1. 11 Jul, 2020 6 commits
    • Linus Torvalds's avatar
      Merge tag 'for-linus-5.8b-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · 0aea6d5c
      Linus Torvalds authored
      Pull xen fix from Juergen Gross:
       "Just one fix of a recent patch (double free in an error path)"
      
      * tag 'for-linus-5.8b-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        xen/xenbus: Fix a double free in xenbus_map_ring_pv()
      0aea6d5c
    • Linus Torvalds's avatar
      Merge tag 'powerpc-5.8-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · 997c4431
      Linus Torvalds authored
      Pull powerpc fix from Michael Ellerman:
       "One fix for a crash/soft lockup on Power8, caused by the exception
        rework we did in v5.7.
      
        Thanks to Paul Menzel and Nicholas Piggin"
      
      * tag 'powerpc-5.8-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/64s/exception: Fix 0x1500 interrupt handler crash
      997c4431
    • Linus Torvalds's avatar
      Merge tag 'libnvdimm-fix-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm · 1df0d896
      Linus Torvalds authored
      Pull libnvdimm fix from Dan Williams:
       "A one-line Fix for key ring search permissions to address a regression
        from -rc1"
      
      * tag 'libnvdimm-fix-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
        libnvdimm/security: Fix key lookup permissions
      1df0d896
    • Linus Torvalds's avatar
      Merge tag '5.8-rc4-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 · 5ab39e08
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "Four cifs/smb3 fixes: the three for stable fix problems found recently
        with change notification including a reference count leak"
      
      * tag '5.8-rc4-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: update internal module version number
        cifs: fix reference leak for tlink
        smb3: fix unneeded error message on change notify
        cifs: remove the retry in cifs_poxis_lock_set
        smb3: fix access denied on change notify request to some servers
      5ab39e08
    • Linus Torvalds's avatar
      Merge tag 'inclusive-terminology' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/linux · 49decddd
      Linus Torvalds authored
      Pull coding style terminology documentation from Dan Williams:
       "The discussion has tapered off as well as the incoming ack, review,
        and sign-off tags. I did not see a reason to wait for the next merge
        window"
      
      * tag 'inclusive-terminology' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/linux:
        CodingStyle: Inclusive Terminology
      49decddd
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 5a764898
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Restore previous behavior of CAP_SYS_ADMIN wrt loading networking
          BPF programs, from Maciej Żenczykowski.
      
       2) Fix dropped broadcasts in mac80211 code, from Seevalamuthu
          Mariappan.
      
       3) Slay memory leak in nl80211 bss color attribute parsing code, from
          Luca Coelho.
      
       4) Get route from skb properly in ip_route_use_hint(), from Miaohe Lin.
      
       5) Don't allow anything other than ARPHRD_ETHER in llc code, from Eric
          Dumazet.
      
       6) xsk code dips too deeply into DMA mapping implementation internals.
          Add dma_need_sync and use it. From Christoph Hellwig
      
       7) Enforce power-of-2 for BPF ringbuf sizes. From Andrii Nakryiko.
      
       8) Check for disallowed attributes when loading flow dissector BPF
          programs. From Lorenz Bauer.
      
       9) Correct packet injection to L3 tunnel devices via AF_PACKET, from
          Jason A. Donenfeld.
      
      10) Don't advertise checksum offload on ipa devices that don't support
          it. From Alex Elder.
      
      11) Resolve several issues in TCP MD5 signature support. Missing memory
          barriers, bogus options emitted when using syncookies, and failure
          to allow md5 key changes in established states. All from Eric
          Dumazet.
      
      12) Fix interface leak in hsr code, from Taehee Yoo.
      
      13) VF reset fixes in hns3 driver, from Huazhong Tan.
      
      14) Make loopback work again with ipv6 anycast, from David Ahern.
      
      15) Fix TX starvation under high load in fec driver, from Tobias
          Waldekranz.
      
      16) MLD2 payload lengths not checked properly in bridge multicast code,
          from Linus Lüssing.
      
      17) Packet scheduler code that wants to find the inner protocol
          currently only works for one level of VLAN encapsulation. Allow
          Q-in-Q situations to work properly here, from Toke
          Høiland-Jørgensen.
      
      18) Fix route leak in l2tp, from Xin Long.
      
      19) Resolve conflict between the sk->sk_user_data usage of bpf reuseport
          support and various protocols. From Martin KaFai Lau.
      
      20) Fix socket cgroup v2 reference counting in some situations, from
          Cong Wang.
      
      21) Cure memory leak in mlx5 connection tracking offload support, from
          Eli Britstein.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (146 commits)
        mlxsw: pci: Fix use-after-free in case of failed devlink reload
        mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON()
        net: macb: fix call to pm_runtime in the suspend/resume functions
        net: macb: fix macb_suspend() by removing call to netif_carrier_off()
        net: macb: fix macb_get/set_wol() when moving to phylink
        net: macb: mark device wake capable when "magic-packet" property present
        net: macb: fix wakeup test in runtime suspend/resume routines
        bnxt_en: fix NULL dereference in case SR-IOV configuration fails
        libbpf: Fix libbpf hashmap on (I)LP32 architectures
        net/mlx5e: CT: Fix memory leak in cleanup
        net/mlx5e: Fix port buffers cell size value
        net/mlx5e: Fix 50G per lane indication
        net/mlx5e: Fix CPU mapping after function reload to avoid aRFS RX crash
        net/mlx5e: Fix VXLAN configuration restore after function reload
        net/mlx5e: Fix usage of rcu-protected pointer
        net/mxl5e: Verify that rpriv is not NULL
        net/mlx5: E-Switch, Fix vlan or qos setting in legacy mode
        net/mlx5: Fix eeprom support for SFP module
        cgroup: Fix sock_cgroup_data on big-endian.
        selftests: bpf: Fix detach from sockmap tests
        ...
      5a764898
  2. 10 Jul, 2020 34 commits
    • Nathan Chancellor's avatar
      mips: Remove compiler check in unroll macro · 9321f1aa
      Nathan Chancellor authored
      CONFIG_CC_IS_GCC is undefined when Clang is used, which breaks the build
      (see our Travis link below).
      
      Clang 8 was chosen as a minimum version for this check because there
      were some improvements around __builtin_constant_p in that release. In
      reality, MIPS was not even buildable until clang 9 so that check was not
      technically necessary. Just remove all compiler checks and just assume
      that we have a working compiler.
      
      Fixes: d4e60453 ("Restore gcc check in mips asm/unroll.h")
      Link: https://travis-ci.com/github/ClangBuiltLinux/continuous-integration/jobs/359642821Signed-off-by: default avatarNathan Chancellor <natechancellor@gmail.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9321f1aa
    • David S. Miller's avatar
      Merge branch 'mlxsw-Various-fixes' · 1195c7ce
      David S. Miller authored
      Ido Schimmel says:
      
      ====================
      mlxsw: Various fixes
      
      Fix two issues found by syzkaller.
      
      Patch #1 removes inappropriate usage of WARN_ON() following memory
      allocation failure. Constantly triggered when syzkaller injects faults.
      
      Patch #2 fixes a use-after-free that can be triggered by 'devlink dev
      info' following a failed devlink reload.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1195c7ce
    • Ido Schimmel's avatar
      mlxsw: pci: Fix use-after-free in case of failed devlink reload · c4317b11
      Ido Schimmel authored
      In case devlink reload failed, it is possible to trigger a
      use-after-free when querying the kernel for device info via 'devlink dev
      info' [1].
      
      This happens because as part of the reload error path the PCI command
      interface is de-initialized and its mailboxes are freed. When the
      devlink '->info_get()' callback is invoked the device is queried via the
      command interface and the freed mailboxes are accessed.
      
      Fix this by initializing the command interface once during probe and not
      during every reload.
      
      This is consistent with the other bus used by mlxsw (i.e., 'mlxsw_i2c')
      and also allows user space to query the running firmware version (for
      example) from the device after a failed reload.
      
      [1]
      BUG: KASAN: use-after-free in memcpy include/linux/string.h:406 [inline]
      BUG: KASAN: use-after-free in mlxsw_pci_cmd_exec+0x177/0xa60 drivers/net/ethernet/mellanox/mlxsw/pci.c:1675
      Write of size 4096 at addr ffff88810ae32000 by task syz-executor.1/2355
      
      CPU: 1 PID: 2355 Comm: syz-executor.1 Not tainted 5.8.0-rc2+ #29
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014
      Call Trace:
       __dump_stack lib/dump_stack.c:77 [inline]
       dump_stack+0xf6/0x16e lib/dump_stack.c:118
       print_address_description.constprop.0+0x1c/0x250 mm/kasan/report.c:383
       __kasan_report mm/kasan/report.c:513 [inline]
       kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530
       check_memory_region_inline mm/kasan/generic.c:186 [inline]
       check_memory_region+0x14e/0x1b0 mm/kasan/generic.c:192
       memcpy+0x39/0x60 mm/kasan/common.c:106
       memcpy include/linux/string.h:406 [inline]
       mlxsw_pci_cmd_exec+0x177/0xa60 drivers/net/ethernet/mellanox/mlxsw/pci.c:1675
       mlxsw_cmd_exec+0x249/0x550 drivers/net/ethernet/mellanox/mlxsw/core.c:2335
       mlxsw_cmd_access_reg drivers/net/ethernet/mellanox/mlxsw/cmd.h:859 [inline]
       mlxsw_core_reg_access_cmd drivers/net/ethernet/mellanox/mlxsw/core.c:1938 [inline]
       mlxsw_core_reg_access+0x2f6/0x540 drivers/net/ethernet/mellanox/mlxsw/core.c:1985
       mlxsw_reg_query drivers/net/ethernet/mellanox/mlxsw/core.c:2000 [inline]
       mlxsw_devlink_info_get+0x17f/0x6e0 drivers/net/ethernet/mellanox/mlxsw/core.c:1090
       devlink_nl_info_fill.constprop.0+0x13c/0x2d0 net/core/devlink.c:4588
       devlink_nl_cmd_info_get_dumpit+0x246/0x460 net/core/devlink.c:4648
       genl_lock_dumpit+0x85/0xc0 net/netlink/genetlink.c:575
       netlink_dump+0x515/0xe50 net/netlink/af_netlink.c:2245
       __netlink_dump_start+0x53d/0x830 net/netlink/af_netlink.c:2353
       genl_family_rcv_msg_dumpit.isra.0+0x296/0x300 net/netlink/genetlink.c:638
       genl_family_rcv_msg net/netlink/genetlink.c:733 [inline]
       genl_rcv_msg+0x78d/0x9d0 net/netlink/genetlink.c:753
       netlink_rcv_skb+0x152/0x440 net/netlink/af_netlink.c:2469
       genl_rcv+0x24/0x40 net/netlink/genetlink.c:764
       netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
       netlink_unicast+0x53a/0x750 net/netlink/af_netlink.c:1329
       netlink_sendmsg+0x850/0xd90 net/netlink/af_netlink.c:1918
       sock_sendmsg_nosec net/socket.c:652 [inline]
       sock_sendmsg+0x150/0x190 net/socket.c:672
       ____sys_sendmsg+0x6d8/0x840 net/socket.c:2363
       ___sys_sendmsg+0xff/0x170 net/socket.c:2417
       __sys_sendmsg+0xe5/0x1b0 net/socket.c:2450
       do_syscall_64+0x56/0xa0 arch/x86/entry/common.c:359
       entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      Fixes: a9c8336f ("mlxsw: core: Add support for devlink info command")
      Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Reviewed-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c4317b11
    • Ido Schimmel's avatar
      mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() · d9d54202
      Ido Schimmel authored
      We should not trigger a warning when a memory allocation fails. Remove
      the WARN_ON().
      
      The warning is constantly triggered by syzkaller when it is injecting
      faults:
      
      [ 2230.758664] FAULT_INJECTION: forcing a failure.
      [ 2230.758664] name failslab, interval 1, probability 0, space 0, times 0
      [ 2230.762329] CPU: 3 PID: 1407 Comm: syz-executor.0 Not tainted 5.8.0-rc2+ #28
      ...
      [ 2230.898175] WARNING: CPU: 3 PID: 1407 at drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c:6265 mlxsw_sp_router_fib_event+0xfad/0x13e0
      [ 2230.898179] Kernel panic - not syncing: panic_on_warn set ...
      [ 2230.898183] CPU: 3 PID: 1407 Comm: syz-executor.0 Not tainted 5.8.0-rc2+ #28
      [ 2230.898190] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014
      
      Fixes: 3057224e ("mlxsw: spectrum_router: Implement FIB offload in deferred work")
      Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Reviewed-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d9d54202
    • David S. Miller's avatar
      Merge branch 'macb-WOL-fixes' · f9f41e3d
      David S. Miller authored
      Nicolas Ferre says:
      
      ====================
      net: macb: Wake-on-Lan magic packet fixes and GEM handling
      
      Here is a split series to fix WoL magic-packet on the current macb driver. Only
      fixes in this one based on current net/master.
      
      Changes in v5:
      - Addressed the error code returned by phylink_ethtool_set_wol() as suggested
        by Russell.
        If PHY handles WoL, MAC doesn't stay in the way.
      - Removed Florian's tag on 3/5 because of the above changes.
      - Correct the "Fixes" tag on 1/5.
      
      Changes in v4:
      - Pure bug fix series for 'net'. GEM addition and MACB update removed: will be
        sent later.
      
      Changes in v3:
      - Revert some of the v2 changes done in macb_resume(). Now the resume function
        supports in-depth re-configuration of the controller in order to deal with
        deeper sleep states. Basically as it was before changes introduced by this
        series
      - Tested for non-regression with our deeper Power Management mode which cuts
        power to the controller completely
      
      Changes in v2:
      - Add patch 4/7 ("net: macb: fix macb_suspend() by removing call to netif_carrier_off()")
        needed for keeping phy state consistent
      - Add patch 5/7 ("net: macb: fix call to pm_runtime in the suspend/resume functions") that prevent
        putting the macb in runtime pm suspend mode when WoL is used
      - Collect review tags on 3 first patches from Florian: Thanks!
      - Review of macb_resume() function
      - Addition of pm_wakeup_event() in both MACB and GEM WoL IRQ handlers
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f9f41e3d
    • Nicolas Ferre's avatar
      net: macb: fix call to pm_runtime in the suspend/resume functions · 6c8f85ca
      Nicolas Ferre authored
      The calls to pm_runtime_force_suspend/resume() functions are only
      relevant if the device is not configured to act as a WoL wakeup source.
      Add the device_may_wakeup() test before calling them.
      
      Fixes: 3e2a5e15 ("net: macb: add wake-on-lan support via magic packet")
      Cc: Claudiu Beznea <claudiu.beznea@microchip.com>
      Cc: Harini Katakam <harini.katakam@xilinx.com>
      Cc: Sergio Prado <sergio.prado@e-labworks.com>
      Reviewed-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarNicolas Ferre <nicolas.ferre@microchip.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6c8f85ca
    • Nicolas Ferre's avatar
      net: macb: fix macb_suspend() by removing call to netif_carrier_off() · 64febc5e
      Nicolas Ferre authored
      As we now use the phylink call to phylink_stop() in the non-WoL path,
      there is no need for this call to netif_carrier_off() anymore. It can
      disturb the underlying phylink FSM.
      
      Fixes: 7897b071 ("net: macb: convert to phylink")
      Cc: Claudiu Beznea <claudiu.beznea@microchip.com>
      Cc: Harini Katakam <harini.katakam@xilinx.com>
      Cc: Antoine Tenart <antoine.tenart@bootlin.com>
      Reviewed-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarNicolas Ferre <nicolas.ferre@microchip.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      64febc5e
    • Nicolas Ferre's avatar
      net: macb: fix macb_get/set_wol() when moving to phylink · 253fe094
      Nicolas Ferre authored
      Keep previous function goals and integrate phylink actions to them.
      
      phylink_ethtool_get_wol() is not enough to figure out if Ethernet driver
      supports Wake-on-Lan.
      Initialization of "supported" and "wolopts" members is done in phylink
      function, no need to keep them in calling function.
      
      phylink_ethtool_set_wol() return value is considered and determines
      if the MAC has to handle WoL or not. The case where the PHY doesn't
      implement WoL leads to the MAC configuring it to provide this feature.
      
      Fixes: 7897b071 ("net: macb: convert to phylink")
      Cc: Claudiu Beznea <claudiu.beznea@microchip.com>
      Cc: Harini Katakam <harini.katakam@xilinx.com>
      Cc: Antoine Tenart <antoine.tenart@bootlin.com>
      Cc: Florian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarNicolas Ferre <nicolas.ferre@microchip.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      253fe094
    • Nicolas Ferre's avatar
      net: macb: mark device wake capable when "magic-packet" property present · ced4799d
      Nicolas Ferre authored
      Change the way the "magic-packet" DT property is handled in the
      macb_probe() function, matching DT binding documentation.
      Now we mark the device as "wakeup capable" instead of calling the
      device_init_wakeup() function that would enable the wakeup source.
      
      For Ethernet WoL, enabling the wakeup_source is done by
      using ethtool and associated macb_set_wol() function that
      already calls device_set_wakeup_enable() for this purpose.
      
      That would reduce power consumption by cutting more clocks if
      "magic-packet" property is set but WoL is not configured by ethtool.
      
      Fixes: 3e2a5e15 ("net: macb: add wake-on-lan support via magic packet")
      Cc: Claudiu Beznea <claudiu.beznea@microchip.com>
      Cc: Harini Katakam <harini.katakam@xilinx.com>
      Cc: Sergio Prado <sergio.prado@e-labworks.com>
      Reviewed-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarNicolas Ferre <nicolas.ferre@microchip.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ced4799d
    • Nicolas Ferre's avatar
      net: macb: fix wakeup test in runtime suspend/resume routines · 515a10a7
      Nicolas Ferre authored
      Use the proper struct device pointer to check if the wakeup flag
      and wakeup source are positioned.
      Use the one passed by function call which is equivalent to
      &bp->dev->dev.parent.
      
      It's preventing the trigger of a spurious interrupt in case the
      Wake-on-Lan feature is used.
      
      Fixes: d54f89af ("net: macb: Add pm runtime support")
      Cc: Claudiu Beznea <claudiu.beznea@microchip.com>
      Cc: Harini Katakam <harini.katakam@xilinx.com>
      Reviewed-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarNicolas Ferre <nicolas.ferre@microchip.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      515a10a7
    • Davide Caratti's avatar
      bnxt_en: fix NULL dereference in case SR-IOV configuration fails · c8b1d743
      Davide Caratti authored
      we need to set 'active_vfs' back to 0, if something goes wrong during the
      allocation of SR-IOV resources: otherwise, further VF configurations will
      wrongly assume that bp->pf.vf[x] are valid memory locations, and commands
      like the ones in the following sequence:
      
       # echo 2 >/sys/bus/pci/devices/${ADDR}/sriov_numvfs
       # ip link set dev ens1f0np0 up
       # ip link set dev ens1f0np0 vf 0 trust on
      
      will cause a kernel crash similar to this:
      
       bnxt_en 0000:3b:00.0: not enough MMIO resources for SR-IOV
       BUG: kernel NULL pointer dereference, address: 0000000000000014
       #PF: supervisor read access in kernel mode
       #PF: error_code(0x0000) - not-present page
       PGD 0 P4D 0
       Oops: 0000 [#1] SMP PTI
       CPU: 43 PID: 2059 Comm: ip Tainted: G          I       5.8.0-rc2.upstream+ #871
       Hardware name: Dell Inc. PowerEdge R740/08D89F, BIOS 2.2.11 06/13/2019
       RIP: 0010:bnxt_set_vf_trust+0x5b/0x110 [bnxt_en]
       Code: 44 24 58 31 c0 e8 f5 fb ff ff 85 c0 0f 85 b6 00 00 00 48 8d 1c 5b 41 89 c6 b9 0b 00 00 00 48 c1 e3 04 49 03 9c 24 f0 0e 00 00 <8b> 43 14 89 c2 83 c8 10 83 e2 ef 45 84 ed 49 89 e5 0f 44 c2 4c 89
       RSP: 0018:ffffac6246a1f570 EFLAGS: 00010246
       RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000b
       RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff98b28f538900
       RBP: ffff98b28f538900 R08: 0000000000000000 R09: 0000000000000008
       R10: ffffffffb9515be0 R11: ffffac6246a1f678 R12: ffff98b28f538000
       R13: 0000000000000001 R14: 0000000000000000 R15: ffffffffc05451e0
       FS:  00007fde0f688800(0000) GS:ffff98baffd40000(0000) knlGS:0000000000000000
       CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
       CR2: 0000000000000014 CR3: 000000104bb0a003 CR4: 00000000007606e0
       DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
       DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
       PKRU: 55555554
       Call Trace:
        do_setlink+0x994/0xfe0
        __rtnl_newlink+0x544/0x8d0
        rtnl_newlink+0x47/0x70
        rtnetlink_rcv_msg+0x29f/0x350
        netlink_rcv_skb+0x4a/0x110
        netlink_unicast+0x21d/0x300
        netlink_sendmsg+0x329/0x450
        sock_sendmsg+0x5b/0x60
        ____sys_sendmsg+0x204/0x280
        ___sys_sendmsg+0x88/0xd0
        __sys_sendmsg+0x5e/0xa0
        do_syscall_64+0x47/0x80
        entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      Fixes: c0c050c5 ("bnxt_en: New Broadcom ethernet driver.")
      Reported-by: default avatarFei Liu <feliu@redhat.com>
      CC: Jonathan Toppins <jtoppins@redhat.com>
      CC: Michael Chan <michael.chan@broadcom.com>
      Signed-off-by: default avatarDavide Caratti <dcaratti@redhat.com>
      Reviewed-by: default avatarMichael Chan <michael.chan@broadcom.com>
      Acked-by: default avatarJonathan Toppins <jtoppins@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c8b1d743
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · 45ae836f
      David S. Miller authored
      Alexei Starovoitov says:
      
      ====================
      pull-request: bpf 2020-07-09
      
      The following pull-request contains BPF updates for your *net* tree.
      
      We've added 4 non-merge commits during the last 1 day(s) which contain
      a total of 4 files changed, 26 insertions(+), 15 deletions(-).
      
      The main changes are:
      
      1) fix crash in libbpf on 32-bit archs, from Jakub and Andrii.
      
      2) fix crash when l2tp and bpf_sk_reuseport conflict, from Martin.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      45ae836f
    • David S. Miller's avatar
      Merge tag 'mlx5-fixes-2020-07-02' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux · ca68d563
      David S. Miller authored
      Saeed Mahameed says:
      
      ====================
      mlx5 fixes 2020-07-02
      
      This series introduces some fixes to mlx5 driver.
      
      V1->v2:
       - Drop "ip -s" patch and mirred device hold reference patch.
       - Will revise them in a later submission.
      
      Please pull and let me know if there is any problem.
      
      For -stable v5.2
       ('net/mlx5: Fix eeprom support for SFP module')
      
      For -stable v5.4
       ('net/mlx5e: Fix 50G per lane indication')
      
      For -stable v5.5
       ('net/mlx5e: Fix CPU mapping after function reload to avoid aRFS RX crash')
       ('net/mlx5e: Fix VXLAN configuration restore after function reload')
      
      For -stable v5.7
       ('net/mlx5e: CT: Fix memory leak in cleanup')
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ca68d563
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma · aa0c9086
      Linus Torvalds authored
      Pull rdma fixes from Jason Gunthorpe:
       "Small update, a few more merge window bugs and normal driver bug
        fixes:
      
         - Two merge window regressions in mlx5: a error path bug found by
           syzkaller and some lost code during a rework preventing ipoib from
           working in some configurations
      
         - Silence clang compilation warning in OPA related code
      
         - Fix a long standing race condition in ib_nl for ACM
      
         - Resolve when the HFI1 is shutdown"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
        RDMA/mlx5: Set PD pointers for the error flow unwind
        IB/mlx5: Fix 50G per lane indication
        RDMA/siw: Fix reporting vendor_part_id
        IB/sa: Resolv use-after-free in ib_nl_make_request()
        IB/hfi1: Do not destroy link_wq when the device is shut down
        IB/hfi1: Do not destroy hfi1_wq when the device is shut down
        RDMA/mlx5: Fix legacy IPoIB QP initialization
        IB/hfi1: Add explicit cast OPA_MTU_8192 to 'enum ib_mtu'
      aa0c9086
    • Linus Torvalds's avatar
      Merge tag 'linux-kselftest-fixes-5.8-rc5' of... · 0f318cba
      Linus Torvalds authored
      Merge tag 'linux-kselftest-fixes-5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
      
      Pull kselftest fixes from Shuah Khan:
       "TPM2 test changes to run on python3 and kselftest framework fix to
        incorrect return type"
      
      * tag 'linux-kselftest-fixes-5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
        kselftest: ksft_test_num return type should be unsigned
        selftests: tpm: upgrade TPM2 tests from Python 2 to Python 3
      0f318cba
    • Linus Torvalds's avatar
      Merge tag 'io_uring-5.8-2020-07-10' of git://git.kernel.dk/linux-block · a581387e
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
      
       - Fix memleak for error path in registered files (Yang)
      
       - Export CQ overflow state in flags, necessary to fix a case where
         liburing doesn't know if it needs to enter the kernel (Xiaoguang)
      
       - Fix for a regression in when user memory is accounted freed, causing
         issues with back-to-back ring exit + init if the ulimit -l setting is
         very tight.
      
      * tag 'io_uring-5.8-2020-07-10' of git://git.kernel.dk/linux-block:
        io_uring: account user memory freed when exit has been queued
        io_uring: fix memleak in io_sqe_files_register()
        io_uring: fix memleak in __io_sqe_files_update()
        io_uring: export cq overflow status to userspace
      a581387e
    • Linus Torvalds's avatar
      Merge tag 'block-5.8-2020-07-10' of git://git.kernel.dk/linux-block · d33db702
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - Fix for inflight accounting, which affects only dm (Ming)
      
       - Fix documentation error for bfq (Yufen)
      
       - Fix memory leak for nbd (Zheng)
      
      * tag 'block-5.8-2020-07-10' of git://git.kernel.dk/linux-block:
        nbd: Fix memory leak in nbd_add_socket
        blk-mq: consider non-idle request as "inflight" in blk_mq_rq_inflight()
        docs: block: update and fix tiny error for bfq
      d33db702
    • Linus Torvalds's avatar
      Merge tag 'cleanup-kernel_read_write' of git://git.infradead.org/users/hch/misc · b1b11d00
      Linus Torvalds authored
      Pull in-kernel read and write op cleanups from Christoph Hellwig:
       "Cleanup in-kernel read and write operations
      
        Reshuffle the (__)kernel_read and (__)kernel_write helpers, and ensure
        all users of in-kernel file I/O use them if they don't use iov_iter
        based methods already.
      
        The new WARN_ONs in combination with syzcaller already found a missing
        input validation in 9p. The fix should be on your way through the
        maintainer ASAP".
      
      [ This is prep-work for the real changes coming 5.9 ]
      
      * tag 'cleanup-kernel_read_write' of git://git.infradead.org/users/hch/misc:
        fs: remove __vfs_read
        fs: implement kernel_read using __kernel_read
        integrity/ima: switch to using __kernel_read
        fs: add a __kernel_read helper
        fs: remove __vfs_write
        fs: implement kernel_write using __kernel_write
        fs: check FMODE_WRITE in __kernel_write
        fs: unexport __kernel_write
        bpfilter: switch to kernel_write
        autofs: switch to kernel_write
        cachefiles: switch to kernel_write
      b1b11d00
    • Linus Torvalds's avatar
      Merge tag 'dma-mapping-5.8-5' of git://git.infradead.org/users/hch/dma-mapping · 1bfde037
      Linus Torvalds authored
      Pull dma-mapping fixes from Christoph Hellwig:
      
       - add a warning when the atomic pool is depleted (David Rientjes)
      
       - protect the parameters of the new scatterlist helper macros (Marek
         Szyprowski )
      
      * tag 'dma-mapping-5.8-5' of git://git.infradead.org/users/hch/dma-mapping:
        scatterlist: protect parameters of the sg_table related macros
        dma-mapping: warn when coherent pool is depleted
      1bfde037
    • Linus Torvalds's avatar
      Merge tag 'pinctrl-v5.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl · 25aadbd2
      Linus Torvalds authored
      Pull pin control fixes from Linus Walleij:
      
       - Fix an issue in the AMD driver for the UART0 group
      
       - Fix a glitch issue in the Baytrail pin controller
      
      * tag 'pinctrl-v5.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
        pinctrl: baytrail: Fix pin being driven low for a while on gpiod_get(..., GPIOD_OUT_HIGH)
        pinctrl: amd: fix npins for uart0 in kerncz_groups
      25aadbd2
    • Linus Torvalds's avatar
      Merge tag 'gpio-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio · 3f883432
      Linus Torvalds authored
      Pull GPIO fixes from Linus Walleij:
       "Some GPIO fixes, most of them for the PCA953x that Andy worked hard to
        fix up.
      
         - Fix two runtime PM errorpath problems in the Arizona GPIO driver.
      
         - Fix three interrupt issues in the PCA953x driver.
      
         - Fix the automatic address increment handling in the PCA953x driver
           again.
      
         - Add a quirk to the PCA953x that fixes a problem in the Intel
           Galileo Gen 2"
      
      * tag 'gpio-v5.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
        gpio: pca953x: Fix GPIO resource leak on Intel Galileo Gen 2
        gpio: pca953x: disable regmap locking for automatic address incrementing
        gpio: pca953x: Fix direction setting when configure an IRQ
        gpio: pca953x: Override IRQ for one of the expanders on Galileo Gen 2
        gpio: pca953x: Synchronize interrupt handler properly
        gpio: arizona: put pm_runtime in case of failure
        gpio: arizona: handle pm_runtime_get_sync failure case
      3f883432
    • Linus Torvalds's avatar
      Merge tag 'gfs2-v5.8-rc4.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 · d02b0478
      Linus Torvalds authored
      Pull gfs2 fixes from Andreas Gruenbacher:
       "Fix gfs2 readahead deadlocks by adding a IOCB_NOIO flag that allows
        gfs2 to use the generic fiel read iterator functions without having to
        worry about being called back while holding locks".
      
      * tag 'gfs2-v5.8-rc4.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2:
        gfs2: Rework read and page fault locking
        fs: Add IOCB_NOIO flag for generic_file_read_iter
      d02b0478
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · f4c8824c
      Linus Torvalds authored
      Pull arm64 fixes from Will Deacon:
       "An unfortunately large collection of arm64 fixes for -rc5.
      
        Some of this is absolutely trivial, but the alternatives, vDSO and CPU
        errata workaround fixes are significant. At least people are finding
        and fixing these things, I suppose.
      
         - Fix workaround for CPU erratum #1418040 to disable the compat vDSO
      
         - Fix Oops when single-stepping with KGDB
      
         - Fix memory attributes for hypervisor device mappings at EL2
      
         - Fix memory leak in PSCI and remove useless variable assignment
      
         - Fix up some comments and asm labels in our entry code
      
         - Fix broken register table formatting in our generated html docs
      
         - Fix missing NULL sentinel in CPU errata workaround list
      
         - Fix patching of branches in alternative instruction sections"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64/alternatives: don't patch up internal branches
        arm64: Add missing sentinel to erratum_1463225
        arm64: Documentation: Fix broken table in generated HTML
        arm64: kgdb: Fix single-step exception handling oops
        arm64: entry: Tidy up block comments and label numbers
        arm64: Rework ARM_ERRATUM_1414080 handling
        arm64: arch_timer: Disable the compat vdso for cores affected by ARM64_WORKAROUND_1418040
        arm64: arch_timer: Allow an workaround descriptor to disable compat vdso
        arm64: Introduce a way to disable the 32bit vdso
        arm64: entry: Fix the typo in the comment of el1_dbg()
        drivers/firmware/psci: Assign @err directly in hotplug_tests()
        drivers/firmware/psci: Fix memory leakage in alloc_init_cpu_groups()
        KVM: arm64: Fix definition of PAGE_HYP_DEVICE
      f4c8824c
    • Linus Torvalds's avatar
      Merge tag 's390-5.8-5' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · e8749d06
      Linus Torvalds authored
      Pull s390 fixes from Heiko Carstens:
       "This is mainly due to the fact that Gerald Schaefer's and also my old
        email addresses currently do not work any longer. Therefore we decided
        to switch to new email addresses and reflect that in the MAINTAINERS
        file.
      
         - Update email addresses in MAINTAINERS file and add .mailmap entries
           for Gerald Schaefer and Heiko Carstens.
      
         - Fix huge pte soft dirty copying"
      
      * tag 's390-5.8-5' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        MAINTAINERS: update email address for Gerald Schaefer
        MAINTAINERS: update email address for Heiko Carstens
        s390/mm: fix huge pte soft dirty copying
      e8749d06
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · cb24c61b
      Linus Torvalds authored
      Pull vkm fixes from Paolo Bonzini:
       "Two simple but important bugfixes"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: MIPS: Fix build errors for 32bit kernel
        KVM: nVMX: fixes for preemption timer migration
      cb24c61b
    • Linus Torvalds's avatar
      Merge tag 'mmc-v5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc · d45f47a4
      Linus Torvalds authored
      Pull MMC fixes from Ulf Hansson:
      
       - Override DLL_CONFIG only with valid values in sdhci-msm
      
       - Get rid of of_match_ptr() macro to fix warning in owl-mmc
      
       - Limit segments to 1 to fix meson-gx G12A/G12B SoCs
      
      * tag 'mmc-v5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
        mmc: sdhci-msm: Override DLL_CONFIG only if the valid value is supplied
        mmc: owl-mmc: Get rid of of_match_ptr() macro
        mmc: meson-gx: limit segments to 1 when dram-access-quirk is needed
      d45f47a4
    • Jens Axboe's avatar
      io_uring: account user memory freed when exit has been queued · 309fc03a
      Jens Axboe authored
      We currently account the memory after the exit work has been run, but
      that leaves a gap where a process has closed its ring and until the
      memory has been accounted as freed. If the memlocked ulimit is
      borderline, then that can introduce spurious setup errors returning
      -ENOMEM because the free work hasn't been run yet.
      
      Account this as freed when we close the ring, as not to expose a tiny
      gap where setting up a new ring can fail.
      
      Fixes: 85faa7b8 ("io_uring: punt final io_ring_ctx wait-and-free to workqueue")
      Cc: stable@vger.kernel.org # v5.7
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      309fc03a
    • Yang Yingliang's avatar
      io_uring: fix memleak in io_sqe_files_register() · 667e57da
      Yang Yingliang authored
      I got a memleak report when doing some fuzz test:
      
      BUG: memory leak
      unreferenced object 0x607eeac06e78 (size 8):
        comm "test", pid 295, jiffies 4294735835 (age 31.745s)
        hex dump (first 8 bytes):
          00 00 00 00 00 00 00 00                          ........
        backtrace:
          [<00000000932632e6>] percpu_ref_init+0x2a/0x1b0
          [<0000000092ddb796>] __io_uring_register+0x111d/0x22a0
          [<00000000eadd6c77>] __x64_sys_io_uring_register+0x17b/0x480
          [<00000000591b89a6>] do_syscall_64+0x56/0xa0
          [<00000000864a281d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      Call percpu_ref_exit() on error path to avoid
      refcount memleak.
      
      Fixes: 05f3fb3c ("io_uring: avoid ring quiesce for fixed file set unregister and update")
      Cc: stable@vger.kernel.org
      Reported-by: default avatarHulk Robot <hulkci@huawei.com>
      Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      667e57da
    • Gerald Schaefer's avatar
    • Heiko Carstens's avatar
      2c08f65f
    • Dan Carpenter's avatar
      xen/xenbus: Fix a double free in xenbus_map_ring_pv() · ba8c4234
      Dan Carpenter authored
      When there is an error the caller frees "info->node" so the free here
      will result in a double free.  We should just delete first kfree().
      
      Fixes: 3848e4e0 ("xen/xenbus: avoid large structs and arrays on the stack")
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Link: https://lore.kernel.org/r/20200710113610.GA92345@mwandaReviewed-by: default avatarJuergen Gross <jgross@suse.com>
      Signed-off-by: default avatarBoris Ostrovsky <boris.ostrovsky@oracle.com>
      ba8c4234
    • Huacai Chen's avatar
      KVM: MIPS: Fix build errors for 32bit kernel · 3d9fdc25
      Huacai Chen authored
      Commit dc6d95b1 ("KVM: MIPS: Add more MMIO load/store
      instructions emulation") introduced some 64bit load/store instructions
      emulation which are unavailable on 32bit platform, and it causes build
      errors:
      
      arch/mips/kvm/emulate.c: In function 'kvm_mips_emulate_store':
      arch/mips/kvm/emulate.c:1734:6: error: right shift count >= width of type [-Werror]
            ((vcpu->arch.gprs[rt] >> 56) & 0xff);
            ^
      arch/mips/kvm/emulate.c:1738:6: error: right shift count >= width of type [-Werror]
            ((vcpu->arch.gprs[rt] >> 48) & 0xffff);
            ^
      arch/mips/kvm/emulate.c:1742:6: error: right shift count >= width of type [-Werror]
            ((vcpu->arch.gprs[rt] >> 40) & 0xffffff);
            ^
      arch/mips/kvm/emulate.c:1746:6: error: right shift count >= width of type [-Werror]
            ((vcpu->arch.gprs[rt] >> 32) & 0xffffffff);
            ^
      arch/mips/kvm/emulate.c:1796:6: error: left shift count >= width of type [-Werror]
            (vcpu->arch.gprs[rt] << 32);
            ^
      arch/mips/kvm/emulate.c:1800:6: error: left shift count >= width of type [-Werror]
            (vcpu->arch.gprs[rt] << 40);
            ^
      arch/mips/kvm/emulate.c:1804:6: error: left shift count >= width of type [-Werror]
            (vcpu->arch.gprs[rt] << 48);
            ^
      arch/mips/kvm/emulate.c:1808:6: error: left shift count >= width of type [-Werror]
            (vcpu->arch.gprs[rt] << 56);
            ^
      cc1: all warnings being treated as errors
      make[3]: *** [arch/mips/kvm/emulate.o] Error 1
      
      So, use #if defined(CONFIG_64BIT) && defined(CONFIG_KVM_MIPS_VZ) to
      guard the 64bit load/store instructions emulation.
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Fixes: dc6d95b1 ("KVM: MIPS: Add more MMIO load/store instructions emulation")
      Signed-off-by: default avatarHuacai Chen <chenhc@lemote.com>
      Message-Id: <1594365797-536-1-git-send-email-chenhc@lemote.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      3d9fdc25
    • Paolo Bonzini's avatar
      KVM: nVMX: fixes for preemption timer migration · 83d31e52
      Paolo Bonzini authored
      Commit 850448f3 ("KVM: nVMX: Fix VMX preemption timer migration",
      2020-06-01) accidentally broke nVMX live migration from older version
      by changing the userspace ABI.  Restore it and, while at it, ensure
      that vmx->nested.has_preemption_timer_deadline is always initialized
      according to the KVM_STATE_VMX_PREEMPTION_TIMER_DEADLINE flag.
      
      Cc: Makarand Sonare <makarandsonare@google.com>
      Fixes: 850448f3 ("KVM: nVMX: Fix VMX preemption timer migration")
      Reviewed-by: default avatarJim Mattson <jmattson@google.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      83d31e52
    • Jakub Bogusz's avatar
      libbpf: Fix libbpf hashmap on (I)LP32 architectures · b2f9f153
      Jakub Bogusz authored
      On ILP32, 64-bit result was shifted by value calculated for 32-bit long type
      and returned value was much outside hashmap capacity.
      As advised by Andrii Nakryiko, this patch uses different hashing variant for
      architectures with size_t shorter than long long.
      
      Fixes: e3b92422 ("libbpf: add resizable non-thread safe internal hashmap")
      Signed-off-by: default avatarJakub Bogusz <qboosh@pld-linux.org>
      Signed-off-by: default avatarAndrii Nakryiko <andriin@fb.com>
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Link: https://lore.kernel.org/bpf/20200709225723.1069937-1-andriin@fb.com
      b2f9f153