Only when the IB_QP_PATH_MTU flag of attr_mask is set
it is valid to assign the mtu field of qp context when
qp type is not GSI and UD.
Signed-off-by: Lijun Ou <oulijun@huawei.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
According to RoCE protocol, it is possible to
transition from error to error state for modifying
qp in hip08. This patch fix it.
Signed-off-by: Lijun Ou <oulijun@huawei.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
RDMA read operation is not supported inline data. If user cofigures
issue a RDMA read and use inline data, it will happen a hardware
error.
Signed-off-by: Lijun Ou <oulijun@huawei.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
During init hem table, type should be used instead of
table->type which is finally initializaed with type.
Signed-off-by: Lijun Ou <oulijun@huawei.com>
Signed-off-by: Yixian Liu <liuyixian@huawei.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
When skb is sent, it will pass the following functions in soft roce.
rxe_send [rdma_rxe]
ip_local_out
__ip_local_out
ip_output
ip_finish_output
ip_finish_output2
dev_queue_xmit
__dev_queue_xmit
dev_hard_start_xmit
In the above functions, if error occurs in the above functions or
iptables rules drop skb after ip_local_out, kfree_skb will be called.
So it is not necessary to call kfree_skb in soft roce module again.
Or else crash will occur.
The steps to reproduce:
server client
--------- ---------
|1.1.1.1|<----rxe-channel--->|1.1.1.2|
--------- ---------
On server: rping -s -a 1.1.1.1 -v -C 10000 -S 512
On client: rping -c -a 1.1.1.1 -v -C 10000 -S 512
The kernel configs CONFIG_DEBUG_KMEMLEAK and
CONFIG_DEBUG_OBJECTS are enabled on both server and client.
When rping runs, run the following command in server:
iptables -I OUTPUT -p udp --dport 4791 -j DROP
Without this patch, crash will occur.
CC: Srinivas Eeda <srinivas.eeda@oracle.com>
CC: Junxiao Bi <junxiao.bi@oracle.com>
Signed-off-by: Zhu Yanjun <yanjun.zhu@oracle.com>
Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
w/o RXE_START_MASK, the last_psn of IB_OPCODE_RC_SEND_ONLY_INV
will not be updated in update_wqe_psn, and the corresponding
wqe will not be acked in rxe_completer due to its last_psn is
zero. Finally, the other wqe will also not be able to be acked,
because the wqe of IB_OPCODE_RC_SEND_ONLY_INV with last_psn 0
is still there. This causes large amount of io timeout when
nvmeof is over rxe.
Add RXE_START_MASK for IB_OPCODE_RC_SEND_ONLY_INV to fix this.
Signed-off-by: Jianchao Wang <jianchao.w.wang@oracle.com>
Reviewed-by: Zhu Yanjun <yanjun.zhu@oracle.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
In the cases where iwpm_hash_bucket is NULL and where function
get_mapinfo_hash_bucket returns NULL then the map_info is never added
to hash_bucket_head and hence there is a leak of map_info. Fix this
by nullifying hash_bucket_head and if that is null we know that
that map_info was not added to hash_bucket_head and hence map_info
should be free'd.
Detected by CoverityScan, CID#1222481 ("Resource Leak")
Fixes: 30dc5e63d6 ("RDMA/core: Add support for iWARP Port Mapper user space service")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
- Close some potential spectre-v1 vulnerabilities found by smatch
- Add missing list sentinel for CPUs that don't require KPTI
- Removal of unused 'addr' parameter for I/D cache coherency
- Removal of redundant set_fs(KERNEL_DS) calls in ptrace
- Fix single-stepping state machine handling in response to kernel traps
- Clang support for 128-bit integers
- Avoid instrumenting our out-of-line atomics in preparation for enabling
LSE atomics by default in 4.18
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABCgAGBQJa4w6JAAoJELescNyEwWM0P2IIAMLITiYvB+LEwWH6VZ5zl+D0
F1qoQPon6M68fSc86rNNwoOrLzisHPTMMyR3re5+rHe67EwHCMtupkNk3s/+/vi3
PVq3W2Rjw9GTFL/7sDNmaHvJLQ3lG1HAh4uO2WneLbLV6wkbw7/JlmCcwlS48zB0
zxY5fKnZNPCAfAT34TYZGMHINy5rOoo7+H3+/ZB/f4jc3FIatfnsUb3+Mr5B/lZ9
HoOddh9PEt+CY2v5Yr2M6FJuu/oaZdX+KaAUlynd44jyF+XgB5BxXTEHoD4bEO9l
q8CzjqzUqqBn8qSF36r/gdffH4eAKkrFgMCxjdEbPX1cOj67fTquNALBmAhAA7M=
=CIk+
-----END PGP SIGNATURE-----
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fixes from Will Deacon:
"Nothing too bad, but the spectre updates to smatch identified a few
places that may need sanitising so we've got those covered.
Details:
- Close some potential spectre-v1 vulnerabilities found by smatch
- Add missing list sentinel for CPUs that don't require KPTI
- Removal of unused 'addr' parameter for I/D cache coherency
- Removal of redundant set_fs(KERNEL_DS) calls in ptrace
- Fix single-stepping state machine handling in response to kernel
traps
- Clang support for 128-bit integers
- Avoid instrumenting our out-of-line atomics in preparation for
enabling LSE atomics by default in 4.18"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: avoid instrumenting atomic_ll_sc.o
KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_mmio_read_apr()
KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_get_irq()
arm64: fix possible spectre-v1 in ptrace_hbp_get_event()
arm64: support __int128 with clang
arm64: only advance singlestep for user instruction traps
arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp
arm64: ptrace: remove addr_limit manipulation
arm64: mm: drop addr parameter from sync icache and dcache
arm64: add sentinel to kpti_safe_list
The method ndo_start_xmit() is defined as returning an 'netdev_tx_t',
which is a typedef for an enum type, but the implementation in this
driver returns an 'int'.
Fix this by returning 'netdev_tx_t' in this driver too.
Signed-off-by: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
The method ndo_start_xmit() is defined as returning an 'netdev_tx_t',
which is a typedef for an enum type, but the implementation in this
driver returns an 'int'.
Fix this by returning 'netdev_tx_t' in this driver too.
Signed-off-by: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
- Fix display of module section addresses in sysfs, which were getting
hashed with %pK and breaking tools like perf.
Signed-off-by: Jessica Yu <jeyu@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJa4wQwAAoJEMBFfjjOO8Fy5IUQAJYKkClqo0BuQocleR9aPJSg
dIzeSHeUThT66KSBrmi74Q4t2UoVg4M4V/ktAIECqW9oNn2eWvVd5tovgEHntqYL
GevuQK207VOJSNS+ohE0N0hPACd2hjCu58EnMUUheDvRdFHpLwTBqnejN6EvIq/o
OoEin6Iq/NKdYCY2yQt5iRROmph61rpIyM4/js4BRz4flLE/MZemHRekNMhmMSqr
IjUv83ez50PaWJAmk0fjNqAw9j2EmSl5B77wGrM+POifvcvBdxzBZpbeZHgdAESX
3QgUihDRkpJ/bhf+HvmVxNe2WRV/7WD8d+3e/drkg2++CeP/Pw+bWCpcMflMZOOg
MIroCd4H3jOSK2aunal1WftGca0awj4XdHdl01m3OgwAGUc6gCxwuPQ6/UaYUhkf
jV4BV0XROvR49Mgs9V8/aZpomfF7u2vLZPPiR/2yvylcRfh6Fh7iUJU/N+LGFjdU
KQCmt7ZWgGFYaf392bexVdQzMA+R1h0IWn6mKm6krdQ6x3XnQ/f0wwtWc0G6Vb1B
ojF73rWCUqe6W/UhCk1ja3Bz6kOuECeKZr2YUTPiOJhNsLl3kDUhFhdH0ObX0D4x
cf+VZep6hQoagc2x3ZcWe5AiBeChwQ0xypV19AVvGcgfGfoX6EQ61ORcqDVdcgO4
fr39iXQSvau7jFP7EyTg
=ZGdS
-----END PGP SIGNATURE-----
Merge tag 'modules-for-v4.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux
Pull modules fix from Jessica Yu:
"Fix display of module section addresses in sysfs, which were getting
hashed with %pK and breaking tools like perf"
* tag 'modules-for-v4.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux:
module: Fix display of wrong module .text address
There are few issues with validation of netdevice and listen id lookup
for IB (IPoIB) while processing incoming CM request as below.
1. While performing lookup of bind_list in cma_ps_find(), net namespace
of the netdevice can get deleted in cma_exit_net(), resulting in use
after free access of idr and/or net namespace structures.
This lookup occurs from the workqueue context (and not userspace
context where net namespace is always valid).
CPU0 CPU1
==== ====
bind_list = cma_ps_find();
move netdevice to new namespace
delete net namespace
cma_exit_net()
idr_destroy(idr);
[..]
cma_find_listener(bind_list, ..);
2. While netdevice is validated for IP address in given net namespace,
netdevice's net namespace and/or ifindex can change in
cma_get_net_dev() and cma_match_net_dev().
Above issues are overcome by using rcu lock along with netdevice
UP/DOWN state as described below.
When a net namespace is getting deleted, netdevice is closed and
shutdown before moving it back to init_net namespace.
change_net_namespace() synchronizes with any existing use of netdevice
before changing the netdev properties such as net or ifindex.
Once netdevice IFF_UP flags is cleared, such fields are not guaranteed
to be valid.
Therefore, rcu lock along with netdevice state check ensures that,
while route lookup and cm_id lookup is in progress, netdevice of
interest won't migrate to any other net namespace.
This ensures that associated net namespace of netdevice won't get
deleted while rcu lock is held for netdevice which is in IFF_UP state.
Fixes: fa20105e09 ("IB/cma: Add support for network namespaces")
Fixes: 4be74b42a6 ("IB/cma: Separate port allocation to network namespaces")
Fixes: f887f2ac87 ("IB/cma: Validate routing of incoming requests")
Signed-off-by: Parav Pandit <parav@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
messenger layer, marked for stable.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCAAGBQJa4y7RAAoJEEp/3jgCEfOLaOAH/jLawBpY9He0fwyRoDctOZAb
KwZyFfCl7XnThJiejMt864cJ0vjU6iufE+3kxFqUWEhOH4nhXYWNdNJ3Tgn1satY
uwG5PJGYy+El0xL6C7IYeasy+y8wbtvYdjRqYEAnEzTH2xQ99GsN1QPMjySAacvQ
ONz/11Mdj6C8bLfIsth4jcCkkC9TqlWYmyCds4GADN+a/Nw6vwT+ew88kgVDhBcD
JUjFsBpxe+WtR7rKUhldd+lwngiJ3D4YCKLogJgaYAwVBJoK3lbdldd9FH9/JGyf
67Y2j/oOTPWCWnZuXtUw7dEvTCuW5QSMQJyXB1+vndsN1Y3mfWwlVMw1wREtQXs=
=BShN
-----END PGP SIGNATURE-----
Merge tag 'ceph-for-4.17-rc3' of git://github.com/ceph/ceph-client
Pull ceph fixes from Ilya Dryomov:
"A CephFS quota follow-up and fixes for two older issues in the
messenger layer, marked for stable"
* tag 'ceph-for-4.17-rc3' of git://github.com/ceph/ceph-client:
libceph: validate con->state at the top of try_write()
libceph: reschedule a tick in finish_hunting()
libceph: un-backoff on tick when we have a authenticated session
ceph: check if mds create snaprealm when setting quota
Previously, if a method contained mandatory attributes in a namespace
that wasn't given by the user, these attributes weren't validated.
Fixing this by iterating over all specification namespaces.
Fixes: fac9658cab ("IB/core: Add new ioctl interface")
Signed-off-by: Matan Barak <matanb@mellanox.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
The c4iw_rdev_close() logic was not releasing all the hw
resources (PBL and RQT memory) during the device removal
event (driver unload / system reboot). This can cause panic
in gen_pool_destroy().
The module remove function will wait for all the hw
resources to be released during the device removal event.
Fixes c12a67fe(iw_cxgb4: free EQ queue memory on last deref)
Signed-off-by: Raju Rangoju <rajur@chelsio.com>
Reviewed-by: Steve Wise <swise@opengridcomputing.com>
Cc: stable@vger.kernel.org
Signed-off-by: Doug Ledford <dledford@redhat.com>
A few fixes for 4.17 but nothing really special. The new ETSI WMM
parameter support for iwlwifi is not technically a bugfix but
important for regulatory compliance.
iwlwifi
* use new ETSI WMM parameters from regulatory database
* fix a regression with the older firmware API 31 (eg. 31.560484.0)
brcmfmac
* fix a double free in nvmam loading fails
rtlwifi
* yet another fix for ant_sel module parameter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJa4aIYAAoJEG4XJFUm622bOnMH/j7LR1jtny0B8MecnkIt82Ar
uRl/dChzygAsPf2siR5bED5BJPMGuZTl9KWo/XsVP9GSZ5bQewXWmkF+7FXmgP98
MJcxnHDVqhIDzNk5BUtAYQSjpucoZVAy/ueVYwiB526XYjRGCf+15Ie9po/AkBPI
Dd+uRhT0hKAJmnXFtSxtIpkN1E8oBHFiHVyi76HELO8y5eyTnUm4Wxxu0l6tl7D1
elaCK1uLaZm+s5CeyOuJwvYT/k7p5b0knLAyjWOAaTWbSyF02FjY7AIaKhjcJH2m
rOoni7vEa8INQFyK77HOi+d06fWxgSprfZ8dLMxurV12NPFpGzcX7a3tYFpquFE=
=lizT
-----END PGP SIGNATURE-----
Merge tag 'wireless-drivers-for-davem-2018-04-26' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers
Kalle Valo says:
====================
wireless-drivers fixes for 4.17
A few fixes for 4.17 but nothing really special. The new ETSI WMM
parameter support for iwlwifi is not technically a bugfix but
important for regulatory compliance.
iwlwifi
* use new ETSI WMM parameters from regulatory database
* fix a regression with the older firmware API 31 (eg. 31.560484.0)
brcmfmac
* fix a double free in nvmam loading fails
rtlwifi
* yet another fix for ant_sel module parameter
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
When IGMP snooping is enabled on a bridge, traffic forwarded by an MDB
entry should be sent to both ports member in the MDB's ports list and
mrouter ports.
In case a port needs to be removed from an MDB's ports list, but this
port is also configured as an mrouter port, then do not update the
device so that it will continue to forward traffic through that port.
Fix a copy-paste error that checked that IGMP snooping is enabled twice
instead of checking the port's mrouter state.
Fixes: ded711c87a ("mlxsw: spectrum_switchdev: Consider mrouter status for mdb changes")
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Reported-by: Colin King <colin.king@canonical.com>
Reviewed-by: Nogah Frankel <nogahf@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Here are some small char and misc driver fixes for 4.17-rc3
A variety of small things that have fallen out after 4.17-rc1 was out.
Some vboxguest fixes for systems with lots of memory, amba bus fixes,
some MAINTAINERS updates, uio_hv_generic driver fixes, and a few other
minor things that resolve problems that people reported.
The amba bus fixes took twice to get right, the first time I messed up
applying the patches in the wrong order, hence the revert and later
addition again with the correct fix, sorry about that.
All of these have been in linux-next with no reported issues.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCWuMvtA8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ynNswCfcg2lXYFZzS1OcMYX4TEyo/cWbHQAniYIU6st
dP0MG/whdUu7q6r6otVc
=l/Bn
-----END PGP SIGNATURE-----
Merge tag 'char-misc-4.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
Pull char/misc driver fixes from Greg KH:
"Here are some small char and misc driver fixes for 4.17-rc3
A variety of small things that have fallen out after 4.17-rc1 was out.
Some vboxguest fixes for systems with lots of memory, amba bus fixes,
some MAINTAINERS updates, uio_hv_generic driver fixes, and a few other
minor things that resolve problems that people reported.
The amba bus fixes took twice to get right, the first time I messed up
applying the patches in the wrong order, hence the revert and later
addition again with the correct fix, sorry about that.
All of these have been in linux-next with no reported issues"
* tag 'char-misc-4.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
ARM: amba: Fix race condition with driver_override
ARM: amba: Make driver_override output consistent with other buses
Revert "ARM: amba: Fix race condition with driver_override"
ARM: amba: Don't read past the end of sysfs "driver_override" buffer
ARM: amba: Fix race condition with driver_override
virt: vbox: Log an error when we fail to get the host version
virt: vbox: Use __get_free_pages instead of kmalloc for DMA32 memory
virt: vbox: Add vbg_req_free() helper function
virt: vbox: Move declarations of vboxguest private functions to private header
slimbus: Fix out-of-bounds access in slim_slicesize()
MAINTAINERS: add dri-devel&linaro-mm for Android ION
fpga-manager: altera-ps-spi: preserve nCONFIG state
MAINTAINERS: update my email address
uio_hv_generic: fix subchannel ring mmap
uio_hv_generic: use correct channel in isr
uio_hv_generic: make ring buffer attribute for primary channel
uio_hv_generic: set size of ring buffer attribute
ANDROID: binder: prevent transactions into own process.
When processing a duplicate cookie-echo chunk, sctp moves the new
temp asoc's stream out/in into the old asoc, and later frees this
new temp asoc.
But now after this move, the new temp asoc's stream->outcnt is not
cleared while stream->out is set to NULL, which would cause a same
crash as the one fixed in Commit 79d0895140 ("sctp: fix error
path in sctp_stream_init") when freeing this asoc later.
This fix is to clear this outcnt in sctp_stream_update.
Fixes: f952be79ce ("sctp: introduce struct sctp_stream_out_ext")
Reported-by: Jianwen Ji <jiji@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Since sctp ipv6 socket also supports v4 addrs, it's possible to
compare two v4 addrs in pf v6 .cmp_addr, sctp_inet6_cmp_addr.
However after Commit 1071ec9d45 ("sctp: do not check port in
sctp_inet6_cmp_addr"), it no longer calls af1->cmp_addr, which
in this case is sctp_v4_cmp_addr, but calls __sctp_v6_cmp_addr
where it handles them as two v6 addrs. It would cause a out of
bounds crash.
syzbot found this crash when trying to bind two v4 addrs to a
v6 socket.
This patch fixes it by adding the process for two v4 addrs in
sctp_inet6_cmp_addr.
Fixes: 1071ec9d45 ("sctp: do not check port in sctp_inet6_cmp_addr")
Reported-by: syzbot+cd494c1dd681d4d93ebb@syzkaller.appspotmail.com
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
While adding the DSA notifier, we will be sending DSA notifications with
info->master that is going to point to a particular net_device instance.
Our logic in bcm_sysport_map_queues() correctly disambiguates net_device
instances that are not covered by our own driver, but it will not make
sure that info->master points to a particular driver instance that we
are interested in. In a system where e.g: two or more SYSTEMPORT
instances are registered, this would lead in programming two or more
times the queue mapping, completely messing with the logic which does
the queue/port allocation and tracking.
Fix this by looking at the notifier_block pointer which is unique per
instance and allows us to go back to our driver private structure, and
in turn to the backing net_device instance.
Fixes: d156576362 ("net: systemport: Establish lower/upper queue mapping")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Reviewed-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Script in_netns.sh is a utility function and not its own test so it
shouldn't be part of the TEST_PROGS. The in_netns.sh get used by
run_afpackettests.
To install in_netns.sh without being added to the main run_kselftest.sh
script use the TEST_GEN_PROGS_EXTENDED variable.
Fixes: 5ff9c1a3dd ("selftests: net: add in_netns.sh to TEST_PROGS")
Signed-off-by: Anders Roxell <anders.roxell@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Here are some small driver core and firmware fixes for 4.17-rc3
There's a kobject WARN() removal to make syzkaller a lot happier about
some "normal" error paths that it keeps hitting, which should reduce the
number of false-positives we have been getting recently.
There's also some fimware test and documentation fixes, and the
coredump() function signature change that needed to happen after -rc1
before drivers started to take advantage of it.
All of these have been in linux-next with no reported issues.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCWuMxrw8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ymFpQCg1JM62/W8e6mQ4vdZNQmAzgMKMEMAniOMcVRX
/oDWXp64mYwJu+GTxnIJ
=+9Gk
-----END PGP SIGNATURE-----
Merge tag 'driver-core-4.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
Pull driver core fixes from Greg Kroah-Hartman:
"Here are some small driver core and firmware fixes for 4.17-rc3
There's a kobject WARN() removal to make syzkaller a lot happier about
some "normal" error paths that it keeps hitting, which should reduce
the number of false-positives we have been getting recently.
There's also some fimware test and documentation fixes, and the
coredump() function signature change that needed to happen after -rc1
before drivers started to take advantage of it.
All of these have been in linux-next with no reported issues"
* tag 'driver-core-4.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
firmware: some documentation fixes
selftests:firmware: fixes a call to a wrong function name
kobject: don't use WARN for registration failures
firmware: Fix firmware documentation for recent file renames
test_firmware: fix setting old custom fw path back on exit, second try
test_firmware: Install all scripts
drivers: change struct device_driver::coredump() return type to void
Here are some tty and serial driver fixes for reported issues for
4.17-rc3.
Nothing major, but a number of small things:
- device tree fixes/updates for serial ports
- earlycon fixes
- n_gsm fixes
- tty core change reverted to help resolve syszkaller reports
- other serial driver small fixes
All of these have been in linux-next with no reported issues.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCWuM0Vg8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+yksXgCgqT2E9Ah5O/uZp3yGAjRILKjX294AoI46+t3W
Xy8WA1Fw1NCMBvfvCVIv
=gBd0
-----END PGP SIGNATURE-----
Merge tag 'tty-4.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
Pull tty/serial fixes from Greg KH:
"Here are some tty and serial driver fixes for reported issues for
4.17-rc3.
Nothing major, but a number of small things:
- device tree fixes/updates for serial ports
- earlycon fixes
- n_gsm fixes
- tty core change reverted to help resolve syszkaller reports
- other serial driver small fixes
All of these have been in linux-next with no reported issues"
* tag 'tty-4.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
tty: Use __GFP_NOFAIL for tty_ldisc_get()
tty: serial: xuartps: Setup early console when uartclk is also passed
tty: Don't call panic() at tty_ldisc_init()
tty: Avoid possible error pointer dereference at tty_ldisc_restore().
dt-bindings: mvebu-uart: DT fix s/interrupts-names/interrupt-names/
tty: serial: qcom_geni_serial: Use signed variable to get IRQ
earlycon: Use a pointer table to fix __earlycon_table stride
serial: sh-sci: Document r8a77470 bindings
dt-bindings: meson-uart: DT fix s/clocks-names/clock-names/
serial: imx: fix cached UCR2 read on software reset
serial: imx: warn user when using unsupported configuration
serial: mvebu-uart: Fix local flags handling on termios update
tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set
tty: n_gsm: Fix long delays with control frame timeouts in ADM mode
Move DISABLE_EXITS KVM capability bits to the UAPI just like the rest of
capabilities.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: x86@kernel.org
Cc: kvm@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: KarimAllah Ahmed <karahmed@amazon.de>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Here are 2 staging driver fixups for 4.17-rc3.
The first is the remaining stragglers of the irda code removal that you
pointed out during the merge window. The second is a fix for the
wilc1000 driver due to a patch that got merged in 4.17-rc1.
Both of these have been in linux-next for a while with no reported
issues.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCWuMyew8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ymXxACffYtMbj0Vg5pD0yAPqRzJ2iVMVE0AnRkp4BYQ
kXgAjDeSyrdKPUwQ7Hl2
=UNuF
-----END PGP SIGNATURE-----
Merge tag 'staging-4.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
Pull staging fixes from Greg KH:
"Here are two staging driver fixups for 4.17-rc3.
The first is the remaining stragglers of the irda code removal that
you pointed out during the merge window. The second is a fix for the
wilc1000 driver due to a patch that got merged in 4.17-rc1.
Both of these have been in linux-next for a while with no reported
issues"
* tag 'staging-4.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
staging: wilc1000: fix NULL pointer exception in host_int_parse_assoc_resp_info()
staging: irda: remove remaining remants of irda code removal
Here are a number of USB driver fixes for reported problems for
4.17-rc3.
The "largest" here is a number of phy core changes for reported problems
with the -rc1 release. There's also the usual musb and xhci fixes, as
well as new device id updates. There are also some usbip fixes for
reported problems as more people start to use that code with containers.
All of these have been in linux-next with no reported issues, except the
last few new device ids, which are "obviously correct" :)
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCWuM0+g8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ynJ0QCfShhVDAuE1neAmu4vF9HFY8eoe3UAn1b71qRn
UJ5VIrtn1cS0bB3tPwmu
=sdc6
-----END PGP SIGNATURE-----
Merge tag 'usb-4.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Pull USB fixes from Greg KH:
"Here are a number of USB driver fixes for reported problems for
4.17-rc3.
The "largest" here is a number of phy core changes for reported
problems with the -rc1 release. There's also the usual musb and xhci
fixes, as well as new device id updates. There are also some usbip
fixes for reported problems as more people start to use that code with
containers.
All of these have been in linux-next with no reported issues, except
the last few new device ids, which are "obviously correct" :)"
* tag 'usb-4.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (26 commits)
USB: musb: dsps: drop duplicate phy initialisation
USB: musb: host: prevent core phy initialisation
usb: core: phy: add the SPDX-License-Identifier and include guard
xhci: Fix Kernel oops in xhci dbgtty
usb: select USB_COMMON for usb role switch config
usb: core: phy: add missing forward declaration for "struct device"
usb: core: phy: make it a no-op if CONFIG_GENERIC_PHY is disabled
usb: core: use phy_exit during suspend if wake up is not supported
usb: core: split usb_phy_roothub_{init,alloc}
usb: core: phy: fix return value of usb_phy_roothub_exit()
usb: typec: ucsi: Increase command completion timeout value
Revert "xhci: plat: Register shutdown for xhci_plat"
usb: core: Add quirk for HP v222w 16GB Mini
Documentation: typec.rst: Use literal-block element with ascii art
usb: typec: ucsi: fix tracepoint related build error
usbip: usbip_event: fix to not print kernel pointer address
usbip: usbip_host: fix to hold parent lock for device_attach() calls
usbip: vhci_hcd: Fix usb device and sockfd leaks
usbip: vhci_hcd: check rhport before using in vhci_hub_control()
USB: Increment wakeup count on remote wakeup.
...
A significant amount of fixes have been piled up at this time.
- Possible Spectre v1 coverage in OSS sequencer API, control API,
HD-audio hwdep ioctl, ASIHPI hwdep ioctl, OPL3, and HDSPM/RME
channel_info API.
- A regression fix in PCM delay reporting that happened at the code
refactoring for the set_fs() removal
- The long-standing bug in PCM sync_ptr ioctl that missed the audio
timestamp field
- USB-audio regression fixes due to the recent UAC2 jack support
- vm_fault_t conversions in a couple of places
- ASoC topology API fixes
- Assorted driver fixes:
* ASoC rsnd, FSL, Intel SST, DMIC, AMD, ADAU17x1, Realtek codec
* FireWire typo fix
* HD-audio quirks and USB-audio Dell fixup
* USB-audio UAC3 corrections
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAlrh07cOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE8+6g/9F9nI4FEBb+jpP360vPyRJmjIR5Y5pp34+bA7
paMaa67J7HielEwUoos/8RhoH9/i1dXrT/ZhA1CkFleDohQqV6u0xpaT/07m+Yak
lwQK2qJMn9hpahxrWDZ68qqIuI5IB7DzeRNjt9BmedWgzxn3PMoFc1ETGK8EepkL
v9DSr+htSl83bmYxmhabBWCcI8lbpnPDbKwTewqp2GDarz7WBI/Mqw5tEycvpd04
oSxKruFGYUMw+e7+eEX/h+LxA7Wx7jmroXdMq5C8OC3oQ+T0n1I84MeCHvp8/Lh6
5u5jdm1nKH16pe6L6ZzcQ9iWHgATyGKi7u3dmvfl58GrVJsBtYpZxCA59bktl1Ab
JFn1hqrM49IbndfuPaznAtIhGg/dd3wZcN32owKo+U2TWIzKflA7NQaqceTXhlxn
Ly6v9HcI9hCAuLObVAFZ8WaJlQGUNGOSabtjUqsYVFwe4s0dTWVYKyCGGiahQ7UL
LJ1sH1vH7vfn48FCxOUOODw/l9N8Ka/rqTdfKJRYsZPBRyzbXqty1VdFXJbhbWsX
7qkpYwM2zuNTyUASBkKgJY9SuGtUQlvusuLLTf/8j6srR94fz1H5uww0V+2WEgT/
GyoXRLtiDPvf/+MnIhKBnOWcpyz+1Pql7LNX9YWe/f13ibGFfV5SdddbIOu+08Xa
N/eA+I0=
=eSik
-----END PGP SIGNATURE-----
Merge tag 'sound-4.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"A significant amount of fixes have been piled up at this time.
- Possible Spectre v1 coverage in OSS sequencer API, control API,
HD-audio hwdep ioctl, ASIHPI hwdep ioctl, OPL3, and HDSPM/RME
channel_info API.
- A regression fix in PCM delay reporting that happened at the code
refactoring for the set_fs() removal
- The long-standing bug in PCM sync_ptr ioctl that missed the audio
timestamp field
- USB-audio regression fixes due to the recent UAC2 jack support
- vm_fault_t conversions in a couple of places
- ASoC topology API fixes
- Assorted driver fixes:
* ASoC rsnd, FSL, Intel SST, DMIC, AMD, ADAU17x1, Realtek codec
* FireWire typo fix
* HD-audio quirks and USB-audio Dell fixup
* USB-audio UAC3 corrections"
* tag 'sound-4.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (35 commits)
ALSA: dice: fix error path to destroy initialized stream data
ALSA: hda - Skip jack and others for non-existing PCM streams
ALSA: hda/realtek - change the location for one of two front mics
ALSA: rme9652: Hardening for potential Spectre v1
ALSA: hdspm: Hardening for potential Spectre v1
ALSA: asihpi: Hardening for potential Spectre v1
ALSA: opl3: Hardening for potential Spectre v1
ALSA: hda: Hardening for potential Spectre v1
ALSA: control: Hardening for potential Spectre v1
ALSA: seq: oss: Hardening for potential Spectre v1
ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
ALSA: hda/realtek - Update ALC255 depop optimize
ALSA: hda/realtek - Add some fixes for ALC233
ALSA: pcm: Change return type to vm_fault_t
ALSA: usx2y: Change return type to vm_fault_t
ALSA: usb-audio: ADC3: Fix channel mapping conversion for ADC3.
ALSA: dice: fix OUI for TC group
ALSA: usb-audio: Skip broken EU on Dell dock USB-audio
ALSA: usb-audio: Fix missing endian conversion
ALSA: usb-audio: Fix forgotten conversion of control query functions
...
This round of fixes has two larger changes that came in last week:
- A set of a couple of patches all intended to finally turn on
USB support on various Amlogic SoC based boards. The respective
driver were not finalized until very late before the merge window
and the DT portion is the last bit now.
- A defconfig update for gemini that had repeatedly missed the
cut but that is required to actually boot any real machines
with the default build.
The rest are the usual small changes:
- A fix for a nasty build regression on the OMAP memory drivers
- A fix for a boot problem on Intel/Altera SocFPGA
- A MAINTAINER file update
- A couple of fixes for issues found by automated testing
(kernelci, coverity, sparse, ...)
- A few incorrect DT entries are updated to match the hardware
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJa4uqUAAoJEGCrR//JCVInP3IP/AoWoaUPZfnQQai9xJZnphAv
n0z24NJD7HikPN2zmZjZkjfF15aa9RCyYGcJFwVPAWl9uky/8NIR/3mu7s4fbuOR
aiVo2wjQDFA0UPdHw+4W+hDnMtlNvpxsycp13oJ3JSoZhgM9aqOki2xanYVB/l8I
Yd5dySR52DMs8rYJZ0HwQQHqnld6zhjxuKQzHDhr292rka+6y2WTzA1bcrpDcqQZ
8VRA2cIsaY703Gb/UvR3i+7j3fmlDjAVNDwECW06zohsXCCBMBwdlbnM02SLoCFy
oSRM7v6ypdh99JSASaMvWDog5feaTlTmJos0BHT+vkH5Rs0eGI7KLv5hrOcnbGCv
1OsI51B0jnbu680YyNo6XnJOGfPo3RjsoYrUTXRDxz6dnu6sp1Mj5Re/HCdmnEFI
l5LGjzlyYah7l+jGErItW4Tf/mSrboJpdrpS3f8ZxveFAyQMqIMt0I83OpPogtjN
7EWtEzw+FtCiCH7RHMP4tH5HLeLvJXSAkD2eRj622+r8L0Q9xWzFOoVhufNYYB80
Q9Fb6zJ/GQG9azDN84k19lPk/I0DgQMcjolTtBUVKre96AP3SUpR+YuAsUztpig8
CHZok8NolXzRqFSsNQiwSr0GOrKETNbgshepolHpuKZ4PTVTJcqRxvxK6sFmKmx/
BfKYsx/0iQYDSpnRF74g
=Zhll
-----END PGP SIGNATURE-----
Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull ARM SoC fixes from Arnd Bergmann:
"This round of fixes has two larger changes that came in last week:
- a couple of patches all intended to finally turn on USB support on
various Amlogic SoC based boards. The respective driver were not
finalized until very late before the merge window and the DT
portion is the last bit now.
- a defconfig update for gemini that had repeatedly missed the cut
but that is required to actually boot any real machines with the
default build.
The rest are the usual small changes:
- a fix for a nasty build regression on the OMAP memory drivers
- a fix for a boot problem on Intel/Altera SocFPGA
- a MAINTAINER file update
- a couple of fixes for issues found by automated testing (kernelci,
coverity, sparse, ...)
- a few incorrect DT entries are updated to match the hardware"
* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
ARM: defconfig: Update Gemini defconfig
ARM: s3c24xx: jive: Fix some GPIO names
HISI LPC: Add Kconfig MFD_CORE dependency
ARM: dts: Fix NAS4220B pin config
MAINTAINERS: Remove myself as maintainer
arm64: dts: correct SATA addresses for Stingray
ARM64: dts: meson-gxm-khadas-vim2: enable the USB controller
ARM64: dts: meson-gxl-nexbox-a95x: enable the USB controller
ARM64: dts: meson-gxl-s905x-libretech-cc: enable the USB controller
ARM64: dts: meson-gx-p23x-q20x: enable the USB controller
ARM64: dts: meson-gxl-s905x-p212: enable the USB controller
ARM64: dts: meson-gxm: add GXM specific USB host configuration
ARM64: dts: meson-gxl: add USB host support
ARM: OMAP2+: Fix build when using split object directories
soc: bcm2835: Make !RASPBERRYPI_FIRMWARE dummies return failure
soc: bcm: raspberrypi-power: Fix use of __packed
ARM: dts: Fix cm2 and prm sizes for omap4
ARM: socfpga_defconfig: Remove QSPI Sector 4K size force
firmware: arm_scmi: remove redundant null check on array
arm64: dts: juno: drop unnecessary address-cells and size-cells properties
e7bfb3fdbd ("mtd: Stop updating erase_info->state and calling
mtd_erase_callback()")
* Fix a memory leak in the Tango NAND controller driver
* Fix read/write to a suspended erase block in the CFI driver
* Fix the DT parsing logic in the Marvell NAND controller driver
-----BEGIN PGP SIGNATURE-----
iQI5BAABCAAjBQJa4taLHBxib3Jpcy5icmV6aWxsb25AYm9vdGxpbi5jb20ACgkQ
Ze02AX4ItwCTBQ//cY0GR+upuxJT7d7QZio6OMHwund2FBMiYvNeDK343PUkg/kK
VOoJ/1CAb4RRyq+n7vyOTsApEtq8+HmbPea1M7CWos/QShHupTarLaG+r4z2Ko95
NhroZG8F9eeYxswNTU5kTdne4XjLv1UasOmWymxUdKfHiOGwRV0aNFDLcROlDM/h
ou5+5txr/BYD4QGFFpGsdVA4F9FP+f+lSkXxP3LazHh/0/JrBuQgUiUvnBOVGyvh
Pgjky8Q/dToNeZA2+QPmt0TUTn02WT5+xAytfP5GdFxCd+RRpwRHvGwNVlbbSU1Z
g7v2rurF9iebfF9UZQ7gMfQwZAvaXRWkczdJlirJdRzC+T1iXst6JTW7lzw4/BJd
InZj+GTN67RZOQ7tEwEFmzUYyg9+FKJ+TawVaxmQqWels7GCUpKN1lgYOzqxdoBj
YqZRq472FCifULkZqgmzqKKa050g1rfjilM5ckGkhgQBINExR2DT35rJJXuZ6Gko
QW0K5vzKQCaElL3hNACHIejELwB9n1fyNuV21tlqIcLismrt0NGGel2ocRFVzSxr
fk8pe7MeSiDNtlL5rCKqX7GWPz+fCsEfSCDZOVzvHQlpijRhpMo9D9DJ5ci9Itxd
yQUTH8wI3ZVkc7eiwC1TVGrjKWRG/0Mp96l0fMOwbsiqQIjtf3hqE++oAzo=
=myWm
-----END PGP SIGNATURE-----
Merge tag 'mtd/fixes-for-4.17-rc3' of git://git.infradead.org/linux-mtd
Pull mtd fixes from Boris Brezillon:
- Fix nanddev_mtd_erase() function to match the changes done in
e7bfb3fdbd ("mtd: Stop updating erase_info->state and calling
mtd_erase_callback()")
- Fix a memory leak in the Tango NAND controller driver
- Fix read/write to a suspended erase block in the CFI driver
- Fix the DT parsing logic in the Marvell NAND controller driver
* tag 'mtd/fixes-for-4.17-rc3' of git://git.infradead.org/linux-mtd:
mtd: rawnand: marvell: fix the chip-select DT parsing logic
mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.
mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.
mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.
mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic
mtd: nand: Fix nanddev_mtd_erase()
mtd: rawnand: tango: Fix struct clk memory leak
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJa4raGAAoJEAx081l5xIa++xYP/jtRaiJDwYd87aq+FYyu4YT8
CFIezkxaYLUMwhRtLmA51K31pe/3uSytYaJAScRXM/BtkHbWS7Pt3Cbx66+iwKC1
O7CatWI1iPmnvfhuErZVO6dow40DdjZyJ5skTSVXfKlKZ1NOlJGwQMUZnm/krmka
6grOFxqsyl984NgubnpMsi64TW9FtM8PZE7MJm+x+2X6MV2deq9w769u8rorS7/Y
Uq2PkiCVrctf8+tQF+UpPcrXdyuonTzuT/qvG2/1VhP7bGi9mH/3SCepZYpCUQup
LlDYM76Of9y/FQUsyCGhiWdqt79wjEZt3EoJjU5SeeUEGWqiJX5b32b4PFUeh1Xq
F3o1lFm27ZCTBb9X7mfx1XDzPC7DqqNnOKAJGgXovZa+mT2IsgUqOjcfGXOU0rTO
IKgfN7vyt+S3vZrg4aPu4yg1CTXmOrY81OQTpAaDeo4CQ/LsRapQaQRBhcYCm5pw
3D25hzcpPMdC2QrXa7R5kDiqWidR/TFCX26H8DA673qdawWdzPhlrw1gv9hJwMB/
5sCpPb/3pwXQBQ/TrUoY1oLBEGh00rZ7lYaQc1I+CJ4V9nTbqcZ+WzMI8IMV8UlX
5QGkNfc9bIsOyVDBkFasyl1TYTFCGKXsKn583pCVsP/oGTPPmBbQAJB8r5L+HyWW
U3R224YdF9Pv+XBqm2KW
=hboJ
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-for-v4.17-rc3' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
"Pretty run of the mill for this stage in the cycle: msm, i915, amdgpu,
qxl, virtio-gpu, sun4i fixes.
i915:
- Black screen fixes
- Display w/a fix
- HDA codec interop fix
sun4i:
- tbsa711 tablet regression fix
qxl:
- Regression fixes due to changes in TTM
virtio:
- Fix wait event condition
msm:
- DSI display fixes
amdgpu:
- fix hang on Carrizo
- DP MST hang fixes
- irq handling deadlock in DC.
amdkfd:
- Fix Kconfig issue
- Clock retrieval fix
- Sparse fixes"
* tag 'drm-fixes-for-v4.17-rc3' of git://people.freedesktop.org/~airlied/linux: (27 commits)
drm/edid: Reset more of the display info
drm/virtio: fix vq wait_event condition
qxl: keep separate release_bo pointer
qxl: fix qxl_release_{map,unmap}
Revert "drm/sun4i: add lvds mode_valid function"
drm/amd/display: Check dc_sink every time in MST hotplug
drm/amd/display: Update MST edid property every time
drm/amd/display: Don't read EDID in atomic_check
drm/amd/display: Disallow enabling CRTC without primary plane with FB
drm/amd/display: Fix deadlock when flushing irq
drm/i915/fbdev: Enable late fbdev initial configuration
drm/i915: Use ktime on wait_for
drm/amdgpu: set COMPUTE_PGM_RSRC1 for SGPR/VGPR clearing shaders
drm/amdkfd: fix build, select MMU_NOTIFIER
drm/amdkfd: fix clock counter retrieval for node without GPU
drm/amdkfd: Fix the error return code in kfd_ioctl_unmap_memory_from_gpu()
drm/amdkfd: kfd_dev_is_large_bar() can be static
drm/i915: Enable display WA#1183 from its correct spot
drm/i915/audio: set minimum CD clock to twice the BCLK
drm/msm: don't deref error pointer in the msm_fbdev_create error path
...
The sequencer virmidi code has an open race at its output trigger
callback: namely, virmidi keeps only one event packet for processing
while it doesn't protect for concurrent output trigger calls.
snd_virmidi_output_trigger() tries to process the previously
unfinished event before starting encoding the given MIDI stream, but
this is done without any lock. Meanwhile, if another rawmidi stream
starts the output trigger, this proceeds further, and overwrites the
event package that is being processed in another thread. This
eventually corrupts and may lead to the invalid memory access if the
event type is like SYSEX.
The fix is just to move the spinlock to cover both the pending event
and the new stream.
The bug was spotted by a new fuzzer, RaceFuzzer.
BugLink: http://lkml.kernel.org/r/20180426045223.GA15307@dragonet.kaist.ac.kr
Reported-by: DaeRyong Jeong <threeearcat@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The TCP repair sequence of operation is to first set the socket in
repair mode, then inject the TCP stats into the socket with repair
socket options, then call connect() to re-activate the socket. The
connect syscall simply returns and set state to ESTABLISHED
mode. As a result Fast Open is meaningless for TCP repair.
However allowing sendto() system call with MSG_FASTOPEN flag half-way
during the repair operation could unexpectedly cause data to be
sent, before the operation finishes changing the internal TCP stats
(e.g. MSS). This in turn triggers TCP warnings on inconsistent
packet accounting.
The fix is to simply disallow Fast Open operation once the socket
is in the repair mode.
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Reviewed-by: Neal Cardwell <ncardwell@google.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Currently, KVM flushes the TLB after a change to the APIC access page
address or the APIC mode when EPT mode is enabled. However, even in
shadow paging mode, a TLB flush is needed if VPIDs are being used, as
specified in the Intel SDM Section 29.4.5.
So replace vmx_flush_tlb_ept_only() with vmx_flush_tlb(), which will
flush if either EPT or VPIDs are in use.
Signed-off-by: Junaid Shahid <junaids@google.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Maxime Chevallier says:
====================
net: mvpp2: Fix hangs when starting some interfaces on 7k/8k
Armada 7K / 8K clock management has recently been reworked, see :
commit c7e92def1e ("clk: mvebu: cp110: Fix clock tree representation")
I have been experiencing overall system hangs on MacchiatoBin when starting
the eth1 interface since then. It turns out some clocks dependencies were
missing in the PPv2 and xmdio driver, the clock rework made this visible.
This is the V2 series, that adds support for the missing 'MG Core clock' in
mvpp2, and fixes an issue with the error path for the axi_clk.
Thanks to Gregory Clement for finding the root cause of this bug.
V2 : Remove all DT patches from this series, they will be merged through
the mvebu tree.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Marvell's PPv2.2 IP needs an additional clock named "MG Core clock".
This is required on Armada 7K and 8K.
This commit adds the required clock in mvpp2, making sure it's only
used on PPv2.2.
Fixes: c7e92def1e ("clk: mvebu: cp110: Fix clock tree representation")
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
When clk_prepare_enable fails for the axi_clk, the mg_clk isn't properly
cleaned up. Add another jump label to handle that case, and make sure we
jump to it in the later error cases.
Fixes: 4792ea04bc ("net: mvpp2: Fix clock resource by adding an optional bus clock")
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Acked-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The commit c469652bb5 ("ALSA: hda - Use IS_REACHABLE() for
dependency on input") simplified the dependencies with IS_REACHABLE()
macro, but it broke due to its incorrect usage: it should have been
IS_REACHABLE(CONFIG_INPUT) instead of IS_REACHABLE(INPUT).
Fixes: c469652bb5 ("ALSA: hda - Use IS_REACHABLE() for dependency on input")
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Allow INFINIBAND without INFINIBAND_ADDR_TRANS because fuzzing has been
finding fair number of CM bugs. So provide option to disable it.
Signed-off-by: Greg Thelen <gthelen@google.com>
Cc: Tarick Bedeir <tarick@google.com>
Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
INFINIBAND_SRP code depends on INFINIBAND_ADDR_TRANS provided symbols.
So declare the kconfig dependency. This is necessary to allow for
enabling INFINIBAND without INFINIBAND_ADDR_TRANS.
Signed-off-by: Greg Thelen <gthelen@google.com>
Cc: Tarick Bedeir <tarick@google.com>
Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
CIFS_SMB_DIRECT code depends on INFINIBAND_ADDR_TRANS provided symbols.
So declare the kconfig dependency. This is necessary to allow for
enabling INFINIBAND without INFINIBAND_ADDR_TRANS.
Signed-off-by: Greg Thelen <gthelen@google.com>
Cc: Tarick Bedeir <tarick@google.com>
Reviewed-by: Long Li <longli@microsoft.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
INFINIBAND_SRPT code depends on INFINIBAND_ADDR_TRANS provided symbols.
So declare the kconfig dependency. This is necessary to allow for
enabling INFINIBAND without INFINIBAND_ADDR_TRANS.
Signed-off-by: Greg Thelen <gthelen@google.com>
Cc: Tarick Bedeir <tarick@google.com>
Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
NVME_TARGET_RDMA code depends on INFINIBAND_ADDR_TRANS provided symbols.
So declare the kconfig dependency. This is necessary to allow for
enabling INFINIBAND without INFINIBAND_ADDR_TRANS.
Signed-off-by: Greg Thelen <gthelen@google.com>
Cc: Tarick Bedeir <tarick@google.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
NVME_RDMA code depends on INFINIBAND_ADDR_TRANS provided symbols. So
declare the kconfig dependency. This is necessary to allow for enabling
INFINIBAND without INFINIBAND_ADDR_TRANS.
Signed-off-by: Greg Thelen <gthelen@google.com>
Cc: Tarick Bedeir <tarick@google.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
For very very old generation of the management FW Ethernet port
information table may theoretically not be available. This in
turn will cause the nfp_port structures to not be allocated.
Make sure we don't crash the kernel when there is no eth_tbl:
RIP: 0010:nfp_net_pci_probe+0xf2/0xb40 [nfp]
...
Call Trace:
nfp_pci_probe+0x6de/0xab0 [nfp]
local_pci_probe+0x47/0xa0
work_for_cpu_fn+0x1a/0x30
process_one_work+0x1de/0x3e0
Found while working with broken/development version of management FW.
Fixes: a5950182c0 ("nfp: map mac_stats and vf_cfg BARs")
Fixes: 93da7d9660 ("nfp: provide nfp_port to of nfp_net_get_mac_addr()")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
32-bit user code that uses int $80 doesn't care about r8-r11. There is,
however, some 64-bit user code that intentionally uses int $0x80 to invoke
32-bit system calls. From what I've seen, basically all such code assumes
that r8-r15 are all preserved, but the kernel clobbers r8-r11. Since I
doubt that there's any code that depends on int $0x80 zeroing r8-r11,
change the kernel to preserve them.
I suspect that very little user code is broken by the old clobber, since
r8-r11 are only rarely allocated by gcc, and they're clobbered by function
calls, so they only way we'd see a problem is if the same function that
invokes int $0x80 also spills something important to one of these
registers.
The current behavior seems to date back to the historical commit
"[PATCH] x86-64 merge for 2.6.4". Before that, all regs were
preserved. I can't find any explanation of why this change was made.
Update the test_syscall_vdso_32 testcase as well to verify the new
behavior, and it strengthens the test to make sure that the kernel doesn't
accidentally permute r8..r15.
Suggested-by: Denys Vlasenko <dvlasenk@redhat.com>
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Link: https://lkml.kernel.org/r/d4c4d9985fbe64f8c9e19291886453914b48caee.1523975710.git.luto@kernel.org
A bugfix broke the x32 shmid64_ds and msqid64_ds data structure layout
(as seen from user space) a few years ago: Originally, __BITS_PER_LONG
was defined as 64 on x32, so we did not have padding after the 64-bit
__kernel_time_t fields, After __BITS_PER_LONG got changed to 32,
applications would observe extra padding.
In other parts of the uapi headers we seem to have a mix of those
expecting either 32 or 64 on x32 applications, so we can't easily revert
the path that broke these two structures.
Instead, this patch decouples x32 from the other architectures and moves
it back into arch specific headers, partially reverting the even older
commit 73a2d096fd ("x86: remove all now-duplicate header files").
It's not clear whether this ever made any difference, since at least
glibc carries its own (correct) copy of both of these header files,
so possibly no application has ever observed the definitions here.
Based on a suggestion from H.J. Lu, I tried out the tool from
https://github.com/hjl-tools/linux-header to find other such
bugs, which pointed out the same bug in statfs(), which also has
a separate (correct) copy in glibc.
Fixes: f4b4aae182 ("x86/headers/uapi: Fix __BITS_PER_LONG value for x32 builds")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: "H . J . Lu" <hjl.tools@gmail.com>
Cc: Jeffrey Walton <noloader@gmail.com>
Cc: stable@vger.kernel.org
Cc: "H. Peter Anvin" <hpa@zytor.com>
Link: https://lkml.kernel.org/r/20180424212013.3967461-1-arnd@arndb.de
Xen PV domains cannot shut down and start a crash kernel. Instead,
the crashing kernel makes a SCHEDOP_shutdown hypercall with the
reason code SHUTDOWN_crash, cf. xen_crash_shutdown() machine op in
arch/x86/xen/enlighten_pv.c.
A crash kernel reservation is merely a waste of RAM in this case. It
may also confuse users of kexec_load(2) and/or kexec_file_load(2).
When flags include KEXEC_ON_CRASH or KEXEC_FILE_ON_CRASH,
respectively, these syscalls return success, which is technically
correct, but the crash kexec image will never be actually used.
Signed-off-by: Petr Tesarik <ptesarik@suse.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Juergen Gross <jgross@suse.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Dou Liyang <douly.fnst@cn.fujitsu.com>
Cc: Mikulas Patocka <mpatocka@redhat.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: xen-devel@lists.xenproject.org
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Jean Delvare <jdelvare@suse.de>
Link: https://lkml.kernel.org/r/20180425120835.23cef60c@ezekiel.suse.cz
Commit 36a50a989e ("tipc: fix infinite loop when dumping link monitor
summary") intended to fix a problem with user tool looping when max
number of bearers are enabled.
Unfortunately, the wrong version of the commit was posted, so the
problem was not solved at all.
This commit adds the missing part.
Fixes: 36a50a989e ("tipc: fix infinite loop when dumping link monitor summary")
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
