Commit Graph

888900 Commits

Author SHA1 Message Date
Miklos Szeredi
f658adeea4 fix up iter on short count in fuse_direct_io()
fuse_direct_io() can end up advancing the iterator by more than the amount
of data read or written.  This case is handled by the generic code if going
through ->direct_IO(), but not in the FOPEN_DIRECT_IO case.

Fix by reverting the extra bytes from the iterator in case of error or a
short count.

To test: install lxcfs, then the following testcase
  int fd = open("/var/lib/lxcfs/proc/uptime", O_RDONLY);
  sendfile(1, fd, NULL, 16777216);
  sendfile(1, fd, NULL, 16777216);
will spew WARN_ON() in iov_iter_pipe().

Reported-by: Peter Geis <pgwipeout@gmail.com>
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Fixes: 3c3db095b6 ("fuse: use iov_iter based generic splice helpers")
Cc: <stable@vger.kernel.org> # v5.1
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
2020-02-06 16:39:28 +01:00
Linus Torvalds
d5226fa6db Linux 5.5 2020-01-26 16:23:03 -08:00
Linus Torvalds
5cf9ad0e6b io_uring-5.5-2020-01-26
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAl4t79kQHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgpjrZD/9l31+WrZhBJf4EDZRntGFdJUAxVe3rZw2Z
 k45P7QezZwc4+mY7WeIlV4rgsHqhzPwTZP53PVmgeGw6vG6kjWllBSM5hzS+lfFC
 q3mfJLLva7YckLsf6K1vOfNw9Dny26DuENHaDGPejSr2LYnRIHejBJuqiHJZigyl
 8y8rbmNdWMS5/qOlGfNDfAII1z13Up30Tt4BXgX2aGITTjvEquirzRs5HrB9e2ci
 vHX38uXMJ6DqQJwPDq/er8GXVsVkqd10BByh3KESxgjrQ9c+2BExwdaOtkMdbayx
 UM3mu+49Xo/LDR0NHpJBQTeAhhl+wVZhfpyGZzng6TOgnCN/F5NOB18tmC5g8fHx
 vTWpBieTujVFLygwgMIoY5Qwo0Q1bYJUi3VydWm956YujhgS76UfeXC8N9Prk7XI
 UDnDqAjY7gTVn0EewYKa5Sd//6TqQ+WgwB8LtCiTqLOP1kIiX+Y/rXG8PrdNMskh
 zpWJ/lPiTzWSn40NbU+yK09S5zu6fhqlXhjVqPlHLIOreOMD3PwOMxWkmq7MIA6j
 /vEK9Of0cHgdaYEJfIu+kqDkoy6Tcde3iwpV+ZluexLdTE/FF5qWIG+a8phyCLz2
 KXwgyvx811T7mihlLxuwvAlc//61p9X1XsbusYu/wK/NIbu0lBZx0eHkZWGlE+ko
 tL0Tdx7cCQ==
 =5jvb
 -----END PGP SIGNATURE-----

Merge tag 'io_uring-5.5-2020-01-26' of git://git.kernel.dk/linux-block

Pull io_uring fixes from Jens Axboe:
 "Fix for two regressions in this cycle, both reported by the postgresql
  use case.

  One removes the added restriction on who can submit IO, making it
  possible for rings shared across forks to do so. The other fixes an
  issue for the same kind of use case, where one exiting process would
  cancel all IO"

* tag 'io_uring-5.5-2020-01-26' of git://git.kernel.dk/linux-block:
  io_uring: don't cancel all work on process exit
  Revert "io_uring: only allow submit from owning task"
2020-01-26 12:23:04 -08:00
Linus Torvalds
9dbca16087 block-5.5-2020-01-26
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAl4tzGkQHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgpm74EADLe6y9VAmdDLilp6sW0sWRlx/Rdzy633hm
 FdhsTZ+v30BaF57Zn5+FBt1LOeC8IhQdCehxb32DV/xbX/JFZP8/X1XwjEtgFmpY
 C81hlZdqlTPNrk1H8SvgJLbgr+Gr5wtRQSVnkxt44mX+9KwLFUcUz/c9tjkl4pK+
 D5e7dxvZVnbrRxz+E3Oh7mruw2+dQ9Cp1QTSnxp1xhgaCH04nzM7/KVMz8ABL+uF
 e2ub0kH3/vNdoj8Hy0P7fNH1dRxUTDM+LfLMmTOGNXbNWFZ8bPaFc9OVkcqw/5O+
 QorCM9QcC55cwANoNZW4OUgxV6eXzr4+MBU0EhD5U7S+bS9yPUFxDJ0+Nwo7H1i2
 cgUiLyvNBRAejdxB5n1AjiGVYS4Gmh78Dcy6UBMOOK9XP3XVxbl04EOpKM5h/Bgt
 oByIMgsfUGhAk5Uhvq08WwIIZst6I0zNrAzvvItX3FCXPjmRKZKTbiENm2J1OBn0
 Jkr8j4nSLWsQe765Ms4acMOFbsxmKmFtFHTrRZllMJ+AxAhlxr1NPSna5mu2WEq9
 moZla+4F46/pXer/Xd2YpELXKHzTgXqsMkhmvoSS1Mt4rs2oeUqI5wIgzpU3g6xS
 FsOemcbrMcXEoNIh1jyCwNOfUwFWceR9E39E3pmxTqTeIALhXhBe3/SbQLolI4GJ
 XqHTzi1SdQ==
 =TxAC
 -----END PGP SIGNATURE-----

Merge tag 'block-5.5-2020-01-26' of git://git.kernel.dk/linux-block

Pull block fix from Jens Axboe:
 "Unfortunately this weekend we had a few last minute reports, one was
  for block.

  The partition disable for zoned devices was overly restrictive, it can
  work (and be supported) just fine for host-aware variants.

  Here's a fix ensuring that's the case so we don't break existing users
  of that"

* tag 'block-5.5-2020-01-26' of git://git.kernel.dk/linux-block:
  block: allow partitions on host aware zone devices
2020-01-26 12:12:36 -08:00
Linus Torvalds
54343d9518 SCSI fixes on 20200126
Two last minute fixes, both in drivers.  The fnic one is a highly
 unlikely condition, but the RDMA one is a recently introduced
 regression that causes a kernel warning to trigger in every RDMA
 logon, which would be unsightly if it got into the final release.
 
 Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com>
 -----BEGIN PGP SIGNATURE-----
 
 iJsEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCXi3VRyYcamFtZXMuYm90
 dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishbrpAP9I/pEp
 TWu/QkqFFrmuYbzuxtRML7X2T7+B96J/CRtQvQD3TAIW0gvw49Uj25yEwTRnVzCs
 1A+eELAahzBPW+rRBw==
 =C3yx
 -----END PGP SIGNATURE-----

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "Two last minute fixes, both in drivers.

  The fnic one is a highly unlikely condition, but the RDMA one is a
  recently introduced regression that causes a kernel warning to trigger
  in every RDMA logon, which would be unsightly if it got into the final
  release"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: RDMA/isert: Fix a recently introduced regression related to logout
  scsi: fnic: do not queue commands during fwreset
2020-01-26 10:39:09 -08:00
Linus Torvalds
b1b298914f Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull vfs fix from Al Viro:
 "Fix a use-after-free in do_last() handling of sysctl_protected_...
  checks.

  The use-after-free normally doesn't happen there, but race with
  rename() and it becomes possible"

* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  do_last(): fetch directory ->i_mode and ->i_uid before it's too late
2020-01-26 10:33:48 -08:00
Jens Axboe
ebe1002621 io_uring: don't cancel all work on process exit
If we're sharing the ring across forks, then one process exiting means
that we cancel ALL work and prevent future work. This is overly
restrictive. As long as we cancel the work associated with the files
from the current task, it's safe to let others persist. Normal fd close
on exit will still wait (and cancel) pending work.

Fixes: fcb323cc53 ("io_uring: io_uring: add support for async work inheriting files")
Reported-by: Andres Freund <andres@anarazel.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2020-01-26 10:17:12 -07:00
Christoph Hellwig
b72053072c block: allow partitions on host aware zone devices
Host-aware SMR drives can be used with the commands to explicitly manage
zone state, but they can also be used as normal disks.  In the former
case it makes perfect sense to allow partitions on them, in the latter
it does not, just like for host managed devices.  Add a check to
add_partition to allow partitions on host aware devices, but give
up any zone management capabilities in that case, which also catches
the previously missed case of adding a partition vs just scanning it.

Because sd can rescan the attribute at runtime it needs to check if
a disk has partitions, for which a new helper is added to genhd.h.

Fixes: 5eac3eb30c ("block: Remove partition support for zoned block devices")
Reported-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Tested-by: Damien Le Moal <damien.lemoal@wdc.com>
Reviewed-by: Damien Le Moal <damien.lemoal@wdc.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2020-01-26 09:59:08 -07:00
Jens Axboe
73e08e711d Revert "io_uring: only allow submit from owning task"
This ends up being too restrictive for tasks that willingly fork and
share the ring between forks. Andres reports that this breaks his
postgresql work. Since we're close to 5.5 release, revert this change
for now.

Cc: stable@vger.kernel.org
Fixes: 44d282796f ("io_uring: only allow submit from owning task")
Reported-by: Andres Freund <andres@anarazel.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2020-01-26 09:56:05 -07:00
David Howells
a45ea48e2b afs: Fix characters allowed into cell names
The afs filesystem needs to prohibit certain characters from cell names,
such as '/', as these are used to form filenames in procfs, leading to
the following warning being generated:

	WARNING: CPU: 0 PID: 3489 at fs/proc/generic.c:178

Fix afs_alloc_cell() to disallow nonprintable characters, '/', '@' and
names that begin with a dot.

Remove the check for "@cell" as that is then redundant.

This can be tested by running:

	echo add foo/.bar 1.2.3.4 >/proc/fs/afs/cells

Note that we will also need to deal with:

 - Names ending in ".invalid" shouldn't be passed to the DNS.

 - Names that contain non-valid domainname chars shouldn't be passed to
   the DNS.

 - DNS replies that say "your-dns-needs-immediate-attention.<gTLD>" and
   replies containing A records that say 127.0.53.53 should be
   considered invalid.
   [https://www.icann.org/en/system/files/files/name-collision-mitigation-01aug14-en.pdf]

but these need to be dealt with by the kafs-client DNS program rather
than the kernel.

Reported-by: syzbot+b904ba7c947a37b4b291@syzkaller.appspotmail.com
Cc: stable@kernel.org
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-01-26 08:54:04 -08:00
Al Viro
d0cb50185a do_last(): fetch directory ->i_mode and ->i_uid before it's too late
may_create_in_sticky() call is done when we already have dropped the
reference to dir.

Fixes: 30aba6656f (namei: allow restricted O_CREAT of FIFOs and regular files)
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-01-26 09:31:07 -05:00
Linus Torvalds
2821e26f3a ARM fixes for 5.5:
- fix ftrace relocation type filtering
 - relax arch timer version check
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEuNNh8scc2k/wOAE+9OeQG+StrGQFAl4sh1sACgkQ9OeQG+St
 rGTv9hAArEcxTDLg10goPy4bnuWIJKOkFoN6pR0DUyfBEFySKSSPiiPXiNlQr3iQ
 d2KLmfHA5bCjvasmvqcHbEWTU5dgvraP5PhcucI5KZRmIqINghjWjsnotMjyK69H
 PbgaKW1Ghqw7L4VXzA7USy/F9smugBkPMpAMVYAo9r66JmPQF1ZfIdSEAXarpWgc
 y5GpsnVVqDrrLnrdKIXdK93QYN7A6HRcF2bqsd7tK40ogyfI9Eb5FEZeF7R8kX1h
 PIK3MB5MiZ0FuQVto0GBif0yk4/vn5z11U2ebvOpmUY+OHhqGJ6hYCrnkVTTLAHn
 h6cbTofG0oIoTd+k9+3qTpSsbkErRPzK4WiOPVyYdSywIzwmbvQF4L260J59ZU5u
 eVF5c/m9jHgG4lSRsGKVwb+zRfURMnWwry/+tsVUAGYmsTGT6tYRKWrGaUUDw1em
 RGNnPBkabQB8opiodHNe0kepW/LIQHRFXZ8QbP66h/3qlcIinT/m3j+pLERyVyFD
 nnOFkRyyqEJtjRqtNLLqBcMo77+8BV1bW5BsiBYvTp2VVSsSiANxEfsonQ0043Az
 mgnG0HszIle+Eo+xK8zM9NQMFBoB2X3aciAj+Id9I1h//xRpCTVds0zsvbx8KqdF
 cUykR9+i0t009n+3c4ralMdROZeaXOAwttCr7TErikLrsXerDIg=
 =4gzG
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm

Pull ARM fixes from Russell King:

 - fix ftrace relocation type filtering

 - relax arch timer version check

* tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm:
  ARM: 8955/1: virt: Relax arch timer version check during early boot
  ARM: 8950/1: ftrace/recordmcount: filter relocation types
2020-01-25 14:32:51 -08:00
Linus Torvalds
84809aaf78 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from David Miller:

 1) Off by one in mt76 airtime calculation, from Dan Carpenter.

 2) Fix TLV fragment allocation loop condition in iwlwifi, from Luca
    Coelho.

 3) Don't confirm neigh entries when doing ipsec pmtu updates, from Xu
    Wang.

 4) More checks to make sure we only send TSO packets to lan78xx chips
    that they can actually handle. From James Hughes.

 5) Fix ip_tunnel namespace move, from William Dauchy.

 6) Fix unintended packet reordering due to cooperation between
    listification done by GRO and non-GRO paths. From Maxim
    Mikityanskiy.

 7) Add Jakub Kicincki formally as networking co-maintainer.

 8) Info leak in airo ioctls, from Michael Ellerman.

 9) IFLA_MTU attribute needs validation during rtnl_create_link(), from
    Eric Dumazet.

10) Use after free during reload in mlxsw, from Ido Schimmel.

11) Dangling pointers are possible in tp->highest_sack, fix from Eric
    Dumazet.

12) Missing *pos++ in various networking seq_next handlers, from Vasily
    Averin.

13) CHELSIO_GET_MEM operation neds CAP_NET_ADMIN check, from Michael
    Ellerman.

* git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (109 commits)
  firestream: fix memory leaks
  net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM
  net: bcmgenet: Use netif_tx_napi_add() for TX NAPI
  tipc: change maintainer email address
  net: stmmac: platform: fix probe for ACPI devices
  net/mlx5e: kTLS, Do not send decrypted-marked SKBs via non-accel path
  net/mlx5e: kTLS, Remove redundant posts in TX resync flow
  net/mlx5e: kTLS, Fix corner-case checks in TX resync flow
  net/mlx5e: Clear VF config when switching modes
  net/mlx5: DR, use non preemptible call to get the current cpu number
  net/mlx5: E-Switch, Prevent ingress rate configuration of uplink rep
  net/mlx5: DR, Enable counter on non-fwd-dest objects
  net/mlx5: Update the list of the PCI supported devices
  net/mlx5: Fix lowest FDB pool size
  net: Fix skb->csum update in inet_proto_csum_replace16().
  netfilter: nf_tables: autoload modules from the abort path
  netfilter: nf_tables: add __nft_chain_type_get()
  netfilter: nf_tables_offload: fix check the chain offload flag
  netfilter: conntrack: sctp: use distinct states for new SCTP connections
  ipv6_route_seq_next should increase position index
  ...
2020-01-25 14:19:32 -08:00
Linus Torvalds
f041eadad7 ARM: SoC fixes
A couple of fixes have come in that would be good to include in this
 release:
 
  - A fix for amount of memory on Beaglebone Black. Surfaced now since
    GRUB2 doesn't update memory size in the booted kernel.
 
  - A fix to make SPI interfaces work on am43x-epos-evm.
 
  - Small Kconfig fix for OPTEE (adds a depend on MMU) to avoid build
    failures.
 -----BEGIN PGP SIGNATURE-----
 
 iQJDBAABCAAtFiEElf+HevZ4QCAJmMQ+jBrnPN6EHHcFAl4stI8PHG9sb2ZAbGl4
 b20ubmV0AAoJEIwa5zzehBx3AtAP/1Z8PYhL6nXlCvXZLi0SttwZagKl6ZYL+VkW
 5a+8vu0gQXTNCmfux0S0gLKPJUe7nVc7vJswz5KAtDKCYFdjppPch22GrvjFXFJM
 +kGmb9jgyPhpAu4Ja4TEM8Ovqcg+n+mcFfzQQkxpg+OjXTQ8PNX3i18220KScc32
 2bmezmxMh/b54tC9mtXZeihFghWeVmApGYmcsp/fuxKo3Q/v/DxceEqyT6lNGVS2
 Z1gpp7TWi8eh1etsT/++jdX7IJCDfcJv3kYt72NqJ9yUk4gAkY/c8ezc2UW+JAfa
 VsxFfQw9jQ3pzTgnoxrTk2g53XnxKUGK/PKuhg5h6+ZH1dz+oc0BoKHIZciwboi0
 djfD6Gv5v0yQMClmSThDbLaocXsHtvv1dDnm9i1AK68WnDnd5hVYxBiwVKMUO/UL
 FiXMKqB5npSLShs2YuFBOEB8W2DA1HtFylr5EGz4+OtITmkv7G4rKYlsdhwyeBIF
 rm27zwiN0wI7ft1uKezw0tsuxZbl8dxcDkinjAuYfJFJZSgKTkwUrfeiztW9m9M7
 ifDO0SYc/w1W/DWYoWJYd0OY7ZwPMRXqgVcPGOckGVYQj/TuavV96gV81IsUlh+t
 QQVnmAqxvYV4AwoaCMKo1WKg3hLlFNvC5NOGSgALG77ZmJpF7kKhR25THzJStt8a
 ATUgh1An
 =xQ63
 -----END PGP SIGNATURE-----

Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

Pull ARM SoC fixes from Olof Johansson:
 "A couple of fixes have come in that would be good to include in this
  release:

   - A fix for amount of memory on Beaglebone Black. Surfaced now since
     GRUB2 doesn't update memory size in the booted kernel.

   - A fix to make SPI interfaces work on am43x-epos-evm.

   - Small Kconfig fix for OPTEE (adds a depend on MMU) to avoid build
     failures"

* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
  ARM: dts: am43x-epos-evm: set data pin directions for spi0 and spi1
  tee: optee: Fix compilation issue with nommu
  ARM: dts: am335x-boneblack-common: fix memory size
2020-01-25 14:08:43 -08:00
Wenwen Wang
fa865ba183 firestream: fix memory leaks
In fs_open(), 'vcc' is allocated through kmalloc() and assigned to
'atm_vcc->dev_data.' In the following execution, if an error occurs, e.g.,
there is no more free channel, an error code EBUSY or ENOMEM will be
returned. However, 'vcc' is not deallocated, leading to memory leaks. Note
that, in normal cases where fs_open() returns 0, 'vcc' will be deallocated
in fs_close(). But, if fs_open() fails, there is no guarantee that
fs_close() will be invoked.

To fix this issue, deallocate 'vcc' before the error code is returned.

Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-25 22:01:51 +01:00
David S. Miller
6badad1c1d Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for net:

1) Missing netlink attribute sanity check for NFTA_OSF_DREG,
   from Florian Westphal.

2) Use bitmap infrastructure in ipset to fix KASAN slab-out-of-bounds
   reads, from Jozsef Kadlecsik.

3) Missing initial CLOSED state in new sctp connection through
   ctnetlink events, from Jiri Wiesner.

4) Missing check for NFT_CHAIN_HW_OFFLOAD in nf_tables offload
   indirect block infrastructure, from wenxu.

5) Add __nft_chain_type_get() to sanity check family and chain type.

6) Autoload modules from the nf_tables abort path to fix races
   reported by syzbot.

7) Remove unnecessary skb->csum update on inet_proto_csum_replace16(),
   from Praveen Chaudhary.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-25 21:40:39 +01:00
Linus Torvalds
a075f23dd4 for-5.5-rc8-tag
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE8rQSAMVO+zA4DBdWxWXV+ddtWDsFAl4sLasACgkQxWXV+ddt
 WDsegg/8CBQ1/pGj+8mvf+ws6f71Av8jspY2Ebr+HCjaGhD2MG3HI1kA5gC9Qnbb
 fQVd12M5ma2BTrIcszxwm+VMIMlDotRFzfAp8uuFJtW0aAEGMCboX6VRYWa/4I0o
 SmgJg0RYh926VL73qSe3S72pfIYjar30RwjVIVTmsHxL/D/lEkrHg6IGKRCe/MaN
 eQipth3iuFtcWmGm1+DxEySsOs7AMPg3wL8KVnQcYoDI2kg3BXFH9a4wTE6VmWsU
 ZjonJBA/Rl8oA2YOVDum4mL5j2c5RulWEymdVKyo1oH+8kLDOQ8snd7Bxp3qtJ1C
 gdVbS8gi7gT5/C+yex+ZWlAdfmCSGWj7dr7jjiELZhTrsBhtS7y+GM52GivSrJ3z
 TciNQtF/Y0SrZGprPMgVGAHuIKWWwSmWJPmkRB4zv/5efFFdKg8/UmcRmh6dMo83
 IF4VPEBQgJLj3ja9Wns5yvW9asKNcynGeFK7aV+BlGW/wuvBW9o017c4Q04dXSAK
 iFpipJaR/6ZGmXlRQLa1uyKWVHNIfSFT47WJqa6Dbo6iWRE/S/MhfkZU42z2A3H9
 O2qMWmZikZnPCkha6fWyNJEDxF3imC+/LBsYoEuVPR7kZ/irDnI1cJNsTocOlyj1
 kgFtL5MnCBHCop9/tPGiVdin9ilHJs3q2kAkR5BNCSEqhC8mo4g=
 =IPUk
 -----END PGP SIGNATURE-----

Merge tag 'for-5.5-rc8-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux

Pull btrfs fix from David Sterba:
 "Here's a last minute fix for a regression introduced in this
  development cycle.

  There's a small chance of a silent corruption when device replace and
  NOCOW data writes happen at the same time in one block group. Metadata
  or COW data writes are unaffected.

  The extra fixup patch is there to silence an unnecessary warning"

* tag 'for-5.5-rc8-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
  btrfs: dev-replace: remove warning for unknown return codes when finished
  btrfs: scrub: Require mandatory block group RO for dev-replace
2020-01-25 10:55:24 -08:00
Linus Torvalds
93d1a05ea6 A single fix for the Intel Sunrisepoint pin controller
that makes the interrupts work properly on it.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEElDRnuGcz/wPCXQWMQRCzN7AZXXMFAl4sHZcACgkQQRCzN7AZ
 XXMoBxAAsgUg2OpxtGyyevERgDMfsPHuhhniIP4NoVuZWHqch61hWubSds529Vka
 Ly4ikV94WW7BwxK9ndOTqy8tUgjcDWGn1+oO8nWbSby/pX3G6MA+q5R/BJRFBrE2
 THvyIT1fPhfDTmdvqJEULh+FrqLe3Bz6v1G/VqLaYgy2yCg0gNxHnaQwAcvV2Mlz
 GRhHULoPfIvwJG1P40+R27Q7YQUV+yxpoaITvqUfOlN7unD01Thb89uCYyzGOFRh
 gi3Q2UnOeW7W32R8pwnmXzJv6dMTucM10xE7k5Clsrot8wUtT1APbHeWPnY/Li+W
 NPWBxfSRzjsbRsRbLz1sBpcv72hYsMz0ELYqQMlY++fF3fs9sD2sPArgEnwxvk2U
 t7JQ7IWd16l1DVVksVyp6QNv/Q8oLdNRjbp8feBV7SIvuPGCrLZ9q7Ao5v2p7aMT
 M5WNpBqZqziObtq3kaR0ospg00UfNtt/YFpEWhwzR+cfj/YsvYgitjMf+z9olWhy
 QEnzws3yT6TTQ2Ccvtc21VxHp6mDx69SZQhlD3+G2Y5V1XtSpl1oiyDXW1/eToGQ
 UONRkjD7dbvRlunL6FxGAIMndhIRQ5WXcvvlzCzTYX1l8HO8V98c6jjxign+jbXt
 bzv2x+fgH7YF8A941yhpwYej/jxVg3X0C6RQCeizQfBY8Nq7nhI=
 =0GUt
 -----END PGP SIGNATURE-----

Merge tag 'pinctrl-v5.5-5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl

Pull pin control fix from Linus Walleij:
 "A single fix for the Intel Sunrisepoint pin controller that makes the
  interrupts work properly on it"

* tag 'pinctrl-v5.5-5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
  pinctrl: sunrisepoint: Add missing Interrupt Status register offset
2020-01-25 10:46:07 -08:00
David S. Miller
722943a54d mlx5-fixes-2020-01-24
-----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEGhZs6bAKwk/OTgTpSD+KveBX+j4FAl4rTdoACgkQSD+KveBX
 +j5wiAgAtlGxIVKMpbJN7DIJNQ3rLGwTjPdVUFSRvHB+krVV9/ym02bIBIEphSPu
 ZEF53eJMtJ0XIdUjvAyKA+zJg9p12vewbGpYV/LdjBNikHatMPGvR4grDgB9pnqT
 tIxH6b4vzh5p/bMcP5l4yuVG6pf/ERdxQqsa93Op9xJzOkMH+A2KA/G32VHL2OmH
 619hrWRVA/UVG0wUcOaX6ra+QA5EQ3lhcrvqL702k4JhIZPtG7Ndmm0+Z0nrDiIm
 oXfc1236nc3emkijQczEZ+6oYiuYQ7WSKxZeS+8Bnmc3ZZ2w2RZrC7UCOadGzu12
 +0XYfMsD2FWwEim52IZK/VMPtykjZw==
 =i5Au
 -----END PGP SIGNATURE-----

Merge tag 'mlx5-fixes-2020-01-24' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux

Saeed Mahameed says:

====================
Mellanox, mlx5 fixes 2020-01-24

This series introduces some fixes to mlx5 driver.

Please pull and let me know if there is any problem.

Merge conflict: once merge with net-next, a contextual conflict will
appear in drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
since the code moved in net-next.
To resolve, just delete ALL of the conflicting hunk from net.
So sorry for the small mess ..

For -stable v5.4:
 ('net/mlx5: Update the list of the PCI supported devices')
 ('net/mlx5: Fix lowest FDB pool size')
 ('net/mlx5e: kTLS, Fix corner-case checks in TX resync flow')
 ('net/mlx5e: kTLS, Do not send decrypted-marked SKBs via non-accel path')
 ('net/mlx5: Eswitch, Prevent ingress rate configuration of uplink rep')
 ('net/mlx5e: kTLS, Remove redundant posts in TX resync flow')
 ('net/mlx5: DR, Enable counter on non-fwd-dest objects')
 ('net/mlx5: DR, use non preemptible call to get the current cpu number')
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-25 13:46:00 +01:00
David Sterba
4cea9037f8 btrfs: dev-replace: remove warning for unknown return codes when finished
The fstests btrfs/011 triggered a warning at the end of device replace,

  [ 1891.998975] BTRFS warning (device vdd): failed setting block group ro: -28
  [ 1892.038338] BTRFS error (device vdd): btrfs_scrub_dev(/dev/vdd, 1, /dev/vdb) failed -28
  [ 1892.059993] ------------[ cut here ]------------
  [ 1892.063032] WARNING: CPU: 2 PID: 2244 at fs/btrfs/dev-replace.c:506 btrfs_dev_replace_start.cold+0xf9/0x140 [btrfs]
  [ 1892.074346] CPU: 2 PID: 2244 Comm: btrfs Not tainted 5.5.0-rc7-default+ #942
  [ 1892.079956] RIP: 0010:btrfs_dev_replace_start.cold+0xf9/0x140 [btrfs]

  [ 1892.096576] RSP: 0018:ffffbb58c7b3fd10 EFLAGS: 00010286
  [ 1892.098311] RAX: 00000000ffffffe4 RBX: 0000000000000001 RCX: 8888888888888889
  [ 1892.100342] RDX: 0000000000000001 RSI: ffff9e889645f5d8 RDI: ffffffff92821080
  [ 1892.102291] RBP: ffff9e889645c000 R08: 000001b8878fe1f6 R09: 0000000000000000
  [ 1892.104239] R10: ffffbb58c7b3fd08 R11: 0000000000000000 R12: ffff9e88a0017000
  [ 1892.106434] R13: ffff9e889645f608 R14: ffff9e88794e1000 R15: ffff9e88a07b5200
  [ 1892.108642] FS:  00007fcaed3f18c0(0000) GS:ffff9e88bda00000(0000) knlGS:0000000000000000
  [ 1892.111558] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  [ 1892.113492] CR2: 00007f52509ff420 CR3: 00000000603dd002 CR4: 0000000000160ee0

  [ 1892.115814] Call Trace:
  [ 1892.116896]  btrfs_dev_replace_by_ioctl+0x35/0x60 [btrfs]
  [ 1892.118962]  btrfs_ioctl+0x1d62/0x2550 [btrfs]

caused by the previous patch ("btrfs: scrub: Require mandatory block
group RO for dev-replace"). Hitting ENOSPC is possible and could happen
when the block group is set read-only, preventing NOCOW writes to the
area that's being accessed by dev-replace.

This has happend with scratch devices of size 12G but not with 5G and
20G, so this is depends on timing and other activity on the filesystem.
The whole replace operation is restartable, the space state should be
examined by the user in any case.

The error code is propagated back to the ioctl caller so the kernel
warning is causing false alerts.

Signed-off-by: David Sterba <dsterba@suse.com>
2020-01-25 12:49:12 +01:00
Michael Ellerman
3546d8f1bb net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM
The cxgb3 driver for "Chelsio T3-based gigabit and 10Gb Ethernet
adapters" implements a custom ioctl as SIOCCHIOCTL/SIOCDEVPRIVATE in
cxgb_extension_ioctl().

One of the subcommands of the ioctl is CHELSIO_GET_MEM, which appears
to read memory directly out of the adapter and return it to userspace.
It's not entirely clear what the contents of the adapter memory
contains, but the assumption is that it shouldn't be accessible to all
users.

So add a CAP_NET_ADMIN check to the CHELSIO_GET_MEM case. Put it after
the is_offload() check, which matches two of the other subcommands in
the same function which also check for is_offload() and CAP_NET_ADMIN.

Found by Ilja by code inspection, not tested as I don't have the
required hardware.

Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-25 10:50:42 +01:00
Florian Fainelli
148965df1a net: bcmgenet: Use netif_tx_napi_add() for TX NAPI
Before commit 7587935cfa ("net: bcmgenet: move NAPI initialization to
ring initialization") moved the code, this used to be
netif_tx_napi_add(), but we lost that small semantic change in the
process, restore that.

Fixes: 7587935cfa ("net: bcmgenet: move NAPI initialization to ring initialization")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Acked-by: Doug Berger <opendmb@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-25 10:31:28 +01:00
Jon Maloy
61b1f2aff4 tipc: change maintainer email address
Reflecting new realities.

Signed-off-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-25 10:18:02 +01:00
Ajay Gupta
b9f0b2f634 net: stmmac: platform: fix probe for ACPI devices
Use generic device API to get phy mode to fix probe failure
with ACPI based devices.

Signed-off-by: Ajay Gupta <ajayg@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-25 10:09:47 +01:00
Linus Torvalds
d5d359b0ac Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
Pull input fixes from Dmitry Torokhov:

 - add sanity checks to USB endpoints in various dirvers

 - max77650-onkey was missing an OF table which was preventing module
   autoloading

 - a revert and a different fix for F54 handling in Synaptics dirver

 - a fixup for handling register in pm8xxx vibrator driver

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: pm8xxx-vib - fix handling of separate enable register
  Input: keyspan-remote - fix control-message timeouts
  Input: max77650-onkey - add of_match table
  Input: rmi_f54 - read from FIFO in 32 byte blocks
  Revert "Input: synaptics-rmi4 - don't increment rmiaddr for SMBus transfers"
  Input: sur40 - fix interface sanity checks
  Input: gtco - drop redundant variable reinit
  Input: gtco - fix extra-descriptor debug message
  Input: gtco - fix endpoint sanity check
  Input: aiptek - use descriptors of current altsetting
  Input: aiptek - fix endpoint sanity check
  Input: pegasus_notetaker - fix endpoint sanity check
  Input: sun4i-ts - add a check for devm_thermal_zone_of_sensor_register
  Input: evdev - convert kzalloc()/vzalloc() to kvzalloc()
2020-01-24 19:27:42 -08:00
Olof Johansson
6716cb162d Few minor fixes for omaps
Looks like we have wrong default memory size for beaglebone black,
 it has at least 512 MB of RAM and not 256 MB. This causes an issue
 when booted with GRUB2 that does not seem to pass memory info to
 the kernel.
 
 And for am43x-epos-evm the SPI pin directions need to be configured
 for SPI to work.
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEEkgNvrZJU/QSQYIcQG9Q+yVyrpXMFAl4rSQkRHHRvbnlAYXRv
 bWlkZS5jb20ACgkQG9Q+yVyrpXMSeg//f607jg+6RqkJ6dMczxBSHpkAYSdGBjpB
 nwa8O7jNbHfjtUGXTm+9Xx7sKXTR+600lobgMYguRlitTYNtC2jQG5ux92/6sTU/
 5qB6m0qkhMqOKDOI2AZ1wIcc6PP067M7x+il0Rs9/PRdIaDNUMHsNZ6+sxEWUR7N
 1vcYMz3PL8KW/ucAWxBO4NeMDwg5vi6dIILBl63sBlrH6AgYTVT8LqNhSysZWmXY
 Gj5JNIt+FjvhKGYNnD1jeFYX/+TQH10B8Ouepj6ixdcXaA4v0553S7S7R3HYR+l8
 +AFcWB1TMuvlNv5vbnVd+PUXhhyByVDQv15/92i+rKMXUxxdLZDuKeqa3/GbL/vI
 oU5ShNXWQ7C7g+SrxYfHT0OQz38j7TUOKrRJKBxFYykneoC33uwpSaAUTSN0PuXT
 MA7RJVBtjHe8tfbkII3UqqvHxmVB1TAkj9TE9y21Dznlq2fyq7w/13UNS67VCZ57
 4vO722ULOHVLnTmwH6gA+e1Cjhiz17fJJq3wpDTqqn0As4cuLOAio7PmHgNcm2YG
 Qg9MVQV2Rj3YGdxGVDKCfTOLt4tQzJ8qbN0o7XIp0CgyK7Sg2djcjzUMtJDx++Ez
 6tRmyfcY/GD5ykPfEUXvJcDWw0tIFSRUQMtXMi3vnuNh5mYFQ2ciQB5KkPBhyTST
 CaAAg8vCvek=
 =XXZc
 -----END PGP SIGNATURE-----

Merge tag 'omap-for-fixes-whenever-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into arm/fixes

Few minor fixes for omaps

Looks like we have wrong default memory size for beaglebone black,
it has at least 512 MB of RAM and not 256 MB. This causes an issue
when booted with GRUB2 that does not seem to pass memory info to
the kernel.

And for am43x-epos-evm the SPI pin directions need to be configured
for SPI to work.

* tag 'omap-for-fixes-whenever-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
  ARM: dts: am43x-epos-evm: set data pin directions for spi0 and spi1
  ARM: dts: am335x-boneblack-common: fix memory size

Link: https://lore.kernel.org/r/pull-1579895109-287828@atomide.com
Signed-off-by: Olof Johansson <olof@lixom.net>
2020-01-24 12:05:33 -08:00
Olof Johansson
088307d216 Fix OP-TEE compile error with nommu
-----BEGIN PGP SIGNATURE-----
 
 iQJOBAABCgA4FiEEcK3MsDvGvFp6zV9ztbC4QZeP7NMFAl4pbiIaHGplbnMud2lr
 bGFuZGVyQGxpbmFyby5vcmcACgkQtbC4QZeP7NP14w//ZIO2PDmn/f7w3qafb+Gx
 bXWqpqNgr/kC7T1Z21vyTozTyqW3ZXv3VpONGqyYSzD8skW80LPq6MjySTCBcCIS
 AcpooDIA/jXMa52lmDv8nNzr2IuULKGEZk4kBY4zzlzW6hrASUuLqo7W7qkN4xkh
 Tpu38r7k6FPir0R4oCphG4TPUS9B7vN0fmgN+bJXNFC1pn/fUzJa14k5FVPVqi8w
 Z71s2NXTV95dmRgNM5DQNXUbdS4TY5mhnZfdFCxo0f39cob7oTM4e0Ii1b280lQv
 xsiAfTbPAOPhchrMf12TqD53TvECUe/7SoAoaZpHSepkxQ2vqD+JBCkADfdTmPje
 FhCaTVix6eJLIMgvrFaiWfmKkuLwQY2k50nLDlIfHVgRZhsChrjsaP8gAJf8VYcN
 4zzmDeDm4dDewpp/+KjnUVXuxtYLI9Zc1QnKXyoRfuBBQuVH5pcSbCrt4cn8PPtk
 4KpW6Of+oKPt7uQSCEIejell8ew/X/WPFQN0dDaaJYtlT4kuityDWwNrebfdtZ/2
 1GeS5yrc+weG4Sl+ATK7wtAeIA84c4wYyI2NkJffZAikXmy9VkYmmOyJL6+SPAp4
 Ff7hvbVJatEeCeMcM44R8C8KmsCY5n4cz1SpxpACzrAxNiWzOfbsI0HCDeelFlVD
 wF6kGTYn3B3afDTcRdeRQGs=
 =JTLy
 -----END PGP SIGNATURE-----

Merge tag 'tee-optee-fix2-for-5.5' of https://git.linaro.org:/people/jens.wiklander/linux-tee into arm/fixes

Fix OP-TEE compile error with nommu

* tag 'tee-optee-fix2-for-5.5' of https://git.linaro.org:/people/jens.wiklander/linux-tee:
  tee: optee: Fix compilation issue with nommu

Link: https://lore.kernel.org/r/20200123101310.GA10320@jax
Signed-off-by: Olof Johansson <olof@lixom.net>
2020-01-24 12:05:08 -08:00
Tariq Toukan
342508c1c7 net/mlx5e: kTLS, Do not send decrypted-marked SKBs via non-accel path
When TCP out-of-order is identified (unexpected tcp seq mismatch), driver
analyzes the packet and decides what handling should it get:
1. go to accelerated path (to be encrypted in HW),
2. go to regular xmit path (send w/o encryption),
3. drop.

Packets marked with skb->decrypted by the TLS stack in the TX flow skips
SW encryption, and rely on the HW offload.
Verify that such packets are never sent un-encrypted on the wire.
Add a WARN to catch such bugs, and prefer dropping the packet in these cases.

Fixes: 46a3ea9807 ("net/mlx5e: kTLS, Enhance TX resync flow")
Signed-off-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
2020-01-24 12:04:40 -08:00
Tariq Toukan
1e92899791 net/mlx5e: kTLS, Remove redundant posts in TX resync flow
The call to tx_post_resync_params() is done earlier in the flow,
the post of the control WQEs is unnecessarily repeated. Remove it.

Fixes: 700ec49742 ("net/mlx5e: kTLS, Fix missing SQ edge fill")
Signed-off-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
2020-01-24 12:04:37 -08:00
Tariq Toukan
ffbd9ca94e net/mlx5e: kTLS, Fix corner-case checks in TX resync flow
There are the following cases:

1. Packet ends before start marker: bypass offload.
2. Packet starts before start marker and ends after it: drop,
   not supported, breaks contract with kernel.
3. packet ends before tls record info starts: drop,
   this packet was already acknowledged and its record info
   was released.

Add the above as comment in code.

Mind possible wraparounds of the TCP seq, replace the simple comparison
with a call to the TCP before() method.

In addition, remove logic that handles negative sync_len values,
as it became impossible.

Fixes: d2ead1f360 ("net/mlx5e: Add kTLS TX HW offload support")
Fixes: 46a3ea9807 ("net/mlx5e: kTLS, Enhance TX resync flow")
Signed-off-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
2020-01-24 12:04:35 -08:00
Dmytro Linkin
3b83b6c2e0 net/mlx5e: Clear VF config when switching modes
Currently VF in LEGACY mode are not able to go up. Also in OFFLOADS
mode, when switching to it first time, VF can go up independently to
his representor, which is not expected.
Perform clearing of VF config when switching modes and set link state
to AUTO as default value. Also, when switching to OFFLOADS mode set
link state to DOWN, which allow VF link state to be controlled by its
REP.

Fixes: 1ab2068a4c ("net/mlx5: Implement vports admin state backup/restore")
Fixes: 556b9d16d3 ("net/mlx5: Clear VF's configuration on disabling SRIOV")
Signed-off-by: Dmytro Linkin <dmitrolin@mellanox.com>
Signed-off-by: Roi Dayan <roid@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
2020-01-24 12:04:32 -08:00
Erez Shitrit
c0702a4bd4 net/mlx5: DR, use non preemptible call to get the current cpu number
Use raw_smp_processor_id instead of smp_processor_id() otherwise we will
get the following trace in debug-kernel:
	BUG: using smp_processor_id() in preemptible [00000000] code: devlink
	caller is dr_create_cq.constprop.2+0x31d/0x970 [mlx5_core]
	Call Trace:
	dump_stack+0x9a/0xf0
	debug_smp_processor_id+0x1f3/0x200
	dr_create_cq.constprop.2+0x31d/0x970
	genl_family_rcv_msg+0x5fd/0x1170
	genl_rcv_msg+0xb8/0x160
	netlink_rcv_skb+0x11e/0x340

Fixes: 297cccebdc ("net/mlx5: DR, Expose an internal API to issue RDMA operations")
Signed-off-by: Erez Shitrit <erezsh@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
2020-01-24 12:04:29 -08:00
Eli Cohen
e401a1848b net/mlx5: E-Switch, Prevent ingress rate configuration of uplink rep
Since the implementation relies on limiting the VF transmit rate to
simulate ingress rate limiting, and since either uplink representor or
ecpf are not associated with a VF, we limit the rate limit configuration
for those ports.

Fixes: fcb64c0f56 ("net/mlx5: E-Switch, add ingress rate support")
Signed-off-by: Eli Cohen <eli@mellanox.com>
Reviewed-by: Roi Dayan <roid@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
2020-01-24 12:04:27 -08:00
Erez Shitrit
b850a82114 net/mlx5: DR, Enable counter on non-fwd-dest objects
The current code handles only counters that attached to dest, we still
have the cases where we have counter on non-dest, like over drop etc.

Fixes: 6a48faeeca ("net/mlx5: Add direct rule fs_cmd implementation")
Signed-off-by: Hamdan Igbaria <hamdani@mellanox.com>
Signed-off-by: Erez Shitrit <erezsh@mellanox.com>
Reviewed-by: Alex Vesker <valex@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
2020-01-24 12:04:25 -08:00
Meir Lichtinger
505a7f5478 net/mlx5: Update the list of the PCI supported devices
Add the upcoming ConnectX-7 device ID.

Fixes: 85327a9c41 ("net/mlx5: Update the list of the PCI supported devices")
Signed-off-by: Meir Lichtinger <meirl@mellanox.com>
Reviewed-by: Eran Ben Elisha <eranbe@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
2020-01-24 12:04:22 -08:00
Paul Blakey
93b8a7ecb7 net/mlx5: Fix lowest FDB pool size
The pool sizes represent the pool sizes in the fw. when we request
a pool size from fw, it will return the next possible group.
We track how many pools the fw has left and start requesting groups
from the big to the small.
When we start request 4k group, which doesn't exists in fw, fw
wants to allocate the next possible size, 64k, but will fail since
its exhausted. The correct smallest pool size in fw is 128 and not 4k.

Fixes: e52c280240 ("net/mlx5: E-Switch, Add chains and priorities")
Signed-off-by: Paul Blakey <paulb@mellanox.com>
Reviewed-by: Roi Dayan <roid@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
2020-01-24 12:04:20 -08:00
Praveen Chaudhary
189c9b1e94 net: Fix skb->csum update in inet_proto_csum_replace16().
skb->csum is updated incorrectly, when manipulation for
NF_NAT_MANIP_SRC\DST is done on IPV6 packet.

Fix:
There is no need to update skb->csum in inet_proto_csum_replace16(),
because update in two fields a.) IPv6 src/dst address and b.) L4 header
checksum cancels each other for skb->csum calculation. Whereas
inet_proto_csum_replace4 function needs to update skb->csum, because
update in 3 fields a.) IPv4 src/dst address, b.) IPv4 Header checksum
and c.) L4 header checksum results in same diff as L4 Header checksum
for skb->csum calculation.

[ pablo@netfilter.org: a few comestic documentation edits ]
Signed-off-by: Praveen Chaudhary <pchaudhary@linkedin.com>
Signed-off-by: Zhenggen Xu <zxu@linkedin.com>
Signed-off-by: Andy Stracner <astracner@linkedin.com>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2020-01-24 20:54:30 +01:00
Pablo Neira Ayuso
eb014de4fd netfilter: nf_tables: autoload modules from the abort path
This patch introduces a list of pending module requests. This new module
list is composed of nft_module_request objects that contain the module
name and one status field that tells if the module has been already
loaded (the 'done' field).

In the first pass, from the preparation phase, the netlink command finds
that a module is missing on this list. Then, a module request is
allocated and added to this list and nft_request_module() returns
-EAGAIN. This triggers the abort path with the autoload parameter set on
from nfnetlink, request_module() is called and the module request enters
the 'done' state. Since the mutex is released when loading modules from
the abort phase, the module list is zapped so this is iteration occurs
over a local list. Therefore, the request_module() calls happen when
object lists are in consistent state (after fulling aborting the
transaction) and the commit list is empty.

On the second pass, the netlink command will find that it already tried
to load the module, so it does not request it again and
nft_request_module() returns 0. Then, there is a look up to find the
object that the command was missing. If the module was successfully
loaded, the command proceeds normally since it finds the missing object
in place, otherwise -ENOENT is reported to userspace.

This patch also updates nfnetlink to include the reason to enter the
abort phase, which is required for this new autoload module rationale.

Fixes: ec7470b834 ("netfilter: nf_tables: store transaction list locally while requesting module")
Reported-by: syzbot+29125d208b3dae9a7019@syzkaller.appspotmail.com
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2020-01-24 20:54:29 +01:00
Pablo Neira Ayuso
826035498e netfilter: nf_tables: add __nft_chain_type_get()
This new helper function validates that unknown family and chain type
coming from userspace do not trigger an out-of-bound array access. Bail
out in case __nft_chain_type_get() returns NULL from
nft_chain_parse_hook().

Fixes: 9370761c56 ("netfilter: nf_tables: convert built-in tables/chains to chain types")
Reported-by: syzbot+156a04714799b1d480bc@syzkaller.appspotmail.com
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2020-01-24 20:54:28 +01:00
wenxu
c83de17dd6 netfilter: nf_tables_offload: fix check the chain offload flag
In the nft_indr_block_cb the chain should check the flag with
NFT_CHAIN_HW_OFFLOAD.

Fixes: 9a32669fec ("netfilter: nf_tables_offload: support indr block call")
Signed-off-by: wenxu <wenxu@ucloud.cn>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2020-01-24 20:54:11 +01:00
Linus Torvalds
6381b44283 IOMMU Fixes for Linux v5.5-rc7
Two Fixes:
 
 	- Fix NULL-ptr dereference bug in Intel IOMMU driver
 
 	- Properly safe and restore AMD IOMMU performance counter
 	  registers when testing if they are writable.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEr9jSbILcajRFYWYyK/BELZcBGuMFAl4rKJ0ACgkQK/BELZcB
 GuM8BxAAse7i4EAB0DZ26aDVU/ZZAGBTc5pH+7IOvuGFWpu3Ik7siltMZKTa56XD
 5reQl1hUHyBesdwNcd+ZQz/0QzgMu0zEcxJtzLD5nbk2Rp1pDYab84+wA0oqftmN
 7TBqPJjqGYfnfkobPW+4SaiCSxM6XKEXYaJvXqF6dsz5fLHHqTVjGyEXuu0pWey5
 1AG1nNWey5TobR39ZUNVIGUEf4ftN8tOGutjGKch29OmMg1UkHZjDyYpVJurjSUl
 1YDf0WA2X5cUWzRg519o9Uxs+5y/tBItS2qMJ/Uwh1fp/kOYrGoEPXRH9brU3owh
 j8kVKyz/cNlvhdJN/QPVq/A+GBgzAq+u9FUGH68LBVx05cuCRGWb6qP/blEZWUSA
 zQvbHPIPqPBK0pYtbVCgJFCpOS5C6X33RMgbRr3XncAItmfEp2FH7tcHIsDZUzmO
 EGBgSPrhRFJrgfa3hopc93L4OEHmGy+20o7oT4kk0SBcHVDSyDZVBu1lX+/gAZKd
 ZoV5FyF9KNB+qQQ6E+vpL5gLh7BWiBgOI41Bdw5ut09I0gYURPdFWUPHRFwHK1/1
 KTSWLyuLkS4VxdhcwhA30eVmSrbfocPPwuUxcGn2p1YnaycFkDNoJnhifvFiOS6w
 tFOJ3wEVL2OX7On6U3jviVy7MQapX3MvWrWKlgg/UoMv36dbqRA=
 =ViDp
 -----END PGP SIGNATURE-----

Merge tag 'iommu-fixes-v5.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu

Pull iommu fixes from Joerg Roedel:
 "Two fixes:

   - Fix NULL-ptr dereference bug in Intel IOMMU driver

   - Properly save and restore AMD IOMMU performance counter registers
     when testing if they are writable"

* tag 'iommu-fixes-v5.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
  iommu/amd: Fix IOMMU perf counter clobbering during init
  iommu/vt-d: Call __dmar_remove_one_dev_info with valid pointer
2020-01-24 09:56:59 -08:00
Linus Torvalds
3c45d7510c powerpc fixes for 5.5 #6
Fix our hash MMU code to avoid having overlapping ids between user and kernel,
 which isn't as bad as it sounds but led to crashes on some machines.
 
 A fix for the Power9 XIVE interrupt code, which could return the wrong interrupt
 state in obscure error conditions.
 
 A minor Kconfig fix for the recently added CONFIG_PPC_UV code.
 
 Thanks to:
   Aneesh Kumar K.V, Bharata B Rao, Cédric Le Goater, Frederic Barrat.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEJFGtCPCthwEv2Y/bUevqPMjhpYAFAl4q3iMTHG1wZUBlbGxl
 cm1hbi5pZC5hdQAKCRBR6+o8yOGlgM1fEAC7YefQZsuIstV2bNH9xFJe/oEOSLWt
 DqZYfWZRBRZRdRMAP7+hmXpsLfHAB3QSGv4yEc2Pgm5Y5vYuv8MWqEKkpJoivIPW
 /Fu7mNGI06IWinMyl59dLA5fXPNeOzSNcdPnBdIUC/62XU414IGsy273X3LN4YiM
 hfXSpPA3tpSjVBTeqfKTJowXWMOvbkwiHMs2ziAu4Y9GDauJsU0UiOxMkl2MYT7Z
 PULO/SrjYSbP8+MazD/YdJ5k7F4rNV3bVDPUCU305tKIkrqRmBs+8DXjeUAMWVjj
 y2huUZ/0XXsr8QZyyGfMhEC1sJKAD3colG4LHUysbWz1oInY93CvXELdPAMXhqrH
 xXTzx9ae74Xk7t7WaGgq5xJGHJCDSg1aA2HPkUg6Gbk6iJIztOCkKMdSPvFMo18S
 p+Kjis8db83RPXQm3ooW7s/xhp6AaDiXd8khQ7A2efgt4SDTSPFvgv2q4CMDC1lP
 njchgzgPJ635MSd3CC/u6i7eViuUylb6SfhFVYY0DqOOvNJVrj1W6M4N7tpWSrRS
 PXJI2/NwlL3WIajKO3KfqTRI7QaSLtccTrXGLiGBxx/ooAowP94/WL3CYJAeuO2F
 NmA1GXH6/WXvzMMNm5NB0kCOUOOhtJk/MFuO7Agly6YL9p36fqVz4WIJVAqtwJLO
 uPu0xASJCgp9Mg==
 =r/RM
 -----END PGP SIGNATURE-----

Merge tag 'powerpc-5.5-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

Pull powerpc fixes from Michael Ellerman:
 "Some more powerpc fixes for 5.5:

   - Fix our hash MMU code to avoid having overlapping ids between user
     and kernel, which isn't as bad as it sounds but led to crashes on
     some machines.

   - A fix for the Power9 XIVE interrupt code, which could return the
     wrong interrupt state in obscure error conditions.

   - A minor Kconfig fix for the recently added CONFIG_PPC_UV code.

  Thanks to Aneesh Kumar K.V, Bharata B Rao, Cédric Le Goater, Frederic
  Barrat"

* tag 'powerpc-5.5-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  powerpc/mm/hash: Fix sharing context ids between kernel & userspace
  powerpc/xive: Discard ESB load value when interrupt is invalid
  powerpc: Ultravisor: Fix the dependencies for CONFIG_PPC_UV
2020-01-24 09:49:20 -08:00
Linus Torvalds
274adbff45 drm fixes for 5.5-rc8
core/mst:
 - Fix SST branch device handling
 
 amdgpu:
 - enable renoir outside experimental
 
 i915:
 - Avoid overflow with huge userptr objects
 - uAPI fix to correctly handle negative values in
   engine->uabi_class/instance (cc: stable)
 
 panfrost:
 - Fix mapping of globally visible BO's (Boris)
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJeKoezAAoJEAx081l5xIa+hRMP/jC45Om4YDtsoH+75v41mYfO
 yUt1jBsCDXHAvPjBbRcoM2kbZU+ZcaDR4EZS7lA7QTW5CAosqzxrGdkzGobjmj5v
 TN/0BWWyQYtQ+lbt/pUxM+kktaV9IkjZIAUlW3msCwKsYE+nPIWfXDnW2ioFpitk
 sXk3vZYC4Lh6IVJ5PG879nz5XPpo2eb4sYYQ4PTFj65u436NEd8AFqmcDzp64Jhb
 xh1jLSxeS/JROyb/AmTHt0PgrGB5B08U8V7CAJXhIgf7zM28iiA3ynanoO3PauYb
 3uPg8eVdP2tOqcpplV5CBkiw/in2sPgRprMEg66cKYzo9rieWu7nPL+1zmaxD16s
 NIXSmov4Sm7yOS4LAGAckS12ejniy7L6OcP5N2S2Gz0HpIMXluBfLw3d4ZiIW5Q5
 yKdpmrwTfl0IfTiblweaHi8uT4K19vSqoXUf4bFa4UxqeYOtipHnNP907+nDs0JN
 GiHjIvrQJ4KH/A/JAkjEyNzHRAqJhJke84E519UP+mI+8paqzftsbDvf0ADA7nzZ
 q6TbZpTbEPV+NqnaH6n8volfh/WougW2BpxozMO3UP/474AZq1bXJIXi45ksatRW
 Cq0KQP8iI//C0xhCDPs7LQ/XzgkcQtDPZ1Nx6vWjrn6O3DMjKCm0RxZgfKj5CfbJ
 PovYqZQXJ01989DfXfQv
 =K7TY
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-2020-01-24' of git://anongit.freedesktop.org/drm/drm

Pull drm fixes from Dave Airlie:
 "This one has a core mst fix and two i915 fixes. amdgpu just enables
  some hw outside experimental.

  The panfrost fix is a little bigger than I'd like at this stage but it
  fixes a fairly fundamental problem with global shared buffers in that
  driver, and since it's confined to that driver and I've taken a look
  at it, I think it's fine to get into the tree now, so it can get
  stable propagated as well.

  core/mst:
   - Fix SST branch device handling

  amdgpu:
   - enable renoir outside experimental

  i915:
   - Avoid overflow with huge userptr objects
   - uAPI fix to correctly handle negative values in
     engine->uabi_class/instance (cc: stable)

  panfrost:
   - Fix mapping of globally visible BO's (Boris)"

* tag 'drm-fixes-2020-01-24' of git://anongit.freedesktop.org/drm/drm:
  drm/amdgpu: remove the experimental flag for renoir
  drm/panfrost: Add the panfrost_gem_mapping concept
  drm/i915: Align engine->uabi_class/instance with i915_drm.h
  drm/i915/userptr: fix size calculation
  drm/dp_mst: Handle SST-only branch device case
2020-01-24 09:38:04 -08:00
Christophe Leroy
ab10ae1c3b lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user()
The range passed to user_access_begin() by strncpy_from_user() and
strnlen_user() starts at 'src' and goes up to the limit of userspace
although reads will be limited by the 'count' param.

On 32 bits powerpc (book3s/32) access has to be granted for each
256Mbytes segment and the cost increases with the number of segments to
unlock.

Limit the range with 'count' param.

Fixes: 594cc251fd ("make 'user_access_begin()' do 'access_ok()'")
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-01-24 09:27:34 -08:00
Jiri Wiesner
ab658b9fa7 netfilter: conntrack: sctp: use distinct states for new SCTP connections
The netlink notifications triggered by the INIT and INIT_ACK chunks
for a tracked SCTP association do not include protocol information
for the corresponding connection - SCTP state and verification tags
for the original and reply direction are missing. Since the connection
tracking implementation allows user space programs to receive
notifications about a connection and then create a new connection
based on the values received in a notification, it makes sense that
INIT and INIT_ACK notifications should contain the SCTP state
and verification tags available at the time when a notification
is sent. The missing verification tags cause a newly created
netfilter connection to fail to verify the tags of SCTP packets
when this connection has been created from the values previously
received in an INIT or INIT_ACK notification.

A PROTOINFO event is cached in sctp_packet() when the state
of a connection changes. The CLOSED and COOKIE_WAIT state will
be used for connections that have seen an INIT and INIT_ACK chunk,
respectively. The distinct states will cause a connection state
change in sctp_packet().

Signed-off-by: Jiri Wiesner <jwiesner@suse.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2020-01-24 18:26:53 +01:00
Shuah Khan
8c17bbf6c8 iommu/amd: Fix IOMMU perf counter clobbering during init
init_iommu_perf_ctr() clobbers the register when it checks write access
to IOMMU perf counters and fails to restore when they are writable.

Add save and restore to fix it.

Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Fixes: 30861ddc9c ("perf/x86/amd: Add IOMMU Performance Counter resource management")
Reviewed-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Tested-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
2020-01-24 15:28:40 +01:00
Jerry Snitselaar
bf708cfb2f iommu/vt-d: Call __dmar_remove_one_dev_info with valid pointer
It is possible for archdata.iommu to be set to
DEFER_DEVICE_DOMAIN_INFO or DUMMY_DEVICE_DOMAIN_INFO so check for
those values before calling __dmar_remove_one_dev_info. Without a
check it can result in a null pointer dereference. This has been seen
while booting a kdump kernel on an HP dl380 gen9.

Cc: Joerg Roedel <joro@8bytes.org>
Cc: Lu Baolu <baolu.lu@linux.intel.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: stable@vger.kernel.org # 5.3+
Cc: linux-kernel@vger.kernel.org
Fixes: ae23bfb68f ("iommu/vt-d: Detach domain before using a private one")
Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
Acked-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
2020-01-24 15:23:50 +01:00
Qu Wenruo
1bbb97b8ce btrfs: scrub: Require mandatory block group RO for dev-replace
[BUG]
For dev-replace test cases with fsstress, like btrfs/06[45] btrfs/071,
looped runs can lead to random failure, where scrub finds csum error.

The possibility is not high, around 1/20 to 1/100, but it's causing data
corruption.

The bug is observable after commit b12de52896 ("btrfs: scrub: Don't
check free space before marking a block group RO")

[CAUSE]
Dev-replace has two source of writes:

- Write duplication
  All writes to source device will also be duplicated to target device.

  Content:	Not yet persisted data/meta

- Scrub copy
  Dev-replace reused scrub code to iterate through existing extents, and
  copy the verified data to target device.

  Content:	Previously persisted data and metadata

The difference in contents makes the following race possible:
	Regular Writer		|	Dev-replace
-----------------------------------------------------------------
  ^                             |
  | Preallocate one data extent |
  | at bytenr X, len 1M		|
  v				|
  ^ Commit transaction		|
  | Now extent [X, X+1M) is in  |
  v commit root			|
 ================== Dev replace starts =========================
  				| ^
				| | Scrub extent [X, X+1M)
				| | Read [X, X+1M)
				| | (The content are mostly garbage
				| |  since it's preallocated)
  ^				| v
  | Write back happens for	|
  | extent [X, X+512K)		|
  | New data writes to both	|
  | source and target dev.	|
  v				|
				| ^
				| | Scrub writes back extent [X, X+1M)
				| | to target device.
				| | This will over write the new data in
				| | [X, X+512K)
				| v

This race can only happen for nocow writes. Thus metadata and data cow
writes are safe, as COW will never overwrite extents of previous
transaction (in commit root).

This behavior can be confirmed by disabling all fallocate related calls
in fsstress (*), then all related tests can pass a 2000 run loop.

*: FSSTRESS_AVOID="-f fallocate=0 -f allocsp=0 -f zero=0 -f insert=0 \
		   -f collapse=0 -f punch=0 -f resvsp=0"
   I didn't expect resvsp ioctl will fallback to fallocate in VFS...

[FIX]
Make dev-replace to require mandatory block group RO, and wait for current
nocow writes before calling scrub_chunk().

This patch will mostly revert commit 76a8efa171 ("btrfs: Continue replace
when set_block_ro failed") for dev-replace path.

The side effect is, dev-replace can be more strict on avaialble space, but
definitely worth to avoid data corruption.

Reported-by: Filipe Manana <fdmanana@suse.com>
Fixes: 76a8efa171 ("btrfs: Continue replace when set_block_ro failed")
Fixes: b12de52896 ("btrfs: scrub: Don't check free space before marking a block group RO")
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2020-01-24 14:35:56 +01:00
David S. Miller
623c8d5c74 Merge branch 'netdev-seq_file-next-functions-should-increase-position-index'
Vasily Averin says:

====================
netdev: seq_file .next functions should increase position index

In Aug 2018 NeilBrown noticed
commit 1f4aace60b ("fs/seq_file.c: simplify seq_file iteration code and interface")
"Some ->next functions do not increment *pos when they return NULL...
Note that such ->next functions are buggy and should be fixed.
A simple demonstration is

dd if=/proc/swaps bs=1000 skip=1

Choose any block size larger than the size of /proc/swaps.  This will
always show the whole last line of /proc/swaps"

Described problem is still actual. If you make lseek into middle of last output line
following read will output end of last line and whole last line once again.

$ dd if=/proc/swaps bs=1  # usual output
Filename				Type		Size	Used	Priority
/dev/dm-0                               partition	4194812	97536	-2
104+0 records in
104+0 records out
104 bytes copied

$ dd if=/proc/swaps bs=40 skip=1    # last line was generated twice
dd: /proc/swaps: cannot skip to specified offset
v/dm-0                               partition	4194812	97536	-2
/dev/dm-0                               partition	4194812	97536	-2
3+1 records in
3+1 records out
131 bytes copied

There are lot of other affected files, I've found 30+ including
/proc/net/ip_tables_matches and /proc/sysvipc/*

This patch-set fixes files related to netdev@

https://bugzilla.kernel.org/show_bug.cgi?id=206283
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-24 11:42:18 +01:00
Vasily Averin
4fc427e051 ipv6_route_seq_next should increase position index
if seq_file .next fuction does not change position index,
read after some lseek can generate unexpected output.

https://bugzilla.kernel.org/show_bug.cgi?id=206283
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-24 11:42:18 +01:00