVRGS1EPmOPdam8PiPlu3sxOY1X1TKO5+4jtb1WcqtFqmUkM5/Jk
C4iMDXNHXmHcC+ORrjchpIZs53nkfSAdeUzQ7xxwZlfaHD3DXnsFi5DHEZ9PWf9a
UlCOaWFLXRqdso30iobaaLa6JKa50Znjiqfsh6mbUuU9tmDnTffaHMy9eFhfMjqH
eP3acYXkAyK2toHuE6l5qaM6mOlYfrooCw/75CfQB0CR3e5tmXXLdFA319/OHRwX
m+tFby6Fw4KGGZWzXls54rZNa3ZmODj6N3Ymx1lKZfBVwblLNGHJYYVPP1ZUBCTS
43oommoGHO6/roOjLl3j
=uMS2
-----END PGP SIGNATURE-----
Merge tag 'compat-ioctl-fix' of git://git.kernel.org:/pub/scm/linux/kernel/git/arnd/playground
Pull compat-ioctl fix from Arnd Bergmann:
"One patch in the compat-ioctl series broke 32-bit rootfs for multiple
people testing on 64-bit kernels. Let's fix it in -rc1 before others
run into the same issue"
* tag 'compat-ioctl-fix' of git://git.kernel.org:/pub/scm/linux/kernel/git/arnd/playground:
compat_ioctl: fix FIONREAD on devices
Pull vfs file system parameter updates from Al Viro:
"Saner fs_parser.c guts and data structures. The system-wide registry
of syntax types (string/enum/int32/oct32/.../etc.) is gone and so is
the horror switch() in fs_parse() that would have to grow another case
every time something got added to that system-wide registry.
New syntax types can be added by filesystems easily now, and their
namespace is that of functions - not of system-wide enum members. IOW,
they can be shared or kept private and if some turn out to be widely
useful, we can make them common library helpers, etc., without having
to do anything whatsoever to fs_parse() itself.
And we already get that kind of requests - the thing that finally
pushed me into doing that was "oh, and let's add one for timeouts -
things like 15s or 2h". If some filesystem really wants that, let them
do it. Without somebody having to play gatekeeper for the variants
blessed by direct support in fs_parse(), TYVM.
Quite a bit of boilerplate is gone. And IMO the data structures make a
lot more sense now. -200LoC, while we are at it"
* 'merge.nfs-fs_parse.1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (25 commits)
tmpfs: switch to use of invalfc()
cgroup1: switch to use of errorfc() et.al.
procfs: switch to use of invalfc()
hugetlbfs: switch to use of invalfc()
cramfs: switch to use of errofc() et.al.
gfs2: switch to use of errorfc() et.al.
fuse: switch to use errorfc() et.al.
ceph: use errorfc() and friends instead of spelling the prefix out
prefix-handling analogues of errorf() and friends
turn fs_param_is_... into functions
fs_parse: handle optional arguments sanely
fs_parse: fold fs_parameter_desc/fs_parameter_spec
fs_parser: remove fs_parameter_description name field
add prefix to fs_context->log
ceph_parse_param(), ceph_parse_mon_ips(): switch to passing fc_log
new primitive: __fs_parse()
switch rbd and libceph to p_log-based primitives
struct p_log, variants of warnf() et.al. taking that one instead
teach logfc() to handle prefices, give it saner calling conventions
get rid of cg_invalf()
...
Pull misc vfs updates from Al Viro:
- bmap series from cmaiolino
- getting rid of convolutions in copy_mount_options() (use a couple of
copy_from_user() instead of the __get_user() crap)
* 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
saner copy_mount_options()
fibmap: Reject negative block numbers
fibmap: Use bmap instead of ->bmap method in ioctl_fibmap
ecryptfs: drop direct calls to ->bmap
cachefiles: drop direct usage of ->bmap method.
fs: Enable bmap() function to properly return errors
Merge thundering herd avoidance on pipe IO.
This would have been applied for 5.5 already, but got delayed because of
a user-space race condition in the GNU make jobserver code. Now that
there's a new GNU make 4.3 release, and most distributions seem to have
at least applied the (almost three year old) fix for the problem, let's
see if people notice.
And it might have been just bad random timing luck on my machine.
If you do hit the race condition, things will still work, but the
symptom is that you don't get nearly the expected parallelism when using
"make -j<N>".
The jobserver bug can definitely happen without this patch too, but
seems to be easier to trigger when we no longer wake up pipe waiters
unnecessarily.
* pipe-exclusive-wakeup:
pipe: use exclusive waits when reading or writing
This makes the pipe code use separate wait-queues and exclusive waiting
for readers and writers, avoiding a nasty thundering herd problem when
there are lots of readers waiting for data on a pipe (or, less commonly,
lots of writers waiting for a pipe to have space).
While this isn't a common occurrence in the traditional "use a pipe as a
data transport" case, where you typically only have a single reader and
a single writer process, there is one common special case: using a pipe
as a source of "locking tokens" rather than for data communication.
In particular, the GNU make jobserver code ends up using a pipe as a way
to limit parallelism, where each job consumes a token by reading a byte
from the jobserver pipe, and releases the token by writing a byte back
to the pipe.
This pattern is fairly traditional on Unix, and works very well, but
will waste a lot of time waking up a lot of processes when only a single
reader needs to be woken up when a writer releases a new token.
A simplified test-case of just this pipe interaction is to create 64
processes, and then pass a single token around between them (this
test-case also intentionally passes another token that gets ignored to
test the "wake up next" logic too, in case anybody wonders about it):
#include <unistd.h>
int main(int argc, char **argv)
{
int fd[2], counters[2];
pipe(fd);
counters[0] = 0;
counters[1] = -1;
write(fd[1], counters, sizeof(counters));
/* 64 processes */
fork(); fork(); fork(); fork(); fork(); fork();
do {
int i;
read(fd[0], &i, sizeof(i));
if (i < 0)
continue;
counters[0] = i+1;
write(fd[1], counters, (1+(i & 1)) *sizeof(int));
} while (counters[0] < 1000000);
return 0;
}
and in a perfect world, passing that token around should only cause one
context switch per transfer, when the writer of a token causes a
directed wakeup of just a single reader.
But with the "writer wakes all readers" model we traditionally had, on
my test box the above case causes more than an order of magnitude more
scheduling: instead of the expected ~1M context switches, "perf stat"
shows
231,852.37 msec task-clock # 15.857 CPUs utilized
11,250,961 context-switches # 0.049 M/sec
616,304 cpu-migrations # 0.003 M/sec
1,648 page-faults # 0.007 K/sec
1,097,903,998,514 cycles # 4.735 GHz
120,781,778,352 instructions # 0.11 insn per cycle
27,997,056,043 branches # 120.754 M/sec
283,581,233 branch-misses # 1.01% of all branches
14.621273891 seconds time elapsed
0.018243000 seconds user
3.611468000 seconds sys
before this commit.
After this commit, I get
5,229.55 msec task-clock # 3.072 CPUs utilized
1,212,233 context-switches # 0.232 M/sec
103,951 cpu-migrations # 0.020 M/sec
1,328 page-faults # 0.254 K/sec
21,307,456,166 cycles # 4.074 GHz
12,947,819,999 instructions # 0.61 insn per cycle
2,881,985,678 branches # 551.096 M/sec
64,267,015 branch-misses # 2.23% of all branches
1.702148350 seconds time elapsed
0.004868000 seconds user
0.110786000 seconds sys
instead. Much better.
[ Note! This kernel improvement seems to be very good at triggering a
race condition in the make jobserver (in GNU make 4.2.1) for me. It's
a long known bug that was fixed back in June 2017 by GNU make commit
b552b0525198 ("[SV 51159] Use a non-blocking read with pselect to
avoid hangs.").
But there wasn't a new release of GNU make until 4.3 on Jan 19 2020,
so a number of distributions may still have the buggy version. Some
have backported the fix to their 4.2.1 release, though, and even
without the fix it's quite timing-dependent whether the bug actually
is hit. ]
Josh Triplett says:
"I've been hammering on your pipe fix patch (switching to exclusive
wait queues) for a month or so, on several different systems, and I've
run into no issues with it. The patch *substantially* improves
parallel build times on large (~100 CPU) systems, both with parallel
make and with other things that use make's pipe-based jobserver.
All current distributions (including stable and long-term stable
distributions) have versions of GNU make that no longer have the
jobserver bug"
Tested-by: Josh Triplett <josh@joshtriplett.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
My final cleanup patch for sys_compat_ioctl() introduced a regression on
the FIONREAD ioctl command, which is used for both regular and special
files, but only works on regular files after my patch, as I had missed
the warning that Al Viro put into a comment right above it.
Change it back so it can work on any file again by moving the implementation
to do_vfs_ioctl() instead.
Fixes: 77b9040195 ("compat_ioctl: simplify the implementation")
Reported-and-tested-by: Christian Zigotzky <chzigotzky@xenosoft.de>
Reported-and-tested-by: youling257 <youling257@gmail.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
The configuration of the OCTEONTX XCV_DLL_CTL register via
xcv_init_hw() is such that the RGMII RX delay is bypassed
leaving the RGMII TX delay enabled in the MAC:
/* Configure DLL - enable or bypass
* TX no bypass, RX bypass
*/
cfg = readq_relaxed(xcv->reg_base + XCV_DLL_CTL);
cfg &= ~0xFF03;
cfg |= CLKRX_BYP;
writeq_relaxed(cfg, xcv->reg_base + XCV_DLL_CTL);
This would coorespond to a interface type of PHY_INTERFACE_MODE_RGMII_RXID
and not PHY_INTERFACE_MODE_RGMII.
Fixing this allows RGMII PHY drivers to do the right thing (enable
RX delay in the PHY) instead of erroneously enabling both delays in the
PHY.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
First set of fixes for v5.6. Buffer overflow fixes to mwifiex, quite a
few functionality fixes to iwlwifi and smaller fixes to other drivers.
mwifiex
* fix an unlock from a previous security fix
* fix two buffer overflows
libertas
* fix two bugs from previous security fixes
iwlwifi
* fix module removal with multiple NICs
* don't treat IGTK removal failure as an error
* avoid FW crashes due to DTS measurement races
* fix a potential use after free in FTM code
* prevent a NULL pointer dereference in iwl_mvm_cfg_he_sta()
* fix TDLS discovery
* check all CPUs when trying to detect an error during resume
rtw88
* fix clang warning
mt76
* fix reading of max_nss value from a register
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJePoxJAAoJEG4XJFUm622b7a4H/2t/K/AmDv+j2mGos+2oVlSh
RFIXBjYs4GY5NGdLQx56qfiQzlgn8NAWwQqwhtoyVxnJTZjhmQkfMpJIw14tbFB1
OwHd+q7y7jXY9v7YBPlyqCxkzQL3u+GrzFIb04cXrSdzqh+5qWk4Zn7F6ZYJ1vwb
xRDOJfOE/a9GGzzY5+iwxyZ6Y1E+OjbgT4Ps5YUaotH1iMGza7NPu6s+UkULkyRo
ylbiOR9u6jOiwUkSxUz+GGiXKJ9BQTLKm5kLM7lO5I49AcZb5UOIKJaJxHN0hMwj
uprqUsqtbO+bv8SKAjKLR/yQf2gmB+pSSeAmmfJ8ov5igg2g12sNfdy8ScWLks8=
=FiiT
-----END PGP SIGNATURE-----
Merge tag 'wireless-drivers-2020-02-08' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers
Kalle Valo says:
====================
wireless-drivers fixes for v5.6
First set of fixes for v5.6. Buffer overflow fixes to mwifiex, quite a
few functionality fixes to iwlwifi and smaller fixes to other drivers.
mwifiex
* fix an unlock from a previous security fix
* fix two buffer overflows
libertas
* fix two bugs from previous security fixes
iwlwifi
* fix module removal with multiple NICs
* don't treat IGTK removal failure as an error
* avoid FW crashes due to DTS measurement races
* fix a potential use after free in FTM code
* prevent a NULL pointer dereference in iwl_mvm_cfg_he_sta()
* fix TDLS discovery
* check all CPUs when trying to detect an error during resume
rtw88
* fix clang warning
mt76
* fix reading of max_nss value from a register
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel Borkmann says:
====================
pull-request: bpf 2020-02-07
The following pull-request contains BPF updates for your *net* tree.
We've added 15 non-merge commits during the last 10 day(s) which contain
a total of 12 files changed, 114 insertions(+), 31 deletions(-).
The main changes are:
1) Various BPF sockmap fixes related to RCU handling in the map's tear-
down code, from Jakub Sitnicki.
2) Fix macro state explosion in BPF sk_storage map when calculating its
bucket_log on allocation, from Martin KaFai Lau.
3) Fix potential BPF sockmap update race by rechecking socket's established
state under lock, from Lorenz Bauer.
4) Fix crash in bpftool on missing xlated instructions when kptr_restrict
sysctl is set, from Toke Høiland-Jørgensen.
5) Fix i40e's XSK wakeup code to return proper error in busy state and
various misc fixes in xdpsock BPF sample code, from Maciej Fijalkowski.
6) Fix the way modifiers are skipped in BTF in the verifier while walking
pointers to avoid program rejection, from Alexei Starovoitov.
7) Fix Makefile for runqslower BPF tool to i) rebuild on libbpf changes and
ii) to fix undefined reference linker errors for older gcc version due to
order of passed gcc parameters, from Yulia Kartseva and Song Liu.
8) Fix a trampoline_count BPF kselftest warning about missing braces around
initializer, from Andrii Nakryiko.
9) Fix up redundant "HAVE" prefix from large INSN limit kernel probe in
bpftool, from Michal Rostecki.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
When CONFIG_PROVE_LOCKING is selected together with (now default)
CONFIG_VMAP_STACK, kernel enter deadlock during boot.
At the point of checking whether interrupts are enabled or not, the
value of MSR saved on stack is read using the physical address of the
stack. But at this point, when using VMAP stack the DATA MMU
translation has already been re-enabled, leading to deadlock.
Don't use the physical address of the stack when
CONFIG_VMAP_STACK is set.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Reported-by: Guenter Roeck <linux@roeck-us.net>
Fixes: 028474876f ("powerpc/32: prepare for CONFIG_VMAP_STACK")
Tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/daeacdc0dec0416d1c587cc9f9e7191ad3068dc0.1581095957.git.christophe.leroy@c-s.fr
The early versions of our kernel user access prevention (KUAP) were
written by Russell and Christophe, and didn't have separate
read/write access.
At some point I picked up the series and added the read/write access,
but I failed to update the usages in futex.h to correctly allow read
and write.
However we didn't notice because of another bug which was causing the
low-level code to always enable read and write. That bug was fixed
recently in commit 1d8f739b07 ("powerpc/kuap: Fix set direction in
allow/prevent_user_access()").
futex_atomic_cmpxchg_inatomic() is passed the user address as %3 and
does:
1: lwarx %1, 0, %3
cmpw 0, %1, %4
bne- 3f
2: stwcx. %5, 0, %3
Which clearly loads and stores from/to %3. The logic in
arch_futex_atomic_op_inuser() is similar, so fix both of them to use
allow_read_write_user().
Without this fix, and with PPC_KUAP_DEBUG=y, we see eg:
Bug: Read fault blocked by AMR!
WARNING: CPU: 94 PID: 149215 at arch/powerpc/include/asm/book3s/64/kup-radix.h:126 __do_page_fault+0x600/0xf30
CPU: 94 PID: 149215 Comm: futex_requeue_p Tainted: G W 5.5.0-rc7-gcc9x-g4c25df5640ae #1
...
NIP [c000000000070680] __do_page_fault+0x600/0xf30
LR [c00000000007067c] __do_page_fault+0x5fc/0xf30
Call Trace:
[c00020138e5637e0] [c00000000007067c] __do_page_fault+0x5fc/0xf30 (unreliable)
[c00020138e5638c0] [c00000000000ada8] handle_page_fault+0x10/0x30
--- interrupt: 301 at cmpxchg_futex_value_locked+0x68/0xd0
LR = futex_lock_pi_atomic+0xe0/0x1f0
[c00020138e563bc0] [c000000000217b50] futex_lock_pi_atomic+0x80/0x1f0 (unreliable)
[c00020138e563c30] [c00000000021b668] futex_requeue+0x438/0xb60
[c00020138e563d60] [c00000000021c6cc] do_futex+0x1ec/0x2b0
[c00020138e563d90] [c00000000021c8b8] sys_futex+0x128/0x200
[c00020138e563e20] [c00000000000b7ac] system_call+0x5c/0x68
Fixes: de78a9c42a ("powerpc: Add a framework for Kernel Userspace Access Protection")
Cc: stable@vger.kernel.org # v5.2+
Reported-by: syzbot+e808452bad7c375cbee6@syzkaller-ppc64.appspotmail.com
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Reviewed-by: Christophe Leroy <christophe.leroy@c-s.fr>
Link: https://lore.kernel.org/r/20200207122145.11928-1-mpe@ellerman.id.au
V{PEND,PROP}BASER registers are actually located in VLPI_base frame
of the *redistributor*. Rename their accessors to reflect this fact.
No functional changes.
Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20200206075711.1275-7-yuzenghui@huawei.com
"ITS virtual pending table not cleaning" is already complained inside
its_clear_vpend_valid(), there's no need to trigger a WARN_ON again.
Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20200206075711.1275-6-yuzenghui@huawei.com
In GICv4, we will ensure that level2 vPE table memory is allocated
for the specified vpe_id on all v4 ITS, in its_alloc_vpe_table().
This still works well for the typical GICv4.1 implementation, where
the new vPE table is shared between the ITSs and the RDs.
To make it explicit, let us introduce allocate_vpe_l2_table() to
make sure that the L2 tables are allocated on all v4.1 RDs. We're
likely not need to allocate memory in it because the vPE table is
shared and (L2 table is) already allocated at ITS level, except
for the case where the ITS doesn't share anything (say SVPET == 0,
practically unlikely but architecturally allowed).
The implementation of allocate_vpe_l2_table() is mostly copied from
its_alloc_table_entry().
Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20200206075711.1275-4-yuzenghui@huawei.com
Currently, we will not set vpe_l1_page for the current RD if we can
inherit the vPE configuration table from another RD (or ITS), which
results in an inconsistency between RDs within the same CommonLPIAff
group.
Let's rename it to vpe_l1_base to indicate the base address of the
vPE configuration table of this RD, and set it properly for *all*
v4.1 redistributors.
Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20200206075711.1275-3-yuzenghui@huawei.com
The Size field of GICv4.1 VPROPBASER register indicates number of
pages minus one and together Page_Size and Size control the vPEID
width. Let's respect this requirement of the architecture.
Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20200206075711.1275-2-yuzenghui@huawei.com
Fix u8 cast reading max_nss from MT_TOP_STRAP_STA register in
mt7615_eeprom_parse_hw_cap routine
Fixes: acf5457fd9 ("mt76: mt7615: read {tx,rx} mask from eeprom")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQSQHSd0lITzzeNWNm3h3BK/laaZPAUCXj182AAKCRDh3BK/laaZ
PIiWAQCprdMIBe0u9Rd9cqQYXClOI7PI9oIcpLmkIlHDuUWDgQD/Y4c1UMsN8yQY
d8cYZXMivKKhyY2nRitR1mbv0RPoGwE=
=8hFo
-----END PGP SIGNATURE-----
Merge tag 'fuse-fixes-5.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
Pull fuse fixes from Miklos Szeredi:
- Fix a regression introduced in v5.1 that triggers WARNINGs for some
fuse filesystems
- Fix an xfstest failure
- Allow overlayfs to be used on top of fuse/virtiofs
- Code and documentation cleanups
* tag 'fuse-fixes-5.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
fuse: use true,false for bool variable
Documentation: filesystems: convert fuse to RST
fuse: Support RENAME_WHITEOUT flag
fuse: don't overflow LLONG_MAX with end offset
fix up iter on short count in fuse_direct_io()
- Fix a bug in Abhi Das's journal head lookup improvements that can cause a
valid journal to be rejected.
- Fix an O_SYNC write handling bug reported by Christoph Hellwig.
-----BEGIN PGP SIGNATURE-----
iQJIBAABCAAyFiEEJZs3krPW0xkhLMTc1b+f6wMTZToFAl49TKgUHGFncnVlbmJh
QHJlZGhhdC5jb20ACgkQ1b+f6wMTZTqG4RAAmXJfWI7UskM3ZRSVivbBwc0R3P9h
PgdgeXlr/k4mJ2I421/btln614l4nD+JuG/FplOvj2m3YCzeKj2W+OiSxqahmwGm
7yGb0sFHjx6wZcID37mig5aqo2MJYI0xTAR6rSI2tAA7E/B7KX8SfFIS2EWB2vLz
+rzCawqUGWKCiS/tZTe6JlB0Aeg20oy0Y00p3gewMN0ILNqy0w9kA+LVOGQYyUmW
rrad638czIXi7kugWvNo82vcoU140m3A6OTaINf3EaT8AmOtw+e4qyej+f82BiVS
RIXWKI+uRSfKFE+aYkwTxQn0BCMor63QIs3aaDXyLZBqnhTywRsckK6O7iBLFVDb
NQc86wxiHzDoWubXstV0lrlel5m5dHT0dUq8mVogj4kOtwOvejiDRopqtdGkdxA5
j8zFV6O8BRPUw5g7MS37n9myuTNRj5q3L2vmN2xZ6fZmHykorwbwLbw0WMeAQ/4i
pQh4NGE6h/lSPZIa/ZVCH8hwj2b41ZtAQK3k8G5IhNUhMHNkU8iynTbddoHFPsOF
67hj/aAycDx2NA6j/suS8PGt7PPU+VwwoDLKIG64bTHFTpwnRDNzZDt9wPIB9sGu
P4QlSQYPrLf/u8+TD8yv2VJsyAEMFl1UQWbxqf6EzLtKjRM/TIoQsdRUF7upqUnN
k5CM8FgmfYpIiFQ=
=+6PA
-----END PGP SIGNATURE-----
Merge tag 'gfs2-for-5.6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2
Pull gfs2 fixes from Andreas Gruenbacher:
- Fix a bug in Abhi Das's journal head lookup improvements that can
cause a valid journal to be rejected.
- Fix an O_SYNC write handling bug reported by Christoph Hellwig.
* tag 'gfs2-for-5.6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2:
gfs2: fix O_SYNC write handling
gfs2: move setting current->backing_dev_info
gfs2: fix gfs2_find_jhead that returns uninitialized jhead with seq 0
Vasliy Averin noticed that "if seq_file .next function does not change
position index, read after some lseek can generate unexpected output."
and sent in this fix.
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJePJJTAAoJEM9EDqnrzg2+S8YQAIYo2nEphfAjWufSYdPwVY0f
OQ3xAwX69gpzlQPwNTcTmoxQ/A/E8r2lwOmL5H7wYPlqUHtDjiS5EAhnCvtCIRS1
mHR35qsdlW0o4yKWQtYnfcuY6p3ucSASBaKYGO5NrKuVdsqASJT/aFTixVFmO8V2
eo8VZlhwYARTgGWJQpvIvSbQJRi6BDnE3kWimuRdq5TMnH0piMm6Vpef2P5vTaE3
L5D63iCuJbg7nBR4KS2Mc77Ou4lj3RCQGBQBz1hRGs0zJbqNrlExGaCE+FkabJ92
WWITYrh4DaA+wAhmkMbxh8g7DThZFkkK+fsNOZIlSVry3wFuZ1E+6UFUHVICrgxG
y99wGKV816SfbKD0DZ9cer6slMnNXRRNWzbXqOzey85UmNQSuCNZrVokM8TE1Pve
q7OOxoqg6N/S46gc+3nrv0kNZ9eg1rh4jyvCdtL4we1AgPPb6O+ihuxlrj9oFPlW
zo9wHn7Zt1xu+jtQJxR5tChpD5FmO1im0LOYeaJHv76zhOakRTcQ19OnQMUlQ/gk
ez+5T5LxfmYUHew6kTnGvvp76zZF5QkylsUVOLPke8KChXvLP06ib9Nuya7lBX7+
WtvLKVRNYMmwose1HsYjQo2DgD0p2fdJhEe61Q5VDFCBI8X8wkv7fV+Hm2ud3/hz
b9RfP2CnwJbCKzHTolKE
=tjs3
-----END PGP SIGNATURE-----
Merge tag 'for-linus-5.6-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux
Pull orangefs fix from Mike Marshall:
"Debugfs fix for orangefs.
Vasliy Averin noticed that 'if seq_file .next function does not change
position index, read after some lseek can generate unexpected output'
and sent in this fix"
* tag 'for-linus-5.6-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux:
help_next should increase position index
- Server-to-server copy code from Olga. To use it, client and
both servers must have support, the target server must be able
to access the source server over NFSv4.2, and the target
server must have the inter_copy_offload_enable module
parameter set.
- Improvements and bugfixes for the new filehandle cache,
especially in the container case, from Trond
- Also from Trond, better reporting of write errors.
- Y2038 work from Arnd.
-----BEGIN PGP SIGNATURE-----
iQJJBAABCAAzFiEEYtFWavXG9hZotryuJ5vNeUKO4b4FAl490mAVHGJmaWVsZHNA
ZmllbGRzZXMub3JnAAoJECebzXlCjuG+HkkP/33CsYXp0wvfNrfxCY3zHRxHpfw+
T9Ownxxw0RAJc/dRluC/2PIKJ20uVqtLrplU63bMBqJn84WF7OALq9twZ79a3fVF
mvdmnZbNq9B3ncKJlT7akkEelyJCRap7NgG/oTyubE8MlPl6gKpD8c+G7XdW/uN+
r0fprQz4rW4CYCBGSHq7HusEKqY4Gw+gbyAfJ6A79TMjF1ei51PG+9c8rkIsI5CO
1TQ3gY1gSJmGf2DoF86Q9WTVb+DvRTEs+t7QkxY/Vlo+QXY8CZyu+qSxN7i/F20m
gv2GrSpQMS9DEK/ZaG6cxaH+sM18Db4KLvcl3koL6lONHDR2OafSdKLyy0I60jhO
WfDSHhfDCrAdASTjNlTPrjBrdK3gafiaJVL9vy901ZJjPaNb3EH0nMQ5bEvOBECq
TCqPcQUcbku+qUVIcFwzSK1hXQFQHNh8WIuqXvNviZIzFDoipwsHVnQK02Owj89L
R2tbZue1O8voacg/9xw3tWAT7pI+SaBb0EvJuqRxBshiZEU8kKKtMchOwSECRDcu
k4lcqC5EFW7e4EzGlr6Wx8sI5lwCapva8ccjmPXX+R/vyM81oxWGB84GqWjjwubH
3Fcok23F9rW2IQJkqgPlNj/9hAjTn2+vM13UbfMlnchGNsQ2gbkc5CDGC/J6Wwpo
tHVristV9Gu5bJym
=FxLY
-----END PGP SIGNATURE-----
Merge tag 'nfsd-5.6' of git://linux-nfs.org/~bfields/linux
Pull nfsd updates from Bruce Fields:
"Highlights:
- Server-to-server copy code from Olga.
To use it, client and both servers must have support, the target
server must be able to access the source server over NFSv4.2, and
the target server must have the inter_copy_offload_enable module
parameter set.
- Improvements and bugfixes for the new filehandle cache, especially
in the container case, from Trond
- Also from Trond, better reporting of write errors.
- Y2038 work from Arnd"
* tag 'nfsd-5.6' of git://linux-nfs.org/~bfields/linux: (55 commits)
sunrpc: expiry_time should be seconds not timeval
nfsd: make nfsd_filecache_wq variable static
nfsd4: fix double free in nfsd4_do_async_copy()
nfsd: convert file cache to use over/underflow safe refcount
nfsd: Define the file access mode enum for tracing
nfsd: Fix a perf warning
nfsd: Ensure sampling of the write verifier is atomic with the write
nfsd: Ensure sampling of the commit verifier is atomic with the commit
sunrpc: clean up cache entry add/remove from hashtable
sunrpc: Fix potential leaks in sunrpc_cache_unhash()
nfsd: Ensure exclusion between CLONE and WRITE errors
nfsd: Pass the nfsd_file as arguments to nfsd4_clone_file_range()
nfsd: Update the boot verifier on stable writes too.
nfsd: Fix stable writes
nfsd: Allow nfsd_vfs_write() to take the nfsd_file as an argument
nfsd: Fix a soft lockup race in nfsd_file_mark_find_or_create()
nfsd: Reduce the number of calls to nfsd_file_gc()
nfsd: Schedule the laundrette regularly irrespective of file errors
nfsd: Remove unused constant NFSD_FILE_LRU_RESCAN
nfsd: Containerise filecache laundrette
...
Stable bugfixes:
- Fix memory leaks and corruption in readdir # v2.6.37+
- Directory page cache needs to be locked when read # v2.6.37+
New features:
- Convert NFS to use the new mount API
- Add "softreval" mount option to let clients use cache if server goes down
- Add a config option to compile without UDP support
- Limit the number of inactive delegations the client can cache at once
- Improved readdir concurrency using iterate_shared()
Other bugfixes and cleanups:
- More 64-bit time conversions
- Add additional diagnostic tracepoints
- Check for holes in swapfiles, and add dependency on CONFIG_SWAP
- Various xprtrdma cleanups to prepare for 5.7's changes
- Several fixes for NFS writeback and commit handling
- Fix acls over krb5i/krb5p mounts
- Recover from premature loss of openstateids
- Fix NFS v3 chacl and chmod bug
- Compare creds using cred_fscmp()
- Use kmemdup_nul() in more places
- Optimize readdir cache page invalidation
- Lease renewal and recovery fixes
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEnZ5MQTpR7cLU7KEp18tUv7ClQOsFAl48kMUACgkQ18tUv7Cl
QOs/bA/+KAHaee+1jWdgRS88CnNDfeokU2sGWuyXWrVTmiKZ+IjnIUIWqmeKhVyg
RTbaG4PGTIwiLDFibgzdnc3cTOQEgLnVGWWZ50Xh3b7ubock7+/4JHxqZS+/f3vf
yqwM0dZaXi5Kcx1kEJ+niBxuzkc9mFI+nHh+wLIlin/kaaUdLKu7mP3NXj2cmWxN
NoRaKc2gEvkPHhPSH4Z1DVXTHxvH2REFvt9APPUgfLfqcUVHV9b7V/wI/roiGWMn
53h6f38IdqoNQIpzMog/k/va67NLmEvUZOlpCYPyanPOjuxTrmi8iC2S6gLEOjtc
GGnQnc5skVL31seFR1NbOJiiN3hTLTncnoXza0cKtYxmo7a/FjXApw4jCu3Rkrav
UXpCI4O6+2AVVG+pEPbjQy3/GEImeoGvp+xr57jBSZBHoDZU9LDwag65qvZ1btIq
KOBx2gweQz0aB2heXmfee7qzxFdftHmtMWhIMnJASKNuAWGL23Scqem+d97i2T6H
7y9OJ3aOXiYxFMLYJCsLWjUJxYiaIANNBmHMjf27mZzcdDuxGFms277CMpNPr3SU
WZk6/oKw9jaRSzHzaKgVDXiULLXQE1/xZ/mvgR/zk1QAusyeXPvVnMdxoRdxFdXb
QGZHgUqvFvYi8Lufvs+ZLGS4sAp7oD/Q+lNPXn7cniSwfY4uJiw=
=b6+F
-----END PGP SIGNATURE-----
Merge tag 'nfs-for-5.6-1' of git://git.linux-nfs.org/projects/anna/linux-nfs
Puyll NFS client updates from Anna Schumaker:
"Stable bugfixes:
- Fix memory leaks and corruption in readdir # v2.6.37+
- Directory page cache needs to be locked when read # v2.6.37+
New features:
- Convert NFS to use the new mount API
- Add "softreval" mount option to let clients use cache if server goes down
- Add a config option to compile without UDP support
- Limit the number of inactive delegations the client can cache at once
- Improved readdir concurrency using iterate_shared()
Other bugfixes and cleanups:
- More 64-bit time conversions
- Add additional diagnostic tracepoints
- Check for holes in swapfiles, and add dependency on CONFIG_SWAP
- Various xprtrdma cleanups to prepare for 5.7's changes
- Several fixes for NFS writeback and commit handling
- Fix acls over krb5i/krb5p mounts
- Recover from premature loss of openstateids
- Fix NFS v3 chacl and chmod bug
- Compare creds using cred_fscmp()
- Use kmemdup_nul() in more places
- Optimize readdir cache page invalidation
- Lease renewal and recovery fixes"
* tag 'nfs-for-5.6-1' of git://git.linux-nfs.org/projects/anna/linux-nfs: (93 commits)
NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals
NFSv4: try lease recovery on NFS4ERR_EXPIRED
NFS: Fix memory leaks
nfs: optimise readdir cache page invalidation
NFS: Switch readdir to using iterate_shared()
NFS: Use kmemdup_nul() in nfs_readdir_make_qstr()
NFS: Directory page cache pages need to be locked when read
NFS: Fix memory leaks and corruption in readdir
SUNRPC: Use kmemdup_nul() in rpc_parse_scope_id()
NFS: Replace various occurrences of kstrndup() with kmemdup_nul()
NFSv4: Limit the total number of cached delegations
NFSv4: Add accounting for the number of active delegations held
NFSv4: Try to return the delegation immediately when marked for return on close
NFS: Clear NFS_DELEGATION_RETURN_IF_CLOSED when the delegation is returned
NFSv4: nfs_inode_evict_delegation() should set NFS_DELEGATION_RETURNING
NFS: nfs_find_open_context() should use cred_fscmp()
NFS: nfs_access_get_cached_rcu() should use cred_fscmp()
NFSv4: pnfs_roc() must use cred_fscmp() to compare creds
NFS: remove unused macros
nfs: Return EINVAL rather than ERANGE for mount parse errors
...
It was reported that the max_t, ilog2, and roundup_pow_of_two macros have
exponential effects on the number of states in the sparse checker.
This patch breaks them up by calculating the "nbuckets" first so that the
"bucket_log" only needs to take ilog2().
In addition, Linus mentioned:
Patch looks good, but I'd like to point out that it's not just sparse.
You can see it with a simple
make net/core/bpf_sk_storage.i
grep 'smap->bucket_log = ' net/core/bpf_sk_storage.i | wc
and see the end result:
1 365071 2686974
That's one line (the assignment line) that is 2,686,974 characters in
length.
Now, sparse does happen to react particularly badly to that (I didn't
look to why, but I suspect it's just that evaluating all the types
that don't actually ever end up getting used ends up being much more
expensive than it should be), but I bet it's not good for gcc either.
Fixes: 6ac99e8f23 ("bpf: Introduce bpf sk local storage")
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
Link: https://lore.kernel.org/bpf/20200207081810.3918919-1-kafai@fb.com
Commit 7e81a35302 ("bpf: Sockmap, ensure sock lock held during tear
down") introduced sleeping issues inside RCU critical sections and while
holding a spinlock on sockmap/sockhash tear-down. There has to be at least
one socket in the map for the problem to surface.
This adds a test that triggers the warnings for broken locking rules. Not a
fix per se, but rather tooling to verify the accompanying fixes. Run on a
VM with 1 vCPU to reproduce the warnings.
Fixes: 7e81a35302 ("bpf: Sockmap, ensure sock lock held during tear down")
Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/bpf/20200206111652.694507-4-jakub@cloudflare.com
We need to have a synchronize_rcu before free'ing the sockhash because any
outstanding psock references will have a pointer to the map and when they
use it, this could trigger a use after free.
This is a sister fix for sockhash, following commit 2bb90e5cc9 ("bpf:
sockmap, synchronize_rcu before free'ing map") which addressed sockmap,
which comes from a manual audit.
Fixes: 604326b41a ("bpf, sockmap: convert to generic sk_msg interface")
Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/bpf/20200206111652.694507-3-jakub@cloudflare.com
Turns out the xlated program instructions can also be missing if
kptr_restrict sysctl is set. This means that the previous fix to check the
jited_prog_insns pointer was insufficient; add another check of the
xlated_prog_insns pointer as well.
Fixes: 5b79bcdf03 ("bpftool: Don't crash on missing jited insns or ksyms")
Fixes: cae73f2339 ("bpftool: use bpf_program__get_prog_info_linear() in prog.c:do_dump()")
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Quentin Monnet <quentin@isovalent.com>
Link: https://lore.kernel.org/bpf/20200206102906.112551-1-toke@redhat.com
It's currently possible to insert sockets in unexpected states into
a sockmap, due to a TOCTTOU when updating the map from a syscall.
sock_map_update_elem checks that sk->sk_state == TCP_ESTABLISHED,
locks the socket and then calls sock_map_update_common. At this
point, the socket may have transitioned into another state, and
the earlier assumptions don't hold anymore. Crucially, it's
conceivable (though very unlikely) that a socket has become unhashed.
This breaks the sockmap's assumption that it will get a callback
via sk->sk_prot->unhash.
Fix this by checking the (fixed) sk_type and sk_protocol without the
lock, followed by a locked check of sk_state.
Unfortunately it's not possible to push the check down into
sock_(map|hash)_update_common, since BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB
run before the socket has transitioned from TCP_SYN_RECV into
TCP_ESTABLISHED.
Fixes: 604326b41a ("bpf, sockmap: convert to generic sk_msg interface")
Signed-off-by: Lorenz Bauer <lmb@cloudflare.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Jakub Sitnicki <jakub@cloudflare.com>
Link: https://lore.kernel.org/bpf/20200207103713.28175-1-lmb@cloudflare.com
-----BEGIN PGP SIGNATURE-----
iQFDBAABCAAtFiEEIw+MvkEiF49krdp9F0NaE2wMflgFAl49mtYPHGNvcmJldEBs
d24ubmV0AAoJEBdDWhNsDH5Y/5sH+wX3mdrcC7pX2XALDvl35P+QB5CFy0v1bkMY
KAi/Ulxd6aicnowsBx6wdqSZO01Bh0E/nc9x42WIbHBR9/J5ZlitpKj5pGi0JYE/
vguMEFgAPQb1dx3EGJ56dxKqJ/+zICVLhf7pawP82QqE6z4Kuonp9AXR1UMRvWej
/b1qobQB++skh+nfGYqt7c7D6MQjaSb+5+TkU6xbHfoeMHDJkNdBHiiM5IbVE/s2
KgAngM7cTYeu4el4h6ue1ZJjbU2iOi1FJU95r2ufMYEt6EEfP2zkzCYXju/xyIbO
2NsdY3xUHhr9H32xkopPMoYrnzuzoTv8xi1xkhsnbOPZzZQMPls=
=zx2k
-----END PGP SIGNATURE-----
Merge tag 'docs-5.6-2' of git://git.lwn.net/linux
Pull Documentation fixes from Jonathan Corbet:
"A handful of small documentation fixes that wandered in"
* tag 'docs-5.6-2' of git://git.lwn.net/linux:
Allow git builds of Sphinx
Documentation: changes.rst: update several outdated project URLs
Documentation: build warnings related to missing blank lines after explicit markups has been fixed
mailmap: add entry for Tiezhu Yang
Documentation/ko_KR/howto: Update a broken link
Documentation/ko_KR/howto: Update broken web addresses
docs/locking: Fix outdated section names
Pull i2c updates from Wolfram Sang:
"i2c core:
- huge improvements and refactorizations of the Linux I2C
documentation (lots of thanks to Luca for doing it and Jean for the
careful review)
- subsystem wide API conversion to i2c_new_client_device()
- remove obsolete parport-light driver
- smaller core updates (removal of 'extern', enabling more compile
testing, use more helper macros)
- and quite a bunch of driver updates (new IDs, simplifications,
better PM, support of atomic transfers and other improvements)
i2c-mux:
- The main feature is the idle-state rework of the pca954x driver
from Biwen Li
at24 driver:
- minor maintenance: update the license tag, sort headers
- move support for the write-protect pin into nvmem core
- add a reference to the new wp-gpios property in nvmem to at25
bindings
- add support for regulator and pm_runtime control"
* 'i2c/for-5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: (91 commits)
i2c: cros-ec-tunnel: Fix ACPI identifier
i2c: cros-ec-tunnel: Fix slave device enumeration
i2c: stm32f7: add PM_SLEEP suspend/resume support
i2c: cadence: Fix wording in i2c-cadence driver
i2c: cadence: Fix power management order of operations
i2c: cadence: Fix error printing in case of defer
i2c: cadence: Handle transfer_size rollover
i2c: i801: Add support for Intel Comet Lake PCH-V
docs: i2c: writing-clients: properly name the stop condition
docs: i2c: i2c-protocol: use same wording as smbus-protocol
docs: i2c: rename sections so the overall picture is clearer
docs: i2c: old-module-parameters: use monospace instead of ""
docs: i2c: old-module-parameters: clarify this is for obsolete kernels
docs: i2c: old-module-parameters: fix internal hyperlink
docs: i2c: instantiating-devices: use monospace for sysfs attributes
docs: i2c: instantiating-devices: rearrange static instatiation
docs: i2c: instantiating-devices: fix internal hyperlink
docs: i2c: smbus-protocol: improve I2C Block transactions description
docs: i2c: smbus-protocol: fix punctuation
docs: i2c: smbus-protocol: fix typo
...
Add Hisilicon Hip08-Lite I2C controller clock frequency support
to the ACPI driver for AMD SoCs (APD) and to the Designware I2C
driver (Hanjun Guo).
-----BEGIN PGP SIGNATURE-----
iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAl49OosSHHJqd0Byand5
c29ja2kubmV0AAoJEILEb/54YlRxVfcP/3bOt+bpD4hbgh+TjLTJaRV8t2391Gyx
j/HR8+S/NVE0P1EiGJCabOhDd1aX+eQU7nCD0QEWReGrhfY6DbLXazNhr5fRS4AO
IQ7QUUoQSUhdylTOG/y5h/KX8tDyDDawr8buuXFCe1+Aa0wrLagLleCGk87aeX9k
Pfz159gxZclEFsF93A7WW1sT5GYYCRKZouwBpgYMVgq/9mYceDZmO0LmopV1S5N/
sk3m3c9rmftU2rxKR0iW2vir8KaUP4gLSG6Oo0jcEjlyGkqR4zRuTPMb1ROagNXW
sdqLBZfg3gN7AAsDbom5F2lMuW8K0ZJ6+N8DdcR3d3ul9ELb7TEBa0597lyZbty7
Xss+49Cqy4DdVSmF1C36SJW+ifEtESbBaMhhcNhHJKNrucECWiNlIr29SA/HmdYj
X/bKJzqjORR0Fd93CimXookdukviBr4spCYwXa3fWd7bvczqGq5H/EBcmhBNcYiQ
F/Gw833cVJgM+W1lRXfso7/JjvjM5OYnHZIyL2w10S5OqPte7YAKxZhHJODXsaYG
tn6DLHcnYaCS7pBKXP9Rv03R4hgXSWquQQ6f6Ipo/esIPl1TBwhwA4ECElx5cGzw
hMdhAWA5MwWnJD+7XVA9302XcpitlAJTCSTNYsW96vfdnUE8YjNeOBAJcm1/Lt0W
PqUsklKI+zPc
=9BkB
-----END PGP SIGNATURE-----
Merge tag 'acpi-5.6-rc1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull more ACPI updates from Rafael Wysocki:
"Add Hisilicon Hip08-Lite I2C controller clock frequency support to the
ACPI driver for AMD SoCs (APD) and to the Designware I2C driver
(Hanjun Guo)"
* tag 'acpi-5.6-rc1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
i2c: designware: Add ACPI HID for Hisilicon Hip08-Lite I2C controller
ACPI / APD: Add clock frequency for Hisilicon Hip08-Lite I2C controller
Update the recently merged CPR (Core Power Reduction) support in the
AVS (Adaptive Voltage Scaling) subsystem (Brendan Higgins, Nathan
Chancellor, Niklas Cassel) and the rockchip-io AVS driver (Heiko
Stuebner), add two more module parameters to intel_idle on top of the
recently merged material, clean up a piece of cpuidle documentation
and consolidate system sleep states documentation (Rafael Wysocki).
-----BEGIN PGP SIGNATURE-----
iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAl49O1kSHHJqd0Byand5
c29ja2kubmV0AAoJEILEb/54YlRx7OMP/34DA5zPXhughdawhrw4z9N8Xl/VKbva
k6wr26C4Bwrd19i4MU6LdrjbbMBfbg7gsUtuO/sF9dXjsFlcMrfsgsdIO5QH26qL
yD68wwv/F7/MWUWhY7wVcTI5bnBnS1WF6ygnhRCfhI7R7Zq/WWQwK6D9/yZG/9uo
AfTEv+yfXSBg+ByzaFqYt7S6QTTnUPrp29ROOJNE7Eryz2n1S9cSxCZPAQbqVNfr
0SRX9EPUNkNTYfR+QEtIs6uXrCWpbAePdxenirRYMvTYidjDvWG3kXNp+MlwR9co
ieiYmCELOnlmYXu2vOPmBWW5rnxP+4aQuOVpuCPRxRwecKUxZwcGL0eh7e4A0wP8
/WwiTHyKphlqPWSaYvWKWDI2razDNnFnqkmXgfb68rAZNUNRRMbTErHzu2w4A1vj
NiGCWqR+5Wimp4Ztk/WfFQYxPb2wr+a8PdwNWtH03goB2JOvHSZbNCB+BqX0yJJt
GECDn6mFKCqJRQXfsxa+RIrVj3oXouExlb6VtKc3AHPSn+XyzQgRbo+CH0XvTnNI
uoiL3PY4ayR6WBJjveRW9lLw3Acul475O1Xd0OzCNx2gsD6cRG7sE9cj4vRltdpl
qW/t7vkS4JiqASgQEfZui4EZFxIk0Brv9v7KNl43bIcyW5SCkyjAbWeCR18I9l6l
kxn8zXSTxtKZ
=Yc9a
-----END PGP SIGNATURE-----
Merge tag 'pm-5.6-rc1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull more power management updates from Rafael Wysocki:
- Update the recently merged CPR (Core Power Reduction) support in the
AVS (Adaptive Voltage Scaling) subsystem (Brendan Higgins, Nathan
Chancellor, Niklas Cassel)
- Update the rockchip-io AVS driver (Heiko Stuebner)
- Add two more module parameters to intel_idle on top of the recently
merged material (Rafael Wysocki)
- Clean up a piece of cpuidle documentation and consolidate system
sleep states documentation (Rafael Wysocki)
* tag 'pm-5.6-rc1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
cpuidle: Documentation: Clean up PM QoS description
Documentation: admin-guide: PM: Update sleep states documentation
intel_idle: Introduce 'states_off' module parameter
intel_idle: Introduce 'use_acpi' module parameter
power: avs: qcom-cpr: Avoid clang -Wsometimes-uninitialized in cpr_scale
power: avs: qcom-cpr: add unspecified HAS_IOMEM dependency
PM / AVS: rockchip-io: fix the supply naming for the emmc supply on px30
power: avs: qcom-cpr: add a printout after the driver has been initialized
tegra:
- merge window regression fixes
nouveau:
- couple of volta/turing modesetting fixes
amdgpu:
- EDC fixes for Arcturus
- GDDR6 memory training fixe
- Fix for reading gfx clockgating registers while in GFXOFF state
- i2c freq fixes
- Misc display fixes
- TLB invalidation fix when using semaphores
- VCN 2.5 instancing fixes
- Switch raven1 gfxoff to a blacklist
- Coreboot workaround for KV/KB
- Root cause dongle fixes for display and revert workaround
- Enable GPU reset for renoir and navi
- Navi overclocking fixes
- Fix up confusing warnings in display clock validation on raven
amdkfd:
- SDMA fix
radeon:
- Misc LUT fixes
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJePNasAAoJEAx081l5xIa+axgP+wZbUkJZYt75p5thhptp2CY3
235yIZQcDy0T+J/34Agv0e5DfK2hCafPIVv7dIV1A9AjWxhVzIoZmD2mHSLKnxVb
MsfemKsrm1WO9KezDkDIEOgkN5rY811xTIsg89VSjyiiPXQmwAcXQBbmIBHg9YtT
7ttek1afJv7h0HD4W2JdTxLEeKn9lpZHUXESXz+xoE8OUMDizMgmbt8nWXlbFpcw
Tx1EmxZ3jbCYGsrcQBOLURZiwzOb2zbXJ9o8BgNdomvtI69l2/3mMonavw+IgVq+
aiHMgWViVsDDP8ijn8uBa7EEqtGWuqTRaL/Ei71w2MGkG7S3Nz4PxbLbl5P9NHAc
D3OsiaXGdNhoSGfGD6sr7TlOIEo7gjLGKJ3fMW15XmBF4isb0lwlnIB7dTiU9Zaq
UBMpNA9/Vtty2MtT1SkVKQrC+Mujl4lAYssWhcrh1/RX0Ij6do4aFswy17dbVg3Q
LIigj1quIfNPXONb0fwkg5JGQyOMnrYs0Q6SkrhQfSR2UzsNWnGoBRyROcZipNnQ
STaM8F6eEi7RbFUaT0uWL71GBxM00PyjQgpf5fnrOiKp6rfgK3B3ThpsVoAQ2OW4
CnodlCa1uxIkIgQdcoG/3vT5B6nzpdhgRVjHt+N5sraLjOZFZHxex0YmJAYXcN+/
QR8ARNgILJvA14xCsOT7
=C0nE
-----END PGP SIGNATURE-----
Merge tag 'drm-next-2020-02-07' of git://anongit.freedesktop.org/drm/drm
Pull drm fixes from Dave Airlie:
"Just some fixes for this merge window: the tegra changes fix some
regressions in the merge, nouveau has a few modesetting fixes.
The amdgpu fixes are bit bigger, but they contain a couple of weeks of
fixes, and don't seem to contain anything that isn't really a fix.
Summary:
tegra:
- merge window regression fixes
nouveau:
- couple of volta/turing modesetting fixes
amdgpu:
- EDC fixes for Arcturus
- GDDR6 memory training fixe
- Fix for reading gfx clockgating registers while in GFXOFF state
- i2c freq fixes
- Misc display fixes
- TLB invalidation fix when using semaphores
- VCN 2.5 instancing fixes
- Switch raven1 gfxoff to a blacklist
- Coreboot workaround for KV/KB
- Root cause dongle fixes for display and revert workaround
- Enable GPU reset for renoir and navi
- Navi overclocking fixes
- Fix up confusing warnings in display clock validation on raven
amdkfd:
- SDMA fix
radeon:
- Misc LUT fixes"
* tag 'drm-next-2020-02-07' of git://anongit.freedesktop.org/drm/drm: (90 commits)
gpu: host1x: Set DMA direction only for DMA-mapped buffer objects
drm/tegra: Reuse IOVA mapping where possible
drm/tegra: Relax IOMMU usage criteria on old Tegra
drm/amd/dm/mst: Ignore payload update failures
drm/amdgpu: update default voltage for boot od table for navi1x
drm/amdgpu/smu10: fix smu10_get_clock_by_type_with_voltage
drm/amdgpu/smu10: fix smu10_get_clock_by_type_with_latency
drm/amdgpu/display: handle multiple numbers of fclks in dcn_calcs.c (v2)
drm/amdgpu: fetch default VDDC curve voltages (v2)
drm/amdgpu/smu_v11_0: Correct behavior of restoring default tables (v2)
drm/amdgpu/navi10: add OD_RANGE for navi overclocking
drm/amdgpu/navi: fix index for OD MCLK
drm/amd/display: Fix HW/SW state mismatch
drm/amd/display: Fix a typo when computing dsc configuration
drm/amd/powerplay: fix navi10 system intermittent reboot issue V2
drm/amdkfd: Fix a bug in SDMA RLC queue counting under HWS mode
drm/amd/display: Only enable cursor on pipes that need it
drm/nouveau/kms/gv100-: avoid sending a core update until the first modeset
drm/nouveau/kms/gv100-: move window ownership setup into modesetting path
drm/nouveau/disp/gv100-: halt NV_PDISP_FE_RM_INTR_STAT_CTRL_DISP_ERROR storms
...
- Make of_clk.h self contained
- Fix new qcom DT bindings that just merged to match the DTS files
- Fix qcom clk driver to properly detect DFS clk frequencies
- Fix the ls1028a driver to not deref a pointer before assigning it
-----BEGIN PGP SIGNATURE-----
iQJFBAABCAAvFiEE9L57QeeUxqYDyoaDrQKIl8bklSUFAl48WfERHHNib3lkQGtl
cm5lbC5vcmcACgkQrQKIl8bklSWtnw/+P0xw3S0Wdkr4UEkfCmSf8/JAP6xXc4Of
TFeJoXTCqqvgq66BpFVRMSPvA7jr2hx4siHBJbpXT4M+VpGhw5sRcEumQChHtZpX
WDSUszR86hxQCyq4ONdU0hQ6YfL/Erx14WqAK/DMHMLUtqIbSkfeVlZNTqpBHrBk
Nyx9S4rG0RerddmI1DPPikx3oPCwVxi+biqX3H+T1Ndsn2L/Iol+jerRfa9kbjRU
kaH/gXByikMKt+EdKlVLoCEl9jOC9gDu3MvM5ik01pFF5+SVeUD89wSDRHjuyVf/
mfag7xwXxxbjQNYJdEJu3keZslzezBUDY1DDnxIXstA7NhaQp2Jw6CX1S+S4KszR
Bh21okQGgSZUsnOVJmOOweqCPh8cvfyLb0sDjYlTgUog2QcQmBQbkTVqV5ZvvtF6
e5cdcxI7zHZQ5tszFXYk32GkXqN7QcucYy6HYbh6fcivkJOE5DozOUOP8DDkoP39
fWRCZiZLM3bWYx3he2MnMpZMxo7sLAMwpO2v+jxtqTZFVfvBPYaITuM08t+o9YH1
D+hIuSXoDKDzliQYEmo7p2k+JHstTw91sBuH9NRgNhcUZ1z/Fg8osfW7uBnuu5qv
vpK/xZJo8zJF3046xlnaRDz/oO2VKv6Wvq/04ayE087MEKps6OxE9AwxreB3brj1
kPWlYe0uexQ=
=fchl
-----END PGP SIGNATURE-----
Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux
Pull clk fixes from Stephen Boyd:
"A collection of fixes:
- Make of_clk.h self contained
- Fix new qcom DT bindings that just merged to match the DTS files
- Fix qcom clk driver to properly detect DFS clk frequencies
- Fix the ls1028a driver to not deref a pointer before assigning it"
* tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
of: clk: Make <linux/of_clk.h> self-contained
clk: qcom: Use ARRAY_SIZE in videocc-sc7180 for parent clocks
clk: qcom: Get rid of the test clock for videocc-sc7180
dt-bindings: clock: Cleanup qcom,videocc bindings for sdm845/sc7180
clk: qcom: Use ARRAY_SIZE in gpucc-sc7180 for parent clocks
clk: qcom: Get rid of the test clock for gpucc-sc7180
dt-bindings: clock: Fix qcom,gpucc bindings for sdm845/sc7180/msm8998
clk: qcom: Use ARRAY_SIZE in dispcc-sc7180 for parent clocks
clk: qcom: Get rid of the test clock for dispcc-sc7180
clk: qcom: Get rid of fallback global names for dispcc-sc7180
dt-bindings: clock: Fix qcom,dispcc bindings for sdm845/sc7180
clk: qcom: rcg2: Don't crash if our parent can't be found; return an error
clk: ls1028a: fix a dereference of pointer 'parent' before a null check
dt-bindings: clk: qcom: Fix self-validation, split, and clean cruft
clk: qcom: Don't overwrite 'cfg' in clk_rcg2_dfs_populate_freq()
There's some confusion around if an irq that's disabled with disable_irq()
can still wake the system from sleep states such as "suspend to RAM".
Clarify this in the kernel documentation for irq_set_irq_wake() so that
it's clear that an irq can be disabled and still wake the system if it has
been marked for wakeup.
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Link: https://lkml.kernel.org/r/20200206191521.94559-1-swboyd@chromium.org
Some bug fixes/cleanups.
Deprecated scsi passthrough for blk removed.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAl49E/4PHG1zdEByZWRo
YXQuY29tAAoJECgfDbjSjVRpyecH/AlBzCOlv9kBHKvx30h2QTgbvZlZM++SRQ18
XAuvU/gRVTPLeSsXnJGz0hMD8hxBti6esqvxHzSzs2a6DqkqLrRdnMXsjs6QlAdX
6NwP4VesL7RNKTAjjrtmXQMr8iADtTy8FKCw/sZM+6sqhPeKAzFbBrjfH6amINru
orEF+eGwNXLkegK4+QVQx8f1rlIm7+/Z4lAP75FsaisYWLxklvn3VjZ7YjsCNexi
4zMxv64W8AHCRJK8k7/+vluedwwTghY9ayubw4zeRWmcfRw568bxlCZUQBmNWspC
lj4/ZWzGmd60UQx9fUvEd7T6QCRzaaUYVzXC0Mh8I3pLV+V5tKY=
=uqtg
-----END PGP SIGNATURE-----
Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost
Pull virtio updates from Michael Tsirkin:
"Some bug fixes/cleanups.
The deprecated scsi passthrough for virtio_blk is removed"
* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
virtio_balloon: Fix memory leaks on errors in virtballoon_probe()
virtio-balloon: Fix memory leak when unloading while hinting is in progress
virtio_balloon: prevent pfn array overflow
virtio-blk: remove VIRTIO_BLK_F_SCSI support
virtio-pci: check name when counting MSI-X vectors
virtio-balloon: initialize all vq callbacks
virtio-mmio: convert to devm_platform_ioremap_resource
Linus Torvalds
Arnd Bergmann
Thomas Gleixner
Tim Harvey
David S. Miller
Christophe Leroy
Michael Ellerman
Zenghui Yu
Lorenzo Bianconi
Martin KaFai Lau
Jakub Sitnicki
Toke Høiland-Jørgensen
Lorenz Bauer
Stephen Boyd
Al Viro