1. 24 Jan, 2020 2 commits
  2. 23 Jan, 2020 7 commits
    • Linus Torvalds's avatar
      Merge tag 'xarray-5.5' of git://git.infradead.org/users/willy/linux-dax · 4703d911
      Linus Torvalds authored
      Pull XArray fixes from Matthew Wilcox:
       "Primarily bugfixes, mostly around handling index wrap-around
        correctly.
      
        A couple of doc fixes and adding missing APIs.
      
        I had an oops live on stage at linux.conf.au this year, and it turned
        out to be a bug in xas_find() which I can't prove isn't triggerable in
        the current codebase. Then in looking for the bug, I spotted two more
        bugs.
      
        The bots have had a few days to chew on this with no problems
        reported, and it passes the test-suite (which now has more tests to
        make sure these problems don't come back)"
      
      * tag 'xarray-5.5' of git://git.infradead.org/users/willy/linux-dax:
        XArray: Add xa_for_each_range
        XArray: Fix xas_find returning too many entries
        XArray: Fix xa_find_after with multi-index entries
        XArray: Fix infinite loop with entry at ULONG_MAX
        XArray: Add wrappers for nested spinlocks
        XArray: Improve documentation of search marks
        XArray: Fix xas_pause at ULONG_MAX
      4703d911
    • Linus Torvalds's avatar
      Merge tag 'trace-v5.5-rc6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · 34597c85
      Linus Torvalds authored
      Pull tracing fixes from Steven Rostedt:
       "Various tracing fixes:
      
         - Fix a function comparison warning for a xen trace event macro
      
         - Fix a double perf_event linking to a trace_uprobe_filter for
           multiple events
      
         - Fix suspicious RCU warnings in trace event code for using
           list_for_each_entry_rcu() when the "_rcu" portion wasn't needed.
      
         - Fix a bug in the histogram code when using the same variable
      
         - Fix a NULL pointer dereference when tracefs lockdown enabled and
           calling trace_set_default_clock()
      
         - A fix to a bug found with the double perf_event linking patch"
      
      * tag 'trace-v5.5-rc6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        tracing/uprobe: Fix to make trace_uprobe_filter alignment safe
        tracing: Do not set trace clock if tracefs lockdown is in effect
        tracing: Fix histogram code when expression has same var as value
        tracing: trigger: Replace unneeded RCU-list traversals
        tracing/uprobe: Fix double perf_event linking on multiprobe uprobe
        tracing: xen: Ordered comparison of function pointers
      34597c85
    • Linus Torvalds's avatar
      Merge tag 'ceph-for-5.5-rc8' of https://github.com/ceph/ceph-client · fa0a4e3b
      Linus Torvalds authored
      Pull ceph fix from Ilya Dryomov:
       "A fix for a potential use-after-free from Jeff, marked for stable"
      
      * tag 'ceph-for-5.5-rc8' of https://github.com/ceph/ceph-client:
        ceph: hold extra reference to r_parent over life of request
      fa0a4e3b
    • Linus Torvalds's avatar
      Merge tag 'pm-5.5-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 3a83c8c8
      Linus Torvalds authored
      Pull power management fix from Rafael Wysocki:
       "Prevent the kernel from crashing during resume from hibernation if
        free pages contain leftover data from the restore kernel and
        init_on_free is set (Alexander Potapenko)"
      
      * tag 'pm-5.5-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        PM: hibernate: fix crashes with init_on_free=1
      3a83c8c8
    • Linus Torvalds's avatar
      Merge tag 'pci-v5.5-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · a572582b
      Linus Torvalds authored
      Pull PCI fix from Bjorn Helgaas:
       "Mark ATS as broken on AMD Navi14 GPU rev 0xc5 (Alex Deucher)"
      
      * tag 'pci-v5.5-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
        PCI: Mark AMD Navi14 GPU rev 0xc5 ATS as broken
      a572582b
    • Linus Torvalds's avatar
      readdir: make user_access_begin() use the real access range · 3c2659bd
      Linus Torvalds authored
      In commit 9f79b78e ("Convert filldir[64]() from __put_user() to
      unsafe_put_user()") I changed filldir to not do individual __put_user()
      accesses, but instead use unsafe_put_user() surrounded by the proper
      user_access_begin/end() pair.
      
      That make them enormously faster on modern x86, where the STAC/CLAC
      games make individual user accesses fairly heavy-weight.
      
      However, the user_access_begin() range was not really the exact right
      one, since filldir() has the unfortunate problem that it needs to not
      only fill out the new directory entry, it also needs to fix up the
      previous one to contain the proper file offset.
      
      It's unfortunate, but the "d_off" field in "struct dirent" is _not_ the
      file offset of the directory entry itself - it's the offset of the next
      one.  So we end up backfilling the offset in the previous entry as we
      walk along.
      
      But since x86 didn't really care about the exact range, and used to be
      the only architecture that did anything fancy in user_access_begin() to
      begin with, the filldir[64]() changes did something lazy, and even
      commented on it:
      
      	/*
      	 * Note! This range-checks 'previous' (which may be NULL).
      	 * The real range was checked in getdents
      	 */
      	if (!user_access_begin(dirent, sizeof(*dirent)))
      		goto efault;
      
      and it all worked fine.
      
      But now 32-bit ppc is starting to also implement user_access_begin(),
      and the fact that we faked the range to only be the (possibly not even
      valid) previous directory entry becomes a problem, because ppc32 will
      actually be using the range that is passed in for more than just "check
      that it's user space".
      
      This is a complete rewrite of Christophe's original patch.
      
      By saving off the record length of the previous entry instead of a
      pointer to it in the filldir data structures, we can simplify the range
      check and the writing of the previous entry d_off field.  No need for
      any conditionals in the user accesses themselves, although we retain the
      conditional EINTR checking for the "was this the first directory entry"
      signal handling latency logic.
      
      Fixes: 9f79b78e ("Convert filldir[64]() from __put_user() to unsafe_put_user()")
      Link: https://lore.kernel.org/lkml/a02d3426f93f7eb04960a4d9140902d278cab0bb.1579697910.git.christophe.leroy@c-s.fr/
      Link: https://lore.kernel.org/lkml/408c90c4068b00ea8f1c41cca45b84ec23d4946b.1579783936.git.christophe.leroy@c-s.fr/Reported-and-tested-by: default avatarChristophe Leroy <christophe.leroy@c-s.fr>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      3c2659bd
    • Linus Torvalds's avatar
      readdir: be more conservative with directory entry names · 2c6b7bcd
      Linus Torvalds authored
      Commit 8a23eb80 ("Make filldir[64]() verify the directory entry
      filename is valid") added some minimal validity checks on the directory
      entries passed to filldir[64]().  But they really were pretty minimal.
      
      This fleshes out at least the name length check: we used to disallow
      zero-length names, but really, negative lengths or oevr-long names
      aren't ok either.  Both could happen if there is some filesystem
      corruption going on.
      
      Now, most filesystems tend to use just an "unsigned char" or similar for
      the length of a directory entry name, so even with a corrupt filesystem
      you should never see anything odd like that.  But since we then use the
      name length to create the directory entry record length, let's make sure
      it actually is half-way sensible.
      
      Note how POSIX states that the size of a path component is limited by
      NAME_MAX, but we actually use PATH_MAX for the check here.  That's
      because while NAME_MAX is generally the correct maximum name length
      (it's 255, for the same old "name length is usually just a byte on
      disk"), there's nothing in the VFS layer that really cares.
      
      So the real limitation at a VFS layer is the total pathname length you
      can pass as a filename: PATH_MAX.
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      2c6b7bcd
  3. 22 Jan, 2020 10 commits
  4. 21 Jan, 2020 2 commits
    • Jeff Layton's avatar
      ceph: hold extra reference to r_parent over life of request · 9c1c2b35
      Jeff Layton authored
      Currently, we just assume that it will stick around by virtue of the
      submitter's reference, but later patches will allow the syscall to
      return early and we can't rely on that reference at that point.
      
      While I'm not aware of any reports of it, Xiubo pointed out that this
      may fix a use-after-free.  If the wait for a reply times out or is
      canceled via signal, and then the reply comes in after the syscall
      returns, the client can end up trying to access r_parent without a
      reference.
      
      Take an extra reference to the inode when setting r_parent and release
      it when releasing the request.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJeff Layton <jlayton@kernel.org>
      Reviewed-by: default avatar"Yan, Zheng" <zyan@redhat.com>
      Signed-off-by: default avatarIlya Dryomov <idryomov@gmail.com>
      9c1c2b35
    • Eugene Syromiatnikov's avatar
      io_uring: fix compat for IORING_REGISTER_FILES_UPDATE · 1292e972
      Eugene Syromiatnikov authored
      fds field of struct io_uring_files_update is problematic with regards
      to compat user space, as pointer size is different in 32-bit, 32-on-64-bit,
      and 64-bit user space.  In order to avoid custom handling of compat in
      the syscall implementation, make fds __u64 and use u64_to_user_ptr in
      order to retrieve it.  Also, align the field naturally and check that
      no garbage is passed there.
      
      Fixes: c3a31e60 ("io_uring: add support for IORING_REGISTER_FILES_UPDATE")
      Signed-off-by: default avatarEugene Syromiatnikov <esyr@redhat.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      1292e972
  5. 20 Jan, 2020 5 commits
    • Masami Ichikawa's avatar
      tracing: Do not set trace clock if tracefs lockdown is in effect · bf24daac
      Masami Ichikawa authored
      When trace_clock option is not set and unstable clcok detected,
      tracing_set_default_clock() sets trace_clock(ThinkPad A285 is one of
      case). In that case, if lockdown is in effect, null pointer
      dereference error happens in ring_buffer_set_clock().
      
      Link: http://lkml.kernel.org/r/20200116131236.3866925-1-masami256@gmail.com
      
      Cc: stable@vger.kernel.org
      Fixes: 17911ff3 ("tracing: Add locked_down checks to the open calls of files created for tracefs")
      Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1788488Signed-off-by: default avatarMasami Ichikawa <masami256@gmail.com>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      bf24daac
    • Steven Rostedt (VMware)'s avatar
      tracing: Fix histogram code when expression has same var as value · 8bcebc77
      Steven Rostedt (VMware) authored
      While working on a tool to convert SQL syntex into the histogram language of
      the kernel, I discovered the following bug:
      
       # echo 'first u64 start_time u64 end_time pid_t pid u64 delta' >> synthetic_events
       # echo 'hist:keys=pid:start=common_timestamp' > events/sched/sched_waking/trigger
       # echo 'hist:keys=next_pid:delta=common_timestamp-$start,start2=$start:onmatch(sched.sched_waking).trace(first,$start2,common_timestamp,next_pid,$delta)' > events/sched/sched_switch/trigger
      
      Would not display any histograms in the sched_switch histogram side.
      
      But if I were to swap the location of
      
        "delta=common_timestamp-$start" with "start2=$start"
      
      Such that the last line had:
      
       # echo 'hist:keys=next_pid:start2=$start,delta=common_timestamp-$start:onmatch(sched.sched_waking).trace(first,$start2,common_timestamp,next_pid,$delta)' > events/sched/sched_switch/trigger
      
      The histogram works as expected.
      
      What I found out is that the expressions clear out the value once it is
      resolved. As the variables are resolved in the order listed, when
      processing:
      
        delta=common_timestamp-$start
      
      The $start is cleared. When it gets to "start2=$start", it errors out with
      "unresolved symbol" (which is silent as this happens at the location of the
      trace), and the histogram is dropped.
      
      When processing the histogram for variable references, instead of adding a
      new reference for a variable used twice, use the same reference. That way,
      not only is it more efficient, but the order will no longer matter in
      processing of the variables.
      
      From Tom Zanussi:
      
       "Just to clarify some more about what the problem was is that without
        your patch, we would have two separate references to the same variable,
        and during resolve_var_refs(), they'd both want to be resolved
        separately, so in this case, since the first reference to start wasn't
        part of an expression, it wouldn't get the read-once flag set, so would
        be read normally, and then the second reference would do the read-once
        read and also be read but using read-once.  So everything worked and
        you didn't see a problem:
      
         from: start2=$start,delta=common_timestamp-$start
      
        In the second case, when you switched them around, the first reference
        would be resolved by doing the read-once, and following that the second
        reference would try to resolve and see that the variable had already
        been read, so failed as unset, which caused it to short-circuit out and
        not do the trigger action to generate the synthetic event:
      
         to: delta=common_timestamp-$start,start2=$start
      
        With your patch, we only have the single resolution which happens
        correctly the one time it's resolved, so this can't happen."
      
      Link: https://lore.kernel.org/r/20200116154216.58ca08eb@gandalf.local.home
      
      Cc: stable@vger.kernel.org
      Fixes: 067fe038 ("tracing: Add variable reference handling to hist triggers")
      Reviewed-by: default avatarTom Zanuss <zanussi@kernel.org>
      Tested-by: default avatarTom Zanussi <zanussi@kernel.org>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      8bcebc77
    • Linus Torvalds's avatar
      Merge tag 'fixes_for_v5.5-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs · d96d875e
      Linus Torvalds authored
      Pull reiserfs fix from Jan Kara:
       "A fixup of a recently merged reiserfs fix which has caused problem
        when xattrs were not compiled in"
      
      * tag 'fixes_for_v5.5-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
        reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr
      d96d875e
    • Michał Mirosław's avatar
      mmc: sdhci: fix minimum clock rate for v3 controller · 2a187d03
      Michał Mirosław authored
      For SDHCIv3+ with programmable clock mode, minimal clock frequency is
      still base clock / max(divider). Minimal programmable clock frequency is
      always greater than minimal divided clock frequency. Without this patch,
      SDHCI uses out-of-spec initial frequency when multiplier is big enough:
      
      mmc1: mmc_rescan_try_freq: trying to init card at 468750 Hz
      [for 480 MHz source clock divided by 1024]
      
      The code in sdhci_calc_clk() already chooses a correct SDCLK clock mode.
      
      Fixes: c3ed3877 ("mmc: sdhci: add support for programmable clock mode")
      Cc: <stable@vger.kernel.org> # 4f6aa326: mmc: tegra: Only advertise UHS modes if IO regulator is present
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarMichał Mirosław <mirq-linux@rere.qmqm.pl>
      Acked-by: default avatarAdrian Hunter <adrian.hunter@intel.com>
      Link: https://lore.kernel.org/r/ffb489519a446caffe7a0a05c4b9372bd52397bb.1579082031.git.mirq-linux@rere.qmqm.plSigned-off-by: default avatarUlf Hansson <ulf.hansson@linaro.org>
      2a187d03
    • Linus Torvalds's avatar
      Linux 5.5-rc7 · def9d278
      Linus Torvalds authored
      def9d278
  6. 19 Jan, 2020 8 commits
    • Linus Torvalds's avatar
      Merge tag 'riscv/for-v5.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · 7008ee12
      Linus Torvalds authored
      Pull RISC-V fixes from Paul Walmsley:
       "Three fixes for RISC-V:
      
         - Don't free and reuse memory containing the code that CPUs parked at
           boot reside in.
      
         - Fix rv64 build problems for ubsan and some modules by adding
           logical and arithmetic shift helpers for 128-bit values. These are
           from libgcc and are similar to what's present for ARM64.
      
         - Fix vDSO builds to clean up their own temporary files"
      
      * tag 'riscv/for-v5.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
        riscv: Less inefficient gcc tishift helpers (and export their symbols)
        riscv: delete temporary files
        riscv: make sure the cores stay looping in .Lsecondary_park
      7008ee12
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 11a82729
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix non-blocking connect() in x25, from Martin Schiller.
      
       2) Fix spurious decryption errors in kTLS, from Jakub Kicinski.
      
       3) Netfilter use-after-free in mtype_destroy(), from Cong Wang.
      
       4) Limit size of TSO packets properly in lan78xx driver, from Eric
          Dumazet.
      
       5) r8152 probe needs an endpoint sanity check, from Johan Hovold.
      
       6) Prevent looping in tcp_bpf_unhash() during sockmap/tls free, from
          John Fastabend.
      
       7) hns3 needs short frames padded on transmit, from Yunsheng Lin.
      
       8) Fix netfilter ICMP header corruption, from Eyal Birger.
      
       9) Fix soft lockup when low on memory in hns3, from Yonglong Liu.
      
      10) Fix NTUPLE firmware command failures in bnxt_en, from Michael Chan.
      
      11) Fix memory leak in act_ctinfo, from Eric Dumazet.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (91 commits)
        cxgb4: reject overlapped queues in TC-MQPRIO offload
        cxgb4: fix Tx multi channel port rate limit
        net: sched: act_ctinfo: fix memory leak
        bnxt_en: Do not treat DSN (Digital Serial Number) read failure as fatal.
        bnxt_en: Fix ipv6 RFS filter matching logic.
        bnxt_en: Fix NTUPLE firmware command failures.
        net: systemport: Fixed queue mapping in internal ring map
        net: dsa: bcm_sf2: Configure IMP port for 2Gb/sec
        net: dsa: sja1105: Don't error out on disabled ports with no phy-mode
        net: phy: dp83867: Set FORCE_LINK_GOOD to default after reset
        net: hns: fix soft lockup when there is not enough memory
        net: avoid updating qdisc_xmit_lock_key in netdev_update_lockdep_key()
        net/sched: act_ife: initalize ife->metalist earlier
        netfilter: nat: fix ICMP header corruption on ICMP errors
        net: wan: lapbether.c: Use built-in RCU list checking
        netfilter: nf_tables: fix flowtable list del corruption
        netfilter: nf_tables: fix memory leak in nf_tables_parse_netdev_hooks()
        netfilter: nf_tables: remove WARN and add NLA_STRING upper limits
        netfilter: nft_tunnel: ERSPAN_VERSION must not be null
        netfilter: nft_tunnel: fix null-attribute check
        ...
      11a82729
    • Linus Torvalds's avatar
      Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · 5f436443
      Linus Torvalds authored
      Pull i2c fixes from Wolfram Sang:
       "Two runtime PM fixes and one leak fix"
      
      * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        i2c: iop3xx: Fix memory leak in probe error path
        i2c: tegra: Properly disable runtime PM on driver's probe error
        i2c: tegra: Fix suspending in active runtime PM state
      5f436443
    • Rahul Lakkireddy's avatar
      cxgb4: reject overlapped queues in TC-MQPRIO offload · b2383ad9
      Rahul Lakkireddy authored
      A queue can't belong to multiple traffic classes. So, reject
      any such configuration that results in overlapped queues for a
      traffic class.
      
      Fixes: b1396c2b ("cxgb4: parse and configure TC-MQPRIO offload")
      Signed-off-by: default avatarRahul Lakkireddy <rahul.lakkireddy@chelsio.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b2383ad9
    • Rahul Lakkireddy's avatar
      cxgb4: fix Tx multi channel port rate limit · c856e2b6
      Rahul Lakkireddy authored
      T6 can support 2 egress traffic management channels per port to
      double the total number of traffic classes that can be configured.
      In this configuration, if the class belongs to the other channel,
      then all the queues must be bound again explicitly to the new class,
      for the rate limit parameters on the other channel to take effect.
      
      So, always explicitly bind all queues to the port rate limit traffic
      class, regardless of the traffic management channel that it belongs
      to. Also, only bind queues to port rate limit traffic class, if all
      the queues don't already belong to an existing different traffic
      class.
      
      Fixes: 4ec4762d ("cxgb4: add TC-MATCHALL classifier egress offload")
      Signed-off-by: default avatarRahul Lakkireddy <rahul.lakkireddy@chelsio.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c856e2b6
    • Eric Dumazet's avatar
      net: sched: act_ctinfo: fix memory leak · 09d4f10a
      Eric Dumazet authored
      Implement a cleanup method to properly free ci->params
      
      BUG: memory leak
      unreferenced object 0xffff88811746e2c0 (size 64):
        comm "syz-executor617", pid 7106, jiffies 4294943055 (age 14.250s)
        hex dump (first 32 bytes):
          00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
          c0 34 60 84 ff ff ff ff 00 00 00 00 00 00 00 00  .4`.............
        backtrace:
          [<0000000015aa236f>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
          [<0000000015aa236f>] slab_post_alloc_hook mm/slab.h:586 [inline]
          [<0000000015aa236f>] slab_alloc mm/slab.c:3320 [inline]
          [<0000000015aa236f>] kmem_cache_alloc_trace+0x145/0x2c0 mm/slab.c:3549
          [<000000002c946bd1>] kmalloc include/linux/slab.h:556 [inline]
          [<000000002c946bd1>] kzalloc include/linux/slab.h:670 [inline]
          [<000000002c946bd1>] tcf_ctinfo_init+0x21a/0x530 net/sched/act_ctinfo.c:236
          [<0000000086952cca>] tcf_action_init_1+0x400/0x5b0 net/sched/act_api.c:944
          [<000000005ab29bf8>] tcf_action_init+0x135/0x1c0 net/sched/act_api.c:1000
          [<00000000392f56f9>] tcf_action_add+0x9a/0x200 net/sched/act_api.c:1410
          [<0000000088f3c5dd>] tc_ctl_action+0x14d/0x1bb net/sched/act_api.c:1465
          [<000000006b39d986>] rtnetlink_rcv_msg+0x178/0x4b0 net/core/rtnetlink.c:5424
          [<00000000fd6ecace>] netlink_rcv_skb+0x61/0x170 net/netlink/af_netlink.c:2477
          [<0000000047493d02>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5442
          [<00000000bdcf8286>] netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
          [<00000000bdcf8286>] netlink_unicast+0x223/0x310 net/netlink/af_netlink.c:1328
          [<00000000fc5b92d9>] netlink_sendmsg+0x2c0/0x570 net/netlink/af_netlink.c:1917
          [<00000000da84d076>] sock_sendmsg_nosec net/socket.c:639 [inline]
          [<00000000da84d076>] sock_sendmsg+0x54/0x70 net/socket.c:659
          [<0000000042fb2eee>] ____sys_sendmsg+0x2d0/0x300 net/socket.c:2330
          [<000000008f23f67e>] ___sys_sendmsg+0x8a/0xd0 net/socket.c:2384
          [<00000000d838e4f6>] __sys_sendmsg+0x80/0xf0 net/socket.c:2417
          [<00000000289a9cb1>] __do_sys_sendmsg net/socket.c:2426 [inline]
          [<00000000289a9cb1>] __se_sys_sendmsg net/socket.c:2424 [inline]
          [<00000000289a9cb1>] __x64_sys_sendmsg+0x23/0x30 net/socket.c:2424
      
      Fixes: 24ec483c ("net: sched: Introduce act_ctinfo action")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Cc: Kevin 'ldir' Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
      Cc: Cong Wang <xiyou.wangcong@gmail.com>
      Cc: Toke Høiland-Jørgensen <toke@redhat.com>
      Acked-by: default avatarKevin 'ldir' Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      09d4f10a
    • Olof Johansson's avatar
      riscv: Less inefficient gcc tishift helpers (and export their symbols) · fc585d4a
      Olof Johansson authored
      The existing __lshrti3 was really inefficient, and the other two helpers
      are also needed to compile some modules.
      
      Add the missing versions, and export all of the symbols like arm64
      already does.
      
      This code is based on the assembly generated by libgcc builds.
      
      This fixes a build break triggered by ubsan:
      
      riscv64-unknown-linux-gnu-ld: lib/ubsan.o: in function `.L2':
      ubsan.c:(.text.unlikely+0x38): undefined reference to `__ashlti3'
      riscv64-unknown-linux-gnu-ld: ubsan.c:(.text.unlikely+0x42): undefined reference to `__ashrti3'
      Signed-off-by: default avatarOlof Johansson <olof@lixom.net>
      [paul.walmsley@sifive.com: use SYM_FUNC_{START,END} instead of
       ENTRY/ENDPROC; note libgcc origin]
      Signed-off-by: default avatarPaul Walmsley <paul.walmsley@sifive.com>
      fc585d4a
    • Linus Torvalds's avatar
      Merge tag 'mtd/fixes-for-5.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux · 8f8972a3
      Linus Torvalds authored
      Pull MTD fixes from Miquel Raynal:
       "Raw NAND:
         - GPMI: Fix the suspend/resume
      
        SPI-NOR:
         - Fix quad enable on Spansion like flashes
         - Fix selection of 4-byte addressing opcodes on Spansion"
      
      * tag 'mtd/fixes-for-5.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux:
        mtd: rawnand: gpmi: Restore nfc timing setup after suspend/resume
        mtd: rawnand: gpmi: Fix suspend/resume problem
        mtd: spi-nor: Fix quad enable for Spansion like flashes
        mtd: spi-nor: Fix selection of 4-byte addressing opcodes on Spansion
      8f8972a3
  7. 18 Jan, 2020 6 commits