1. 19 Mar, 2019 1 commit
  2. 18 Mar, 2019 11 commits
  3. 15 Mar, 2019 5 commits
  4. 14 Mar, 2019 1 commit
  5. 13 Mar, 2019 2 commits
    • Volker Haspel's avatar
      spi: spi-fsl-qspi: use devm_spi_register_controller · 8fcb830a
      Volker Haspel authored
      The driver does not clearly unregister the spi controller.
      Therefore calling an unbind and bind again will end up in a
      Kernel crash.
      
      The function devm_spi_register_controller will automatically
      be unregister the SPI device.
      Signed-off-by: default avatarVolker Haspel <volker.haspel@linutronix.de>
      Signed-off-by: default avatarJohn Ogness <john.ogness@linutronix.de>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      8fcb830a
    • Trent Piepho's avatar
      spi: imx: stop buffer overflow in RX FIFO flush · c842749e
      Trent Piepho authored
      Commit 71abd290 ("spi: imx: Add support for SPI Slave mode") added
      an RX FIFO flush before start of a transfer.  In slave mode, the master
      may have sent more data than expected and this data will still be in the
      RX FIFO at the start of the next transfer, and so needs to be flushed.
      
      However, the code to do the flush was accidentally saving this data into
      the previous transfer's RX buffer, clobbering the contents of whatever
      followed that buffer.
      
      Change it to empty the FIFO and throw away the data.  Every one of the
      RX functions for the different eCSPI versions and modes reads the RX
      FIFO data using the same readl() call, so just use that, rather than
      using the spi_imx->rx function pointer and making sure all the different
      rx functions have a working "throw away" mode.
      
      There is another issue, which affects master mode when switching from
      DMA to PIO.  There can be extra data in the RX FIFO which triggers this
      flush code, causing memory corruption in the same manner.  I don't know
      why this data is unexpectedly in the FIFO.  It's likely there is a
      different bug or erratum responsible for that.  But regardless of that,
      I think this is proper fix the for bug at hand here.
      
      Fixes: 71abd290 ("spi: imx: Add support for SPI Slave mode")
      Cc: Jiada Wang <jiada_wang@mentor.com>
      Cc: Fabio Estevam <festevam@gmail.com>
      Cc: Stefan Agner <stefan@agner.ch>
      Cc: Shawn Guo <shawnguo@kernel.org>
      Signed-off-by: default avatarTrent Piepho <tpiepho@impinj.com>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      c842749e
  6. 11 Mar, 2019 3 commits
    • Trent Piepho's avatar
      spi: imx: add module parameter to control DMA use · 0a9c8998
      Trent Piepho authored
      Add the boolean module parameter "use_dma" to control the use of DMA by
      the driver.  There are about two dozen other drivers with a "use_dma"
      parameter of some sort.
      
      DMA may allow faster and more efficient transfers than using PIO, but it
      also adds overhead for small transfers.
      
      High speed receive operations may be less likely to have issues with
      FIFO overflow when using DMA than when using PIO.
      
      The eCSPI appears to insert a 4 bit pause after each word in DMA mode,
      not done in PIO mode, which can make DMA transfers 50% slower than PIO.
      
      In some cases DMA may be a net win while in others PIO might be.  It
      depends on the application.  So allow DMA to be enabled or disabled at
      the driver level.  The default will be to have it enabled when possible.
      Signed-off-by: default avatarTrent Piepho <tpiepho@impinj.com>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      0a9c8998
    • Arnd Bergmann's avatar
      spi: work around clang bug in SPI_BPW_RANGE_MASK() · eefffb42
      Arnd Bergmann authored
      Clang-8 evaluates both sides of a ?: expression to check for
      valid arithmetic even in the side that is never taken. This
      results in a build warning:
      
      drivers/spi/spi-sh-msiof.c:1052:24: error: shift count >= width of type [-Werror,-Wshift-count-overflow]
              .bits_per_word_mask = SPI_BPW_RANGE_MASK(8, 32),
                                    ^~~~~~~~~~~~~~~~~~~~~~~~~
      
      Change the implementation to use the GENMASK() macro that does
      what we want here but does not have a problem with the shift
      count overflow.
      
      Link: https://bugs.llvm.org/show_bug.cgi?id=38789Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      eefffb42
    • Chris Lesiak's avatar
      spi: Fix zero length xfer bug · 5442dcaa
      Chris Lesiak authored
      This fixes a bug for messages containing both zero length and
      unidirectional xfers.
      
      The function spi_map_msg will allocate dummy tx and/or rx buffers
      for use with unidirectional transfers when the hardware can only do
      a bidirectional transfer.  That dummy buffer will be used in place
      of a NULL buffer even when the xfer length is 0.
      
      Then in the function __spi_map_msg, if he hardware can dma,
      the zero length xfer will have spi_map_buf called on the dummy
      buffer.
      
      Eventually, __sg_alloc_table is called and returns -EINVAL
      because nents == 0.
      
      This fix prevents the error by not using the dummy buffer when
      the xfer length is zero.
      Signed-off-by: default avatarChris Lesiak <chris.lesiak@licor.com>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      5442dcaa
  7. 04 Mar, 2019 3 commits
  8. 03 Mar, 2019 2 commits
  9. 02 Mar, 2019 11 commits
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · e7c42a89
      Linus Torvalds authored
      Pull x86 fixes from Thomas Gleixner:
       "Two last minute fixes:
      
         - Prevent value evaluation via functions happening in the user access
           enabled region of __put_user() (put another way: make sure to
           evaluate the value to be stored in user space _before_ enabling
           user space accesses)
      
         - Correct the definition of a Hyper-V hypercall constant"
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/hyper-v: Fix definition of HV_MAX_FLUSH_REP_COUNT
        x86/uaccess: Don't leak the AC flag into __put_user() value evaluation
      e7c42a89
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · df49fd0f
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Nine small fixes.
      
        The resume fix is a cosmetic removal of a warning with an incorrect
        condition causing it to alarm people wrongly.
      
        The other eight patches correct a thinko in Christoph Hellwig's DMA
        conversion series. Without it all these drivers end up with 32 bit DMA
        masks meaning they bounce any page over 4GB before sending it to the
        controller.
      
        Nowadays, even laptops mostly have memory above 4GB, so this can lead
        to significant performance degradation with all the bouncing"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: core: Avoid that system resume triggers a kernel warning
        scsi: hptiop: fix calls to dma_set_mask()
        scsi: hisi_sas: fix calls to dma_set_mask_and_coherent()
        scsi: csiostor: fix calls to dma_set_mask_and_coherent()
        scsi: bfa: fix calls to dma_set_mask_and_coherent()
        scsi: aic94xx: fix calls to dma_set_mask_and_coherent()
        scsi: 3w-sas: fix calls to dma_set_mask_and_coherent()
        scsi: 3w-9xxx: fix calls to dma_set_mask_and_coherent()
        scsi: lpfc: fix calls to dma_set_mask_and_coherent()
      df49fd0f
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · c93d9218
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix refcount leak in act_ipt during replace, from Davide Caratti.
      
       2) Set task state properly in tun during blocking reads, from Timur
          Celik.
      
       3) Leaked reference in DSA, from Wen Yang.
      
       4) NULL deref in act_tunnel_key, from Vlad Buslov.
      
       5) cipso_v4_erro can reference the skb IPCB in inappropriate contexts
          thus referencing garbage, from Nazarov Sergey.
      
       6) Don't accept RTA_VIA and RTA_GATEWAY in contexts where those
          attributes make no sense.
      
       7) Fix hung sendto in tipc, from Tung Nguyen.
      
       8) Out-of-bounds access in netlabel, from Paul Moore.
      
       9) Grant reference leak in xen-netback, from Igor Druzhinin.
      
      10) Fix tx stalls with lan743x, from Bryan Whitehead.
      
      11) Fix interrupt storm with mv88e6xxx, from Hein Kallweit.
      
      12) Memory leak in sit on device registry failure, from Mao Wenan.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (44 commits)
        net: sit: fix memory leak in sit_init_net()
        net: dsa: mv88e6xxx: Fix statistics on mv88e6161
        geneve: correctly handle ipv6.disable module parameter
        net: dsa: mv88e6xxx: prevent interrupt storm caused by mv88e6390x_port_set_cmode
        bpf: fix sanitation rewrite in case of non-pointers
        ipv4: Add ICMPv6 support when parse route ipproto
        MIPS: eBPF: Fix icache flush end address
        lan743x: Fix TX Stall Issue
        net: phy: phylink: fix uninitialized variable in phylink_get_mac_state
        net: aquantia: regression on cpus with high cores: set mode with 8 queues
        selftests: fixes for UDP GRO
        bpf: drop refcount if bpf_map_new_fd() fails in map_create()
        net: dsa: mv88e6xxx: power serdes on/off for 10G interfaces on 6390X
        net: dsa: mv88e6xxx: Fix u64 statistics
        xen-netback: don't populate the hash cache on XenBus disconnect
        xen-netback: fix occasional leak of grant ref mappings under memory pressure
        sctp: chunk.c: correct format string for size_t in printk
        net: netem: fix skb length BUG_ON in __skb_to_sgvec
        netlabel: fix out-of-bounds memory accesses
        ipv4: Pass original device to ip_rcv_finish_core
        ...
      c93d9218
    • Linus Torvalds's avatar
      Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · fa3294c5
      Linus Torvalds authored
      Pull more crypto fixes from Herbert Xu:
       "This fixes a couple of issues in arm64/chacha that was introduced in
        5.0"
      
      * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: arm64/chacha - fix hchacha_block_neon() for big endian
        crypto: arm64/chacha - fix chacha_4block_xor_neon() for big endian
      fa3294c5
    • Mao Wenan's avatar
      net: sit: fix memory leak in sit_init_net() · 07f12b26
      Mao Wenan authored
      If register_netdev() is failed to register sitn->fb_tunnel_dev,
      it will go to err_reg_dev and forget to free netdev(sitn->fb_tunnel_dev).
      
      BUG: memory leak
      unreferenced object 0xffff888378daad00 (size 512):
        comm "syz-executor.1", pid 4006, jiffies 4295121142 (age 16.115s)
        hex dump (first 32 bytes):
          00 e6 ed c0 83 88 ff ff 00 00 00 00 00 00 00 00  ................
          00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
      backtrace:
          [<00000000d6dcb63e>] kvmalloc include/linux/mm.h:577 [inline]
          [<00000000d6dcb63e>] kvzalloc include/linux/mm.h:585 [inline]
          [<00000000d6dcb63e>] netif_alloc_netdev_queues net/core/dev.c:8380 [inline]
          [<00000000d6dcb63e>] alloc_netdev_mqs+0x600/0xcc0 net/core/dev.c:8970
          [<00000000867e172f>] sit_init_net+0x295/0xa40 net/ipv6/sit.c:1848
          [<00000000871019fa>] ops_init+0xad/0x3e0 net/core/net_namespace.c:129
          [<00000000319507f6>] setup_net+0x2ba/0x690 net/core/net_namespace.c:314
          [<0000000087db4f96>] copy_net_ns+0x1dc/0x330 net/core/net_namespace.c:437
          [<0000000057efc651>] create_new_namespaces+0x382/0x730 kernel/nsproxy.c:107
          [<00000000676f83de>] copy_namespaces+0x2ed/0x3d0 kernel/nsproxy.c:165
          [<0000000030b74bac>] copy_process.part.27+0x231e/0x6db0 kernel/fork.c:1919
          [<00000000fff78746>] copy_process kernel/fork.c:1713 [inline]
          [<00000000fff78746>] _do_fork+0x1bc/0xe90 kernel/fork.c:2224
          [<000000001c2e0d1c>] do_syscall_64+0xc8/0x580 arch/x86/entry/common.c:290
          [<00000000ec48bd44>] entry_SYSCALL_64_after_hwframe+0x49/0xbe
          [<0000000039acff8a>] 0xffffffffffffffff
      Signed-off-by: default avatarMao Wenan <maowenan@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      07f12b26
    • Andrew Lunn's avatar
      net: dsa: mv88e6xxx: Fix statistics on mv88e6161 · a6da21bb
      Andrew Lunn authored
      Despite what the datesheet says, the silicon implements the older way
      of snapshoting the statistics. Change the op.
      
      Reported-by: Chris.Healy@zii.aero
      Tested-by: Chris.Healy@zii.aero
      Fixes: 0ac64c39 ("net: dsa: mv88e6xxx: mv88e6161 uses mv88e6320 stats snapshot")
      Signed-off-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a6da21bb
    • Jiri Benc's avatar
      geneve: correctly handle ipv6.disable module parameter · cf1c9ccb
      Jiri Benc authored
      When IPv6 is compiled but disabled at runtime, geneve_sock_add returns
      -EAFNOSUPPORT. For metadata based tunnels, this causes failure of the whole
      operation of bringing up the tunnel.
      
      Ignore failure of IPv6 socket creation for metadata based tunnels caused by
      IPv6 not being available.
      
      This is the same fix as what commit d074bf96 ("vxlan: correctly handle
      ipv6.disable module parameter") is doing for vxlan.
      
      Note there's also commit c0a47e44 ("geneve: should not call rt6_lookup()
      when ipv6 was disabled") which fixes a similar issue but for regular
      tunnels, while this patch is needed for metadata based tunnels.
      Signed-off-by: default avatarJiri Benc <jbenc@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cf1c9ccb
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · f08d6114
      David S. Miller authored
      Alexei Starovoitov says:
      
      ====================
      pull-request: bpf 2019-03-01
      
      The following pull-request contains BPF updates for your *net* tree.
      
      The main changes are:
      
      1) fix sanitation rewrite, from Daniel.
      
      2) fix error path on map_new_fd, from Peng.
      
      3) fix icache flush address, from Paul.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f08d6114
    • Heiner Kallweit's avatar
      net: dsa: mv88e6xxx: prevent interrupt storm caused by mv88e6390x_port_set_cmode · ed8fe202
      Heiner Kallweit authored
      When debugging another issue I faced an interrupt storm in this
      driver (88E6390, port 9 in SGMII mode), consisting of alternating
      link-up / link-down interrupts. Analysis showed that the driver
      wanted to set a cmode that was set already. But so far
      mv88e6390x_port_set_cmode() doesn't check this and powers down
      SERDES, what causes the link to break, and eventually results in
      the described interrupt storm.
      
      Fix this by checking whether the cmode actually changes. We want
      that the very first call to mv88e6390x_port_set_cmode() always
      configures the registers, therefore initialize port.cmode with
      a value that is different from any supported cmode value.
      We have to take care that we only init the ports cmode once
      chip->info->num_ports is set.
      
      v2:
      - add small helper and init the number of actual ports only
      
      Fixes: 364e9d77 ("net: dsa: mv88e6xxx: Power on/off SERDES on cmode change")
      Signed-off-by: default avatarHeiner Kallweit <hkallweit1@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ed8fe202
    • Daniel Borkmann's avatar
      bpf: fix sanitation rewrite in case of non-pointers · 3612af78
      Daniel Borkmann authored
      Marek reported that he saw an issue with the below snippet in that
      timing measurements where off when loaded as unpriv while results
      were reasonable when loaded as privileged:
      
          [...]
          uint64_t a = bpf_ktime_get_ns();
          uint64_t b = bpf_ktime_get_ns();
          uint64_t delta = b - a;
          if ((int64_t)delta > 0) {
          [...]
      
      Turns out there is a bug where a corner case is missing in the fix
      d3bd7413 ("bpf: fix sanitation of alu op with pointer / scalar
      type from different paths"), namely fixup_bpf_calls() only checks
      whether aux has a non-zero alu_state, but it also needs to test for
      the case of BPF_ALU_NON_POINTER since in both occasions we need to
      skip the masking rewrite (as there is nothing to mask).
      
      Fixes: d3bd7413 ("bpf: fix sanitation of alu op with pointer / scalar type from different paths")
      Reported-by: default avatarMarek Majkowski <marek@cloudflare.com>
      Reported-by: default avatarArthur Fabre <afabre@cloudflare.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Link: https://lore.kernel.org/netdev/CAJPywTJqP34cK20iLM5YmUMz9KXQOdu1-+BZrGMAGgLuBWz7fg@mail.gmail.com/T/Acked-by: default avatarSong Liu <songliubraving@fb.com>
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      3612af78
    • Hangbin Liu's avatar
      ipv4: Add ICMPv6 support when parse route ipproto · 5e1a99ea
      Hangbin Liu authored
      For ip rules, we need to use 'ipproto ipv6-icmp' to match ICMPv6 headers.
      But for ip -6 route, currently we only support tcp, udp and icmp.
      
      Add ICMPv6 support so we can match ipv6-icmp rules for route lookup.
      
      v2: As David Ahern and Sabrina Dubroca suggested, Add an argument to
      rtm_getroute_parse_ip_proto() to handle ICMP/ICMPv6 with different family.
      Reported-by: default avatarJianlin Shi <jishi@redhat.com>
      Fixes: eacb9384 ("ipv6: support sport, dport and ip_proto in RTM_GETROUTE")
      Signed-off-by: default avatarHangbin Liu <liuhangbin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5e1a99ea
  10. 01 Mar, 2019 1 commit
    • Paul Burton's avatar
      MIPS: eBPF: Fix icache flush end address · d1a2930d
      Paul Burton authored
      The MIPS eBPF JIT calls flush_icache_range() in order to ensure the
      icache observes the code that we just wrote. Unfortunately it gets the
      end address calculation wrong due to some bad pointer arithmetic.
      
      The struct jit_ctx target field is of type pointer to u32, and as such
      adding one to it will increment the address being pointed to by 4 bytes.
      Therefore in order to find the address of the end of the code we simply
      need to add the number of 4 byte instructions emitted, but we mistakenly
      add the number of instructions multiplied by 4. This results in the call
      to flush_icache_range() operating on a memory region 4x larger than
      intended, which is always wasteful and can cause crashes if we overrun
      into an unmapped page.
      
      Fix this by correcting the pointer arithmetic to remove the bogus
      multiplication, and use braces to remove the need for a set of brackets
      whilst also making it obvious that the target field is a pointer.
      Signed-off-by: default avatarPaul Burton <paul.burton@mips.com>
      Fixes: b6bd53f9 ("MIPS: Add missing file for eBPF JIT.")
      Cc: Alexei Starovoitov <ast@kernel.org>
      Cc: Daniel Borkmann <daniel@iogearbox.net>
      Cc: Martin KaFai Lau <kafai@fb.com>
      Cc: Song Liu <songliubraving@fb.com>
      Cc: Yonghong Song <yhs@fb.com>
      Cc: netdev@vger.kernel.org
      Cc: bpf@vger.kernel.org
      Cc: linux-mips@vger.kernel.org
      Cc: stable@vger.kernel.org # v4.13+
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      d1a2930d