- 07 Sep, 2020 1 commit
-
-
Hoang Huu Le authored
In the commit fdeba99b ("tipc: fix use-after-free in tipc_bcast_get_mode"), we're trying to make sure the tipc_net_finalize_work work item finished if it enqueued. But calling flush_scheduled_work() is not just affecting above work item but either any scheduled work. This has turned out to be overkill and caused to deadlock as syzbot reported: ====================================================== WARNING: possible circular locking dependency detected 5.9.0-rc2-next-20200828-syzkaller #0 Not tainted ------------------------------------------------------ kworker/u4:6/349 is trying to acquire lock: ffff8880aa063d38 ((wq_completion)events){+.+.}-{0:0}, at: flush_workqueue+0xe1/0x13e0 kernel/workqueue.c:2777 but task is already holding lock: ffffffff8a879430 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x9b/0xb10 net/core/net_namespace.c:565 [...] Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(pernet_ops_rwsem); lock(&sb->s_type->i_mutex_key#13); lock(pernet_ops_rwsem); lock((wq_completion)events); *** DEADLOCK *** [...] v1: To fix the original issue, we replace above calling by introducing a bit flag. When a namespace cleaned-up, bit flag is set to zero and: - tipc_net_finalize functionial just does return immediately. - tipc_net_finalize_work does not enqueue into the scheduled work queue. v2: Use cancel_work_sync() helper to make sure ONLY the tipc_net_finalize_work() stopped before releasing bcbase object. Reported-by: syzbot+d5aa7e0385f6a5d0f4fd@syzkaller.appspotmail.com Fixes: fdeba99b ("tipc: fix use-after-free in tipc_bcast_get_mode") Acked-by: Jon Maloy <jmaloy@redhat.com> Signed-off-by: Hoang Huu Le <hoang.h.le@dektech.com.au> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
- 06 Sep, 2020 5 commits
-
-
Christophe JAILLET authored
The wrappers in include/linux/pci-dma-compat.h should go away. The patch has been generated with the coccinelle script below and has been hand modified to replace GFP_ with a correct flag. It has been compile tested. When memory is allocated in 'vnic_dev_classifier()', 'vnic_dev_fw_info()', 'vnic_dev_notify_set()' and 'vnic_dev_stats_dump()' (vnic_dev.c) GFP_ATOMIC must be used because its callers take a spinlock before calling these functions. When memory is allocated in '__enic_set_rsskey()' and 'enic_set_rsscpu()' GFP_ATOMIC must be used because they can be called with a spinlock. The call chain is: enic_reset <-- takes 'enic->enic_api_lock' --> enic_set_rss_nic_cfg --> enic_set_rsskey --> __enic_set_rsskey <-- uses dma_alloc_coherent --> enic_set_rsscpu <-- uses dma_alloc_coherent When memory is allocated in 'vnic_dev_init_prov2()' GFP_ATOMIC must be used because a spinlock is hidden in the ENIC_DEVCMD_PROXY_BY_INDEX macro, when this function is called in 'enic_set_port_profile()'. When memory is allocated in 'vnic_dev_alloc_desc_ring()' GFP_KERNEL can be used because it is only called from 5 functions ('vnic_dev_init_devcmd2()', 'vnic_cq_alloc()', 'vnic_rq_alloc()', 'vnic_wq_alloc()' and 'enic_wq_devcmd2_alloc()'. 'vnic_dev_init_devcmd2()': already uses GFP_KERNEL and no lock is taken in the between. 'enic_wq_devcmd2_alloc()': is called from ' vnic_dev_init_devcmd2()' which already uses GFP_KERNEL and no lock is taken in the between. 'vnic_cq_alloc()', 'vnic_rq_alloc()', 'vnic_wq_alloc()': are called from 'enic_alloc_vnic_resources()' 'enic_alloc_vnic_resources()' has only 2 call chains: 1) enic_probe --> enic_dev_init --> enic_alloc_vnic_resources 'enic_probe()' is a probe function and no lock is taken in the between 2) enic_set_ringparam --> enic_alloc_vnic_resources 'enic_set_ringparam()' is a .set_ringparam function (see struct ethtool_ops). It seems to only take a mutex and no spinlock. So all paths are safe to use GFP_KERNEL. @@ @@ - PCI_DMA_BIDIRECTIONAL + DMA_BIDIRECTIONAL @@ @@ - PCI_DMA_TODEVICE + DMA_TO_DEVICE @@ @@ - PCI_DMA_FROMDEVICE + DMA_FROM_DEVICE @@ @@ - PCI_DMA_NONE + DMA_NONE @@ expression e1, e2, e3; @@ - pci_alloc_consistent(e1, e2, e3) + dma_alloc_coherent(&e1->dev, e2, e3, GFP_) @@ expression e1, e2, e3; @@ - pci_zalloc_consistent(e1, e2, e3) + dma_alloc_coherent(&e1->dev, e2, e3, GFP_) @@ expression e1, e2, e3, e4; @@ - pci_free_consistent(e1, e2, e3, e4) + dma_free_coherent(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4; @@ - pci_map_single(e1, e2, e3, e4) + dma_map_single(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4; @@ - pci_unmap_single(e1, e2, e3, e4) + dma_unmap_single(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4, e5; @@ - pci_map_page(e1, e2, e3, e4, e5) + dma_map_page(&e1->dev, e2, e3, e4, e5) @@ expression e1, e2, e3, e4; @@ - pci_unmap_page(e1, e2, e3, e4) + dma_unmap_page(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4; @@ - pci_map_sg(e1, e2, e3, e4) + dma_map_sg(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4; @@ - pci_unmap_sg(e1, e2, e3, e4) + dma_unmap_sg(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4; @@ - pci_dma_sync_single_for_cpu(e1, e2, e3, e4) + dma_sync_single_for_cpu(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4; @@ - pci_dma_sync_single_for_device(e1, e2, e3, e4) + dma_sync_single_for_device(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4; @@ - pci_dma_sync_sg_for_cpu(e1, e2, e3, e4) + dma_sync_sg_for_cpu(&e1->dev, e2, e3, e4) @@ expression e1, e2, e3, e4; @@ - pci_dma_sync_sg_for_device(e1, e2, e3, e4) + dma_sync_sg_for_device(&e1->dev, e2, e3, e4) @@ expression e1, e2; @@ - pci_dma_mapping_error(e1, e2) + dma_mapping_error(&e1->dev, e2) @@ expression e1, e2; @@ - pci_set_dma_mask(e1, e2) + dma_set_mask(&e1->dev, e2) @@ expression e1, e2; @@ - pci_set_consistent_dma_mask(e1, e2) + dma_set_coherent_mask(&e1->dev, e2) Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Linus Walleij authored
It's nice if the phy is online before we register the netdev so try to do that first. Stop trying to do "second tried" to register the phy, it works perfectly fine the first time. Stop remvoving the phy in uninit. Remove it when the driver is remove():d, symmetric to where it is added, in probe(). Suggested-by: Andrew Lunn <andrew@lunn.ch> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Reported-by: David Miller <davem@davemloft.net> Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Jonathan Neuschäfer authored
Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Linus Walleij authored
This implements the missing MTU setting for the RTL8366RB switch. Apart from supporting jumboframes, this rids us of annoying boot messages like this: realtek-smi switch: nonfatal error -95 setting MTU on port 0 Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Reviewed-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Wang Hai authored
BLOCK_PRIV is never used after it was introduced. So better to remove it. Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Wang Hai <wanghai38@huawei.com> Acked-by: Willem de Bruijn <willemb@google.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
- 05 Sep, 2020 14 commits
-
-
Wang Hai authored
DIGITAL_NFC_DEP_REQ_RES_TAILROOM is never used after it was introduced. DIGITAL_NFC_DEP_REQ_RES_HEADROOM is no more used after below commit e8e7f421 ("NFC: digital: Remove useless call to skb_reserve()") Remove them. Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Wang Hai <wanghai38@huawei.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Wang Hai authored
Remove SRVL_CTRL_PKT_SIZE which is defined more than once. Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Wang Hai <wanghai38@huawei.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Lukas Bulwahn authored
Commit 0da4c3d3 ("net: phy: add Lynx PCS module") added the files in ./drivers/net/pcs/, but the new LYNX PCS MODULE section refers to ./drivers/net/phy/. Hence, ./scripts/get_maintainer.pl --self-test=patterns complains: warning: no file matches F: drivers/net/phy/pcs-lynx.c Repair the LYNX PCS MODULE section by referring to the right location. Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Acked-by: Ioana Ciornei <ioana.ciornei@nxp.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Jakub Kicinski authored
Florian Fainelli says: ==================== net: dsa: bcm_sf2: Ensure MDIO diversion is used Changes in v2: - export of_update_property() to permit building bcm_sf2 as a module - provided a better explanation of the problem being solved after explaining it to Andrew during the v1 review ==================== Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Florian Fainelli authored
Registering our slave MDIO bus outside of the OF infrastructure is necessary in order to avoid creating double references of the same Device Tree nodes, however it is not sufficient to guarantee that the MDIO bus diversion is used because of_phy_connect() will still resolve to a valid PHY phandle and it will connect to the PHY using its parent MDIO bus which is still the SF2 master MDIO bus. The reason for that is because BCM7445 systems were already shipped with a Device Tree blob looking like this (irrelevant parts omitted for simplicity): ports { #address-cells = <1>; #size-cells = <0>; port@1 { phy-mode = "rgmii-txid"; phy-handle = <&phy0>; reg = <1>; label = "rgmii_1"; }; ... mdio@403c0 { ... phy0: ethernet-phy@0 { broken-turn-around; device_type = "ethernet-phy"; max-speed = <0x3e8>; reg = <0>; compatible = "brcm,bcm53125", "ethernet-phy-ieee802.3-c22"; }; }; There is a hardware issue with chip revisions (Dx) that lead to the development of the following commits: 461cd1b0 ("net: dsa: bcm_sf2: Register our slave MDIO bus") 536fab5b ("net: dsa: bcm_sf2: Do not register slave MDIO bus with OF") b8c6cd1d ("net: dsa: bcm_sf2: do not use indirect reads and writes for 7445E0") There should have been an internal MDIO bus node created for the chip revision (Dx) that suffers from this problem, but it did not happen back then. Had that happen, that we should have correctly parented phy@0 (bcm53125 below) as child node of the internal MDIO bus, but the production Device Tree blob that was shipped with the firmware targeted the fixed version of the chip, despite both the affected and corrected chips being shipped into production. The problem is that of_phy_connect() for port@1 will happily resolve the 'phy-handle' from the mdio@403c0 node, which bypasses the diversion completely. This results in this double programming that the diversion refers to and aims to avoid. In order to force of_phy_connect() to fail, and have DSA call to dsa_slave_phy_connect(), we must deactivate ethernet-phy@0 from mdio@403c0, and the best way to do that is by removing the phandle property completely. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Florian Fainelli authored
We will need to remove some OF properties in drivers/net/dsa/bcm_sf2.c with a subsequent commit. Export of_remove_property() to modules so we can keep bcm_sf2 modular and provide an empty stub for when CONFIG_OF is disabled to maintain the ability to compile test. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> Acked-by: Rob Herring <robh@kernel.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Jakub Kicinski authored
Edward Cree says: ==================== sfc: TXQ refactor Refactor and unify partner-TXQ handling in the EF100 and legacy drivers. The main thrust of this series is to remove from the legacy (Siena/EF10) driver the assumption that a netdev TX queue has precisely two hardware TXQs (checksummed and unchecksummed) associated with it, so that in future we can have more (e.g. for handling inner-header checksums) or fewer (e.g. to free up hardware queues for XDP usage). Changes from v1: * better explain patch #1 in the commit message, and rename xmit_more_available to xmit_pending * add new patch #2 applying the same approach to ef100, for consistency ==================== Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Edward Cree authored
All users of this function are now gone. Signed-off-by: Edward Cree <ecree@solarflare.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Edward Cree authored
Use efx_for_each_channel_tx_queue() rather than efx_tx_queue_partner(). Make some related simplifications of efx_nic_tx_is_empty() to remove entry points that aren't used. Signed-off-by: Edward Cree <ecree@solarflare.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Edward Cree authored
Instead of open-coding the calculation with efx_tx_queue_partner(), use the functions that iterate over numbers of queues other than 2 with efx_for_each_channel_tx_queue(). Signed-off-by: Edward Cree <ecree@solarflare.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Edward Cree authored
As in the Siena/EF10 case, it minimises cacheline ping-pong between the TX and completion paths. Signed-off-by: Edward Cree <ecree@solarflare.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Edward Cree authored
This should cause no functional change; merely make there only be one design of xmit_more handling to understand. As with the EF10/Siena version, we set tx_queue->xmit_pending when we queue up a TX, and clear it when we ring the doorbell (in ef100_notify_tx_desc). While we're at it, make ef100_notify_tx_desc static since nothing outside of ef100_tx.c uses it. Signed-off-by: Edward Cree <ecree@solarflare.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Edward Cree authored
Instead of using efx_tx_queue_partner(), which relies on the assumption that tx_queues_per_channel is 2, efx_tx_send_pending() iterates over txqs with efx_for_each_channel_tx_queue(). We unconditionally set tx_queue->xmit_pending (renamed from xmit_more_available), then condition on xmit_more for the call to efx_tx_send_pending(), which will clear xmit_pending. Thus, after an xmit_more TX, the doorbell is un-rung and xmit_pending is true. Signed-off-by: Edward Cree <ecree@solarflare.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski authored
We got slightly different patches removing a double word in a comment in net/ipv4/raw.c - picked the version from net. Simple conflict in drivers/net/ethernet/ibm/ibmvnic.c. Use cached values instead of VNIC login response buffer (following what commit 507ebe64 ("ibmvnic: Fix use-after-free of VNIC login response buffer") did). Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
- 04 Sep, 2020 20 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/s390/linuxLinus Torvalds authored
Pull s390 fixes from Vasily Gorbik: - Fix GENERIC_LOCKBREAK dependency on PREEMPTION in Kconfig broken because of a typo - Update defconfigs * tag 's390-5.9-5' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390: update defconfigs s390: fix GENERIC_LOCKBREAK dependency typo in Kconfig
-
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linuxLinus Torvalds authored
Pull arm64 fixes from Catalin Marinas: - Fix the loading of modules built with binutils-2.35. This version produces writable and executable .text.ftrace_trampoline section which is rejected by the kernel. - Remove the exporting of cpu_logical_map() as the Tegra driver has now been fixed and no longer uses this function. * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64/module: set trampoline section flags regardless of CONFIG_DYNAMIC_FTRACE arm64: Remove exporting cpu_logical_map symbol
-
git://git.kernel.org/pub/scm/linux/kernel/git/mips/linuxLinus Torvalds authored
Pull MIPS fixes from Thomas Bogendoerfer: "A few MIPS fixes: - fallthrough fallout fix - BMIPS fixes - MSA fix to avoid leaking MSA register contents - Loongson perf and cpu feature fix - SNI interrupt fix" * tag 'mips_fixes_5.9_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux: MIPS: SNI: Fix SCSI interrupt MIPS: add missing MSACSR and upper MSA initialization MIPS: perf: Fix wrong check condition of Loongson event IDs mips/oprofile: Fix fallthrough placement MIPS: Loongson64: Remove unnecessary inclusion of boot_param.h MIPS: BMIPS: Also call bmips_cpu_setup() for secondary cores MIPS: mm: BMIPS5000 has inclusive physical caches MIPS: Loongson64: Do not override watch and ejtag feature
-
Linus Torvalds authored
Merge tag 'kbuild-fixes-v5.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild Pull Kbuild fixes from Masahiro Yamada: - fix documents - fix warning in 'make localmodconfig' * tag 'kbuild-fixes-v5.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: kconfig: remove redundant assignment prompt = prompt kbuild: Documentation: clean up makefiles.rst kconfig: streamline_config.pl: check defined(ENV variable) before using it Documentation/llvm: Improve formatting of commands, variables, and arguments
-
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pmLinus Torvalds authored
Pull power management fixes from Rafael Wysocki: "These fix reference counting in the operating performance points (OPP) framework and address a few intel_pstate driver issues, mostly related to switching driver operation modes and similar with hardware-managed P-states (HWP) enabled. Specifics: - Fix reference counting of operating performance points (OPP) tables (Viresh Kumar). - Address intel_pstate driver interface issues, mostly related to switching operation modes and handling CPU offline and online and system-wide suspend/resume with hardware-managed P-states (HWP) enabled (Rafael Wysocki). - Fix the maximum frequency computation in the intel_pstate driver with turbo P-states disabled by the platform firmware and HWP enabled (Francisco Jerez)" * tag 'pm-5.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: cpufreq: intel_pstate: Fix intel_pstate_get_hwp_max() for turbo disabled cpufreq: intel_pstate: Free memory only when turning off cpufreq: intel_pstate: Add ->offline and ->online callbacks cpufreq: intel_pstate: Tweak the EPP sysfs interface cpufreq: intel_pstate: Update cached EPP in the active mode cpufreq: intel_pstate: Refuse to turn off with HWP enabled opp: Don't drop reference for an OPP table that was never parsed
-
git://git.kernel.dk/linux-blockLinus Torvalds authored
Pull libata fixes from Jens Axboe: - improve Sandisks ATA_HORKAGE on NCQ (Tejun) - link printk cleanup (Xu) * tag 'libata-5.9-2020-09-04' of git://git.kernel.dk/linux-block: libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks ata: ahci: use ata_link_info() instead of ata_link_printk()
-
git://git.kernel.dk/linux-blockLinus Torvalds authored
Pull block fixes from Jens Axboe: "A bit larger than usual this week, mostly due to the NVMe fixes arriving late for -rc3 and hence didn't make last weeks pull request. - NVMe: - instance leak and io boundary fixes from Keith - fc locking fix from Christophe - various tcp/rdma reset during traffic fixes from Sagi - pci use-after-free fix from Tong - tcp target null deref fix from Ziye - Locking fix for partition removal (Christoph) - Ensure bdi->io_pages is always set (me) - Fixup for hd struct reference (Ming) - Fix for zero length bvecs (Ming) - Two small blk-iocost fixes (Tejun)" * tag 'block-5.9-2020-09-04' of git://git.kernel.dk/linux-block: block: allow for_each_bvec to support zero len bvec blk-stat: make q->stats->lock irqsafe blk-iocost: ioc_pd_free() shouldn't assume irq disabled block: fix locking in bdev_del_partition block: release disk reference in hd_struct_free_work block: ensure bdi->io_pages is always initialized nvme-pci: cancel nvme device request before disabling nvme: only use power of two io boundaries nvme: fix controller instance leak nvmet-fc: Fix a missed _irqsave version of spin_lock in 'nvmet_fc_fod_op_done()' nvme: Fix NULL dereference for pci nvme controllers nvme-rdma: fix reset hang if controller died in the middle of a reset nvme-rdma: fix timeout handler nvme-rdma: serialize controller teardown sequences nvme-tcp: fix reset hang if controller died in the middle of a reset nvme-tcp: fix timeout handler nvme-tcp: serialize controller teardown sequences nvme: have nvme_wait_freeze_timeout return if it timed out nvme-fabrics: don't check state NVME_CTRL_NEW for request acceptance nvmet-tcp: Fix NULL dereference when a connect data comes in h2cdata pdu
-
git://git.kernel.dk/linux-blockLinus Torvalds authored
Pull io_uring fixes from Jens Axboe: - EAGAIN with O_NONBLOCK retry fix - Two small fixes for registered files (Jiufei) * tag 'io_uring-5.9-2020-09-04' of git://git.kernel.dk/linux-block: io_uring: no read/write-retry on -EAGAIN error and O_NONBLOCK marked file io_uring: set table->files[i] to NULL when io_sqe_file_register failed io_uring: fix removing the wrong file in __io_sqe_files_update()
-
git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linuxLinus Torvalds authored
Pull thermal fixes from Daniel Lezcano: - Fix bogus thermal shutdowns for omap4430 where bogus values resulting from an incorrect ADC conversion are too high and fire an emergency shutdown (Tony Lindgren) - Don't suppress negative temp for qcom spmi as they are valid and userspace needs them (Veera Vegivada) - Fix use-after-free in thermal_zone_device_unregister reported by Kasan (Dmitry Osipenko) * tag 'thermal-v5.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux: thermal: core: Fix use-after-free in thermal_zone_device_unregister() thermal: qcom-spmi-temp-alarm: Don't suppress negative temp thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430
-
git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengineLinus Torvalds authored
Pull dmaengine fixes from Vinod Koul: "A couple of core fixes and odd driver fixes for dmaengine subsystem: Core: - drop ACPI CSRT table reference after using it - fix of_dma_router_xlate() error handling Drivers fixes in idxd, at_hdmac, pl330, dw-edma and jz478" * tag 'dmaengine-fix-5.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine: dmaengine: ti: k3-udma: Update rchan_oes_offset for am654 SYSFW ABI 3.0 drivers/dma/dma-jz4780: Fix race condition between probe and irq handler dmaengine: dw-edma: Fix scatter-gather address calculation dmaengine: ti: k3-udma: Fix the TR initialization for prep_slave_sg dmaengine: pl330: Fix burst length if burst size is smaller than bus width dmaengine: at_hdmac: add missing kfree() call in at_dma_xlate() dmaengine: at_hdmac: add missing put_device() call in at_dma_xlate() dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling dmaengine: idxd: reset states after device disable or reset dmaengine: acpi: Put the CSRT table after using it
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/soundLinus Torvalds authored
Pull sound fixes from Takashi Iwai: "A collection of small changes, nothing intrusive: - remaining tasklet API conversions, now all sound stuff have been converted - a few HD-audio and USB-audio quirks and minor fixes - FireWire Tascam and Digi00xx fixes - drop a kernel WARNING from PCM OSS for syzkaller" * tag 'sound-5.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (29 commits) ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen ALSA: hda: use consistent HDAudio spelling in comments/docs ALSA: hda: add dev_dbg log when driver is not selected ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled ALSA: hda: hdmi - add Rocketlake support ALSA: ua101: convert tasklets to use new tasklet_setup() API ALSA: usb-audio: convert tasklets to use new tasklet_setup() API ASoC: txx9: convert tasklets to use new tasklet_setup() API ASoC: siu: convert tasklets to use new tasklet_setup() API ASoC: fsl_esai: convert tasklets to use new tasklet_setup() API ALSA: hdsp: convert tasklets to use new tasklet_setup() API ALSA: riptide: convert tasklets to use new tasklet_setup() API ALSA: pci/asihpi: convert tasklets to use new tasklet_setup() API ALSA: firewire: convert tasklets to use new tasklet_setup() API ALSA: core: convert tasklets to use new tasklet_setup() API ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO ALSA: hda/hdmi: always check pin power status in i915 pin fixup ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A ALSA: usb-audio: Add basic capture support for Pioneer DJ DJM-250MK2 ...
-
git://anongit.freedesktop.org/drm/drmLinus Torvalds authored
Pull drm fixes from Dave Airlie: "Not much going on this week, nouveau has a display hw bug workaround, amdgpu has some PM fixes and CIK regression fixes, one single radeon PLL fix, and a couple of i915 display fixes. amdgpu: - Fix for 32bit systems - SW CTF fix - Update for Sienna Cichlid - CIK bug fixes radeon: - PLL fix i915: - Clang build warning fix - HDCP fixes nouveau: - display fixes" * tag 'drm-fixes-2020-09-04' of git://anongit.freedesktop.org/drm/drm: drm/nouveau/kms/nv50-gp1xx: add WAR for EVO push buffer HW bug drm/nouveau/kms/nv50-gp1xx: disable notifies again after core update drm/nouveau/kms/nv50-: add some whitespace before debug message drm/nouveau/kms/gv100-: Include correct push header in crcc37d.c drm/radeon: Prefer lower feedback dividers drm/amdgpu: Fix bug in reporting voltage for CIK drm/amdgpu: Specify get_argument function for ci_smu_funcs drm/amd/pm: enable MP0 DPM for sienna_cichlid drm/amd/pm: avoid false alarm due to confusing softwareshutdowntemp setting drm/amd/pm: fix is_dpm_running() run error on 32bit system drm/i915: Clear the repeater bit on HDCP disable drm/i915: Fix sha_text population code drm/i915/display: Ensure that ret is always initialized in icl_combo_phy_verify_state
-
Or Cohen authored
Using tp_reserve to calculate netoff can overflow as tp_reserve is unsigned int and netoff is unsigned short. This may lead to macoff receving a smaller value then sizeof(struct virtio_net_hdr), and if po->has_vnet_hdr is set, an out-of-bounds write will occur when calling virtio_net_hdr_from_skb. The bug is fixed by converting netoff to unsigned int and checking if it exceeds USHRT_MAX. This addresses CVE-2020-14386 Fixes: 8913336a ("packet: add PACKET_RESERVE sockopt") Signed-off-by: Or Cohen <orcohen@paloaltonetworks.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Linus Torvalds authored
Merge emailed patches from Peter Xu: "This is a small series that I picked up from Linus's suggestion to simplify cow handling (and also make it more strict) by checking against page refcounts rather than mapcounts. This makes uffd-wp work again (verified by running upmapsort)" Note: this is horrendously bad timing, and making this kind of fundamental vm change after -rc3 is not at all how things should work. The saving grace is that it really is a a nice simplification: 8 files changed, 29 insertions(+), 120 deletions(-) The reason for the bad timing is that it turns out that commit 17839856 ("gup: document and work around 'COW can break either way' issue" broke not just UFFD functionality (as Peter noticed), but Mikulas Patocka also reports that it caused issues for strace when running in a DAX environment with ext4 on a persistent memory setup. And we can't just revert that commit without re-introducing the original issue that is a potential security hole, so making COW stricter (and in the process much simpler) is a step to then undoing the forced COW that broke other uses. Link: https://lore.kernel.org/lkml/alpine.LRH.2.02.2009031328040.6929@file01.intranet.prod.int.rdu2.redhat.com/ * emailed patches from Peter Xu <peterx@redhat.com>: mm: Add PGREUSE counter mm/gup: Remove enfornced COW mechanism mm/ksm: Remove reuse_ksm_page() mm: do_wp_page() simplification
-
Rafael J. Wysocki authored
* pm-cpufreq: cpufreq: intel_pstate: Fix intel_pstate_get_hwp_max() for turbo disabled cpufreq: intel_pstate: Free memory only when turning off cpufreq: intel_pstate: Add ->offline and ->online callbacks cpufreq: intel_pstate: Tweak the EPP sysfs interface cpufreq: intel_pstate: Update cached EPP in the active mode cpufreq: intel_pstate: Refuse to turn off with HWP enabled
-
Peter Xu authored
This accounts for wp_page_reuse() case, where we reused a page for COW. Signed-off-by: Peter Xu <peterx@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Peter Xu authored
With the more strict (but greatly simplified) page reuse logic in do_wp_page(), we can safely go back to the world where cow is not enforced with writes. This essentially reverts commit 17839856 ("gup: document and work around 'COW can break either way' issue"). There are some context differences due to some changes later on around it: 2170ecfa ("drm/i915: convert get_user_pages() --> pin_user_pages()", 2020-06-03) 376a34ef ("mm/gup: refactor and de-duplicate gup_fast() code", 2020-06-03) Some lines moved back and forth with those, but this revert patch should have striped out and covered all the enforced cow bits anyways. Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Peter Xu <peterx@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Peter Xu authored
Remove the function as the last reference has gone away with the do_wp_page() changes. Signed-off-by: Peter Xu <peterx@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Linus Torvalds authored
How about we just make sure we're the only possible valid user fo the page before we bother to reuse it? Simplify, simplify, simplify. And get rid of the nasty serialization on the page lock at the same time. [peterx: add subject prefix] Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Peter Xu <peterx@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Leon Romanovsky authored
GCOV built with GCC 10 doesn't initialize n_function variable. This produces different kernel panics as was seen by Colin in Ubuntu and me in FC 32. As a workaround, let's disable GCOV build for broken GCC 10 version. Link: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1891288 Link: https://lore.kernel.org/lkml/20200827133932.3338519-1-leon@kernel.org Link: https://lore.kernel.org/lkml/CAHk-=whbijeSdSvx-Xcr0DPMj0BiwhJ+uiNnDSVZcr_h_kg7UA@mail.gmail.com/ Cc: Colin Ian King <colin.king@canonical.com> Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-