1. 12 Dec, 2020 1 commit
    • Maciej S. Szmigiero's avatar
      KVM: mmu: Fix SPTE encoding of MMIO generation upper half · 34c0f6f2
      Maciej S. Szmigiero authored
      Commit cae7ed3c ("KVM: x86: Refactor the MMIO SPTE generation handling")
      cleaned up the computation of MMIO generation SPTE masks, however it
      introduced a bug how the upper part was encoded:
      SPTE bits 52-61 were supposed to contain bits 10-19 of the current
      generation number, however a missing shift encoded bits 1-10 there instead
      (mostly duplicating the lower part of the encoded generation number that
      then consisted of bits 1-9).
      
      In the meantime, the upper part was shrunk by one bit and moved by
      subsequent commits to become an upper half of the encoded generation number
      (bits 9-17 of bits 0-17 encoded in a SPTE).
      
      In addition to the above, commit 56871d44 ("KVM: x86: fix overlap between SPTE_MMIO_MASK and generation")
      has changed the SPTE bit range assigned to encode the generation number and
      the total number of bits encoded but did not update them in the comment
      attached to their defines, nor in the KVM MMU doc.
      Let's do it here, too, since it is too trivial thing to warrant a separate
      commit.
      
      Fixes: cae7ed3c ("KVM: x86: Refactor the MMIO SPTE generation handling")
      Signed-off-by: default avatarMaciej S. Szmigiero <maciej.szmigiero@oracle.com>
      Message-Id: <156700708db2a5296c5ed7a8b9ac71f1e9765c85.1607129096.git.maciej.szmigiero@oracle.com>
      Cc: stable@vger.kernel.org
      [Reorganize macros so that everything is computed from the bit ranges. - Paolo]
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      34c0f6f2
  2. 10 Dec, 2020 1 commit
  3. 04 Dec, 2020 2 commits
  4. 03 Dec, 2020 1 commit
    • Maciej S. Szmigiero's avatar
      selftests: kvm/set_memory_region_test: Fix race in move region test · 0c55f867
      Maciej S. Szmigiero authored
      The current memory region move test correctly handles the situation that
      the second (realigning) memslot move operation would temporarily trigger
      MMIO until it completes, however it does not handle the case in which the
      first (misaligning) move operation does this, too.
      This results in false test assertions in case it does so.
      
      Fix this by handling temporary MMIO from the first memslot move operation
      in the test guest code, too.
      
      Fixes: 8a0639fe ("KVM: sefltests: Add explicit synchronization to move mem region test")
      Signed-off-by: default avatarMaciej S. Szmigiero <maciej.szmigiero@oracle.com>
      Message-Id: <0fdddb94bb0e31b7da129a809a308d91c10c0b5e.1606941224.git.maciej.szmigiero@oracle.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      0c55f867
  5. 02 Dec, 2020 3 commits
  6. 27 Nov, 2020 4 commits
    • Vitaly Kuznetsov's avatar
      kvm: x86/mmu: Fix get_mmio_spte() on CPUs supporting 5-level PT · 9a2a0d3c
      Vitaly Kuznetsov authored
      Commit 95fb5b02 ("kvm: x86/mmu: Support MMIO in the TDP MMU") caused
      the following WARNING on an Intel Ice Lake CPU:
      
       get_mmio_spte: detect reserved bits on spte, addr 0xb80a0, dump hierarchy:
       ------ spte 0xb80a0 level 5.
       ------ spte 0xfcd210107 level 4.
       ------ spte 0x1004c40107 level 3.
       ------ spte 0x1004c41107 level 2.
       ------ spte 0x1db00000000b83b6 level 1.
       WARNING: CPU: 109 PID: 10254 at arch/x86/kvm/mmu/mmu.c:3569 kvm_mmu_page_fault.cold.150+0x54/0x22f [kvm]
      ...
       Call Trace:
        ? kvm_io_bus_get_first_dev+0x55/0x110 [kvm]
        vcpu_enter_guest+0xaa1/0x16a0 [kvm]
        ? vmx_get_cs_db_l_bits+0x17/0x30 [kvm_intel]
        ? skip_emulated_instruction+0xaa/0x150 [kvm_intel]
        kvm_arch_vcpu_ioctl_run+0xca/0x520 [kvm]
      
      The guest triggering this crashes. Note, this happens with the traditional
      MMU and EPT enabled, not with the newly introduced TDP MMU. Turns out,
      there was a subtle change in the above mentioned commit. Previously,
      walk_shadow_page_get_mmio_spte() was setting 'root' to 'iterator.level'
      which is returned by shadow_walk_init() and this equals to
      'vcpu->arch.mmu->shadow_root_level'. Now, get_mmio_spte() sets it to
      'int root = vcpu->arch.mmu->root_level'.
      
      The difference between 'root_level' and 'shadow_root_level' on CPUs
      supporting 5-level page tables is that in some case we don't want to
      use 5-level, in particular when 'cpuid_maxphyaddr(vcpu) <= 48'
      kvm_mmu_get_tdp_level() returns '4'. In case upper layer is not used,
      the corresponding SPTE will fail '__is_rsvd_bits_set()' check.
      
      Revert to using 'shadow_root_level'.
      
      Fixes: 95fb5b02 ("kvm: x86/mmu: Support MMIO in the TDP MMU")
      Signed-off-by: default avatarVitaly Kuznetsov <vkuznets@redhat.com>
      Message-Id: <20201126110206.2118959-1-vkuznets@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      9a2a0d3c
    • Paolo Bonzini's avatar
      KVM: x86: Fix split-irqchip vs interrupt injection window request · 71cc849b
      Paolo Bonzini authored
      kvm_cpu_accept_dm_intr and kvm_vcpu_ready_for_interrupt_injection are
      a hodge-podge of conditions, hacked together to get something that
      more or less works.  But what is actually needed is much simpler;
      in both cases the fundamental question is, do we have a place to stash
      an interrupt if userspace does KVM_INTERRUPT?
      
      In userspace irqchip mode, that is !vcpu->arch.interrupt.injected.
      Currently kvm_event_needs_reinjection(vcpu) covers it, but it is
      unnecessarily restrictive.
      
      In split irqchip mode it's a bit more complicated, we need to check
      kvm_apic_accept_pic_intr(vcpu) (the IRQ window exit is basically an INTACK
      cycle and thus requires ExtINTs not to be masked) as well as
      !pending_userspace_extint(vcpu).  However, there is no need to
      check kvm_event_needs_reinjection(vcpu), since split irqchip keeps
      pending ExtINT state separate from event injection state, and checking
      kvm_cpu_has_interrupt(vcpu) is wrong too since ExtINT has higher
      priority than APIC interrupts.  In fact the latter fixes a bug:
      when userspace requests an IRQ window vmexit, an interrupt in the
      local APIC can cause kvm_cpu_has_interrupt() to be true and thus
      kvm_vcpu_ready_for_interrupt_injection() to return false.  When this
      happens, vcpu_run does not exit to userspace but the interrupt window
      vmexits keep occurring.  The VM loops without any hope of making progress.
      
      Once we try to fix these with something like
      
           return kvm_arch_interrupt_allowed(vcpu) &&
      -        !kvm_cpu_has_interrupt(vcpu) &&
      -        !kvm_event_needs_reinjection(vcpu) &&
      -        kvm_cpu_accept_dm_intr(vcpu);
      +        (!lapic_in_kernel(vcpu)
      +         ? !vcpu->arch.interrupt.injected
      +         : (kvm_apic_accept_pic_intr(vcpu)
      +            && !pending_userspace_extint(v)));
      
      we realize two things.  First, thanks to the previous patch the complex
      conditional can reuse !kvm_cpu_has_extint(vcpu).  Second, the interrupt
      window request in vcpu_enter_guest()
      
              bool req_int_win =
                      dm_request_for_irq_injection(vcpu) &&
                      kvm_cpu_accept_dm_intr(vcpu);
      
      should be kept in sync with kvm_vcpu_ready_for_interrupt_injection():
      it is unnecessary to ask the processor for an interrupt window
      if we would not be able to return to userspace.  Therefore,
      kvm_cpu_accept_dm_intr(vcpu) is basically !kvm_cpu_has_extint(vcpu)
      ANDed with the existing check for masked ExtINT.  It all makes sense:
      
      - we can accept an interrupt from userspace if there is a place
        to stash it (and, for irqchip split, ExtINTs are not masked).
        Interrupts from userspace _can_ be accepted even if right now
        EFLAGS.IF=0.
      
      - in order to tell userspace we will inject its interrupt ("IRQ
        window open" i.e. kvm_vcpu_ready_for_interrupt_injection), both
        KVM and the vCPU need to be ready to accept the interrupt.
      
      ... and this is what the patch implements.
      Reported-by: default avatarDavid Woodhouse <dwmw@amazon.co.uk>
      Analyzed-by: default avatarDavid Woodhouse <dwmw@amazon.co.uk>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      Reviewed-by: default avatarNikos Tsironis <ntsironis@arrikto.com>
      Reviewed-by: default avatarDavid Woodhouse <dwmw@amazon.co.uk>
      Tested-by: default avatarDavid Woodhouse <dwmw@amazon.co.uk>
      71cc849b
    • Paolo Bonzini's avatar
      KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint · 72c3bcdc
      Paolo Bonzini authored
      Centralize handling of interrupts from the userspace APIC
      in kvm_cpu_has_extint and kvm_cpu_get_extint, since
      userspace APIC interrupts are handled more or less the
      same as ExtINTs are with split irqchip.  This removes
      duplicated code from kvm_cpu_has_injectable_intr and
      kvm_cpu_has_interrupt, and makes the code more similar
      between kvm_cpu_has_{extint,interrupt} on one side
      and kvm_cpu_get_{extint,interrupt} on the other.
      
      Cc: stable@vger.kernel.org
      Reviewed-by: default avatarFilippo Sironi <sironi@amazon.de>
      Reviewed-by: default avatarDavid Woodhouse <dwmw@amazon.co.uk>
      Tested-by: default avatarDavid Woodhouse <dwmw@amazon.co.uk>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      72c3bcdc
    • Paolo Bonzini's avatar
      Merge tag 'kvmarm-fixes-5.10-4' of... · 545f6394
      Paolo Bonzini authored
      Merge tag 'kvmarm-fixes-5.10-4' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into kvm-master
      
      KVM/arm64 fixes for v5.10, take #4
      
      - Fix alignment of the new HYP sections
      - Fix GICR_TYPER access from userspace
      545f6394
  7. 20 Nov, 2020 1 commit
    • Sean Christopherson's avatar
      MAINTAINERS: Update email address for Sean Christopherson · c2b1209d
      Sean Christopherson authored
      Update my email address to one provided by my new benefactor.
      
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Jarkko Sakkinen <jarkko@kernel.org>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
      Cc: Wanpeng Li <wanpengli@tencent.com>
      Cc: Jim Mattson <jmattson@google.com>
      Cc: Joerg Roedel <joro@8bytes.org>
      Cc: kvm@vger.kernel.org
      Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
      Message-Id: <20201119183707.291864-1-sean.kvm@gmail.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      c2b1209d
  8. 18 Nov, 2020 3 commits
  9. 17 Nov, 2020 2 commits
  10. 16 Nov, 2020 3 commits
    • Ashish Kalra's avatar
      KVM: SVM: Fix offset computation bug in __sev_dbg_decrypt(). · 854c57f0
      Ashish Kalra authored
      Fix offset computation in __sev_dbg_decrypt() to include the
      source paddr before it is rounded down to be aligned to 16 bytes
      as required by SEV API. This fixes incorrect guest memory dumps
      observed when using qemu monitor.
      Signed-off-by: default avatarAshish Kalra <ashish.kalra@amd.com>
      Message-Id: <20201110224205.29444-1-Ashish.Kalra@amd.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      854c57f0
    • Paolo Bonzini's avatar
      Merge tag 'kvm-s390-master-5.10-1' of... · d4d3c84d
      Paolo Bonzini authored
      Merge tag 'kvm-s390-master-5.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into kvm-master
      
      KVM: s390: Fixes for 5.10
      
      - do not reset the global diag318 data for per-cpu reset
      - do not mark memory as protected too early
      d4d3c84d
    • Jamie Iles's avatar
      KVM: arm64: Correctly align nVHE percpu data · 7bab16a6
      Jamie Iles authored
      The nVHE percpu data is partially linked but the nVHE linker script did
      not align the percpu section.  The PERCPU_INPUT macro would then align
      the data to a page boundary:
      
        #define PERCPU_INPUT(cacheline)					\
        	__per_cpu_start = .;						\
        	*(.data..percpu..first)						\
        	. = ALIGN(PAGE_SIZE);						\
        	*(.data..percpu..page_aligned)					\
        	. = ALIGN(cacheline);						\
        	*(.data..percpu..read_mostly)					\
        	. = ALIGN(cacheline);						\
        	*(.data..percpu)						\
        	*(.data..percpu..shared_aligned)				\
        	PERCPU_DECRYPTED_SECTION					\
        	__per_cpu_end = .;
      
      but then when the final vmlinux linking happens the hypervisor percpu
      data is included after page alignment and so the offsets potentially
      don't match.  On my build I saw that the .hyp.data..percpu section was
      at address 0x20 and then the percpu data would begin at 0x1000 (because
      of the page alignment in PERCPU_INPUT), but when linked into vmlinux,
      everything would be shifted down by 0x20 bytes.
      
      This manifests as one of the CPUs getting lost when running
      kvm-unit-tests or starting any VM and subsequent soft lockup on a Cortex
      A72 device.
      
      Fixes: 30c95391 ("kvm: arm64: Set up hyp percpu data for nVHE")
      Signed-off-by: default avatarJamie Iles <jamie@nuviainc.com>
      Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
      Acked-by: default avatarDavid Brazdil <dbrazdil@google.com>
      Cc: David Brazdil <dbrazdil@google.com>
      Cc: Marc Zyngier <maz@kernel.org>
      Cc: Will Deacon <will@kernel.org>
      Link: https://lore.kernel.org/r/20201113150406.14314-1-jamie@nuviainc.com
      7bab16a6
  11. 15 Nov, 2020 1 commit
    • Paolo Bonzini's avatar
      kvm: mmu: fix is_tdp_mmu_check when the TDP MMU is not in use · c887c9b9
      Paolo Bonzini authored
      In some cases where shadow paging is in use, the root page will
      be either mmu->pae_root or vcpu->arch.mmu->lm_root.  Then it will
      not have an associated struct kvm_mmu_page, because it is allocated
      with alloc_page instead of kvm_mmu_alloc_page.
      
      Just return false quickly from is_tdp_mmu_root if the TDP MMU is
      not in use, which also includes the case where shadow paging is
      enabled.
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      c887c9b9
  12. 13 Nov, 2020 6 commits
  13. 12 Nov, 2020 12 commits
    • Linus Torvalds's avatar
      Merge tag 'net-5.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · db7c9535
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Current release - regressions:
      
         - arm64: dts: fsl-ls1028a-kontron-sl28: specify in-band mode for
           ENETC
      
        Current release - bugs in new features:
      
         - mptcp: provide rmem[0] limit offset to fix oops
      
        Previous release - regressions:
      
         - IPv6: Set SIT tunnel hard_header_len to zero to fix path MTU
           calculations
      
         - lan743x: correctly handle chips with internal PHY
      
         - bpf: Don't rely on GCC __attribute__((optimize)) to disable GCSE
      
         - mlx5e: Fix VXLAN port table synchronization after function reload
      
        Previous release - always broken:
      
         - bpf: Zero-fill re-used per-cpu map element
      
         - fix out-of-order UDP packets when forwarding with UDP GSO fraglists
           turned on:
             - fix UDP header access on Fast/frag0 UDP GRO
             - fix IP header access and skb lookup on Fast/frag0 UDP GRO
      
         - ethtool: netlink: add missing netdev_features_change() call
      
         - net: Update window_clamp if SOCK_RCVBUF is set
      
         - igc: Fix returning wrong statistics
      
         - ch_ktls: fix multiple leaks and corner cases in Chelsio TLS offload
      
         - tunnels: Fix off-by-one in lower MTU bounds for ICMP/ICMPv6 replies
      
         - r8169: disable hw csum for short packets on all chip versions
      
         - vrf: Fix fast path output packet handling with async Netfilter
           rules"
      
      * tag 'net-5.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (65 commits)
        lan743x: fix use of uninitialized variable
        net: udp: fix IP header access and skb lookup on Fast/frag0 UDP GRO
        net: udp: fix UDP header access on Fast/frag0 UDP GRO
        devlink: Avoid overwriting port attributes of registered port
        vrf: Fix fast path output packet handling with async Netfilter rules
        cosa: Add missing kfree in error path of cosa_write
        net: switch to the kernel.org patchwork instance
        ch_ktls: stop the txq if reaches threshold
        ch_ktls: tcb update fails sometimes
        ch_ktls/cxgb4: handle partial tag alone SKBs
        ch_ktls: don't free skb before sending FIN
        ch_ktls: packet handling prior to start marker
        ch_ktls: Correction in middle record handling
        ch_ktls: missing handling of header alone
        ch_ktls: Correction in trimmed_len calculation
        cxgb4/ch_ktls: creating skbs causes panic
        ch_ktls: Update cheksum information
        ch_ktls: Correction in finding correct length
        cxgb4/ch_ktls: decrypted bit is not enough
        net/x25: Fix null-ptr-deref in x25_connect
        ...
      db7c9535
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-5.10-2' of git://git.linux-nfs.org/projects/anna/linux-nfs · 200f9d21
      Linus Torvalds authored
      Pull NFS client bugfixes from Anna Schumaker:
       "Stable fixes:
        - Fix failure to unregister shrinker
      
        Other fixes:
        - Fix unnecessary locking to clear up some contention
        - Fix listxattr receive buffer size
        - Fix default mount options for nfsroot"
      
      * tag 'nfs-for-5.10-2' of git://git.linux-nfs.org/projects/anna/linux-nfs:
        NFS: Remove unnecessary inode lock in nfs_fsync_dir()
        NFS: Remove unnecessary inode locking in nfs_llseek_dir()
        NFS: Fix listxattr receive buffer size
        NFSv4.2: fix failure to unregister shrinker
        nfsroot: Default mount option should ask for built-in NFS version
      200f9d21
    • Marc Zyngier's avatar
      KVM: arm64: Handle SCXTNUM_ELx traps · ed4ffaf4
      Marc Zyngier authored
      As the kernel never sets HCR_EL2.EnSCXT, accesses to SCXTNUM_ELx
      will trap to EL2. Let's handle that as gracefully as possible
      by injecting an UNDEF exception into the guest. This is consistent
      with the guest's view of ID_AA64PFR0_EL1.CSV2 being at most 1.
      Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
      Acked-by: default avatarWill Deacon <will@kernel.org>
      Link: https://lore.kernel.org/r/20201110141308.451654-4-maz@kernel.org
      ed4ffaf4
    • Marc Zyngier's avatar
      KVM: arm64: Unify trap handlers injecting an UNDEF · 338b1793
      Marc Zyngier authored
      A large number of system register trap handlers only inject an
      UNDEF exeption, and yet each class of sysreg seems to provide its
      own, identical function.
      
      Let's unify them all, saving us introducing yet another one later.
      Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
      Acked-by: default avatarWill Deacon <will@kernel.org>
      Link: https://lore.kernel.org/r/20201110141308.451654-3-maz@kernel.org
      338b1793
    • Marc Zyngier's avatar
      KVM: arm64: Allow setting of ID_AA64PFR0_EL1.CSV2 from userspace · 23711a5e
      Marc Zyngier authored
      We now expose ID_AA64PFR0_EL1.CSV2=1 to guests running on hosts
      that are immune to Spectre-v2, but that don't have this field set,
      most likely because they predate the specification.
      
      However, this prevents the migration of guests that have started on
      a host the doesn't fake this CSV2 setting to one that does, as KVM
      rejects the write to ID_AA64PFR0_EL2 on the grounds that it isn't
      what is already there.
      
      In order to fix this, allow userspace to set this field as long as
      this doesn't result in a promising more than what is already there
      (setting CSV2 to 0 is acceptable, but setting it to 1 when it is
      already set to 0 isn't).
      
      Fixes: e1026237 ("KVM: arm64: Set CSV2 for guests on hardware unaffected by Spectre-v2")
      Reported-by: default avatarPeng Liang <liangpeng10@huawei.com>
      Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
      Acked-by: default avatarWill Deacon <will@kernel.org>
      Link: https://lore.kernel.org/r/20201110141308.451654-2-maz@kernel.org
      23711a5e
    • Marc Zyngier's avatar
      Merge tag 'v5.10-rc1' into kvmarm-master/next · 4f6b838c
      Marc Zyngier authored
      Linux 5.10-rc1
      Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
      4f6b838c
    • Linus Torvalds's avatar
      Merge tag 'acpi-5.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · af5043c8
      Linus Torvalds authored
      Pull ACPI fixes from Rafael Wysocki:
       "These are mostly docmentation fixes and janitorial changes plus some
        new device IDs and a new quirk.
      
        Specifics:
      
         - Fix documentation regarding GPIO properties (Andy Shevchenko)
      
         - Fix spelling mistakes in ACPI documentation (Flavio Suligoi)
      
         - Fix white space inconsistencies in ACPI code (Maximilian Luz)
      
         - Fix string formatting in the ACPI Generic Event Device (GED) driver
           (Nick Desaulniers)
      
         - Add Intel Alder Lake device IDs to the ACPI drivers used by the
           Dynamic Platform and Thermal Framework (Srinivas Pandruvada)
      
         - Add lid-related DMI quirk for Medion Akoya E2228T to the ACPI
           button driver (Hans de Goede)"
      
      * tag 'acpi-5.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        ACPI: DPTF: Support Alder Lake
        Documentation: ACPI: fix spelling mistakes
        ACPI: button: Add DMI quirk for Medion Akoya E2228T
        ACPI: GED: fix -Wformat
        ACPI: Fix whitespace inconsistencies
        ACPI: scan: Fix acpi_dma_configure_id() kerneldoc name
        Documentation: firmware-guide: gpio-properties: Clarify initial output state
        Documentation: firmware-guide: gpio-properties: active_low only for GpioIo()
        Documentation: firmware-guide: gpio-properties: Fix factual mistakes
      af5043c8
    • Linus Torvalds's avatar
      Merge tag 'pm-5.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · fcfb6791
      Linus Torvalds authored
      Pull power management fixes from Rafael Wysocki:
       "Make the intel_pstate driver behave as expected when it operates in
        the passive mode with HWP enabled and the 'powersave' governor on top
        of it"
      
      * tag 'pm-5.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        cpufreq: intel_pstate: Take CPUFREQ_GOV_STRICT_TARGET into account
        cpufreq: Add strict_target to struct cpufreq_policy
        cpufreq: Introduce CPUFREQ_GOV_STRICT_TARGET
        cpufreq: Introduce governor flags
      fcfb6791
    • Sven Van Asbroeck's avatar
      lan743x: fix use of uninitialized variable · edbc2111
      Sven Van Asbroeck authored
      When no devicetree is present, the driver will use an
      uninitialized variable.
      
      Fix by initializing this variable.
      
      Fixes: 902a66e0 ("lan743x: correctly handle chips with internal PHY")
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Signed-off-by: default avatarSven Van Asbroeck <thesven73@gmail.com>
      Link: https://lore.kernel.org/r/20201112152513.1941-1-TheSven73@gmail.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      edbc2111
    • Jakub Kicinski's avatar
      Merge branch 'net-udp-fix-fast-frag0-udp-gro' · 5861c8cb
      Jakub Kicinski authored
      Alexander Lobakin says:
      
      ====================
      net: udp: fix Fast/frag0 UDP GRO
      
      While testing UDP GSO fraglists forwarding through driver that uses
      Fast GRO (via napi_gro_frags()), I was observing lots of out-of-order
      iperf packets:
      
      [ ID] Interval           Transfer     Bitrate         Jitter
      [SUM]  0.0-40.0 sec  12106 datagrams received out-of-order
      
      Simple switch to napi_gro_receive() or any other method without frag0
      shortcut completely resolved them.
      
      I've found two incorrect header accesses in GRO receive callback(s):
       - udp_hdr() (instead of udp_gro_udphdr()) that always points to junk
         in "fast" mode and could probably do this in "regular".
         This was the actual bug that caused all out-of-order delivers;
       - udp{4,6}_lib_lookup_skb() -> ip{,v6}_hdr() (instead of
         skb_gro_network_header()) that potentionally might return odd
         pointers in both modes.
      
      Each patch addresses one of these two issues.
      
      This doesn't cover a support for nested tunnels as it's out of the
      subject and requires more invasive changes. It will be handled
      separately in net-next series.
      
      Credits:
      Cc: Eric Dumazet <edumazet@google.com>
      Cc: Jakub Kicinski <kuba@kernel.org>
      Cc: Willem de Bruijn <willemb@google.com>
      
      Since v4 [0]:
       - split the fix into two logical ones (Willem);
       - replace ternaries with plain ifs to beautify the code (Jakub);
       - drop p->data part to reintroduce it later in abovementioned set.
      
      Since v3 [1]:
       - restore the original {,__}udp{4,6}_lib_lookup_skb() and use
         private versions of them inside GRO code (Willem).
      
      Since v2 [2]:
       - dropped redundant check introduced in v2 as it's performed right
         before (thanks to Eric);
       - udp_hdr() switched to data + off for skbs from list (also Eric);
       - fixed possible malfunction of {,__}udp{4,6}_lib_lookup_skb() with
         Fast/frag0 due to ip{,v6}_hdr() usage (Willem).
      
      Since v1 [3]:
       - added a NULL pointer check for "uh" as suggested by Willem.
      
      [0] https://lore.kernel.org/netdev/Ha2hou5eJPcblo4abjAqxZRzIl1RaLs2Hy0oOAgFs@cp4-web-036.plabs.ch
      [1] https://lore.kernel.org/netdev/MgZce9htmEtCtHg7pmWxXXfdhmQ6AHrnltXC41zOoo@cp7-web-042.plabs.ch
      [2] https://lore.kernel.org/netdev/0eaG8xtbtKY1dEKCTKUBubGiC9QawGgB3tVZtNqVdY@cp4-web-030.plabs.ch
      [3] https://lore.kernel.org/netdev/YazU6GEzBdpyZMDMwJirxDX7B4sualpDG68ADZYvJI@cp4-web-034.plabs.ch
      ====================
      
      Link: https://lore.kernel.org/r/hjGOh0iCOYyo1FPiZh6TMXcx3YCgNs1T1eGKLrDz8@cp4-web-037.plabs.chSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      5861c8cb
    • Alexander Lobakin's avatar
      net: udp: fix IP header access and skb lookup on Fast/frag0 UDP GRO · 55e72988
      Alexander Lobakin authored
      udp{4,6}_lib_lookup_skb() use ip{,v6}_hdr() to get IP header of the
      packet. While it's probably OK for non-frag0 paths, this helpers
      will also point to junk on Fast/frag0 GRO when all headers are
      located in frags. As a result, sk/skb lookup may fail or give wrong
      results. To support both GRO modes, skb_gro_network_header() might
      be used. To not modify original functions, add private versions of
      udp{4,6}_lib_lookup_skb() only to perform correct sk lookups on GRO.
      
      Present since the introduction of "application-level" UDP GRO
      in 4.7-rc1.
      
      Misc: replace totally unneeded ternaries with plain ifs.
      
      Fixes: a6024562 ("udp: Add GRO functions to UDP socket")
      Suggested-by: default avatarWillem de Bruijn <willemb@google.com>
      Cc: Eric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarAlexander Lobakin <alobakin@pm.me>
      Acked-by: default avatarWillem de Bruijn <willemb@google.com>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      55e72988
    • Alexander Lobakin's avatar
      net: udp: fix UDP header access on Fast/frag0 UDP GRO · 4b1a8628
      Alexander Lobakin authored
      UDP GRO uses udp_hdr(skb) in its .gro_receive() callback. While it's
      probably OK for non-frag0 paths (when all headers or even the entire
      frame are already in skb head), this inline points to junk when
      using Fast GRO (napi_gro_frags() or napi_gro_receive() with only
      Ethernet header in skb head and all the rest in the frags) and breaks
      GRO packet compilation and the packet flow itself.
      To support both modes, skb_gro_header_fast() + skb_gro_header_slow()
      are typically used. UDP even has an inline helper that makes use of
      them, udp_gro_udphdr(). Use that instead of troublemaking udp_hdr()
      to get rid of the out-of-order delivers.
      
      Present since the introduction of plain UDP GRO in 5.0-rc1.
      
      Fixes: e20cf8d3 ("udp: implement GRO for plain UDP sockets.")
      Cc: Eric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarAlexander Lobakin <alobakin@pm.me>
      Acked-by: default avatarWillem de Bruijn <willemb@google.com>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      4b1a8628