1. 09 Mar, 2018 1 commit
    • Mark Rutland's avatar
      efi/arm*: Only register page tables when they exist · 6b31a2fa
      Mark Rutland authored
      Currently the arm/arm64 runtime code registers the runtime servies
      pagetables with ptdump regardless of whether runtime services page
      tables have been created.
      
      As efi_mm.pgd is NULL in these cases, attempting to dump the efi page
      tables results in a NULL pointer dereference in the ptdump code:
      
      /sys/kernel/debug# cat efi_page_tables
      [  479.522600] Unable to handle kernel NULL pointer dereference at virtual address 00000000
      [  479.522715] Mem abort info:
      [  479.522764]   ESR = 0x96000006
      [  479.522850]   Exception class = DABT (current EL), IL = 32 bits
      [  479.522899]   SET = 0, FnV = 0
      [  479.522937]   EA = 0, S1PTW = 0
      [  479.528200] Data abort info:
      [  479.528230]   ISV = 0, ISS = 0x00000006
      [  479.528317]   CM = 0, WnR = 0
      [  479.528317] user pgtable: 4k pages, 48-bit VAs, pgd = 0000000064ab0cb0
      [  479.528449] [0000000000000000] *pgd=00000000fbbe4003, *pud=00000000fb66e003, *pmd=0000000000000000
      [  479.528600] Internal error: Oops: 96000006 [#1] PREEMPT SMP
      [  479.528664] Modules linked in:
      [  479.528699] CPU: 0 PID: 2457 Comm: cat Not tainted 4.15.0-rc3-00065-g2ad2ee7ecb5c-dirty #7
      [  479.528799] Hardware name: FVP Base (DT)
      [  479.528899] pstate: 00400009 (nzcv daif +PAN -UAO)
      [  479.528941] pc : walk_pgd.isra.1+0x20/0x1d0
      [  479.529011] lr : ptdump_walk_pgd+0x30/0x50
      [  479.529105] sp : ffff00000bf4bc20
      [  479.529185] x29: ffff00000bf4bc20 x28: 0000ffff9d22e000
      [  479.529271] x27: 0000000000020000 x26: ffff80007b4c63c0
      [  479.529358] x25: 00000000014000c0 x24: ffff80007c098900
      [  479.529445] x23: ffff00000bf4beb8 x22: 0000000000000000
      [  479.529532] x21: ffff00000bf4bd70 x20: 0000000000000001
      [  479.529618] x19: ffff00000bf4bcb0 x18: 0000000000000000
      [  479.529760] x17: 000000000041a1c8 x16: ffff0000082139d8
      [  479.529800] x15: 0000ffff9d3c6030 x14: 0000ffff9d2527f4
      [  479.529924] x13: 00000000000003f3 x12: 0000000000000038
      [  479.530000] x11: 0000000000000003 x10: 0101010101010101
      [  479.530099] x9 : 0000000017e94050 x8 : 000000000000003f
      [  479.530226] x7 : 0000000000000000 x6 : 0000000000000000
      [  479.530313] x5 : 0000000000000001 x4 : 0000000000000000
      [  479.530416] x3 : ffff000009069fd8 x2 : 0000000000000000
      [  479.530500] x1 : 0000000000000000 x0 : 0000000000000000
      [  479.530599] Process cat (pid: 2457, stack limit = 0x000000005d1b0e6f)
      [  479.530660] Call trace:
      [  479.530746]  walk_pgd.isra.1+0x20/0x1d0
      [  479.530833]  ptdump_walk_pgd+0x30/0x50
      [  479.530907]  ptdump_show+0x10/0x20
      [  479.530920]  seq_read+0xc8/0x470
      [  479.531023]  full_proxy_read+0x60/0x90
      [  479.531100]  __vfs_read+0x18/0x100
      [  479.531180]  vfs_read+0x88/0x160
      [  479.531267]  SyS_read+0x48/0xb0
      [  479.531299]  el0_svc_naked+0x20/0x24
      [  479.531400] Code: 91400420 f90033a0 a90707a2 f9403fa0 (f9400000)
      [  479.531499] ---[ end trace bfe8e28d8acb2b67 ]---
      Segmentation fault
      
      Let's avoid this problem by only registering the tables after their
      successful creation, which is also less confusing when EFI runtime
      services are not in use.
      Reported-by: default avatarWill Deacon <will.deacon@arm.com>
      Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Acked-by: default avatarWill Deacon <will.deacon@arm.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Matt Fleming <matt@codeblueprint.co.uk>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: linux-efi@vger.kernel.org
      Link: http://lkml.kernel.org/r/20180308080020.22828-2-ard.biesheuvel@linaro.orgSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      6b31a2fa
  2. 08 Mar, 2018 2 commits
  3. 07 Mar, 2018 7 commits
    • Arkadiusz Hiler's avatar
      Revert "Input: synaptics - Lenovo Thinkpad T460p devices should use RMI" · 5444a992
      Arkadiusz Hiler authored
      This reverts commit 48282969 which
      caused the following issues:
      
      1. On T460p with BIOS version 2.22 touchpad and trackpoint stop working
      after suspend-resume cycle. Due to strange state of the device another
      suspend is impossible.
      
      The following dmesg errors can be observed:
      thinkpad_acpi: EC reports that Thermal Table has changed
      rmi4_smbus 7-002c: failed to get SMBus version number!
      rmi4_physical rmi4-00: rmi_driver_reset_handler: Failed to read current IRQ mask.
      rmi4_f01 rmi4-00.fn01: Failed to restore normal operation: -16.
      rmi4_f01 rmi4-00.fn01: Resume failed with code -16.
      rmi4_physical rmi4-00: Failed to suspend functions: -16
      rmi4_smbus 7-002c: Failed to resume device: -16
      PM: resume devices took 0.640 seconds
      rmi4_f03 rmi4-00.fn03: rmi_f03_pt_write: Failed to write to F03 TX register (-16).
      rmi4_physical rmi4-00: rmi_driver_clear_irq_bits: Failed to change enabled interrupts!
      rmi4_physical rmi4-00: rmi_driver_set_irq_bits: Failed to change enabled interrupts!
      psmouse: probe of serio3 failed with error -1
      
      2. On another T460p with BIOS version 2.15 two finger scrolling gesture
      on the touchpad stops working after suspend-resume cycle (about 75%
      reproducibility, when it still works, the scrolling gesture becomes
      laggy). Nothing suspicious appears in the dmesg.
      
      Analysis form Richard Schütz:
      
      "RMI is unreliable on the ThinkPad T460p because the device is affected
      by the firmware behavior addressed in a7ae8195 ("i2c: i801: Allow
      ACPI SystemIO OpRegion to conflict with PCI BAR")."
      
      The affected devices often show:
      
      i801_smbus 0000:00:1f.4: BIOS is accessing SMBus registers
      i801_smbus 0000:00:1f.4: Driver SMBus register access inhibited
      Reported-by: default avatarRichard Schütz <rschuetz@uni-koblenz.de>
      Signed-off-by: default avatarArkadiusz Hiler <arkadiusz.hiler@intel.com>
      Tested-by: default avatarMartin Peres <martin.peres@linux.intel.com>
      Tested-by: default avatarArkadiusz Hiler <arkadiusz.hiler@intel.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
      5444a992
    • Linus Torvalds's avatar
      Merge tag 'gfs2-4.16.rc4.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 · ea9b5ee3
      Linus Torvalds authored
      Pull gfs2 fix from Bob Peterson:
       "An additional patch from Andreas Gruenbacher that fixes another
        unfortunate GFS2 regression"
      
      * tag 'gfs2-4.16.rc4.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2:
        gfs2: Fixes to "Implement iomap for block_map" (2)
      ea9b5ee3
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · 69f39c57
      Linus Torvalds authored
      Pull s390 fixes from Martin Schwidefsky:
       "Nine bug fixes for s390:
      
         - Three fixes for the expoline code, one of them is strictly speaking
           a cleanup but as it relates to code added with 4.16 I would like to
           include the patch.
      
         - Three timer related fixes in the common I/O layer
      
         - A fix for the handling of internal DASD request which could cause
           panics.
      
         - One correction in regard to the accounting of pud page tables vs.
           compat tasks.
      
         - The register scrubbing in entry.S caused spurious crashes, this is
           fixed now as well"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390/entry.S: fix spurious zeroing of r0
        s390: Fix runtime warning about negative pgtables_bytes
        s390: do not bypass BPENTER for interrupt system calls
        s390/cio: clear timer when terminating driver I/O
        s390/cio: fix return code after missing interrupt
        s390/cio: fix ccw_device_start_timeout API
        s390/clean-up: use CFI_* macros in entry.S
        s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*)
        s390/dasd: fix handling of internal requests
      69f39c57
    • Linus Torvalds's avatar
      Merge tag 'regulator-fix-v4.16-rc4' of... · b910a918
      Linus Torvalds authored
      Merge tag 'regulator-fix-v4.16-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator
      
      Pull regulator fixes from Mark Brown:
       "A couple of fixes here:
      
         - another half of the supend to idle fix from Geert that went in
           earlier, both he and I are confused as to why he didn't notice that
           this was missing when his earlier fix was merged.
      
         - a simple fix for a test done the wrong way round in the
           stm32-vrefbuf driver"
      
      * tag 'regulator-fix-v4.16-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
        regulator: Fix resume from suspend to idle
        regulator: stm32-vrefbuf: fix check on ready flag
      b910a918
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · be75b1b8
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "This is mostly fixes for driver specific issues (nine of them) and the
        storvsc performance improvement with interrupt handling which was
        dropped from the previous fixes pull request.
      
        We also have two regressions: one is a double call_rcu() in ATA error
        handling and the other is a missed conversion to BLK_STS_OK in
        __scsi_error_from_host_byte()"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: qedi: Fix kernel crash during port toggle
        scsi: qla2xxx: Fix FC-NVMe LUN discovery
        scsi: core: return BLK_STS_OK for DID_OK in __scsi_error_from_host_byte()
        scsi: core: Avoid that ATA error handling can trigger a kernel hang or oops
        scsi: qla2xxx: ensure async flags are reset correctly
        scsi: qla2xxx: do not check login_state if no loop id is assigned
        scsi: qla2xxx: Fixup locking for session deletion
        scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS
        scsi: mpt3sas: wait for and flush running commands on shutdown/unload
        scsi: mpt3sas: fix oops in error handlers after shutdown/unload
        scsi: storvsc: Spread interrupts when picking a channel for I/O requests
        scsi: megaraid_sas: Do not use 32-bit atomic request descriptor for Ventura controllers
      be75b1b8
    • Andreas Gruenbacher's avatar
      gfs2: Fixes to "Implement iomap for block_map" (2) · 3b5da96e
      Andreas Gruenbacher authored
      It turns out that commit 3229c18c0d6b2 'Fixes to "Implement iomap for
      block_map"' introduced another bug in gfs2_iomap_begin that can cause
      gfs2_block_map to set bh->b_size of an actual buffer to 0.  This can
      lead to arbitrary incorrect behavior including crashes or disk
      corruption.  Revert the incorrect part of that commit.
      Signed-off-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
      Signed-off-by: default avatarBob Peterson <rpeterso@redhat.com>
      3b5da96e
    • Mark Brown's avatar
      Merge remote-tracking branches 'regulator/fix/resume' and... · 82a917c5
      Mark Brown authored
      Merge remote-tracking branches 'regulator/fix/resume' and 'regulator/fix/stm32-vfrefbuf' into regulator-linus
      82a917c5
  4. 06 Mar, 2018 5 commits
  5. 05 Mar, 2018 18 commits
  6. 04 Mar, 2018 7 commits
    • Guillaume Nault's avatar
      ppp: prevent unregistered channels from connecting to PPP units · 77f840e3
      Guillaume Nault authored
      PPP units don't hold any reference on the channels connected to it.
      It is the channel's responsibility to ensure that it disconnects from
      its unit before being destroyed.
      In practice, this is ensured by ppp_unregister_channel() disconnecting
      the channel from the unit before dropping a reference on the channel.
      
      However, it is possible for an unregistered channel to connect to a PPP
      unit: register a channel with ppp_register_net_channel(), attach a
      /dev/ppp file to it with ioctl(PPPIOCATTCHAN), unregister the channel
      with ppp_unregister_channel() and finally connect the /dev/ppp file to
      a PPP unit with ioctl(PPPIOCCONNECT).
      
      Once in this situation, the channel is only held by the /dev/ppp file,
      which can be released at anytime and free the channel without letting
      the parent PPP unit know. Then the ppp structure ends up with dangling
      pointers in its ->channels list.
      
      Prevent this scenario by forbidding unregistered channels from
      connecting to PPP units. This maintains the code logic by keeping
      ppp_unregister_channel() responsible from disconnecting the channel if
      necessary and avoids modification on the reference counting mechanism.
      
      This issue seems to predate git history (successfully reproduced on
      Linux 2.6.26 and earlier PPP commits are unrelated).
      Signed-off-by: default avatarGuillaume Nault <g.nault@alphalink.fr>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      77f840e3
    • Davide Caratti's avatar
      tc-testing: skbmod: fix match value of ethertype · 79f3a8e6
      Davide Caratti authored
      iproute2 print_skbmod() prints the configured ethertype using format 0x%X:
      therefore, test 9aa8 systematically fails, because it configures action #4
      using ethertype 0x0031, and expects 0x0031 when it reads it back. Changing
      the expected value to 0x31 lets the test result 'not ok' become 'ok'.
      
      tested with:
       # ./tdc.py -e 9aa8
       Test 9aa8: Get a single skbmod action from a list
       All test results:
      
       1..1
       ok 1 9aa8 Get a single skbmod action from a list
      
      Fixes: cf797ac4 ("tc-testing: Add test cases for police and skbmod")
      Signed-off-by: default avatarDavide Caratti <dcaratti@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      79f3a8e6
    • Shalom Toledo's avatar
      mlxsw: spectrum_switchdev: Check success of FDB add operation · 0a8a1bf1
      Shalom Toledo authored
      Until now, we assumed that in case of error when adding FDB entries, the
      write operation will fail, but this is not the case. Instead, we need to
      check that the number of entries reported in the response is equal to
      the number of entries specified in the request.
      
      Fixes: 56ade8fe ("mlxsw: spectrum: Add initial support for Spectrum ASIC")
      Reported-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Signed-off-by: default avatarShalom Toledo <shalomt@mellanox.com>
      Reviewed-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Signed-off-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0a8a1bf1
    • Linus Torvalds's avatar
      Linux 4.16-rc4 · 661e50bc
      Linus Torvalds authored
      661e50bc
    • David S. Miller's avatar
      Merge branch 'GSO_BY_FRAGS-correctness-improvements' · 19f6484f
      David S. Miller authored
      Daniel Axtens says:
      
      ====================
      GSO_BY_FRAGS correctness improvements
      
      As requested [1], I went through and had a look at users of gso_size to
      see if there were things that need to be fixed to consider
      GSO_BY_FRAGS, and I have tried to improve our helper functions to deal
      with this case.
      
      I found a few. This fixes bugs relating to the use of
      skb_gso_*_seglen() where GSO_BY_FRAGS is not considered.
      
      Patch 1 renames skb_gso_validate_mtu to skb_gso_validate_network_len.
      This is follow-up to my earlier patch 2b16f048 ("net: create
      skb_gso_validate_mac_len()"), and just makes everything a bit clearer.
      
      Patches 2 and 3 replace the final users of skb_gso_network_seglen() -
      which doesn't consider GSO_BY_FRAGS - with
      skb_gso_validate_network_len(), which does. This allows me to make the
      skb_gso_*_seglen functions private in patch 4 - now future users won't
      accidentally do the wrong comparison.
      
      Two things remain. One is qdisc_pkt_len_init, which is discussed at
      [2] - it's caught up in the GSO_DODGY mess. I don't have any expertise
      in GSO_DODGY, and it looks like a good clean fix will involve
      unpicking the whole validation mess, so I have left it for now.
      
      Secondly, there are 3 eBPF opcodes that change the gso_size of an SKB
      and don't consider GSO_BY_FRAGS. This is going through the bpf tree.
      
      Regards,
      Daniel
      
      [1] https://patchwork.ozlabs.org/comment/1852414/
      [2] https://www.spinics.net/lists/netdev/msg482397.html
      
      PS: This is all in the core networking stack. For a driver to be
      affected by this it would need to support NETIF_F_GSO_SCTP /
      NETIF_F_GSO_SOFTWARE and then either use gso_size or not be a purely
      virtual device. (Many drivers look at gso_size, but do not support
      SCTP segmentation, so the core network will segment an SCTP gso before
      it hits them.) Based on that, the only driver that may be affected is
      sunvnet, but I have no way of testing it, so I haven't looked at it.
      
      v2: split out bpf stuff
          fix review comments from Dave Miller
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      19f6484f
    • Daniel Axtens's avatar
      net: make skb_gso_*_seglen functions private · a4a77718
      Daniel Axtens authored
      They're very hard to use properly as they do not consider the
      GSO_BY_FRAGS case. Code should use skb_gso_validate_network_len
      and skb_gso_validate_mac_len as they do consider this case.
      
      Make the seglen functions static, which stops people using them
      outside of skbuff.c
      Signed-off-by: default avatarDaniel Axtens <dja@axtens.net>
      Reviewed-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a4a77718
    • Daniel Axtens's avatar
      net: xfrm: use skb_gso_validate_network_len() to check gso sizes · 80f5974d
      Daniel Axtens authored
      Replace skb_gso_network_seglen() with
      skb_gso_validate_network_len(), as it considers the GSO_BY_FRAGS
      case.
      Signed-off-by: default avatarDaniel Axtens <dja@axtens.net>
      Reviewed-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      80f5974d