1. 25 Nov, 2019 4 commits
    • Linus Torvalds's avatar
      Merge tag 'tpmdd-next-20191112' of git://git.infradead.org/users/jjs/linux-tpmdd · 54f0e540
      Linus Torvalds authored
      Pull tpmd updates from Jarkko Sakkinen:
      
       - support for Cr50 fTPM
      
       - support for fTPM on AMD Zen+ CPUs
      
       - TPM 2.0 trusted keys code relocated from drivers/char/tpm to
         security/keys
      
      * tag 'tpmdd-next-20191112' of git://git.infradead.org/users/jjs/linux-tpmdd:
        KEYS: trusted: Remove set but not used variable 'keyhndl'
        tpm: Switch to platform_get_irq_optional()
        tpm_crb: fix fTPM on AMD Zen+ CPUs
        KEYS: trusted: Move TPM2 trusted keys code
        KEYS: trusted: Create trusted keys subsystem
        KEYS: Use common tpm_buf for trusted and asymmetric keys
        tpm: Move tpm_buf code to include/linux/
        tpm: use GFP_KERNEL instead of GFP_HIGHMEM for tpm_buf
        tpm: add check after commands attribs tab allocation
        tpm: tpm_tis_spi: Drop THIS_MODULE usage from driver struct
        tpm: tpm_tis_spi: Cleanup includes
        tpm: tpm_tis_spi: Support cr50 devices
        tpm: tpm_tis_spi: Introduce a flow control callback
        tpm: Add a flag to indicate TPM power is managed by firmware
        dt-bindings: tpm: document properties for cr50
        tpm_tis: override durations for STM tpm with firmware 1.2.8.28
        tpm: provide a way to override the chip returned durations
        tpm: Remove duplicate code from caps_show() in tpm-sysfs.c
      54f0e540
    • Linus Torvalds's avatar
      vfs: properly and reliably lock f_pos in fdget_pos() · 0be0ee71
      Linus Torvalds authored
      fdget_pos() is used by file operations that will read and update f_pos:
      things like "read()", "write()" and "lseek()" (but not, for example,
      "pread()/pwrite" that get their file positions elsewhere).
      
      However, it had two separate escape clauses for this, because not
      everybody wants or needs serialization of the file position.
      
      The first and most obvious case is the "file descriptor doesn't have a
      position at all", ie a stream-like file.  Except we didn't actually use
      FMODE_STREAM, but instead used FMODE_ATOMIC_POS.  The reason for that
      was that FMODE_STREAM didn't exist back in the days, but also that we
      didn't want to mark all the special cases, so we only marked the ones
      that _required_ position atomicity according to POSIX - regular files
      and directories.
      
      The case one was intentionally lazy, but now that we _do_ have
      FMODE_STREAM we could and should just use it.  With the change to use
      FMODE_STREAM, there are no remaining uses for FMODE_ATOMIC_POS, and all
      the code to set it is deleted.
      
      Any cases where we don't want the serialization because the driver (or
      subsystem) doesn't use the file position should just be updated to do
      "stream_open()".  We've done that for all the obvious and common
      situations, we may need a few more.  Quoting Kirill Smelkov in the
      original FMODE_STREAM thread (see link below for full email):
      
       "And I appreciate if people could help at least somehow with "getting
        rid of mixed case entirely" (i.e. always lock f_pos_lock on
        !FMODE_STREAM), because this transition starts to diverge from my
        particular use-case too far. To me it makes sense to do that
        transition as follows:
      
         - convert nonseekable_open -> stream_open via stream_open.cocci;
         - audit other nonseekable_open calls and convert left users that
           truly don't depend on position to stream_open;
         - extend stream_open.cocci to analyze alloc_file_pseudo as well (this
           will cover pipes and sockets), or maybe convert pipes and sockets
           to FMODE_STREAM manually;
         - extend stream_open.cocci to analyze file_operations that use
           no_llseek or noop_llseek, but do not use nonseekable_open or
           alloc_file_pseudo. This might find files that have stream semantic
           but are opened differently;
         - extend stream_open.cocci to analyze file_operations whose
           .read/.write do not use ppos at all (independently of how file was
           opened);
         - ...
         - after that remove FMODE_ATOMIC_POS and always take f_pos_lock if
           !FMODE_STREAM;
         - gather bug reports for deadlocked read/write and convert missed
           cases to FMODE_STREAM, probably extending stream_open.cocci along
           the road to catch similar cases
      
        i.e. always take f_pos_lock unless a file is explicitly marked as
        being stream, and try to find and cover all files that are streams"
      
      We have not done the "extend stream_open.cocci to analyze
      alloc_file_pseudo" as well, but the previous commit did manually handle
      the case of pipes and sockets.
      
      The other case where we can avoid locking f_pos is the "this file
      descriptor only has a single user and it is us, and thus there is no
      need to lock it".
      
      The second test was correct, although a bit subtle and worth just
      re-iterating here.  There are two kinds of other sources of references
      to the same file descriptor: file descriptors that have been explicitly
      shared across fork() or with dup(), and file tables having elevated
      reference counts due to threading (or explicit file sharing with
      clone()).
      
      The first case would have incremented the file count explicitly, and in
      the second case the previous __fdget() would have incremented it for us
      and set the FDPUT_FPUT flag.
      
      But in both cases the file count would be greater than one, so the
      "file_count(file) > 1" test catches both situations.  Also note that if
      file_count is 1, that also means that no other thread can have access to
      the file table, so there also cannot be races with concurrent calls to
      dup()/fork()/clone() that would increment the file count any other way.
      
      Link: https://lore.kernel.org/linux-fsdevel/20190413184404.GA13490@deco.navytux.spb.ru
      Cc: Kirill Smelkov <kirr@nexedi.com>
      Cc: Eic Dumazet <edumazet@google.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Alan Stern <stern@rowland.harvard.edu>
      Cc: Marco Elver <elver@google.com>
      Cc: Andrea Parri <parri.andrea@gmail.com>
      Cc: Paul McKenney <paulmck@kernel.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      0be0ee71
    • Linus Torvalds's avatar
      vfs: mark pipes and sockets as stream-like file descriptors · d8e464ec
      Linus Torvalds authored
      In commit 3975b097 ("convert stream-like files -> stream_open, even
      if they use noop_llseek") Kirill used a coccinelle script to change
      "nonseekable_open()" to "stream_open()", which changed the trivial cases
      of stream-like file descriptors to the new model with FMODE_STREAM.
      
      However, the two big cases - sockets and pipes - don't actually have
      that trivial pattern at all, and were thus never converted to
      FMODE_STREAM even though it makes lots of sense to do so.
      
      That's particularly true when looking forward to the next change:
      getting rid of FMODE_ATOMIC_POS entirely, and just using FMODE_STREAM to
      decide whether f_pos updates are needed or not.  And if they are, we'll
      always do them atomically.
      
      This came up because KCSAN (correctly) noted that the non-locked f_pos
      updates are data races: they are clearly benign for the case where we
      don't care, but it would be good to just not have that issue exist at
      all.
      
      Note that the reason we used FMODE_ATOMIC_POS originally is that only
      doing it for the minimal required case is "safer" in that it's possible
      that the f_pos locking can cause unnecessary serialization across the
      whole write() call.  And in the worst case, that kind of serialization
      can cause deadlock issues: think writers that need readers to empty the
      state using the same file descriptor.
      
      [ Note that the locking is per-file descriptor - because it protects
        "f_pos", which is obviously per-file descriptor - so it only affects
        cases where you literally use the same file descriptor to both read
        and write.
      
        So a regular pipe that has separate reading and writing file
        descriptors doesn't really have this situation even though it's the
        obvious case of "reader empties what a bit writer concurrently fills"
      
        But we want to make pipes as being stream-line anyway, because we
        don't want the unnecessary overhead of locking, and because a named
        pipe can be (ab-)used by reading and writing to the same file
        descriptor. ]
      
      There are likely a lot of other cases that might want FMODE_STREAM, and
      looking for ".llseek = no_llseek" users and other cases that don't have
      an lseek file operation at all and making them use "stream_open()" might
      be a good idea.  But pipes and sockets are likely to be the two main
      cases.
      
      Cc: Kirill Smelkov <kirr@nexedi.com>
      Cc: Eic Dumazet <edumazet@google.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Alan Stern <stern@rowland.harvard.edu>
      Cc: Marco Elver <elver@google.com>
      Cc: Andrea Parri <parri.andrea@gmail.com>
      Cc: Paul McKenney <paulmck@kernel.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      d8e464ec
    • Linus Torvalds's avatar
      Linux 5.4 · 219d5433
      Linus Torvalds authored
      219d5433
  2. 24 Nov, 2019 2 commits
  3. 23 Nov, 2019 2 commits
  4. 22 Nov, 2019 22 commits
    • Lyude Paul's avatar
      Revert "Input: synaptics - enable RMI mode for X1 Extreme 2nd Generation" · 87916634
      Lyude Paul authored
      This reverts commit 68b9c5066e39af41d3448abfc887c77ce22dd64d.
      
      Ugh, I really dropped the ball on this one :\. So as it turns out RMI4
      works perfectly fine on the X1 Extreme Gen 2 except for one thing I
      didn't notice because I usually use the trackpoint: clicking with the
      touchpad. Somehow this is broken, in fact we don't even seem to indicate
      BTN_LEFT as a valid event type for the RMI4 touchpad. And, I don't even
      see any RMI4 events coming from the touchpad when I press down on it.
      This only seems to work for PS/2 mode.
      
      Since that means we have a regression, and PS/2 mode seems to work fine
      for the time being - revert this for now. We'll have to do a more
      thorough investigation on this.
      Signed-off-by: default avatarLyude Paul <lyude@redhat.com>
      Link: https://lore.kernel.org/r/20191119234534.10725-1-lyude@redhat.comSigned-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
      87916634
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 34c36f45
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Validate tunnel options length in act_tunnel_key, from Xin Long.
      
       2) Fix DMA sync bug in gve driver, from Adi Suresh.
      
       3) TSO kills performance on some r8169 chips due to HW issues, disable
          by default in that case, from Corinna Vinschen.
      
       4) Fix clock disable mismatch in fec driver, from Chubong Yuan.
      
       5) Fix interrupt status bits define in hns3 driver, from Huazhong Tan.
      
       6) Fix workqueue deadlocks in qeth driver, from Julian Wiedmann.
      
       7) Don't napi_disable() twice in r8152 driver, from Hayes Wang.
      
       8) Fix SKB extension memory leak, from Florian Westphal.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (54 commits)
        r8152: avoid to call napi_disable twice
        MAINTAINERS: Add myself as maintainer of virtio-vsock
        udp: drop skb extensions before marking skb stateless
        net: rtnetlink: prevent underflows in do_setvfinfo()
        can: m_can_platform: remove unnecessary m_can_class_resume() call
        can: m_can_platform: set net_device structure as driver data
        hv_netvsc: Fix send_table offset in case of a host bug
        hv_netvsc: Fix offset usage in netvsc_send_table()
        net-ipv6: IPV6_TRANSPARENT - check NET_RAW prior to NET_ADMIN
        sfc: Only cancel the PPS workqueue if it exists
        nfc: port100: handle command failure cleanly
        net-sysfs: fix netdev_queue_add_kobject() breakage
        r8152: Re-order napi_disable in rtl8152_close
        net: qca_spi: Move reset_count to struct qcaspi
        net: qca_spi: fix receive buffer size check
        net/ibmvnic: Ignore H_FUNCTION return from H_EOI to tolerate XIVE mode
        Revert "net/ibmvnic: Fix EOI when running in XIVE mode"
        net/mlxfw: Verify FSM error code translation doesn't exceed array size
        net/mlx5: Update the list of the PCI supported devices
        net/mlx5: Fix auto group size calculation
        ...
      34c36f45
    • Marc Dionne's avatar
      afs: Fix large file support · b485275f
      Marc Dionne authored
      By default s_maxbytes is set to MAX_NON_LFS, which limits the usable
      file size to 2GB, enforced by the vfs.
      
      Commit b9b1f8d5 ("AFS: write support fixes") added support for the
      64-bit fetch and store server operations, but did not change this value.
      As a result, attempts to write past the 2G mark result in EFBIG errors:
      
       $ dd if=/dev/zero of=foo bs=1M count=1 seek=2048
       dd: error writing 'foo': File too large
      
      Set s_maxbytes to MAX_LFS_FILESIZE.
      
      Fixes: b9b1f8d5 ("AFS: write support fixes")
      Signed-off-by: default avatarMarc Dionne <marc.dionne@auristor.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b485275f
    • Marc Dionne's avatar
      afs: Fix possible assert with callbacks from yfs servers · cd340703
      Marc Dionne authored
      Servers sending callback breaks to the YFS_CM_SERVICE service may
      send up to YFSCBMAX (1024) fids in a single RPC.  Anything over
      AFSCBMAX (50) will cause the assert in afs_break_callbacks to trigger.
      
      Remove the assert, as the count has already been checked against
      the appropriate max values in afs_deliver_cb_callback and
      afs_deliver_yfs_cb_callback.
      
      Fixes: 35dbfba3 ("afs: Implement the YFS cache manager service")
      Signed-off-by: default avatarMarc Dionne <marc.dionne@auristor.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      cd340703
    • Hayes Wang's avatar
      r8152: avoid to call napi_disable twice · 5b1d9c17
      Hayes Wang authored
      Call napi_disable() twice would cause dead lock. There are three situations
      may result in the issue.
      
      1. rtl8152_pre_reset() and set_carrier() are run at the same time.
      2. Call rtl8152_set_tunable() after rtl8152_close().
      3. Call rtl8152_set_ringparam() after rtl8152_close().
      
      For #1, use the same solution as commit 84811412 ("r8152: Re-order
      napi_disable in rtl8152_close"). For #2 and #3, add checking the flag
      of IFF_UP and using napi_disable/napi_enable during mutex.
      Signed-off-by: default avatarHayes Wang <hayeswang@realtek.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5b1d9c17
    • Linus Torvalds's avatar
      Merge branch 'akpm' (patches from Andrew) · cc079039
      Linus Torvalds authored
      Merge misc fixes from Andrew Morton:
       "Three fixes"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        mm/ksm.c: don't WARN if page is still mapped in remove_stable_node()
        mm/memory_hotplug: don't access uninitialized memmaps in shrink_zone_span()
        Revert "fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()"
      cc079039
    • David S. Miller's avatar
      Merge tag 'linux-can-fixes-for-5.4-20191122' of... · 06829937
      David S. Miller authored
      Merge tag 'linux-can-fixes-for-5.4-20191122' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
      
      Marc Kleine-Budde says:
      
      ====================
      pull-request: can 2019-11-22
      
      this is a pull request of 2 patches for net/master, if possible for the
      current release cycle. Otherwise these patches should hit v5.4 via the
      stable tree.
      
      Both patches of this pull request target the m_can driver. Pankaj Sharma
      fixes the fallout in the m_can_platform part, which appeared with the
      introduction of the m_can platform framework.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      06829937
    • Stefano Garzarella's avatar
      MAINTAINERS: Add myself as maintainer of virtio-vsock · efabb6c6
      Stefano Garzarella authored
      Since I'm actively working on vsock and virtio/vhost transports,
      Stefan suggested to help him to maintain it.
      Signed-off-by: default avatarStefano Garzarella <sgarzare@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      efabb6c6
    • Florian Westphal's avatar
      udp: drop skb extensions before marking skb stateless · 677bf08c
      Florian Westphal authored
      Once udp stack has set the UDP_SKB_IS_STATELESS flag, later skb free
      assumes all skb head state has been dropped already.
      
      This will leak the extension memory in case the skb has extensions other
      than the ipsec secpath, e.g. bridge nf data.
      
      To fix this, set the UDP_SKB_IS_STATELESS flag only if we don't have
      extensions or if the extension space can be free'd.
      
      Fixes: 895b5c9f ("netfilter: drop bridge nf reset from nf_reset")
      Cc: Paolo Abeni <pabeni@redhat.com>
      Reported-by: default avatarByron Stanoszek <gandalf@winds.org>
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Acked-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      677bf08c
    • Dan Carpenter's avatar
      net: rtnetlink: prevent underflows in do_setvfinfo() · ff08ddba
      Dan Carpenter authored
      The "ivm->vf" variable is a u32, but the problem is that a number of
      drivers cast it to an int and then forget to check for negatives.  An
      example of this is in the cxgb4 driver.
      
      drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
        2890  static int cxgb4_mgmt_get_vf_config(struct net_device *dev,
        2891                                      int vf, struct ifla_vf_info *ivi)
                                                  ^^^^^^
        2892  {
        2893          struct port_info *pi = netdev_priv(dev);
        2894          struct adapter *adap = pi->adapter;
        2895          struct vf_info *vfinfo;
        2896
        2897          if (vf >= adap->num_vfs)
                          ^^^^^^^^^^^^^^^^^^^
        2898                  return -EINVAL;
        2899          vfinfo = &adap->vfinfo[vf];
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^
      
      There are 48 functions affected.
      
      drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c:8435 hclge_set_vf_vlan_filter() warn: can 'vfid' underflow 's32min-2147483646'
      drivers/net/ethernet/freescale/enetc/enetc_pf.c:377 enetc_pf_set_vf_mac() warn: can 'vf' underflow 's32min-2147483646'
      drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c:2899 cxgb4_mgmt_get_vf_config() warn: can 'vf' underflow 's32min-254'
      drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c:2960 cxgb4_mgmt_set_vf_rate() warn: can 'vf' underflow 's32min-254'
      drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c:3019 cxgb4_mgmt_set_vf_rate() warn: can 'vf' underflow 's32min-254'
      drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c:3038 cxgb4_mgmt_set_vf_vlan() warn: can 'vf' underflow 's32min-254'
      drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c:3086 cxgb4_mgmt_set_vf_link_state() warn: can 'vf' underflow 's32min-254'
      drivers/net/ethernet/chelsio/cxgb/cxgb2.c:791 get_eeprom() warn: can 'i' underflow 's32min-(-4),0,4-s32max'
      drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c:82 bnxt_set_vf_spoofchk() warn: can 'vf_id' underflow 's32min-65534'
      drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c:164 bnxt_set_vf_trust() warn: can 'vf_id' underflow 's32min-65534'
      drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c:186 bnxt_get_vf_config() warn: can 'vf_id' underflow 's32min-65534'
      drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c:228 bnxt_set_vf_mac() warn: can 'vf_id' underflow 's32min-65534'
      drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c:264 bnxt_set_vf_vlan() warn: can 'vf_id' underflow 's32min-65534'
      drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c:293 bnxt_set_vf_bw() warn: can 'vf_id' underflow 's32min-65534'
      drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c:333 bnxt_set_vf_link_state() warn: can 'vf_id' underflow 's32min-65534'
      drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c:2595 bnx2x_vf_op_prep() warn: can 'vfidx' underflow 's32min-63'
      drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c:2595 bnx2x_vf_op_prep() warn: can 'vfidx' underflow 's32min-63'
      drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c:2281 bnx2x_post_vf_bulletin() warn: can 'vf' underflow 's32min-63'
      drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c:2285 bnx2x_post_vf_bulletin() warn: can 'vf' underflow 's32min-63'
      drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c:2286 bnx2x_post_vf_bulletin() warn: can 'vf' underflow 's32min-63'
      drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c:2292 bnx2x_post_vf_bulletin() warn: can 'vf' underflow 's32min-63'
      drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c:2297 bnx2x_post_vf_bulletin() warn: can 'vf' underflow 's32min-63'
      drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c:1832 qlcnic_sriov_set_vf_mac() warn: can 'vf' underflow 's32min-254'
      drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c:1864 qlcnic_sriov_set_vf_tx_rate() warn: can 'vf' underflow 's32min-254'
      drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c:1937 qlcnic_sriov_set_vf_vlan() warn: can 'vf' underflow 's32min-254'
      drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c:2005 qlcnic_sriov_get_vf_config() warn: can 'vf' underflow 's32min-254'
      drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c:2036 qlcnic_sriov_set_vf_spoofchk() warn: can 'vf' underflow 's32min-254'
      drivers/net/ethernet/emulex/benet/be_main.c:1914 be_get_vf_config() warn: can 'vf' underflow 's32min-65534'
      drivers/net/ethernet/emulex/benet/be_main.c:1915 be_get_vf_config() warn: can 'vf' underflow 's32min-65534'
      drivers/net/ethernet/emulex/benet/be_main.c:1922 be_set_vf_tvt() warn: can 'vf' underflow 's32min-65534'
      drivers/net/ethernet/emulex/benet/be_main.c:1951 be_clear_vf_tvt() warn: can 'vf' underflow 's32min-65534'
      drivers/net/ethernet/emulex/benet/be_main.c:2063 be_set_vf_tx_rate() warn: can 'vf' underflow 's32min-65534'
      drivers/net/ethernet/emulex/benet/be_main.c:2091 be_set_vf_link_state() warn: can 'vf' underflow 's32min-65534'
      drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c:2609 ice_set_vf_port_vlan() warn: can 'vf_id' underflow 's32min-65534'
      drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c:3050 ice_get_vf_cfg() warn: can 'vf_id' underflow 's32min-65534'
      drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c:3103 ice_set_vf_spoofchk() warn: can 'vf_id' underflow 's32min-65534'
      drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c:3181 ice_set_vf_mac() warn: can 'vf_id' underflow 's32min-65534'
      drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c:3237 ice_set_vf_trust() warn: can 'vf_id' underflow 's32min-65534'
      drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c:3286 ice_set_vf_link_state() warn: can 'vf_id' underflow 's32min-65534'
      drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:3919 i40e_validate_vf() warn: can 'vf_id' underflow 's32min-2147483646'
      drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:3957 i40e_ndo_set_vf_mac() warn: can 'vf_id' underflow 's32min-2147483646'
      drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:4104 i40e_ndo_set_vf_port_vlan() warn: can 'vf_id' underflow 's32min-2147483646'
      drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:4263 i40e_ndo_set_vf_bw() warn: can 'vf_id' underflow 's32min-2147483646'
      drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:4309 i40e_ndo_get_vf_config() warn: can 'vf_id' underflow 's32min-2147483646'
      drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:4371 i40e_ndo_set_vf_link_state() warn: can 'vf_id' underflow 's32min-2147483646'
      drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:4441 i40e_ndo_set_vf_spoofchk() warn: can 'vf_id' underflow 's32min-2147483646'
      drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:4441 i40e_ndo_set_vf_spoofchk() warn: can 'vf_id' underflow 's32min-2147483646'
      drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:4504 i40e_ndo_set_vf_trust() warn: can 'vf_id' underflow 's32min-2147483646'
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ff08ddba
    • Linus Torvalds's avatar
      Merge tag 'pm-5.4-final' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · a6b0373f
      Linus Torvalds authored
      Pull power management regression fix from Rafael Wysocki:
       "Fix problems with switching cpufreq drivers on some x86 systems with
        ACPI (and with changing the operation modes of the intel_pstate driver
        on those systems) introduced by recent changes related to the
        management of frequency limits in cpufreq"
      
      * tag 'pm-5.4-final' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        PM: QoS: Invalidate frequency QoS requests after removal
      a6b0373f
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2019-11-22' of git://anongit.freedesktop.org/drm/drm · 5d867ab0
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Two sets of fixes in here, one for amdgpu, and one for i915.
      
        The amdgpu ones are pretty small, i915's CI system seems to have a few
        problems in the last week or so, there is one major regression fix for
        fb_mmap, but there are a bunch of other issues fixed in there as well,
        oops, screen flashes and rcu related.
      
        amdgpu:
         - Remove experimental flag for navi14
         - Fix confusing power message failures on older VI parts
         - Hang fix for gfxoff when using the read register interface
         - Two stability regression fixes for Raven
      
        i915:
         - Fix kernel oops on dumb_create ioctl on no crtc situation
         - Fix bad ugly colored flash on VLV/CHV related to gamma LUT update
         - Fix unity of the frequencies reported on PMU
         - Fix kernel oops on set_page_dirty using better locks around it
         - Protect the request pointer with RCU to prevent it being freed
           while we might need still
         - Make pool objects read-only
         - Restore physical addresses for fb_map to avoid corrupted page
           table"
      
      * tag 'drm-fixes-2019-11-22' of git://anongit.freedesktop.org/drm/drm:
        drm/i915/fbdev: Restore physical addresses for fb_mmap()
        Revert "drm/amd/display: enable S/G for RAVEN chip"
        drm/amdgpu: disable gfxoff on original raven
        drm/amdgpu: disable gfxoff when using register read interface
        drm/amd/powerplay: correct fine grained dpm force level setting
        drm/amd/powerplay: issue no PPSMC_MSG_GetCurrPkgPwr on unsupported ASICs
        drm/amdgpu: remove experimental flag for Navi14
        drm/i915: make pool objects read-only
        drm/i915: Protect request peeking with RCU
        drm/i915/userptr: Try to acquire the page lock around set_page_dirty()
        drm/i915/pmu: "Frequency" is reported as accumulated cycles
        drm/i915: Preload LUTs if the hw isn't currently using them
        drm/i915: Don't oops in dumb_create ioctl if we have no crtcs
      5d867ab0
    • Andrey Ryabinin's avatar
      mm/ksm.c: don't WARN if page is still mapped in remove_stable_node() · 9a63236f
      Andrey Ryabinin authored
      It's possible to hit the WARN_ON_ONCE(page_mapped(page)) in
      remove_stable_node() when it races with __mmput() and squeezes in
      between ksm_exit() and exit_mmap().
      
        WARNING: CPU: 0 PID: 3295 at mm/ksm.c:888 remove_stable_node+0x10c/0x150
      
        Call Trace:
         remove_all_stable_nodes+0x12b/0x330
         run_store+0x4ef/0x7b0
         kernfs_fop_write+0x200/0x420
         vfs_write+0x154/0x450
         ksys_write+0xf9/0x1d0
         do_syscall_64+0x99/0x510
         entry_SYSCALL_64_after_hwframe+0x49/0xbe
      
      Remove the warning as there is nothing scary going on.
      
      Link: http://lkml.kernel.org/r/20191119131850.5675-1-aryabinin@virtuozzo.com
      Fixes: cbf86cfe ("ksm: remove old stable nodes more thoroughly")
      Signed-off-by: default avatarAndrey Ryabinin <aryabinin@virtuozzo.com>
      Acked-by: default avatarHugh Dickins <hughd@google.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9a63236f
    • David Hildenbrand's avatar
      mm/memory_hotplug: don't access uninitialized memmaps in shrink_zone_span() · 7ce700bf
      David Hildenbrand authored
      Let's limit shrinking to !ZONE_DEVICE so we can fix the current code.
      We should never try to touch the memmap of offline sections where we
      could have uninitialized memmaps and could trigger BUGs when calling
      page_to_nid() on poisoned pages.
      
      There is no reliable way to distinguish an uninitialized memmap from an
      initialized memmap that belongs to ZONE_DEVICE, as we don't have
      anything like SECTION_IS_ONLINE we can use similar to
      pfn_to_online_section() for !ZONE_DEVICE memory.
      
      E.g., set_zone_contiguous() similarly relies on pfn_to_online_section()
      and will therefore never set a ZONE_DEVICE zone consecutive.  Stopping
      to shrink the ZONE_DEVICE therefore results in no observable changes,
      besides /proc/zoneinfo indicating different boundaries - something we
      can totally live with.
      
      Before commit d0dc12e8 ("mm/memory_hotplug: optimize memory
      hotplug"), the memmap was initialized with 0 and the node with the right
      value.  So the zone might be wrong but not garbage.  After that commit,
      both the zone and the node will be garbage when touching uninitialized
      memmaps.
      
      Toshiki reported a BUG (race between delayed initialization of
      ZONE_DEVICE memmaps without holding the memory hotplug lock and
      concurrent zone shrinking).
      
        https://lkml.org/lkml/2019/11/14/1040
      
      "Iteration of create and destroy namespace causes the panic as below:
      
            kernel BUG at mm/page_alloc.c:535!
            CPU: 7 PID: 2766 Comm: ndctl Not tainted 5.4.0-rc4 #6
            Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org 04/01/2014
            RIP: 0010:set_pfnblock_flags_mask+0x95/0xf0
            Call Trace:
             memmap_init_zone_device+0x165/0x17c
             memremap_pages+0x4c1/0x540
             devm_memremap_pages+0x1d/0x60
             pmem_attach_disk+0x16b/0x600 [nd_pmem]
             nvdimm_bus_probe+0x69/0x1c0
             really_probe+0x1c2/0x3e0
             driver_probe_device+0xb4/0x100
             device_driver_attach+0x4f/0x60
             bind_store+0xc9/0x110
             kernfs_fop_write+0x116/0x190
             vfs_write+0xa5/0x1a0
             ksys_write+0x59/0xd0
             do_syscall_64+0x5b/0x180
             entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
        While creating a namespace and initializing memmap, if you destroy the
        namespace and shrink the zone, it will initialize the memmap outside
        the zone and trigger VM_BUG_ON_PAGE(!zone_spans_pfn(page_zone(page),
        pfn), page) in set_pfnblock_flags_mask()."
      
      This BUG is also mitigated by this commit, where we for now stop to
      shrink the ZONE_DEVICE zone until we can do it in a safe and clean way.
      
      Link: http://lkml.kernel.org/r/20191006085646.5768-5-david@redhat.com
      Fixes: f1dd2cd1 ("mm, memory_hotplug: do not associate hotadded memory to zones until online")	[visible after d0dc12e8]
      Signed-off-by: default avatarDavid Hildenbrand <david@redhat.com>
      Reported-by: default avatarAneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
      Reported-by: default avatarToshiki Fukasawa <t-fukasawa@vx.jp.nec.com>
      Cc: Oscar Salvador <osalvador@suse.de>
      Cc: David Hildenbrand <david@redhat.com>
      Cc: Michal Hocko <mhocko@suse.com>
      Cc: Pavel Tatashin <pasha.tatashin@soleen.com>
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: Alexander Duyck <alexander.h.duyck@linux.intel.com>
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Anshuman Khandual <anshuman.khandual@arm.com>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Christian Borntraeger <borntraeger@de.ibm.com>
      Cc: Christophe Leroy <christophe.leroy@c-s.fr>
      Cc: Damian Tometzki <damian.tometzki@gmail.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: Gerald Schaefer <gerald.schaefer@de.ibm.com>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: Halil Pasic <pasic@linux.ibm.com>
      Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Ira Weiny <ira.weiny@intel.com>
      Cc: Jason Gunthorpe <jgg@ziepe.ca>
      Cc: Jun Yao <yaojun8558363@gmail.com>
      Cc: Logan Gunthorpe <logang@deltatee.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
      Cc: "Matthew Wilcox (Oracle)" <willy@infradead.org>
      Cc: Mel Gorman <mgorman@techsingularity.net>
      Cc: Michael Ellerman <mpe@ellerman.id.au>
      Cc: Mike Rapoport <rppt@linux.ibm.com>
      Cc: Pankaj Gupta <pagupta@redhat.com>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Pavel Tatashin <pavel.tatashin@microsoft.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Qian Cai <cai@lca.pw>
      Cc: Rich Felker <dalias@libc.org>
      Cc: Robin Murphy <robin.murphy@arm.com>
      Cc: Steve Capper <steve.capper@arm.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: Vasily Gorbik <gor@linux.ibm.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: Wei Yang <richard.weiyang@gmail.com>
      Cc: Wei Yang <richardw.yang@linux.intel.com>
      Cc: Will Deacon <will@kernel.org>
      Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
      Cc: Yu Zhao <yuzhao@google.com>
      Cc: <stable@vger.kernel.org>	[4.13+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      7ce700bf
    • Joseph Qi's avatar
      Revert "fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()" · 94b07b6f
      Joseph Qi authored
      This reverts commit 56e94ea1.
      
      Commit 56e94ea1 ("fs: ocfs2: fix possible null-pointer dereferences
      in ocfs2_xa_prepare_entry()") introduces a regression that fail to
      create directory with mount option user_xattr and acl.  Actually the
      reported NULL pointer dereference case can be correctly handled by
      loc->xl_ops->xlo_add_entry(), so revert it.
      
      Link: http://lkml.kernel.org/r/1573624916-83825-1-git-send-email-joseph.qi@linux.alibaba.com
      Fixes: 56e94ea1 ("fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()")
      Signed-off-by: default avatarJoseph Qi <joseph.qi@linux.alibaba.com>
      Reported-by: default avatarThomas Voegtle <tv@lio96.de>
      Acked-by: default avatarChangwei Ge <gechangwei@live.cn>
      Cc: Jia-Ju Bai <baijiaju1990@gmail.com>
      Cc: Mark Fasheh <mark@fasheh.com>
      Cc: Joel Becker <jlbec@evilplan.org>
      Cc: Junxiao Bi <junxiao.bi@oracle.com>
      Cc: Gang He <ghe@suse.com>
      Cc: Jun Piao <piaojun@huawei.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      94b07b6f
    • Pankaj Sharma's avatar
      can: m_can_platform: remove unnecessary m_can_class_resume() call · 0704c574
      Pankaj Sharma authored
      The function m_can_runtime_resume() is getting recursively called from
      m_can_class_resume(). This results in a lock up.
      
      We need not call m_can_class_resume() during m_can_runtime_resume().
      
      Fixes: f524f829 ("can: m_can: Create a m_can platform framework")
      Signed-off-by: default avatarPankaj Sharma <pankj.sharma@samsung.com>
      Signed-off-by: default avatarSriram Dash <sriram.dash@samsung.com>
      Acked-by: default avatarDan Murphy <dmurphy@ti.com>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      0704c574
    • Pankaj Sharma's avatar
      can: m_can_platform: set net_device structure as driver data · 2ea87249
      Pankaj Sharma authored
      The current code is failing during clock prepare enable because of not
      getting proper clock from platform device.
      
      [    0.852089] Call trace:
      [    0.854516]  0xffff0000fa22a668
      [    0.857638]  clk_prepare+0x20/0x34
      [    0.861019]  m_can_runtime_resume+0x2c/0xe4
      [    0.865180]  pm_generic_runtime_resume+0x28/0x38
      [    0.869770]  __rpm_callback+0x16c/0x1bc
      [    0.873583]  rpm_callback+0x24/0x78
      [    0.877050]  rpm_resume+0x428/0x560
      [    0.880517]  __pm_runtime_resume+0x7c/0xa8
      [    0.884593]  m_can_clk_start.isra.9.part.10+0x1c/0xa8
      [    0.889618]  m_can_class_register+0x138/0x370
      [    0.893950]  m_can_plat_probe+0x120/0x170
      [    0.897939]  platform_drv_probe+0x4c/0xa0
      [    0.901924]  really_probe+0xd8/0x31c
      [    0.905477]  driver_probe_device+0x58/0xe8
      [    0.909551]  device_driver_attach+0x68/0x70
      [    0.913711]  __driver_attach+0x9c/0xf8
      [    0.917437]  bus_for_each_dev+0x50/0xa0
      [    0.921251]  driver_attach+0x20/0x28
      [    0.924804]  bus_add_driver+0x148/0x1fc
      [    0.928617]  driver_register+0x6c/0x124
      [    0.932431]  __platform_driver_register+0x48/0x50
      [    0.937113]  m_can_plat_driver_init+0x18/0x20
      [    0.941446]  do_one_initcall+0x4c/0x19c
      [    0.945259]  kernel_init_freeable+0x1d0/0x280
      [    0.949591]  kernel_init+0x10/0x100
      [    0.953057]  ret_from_fork+0x10/0x18
      [    0.956614] Code: 00000000 00000000 00000000 00000000 (fa22a668)
      [    0.962681] ---[ end trace 881f71bd609de763 ]---
      [    0.967301] Kernel panic - not syncing: Attempted to kill init!
      
      A device driver for CAN controller hardware registers itself with the
      Linux network layer as a network device. So, the driver data for m_can
      should ideally be of type net_device.
      
      Fixes: f524f829 ("can: m_can: Create a m_can platform framework")
      Signed-off-by: default avatarPankaj Sharma <pankj.sharma@samsung.com>
      Signed-off-by: default avatarSriram Dash <sriram.dash@samsung.com>
      Acked-by: default avatarDan Murphy <dmurphy@ti.com>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      2ea87249
    • David S. Miller's avatar
      Merge branch 'hv_netvsc-Fix-send-indirection-table-offset' · d814b67e
      David S. Miller authored
      Haiyang Zhang says:
      
      ====================
      hv_netvsc: Fix send indirection table offset
      
      Fix send indirection table offset issues related to guest and
      host bugs.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d814b67e
    • Haiyang Zhang's avatar
      hv_netvsc: Fix send_table offset in case of a host bug · 171c1fd9
      Haiyang Zhang authored
      If negotiated NVSP version <= NVSP_PROTOCOL_VERSION_6, the offset may
      be wrong (too small) due to a host bug. This can cause missing the
      end of the send indirection table, and add multiple zero entries from
      leading zeros before the data region. This bug adds extra burden on
      channel 0.
      
      So fix the offset by computing it from the data structure sizes. This
      will ensure netvsc driver runs normally on unfixed hosts, and future
      fixed hosts.
      
      Fixes: 5b54dac8 ("hyperv: Add support for virtual Receive Side Scaling (vRSS)")
      Signed-off-by: default avatarHaiyang Zhang <haiyangz@microsoft.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      171c1fd9
    • Haiyang Zhang's avatar
      hv_netvsc: Fix offset usage in netvsc_send_table() · 71f21959
      Haiyang Zhang authored
      To reach the data region, the existing code adds offset in struct
      nvsp_5_send_indirect_table on the beginning of this struct. But the
      offset should be based on the beginning of its container,
      struct nvsp_message. This bug causes the first table entry missing,
      and adds an extra zero from the zero pad after the data region.
      This can put extra burden on the channel 0.
      
      So, correct the offset usage. Also add a boundary check to ensure
      not reading beyond data region.
      
      Fixes: 5b54dac8 ("hyperv: Add support for virtual Receive Side Scaling (vRSS)")
      Signed-off-by: default avatarHaiyang Zhang <haiyangz@microsoft.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      71f21959
    • Maciej Żenczykowski's avatar
      net-ipv6: IPV6_TRANSPARENT - check NET_RAW prior to NET_ADMIN · 35fc59c9
      Maciej Żenczykowski authored
      NET_RAW is less dangerous, so more likely to be available to a process,
      so check it first to prevent some spurious logging.
      
      This matches IP_TRANSPARENT which checks NET_RAW first.
      Signed-off-by: default avatarMaciej Żenczykowski <maze@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      35fc59c9
    • Dave Airlie's avatar
      Merge tag 'drm-intel-fixes-2019-11-21' of... · 51658c04
      Dave Airlie authored
      Merge tag 'drm-intel-fixes-2019-11-21' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
      
      - Fix kernel oops on dumb_create ioctl on no crtc situation
      - Fix bad ugly colored flash on VLV/CHV related to gamma LUT update
      - Fix unity of the frequencies reported on PMU
      - Fix kernel oops on set_page_dirty using better locks around it
      - Protect the request pointer with RCU to prevent it being freed while we might need still
      - Make pool objects read-only
      - Restore physical addresses for fb_map to avoid corrupted page table
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Rodrigo Vivi <rodrigo.vivi@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20191121165339.GA23920@intel.com
      51658c04
  5. 21 Nov, 2019 9 commits
  6. 20 Nov, 2019 1 commit