- 25 Feb, 2018 40 commits
-
-
Jann Horn authored
[ Upstream commit 6ab40511 ] Check whether inputs from userspace are too long (explicit length field too big or string not null-terminated) to avoid out-of-bounds reads. As far as I can tell, this can at worst lead to very limited kernel heap memory disclosure or oopses. This bug can be triggered by an unprivileged user even if the xt_bpf module is not loaded: iptables is available in network namespaces, and the xt_bpf module can be autoloaded. Triggering the bug with a classic BPF filter with fake length 0x1000 causes the following KASAN report: ================================================================== BUG: KASAN: slab-out-of-bounds in bpf_prog_create+0x84/0xf0 Read of size 32768 at addr ffff8801eff2c494 by task test/4627 CPU: 0 PID: 4627 Comm: test Not tainted 4.15.0-rc1+ #1 [...] Call Trace: dump_stack+0x5c/0x85 print_address_description+0x6a/0x260 kasan_report+0x254/0x370 ? bpf_prog_create+0x84/0xf0 memcpy+0x1f/0x50 bpf_prog_create+0x84/0xf0 bpf_mt_check+0x90/0xd6 [xt_bpf] [...] Allocated by task 4627: kasan_kmalloc+0xa0/0xd0 __kmalloc_node+0x47/0x60 xt_alloc_table_info+0x41/0x70 [x_tables] [...] The buggy address belongs to the object at ffff8801eff2c3c0 which belongs to the cache kmalloc-2048 of size 2048 The buggy address is located 212 bytes inside of 2048-byte region [ffff8801eff2c3c0, ffff8801eff2cbc0) [...] ================================================================== Fixes: e6f30c73 ("netfilter: x_tables: add xt_bpf match") Signed-off-by:
Jann Horn <jannh@google.com> Signed-off-by:
Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by:
Sasha Levin <alexander.levin@verizon.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Aviv Heller authored
[ Upstream commit 4ce3dbe3 ] Code path when (encap_type < 0) does not verify the state is valid before progressing. This will result in a crash if, for instance, x->km.state == XFRM_STATE_ACQ. Fixes: 7785bba2 ("esp: Add a software GRO codepath") Signed-off-by:
Aviv Heller <avivh@mellanox.com> Signed-off-by:
Yevgeny Kliteynik <kliteyn@mellanox.com> Signed-off-by:
Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by:
-
Gustavo A. R. Silva authored
[ Upstream commit 62a277d4 ] _xt_ is being dereferenced before it is null checked, hence there is a potential null pointer dereference. Fix this by moving the pointer dereference after _xt_ has been null checked. This issue was detected with the help of Coccinelle. Fixes: 4483320e ("dmaengine: Use Pointer xt after NULL check.") Signed-off-by:
Gustavo A. R. Silva <garsilva@embeddedor.com> Acked-by:
Ludovic Desroches <ludovic.desroches@microchip.com> Signed-off-by:
Vinod Koul <vinod.koul@intel.com> Signed-off-by:
-
Christophe JAILLET authored
[ Upstream commit 5c9afbda ] If the last test in 'ioat_dma_self_test()' fails, we must release all the allocated resources and not just part of them. Signed-off-by:
Christophe JAILLET <christophe.jaillet@wanadoo.fr> Acked-by:
Dave Jiang <dave.jiang@intel.com> Signed-off-by:
-
Arnd Bergmann authored
commit 48d83282 upstream. A regression fix introduced a harmless type mismatch warning: drivers/scsi/bfa/bfad_bsg.c: In function 'bfad_im_bsg_vendor_request': drivers/scsi/bfa/bfad_bsg.c:3137:35: error: initialization of 'struct bfad_im_port_s *' from 'long unsigned int' makes pointer from integer without a cast [-Werror=int-conversion] struct bfad_im_port_s *im_port = shost->hostdata[0]; ^~~~~ drivers/scsi/bfa/bfad_bsg.c: In function 'bfad_im_bsg_els_ct_request': drivers/scsi/bfa/bfad_bsg.c:3353:35: error: initialization of 'struct bfad_im_port_s *' from 'long unsigned int' makes pointer from integer without a cast [-Werror=int-conversion] struct bfad_im_port_s *im_port = shost->hostdata[0]; This changes the code back to shost_priv() once more, but encapsulates it in an inline function to document the rather unusual way of using the private data only as a pointer to the previously allocated structure. I did not try to get rid of the extra indirection level entirely, which would have been rather invasive and required reworking the entire initialization sequence. Fixes: 45349821 ("scsi: bfa: fix access to bfad_im_port_s") Signed-off-by:
Arnd Bergmann <arnd@arndb.de> Reviewed-by:
Johannes Thumshirn <jthumshirn@suse.de> Reviewed-by:
Hannes Reinecke <hare@suse.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com> Cc: Sasha Levin <Alexander.Levin@microsoft.com> Signed-off-by:
-
Johannes Thumshirn authored
[ Upstream commit 45349821 ] Commit 'cd21c605 ("scsi: fc: provide fc_bsg_to_shost() helper")' changed access to bfa's 'struct bfad_im_port_s' by using shost_priv() instead of shost->hostdata[0]. This lead to crashes like in the following back-trace: task: ffff880046375300 ti: ffff8800a2ef8000 task.ti: ffff8800a2ef8000 RIP: e030:[<ffffffffa04c8252>] [<ffffffffa04c8252>] bfa_fcport_get_attr+0x82/0x260 [bfa] RSP: e02b:ffff8800a2efba10 EFLAGS: 00010046 RAX: 575f415441536432 RBX: ffff8800a2efba28 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff8800a2efba28 RDI: ffff880004dc31d8 RBP: ffff880004dc31d8 R08: 0000000000000000 R09: 0000000000000001 R10: ffff88011fadc468 R11: 0000000000000001 R12: ffff880004dc31f0 R13: 0000000000000200 R14: ffff880004dc61d0 R15: ffff880004947a10 FS: 00007feb1e489700(0000) GS:ffff88011fac0000(0000) knlGS:0000000000000000 CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 00007ffe14e46c10 CR3: 00000000957b8000 CR4: 0000000000000660 Stack: ffff88001d4da000 ffff880004dc31c0 ffffffffa048a9df ffffffff81e56380 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [] bfad_iocmd_ioc_get_info+0x4f/0x220 [bfa] [] bfad_iocmd_handler+0xa00/0xd40 [bfa] [] bfad_im_bsg_request+0xee/0x1b0 [bfa] [] fc_bsg_dispatch+0x10b/0x1b0 [scsi_transport_fc] [] bsg_request_fn+0x11d/0x1c0 [] __blk_run_queue+0x2f/0x40 [] blk_execute_rq_nowait+0xa8/0x160 [] blk_execute_rq+0x77/0x120 [] bsg_ioctl+0x1b6/0x200 [] do_vfs_ioctl+0x2cd/0x4a0 [] SyS_ioctl+0x74/0x80 [] entry_SYSCALL_64_fastpath+0x12/0x6d Fixes: cd21c605 ("scsi: fc: provide fc_bsg_to_shost() helper") Signed-off-by:
-
Dan Carpenter authored
[ Upstream commit 9816ef6e ] The error message dereferences "rqb_entry" so we need to print it first and then free the buffer. Fixes: 6c621a22 ("scsi: lpfc: Separate NVMET RQ buffer posting from IO resources SGL/iocbq/context") Signed-off-by:
Dan Carpenter <dan.carpenter@oracle.com> Acked-by:
Dick Kennedy <dick.kennedy@broadcom.com> Signed-off-by:
-
Claudiu Manoil authored
[ Upstream commit b6b5e8a6 ] This controller does not support EEE, but it may connect to a PHY which supports EEE and advertises EEE by default, while its link partner also advertises EEE. If this happens, the PHY enters low power mode when the traffic rate is low and causes packet loss. This patch disables EEE advertisement by default for any PHY that gianfar connects to, to prevent the above unwanted outcome. Signed-off-by:
Shaohui Xie <Shaohui.Xie@nxp.com> Tested-by:
Yangbo Lu <Yangbo.lu@nxp.com> Signed-off-by:
Claudiu Manoil <claudiu.manoil@nxp.com> Reviewed-by:
Andrew Lunn <andrew@lunn.ch> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
-
Eric Biggers authored
[ Upstream commit 8dfd2f22 ] Callers of sprint_oid() do not check its return value before printing the result. In the case where the OID is zero-length, -EBADMSG was being returned without anything being written to the buffer, resulting in uninitialized stack memory being printed. Fix this by writing "(bad)" to the buffer in the cases where -EBADMSG is returned. Fixes: 4f73175d ("X.509: Add utility functions to render OIDs as strings") Signed-off-by:
Eric Biggers <ebiggers@google.com> Signed-off-by:
David Howells <dhowells@redhat.com> Signed-off-by:
-
Andrew Lunn authored
[ Upstream commit 3126aeec ] The MDIO busses need to be unregistered before they are freed, otherwise BUG() is called. Add a call to the unregister code if the registration fails, since we can have multiple busses, of which some may correctly register before one fails. This requires moving the code around a little. Fixes: a3c53be5 ("net: dsa: mv88e6xxx: Support multiple MDIO busses") Signed-off-by:
Vivien Didelot <vivien.didelot@savoirfairelinux.com> Signed-off-by:
-
Andrew Lunn authored
[ Upstream commit 3d5fdba1 ] When removing the interrupt handling code, we should mask the generation of interrupts. The code however unmasked all interrupts. This can then cause a new interrupt. We then get into a deadlock where the interrupt thread is waiting to run, and the code continues, trying to remove the interrupt handler, which means waiting for the thread to complete. On a UP machine this deadlocks. Fix so we really mask interrupts in the hardware. The same error is made in the error path when install the interrupt handling code. Fixes: 3460a577 ("net: dsa: mv88e6xxx: Mask g1 interrupts and free interrupt") Signed-off-by:
-
Branislav Radocaj authored
[ Upstream commit e46772a6 ] If clk_set_rate() fails, we should disable clk before return. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by:
Branislav Radocaj <branislav@radocaj.org> Signed-off-by:
-
Yunjian Wang authored
[ Upstream commit 03e9f8a0 ] The function virtqueue_get_buf_ctx() could return NULL, the return value 'buf' need to be checked with NULL, not value 'ctx'. Signed-off-by:
Yunjian Wang <wangyunjian@huawei.com> Signed-off-by:
Michael S. Tsirkin <mst@redhat.com> Signed-off-by:
-
Andy Shevchenko authored
[ Upstream commit 51ef7925 ] When I run make W=1 on gcc (Debian 7.2.0-16) 7.2.0 I got an error for the first run, all next ones are okay. CC [M] drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.o drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c:2078: error: Cannot parse struct or union! scripts/Makefile.build:310: recipe for target 'drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.o' failed Seems like something happened with W=1 and wrong kernel doc format. As a quick fix remove dubious /** in the code. Signed-off-by:
Andy Shevchenko <andriy.shevchenko@linux.intel.com> Acked-by:
Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by:
Kalle Valo <kvalo@codeaurora.org> Signed-off-by:
-
Nikolay Borisov authored
[ Upstream commit c8bcbfbd ] The name char array passed to btrfs_search_path_in_tree is of size BTRFS_INO_LOOKUP_PATH_MAX (4080). So the actual accessible char indexes are in the range of [0, 4079]. Currently the code uses the define but this represents an off-by-one. Implications: Size of btrfs_ioctl_ino_lookup_args is 4096, so the new byte will be written to extra space, not some padding that could be provided by the allocator. btrfs-progs store the arguments on stack, but kernel does own copy of the ioctl buffer and the off-by-one overwrite does not affect userspace, but the ending 0 might be lost. Kernel ioctl buffer is allocated dynamically so we're overwriting somebody else's memory, and the ioctl is privileged if args.objectid is not 256. Which is in most cases, but resolving a subvolume stored in another directory will trigger that path. Before this patch the buffer was one byte larger, but then the -1 was not added. Fixes: ac8e9819 ("Btrfs: add search and inode lookup ioctls") Signed-off-by:
Nikolay Borisov <nborisov@suse.com> Reviewed-by:
David Sterba <dsterba@suse.com> [ added implications ] Signed-off-by:
-
Omar Sandoval authored
[ Upstream commit 1b9e619c ] I was seeing disk flushes still happening when I mounted a Btrfs filesystem with nobarrier for testing. This is because we use FUA to write out the first super block, and on devices without FUA support, the block layer translates FUA to a flush. Even on devices supporting true FUA, using FUA when we asked for no barriers is surprising. Fixes: 387125fc ("Btrfs: fix barrier flushes") Signed-off-by:
Omar Sandoval <osandov@fb.com> Reviewed-by:
Qu Wenruo <wqu@suse.com> Reviewed-by:
-
Justin Maggard authored
[ Upstream commit b430b775 ] Commit c6887cd1 ("Btrfs: don't do nocow check unless we have to") changed the behavior of __btrfs_buffered_write() so that it first tries to get a data space reservation, and then skips the relatively expensive nocow check if the reservation succeeded. If we have quotas enabled, the data space reservation also includes a quota reservation. But in the rewrite case, the space has already been accounted for in qgroups. So btrfs_check_data_free_space() increases the quota reservation, but it never gets decreased when the data actually gets written and overwrites the pre-existing data. So we're left with both the qgroup and qgroup reservation accounting for the same space. This commit adds the missing btrfs_qgroup_free_data() call in the case of BTRFS_ORDERED_PREALLOC extents. Fixes: c6887cd1 ("Btrfs: don't do nocow check unless we have to") Signed-off-by:
Justin Maggard <jmaggard@netgear.com> Reviewed-by:
-
Peter Zijlstra authored
[ Upstream commit 5e351ad1 ] We can't invalidate xhlocks when we've not yet allocated any. Reported-by:
Dmitry Vyukov <dvyukov@google.com> Signed-off-by:
Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-kernel@vger.kernel.org Fixes: f52be570 ("locking/lockdep: Untangle xhlock history save/restore from task independence") Signed-off-by:
Ingo Molnar <mingo@kernel.org> Signed-off-by:
-
Subash Abhinov Kasiviswanathan authored
[ Upstream commit c20a5487 ] If a skb in transmit path does not have sufficient headroom to add the map header, the skb is not sent out and is never freed. Fixes: ceed73a2 ("drivers: net: ethernet: qualcomm: rmnet: Initial implementation") Signed-off-by:
Subash Abhinov Kasiviswanathan <subashab@codeaurora.org> Signed-off-by:
-
Jim Mattson authored
[ Upstream commit 2895db67 ] vmx_io_bitmap_b should not be allocated twice. Fixes: 23611332 ("KVM: VMX: refactor setup of global page-sized bitmaps") Signed-off-by:
Jim Mattson <jmattson@google.com> Reviewed-by:
Krish Sadhukhan <krish.sadhukhan@oracle.com> Reviewed-by:
David Hildenbrand <david@redhat.com> Signed-off-by:
Radim Krčmář <rkrcmar@redhat.com> Signed-off-by:
-
Stefan Hajnoczi authored
[ Upstream commit c9d3fe9d ] Since commit 3b4477d2 ("VSOCK: use TCP state constants for sk_state") VSOCK has used TCP_* constants for sk_state. Commit b4562ca7 ("hv_sock: add locking in the open/close/release code paths") reintroduced the SS_DISCONNECTING constant. This patch replaces the old SS_DISCONNECTING with the new TCP_CLOSING constant. CC: Dexuan Cui <decui@microsoft.com> CC: Cathy Avery <cavery@redhat.com> Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by:
Jorgen Hansen <jhansen@vmware.com> Signed-off-by:
-
Nogah Frankel authored
[ Upstream commit 8afa10cb ] Check the qmin & qmax values doesn't overflow for the given Wlog value. Check that qmin <= qmax. Fixes: a7834745 ("[PKT_SCHED]: Generic RED layer") Signed-off-by:
Nogah Frankel <nogahf@mellanox.com> Signed-off-by:
-
Nogah Frankel authored
[ Upstream commit 5c472203 ] Do not allow delta value to be zero since it is used as a divisor. Fixes: 8af2a218 ("sch_red: Adaptative RED AQM") Signed-off-by:
-
Zumeng Chen authored
[ Upstream commit 58117672 ] According to LS1021A RM, the value of PAL can be set so that the start of the IP header in the receive data buffer is aligned to a 32-bit boundary. Normally, setting PAL = 2 provides minimal padding to ensure such alignment of the IP header. However every incoming packet's 8-byte time stamp will be inserted into the packet data buffer as padding alignment bytes when hardware time stamping is enabled. So we set the padding 8+2 here to avoid the flooded alignment faults: root@128:~# cat /proc/cpu/alignment User: 0 System: 17539 (inet_gro_receive+0x114/0x2c0) Skipped: 0 Half: 0 Word: 0 DWord: 0 Multi: 17539 User faults: 2 (fixup) Also shown when exception report enablement CPU: 0 PID: 161 Comm: irq/66-eth1_g0_ Not tainted 4.1.21-rt13-WR8.0.0.0_preempt-rt #16 Hardware name: Freescale LS1021A [<8001b420>] (unwind_backtrace) from [<8001476c>] (show_stack+0x20/0x24) [<8001476c>] (show_stack) from [<807cfb48>] (dump_stack+0x94/0xac) [<807cfb48>] (dump_stack) from [<80025d70>] (do_alignment+0x720/0x958) [<80025d70>] (do_alignment) from [<80009224>] (do_DataAbort+0x40/0xbc) [<80009224>] (do_DataAbort) from [<80015398>] (__dabt_svc+0x38/0x60) Exception stack(0x86ad1cc0 to 0x86ad1d08) 1cc0: f9b3e080 86b3d072 2d78d287 00000000 866816c0 86b3d05e 86e785d0 00000000 1ce0: 00000011 0000000e 80840ab0 86ad1d3c 86ad1d08 86ad1d08 806d7fc0 806d806c 1d00: 40070013 ffffffff [<80015398>] (__dabt_svc) from [<806d806c>] (inet_gro_receive+0x114/0x2c0) [<806d806c>] (inet_gro_receive) from [<80660eec>] (dev_gro_receive+0x21c/0x3c0) [<80660eec>] (dev_gro_receive) from [<8066133c>] (napi_gro_receive+0x44/0x17c) [<8066133c>] (napi_gro_receive) from [<804f0538>] (gfar_clean_rx_ring+0x39c/0x7d4) [<804f0538>] (gfar_clean_rx_ring) from [<804f0bf4>] (gfar_poll_rx_sq+0x58/0xe0) [<804f0bf4>] (gfar_poll_rx_sq) from [<80660b10>] (net_rx_action+0x27c/0x43c) [<80660b10>] (net_rx_action) from [<80033638>] (do_current_softirqs+0x1e0/0x3dc) [<80033638>] (do_current_softirqs) from [<800338c4>] (__local_bh_enable+0x90/0xa8) [<800338c4>] (__local_bh_enable) from [<8008025c>] (irq_forced_thread_fn+0x70/0x84) [<8008025c>] (irq_forced_thread_fn) from [<800805e8>] (irq_thread+0x16c/0x244) [<800805e8>] (irq_thread) from [<8004e490>] (kthread+0xe8/0x104) [<8004e490>] (kthread) from [<8000fda8>] (ret_from_fork+0x14/0x2c) Signed-off-by:
Zumeng Chen <zumeng.chen@gmail.com> Signed-off-by:
-
Pieter Jansen van Vuuren authored
[ Upstream commit 42d779ff ] Previously we swapped the tx_packets, tx_bytes and tx_dropped counters with rx_packets, rx_bytes and rx_dropped counters, respectively. This behaviour is correct and expected for VF representors but it should not be swapped for physical port mac representors. Fixes: eadfa4c3 ("nfp: add stats and xmit helpers for representors") Signed-off-by:
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Reviewed-by:
Simon Horman <simon.horman@netronome.com> Reviewed-by:
Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by:
-
Tony Lindgren authored
[ Upstream commit d364b038 ] Looks like the interrupt property is missing the controller and level information causing: Warning (interrupts_property): interrupts size is (4), expected multiple of 12 in /ocp/elm@48078000 Signed-off-by:
Tony Lindgren <tony@atomide.com> Signed-off-by:
-
Stefan Haberland authored
[ Upstream commit da340f92 ] Prevent that a prefix flag is set based on invalid configuration data. The validity.verify_base flag should only be set for alias devices. Usually the unit address type is either one of base, PAV alias or HyperPAV alias. But in cases where the unit address type is not set or any other value the validity.verify_base flag might be set as well. This would lead to follow on errors. Explicitly check for alias devices and set the validity flag only for them. Signed-off-by:
Stefan Haberland <sth@linux.vnet.ibm.com> Reviewed-by:
Jan Hoeppner <hoeppner@linux.vnet.ibm.com> Signed-off-by:
Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by:
-
Michael S. Tsirkin authored
[ Upstream commit edfb8d8f ] The original intent of the virtio header relicensing from 2008 was to make sure anyone can implement compatible devices/drivers. The virtio-ccw was omitted by mistake. We have an ack from the only contributor as well as the maintainer from IBM, so it's not too late to fix that. Make it dual-licensed with GPLv2, as the whole kernel is GPL2. Acked-by:
Christian Borntraeger <borntraeger@de.ibm.com> Acked-by:
Cornelia Huck <cohuck@redhat.com> Signed-off-by:
Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by:
-
Rafael J. Wysocki authored
[ Upstream commit 31eb7431 ] Prevent rpm_get_suppliers() from returning an error code if runtime PM is disabled for one or more of the supplier devices it wants to runtime-resume, so as to make runtime PM work for devices with links to suppliers that don't use runtime PM (such links may be created during device enumeration even before it is known whether or not runtime PM will be enabled for the devices in question, for example). Fixes: 21d5c57b (PM / runtime: Use device links) Reported-by:
Adrian Hunter <adrian.hunter@intel.com> Signed-off-by:
Rafael J. Wysocki <rafael.j.wysocki@intel.com> Reviewed-by:
Lukas Wunner <lukas@wunner.de> Tested-by:
-
Ravi Bangoria authored
[ Upstream commit 5aa04b3e ] When user tries to group imc (In-Memory Collections) event with normal event, (sometime) kernel crashes with following log: Faulting instruction address: 0x00000000 [link register ] c00000000010ce88 power_check_constraints+0x128/0x980 ... c00000000010e238 power_pmu_event_init+0x268/0x6f0 c0000000002dc60c perf_try_init_event+0xdc/0x1a0 c0000000002dce88 perf_event_alloc+0x7b8/0xac0 c0000000002e92e0 SyS_perf_event_open+0x530/0xda0 c00000000000b004 system_call+0x38/0xe0 'event_base' field of 'struct hw_perf_event' is used as flags for normal hw events and used as memory address for imc events. While grouping these two types of events, collect_events() tries to interpret imc 'event_base' as a flag, which causes a corruption resulting in a crash. Consider only those events which belongs to 'perf_hw_context' in collect_events(). Signed-off-by:
Ravi Bangoria <ravi.bangoria@linux.vnet.ibm.com> Reviewed-By:
Madhavan Srinivasan <maddy@linux.vnet.ibm.com> Signed-off-by:
Michael Ellerman <mpe@ellerman.id.au> Signed-off-by:
-
Greg Ungerer authored
[ Upstream commit 969de098 ] Commit be7635e7 ("arch, ftrace: for KASAN put hard/soft IRQ entries into separate sections") added a new linker section, SOFTIRQENTRY_TEXT, to the linker scripts for most architectures. It didn't add it to any of the linker scripts for the m68k architecture. This was not really a problem because it is only defined if either of CONFIG_FUNCTION_GRAPH_TRACER or CONFIG_KASAN are enabled - which can never be true for m68k. However commit 229a7186 ("irq: Make the irqentry text section unconditional") means that SOFTIRQENTRY_TEXT is now always defined. So on m68k we now end up with a separate ELF section for .softirqentry.text instead of it being part of the .text section. On some m68k targets in some configurations this can also cause a fatal link error: LD vmlinux /usr/local/bin/../m68k-uclinux/bin/ld.real: section .softirqentry.text loaded at [0000000010de10c0,0000000010de12dd] overlaps section .rodata loaded at [0000000010de10c0,0000000010e0fd67] To fix add in the missing SOFTIRQENTRY_TEXT section into the m68k linker scripts. I noticed that m68k is also missing the IRQENTRY_TEXT section, so this patch also adds an entry for that too. Signed-off-by:
Greg Ungerer <gerg@linux-m68k.org> Signed-off-by:
-
Gao Feng authored
[ Upstream commit a98a4ebc ] Current codes don't use skb->mark to assign flowi4_mark, it would make the policy route rule with fwmark doesn't work as expected. Signed-off-by:
Gao Feng <gfree.wind@vip.163.com> Signed-off-by:
-
Ray Jui authored
[ Upstream commit a7f3f939 ] The current 'bnxt_shutdown' implementation only invokes 'bnxt_ulp_shutdown' to shut down RoCE in the case when the system is in the path of power off (SYSTEM_POWER_OFF). While this may work in most cases, it does not work in the smart NIC case, when Linux 'reboot' command is initiated from the Linux that runs on the ARM cores of the NIC card. In this particular case, Linux 'reboot' results in a system 'L3' level reset where the entire ARM and associated subsystems are being reset, but at the same time, Nitro core is being kept in sane state (to allow external PCIe connected servers to continue to work). Without properly shutting down RoCE and freeing all associated resources, it results in the ARM core to hang immediately after the 'reboot' By always invoking 'bnxt_ulp_shutdown' in 'bnxt_shutdown', it fixes the above issue Fixes: 0efd2fc6 ("bnxt_en: Add a callback to inform RDMA driver during PCI shutdown.") Signed-off-by:
Ray Jui <ray.jui@broadcom.com> Signed-off-by:
Michael Chan <michael.chan@broadcom.com> Signed-off-by:
-
Will Deacon authored
[ Upstream commit e814bccb ] My bisect scripts starting running into build failures when trying to compile 4.15-rc1 with the builds failing with things like: drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c:2078: error: Cannot parse struct or union! The line in question is actually just a #define, but after some digging it turns out that my scripts pass W=1 and since commit 3a025e1d ("Add optional check for bad kernel-doc comments") that results in kernel-doc running on each source file. The file in question has a badly formatted comment immediately before the #define: /** * struct brcmf_skbuff_cb reserves first two bytes in sk_buff::cb for * bus layer usage. */ which causes the regex in dump_struct to fail (lack of braces following struct declaration) and kernel-doc returns 1, which causes the build to fail. Fix the issue by always returning 0 from kernel-doc when invoked with -none. It successfully generates no documentation, and prints out any issues. Cc: Matthew Wilcox <mawilcox@microsoft.com> Cc: Jonathan Corbet <corbet@lwn.net> Signed-off-by:
Will Deacon <will.deacon@arm.com> Signed-off-by:
Jonathan Corbet <corbet@lwn.net> Signed-off-by:
-
Randy Dunlap authored
[ Upstream commit c175cb7c ] Fix build errors in kernel-doc notation. Symbols that end in '_' have a special meaning, but adding a '*' makes them OK. ../drivers/iio/industrialio-core.c:635: ERROR: Unknown target name: "iio_val". ../drivers/iio/industrialio-core.c:642: ERROR: Unknown target name: "iio_val". Signed-off-by:
Randy Dunlap <rdunlap@infradead.org> Cc: <Stable@vger.kernel.org> Signed-off-by:
Jonathan Cameron <Jonathan.Cameron@huawei.com> Signed-off-by:
-
Andy Shevchenko authored
[ Upstream commit e53111ad ] The commit 0f079650 ("iio: remove gpio interrupt probing from drivers that use a single interrupt") removed custom IRQ assignment for the drivers which are enumerated via ACPI or OF. Unfortunately, some ACPI tables have IRQ line defined as GpioIo() resource and thus automatic IRQ allocation will fail. Partially revert the commit 0f079650 to restore original behaviour. Signed-off-by:
Mika Westerberg <mika.westerberg@linux.intel.com> Signed-off-by:
-
Shaohua Li authored
[ Upstream commit 18022a1b ] flush_pending_writes isn't always called with block plug, so add it, and plug works in nested way. Signed-off-by:
Shaohua Li <shli@fb.com> Signed-off-by:
-
Russell King authored
[ Upstream commit 2012b7d6 ] Ensure that we tell the MAC to take the link down when phylink_stop() is called, and that this completes prior to phylink_stop() returns. Reported-by:
Florian Fainelli <f.fainelli@gmail.com> Tested-by:
Russell King <rmk+kernel@armlinux.org.uk> Signed-off-by:
-
Russell King authored
[ Upstream commit acf1c02f ] The options word is a be16 quantity, so we need to test the flags having converted the endian-ness. Convert the flag bits to be16, which can be optimised by the compiler, rather than converting a variable at runtime. Reported-by:
-
Xin Long authored
[ Upstream commit d30fc512 ] Now outstanding_bytes is only increased when appending chunks into one packet and sending it at 1st time, while decreased when it is about to move into retransmit queue. It means outstanding_bytes value is already decreased for all chunks in retransmit queue. However sctp_prsctp_prune_sent is a common function to check the chunks in both transmitted and retransmit queue, it decrease outstanding_bytes when moving a chunk into abandoned queue from either of them. It could cause outstanding_bytes underflow, as it also decreases it's value for the chunks in retransmit queue. This patch fixes it by only updating outstanding_bytes for transmitted queue when pruning queues for prsctp prio policy, the same fix is also needed in sctp_check_transmitted. Fixes: 8dbdf1f5 ("sctp: implement prsctp PRIO policy") Signed-off-by:
Xin Long <lucien.xin@gmail.com> Acked-by:
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by:
-
