- 03 Dec, 2019 6 commits
-
-
Manish Chopra authored
BugLink: https://bugs.launchpad.net/bugs/1852335 [ Upstream commit deabc871 ] While rebooting the system with SR-IOV vfs enabled leads to below crash due to recurrence of __qede_remove() on the VF devices (first from .shutdown() flow of the VF itself and another from PF's .shutdown() flow executing pci_disable_sriov()) This patch adds a safeguard in __qede_remove() flow to fix this, so that driver doesn't attempt to remove "already removed" devices. [ 194.360134] BUG: unable to handle kernel NULL pointer dereference at 00000000000008dc [ 194.360227] IP: [<ffffffffc03553c4>] __qede_remove+0x24/0x130 [qede] [ 194.360304] PGD 0 [ 194.360325] Oops: 0000 [#1] SMP [ 194.360360] Modules linked in: tcp_lp fuse tun bridge stp llc devlink bonding ip_set nfnetlink ib_isert iscsi_target_mod ib_srpt target_core_mod ib_srp scsi_transport_srp scsi_tgt ib_ipoib ib_umad rpcrdma sunrpc rdma_ucm ib_uverbs ib_iser rdma_cm iw_cm ib_cm libiscsi scsi_transport_iscsi dell_smbios iTCO_wdt iTCO_vendor_support dell_wmi_descriptor dcdbas vfat fat pcc_cpufreq skx_edac intel_powerclamp coretemp intel_rapl iosf_mbi kvm_intel kvm irqbypass crc32_pclmul ghash_clmulni_intel aesni_intel lrw gf128mul glue_helper ablk_helper cryptd qedr ib_core pcspkr ses enclosure joydev ipmi_ssif sg i2c_i801 lpc_ich mei_me mei wmi ipmi_si ipmi_devintf ipmi_msghandler tpm_crb acpi_pad acpi_power_meter xfs libcrc32c sd_mod crc_t10dif crct10dif_generic crct10dif_pclmul crct10dif_common crc32c_intel mgag200 [ 194.361044] qede i2c_algo_bit drm_kms_helper qed syscopyarea sysfillrect nvme sysimgblt fb_sys_fops ttm nvme_core mpt3sas crc8 ptp drm pps_core ahci raid_class scsi_transport_sas libahci libata drm_panel_orientation_quirks nfit libnvdimm dm_mirror dm_region_hash dm_log dm_mod [last unloaded: ip_tables] [ 194.361297] CPU: 51 PID: 7996 Comm: reboot Kdump: loaded Not tainted 3.10.0-1062.el7.x86_64 #1 [ 194.361359] Hardware name: Dell Inc. PowerEdge MX840c/0740HW, BIOS 2.4.6 10/15/2019 [ 194.361412] task: ffff9cea9b360000 ti: ffff9ceabebdc000 task.ti: ffff9ceabebdc000 [ 194.361463] RIP: 0010:[<ffffffffc03553c4>] [<ffffffffc03553c4>] __qede_remove+0x24/0x130 [qede] [ 194.361534] RSP: 0018:ffff9ceabebdfac0 EFLAGS: 00010282 [ 194.361570] RAX: 0000000000000000 RBX: ffff9cd013846098 RCX: 0000000000000000 [ 194.361621] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff9cd013846098 [ 194.361668] RBP: ffff9ceabebdfae8 R08: 0000000000000000 R09: 0000000000000000 [ 194.361715] R10: 00000000bfe14201 R11: ffff9ceabfe141e0 R12: 0000000000000000 [ 194.361762] R13: ffff9cd013846098 R14: 0000000000000000 R15: ffff9ceab5e48000 [ 194.361810] FS: 00007f799c02d880(0000) GS:ffff9ceacb0c0000(0000) knlGS:0000000000000000 [ 194.361865] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.361903] CR2: 00000000000008dc CR3: 0000001bdac76000 CR4: 00000000007607e0 [ 194.361953] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 194.362002] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 194.362051] PKRU: 55555554 [ 194.362073] Call Trace: [ 194.362109] [<ffffffffc0355500>] qede_remove+0x10/0x20 [qede] [ 194.362180] [<ffffffffb97d0f3e>] pci_device_remove+0x3e/0xc0 [ 194.362240] [<ffffffffb98b3c52>] __device_release_driver+0x82/0xf0 [ 194.362285] [<ffffffffb98b3ce3>] device_release_driver+0x23/0x30 [ 194.362343] [<ffffffffb97c86d4>] pci_stop_bus_device+0x84/0xa0 [ 194.362388] [<ffffffffb97c87e2>] pci_stop_and_remove_bus_device+0x12/0x20 [ 194.362450] [<ffffffffb97f153f>] pci_iov_remove_virtfn+0xaf/0x160 [ 194.362496] [<ffffffffb97f1aec>] sriov_disable+0x3c/0xf0 [ 194.362534] [<ffffffffb97f1bc3>] pci_disable_sriov+0x23/0x30 [ 194.362599] [<ffffffffc02f83c3>] qed_sriov_disable+0x5e3/0x650 [qed] [ 194.362658] [<ffffffffb9622df6>] ? kfree+0x106/0x140 [ 194.362709] [<ffffffffc02cc0c0>] ? qed_free_stream_mem+0x70/0x90 [qed] [ 194.362754] [<ffffffffb9622df6>] ? kfree+0x106/0x140 [ 194.362803] [<ffffffffc02cd659>] qed_slowpath_stop+0x1a9/0x1d0 [qed] [ 194.362854] [<ffffffffc035544e>] __qede_remove+0xae/0x130 [qede] [ 194.362904] [<ffffffffc03554e0>] qede_shutdown+0x10/0x20 [qede] [ 194.362956] [<ffffffffb97cf90a>] pci_device_shutdown+0x3a/0x60 [ 194.363010] [<ffffffffb98b180b>] device_shutdown+0xfb/0x1f0 [ 194.363066] [<ffffffffb94b66c6>] kernel_restart_prepare+0x36/0x40 [ 194.363107] [<ffffffffb94b66e2>] kernel_restart+0x12/0x60 [ 194.363146] [<ffffffffb94b6959>] SYSC_reboot+0x229/0x260 [ 194.363196] [<ffffffffb95f200d>] ? handle_mm_fault+0x39d/0x9b0 [ 194.363253] [<ffffffffb942b621>] ? __switch_to+0x151/0x580 [ 194.363304] [<ffffffffb9b7ec28>] ? __schedule+0x448/0x9c0 [ 194.363343] [<ffffffffb94b69fe>] SyS_reboot+0xe/0x10 [ 194.363387] [<ffffffffb9b8bede>] system_call_fastpath+0x25/0x2a [ 194.363430] Code: f9 e9 37 ff ff ff 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 4c 8d af 98 00 00 00 41 54 4c 89 ef 41 89 f4 53 e8 4c e4 55 f9 <80> b8 dc 08 00 00 01 48 89 c3 4c 8d b8 c0 08 00 00 4c 8b b0 c0 [ 194.363712] RIP [<ffffffffc03553c4>] __qede_remove+0x24/0x130 [qede] [ 194.363764] RSP <ffff9ceabebdfac0> [ 194.363791] CR2: 00000000000008dc Signed-off-by:
Manish Chopra <manishc@marvell.com> Signed-off-by:
Ariel Elior <aelior@marvell.com> Signed-off-by:
Sudarsana Kalluru <skalluru@marvell.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by:
Connor Kuehl <connor.kuehl@canonical.com> Signed-off-by:
Khalid Elmously <khalid.elmously@canonical.com>
-
Pan Bian authored
BugLink: https://bugs.launchpad.net/bugs/1852335 [ Upstream commit 99a8efbb ] The variable nfcid_skb is not changed in the callee nfc_hci_get_param() if error occurs. Consequently, the freed variable nfcid_skb will be freed again, resulting in a double free bug. Set nfcid_skb to NULL after releasing it to fix the bug. Signed-off-by:
Pan Bian <bianpan2016@163.com> Signed-off-by:
-
Pan Bian authored
BugLink: https://bugs.launchpad.net/bugs/1852335 [ Upstream commit 517ce4e9 ] The address of fw_vsc_cfg is on stack. Releasing it with devm_kfree() is incorrect, which may result in a system crash or other security impacts. The expected object to free is *fw_vsc_cfg. Signed-off-by:
-
Eric Dumazet authored
BugLink: https://bugs.launchpad.net/bugs/1852335 [ Upstream commit 1b53d644 ] KCSAN reported the following data-race [1] The fix will also prevent the compiler from optimizing out the condition. [1] BUG: KCSAN: data-race in neigh_resolve_output / neigh_resolve_output write to 0xffff8880a41dba78 of 8 bytes by interrupt on cpu 1: neigh_event_send include/net/neighbour.h:443 [inline] neigh_resolve_output+0x78/0x480 net/core/neighbour.c:1474 neigh_output include/net/neighbour.h:511 [inline] ip_finish_output2+0x4af/0xe40 net/ipv4/ip_output.c:228 __ip_finish_output net/ipv4/ip_output.c:308 [inline] __ip_finish_output+0x23a/0x490 net/ipv4/ip_output.c:290 ip_finish_output+0x41/0x160 net/ipv4/ip_output.c:318 NF_HOOK_COND include/linux/netfilter.h:294 [inline] ip_output+0xdf/0x210 net/ipv4/ip_output.c:432 dst_output include/net/dst.h:436 [inline] ip_local_out+0x74/0x90 net/ipv4/ip_output.c:125 __ip_queue_xmit+0x3a8/0xa40 net/ipv4/ip_output.c:532 ip_queue_xmit+0x45/0x60 include/net/ip.h:237 __tcp_transmit_skb+0xe81/0x1d60 net/ipv4/tcp_output.c:1169 tcp_transmit_skb net/ipv4/tcp_output.c:1185 [inline] __tcp_retransmit_skb+0x4bd/0x15f0 net/ipv4/tcp_output.c:2976 tcp_retransmit_skb+0x36/0x1a0 net/ipv4/tcp_output.c:2999 tcp_retransmit_timer+0x719/0x16d0 net/ipv4/tcp_timer.c:515 tcp_write_timer_handler+0x42d/0x510 net/ipv4/tcp_timer.c:598 tcp_write_timer+0xd1/0xf0 net/ipv4/tcp_timer.c:618 read to 0xffff8880a41dba78 of 8 bytes by interrupt on cpu 0: neigh_event_send include/net/neighbour.h:442 [inline] neigh_resolve_output+0x57/0x480 net/core/neighbour.c:1474 neigh_output include/net/neighbour.h:511 [inline] ip_finish_output2+0x4af/0xe40 net/ipv4/ip_output.c:228 __ip_finish_output net/ipv4/ip_output.c:308 [inline] __ip_finish_output+0x23a/0x490 net/ipv4/ip_output.c:290 ip_finish_output+0x41/0x160 net/ipv4/ip_output.c:318 NF_HOOK_COND include/linux/netfilter.h:294 [inline] ip_output+0xdf/0x210 net/ipv4/ip_output.c:432 dst_output include/net/dst.h:436 [inline] ip_local_out+0x74/0x90 net/ipv4/ip_output.c:125 __ip_queue_xmit+0x3a8/0xa40 net/ipv4/ip_output.c:532 ip_queue_xmit+0x45/0x60 include/net/ip.h:237 __tcp_transmit_skb+0xe81/0x1d60 net/ipv4/tcp_output.c:1169 tcp_transmit_skb net/ipv4/tcp_output.c:1185 [inline] __tcp_retransmit_skb+0x4bd/0x15f0 net/ipv4/tcp_output.c:2976 tcp_retransmit_skb+0x36/0x1a0 net/ipv4/tcp_output.c:2999 tcp_retransmit_timer+0x719/0x16d0 net/ipv4/tcp_timer.c:515 tcp_write_timer_handler+0x42d/0x510 net/ipv4/tcp_timer.c:598 Reported by Kernel Concurrency Sanitizer on: CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.4.0-rc3+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Signed-off-by:
Eric Dumazet <edumazet@google.com> Reported-by:
syzbot <syzkaller@googlegroups.com> Signed-off-by:
-
Oliver Neukum authored
BugLink: https://bugs.launchpad.net/bugs/1852335 [ Upstream commit 332f989a ] A malicious device may give half an answer when asked for its MTU. The driver will proceed after this with a garbage MTU. Anything but a complete answer must be treated as an error. V2: used sizeof as request by Alexander Reported-and-tested-by: syzbot+0631d878823ce2411636@syzkaller.appspotmail.com Signed-off-by:
Oliver Neukum <oneukum@suse.com> Signed-off-by:
-
Kleber Sacilotto de Souza authored
Ignore: yes Signed-off-by:Kleber Sacilotto de Souza <kleber.souza@canonical.com>
-
- 13 Nov, 2019 34 commits
-
-
Connor Kuehl authored
Signed-off-by: -
Connor Kuehl authored
BugLink: https://bugs.launchpad.net/bugs/1852306 Properties: no-test-build Signed-off-by:
-
Connor Kuehl authored
Ignore: yes Signed-off-by: -
Colin Ian King authored
BugLink: https://bugs.launchpad.net/bugs/1850175 There memset is indented incorrectly, remove the extraneous tabs. Signed-off-by:
Colin Ian King <colin.king@canonical.com> Signed-off-by:
Kamal Mostafa <kamal@canonical.com> Acked-by:
Stefan Bader <stefan.bader@canonical.com> Acked-by:
-
Sameeh Jubran authored
BugLink: https://bugs.launchpad.net/bugs/1850175 There is a race condition that can occur when calling ena_down(). The ena_clean_tx_irq() - which is a part of the napi handler - function might wake up the tx queue when the queue is supposed to be down (during recovery or changing the size of the queues for example) This causes the ena_start_xmit() function to trigger and possibly try to access the destroyed queues. The race is illustrated below: Flow A: Flow B(napi handler) ena_down() netif_carrier_off() netif_tx_disable() ena_clean_tx_irq() netif_tx_wake_queue() ena_napi_disable_all() ena_destroy_all_io_queues() After these flows the tx queue is active and ena_start_xmit() accesses the destroyed queue which leads to a kernel panic. fixes: 1738cd3e (net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)) Signed-off-by:
Sameeh Jubran <sameehj@amazon.com> Signed-off-by:
-
Jakub Kicinski authored
BugLink: https://bugs.launchpad.net/bugs/1850175 This reverts commit 315c28d2 ("net: ena: ethtool: add extra properties retrieval via get_priv_flags"). As discussed at netconf and on the mailing list we can't allow for the the abuse of private flags for exposing arbitrary device labels. Signed-off-by:
Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by:
-
Sameeh Jubran authored
BugLink: https://bugs.launchpad.net/bugs/1850175 The current code of create_queues_with_size_backoff() allows the ring size to become as small as ENA_MIN_RING_SIZE/2. This is a bug since we don't want the queue ring to be smaller than ENA_MIN_RING_SIZE In this commit we change the loop's termination condition to look at the queue size of the next iteration instead of that of the current one, so that the minimal queue size again becomes ENA_MIN_RING_SIZE. Fixes: eece4d2a ("net: ena: add ethtool function for changing io queue sizes") Signed-off-by:
Arthur Kiyanovski <akiyano@amazon.com> Signed-off-by:
-
Sameeh Jubran authored
BugLink: https://bugs.launchpad.net/bugs/1850175 Update driver version to match device specification. Signed-off-by:
-
Sameeh Jubran authored
BugLink: https://bugs.launchpad.net/bugs/1850175 Let the compiler decide if the function should be inline in *.c files Signed-off-by:
-
Sameeh Jubran authored
BugLink: https://bugs.launchpad.net/bugs/1850175 Implement the set_ringparam() function of the ethtool interface to enable the changing of io queue sizes. Signed-off-by:
-
Sameeh Jubran authored
BugLink: https://bugs.launchpad.net/bugs/1850175 If there is not enough memory to allocate io queues the driver will try to allocate smaller queues. The backoff algorithm is as follows: 1. Try to allocate TX and RX and if successful. 1.1. return success 2. Divide by 2 the size of the larger of RX and TX queues (or both if their size is the same). 3. If TX or RX is smaller than 256 3.1. return failure. 4. else 4.1. go back to 1. Also change the tx_queue_size, rx_queue_size field names in struct adapter to requested_tx_queue_size and requested_rx_queue_size, and use RX and TX queue 0 for actual queue sizes. Explanation: The original fields were useless as they were simply used to assign values once from them to each of the queues in the adapter in ena_probe(). They could simply be deleted. However now that we have a backoff feature, we have use for them. In case of backoff there is a difference between the requested queue sizes and the actual sizes. Therefore there is a need to save the requested queue size for future retries of queue allocation (for example if allocation failed and then ifdown + ifup was called we want to start the allocation from the original requested size of the queues). Signed-off-by:
-
Sameeh Jubran authored
BugLink: https://bugs.launchpad.net/bugs/1850175 Currently ethtool -g shows the same size for current and max queue sizes. Signed-off-by:
-
Sameeh Jubran authored
BugLink: https://bugs.launchpad.net/bugs/1850175 Use MAX_QUEUES_EXT get feature capability to query the device. Signed-off-by:
Netanel Belgazal <netanel@amazon.com> Signed-off-by:
-
Arthur Kiyanovski authored
BugLink: https://bugs.launchpad.net/bugs/1850175 Add a new admin command to support different queue size for Tx/Rx queues (the change also support different SQ/CQ sizes) Signed-off-by:
-
Sameeh Jubran authored
BugLink: https://bugs.launchpad.net/bugs/1850175Signed-off-by:
-
Sameeh Jubran authored
BugLink: https://bugs.launchpad.net/bugs/1850175 Add a new statistics to ETHTOOL to specify if the device calculated and validated the Rx csum. Signed-off-by:
Evgeny Shmeilin <evgeny@annapurnaLabs.com> Signed-off-by:
-
Sameeh Jubran authored
BugLink: https://bugs.launchpad.net/bugs/1850175 This patch initially checks if CQ doorbell is needed before proceeding with the calculations. Signed-off-by:
Igor Chauskin <igorch@amazon.com> Signed-off-by:
-
Sameeh Jubran authored
BugLink: https://bugs.launchpad.net/bugs/1850175 Up until now the driver always used a single setting for the sizes of the different parts of the llq entry - 128 for entry size, 2 for descriptors before header and 96 for maximum header size. The current code makes sure that the parts of the llq entry are compatible with each other and with the initial llq entry size given by the device. This commit changes this code to support any llq entry size Signed-off-by:
-
Sameeh Jubran authored
BugLink: https://bugs.launchpad.net/bugs/1850175 Enable fallback to polling mode for Admin queue when identified a command response arrival without an accompanying MSI-X interrupt Signed-off-by:
-
Sameeh Jubran authored
BugLink: https://bugs.launchpad.net/bugs/1850175 Some pr_err prints lacked '\n' in the end. Added where missing. Signed-off-by:
-
Sameeh Jubran authored
BugLink: https://bugs.launchpad.net/bugs/1850175 Reverse christmas tree arrangement is when strings are written from longer to shorter with each line. Most of our functions are abiding this arrangement but this function does not. In this commit we arrange the variables of ena_probe() in reverse christmas tree. Signed-off-by:
-
Sameeh Jubran authored
BugLink: https://bugs.launchpad.net/bugs/1850175 struct ena_ring holds a union of free_rx_ids and free_tx_ids. Both of the above fields mean the exact same thing and are used exactly the same way. Furthermore, these fields are always used with a prefix of the type of ring. So for tx it will be tx_ring->free_tx_ids, and for rx it will be rx_ring->free_rx_ids, which shows how redundant the "_tx" and "_rx" parts are. Furthermore still, this may lead to confusing code like where tx_ring->free_rx_ids which works correctly but looks like a mess. This commit removes the aforementioned redundancy by replacing the free_rx/tx_ids union with a single free_ids field. It also changes a single goto label name from err_free_tx_ids: to err_tx_free_ids: for consistency with the above new notation. Signed-off-by:
-
Arthur Kiyanovski authored
BugLink: https://bugs.launchpad.net/bugs/1850175 This commit adds a mechanism for exposing different device properties via ethtool's priv_flags. The strings are provided by the device and copied to user space through the driver. In this commit we: Add commands, structs and defines necessary for handling extra properties Add functions for: Allocation/destruction of a buffer for extra properties strings. Retreival of extra properties strings and flags from the network device. Handle the allocation of a buffer for extra properties strings. * Initialize buffer with extra properties strings from the network device at driver startup. Use ethtool's get_priv_flags to expose extra properties of the ENA device Signed-off-by:
-
Sameeh Jubran authored
BugLink: https://bugs.launchpad.net/bugs/1850175 There is a maximum TX burst size that the ENA device can handle. It is exposed by the device to the driver and the driver needs to comply with it to avoid bugs. In this commit we: 1. Add ena_com_is_doorbell_needed(), which calculates the number of llq entries that will be used to hold a packet, and will return true if they exceed the number of allowed entries in a burst. If the function returns true, a doorbell needs to be invoked to send this packet in the next burst. 2. Follow the available entries in the current burst: - Every doorbell a new burst begins - With each write of an llq entry, the available entries in the current burst are decreased by 1. Signed-off-by:
-
Sameeh Jubran authored
BugLink: https://bugs.launchpad.net/bugs/1850175 ena_com_fill_hash_function() didn't configure the rss->hash_func. Fixes: 1738cd3e ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)") Signed-off-by:
-
Sameeh Jubran authored
BugLink: https://bugs.launchpad.net/bugs/1850175 Adaptive interrupt moderation was erroneously enabled by default in the driver. In case the device supports adaptive interrupt moderation it will be automatically used, which may potentially increase latency. The adaptive moderation can be enabled from ethtool command in case the feature is supported by the device. Fixes: 1738cd3e ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)") Signed-off-by:
Guy Tzalik <gtzalik@amazon.com> Signed-off-by:
-
Sameeh Jubran authored
BugLink: https://bugs.launchpad.net/bugs/1850175 ena_com_config_llq_info() returns 0 even if ena_com_set_llq() fails. Return the failure code of ena_com_set_llq() in case it fails. fixes: 689b2bda ("net: ena: add functions for handling Low Latency Queues in ena_com") Signed-off-by:
-
Sameeh Jubran authored
BugLink: https://bugs.launchpad.net/bugs/1850175 ena_com_set_hash_function() tests if a hash function is supported by the device before setting it. The test returns the opposite result than needed. Reverse the condition to return the correct value. Also use the BIT macro instead of inline shift. Fixes: 1738cd3e ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)") Signed-off-by:
-
Sameeh Jubran authored
BugLink: https://bugs.launchpad.net/bugs/1850175 ena_up() calls ena_init_napi() but does not call ena_del_napi() in case of failure. This causes a segmentation fault upon rmmod when netif_napi_del() is called. Fix this bug by calling ena_del_napi() before returning error from ena_up(). Fixes: 1738cd3e ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)") Signed-off-by:
-
Sameeh Jubran authored
BugLink: https://bugs.launchpad.net/bugs/1850175 second parameter should be the index of the table rather than the value. Fixes: 1738cd3e ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)") Signed-off-by:
Saeed Bshara <saeedb@amazon.com> Signed-off-by:
-
Sameeh Jubran authored
BugLink: https://bugs.launchpad.net/bugs/1850175 In some cases when a queue related allocation fails, successful past allocations are freed but the pointer that pointed to them is not set to NULL. This is a problem for 2 reasons: 1. This is generally a bad practice since this pointer might be accidentally accessed in the future. 2. Future allocations using the same pointer check if the pointer is NULL and fail if it is not. Fixed this by setting such pointers to NULL in the allocation of queue related objects. Also refactored the code of ena_setup_tx_resources() to goto-style error handling to avoid code duplication of resource freeing. Fixes: 1738cd3e ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)") Signed-off-by:
-
Sameeh Jubran authored
BugLink: https://bugs.launchpad.net/bugs/1850175 BugLink: https://bugs.launchpad.net/bugs/1838700 [ Upstream commit f9133088 ] GCC 8 contains a number of new warnings as well as enhancements to existing checkers. The warning - Wstringop-truncation - warns for calls to bounded string manipulation functions such as strncat, strncpy, and stpncpy that may either truncate the copied string or leave the destination unchanged. In our case the destination string length (32 bytes) is much shorter than the source string (64 bytes) which causes this warning to show up. In general the destination has to be at least a byte larger than the length of the source string with strncpy for this warning not to showup. This can be easily fixed by using strlcpy instead which already does the truncation to the string. Documentation for this function can be found here: https://elixir.bootlin.com/linux/latest/source/lib/string.c#L141 Fixes: 1738cd3e ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)") Signed-off-by:
Sasha Levin <sashal@kernel.org> Signed-off-by:
-
Baoyou Xie authored
BugLink: https://bugs.launchpad.net/bugs/1849871 Some cameras post inaccurate frame where next frame data overlap it. this results in screen flicker, and it need to be prevented. So this patch marks the buffer error to discard the frame where buffer overflow. Signed-off-by:
Baoyou Xie <baoyou.xie@linaro.org> Reviewed-by:
Laurent Pinchart <laurent.pinchart@ideasonboard.com> Signed-off-by:
Mauro Carvalho Chehab <mchehab@s-opensource.com> (cherry picked from commit dfc1648c) Signed-off-by:
Kai-Heng Feng <kai.heng.feng@canonical.com> Acked-by:
-
Vincent Guittot authored
CVE-2018-20784 This re-applies the commit reverted here: commit c40f7d74 ("sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f654") I.e. now that cfs_rq can be safely removed/added in the list, we can re-apply: commit a9e7f654 ("sched/fair: Fix O(nr_cgroups) in load balance path") Signed-off-by:
Vincent Guittot <vincent.guittot@linaro.org> Signed-off-by:
Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: sargun@sargun.me Cc: tj@kernel.org Cc: xiexiuqi@huawei.com Cc: xiezhipeng1@huawei.com Link: https://lkml.kernel.org/r/1549469662-13614-3-git-send-email-vincent.guittot@linaro.orgSigned-off-by:
Ingo Molnar <mingo@kernel.org> (backported from commit 039ae8bc) [ Connor Kuehl: In 'cfs_rq_is_decayed' the data member 'runnable_load_sum' belongs to struct cfs_rq and not sched_avg, so update that. Some instances of 'for_each_leaf_cfs_rq' required manual updating to the new 'for_each_leaf_cfs_rq_safe' and the last hunk for 'update_blocked_averages' required manual placement. ] Signed-off-by:
Sultan Alsawaf <sultan.alsawaf@canonical.com> Acked-by:
-
