1. 05 Mar, 2019 34 commits
    • Bob Copeland's avatar
      mac80211: fix miscounting of ttl-dropped frames · a2887f6f
      Bob Copeland authored
      [ Upstream commit a0dc0203 ]
      
      In ieee80211_rx_h_mesh_fwding, we increment the 'dropped_frames_ttl'
      counter when we decrement the ttl to zero.  For unicast frames
      destined for other hosts, we stop processing the frame at that point.
      
      For multicast frames, we do not rebroadcast it in this case, but we
      do pass the frame up the stack to process it on this STA.  That
      doesn't match the usual definition of "dropped," so don't count
      those as such.
      
      With this change, something like `ping6 -i0.2 ff02::1%mesh0` from a
      peer in a ttl=1 network no longer increments the counter rapidly.
      Signed-off-by: default avatarBob Copeland <bobcopeland@fb.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      a2887f6f
    • Nathan Chancellor's avatar
      staging: rtl8723bs: Fix build error with Clang when inlining is disabled · bbc300c8
      Nathan Chancellor authored
      [ Upstream commit 97715058 ]
      
      When CONFIG_NO_AUTO_INLINE was present in linux-next (which added
      '-fno-inline-functions' to KBUILD_CFLAGS), an allyesconfig build with
      Clang failed at the modpost stage:
      
      ERROR: "is_broadcast_mac_addr" [drivers/staging/rtl8723bs/r8723bs.ko] undefined!
      ERROR: "is_zero_mac_addr" [drivers/staging/rtl8723bs/r8723bs.ko] undefined!
      ERROR: "is_multicast_mac_addr" [drivers/staging/rtl8723bs/r8723bs.ko] undefined!
      
      These functions were marked as extern inline, meaning that if inlining
      doesn't happen, the function will be undefined, as it is above.
      
      This happens to work with GCC because the '-fno-inline-functions' option
      respects the __inline attribute so all instances of these functions are
      inlined as expected and the definition doesn't actually matter. However,
      with Clang and '-fno-inline-functions', a function has to be marked with
      the __always_inline attribute to be considered for inlining, which none
      of these functions are. Clang tries to find the symbol definition
      elsewhere as it was told and fails, which trickles down to modpost.
      
      To make sure that this code compiles regardless of compiler and make the
      intention of the code clearer, use 'static' to ensure these functions
      are always defined, regardless of inlining. Additionally, silence a
      checkpatch warning by switching from '__inline' to 'inline'.
      Signed-off-by: default avatarNathan Chancellor <natechancellor@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      bbc300c8
    • Aaron Hill's avatar
      drivers: thermal: int340x_thermal: Fix sysfs race condition · a99e0377
      Aaron Hill authored
      [ Upstream commit 129699bb ]
      
      Changes since V1:
      * Use dev_info instead of printk
      * Use dev_warn instead of BUG_ON
      
      Previously, sysfs_create_group was called before all initialization had
      fully run - specifically, before pci_set_drvdata was called. Since the
      sysctl group is visible to userspace as soon as sysfs_create_group
      returns, a small window of time existed during which a process could read
      from an uninitialized/partially-initialized device.
      
      This commit moves the creation of the sysctl group to after all
      initialized is completed. This ensures that it's impossible for
      userspace to read from a sysctl file before initialization has fully
      completed.
      
      To catch any future regressions, I've added a check to ensure
      that proc_thermal_emum_mode is never PROC_THERMAL_NONE when a process
      tries to read from a sysctl file. Previously, the aforementioned race
      condition could result in the 'else' branch
      running while PROC_THERMAL_NONE was set,
      leading to a null pointer deference.
      Signed-off-by: default avatarAaron Hill <aa1ronham@gmail.com>
      Signed-off-by: default avatarZhang Rui <rui.zhang@intel.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      a99e0377
    • Vineet Gupta's avatar
      ARC: show_regs: lockdep: avoid page allocator... · 4749ffdf
      Vineet Gupta authored
      [ Upstream commit ab6c0367 ]
      
      and use smaller/on-stack buffer instead
      
      The motivation for this change was lockdep splat like below.
      
      | potentially unexpected fatal signal 11.
      | BUG: sleeping function called from invalid context at ../mm/page_alloc.c:4317
      | in_atomic(): 1, irqs_disabled(): 0, pid: 57, name: segv
      | no locks held by segv/57.
      | Preemption disabled at:
      | [<8182f17e>] get_signal+0x4a6/0x7c4
      | CPU: 0 PID: 57 Comm: segv Not tainted 4.17.0+ #23
      |
      | Stack Trace:
      |  arc_unwind_core.constprop.1+0xd0/0xf4
      |  __might_sleep+0x1f6/0x234
      |  __get_free_pages+0x174/0xca0
      |  show_regs+0x22/0x330
      |  get_signal+0x4ac/0x7c4     # print_fatal_signals() -> preempt_disable()
      |  do_signal+0x30/0x224
      |  resume_user_mode_begin+0x90/0xd8
      
      So signal handling core calls show_regs() with preemption disabled but
      an ensuing GFP_KERNEL page allocator call is flagged by lockdep.
      
      We could have switched to GFP_NOWAIT, but turns out that is not enough
      anways and eliding page allocator call leads to less code and
      instruction traces to sift thru when debugging pesky crashes.
      
      FWIW, this patch doesn't cure the lockdep splat (which next patch does).
      Reviewed-by: default avatarWilliam Kucharski <william.kucharski@oracle.com>
      Signed-off-by: default avatarVineet Gupta <vgupta@synopsys.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      4749ffdf
    • Eugeniy Paltsev's avatar
      ARC: fix __ffs return value to avoid build warnings · 4e34dd37
      Eugeniy Paltsev authored
      [ Upstream commit 4e868f84 ]
      
      |  CC      mm/nobootmem.o
      |In file included from ./include/asm-generic/bug.h:18:0,
      |                 from ./arch/arc/include/asm/bug.h:32,
      |                 from ./include/linux/bug.h:5,
      |                 from ./include/linux/mmdebug.h:5,
      |                 from ./include/linux/gfp.h:5,
      |                 from ./include/linux/slab.h:15,
      |                 from mm/nobootmem.c:14:
      |mm/nobootmem.c: In function '__free_pages_memory':
      |./include/linux/kernel.h:845:29: warning: comparison of distinct pointer types lacks a cast
      |   (!!(sizeof((typeof(x) *)1 == (typeof(y) *)1)))
      |                             ^
      |./include/linux/kernel.h:859:4: note: in expansion of macro '__typecheck'
      |   (__typecheck(x, y) && __no_side_effects(x, y))
      |    ^~~~~~~~~~~
      |./include/linux/kernel.h:869:24: note: in expansion of macro '__safe_cmp'
      |  __builtin_choose_expr(__safe_cmp(x, y), \
      |                        ^~~~~~~~~~
      |./include/linux/kernel.h:878:19: note: in expansion of macro '__careful_cmp'
      | #define min(x, y) __careful_cmp(x, y, <)
      |                   ^~~~~~~~~~~~~
      |mm/nobootmem.c:104:11: note: in expansion of macro 'min'
      |   order = min(MAX_ORDER - 1UL, __ffs(start));
      
      Change __ffs return value from 'int' to 'unsigned long' as it
      is done in other implementations (like asm-generic, x86, etc...)
      to avoid build-time warnings in places where type is strictly
      checked.
      
      As __ffs may return values in [0-31] interval changing return
      type to unsigned is valid.
      Signed-off-by: default avatarEugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
      Signed-off-by: default avatarVineet Gupta <vgupta@synopsys.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      4e34dd37
    • Yang Yingliang's avatar
      irqchip/gic-v3-mbi: Fix uninitialized mbi_lock · 0655618d
      Yang Yingliang authored
      [ Upstream commit c530bb8a ]
      
      The mbi_lock mutex is left uninitialized, so let's use DEFINE_MUTEX
      to initialize it statically.
      
      Fixes: 50528752 ("irqchip/gic-v3: Add support for Message Based Interrupts as an MSI controller")
      Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
      Signed-off-by: default avatarMarc Zyngier <marc.zyngier@arm.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      0655618d
    • Geert Uytterhoeven's avatar
      selftests: gpio-mockup-chardev: Check asprintf() for error · f352e84e
      Geert Uytterhoeven authored
      [ Upstream commit 508cacd7 ]
      
      With gcc 7.3.0:
      
          gpio-mockup-chardev.c: In function ‘get_debugfs’:
          gpio-mockup-chardev.c:62:3: warning: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Wunused-result]
             asprintf(path, "%s/gpio", mnt_fs_get_target(fs));
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Handle asprintf() failures to fix this.
      Signed-off-by: default avatarGeert Uytterhoeven <geert+renesas@glider.be>
      Signed-off-by: default avatarShuah Khan <shuah@kernel.org>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      f352e84e
    • Fathi Boudra's avatar
      selftests: seccomp: use LDLIBS instead of LDFLAGS · 357d9c7a
      Fathi Boudra authored
      [ Upstream commit 5bbc73a8 ]
      
      seccomp_bpf fails to build due to undefined reference errors:
      
       aarch64-linaro-linux-gcc --sysroot=/build/tmp-rpb-glibc/sysroots/hikey
       -O2 -pipe -g -feliminate-unused-debug-types -Wl,-no-as-needed -Wall
       -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -lpthread seccomp_bpf.c -o
       /build/tmp-rpb-glibc/work/hikey-linaro-linux/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf
       /tmp/ccrlR3MW.o: In function `tsync_sibling':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1920: undefined reference to `sem_post'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1920: undefined reference to `sem_post'
       /tmp/ccrlR3MW.o: In function `TSYNC_setup':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1863: undefined reference to `sem_init'
       /tmp/ccrlR3MW.o: In function `TSYNC_teardown':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1904: undefined reference to `sem_destroy'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1897: undefined reference to `pthread_kill'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1898: undefined reference to `pthread_cancel'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1899: undefined reference to `pthread_join'
       /tmp/ccrlR3MW.o: In function `tsync_start_sibling':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
       /tmp/ccrlR3MW.o: In function `TSYNC_siblings_fail_prctl':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1978: undefined reference to `sem_wait'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1990: undefined reference to `pthread_join'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1992: undefined reference to `pthread_join'
       /tmp/ccrlR3MW.o: In function `tsync_start_sibling':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
       /tmp/ccrlR3MW.o: In function `TSYNC_two_siblings_with_ancestor':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2016: undefined reference to `sem_wait'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2032: undefined reference to `pthread_join'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2034: undefined reference to `pthread_join'
       /tmp/ccrlR3MW.o: In function `tsync_start_sibling':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
       /tmp/ccrlR3MW.o: In function `TSYNC_two_sibling_want_nnp':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2046: undefined reference to `sem_wait'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2058: undefined reference to `pthread_join'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2060: undefined reference to `pthread_join'
       /tmp/ccrlR3MW.o: In function `tsync_start_sibling':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
       /tmp/ccrlR3MW.o: In function `TSYNC_two_siblings_with_no_filter':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2073: undefined reference to `sem_wait'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2098: undefined reference to `pthread_join'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2100: undefined reference to `pthread_join'
       /tmp/ccrlR3MW.o: In function `tsync_start_sibling':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
       /tmp/ccrlR3MW.o: In function `TSYNC_two_siblings_with_one_divergence':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2125: undefined reference to `sem_wait'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2143: undefined reference to `pthread_join'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2145: undefined reference to `pthread_join'
       /tmp/ccrlR3MW.o: In function `tsync_start_sibling':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
       /tmp/ccrlR3MW.o: In function `TSYNC_two_siblings_not_under_filter':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2169: undefined reference to `sem_wait'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2202: undefined reference to `pthread_join'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2227: undefined reference to `pthread_join'
       /tmp/ccrlR3MW.o: In function `tsync_start_sibling':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
      
      It's GNU Make and linker specific.
      
      The default Makefile rule looks like:
      
      $(CC) $(CFLAGS) $(LDFLAGS) $@ $^ $(LDLIBS)
      
      When linking is done by gcc itself, no issue, but when it needs to be passed
      to proper ld, only LDLIBS follows and then ld cannot know what libs to link
      with.
      
      More detail:
      https://www.gnu.org/software/make/manual/html_node/Implicit-Variables.html
      
      LDFLAGS
      Extra flags to give to compilers when they are supposed to invoke the linker,
      ‘ld’, such as -L. Libraries (-lfoo) should be added to the LDLIBS variable
      instead.
      
      LDLIBS
      Library flags or names given to compilers when they are supposed to invoke the
      linker, ‘ld’. LOADLIBES is a deprecated (but still supported) alternative to
      LDLIBS. Non-library linker flags, such as -L, should go in the LDFLAGS
      variable.
      
      https://lkml.org/lkml/2010/2/10/362
      
      tools/perf: libraries must come after objects
      
      Link order matters, use LDLIBS instead of LDFLAGS to properly link against
      libpthread.
      Signed-off-by: default avatarFathi Boudra <fathi.boudra@linaro.org>
      Acked-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarShuah Khan <shuah@kernel.org>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      357d9c7a
    • Alban Bedel's avatar
      phy: ath79-usb: Fix the main reset name to match the DT binding · eecde0a0
      Alban Bedel authored
      [ Upstream commit 827cb032 ]
      
      I submitted this driver several times before it got accepted. The
      first series hasn't been accepted but the DTS binding did made it.
      I then made a second series that added generic reset support to the
      PHY core, this in turn required a change to the DT binding. This
      second series seemed to have been ignored, so I did a third one
      without the change to the PHY core and the DT binding update, and this
      last attempt finally made it.
      
      But two months later the DT binding update from the second series has
      been integrated too. So now the driver doesn't match the binding and
      the only DTS using it. This patch fix the driver to match the new
      binding.
      Signed-off-by: default avatarAlban Bedel <albeu@free.fr>
      Signed-off-by: default avatarKishon Vijay Abraham I <kishon@ti.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      eecde0a0
    • Alban Bedel's avatar
      phy: ath79-usb: Fix the power on error path · e55af638
      Alban Bedel authored
      [ Upstream commit 00980815 ]
      
      In the power on function the error path doesn't return the suspend
      override to its proper state. It should should deassert this reset
      line to enable the suspend override.
      Signed-off-by: default avatarAlban Bedel <albeu@free.fr>
      Signed-off-by: default avatarKishon Vijay Abraham I <kishon@ti.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      e55af638
    • Alison Schofield's avatar
      selftests/vm/gup_benchmark.c: match gup struct to kernel · fc8176da
      Alison Schofield authored
      [ Upstream commit 91cd63d3 ]
      
      An expansion field was added to the kernel copy of this structure for
      future use. See mm/gup_benchmark.c.
      
      Add the same expansion field here, so that the IOCTL command decodes
      correctly. Otherwise, it fails with EINVAL.
      Signed-off-by: default avatarAlison Schofield <alison.schofield@intel.com>
      Acked-by: default avatarKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Signed-off-by: default avatarShuah Khan <shuah@kernel.org>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      fc8176da
    • Silvio Cesare's avatar
      ASoC: imx-audmux: change snprintf to scnprintf for possible overflow · 7bba7aff
      Silvio Cesare authored
      [ Upstream commit c407cd00 ]
      
      Change snprintf to scnprintf. There are generally two cases where using
      snprintf causes problems.
      
      1) Uses of size += snprintf(buf, SIZE - size, fmt, ...)
      In this case, if snprintf would have written more characters than what the
      buffer size (SIZE) is, then size will end up larger than SIZE. In later
      uses of snprintf, SIZE - size will result in a negative number, leading
      to problems. Note that size might already be too large by using
      size = snprintf before the code reaches a case of size += snprintf.
      
      2) If size is ultimately used as a length parameter for a copy back to user
      space, then it will potentially allow for a buffer overflow and information
      disclosure when size is greater than SIZE. When the size is used to index
      the buffer directly, we can have memory corruption. This also means when
      size = snprintf... is used, it may also cause problems since size may become
      large.  Copying to userspace is mitigated by the HARDENED_USERCOPY kernel
      configuration.
      
      The solution to these issues is to use scnprintf which returns the number of
      characters actually written to the buffer, so the size variable will never
      exceed SIZE.
      Signed-off-by: default avatarSilvio Cesare <silvio.cesare@gmail.com>
      Cc: Timur Tabi <timur@kernel.org>
      Cc: Nicolin Chen <nicoleotsuka@gmail.com>
      Cc: Mark Brown <broonie@kernel.org>
      Cc: Xiubo Li <Xiubo.Lee@gmail.com>
      Cc: Fabio Estevam <fabio.estevam@nxp.com>
      Cc: Dan Carpenter <dan.carpenter@oracle.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: Greg KH <greg@kroah.com>
      Signed-off-by: default avatarWilly Tarreau <w@1wt.eu>
      Acked-by: default avatarNicolin Chen <nicoleotsuka@gmail.com>
      Reviewed-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      7bba7aff
    • Silvio Cesare's avatar
      ASoC: dapm: change snprintf to scnprintf for possible overflow · 9500ecb9
      Silvio Cesare authored
      [ Upstream commit e581e151 ]
      
      Change snprintf to scnprintf. There are generally two cases where using
      snprintf causes problems.
      
      1) Uses of size += snprintf(buf, SIZE - size, fmt, ...)
      In this case, if snprintf would have written more characters than what the
      buffer size (SIZE) is, then size will end up larger than SIZE. In later
      uses of snprintf, SIZE - size will result in a negative number, leading
      to problems. Note that size might already be too large by using
      size = snprintf before the code reaches a case of size += snprintf.
      
      2) If size is ultimately used as a length parameter for a copy back to user
      space, then it will potentially allow for a buffer overflow and information
      disclosure when size is greater than SIZE. When the size is used to index
      the buffer directly, we can have memory corruption. This also means when
      size = snprintf... is used, it may also cause problems since size may become
      large.  Copying to userspace is mitigated by the HARDENED_USERCOPY kernel
      configuration.
      
      The solution to these issues is to use scnprintf which returns the number of
      characters actually written to the buffer, so the size variable will never
      exceed SIZE.
      Signed-off-by: default avatarSilvio Cesare <silvio.cesare@gmail.com>
      Cc: Liam Girdwood <lgirdwood@gmail.com>
      Cc: Mark Brown <broonie@kernel.org>
      Cc: Dan Carpenter <dan.carpenter@oracle.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: Greg KH <greg@kroah.com>
      Signed-off-by: default avatarWilly Tarreau <w@1wt.eu>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      9500ecb9
    • Shuming Fan's avatar
      ASoC: rt5682: Fix PLL source register definitions · 375a9673
      Shuming Fan authored
      [ Upstream commit ee7ea2a9 ]
      
      Fix typo which causes headphone no sound while using BCLK
      as PLL source.
      Signed-off-by: default avatarShuming Fan <shumingf@realtek.com>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      375a9673
    • Peng Hao's avatar
      x86/mm/mem_encrypt: Fix erroneous sizeof() · 7ff77864
      Peng Hao authored
      [ Upstream commit bf7d28c5 ]
      
      Using sizeof(pointer) for determining the size of a memset() only works
      when the size of the pointer and the size of type to which it points are
      the same. For pte_t this is only true for 64bit and 32bit-NONPAE. On 32bit
      PAE systems this is wrong as the pointer size is 4 byte but the PTE entry
      is 8 bytes. It's actually not a real world issue as this code depends on
      64bit, but it's wrong nevertheless.
      
      Use sizeof(*p) for correctness sake.
      
      Fixes: aad98391 ("x86/mm/encrypt: Simplify sme_populate_pgd() and sme_populate_pgd_large()")
      Signed-off-by: default avatarPeng Hao <peng.hao2@zte.com.cn>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: dave.hansen@linux.intel.com
      Cc: peterz@infradead.org
      Cc: luto@kernel.org
      Link: https://lkml.kernel.org/r/1546065252-97996-1-git-send-email-peng.hao2@zte.com.cnSigned-off-by: default avatarSasha Levin <sashal@kernel.org>
      7ff77864
    • Srinivas Ramana's avatar
      genirq: Make sure the initial affinity is not empty · 17fab891
      Srinivas Ramana authored
      [ Upstream commit bddda606 ]
      
      If all CPUs in the irq_default_affinity mask are offline when an interrupt
      is initialized then irq_setup_affinity() can set an empty affinity mask for
      a newly allocated interrupt.
      
      Fix this by falling back to cpu_online_mask in case the resulting affinity
      mask is zero.
      Signed-off-by: default avatarSrinivas Ramana <sramana@codeaurora.org>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: linux-arm-msm@vger.kernel.org
      Link: https://lkml.kernel.org/r/1545312957-8504-1-git-send-email-sramana@codeaurora.orgSigned-off-by: default avatarSasha Levin <sashal@kernel.org>
      17fab891
    • Alexandre Belloni's avatar
      selftests: rtc: rtctest: add alarm test on minute boundary · 7746dd64
      Alexandre Belloni authored
      [ Upstream commit 7b302772 ]
      
      Unfortunately, some RTC don't have a second resolution for alarm so also
      test for alarm on a minute boundary.
      Signed-off-by: default avatarAlexandre Belloni <alexandre.belloni@bootlin.com>
      Signed-off-by: default avatarShuah Khan <shuah@kernel.org>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      7746dd64
    • Alexandre Belloni's avatar
      selftests: rtc: rtctest: fix alarm tests · 2409a869
      Alexandre Belloni authored
      [ Upstream commit fdac9448 ]
      
      Return values for select are not checked properly and timeouts may not be
      detected.
      Signed-off-by: default avatarAlexandre Belloni <alexandre.belloni@bootlin.com>
      Signed-off-by: default avatarShuah Khan <shuah@kernel.org>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      2409a869
    • Dan Carpenter's avatar
      usb: gadget: Potential NULL dereference on allocation error · 4670e839
      Dan Carpenter authored
      [ Upstream commit df28169e ]
      
      The source_sink_alloc_func() function is supposed to return error
      pointers on error.  The function is called from usb_get_function() which
      doesn't check for NULL returns so it would result in an Oops.
      
      Of course, in the current kernel, small allocations always succeed so
      this doesn't affect runtime.
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarFelipe Balbi <felipe.balbi@linux.intel.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      4670e839
    • Zeng Tao's avatar
      usb: dwc3: gadget: Fix the uninitialized link_state when udc starts · 08c937f9
      Zeng Tao authored
      [ Upstream commit 88b1bb1f ]
      
      Currently the link_state is uninitialized and the default value is 0(U0)
      before the first time we start the udc, and after we start the udc then
       stop the udc, the link_state will be undefined.
      We may have the following warnings if we start the udc again with
      an undefined link_state:
      
      WARNING: CPU: 0 PID: 327 at drivers/usb/dwc3/gadget.c:294 dwc3_send_gadget_ep_cmd+0x304/0x308
      dwc3 100e0000.hidwc3_0: wakeup failed --> -22
      [...]
      Call Trace:
      [<c010f270>] (unwind_backtrace) from [<c010b3d8>] (show_stack+0x10/0x14)
      [<c010b3d8>] (show_stack) from [<c034a4dc>] (dump_stack+0x84/0x98)
      [<c034a4dc>] (dump_stack) from [<c0118000>] (__warn+0xe8/0x100)
      [<c0118000>] (__warn) from [<c0118050>](warn_slowpath_fmt+0x38/0x48)
      [<c0118050>] (warn_slowpath_fmt) from [<c0442ec0>](dwc3_send_gadget_ep_cmd+0x304/0x308)
      [<c0442ec0>] (dwc3_send_gadget_ep_cmd) from [<c0445e68>](dwc3_ep0_start_trans+0x48/0xf4)
      [<c0445e68>] (dwc3_ep0_start_trans) from [<c0446750>](dwc3_ep0_out_start+0x64/0x80)
      [<c0446750>] (dwc3_ep0_out_start) from [<c04451c0>](__dwc3_gadget_start+0x1e0/0x278)
      [<c04451c0>] (__dwc3_gadget_start) from [<c04452e0>](dwc3_gadget_start+0x88/0x10c)
      [<c04452e0>] (dwc3_gadget_start) from [<c045ee54>](udc_bind_to_driver+0x88/0xbc)
      [<c045ee54>] (udc_bind_to_driver) from [<c045f29c>](usb_gadget_probe_driver+0xf8/0x140)
      [<c045f29c>] (usb_gadget_probe_driver) from [<bf005424>](gadget_dev_desc_UDC_store+0xac/0xc4 [libcomposite])
      [<bf005424>] (gadget_dev_desc_UDC_store [libcomposite]) from[<c023d8e0>] (configfs_write_file+0xd4/0x160)
      [<c023d8e0>] (configfs_write_file) from [<c01d51e8>] (__vfs_write+0x1c/0x114)
      [<c01d51e8>] (__vfs_write) from [<c01d5ff4>] (vfs_write+0xa4/0x168)
      [<c01d5ff4>] (vfs_write) from [<c01d6d40>] (SyS_write+0x3c/0x90)
      [<c01d6d40>] (SyS_write) from [<c0107400>] (ret_fast_syscall+0x0/0x3c)
      Signed-off-by: default avatarZeng Tao <prime.zeng@hisilicon.com>
      Signed-off-by: default avatarFelipe Balbi <felipe.balbi@linux.intel.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      08c937f9
    • Bo He's avatar
      usb: dwc3: gadget: synchronize_irq dwc irq in suspend · 03a5d4d5
      Bo He authored
      [ Upstream commit 01c10880 ]
      
      We see dwc3 endpoint stopped by unwanted irq during
      suspend resume test, which is caused dwc3 ep can't be started
      with error "No Resource".
      
      Here, add synchronize_irq before suspend to sync the
      pending IRQ handlers complete.
      Signed-off-by: default avatarBo He <bo.he@intel.com>
      Signed-off-by: default avatarYu Wang <yu.y.wang@intel.com>
      Signed-off-by: default avatarFelipe Balbi <felipe.balbi@linux.intel.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      03a5d4d5
    • Dan Carpenter's avatar
      thermal: int340x_thermal: Fix a NULL vs IS_ERR() check · f29024c0
      Dan Carpenter authored
      [ Upstream commit 3fe931b3 ]
      
      The intel_soc_dts_iosf_init() function doesn't return NULL, it returns
      error pointers.
      
      Fixes: 4d0dd6c1 ("Thermal/int340x/processor_thermal: Enable auxiliary DTS for Braswell")
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarZhang Rui <rui.zhang@intel.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      f29024c0
    • Marek Vasut's avatar
      clk: vc5: Abort clock configuration without upstream clock · fc1073df
      Marek Vasut authored
      [ Upstream commit 2137a109 ]
      
      In case the upstream clock are not set, which can happen in case the
      VC5 has no valid upstream clock, the $src variable is used uninited
      by regmap_update_bits(). Check for this condition and return -EINVAL
      in such case.
      
      Note that in case the VC5 has no valid upstream clock, the VC5 can
      not operate correctly. That is a hardware property of the VC5. The
      internal oscilator present in some VC5 models is also considered
      upstream clock.
      Signed-off-by: default avatarMarek Vasut <marek.vasut+renesas@gmail.com>
      Cc: Alexey Firago <alexey_firago@mentor.com>
      Cc: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
      Cc: Stephen Boyd <sboyd@kernel.org>
      Cc: linux-renesas-soc@vger.kernel.org
      [sboyd@kernel.org: Added comment about probe preventing this from
      happening in the first place]
      Signed-off-by: default avatarStephen Boyd <sboyd@kernel.org>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      fc1073df
    • Lubomir Rintel's avatar
      clk: sysfs: fix invalid JSON in clk_dump · 71943c38
      Lubomir Rintel authored
      [ Upstream commit c6e90997 ]
      
      Add a missing comma so that the output is valid JSON format again.
      
      Fixes: 9fba738a ("clk: add duty cycle support")
      Signed-off-by: default avatarLubomir Rintel <lkundrak@v3.sk>
      Signed-off-by: default avatarStephen Boyd <sboyd@kernel.org>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      71943c38
    • Dan Carpenter's avatar
      clk: tegra: dfll: Fix a potential Oop in remove() · acc934f5
      Dan Carpenter authored
      [ Upstream commit d39eca54 ]
      
      If tegra_dfll_unregister() fails then "soc" is an error pointer.  We
      should just return instead of dereferencing it.
      
      Fixes: 1752c9ee ("clk: tegra: dfll: Fix drvdata overwriting issue")
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarStephen Boyd <sboyd@kernel.org>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      acc934f5
    • Yizhuo's avatar
      ASoC: Variable "val" in function rt274_i2c_probe() could be uninitialized · 651023ed
      Yizhuo authored
      [ Upstream commit 8c3590de ]
      
      Inside function rt274_i2c_probe(), if regmap_read() function
      returns -EINVAL, then local variable "val" leaves uninitialized
      but used in if statement. This is potentially unsafe.
      Signed-off-by: default avatarYizhuo <yzhai003@ucr.edu>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      651023ed
    • Dan Carpenter's avatar
      ALSA: compress: prevent potential divide by zero bugs · e7b2f9f2
      Dan Carpenter authored
      [ Upstream commit 678e2b44 ]
      
      The problem is seen in the q6asm_dai_compr_set_params() function:
      
      	ret = q6asm_map_memory_regions(dir, prtd->audio_client, prtd->phys,
      				       (prtd->pcm_size / prtd->periods),
                                              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      				       prtd->periods);
      
      In this code prtd->pcm_size is the buffer_size and prtd->periods comes
      from params->buffer.fragments.  If we allow the number of fragments to
      be zero then it results in a divide by zero bug.  One possible fix would
      be to use prtd->pcm_count directly instead of using the division to
      re-calculate it.  But I decided that it doesn't really make sense to
      allow zero fragments.
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      e7b2f9f2
    • Rander Wang's avatar
      ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field · a4964959
      Rander Wang authored
      [ Upstream commit 906a9abc ]
      
      For some reason this field was set to zero when all other drivers use
      .dynamic = 1 for front-ends. This change was tested on Dell XPS13 and
      has no impact with the existing legacy driver. The SOF driver also works
      with this change which enables it to override the fixed topology.
      Signed-off-by: default avatarRander Wang <rander.wang@linux.intel.com>
      Acked-by: default avatarPierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      a4964959
    • Kristian H. Kristensen's avatar
      drm/msm: Unblock writer if reader closes file · 5a700533
      Kristian H. Kristensen authored
      [ Upstream commit 99c66bc0 ]
      
      Prevents deadlock when fifo is full and reader closes file.
      Signed-off-by: default avatarKristian H. Kristensen <hoegsberg@chromium.org>
      Signed-off-by: default avatarRob Clark <robdclark@gmail.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      5a700533
    • John Garry's avatar
      scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached · 0f978ec3
      John Garry authored
      commit ffeafdd2 upstream.
      
      The sysfs phy_identifier attribute for a sas_end_device comes from the rphy
      phy_identifier value.
      
      Currently this is not being set for rphys with an end device attached, so
      we see incorrect symlinks from systemd disk/by-path:
      
      root@localhost:~# ls -l /dev/disk/by-path/
      total 0
      lrwxrwxrwx 1 root root  9 Feb 13 12:26 platform-HISI0162:01-sas-exp0x500e004aaaaaaa1f-phy0-lun-0 -> ../../sdb
      lrwxrwxrwx 1 root root 10 Feb 13 12:26 platform-HISI0162:01-sas-exp0x500e004aaaaaaa1f-phy0-lun-0-part1 -> ../../sdb1
      lrwxrwxrwx 1 root root 10 Feb 13 12:26 platform-HISI0162:01-sas-exp0x500e004aaaaaaa1f-phy0-lun-0-part2 -> ../../sdb2
      lrwxrwxrwx 1 root root 10 Feb 13 12:26 platform-HISI0162:01-sas-exp0x500e004aaaaaaa1f-phy0-lun-0-part3 -> ../../sdc3
      
      Indeed, each sas_end_device phy_identifier value is 0:
      
      root@localhost:/# more sys/class/sas_device/end_device-0\:0\:2/phy_identifier
      0
      root@localhost:/# more sys/class/sas_device/end_device-0\:0\:10/phy_identifier
      0
      
      This patch fixes the discovery code to set the phy_identifier.  With this,
      we now get proper symlinks:
      
      root@localhost:~# ls -l /dev/disk/by-path/
      total 0
      lrwxrwxrwx 1 root root  9 Feb 13 11:53 platform-HISI0162:01-sas-exp0x500e004aaaaaaa1f-phy10-lun-0 -> ../../sdg
      lrwxrwxrwx 1 root root  9 Feb 13 11:53 platform-HISI0162:01-sas-exp0x500e004aaaaaaa1f-phy11-lun-0 -> ../../sdh
      lrwxrwxrwx 1 root root  9 Feb 13 11:53 platform-HISI0162:01-sas-exp0x500e004aaaaaaa1f-phy2-lun-0 -> ../../sda
      lrwxrwxrwx 1 root root 10 Feb 13 11:53 platform-HISI0162:01-sas-exp0x500e004aaaaaaa1f-phy2-lun-0-part1 -> ../../sda1
      lrwxrwxrwx 1 root root  9 Feb 13 11:53 platform-HISI0162:01-sas-exp0x500e004aaaaaaa1f-phy3-lun-0 -> ../../sdb
      lrwxrwxrwx 1 root root 10 Feb 13 11:53 platform-HISI0162:01-sas-exp0x500e004aaaaaaa1f-phy3-lun-0-part1 -> ../../sdb1
      lrwxrwxrwx 1 root root 10 Feb 13 11:53 platform-HISI0162:01-sas-exp0x500e004aaaaaaa1f-phy3-lun-0-part2 -> ../../sdb2
      lrwxrwxrwx 1 root root  9 Feb 13 11:53 platform-HISI0162:01-sas-exp0x500e004aaaaaaa1f-phy4-lun-0 -> ../../sdc
      lrwxrwxrwx 1 root root 10 Feb 13 11:53 platform-HISI0162:01-sas-exp0x500e004aaaaaaa1f-phy4-lun-0-part1 -> ../../sdc1
      lrwxrwxrwx 1 root root 10 Feb 13 11:53 platform-HISI0162:01-sas-exp0x500e004aaaaaaa1f-phy4-lun-0-part2 -> ../../sdc2
      lrwxrwxrwx 1 root root 10 Feb 13 11:53 platform-HISI0162:01-sas-exp0x500e004aaaaaaa1f-phy4-lun-0-part3 -> ../../sdc3
      lrwxrwxrwx 1 root root  9 Feb 13 11:53 platform-HISI0162:01-sas-exp0x500e004aaaaaaa1f-phy5-lun-0 -> ../../sdd
      lrwxrwxrwx 1 root root  9 Feb 13 11:53 platform-HISI0162:01-sas-exp0x500e004aaaaaaa1f-phy7-lun-0 -> ../../sde
      lrwxrwxrwx 1 root root 10 Feb 13 11:53 platform-HISI0162:01-sas-exp0x500e004aaaaaaa1f-phy7-lun-0-part1 -> ../../sde1
      lrwxrwxrwx 1 root root 10 Feb 13 11:53 platform-HISI0162:01-sas-exp0x500e004aaaaaaa1f-phy7-lun-0-part2 -> ../../sde2
      lrwxrwxrwx 1 root root 10 Feb 13 11:53 platform-HISI0162:01-sas-exp0x500e004aaaaaaa1f-phy7-lun-0-part3 -> ../../sde3
      lrwxrwxrwx 1 root root  9 Feb 13 11:53 platform-HISI0162:01-sas-exp0x500e004aaaaaaa1f-phy8-lun-0 -> ../../sdf
      lrwxrwxrwx 1 root root 10 Feb 13 11:53 platform-HISI0162:01-sas-exp0x500e004aaaaaaa1f-phy8-lun-0-part1 -> ../../sdf1
      lrwxrwxrwx 1 root root 10 Feb 13 11:53 platform-HISI0162:01-sas-exp0x500e004aaaaaaa1f-phy8-lun-0-part2 -> ../../sdf2
      lrwxrwxrwx 1 root root 10 Feb 13 11:53 platform-HISI0162:01-sas-exp0x500e004aaaaaaa1f-phy8-lun-0-part3 -> ../../sdf3
      
      Fixes: 2908d778 ("[SCSI] aic94xx: new driver")
      Reported-by: default avatardann frazier <dann.frazier@canonical.com>
      Signed-off-by: default avatarJohn Garry <john.garry@huawei.com>
      Reviewed-by: default avatarJason Yan <yanaijie@huawei.com>
      Tested-by: default avatardann frazier <dann.frazier@canonical.com>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0f978ec3
    • Toke Høiland-Jørgensen's avatar
      mac80211: Change default tx_sk_pacing_shift to 7 · a7c6cf3b
      Toke Høiland-Jørgensen authored
      commit 5c14a4d0 upstream.
      
      When we did the original tests for the optimal value of sk_pacing_shift, we
      came up with 6 ms of buffering as the default. Sadly, 6 is not a power of
      two, so when picking the shift value I erred on the size of less buffering
      and picked 4 ms instead of 8. This was probably wrong; those 2 ms of extra
      buffering makes a larger difference than I thought.
      
      So, change the default pacing shift to 7, which corresponds to 8 ms of
      buffering. The point of diminishing returns really kicks in after 8 ms, and
      so having this as a default should cut down on the need for extensive
      per-device testing and overrides needed in the drivers.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarToke Høiland-Jørgensen <toke@redhat.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      
      a7c6cf3b
    • Long Li's avatar
      genirq/matrix: Improve target CPU selection for managed interrupts. · 765c30b3
      Long Li authored
      [ Upstream commit e8da8794 ]
      
      On large systems with multiple devices of the same class (e.g. NVMe disks,
      using managed interrupts), the kernel can affinitize these interrupts to a
      small subset of CPUs instead of spreading them out evenly.
      
      irq_matrix_alloc_managed() tries to select the CPU in the supplied cpumask
      of possible target CPUs which has the lowest number of interrupt vectors
      allocated.
      
      This is done by searching the CPU with the highest number of available
      vectors. While this is correct for non-managed CPUs it can select the wrong
      CPU for managed interrupts. Under certain constellations this results in
      affinitizing the managed interrupts of several devices to a single CPU in
      a set.
      
      The book keeping of available vectors works the following way:
      
       1) Non-managed interrupts:
      
          available is decremented when the interrupt is actually requested by
          the device driver and a vector is assigned. It's incremented when the
          interrupt and the vector are freed.
      
       2) Managed interrupts:
      
          Managed interrupts guarantee vector reservation when the MSI/MSI-X
          functionality of a device is enabled, which is achieved by reserving
          vectors in the bitmaps of the possible target CPUs. This reservation
          decrements the available count on each possible target CPU.
      
          When the interrupt is requested by the device driver then a vector is
          allocated from the reserved region. The operation is reversed when the
          interrupt is freed by the device driver. Neither of these operations
          affect the available count.
      
          The reservation persist up to the point where the MSI/MSI-X
          functionality is disabled and only this operation increments the
          available count again.
      
      For non-managed interrupts the available count is the correct selection
      criterion because the guaranteed reservations need to be taken into
      account. Using the allocated counter could lead to a failing allocation in
      the following situation (total vector space of 10 assumed):
      
      		 CPU0	CPU1
       available:	    2	   0
       allocated:	    5	   3   <--- CPU1 is selected, but available space = 0
       managed reserved:  3	   7
      
       while available yields the correct result.
      
      For managed interrupts the available count is not the appropriate
      selection criterion because as explained above the available count is not
      affected by the actual vector allocation.
      
      The following example illustrates that. Total vector space of 10
      assumed. The starting point is:
      
      		 CPU0	CPU1
       available:	    5	   4
       allocated:	    2	   3
       managed reserved:  3	   3
      
       Allocating vectors for three non-managed interrupts will result in
       affinitizing the first two to CPU0 and the third one to CPU1 because the
       available count is adjusted with each allocation:
      
      		  CPU0	CPU1
       available:	     5	   4	<- Select CPU0 for 1st allocation
       --> allocated:	     3	   3
      
       available:	     4	   4	<- Select CPU0 for 2nd allocation
       --> allocated:	     4	   3
      
       available:	     3	   4	<- Select CPU1 for 3rd allocation
       --> allocated:	     4	   4
      
       But the allocation of three managed interrupts starting from the same
       point will affinitize all of them to CPU0 because the available count is
       not affected by the allocation (see above). So the end result is:
      
      		  CPU0	CPU1
       available:	     5	   4
       allocated:	     5	   3
      
      Introduce a "managed_allocated" field in struct cpumap to track the vector
      allocation for managed interrupts separately. Use this information to
      select the target CPU when a vector is allocated for a managed interrupt,
      which results in more evenly distributed vector assignments. The above
      example results in the following allocations:
      
      		 CPU0	CPU1
       managed_allocated: 0	   0	<- Select CPU0 for 1st allocation
       --> allocated:	    3	   3
      
       managed_allocated: 1	   0	<- Select CPU1 for 2nd allocation
       --> allocated:	    3	   4
      
       managed_allocated: 1	   1	<- Select CPU0 for 3rd allocation
       --> allocated:	    4	   4
      
      The allocation of non-managed interrupts is not affected by this change and
      is still evaluating the available count.
      
      The overall distribution of interrupt vectors for both types of interrupts
      might still not be perfectly even depending on the number of non-managed
      and managed interrupts in a system, but due to the reservation guarantee
      for managed interrupts this cannot be avoided.
      
      Expose the new field in debugfs as well.
      
      [ tglx: Clarified the background of the problem in the changelog and
        	described it independent of NVME ]
      Signed-off-by: default avatarLong Li <longli@microsoft.com>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Michael Kelley <mikelley@microsoft.com>
      Link: https://lkml.kernel.org/r/20181106040000.27316-1-longli@linuxonhyperv.comSigned-off-by: default avatarSasha Levin <sashal@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      765c30b3
    • Dou Liyang's avatar
      irq/matrix: Spread managed interrupts on allocation · 8cae7757
      Dou Liyang authored
      [ Upstream commit 76f99ae5 ]
      
      Linux spreads out the non managed interrupt across the possible target CPUs
      to avoid vector space exhaustion.
      
      Managed interrupts are treated differently, as for them the vectors are
      reserved (with guarantee) when the interrupt descriptors are initialized.
      
      When the interrupt is requested a real vector is assigned. The assignment
      logic uses the first CPU in the affinity mask for assignment. If the
      interrupt has more than one CPU in the affinity mask, which happens when a
      multi queue device has less queues than CPUs, then doing the same search as
      for non managed interrupts makes sense as it puts the interrupt on the
      least interrupt plagued CPU. For single CPU affine vectors that's obviously
      a NOOP.
      
      Restructre the matrix allocation code so it does the 'best CPU' search, add
      the sanity check for an empty affinity mask and adapt the call site in the
      x86 vector management code.
      
      [ tglx: Added the empty mask check to the core and improved change log ]
      Signed-off-by: default avatarDou Liyang <douly.fnst@cn.fujitsu.com>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: hpa@zytor.com
      Link: https://lkml.kernel.org/r/20180908175838.14450-2-dou_liyang@163.comSigned-off-by: default avatarSasha Levin <sashal@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      8cae7757
    • Dou Liyang's avatar
      irq/matrix: Split out the CPU selection code into a helper · 2948b887
      Dou Liyang authored
      [ Upstream commit 8ffe4e61 ]
      
      Linux finds the CPU which has the lowest vector allocation count to spread
      out the non managed interrupts across the possible target CPUs, but does
      not do so for managed interrupts.
      
      Split out the CPU selection code into a helper function for reuse. No
      functional change.
      Signed-off-by: default avatarDou Liyang <douly.fnst@cn.fujitsu.com>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: hpa@zytor.com
      Link: https://lkml.kernel.org/r/20180908175838.14450-1-dou_liyang@163.comSigned-off-by: default avatarSasha Levin <sashal@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      2948b887
  2. 27 Feb, 2019 6 commits
    • Greg Kroah-Hartman's avatar
      Linux 4.19.26 · 51ea85ab
      Greg Kroah-Hartman authored
      51ea85ab
    • Russell King's avatar
      net: phylink: avoid resolving link state too early · 101e1972
      Russell King authored
      commit 87454b6e upstream.
      
      During testing on Armada 388 platforms, it was found with a certain
      module configuration that it was possible to trigger a kernel oops
      during the module load process, caused by the phylink resolver being
      triggered for a currently disabled interface.
      
      This problem was introduced by changing the way the SFP registration
      works, which now can result in the sfp link down notification being
      called during phylink_create().
      
      Fixes: b5bfc21a ("net: sfp: do not probe SFP module before we're attached")
      Signed-off-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Cc: Sasha Levin <sashal@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      101e1972
    • Nathan Chancellor's avatar
      pinctrl: max77620: Use define directive for max77620_pinconf_param values · c80bf035
      Nathan Chancellor authored
      commit 1f60652d upstream.
      
      Clang warns when one enumerated type is implicitly converted to another:
      
      drivers/pinctrl/pinctrl-max77620.c:56:12: warning: implicit conversion
      from enumeration type 'enum max77620_pinconf_param' to different
      enumeration type 'enum pin_config_param' [-Wenum-conversion]
                      .param = MAX77620_ACTIVE_FPS_SOURCE,
                               ^~~~~~~~~~~~~~~~~~~~~~~~~~
      
      It is expected that pinctrl drivers can extend pin_config_param because
      of the gap between PIN_CONFIG_END and PIN_CONFIG_MAX so this conversion
      isn't an issue. Most drivers that take advantage of this define the
      PIN_CONFIG variables as constants, rather than enumerated values. Do the
      same thing here so that Clang no longer warns.
      
      Link: https://github.com/ClangBuiltLinux/linux/issues/139Signed-off-by: default avatarNathan Chancellor <natechancellor@gmail.com>
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      c80bf035
    • Mikulas Patocka's avatar
      udlfb: handle unplug properly · c014cae8
      Mikulas Patocka authored
      commit 68a958a9 upstream.
      
      The udlfb driver maintained an open count and cleaned up itself when the
      count reached zero. But the console is also counted in the reference count
      - so, if the user unplugged the device, the open count would not drop to
      zero and the driver stayed loaded with console attached. If the user
      re-plugged the adapter, it would create a device /dev/fb1, show green
      screen and the access to the console would be lost.
      
      The framebuffer subsystem has reference counting on its own - in order to
      fix the unplug bug, we rely the framebuffer reference counting. When the
      user unplugs the adapter, we call unregister_framebuffer unconditionally.
      unregister_framebuffer will unbind the console, wait until all users stop
      using the framebuffer and then call the fb_destroy method. The fb_destroy
      cleans up the USB driver.
      
      This patch makes the following changes:
      * Drop dlfb->kref and rely on implicit framebuffer reference counting
        instead.
      * dlfb_usb_disconnect calls unregister_framebuffer, the rest of driver
        cleanup is done in the function dlfb_ops_destroy. dlfb_ops_destroy will
        be called by the framebuffer subsystem when no processes have the
        framebuffer open or mapped.
      * We don't use workqueue during initialization, but initialize directly
        from dlfb_usb_probe. The workqueue could race with dlfb_usb_disconnect
        and this racing would produce various kinds of memory corruption.
      * We use usb_get_dev and usb_put_dev to make sure that the USB subsystem
        doesn't free the device under us.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      cc: Dave Airlie <airlied@redhat.com>
      Cc: Bernie Thompson <bernie@plugable.com>,
      Cc: Ladislav Michl <ladis@linux-mips.org>
      Signed-off-by: default avatarBartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      c014cae8
    • Taehee Yoo's avatar
      netfilter: ipt_CLUSTERIP: fix sleep-in-atomic bug in clusterip_config_entry_put() · 6546e115
      Taehee Yoo authored
      commit 2a61d8b8 upstream.
      
      A proc_remove() can sleep. so that it can't be inside of spin_lock.
      Hence proc_remove() is moved to outside of spin_lock. and it also
      adds mutex to sync create and remove of proc entry(config->pde).
      
      test commands:
      SHELL#1
         %while :; do iptables -A INPUT -p udp -i enp2s0 -d 192.168.1.100 \
      	   --dport 9000  -j CLUSTERIP --new --hashmode sourceip \
      	   --clustermac 01:00:5e:00:00:21 --total-nodes 3 --local-node 3; \
      	   iptables -F; done
      
      SHELL#2
         %while :; do echo +1 > /proc/net/ipt_CLUSTERIP/192.168.1.100; \
      	   echo -1 > /proc/net/ipt_CLUSTERIP/192.168.1.100; done
      
      [ 2949.569864] BUG: sleeping function called from invalid context at kernel/sched/completion.c:99
      [ 2949.579944] in_atomic(): 1, irqs_disabled(): 0, pid: 5472, name: iptables
      [ 2949.587920] 1 lock held by iptables/5472:
      [ 2949.592711]  #0: 000000008f0ebcf2 (&(&cn->lock)->rlock){+...}, at: refcount_dec_and_lock+0x24/0x50
      [ 2949.603307] CPU: 1 PID: 5472 Comm: iptables Tainted: G        W         4.19.0-rc5+ #16
      [ 2949.604212] Hardware name: To be filled by O.E.M. To be filled by O.E.M./Aptio CRB, BIOS 5.6.5 07/08/2015
      [ 2949.604212] Call Trace:
      [ 2949.604212]  dump_stack+0xc9/0x16b
      [ 2949.604212]  ? show_regs_print_info+0x5/0x5
      [ 2949.604212]  ___might_sleep+0x2eb/0x420
      [ 2949.604212]  ? set_rq_offline.part.87+0x140/0x140
      [ 2949.604212]  ? _rcu_barrier_trace+0x400/0x400
      [ 2949.604212]  wait_for_completion+0x94/0x710
      [ 2949.604212]  ? wait_for_completion_interruptible+0x780/0x780
      [ 2949.604212]  ? __kernel_text_address+0xe/0x30
      [ 2949.604212]  ? __lockdep_init_map+0x10e/0x5c0
      [ 2949.604212]  ? __lockdep_init_map+0x10e/0x5c0
      [ 2949.604212]  ? __init_waitqueue_head+0x86/0x130
      [ 2949.604212]  ? init_wait_entry+0x1a0/0x1a0
      [ 2949.604212]  proc_entry_rundown+0x208/0x270
      [ 2949.604212]  ? proc_reg_get_unmapped_area+0x370/0x370
      [ 2949.604212]  ? __lock_acquire+0x4500/0x4500
      [ 2949.604212]  ? complete+0x18/0x70
      [ 2949.604212]  remove_proc_subtree+0x143/0x2a0
      [ 2949.708655]  ? remove_proc_entry+0x390/0x390
      [ 2949.708655]  clusterip_tg_destroy+0x27a/0x630 [ipt_CLUSTERIP]
      [ ... ]
      
      Fixes: b3e456fc ("netfilter: ipt_CLUSTERIP: fix a race condition of proc file creation")
      Signed-off-by: default avatarTaehee Yoo <ap420073@gmail.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      6546e115
    • Fernando Fernandez Mancera's avatar
      netfilter: nfnetlink_osf: add missing fmatch check · 0c1054e0
      Fernando Fernandez Mancera authored
      commit 1a6a0951 upstream.
      
      When we check the tcp options of a packet and it doesn't match the current
      fingerprint, the tcp packet option pointer must be restored to its initial
      value in order to do the proper tcp options check for the next fingerprint.
      
      Here we can see an example.
      Assumming the following fingerprint base with two lines:
      
      S10:64:1:60:M*,S,T,N,W6:      Linux:3.0::Linux 3.0
      S20:64:1:60:M*,S,T,N,W7:      Linux:4.19:arch:Linux 4.1
      
      Where TCP options are the last field in the OS signature, all of them overlap
      except by the last one, ie. 'W6' versus 'W7'.
      
      In case a packet for Linux 4.19 kicks in, the osf finds no matching because the
      TCP options pointer is updated after checking for the TCP options in the first
      line.
      
      Therefore, reset pointer back to where it should be.
      
      Fixes: 11eeef41 ("netfilter: passive OS fingerprint xtables match")
      Signed-off-by: default avatarFernando Fernandez Mancera <ffmancera@riseup.net>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0c1054e0