1. 24 Jun, 2021 3 commits
  2. 23 Jun, 2021 3 commits
  3. 22 Jun, 2021 7 commits
  4. 21 Jun, 2021 3 commits
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm · a96bfed6
      Linus Torvalds authored
      Pull ARM fix from Russell King:
      
       - fix gcc 10 compiler regression with cpu_init()
      
      * tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm:
        ARM: 9081/1: fix gcc-10 thumb2-kernel regression
      a96bfed6
    • Peter Zijlstra's avatar
      objtool/x86: Ignore __x86_indirect_alt_* symbols · 31197d3a
      Peter Zijlstra authored
      Because the __x86_indirect_alt* symbols are just that, objtool will
      try and validate them as regular symbols, instead of the alternative
      replacements that they are.
      
      This goes sideways for FRAME_POINTER=y builds; which generate a fair
      amount of warnings.
      
      Fixes: 9bc0bb50 ("objtool/x86: Rewrite retpoline thunk calls")
      Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Link: https://lore.kernel.org/r/YNCgxwLBiK9wclYJ@hirez.programming.kicks-ass.net
      31197d3a
    • Bumyong Lee's avatar
      swiotlb: manipulate orig_addr when tlb_addr has offset · 5f89468e
      Bumyong Lee authored
      in case of driver wants to sync part of ranges with offset,
      swiotlb_tbl_sync_single() copies from orig_addr base to tlb_addr with
      offset and ends up with data mismatch.
      
      It was removed from
      "swiotlb: don't modify orig_addr in swiotlb_tbl_sync_single",
      but said logic has to be added back in.
      
      From Linus's email:
      "That commit which the removed the offset calculation entirely, because the old
      
              (unsigned long)tlb_addr & (IO_TLB_SIZE - 1)
      
      was wrong, but instead of removing it, I think it should have just
      fixed it to be
      
              (tlb_addr - mem->start) & (IO_TLB_SIZE - 1);
      
      instead. That way the slot offset always matches the slot index calculation."
      
      (Unfortunatly that broke NVMe).
      
      The use-case that drivers are hitting is as follow:
      
      1. Get dma_addr_t from dma_map_single()
      
      dma_addr_t tlb_addr = dma_map_single(dev, vaddr, vsize, DMA_TO_DEVICE);
      
          |<---------------vsize------------->|
          +-----------------------------------+
          |                                   | original buffer
          +-----------------------------------+
        vaddr
      
       swiotlb_align_offset
           |<----->|<---------------vsize------------->|
           +-------+-----------------------------------+
           |       |                                   | swiotlb buffer
           +-------+-----------------------------------+
                tlb_addr
      
      2. Do something
      3. Sync dma_addr_t through dma_sync_single_for_device(..)
      
      dma_sync_single_for_device(dev, tlb_addr + offset, size, DMA_TO_DEVICE);
      
        Error case.
          Copy data to original buffer but it is from base addr (instead of
        base addr + offset) in original buffer:
      
       swiotlb_align_offset
           |<----->|<- offset ->|<- size ->|
           +-------+-----------------------------------+
           |       |            |##########|           | swiotlb buffer
           +-------+-----------------------------------+
                tlb_addr
      
          |<- size ->|
          +-----------------------------------+
          |##########|                        | original buffer
          +-----------------------------------+
        vaddr
      
      The fix is to copy the data to the original buffer and take into
      account the offset, like so:
      
       swiotlb_align_offset
           |<----->|<- offset ->|<- size ->|
           +-------+-----------------------------------+
           |       |            |##########|           | swiotlb buffer
           +-------+-----------------------------------+
                tlb_addr
      
          |<- offset ->|<- size ->|
          +-----------------------------------+
          |            |##########|           | original buffer
          +-----------------------------------+
        vaddr
      
      [One fix which was Linus's that made more sense to as it created a
      symmetry would break NVMe. The reason for that is the:
       unsigned int offset = (tlb_addr - mem->start) & (IO_TLB_SIZE - 1);
      
      would come up with the proper offset, but it would lose the
      alignment (which this patch contains).]
      
      Fixes: 16fc3cef ("swiotlb: don't modify orig_addr in swiotlb_tbl_sync_single")
      Signed-off-by: default avatarBumyong Lee <bumyong.lee@samsung.com>
      Signed-off-by: default avatarChanho Park <chanho61.park@samsung.com>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Reported-by: default avatarDominique MARTINET <dominique.martinet@atmark-techno.com>
      Reported-by: default avatarHoria Geantă <horia.geanta@nxp.com>
      Tested-by: default avatarHoria Geantă <horia.geanta@nxp.com>
      CC: stable@vger.kernel.org
      Signed-off-by: default avatarKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      5f89468e
  5. 20 Jun, 2021 4 commits
  6. 19 Jun, 2021 15 commits
    • Linus Torvalds's avatar
      Merge tag 'powerpc-5.13-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · b84a7c28
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
       "Fix initrd corruption caused by our recent change to use relative jump
        labels.
      
        Fix a crash using perf record on systems without a hardware PMU
        backend.
      
        Rework our 64-bit signal handling slighty to make it more closely
        match the old behaviour, after the recent change to use unsafe user
        accessors.
      
        Thanks to Anastasia Kovaleva, Athira Rajeev, Christophe Leroy, Daniel
        Axtens, Greg Kurz, and Roman Bolshakov"
      
      * tag 'powerpc-5.13-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set
        powerpc: Fix initrd corruption with relative jump labels
        powerpc/signal64: Copy siginfo before changing regs->nip
        powerpc/mem: Add back missing header to fix 'no previous prototype' error
      b84a7c28
    • Linus Torvalds's avatar
      Merge tag 'perf-tools-fixes-for-v5.13-2021-06-19' of... · 913ec3c2
      Linus Torvalds authored
      Merge tag 'perf-tools-fixes-for-v5.13-2021-06-19' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux
      
      Pull perf tools fixes from Arnaldo Carvalho de Melo:
      
       - Fix refcount usage when processing PERF_RECORD_KSYMBOL.
      
       - 'perf stat' metric group fixes.
      
       - Fix 'perf test' non-bash issue with stat bpf counters.
      
       - Update unistd, in.h and socket.h with the kernel sources, silencing
         perf build warnings.
      
      * tag 'perf-tools-fixes-for-v5.13-2021-06-19' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
        tools headers UAPI: Sync linux/in.h copy with the kernel sources
        tools headers UAPI: Sync asm-generic/unistd.h with the kernel original
        perf beauty: Update copy of linux/socket.h with the kernel sources
        perf test: Fix non-bash issue with stat bpf counters
        perf machine: Fix refcount usage when processing PERF_RECORD_KSYMBOL
        perf metricgroup: Return error code from metricgroup__add_metric_sys_event_iter()
        perf metricgroup: Fix find_evsel_group() event selector
      913ec3c2
    • Linus Torvalds's avatar
      Merge tag 'riscv-for-linus-5.13-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · d9403d30
      Linus Torvalds authored
      Pull RISC-V fixes from Palmer Dabbelt:
      
       - A build fix to always build modules with the 'medany' code model, as
         the module loader doesn't support 'medlow'.
      
       - A Kconfig warning fix for the SiFive errata.
      
       - A pair of fixes that for regressions to the recent memory layout
         changes.
      
       - A fix for the FU740 device tree.
      
      * tag 'riscv-for-linus-5.13-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
        riscv: dts: fu740: fix cache-controller interrupts
        riscv: Ensure BPF_JIT_REGION_START aligned with PMD size
        riscv: kasan: Fix MODULES_VADDR evaluation due to local variables' name
        riscv: sifive: fix Kconfig errata warning
        riscv32: Use medany C model for modules
      d9403d30
    • Linus Torvalds's avatar
      Merge tag 's390-5.13-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · e14c779a
      Linus Torvalds authored
      Pull s390 fixes from Vasily Gorbik:
      
       - Fix zcrypt ioctl hang due to AP queue msg counter dropping below 0
         when pending requests are purged.
      
       - Two fixes for the machine check handler in the entry code.
      
      * tag 's390-5.13-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390/ap: Fix hanging ioctl caused by wrong msg counter
        s390/mcck: fix invalid KVM guest condition check
        s390/mcck: fix calculation of SIE critical section size
      e14c779a
    • Arnaldo Carvalho de Melo's avatar
      tools headers UAPI: Sync linux/in.h copy with the kernel sources · 1792a59e
      Arnaldo Carvalho de Melo authored
      To pick the changes in:
      
        32182747 ("icmp: don't send out ICMP messages with a source address of 0.0.0.0")
      
      That don't result in any change in tooling, as INADDR_ are not used to
      generate id->string tables used by 'perf trace'.
      
      This addresses this build warning:
      
        Warning: Kernel ABI header at 'tools/include/uapi/linux/in.h' differs from latest version at 'include/uapi/linux/in.h'
        diff -u tools/include/uapi/linux/in.h include/uapi/linux/in.h
      
      Cc: David S. Miller <davem@davemloft.net>
      Cc: Toke Høiland-Jørgensen <toke@redhat.com>
      Signed-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      1792a59e
    • Arnaldo Carvalho de Melo's avatar
      tools headers UAPI: Sync asm-generic/unistd.h with the kernel original · 17d27fc3
      Arnaldo Carvalho de Melo authored
      To pick the changes in:
      
        8b1462b6 ("quota: finish disable quotactl_path syscall")
      
      Those headers are used in some arches to generate the syscall table used
      in 'perf trace' to translate syscall numbers into strings.
      
      This addresses this perf build warning:
      
        Warning: Kernel ABI header at 'tools/include/uapi/asm-generic/unistd.h' differs from latest version at 'include/uapi/asm-generic/unistd.h'
        diff -u tools/include/uapi/asm-generic/unistd.h include/uapi/asm-generic/unistd.h
      
      Cc: Jan Kara <jack@suse.cz>
      Cc: Marcin Juszkiewicz <marcin@juszkiewicz.com.pl>
      Signed-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      17d27fc3
    • Arnaldo Carvalho de Melo's avatar
      perf beauty: Update copy of linux/socket.h with the kernel sources · ef83f9ef
      Arnaldo Carvalho de Melo authored
      To pick the changes in:
      
        ea6932d7 ("net: make get_net_ns return error if NET_NS is disabled")
      
      That don't result in any changes in the tables generated from that
      header.
      
      This silences this perf build warning:
      
        Warning: Kernel ABI header at 'tools/perf/trace/beauty/include/linux/socket.h' differs from latest version at 'include/linux/socket.h'
        diff -u tools/perf/trace/beauty/include/linux/socket.h include/linux/socket.h
      
      Cc: Changbin Du <changbin.du@intel.com>
      Cc: David S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      ef83f9ef
    • Ian Rogers's avatar
      perf test: Fix non-bash issue with stat bpf counters · 482698c2
      Ian Rogers authored
      $(( .. )) is a bash feature but the test's interpreter is !/bin/sh,
      switch the code to use expr.
      Signed-off-by: default avatarIan Rogers <irogers@google.com>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Song Liu <songliubraving@fb.com>
      Cc: bpf@vger.kernel.org
      Link: http://lore.kernel.org/lkml/20210617184216.2075588-1-irogers@google.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      482698c2
    • Riccardo Mancini's avatar
      perf machine: Fix refcount usage when processing PERF_RECORD_KSYMBOL · c087e948
      Riccardo Mancini authored
      ASan reported a memory leak of BPF-related ksymbols map and dso. The
      leak is caused by refount never reaching 0, due to missing __put calls
      in the function machine__process_ksymbol_register.
      
      Once the dso is inserted in the map, dso__put() should be called
      (map__new2() increases the refcount to 2).
      
      The same thing applies for the map when it's inserted into maps
      (maps__insert() increases the refcount to 2).
      
        $ sudo ./perf record -- sleep 5
        [ perf record: Woken up 1 times to write data ]
        [ perf record: Captured and wrote 0.025 MB perf.data (8 samples) ]
      
        =================================================================
        ==297735==ERROR: LeakSanitizer: detected memory leaks
      
        Direct leak of 6992 byte(s) in 19 object(s) allocated from:
            #0 0x4f43c7 in calloc (/home/user/linux/tools/perf/perf+0x4f43c7)
            #1 0x8e4e53 in map__new2 /home/user/linux/tools/perf/util/map.c:216:20
            #2 0x8cf68c in machine__process_ksymbol_register /home/user/linux/tools/perf/util/machine.c:778:10
            [...]
      
        Indirect leak of 8702 byte(s) in 19 object(s) allocated from:
            #0 0x4f43c7 in calloc (/home/user/linux/tools/perf/perf+0x4f43c7)
            #1 0x8728d7 in dso__new_id /home/user/linux/tools/perf/util/dso.c:1256:20
            #2 0x872015 in dso__new /home/user/linux/tools/perf/util/dso.c:1295:9
            #3 0x8cf623 in machine__process_ksymbol_register /home/user/linux/tools/perf/util/machine.c:774:21
            [...]
      
        Indirect leak of 1520 byte(s) in 19 object(s) allocated from:
            #0 0x4f43c7 in calloc (/home/user/linux/tools/perf/perf+0x4f43c7)
            #1 0x87b3da in symbol__new /home/user/linux/tools/perf/util/symbol.c:269:23
            #2 0x888954 in map__process_kallsym_symbol /home/user/linux/tools/perf/util/symbol.c:710:8
            [...]
      
        Indirect leak of 1406 byte(s) in 19 object(s) allocated from:
            #0 0x4f43c7 in calloc (/home/user/linux/tools/perf/perf+0x4f43c7)
            #1 0x87b3da in symbol__new /home/user/linux/tools/perf/util/symbol.c:269:23
            #2 0x8cfbd8 in machine__process_ksymbol_register /home/user/linux/tools/perf/util/machine.c:803:8
            [...]
      Signed-off-by: default avatarRiccardo Mancini <rickyman7@gmail.com>
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Andi Kleen <ak@linux.intel.com>
      Cc: Ian Rogers <irogers@google.com>
      Cc: Jiapeng Chong <jiapeng.chong@linux.alibaba.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Tommi Rantala <tommi.t.rantala@nokia.com>
      Link: http://lore.kernel.org/lkml/20210612173751.188582-1-rickyman7@gmail.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      c087e948
    • John Garry's avatar
      perf metricgroup: Return error code from metricgroup__add_metric_sys_event_iter() · fe7a98b9
      John Garry authored
      The error code is not set at all in the sys event iter function.
      
      This may lead to an uninitialized value of "ret" in
      metricgroup__add_metric() when no CPU metric is added.
      
      Fix by properly setting the error code.
      
      It is not necessary to init "ret" to 0 in metricgroup__add_metric(), as
      if we have no CPU or sys event metric matching, then "has_match" should
      be 0 and "ret" is set to -EINVAL.
      
      However gcc cannot detect that it may not have been set after the
      map_for_each_metric() loop for CPU metrics, which is strange.
      
      Fixes: be335ec2 ("perf metricgroup: Support adding metrics for system PMUs")
      Signed-off-by: default avatarJohn Garry <john.garry@huawei.com>
      Acked-by: default avatarIan Rogers <irogers@google.com>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Kajol Jain <kjain@linux.ibm.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Link: http://lore.kernel.org/lkml/1623335580-187317-3-git-send-email-john.garry@huawei.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      fe7a98b9
    • John Garry's avatar
      perf metricgroup: Fix find_evsel_group() event selector · fc96ec4d
      John Garry authored
      The following command segfaults on my x86 broadwell:
      
        $ ./perf stat  -M frontend_bound,retiring,backend_bound,bad_speculation sleep 1
        WARNING: grouped events cpus do not match, disabling group:
          anon group { raw 0x10e }
          anon group { raw 0x10e }
        perf: util/evsel.c:1596: get_group_fd: Assertion `!(!leader->core.fd)' failed.
        Aborted (core dumped)
      
      The issue shows itself as a use-after-free in evlist__check_cpu_maps(),
      whereby the leader of an event selector (evsel) has been deleted (yet we
      still attempt to verify for an evsel).
      
      Fundamentally the problem comes from metricgroup__setup_events() ->
      find_evsel_group(), and has developed from the previous fix attempt in
      commit 9c880c24 ("perf metricgroup: Fix for metrics containing
      duration_time").
      
      The problem now is that the logic in checking if an evsel is in the same
      group is subtly broken for the "cycles" event. For the "cycles" event,
      the pmu_name is NULL; however the logic in find_evsel_group() may set an
      event matched against "cycles" as used, when it should not be.
      
      This leads to a condition where an evsel is set, yet its leader is not.
      
      Fix the check for evsel pmu_name by not matching evsels when either has a
      NULL pmu_name.
      
      There is still a pre-existing metric issue whereby the ordering of the
      metrics may break the 'stat' function, as discussed at:
      https://lore.kernel.org/lkml/49c6fccb-b716-1bf0-18a6-cace1cdb66b9@huawei.com/
      
      Fixes: 9c880c24 ("perf metricgroup: Fix for metrics containing duration_time")
      Signed-off-by: default avatarJohn Garry <john.garry@huawei.com>
      Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com> # On a Thinkpad T450S
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Ian Rogers <irogers@google.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Kajol Jain <kjain@linux.ibm.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Link: http://lore.kernel.org/lkml/1623335580-187317-2-git-send-email-john.garry@huawei.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      fc96ec4d
    • David Abdurachmanov's avatar
      riscv: dts: fu740: fix cache-controller interrupts · 7ede12b0
      David Abdurachmanov authored
      The order of interrupt numbers is incorrect.
      
      The order for FU740 is: DirError, DataError, DataFail, DirFail
      
      From SiFive FU740-C000 Manual:
      19 - L2 Cache DirError
      20 - L2 Cache DirFail
      21 - L2 Cache DataError
      22 - L2 Cache DataFail
      Signed-off-by: default avatarDavid Abdurachmanov <david.abdurachmanov@sifive.com>
      Signed-off-by: default avatarPalmer Dabbelt <palmerdabbelt@google.com>
      7ede12b0
    • Jisheng Zhang's avatar
      riscv: Ensure BPF_JIT_REGION_START aligned with PMD size · 3a02764c
      Jisheng Zhang authored
      Andreas reported commit fc850476 ("riscv: bpf: Avoid breaking W^X")
      breaks booting with one kind of defconfig, I reproduced a kernel panic
      with the defconfig:
      
      [    0.138553] Unable to handle kernel paging request at virtual address ffffffff81201220
      [    0.139159] Oops [#1]
      [    0.139303] Modules linked in:
      [    0.139601] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.13.0-rc5-default+ #1
      [    0.139934] Hardware name: riscv-virtio,qemu (DT)
      [    0.140193] epc : __memset+0xc4/0xfc
      [    0.140416]  ra : skb_flow_dissector_init+0x1e/0x82
      [    0.140609] epc : ffffffff8029806c ra : ffffffff8033be78 sp : ffffffe001647da0
      [    0.140878]  gp : ffffffff81134b08 tp : ffffffe001654380 t0 : ffffffff81201158
      [    0.141156]  t1 : 0000000000000002 t2 : 0000000000000154 s0 : ffffffe001647dd0
      [    0.141424]  s1 : ffffffff80a43250 a0 : ffffffff81201220 a1 : 0000000000000000
      [    0.141654]  a2 : 000000000000003c a3 : ffffffff81201258 a4 : 0000000000000064
      [    0.141893]  a5 : ffffffff8029806c a6 : 0000000000000040 a7 : ffffffffffffffff
      [    0.142126]  s2 : ffffffff81201220 s3 : 0000000000000009 s4 : ffffffff81135088
      [    0.142353]  s5 : ffffffff81135038 s6 : ffffffff8080ce80 s7 : ffffffff80800438
      [    0.142584]  s8 : ffffffff80bc6578 s9 : 0000000000000008 s10: ffffffff806000ac
      [    0.142810]  s11: 0000000000000000 t3 : fffffffffffffffc t4 : 0000000000000000
      [    0.143042]  t5 : 0000000000000155 t6 : 00000000000003ff
      [    0.143220] status: 0000000000000120 badaddr: ffffffff81201220 cause: 000000000000000f
      [    0.143560] [<ffffffff8029806c>] __memset+0xc4/0xfc
      [    0.143859] [<ffffffff8061e984>] init_default_flow_dissectors+0x22/0x60
      [    0.144092] [<ffffffff800010fc>] do_one_initcall+0x3e/0x168
      [    0.144278] [<ffffffff80600df0>] kernel_init_freeable+0x1c8/0x224
      [    0.144479] [<ffffffff804868a8>] kernel_init+0x12/0x110
      [    0.144658] [<ffffffff800022de>] ret_from_exception+0x0/0xc
      [    0.145124] ---[ end trace f1e9643daa46d591 ]---
      
      After some investigation, I think I found the root cause: commit
      2bfc6cd8 ("move kernel mapping outside of linear mapping") moves
      BPF JIT region after the kernel:
      
      | #define BPF_JIT_REGION_START	PFN_ALIGN((unsigned long)&_end)
      
      The &_end is unlikely aligned with PMD size, so the front bpf jit
      region sits with part of kernel .data section in one PMD size mapping.
      But kernel is mapped in PMD SIZE, when bpf_jit_binary_lock_ro() is
      called to make the first bpf jit prog ROX, we will make part of kernel
      .data section RO too, so when we write to, for example memset the
      .data section, MMU will trigger a store page fault.
      
      To fix the issue, we need to ensure the BPF JIT region is PMD size
      aligned. This patch acchieve this goal by restoring the BPF JIT region
      to original position, I.E the 128MB before kernel .text section. The
      modification to kasan_init.c is inspired by Alexandre.
      
      Fixes: fc850476 ("riscv: bpf: Avoid breaking W^X")
      Reported-by: default avatarAndreas Schwab <schwab@linux-m68k.org>
      Signed-off-by: default avatarJisheng Zhang <jszhang@kernel.org>
      Signed-off-by: default avatarPalmer Dabbelt <palmerdabbelt@google.com>
      3a02764c
    • Jisheng Zhang's avatar
      riscv: kasan: Fix MODULES_VADDR evaluation due to local variables' name · 314b7817
      Jisheng Zhang authored
      commit 2bfc6cd8 ("riscv: Move kernel mapping outside of linear
      mapping") makes use of MODULES_VADDR to populate kernel, BPF, modules
      mapping. Currently, MODULES_VADDR is defined as below for RV64:
      
      | #define MODULES_VADDR   (PFN_ALIGN((unsigned long)&_end) - SZ_2G)
      
      But kasan_init() has two local variables which are also named as _start,
      _end, so MODULES_VADDR is evaluated with the local variable _end
      rather than the global "_end" as we expected. Fix this issue by
      renaming the two local variables.
      
      Fixes: 2bfc6cd8 ("riscv: Move kernel mapping outside of linear mapping")
      Signed-off-by: default avatarJisheng Zhang <jszhang@kernel.org>
      Signed-off-by: default avatarPalmer Dabbelt <palmerdabbelt@google.com>
      314b7817
    • Linus Torvalds's avatar
      Merge tag 'net-5.13-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 9ed13a17
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Networking fixes for 5.13-rc7, including fixes from wireless, bpf,
        bluetooth, netfilter and can.
      
        Current release - regressions:
      
         - mlxsw: spectrum_qdisc: Pass handle, not band number to find_class()
           to fix modifying offloaded qdiscs
      
         - lantiq: net: fix duplicated skb in rx descriptor ring
      
         - rtnetlink: fix regression in bridge VLAN configuration, empty info
           is not an error, bot-generated "fix" was not needed
      
         - libbpf: s/rx/tx/ typo on umem->rx_ring_setup_done to fix umem
           creation
      
        Current release - new code bugs:
      
         - ethtool: fix NULL pointer dereference during module EEPROM dump via
           the new netlink API
      
         - mlx5e: don't update netdev RQs with PTP-RQ, the special purpose
           queue should not be visible to the stack
      
         - mlx5e: select special PTP queue only for SKBTX_HW_TSTAMP skbs
      
         - mlx5e: verify dev is present in get devlink port ndo, avoid a panic
      
        Previous releases - regressions:
      
         - neighbour: allow NUD_NOARP entries to be force GCed
      
         - further fixes for fallout from reorg of WiFi locking (staging:
           rtl8723bs, mac80211, cfg80211)
      
         - skbuff: fix incorrect msg_zerocopy copy notifications
      
         - mac80211: fix NULL ptr deref for injected rate info
      
         - Revert "net/mlx5: Arm only EQs with EQEs" it may cause missed IRQs
      
        Previous releases - always broken:
      
         - bpf: more speculative execution fixes
      
         - netfilter: nft_fib_ipv6: skip ipv6 packets from any to link-local
      
         - udp: fix race between close() and udp_abort() resulting in a panic
      
         - fix out of bounds when parsing TCP options before packets are
           validated (in netfilter: synproxy, tc: sch_cake and mptcp)
      
         - mptcp: improve operation under memory pressure, add missing
           wake-ups
      
         - mptcp: fix double-lock/soft lookup in subflow_error_report()
      
         - bridge: fix races (null pointer deref and UAF) in vlan tunnel
           egress
      
         - ena: fix DMA mapping function issues in XDP
      
         - rds: fix memory leak in rds_recvmsg
      
        Misc:
      
         - vrf: allow larger MTUs
      
         - icmp: don't send out ICMP messages with a source address of 0.0.0.0
      
         - cdc_ncm: switch to eth%d interface naming"
      
      * tag 'net-5.13-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (139 commits)
        net: ethernet: fix potential use-after-free in ec_bhf_remove
        selftests/net: Add icmp.sh for testing ICMP dummy address responses
        icmp: don't send out ICMP messages with a source address of 0.0.0.0
        net: ll_temac: Avoid ndo_start_xmit returning NETDEV_TX_BUSY
        net: ll_temac: Fix TX BD buffer overwrite
        net: ll_temac: Add memory-barriers for TX BD access
        net: ll_temac: Make sure to free skb when it is completely used
        MAINTAINERS: add Guvenc as SMC maintainer
        bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path
        bnxt_en: Fix TQM fastpath ring backing store computation
        bnxt_en: Rediscover PHY capabilities after firmware reset
        cxgb4: fix wrong shift.
        mac80211: handle various extensible elements correctly
        mac80211: reset profile_periodicity/ema_ap
        cfg80211: avoid double free of PMSR request
        cfg80211: make certificate generation more robust
        mac80211: minstrel_ht: fix sample time check
        net: qed: Fix memcpy() overflow of qed_dcbx_params()
        net: cdc_eem: fix tx fixup skb leak
        net: hamradio: fix memory leak in mkiss_close
        ...
      9ed13a17
  7. 18 Jun, 2021 5 commits
    • Linus Torvalds's avatar
      Merge tag 'for-5.13-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · 6fab154a
      Linus Torvalds authored
      Pull btrfs fix from David Sterba:
       "One more fix, for a space accounting bug in zoned mode. It happens
        when a block group is switched back rw->ro and unusable bytes (due to
        zoned constraints) are subtracted twice.
      
        It has user visible effects so I consider it important enough for late
        -rc inclusion and backport to stable"
      
      * tag 'for-5.13-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        btrfs: zoned: fix negative space_info->bytes_readonly
      6fab154a
    • Linus Torvalds's avatar
      Merge tag 'pci-v5.13-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · 728a748b
      Linus Torvalds authored
      Pull PCI fixes from Bjorn Helgaas:
      
       - Clear 64-bit flag for host bridge windows below 4GB to fix a resource
         allocation regression added in -rc1 (Punit Agrawal)
      
       - Fix tegra194 MCFG quirk build regressions added in -rc1 (Jon Hunter)
      
       - Avoid secondary bus resets on TI KeyStone C667X devices (Antti
         Järvinen)
      
       - Avoid secondary bus resets on some NVIDIA GPUs (Shanker Donthineni)
      
       - Work around FLR erratum on Huawei Intelligent NIC VF (Chiqijun)
      
       - Avoid broken ATS on AMD Navi14 GPU (Evan Quan)
      
       - Trust Broadcom BCM57414 NIC to isolate functions even though it
         doesn't advertise ACS support (Sriharsha Basavapatna)
      
       - Work around AMD RS690 BIOSes that don't configure DMA above 4GB
         (Mikel Rychliski)
      
       - Fix panic during PIO transfer on Aardvark controller (Pali Rohár)
      
      * tag 'pci-v5.13-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
        PCI: aardvark: Fix kernel panic during PIO transfer
        PCI: Add AMD RS690 quirk to enable 64-bit DMA
        PCI: Add ACS quirk for Broadcom BCM57414 NIC
        PCI: Mark AMD Navi14 GPU ATS as broken
        PCI: Work around Huawei Intelligent NIC VF FLR erratum
        PCI: Mark some NVIDIA GPUs to avoid bus reset
        PCI: Mark TI C667X to avoid bus reset
        PCI: tegra194: Fix MCFG quirk build regressions
        PCI: of: Clear 64-bit flag for non-prefetchable memory below 4GB
      728a748b
    • Matthew Wilcox (Oracle)'s avatar
      afs: Re-enable freezing once a page fault is interrupted · 9620ad86
      Matthew Wilcox (Oracle) authored
      If a task is killed during a page fault, it does not currently call
      sb_end_pagefault(), which means that the filesystem cannot be frozen
      at any time thereafter.  This may be reported by lockdep like this:
      
      ====================================
      WARNING: fsstress/10757 still has locks held!
      5.13.0-rc4-build4+ #91 Not tainted
      ------------------------------------
      1 lock held by fsstress/10757:
       #0: ffff888104eac530
       (
      sb_pagefaults
      
      as filesystem freezing is modelled as a lock.
      
      Fix this by removing all the direct returns from within the function,
      and using 'ret' to indicate whether we were interrupted or successful.
      
      Fixes: 1cf7a151 ("afs: Implement shared-writeable mmap")
      Signed-off-by: default avatarMatthew Wilcox (Oracle) <willy@infradead.org>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: linux-afs@lists.infradead.org
      Link: https://lore.kernel.org/r/20210616154900.1958373-1-willy@infradead.org/Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9620ad86
    • Pavel Skripkin's avatar
      net: ethernet: fix potential use-after-free in ec_bhf_remove · 9cca0c2d
      Pavel Skripkin authored
      static void ec_bhf_remove(struct pci_dev *dev)
      {
      ...
      	struct ec_bhf_priv *priv = netdev_priv(net_dev);
      
      	unregister_netdev(net_dev);
      	free_netdev(net_dev);
      
      	pci_iounmap(dev, priv->dma_io);
      	pci_iounmap(dev, priv->io);
      ...
      }
      
      priv is netdev private data, but it is used
      after free_netdev(). It can cause use-after-free when accessing priv
      pointer. So, fix it by moving free_netdev() after pci_iounmap()
      calls.
      
      Fixes: 6af55ff5 ("Driver for Beckhoff CX5020 EtherCAT master module.")
      Signed-off-by: default avatarPavel Skripkin <paskripkin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9cca0c2d
    • David S. Miller's avatar
      Merge tag 'mac80211-for-net-2021-06-18' of... · 0d1dc9e1
      David S. Miller authored
      Merge tag 'mac80211-for-net-2021-06-18' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
      
      Johannes Berg says:
      
      ====================
      A couple of straggler fixes:
       * a minstrel HT sample check fix
       * peer measurement could double-free on races
       * certificate file generation at build time could
         sometimes hang
       * some parameters weren't reset between connections
         in mac80211
       * some extensible elements were treated as non-
         extensible, possibly causuing bad connections
         (or failures) if the AP adds data
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0d1dc9e1