- 19 Mar, 2019 1 commit
-
-
kbuild test robot authored
Fixes: 944c01a8 ("spi: lpspi: enable runtime pm for lpspi") Signed-off-by: kbuild test robot <lkp@intel.com> Signed-off-by: Mark Brown <broonie@kernel.org>
-
- 18 Mar, 2019 11 commits
-
-
Rasmus Villemoes authored
The MPC8309 has a dedicated signal, SPISEL_BOOT, usually used as chip select for the flash device from which the bootloader is loaded. It is not an ordinary gpio, but is simply controlled via the SPI_CS register in the system configuration. To allow accessing such a spi slave, we need to teach fsl_spi_cs_control() how to control the SPISEL_BOOT signal. To distinguish the gpio-controlled slaves, continue to have those use chip_select values of 0..ngpios-1, and use chip_select == ngpios for the boot flash. I'm not too happy with all the ifdeffery, but it seems to be necessary for guarding the sysdev/fsl_soc.h and use of get_immrbase() (spi-fsl-lib.c already contains similar ifdeffery). Googling suggests that the MPC8306 is similar, with the SPI_CS register at the same offset. Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk> Signed-off-by: Mark Brown <broonie@kernel.org>
-
Jan Kundrát authored
Signed-off-by: Jan Kundrát <jan.kundrat@cesnet.cz> Signed-off-by: Mark Brown <broonie@kernel.org>
-
Jan Kundrát authored
Commit b7bb367a added support for inserting delays in between individual words within a single SPI transaction. This makes it accessible from userspace. WARNING: This delay is silently ignored unless the SPI controller implements extra support for it. This is similar to how the in-kernel users handle the other existing property, spi_transfer->word_delay. Signed-off-by: Jan Kundrát <jan.kundrat@cesnet.cz> Signed-off-by: Mark Brown <broonie@kernel.org>
-
Clark Wang authored
Delete the extra space. Signed-off-by: Clark Wang <xiaoning.wang@nxp.com> Signed-off-by: Mark Brown <broonie@kernel.org>
-
Clark Wang authored
The spi_transfer *t will be used in one transfer whatever. If t is NULL, there has no need to try sending data, so add an error return here. Signed-off-by: Clark Wang <xiaoning.wang@nxp.com> Acked-by: Fugang Duan <Fugang.duan@nxp.com> Signed-off-by: Mark Brown <broonie@kernel.org>
-
Clark Wang authored
Add dma mode support for LPSPI. Any frame longer than half txfifosize will be sent by dma mode. For now, there are some limits: 1. The maximum transfer speed in master mode depends on the slave device, at least 40MHz(tested by spi-nor on 8qm-lpddr4-arm2 base board); 2. The maximum transfer speed in slave mode is 15MHz(imx7ulp), 22MHz(8qm/qxp). In order to reach the maximum speed which is mentioned in datasheet, the load of connect wires between master and slave should be less than 15pF. Signed-off-by: Clark Wang <xiaoning.wang@nxp.com> Acked-by: Fugang Duan <Fugang.duan@nxp.com> Signed-off-by: Mark Brown <broonie@kernel.org>
-
Clark Wang authored
Use the default implementation of transfer_one_msg/chipselect/setup functions in spi core to implement cs-gpio control. Use fsl_lpspi_prepare_message to init the cs_gpio pin. Signed-off-by: Clark Wang <xiaoning.wang@nxp.com> Acked-by: Fugang Duan <Fugang.duan@nxp.com> Signed-off-by: Mark Brown <broonie@kernel.org>
-
Clark Wang authored
Add a error info when set a speed which greater than half of per-clk of spi module. The minimum SCK period is 2 cycles(CCR[SCKDIV]). So the maximum transfer speed is half of spi per-clk. Signed-off-by: Clark Wang <xiaoning.wang@nxp.com> Signed-off-by: Mark Brown <broonie@kernel.org>
-
Han Xu authored
Enable the runtime power management for lpspi module. Do some adaptation work from kernel 4.9 to 4.14. Signed-off-by: Clark Wang <xiaoning.wang@nxp.com> Signed-off-by: Han Xu <han.xu@nxp.com> Reviewed-by: Frank Li <frank.li@nxp.com> Signed-off-by: Mark Brown <broonie@kernel.org>
-
Clark Wang authored
Add introductions of clocks and clock-names strings. Signed-off-by: Clark Wang <xiaoning.wang@nxp.com> Signed-off-by: Mark Brown <broonie@kernel.org>
-
Clark Wang authored
Add both ipg and per clock for lpspi to support i.MX8QM/QXP boards. Signed-off-by: Clark Wang <xiaoning.wang@nxp.com> Signed-off-by: Mark Brown <broonie@kernel.org>
-
- 15 Mar, 2019 5 commits
-
-
Ludovic Barre authored
This patch adds suspend and resume support for spi-stm32-qspi drivers. Signed-off-by: Ludovic Barre <ludovic.barre@st.com> Signed-off-by: Mark Brown <broonie@kernel.org>
-
Mark Brown authored
-
Ludovic Barre authored
This patch solves a memory corruption seen at 8 MHz. To avoid such issue, timeout counter is disabled. Signed-off-by: Ludovic Barre <ludovic.barre@st.com> Signed-off-by: Mark Brown <broonie@kernel.org>
-
Geert Uytterhoeven authored
While the sequencer is reset after each SPI message since commit 880c6d11 ("spi: rspi: Add support for Quad and Dual SPI Transfers on QSPI"), it was never reset for the first message, thus relying on reset state or bootloader settings. Fix this by initializing it explicitly during configuration. Fixes: 0b2182dd ("spi: add support for Renesas RSPI") Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be> Signed-off-by: Mark Brown <broonie@kernel.org>
-
Geert Uytterhoeven authored
The Renesas RSPI/QSPI driver performs SPI controller register initialization in its spi_operations.setup() callback, without calling pm_runtime_get_sync() first, which may cause spurious failures. So far this went unnoticed, as this SPI controller is typically used with a single SPI NOR FLASH containing the boot loader: 1. If the device's module clock is still enabled (left enabled by the bootloader, and not yet disabled by the clk_disable_unused() late initcall), register initialization succeeds, 2. If the device's module clock is disabled, register writes don't seem to cause lock-ups or crashes. Data received in the first SPI message may be corrupted, though. Subsequent SPI messages seem to be OK. E.g. on r8a7791/koelsch, one bit is lost while receiving the 6th byte of the JEDEC ID for the s25fl512s FLASH, corrupting that byte and all later bytes. But until commit a2126b0a ("mtd: spi-nor: refine Spansion S25FL512S ID"), the 6th byte was not considered for FLASH identification. Fix this by moving all initialization from the .setup() to the .prepare_message() callback. The latter is always called after the device has been runtime-resumed by the SPI core. This also makes the driver follow the rule that .setup() must not change global driver state or register values, as that might break a transfer in progress. Fixes: 490c9774 ("spi: rspi: Add runtime PM support, using spi core auto_runtime_pm") Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be> Signed-off-by: Mark Brown <broonie@kernel.org>
-
- 14 Mar, 2019 1 commit
-
-
Arnd Bergmann authored
Geert points out that I confused the min/max arguments that are reversed between SPI_BPW_RANGE_MASK() and GENMASK(). This time I have verified the result of the macro after fixing the arguments. Cc: Geert Uytterhoeven <geert@linux-m68k.org> Fixes: eefffb42 ("spi: work around clang bug in SPI_BPW_RANGE_MASK()") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be> Signed-off-by: Mark Brown <broonie@kernel.org>
-
- 13 Mar, 2019 2 commits
-
-
Volker Haspel authored
The driver does not clearly unregister the spi controller. Therefore calling an unbind and bind again will end up in a Kernel crash. The function devm_spi_register_controller will automatically be unregister the SPI device. Signed-off-by: Volker Haspel <volker.haspel@linutronix.de> Signed-off-by: John Ogness <john.ogness@linutronix.de> Signed-off-by: Mark Brown <broonie@kernel.org>
-
Trent Piepho authored
Commit 71abd290 ("spi: imx: Add support for SPI Slave mode") added an RX FIFO flush before start of a transfer. In slave mode, the master may have sent more data than expected and this data will still be in the RX FIFO at the start of the next transfer, and so needs to be flushed. However, the code to do the flush was accidentally saving this data into the previous transfer's RX buffer, clobbering the contents of whatever followed that buffer. Change it to empty the FIFO and throw away the data. Every one of the RX functions for the different eCSPI versions and modes reads the RX FIFO data using the same readl() call, so just use that, rather than using the spi_imx->rx function pointer and making sure all the different rx functions have a working "throw away" mode. There is another issue, which affects master mode when switching from DMA to PIO. There can be extra data in the RX FIFO which triggers this flush code, causing memory corruption in the same manner. I don't know why this data is unexpectedly in the FIFO. It's likely there is a different bug or erratum responsible for that. But regardless of that, I think this is proper fix the for bug at hand here. Fixes: 71abd290 ("spi: imx: Add support for SPI Slave mode") Cc: Jiada Wang <jiada_wang@mentor.com> Cc: Fabio Estevam <festevam@gmail.com> Cc: Stefan Agner <stefan@agner.ch> Cc: Shawn Guo <shawnguo@kernel.org> Signed-off-by: Trent Piepho <tpiepho@impinj.com> Signed-off-by: Mark Brown <broonie@kernel.org>
-
- 11 Mar, 2019 3 commits
-
-
Trent Piepho authored
Add the boolean module parameter "use_dma" to control the use of DMA by the driver. There are about two dozen other drivers with a "use_dma" parameter of some sort. DMA may allow faster and more efficient transfers than using PIO, but it also adds overhead for small transfers. High speed receive operations may be less likely to have issues with FIFO overflow when using DMA than when using PIO. The eCSPI appears to insert a 4 bit pause after each word in DMA mode, not done in PIO mode, which can make DMA transfers 50% slower than PIO. In some cases DMA may be a net win while in others PIO might be. It depends on the application. So allow DMA to be enabled or disabled at the driver level. The default will be to have it enabled when possible. Signed-off-by: Trent Piepho <tpiepho@impinj.com> Signed-off-by: Mark Brown <broonie@kernel.org>
-
Arnd Bergmann authored
Clang-8 evaluates both sides of a ?: expression to check for valid arithmetic even in the side that is never taken. This results in a build warning: drivers/spi/spi-sh-msiof.c:1052:24: error: shift count >= width of type [-Werror,-Wshift-count-overflow] .bits_per_word_mask = SPI_BPW_RANGE_MASK(8, 32), ^~~~~~~~~~~~~~~~~~~~~~~~~ Change the implementation to use the GENMASK() macro that does what we want here but does not have a problem with the shift count overflow. Link: https://bugs.llvm.org/show_bug.cgi?id=38789Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Mark Brown <broonie@kernel.org>
-
Chris Lesiak authored
This fixes a bug for messages containing both zero length and unidirectional xfers. The function spi_map_msg will allocate dummy tx and/or rx buffers for use with unidirectional transfers when the hardware can only do a bidirectional transfer. That dummy buffer will be used in place of a NULL buffer even when the xfer length is 0. Then in the function __spi_map_msg, if he hardware can dma, the zero length xfer will have spi_map_buf called on the dummy buffer. Eventually, __sg_alloc_table is called and returns -EINVAL because nents == 0. This fix prevents the error by not using the dummy buffer when the xfer length is zero. Signed-off-by: Chris Lesiak <chris.lesiak@licor.com> Signed-off-by: Mark Brown <broonie@kernel.org>
-
- 04 Mar, 2019 3 commits
-
-
Mark Brown authored
-
Mark Brown authored
-
Geert Uytterhoeven authored
While the MSIOF variants in older SuperH and SH/R-Mobile SoCs support bits-per-word values in the full range 8..32, the variants present in R-Car Gen2 and Gen3 SoCs are restricted to 8, 16, 24, or 32. Obtain the value from family-specific sh_msiof_chipdata to fix this. Reported-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com> Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be> Reviewed-by: Simon Horman <horms+renesas@verge.net.au> Signed-off-by: Mark Brown <broonie@kernel.org>
-
- 03 Mar, 2019 2 commits
-
-
Linus Torvalds authored
-
git://git.kernel.org/pub/scm/linux/kernel/git/soc/socLinus Torvalds authored
Pull ARM SoC fixes from Arnd Bergmann: "One more set of simple ARM platform fixes: - A boot regression on qualcomm msm8998 - Gemini display controllers got turned off by accident - incorrect reference counting in optee" * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: tee: optee: add missing of_node_put after of_device_is_available arm64: dts: qcom: msm8998: Extend TZ reserved memory area ARM: dts: gemini: Re-enable display controller
-
- 02 Mar, 2019 11 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull x86 fixes from Thomas Gleixner: "Two last minute fixes: - Prevent value evaluation via functions happening in the user access enabled region of __put_user() (put another way: make sure to evaluate the value to be stored in user space _before_ enabling user space accesses) - Correct the definition of a Hyper-V hypercall constant" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/hyper-v: Fix definition of HV_MAX_FLUSH_REP_COUNT x86/uaccess: Don't leak the AC flag into __put_user() value evaluation
-
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsiLinus Torvalds authored
Pull SCSI fixes from James Bottomley: "Nine small fixes. The resume fix is a cosmetic removal of a warning with an incorrect condition causing it to alarm people wrongly. The other eight patches correct a thinko in Christoph Hellwig's DMA conversion series. Without it all these drivers end up with 32 bit DMA masks meaning they bounce any page over 4GB before sending it to the controller. Nowadays, even laptops mostly have memory above 4GB, so this can lead to significant performance degradation with all the bouncing" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: core: Avoid that system resume triggers a kernel warning scsi: hptiop: fix calls to dma_set_mask() scsi: hisi_sas: fix calls to dma_set_mask_and_coherent() scsi: csiostor: fix calls to dma_set_mask_and_coherent() scsi: bfa: fix calls to dma_set_mask_and_coherent() scsi: aic94xx: fix calls to dma_set_mask_and_coherent() scsi: 3w-sas: fix calls to dma_set_mask_and_coherent() scsi: 3w-9xxx: fix calls to dma_set_mask_and_coherent() scsi: lpfc: fix calls to dma_set_mask_and_coherent()
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Pull networking fixes from David Miller: 1) Fix refcount leak in act_ipt during replace, from Davide Caratti. 2) Set task state properly in tun during blocking reads, from Timur Celik. 3) Leaked reference in DSA, from Wen Yang. 4) NULL deref in act_tunnel_key, from Vlad Buslov. 5) cipso_v4_erro can reference the skb IPCB in inappropriate contexts thus referencing garbage, from Nazarov Sergey. 6) Don't accept RTA_VIA and RTA_GATEWAY in contexts where those attributes make no sense. 7) Fix hung sendto in tipc, from Tung Nguyen. 8) Out-of-bounds access in netlabel, from Paul Moore. 9) Grant reference leak in xen-netback, from Igor Druzhinin. 10) Fix tx stalls with lan743x, from Bryan Whitehead. 11) Fix interrupt storm with mv88e6xxx, from Hein Kallweit. 12) Memory leak in sit on device registry failure, from Mao Wenan. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (44 commits) net: sit: fix memory leak in sit_init_net() net: dsa: mv88e6xxx: Fix statistics on mv88e6161 geneve: correctly handle ipv6.disable module parameter net: dsa: mv88e6xxx: prevent interrupt storm caused by mv88e6390x_port_set_cmode bpf: fix sanitation rewrite in case of non-pointers ipv4: Add ICMPv6 support when parse route ipproto MIPS: eBPF: Fix icache flush end address lan743x: Fix TX Stall Issue net: phy: phylink: fix uninitialized variable in phylink_get_mac_state net: aquantia: regression on cpus with high cores: set mode with 8 queues selftests: fixes for UDP GRO bpf: drop refcount if bpf_map_new_fd() fails in map_create() net: dsa: mv88e6xxx: power serdes on/off for 10G interfaces on 6390X net: dsa: mv88e6xxx: Fix u64 statistics xen-netback: don't populate the hash cache on XenBus disconnect xen-netback: fix occasional leak of grant ref mappings under memory pressure sctp: chunk.c: correct format string for size_t in printk net: netem: fix skb length BUG_ON in __skb_to_sgvec netlabel: fix out-of-bounds memory accesses ipv4: Pass original device to ip_rcv_finish_core ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6Linus Torvalds authored
Pull more crypto fixes from Herbert Xu: "This fixes a couple of issues in arm64/chacha that was introduced in 5.0" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: arm64/chacha - fix hchacha_block_neon() for big endian crypto: arm64/chacha - fix chacha_4block_xor_neon() for big endian
-
Mao Wenan authored
If register_netdev() is failed to register sitn->fb_tunnel_dev, it will go to err_reg_dev and forget to free netdev(sitn->fb_tunnel_dev). BUG: memory leak unreferenced object 0xffff888378daad00 (size 512): comm "syz-executor.1", pid 4006, jiffies 4295121142 (age 16.115s) hex dump (first 32 bytes): 00 e6 ed c0 83 88 ff ff 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000d6dcb63e>] kvmalloc include/linux/mm.h:577 [inline] [<00000000d6dcb63e>] kvzalloc include/linux/mm.h:585 [inline] [<00000000d6dcb63e>] netif_alloc_netdev_queues net/core/dev.c:8380 [inline] [<00000000d6dcb63e>] alloc_netdev_mqs+0x600/0xcc0 net/core/dev.c:8970 [<00000000867e172f>] sit_init_net+0x295/0xa40 net/ipv6/sit.c:1848 [<00000000871019fa>] ops_init+0xad/0x3e0 net/core/net_namespace.c:129 [<00000000319507f6>] setup_net+0x2ba/0x690 net/core/net_namespace.c:314 [<0000000087db4f96>] copy_net_ns+0x1dc/0x330 net/core/net_namespace.c:437 [<0000000057efc651>] create_new_namespaces+0x382/0x730 kernel/nsproxy.c:107 [<00000000676f83de>] copy_namespaces+0x2ed/0x3d0 kernel/nsproxy.c:165 [<0000000030b74bac>] copy_process.part.27+0x231e/0x6db0 kernel/fork.c:1919 [<00000000fff78746>] copy_process kernel/fork.c:1713 [inline] [<00000000fff78746>] _do_fork+0x1bc/0xe90 kernel/fork.c:2224 [<000000001c2e0d1c>] do_syscall_64+0xc8/0x580 arch/x86/entry/common.c:290 [<00000000ec48bd44>] entry_SYSCALL_64_after_hwframe+0x49/0xbe [<0000000039acff8a>] 0xffffffffffffffff Signed-off-by: Mao Wenan <maowenan@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Andrew Lunn authored
Despite what the datesheet says, the silicon implements the older way of snapshoting the statistics. Change the op. Reported-by: Chris.Healy@zii.aero Tested-by: Chris.Healy@zii.aero Fixes: 0ac64c39 ("net: dsa: mv88e6xxx: mv88e6161 uses mv88e6320 stats snapshot") Signed-off-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jiri Benc authored
When IPv6 is compiled but disabled at runtime, geneve_sock_add returns -EAFNOSUPPORT. For metadata based tunnels, this causes failure of the whole operation of bringing up the tunnel. Ignore failure of IPv6 socket creation for metadata based tunnels caused by IPv6 not being available. This is the same fix as what commit d074bf96 ("vxlan: correctly handle ipv6.disable module parameter") is doing for vxlan. Note there's also commit c0a47e44 ("geneve: should not call rt6_lookup() when ipv6 was disabled") which fixes a similar issue but for regular tunnels, while this patch is needed for metadata based tunnels. Signed-off-by: Jiri Benc <jbenc@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpfDavid S. Miller authored
Alexei Starovoitov says: ==================== pull-request: bpf 2019-03-01 The following pull-request contains BPF updates for your *net* tree. The main changes are: 1) fix sanitation rewrite, from Daniel. 2) fix error path on map_new_fd, from Peng. 3) fix icache flush address, from Paul. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Heiner Kallweit authored
When debugging another issue I faced an interrupt storm in this driver (88E6390, port 9 in SGMII mode), consisting of alternating link-up / link-down interrupts. Analysis showed that the driver wanted to set a cmode that was set already. But so far mv88e6390x_port_set_cmode() doesn't check this and powers down SERDES, what causes the link to break, and eventually results in the described interrupt storm. Fix this by checking whether the cmode actually changes. We want that the very first call to mv88e6390x_port_set_cmode() always configures the registers, therefore initialize port.cmode with a value that is different from any supported cmode value. We have to take care that we only init the ports cmode once chip->info->num_ports is set. v2: - add small helper and init the number of actual ports only Fixes: 364e9d77 ("net: dsa: mv88e6xxx: Power on/off SERDES on cmode change") Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Daniel Borkmann authored
Marek reported that he saw an issue with the below snippet in that timing measurements where off when loaded as unpriv while results were reasonable when loaded as privileged: [...] uint64_t a = bpf_ktime_get_ns(); uint64_t b = bpf_ktime_get_ns(); uint64_t delta = b - a; if ((int64_t)delta > 0) { [...] Turns out there is a bug where a corner case is missing in the fix d3bd7413 ("bpf: fix sanitation of alu op with pointer / scalar type from different paths"), namely fixup_bpf_calls() only checks whether aux has a non-zero alu_state, but it also needs to test for the case of BPF_ALU_NON_POINTER since in both occasions we need to skip the masking rewrite (as there is nothing to mask). Fixes: d3bd7413 ("bpf: fix sanitation of alu op with pointer / scalar type from different paths") Reported-by: Marek Majkowski <marek@cloudflare.com> Reported-by: Arthur Fabre <afabre@cloudflare.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Link: https://lore.kernel.org/netdev/CAJPywTJqP34cK20iLM5YmUMz9KXQOdu1-+BZrGMAGgLuBWz7fg@mail.gmail.com/T/Acked-by: Song Liu <songliubraving@fb.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org>
-
Hangbin Liu authored
For ip rules, we need to use 'ipproto ipv6-icmp' to match ICMPv6 headers. But for ip -6 route, currently we only support tcp, udp and icmp. Add ICMPv6 support so we can match ipv6-icmp rules for route lookup. v2: As David Ahern and Sabrina Dubroca suggested, Add an argument to rtm_getroute_parse_ip_proto() to handle ICMP/ICMPv6 with different family. Reported-by: Jianlin Shi <jishi@redhat.com> Fixes: eacb9384 ("ipv6: support sport, dport and ip_proto in RTM_GETROUTE") Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 01 Mar, 2019 1 commit
-
-
Paul Burton authored
The MIPS eBPF JIT calls flush_icache_range() in order to ensure the icache observes the code that we just wrote. Unfortunately it gets the end address calculation wrong due to some bad pointer arithmetic. The struct jit_ctx target field is of type pointer to u32, and as such adding one to it will increment the address being pointed to by 4 bytes. Therefore in order to find the address of the end of the code we simply need to add the number of 4 byte instructions emitted, but we mistakenly add the number of instructions multiplied by 4. This results in the call to flush_icache_range() operating on a memory region 4x larger than intended, which is always wasteful and can cause crashes if we overrun into an unmapped page. Fix this by correcting the pointer arithmetic to remove the bogus multiplication, and use braces to remove the need for a set of brackets whilst also making it obvious that the target field is a pointer. Signed-off-by: Paul Burton <paul.burton@mips.com> Fixes: b6bd53f9 ("MIPS: Add missing file for eBPF JIT.") Cc: Alexei Starovoitov <ast@kernel.org> Cc: Daniel Borkmann <daniel@iogearbox.net> Cc: Martin KaFai Lau <kafai@fb.com> Cc: Song Liu <songliubraving@fb.com> Cc: Yonghong Song <yhs@fb.com> Cc: netdev@vger.kernel.org Cc: bpf@vger.kernel.org Cc: linux-mips@vger.kernel.org Cc: stable@vger.kernel.org # v4.13+ Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-