The only significant change is the regression fixes for the jack
detection at resume on HD-audio, while others are all small or
trivial fixes like the coverage of missing error code or usual
HD-audio quirk.
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAlyUvuwOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE/rQg/9FC+D8pmja9dIooWDr0M4Ls0ru9wAguyOlB13
923tGWhmKi4NQkQq+Zj3tyHjz8O3oHB+wJ6axJKjGBj1TqInCtgWp1Opce6GBlC7
4fxeD/yYr7ZwDwDNy/Ck0Hmzm1RZqjOqvOIMu854AmLu8YChqCjYmIlAw8HHjtJL
I71RMVyfzvs+B8PjSC4FcxIOoL+FB/DcRh0YVt+H+UjmHDBbCS7IIFKcDtHxxN53
MIUFKuJ+6bLeQ4eX2MHvevQl0/5Hqi/RC+oKKi9+ONdMBLR+BZWuI8j05A3hWBfr
6AroRBt+y7nG6N7C4EOYOgD0dUu/PDVl+EWqaqqUvJNq/+NlkVYvMkeyIUTrKAPm
FWrfswRS3hUboj54EubD8Yv2R1JmH7wap2Ij7CrfAiLQNhyoW+TN5bHJq3kK2dy/
gno7ybiHrX4KRQrmVt9jffUIMKRDPBrVe9iRw6JlC6b1Z+ucK8nfZ5PGgpcdjgCg
wx5+IHLx19aTPntc+7xMcIH3LKMsADl0MiW+yO0q8VOCfcih/dN2ATgTRoqZ0pFi
SVkR/vjnSJ8thNThjMTSTac3o3QSTsJ/KlVDzayU4XX/IMnge0njSf3jBLB3lLVU
zKpB2FLtlQ6Ep95d8JnUxdG5CNXYta297hxZQcYuHpiBYoIb+w0+JDvowqMWqfs5
+kM1e58=
=nOjQ
-----END PGP SIGNATURE-----
Merge tag 'sound-5.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"The only significant change is the regression fixes for the jack
detection at resume on HD-audio, while others are all small or trivial
fixes like the coverage of missing error code or usual HD-audio quirk"
* tag 'sound-5.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda/realtek: Enable headset MIC of Acer AIO with ALC286
ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
ALSA: hda - Don't trigger jackpoll_work in azx_resume
ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration
ALSA: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist
ALSA: firewire-motu: use 'version' field of unit directory to identify model
ALSA: sb8: add a check for request_region
ALSA: echoaudio: add a check for ioremap_nocache
Prevent device references acquired by bus_find_device() in
acpi_dev_present() from being leaked (Andy Shevchenko).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJclLSKAAoJEILEb/54YlRx4G8P/0Q5F2KRIBIXjVI8lFAK4pZG
lMz7QYZZzazisENqm0ad0WFyozUzLgFacq/6ES1sCzgx+pooFRibb/iUKGUSO+6T
Z2urH20e4aDXGq6T3Z3lhhIofrtAvwWmz0z9XK8P22OWgIa9v+WwuPBftYhs/xuL
fDZPH3H1gQcuaaGZvKfh/z1/fx80rMq34/zdKyL7uUUBNhLtShuA2FO1lnpaBp+M
l+hXoSh4GQ+aoVBhgtBTkBoqGL9btTrlAb9q9Z1EXtkjlKqLstNWixFJtQVSSIBg
pCu+JrDYAwZuD2/Iqn0Jfm9Zm/92lJoyBgdskQ9OZSn5IobP6aFGh9k9JH4sW98e
QQ7RgUiGN91xuABsNntiVxkedACDYB2ct+R8yTyEeVIetNXo5cq7uwIKKKFCv9FF
THNefsyrNJSy9v/11H75YMIwe7yQ4HXJbcRSr1iAcOwA/WF80uLnnqa+SmdlgG/F
imuMEaAtagRvyllN9p7D/QXfdny97Cr9kDnWG0xhxkEoNaiwNEuHE3YExXUj6mJ3
ib2IiHd1Z8vZzqR02a202CjmrRG1MwBr8Z9aHMh9jvuozzqdLHMDYJrSBcUchf5x
kKni78CfEZpkvK1xO8b7kR4S90qoDwXGUSrXNp748Ik6FBs/HYi4lFGvbheiRzg5
uYI2gn0tblyblHLajDSW
=h/7V
-----END PGP SIGNATURE-----
Merge tag 'acpi-5.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI fix from Rafael Wysocki:
"Prevent device references acquired by bus_find_device() in
acpi_dev_present() from being leaked (Andy Shevchenko)"
* tag 'acpi-5.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI / utils: Drop reference in test for device presence
- Rearrange the generic power domains (genpd) code to avoid a
potential deadlock possible due to its interactions with the
clock framework (Jiada Wang).
- Make turbostat return the exit status of the command run
under it if that command fails (David Arcari).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJclLQMAAoJEILEb/54YlRxcZ4QALHPxGJFBGYo0XXL/pDcOm6+
ie3MmI1dR+3TXziYMU2tsV7ZaFC/LDsjHA5Nq6bKH3g+BVjFuF+NDFBwWFEqqy+n
n5QHxG0IiGWqc6Ty4TxKiw9fDSKHYBv4n4MQqibi9SIDaEdJVDM/AUXUZXVm+8bM
AkGPjmPoxRAw7ui0z/HefWI/40piZRlYMZvFao4LY6VmZBhSMlnnWXFUXJjnfns7
u1cPbqlzapmI9TeI0+vZKX3Xt2gJzlKB25IN5ZV6o5kZy05m6HQKvP4QKEJ3VhAX
fHZjLYiewE1125Yit0A2vDlJC08jptSxhA5M+3zQ4gLdn+qD/NmpvQOI9e5Dqxf0
E1wk2DjNoIEs55OaXeyQlluigXtc4hxZPgZ+vqFmf0iw1Q8CrwI29kWElqWF6LPi
tYJ+QUCy2ZqqYgxQ0SLqyCkTyVV8OBLsSG3P3DNkCy18Z+ii+tHehbFzsYsuJrEg
TRB9jzqs0eJ/XvR24++Ltw0l8mUtOW8qGf7Vq9XmrzOG5eeAY1OU9cld5ziZ6Sgw
AAwxujy3nLL3dn4fr/d151EWLitMCebJpEgCTrV2ucnW288XcfMR5ev1nT2SI5MV
qBiSDKFRCSuHtVMOrgieawYswXgcjLW8kFhIrHxk3SUrcFRSlkUhqoCiVSsKYBuS
oJx4F5Zoa0U6LBu8lMvt
=RgAd
-----END PGP SIGNATURE-----
Merge tag 'pm-5.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull power management fixes from Rafael Wysocki:
"These rearrange some code in the generic power domains (genpd)
framework to avoid a potential deadlock and make the turbostat utility
behave more as expected.
Specifics:
- Rearrange the generic power domains (genpd) code to avoid a
potential deadlock possible due to its interactions with the clock
framework (Jiada Wang)
- Make turbostat return the exit status of the command run under it
if that command fails (David Arcari)"
* tag 'pm-5.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
PM / Domains: Avoid a potential deadlock
tools/power turbostat: return the exit status of a command
When building with -Wsometimes-uninitialized, Clang warns:
arch/x86/kernel/hw_breakpoint.c:355:2: warning: variable 'align' is used
uninitialized whenever switch default is taken
[-Wsometimes-uninitialized]
The default cannot be reached because arch_build_bp_info() initializes
hw->len to one of the specified cases. Nevertheless the warning is valid
and returning -EINVAL makes sure that this cannot be broken by future
modifications.
Suggested-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: clang-built-linux@googlegroups.com
Link: https://github.com/ClangBuiltLinux/linux/issues/392
Link: https://lkml.kernel.org/r/20190307212756.4648-1-natechancellor@gmail.com
After the original patch network starts to crash on heavy load.
It's not fully clear why this additional register read has such side
effects, but removing it fixes the issue.
Thanks also to Alex for his contribution and hints.
[0] https://marc.info/?t=155268170400002&r=1&w=2
Fixes: e782410ed2 ("r8169: improve spurious interrupt detection")
Reported-by: VDR User <user.vdr@gmail.com>
Tested-by: VDR User <user.vdr@gmail.com>
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Reviewed-by: Alexander Duyck <alexander.h.duyck@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
sparse complains:
CHECK kernel/watchdog.c
kernel/watchdog.c:45:19: warning: symbol 'nmi_watchdog_available'
was not declared. Should it be static?
kernel/watchdog.c:47:16: warning: symbol 'watchdog_allowed_mask'
was not declared. Should it be static?
They're not referenced by name from anyplace else, make them static.
Signed-off-by: Valdis Kletnieks <valdis.kletnieks@vt.edu>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/7855.1552383228@turing-police
sparse complains:
CHECK kernel/time/jiffies.c
kernel/time/jiffies.c:92:20: warning: symbol 'refined_jiffies' was not
declared. Should it be static?
Its only used in file scope. Make it static.
Signed-off-by: Valdis Kletnieks <valdis.kletnieks@vt.edu>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/32342.1552379915@turing-police
Building with 'make W=1' complains:
CC kernel/irq/devres.o
kernel/irq/devres.c:104: warning: Excess function parameter 'thread_fn'
description in 'devm_request_any_context_irq'
Remove it.
Signed-off-by: Valdis Kletnieks <valdis.kletnieks@vt.edu>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/31207.1552378676@turing-police
With 'make C=2 W=1', sparse and gcc both complain:
CHECK arch/x86/mm/pti.c
arch/x86/mm/pti.c:84:3: warning: symbol 'pti_mode' was not declared. Should it be static?
arch/x86/mm/pti.c:605:6: warning: symbol 'pti_set_kernel_image_nonglobal' was not declared. Should it be static?
CC arch/x86/mm/pti.o
arch/x86/mm/pti.c:605:6: warning: no previous prototype for 'pti_set_kernel_image_nonglobal' [-Wmissing-prototypes]
605 | void pti_set_kernel_image_nonglobal(void)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
pti_set_kernel_image_nonglobal() is only used locally. 'pti_mode' exists in
drivers/hwtracing/intel_th/pti.c as well, but it's a completely unrelated
local (static) symbol.
Make both static.
Signed-off-by: Valdis Kletnieks <valdis.kletnieks@vt.edu>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://lkml.kernel.org/r/27680.1552376873@turing-police
The futex code requires that the user space addresses of futexes are 32bit
aligned. sys_futex() checks this in futex_get_keys() but the robust list
code has no alignment check in place.
As a consequence the kernel crashes on architectures with strict alignment
requirements in handle_futex_death() when trying to cmpxchg() on an
unaligned futex address which was retrieved from the robust list.
[ tglx: Rewrote changelog, proper sizeof() based alignement check and add
comment ]
Fixes: 0771dfefc9 ("[PATCH] lightweight robust futexes: core")
Signed-off-by: Chen Jie <chenjie6@huawei.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: <dvhart@infradead.org>
Cc: <peterz@infradead.org>
Cc: <zengweilin@huawei.com>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/1552621478-119787-1-git-send-email-chenjie6@huawei.com
The driver sets a default domain id (FLPT_DEFAULT_DID) in the
first level only pasid entry, but saves a different domain id
in @sdev->did. The value saved in @sdev->did will be used to
invalidate the translation caches. Hence, the driver might
result in invalidating the caches with a wrong domain id.
Cc: Ashok Raj <ashok.raj@intel.com>
Cc: Jacob Pan <jacob.jun.pan@linux.intel.com>
Fixes: 1c4f88b7f1 ("iommu/vt-d: Shared virtual address in scalable mode")
Signed-off-by: Liu Yi L <yi.l.liu@intel.com>
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
The spec states in 10.4.16 that the Protected Memory Enable
Register should be treated as read-only for implementations
not supporting protected memory regions (PLMR and PHMR fields
reported as Clear in the Capability register).
Cc: Jacob Pan <jacob.jun.pan@linux.intel.com>
Cc: mark gross <mgross@intel.com>
Suggested-by: Ashok Raj <ashok.raj@intel.com>
Fixes: f8bab73515 ("intel-iommu: PMEN support")
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
If a 32 bit allocation request is too big to possibly succeed, it
early exits with a failure and then should never update max32_alloc_
size. This patch fixes current code, now the size is only updated if
the slow path failed while walking the tree. Without the fix the
allocation may enter the slow path again even if there was a failure
before of a request with the same or a smaller size.
Cc: <stable@vger.kernel.org> # 4.20+
Fixes: bee60e94a1 ("iommu/iova: Optimise attempts to allocate iova from 32bit address range")
Reviewed-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Robert Richter <rrichter@marvell.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJclEWjAAoJEAx081l5xIa+5g8QAJmtCZU/sNqyatqVy3tJNSmM
gXmrHDl/rM44TI1QDc82TP8v2GFxs66/LskjO687EhN2O2cVBtahbDwZrGq4OyvS
DLLC/T1suMgLLhw5RWtVkEe+2Xv/AaIsQ1nr2qkR9JWk8/ye9tgNgBfNeFfhCa+3
Pc5WIrVr7iJshJKuFJU7T5IBUwxGfhPRlBjZ2Lvu/VpZaH2TL4sD6KB1P86jTg2x
zcQpX8HCLQtBBc2BVGGj5J/7ZU92WVdDkQYAYUlagoEL6KKj3GINbONGE+D1Rndy
RmhZ44I6EQSzSZPOQKMPGUr7v8j7j4FrBNQXfgA958ihGyAewtTv4y+BxlHU+hnM
70t8w8PDRwHNDiPuTK2/H683l45V3yINat4evu3JI76Jk0lichDDICsU/opYjx6r
vhC+AksmypYGd9ddjm/EWB5XW8z4gBO3L5mnhCR3qKUhzEozFpR+3MVktdY7fPbd
YbUl4GM/1mvstMvQNWu224yILMdvaZa3aiHLUND/oViFP1AsVVAYroHPYY+E65tY
Zlw9JELiUBgeGJxbYtMovn2n0aAnDGjTKtZAxy7pkz8QI059MVvdhaAQTSEViBTR
UmMgTUWTb6fWwZ6a6FpzC/c9a/zaQMIWPYNUnu/TCPkDpGP7m6H0tv6U7aP4IOUP
dIp1fQKqxx1BVpfx+Hpi
=yoB3
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-2019-03-22' of git://anongit.freedesktop.org/drm/drm
Pull drm fixes from Dave Airlie:
"i915, amdgpu, vmwgfx, exynos, nouveau and udl fixes.
Seems to be lots of little minor ones for regressions in rc1, and some
cleanups. The exynos one is the largest one, and is for a hw
difference between exynos versions"
* tag 'drm-fixes-2019-03-22' of git://anongit.freedesktop.org/drm/drm:
drm/nouveau/dmem: empty chunk do not have a buffer object associated with them.
drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure
drm/nouveau/dmem: Fix a NULL vs IS_ERR() check
drm/nouveau/dmem: remove set but not used variable 'drm'
drm/exynos/mixer: fix MIXER shadow registry synchronisation code
drm/vmwgfx: Don't double-free the mode stored in par->set_mode
drm/vmwgfx: Return 0 when gmrid::get_node runs out of ID's
drm/amdgpu: fix invalid use of change_bit
drm/amdgpu: revert "cleanup setting bulk_movable"
drm/i915: Sanity check mmap length against object size
drm/i915: Fix off-by-one in reporting hanging process
drm/i915/bios: assume eDP is present on port A when there is no VBT
drm/udl: use drm_gem_object_put_unlocked.
Commit 7640ead939 ("bpf: verifier: make sure callees don't prune
with caller differences") connected up parentage chains of all
frames of the stack. It didn't, however, ensure propagate_liveness()
propagates all liveness information along those chains.
This means pruning happening in the callee may generate explored
states with incomplete liveness for the chains in lower frames
of the stack.
The included selftest is similar to the prior one from commit
7640ead939 ("bpf: verifier: make sure callees don't prune with
caller differences"), where callee would prune regardless of the
difference in r8 state.
Now we also initialize r9 to 0 or 1 based on a result from get_random().
r9 is never read so the walk with r9 = 0 gets pruned (correctly) after
the walk with r9 = 1 completes.
The selftest is so arranged that the pruning will happen in the
callee. Since callee does not propagate read marks of r8, the
explored state at the pruning point prior to the callee will
now ignore r8.
Propagate liveness on all frames of the stack when pruning.
Fixes: f4d7e40a5b ("bpf: introduce function calls (verification)")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
While there is no mainline board that makes use of the PWM still enable the
driver for it to increase compile test coverage.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
After the pwm-imx driver was split into two drivers and the Kconfig symbol
changed accordingly, use the new name to continue being able to use the
PWM hardware.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
The switch is accessible through pseudo PHY which is located at 0x10.
Signed-off-by: Michal Vokáč <michal.vokac@ysoft.com>
Fixes: 87489ec3a7 ("ARM: dts: imx: Add Y Soft IOTA Draco, Hydra and Ursa boards")
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
plus a fix off-by-one in our hang report and a protection;
and a fix for eDP panels on Gen9 platforms on VBT absence.
-----BEGIN PGP SIGNATURE-----
iQEcBAABAgAGBQJckpgDAAoJEPpiX2QO6xPKDDgH/i9AQQLbJCX/nXzJUhnKSvu5
xFIFbXt/kd5hkeRVZ/qLW831okdJdVq8GW/C4AAfEMNbnhhhAI1/PRuO7lrHKuU6
QAOKvJrNKkdRxNrkHArIKXTdfjr4UnXOgQFSgFQNRLFmOi9/czoeWG0/kGkvp+WT
6HV7o1Zgghqs9SUOtmA9TZ/znq1neLlwJRuePep1TY4vbJoWnZ0ekn/MqUPDWpg2
W5stfS7AyuMX1CWJnr91G6NEqaU8Bm9aC1WmBqvdPPkVYWIJNDGWLjOEDpqzdoi4
D17RntvZ685mer+GM6fMICY09lC9vuYomT3gdRy4ZLz24VmMSyZJ7juJoYYGa7Y=
=gHfL
-----END PGP SIGNATURE-----
Merge tag 'drm-intel-fixes-2019-03-20' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
A protection on our mmap against attempts to map past the end of the object;
plus a fix off-by-one in our hang report and a protection;
and a fix for eDP panels on Gen9 platforms on VBT absence.
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Rodrigo Vivi <rodrigo.vivi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190320201451.GA7993@intel.com
Empty chunk do not have a bo associated with them so no need to pin/unpin
on suspend/resume.
This fix suspend/resume on 5.1rc1 when NOUVEAU_SVM is enabled.
Signed-off-by: Jérôme Glisse <jglisse@redhat.com>
Reviewed-by: Tobias Klausmann <tobias.johannes.klausmann@mni.thm.de>
Tested-by: Tobias Klausmann <tobias.johannes.klausmann@mni.thm.de>
Cc: Ben Skeggs <bskeggs@redhat.com>
Cc: dri-devel@lists.freedesktop.org
Cc: nouveau@lists.freedesktop.org
Cc: David Airlie <airlied@linux.ie>
Cc: Daniel Vetter <daniel@ffwll.ch>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
pm_runtime_get_sync returns negative on failure.
Fixes: eaeb9010bb ("drm/nouveau/debugfs: Wake up GPU before doing any reclocking")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
The hmm_devmem_add() function doesn't return NULL, it returns error
pointers.
Fixes: 5be73b6908 ("drm/nouveau/dmem: device memory helpers for SVM")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Fixes gcc '-Wunused-but-set-variable' warning:
drivers/gpu/drm/nouveau/nouveau_dmem.c: In function 'nouveau_dmem_free':
drivers/gpu/drm/nouveau/nouveau_dmem.c:103:22: warning:
variable 'drm' set but not used [-Wunused-but-set-variable]
struct nouveau_drm *drm;
^
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
When there is only one byte in a frag, the current calculation
using "(size + HNS3_MAX_BD_SIZE - 1) >> HNS3_MAX_BD_SIZE_OFFSET"
will return zero, because HNS3_MAX_BD_SIZE is 65535 and
HNS3_MAX_BD_SIZE_OFFSET is 16. So it will cause tx error when
a frag's size is one byte.
This patch fixes it by using DIV_ROUND_UP.
Fixes: 3fe13ed95d ("net: hns3: avoid mult + div op in critical data path")
Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
As it stands if a shrink is delayed because of an outstanding
rehash, we will go into a rescheduling loop without ever doing
the rehash.
This patch fixes this by still carrying out the rehash and then
rescheduling so that we can shrink after the completion of the
rehash should it still be necessary.
The return value of EEXIST captures this case and other cases
(e.g., another thread expanded/rehashed the table at the same
time) where we should still proceed with the rehash.
Fixes: da20420f83 ("rhashtable: Add nested tables")
Reported-by: Josh Elsasser <jelsasser@appneta.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Josh Elsasser <jelsasser@appneta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Davide Caratti says:
====================
net/sched: validate the control action with all the other parameters
currently, the kernel checks for bad values of the control action in
tcf_action_init_1(), after a successful call to the action's init()
function. When the control action is 'goto chain', this causes two
undesired behaviors:
1. "misconfigured action after replace that causes kernel crash":
if users replace a valid TC action with another one having invalid
control action, all the new configuration data (including the bad
control action) are applied successfully, even if the kernel returned
an error. As a consequence, it's possible to trigger a NULL pointer
dereference in the traffic path of every TC action (1), replacing the
control action with 'goto chain x', when chain <x> doesn't exist.
2. "refcount leak that makes kmemleak complain"
when a valid 'goto chain' action is overwritten with another action,
the kernel forgets to decrease refcounts in the chain.
The above problems can be fixed if we validate the control action in each
action's init() function, the same way as we are already doing for all the
other configuration parameters.
Now that chains can be released after an action is replaced, we need to
care about concurrent access of 'goto_chain' pointer: ensure we access it
through RCU, like we did with most action-specific configuration parameters.
- Patch 1 removes the wrong checks and provides functions that can be
used to properly validate control actions in individual actions
- Patch 2 to 16 fix individual actions, and add TDC selftest code to
verify the correct behavior (2)
- Patch 17 and 18 fix concurrent access issues on 'goto_chain', that can be
observed after the chain refcount leak is fixed.
Changes since v1:
- reword the cover letter
- condense the extack message in case tc_action_check_ctrlact() is called
with invalid parameters.
- add tcf_action_set_ctrlact() to avoid code duplication an make the
RCU-ification of 'goto_chain' easier.
- fix errors in act_ife, act_simple, act_skbedit, and avoid useless 'goto
end' in act_connmark, thanks a lot to Vlad Buslov.
- avoid dereferencing 'goto_chain' in tcf_gact_goto_chain_index(), so
we don't have to care about the grace period there.
- let actions respect the grace period when they release chains, thanks
to Cong Wang and Vlad Buslov.
Changes since RFC:
- include a fix for all TC actions
- add a selftest for each TC action
- squash fix for refcount leaks into a single patch, the first in the
series, thanks to Cong Wang
- ensure that chain refcount is released without tcfa_lock held, thanks
to Vlad Buslov
Notes:
(1) act_ipt didn't need any fix, as the control action is constantly equal
to TC_ACT_OK.
(2) the selftest for act_simple fails because userspace tc backend for
'simple' does not parse the control action correctly (and hardcodes it
to TC_ACT_PIPE).
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
use RCU when accessing the action chain, to avoid use after free in the
traffic path when 'goto chain' is replaced on existing TC actions (see
script below). Since the control action is read in the traffic path
without holding the action spinlock, we need to explicitly ensure that
a->goto_chain is not NULL before dereferencing (i.e it's not sufficient
to rely on the value of TC_ACT_GOTO_CHAIN bits). Not doing so caused NULL
dereferences in tcf_action_goto_chain_exec() when the following script:
# tc chain add dev dd0 chain 42 ingress protocol ip flower \
> ip_proto udp action pass index 4
# tc filter add dev dd0 ingress protocol ip flower \
> ip_proto udp action csum udp goto chain 42 index 66
# tc chain del dev dd0 chain 42 ingress
(start UDP traffic towards dd0)
# tc action replace action csum udp pass index 66
was run repeatedly for several hours.
Suggested-by: Cong Wang <xiyou.wangcong@gmail.com>
Suggested-by: Vlad Buslov <vladbu@mellanox.com>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
callers of tcf_gact_goto_chain_index() can potentially read an old value
of the chain index, or even dereference a NULL 'goto_chain' pointer,
because 'goto_chain' and 'tcfa_action' are read in the traffic path
without caring of concurrent write in the control path. The most recent
value of chain index can be read also from a->tcfa_action (it's encoded
there together with TC_ACT_GOTO_CHAIN bits), so we don't really need to
dereference 'goto_chain': just read the chain id from the control action.
Fixes: e457d86ada ("net: sched: add couple of goto_chain helpers")
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
