1. 12 Apr, 2021 10 commits
  2. 11 Apr, 2021 4 commits
  3. 10 Apr, 2021 14 commits
  4. 09 Apr, 2021 12 commits
    • Linus Torvalds's avatar
      Merge tag 'net-5.12-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 4e04e751
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Networking fixes for 5.12-rc7, including fixes from can, ipsec,
        mac80211, wireless, and bpf trees.
      
        No scary regressions here or in the works, but small fixes for 5.12
        changes keep coming.
      
        Current release - regressions:
      
         - virtio: do not pull payload in skb->head
      
         - virtio: ensure mac header is set in virtio_net_hdr_to_skb()
      
         - Revert "net: correct sk_acceptq_is_full()"
      
         - mptcp: revert "mptcp: provide subflow aware release function"
      
         - ethernet: lan743x: fix ethernet frame cutoff issue
      
         - dsa: fix type was not set for devlink port
      
         - ethtool: remove link_mode param and derive link params from driver
      
         - sched: htb: fix null pointer dereference on a null new_q
      
         - wireless: iwlwifi: Fix softirq/hardirq disabling in
           iwl_pcie_enqueue_hcmd()
      
         - wireless: iwlwifi: fw: fix notification wait locking
      
         - wireless: brcmfmac: p2p: Fix deadlock introduced by avoiding the
           rtnl dependency
      
        Current release - new code bugs:
      
         - napi: fix hangup on napi_disable for threaded napi
      
         - bpf: take module reference for trampoline in module
      
         - wireless: mt76: mt7921: fix airtime reporting and related tx hangs
      
         - wireless: iwlwifi: mvm: rfi: don't lock mvm->mutex when sending
           config command
      
        Previous releases - regressions:
      
         - rfkill: revert back to old userspace API by default
      
         - nfc: fix infinite loop, refcount & memory leaks in LLCP sockets
      
         - let skb_orphan_partial wake-up waiters
      
         - xfrm/compat: Cleanup WARN()s that can be user-triggered
      
         - vxlan, geneve: do not modify the shared tunnel info when PMTU
           triggers an ICMP reply
      
         - can: fix msg_namelen values depending on CAN_REQUIRED_SIZE
      
         - can: uapi: mark union inside struct can_frame packed
      
         - sched: cls: fix action overwrite reference counting
      
         - sched: cls: fix err handler in tcf_action_init()
      
         - ethernet: mlxsw: fix ECN marking in tunnel decapsulation
      
         - ethernet: nfp: Fix a use after free in nfp_bpf_ctrl_msg_rx
      
         - ethernet: i40e: fix receiving of single packets in xsk zero-copy
           mode
      
         - ethernet: cxgb4: avoid collecting SGE_QBASE regs during traffic
      
        Previous releases - always broken:
      
         - bpf: Refuse non-O_RDWR flags in BPF_OBJ_GET
      
         - bpf: Refcount task stack in bpf_get_task_stack
      
         - bpf, x86: Validate computation of branch displacements
      
         - ieee802154: fix many similar syzbot-found bugs
             - fix NULL dereferences in netlink attribute handling
             - reject unsupported operations on monitor interfaces
             - fix error handling in llsec_key_alloc()
      
         - xfrm: make ipv4 pmtu check honor ip header df
      
         - xfrm: make hash generation lock per network namespace
      
         - xfrm: esp: delete NETIF_F_SCTP_CRC bit from features for esp
           offload
      
         - ethtool: fix incorrect datatype in set_eee ops
      
         - xdp: fix xdp_return_frame() kernel BUG throw for page_pool memory
           model
      
         - openvswitch: fix send of uninitialized stack memory in ct limit
           reply
      
        Misc:
      
         - udp: add get handling for UDP_GRO sockopt"
      
      * tag 'net-5.12-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (182 commits)
        net: fix hangup on napi_disable for threaded napi
        net: hns3: Trivial spell fix in hns3 driver
        lan743x: fix ethernet frame cutoff issue
        net: ipv6: check for validity before dereferencing cfg->fc_nlinfo.nlh
        net: dsa: lantiq_gswip: Configure all remaining GSWIP_MII_CFG bits
        net: dsa: lantiq_gswip: Don't use PHY auto polling
        net: sched: sch_teql: fix null-pointer dereference
        ipv6: report errors for iftoken via netlink extack
        net: sched: fix err handler in tcf_action_init()
        net: sched: fix action overwrite reference counting
        Revert "net: sched: bump refcount for new action in ACT replace mode"
        ice: fix memory leak of aRFS after resuming from suspend
        i40e: Fix sparse warning: missing error code 'err'
        i40e: Fix sparse error: 'vsi->netdev' could be null
        i40e: Fix sparse error: uninitialized symbol 'ring'
        i40e: Fix sparse errors in i40e_txrx.c
        i40e: Fix parameters in aq_get_phy_register()
        nl80211: fix beacon head validation
        bpf, x86: Validate computation of branch displacements for x86-32
        bpf, x86: Validate computation of branch displacements for x86-64
        ...
      4e04e751
    • Linus Torvalds's avatar
      Merge tag 'io_uring-5.12-2021-04-09' of git://git.kernel.dk/linux-block · 3b978435
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
       "Two minor fixups for the reissue logic, and one for making sure that
        unbounded work is canceled on io-wq exit"
      
      * tag 'io_uring-5.12-2021-04-09' of git://git.kernel.dk/linux-block:
        io-wq: cancel unbounded works on io-wq destroy
        io_uring: fix rw req completion
        io_uring: clear F_REISSUE right after getting it
      3b978435
    • Julian Braha's avatar
      lib: fix kconfig dependency on ARCH_WANT_FRAME_POINTERS · 7d37cb2c
      Julian Braha authored
      When LATENCYTOP, LOCKDEP, or FAULT_INJECTION_STACKTRACE_FILTER is
      enabled and ARCH_WANT_FRAME_POINTERS is disabled, Kbuild gives a warning
      such as:
      
        WARNING: unmet direct dependencies detected for FRAME_POINTER
          Depends on [n]: DEBUG_KERNEL [=y] && (M68K || UML || SUPERH) || ARCH_WANT_FRAME_POINTERS [=n] || MCOUNT [=n]
          Selected by [y]:
          - LATENCYTOP [=y] && DEBUG_KERNEL [=y] && STACKTRACE_SUPPORT [=y] && PROC_FS [=y] && !MIPS && !PPC && !S390 && !MICROBLAZE && !ARM && !ARC && !X86
      
      Depending on ARCH_WANT_FRAME_POINTERS causes a recursive dependency
      error.  ARCH_WANT_FRAME_POINTERS is to be selected by the architecture,
      and is not supposed to be overridden by other config options.
      
      Link: https://lkml.kernel.org/r/20210329165329.27994-1-julianbraha@gmail.comSigned-off-by: default avatarJulian Braha <julianbraha@gmail.com>
      Cc: Andreas Schwab <schwab@linux-m68k.org>
      Cc: Geert Uytterhoeven <geert@linux-m68k.org>
      Cc: Necip Fazil Yildiran <fazilyildiran@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      7d37cb2c
    • Marco Elver's avatar
      kfence, x86: fix preemptible warning on KPTI-enabled systems · 6a77d38e
      Marco Elver authored
      On systems with KPTI enabled, we can currently observe the following
      warning:
      
        BUG: using smp_processor_id() in preemptible
        caller is invalidate_user_asid+0x13/0x50
        CPU: 6 PID: 1075 Comm: dmesg Not tainted 5.12.0-rc4-gda4a2b1a5479-kfence_1+ #1
        Hardware name: Hewlett-Packard HP Pro 3500 Series/2ABF, BIOS 8.11 10/24/2012
        Call Trace:
         dump_stack+0x7f/0xad
         check_preemption_disabled+0xc8/0xd0
         invalidate_user_asid+0x13/0x50
         flush_tlb_one_kernel+0x5/0x20
         kfence_protect+0x56/0x80
         ...
      
      While it normally makes sense to require preemption to be off, so that
      the expected CPU's TLB is flushed and not another, in our case it really
      is best-effort (see comments in kfence_protect_page()).
      
      Avoid the warning by disabling preemption around flush_tlb_one_kernel().
      
      Link: https://lore.kernel.org/lkml/YGIDBAboELGgMgXy@elver.google.com/
      Link: https://lkml.kernel.org/r/20210330065737.652669-1-elver@google.comSigned-off-by: default avatarMarco Elver <elver@google.com>
      Reported-by: default avatarTomi Sarvela <tomi.p.sarvela@intel.com>
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Andrey Konovalov <andreyknvl@google.com>
      Cc: Jann Horn <jannh@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      6a77d38e
    • Andrew Morton's avatar
      lib/test_kasan_module.c: suppress unused var warning · e1566567
      Andrew Morton authored
      Local `unused' is intentionally unused - it is there to suppress
      __must_check warnings.
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Link: https://lkml.kernel.org/r/202104050216.HflRxfJm-lkp@intel.com
      Cc: Marco Elver <elver@google.com>
      Cc: Alexander Potapenko <glider@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      e1566567
    • Andrey Konovalov's avatar
      kasan: fix conflict with page poisoning · 06b1f855
      Andrey Konovalov authored
      When page poisoning is enabled, it accesses memory that is marked as
      poisoned by KASAN, which leas to false-positive KASAN reports.
      
      Suppress the reports by adding KASAN annotations to unpoison_page()
      (poison_page() already has them).
      
      Link: https://lkml.kernel.org/r/2dc799014d31ac13fd97bd906bad33e16376fc67.1617118501.git.andreyknvl@google.comSigned-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Marco Elver <elver@google.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
      Cc: Andrey Konovalov <andreyknvl@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      06b1f855
    • Jack Qiu's avatar
      fs: direct-io: fix missing sdio->boundary · df41872b
      Jack Qiu authored
      I encountered a hung task issue, but not a performance one.  I run DIO
      on a device (need lba continuous, for example open channel ssd), maybe
      hungtask in below case:
      
        DIO:						Checkpoint:
        get addr A(at boundary), merge into BIO,
        no submit because boundary missing
      						flush dirty data(get addr A+1), wait IO(A+1)
      						writeback timeout, because DIO(A) didn't submit
        get addr A+2 fail, because checkpoint is doing
      
      dio_send_cur_page() may clear sdio->boundary, so prevent it from missing
      a boundary.
      
      Link: https://lkml.kernel.org/r/20210322042253.38312-1-jack.qiu@huawei.com
      Fixes: b1058b98 ("direct-io: submit bio after boundary buffer is added to it")
      Signed-off-by: default avatarJack Qiu <jack.qiu@huawei.com>
      Reviewed-by: default avatarJan Kara <jack@suse.cz>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      df41872b
    • Sergei Trofimovich's avatar
      ia64: fix user_stack_pointer() for ptrace() · 7ad1e366
      Sergei Trofimovich authored
      ia64 has two stacks:
      
       - memory stack (or stack), pointed at by by r12
      
       - register backing store (register stack), pointed at by
         ar.bsp/ar.bspstore with complications around dirty
         register frame on CPU.
      
      In [1] Dmitry noticed that PTRACE_GET_SYSCALL_INFO returns the register
      stack instead memory stack.
      
      The bug comes from the fact that user_stack_pointer() and
      current_user_stack_pointer() don't return the same register:
      
        ulong user_stack_pointer(struct pt_regs *regs) { return regs->ar_bspstore; }
        #define current_user_stack_pointer() (current_pt_regs()->r12)
      
      The change gets both back in sync.
      
      I think ptrace(PTRACE_GET_SYSCALL_INFO) is the only affected user by
      this bug on ia64.
      
      The change fixes 'rt_sigreturn.gen.test' strace test where it was
      observed initially.
      
      Link: https://bugs.gentoo.org/769614 [1]
      Link: https://lkml.kernel.org/r/20210331084447.2561532-1-slyfox@gentoo.orgSigned-off-by: default avatarSergei Trofimovich <slyfox@gentoo.org>
      Reported-by: default avatarDmitry V. Levin <ldv@altlinux.org>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      7ad1e366
    • Wengang Wang's avatar
      ocfs2: fix deadlock between setattr and dio_end_io_write · 90bd070a
      Wengang Wang authored
      The following deadlock is detected:
      
        truncate -> setattr path is waiting for pending direct IO to be done (inode->i_dio_count become zero) with inode->i_rwsem held (down_write).
      
        PID: 14827  TASK: ffff881686a9af80  CPU: 20  COMMAND: "ora_p005_hrltd9"
         #0  __schedule at ffffffff818667cc
         #1  schedule at ffffffff81866de6
         #2  inode_dio_wait at ffffffff812a2d04
         #3  ocfs2_setattr at ffffffffc05f322e [ocfs2]
         #4  notify_change at ffffffff812a5a09
         #5  do_truncate at ffffffff812808f5
         #6  do_sys_ftruncate.constprop.18 at ffffffff81280cf2
         #7  sys_ftruncate at ffffffff81280d8e
         #8  do_syscall_64 at ffffffff81003949
         #9  entry_SYSCALL_64_after_hwframe at ffffffff81a001ad
      
      dio completion path is going to complete one direct IO (decrement
      inode->i_dio_count), but before that it hung at locking inode->i_rwsem:
      
         #0  __schedule+700 at ffffffff818667cc
         #1  schedule+54 at ffffffff81866de6
         #2  rwsem_down_write_failed+536 at ffffffff8186aa28
         #3  call_rwsem_down_write_failed+23 at ffffffff8185a1b7
         #4  down_write+45 at ffffffff81869c9d
         #5  ocfs2_dio_end_io_write+180 at ffffffffc05d5444 [ocfs2]
         #6  ocfs2_dio_end_io+85 at ffffffffc05d5a85 [ocfs2]
         #7  dio_complete+140 at ffffffff812c873c
         #8  dio_aio_complete_work+25 at ffffffff812c89f9
         #9  process_one_work+361 at ffffffff810b1889
        #10  worker_thread+77 at ffffffff810b233d
        #11  kthread+261 at ffffffff810b7fd5
        #12  ret_from_fork+62 at ffffffff81a0035e
      
      Thus above forms ABBA deadlock.  The same deadlock was mentioned in
      upstream commit 28f5a8a7 ("ocfs2: should wait dio before inode lock
      in ocfs2_setattr()").  It seems that that commit only removed the
      cluster lock (the victim of above dead lock) from the ABBA deadlock
      party.
      
      End-user visible effects: Process hang in truncate -> ocfs2_setattr path
      and other processes hang at ocfs2_dio_end_io_write path.
      
      This is to fix the deadlock itself.  It removes inode_lock() call from
      dio completion path to remove the deadlock and add ip_alloc_sem lock in
      setattr path to synchronize the inode modifications.
      
      [wen.gang.wang@oracle.com: remove the "had_alloc_lock" as suggested]
        Link: https://lkml.kernel.org/r/20210402171344.1605-1-wen.gang.wang@oracle.com
      
      Link: https://lkml.kernel.org/r/20210331203654.3911-1-wen.gang.wang@oracle.comSigned-off-by: default avatarWengang Wang <wen.gang.wang@oracle.com>
      Reviewed-by: default avatarJoseph Qi <joseph.qi@linux.alibaba.com>
      Cc: Mark Fasheh <mark@fasheh.com>
      Cc: Joel Becker <jlbec@evilplan.org>
      Cc: Junxiao Bi <junxiao.bi@oracle.com>
      Cc: Changwei Ge <gechangwei@live.cn>
      Cc: Gang He <ghe@suse.com>
      Cc: Jun Piao <piaojun@huawei.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      90bd070a
    • Nick Desaulniers's avatar
      gcov: re-fix clang-11+ support · 9562fd13
      Nick Desaulniers authored
      LLVM changed the expected function signature for llvm_gcda_emit_function()
      in the clang-11 release.  Users of clang-11 or newer may have noticed
      their kernels producing invalid coverage information:
      
        $ llvm-cov gcov -a -c -u -f -b <input>.gcda -- gcno=<input>.gcno
        1 <func>: checksum mismatch, \
          (<lineno chksum A>, <cfg chksum B>) != (<lineno chksum A>, <cfg chksum C>)
        2 Invalid .gcda File!
        ...
      
      Fix up the function signatures so calling this function interprets its
      parameters correctly and computes the correct cfg checksum.  In
      particular, in clang-11, the additional checksum is no longer optional.
      
      Link: https://reviews.llvm.org/rG25544ce2df0daa4304c07e64b9c8b0f7df60c11d
      Link: https://lkml.kernel.org/r/20210408184631.1156669-1-ndesaulniers@google.comReported-by: default avatarPrasad Sodagudi <psodagud@quicinc.com>
      Tested-by: default avatarPrasad Sodagudi <psodagud@quicinc.com>
      Signed-off-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      Reviewed-by: default avatarNathan Chancellor <nathan@kernel.org>
      Cc: <stable@vger.kernel.org>	[5.4+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9562fd13
    • Mike Rapoport's avatar
      nds32: flush_dcache_page: use page_mapping_file to avoid races with swapoff · a3a8833d
      Mike Rapoport authored
      Commit cb9f753a ("mm: fix races between swapoff and flush dcache")
      updated flush_dcache_page implementations on several architectures to
      use page_mapping_file() in order to avoid races between page_mapping()
      and swapoff().
      
      This update missed arch/nds32 and there is a possibility of a race
      there.
      
      Replace page_mapping() with page_mapping_file() in nds32 implementation
      of flush_dcache_page().
      
      Link: https://lkml.kernel.org/r/20210330175126.26500-1-rppt@kernel.org
      Fixes: cb9f753a ("mm: fix races between swapoff and flush dcache")
      Signed-off-by: default avatarMike Rapoport <rppt@linux.ibm.com>
      Reviewed-by: default avatarMatthew Wilcox (Oracle) <willy@infradead.org>
      Acked-by: default avatarGreentime Hu <green.hu@gmail.com>
      Cc: Huang Ying <ying.huang@intel.com>
      Cc: Nick Hu <nickhu@andestech.com>
      Cc: Vincent Chen <deanbo422@gmail.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      a3a8833d
    • Aili Yao's avatar
      mm/gup: check page posion status for coredump. · d3378e86
      Aili Yao authored
      When we do coredump for user process signal, this may be an SIGBUS signal
      with BUS_MCEERR_AR or BUS_MCEERR_AO code, which means this signal is
      resulted from ECC memory fail like SRAR or SRAO, we expect the memory
      recovery work is finished correctly, then the get_dump_page() will not
      return the error page as its process pte is set invalid by
      memory_failure().
      
      But memory_failure() may fail, and the process's related pte may not be
      correctly set invalid, for current code, we will return the poison page,
      get it dumped, and then lead to system panic as its in kernel code.
      
      So check the poison status in get_dump_page(), and if TRUE, return NULL.
      
      There maybe other scenario that is also better to check the posion status
      and not to panic, so make a wrapper for this check, Thanks to David's
      suggestion(<david@redhat.com>).
      
      [akpm@linux-foundation.org: s/0/false/]
      [yaoaili@kingsoft.com: is_page_poisoned() arg cannot be null, per Matthew]
      
      Link: https://lkml.kernel.org/r/20210322115233.05e4e82a@alex-virtual-machine
      Link: https://lkml.kernel.org/r/20210319104437.6f30e80d@alex-virtual-machineSigned-off-by: default avatarAili Yao <yaoaili@kingsoft.com>
      Cc: David Hildenbrand <david@redhat.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Naoya Horiguchi <naoya.horiguchi@nec.com>
      Cc: Oscar Salvador <osalvador@suse.de>
      Cc: Mike Kravetz <mike.kravetz@oracle.com>
      Cc: Aili Yao <yaoaili@kingsoft.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      d3378e86