When a client moves from a DSA user port to a software port in a bridge,
it cannot reach any other clients that connected to the DSA user ports.
That is because SA learning on the CPU port is disabled, so the switch
ignores the client's frames from the CPU port and still thinks it is at
the user port.
Fix it by enabling SA learning on the CPU port.
To prevent the switch from learning from flooding frames from the CPU
port, set skb->offload_fwd_mark to 1 for unicast and broadcast frames,
and let the switch flood them instead of trapping to the CPU port.
Multicast frames still need to be trapped to the CPU port for snooping,
so set the SA_DIS bit of the MTK tag to 1 when transmitting those frames
to disable SA learning.
Fixes: b8f126a8d5 ("net-next: dsa: add dsa support for Mediatek MT7530 switch")
Signed-off-by: DENG Qingfang <dqfext@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch fixes the following warning:
=============================
WARNING: suspicious RCU usage
5.7.0-rc4-next-20200507-syzkaller #0 Not tainted
-----------------------------
net/ipv6/ip6mr.c:124 RCU-list traversed in non-reader section!!
ipmr_new_table() returns an existing table, but there is no table at
init. Therefore the condition: either holding rtnl or the list is empty
is used.
Fixes: d1db275dd3 ("ipv6: ip6mr: support multiple tables")
Reported-by: kernel test robot <lkp@intel.com>
Suggested-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Madhuparna Bhowmik <madhuparnabhowmik10@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pull networking fixes from David Miller:
1) Fix sk_psock reference count leak on receive, from Xiyu Yang.
2) CONFIG_HNS should be invisible, from Geert Uytterhoeven.
3) Don't allow locking route MTUs in ipv6, RFCs actually forbid this,
from Maciej Żenczykowski.
4) ipv4 route redirect backoff wasn't actually enforced, from Paolo
Abeni.
5) Fix netprio cgroup v2 leak, from Zefan Li.
6) Fix infinite loop on rmmod in conntrack, from Florian Westphal.
7) Fix tcp SO_RCVLOWAT hangs, from Eric Dumazet.
8) Various bpf probe handling fixes, from Daniel Borkmann.
* git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (68 commits)
selftests: mptcp: pm: rm the right tmp file
dpaa2-eth: properly handle buffer size restrictions
bpf: Restrict bpf_trace_printk()'s %s usage and add %pks, %pus specifier
bpf: Add bpf_probe_read_{user, kernel}_str() to do_refine_retval_range
bpf: Restrict bpf_probe_read{, str}() only to archs where they work
MAINTAINERS: Mark networking drivers as Maintained.
ipmr: Add lockdep expression to ipmr_for_each_table macro
ipmr: Fix RCU list debugging warning
drivers: net: hamradio: Fix suspicious RCU usage warning in bpqether.c
net: phy: broadcom: fix BCM54XX_SHD_SCR3_TRDDAPD value for BCM54810
tcp: fix error recovery in tcp_zerocopy_receive()
MAINTAINERS: Add Jakub to networking drivers.
MAINTAINERS: another add of Karsten Graul for S390 networking
drivers: ipa: fix typos for ipa_smp2p structure doc
pppoe: only process PADT targeted at local interfaces
selftests/bpf: Enforce returning 0 for fentry/fexit programs
bpf: Enforce returning 0 for fentry/fexit progs
net: stmmac: fix num_por initialization
security: Fix the default value of secid_to_secctx hook
libbpf: Fix register naming in PT_REGS s390 macros
...
A few minor bug fixes for user visible defects, and one regression:
- Various bugs from static checkers and syzkaller
- Add missing error checking in mlx4
- Prevent RTNL lock recursion in i40iw
- Fix segfault in cxgb4 in peer abort cases
- Fix a regression added in 5.7 where the IB_EVENT_DEVICE_FATAL could be
lost, and wasn't delivered to all the FDs
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEfB7FMLh+8QxL+6i3OG33FX4gmxoFAl6+5V8ACgkQOG33FX4g
mxo/Zw//QlrhDSM4DG4hZsFhFX3i/vT7xbxkNTp/U1+Vue9cKcUlotNOzQ79lQur
/12QEiDffLZNsy2jCD1nxf/rEo9NDc8iSHPcryQ3aGa2K3XJ3QQ2ZhHBzfFU9GVP
GQYlGt9uB4t6LEcU4P/ZCdf1nmkfYFvNDfmveVWrPLasABK7WqxCBXaqbLed+0ca
lGhFBGLdGNJqyK2BkPCtXr9XYTjzZhW0lJqMuex0YD7cIAFfn+qbzvLQheBy/mhH
o9n28GQbIgpNXvYz2HvUkTfiwDLylFaNVBYVctnm10cbNtLHv2J0bBQQb2ZaXUAM
xt54AQ2QAMHKC2h6sUqyDAmWKfPEOnxZ9LycYDa0ZaIvm/uK/jiEOXE9XbQeiOKF
eHiyuDg0EB4AVcYlNSm7roHdbh3rAluHerGe4Kv3efF/b1Zt2mtTW7q/XuROfSeT
WBnALyl7RurnSG0HY9hyUMak65JwolgqPdBDpzRjqIF5jeKW0nn8MsbGTPGWlcyN
zLu5IQn/vv+sfISav1cVMRoijboe85+3SOVtMBQOJ2m7EkdzRyRSQh3oG1556n2y
oqseNSQFKNFA1p4hEeTf8BVEqVX3gj50ykj+2g1HyxH3sB+iE3+EctnHNhfd3IKI
n6e/67Nm0ub/WM1OXeuXBmW0NvsTt0aPBfsp4s+oq3eICD4YbFE=
=R5BJ
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
Pull rdma fixes from Jason Gunthorpe:
"A few minor bug fixes for user visible defects, and one regression:
- Various bugs from static checkers and syzkaller
- Add missing error checking in mlx4
- Prevent RTNL lock recursion in i40iw
- Fix segfault in cxgb4 in peer abort cases
- Fix a regression added in 5.7 where the IB_EVENT_DEVICE_FATAL could
be lost, and wasn't delivered to all the FDs"
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
RDMA/uverbs: Move IB_EVENT_DEVICE_FATAL to destroy_uobj
RDMA/uverbs: Do not discard the IB_EVENT_DEVICE_FATAL event
RDMA/iw_cxgb4: Fix incorrect function parameters
RDMA/core: Fix double put of resource
IB/core: Fix potential NULL pointer dereference in pkey cache
IB/hfi1: Fix another case where pq is left on waitlist
IB/i40iw: Remove bogus call to netdev_master_upper_dev_get()
IB/mlx4: Test return value of calls to ib_get_cached_pkey
RDMA/rxe: Always return ERR_PTR from rxe_create_mmap_info()
i40iw: Fix error handling in i40iw_manage_arp_cache()
This Kselftest update for Linux 5.7-rc6 consists of
- lkdtm runner fixes to prevent dmesg clearing and shellcheck errors
- ftrace test handling when test module doesn't exist
- nsfs test fix to replace zero-length array with flexible-array
- dmabuf-heaps test fix to return clear error value
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEPZKym/RZuOCGeA/kCwJExA0NQxwFAl6+0KwACgkQCwJExA0N
QxyBog/8DME+7YtjZ8TqgeWuxMckDHqVBTLTobd3Wyd2Vsk6W3EWKaDo+R8sqRfN
VmjExY1PH0+N4JAFuQxR1UAmO0E/YZ/HwGxU6IH4iAoXtVZ0Tc52jzlZkwo0/RwF
uOXukaEjLNlMva06/CEptxZy4UAWKP1l9DaEYjY48zDC4zlXaPgGjk69MACZhK4E
2M6mWJuUewf+PobZTGFv/4RPIAihZpx8gDMRBR/hy+RWKh1qNhpNeXQRrwTQm0u3
5ewOQjP26VRam4pA/e7RsU1b2IR8nbDZFpX3dTEzkme9dJ2hoN3DZLOw0/WXS/aQ
/Ha5bPBI7RMhq0FUQP1vMErZ6Da/YEkbTxmCpx1kL6vliKqMkHb+epLABTJlGGnD
i+ENoLeJVhcyQ3vyWq3VNZDGlHYF3KuUftf21sdG4bXDajucnu/lSPvfSKzhMNIG
c1+AcvTAeGTPHi2dCfdETjg1dakO4exrX9/ABvu3JY1pp9D8DLHZNc/O9iOvG0O5
6Lp9LhtxCxKdAGJVxKxzXPjwPDSnzNV5sGm1ElFpXzA0Nv17VH/DIL8i6745sQXW
ik29Z1QNv3QIOs5U1pe5wyY22D51UJOfS7hVWH+pWPveG46ApYeUxqmfNYoG/Vtr
cMspPzCSgZTAvkswCGfnSahlqCSpJxzuxUEkM4HlPTulrW4jbDk=
=2cqI
-----END PGP SIGNATURE-----
Merge tag 'linux-kselftest-5.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
Pull kselftest fixes from Shuah Khan:
- lkdtm runner fixes to prevent dmesg clearing and shellcheck errors
- ftrace test handling when test module doesn't exist
- nsfs test fix to replace zero-length array with flexible-array
- dmabuf-heaps test fix to return clear error value
* tag 'linux-kselftest-5.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
selftests/lkdtm: Use grep -E instead of egrep
selftests/lkdtm: Don't clear dmesg when running tests
selftests/ftrace: mark irqsoff_tracer.tc test as unresolved if the test module does not exist
tools/testing: Replace zero-length array with flexible-array
kselftests: dmabuf-heaps: Fix confused return value on expected error testing
This consists of a handful of build fixes, all found by Huawei's autobuilder.
None of these patches should have any functional impact on kernels that build,
and they're mostly related to various features intermingling with !MMU. While
some of these might be better hoisted to generic code, it seems better to have
the simple fixes in the meanwhile.
As far as I know these are the only outstanding patches for 5.7.
-----BEGIN PGP SIGNATURE-----
iQJHBAABCgAxFiEEKzw3R0RoQ7JKlDp6LhMZ81+7GIkFAl6+3AsTHHBhbG1lckBk
YWJiZWx0LmNvbQAKCRAuExnzX7sYic+uD/9nfqXgmKUV+X0/Sr4L61fqOPPXAVY1
k6JprJETUAMQdd2blGvuBcQqr76HQ6SgmBe3mQG2blL0XEyp54RWRAOwd5Ygz96P
C8pQ+7n6Rmc1kA7U3RUkgGCWpCf6WHyq8wpYeZaPkPYBJz02wi8Czzwx8HHRNc+g
r2hSlP2WT4UI6q1xWwKtwgQ8OpQXGvNHxG8DNkg0scm8CDWxO253FhbknrhK3Dx+
2+kbUyqLdS0kQfPxcCooFkb05X4fCIwfbYYamNIfYGh8r8qNcNctw8j4maZ8/PcZ
+Y+XuHHR/dck6oky9KNGE2K0X+P1yjbzsEb5rTs09GjDxpvtegGHRyngdeQ2GVXA
8GeVTSpIfe76PcQ1yZ4FJTYZAp6yqIsRE+Brcp//AsWghZp7jnBL3TRJ+aV4u51V
qU/UL+wIlUv2YIT9Kqe5D2/uki7IDdCqe/IZc0eoY+2seJ+Y5WbLwtz10f/Dfgt7
6qBYsbjISsIOUqXrGsv4guvQuO0omwz55MikQkKWius5IRe8RkAFZWezBpD5BJ8q
IyhRvtsIHjCxr/5V4KIw9RMeQXOtt1PI6CELvlRpu5XjoB3Q2M/2E2YzN7xGPGc7
nuW5V9rAWhxAAta4kwtjb899AqFl3w6wt9c8znoVKzZHYOztF3a4gSnY7s3r1kfp
klG2AHELH3jdfg==
=8koH
-----END PGP SIGNATURE-----
Merge tag 'riscv-for-linus-5.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux
Pull RISC-V fixes from Palmer Dabbelt:
"A handful of build fixes, all found by Huawei's autobuilder.
None of these patches should have any functional impact on kernels
that build, and they're mostly related to various features
intermingling with !MMU.
While some of these might be better hoisted to generic code, it seems
better to have the simple fixes in the meanwhile.
As far as I know these are the only outstanding patches for 5.7"
* tag 'riscv-for-linus-5.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
riscv: mmiowb: Fix implicit declaration of function 'smp_processor_id'
riscv: pgtable: Fix __kernel_map_pages build error if NOMMU
riscv: Make SYS_SUPPORTS_HUGETLBFS depends on MMU
riscv: Disable ARCH_HAS_DEBUG_VIRTUAL if NOMMU
riscv: Add pgprot_writecombine/device and PAGE_SHARED defination if NOMMU
riscv: stacktrace: Fix undefined reference to `walk_stackframe'
riscv: Fix unmet direct dependencies built based on SOC_VIRT
riscv: perf: RISCV_BASE_PMU should be independent
riscv: perf_event: Make some funciton static
address rather than size.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE5RElWfyWxS+3PLO2a9axLQDIXvEFAl6+z98ACgkQa9axLQDI
XvFKOA//VFEAWOrCWS65DUn4TuonMG+foUp82zxaFZWK1epGCZoIEJQrSG6g5Png
phL6Gx2oniqj+taLYZWqckMe+7k/yn9Xq+0DwDliMjaY9NB9bldE9J9ZGxpa4jBI
qIrdaTgtRip1LQvm5BczmANGf86/p9E4nC6qHBJf9Stn9SYxoQuZlOGiwaK8XTe2
QGn+NQ69ln7TkfUwEixhGI39dOHasrDAGgcUp/pTn2ki8mtpE2lG8+qSxxGTGTIT
1SaJftER8JSc3VKjXKhOIaSwx1MqwTx0Cx4dTfAGhKzcQLdmXz0GDJjQCzU0weOP
yHyH1gbJYUmB5X+CSA2OKssxsxcckVNMvTm7Jnn3Pb0f9oHVZQV4UR8cE/G40/hh
c6OHAJXfmGla5GhNpRUXB5SGJyWDxaIrdZRXbDPCWGOqWxwIJyFWNz5h4kiVsyAe
OJBtgzCqw3oUkr7KXgz0EECWV+T22+Y5cBbolptpqm7m6JbDQf/iviVJV5tkXnLF
vkbZEx94Ajy4U4TZkQBWlJFN8M4Z+ttYuGYxebnurNI2Ottb0czGFypx+WXdGItp
9rBaklIfzsCPoXZH0iHtaRxbDl4avwS46yKndtb2Y6tGoqqSNW4A6rf+S3YxvqBN
bEBxMqxCuMxPWNPBb3bXpw4QlFo4LLkWQeAvbc59SROep35cPTo=
=BoxO
-----END PGP SIGNATURE-----
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fix from Catalin Marinas:
"Fix flush_icache_range() second argument in machine_kexec() to be an
address rather than size"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: fix the flush_icache_range arguments in machine_kexec
Alexei Starovoitov says:
====================
pull-request: bpf 2020-05-15
The following pull-request contains BPF updates for your *net* tree.
We've added 9 non-merge commits during the last 2 day(s) which contain
a total of 14 files changed, 137 insertions(+), 43 deletions(-).
The main changes are:
1) Fix secid_to_secctx LSM hook default value, from Anders.
2) Fix bug in mmap of bpf array, from Andrii.
3) Restrict bpf_probe_read to archs where they work, from Daniel.
4) Enforce returning 0 for fentry/fexit progs, from Yonghong.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
"$err" is a variable pointing to a temp file. "$out" is not: only used
as a local variable in "check()" and representing the output of a
command line.
Fixes: eedbc68532 (selftests: add PM netlink functional tests)
Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Depending on the WRIOP version, the buffer size on the RX path must by a
multiple of 64 or 256. Handle this restriction properly by aligning down
the buffer size to the necessary value. Also, use the new buffer size
dynamically computed instead of the compile time one.
Fixes: 27c874867c ("dpaa2-eth: Use a single page per Rx buffer")
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fix ADC access synchronization problem with da9052 driver
Fix temperature limit and status reporting in nct7904 driver
Fix drivetemp temperature reporting if SCT is supported
but SCT data tables are not.
-----BEGIN PGP SIGNATURE-----
iQIyBAABCAAdFiEEiHPvMQj9QTOCiqgVyx8mb86fmYEFAl6+s2EACgkQyx8mb86f
mYEJKg/yAmslfyCTM0d6p+O4Vzl7r1PWNjI1d1BxBXJfDxMorSeZqKIlcb5VlvNa
aNXq61NfQdTv2HyMTiKzSuCCu6OuMUmwPnVwO92U/tfEsxX7UNKtcU+XM7CfyPyf
USVadR8Uq9JawJRs0Sq5wNRcPxaTC7DIM9MyKLRdirBl/HWgyLhGH2UL+9we2xy8
fukj060uFxm55QbIQsLhMN1oJ4u2gwvZuyGZdiZ0QRIHrDlacZKrVFRrXmm27qUr
ZGN3gHKVFRkQU9NQdflait/EJdb/AeVJIjZGvP195SFg1DaRQL7q5Xh6BEipadRt
vSZAJP4G8YqgYGsqRlIMiyzlSZjvmioCRrUtbcK1ATCsHtz5KhbtUnACmzDiEA0c
86xEkQ8ucIb+VO2qMLZsjJSFu5SQeQHzIh5scxQSbQBXYmGY9cK0EkvvALlqItM6
/afBISGoAcsCxyZQ9u4bLhzHS/A6pmRTE2tWcRbFfKMU1bvcxYESdF19P5UFSiix
gUEdbyMh8lF3jAB/zqcMR+J/Jlm+UGM+gFlBuwdOiu/kdrHT/F36UVcKclVjmkKL
iKkD37fgm4X+vUo/fPCCU6ISSzsxWBBlb7IetVNsDEGdmHwuivrJN1kNX3ra2pUE
4aovpn0tcLSjdMWNhqTe3c3+rYIC/DL6ZRIiNpTsO1xfednhUw==
=YCH3
-----END PGP SIGNATURE-----
Merge tag 'hwmon-for-v5.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging
Pull hwmon fixes from Guenter Roeck:
- Fix ADC access synchronization problem with da9052 driver
- Fix temperature limit and status reporting in nct7904 driver
- Fix drivetemp temperature reporting if SCT is supported but SCT data
tables are not.
* tag 'hwmon-for-v5.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
hwmon: (da9052) Synchronize access with mfd
hwmon: (nct7904) Fix incorrect range of temperature limit registers
hwmon: (nct7904) Read all SMI status registers in probe function
hwmon: (drivetemp) Fix SCT support if SCT data tables are not supported
The things look good and calming down; the only change to ALSA core
is the fix for racy rawmidi buffer accesses spotted by syzkaller,
and the rest are all small device-specific quirks for HD-audio and
USB-audio devices.
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAl6+NX0OHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE9P9g//ZE9BbJqlDTyVKToZC1knpIsLe2nBknhsUsZC
AfYYlThPELB+P5YoCN0YfrTRecSVsCfhckEN7LDXjL30G/8R6z7TUe5as/+3PX1I
31G31XAm8mQKURttkjjuc+ImzjG1aWSDJHUqH9S9NL4yskZ6ckuD62tOTuMZhofV
2rjNL8JSwv//OJ0ThQzBvH42i81z1Pji3opqCm6ONEHhJzcv1EfZ20Mx1OcTE2E9
32lDk3xaekd8Vq+ulYqvV9VmeMEd9ffZn/v01s89vSuSI8tT253e3wf84S7dR4U9
1bAU13h74CdCGHcxiRiLRaao/s5txljyEmTaTsdWcUqUvsZ54D7lFdMCkcFDbJJZ
cP9nahKCUK45n2ynUq/NrgNLDJXlyE2QKnGUWABPcP4im/oCllKZFmtGVjb4IWun
tVsHs1jLBg9mF43XeNZXW4fG7RMnfD3g/r2c6P9pfQg/3nJ7pywqkN0PA+vuw/OC
Ff5I1HQq5IqyDi30hQJpbKg6YfgZ61zNZTX7lndYXvQveZIveSkcWp6eKuO6iSAn
u3CdhYEponJ23QJo6XxT4Nh9P0jgsEmweeoCORV14RIMmufDUI4f3QGP1G9C3KPT
h1+T8hNLuRfE0CcW9ddHYLsn8K7yKJZtC0zsRKivssjK7rlgMYpGyS5NyukidS3h
xrPvnQw=
=HlsV
-----END PGP SIGNATURE-----
Merge tag 'sound-5.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"Things look good and calming down; the only change to ALSA core is the
fix for racy rawmidi buffer accesses spotted by syzkaller, and the
rest are all small device-specific quirks for HD-audio and USB-audio
devices"
* tag 'sound-5.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda/realtek - Limit int mic boost for Thinkpad T530
ALSA: hda/realtek - Add COEF workaround for ASUS ZenBook UX431DA
ALSA: hda/realtek: Enable headset mic of ASUS UX581LV with ALC295
ALSA: hda/realtek - Enable headset mic of ASUS UX550GE with ALC295
ALSA: hda/realtek - Enable headset mic of ASUS GL503VM with ALC295
ALSA: hda/realtek: Add quirk for Samsung Notebook
ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
ALSA: usb-audio: add mapping for ASRock TRX40 Creator
ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse
Revert "ALSA: hda/realtek: Fix pop noise on ALC225"
ALSA: firewire-lib: fix 'function sizeof not defined' error of tracepoints format
ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset
i915 (two weeks):
- Handle idling during i915_gem_evict_something busy loops (Chris)
- Mark current submissions with a weak-dependency (Chris)
- Propagate error from completed fences (Chris)
- Fixes on execlist to avoid GPU hang situation (Chris)
- Fixes couple deadlocks (Chris)
- Timeslice preemption fixes (Chris)
- Fix Display Port interrupt handling on Tiger Lake (Imre)
- Reduce debug noise around Frame Buffer Compression (Peter)
- Fix logic around IPC W/a for Coffee Lake and Kaby Lake (Sultan)
- Avoid dereferencing a dead context (Chris)
tegra:
- tegra120/4 smmu fixes
amdgpu:
- Clockgating fixes
- Fix fbdev with scatter/gather display
- S4 fix for navi
- Soft recovery for gfx10
- Freesync fixes
- Atomic check cursor fix
- Add a gfxoff quirk
- MST fix
amdkfd:
- Fix GEM reference counting
meson:
- error code propogation fix
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJevjILAAoJEAx081l5xIa+eGMQAJ13DoMXrJUdaH8XCsh77kLn
cQzV/pHFJP8yjHaU1BFebbzcOMTIrNFXn2kncPgCzaPwh8mBoWeYxjMT3eWeJNvy
CDEbBvPTL/j13Yq0H9jzp3LxAMI/atXyL/ujUI3AAEtDoMaMbJ5ai//4rHxoXeQ5
UDXNk9VarbTGKXovJK2/Wq0xNMrMspLQi85+uejF6FA6uztgfyCk+Me5WvuRk2vx
A5OFa3Gl+PhVqjwQ1pVwO8eii33YVosQ4TfnYMrDV1YnjB6Od8oOeUCUIio9lh2x
3hIlhAR1CELdx66U2BmGPd0ZXiE8CBXZ8Eh8JBoFIms3S88kIKypeZglnJnIV9cA
ELC4eXiXNViyHwhgq8+h6le3JXdiYJ+PvUVvKXtKw2N9w67pUP8q571jwA4PGnTv
9iAiXc55K9cBTbIiL4BE9zU/Ap7eMkMMFiQsQeOtXZb8PrhvlfVChDpfcESjh6uR
9qIg1JyRYiOLZv3UOiR1MJVvjOssX0YzUsO4riw+5W1uaMNCcBFG9d4YphrRJjBK
ReBu0YbI9ZwhMGldj8iXANdxqV7B2VELBquDg65ev6epFOw40skAqsIxAfAGRXO9
fI7OWX25TPHqbLWZNBoSyYfMbsbMwfwX+5j7Sg0cF2T/CYXlCd1rJgYye55ifE3b
wYC4wlYNKj9K0LQs8Rik
=b/ek
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-2020-05-15' of git://anongit.freedesktop.org/drm/drm
Pull drm fixes from Dave Airlie:
"As mentioned last week an i915 PR came in late, but I left it, so the
i915 bits of this cover 2 weeks, which is why it's likely a bit larger
than usual.
Otherwise it's mostly amdgpu fixes, one tegra fix, one meson fix.
i915:
- Handle idling during i915_gem_evict_something busy loops (Chris)
- Mark current submissions with a weak-dependency (Chris)
- Propagate error from completed fences (Chris)
- Fixes on execlist to avoid GPU hang situation (Chris)
- Fixes couple deadlocks (Chris)
- Timeslice preemption fixes (Chris)
- Fix Display Port interrupt handling on Tiger Lake (Imre)
- Reduce debug noise around Frame Buffer Compression (Peter)
- Fix logic around IPC W/a for Coffee Lake and Kaby Lake (Sultan)
- Avoid dereferencing a dead context (Chris)
tegra:
- tegra120/4 smmu fixes
amdgpu:
- Clockgating fixes
- Fix fbdev with scatter/gather display
- S4 fix for navi
- Soft recovery for gfx10
- Freesync fixes
- Atomic check cursor fix
- Add a gfxoff quirk
- MST fix
amdkfd:
- Fix GEM reference counting
meson:
- error code propogation fix"
* tag 'drm-fixes-2020-05-15' of git://anongit.freedesktop.org/drm/drm: (29 commits)
drm/i915: Handle idling during i915_gem_evict_something busy loops
drm/meson: pm resume add return errno branch
drm/amd/amdgpu: Update update_config() logic
drm/amd/amdgpu: add raven1 part to the gfxoff quirk list
drm/i915: Mark concurrent submissions with a weak-dependency
drm/i915: Propagate error from completed fences
drm/i915/gvt: Fix kernel oops for 3-level ppgtt guest
drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of inheritance.
drm/amd/display: add basic atomic check for cursor plane
drm/amd/display: Fix vblank and pageflip event handling for FreeSync
drm/amdgpu: implement soft_recovery for gfx10
drm/amdgpu: enable hibernate support on Navi1X
drm/amdgpu: Use GEM obj reference for KFD BOs
drm/amdgpu: force fbdev into vram
drm/amd/powerplay: perform PG ungate prior to CG ungate
drm/amdgpu: drop unnecessary cancel_delayed_work_sync on PG ungate
drm/amdgpu: disable MGCG/MGLS also on gfx CG ungate
drm/i915/execlists: Track inflight CCID
drm/i915/execlists: Avoid reusing the same logical CCID
drm/i915/gem: Remove object_is_locked assertion from unpin_from_display_plane
...
Daniel Borkmann says:
====================
Small set of fixes in order to restrict BPF helpers for tracing which are
broken on archs with overlapping address ranges as per discussion in [0].
I've targetted this for -bpf tree so they can be routed as fixes. Thanks!
v1 -> v2:
- switch to reusable %pks, %pus format specifiers (Yonghong)
- fixate %s on kernel_ds probing for archs with overlapping addr space
[0] https://lore.kernel.org/bpf/CAHk-=wjJKo0GVixYLmqPn-Q22WFu0xHaBSjKEo7e7Yw72y5SPQ@mail.gmail.com/T/
====================
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Usage of plain %s conversion specifier in bpf_trace_printk() suffers from the
very same issue as bpf_probe_read{,str}() helpers, that is, it is broken on
archs with overlapping address ranges.
While the helpers have been addressed through work in 6ae08ae3de ("bpf: Add
probe_read_{user, kernel} and probe_read_{user, kernel}_str helpers"), we need
an option for bpf_trace_printk() as well to fix it.
Similarly as with the helpers, force users to make an explicit choice by adding
%pks and %pus specifier to bpf_trace_printk() which will then pick the corresponding
strncpy_from_unsafe*() variant to perform the access under KERNEL_DS or USER_DS.
The %pk* (kernel specifier) and %pu* (user specifier) can later also be extended
for other objects aside strings that are probed and printed under tracing, and
reused out of other facilities like bpf_seq_printf() or BTF based type printing.
Existing behavior of %s for current users is still kept working for archs where it
is not broken and therefore gated through CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE.
For archs not having this property we fall-back to pick probing under KERNEL_DS as
a sensible default.
Fixes: 8d3b7dce86 ("bpf: add support for %s specifier to bpf_trace_printk()")
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Reported-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Brendan Gregg <brendan.d.gregg@gmail.com>
Link: https://lore.kernel.org/bpf/20200515101118.6508-4-daniel@iogearbox.net
Given bpf_probe_read{,str}() BPF helpers are now only available under
CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE, we need to add the drop-in
replacements of bpf_probe_read_{kernel,user}_str() to do_refine_retval_range()
as well to avoid hitting the same issue as in 849fa50662 ("bpf/verifier:
refine retval R0 state for bpf_get_stack helper").
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20200515101118.6508-3-daniel@iogearbox.net
Given the legacy bpf_probe_read{,str}() BPF helpers are broken on archs
with overlapping address ranges, we should really take the next step to
disable them from BPF use there.
To generally fix the situation, we've recently added new helper variants
bpf_probe_read_{user,kernel}() and bpf_probe_read_{user,kernel}_str().
For details on them, see 6ae08ae3de ("bpf: Add probe_read_{user, kernel}
and probe_read_{user,kernel}_str helpers").
Given bpf_probe_read{,str}() have been around for ~5 years by now, there
are plenty of users at least on x86 still relying on them today, so we
cannot remove them entirely w/o breaking the BPF tracing ecosystem.
However, their use should be restricted to archs with non-overlapping
address ranges where they are working in their current form. Therefore,
move this behind a CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE and
have x86, arm64, arm select it (other archs supporting it can follow-up
on it as well).
For the remaining archs, they can workaround easily by relying on the
feature probe from bpftool which spills out defines that can be used out
of BPF C code to implement the drop-in replacement for old/new kernels
via: bpftool feature probe macro
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Brendan Gregg <brendan.d.gregg@gmail.com>
Cc: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/bpf/20200515101118.6508-2-daniel@iogearbox.net
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQRcEzekXsqa64kGDp7j7w1vZxhRxQUCXrz0qQAKCRDj7w1vZxhR
xSImAQDRwP5tNB3ZZmnJ2ABF2uqT+YTzS5oPW//bxCgnq128FQEA4UxFvgVOXAGI
HUsEGriyhoYgPMApmKHsFTTCvphlcQY=
=Igwt
-----END PGP SIGNATURE-----
Merge tag 'drm-misc-fixes-2020-05-14' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes
Just one meson patch this time to propagate an error code
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Maxime Ripard <maxime@cerno.tech>
Link: https://patchwork.freedesktop.org/patch/msgid/20200514073538.wvdtv5s2mt4wdrdj@gilmour.lan
- Mark current submissions with a weak-dependency (Chris)
- Propagate errror from completed fences (Chris)
- Fixes on execlist to avoid GPU hang situation (Chris)
- Fixes couple deadlocks (Chris)
- Timeslice preemption fixes (Chris)
- Fix Display Port interrupt handling on Tiger Lake (Imre)
- Reduce debug noise around Frame Buffer Compression
+(Peter)
- Fix logic around IPC W/a for Coffee Lake and Kaby Lake
+(Sultan)
- Avoid dereferencing a dead context (Chris)
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEbSBwaO7dZQkcLOKj+mJfZA7rE8oFAl68wiMACgkQ+mJfZA7r
E8oIuwf+O5cOPgntlouifdbTtEmbZOFFOQhEggis8XnWK6wk5cspGsDuuzcVlp31
rc90KIjt/GjN/wxF3G30aU/SX876Fu4Y6bRpt6X6n1LheYkRwG3AfXOr3P3Le++e
W924tGCnjY7Nxip9MVj5pKy6nd1QKq/jtYT71aPapmSPBEzTIquDDOk73cwoWsJd
BbmF9KJ1BQbMjXjO5f6TOR62/Crea8qxUttB7Su0quldJHGkB9Lj2a6zmBsjDoIq
rdwBQg4seW3RVWPwSJD1/2oGofEQF46MssFk4moxoZjzRsHixI3qsBvRJvixtxpP
i38rmFkWYDymMv6JWtcO1KaKMRQCHA==
=BNra
-----END PGP SIGNATURE-----
Merge tag 'drm-intel-fixes-2020-05-13-1' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
- Handle idling during i915_gem_evict_something busy loops (Chris)
- Mark current submissions with a weak-dependency (Chris)
- Propagate errror from completed fences (Chris)
- Fixes on execlist to avoid GPU hang situation (Chris)
- Fixes couple deadlocks (Chris)
- Timeslice preemption fixes (Chris)
- Fix Display Port interrupt handling on Tiger Lake (Imre)
- Reduce debug noise around Frame Buffer Compression
+(Peter)
- Fix logic around IPC W/a for Coffee Lake and Kaby Lake
+(Sultan)
- Avoid dereferencing a dead context (Chris)
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Rodrigo Vivi <rodrigo.vivi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200514040235.GA2164266@intel.com
During the initialization process, ipmr_new_table() is called
to create new tables which in turn calls ipmr_get_table() which
traverses net->ipv4.mr_tables without holding the writer lock.
However, this is safe to do so as no tables exist at this time.
Hence add a suitable lockdep expression to silence the following
false-positive warning:
=============================
WARNING: suspicious RCU usage
5.7.0-rc3-next-20200428-syzkaller #0 Not tainted
-----------------------------
net/ipv4/ipmr.c:136 RCU-list traversed in non-reader section!!
ipmr_get_table+0x130/0x160 net/ipv4/ipmr.c:136
ipmr_new_table net/ipv4/ipmr.c:403 [inline]
ipmr_rules_init net/ipv4/ipmr.c:248 [inline]
ipmr_net_init+0x133/0x430 net/ipv4/ipmr.c:3089
Fixes: f0ad0860d0 ("ipv4: ipmr: support multiple tables")
Reported-by: syzbot+1519f497f2f9f08183c6@syzkaller.appspotmail.com
Suggested-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Amol Grover <frextrite@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
ipmr_for_each_table() macro uses list_for_each_entry_rcu()
for traversing outside of an RCU read side critical section
but under the protection of rtnl_mutex. Hence, add the
corresponding lockdep expression to silence the following
false-positive warning at boot:
[ 4.319347] =============================
[ 4.319349] WARNING: suspicious RCU usage
[ 4.319351] 5.5.4-stable #17 Tainted: G E
[ 4.319352] -----------------------------
[ 4.319354] net/ipv4/ipmr.c:1757 RCU-list traversed in non-reader section!!
Fixes: f0ad0860d0 ("ipv4: ipmr: support multiple tables")
Signed-off-by: Amol Grover <frextrite@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch fixes the following warning:
=============================
WARNING: suspicious RCU usage
5.7.0-rc5-next-20200514-syzkaller #0 Not tainted
-----------------------------
drivers/net/hamradio/bpqether.c:149 RCU-list traversed in non-reader section!!
Since rtnl lock is held, pass this cond in list_for_each_entry_rcu().
Reported-by: syzbot+bb82cafc737c002d11ca@syzkaller.appspotmail.com
Signed-off-by: Madhuparna Bhowmik <madhuparnabhowmik10@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Set the correct bit when checking for PHY_BRCM_DIS_TXCRXC_NOENRGY on the
BCM54810 PHY.
Fixes: 0ececcfc92 ("net: phy: broadcom: Allow BCM54810 to use bcm54xx_adjust_rxrefclk()")
Signed-off-by: Kevin Lo <kevlo@kevlo.org>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
- Fix a couple of quite severe issues for the CQE request path
MMC host:
- alcor: Fix a resource leak in the error path for ->probe()
- sdhci-acpi: Fix the DMA support for the AMD eMMC v5.0 variant
- sdhci-pci-gli: Fix system resume support for GL975x
- sdhci-pci-gli: Fix reboot error for GL9750
-----BEGIN PGP SIGNATURE-----
iQJLBAABCgA1FiEEugLDXPmKSktSkQsV/iaEJXNYjCkFAl69m6MXHHVsZi5oYW5z
c29uQGxpbmFyby5vcmcACgkQ/iaEJXNYjCnRlw//bUBTWCqZVdyWmNfdnmIIS54o
5+e1RR9wi28r9y30n0lozNTReybE951HotmgoPGxS+q+3umfRXB21NrTRrm+g/1A
yIBYtHkvIIC7ywrgOjsiPqcyAXuOt3XeMxOqeyLQbd7PKant75+sXkgoc1Tl0Lbh
hGSFcJ9zhJgIYrnrZNBpnwrN3F5zki41dUYzSxvca6h9MMayLwKPRaPkwnmOlxW8
ZOiyTmzozNzCj7D+ntMkois9b9qwi0t7VbjCcdTZmpE2fDirOckc6tSEte+djyxi
UQPDxyYMm9+hGL+FER40gplLFLAg4+2XusyPD64GV+ZZu9I8anhU+kE+nBL8zwBW
U3HRsQWexYdaBiJ0ypN9zQPqjoewJknAyWt9edASzsyE+xxdnBp67eIhm3hBEk/t
A8FHLzLfUNmw1mKYfgiP82dkNpmTCkbVnaDv8+Qh+5SbE4QZgp5EUgR4K/7+KBZE
+E1sOqDywI2BoNhrZnYcUICYecmDS83ruos6QbCI57HREHttSJ/i5NJtP9+lKHRD
yuePeiXpK2FdiLRN2nYxKZinYX5vGPp8BircRHdOtTS902sW8EOBj2K2zBnoB03e
7m16iAQW/n76S1u4FT68qw8L0vqEP+TEguLX/QPGiRTmKNB7P1KNSHTeECopXi9t
BkbsVxoniCLksAyk1g8=
=vjEL
-----END PGP SIGNATURE-----
Merge tag 'mmc-v5.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc
Pull MMC fixes from Ulf Hansson:
"MMC core:
- Fix a couple of quite severe issues for the CQE request path
MMC host:
- alcor: Fix a resource leak in the error path for ->probe()
- sdhci-acpi: Fix the DMA support for the AMD eMMC v5.0 variant
- sdhci-pci-gli: Fix system resume support for GL975x
- sdhci-pci-gli: Fix reboot error for GL9750"
* tag 'mmc-v5.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
mmc: sdhci-acpi: Add SDHCI_QUIRK2_BROKEN_64_BIT_DMA for AMDI0040
mmc: block: Fix request completion in the CQE timeout path
mmc: core: Fix recursive locking issue in CQE recovery path
mmc: core: Check request type before completing the request
mmc: sdhci-pci-gli: Fix can not access GL9750 after reboot from Windows 10
mmc: alcor: Fix a resource leak in the error path for ->probe()
mmc: sdhci-pci-gli: Fix no irq handler from suspend
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following patchset contains Netfilter fixes for net:
1) Fix gcc-10 compilation warning in nf_conntrack, from Arnd Bergmann.
2) Add NF_FLOW_HW_PENDING to avoid races between stats and deletion
commands, from Paul Blakey.
3) Remove WQ_MEM_RECLAIM from the offload workqueue, from Roi Dayan.
4) Infinite loop when removing nf_conntrack module, from Florian Westphal.
5) Set NF_FLOW_TEARDOWN bit on expiration to avoid races when refreshing
the timeout from the software path.
6) Missing nft_set_elem_expired() check in the rbtree, from Phil Sutter.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Complete adding of Karsten as maintainer for all S390 networking
parts in the kernel.
Cc: Julian Wiedmann <jwi@linux.ibm.com>
Acked-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Remove the duplicate "mutex", and change "Motex" to "Mutex". Also I
recommend it's easier for understanding to make the "ready-interrupt"
a bundle for it is a parallel description as "shutdown" which is appended
after the slash.
Signed-off-by: Wang Wenhu <wenhu.wang@vivo.com>
Cc: Alex Elder <elder@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
We don't want to disconnect a session because of a stray PADT arriving
while the interface is in promiscuous mode.
Furthermore, multicast and broadcast packets make no sense here, so
only PACKET_HOST is accepted.
Reported-by: David Balažic <xerces9@gmail.com>
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
There are a few fentry/fexit programs returning non-0.
The tests with these programs will break with the previous
patch which enfoced return-0 rules. Fix them properly.
Fixes: ac065870d9 ("selftests/bpf: Add BPF_PROG, BPF_KPROBE, and BPF_KRETPROBE macros")
Signed-off-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Andrii Nakryiko <andriin@fb.com>
Link: https://lore.kernel.org/bpf/20200514053207.1298479-1-yhs@fb.com
Currently, tracing/fentry and tracing/fexit prog
return values are not enforced. In trampoline codes,
the fentry/fexit prog return values are ignored.
Let us enforce it to be 0 to avoid confusion and
allows potential future extension.
This patch also explicitly added return value
checking for tracing/raw_tp, tracing/fmod_ret,
and freplace programs such that these program
return values can be anything. The purpose are
two folds:
1. to make it explicit about return value expectations
for these programs in verifier.
2. for tracing prog_type, if a future attach type
is added, the default is -ENOTSUPP which will
enforce to specify return value ranges explicitly.
Fixes: fec56f5890 ("bpf: Introduce BPF trampoline")
Signed-off-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Andrii Nakryiko <andriin@fb.com>
Link: https://lore.kernel.org/bpf/20200514053206.1298415-1-yhs@fb.com
Driver missed initializing num_por which is one of the por values that
driver configures to hardware. In order to get these values, add a new
structure ethqos_emac_driver_data which holds por and num_por values
and populate that in driver probe.
Fixes: a7c30e62d4 ("net: stmmac: Add driver for Qualcomm ethqos")
Reported-by: Rahul Ankushrao Kawadgave <rahulak@qti.qualcomm.com>
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Reviewed-by: Amit Kucheria <amit.kucheria@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
mmap() subsystem allows user-space application to memory-map region with
initial page offset. This wasn't taken into account in initial implementation
of BPF array memory-mapping. This would result in wrong pages, not taking into
account requested page shift, being memory-mmaped into user-space. This patch
fixes this gap and adds a test for such scenario.
Fixes: fc9702273e ("bpf: Add mmap() support for BPF_MAP_TYPE_ARRAY")
Signed-off-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20200512235925.3817805-1-andriin@fb.com
GCC 10 is very strict about symbol clash, and lwt_len_hist_user contains
a symbol which clashes with libbpf:
/usr/bin/ld: samples/bpf/lwt_len_hist_user.o:(.bss+0x0): multiple definition of `bpf_log_buf'; samples/bpf/bpf_load.o:(.bss+0x8c0): first defined here
collect2: error: ld returned 1 exit status
bpf_log_buf here seems to be a leftover, so removing it.
Signed-off-by: Matteo Croce <mcroce@redhat.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20200511113234.80722-1-mcroce@redhat.com
Merge misc fixes from Andrew Morton:
"7 fixes"
* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
kasan: add missing functions declarations to kasan.h
kasan: consistently disable debugging features
ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
userfaultfd: fix remap event with MREMAP_DONTUNMAP
mm/gup: fix fixup_user_fault() on multiple retries
epoll: call final ep_events_available() check under the lock
mm, memcg: fix inconsistent oom event behavior
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQRAhzRXHqcMeLMyaSiRxhvAZXjcogUCXrvi4AAKCRCRxhvAZXjc
otubAPsFV2XnZykq94GRZMBqxP3CQepTykXDV4aryfrUDoV04wD/fFisS/i+R4Uq
XvtMZzsFcm30QVT6IRfg1RY2OlOiMwc=
=t8HD
-----END PGP SIGNATURE-----
Merge tag 'for-linus-2020-05-13' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux
Pull thread fix from Christian Brauner:
"This contains a single fix for all exported legacy fork helpers to
block accidental access to clone3() features in the upper 32 bits of
their respective flags arguments.
I got Cced on a glibc issue where someone reported consistent failures
for the legacy clone() syscall on ppc64le when sign extension was
performed (since the clone() syscall in glibc exposes the flags
argument as an int whereas the kernel uses unsigned long).
The legacy clone() syscall is odd in a bunch of ways and here two
things interact:
- First, legacy clone's flag argument is word-size dependent, i.e.
it's an unsigned long whereas most system calls with flag arguments
use int or unsigned int.
- Second, legacy clone() ignores unknown and deprecated flags.
The two of them taken together means that users on 64bit systems can
pass garbage for the upper 32bit of the clone() syscall since forever
and things would just work fine.
The following program compiled on a 64bit kernel prior to v5.7-rc1
will succeed and will fail post v5.7-rc1 with EBADF:
int main(int argc, char *argv[])
{
pid_t pid;
/* Note that legacy clone() has different argument ordering on
* different architectures so this won't work everywhere.
*
* Only set the upper 32 bits.
*/
pid = syscall(__NR_clone, 0xffffffff00000000 | SIGCHLD,
NULL, NULL, NULL, NULL);
if (pid < 0)
exit(EXIT_FAILURE);
if (pid == 0)
exit(EXIT_SUCCESS);
if (wait(NULL) != pid)
exit(EXIT_FAILURE);
exit(EXIT_SUCCESS);
}
Since legacy clone() couldn't be extended this was not a problem so
far and nobody really noticed or cared since nothing in the kernel
ever bothered to look at the upper 32 bits.
But once we introduced clone3() and expanded the flag argument in
struct clone_args to 64 bit we opened this can of worms. With the
first flag-based extension to clone3() making use of the upper 32 bits
of the flag argument we've effectively made it possible for the legacy
clone() syscall to reach clone3() only flags on accident. The sign
extension scenario is just the odd corner-case that we needed to
figure this out.
The reason we just realized this now and not already when we
introduced CLONE_CLEAR_SIGHAND was that CLONE_INTO_CGROUP assumes that
a valid cgroup file descriptor has been given - whereas
CLONE_CLEAR_SIGHAND doesn't need to verify anything. It just silently
resets the signal handlers to SIG_DFL.
So the sign extension (or the user accidently passing garbage for the
upper 32 bits) caused the CLONE_INTO_CGROUP bit to be raised and the
kernel to error out when it didn't find a valid cgroup file
descriptor.
Note, I'm also capping kernel_thread()'s flag argument mainly because
none of the new features make sense for kernel_thread() and we
shouldn't risk them being accidently activated however unlikely. If we
wanted to, we could even make kernel_thread() yell when an unknown
flag has been set which it doesn't do right now. But it's not worth
risking this in a bugfix imho"
* tag 'for-linus-2020-05-13' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux:
fork: prevent accidental access to clone3 features
- Fix a crash when having function tracing and function stack tracing on
the command line. The ftrace trampolines are created as executable and
read only. But the stack tracer tries to modify them with text_poke()
which expects all kernel text to still be writable at boot.
Keep the trampolines writable at boot, and convert them to read-only
with the rest of the kernel.
- A selftest was triggering in the ring buffer iterator code, that
is no longer valid with the update of keeping the ring buffer
writable while a iterator is reading. Just bail after three failed
attempts to get an event and remove the warning and disabling of the
ring buffer.
- While modifying the ring buffer code, decided to remove all the
unnecessary BUG() calls.
-----BEGIN PGP SIGNATURE-----
iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCXr1CDhQccm9zdGVkdEBn
b29kbWlzLm9yZwAKCRAp5XQQmuv6qsXcAQCoL229SBrtHsn4DUO7eAQRppUT3hNw
RuKzvQ56+1GccQEAh8VGCeg89uMSK6imrTujEl6VmOUdbgrD5R96yiKoGQw=
=vi+k
-----END PGP SIGNATURE-----
Merge tag 'trace-v5.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull more tracing fixes from Steven Rostedt:
"Various tracing fixes:
- Fix a crash when having function tracing and function stack tracing
on the command line.
The ftrace trampolines are created as executable and read only. But
the stack tracer tries to modify them with text_poke() which
expects all kernel text to still be writable at boot. Keep the
trampolines writable at boot, and convert them to read-only with
the rest of the kernel.
- A selftest was triggering in the ring buffer iterator code, that is
no longer valid with the update of keeping the ring buffer writable
while a iterator is reading.
Just bail after three failed attempts to get an event and remove
the warning and disabling of the ring buffer.
- While modifying the ring buffer code, decided to remove all the
unnecessary BUG() calls"
* tag 'trace-v5.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
ring-buffer: Remove all BUG() calls
ring-buffer: Don't deactivate the ring buffer on failed iterator reads
x86/ftrace: Have ftrace trampolines turn read-only at the end of system boot up
Prevent the suspend-to-idle internal loop from busy spinning after
a spurious ACPI SCI wakeup in some cases.
-----BEGIN PGP SIGNATURE-----
iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAl69FHYSHHJqd0Byand5
c29ja2kubmV0AAoJEILEb/54YlRxV4UP/3HFhOBZcRs6FNCWAYh+WEYPWUMVnYTm
9AQQgho5dRbwEYdCCRkwFfUykYAFiDvpH7v6cqovTlqe0eFtbxcGzywoWF6KKe4J
lMkFifiLPKouEXY7J2DWXDm5uC3sJ0jSYfd1YjoN/ok95Rsd3CYy1c0SlIgyVpwg
9acyOKzEJZTylJksMP82CoCjjjmB3TBncJaR5gw9LF78uZMRLGUbRs+Qw9LV3yB1
aH/IB9r9Am6aVayU3ccO659r1DRPOALeWgbKhfTodVCImWbKLvxEyNuz+Pg/dIj3
KQIFTsp6YANtsP4eS3uyNtC+OU6ngYwxUcdpjJx+PrWDPnz+TsWxfgf4Z+VRMtAz
5AbSsdp+9DUUs5YKvWNDLPKO0T6M72ErSKiY60TmwRNE2/EAaAGuYby1rAjOTErY
v9UUz7WEsXjlrB2otPItIHw47/LQzD+f2HEpQKZhddY4KNI+wXnfsp8lQUFyDFN8
jy8RkxLn/NQCiJJMypDKgSF/VFpc/6hIbn3l+wI5YLRNVkuiPXkQY38YElCBELvt
G/W7HNmWA9xBwHNpqMH+ydPfw6P22eJfFNBRBxBDH2zEs4mXTsqmnfSU8nZHKh2/
NRhkXR4QvOkguI70CtyXAKgsT/w/yTABOPsbmOC5zColQ8sH630FMzgQ+HlWrfCV
KuHoQvL4YXwx
=g9Or
-----END PGP SIGNATURE-----
Merge tag 'pm-5.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull power management fix from Rafael Wysocki:
"Prevent the suspend-to-idle internal loop from busy spinning after a
spurious ACPI SCI wakeup in some cases"
* tag 'pm-5.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI: EC: PM: Avoid premature returns from acpi_s2idle_wake()
KASAN is currently missing declarations for __asan_report* and __hwasan*
functions. This can lead to compiler warnings.
Reported-by: Leon Romanovsky <leon@kernel.org>
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Tested-by: Leon Romanovsky <leon@kernel.org>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Link: http://lkml.kernel.org/r/45b445a76a79208918f0cc44bfabebaea909b54d.1589297433.git.andreyknvl@google.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
KASAN is incompatible with some kernel debugging/tracing features.
There's been multiple patches that disable those feature for some of
KASAN files one by one. Instead of prolonging that, disable these
features for all KASAN files at once.
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Leon Romanovsky <leonro@mellanox.com>
Link: http://lkml.kernel.org/r/29bd753d5ff5596425905b0b07f51153e2345cc1.1589297433.git.andreyknvl@google.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
A user is not required to set a new address when using MREMAP_DONTUNMAP
as it can be used without MREMAP_FIXED. When doing so the remap event
will use new_addr which may not have been set and we didn't propagate it
back other then in the return value of remap_to.
Because ret is always the new address it's probably more correct to use
it rather than new_addr on the remap_event_complete call, and it
resolves this bug.
Fixes: e346b38130 ("mm/mremap: add MREMAP_DONTUNMAP to mremap()")
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Brian Geffon <bgeffon@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Lokesh Gidra <lokeshgidra@google.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: "Michael S . Tsirkin" <mst@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Sonny Rao <sonnyrao@google.com>
Cc: Joel Fernandes <joel@joelfernandes.org>
Link: http://lkml.kernel.org/r/20200506172158.218366-1-bgeffon@google.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This part was overlooked when reworking the gup code on multiple
retries.
When we get the 2nd+ retry, we'll be with TRIED flag set. Current code
will bail out on the 2nd retry because the !TRIED check will fail so the
retry logic will be skipped. What's worse is that, it will also return
zero which errornously hints the caller that the page is faulted in
while it's not.
The !TRIED flag check seems to not be needed even before the mutliple
retries change because if we get a VM_FAULT_RETRY, it must be the 1st
retry, and we should not have TRIED set for that.
Fix it by removing the !TRIED check, at the meantime check against fatal
signals properly before the page fault so we can still properly respond
to the user killing the process during retries.
Fixes: 4426e945df ("mm/gup: allow VM_FAULT_RETRY for multiple times")
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Alex Williamson <alex.williamson@redhat.com>
Cc: Brian Geffon <bgeffon@google.com>
Link: http://lkml.kernel.org/r/20200502003523.8204-1-peterx@redhat.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
There is a possible race when ep_scan_ready_list() leaves ->rdllist and
->obflist empty for a short period of time although some events are
pending. It is quite likely that ep_events_available() observes empty
lists and goes to sleep.
Since commit 339ddb53d3 ("fs/epoll: remove unnecessary wakeups of
nested epoll") we are conservative in wakeups (there is only one place
for wakeup and this is ep_poll_callback()), thus ep_events_available()
must always observe correct state of two lists.
The easiest and correct way is to do the final check under the lock.
This does not impact the performance, since lock is taken anyway for
adding a wait entry to the wait queue.
The discussion of the problem can be found here:
https://lore.kernel.org/linux-fsdevel/a2f22c3c-c25a-4bda-8339-a7bdaf17849e@akamai.com/
In this patch barrierless __set_current_state() is used. This is safe
since waitqueue_active() is called under the same lock on wakeup side.
Short-circuit for fatal signals (i.e. fatal_signal_pending() check) is
moved to the line just before actual events harvesting routine. This is
fully compliant to what is said in the comment of the patch where the
actual fatal_signal_pending() check was added: c257a340ed ("fs, epoll:
short circuit fetching events if thread has been killed").
Fixes: 339ddb53d3 ("fs/epoll: remove unnecessary wakeups of nested epoll")
Reported-by: Jason Baron <jbaron@akamai.com>
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Roman Penyaev <rpenyaev@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Jason Baron <jbaron@akamai.com>
Cc: Khazhismel Kumykov <khazhy@google.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200505145609.1865152-1-rpenyaev@suse.de
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
A recent commit 9852ae3fe5 ("mm, memcg: consider subtrees in
memory.events") changed the behavior of memcg events, which will now
consider subtrees in memory.events.
But oom_kill event is a special one as it is used in both cgroup1 and
cgroup2. In cgroup1, it is displayed in memory.oom_control. The file
memory.oom_control is in both root memcg and non root memcg, that is
different with memory.event as it only in non-root memcg. That commit
is okay for cgroup2, but it is not okay for cgroup1 as it will cause
inconsistent behavior between root memcg and non-root memcg.
Here's an example on why this behavior is inconsistent in cgroup1.
root memcg
/
memcg foo
/
memcg bar
Suppose there's an oom_kill in memcg bar, then the oon_kill will be
root memcg : memory.oom_control(oom_kill) 0
/
memcg foo : memory.oom_control(oom_kill) 1
/
memcg bar : memory.oom_control(oom_kill) 1
For the non-root memcg, its memory.oom_control(oom_kill) includes its
descendants' oom_kill, but for root memcg, it doesn't include its
descendants' oom_kill. That means, memory.oom_control(oom_kill) has
different meanings in different memcgs. That is inconsistent. Then the
user has to know whether the memcg is root or not.
If we can't fully support it in cgroup1, for example by adding
memory.events.local into cgroup1 as well, then let's don't touch its
original behavior.
Fixes: 9852ae3fe5 ("mm, memcg: consider subtrees in memory.events")
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Shakeel Butt <shakeelb@google.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Chris Down <chris@chrisdown.name>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200502141055.7378-1-laoar.shao@gmail.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Lenovo Thinkpad T530 seems to have a sensitive internal mic capture
that needs to limit the mic boost like a few other Thinkpad models.
Although we may change the quirk for ALC269_FIXUP_LENOVO_DOCK, this
hits way too many other laptop models, so let's add a new fixup model
that limits the internal mic boost on top of the existing quirk and
apply to only T530.
BugLink: https://bugzilla.suse.com/show_bug.cgi?id=1171293
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200514160533.10337-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>