1. 04 Nov, 2018 40 commits
    • Heiner Kallweit's avatar
      r8169: fix NAPI handling under high load · aa8d067c
      Heiner Kallweit authored
      [ Upstream commit 6b839b6c ]
      
      rtl_rx() and rtl_tx() are called only if the respective bits are set
      in the interrupt status register. Under high load NAPI may not be
      able to process all data (work_done == budget) and it will schedule
      subsequent calls to the poll callback.
      rtl_ack_events() however resets the bits in the interrupt status
      register, therefore subsequent calls to rtl8169_poll() won't call
      rtl_rx() and rtl_tx() - chip interrupts are still disabled.
      
      Fix this by calling rtl_rx() and rtl_tx() independent of the bits
      set in the interrupt status register. Both functions will detect
      if there's nothing to do for them.
      
      Fixes: da78dbff ("r8169: remove work from irq handler.")
      Signed-off-by: default avatarHeiner Kallweit <hkallweit1@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      aa8d067c
    • Sean Tranchetti's avatar
      net: udp: fix handling of CHECKSUM_COMPLETE packets · 0ecebdfb
      Sean Tranchetti authored
      [ Upstream commit db4f1be3 ]
      
      Current handling of CHECKSUM_COMPLETE packets by the UDP stack is
      incorrect for any packet that has an incorrect checksum value.
      
      udp4/6_csum_init() will both make a call to
      __skb_checksum_validate_complete() to initialize/validate the csum
      field when receiving a CHECKSUM_COMPLETE packet. When this packet
      fails validation, skb->csum will be overwritten with the pseudoheader
      checksum so the packet can be fully validated by software, but the
      skb->ip_summed value will be left as CHECKSUM_COMPLETE so that way
      the stack can later warn the user about their hardware spewing bad
      checksums. Unfortunately, leaving the SKB in this state can cause
      problems later on in the checksum calculation.
      
      Since the the packet is still marked as CHECKSUM_COMPLETE,
      udp_csum_pull_header() will SUBTRACT the checksum of the UDP header
      from skb->csum instead of adding it, leaving us with a garbage value
      in that field. Once we try to copy the packet to userspace in the
      udp4/6_recvmsg(), we'll make a call to skb_copy_and_csum_datagram_msg()
      to checksum the packet data and add it in the garbage skb->csum value
      to perform our final validation check.
      
      Since the value we're validating is not the proper checksum, it's possible
      that the folded value could come out to 0, causing us not to drop the
      packet. Instead, we believe that the packet was checksummed incorrectly
      by hardware since skb->ip_summed is still CHECKSUM_COMPLETE, and we attempt
      to warn the user with netdev_rx_csum_fault(skb->dev);
      
      Unfortunately, since this is the UDP path, skb->dev has been overwritten
      by skb->dev_scratch and is no longer a valid pointer, so we end up
      reading invalid memory.
      
      This patch addresses this problem in two ways:
      	1) Do not use the dev pointer when calling netdev_rx_csum_fault()
      	   from skb_copy_and_csum_datagram_msg(). Since this gets called
      	   from the UDP path where skb->dev has been overwritten, we have
      	   no way of knowing if the pointer is still valid. Also for the
      	   sake of consistency with the other uses of
      	   netdev_rx_csum_fault(), don't attempt to call it if the
      	   packet was checksummed by software.
      
      	2) Add better CHECKSUM_COMPLETE handling to udp4/6_csum_init().
      	   If we receive a packet that's CHECKSUM_COMPLETE that fails
      	   verification (i.e. skb->csum_valid == 0), check who performed
      	   the calculation. It's possible that the checksum was done in
      	   software by the network stack earlier (such as Netfilter's
      	   CONNTRACK module), and if that says the checksum is bad,
      	   we can drop the packet immediately instead of waiting until
      	   we try and copy it to userspace. Otherwise, we need to
      	   mark the SKB as CHECKSUM_NONE, since the skb->csum field
      	   no longer contains the full packet checksum after the
      	   call to __skb_checksum_validate_complete().
      
      Fixes: e6afc8ac ("udp: remove headers from UDP packets before queueing")
      Fixes: c84d9490 ("udp: copy skb->truesize in the first cache line")
      Cc: Sam Kumar <samanthakumar@google.com>
      Cc: Eric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarSean Tranchetti <stranche@codeaurora.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0ecebdfb
    • Niklas Cassel's avatar
      net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules · 441d0e75
      Niklas Cassel authored
      [ Upstream commit 30549aab ]
      
      When building stmmac, it is only possible to select CONFIG_DWMAC_GENERIC,
      or any of the glue drivers, when CONFIG_STMMAC_PLATFORM is set.
      The only exception is CONFIG_STMMAC_PCI.
      
      When calling of_mdiobus_register(), it will call our ->reset()
      callback, which is set to stmmac_mdio_reset().
      
      Most of the code in stmmac_mdio_reset() is protected by a
      "#if defined(CONFIG_STMMAC_PLATFORM)", which will evaluate
      to false when CONFIG_STMMAC_PLATFORM=m.
      
      Because of this, the phy reset gpio will only be pulled when
      stmmac is built as built-in, but not when built as modules.
      
      Fix this by using "#if IS_ENABLED()" instead of "#if defined()".
      Signed-off-by: default avatarNiklas Cassel <niklas.cassel@linaro.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      441d0e75
    • Wenwen Wang's avatar
      net: socket: fix a missing-check bug · 7d584568
      Wenwen Wang authored
      [ Upstream commit b6168562 ]
      
      In ethtool_ioctl(), the ioctl command 'ethcmd' is checked through a switch
      statement to see whether it is necessary to pre-process the ethtool
      structure, because, as mentioned in the comment, the structure
      ethtool_rxnfc is defined with padding. If yes, a user-space buffer 'rxnfc'
      is allocated through compat_alloc_user_space(). One thing to note here is
      that, if 'ethcmd' is ETHTOOL_GRXCLSRLALL, the size of the buffer 'rxnfc' is
      partially determined by 'rule_cnt', which is actually acquired from the
      user-space buffer 'compat_rxnfc', i.e., 'compat_rxnfc->rule_cnt', through
      get_user(). After 'rxnfc' is allocated, the data in the original user-space
      buffer 'compat_rxnfc' is then copied to 'rxnfc' through copy_in_user(),
      including the 'rule_cnt' field. However, after this copy, no check is
      re-enforced on 'rxnfc->rule_cnt'. So it is possible that a malicious user
      race to change the value in the 'compat_rxnfc->rule_cnt' between these two
      copies. Through this way, the attacker can bypass the previous check on
      'rule_cnt' and inject malicious data. This can cause undefined behavior of
      the kernel and introduce potential security risk.
      
      This patch avoids the above issue via copying the value acquired by
      get_user() to 'rxnfc->rule_cn', if 'ethcmd' is ETHTOOL_GRXCLSRLALL.
      Signed-off-by: default avatarWenwen Wang <wang6495@umn.edu>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      7d584568
    • Jakub Kicinski's avatar
      net: sched: gred: pass the right attribute to gred_change_table_def() · 29d87119
      Jakub Kicinski authored
      [ Upstream commit 38b4f18d ]
      
      gred_change_table_def() takes a pointer to TCA_GRED_DPS attribute,
      and expects it will be able to interpret its contents as
      struct tc_gred_sopt.  Pass the correct gred attribute, instead of
      TCA_OPTIONS.
      
      This bug meant the table definition could never be changed after
      Qdisc was initialized (unless whatever TCA_OPTIONS contained both
      passed netlink validation and was a valid struct tc_gred_sopt...).
      
      Old behaviour:
      $ ip link add type dummy
      $ tc qdisc replace dev dummy0 parent root handle 7: \
           gred setup vqs 4 default 0
      $ tc qdisc replace dev dummy0 parent root handle 7: \
           gred setup vqs 4 default 0
      RTNETLINK answers: Invalid argument
      
      Now:
      $ ip link add type dummy
      $ tc qdisc replace dev dummy0 parent root handle 7: \
           gred setup vqs 4 default 0
      $ tc qdisc replace dev dummy0 parent root handle 7: \
           gred setup vqs 4 default 0
      $ tc qdisc replace dev dummy0 parent root handle 7: \
           gred setup vqs 4 default 0
      
      Fixes: f62d6b93 ("[PKT_SCHED]: GRED: Use central VQ change procedure")
      Signed-off-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      29d87119
    • David Ahern's avatar
      net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs · e581e28f
      David Ahern authored
      [ Upstream commit 4ba4c566 ]
      
      The loop wants to skip previously dumped addresses, so loops until
      current index >= saved index. If the message fills it wants to save
      the index for the next address to dump - ie., the one that did not
      fit in the current message.
      
      Currently, it is incrementing the index counter before comparing to the
      saved index, and then the saved index is off by 1 - it assumes the
      current address is going to fit in the message.
      
      Change the index handling to increment only after a succesful dump.
      
      Fixes: 502a2ffd ("ipv6: convert idev_list to list macros")
      Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      e581e28f
    • Fugang Duan's avatar
      net: fec: don't dump RX FIFO register when not available · ff96a397
      Fugang Duan authored
      [ Upstream commit ec20a63a ]
      
      Commit db65f35f ("net: fec: add support of ethtool get_regs") introduce
      ethool "--register-dump" interface to dump all FEC registers.
      
      But not all silicon implementations of the Freescale FEC hardware module
      have the FRBR (FIFO Receive Bound Register) and FRSR (FIFO Receive Start
      Register) register, so we should not be trying to dump them on those that
      don't.
      
      To fix it we create a quirk flag, FEC_QUIRK_HAS_RFREG, and check it before
      dump those RX FIFO registers.
      Signed-off-by: default avatarFugang Duan <fugang.duan@nxp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      ff96a397
    • Cong Wang's avatar
      llc: set SOCK_RCU_FREE in llc_sap_add_socket() · 6bb1381c
      Cong Wang authored
      [ Upstream commit 5a8e7aea ]
      
      WHen an llc sock is added into the sk_laddr_hash of an llc_sap,
      it is not marked with SOCK_RCU_FREE.
      
      This causes that the sock could be freed while it is still being
      read by __llc_lookup_established() with RCU read lock. sock is
      refcounted, but with RCU read lock, nothing prevents the readers
      getting a zero refcnt.
      
      Fix it by setting SOCK_RCU_FREE in llc_sap_add_socket().
      
      Reported-by: syzbot+11e05f04c15e03be5254@syzkaller.appspotmail.com
      Signed-off-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      6bb1381c
    • Stefano Brivio's avatar
      ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called · 1e42e97a
      Stefano Brivio authored
      [ Upstream commit ee1abcf6 ]
      
      Commit a61bbcf2 ("[NET]: Store skb->timestamp as offset to a base
      timestamp") introduces a neighbour control buffer and zeroes it out in
      ndisc_rcv(), as ndisc_recv_ns() uses it.
      
      Commit f2776ff0 ("[IPV6]: Fix address/interface handling in UDP and
      DCCP, according to the scoping architecture.") introduces the usage of the
      IPv6 control buffer in protocol error handlers (e.g. inet6_iif() in
      present-day __udp6_lib_err()).
      
      Now, with commit b94f1c09 ("ipv6: Use icmpv6_notify() to propagate
      redirect, instead of rt6_redirect()."), we call protocol error handlers
      from ndisc_redirect_rcv(), after the control buffer is already stolen and
      some parts are already zeroed out. This implies that inet6_iif() on this
      path will always return zero.
      
      This gives unexpected results on UDP socket lookup in __udp6_lib_err(), as
      we might actually need to match sockets for a given interface.
      
      Instead of always claiming the control buffer in ndisc_rcv(), do that only
      when needed.
      
      Fixes: b94f1c09 ("ipv6: Use icmpv6_notify() to propagate redirect, instead of rt6_redirect().")
      Signed-off-by: default avatarStefano Brivio <sbrivio@redhat.com>
      Reviewed-by: default avatarSabrina Dubroca <sd@queasysnail.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      1e42e97a
    • Eric Dumazet's avatar
      ipv6: mcast: fix a use-after-free in inet6_mc_check · 5d4c5861
      Eric Dumazet authored
      [ Upstream commit dc012f36 ]
      
      syzbot found a use-after-free in inet6_mc_check [1]
      
      The problem here is that inet6_mc_check() uses rcu
      and read_lock(&iml->sflock)
      
      So the fact that ip6_mc_leave_src() is called under RTNL
      and the socket lock does not help us, we need to acquire
      iml->sflock in write mode.
      
      In the future, we should convert all this stuff to RCU.
      
      [1]
      BUG: KASAN: use-after-free in ipv6_addr_equal include/net/ipv6.h:521 [inline]
      BUG: KASAN: use-after-free in inet6_mc_check+0xae7/0xb40 net/ipv6/mcast.c:649
      Read of size 8 at addr ffff8801ce7f2510 by task syz-executor0/22432
      
      CPU: 1 PID: 22432 Comm: syz-executor0 Not tainted 4.19.0-rc7+ #280
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      Call Trace:
       __dump_stack lib/dump_stack.c:77 [inline]
       dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
       print_address_description.cold.8+0x9/0x1ff mm/kasan/report.c:256
       kasan_report_error mm/kasan/report.c:354 [inline]
       kasan_report.cold.9+0x242/0x309 mm/kasan/report.c:412
       __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433
       ipv6_addr_equal include/net/ipv6.h:521 [inline]
       inet6_mc_check+0xae7/0xb40 net/ipv6/mcast.c:649
       __raw_v6_lookup+0x320/0x3f0 net/ipv6/raw.c:98
       ipv6_raw_deliver net/ipv6/raw.c:183 [inline]
       raw6_local_deliver+0x3d3/0xcb0 net/ipv6/raw.c:240
       ip6_input_finish+0x467/0x1aa0 net/ipv6/ip6_input.c:345
       NF_HOOK include/linux/netfilter.h:289 [inline]
       ip6_input+0xe9/0x600 net/ipv6/ip6_input.c:426
       ip6_mc_input+0x48a/0xd20 net/ipv6/ip6_input.c:503
       dst_input include/net/dst.h:450 [inline]
       ip6_rcv_finish+0x17a/0x330 net/ipv6/ip6_input.c:76
       NF_HOOK include/linux/netfilter.h:289 [inline]
       ipv6_rcv+0x120/0x640 net/ipv6/ip6_input.c:271
       __netif_receive_skb_one_core+0x14d/0x200 net/core/dev.c:4913
       __netif_receive_skb+0x2c/0x1e0 net/core/dev.c:5023
       netif_receive_skb_internal+0x12c/0x620 net/core/dev.c:5126
       napi_frags_finish net/core/dev.c:5664 [inline]
       napi_gro_frags+0x75a/0xc90 net/core/dev.c:5737
       tun_get_user+0x3189/0x4250 drivers/net/tun.c:1923
       tun_chr_write_iter+0xb9/0x154 drivers/net/tun.c:1968
       call_write_iter include/linux/fs.h:1808 [inline]
       do_iter_readv_writev+0x8b0/0xa80 fs/read_write.c:680
       do_iter_write+0x185/0x5f0 fs/read_write.c:959
       vfs_writev+0x1f1/0x360 fs/read_write.c:1004
       do_writev+0x11a/0x310 fs/read_write.c:1039
       __do_sys_writev fs/read_write.c:1112 [inline]
       __se_sys_writev fs/read_write.c:1109 [inline]
       __x64_sys_writev+0x75/0xb0 fs/read_write.c:1109
       do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
       entry_SYSCALL_64_after_hwframe+0x49/0xbe
      RIP: 0033:0x457421
      Code: 75 14 b8 14 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 b5 fb ff c3 48 83 ec 08 e8 1a 2d 00 00 48 89 04 24 b8 14 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 63 2d 00 00 48 89 d0 48 83 c4 08 48 3d 01
      RSP: 002b:00007f2d30ecaba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014
      RAX: ffffffffffffffda RBX: 000000000000003e RCX: 0000000000457421
      RDX: 0000000000000001 RSI: 00007f2d30ecabf0 RDI: 00000000000000f0
      RBP: 0000000020000500 R08: 00000000000000f0 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000293 R12: 00007f2d30ecb6d4
      R13: 00000000004c4890 R14: 00000000004d7b90 R15: 00000000ffffffff
      
      Allocated by task 22437:
       save_stack+0x43/0xd0 mm/kasan/kasan.c:448
       set_track mm/kasan/kasan.c:460 [inline]
       kasan_kmalloc+0xc7/0xe0 mm/kasan/kasan.c:553
       __do_kmalloc mm/slab.c:3718 [inline]
       __kmalloc+0x14e/0x760 mm/slab.c:3727
       kmalloc include/linux/slab.h:518 [inline]
       sock_kmalloc+0x15a/0x1f0 net/core/sock.c:1983
       ip6_mc_source+0x14dd/0x1960 net/ipv6/mcast.c:427
       do_ipv6_setsockopt.isra.9+0x3afb/0x45d0 net/ipv6/ipv6_sockglue.c:743
       ipv6_setsockopt+0xbd/0x170 net/ipv6/ipv6_sockglue.c:933
       rawv6_setsockopt+0x59/0x140 net/ipv6/raw.c:1069
       sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:3038
       __sys_setsockopt+0x1ba/0x3c0 net/socket.c:1902
       __do_sys_setsockopt net/socket.c:1913 [inline]
       __se_sys_setsockopt net/socket.c:1910 [inline]
       __x64_sys_setsockopt+0xbe/0x150 net/socket.c:1910
       do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
       entry_SYSCALL_64_after_hwframe+0x49/0xbe
      
      Freed by task 22430:
       save_stack+0x43/0xd0 mm/kasan/kasan.c:448
       set_track mm/kasan/kasan.c:460 [inline]
       __kasan_slab_free+0x102/0x150 mm/kasan/kasan.c:521
       kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:528
       __cache_free mm/slab.c:3498 [inline]
       kfree+0xcf/0x230 mm/slab.c:3813
       __sock_kfree_s net/core/sock.c:2004 [inline]
       sock_kfree_s+0x29/0x60 net/core/sock.c:2010
       ip6_mc_leave_src+0x11a/0x1d0 net/ipv6/mcast.c:2448
       __ipv6_sock_mc_close+0x20b/0x4e0 net/ipv6/mcast.c:310
       ipv6_sock_mc_close+0x158/0x1d0 net/ipv6/mcast.c:328
       inet6_release+0x40/0x70 net/ipv6/af_inet6.c:452
       __sock_release+0xd7/0x250 net/socket.c:579
       sock_close+0x19/0x20 net/socket.c:1141
       __fput+0x385/0xa30 fs/file_table.c:278
       ____fput+0x15/0x20 fs/file_table.c:309
       task_work_run+0x1e8/0x2a0 kernel/task_work.c:113
       tracehook_notify_resume include/linux/tracehook.h:193 [inline]
       exit_to_usermode_loop+0x318/0x380 arch/x86/entry/common.c:166
       prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
       syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
       do_syscall_64+0x6be/0x820 arch/x86/entry/common.c:293
       entry_SYSCALL_64_after_hwframe+0x49/0xbe
      
      The buggy address belongs to the object at ffff8801ce7f2500
       which belongs to the cache kmalloc-192 of size 192
      The buggy address is located 16 bytes inside of
       192-byte region [ffff8801ce7f2500, ffff8801ce7f25c0)
      The buggy address belongs to the page:
      page:ffffea000739fc80 count:1 mapcount:0 mapping:ffff8801da800040 index:0x0
      flags: 0x2fffc0000000100(slab)
      raw: 02fffc0000000100 ffffea0006f6e548 ffffea000737b948 ffff8801da800040
      raw: 0000000000000000 ffff8801ce7f2000 0000000100000010 0000000000000000
      page dumped because: kasan: bad access detected
      
      Memory state around the buggy address:
       ffff8801ce7f2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
       ffff8801ce7f2480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
      >ffff8801ce7f2500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                               ^
       ffff8801ce7f2580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
       ffff8801ce7f2600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      5d4c5861
    • Nikolay Aleksandrov's avatar
      net: bridge: remove ipv6 zero address check in mcast queries · c3cf86da
      Nikolay Aleksandrov authored
      commit 0fe5119e upstream.
      
      Recently a check was added which prevents marking of routers with zero
      source address, but for IPv6 that cannot happen as the relevant RFCs
      actually forbid such packets:
      RFC 2710 (MLDv1):
      "To be valid, the Query message MUST
       come from a link-local IPv6 Source Address, be at least 24 octets
       long, and have a correct MLD checksum."
      
      Same goes for RFC 3810.
      
      And also it can be seen as a requirement in ipv6_mc_check_mld_query()
      which is used by the bridge to validate the message before processing
      it. Thus any queries with :: source address won't be processed anyway.
      So just remove the check for zero IPv6 source address from the query
      processing function.
      
      Fixes: 5a2de63f ("bridge: do not add port to router list when receives query with source 0.0.0.0")
      Signed-off-by: default avatarNikolay Aleksandrov <nikolay@cumulusnetworks.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Cc: Hangbin Liu <liuhangbin@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      c3cf86da
    • Hangbin Liu's avatar
      bridge: do not add port to router list when receives query with source 0.0.0.0 · 1bd68d56
      Hangbin Liu authored
      commit 5a2de63f upstream.
      
      Based on RFC 4541, 2.1.1.  IGMP Forwarding Rules
      
        The switch supporting IGMP snooping must maintain a list of
        multicast routers and the ports on which they are attached.  This
        list can be constructed in any combination of the following ways:
      
        a) This list should be built by the snooping switch sending
           Multicast Router Solicitation messages as described in IGMP
           Multicast Router Discovery [MRDISC].  It may also snoop
           Multicast Router Advertisement messages sent by and to other
           nodes.
      
        b) The arrival port for IGMP Queries (sent by multicast routers)
           where the source address is not 0.0.0.0.
      
      We should not add the port to router list when receives query with source
      0.0.0.0.
      Reported-by: default avatarYing Xu <yinxu@redhat.com>
      Signed-off-by: default avatarHangbin Liu <liuhangbin@gmail.com>
      Acked-by: default avatarNikolay Aleksandrov <nikolay@cumulusnetworks.com>
      Acked-by: default avatarRoopa Prabhu <roopa@cumulusnetworks.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      1bd68d56
    • Colin Ian King's avatar
      drm/i915/gvt: fix memory leak of a cmd_entry struct on error exit path · b6534b3e
      Colin Ian King authored
      commit ffdf16ed upstream
      
      The error exit path when a duplicate is found does not kfree and cmd_entry
      struct and hence there is a small memory leak.  Fix this by kfree'ing it.
      
      Detected by CoverityScan, CID#1370198 ("Resource Leak")
      
      Fixes: be1da707 ("drm/i915/gvt: vGPU command scanner")
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Reviewed-by: default avatarChris Wilson <chris@chris-wilson.co.uk>
      Signed-off-by: default avatarZhenyu Wang <zhenyuw@linux.intel.com>
      Signed-off-by: default avatarSudip Mukherjee <sudipm.mukherjee@gmail.com>
      Acked-by: default avatarZhenyu Wang <zhenyuw@linux.intel.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      b6534b3e
    • Rasmus Villemoes's avatar
      perf tools: Disable parallelism for 'make clean' · 29802359
      Rasmus Villemoes authored
      [ Upstream commit da15fc2f ]
      
      The Yocto build system does a 'make clean' when rebuilding due to
      changed dependencies, and that consistently fails for me (causing the
      whole BSP build to fail) with errors such as
      
      | find: '[...]/perf/1.0-r9/perf-1.0/plugin_mac80211.so': No such file or directory
      | find: '[...]/perf/1.0-r9/perf-1.0/plugin_mac80211.so': No such file or directory
      | find: find: '[...]/perf/1.0-r9/perf-1.0/libtraceevent.a''[...]/perf/1.0-r9/perf-1.0/libtraceevent.a': No such file or directory: No such file or directory
      |
      [...]
      | find: cannot delete '/mnt/xfs/devel/pil/yocto/tmp-glibc/work/wandboard-oe-linux-gnueabi/perf/1.0-r9/perf-1.0/util/.pstack.o.cmd': No such file or directory
      
      Apparently (despite the comment), 'make clean' ends up launching
      multiple sub-makes that all want to remove the same things - perhaps
      this only happens in combination with a O=... parameter. In any case, we
      don't lose much by explicitly disabling the parallelism for the clean
      target, and it makes automated builds much more reliable.
      Signed-off-by: default avatarRasmus Villemoes <linux@rasmusvillemoes.dk>
      Acked-by: default avatarJiri Olsa <jolsa@kernel.org>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Link: http://lkml.kernel.org/r/20180705131527.19749-1-linux@rasmusvillemoes.dkSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      29802359
    • Sasha Levin's avatar
      Revert "netfilter: ipv6: nf_defrag: drop skb dst before queueing" · ac7c2bb5
      Sasha Levin authored
      This reverts commit 28c74ff8.
      
      From Florian Westphal <fw@strlen.de>:
      
      	It causes kernel crash for locally generated ipv6 fragments
      	when netfilter ipv6 defragmentation is used.
      
      	The faulty commit is not essential for -stable, it only
      	delays netns teardown for longer than needed when that netns
      	still has ipv6 frags queued.  Much better than crash :-/
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      ac7c2bb5
    • Takashi Iwai's avatar
      ALSA: usx2y: Fix invalid stream URBs · ee66ad58
      Takashi Iwai authored
      commit f9a1c372 upstream
      
      The us122l driver creates URBs per the fixed endpoints, and this may
      end up with URBs with inconsistent pipes when a fuzzer or a malicious
      program deals with the manipulated endpoints.  It ends up with a
      kernel warning like:
      
        usb 1-1: BOGUS urb xfer, pipe 0 != type 3
        ------------[ cut here ]------------
        WARNING: CPU: 0 PID: 24 at drivers/usb/core/urb.c:471
        usb_submit_urb+0x113e/0x1400
        Call Trace:
         usb_stream_start+0x48a/0x9f0 sound/usb/usx2y/usb_stream.c:690
         us122l_start+0x116/0x290 sound/usb/usx2y/us122l.c:365
         us122l_create_card sound/usb/usx2y/us122l.c:502
         us122l_usb_probe sound/usb/usx2y/us122l.c:588
         ....
      
      For avoiding the bad access, this patch adds a few sanity checks of
      the validity of created URBs like previous similar fixes using the new
      usb_urb_ep_type_check() helper function.
      Reported-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      Tested-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarSudip Mukherjee <sudipm.mukherjee@gmail.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      ee66ad58
    • Philipp Zabel's avatar
      media: uvcvideo: Fix driver reference counting · e75194d2
      Philipp Zabel authored
      commit f9ffcb0a upstream
      
      kref_init initializes the reference count to 1, not 0. This additional
      reference is never released since the conversion to reference counters.
      As a result, uvc_delete is not called anymore when UVC cameras are
      disconnected.
      Fix this by adding an additional kref_put in uvc_disconnect and in the
      probe error path. This also allows to remove the temporary additional
      reference in uvc_unregister_video.
      
      Fixes: 9d15cd95 ("media: uvcvideo: Convert from using an atomic variable to a reference count")
      Signed-off-by: default avatarPhilipp Zabel <philipp.zabel@gmail.com>
      Reviewed-by: default avatarLaurent Pinchart <laurent.pinchart@ideasonboard.com>
      Signed-off-by: default avatarMauro Carvalho Chehab <mchehab+samsung@kernel.org>
      Signed-off-by: default avatarSudip Mukherjee <sudipm.mukherjee@gmail.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      e75194d2
    • Chris Paterson's avatar
      ARM: dts: r8a7790: Correct critical CPU temperature · cdb44bda
      Chris Paterson authored
      commit fcab5651 upstream
      
      The R-Car H2 hardware manual states that Tc = –40°C to +105°C. The
      thermal sensor has an accuracy of ±5°C and there can be a temperature
      difference of 1 or 2 degrees between Tjmax and the thermal sensor due
      to the location of the latter.
      
      This means that 95°C is a safer value to use.
      
      Fixes: a8b805f3 ("ARM: dts: r8a7790: enable to use thermal-zone")
      Signed-off-by: default avatarChris Paterson <chris.paterson2@renesas.com>
      Reviewed-by: default avatarGeert Uytterhoeven <geert+renesas@glider.be>
      Signed-off-by: default avatarSimon Horman <horms+renesas@verge.net.au>
      Signed-off-by: default avatarSudip Mukherjee <sudipm.mukherjee@gmail.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      cdb44bda
    • Peter Xu's avatar
      kvm: x86: fix WARN due to uninitialized guest FPU state · 871424f0
      Peter Xu authored
      commit 5663d8f9 upstream
      
      ------------[ cut here ]------------
       Bad FPU state detected at kvm_put_guest_fpu+0xd8/0x2d0 [kvm], reinitializing FPU registers.
       WARNING: CPU: 1 PID: 4594 at arch/x86/mm/extable.c:103 ex_handler_fprestore+0x88/0x90
       CPU: 1 PID: 4594 Comm: qemu-system-x86 Tainted: G    B      OE    4.15.0-rc2+ #10
       RIP: 0010:ex_handler_fprestore+0x88/0x90
       Call Trace:
        fixup_exception+0x4e/0x60
        do_general_protection+0xff/0x270
        general_protection+0x22/0x30
       RIP: 0010:kvm_put_guest_fpu+0xd8/0x2d0 [kvm]
       RSP: 0018:ffff8803d5627810 EFLAGS: 00010246
        kvm_vcpu_reset+0x3b4/0x3c0 [kvm]
        kvm_apic_accept_events+0x1c0/0x240 [kvm]
        kvm_arch_vcpu_ioctl_run+0x1658/0x2fb0 [kvm]
        kvm_vcpu_ioctl+0x479/0x880 [kvm]
        do_vfs_ioctl+0x142/0x9a0
        SyS_ioctl+0x74/0x80
        do_syscall_64+0x15f/0x600
      
      where kvm_put_guest_fpu is called without a prior kvm_load_guest_fpu.
      To fix it, move kvm_load_guest_fpu to the very beginning of
      kvm_arch_vcpu_ioctl_run.
      
      Cc: stable@vger.kernel.org
      Fixes: f775b13eSigned-off-by: default avatarPeter Xu <peterx@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: default avatarSudip Mukherjee <sudipm.mukherjee@gmail.com>
      Acked-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      871424f0
    • Kimmo Rautkoski's avatar
      mtd: spi-nor: Add support for is25wp series chips · 3642e354
      Kimmo Rautkoski authored
      [ Upstream commit d616f81c ]
      
      Added support for is25wp032, is25wp064 and is25wp128.
      Signed-off-by: default avatarKimmo Rautkoski <ext-kimmo.rautkoski@vaisala.com>
      Reviewed-by: default avatarMarek Vasut <marek.vasut@gmail.com>
      Signed-off-by: default avatarBoris Brezillon <boris.brezillon@bootlin.com>
      [ Adrian Bunk: Trivial adaption to changed context. ]
      Signed-off-by: default avatarAdrian Bunk <bunk@kernel.org>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      3642e354
    • Christoph Paasch's avatar
      sch_netem: restore skb->dev after dequeuing from the rbtree · bd6df7a1
      Christoph Paasch authored
      Upstream commit bffa72cf ("net: sk_buff rbnode reorg") got
      backported as commit 6b921536 ("net: sk_buff rbnode reorg") into the
      v4.14.x-tree.
      
      However, the backport does not include the changes in sch_netem.c
      
      We need these, as otherwise the skb->dev pointer is not set when
      dequeueing from the netem rbtree, resulting in a panic:
      
      [   15.427748] BUG: unable to handle kernel NULL pointer dereference at 00000000000000d0
      [   15.428863] IP: netif_skb_features+0x24/0x230
      [   15.429402] PGD 0 P4D 0
      [   15.429733] Oops: 0000 [#1] SMP PTI
      [   15.430169] Modules linked in:
      [   15.430614] CPU: 3 PID: 0 Comm: swapper/3 Not tainted 4.14.77.mptcp #77
      [   15.431497] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.5.1 01/01/2011
      [   15.432568] task: ffff88042db19680 task.stack: ffffc90000070000
      [   15.433356] RIP: 0010:netif_skb_features+0x24/0x230
      [   15.433977] RSP: 0018:ffff88043fd83e70 EFLAGS: 00010286
      [   15.434665] RAX: ffff880429ad80c0 RBX: ffff88042bd0e400 RCX: ffff880429ad8000
      [   15.435585] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88042bd0e400
      [   15.436551] RBP: ffff88042bd0e400 R08: ffff88042a4b6c9c R09: 0000000000000001
      [   15.437485] R10: 0000000000000004 R11: 0000000000000000 R12: ffff88042c700000
      [   15.438393] R13: ffff88042c700000 R14: ffff88042a4b6c00 R15: ffff88042c6bb000
      [   15.439315] FS:  0000000000000000(0000) GS:ffff88043fd80000(0000) knlGS:0000000000000000
      [   15.440314] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [   15.441084] CR2: 00000000000000d0 CR3: 000000042c374000 CR4: 00000000000006e0
      [   15.442016] Call Trace:
      [   15.442333]  <IRQ>
      [   15.442596]  validate_xmit_skb+0x17/0x270
      [   15.443134]  validate_xmit_skb_list+0x38/0x60
      [   15.443698]  sch_direct_xmit+0x102/0x190
      [   15.444198]  __qdisc_run+0xe3/0x240
      [   15.444671]  net_tx_action+0x121/0x140
      [   15.445177]  __do_softirq+0xe2/0x224
      [   15.445654]  irq_exit+0xbf/0xd0
      [   15.446072]  smp_apic_timer_interrupt+0x5d/0x90
      [   15.446654]  apic_timer_interrupt+0x7d/0x90
      [   15.447185]  </IRQ>
      [   15.447460] RIP: 0010:native_safe_halt+0x2/0x10
      [   15.447992] RSP: 0018:ffffc90000073f10 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff10
      [   15.449008] RAX: ffffffff816667d0 RBX: ffffffff820946b0 RCX: 0000000000000000
      [   15.449895] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
      [   15.450768] RBP: ffffffff82026940 R08: 00000004e858e5e1 R09: ffff88042a4b6d58
      [   15.451643] R10: 0000000000000000 R11: 000000d0d56879bb R12: 0000000000000000
      [   15.452478] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
      [   15.453340]  ? __sched_text_end+0x2/0x2
      [   15.453835]  default_idle+0xf/0x20
      [   15.454259]  do_idle+0x170/0x200
      [   15.454653]  cpu_startup_entry+0x14/0x20
      [   15.455142]  secondary_startup_64+0xa5/0xb0
      [   15.455715] Code: 1f 84 00 00 00 00 00 55 53 48 89 fd 48 83 ec 08 8b 87 bc 00 00 00 48 8b 8f c0 00 00 00 0f b6 97 81 00 00 00 48 8b 77 10 48 01 c8 <48> 8b 9
      [   15.458138] RIP: netif_skb_features+0x24/0x230 RSP: ffff88043fd83e70
      [   15.458933] CR2: 00000000000000d0
      [   15.459352] ---[ end trace 083925903ae60570 ]---
      
      Fixes: 6b921536 ("net: sk_buff rbnode reorg")
      Cc: Stephen Hemminger <stephen@networkplumber.org>
      Cc: Eric Dumazet <edumazet@google.com>
      Cc: Soheil Hassas Yeganeh <soheil@google.com>
      Cc: Wei Wang <weiwan@google.com>
      Cc: Willem de Bruijn <willemb@google.com>
      Signed-off-by: default avatarChristoph Paasch <cpaasch@apple.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      bd6df7a1
    • Khazhismel Kumykov's avatar
      fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters() · 3d69b85e
      Khazhismel Kumykov authored
      [ Upstream commit ac081c3b ]
      
      On non-preempt kernels this loop can take a long time (more than 50 ticks)
      processing through entries.
      
      Link: http://lkml.kernel.org/r/20181010172623.57033-1-khazhy@google.comSigned-off-by: default avatarKhazhismel Kumykov <khazhy@google.com>
      Acked-by: default avatarOGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
      Reviewed-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      3d69b85e
    • Paolo Abeni's avatar
      selftests: rtnetlink.sh explicitly requires bash. · 5309191e
      Paolo Abeni authored
      [ Upstream commit 3c718e67 ]
      
      the script rtnetlink.sh requires a bash-only features (sleep with sub-second
      precision). This may cause random test failure if the default shell is not
      bash.
      Address the above explicitly requiring bash as the script interpreter.
      
      Fixes: 33b01b7b ("selftests: add rtnetlink test script")
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      5309191e
    • Arthur Kiyanovski's avatar
      net: ena: fix NULL dereference due to untimely napi initialization · 1e4f8315
      Arthur Kiyanovski authored
      [ Upstream commit 78a55d05 ]
      
      napi poll functions should be initialized before running request_irq(),
      to handle a rare condition where there is a pending interrupt, causing
      the ISR to fire immediately while the poll function wasn't set yet,
      causing a NULL dereference.
      
      Fixes: 1738cd3e ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)")
      Signed-off-by: default avatarArthur Kiyanovski <akiyano@amazon.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      1e4f8315
    • Arthur Kiyanovski's avatar
      net: ena: fix warning in rmmod caused by double iounmap · ba4cf1ee
      Arthur Kiyanovski authored
      [ Upstream commit d79c3888 ]
      
      Memory mapped with devm_ioremap is automatically freed when the driver
      is disconnected from the device. Therefore there is no need to
      explicitly call devm_iounmap.
      
      Fixes: 0857d92f ("net: ena: add missing unmap bars on device removal")
      Fixes: 411838e7 ("net: ena: fix rare kernel crash when bar memory remap fails")
      Signed-off-by: default avatarArthur Kiyanovski <akiyano@amazon.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      ba4cf1ee
    • David Howells's avatar
      rxrpc: Fix connection-level abort handling · 252869e5
      David Howells authored
      [ Upstream commit 64753092 ]
      
      Fix connection-level abort handling to cache the abort and error codes
      properly so that a new incoming call can be properly aborted if it races
      with the parent connection being aborted by another CPU.
      
      The abort_code and error parameters can then be dropped from
      rxrpc_abort_calls().
      
      Fixes: f5c17aae ("rxrpc: Calls should only have one terminal state")
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      252869e5
    • David Howells's avatar
      rxrpc: Only take the rwind and mtu values from latest ACK · f1d27ff6
      David Howells authored
      [ Upstream commit 298bc15b ]
      
      Move the out-of-order and duplicate ACK packet check to before the call to
      rxrpc_input_ackinfo() so that the receive window size and MTU size are only
      checked in the latest ACK packet and don't regress.
      
      Fixes: 248f219c ("rxrpc: Rewrite the data and ack handling code")
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      f1d27ff6
    • David Howells's avatar
      rxrpc: Don't check RXRPC_CALL_TX_LAST after calling rxrpc_rotate_tx_window() · 9a6d4570
      David Howells authored
      [ Upstream commit c479d5f2 ]
      
      We should only call the function to end a call's Tx phase if we rotated the
      marked-last packet out of the transmission buffer.
      
      Make rxrpc_rotate_tx_window() return an indication of whether it just
      rotated the packet marked as the last out of the transmit buffer, carrying
      the information out of the locked section in that function.
      
      We can then check the return value instead of examining RXRPC_CALL_TX_LAST.
      
      Fixes: 70790dbe ("rxrpc: Pass the last Tx packet marker in the annotation buffer")
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      9a6d4570
    • Arnaldo Carvalho de Melo's avatar
      perf python: Use -Wno-redundant-decls to build with PYTHON=python3 · 4fdaadbc
      Arnaldo Carvalho de Melo authored
      [ Upstream commit 05a2f546 ]
      
      When building in ClearLinux using 'make PYTHON=python3' with gcc 8.2.1
      it fails with:
      
          GEN      /tmp/build/perf/python/perf.so
        In file included from /usr/include/python3.7m/Python.h:126,
                         from /git/linux/tools/perf/util/python.c:2:
        /usr/include/python3.7m/import.h:58:24: error: redundant redeclaration of ‘_PyImport_AddModuleObject’ [-Werror=redundant-decls]
         PyAPI_FUNC(PyObject *) _PyImport_AddModuleObject(PyObject *, PyObject *);
                                ^~~~~~~~~~~~~~~~~~~~~~~~~
        /usr/include/python3.7m/import.h:47:24: note: previous declaration of ‘_PyImport_AddModuleObject’ was here
         PyAPI_FUNC(PyObject *) _PyImport_AddModuleObject(PyObject *name,
                                ^~~~~~~~~~~~~~~~~~~~~~~~~
        cc1: all warnings being treated as errors
        error: command 'gcc' failed with exit status 1
      
      And indeed there is a redundant declaration in that Python.h file, one
      with parameter names and the other without, so just add
      -Wno-error=redundant-decls to the python setup instructions.
      
      Now perf builds with gcc in ClearLinux with the following Dockerfile:
      
        # docker.io/acmel/linux-perf-tools-build-clearlinux:latest
        FROM docker.io/clearlinux:latest
        MAINTAINER Arnaldo Carvalho de Melo <acme@kernel.org>
        RUN swupd update && \
            swupd bundle-add sysadmin-basic-dev
        RUN mkdir -m 777 -p /git /tmp/build/perf /tmp/build/objtool /tmp/build/linux && \
            groupadd -r perfbuilder && \
            useradd -m -r -g perfbuilder perfbuilder && \
            chown -R perfbuilder.perfbuilder /tmp/build/ /git/
        USER perfbuilder
        COPY rx_and_build.sh /
        ENV EXTRA_MAKE_ARGS=PYTHON=python3
        ENTRYPOINT ["/rx_and_build.sh"]
      
      Now to figure out why the build fails with clang, that is present in the
      above container as detected by the rx_and_build.sh script:
      
        clang version 6.0.1 (tags/RELEASE_601/final)
        Target: x86_64-unknown-linux-gnu
        Thread model: posix
        InstalledDir: /usr/sbin
        make: Entering directory '/git/linux/tools/perf'
          BUILD:   Doing 'make -j4' parallel build
          HOSTCC   /tmp/build/perf/fixdep.o
          HOSTLD   /tmp/build/perf/fixdep-in.o
          LINK     /tmp/build/perf/fixdep
      
        Auto-detecting system features:
        ...                         dwarf: [ OFF ]
        ...            dwarf_getlocations: [ OFF ]
        ...                         glibc: [ OFF ]
        ...                          gtk2: [ OFF ]
        ...                      libaudit: [ OFF ]
        ...                        libbfd: [ OFF ]
        ...                        libelf: [ OFF ]
        ...                       libnuma: [ OFF ]
        ...        numa_num_possible_cpus: [ OFF ]
        ...                       libperl: [ OFF ]
        ...                     libpython: [ OFF ]
        ...                      libslang: [ OFF ]
        ...                     libcrypto: [ OFF ]
        ...                     libunwind: [ OFF ]
        ...            libdw-dwarf-unwind: [ OFF ]
        ...                          zlib: [ OFF ]
        ...                          lzma: [ OFF ]
        ...                     get_cpuid: [ OFF ]
        ...                           bpf: [ OFF ]
      
        Makefile.config:331: *** No gnu/libc-version.h found, please install glibc-dev[el].  Stop.
        make[1]: *** [Makefile.perf:206: sub-make] Error 2
        make: *** [Makefile:70: all] Error 2
        make: Leaving directory '/git/linux/tools/perf'
      
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: David Ahern <dsahern@gmail.com>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Thiago Macieira <thiago.macieira@intel.com>
      Cc: Wang Nan <wangnan0@huawei.com>
      Link: https://lkml.kernel.org/n/tip-c3khb9ac86s00qxzjrueomme@git.kernel.orgSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      4fdaadbc
    • Sascha Hauer's avatar
      ARM: dts: imx53-qsb: disable 1.2GHz OPP · c005e014
      Sascha Hauer authored
      [ Upstream commit eea96566 ]
      
      The maximum CPU frequency for the i.MX53 QSB is 1GHz, so disable the
      1.2GHz OPP. This makes the board work again with configs that have
      cpufreq enabled like imx_v6_v7_defconfig on which the board stopped
      working with the addition of cpufreq-dt support.
      
      Fixes: 791f4166 ("ARM: dts: imx53: add cpufreq-dt support")
      Signed-off-by: default avatarSascha Hauer <s.hauer@pengutronix.de>
      Signed-off-by: default avatarShawn Guo <shawnguo@kernel.org>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      c005e014
    • Paul Burton's avatar
      compiler.h: Allow arch-specific asm/compiler.h · 3c3bec81
      Paul Burton authored
      [ Upstream commit 04f264d3 ]
      
      We have a need to override the definition of
      barrier_before_unreachable() for MIPS, which means we either need to add
      architecture-specific code into linux/compiler-gcc.h or we need to allow
      the architecture to provide a header that can define the macro before
      the generic definition. The latter seems like the better approach.
      
      A straightforward approach to the per-arch header is to make use of
      asm-generic to provide a default empty header & adjust architectures
      which don't need anything specific to make use of that by adding the
      header to generic-y. Unfortunately this doesn't work so well due to
      commit 28128c61 ("kconfig.h: Include compiler types to avoid missed
      struct attributes") which caused linux/compiler_types.h to be included
      in the compilation of every C file via the -include linux/kconfig.h flag
      in c_flags.
      
      Because the -include flag is present for all C files we compile, we need
      the architecture-provided header to be present before any C files are
      compiled. If any C files can be compiled prior to the asm-generic header
      wrappers being generated then we hit a build failure due to missing
      header. Such cases do exist - one pointed out by the kbuild test robot
      is the compilation of arch/ia64/kernel/nr-irqs.c, which occurs as part
      of the archprepare target [1].
      
      This leaves us with a few options:
      
        1) Use generic-y & fix any build failures we find by enforcing
           ordering such that the asm-generic target occurs before any C
           compilation, such that linux/compiler_types.h can always include
           the generated asm-generic wrapper which in turn includes the empty
           asm-generic header. This would rely on us finding all the
           problematic cases - I don't know for sure that the ia64 issue is
           the only one.
      
        2) Add an actual empty header to each architecture, so that we don't
           need the generated asm-generic wrapper. This seems messy.
      
        3) Give up & add #ifdef CONFIG_MIPS or similar to
           linux/compiler_types.h. This seems messy too.
      
        4) Include the arch header only when it's actually needed, removing
           the need for the asm-generic wrapper for all other architectures.
      
      This patch allows us to use approach 4, by including an asm/compiler.h
      header from linux/compiler_types.h after the inclusion of the
      compiler-specific linux/compiler-*.h header(s). We do this
      conditionally, only when CONFIG_HAVE_ARCH_COMPILER_H is selected, in
      order to avoid the need for asm-generic wrappers & the associated build
      ordering issue described above. The asm/compiler.h header is included
      after the generic linux/compiler-*.h header(s) for consistency with the
      way linux/compiler-intel.h & linux/compiler-clang.h are included after
      the linux/compiler-gcc.h header that they override.
      
      [1] https://lists.01.org/pipermail/kbuild-all/2018-August/051175.htmlSigned-off-by: default avatarPaul Burton <paul.burton@mips.com>
      Reviewed-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      Patchwork: https://patchwork.linux-mips.org/patch/20269/
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: James Hogan <jhogan@kernel.org>
      Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: linux-arch@vger.kernel.org
      Cc: linux-kbuild@vger.kernel.org
      Cc: linux-mips@linux-mips.org
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      3c3bec81
    • Sandipan Das's avatar
      perf tests: Fix indexing when invoking subtests · b8f4d375
      Sandipan Das authored
      [ Upstream commit aa90f9f9 ]
      
      Recently, the subtest numbering was changed to start from 1.  While it
      is fine for displaying results, this should not be the case when the
      subtests are actually invoked.
      
      Typically, the subtests are stored in zero-indexed arrays and invoked
      based on the index passed to the main test function.  Since the index
      now starts from 1, the second subtest in the array (index 1) gets
      invoked instead of the first (index 0).  This applies to all of the
      following subtests but for the last one, the subtest always fails
      because it does not meet the boundary condition of the subtest index
      being lesser than the number of subtests.
      
      This can be observed on powerpc64 and x86_64 systems running Fedora 28
      as shown below.
      
      Before:
      
        # perf test "builtin clang support"
        55: builtin clang support                                 :
        55.1: builtin clang compile C source to IR                : Ok
        55.2: builtin clang compile C source to ELF object        : FAILED!
      
        # perf test "LLVM search and compile"
        38: LLVM search and compile                               :
        38.1: Basic BPF llvm compile                              : Ok
        38.2: kbuild searching                                    : Ok
        38.3: Compile source for BPF prologue generation          : Ok
        38.4: Compile source for BPF relocation                   : FAILED!
      
        # perf test "BPF filter"
        40: BPF filter                                            :
        40.1: Basic BPF filtering                                 : Ok
        40.2: BPF pinning                                         : Ok
        40.3: BPF prologue generation                             : Ok
        40.4: BPF relocation checker                              : FAILED!
      
      After:
      
        # perf test "builtin clang support"
        55: builtin clang support                                 :
        55.1: builtin clang compile C source to IR                : Ok
        55.2: builtin clang compile C source to ELF object        : Ok
      
        # perf test "LLVM search and compile"
        38: LLVM search and compile                               :
        38.1: Basic BPF llvm compile                              : Ok
        38.2: kbuild searching                                    : Ok
        38.3: Compile source for BPF prologue generation          : Ok
        38.4: Compile source for BPF relocation                   : Ok
      
        # perf test "BPF filter"
        40: BPF filter                                            :
        40.1: Basic BPF filtering                                 : Ok
        40.2: BPF pinning                                         : Ok
        40.3: BPF prologue generation                             : Ok
        40.4: BPF relocation checker                              : Ok
      Signed-off-by: default avatarSandipan Das <sandipan@linux.ibm.com>
      Reported-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      Tested-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
      Cc: Hendrik Brueckner <brueckner@linux.ibm.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
      Cc: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
      Cc: Ravi Bangoria <ravi.bangoria@linux.ibm.com>
      Cc: Thomas Richter <tmricht@linux.ibm.com>
      Fixes: 9ef01124 ("perf test: Fix subtest number when showing results")
      Link: http://lkml.kernel.org/r/20180726171733.33208-1-sandipan@linux.ibm.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      b8f4d375
    • Daniel Mack's avatar
      libertas: call into generic suspend code before turning off power · 543f1084
      Daniel Mack authored
      [ Upstream commit 4f666675 ]
      
      When powering down a SDIO connected card during suspend, make sure to call
      into the generic lbs_suspend() function before pulling the plug. This will
      make sure the card is successfully deregistered from the system to avoid
      communication to the card starving out.
      
      Fixes: 7444a809 ("libertas: fix suspend and resume for SDIO connected cards")
      Signed-off-by: default avatarDaniel Mack <daniel@zonque.org>
      Reviewed-by: default avatarUlf Hansson <ulf.hansson@linaro.org>
      Acked-by: default avatarKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: default avatarUlf Hansson <ulf.hansson@linaro.org>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      543f1084
    • Masahiro Yamada's avatar
      kconfig: fix the rule of mainmenu_stmt symbol · 48f1b3b5
      Masahiro Yamada authored
      [ Upstream commit 56869d45 ]
      
      The rule of mainmenu_stmt does not have debug print of zconf_lineno(),
      but if it had, it would print a wrong line number for the same reason
      as commit b2d00d7c ("kconfig: fix line numbers for if-entries in
      menu tree").
      
      The mainmenu_stmt does not need to eat following empty lines because
      they are reduced to common_stmt.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      48f1b3b5
    • Arnd Bergmann's avatar
      net: stmmac: mark PM functions as __maybe_unused · cbc38304
      Arnd Bergmann authored
      [ Upstream commit 81a8b079 ]
      
      The newly added suspend/resume functions cause a build warning
      when CONFIG_PM is disabled:
      
      drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c:324:12: error: 'stmmac_pci_resume' defined but not used [-Werror=unused-function]
      drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c:306:12: error: 'stmmac_pci_suspend' defined but not used [-Werror=unused-function]
      
      Mark them as __maybe_unused so gcc can drop them silently.
      
      Fixes: b7d0f08e ("net: stmmac: Fix WoL for PCI-based setups")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      cbc38304
    • Dan Carpenter's avatar
      x86/paravirt: Fix some warning messages · 726f0595
      Dan Carpenter authored
      [ Upstream commit 571d0563 ]
      
      The first argument to WARN_ONCE() is a condition.
      
      Fixes: 5800dc5c ("x86/paravirt: Fix spectre-v2 mitigations for paravirt guests")
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Reviewed-by: default avatarJuergen Gross <jgross@suse.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Alok Kataria <akataria@vmware.com>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: virtualization@lists.linux-foundation.org
      Cc: kernel-janitors@vger.kernel.org
      Link: https://lkml.kernel.org/r/20180919103553.GD9238@mwandaSigned-off-by: default avatarSasha Levin <sashal@kernel.org>
      726f0595
    • Florian Fainelli's avatar
      net: phy: phylink: Don't release NULL GPIO · aa3aff5b
      Florian Fainelli authored
      [ Upstream commit 3bcd4772 ]
      
      If CONFIG_GPIOLIB is disabled, gpiod_put() becomes a stub that produces a
      warning, this helped identify that we could be attempting to release a NULL
      pl->link_gpio GPIO descriptor, so guard against that.
      
      Fixes: daab3349 ("net: phy: phylink: Release link GPIO")
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      aa3aff5b
    • Qu Wenruo's avatar
      btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf · f72388e3
      Qu Wenruo authored
      [ Upstream commit 6f7de19e ]
      
      Commit ff3d27a0 ("btrfs: qgroup: Finish rescan when hit the last leaf
      of extent tree") added a new exit for rescan finish.
      
      However after finishing quota rescan, we set
      fs_info->qgroup_rescan_progress to (u64)-1 before we exit through the
      original exit path.
      While we missed that assignment of (u64)-1 in the new exit path.
      
      The end result is, the quota status item doesn't have the same value.
      (-1 vs the last bytenr + 1)
      Although it doesn't affect quota accounting, it's still better to keep
      the original behavior.
      Reported-by: default avatarMisono Tomohiro <misono.tomohiro@jp.fujitsu.com>
      Fixes: ff3d27a0 ("btrfs: qgroup: Finish rescan when hit the last leaf of extent tree")
      Signed-off-by: default avatarQu Wenruo <wqu@suse.com>
      Reviewed-by: default avatarMisono Tomohiro <misono.tomohiro@jp.fujitsu.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      f72388e3
    • Martin K. Petersen's avatar
      scsi: sd: Remember that READ CAPACITY(16) succeeded · 3c92c7e9
      Martin K. Petersen authored
      [ Upstream commit 597d7400 ]
      
      The USB storage glue sets the try_rc_10_first flag in an attempt to
      avoid wedging poorly implemented legacy USB devices.
      
      If the device capacity is too large to be expressed in the provided
      response buffer field of READ CAPACITY(10), a well-behaved device will
      set the reported capacity to 0xFFFFFFFF. We will then attempt to issue a
      READ CAPACITY(16) to obtain the real capacity.
      
      Since this part of the discovery logic is not covered by the first_scan
      flag, a warning will be printed a couple of times times per revalidate
      attempt if we upgrade from READ CAPACITY(10) to READ CAPACITY(16).
      
      Remember that we have successfully issued READ CAPACITY(16) so we can
      take the fast path on subsequent revalidate attempts.
      Reported-by: default avatarMenion <menion@gmail.com>
      Reviewed-by: default avatarLaurence Oberman <loberman@redhat.com>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      3c92c7e9
    • Brian King's avatar
      scsi: ibmvfc: Avoid unnecessary port relogin · 5aa0d863
      Brian King authored
      [ Upstream commit 09dd15e0 ]
      
      Following an RSCN, ibmvfc will issue an ADISC to determine if the
      underlying target has changed, comparing the SCSI ID, WWPN, and WWNN to
      determine how to handle the rport in discovery. However, the comparison
      of the WWPN and WWNN was performing a memcmp between a big endian field
      against a CPU endian field, which resulted in the wrong answer on LE
      systems. This was observed as unexpected errors getting logged at boot
      time as targets were getting relogins when not needed.
      Signed-off-by: default avatarBrian King <brking@linux.vnet.ibm.com>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      5aa0d863