Commit Graph

1107102 Commits

Author SHA1 Message Date
Steve French
5fa2cffba0 smb3: check xattr value length earlier
Coverity complains about assigning a pointer based on
value length before checking that value length goes
beyond the end of the SMB.  Although this is even more
unlikely as value length is a single byte, and the
pointer is not dereferenced until laterm, it is clearer
to check the lengths first.

Addresses-Coverity: 1467704 ("Speculative execution data leak")
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
2022-08-01 01:34:44 -05:00
Linus Torvalds
3d7cb6b04c Linux 5.19 2022-07-31 14:03:01 -07:00
Linus Torvalds
334c0ef642 Fix a NULL pointer deref in the Allwinner clk driver with a one liner.
-----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEE9L57QeeUxqYDyoaDrQKIl8bklSUFAmLmqp0RHHNib3lkQGtl
 cm5lbC5vcmcACgkQrQKIl8bklSX8TQ//diWia/jooV+h2Un4SS9KWOARLG5G+FK9
 GX4xcm7M7SbYTR6SRfFHzqWftR8LnJJwqhAVyTh7PePn4fsRj40qB6OMTQ4kgNhp
 5r/jl10oyXiSP37X3JaejUfGbndkBcO9LIfUyMvWXkcuU2/DdqD5H+OyBR+NtZnS
 YtQJ/UZP/nc7IsfVMSuH3hOWu6oAK4nGSeVXUXQ4+hMzKn4PNcgOhNRQ0h+KUjcB
 E4hhMf1W/F0ZTIfqQH1mFcz6CgRiUSOMQGvxnBjqpMfA7nhT6Tra/hqnIqMBIb7G
 kMSB34U9m0Qbb1KExLNeYyOwOXKXndmDk+YoA96gUp3hz2mMrosmkhx0TzEEBifj
 GBCzrDd3DVfHV+i8fNOF3Bbfw7yv/xEQkWsA4XHvL79RqVbFKYHfLMvcDwBI/+4i
 fWxHJIdlj+MdkfQ2OU3fINNAvK8ln9NXPqDhD6rFgNUSzCZMXjDktsmS7Uo9WmbQ
 MPEogsWW26q5exFlIGgHi6CbnUnYdw9ZXwa/kW9D1SC+HWKEcHEaa4Y2GOAw4zPS
 cFmKKnrRAroqpO2WdWRjKyrh9I4xx8kxvKkt1HbKWhQb4rKQx3eFB+9RL+h4Tqzq
 QNmLs5GCDK0vPe2odrdyfgJI/t7808ETkTc4SYYO3iXF1OBpl9uFCRX/TtJzOwfw
 CQGDGwzR1t8=
 =8dCr
 -----END PGP SIGNATURE-----

Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux

Pull clk fix from Stephen Boyd:
 "One-liner fix of a NULL pointer deref in the Allwinner clk driver"

* tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
  clk: sunxi-ng: Fix H6 RTC clock definition
2022-07-31 09:52:20 -07:00
Linus Torvalds
89caf57540 - Update the mitigations= kernel param documentation
- Check the IBPB feature flag before enabling IBPB in firmware calls
 because cloud vendors' fantasy when it comes to creating guest
 configurations is unlimited
 
 - Unexport sev_es_ghcb_hv_call() before 5.19 releases now that HyperV
 doesn't need it anymore
 
 - Remove dead CONFIG_* items
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmLmVtEACgkQEsHwGGHe
 VUoPnBAApfqJMYSnevjBqhiO7W/8s1GDkbvzZD/qHwQKIiTSNZWmB1QGaBJLmPWr
 6UvsFq3ElxFkg7rovHKYV197cHZlldWNt6BC2mDUESAHZb8HMw38e0IUcxbOJHZq
 DnLVxcek3VkDG8THGSoY+NX3lvcvTx+w5C7o2SZnjBxhBYMBEXWP14UvoVAWV+HT
 /vEcHi3jkYiNwyTtQFdszIxF5u5qMo2qV24hiTZDYFHBBsEGTRxVRgo4kHBQlQ/t
 3AxrW01Ut4zunqKlXG0wXncF1aSgfsb7XplR9bqfWz9eQzFHkZ0DqqfoCXQZRQZo
 nYQQT/A/hY2rm/HFBZ329hDm6fnu+u/8FzaBGm3DUp9UWGLqxFcCqH+QtKmpJXhr
 wTK/7mB2Baw0lhc110LhDLLFydI8smQwfPf8B9IzR3Ij7j9OYqO8+NFwNR+tMk+J
 VWl5aFafzVEQcf7gBGVsu/sRkxc05VtEohOV25J9VHDzlaBCMCvCpoGKfwntpp0h
 9xaWUNE9/P1ggbRcxUHVmdnDnoNn087hqUBOO7GOX/cnFvADMjL3h0GqvZinj/wI
 8BbpTxAU8i5qodJcsnnzxtzekxzKk6KhcHo/sMULyVSAeDnTfaPIkyfE3b6Pxiam
 U1QFTWPqV9371u26dnF0bYsg+UEJasuuth8noybVwej+MJvapts=
 =fEYI
 -----END PGP SIGNATURE-----

Merge tag 'x86_urgent_for_v5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 fixes from Borislav Petkov:

 - Update the 'mitigations=' kernel param documentation

 - Check the IBPB feature flag before enabling IBPB in firmware calls
   because cloud vendors' fantasy when it comes to creating guest
   configurations is unlimited

 - Unexport sev_es_ghcb_hv_call() before 5.19 releases now that HyperV
   doesn't need it anymore

 - Remove dead CONFIG_* items

* tag 'x86_urgent_for_v5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  docs/kernel-parameters: Update descriptions for "mitigations=" param with retbleed
  x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available
  Revert "x86/sev: Expose sev_es_ghcb_hv_call() for use by HyperV"
  x86/configs: Update configs in x86_debug.config
2022-07-31 09:26:53 -07:00
Linus Torvalds
5e4823e6da - Avoid rwsem lockups in certain situations when handling the handoff bit
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmLmUPkACgkQEsHwGGHe
 VUqgow/+Oj8acqImjR1OGW0MGW5F4OBRxPlWYGRBem0PwtysKSOUEuLKFGrfUPP8
 9/o/WDK7sKm0A0Ph4++zyuxQVUdww1kWR1BaOzBBJZMhB3dYk511JW2EZc7TPQg8
 qnBWOh1WGztaIATImo1JtN7GVlz6mWEq5i7CkyYWOfqqgMMfzS5N548KtFs37k1F
 GPwR2fntThsgYlL7+5ekHVBabx3Lf5CvpUkct484LtIrvO9xvBr+R5fzxdkd/j7s
 xGVFpt0sMEGjnOatLP+Q41E6n4Vugzjk9FdxOAYLcSl8NPGj/7HUtXB0oLcU7jSn
 eFxr2vurueVxpueNieBKJNiSicFsgx+QNsEtERtzLfyosgKtDkWtl5cP6k7qzqVm
 9KGAWc5tiQJ5DcIoxf+pKBEXBnf6EKFS7PrknYFTbWPFnbun0nw4OnFLufUgeg9c
 qB6afbWUOwKLWYIcJZadmnvmE2ZhaPAv1KPvqeE7E8ln5ERbg2UKY4qV37bvyJFg
 N+gVv+acSip4KtGswGUBKFriJ/vvN1dh/PiBqqJC3AHwlz+CxYsOVgpk9tkhlaQ9
 1HsQ51hyN/pb688J9SshqZf2BH3qS6Kz4eLa1eXGPEywsRBJfg4lufncn1JbrCg8
 CzkUfVPbS31LahMDs5U3IWGSiYSUsy1JDRLZ2zns9ZEMaaZWPKQ=
 =SBw2
 -----END PGP SIGNATURE-----

Merge tag 'locking_urgent_for_v5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull locking fix from Borislav Petkov:

 - Avoid rwsem lockups in certain situations when handling the handoff
   bit

* tag 'locking_urgent_for_v5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter
2022-07-31 09:21:13 -07:00
Linus Torvalds
cd2715b792 - Relax the condition under which the DIMM label in ghes_edac is set in
order to accomodate an HPE BIOS which sets only the device but not the
 bank
 
 - Two forgotten fixes to synopsys_edac when handling error interrupts
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmLmTXgACgkQEsHwGGHe
 VUpIWxAAn/3WVY7/QDAMakskOY3UJ4TTHAP+9JQ3Pz573me12rYwIcUgI9Mg5tmv
 m1f7z5GtG2fLS/K9S1vQyMFWiSLE885q+mz4qWUwczbfJiqCTjJ+PL21XpcG0IE8
 eskNld2QTsGUwZi3O3LEDIX7PkkqXtaFguQz9NVxpf8cF8vXZGND9KTb4Q3YTqCW
 YbGAgwQ5Y81IFLqSri0ssnnyKdgG6Ix2luoD7w8keEI0BqWim5kg7gTEFBvy5VYZ
 fVyKLsN5yGSK72COqeO5GW9OtVSMXLXXCoxTLV3MaunGVpCajyCAHUCXfL0ef6NQ
 p+5F0CRUSTeix+jvPFpk7qKorBVA9MGCcOtEqJDxJOc4aNBcSy6C0nQtEzL9GIPo
 r+mi6ZryOi7EIgKJ+OXE75jlns3SjqKTW0SLQ3pGZTlvWwJHW/FqFYtlkcGa4WdC
 E3HsxafD4ZpAFxcrg6NPhsxy1D+TuVdJVMxnCpWFJB082GXk4ed3bxfPW0J8cdc3
 Fx1ngh3JDJjCwQwGbgqQz02lEyBmqg0PBih5RXDPA0h168bLf+O6mKm7f8H0ojFX
 R1F5BK3J4xSu36Q96ZDGhHaNJDt1ti5i6eY+NiyNHeg/7Jlhyaiwjd1L77KmEMK9
 t+bBKHcI6d9HmMBAhpNWanFFgZz1HGJk/WcXrTnwht+08dZGNeY=
 =G2Tm
 -----END PGP SIGNATURE-----

Merge tag 'edac_urgent_for_v5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras

Pull EDAC fixes from Borislav Petkov:

 - Relax the condition under which the DIMM label in ghes_edac is set in
   order to accomodate an HPE BIOS which sets only the device but not
   the bank

 - Two forgotten fixes to synopsys_edac when handling error interrupts

* tag 'edac_urgent_for_v5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras:
  EDAC/ghes: Set the DIMM label unconditionally
  EDAC/synopsys: Re-enable the error interrupts on v3 hw
  EDAC/synopsys: Use the correct register to disable the error interrupt on v3 hw
2022-07-31 09:12:58 -07:00
Linus Torvalds
6a01025844 ARM fixes for 5.19:
Last set of ARM fixes for 5.19:
 - fix for MAX_DMA_ADDRESS overflow
 - fix for find_*_bit performing an out of bounds memory access
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEuNNh8scc2k/wOAE+9OeQG+StrGQFAmLjoOQACgkQ9OeQG+St
 rGTfrQ//SdLFeUuEe6pv4zX7BnuPd/ZGQozS/TtMYM9KJVKyXiNLjEChdUcjvkWR
 gMf5mSTpV3gmO/rOND1Jj0BQMWBud+XMOrsVa591rlEN4SLLnD4BHXSwyEyXAWSE
 WL/DDoO5deg0tWFUPUbLvvMAkIau60V8rVF6Uq8hQ7ogU25+cvSVS/f1ycgdSEZ2
 JF5+bxJV8ots3WlRvPkUzuCDwfg5KOVd/U52ODm0s4/pPgSlGTMb5yDVS4ukC+ml
 FPDWc0zcs812h4KERsGl+c+gb429uX82cY7cBLHcW+KVLlUkLp153G8c0wHYPC9U
 HssT0X6N+/TBjgGlV62DhPva/odyW5k0vzrvWOspFLyrQRkltEaNRxlCbybWorrD
 0TI0NZokqbHhXUhdhTWsD6S8sdSHjAh63ZeVf93g4FaXCuKERlRg8dvrvB5U8QXG
 iQJWhzE+n7tf+rjw3SeobBw2ZyZoSS7VSFyBTE0AMBRbNbk3dDSXImD7g+73c6Uw
 sHT6xPRv7Omh94NDecLku+/EYozUDALRfHxmnhPYXocbu1QFLPuPmNv0qwE0yrr0
 NQODYiKhRVrLeYSSym+WdPgmgucIrJVLMCupPC0NU/4xex2dHmzhgdW6TaVC2fuY
 EbOYZwHe5mhr9IG5s5YcCDPscyd5Kt7cIj9Sgu+mD0qKwYJJm+s=
 =7ieJ
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm

Pull ARM fixes from Russell King:
 "Last set of ARM fixes for 5.19:

   - fix for MAX_DMA_ADDRESS overflow

   - fix for find_*_bit performing an out of bounds memory access"

* tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm:
  ARM: findbit: fix overflowing offset
  ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow
2022-07-30 17:24:16 -07:00
Waiman Long
6eebd5fb20 locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter
With commit d257cc8cb8 ("locking/rwsem: Make handoff bit handling more
consistent"), the writer that sets the handoff bit can be interrupted
out without clearing the bit if the wait queue isn't empty. This disables
reader and writer optimistic lock spinning and stealing.

Now if a non-first writer in the queue is somehow woken up or a new
waiter enters the slowpath, it can't acquire the lock.  This is not the
case before commit d257cc8cb8 as the writer that set the handoff bit
will clear it when exiting out via the out_nolock path. This is less
efficient as the busy rwsem stays in an unlock state for a longer time.

In some cases, this new behavior may cause lockups as shown in [1] and
[2].

This patch allows a non-first writer to ignore the handoff bit if it
is not originally set or initiated by the first waiter. This patch is
shown to be effective in fixing the lockup problem reported in [1].

[1] https://lore.kernel.org/lkml/20220617134325.GC30825@techsingularity.net/
[2] https://lore.kernel.org/lkml/3f02975c-1a9d-be20-32cf-f1d8e3dfafcc@oracle.com/

Fixes: d257cc8cb8 ("locking/rwsem: Make handoff bit handling more consistent")
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: John Donnelly <john.p.donnelly@oracle.com>
Tested-by: Mel Gorman <mgorman@techsingularity.net>
Link: https://lore.kernel.org/r/20220622200419.778799-1-longman@redhat.com
2022-07-30 10:58:28 +02:00
Linus Torvalds
620725263f Two hotfixes, both cc:stable.
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQTTMBEPP41GrTpTJgfdBJ7gKXxAjgUCYuSoqQAKCRDdBJ7gKXxA
 jhXLAP9LwWGqHPDTJEdJByCQY00DM5hmVT6qycAVjySkXTIGSwD/XpAS/kPuiaMW
 Q+MmXG4F0DQFYyBhalA1AfyytgFUXAs=
 =8KZO
 -----END PGP SIGNATURE-----

Merge tag 'mm-hotfixes-stable-2022-07-29' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

Pull misc fixes from Andrew Morton:
 "Two hotfixes, both cc:stable"

* tag 'mm-hotfixes-stable-2022-07-29' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm:
  mm/hmm: fault non-owner device private entries
  page_alloc: fix invalid watermark check on a negative value
2022-07-29 21:02:35 -07:00
Linus Torvalds
8a91f86f3e block-5.19-2022-07-29
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmLkYGoQHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgpkurD/9ohEDKW83HiSSwQ0zRG1KJGqmn7nm1Y9IT
 FqeJepq3/036t1uLjiXhVtHBakxTIJBh+bmI/2lmI/mSUVYikZr9m3qAR53bzIoo
 CrOAkfs5JhpZglihvCkcoz7lvhKlkB0oqa9HLrBBMGu3IvcdJs5BwslpdZ1PzRzL
 rM+CSvVgpK4DqoNhGHSKCk3u1kGOYSJYHJUQGk5V3lPJFx/1ATDF1qpMOT0L/Cve
 aZtJoDC5dSbS4RnLCV0WLeWsviBJuYuYuF2oHBnZsti9403Y4mm3hNRxf5OnBe8H
 aTlvCaDRGoQ+GrQyvQ8p2B6jT7Y90ggT/efi7V1DbjuN2QtRE06OyNAdwEMeGRaR
 DysrILhq0ZdFoQ6MDh+iUPJswOVKzpoLmkb9SmknqrKhyMZQElKncCHiGypguHCA
 IbHXTPD+f2oKTl+ksIfdQP6Y3QypUIlWsCYIwkrY1Bsi7kFHG7wRfPy/uXs+7ldX
 cThpEs6utPavnJWrtHErdh/6sEJrdf3mApEvUUFONTe0kaEeD3Fbh9t1+NbUBug6
 Y5ApPakfwdm97/lPMyR2OBNmvox2MukLua271v1jDoxalDEjG+HwRhoIXVW8+E+g
 LCrIEafT9A5fLoI6zy1e0AClAhD6SSbuvQIBODQQwe1RHnLg3Z+MjD7Q27k88BBt
 H73a39rrRA==
 =PN7V
 -----END PGP SIGNATURE-----

Merge tag 'block-5.19-2022-07-29' of git://git.kernel.dk/linux-block

Pull block fix from Jens Axboe:
 "Just a single fix for NVMe, yet another quirk addition"

* tag 'block-5.19-2022-07-29' of git://git.kernel.dk/linux-block:
  nvme-pci: Crucial P2 has bogus namespace ids
2022-07-29 16:07:35 -07:00
Linus Torvalds
e65c6a46df drm fixes for 5.19 final (part 2)
nouveau:
 - page migration fix
 
 simpledrm:
 - fix mode_valid return value
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmLkQVgACgkQDHTzWXnE
 hr70gw/9EEM09SrvQVJTQFlHTgaQGJ9uJVhNsjbTv8xN9rIl8wtXcCsnqCfnr/fR
 ogzLd1c+PSmX34Msg1oOZe+jVh4NBvAVSZBxQWtoFYec5yu5zymZvB9RM/VW7llm
 e07C1vhY1v7smjnFkpuqiJaMJHm0SmRoAw8mBliBW7gpKY+++0sFF9pw0rbFXcBH
 0PN5MD2XgX8l1+qYLelRfkR7GYT6ZxKkYqaJlks6MryG5MjSl6BrAbuOuvcgHo2M
 nPjjHUofA756sGyzM8gmapVSXmobbOoQ2IjwfBy0Uv8TJtR25wCNet25lkEjluBR
 VTgwaNSYU/qrKOnln54YKq/lziN7Hx4mIOASJN9B8z05WWKNufDI785+5Q2geGea
 zdCZlL8vgoAePzmQme8y4wW5zDi3l0A0Xy5ruZ7exuzyuEPTXB3dWs/Z2qrPwPwz
 fvjJvTPivk/BYXX2BoQntrHLhKLLUMQ+/2R8hRivgr2BLkt6NGsXsjtWPf3itW6t
 RZLmvjOLEJxpTe7Qv9XayYR5J8dgzYHBtP4/PcUjTmP8oPyye6s4+4u2r+vrvIvm
 f4PiDMNRuQVAzYq/ZzIQ4gPVXXiQkSygilYrrq5gVFIE3OyXM6bSvnQIbZEYgama
 NEYS1v+OIiNu4gT3UWks6MVWPp8dRlwGyRohzI2snqV8pOFhYO4=
 =Cjm+
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-2022-07-30' of git://anongit.freedesktop.org/drm/drm

Pull more drm fixes from Dave Airlie:
 "Maxime had the dog^Wmailing list server eat his homework^Wmisc pull
  request.

  Two more small fixes, one in nouveau svm code and the other in
  simpledrm.

  nouveau:
   - page migration fix

  simpledrm:
   - fix mode_valid return value"

* tag 'drm-fixes-2022-07-30' of git://anongit.freedesktop.org/drm/drm:
  nouveau/svm: Fix to migrate all requested pages
  drm/simpledrm: Fix return type of simpledrm_simple_display_pipe_mode_valid()
2022-07-29 13:25:31 -07:00
Dave Airlie
ce156c8a18 One fix to fix simpledrm mode_valid return value, and one for page
migration in nouveau
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABMIAB0WIQTXEe0+DlZaRlgM8LOIQ8rmN6G3ywUCYuOr0wAKCRCIQ8rmN6G3
 yxDvAQCFEEW+ICI4ERsUUViWSksYUQ2vQxw5fcMULoVF3IiOSwD/eEFxxQkCcMyq
 xsHi7DZhfpu2nukCm5HvvRRIczb2sF4=
 =zth0
 -----END PGP SIGNATURE-----

Merge tag 'drm-misc-fixes-2022-07-29' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes

One fix to fix simpledrm mode_valid return value, and one for page
migration in nouveau

Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Maxime Ripard <maxime@cerno.tech>
Link: https://patchwork.freedesktop.org/patch/msgid/20220729094514.sfzhc3gqjgwgal62@penduick
2022-07-30 06:09:57 +10:00
Linus Torvalds
1c8ac1c4af SCSI fixes on 20220729
Four fixes, three in drivers.  The two biggest fixes are ufs and the
 remaining driver and core fix are small and obvious (and the core fix
 is low risk).
 
 Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com>
 -----BEGIN PGP SIGNATURE-----
 
 iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCYuQu2yYcamFtZXMuYm90
 dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishQ+vAQCtzbtY
 kY4Lg3jOVSgvXT220sCVnOoXJKHmORVWm7XXsAEAjVFLTVGhh/Voxlkhl/lxGnKV
 DJQWSdq6MjoxK56z2a4=
 =GGBX
 -----END PGP SIGNATURE-----

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "Four fixes, three in drivers.

  The two biggest fixes are ufs and the remaining driver and core fix
  are small and obvious (and the core fix is low risk)"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: ufs: core: Fix a race condition related to device management
  scsi: core: Fix warning in scsi_alloc_sgtables()
  scsi: ufs: host: Hold reference returned by of_parse_phandle()
  scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown
2022-07-29 13:07:03 -07:00
Eiichi Tsukata
ea304a8b89 docs/kernel-parameters: Update descriptions for "mitigations=" param with retbleed
Updates descriptions for "mitigations=off" and "mitigations=auto,nosmt"
with the respective retbleed= settings.

Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: corbet@lwn.net
Link: https://lore.kernel.org/r/20220728043907.165688-1-eiichi.tsukata@nutanix.com
2022-07-29 20:47:07 +02:00
Ralph Campbell
8a295dbbaf mm/hmm: fault non-owner device private entries
If hmm_range_fault() is called with the HMM_PFN_REQ_FAULT flag and a
device private PTE is found, the hmm_range::dev_private_owner page is used
to determine if the device private page should not be faulted in. 
However, if the device private page is not owned by the caller,
hmm_range_fault() returns an error instead of calling migrate_to_ram() to
fault in the page.

For example, if a page is migrated to GPU private memory and a RDMA fault
capable NIC tries to read the migrated page, without this patch it will
get an error.  With this patch, the page will be migrated back to system
memory and the NIC will be able to read the data.

Link: https://lkml.kernel.org/r/20220727000837.4128709-2-rcampbell@nvidia.com
Link: https://lkml.kernel.org/r/20220725183615.4118795-2-rcampbell@nvidia.com
Fixes: 08ddddda66 ("mm/hmm: check the device private page owner in hmm_range_fault()")
Signed-off-by: Ralph Campbell <rcampbell@nvidia.com>
Reported-by: Felix Kuehling <felix.kuehling@amd.com>
Reviewed-by: Alistair Popple <apopple@nvidia.com>
Cc: Philip Yang <Philip.Yang@amd.com>
Cc: Jason Gunthorpe <jgg@nvidia.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-07-29 11:33:37 -07:00
Jaewon Kim
9282012fc0 page_alloc: fix invalid watermark check on a negative value
There was a report that a task is waiting at the
throttle_direct_reclaim. The pgscan_direct_throttle in vmstat was
increasing.

This is a bug where zone_watermark_fast returns true even when the free
is very low. The commit f27ce0e140 ("page_alloc: consider highatomic
reserve in watermark fast") changed the watermark fast to consider
highatomic reserve. But it did not handle a negative value case which
can be happened when reserved_highatomic pageblock is bigger than the
actual free.

If watermark is considered as ok for the negative value, allocating
contexts for order-0 will consume all free pages without direct reclaim,
and finally free page may become depleted except highatomic free.

Then allocating contexts may fall into throttle_direct_reclaim. This
symptom may easily happen in a system where wmark min is low and other
reclaimers like kswapd does not make free pages quickly.

Handle the negative case by using MIN.

Link: https://lkml.kernel.org/r/20220725095212.25388-1-jaewon31.kim@samsung.com
Fixes: f27ce0e140 ("page_alloc: consider highatomic reserve in watermark fast")
Signed-off-by: Jaewon Kim <jaewon31.kim@samsung.com>
Reported-by: GyeongHwan Hong <gh21.hong@samsung.com>
Acked-by: Mel Gorman <mgorman@techsingularity.net>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Baoquan He <bhe@redhat.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Yong-Taek Lee <ytk.lee@samsung.com>
Cc: <stable@vger.kerenl.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-07-29 11:33:37 -07:00
Linus Torvalds
bb83c99d3d perf tools fixes for v5.19: 5th batch
- Fix addresses for bss symbols, describing variables used in resolving data
   access in tools such as 'perf c2c' and 'perf mem'.
 
 - Skip symbols if SHF_ALLOC flag is not set, a technique used for
   listing deprecated symbols, its addresses are zeros, so not useful.
 
 - Remove undefined behavior from bpf_perf_object__next() when
   dealing with an empty bpf_objects_list list.
 
 - Make a ARM CoreSight disasm script work with both python2 and python3.
 
 - Sync x86's cpufeatures header with with the kernel sources.
 
 Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQR2GiIUctdOfX2qHhGyPKLppCJ+JwUCYuQG9QAKCRCyPKLppCJ+
 JxtPAP9KlHo6mrPNtjly6jLJ0VvbS2NoJAg8gY1oIJBx68jE2QD+KRAZ7g6XaUuo
 4c0BGm41QFyCIrUCDHMJhGJGI6g7NwI=
 =ktD4
 -----END PGP SIGNATURE-----

Merge tag 'perf-tools-fixes-for-v5.19-2022-07-29' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux

Pull perf tools fixes from Arnaldo Carvalho de Melo:

 - Fix addresses for bss symbols, describing variables used in resolving
   data access in tools such as 'perf c2c' and 'perf mem'.

 - Skip symbols if SHF_ALLOC flag is not set, a technique used for
   listing deprecated symbols, its addresses are zeros, so not useful.

 - Remove undefined behavior from bpf_perf_object__next() when dealing
   with an empty bpf_objects_list list.

 - Make a ARM CoreSight disasm script work with both python2 and
   python3.

 - Sync x86's cpufeatures header with with the kernel sources.

* tag 'perf-tools-fixes-for-v5.19-2022-07-29' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
  perf bpf: Remove undefined behavior from bpf_perf_object__next()
  perf symbol: Skip symbols if SHF_ALLOC flag is not set
  perf symbol: Correct address for bss symbols
  perf scripts python: Let script to be python2 compliant
  tools headers cpufeatures: Sync with the kernel sources
2022-07-29 11:26:28 -07:00
Linus Torvalds
4b20426d04 wq fixes for v5.19-rc8
Just one commit to suppress a spurious warning added during the 5.19 cycle.
 -----BEGIN PGP SIGNATURE-----
 
 iIQEABYIACwWIQTfIjM1kS57o3GsC/uxYfJx3gVYGQUCYuQfNg4cdGpAa2VybmVs
 Lm9yZwAKCRCxYfJx3gVYGdjFAQDAPPlHskr1oC6d2k2nqPNEzEpOq1LWLxRK/hR2
 dddxsgD+KV0GMGb43W5Au2lbscze1WNM9jeanpofRoyV+l1gyQA=
 =hlX7
 -----END PGP SIGNATURE-----

Merge tag 'wq-for-5.19-rc8-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq

Pull workqueue fix from Tejun Heo:
 "Just one commit to suppress a spurious warning added during the 5.19
  cycle"

* tag 'wq-for-5.19-rc8-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
  workqueue: Avoid a false warning in unbind_workers()
2022-07-29 11:20:40 -07:00
Linus Torvalds
506e6dfb0f Last-minute power management fix for 5.19
Make some false positive RCU splats resulting from a recent intel_idle
 driver change go away (Waiman Long).
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAmLj+BASHHJqd0Byand5
 c29ja2kubmV0AAoJEILEb/54YlRxRrsQALX5n91Cx5a9+yqYqSxg5XLun6td40pu
 acPSWxOLmSR9MKsoOw62gHrUqIuOH9VsF1ekbFvjC1G1tj42vM2eJJ5DHv5kx8yU
 Hylt+/GKtaifH1Eq1YFa8mW4em6Nx08LEU7xDZ/oZg1DUyQLfQJPOgTnhprbkKeK
 +L/jazcehLBhAdctF9F7qWIGokqielu1C1OQlAzx0feapK3RKHLrpjC8akgJssqo
 VqdCXPdXKoM9wK5jrg9RvZCeja6f3EgQtkIoif2ugGTiuM8buZPYlSgy73K6wMX1
 KqLuStuk38dHZ9RTwCcAIIWcXBhSIXy8z/Pth+E3i+Yblj876t0nVkAr9/Xt2SQ0
 lpzEX/HrAa22kBa9ym3gGfc1kpRjeoJS+pGFSewJpj0fSm+cGJ78mHDsExXAGHn2
 Ak5H3ViyQrwMOeEzA2YGqXcdj/BO+iifV5lWOOL4eFsfnWwAAr+eMMhUO40QG8eN
 g1oc1t8l3caVFGnE9rLgZo8c0CL5sJGSyljNAL8BWm/rRt5gJ9bxi2l+d8SgBZ2m
 2FH/rX1t+NMs9VRIhpw+JFAcNHoPFCzSxcRjHzxLKfsO0Be0A0Jozz6CnE/SFtx/
 Xg6DcZ3Id+yNLd/tjlwY/VqxCb6zq+iMdoOkZMtHuR2E4Cvq2ob8YBgpoC10OL+x
 Y9RQxrblPiob
 =tCE+
 -----END PGP SIGNATURE-----

Merge tag 'pm-5.19-rc9' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull power management fix from Rafael Wysocki:
 "Make some false positive RCU splats resulting from a recent intel_idle
  driver change go away (Waiman Long)"

* tag 'pm-5.19-rc9' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  intel_idle: Fix false positive RCU splats due to incorrect hardirqs state
2022-07-29 10:57:26 -07:00
Lai Jiangshan
46a4d679ef workqueue: Avoid a false warning in unbind_workers()
Doing set_cpus_allowed_ptr() with wq_unbound_cpumask can be possible
fails and trigger the false warning.

Use cpu_possible_mask instead when wq_unbound_cpumask has no active CPUs.

It is very easy to trigger the warning:
  Set wq_unbound_cpumask to a small set of CPUs.
  Offline all the CPUs of wq_unbound_cpumask.
  Offline an extra CPU and trigger the warning.

Fixes: 10a5a651e3 ("workqueue: Restrict kworker in the offline CPU pool running on housekeeping CPUs")
Signed-off-by: Lai Jiangshan <jiangshan.ljs@antgroup.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
2022-07-29 07:49:02 -10:00
Linus Torvalds
e4d8b09d67 A Single RISC-V Fix for 5.19
* A build fix for "make vdso_install" that avoids an issue trying to
   install the compat VDSO.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEAM520YNJYN/OiG3470yhUCzLq0EFAmLkEq4THHBhbG1lckBk
 YWJiZWx0LmNvbQAKCRDvTKFQLMurQTr3EACMq1ZAesdwQotPIM8dDzK4GpPAjls9
 hmABlhZtllmr0lADpv3XoMMKKguPdyV0+TgnfEP9hMr3jTQ7n6Y+3q3kM/TV/uLv
 IC2xCiulHF7gqT7SJT2CmoScbfHw1ibdWlQg7rnjXYK5mVxboYJwrjW2+TxoAc01
 nbuUuuExkA2aUaFa7Io3y9D/heG1cz3zZA/XkreDtRc4bC5l9dDhfLOOOXeZL+5J
 CJo9ZujN2dHGzh6EjmGZNauA5akJe/c2QnqO/8EK8d2EjJqDQRiewqZc8xKQpQo/
 A8FQK/cFatFZGrMYhoEswswSWVuuesb5774s9LoyyB9tQDrHd3dmzJhkjikAqlva
 lMh0WcnemHFZtl7sp6yhE7wjzKSHCKmtFULJS5OnJkjCh+A3UJ3mTDnPsese7g/j
 2oAp9v4VoTcWk2v/IErtiwUiwNdJeM5ptm62OweQJ6W+VnhK2JWICvr5wExnjP6Z
 zI9KuwKQLzJ7tt8OLZ0t3sR+J3EG1rt217Xi5KRWGEWtreKzg0YAQYghpFKlR0BR
 YVgEPQfQ5S+2zerlwtRzvD7W7e2tRMoqskRfWhtKM9VMNRQelrHJGPPqZx6E67n9
 9CVSXqcqcRGkJUuR3pt8Nki4JTnT6skDVGhv5VEQlpYXZ54igfj1yQ/tx2ePFZW8
 J4RiRzavozacaw==
 =JmTV
 -----END PGP SIGNATURE-----

Merge tag 'riscv-for-linus-5.19-rc9' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux

Pull RISC-V fix from Palmer Dabbelt:
 "A build fix for 'make vdso_install' that avoids an issue trying to
  install the compat VDSO"

* tag 'riscv-for-linus-5.19-rc9' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
  riscv: compat: vdso: Fix vdso_install target
2022-07-29 10:46:03 -07:00
Linus Torvalds
a95eb1d086 LoongArch fixes for v5.19-final
-----BEGIN PGP SIGNATURE-----
 
 iQJKBAABCAA0FiEEzOlt8mkP+tbeiYy5AoYrw/LiJnoFAmLj6XUWHGNoZW5odWFj
 YWlAa2VybmVsLm9yZwAKCRAChivD8uImeuFOEACcuQB5cLihx6Oao5MZmPlaUx3h
 IexoIjRKsJywH8MJHePsvfMH3E6cpTyce+uJLyj/BCWDOewlKZbUc4a0kxHUSdEo
 OohGFJLMb4tWUMFyELdOgjiwDuCPgVfZljsS75JvtTAuz+mnDAV4QjsCXxrVb2Qg
 K9yUyzUd8Pcl5c5InR6RzhQH9Sq2U93+MVKDgDuuUkJHP81bgV+pUcmDYf3Vi+7y
 zmKSqz5JgL/mAQ04PT1l56fgvRreUrKIZkI+yVcfU8x3ciHVdfrN8RzSxwapNLJD
 5DYnXCquFC3fksOLb8kqXKY+lWP6a2VrWoM5rVzmYizuN5Y+q+zrAVEqM2KSk0+/
 VkylhottrpONnIO7xXjc9JQvZZFZxDJ4PJbh6xWjT0QYgnU5r0DMjZTKksdv0Rgm
 Z4MHHqHMJRvgBrGEgWfZoP4ijgwIoMu+FCI/xZ8r5EvI4xCp7wWs/3DUFF2KzCYJ
 wzactvZcf0DFeczoyfsCF6dcLr3PqL8RB2O+Hc/mbWomSypDjDylZuc5u4nplLdy
 RzQkUvlLAgWTuRqsUkKDFh3rwdjgwDAdIViIk7Iy8eto7d211Zq62GwoA9BdHlUh
 C2H21hyqoGRsf/40ZmzMpZJDPxbGg9i5mxa/iiy/vas56emuOgUfQSnu+8poHRrk
 WHf7ZgtQrz6AzMyZ+w==
 =rqgi
 -----END PGP SIGNATURE-----

Merge tag 'loongarch-fixes-5.19-5' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson

Pull LoongArch fixes from Huacai Chen:

 - Fix cache size calculation, stack protection attributes, ptrace's
   fpr_set and "ROM Size" in boardinfo

 - Some cleanups and improvements of assembly

 - Some cleanups of unused code and useless code

* tag 'loongarch-fixes-5.19-5' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson:
  LoongArch: Fix wrong "ROM Size" of boardinfo
  LoongArch: Fix missing fcsr in ptrace's fpr_set
  LoongArch: Fix shared cache size calculation
  LoongArch: Disable executable stack by default
  LoongArch: Remove unused variables
  LoongArch: Remove clock setting during cpu hotplug stage
  LoongArch: Remove useless header compiler.h
  LoongArch: Remove several syntactic sugar macros for branches
  LoongArch: Re-tab the assembly files
  LoongArch: Simplify "BGT foo, zero" with BGTZ
  LoongArch: Simplify "BLT foo, zero" with BLTZ
  LoongArch: Simplify "BEQ/BNE foo, zero" with BEQZ/BNEZ
  LoongArch: Use the "move" pseudo-instruction where applicable
  LoongArch: Use the "jr" pseudo-instruction where applicable
  LoongArch: Use ABI names of registers where appropriate
2022-07-29 10:10:30 -07:00
Linus Torvalds
9d928d9b78 powerpc fixes for 5.19 #6
- Re-enable the new amdgpu display engine for powerpc, as long as the compiler is
    correctly configured.
 
  - Disable stack variable initialisation in prom_init to fix GCC 12 allmodconfig.
 
 Thanks to: Dan Horák, Sudip Mukherjee.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEJFGtCPCthwEv2Y/bUevqPMjhpYAFAmLjzzUTHG1wZUBlbGxl
 cm1hbi5pZC5hdQAKCRBR6+o8yOGlgI9HD/kBUx+GUGmv/q72tG99fGeyTFWzdBoQ
 sUbgzPl74Oanf+vp4q150PfL+pka1/Cajl+2xxZOAg6IFrerY6HW3xu1wOQdR01b
 imTujF/Tb1PoQKuSuUQ0elFPKw2h6PpOl65Z+XF+/tAoKG4IHakhVc9jjRLNZQmL
 tKAaWpR2yLHyIai1DrEzwy/J0oeXRzEbJqz4zRb3gicZusiI3bTLDqkS/U1Pg04M
 t/sfe1FFFbgjMX9Rogjt9A+k/qMISJTLcm06R9+6L4XQrdnrio5ITSO5GFdJHYlv
 0Ej0BthkPaUkxrZB5qfz1h7+ZLHLgRXDVNHbM2FvvATeuOzyCsZDIjw6lxJdN8l2
 hWXrkWEYJM4tBpn+sfMdgiOVBZExz6UEz28/0sFxTEq1CFQU+m00hevXLnQpLwFp
 X3T3PR1LTvCMsbbNDF98yfKiAB41fa59xw1ZIizItuPBHjUHjPctYM94BTYRmsVI
 WGTGSDjgxnn+5u4VD9QN05ADTjEJtOGHZNZX9KeuyhMKEnKYunipFP4kyJWXTMkP
 06S1fgfN4d1FOyQSsRnvLV7ZMo+/nD0gwNFUniINTYKb8TXyogWaMNUvHqfrdBrd
 Af8oObRj0oJ7Qrq5z+MzL2Vx9PlkMIBIb3tj/QBo3nFvnkG404w+HyxANnF3id1v
 03pWRaTJJemicw==
 =u93i
 -----END PGP SIGNATURE-----

Merge tag 'powerpc-5.19-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

Pull powerpc fixes from Michael Ellerman:

 - Re-enable the new amdgpu display engine for powerpc, as long as the
   compiler is correctly configured.

 - Disable stack variable initialisation in prom_init to fix GCC 12
   allmodconfig.

Thanks to Dan Horák and Sudip Mukherjee.

* tag 'powerpc-5.19-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  drm/amdgpu: Re-enable DCN for 64-bit powerpc
  powerpc/64s: Disable stack variable initialisation for prom_init
2022-07-29 09:57:07 -07:00
Tiezhu Yang
45b53c9051 LoongArch: Fix wrong "ROM Size" of boardinfo
We can see the "ROM Size" is different in the following outputs:

[root@linux loongson]# cat /sys/firmware/loongson/boardinfo
BIOS Information
Vendor                  : Loongson
Version                 : vUDK2018-LoongArch-V2.0.pre-beta8
ROM Size                : 63 KB
Release Date            : 06/15/2022

Board Information
Manufacturer            : Loongson
Board Name              : Loongson-LS3A5000-7A1000-1w-A2101
Family                  : LOONGSON64

[root@linux loongson]# dmidecode | head -11
...
Handle 0x0000, DMI type 0, 26 bytes
BIOS Information
	Vendor: Loongson
	Version: vUDK2018-LoongArch-V2.0.pre-beta8
	Release Date: 06/15/2022
	ROM Size: 4 MB

According to "BIOS Information (Type 0) structure" in the SMBIOS
Reference Specification [1], it shows 64K * (n+1) is the size of
the physical device containing the BIOS if the size is less than
16M.

Additionally, we can see the related code in dmidecode [2]:

  u64 s = { .l = (code1 + 1) << 6 };

So the output of dmidecode is correct, the output of boardinfo
is wrong, fix it.

By the way, at present no need to consider the size is 16M or
greater on LoongArch, because it is usually 4M or 8M which is
enough to use.

[1] https://www.dmtf.org/sites/default/files/standards/documents/DSP0134_3.6.0.pdf
[2] https://git.savannah.nongnu.org/cgit/dmidecode.git/tree/dmidecode.c#n347

Fixes: 628c3bb40e ("LoongArch: Add boot and setup routines")
Reviewed-by: WANG Xuerui <git@xen0n.name>
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2022-07-29 18:22:33 +08:00
Qi Hu
b0f3bdc002 LoongArch: Fix missing fcsr in ptrace's fpr_set
In file ptrace.c, function fpr_set does not copy fcsr data from ubuf
to kbuf. That's the reason why fcsr cannot be modified by ptrace.

This patch fixs this problem and allows users using ptrace to modify
the fcsr.

Co-developed-by: Xu Li <lixu@loongson.cn>
Signed-off-by: Qi Hu <huqi@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2022-07-29 18:22:33 +08:00
Huacai Chen
1aea29d7c3 LoongArch: Fix shared cache size calculation
Current calculation of shared cache size is from the node (die) scope,
but we hope 'lscpu' to show the shared cache size of the whole package
for multi-die chips (e.g., Loongson-3C5000L, which contains 4 dies in
one package). So fix it by multiplying nodes_per_package.

Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2022-07-29 18:22:33 +08:00
Huacai Chen
317980e6b4 LoongArch: Disable executable stack by default
Disable executable stack for LoongArch by default, as all modern
architectures do.

Reported-by: Andreas Schwab <schwab@suse.de>
Suggested-by: WANG Xuerui <git@xen0n.name>
Link: https://sourceware.org/pipermail/binutils/2022-July/121992.html
Tested-by: WANG Xuerui <git@xen0n.name>
Tested-by: Xi Ruoyao <xry111@xry111.site>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2022-07-29 18:22:32 +08:00
Bibo Mao
3a3a4f7a65 LoongArch: Remove unused variables
There are some variables never used or referenced, this patch
removes these varaibles and make the code cleaner.

Reviewed-by: WANG Xuerui <git@xen0n.name>
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2022-07-29 18:22:32 +08:00
Bibo Mao
71610ab1d0 LoongArch: Remove clock setting during cpu hotplug stage
On physical machine we can save power by disabling clock of hot removed
cpu. However as different platforms require different methods to
configure clocks, the code is platform-specific, and probably belongs to
firmware/pmu or cpu regulator, rather than generic arch/loongarch code.

Also, there is no such register on QEMU virt machine since the
clock/frequency regulation is not emulated.

This patch removes the hard-coded clock register accesses in generic
LoongArch cpu hotplug flow.

Reviewed-by: WANG Xuerui <git@xen0n.name>
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2022-07-29 18:22:32 +08:00
Jun Yi
f62b7626cb LoongArch: Remove useless header compiler.h
The content of LoongArch's compiler.h is trivial, with some unused
anywhere, so inline the definitions and remove the header.

Signed-off-by: Jun Yi <yijun@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2022-07-29 18:22:32 +08:00
WANG Xuerui
ab6e57a69d LoongArch: Remove several syntactic sugar macros for branches
These syntactic sugars have been supported by upstream binutils from the
beginning, so no need to patch them locally.

Signed-off-by: WANG Xuerui <git@xen0n.name>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2022-07-29 18:22:32 +08:00
WANG Xuerui
f5c3c22f21 LoongArch: Re-tab the assembly files
Reflow the *.S files for better stylistic consistency, namely hard tabs
after mnemonic position, and vertical alignment of the first operand
with hard tabs. Tab width is obviously 8. Some pre-existing intra-block
vertical alignments are preserved.

Signed-off-by: WANG Xuerui <git@xen0n.name>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2022-07-29 18:22:32 +08:00
WANG Xuerui
1fdb9a9249 LoongArch: Simplify "BGT foo, zero" with BGTZ
Support for the syntactic sugar is present in upstream binutils port
from the beginning. Use it for shorter lines and better consistency.
Generated code should be identical.

Signed-off-by: WANG Xuerui <git@xen0n.name>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2022-07-29 18:22:32 +08:00
WANG Xuerui
d1bc75d759 LoongArch: Simplify "BLT foo, zero" with BLTZ
Support for the syntactic sugar is present in upstream binutils port
from the beginning. Use it for shorter lines and better consistency.
Generated code should be identical.

Signed-off-by: WANG Xuerui <git@xen0n.name>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2022-07-29 18:22:32 +08:00
WANG Xuerui
d47b2dc87c LoongArch: Simplify "BEQ/BNE foo, zero" with BEQZ/BNEZ
While B{EQ,NE}Z and B{EQ,NE} are different instructions, and the vastly
expanded range for branch destination does not really matter in the few
cases touched, use the B{EQ,NE}Z where possible for shorter lines and
better consistency (e.g. some places used "BEQ foo, zero", while some
used "BEQ zero, foo").

Signed-off-by: WANG Xuerui <git@xen0n.name>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2022-07-29 18:22:32 +08:00
WANG Xuerui
57ce5d3eef LoongArch: Use the "move" pseudo-instruction where applicable
Some of the assembly code in the LoongArch port likely originated
from a time when the assembler did not support pseudo-instructions like
"move" or "jr", so the desugared form was used and readability suffers
(to a minor degree) as a result.

As the upstream toolchain supports these pseudo-instructions from the
beginning, migrate the existing few usages to them for better
readability.

Signed-off-by: WANG Xuerui <git@xen0n.name>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2022-07-29 18:22:32 +08:00
WANG Xuerui
07b480695d LoongArch: Use the "jr" pseudo-instruction where applicable
Some of the assembly code in the LoongArch port likely originated
from a time when the assembler did not support pseudo-instructions like
"move" or "jr", so the desugared form was used and readability suffers
(to a minor degree) as a result.

As the upstream toolchain supports these pseudo-instructions from the
beginning, migrate the existing few usages to them for better
readability.

Signed-off-by: WANG Xuerui <git@xen0n.name>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2022-07-29 18:22:32 +08:00
WANG Xuerui
d8e7f201a4 LoongArch: Use ABI names of registers where appropriate
Some of the assembly in the LoongArch port seem to come from a
prehistoric time, when the assembler didn't even have support for the
ABI names we all come to know and love, thus used raw register numbers
which hampered readability.

The usages are found with a regex match inside arch/loongarch, then
manually adjusted for those non-definitions.

Signed-off-by: WANG Xuerui <git@xen0n.name>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2022-07-29 18:22:32 +08:00
Russell King (Oracle)
ec85bd369f ARM: findbit: fix overflowing offset
When offset is larger than the size of the bit array, we should not
attempt to access the array as we can perform an access beyond the
end of the array. Fix this by changing the pre-condition.

Using "cmp r2, r1; bhs ..." covers us for the size == 0 case, since
this will always take the branch when r1 is zero, irrespective of
the value of r2. This means we can fix this bug without adding any
additional code!

Tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
2022-07-29 09:54:26 +01:00
Thadeu Lima de Souza Cascardo
571c30b1a8 x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available
Some cloud hypervisors do not provide IBPB on very recent CPU processors,
including AMD processors affected by Retbleed.

Using IBPB before firmware calls on such systems would cause a GPF at boot
like the one below. Do not enable such calls when IBPB support is not
present.

  EFI Variables Facility v0.08 2004-May-17
  general protection fault, maybe for address 0x1: 0000 [#1] PREEMPT SMP NOPTI
  CPU: 0 PID: 24 Comm: kworker/u2:1 Not tainted 5.19.0-rc8+ #7
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015
  Workqueue: efi_rts_wq efi_call_rts
  RIP: 0010:efi_call_rts
  Code: e8 37 33 58 ff 41 bf 48 00 00 00 49 89 c0 44 89 f9 48 83 c8 01 4c 89 c2 48 c1 ea 20 66 90 b9 49 00 00 00 b8 01 00 00 00 31 d2 <0f> 30 e8 7b 9f 5d ff e8 f6 f8 ff ff 4c 89 f1 4c 89 ea 4c 89 e6 48
  RSP: 0018:ffffb373800d7e38 EFLAGS: 00010246
  RAX: 0000000000000001 RBX: 0000000000000006 RCX: 0000000000000049
  RDX: 0000000000000000 RSI: ffff94fbc19d8fe0 RDI: ffff94fbc1b2b300
  RBP: ffffb373800d7e70 R08: 0000000000000000 R09: 0000000000000000
  R10: 000000000000000b R11: 000000000000000b R12: ffffb3738001fd78
  R13: ffff94fbc2fcfc00 R14: ffffb3738001fd80 R15: 0000000000000048
  FS:  0000000000000000(0000) GS:ffff94fc3da00000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: ffff94fc30201000 CR3: 000000006f610000 CR4: 00000000000406f0
  Call Trace:
   <TASK>
   ? __wake_up
   process_one_work
   worker_thread
   ? rescuer_thread
   kthread
   ? kthread_complete_and_exit
   ret_from_fork
   </TASK>
  Modules linked in:

Fixes: 28a99e95f5 ("x86/amd: Use IBPB for firmware calls")
Reported-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220728122602.2500509-1-cascardo@canonical.com
2022-07-29 10:02:35 +02:00
Linus Torvalds
6e2c049076 drm fixes for 5.19 final
i915:
 - Further reset robustness improvements for execlists [Wa_22011802037]
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmLjVCwACgkQDHTzWXnE
 hr4Gxw//Xtv/x5tuLzTIaWH2ISZV0ZnCj1Yz6VvnBhBHNxikCTqPyjy2dztHdort
 yiVh4QysIJjNNzPcsc1WiQANX3qw77yCNNBYK00iuFV4wOshQSuFFuGp0Stj5GvT
 fLf6DHMD8MwwJhdZSx96BfYXtbUwf+K1O1kHXq0Tn/lc5sfn4QvbJwwNPelEuGG5
 kb2nkyQHAR175/m3e68WeFl51zpMf43uZv1aQvXe0u7nB0Mc762UzPQ1VPhtGZsw
 lxZA5WDIAX99auuK7cw89G4Xv4HP+2Xf6eJ2dRisTw9cP1pwXsbuu1mZSxUmBn1k
 f+gaBqSCxNILjQXyKGI13Kj7quXwDXF/P/YgZaI0U7APhq1zimuG77HjaSk1w1cu
 ++VvFxGr2H4wY7lzAu0bNkAE3uj8mTTv2i0mp1ZzoCgO0g2F0X/IX25vjaH0ojwQ
 tluqNmkcC5bL5vGDBmMUa7mCGIBb6eaG8rD6xQv5r5O/Tf/biqXQ4tYR35oGkHAp
 HVsO0tAwNClQ10gQvftpx5xMVKhdzenj1ZVwNVQTrDDojyYFQxcKkkiCJbcKjuXG
 4FFmh1SiLZa1fWMIce7xDlVkB2toXqvAv9SlO/jcWO9xmV3dVyTYK+vloR8b3fCh
 IoPq+m5Exab0ON4iG+tajm37rnhsF0a0YN0u7E21EanztDPcN8Q=
 =aKij
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-2022-07-29' of git://anongit.freedesktop.org/drm/drm

Pull drm fix from Dave Airlie:
 "Quiet extra week, just a single fix for i915 workaround with execlist
  backend.

  i915:

   - Further reset robustness improvements for execlists [Wa_22011802037]"

* tag 'drm-fixes-2022-07-29' of git://anongit.freedesktop.org/drm/drm:
  drm/i915/reset: Add additional steps for Wa_22011802037 for execlist backend
2022-07-28 20:34:59 -07:00
Dave Airlie
f16a2f593d Merge tag 'drm-intel-fixes-2022-07-28-1' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
- Further reset robustness improvements for execlists [Wa_22011802037] (Umesh Nerlige Ramappa)

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/YuJIWaEbKcs/q0NY@tursulin-desk
2022-07-29 11:39:13 +10:00
Alistair Popple
66cee9097e nouveau/svm: Fix to migrate all requested pages
Users may request that pages from an OpenCL SVM allocation be migrated
to the GPU with clEnqueueSVMMigrateMem(). In Nouveau this will call into
nouveau_dmem_migrate_vma() to do the migration. If the total range to be
migrated exceeds SG_MAX_SINGLE_ALLOC the pages will be migrated in
chunks of size SG_MAX_SINGLE_ALLOC. However a typo in updating the
starting address means that only the first chunk will get migrated.

Fix the calculation so that the entire range will get migrated if
possible.

Signed-off-by: Alistair Popple <apopple@nvidia.com>
Fixes: e3d8b08904 ("drm/nouveau/svm: map pages after migration")
Reviewed-by: Ralph Campbell <rcampbell@nvidia.com>
Reviewed-by: Lyude Paul <lyude@redhat.com>
Signed-off-by: Lyude Paul <lyude@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220720062745.960701-1-apopple@nvidia.com
Cc: <stable@vger.kernel.org> # v5.8+
2022-07-28 16:43:31 -04:00
Linus Torvalds
33ea1340ba Including fixes from bluetooth and netfilter, no known blockers
for the release.
 
 Current release - regressions:
 
  - wifi: mac80211: do not abuse fq.lock in ieee80211_do_stop(),
    fix taking the lock before its initialized
 
  - Bluetooth: mgmt: fix double free on error path
 
 Current release - new code bugs:
 
  - eth: ice: fix tunnel checksum offload with fragmented traffic
 
 Previous releases - regressions:
 
  - tcp: md5: fix IPv4-mapped support after refactoring, don't take
    the pure v6 path
 
  - Revert "tcp: change pingpong threshold to 3", improving detection
    of interactive sessions
 
  - mld: fix netdev refcount leak in mld_{query | report}_work() due
    to a race
 
  - Bluetooth:
    - always set event mask on suspend, avoid early wake ups
    - L2CAP: fix use-after-free caused by l2cap_chan_put
 
  - bridge: do not send empty IFLA_AF_SPEC attribute
 
 Previous releases - always broken:
 
  - ping6: fix memleak in ipv6_renew_options()
 
  - sctp: prevent null-deref caused by over-eager error paths
 
  - virtio-net: fix the race between refill work and close,
    resulting in NAPI scheduled after close and a BUG()
 
  - macsec:
    - fix three netlink parsing bugs
    - avoid breaking the device state on invalid change requests
    - fix a memleak in another error path
 
 Misc:
 
  - dt-bindings: net: ethernet-controller: rework 'fixed-link' schema
 
  - two more batches of sysctl data race adornment
 
 Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE6jPA+I1ugmIBA4hXMUZtbf5SIrsFAmLi0uAACgkQMUZtbf5S
 IrvRlhAAuDzmhVZh2pMT44CmoPS6GGnf7k4fL7lctYa1m+AuvE+zfCx3VOK7tj7V
 OGecNx+CISA4xsAN4iNYVBMnq4437tuXCPDK+SZPpXlVflEP/SW9muCW8b4OwNFZ
 W5bswL0wlla5WYEgZmvUhEBcsfAN8r71u6j71adHpmGqoIA74Dw9VCKNzLsb8qMB
 9sSeMmHDsOgDHw/rWCNo5JNr8DS35g0zMYJp1Q7Nu2H588dRk6aNXbW1nJ5Yph9c
 ZC7E6HweXrLHJbBC7SKf2mJfyzEIyvTvfnoi4knaBFE5b3g70ImZJ7AiDe/C37ZA
 bTmfT4FKZSA5WPKvd8OPxFwJBnrjd1AyHqvdY4wFsDk+PtNXzjOpBFPsNOXzBqIn
 ccwl9t4v/6Vre+miZyh6P0wmsZNTipcTe/CEYQQcIUGKgcx3rB5usikynoZGRc7Q
 cASpIaXfWEIUTw+NUd902NKgPq0oiuqjGBHc2Vl3k+4KcNUX16CtCFs6ufzIsSLe
 vlfcFL/myxuhbdcvNqUw5w+hyoSSA/54lvo5o+Uccgs/ifc/u7C43v6yX9gG/SQl
 MBa2PVWC0ztO6y6HKjd5OhrkUBenK1dLl9uGvExAi47kBImLdlttIanzZ/asUxzO
 9L2Ocq2WMcBPIjsGDTQirdRMAGYqLEKSgTKf8zMHAEkRXWFfn2Y=
 =xnan
 -----END PGP SIGNATURE-----

Merge tag 'net-5.19-final' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

Pull networking fixes from Jakub Kicinski:
 "Including fixes from bluetooth and netfilter, no known blockers for
  the release.

  Current release - regressions:

   - wifi: mac80211: do not abuse fq.lock in ieee80211_do_stop(), fix
     taking the lock before its initialized

   - Bluetooth: mgmt: fix double free on error path

  Current release - new code bugs:

   - eth: ice: fix tunnel checksum offload with fragmented traffic

  Previous releases - regressions:

   - tcp: md5: fix IPv4-mapped support after refactoring, don't take the
     pure v6 path

   - Revert "tcp: change pingpong threshold to 3", improving detection
     of interactive sessions

   - mld: fix netdev refcount leak in mld_{query | report}_work() due to
     a race

   - Bluetooth:
      - always set event mask on suspend, avoid early wake ups
      - L2CAP: fix use-after-free caused by l2cap_chan_put

   - bridge: do not send empty IFLA_AF_SPEC attribute

  Previous releases - always broken:

   - ping6: fix memleak in ipv6_renew_options()

   - sctp: prevent null-deref caused by over-eager error paths

   - virtio-net: fix the race between refill work and close, resulting
     in NAPI scheduled after close and a BUG()

   - macsec:
      - fix three netlink parsing bugs
      - avoid breaking the device state on invalid change requests
      - fix a memleak in another error path

  Misc:

   - dt-bindings: net: ethernet-controller: rework 'fixed-link' schema

   - two more batches of sysctl data race adornment"

* tag 'net-5.19-final' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (67 commits)
  stmmac: dwmac-mediatek: fix resource leak in probe
  ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr
  net: ping6: Fix memleak in ipv6_renew_options().
  net/funeth: Fix fun_xdp_tx() and XDP packet reclaim
  sctp: leave the err path free in sctp_stream_init to sctp_stream_free
  sfc: disable softirqs for ptp TX
  ptp: ocp: Select CRC16 in the Kconfig.
  tcp: md5: fix IPv4-mapped support
  virtio-net: fix the race between refill work and close
  mptcp: Do not return EINPROGRESS when subflow creation succeeds
  Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
  Bluetooth: Always set event mask on suspend
  Bluetooth: mgmt: Fix double free on error path
  wifi: mac80211: do not abuse fq.lock in ieee80211_do_stop()
  ice: do not setup vlan for loopback VSI
  ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS)
  ice: Fix VSIs unable to share unicast MAC
  ice: Fix tunnel checksum offload with fragmented traffic
  ice: Fix max VLANs available for VF
  netfilter: nft_queue: only allow supported familes and hooks
  ...
2022-07-28 11:54:59 -07:00
Dan Carpenter
4d3d3a1b24 stmmac: dwmac-mediatek: fix resource leak in probe
If mediatek_dwmac_clks_config() fails, then call stmmac_remove_config_dt()
before returning.  Otherwise it is a resource leak.

Fixes: fa4b3ca60e ("stmmac: dwmac-mediatek: fix clock issue")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/YuJ4aZyMUlG6yGGa@kili
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-07-28 10:43:04 -07:00
Ziyang Xuan
85f0173df3 ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr
Change net device's MTU to smaller than IPV6_MIN_MTU or unregister
device while matching route. That may trigger null-ptr-deref bug
for ip6_ptr probability as following.

=========================================================
BUG: KASAN: null-ptr-deref in find_match.part.0+0x70/0x134
Read of size 4 at addr 0000000000000308 by task ping6/263

CPU: 2 PID: 263 Comm: ping6 Not tainted 5.19.0-rc7+ #14
Call trace:
 dump_backtrace+0x1a8/0x230
 show_stack+0x20/0x70
 dump_stack_lvl+0x68/0x84
 print_report+0xc4/0x120
 kasan_report+0x84/0x120
 __asan_load4+0x94/0xd0
 find_match.part.0+0x70/0x134
 __find_rr_leaf+0x408/0x470
 fib6_table_lookup+0x264/0x540
 ip6_pol_route+0xf4/0x260
 ip6_pol_route_output+0x58/0x70
 fib6_rule_lookup+0x1a8/0x330
 ip6_route_output_flags_noref+0xd8/0x1a0
 ip6_route_output_flags+0x58/0x160
 ip6_dst_lookup_tail+0x5b4/0x85c
 ip6_dst_lookup_flow+0x98/0x120
 rawv6_sendmsg+0x49c/0xc70
 inet_sendmsg+0x68/0x94

Reproducer as following:
Firstly, prepare conditions:
$ip netns add ns1
$ip netns add ns2
$ip link add veth1 type veth peer name veth2
$ip link set veth1 netns ns1
$ip link set veth2 netns ns2
$ip netns exec ns1 ip -6 addr add 2001:0db8:0:f101::1/64 dev veth1
$ip netns exec ns2 ip -6 addr add 2001:0db8:0:f101::2/64 dev veth2
$ip netns exec ns1 ifconfig veth1 up
$ip netns exec ns2 ifconfig veth2 up
$ip netns exec ns1 ip -6 route add 2000::/64 dev veth1 metric 1
$ip netns exec ns2 ip -6 route add 2001::/64 dev veth2 metric 1

Secondly, execute the following two commands in two ssh windows
respectively:
$ip netns exec ns1 sh
$while true; do ip -6 addr add 2001:0db8:0:f101::1/64 dev veth1; ip -6 route add 2000::/64 dev veth1 metric 1; ping6 2000::2; done

$ip netns exec ns1 sh
$while true; do ip link set veth1 mtu 1000; ip link set veth1 mtu 1500; sleep 5; done

It is because ip6_ptr has been assigned to NULL in addrconf_ifdown() firstly,
then ip6_ignore_linkdown() accesses ip6_ptr directly without NULL check.

	cpu0			cpu1
fib6_table_lookup
__find_rr_leaf
			addrconf_notify [ NETDEV_CHANGEMTU ]
			addrconf_ifdown
			RCU_INIT_POINTER(dev->ip6_ptr, NULL)
find_match
ip6_ignore_linkdown

So we can add NULL check for ip6_ptr before using in ip6_ignore_linkdown() to
fix the null-ptr-deref bug.

Fixes: dcd1f57295 ("net/ipv6: Remove fib6_idev")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://lore.kernel.org/r/20220728013307.656257-1-william.xuanziyang@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-07-28 10:42:44 -07:00
Kuniyuki Iwashima
e27326009a net: ping6: Fix memleak in ipv6_renew_options().
When we close ping6 sockets, some resources are left unfreed because
pingv6_prot is missing sk->sk_prot->destroy().  As reported by
syzbot [0], just three syscalls leak 96 bytes and easily cause OOM.

    struct ipv6_sr_hdr *hdr;
    char data[24] = {0};
    int fd;

    hdr = (struct ipv6_sr_hdr *)data;
    hdr->hdrlen = 2;
    hdr->type = IPV6_SRCRT_TYPE_4;

    fd = socket(AF_INET6, SOCK_DGRAM, NEXTHDR_ICMP);
    setsockopt(fd, IPPROTO_IPV6, IPV6_RTHDR, data, 24);
    close(fd);

To fix memory leaks, let's add a destroy function.

Note the socket() syscall checks if the GID is within the range of
net.ipv4.ping_group_range.  The default value is [1, 0] so that no
GID meets the condition (1 <= GID <= 0).  Thus, the local DoS does
not succeed until we change the default value.  However, at least
Ubuntu/Fedora/RHEL loosen it.

    $ cat /usr/lib/sysctl.d/50-default.conf
    ...
    -net.ipv4.ping_group_range = 0 2147483647

Also, there could be another path reported with these options, and
some of them require CAP_NET_RAW.

  setsockopt
      IPV6_ADDRFORM (inet6_sk(sk)->pktoptions)
      IPV6_RECVPATHMTU (inet6_sk(sk)->rxpmtu)
      IPV6_HOPOPTS (inet6_sk(sk)->opt)
      IPV6_RTHDRDSTOPTS (inet6_sk(sk)->opt)
      IPV6_RTHDR (inet6_sk(sk)->opt)
      IPV6_DSTOPTS (inet6_sk(sk)->opt)
      IPV6_2292PKTOPTIONS (inet6_sk(sk)->opt)

  getsockopt
      IPV6_FLOWLABEL_MGR (inet6_sk(sk)->ipv6_fl_list)

For the record, I left a different splat with syzbot's one.

  unreferenced object 0xffff888006270c60 (size 96):
    comm "repro2", pid 231, jiffies 4294696626 (age 13.118s)
    hex dump (first 32 bytes):
      01 00 00 00 44 00 00 00 00 00 00 00 00 00 00 00  ....D...........
      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    backtrace:
      [<00000000f6bc7ea9>] sock_kmalloc (net/core/sock.c:2564 net/core/sock.c:2554)
      [<000000006d699550>] do_ipv6_setsockopt.constprop.0 (net/ipv6/ipv6_sockglue.c:715)
      [<00000000c3c3b1f5>] ipv6_setsockopt (net/ipv6/ipv6_sockglue.c:1024)
      [<000000007096a025>] __sys_setsockopt (net/socket.c:2254)
      [<000000003a8ff47b>] __x64_sys_setsockopt (net/socket.c:2265 net/socket.c:2262 net/socket.c:2262)
      [<000000007c409dcb>] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
      [<00000000e939c4a9>] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)

[0]: https://syzkaller.appspot.com/bug?extid=a8430774139ec3ab7176

Fixes: 6d0bfe2261 ("net: ipv6: Add IPv6 support to the ping socket.")
Reported-by: syzbot+a8430774139ec3ab7176@syzkaller.appspotmail.com
Reported-by: Ayushman Dutta <ayudutta@amazon.com>
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20220728012220.46918-1-kuniyu@amazon.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-07-28 10:42:08 -07:00
Linus Torvalds
e64ab2dbd8 watch_queue: Fix missing locking in add_watch_to_object()
If a watch is being added to a queue, it needs to guard against
interference from addition of a new watch, manual removal of a watch and
removal of a watch due to some other queue being destroyed.

KEYCTL_WATCH_KEY guards against this for the same {key,queue} pair by
holding the key->sem writelocked and by holding refs on both the key and
the queue - but that doesn't prevent interaction from other {key,queue}
pairs.

While add_watch_to_object() does take the spinlock on the event queue,
it doesn't take the lock on the source's watch list.  The assumption was
that the caller would prevent that (say by taking key->sem) - but that
doesn't prevent interference from the destruction of another queue.

Fix this by locking the watcher list in add_watch_to_object().

Fixes: c73be61ced ("pipe: Add general notification queue support")
Reported-by: syzbot+03d7b43290037d1f87ca@syzkaller.appspotmail.com
Signed-off-by: David Howells <dhowells@redhat.com>
cc: keyrings@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2022-07-28 10:06:49 -07:00
David Howells
e0339f036e watch_queue: Fix missing rcu annotation
Since __post_watch_notification() walks wlist->watchers with only the
RCU read lock held, we need to use RCU methods to add to the list (we
already use RCU methods to remove from the list).

Fix add_watch_to_object() to use hlist_add_head_rcu() instead of
hlist_add_head() for that list.

Fixes: c73be61ced ("pipe: Add general notification queue support")
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2022-07-28 10:06:49 -07:00
Dimitris Michailidis
51a83391d7 net/funeth: Fix fun_xdp_tx() and XDP packet reclaim
The current implementation of fun_xdp_tx(), used for XPD_TX, is
incorrect in that it takes an address/length pair and later releases it
with page_frag_free(). It is OK for XDP_TX but the same code is used by
ndo_xdp_xmit. In that case it loses the XDP memory type and releases the
packet incorrectly for some of the types. Assorted breakage follows.

Change fun_xdp_tx() to take xdp_frame and rely on xdp_return_frame() in
reclaim.

Fixes: db37bc177d ("net/funeth: add the data path")
Signed-off-by: Dimitris Michailidis <dmichail@fungible.com>
Link: https://lore.kernel.org/r/20220726215923.7887-1-dmichail@fungible.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2022-07-28 12:54:10 +02:00