1. 01 Oct, 2019 9 commits
    • Miaoqing Pan's avatar
      nl80211: fix null pointer dereference · b501426c
      Miaoqing Pan authored
      If the interface is not in MESH mode, the command 'iw wlanx mpath del'
      will cause kernel panic.
      
      The root cause is null pointer access in mpp_flush_by_proxy(), as the
      pointer 'sdata->u.mesh.mpp_paths' is NULL for non MESH interface.
      
      Unable to handle kernel NULL pointer dereference at virtual address 00000068
      [...]
      PC is at _raw_spin_lock_bh+0x20/0x5c
      LR is at mesh_path_del+0x1c/0x17c [mac80211]
      [...]
      Process iw (pid: 4537, stack limit = 0xd83e0238)
      [...]
      [<c021211c>] (_raw_spin_lock_bh) from [<bf8c7648>] (mesh_path_del+0x1c/0x17c [mac80211])
      [<bf8c7648>] (mesh_path_del [mac80211]) from [<bf6cdb7c>] (extack_doit+0x20/0x68 [compat])
      [<bf6cdb7c>] (extack_doit [compat]) from [<c05c309c>] (genl_rcv_msg+0x274/0x30c)
      [<c05c309c>] (genl_rcv_msg) from [<c05c25d8>] (netlink_rcv_skb+0x58/0xac)
      [<c05c25d8>] (netlink_rcv_skb) from [<c05c2e14>] (genl_rcv+0x20/0x34)
      [<c05c2e14>] (genl_rcv) from [<c05c1f90>] (netlink_unicast+0x11c/0x204)
      [<c05c1f90>] (netlink_unicast) from [<c05c2420>] (netlink_sendmsg+0x30c/0x370)
      [<c05c2420>] (netlink_sendmsg) from [<c05886d0>] (sock_sendmsg+0x70/0x84)
      [<c05886d0>] (sock_sendmsg) from [<c0589f4c>] (___sys_sendmsg.part.3+0x188/0x228)
      [<c0589f4c>] (___sys_sendmsg.part.3) from [<c058add4>] (__sys_sendmsg+0x4c/0x70)
      [<c058add4>] (__sys_sendmsg) from [<c0208c80>] (ret_fast_syscall+0x0/0x44)
      Code: e2822c02 e2822001 e5832004 f590f000 (e1902f9f)
      ---[ end trace bbd717600f8f884d ]---
      Signed-off-by: default avatarMiaoqing Pan <miaoqing@codeaurora.org>
      Link: https://lore.kernel.org/r/1569485810-761-1-git-send-email-miaoqing@codeaurora.org
      [trim useless data from commit message]
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      b501426c
    • Johannes Berg's avatar
      cfg80211: initialize on-stack chandefs · f43e5210
      Johannes Berg authored
      In a few places we don't properly initialize on-stack chandefs,
      resulting in EDMG data to be non-zero, which broke things.
      
      Additionally, in a few places we rely on the driver to init the
      data completely, but perhaps we shouldn't as non-EDMG drivers
      may not initialize the EDMG data, also initialize it there.
      
      Cc: stable@vger.kernel.org
      Fixes: 2a38075c ("nl80211: Add support for EDMG channels")
      Reported-by: default avatarDmitry Osipenko <digetx@gmail.com>
      Tested-by: default avatarDmitry Osipenko <digetx@gmail.com>
      Link: https://lore.kernel.org/r/1569239475-I2dcce394ecf873376c386a78f31c2ec8b538fa25@changeidSigned-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      f43e5210
    • Johannes Berg's avatar
      cfg80211: validate SSID/MBSSID element ordering assumption · 242b0931
      Johannes Berg authored
      The code copying the data assumes that the SSID element is
      before the MBSSID element, but since the data is untrusted
      from the AP, this cannot be guaranteed.
      
      Validate that this is indeed the case and ignore the MBSSID
      otherwise, to avoid having to deal with both cases for the
      copy of data that should be between them.
      
      Cc: stable@vger.kernel.org
      Fixes: 0b8fb823 ("cfg80211: Parsing of Multiple BSSID information in scanning")
      Link: https://lore.kernel.org/r/1569009255-I1673911f5eae02964e21bdc11b2bf58e5e207e59@changeidSigned-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      242b0931
    • Johannes Berg's avatar
      nl80211: validate beacon head · f88eb7c0
      Johannes Berg authored
      We currently don't validate the beacon head, i.e. the header,
      fixed part and elements that are to go in front of the TIM
      element. This means that the variable elements there can be
      malformed, e.g. have a length exceeding the buffer size, but
      most downstream code from this assumes that this has already
      been checked.
      
      Add the necessary checks to the netlink policy.
      
      Cc: stable@vger.kernel.org
      Fixes: ed1b6cc7 ("cfg80211/nl80211: add beacon settings")
      Link: https://lore.kernel.org/r/1569009255-I7ac7fbe9436e9d8733439eab8acbbd35e55c74ef@changeidSigned-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      f88eb7c0
    • Vladimir Oltean's avatar
      net: sched: taprio: Fix potential integer overflow in taprio_set_picos_per_byte · 68ce6688
      Vladimir Oltean authored
      The speed divisor is used in a context expecting an s64, but it is
      evaluated using 32-bit arithmetic.
      
      To avoid that happening, instead of multiplying by 1,000,000 in the
      first place, simplify the fraction and do a standard 32 bit division
      instead.
      
      Fixes: f04b514c ("taprio: Set default link speed to 10 Mbps in taprio_set_picos_per_byte")
      Reported-by: default avatarGustavo A. R. Silva <gustavo@embeddedor.com>
      Suggested-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarVladimir Oltean <olteanv@gmail.com>
      Acked-by: default avatarVinicius Costa Gomes <vinicius.gomes@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      68ce6688
    • Navid Emamdoost's avatar
      net: dsa: sja1105: Prevent leaking memory · 68501df9
      Navid Emamdoost authored
      In sja1105_static_config_upload, in two cases memory is leaked: when
      static_config_buf_prepare_for_upload fails and when sja1105_inhibit_tx
      fails. In both cases config_buf should be released.
      
      Fixes: 8aa9ebcc ("net: dsa: Introduce driver for NXP SJA1105 5-port L2 switch")
      Fixes: 1a4c6940 ("net: dsa: sja1105: Prevent PHY jabbering during switch reset")
      Signed-off-by: default avatarNavid Emamdoost <navid.emamdoost@gmail.com>
      Signed-off-by: default avatarVladimir Oltean <olteanv@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      68501df9
    • Vladimir Oltean's avatar
      net: dsa: sja1105: Ensure PTP time for rxtstamp reconstruction is not in the past · b6f2494d
      Vladimir Oltean authored
      Sometimes the PTP synchronization on the switch 'jumps':
      
        ptp4l[11241.155]: rms    8 max   16 freq -21732 +/-  11 delay   742 +/-   0
        ptp4l[11243.157]: rms    7 max   17 freq -21731 +/-  10 delay   744 +/-   0
        ptp4l[11245.160]: rms 33592410 max 134217731 freq +192422 +/- 8530253 delay   743 +/-   0
        ptp4l[11247.163]: rms 811631 max 964131 freq +10326 +/- 557785 delay   743 +/-   0
        ptp4l[11249.166]: rms 261936 max 533876 freq -304323 +/- 126371 delay   744 +/-   0
        ptp4l[11251.169]: rms 48700 max 57740 freq -20218 +/- 30532 delay   744 +/-   0
        ptp4l[11253.171]: rms 14570 max 30163 freq  -5568 +/- 7563 delay   742 +/-   0
        ptp4l[11255.174]: rms 2914 max 3440 freq -22001 +/- 1667 delay   744 +/-   1
        ptp4l[11257.177]: rms  811 max 1710 freq -22653 +/- 451 delay   744 +/-   1
        ptp4l[11259.180]: rms  177 max  218 freq -21695 +/-  89 delay   741 +/-   0
        ptp4l[11261.182]: rms   45 max   92 freq -21677 +/-  32 delay   742 +/-   0
        ptp4l[11263.186]: rms   14 max   32 freq -21733 +/-  11 delay   742 +/-   0
        ptp4l[11265.188]: rms    9 max   14 freq -21725 +/-  12 delay   742 +/-   0
        ptp4l[11267.191]: rms    9 max   16 freq -21727 +/-  13 delay   742 +/-   0
        ptp4l[11269.194]: rms    6 max   15 freq -21726 +/-   9 delay   743 +/-   0
        ptp4l[11271.197]: rms    8 max   15 freq -21728 +/-  11 delay   743 +/-   0
        ptp4l[11273.200]: rms    6 max   12 freq -21727 +/-   8 delay   743 +/-   0
        ptp4l[11275.202]: rms    9 max   17 freq -21720 +/-  11 delay   742 +/-   0
        ptp4l[11277.205]: rms    9 max   18 freq -21725 +/-  12 delay   742 +/-   0
      
      Background: the switch only offers partial RX timestamps (24 bits) and
      it is up to the driver to read the PTP clock to fill those timestamps up
      to 64 bits. But the PTP clock readout needs to happen quickly enough (in
      0.135 seconds, in fact), otherwise the PTP clock will wrap around 24
      bits, condition which cannot be detected.
      
      Looking at the 'max 134217731' value on output line 3, one can see that
      in hex it is 0x8000003. Because the PTP clock resolution is 8 ns,
      that means 0x1000000 in ticks, which is exactly 2^24. So indeed this is
      a PTP clock wraparound, but the reason might be surprising.
      
      What is going on is that sja1105_tstamp_reconstruct(priv, now, ts)
      expects a "now" time that is later than the "ts" was snapshotted at.
      This, of course, is obvious: we read the PTP time _after_ the partial RX
      timestamp was received. However, the workqueue is processing frames from
      a skb queue and reuses the same PTP time, read once at the beginning.
      Normally the skb queue only contains one frame and all goes well. But
      when the skb queue contains two frames, the second frame that gets
      dequeued might have been partially timestamped by the RX MAC _after_ we
      had read our PTP time initially.
      
      The code was originally like that due to concerns that SPI access for
      PTP time readout is a slow process, and we are time-constrained anyway
      (aka: premature optimization). But some timing analysis reveals that the
      time spent until the RX timestamp is completely reconstructed is 1 order
      of magnitude lower than the 0.135 s deadline even under worst-case
      conditions. So we can afford to read the PTP time for each frame in the
      RX timestamping queue, which of course ensures that the full PTP time is
      in the partial timestamp's future.
      
      Fixes: f3097be2 ("net: dsa: sja1105: Add a state machine for RX timestamping")
      Signed-off-by: default avatarVladimir Oltean <olteanv@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b6f2494d
    • David S. Miller's avatar
      Merge tag 'ieee802154-for-davem-2019-09-28' of... · 3755ee22
      David S. Miller authored
      Merge tag 'ieee802154-for-davem-2019-09-28' of git://git.kernel.org/pub/scm/linux/kernel/git/sschmidt/wpan
      
      Stefan Schmidt says:
      
      ====================
      pull-request: ieee802154 for net 2019-09-28
      
      An update from ieee802154 for your *net* tree.
      
      Three driver fixes. Navid Emamdoost fixed a memory leak on an error
      path in the ca8210 driver, Johan Hovold fixed a use-after-free found
      by syzbot in the atusb driver and Christophe JAILLET makes sure
      __skb_put_data is used instead of memcpy in the mcr20a driver
      
      I switched from branches to tags here to be pulled from. So far not
      annotated and not signed. Once I fixed my scripts it should contain
      this messages as annotations. If you want it signed as well just tell
      me. If there are any problems let me know.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3755ee22
    • Martin KaFai Lau's avatar
      net: Unpublish sk from sk_reuseport_cb before call_rcu · 8c7138b3
      Martin KaFai Lau authored
      The "reuse->sock[]" array is shared by multiple sockets.  The going away
      sk must unpublish itself from "reuse->sock[]" before making call_rcu()
      call.  However, this unpublish-action is currently done after a grace
      period and it may cause use-after-free.
      
      The fix is to move reuseport_detach_sock() to sk_destruct().
      Due to the above reason, any socket with sk_reuseport_cb has
      to go through the rcu grace period before freeing it.
      
      It is a rather old bug (~3 yrs).  The Fixes tag is not necessary
      the right commit but it is the one that introduced the SOCK_RCU_FREE
      logic and this fix is depending on it.
      
      Fixes: a4298e45 ("net: add SOCK_RCU_FREE socket flag")
      Cc: Eric Dumazet <eric.dumazet@gmail.com>
      Suggested-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarMartin KaFai Lau <kafai@fb.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8c7138b3
  2. 30 Sep, 2019 3 commits
    • Haishuang Yan's avatar
      erspan: remove the incorrect mtu limit for erspan · 0e141f75
      Haishuang Yan authored
      erspan driver calls ether_setup(), after commit 61e84623
      ("net: centralize net_device min/max MTU checking"), the range
      of mtu is [min_mtu, max_mtu], which is [68, 1500] by default.
      
      It causes the dev mtu of the erspan device to not be greater
      than 1500, this limit value is not correct for ipgre tap device.
      
      Tested:
      Before patch:
      # ip link set erspan0 mtu 1600
      Error: mtu greater than device maximum.
      After patch:
      # ip link set erspan0 mtu 1600
      # ip -d link show erspan0
      21: erspan0@NONE: <BROADCAST,MULTICAST> mtu 1600 qdisc noop state DOWN
      mode DEFAULT group default qlen 1000
          link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 0
      
      Fixes: 61e84623 ("net: centralize net_device min/max MTU checking")
      Signed-off-by: default avatarHaishuang Yan <yanhaishuang@cmss.chinamobile.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0e141f75
    • Eric Dumazet's avatar
      sch_cbq: validate TCA_CBQ_WRROPT to avoid crash · e9789c7c
      Eric Dumazet authored
      syzbot reported a crash in cbq_normalize_quanta() caused
      by an out of range cl->priority.
      
      iproute2 enforces this check, but malicious users do not.
      
      kasan: CONFIG_KASAN_INLINE enabled
      kasan: GPF could be caused by NULL-ptr deref or user memory access
      general protection fault: 0000 [#1] SMP KASAN PTI
      Modules linked in:
      CPU: 1 PID: 26447 Comm: syz-executor.1 Not tainted 5.3+ #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      RIP: 0010:cbq_normalize_quanta.part.0+0x1fd/0x430 net/sched/sch_cbq.c:902
      RSP: 0018:ffff8801a5c333b0 EFLAGS: 00010206
      RAX: 0000000020000003 RBX: 00000000fffffff8 RCX: ffffc9000712f000
      RDX: 00000000000043bf RSI: ffffffff83be8962 RDI: 0000000100000018
      RBP: ffff8801a5c33420 R08: 000000000000003a R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000002ef
      R13: ffff88018da95188 R14: dffffc0000000000 R15: 0000000000000015
      FS:  00007f37d26b1700(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 00000000004c7cec CR3: 00000001bcd0a006 CR4: 00000000001626f0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       [<ffffffff83be9d57>] cbq_normalize_quanta include/net/pkt_sched.h:27 [inline]
       [<ffffffff83be9d57>] cbq_addprio net/sched/sch_cbq.c:1097 [inline]
       [<ffffffff83be9d57>] cbq_set_wrr+0x2d7/0x450 net/sched/sch_cbq.c:1115
       [<ffffffff83bee8a7>] cbq_change_class+0x987/0x225b net/sched/sch_cbq.c:1537
       [<ffffffff83b96985>] tc_ctl_tclass+0x555/0xcd0 net/sched/sch_api.c:2329
       [<ffffffff83a84655>] rtnetlink_rcv_msg+0x485/0xc10 net/core/rtnetlink.c:5248
       [<ffffffff83cadf0a>] netlink_rcv_skb+0x17a/0x460 net/netlink/af_netlink.c:2510
       [<ffffffff83a7db6d>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5266
       [<ffffffff83cac2c6>] netlink_unicast_kernel net/netlink/af_netlink.c:1324 [inline]
       [<ffffffff83cac2c6>] netlink_unicast+0x536/0x720 net/netlink/af_netlink.c:1350
       [<ffffffff83cacd4a>] netlink_sendmsg+0x89a/0xd50 net/netlink/af_netlink.c:1939
       [<ffffffff8399d46e>] sock_sendmsg_nosec net/socket.c:673 [inline]
       [<ffffffff8399d46e>] sock_sendmsg+0x12e/0x170 net/socket.c:684
       [<ffffffff8399f1fd>] ___sys_sendmsg+0x81d/0x960 net/socket.c:2359
       [<ffffffff839a2d05>] __sys_sendmsg+0x105/0x1d0 net/socket.c:2397
       [<ffffffff839a2df9>] SYSC_sendmsg net/socket.c:2406 [inline]
       [<ffffffff839a2df9>] SyS_sendmsg+0x29/0x30 net/socket.c:2404
       [<ffffffff8101ccc8>] do_syscall_64+0x528/0x770 arch/x86/entry/common.c:305
       [<ffffffff84400091>] entry_SYSCALL_64_after_hwframe+0x42/0xb7
      
      Fixes: 1da177e4 ("Linux-2.6.12-rc2")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e9789c7c
    • Michal Vokáč's avatar
      net: dsa: qca8k: Use up to 7 ports for all operations · 7ae6d93c
      Michal Vokáč authored
      The QCA8K family supports up to 7 ports. So use the existing
      QCA8K_NUM_PORTS define to allocate the switch structure and limit all
      operations with the switch ports.
      
      This was not an issue until commit 0394a63a ("net: dsa: enable and
      disable all ports") disabled all unused ports. Since the unused ports 7-11
      are outside of the correct register range on this switch some registers
      were rewritten with invalid content.
      
      Fixes: 6b93fb46 ("net-next: dsa: add new driver for qca8xxx family")
      Fixes: a0c02161 ("net: dsa: variable number of ports")
      Fixes: 0394a63a ("net: dsa: enable and disable all ports")
      Signed-off-by: default avatarMichal Vokáč <michal.vokac@ysoft.com>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7ae6d93c
  3. 29 Sep, 2019 1 commit
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 02dc96ef
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Sanity check URB networking device parameters to avoid divide by
          zero, from Oliver Neukum.
      
       2) Disable global multicast filter in NCSI, otherwise LLDP and IPV6
          don't work properly. Longer term this needs a better fix tho. From
          Vijay Khemka.
      
       3) Small fixes to selftests (use ping when ping6 is not present, etc.)
          from David Ahern.
      
       4) Bring back rt_uses_gateway member of struct rtable, it's semantics
          were not well understood and trying to remove it broke things. From
          David Ahern.
      
       5) Move usbnet snaity checking, ignore endpoints with invalid
          wMaxPacketSize. From Bjørn Mork.
      
       6) Missing Kconfig deps for sja1105 driver, from Mao Wenan.
      
       7) Various small fixes to the mlx5 DR steering code, from Alaa Hleihel,
          Alex Vesker, and Yevgeny Kliteynik
      
       8) Missing CAP_NET_RAW checks in various places, from Ori Nimron.
      
       9) Fix crash when removing sch_cbs entry while offloading is enabled,
          from Vinicius Costa Gomes.
      
      10) Signedness bug fixes, generally in looking at the result given by
          of_get_phy_mode() and friends. From Dan Crapenter.
      
      11) Disable preemption around BPF_PROG_RUN() calls, from Eric Dumazet.
      
      12) Don't create VRF ipv6 rules if ipv6 is disabled, from David Ahern.
      
      13) Fix quantization code in tcp_bbr, from Kevin Yang.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (127 commits)
        net: tap: clean up an indentation issue
        nfp: abm: fix memory leak in nfp_abm_u32_knode_replace
        tcp: better handle TCP_USER_TIMEOUT in SYN_SENT state
        sk_buff: drop all skb extensions on free and skb scrubbing
        tcp_bbr: fix quantization code to not raise cwnd if not probing bandwidth
        mlxsw: spectrum_flower: Fail in case user specifies multiple mirror actions
        Documentation: Clarify trap's description
        mlxsw: spectrum: Clear VLAN filters during port initialization
        net: ena: clean up indentation issue
        NFC: st95hf: clean up indentation issue
        net: phy: micrel: add Asym Pause workaround for KSZ9021
        net: socionext: ave: Avoid using netdev_err() before calling register_netdev()
        ptp: correctly disable flags on old ioctls
        lib: dimlib: fix help text typos
        net: dsa: microchip: Always set regmap stride to 1
        nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs
        nfp: flower: prevent memory leak in nfp_flower_spawn_phy_reprs
        net/sched: Set default of CONFIG_NET_TC_SKB_EXT to N
        vrf: Do not attempt to create IPv6 mcast rule if IPv6 is disabled
        net: sched: sch_sfb: don't call qdisc_put() while holding tree lock
        ...
      02dc96ef
  4. 28 Sep, 2019 11 commits
    • Linus Torvalds's avatar
      Merge branch 'hugepage-fallbacks' (hugepatch patches from David Rientjes) · edf445ad
      Linus Torvalds authored
      Merge hugepage allocation updates from David Rientjes:
       "We (mostly Linus, Andrea, and myself) have been discussing offlist how
        to implement a sane default allocation strategy for hugepages on NUMA
        platforms.
      
        With these reverts in place, the page allocator will happily allocate
        a remote hugepage immediately rather than try to make a local hugepage
        available. This incurs a substantial performance degradation when
        memory compaction would have otherwise made a local hugepage
        available.
      
        This series reverts those reverts and attempts to propose a more sane
        default allocation strategy specifically for hugepages. Andrea
        acknowledges this is likely to fix the swap storms that he originally
        reported that resulted in the patches that removed __GFP_THISNODE from
        hugepage allocations.
      
        The immediate goal is to return 5.3 to the behavior the kernel has
        implemented over the past several years so that remote hugepages are
        not immediately allocated when local hugepages could have been made
        available because the increased access latency is untenable.
      
        The next goal is to introduce a sane default allocation strategy for
        hugepages allocations in general regardless of the configuration of
        the system so that we prevent thrashing of local memory when
        compaction is unlikely to succeed and can prefer remote hugepages over
        remote native pages when the local node is low on memory."
      
      Note on timing: this reverts the hugepage VM behavior changes that got
      introduced fairly late in the 5.3 cycle, and that fixed a huge
      performance regression for certain loads that had been around since
      4.18.
      
      Andrea had this note:
      
       "The regression of 4.18 was that it was taking hours to start a VM
        where 3.10 was only taking a few seconds, I reported all the details
        on lkml when it was finally tracked down in August 2018.
      
           https://lore.kernel.org/linux-mm/20180820032640.9896-2-aarcange@redhat.com/
      
        __GFP_THISNODE in MADV_HUGEPAGE made the above enterprise vfio
        workload degrade like in the "current upstream" above. And it still
        would have been that bad as above until 5.3-rc5"
      
      where the bad behavior ends up happening as you fill up a local node,
      and without that change, you'd get into the nasty swap storm behavior
      due to compaction working overtime to make room for more memory on the
      nodes.
      
      As a result 5.3 got the two performance fix reverts in rc5.
      
      However, David Rientjes then noted that those performance fixes in turn
      regressed performance for other loads - although not quite to the same
      degree.  He suggested reverting the reverts and instead replacing them
      with two small changes to how hugepage allocations are done (patch
      descriptions rephrased by me):
      
       - "avoid expensive reclaim when compaction may not succeed": just admit
         that the allocation failed when you're trying to allocate a huge-page
         and compaction wasn't successful.
      
       - "allow hugepage fallback to remote nodes when madvised": when that
         node-local huge-page allocation failed, retry without forcing the
         local node.
      
      but by then I judged it too late to replace the fixes for a 5.3 release.
      So 5.3 was released with behavior that harked back to the pre-4.18 logic.
      
      But now we're in the merge window for 5.4, and we can see if this
      alternate model fixes not just the horrendous swap storm behavior, but
      also restores the performance regression that the late reverts caused.
      
      Fingers crossed.
      
      * emailed patches from David Rientjes <rientjes@google.com>:
        mm, page_alloc: allow hugepage fallback to remote nodes when madvised
        mm, page_alloc: avoid expensive reclaim when compaction may not succeed
        Revert "Revert "Revert "mm, thp: consolidate THP gfp handling into alloc_hugepage_direct_gfpmask""
        Revert "Revert "mm, thp: restore node-local hugepage allocations""
      edf445ad
    • David Rientjes's avatar
      mm, page_alloc: allow hugepage fallback to remote nodes when madvised · 76e654cc
      David Rientjes authored
      For systems configured to always try hard to allocate transparent
      hugepages (thp defrag setting of "always") or for memory that has been
      explicitly madvised to MADV_HUGEPAGE, it is often better to fallback to
      remote memory to allocate the hugepage if the local allocation fails
      first.
      
      The point is to allow the initial call to __alloc_pages_node() to attempt
      to defragment local memory to make a hugepage available, if possible,
      rather than immediately fallback to remote memory.  Local hugepages will
      always have a better access latency than remote (huge)pages, so an attempt
      to make a hugepage available locally is always preferred.
      
      If memory compaction cannot be successful locally, however, it is likely
      better to fallback to remote memory.  This could take on two forms: either
      allow immediate fallback to remote memory or do per-zone watermark checks.
      It would be possible to fallback only when per-zone watermarks fail for
      order-0 memory, since that would require local reclaim for all subsequent
      faults so remote huge allocation is likely better than thrashing the local
      zone for large workloads.
      
      In this case, it is assumed that because the system is configured to try
      hard to allocate hugepages or the vma is advised to explicitly want to try
      hard for hugepages that remote allocation is better when local allocation
      and memory compaction have both failed.
      Signed-off-by: default avatarDavid Rientjes <rientjes@google.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: Michal Hocko <mhocko@suse.com>
      Cc: Mel Gorman <mgorman@suse.de>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: Stefan Priebe - Profihost AG <s.priebe@profihost.ag>
      Cc: "Kirill A. Shutemov" <kirill@shutemov.name>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      76e654cc
    • David Rientjes's avatar
      mm, page_alloc: avoid expensive reclaim when compaction may not succeed · b39d0ee2
      David Rientjes authored
      Memory compaction has a couple significant drawbacks as the allocation
      order increases, specifically:
      
       - isolate_freepages() is responsible for finding free pages to use as
         migration targets and is implemented as a linear scan of memory
         starting at the end of a zone,
      
       - failing order-0 watermark checks in memory compaction does not account
         for how far below the watermarks the zone actually is: to enable
         migration, there must be *some* free memory available.  Per the above,
         watermarks are not always suffficient if isolate_freepages() cannot
         find the free memory but it could require hundreds of MBs of reclaim to
         even reach this threshold (read: potentially very expensive reclaim with
         no indication compaction can be successful), and
      
       - if compaction at this order has failed recently so that it does not even
         run as a result of deferred compaction, looping through reclaim can often
         be pointless.
      
      For hugepage allocations, these are quite substantial drawbacks because
      these are very high order allocations (order-9 on x86) and falling back to
      doing reclaim can potentially be *very* expensive without any indication
      that compaction would even be successful.
      
      Reclaim itself is unlikely to free entire pageblocks and certainly no
      reliance should be put on it to do so in isolation (recall lumpy reclaim).
      This means we should avoid reclaim and simply fail hugepage allocation if
      compaction is deferred.
      
      It is also not helpful to thrash a zone by doing excessive reclaim if
      compaction may not be able to access that memory.  If order-0 watermarks
      fail and the allocation order is sufficiently large, it is likely better
      to fail the allocation rather than thrashing the zone.
      Signed-off-by: default avatarDavid Rientjes <rientjes@google.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: Michal Hocko <mhocko@suse.com>
      Cc: Mel Gorman <mgorman@suse.de>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: Stefan Priebe - Profihost AG <s.priebe@profihost.ag>
      Cc: "Kirill A. Shutemov" <kirill@shutemov.name>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b39d0ee2
    • David Rientjes's avatar
      Revert "Revert "Revert "mm, thp: consolidate THP gfp handling into alloc_hugepage_direct_gfpmask"" · 19deb769
      David Rientjes authored
      This reverts commit 92717d42.
      
      Since commit a8282608 ("Revert "mm, thp: restore node-local hugepage
      allocations"") is reverted in this series, it is better to restore the
      previous 5.2 behavior between the thp allocation and the page allocator
      rather than to attempt any consolidation or cleanup for a policy that is
      now reverted.  It's less risky during an rc cycle and subsequent patches
      in this series further modify the same policy that the pre-5.3 behavior
      implements.
      
      Consolidation and cleanup can be done subsequent to a sane default page
      allocation strategy, so this patch reverts a cleanup done on a strategy
      that is now reverted and thus is the least risky option.
      Signed-off-by: default avatarDavid Rientjes <rientjes@google.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: Michal Hocko <mhocko@suse.com>
      Cc: Mel Gorman <mgorman@suse.de>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: Stefan Priebe - Profihost AG <s.priebe@profihost.ag>
      Cc: "Kirill A. Shutemov" <kirill@shutemov.name>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      19deb769
    • David Rientjes's avatar
      Revert "Revert "mm, thp: restore node-local hugepage allocations"" · ac79f78d
      David Rientjes authored
      This reverts commit a8282608.
      
      The commit references the original intended semantic for MADV_HUGEPAGE
      which has subsequently taken on three unique purposes:
      
       - enables or disables thp for a range of memory depending on the system's
         config (is thp "enabled" set to "always" or "madvise"),
      
       - determines the synchronous compaction behavior for thp allocations at
         fault (is thp "defrag" set to "always", "defer+madvise", or "madvise"),
         and
      
       - reverts a previous MADV_NOHUGEPAGE (there is no madvise mode to only
         clear previous hugepage advice).
      
      These are the three purposes that currently exist in 5.2 and over the
      past several years that userspace has been written around.  Adding a
      NUMA locality preference adds a fourth dimension to an already conflated
      advice mode.
      
      Based on the semantic that MADV_HUGEPAGE has provided over the past
      several years, there exist workloads that use the tunable based on these
      principles: specifically that the allocation should attempt to
      defragment a local node before falling back.  It is agreed that remote
      hugepages typically (but not always) have a better access latency than
      remote native pages, although on Naples this is at parity for
      intersocket.
      
      The revert commit that this patch reverts allows hugepage allocation to
      immediately allocate remotely when local memory is fragmented.  This is
      contrary to the semantic of MADV_HUGEPAGE over the past several years:
      that is, memory compaction should be attempted locally before falling
      back.
      
      The performance degradation of remote hugepages over local hugepages on
      Rome, for example, is 53.5% increased access latency.  For this reason,
      the goal is to revert back to the 5.2 and previous behavior that would
      attempt local defragmentation before falling back.  With the patch that
      is reverted by this patch, we see performance degradations at the tail
      because the allocator happily allocates the remote hugepage rather than
      even attempting to make a local hugepage available.
      
      zone_reclaim_mode is not a solution to this problem since it does not
      only impact hugepage allocations but rather changes the memory
      allocation strategy for *all* page allocations.
      Signed-off-by: default avatarDavid Rientjes <rientjes@google.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: Michal Hocko <mhocko@suse.com>
      Cc: Mel Gorman <mgorman@suse.de>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: Stefan Priebe - Profihost AG <s.priebe@profihost.ag>
      Cc: "Kirill A. Shutemov" <kirill@shutemov.name>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ac79f78d
    • Linus Torvalds's avatar
      Merge tag 'powerpc-5.4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · a2953204
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
       "An assortment of fixes that were either missed by me, or didn't arrive
        quite in time for the first v5.4 pull.
      
         - Most notable is a fix for an issue with tlbie (broadcast TLB
           invalidation) on Power9, when using the Radix MMU. The tlbie can
           race with an mtpid (move to PID register, essentially MMU context
           switch) on another thread of the core, which can cause stores to
           continue to go to a page after it's unmapped.
      
         - A fix in our KVM code to add a missing barrier, the lack of which
           has been observed to cause missed IPIs and subsequently stuck CPUs
           in the host.
      
         - A change to the way we initialise PCR (Processor Compatibility
           Register) to make it forward compatible with future CPUs.
      
         - On some older PowerVM systems our H_BLOCK_REMOVE support could
           oops, fix it to detect such systems and fallback to the old
           invalidation method.
      
         - A fix for an oops seen on some machines when using KASAN on 32-bit.
      
         - A handful of other minor fixes, and two new selftests.
      
        Thanks to: Alistair Popple, Aneesh Kumar K.V, Christophe Leroy,
        Gustavo Romero, Joel Stanley, Jordan Niethe, Laurent Dufour, Michael
        Roth, Oliver O'Halloran"
      
      * tag 'powerpc-5.4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/eeh: Fix eeh eeh_debugfs_break_device() with SRIOV devices
        powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error
        powerpc/nvdimm: Use HCALL error as the return value
        selftests/powerpc: Add test case for tlbie vs mtpidr ordering issue
        powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9
        powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag
        powerpc/book3s64/mm: Don't do tlbie fixup for some hardware revisions
        powerpc/pseries: Call H_BLOCK_REMOVE when supported
        powerpc/pseries: Read TLB Block Invalidate Characteristics
        KVM: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag
        powerpc/mm: Fix an Oops in kasan_mmu_init()
        powerpc/mm: Add a helper to select PAGE_KERNEL_RO or PAGE_READONLY
        powerpc/64s: Set reserved PCR bits
        powerpc: Fix definition of PCR bits to work with old binutils
        powerpc/book3s64/radix: Remove WARN_ON in destroy_context()
        powerpc/tm: Add tm-poison test
      a2953204
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · f19e00ee
      Linus Torvalds authored
      Pull x86 fix from Ingo Molnar:
       "A kexec fix for the case when GCC_PLUGIN_STACKLEAK=y is enabled"
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/purgatory: Disable the stackleak GCC plugin for the purgatory
      f19e00ee
    • Linus Torvalds's avatar
      Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 9c5efe9a
      Linus Torvalds authored
      Pull scheduler fixes from Ingo Molnar:
      
       - Apply a number of membarrier related fixes and cleanups, which fixes
         a use-after-free race in the membarrier code
      
       - Introduce proper RCU protection for tasks on the runqueue - to get
         rid of the subtle task_rcu_dereference() interface that was easy to
         get wrong
      
       - Misc fixes, but also an EAS speedup
      
      * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/fair: Avoid redundant EAS calculation
        sched/core: Remove double update_max_interval() call on CPU startup
        sched/core: Fix preempt_schedule() interrupt return comment
        sched/fair: Fix -Wunused-but-set-variable warnings
        sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr()
        sched/membarrier: Return -ENOMEM to userspace on memory allocation failure
        sched/membarrier: Skip IPIs when mm->mm_users == 1
        selftests, sched/membarrier: Add multi-threaded test
        sched/membarrier: Fix p->mm->membarrier_state racy load
        sched/membarrier: Call sync_core only before usermode for same mm
        sched/membarrier: Remove redundant check
        sched/membarrier: Fix private expedited registration check
        tasks, sched/core: RCUify the assignment of rq->curr
        tasks, sched/core: With a grace period after finish_task_switch(), remove unnecessary code
        tasks, sched/core: Ensure tasks are available for a grace period after leaving the runqueue
        tasks: Add a count of task RCU users
        sched/core: Convert vcpu_is_preempted() from macro to an inline function
        sched/fair: Remove unused cfs_rq_clock_task() function
      9c5efe9a
    • Linus Torvalds's avatar
      Merge branch 'next-lockdown' of... · aefcf2f4
      Linus Torvalds authored
      Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
      
      Pull kernel lockdown mode from James Morris:
       "This is the latest iteration of the kernel lockdown patchset, from
        Matthew Garrett, David Howells and others.
      
        From the original description:
      
          This patchset introduces an optional kernel lockdown feature,
          intended to strengthen the boundary between UID 0 and the kernel.
          When enabled, various pieces of kernel functionality are restricted.
          Applications that rely on low-level access to either hardware or the
          kernel may cease working as a result - therefore this should not be
          enabled without appropriate evaluation beforehand.
      
          The majority of mainstream distributions have been carrying variants
          of this patchset for many years now, so there's value in providing a
          doesn't meet every distribution requirement, but gets us much closer
          to not requiring external patches.
      
        There are two major changes since this was last proposed for mainline:
      
         - Separating lockdown from EFI secure boot. Background discussion is
           covered here: https://lwn.net/Articles/751061/
      
         -  Implementation as an LSM, with a default stackable lockdown LSM
            module. This allows the lockdown feature to be policy-driven,
            rather than encoding an implicit policy within the mechanism.
      
        The new locked_down LSM hook is provided to allow LSMs to make a
        policy decision around whether kernel functionality that would allow
        tampering with or examining the runtime state of the kernel should be
        permitted.
      
        The included lockdown LSM provides an implementation with a simple
        policy intended for general purpose use. This policy provides a coarse
        level of granularity, controllable via the kernel command line:
      
          lockdown={integrity|confidentiality}
      
        Enable the kernel lockdown feature. If set to integrity, kernel features
        that allow userland to modify the running kernel are disabled. If set to
        confidentiality, kernel features that allow userland to extract
        confidential information from the kernel are also disabled.
      
        This may also be controlled via /sys/kernel/security/lockdown and
        overriden by kernel configuration.
      
        New or existing LSMs may implement finer-grained controls of the
        lockdown features. Refer to the lockdown_reason documentation in
        include/linux/security.h for details.
      
        The lockdown feature has had signficant design feedback and review
        across many subsystems. This code has been in linux-next for some
        weeks, with a few fixes applied along the way.
      
        Stephen Rothwell noted that commit 9d1f8be5 ("bpf: Restrict bpf
        when kernel lockdown is in confidentiality mode") is missing a
        Signed-off-by from its author. Matthew responded that he is providing
        this under category (c) of the DCO"
      
      * 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (31 commits)
        kexec: Fix file verification on S390
        security: constify some arrays in lockdown LSM
        lockdown: Print current->comm in restriction messages
        efi: Restrict efivar_ssdt_load when the kernel is locked down
        tracefs: Restrict tracefs when the kernel is locked down
        debugfs: Restrict debugfs when the kernel is locked down
        kexec: Allow kexec_file() with appropriate IMA policy when locked down
        lockdown: Lock down perf when in confidentiality mode
        bpf: Restrict bpf when kernel lockdown is in confidentiality mode
        lockdown: Lock down tracing and perf kprobes when in confidentiality mode
        lockdown: Lock down /proc/kcore
        x86/mmiotrace: Lock down the testmmiotrace module
        lockdown: Lock down module params that specify hardware parameters (eg. ioport)
        lockdown: Lock down TIOCSSERIAL
        lockdown: Prohibit PCMCIA CIS storage when the kernel is locked down
        acpi: Disable ACPI table override if the kernel is locked down
        acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down
        ACPI: Limit access to custom_method when the kernel is locked down
        x86/msr: Restrict MSR access when the kernel is locked down
        x86: Lock down IO port access when the kernel is locked down
        ...
      aefcf2f4
    • Linus Torvalds's avatar
      Merge branch 'next-integrity' of... · f1f2f614
      Linus Torvalds authored
      Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity
      
      Pull integrity updates from Mimi Zohar:
       "The major feature in this time is IMA support for measuring and
        appraising appended file signatures. In addition are a couple of bug
        fixes and code cleanup to use struct_size().
      
        In addition to the PE/COFF and IMA xattr signatures, the kexec kernel
        image may be signed with an appended signature, using the same
        scripts/sign-file tool that is used to sign kernel modules.
      
        Similarly, the initramfs may contain an appended signature.
      
        This contained a lot of refactoring of the existing appended signature
        verification code, so that IMA could retain the existing framework of
        calculating the file hash once, storing it in the IMA measurement list
        and extending the TPM, verifying the file's integrity based on a file
        hash or signature (eg. xattrs), and adding an audit record containing
        the file hash, all based on policy. (The IMA support for appended
        signatures patch set was posted and reviewed 11 times.)
      
        The support for appended signature paves the way for adding other
        signature verification methods, such as fs-verity, based on a single
        system-wide policy. The file hash used for verifying the signature and
        the signature, itself, can be included in the IMA measurement list"
      
      * 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
        ima: ima_api: Use struct_size() in kzalloc()
        ima: use struct_size() in kzalloc()
        sefltest/ima: support appended signatures (modsig)
        ima: Fix use after free in ima_read_modsig()
        MODSIGN: make new include file self contained
        ima: fix freeing ongoing ahash_request
        ima: always return negative code for error
        ima: Store the measurement again when appraising a modsig
        ima: Define ima-modsig template
        ima: Collect modsig
        ima: Implement support for module-style appended signatures
        ima: Factor xattr_verify() out of ima_appraise_measurement()
        ima: Add modsig appraise_type option for module-style appended signatures
        integrity: Select CONFIG_KEYS instead of depending on it
        PKCS#7: Introduce pkcs7_get_digest()
        PKCS#7: Refactor verify_pkcs7_signature()
        MODSIGN: Export module signature definitions
        ima: initialize the "template" field with the default template
      f1f2f614
    • Linus Torvalds's avatar
      Merge tag 'nfsd-5.4' of git://linux-nfs.org/~bfields/linux · 298fb76a
      Linus Torvalds authored
      Pull nfsd updates from Bruce Fields:
       "Highlights:
      
         - Add a new knfsd file cache, so that we don't have to open and close
           on each (NFSv2/v3) READ or WRITE. This can speed up read and write
           in some cases. It also replaces our readahead cache.
      
         - Prevent silent data loss on write errors, by treating write errors
           like server reboots for the purposes of write caching, thus forcing
           clients to resend their writes.
      
         - Tweak the code that allocates sessions to be more forgiving, so
           that NFSv4.1 mounts are less likely to hang when a server already
           has a lot of clients.
      
         - Eliminate an arbitrary limit on NFSv4 ACL sizes; they should now be
           limited only by the backend filesystem and the maximum RPC size.
      
         - Allow the server to enforce use of the correct kerberos credentials
           when a client reclaims state after a reboot.
      
        And some miscellaneous smaller bugfixes and cleanup"
      
      * tag 'nfsd-5.4' of git://linux-nfs.org/~bfields/linux: (34 commits)
        sunrpc: clean up indentation issue
        nfsd: fix nfs read eof detection
        nfsd: Make nfsd_reset_boot_verifier_locked static
        nfsd: degraded slot-count more gracefully as allocation nears exhaustion.
        nfsd: handle drc over-allocation gracefully.
        nfsd: add support for upcall version 2
        nfsd: add a "GetVersion" upcall for nfsdcld
        nfsd: Reset the boot verifier on all write I/O errors
        nfsd: Don't garbage collect files that might contain write errors
        nfsd: Support the server resetting the boot verifier
        nfsd: nfsd_file cache entries should be per net namespace
        nfsd: eliminate an unnecessary acl size limit
        Deprecate nfsd fault injection
        nfsd: remove duplicated include from filecache.c
        nfsd: Fix the documentation for svcxdr_tmpalloc()
        nfsd: Fix up some unused variable warnings
        nfsd: close cached files prior to a REMOVE or RENAME that would replace target
        nfsd: rip out the raparms cache
        nfsd: have nfsd_test_lock use the nfsd_file cache
        nfsd: hook up nfs4_preprocess_stateid_op to the nfsd_file cache
        ...
      298fb76a
  5. 27 Sep, 2019 16 commits
    • Linus Torvalds's avatar
      Merge tag 'virtio-fs-5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse · 8f744bde
      Linus Torvalds authored
      Pull fuse virtio-fs support from Miklos Szeredi:
       "Virtio-fs allows exporting directory trees on the host and mounting
        them in guest(s).
      
        This isn't actually a new filesystem, but a glue layer between the
        fuse filesystem and a virtio based back-end.
      
        It's similar in functionality to the existing virtio-9p solution, but
        significantly faster in benchmarks and has better POSIX compliance.
        Further permformance improvements can be achieved by sharing the page
        cache between host and guest, allowing for faster I/O and reduced
        memory use.
      
        Kata Containers have been including the out-of-tree virtio-fs (with
        the shared page cache patches as well) since version 1.7 as an
        experimental feature. They have been active in development and plan to
        switch from virtio-9p to virtio-fs as their default solution. There
        has been interest from other sources as well.
      
        The userspace infrastructure is slated to be merged into qemu once the
        kernel part hits mainline.
      
        This was developed by Vivek Goyal, Dave Gilbert and Stefan Hajnoczi"
      
      * tag 'virtio-fs-5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
        virtio-fs: add virtiofs filesystem
        virtio-fs: add Documentation/filesystems/virtiofs.rst
        fuse: reserve values for mapping protocol
      8f744bde
    • Linus Torvalds's avatar
      Merge tag '9p-for-5.4' of git://github.com/martinetd/linux · 9977b1a7
      Linus Torvalds authored
      Pull 9p updates from Dominique Martinet:
       "Some of the usual small fixes and cleanup.
      
        Small fixes all around:
         - avoid overlayfs copy-up for PRIVATE mmaps
         - KUMSAN uninitialized warning for transport error
         - one syzbot memory leak fix in 9p cache
         - internal API cleanup for v9fs_fill_super"
      
      * tag '9p-for-5.4' of git://github.com/martinetd/linux:
        9p/vfs_super.c: Remove unused parameter data in v9fs_fill_super
        9p/cache.c: Fix memory leak in v9fs_cache_session_get_cookie
        9p: Transport error uninitialized
        9p: avoid attaching writeback_fid on mmap with type PRIVATE
      9977b1a7
    • Linus Torvalds's avatar
      Merge tag 'riscv/for-v5.4-rc1-b' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · 568d850e
      Linus Torvalds authored
      Pull more RISC-V updates from Paul Walmsley:
       "Some additional RISC-V updates.
      
        This includes one significant fix:
      
         - Prevent interrupts from being unconditionally re-enabled during
           exception handling if they were disabled in the context in which
           the exception occurred
      
        Also a few other fixes:
      
         - Fix a build error when sparse memory support is manually enabled
      
         - Prevent CPUs beyond CONFIG_NR_CPUS from being enabled in early boot
      
        And a few minor improvements:
      
         - DT improvements: in the FU540 SoC DT files, improve U-Boot
           compatibility by adding an "ethernet0" alias, drop an unnecessary
           property from the DT files, and add support for the PWM device
      
         - KVM preparation: add a KVM-related macro for future RISC-V KVM
           support, and export some symbols required to build KVM support as
           modules
      
         - defconfig additions: build more drivers by default for QEMU
           configurations"
      
      * tag 'riscv/for-v5.4-rc1-b' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
        riscv: Avoid interrupts being erroneously enabled in handle_exception()
        riscv: dts: sifive: Drop "clock-frequency" property of cpu nodes
        riscv: dts: sifive: Add ethernet0 to the aliases node
        RISC-V: Export kernel symbols for kvm
        KVM: RISC-V: Add KVM_REG_RISCV for ONE_REG interface
        arch/riscv: disable excess harts before picking main boot hart
        RISC-V: Enable VIRTIO drivers in RV64 and RV32 defconfig
        RISC-V: Fix building error when CONFIG_SPARSEMEM_MANUAL=y
        riscv: dts: Add DT support for SiFive FU540 PWM driver
      568d850e
    • Linus Torvalds's avatar
      Merge tag 'nios2-v5.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/lftan/nios2 · 70570a64
      Linus Torvalds authored
      Pull nios2 fix from Ley Foon Tan:
       "Make sure the command line buffer is NUL-terminated"
      
      * tag 'nios2-v5.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/lftan/nios2:
        nios2: force the string buffer NULL-terminated
      70570a64
    • Navid Emamdoost's avatar
      ieee802154: ca8210: prevent memory leak · 6402939e
      Navid Emamdoost authored
      In ca8210_probe the allocated pdata needs to be assigned to
      spi_device->dev.platform_data before calling ca8210_get_platform_data.
      Othrwise when ca8210_get_platform_data fails pdata cannot be released.
      Signed-off-by: default avatarNavid Emamdoost <navid.emamdoost@gmail.com>
      Link: https://lore.kernel.org/r/20190917224713.26371-1-navid.emamdoost@gmail.comSigned-off-by: default avatarStefan Schmidt <stefan@datenfreihafen.org>
      6402939e
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 8bbe0dec
      Linus Torvalds authored
      Pull more KVM updates from Paolo Bonzini:
       "x86 KVM changes:
      
         - The usual accuracy improvements for nested virtualization
      
         - The usual round of code cleanups from Sean
      
         - Added back optimizations that were prematurely removed in 5.2 (the
           bare minimum needed to fix the regression was in 5.3-rc8, here
           comes the rest)
      
         - Support for UMWAIT/UMONITOR/TPAUSE
      
         - Direct L2->L0 TLB flushing when L0 is Hyper-V and L1 is KVM
      
         - Tell Windows guests if SMT is disabled on the host
      
         - More accurate detection of vmexit cost
      
         - Revert a pvqspinlock pessimization"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (56 commits)
        KVM: nVMX: cleanup and fix host 64-bit mode checks
        KVM: vmx: fix build warnings in hv_enable_direct_tlbflush() on i386
        KVM: x86: Don't check kvm_rebooting in __kvm_handle_fault_on_reboot()
        KVM: x86: Drop ____kvm_handle_fault_on_reboot()
        KVM: VMX: Add error handling to VMREAD helper
        KVM: VMX: Optimize VMX instruction error and fault handling
        KVM: x86: Check kvm_rebooting in kvm_spurious_fault()
        KVM: selftests: fix ucall on x86
        Revert "locking/pvqspinlock: Don't wait if vCPU is preempted"
        kvm: nvmx: limit atomic switch MSRs
        kvm: svm: Intercept RDPRU
        kvm: x86: Add "significant index" flag to a few CPUID leaves
        KVM: x86/mmu: Skip invalid pages during zapping iff root_count is zero
        KVM: x86/mmu: Explicitly track only a single invalid mmu generation
        KVM: x86/mmu: Revert "KVM: x86/mmu: Remove is_obsolete() call"
        KVM: x86/mmu: Revert "Revert "KVM: MMU: reclaim the zapped-obsolete page first""
        KVM: x86/mmu: Revert "Revert "KVM: MMU: collapse TLB flushes when zap all pages""
        KVM: x86/mmu: Revert "Revert "KVM: MMU: zap pages in batch""
        KVM: x86/mmu: Revert "Revert "KVM: MMU: add tracepoint for kvm_mmu_invalidate_all_pages""
        KVM: x86/mmu: Revert "Revert "KVM: MMU: show mmu_valid_gen in shadow page related tracepoints""
        ...
      8bbe0dec
    • Linus Torvalds's avatar
      Merge tag 'pwm/for-5.4-rc1' of... · e37e3bc7
      Linus Torvalds authored
      Merge tag 'pwm/for-5.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm
      
      Pull pwm updates from Thierry Reding:
       "Besides one new driver being added for the PWM controller found in
        various Spreadtrum SoCs, this series of changes brings a slew of,
        mostly minor, fixes and cleanups for existing drivers, as well as some
        enhancements to the core code.
      
        Lastly, Uwe is added to the PWM subsystem entry of the MAINTAINERS
        file, making official his role as a reviewer"
      
      * tag 'pwm/for-5.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm: (34 commits)
        MAINTAINERS: Add myself as reviewer for the PWM subsystem
        MAINTAINERS: Add patchwork link for PWM entry
        MAINTAINERS: Add a selection of PWM related keywords to the PWM entry
        pwm: mediatek: Add MT7629 compatible string
        dt-bindings: pwm: Update bindings for MT7629 SoC
        pwm: mediatek: Update license and switch to SPDX tag
        pwm: mediatek: Use pwm_mediatek as common prefix
        pwm: mediatek: Allocate the clks array dynamically
        pwm: mediatek: Remove the has_clks field
        pwm: mediatek: Drop the check for of_device_get_match_data()
        pwm: atmel: Consolidate driver data initialization
        pwm: atmel: Remove unneeded check for match data
        pwm: atmel: Remove platform_device_id and use only dt bindings
        pwm: stm32-lp: Add check in case requested period cannot be achieved
        pwm: Ensure pwm_apply_state() doesn't modify the state argument
        pwm: fsl-ftm: Don't update the state for the caller of pwm_apply_state()
        pwm: sun4i: Don't update the state for the caller of pwm_apply_state()
        pwm: rockchip: Don't update the state for the caller of pwm_apply_state()
        pwm: Let pwm_get_state() return the last implemented state
        pwm: Introduce local struct pwm_chip in pwm_apply_state()
        ...
      e37e3bc7
    • Linus Torvalds's avatar
      Merge tag 'for-5.4/io_uring-2019-09-27' of git://git.kernel.dk/linux-block · 738f531d
      Linus Torvalds authored
      Pull more io_uring updates from Jens Axboe:
       "Just two things in here:
      
         - Improvement to the io_uring CQ ring wakeup for batched IO (me)
      
         - Fix wrong comparison in poll handling (yangerkun)
      
        I realize the first one is a little late in the game, but it felt
        pointless to hold it off until the next release. Went through various
        testing and reviews with Pavel and peterz"
      
      * tag 'for-5.4/io_uring-2019-09-27' of git://git.kernel.dk/linux-block:
        io_uring: make CQ ring wakeups be more efficient
        io_uring: compare cached_cq_tail with cq.head in_io_uring_poll
      738f531d
    • Colin Ian King's avatar
      net: tap: clean up an indentation issue · faeacb6d
      Colin Ian King authored
      There is a statement that is indented too deeply, remove
      the extraneous tab.
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      faeacb6d
    • Linus Torvalds's avatar
      Merge tag 'for-linus-2019-09-27' of git://git.kernel.dk/linux-block · 47db9b9a
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "A few fixes/changes to round off this merge window. This contains:
      
         - Small series making some functional tweaks to blk-iocost (Tejun)
      
         - Elevator switch locking fix (Ming)
      
         - Kill redundant call in blk-wbt (Yufen)
      
         - Fix flush timeout handling (Yufen)"
      
      * tag 'for-linus-2019-09-27' of git://git.kernel.dk/linux-block:
        block: fix null pointer dereference in blk_mq_rq_timed_out()
        rq-qos: get rid of redundant wbt_update_limits()
        iocost: bump up default latency targets for hard disks
        iocost: improve nr_lagging handling
        iocost: better trace vrate changes
        block: don't release queue's sysfs lock during switching elevator
        blk-mq: move lockdep_assert_held() into elevator_exit
      47db9b9a
    • Navid Emamdoost's avatar
      nfp: abm: fix memory leak in nfp_abm_u32_knode_replace · 78beef62
      Navid Emamdoost authored
      In nfp_abm_u32_knode_replace if the allocation for match fails it should
      go to the error handling instead of returning. Updated other gotos to
      have correct errno returned, too.
      Signed-off-by: default avatarNavid Emamdoost <navid.emamdoost@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      78beef62
    • Eric Dumazet's avatar
      tcp: better handle TCP_USER_TIMEOUT in SYN_SENT state · a41e8a88
      Eric Dumazet authored
      Yuchung Cheng and Marek Majkowski independently reported a weird
      behavior of TCP_USER_TIMEOUT option when used at connect() time.
      
      When the TCP_USER_TIMEOUT is reached, tcp_write_timeout()
      believes the flow should live, and the following condition
      in tcp_clamp_rto_to_user_timeout() programs one jiffie timers :
      
          remaining = icsk->icsk_user_timeout - elapsed;
          if (remaining <= 0)
              return 1; /* user timeout has passed; fire ASAP */
      
      This silly situation ends when the max syn rtx count is reached.
      
      This patch makes sure we honor both TCP_SYNCNT and TCP_USER_TIMEOUT,
      avoiding these spurious SYN packets.
      
      Fixes: b701a99e ("tcp: Add tcp_clamp_rto_to_user_timeout() helper to improve accuracy")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarYuchung Cheng <ycheng@google.com>
      Reported-by: default avatarMarek Majkowski <marek@cloudflare.com>
      Cc: Jon Maxwell <jmaxwell37@gmail.com>
      Link: https://marc.info/?l=linux-netdev&m=156940118307949&w=2Acked-by: default avatarJon Maxwell <jmaxwell37@gmail.com>
      Tested-by: default avatarMarek Majkowski <marek@cloudflare.com>
      Signed-off-by: default avatarMarek Majkowski <marek@cloudflare.com>
      Acked-by: default avatarYuchung Cheng <ycheng@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a41e8a88
    • Florian Westphal's avatar
      sk_buff: drop all skb extensions on free and skb scrubbing · 174e2381
      Florian Westphal authored
      Now that we have a 3rd extension, add a new helper that drops the
      extension space and use it when we need to scrub an sk_buff.
      
      At this time, scrubbing clears secpath and bridge netfilter data, but
      retains the tc skb extension, after this patch all three get cleared.
      
      NAPI reuse/free assumes we can only have a secpath attached to skb, but
      it seems better to clear all extensions there as well.
      
      v2: add unlikely hint (Eric Dumazet)
      
      Fixes: 95a7233c ("net: openvswitch: Set OvS recirc_id from tc chain index")
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      174e2381
    • Kevin(Yudong) Yang's avatar
      tcp_bbr: fix quantization code to not raise cwnd if not probing bandwidth · 6b3656a6
      Kevin(Yudong) Yang authored
      There was a bug in the previous logic that attempted to ensure gain cycling
      gets inflight above BDP even for small BDPs. This code correctly raised and
      lowered target inflight values during the gain cycle. And this code
      correctly ensured that cwnd was raised when probing bandwidth. However, it
      did not correspondingly ensure that cwnd was *not* raised in this way when
      *not* probing for bandwidth. The result was that small-BDP flows that were
      always cwnd-bound could go for many cycles with a fixed cwnd, and not probe
      or yield bandwidth at all. This meant that multiple small-BDP flows could
      fail to converge in their bandwidth allocations.
      
      Fixes: 3c346b233c68 ("tcp_bbr: fix bw probing to raise in-flight data for very small BDPs")
      Signed-off-by: default avatarKevin(Yudong) Yang <yyd@google.com>
      Acked-by: default avatarNeal Cardwell <ncardwell@google.com>
      Acked-by: default avatarYuchung Cheng <ycheng@google.com>
      Acked-by: default avatarSoheil Hassas Yeganeh <soheil@google.com>
      Acked-by: default avatarPriyaranjan Jha <priyarjha@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6b3656a6
    • Linus Torvalds's avatar
      Merge branch 'for-5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux · d0e00bc5
      Linus Torvalds authored
      Pull thermal management updates from Zhang Rui:
      
       - Add Amit Kucheria as thermal subsystem Reviewer (Amit Kucheria)
      
       - Fix a use after free bug when unregistering thermal zone devices (Ido
         Schimmel)
      
       - Fix thermal core framework to use put_device() when device_register()
         fails (Yue Hu)
      
       - Enable intel_pch_thermal and MMIO RAPL support for Intel Icelake
         platform (Srinivas Pandruvada)
      
       - Add clock operations in qorip thermal driver, for some platforms with
         clock control like i.MX8MQ (Anson Huang)
      
       - A couple of trivial fixes and cleanups for thermal core and different
         soc thermal drivers (Amit Kucheria, Christophe JAILLET, Chuhong Yuan,
         Fuqian Huang, Kelsey Skunberg, Nathan Huckleberry, Rishi Gupta,
         Srinivas Kandagatla)
      
      * 'for-5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux:
        MAINTAINERS: Add Amit Kucheria as reviewer for thermal
        thermal: Add some error messages
        thermal: Fix use-after-free when unregistering thermal zone device
        thermal/drivers/core: Use put_device() if device_register() fails
        thermal_hwmon: Sanitize thermal_zone type
        thermal: intel: Use dev_get_drvdata
        thermal: intel: int3403: replace printk(KERN_WARN...) with pr_warn(...)
        thermal: intel: int340x_thermal: Remove unnecessary acpi_has_method() uses
        thermal: int340x: processor_thermal: Add Ice Lake support
        drivers: thermal: qcom: tsens: Fix memory leak from qfprom read
        thermal: tegra: Fix a typo
        thermal: rcar_gen3_thermal: Replace devm_add_action() followed by failure action with devm_add_action_or_reset()
        thermal: armada: Fix -Wshift-negative-value
        dt-bindings: thermal: qoriq: Add optional clocks property
        thermal: qoriq: Use __maybe_unused instead of #if CONFIG_PM_SLEEP
        thermal: qoriq: Use devm_platform_ioremap_resource() instead of of_iomap()
        thermal: qoriq: Fix error path of calling qoriq_tmu_register_tmu_zone fail
        thermal: qoriq: Add clock operations
        drivers: thermal: processor_thermal_device: Export sysfs interface for TCC offset
      d0e00bc5
    • David S. Miller's avatar
      Merge branch 'mlxsw-Various-fixes' · 94e7e5da
      David S. Miller authored
      Ido Schimmel says:
      
      ====================
      mlxsw: Various fixes
      
      This patchset includes two small fixes for the mlxsw driver and one
      patch which clarifies recently introduced devlink-trap documentation.
      
      Patch #1 clears the port's VLAN filters during port initialization. This
      ensures that the drop reason reported to the user is consistent. The
      problem is explained in detail in the commit message.
      
      Patch #2 clarifies the description of one of the traps exposed via
      devlink-trap.
      
      Patch #3 from Danielle forbids the installation of a tc filter with
      multiple mirror actions since this is not supported by the device. The
      failure is communicated to the user via extack.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      94e7e5da