aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2022-01-28Merge branch 'ax25-fixes'David S. Miller4-5/+31
Duoming Zhou says: ==================== ax25: fix NPD and UAF bugs when detaching ax25 device There are NPD and UAF bugs when detaching ax25 device, we use lock and refcount to mitigate these bugs. ==================== Signed-off-by: David S. Miller <[email protected]>
2022-01-28ax25: add refcount in ax25_dev to avoid UAF bugsDuoming Zhou4-2/+25
If we dereference ax25_dev after we call kfree(ax25_dev) in ax25_dev_device_down(), it will lead to concurrency UAF bugs. There are eight syscall functions suffer from UAF bugs, include ax25_bind(), ax25_release(), ax25_connect(), ax25_ioctl(), ax25_getname(), ax25_sendmsg(), ax25_getsockopt() and ax25_info_show(). One of the concurrency UAF can be shown as below: (USE) | (FREE) | ax25_device_event | ax25_dev_device_down ax25_bind | ... ... | kfree(ax25_dev) ax25_fillin_cb() | ... ax25_fillin_cb_from_dev() | ... | The root cause of UAF bugs is that kfree(ax25_dev) in ax25_dev_device_down() is not protected by any locks. When ax25_dev, which there are still pointers point to, is released, the concurrency UAF bug will happen. This patch introduces refcount into ax25_dev in order to guarantee that there are no pointers point to it when ax25_dev is released. Signed-off-by: Duoming Zhou <[email protected]> Signed-off-by: David S. Miller <[email protected]>
2022-01-28ax25: improve the incomplete fix to avoid UAF and NPD bugsDuoming Zhou1-3/+6
The previous commit 1ade48d0c27d ("ax25: NPD bug when detaching AX25 device") introduce lock_sock() into ax25_kill_by_device to prevent NPD bug. But the concurrency NPD or UAF bug will occur, when lock_sock() or release_sock() dereferences the ax25_cb->sock. The NULL pointer dereference bug can be shown as below: ax25_kill_by_device() | ax25_release() | ax25_destroy_socket() | ax25_cb_del() ... | ... | ax25->sk=NULL; lock_sock(s->sk); //(1) | s->ax25_dev = NULL; | ... release_sock(s->sk); //(2) | ... | The root cause is that the sock is set to null before dereference site (1) or (2). Therefore, this patch extracts the ax25_cb->sock in advance, and uses ax25_list_lock to protect it, which can synchronize with ax25_cb_del() and ensure the value of sock is not null before dereference sites. The concurrency UAF bug can be shown as below: ax25_kill_by_device() | ax25_release() | ax25_destroy_socket() ... | ... | sock_put(sk); //FREE lock_sock(s->sk); //(1) | s->ax25_dev = NULL; | ... release_sock(s->sk); //(2) | ... | The root cause is that the sock is released before dereference site (1) or (2). Therefore, this patch uses sock_hold() to increase the refcount of sock and uses ax25_list_lock to protect it, which can synchronize with ax25_cb_del() in ax25_destroy_socket() and ensure the sock wil not be released before dereference sites. Signed-off-by: Duoming Zhou <[email protected]> Signed-off-by: David S. Miller <[email protected]>
2022-01-28pinctrl: zynqmp: Revert "Unify pin naming"Gerhard Engleder1-6/+4
This reverts commit 54784ff24971ed5bd3f1056edce998148709d0a7. This patch changes the pin names from "MIO%d" to "MIO-%d", but all dts in arch/arm64/boot/dts/xilinx still use the old name. As a result my ZCU104 has no output on serial terminal and is not reachable over network. Signed-off-by: Gerhard Engleder <[email protected]> Signed-off-by: Andy Shevchenko <[email protected]>
2022-01-28net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for unexpected ↵Yuji Ishikawa1-2/+7
speed request. Variable clk_sel_val is not initialized in the default case of the first switch statement. In that case, the function should return immediately without any changes to the hardware. Reported-by: kernel test robot <[email protected]> Reported-by: Dan Carpenter <[email protected]> Fixes: b38dd98ff8d0 ("net: stmmac: Add Toshiba Visconti SoCs glue driver") Signed-off-by: Yuji Ishikawa <[email protected]> Reviewed-by: Nobuhiro Iwamatsu <[email protected]> Signed-off-by: David S. Miller <[email protected]>
2022-01-28nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client.Dai Ngo1-1/+3
From RFC 7530 Section 16.34.5: o The server has not recorded an unconfirmed { v, x, c, *, * } and has recorded a confirmed { v, x, c, *, s }. If the principals of the record and of SETCLIENTID_CONFIRM do not match, the server returns NFS4ERR_CLID_INUSE without removing any relevant leased client state, and without changing recorded callback and callback_ident values for client { x }. The current code intends to do what the spec describes above but it forgot to set 'old' to NULL resulting to the confirmed client to be expired. Fixes: 2b63482185e6 ("nfsd: fix clid_inuse on mount with security change") Signed-off-by: Dai Ngo <[email protected]> Signed-off-by: Chuck Lever <[email protected]> Reviewed-by: Bruce Fields <[email protected]>
2022-01-28spi: dt-bindings: Fix 'reg' child node schemaRob Herring1-2/+3
The schema for SPI child nodes' 'reg' property is not complete. 'reg' is a matrix of cells. The schema needs to define both the number of 'reg' entries and constraints on each entry. Signed-off-by: Rob Herring <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Mark Brown <[email protected]>
2022-01-28spi: bcm-qspi: check for valid cs before applying chip selectKamal Dasu1-1/+1
Apply only valid chip select value. This change fixes case where chip select is set to initial value of '-1' during probe and PM supend and subsequent resume can try to use the value with undefined behaviour. Also in case where gpio based chip select, the check in bcm_qspi_chip_select() shall prevent undefined behaviour on resume. Fixes: fa236a7ef240 ("spi: bcm-qspi: Add Broadcom MSPI driver") Signed-off-by: Kamal Dasu <[email protected]> Acked-by: Florian Fainelli <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Mark Brown <[email protected]>
2022-01-28ASoC: fsl: Add missing error handling in pcm030_fabric_probeMiaoqian Lin1-3/+8
Add the missing platform_device_put() and platform_device_del() before return from pcm030_fabric_probe in the error handling case. Fixes: c912fa913446 ("ASoC: fsl: register the wm9712-codec") Signed-off-by: Miaoqian Lin <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Mark Brown <[email protected]>
2022-01-28Merge tag 'kvmarm-fixes-5.17-1' of ↵Paolo Bonzini4-15/+28
git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD KVM/arm64 fixes for 5.17, take #1 - Correctly update the shadow register on exception injection when running in nVHE mode - Correctly use the mm_ops indirection when performing cache invalidation from the page-table walker - Restrict the vgic-v3 workaround for SEIS to the two known broken implementations
2022-01-28KVM: eventfd: Fix false positive RCU usage warningHou Wenlong1-4/+4
Fix the following false positive warning: ============================= WARNING: suspicious RCU usage 5.16.0-rc4+ #57 Not tainted ----------------------------- arch/x86/kvm/../../../virt/kvm/eventfd.c:484 RCU-list traversed in non-reader section!! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 3 locks held by fc_vcpu 0/330: #0: ffff8884835fc0b0 (&vcpu->mutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x88/0x6f0 [kvm] #1: ffffc90004c0bb68 (&kvm->srcu){....}-{0:0}, at: vcpu_enter_guest+0x600/0x1860 [kvm] #2: ffffc90004c0c1d0 (&kvm->irq_srcu){....}-{0:0}, at: kvm_notify_acked_irq+0x36/0x180 [kvm] stack backtrace: CPU: 26 PID: 330 Comm: fc_vcpu 0 Not tainted 5.16.0-rc4+ Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x44/0x57 kvm_notify_acked_gsi+0x6b/0x70 [kvm] kvm_notify_acked_irq+0x8d/0x180 [kvm] kvm_ioapic_update_eoi+0x92/0x240 [kvm] kvm_apic_set_eoi_accelerated+0x2a/0xe0 [kvm] handle_apic_eoi_induced+0x3d/0x60 [kvm_intel] vmx_handle_exit+0x19c/0x6a0 [kvm_intel] vcpu_enter_guest+0x66e/0x1860 [kvm] kvm_arch_vcpu_ioctl_run+0x438/0x7f0 [kvm] kvm_vcpu_ioctl+0x38a/0x6f0 [kvm] __x64_sys_ioctl+0x89/0xc0 do_syscall_64+0x3a/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Since kvm_unregister_irq_ack_notifier() does synchronize_srcu(&kvm->irq_srcu), kvm->irq_ack_notifier_list is protected by kvm->irq_srcu. In fact, kvm->irq_srcu SRCU read lock is held in kvm_notify_acked_irq(), making it a false positive warning. So use hlist_for_each_entry_srcu() instead of hlist_for_each_entry_rcu(). Reviewed-by: Sean Christopherson <[email protected]> Signed-off-by: Hou Wenlong <[email protected]> Message-Id: <f98bac4f5052bad2c26df9ad50f7019e40434512.1643265976.git.houwenlong.hwl@antgroup.com> Signed-off-by: Paolo Bonzini <[email protected]>
2022-01-28KVM: nVMX: Allow VMREAD when Enlightened VMCS is in useVitaly Kuznetsov2-16/+51
Hyper-V TLFS explicitly forbids VMREAD and VMWRITE instructions when Enlightened VMCS interface is in use: "Any VMREAD or VMWRITE instructions while an enlightened VMCS is active is unsupported and can result in unexpected behavior."" Windows 11 + WSL2 seems to ignore this, attempts to VMREAD VMCS field 0x4404 ("VM-exit interruption information") are observed. Failing these attempts with nested_vmx_failInvalid() makes such guests unbootable. Microsoft confirms this is a Hyper-V bug and claims that it'll get fixed eventually but for the time being we need a workaround. (Temporary) allow VMREAD to get data from the currently loaded Enlightened VMCS. Note: VMWRITE instructions remain forbidden, it is not clear how to handle them properly and hopefully won't ever be needed. Reviewed-by: Sean Christopherson <[email protected]> Signed-off-by: Vitaly Kuznetsov <[email protected]> Message-Id: <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]>
2022-01-28KVM: nVMX: Implement evmcs_field_offset() suitable for handle_vmread()Vitaly Kuznetsov2-10/+25
In preparation to allowing reads from Enlightened VMCS from handle_vmread(), implement evmcs_field_offset() to get the correct read offset. get_evmcs_offset(), which is being used by KVM-on-Hyper-V, is almost what's needed but a few things need to be adjusted. First, WARN_ON() is unacceptable for handle_vmread() as any field can (in theory) be supplied by the guest and not all fields are defined in eVMCS v1. Second, we need to handle 'holes' in eVMCS (missing fields). It also sounds like a good idea to WARN_ON() if such fields are ever accessed by KVM-on-Hyper-V. Implement dedicated evmcs_field_offset() helper. No functional change intended. Signed-off-by: Vitaly Kuznetsov <[email protected]> Message-Id: <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]>
2022-01-28KVM: nVMX: Rename vmcs_to_field_offset{,_table}Vitaly Kuznetsov3-8/+8
vmcs_to_field_offset{,_table} may sound misleading as VMCS is an opaque blob which is not supposed to be accessed directly. In fact, vmcs_to_field_offset{,_table} are related to KVM defined VMCS12 structure. Rename vmcs_field_to_offset() to get_vmcs12_field_offset() for clarity. No functional change intended. Reviewed-by: Sean Christopherson <[email protected]> Signed-off-by: Vitaly Kuznetsov <[email protected]> Message-Id: <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]>
2022-01-28KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMERVitaly Kuznetsov1-1/+3
Enlightened VMCS v1 doesn't have VMX_PREEMPTION_TIMER_VALUE field, PIN_BASED_VMX_PREEMPTION_TIMER is also filtered out already so it makes sense to filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER too. Note, none of the currently existing Windows/Hyper-V versions are known to enable 'save VMX-preemption timer value' when eVMCS is in use, the change is aimed at making the filtering future proof. Signed-off-by: Vitaly Kuznetsov <[email protected]> Message-Id: <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]>
2022-01-28KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCSVitaly Kuznetsov1-0/+1
Similar to MSR_IA32_VMX_EXIT_CTLS/MSR_IA32_VMX_TRUE_EXIT_CTLS, MSR_IA32_VMX_ENTRY_CTLS/MSR_IA32_VMX_TRUE_ENTRY_CTLS pair, MSR_IA32_VMX_TRUE_PINBASED_CTLS needs to be filtered the same way MSR_IA32_VMX_PINBASED_CTLS is currently filtered as guests may solely rely on 'true' MSR data. Note, none of the currently existing Windows/Hyper-V versions are known to stumble upon the unfiltered MSR_IA32_VMX_TRUE_PINBASED_CTLS, the change is aimed at making the filtering future proof. Signed-off-by: Vitaly Kuznetsov <[email protected]> Message-Id: <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]>
2022-01-28selftests: kvm: check dynamic bits against KVM_X86_XCOMP_GUEST_SUPPPaolo Bonzini3-0/+19
Provide coverage for the new API. Signed-off-by: Paolo Bonzini <[email protected]>
2022-01-28KVM: x86: add system attribute to retrieve full set of supported xsave statesPaolo Bonzini4-1/+58
Because KVM_GET_SUPPORTED_CPUID is meant to be passed (by simple-minded VMMs) to KVM_SET_CPUID2, it cannot include any dynamic xsave states that have not been enabled. Probing those, for example so that they can be passed to ARCH_REQ_XCOMP_GUEST_PERM, requires a new ioctl or arch_prctl. The latter is in fact worse, even though that is what the rest of the API uses, because it would require supported_xcr0 to be moved from the KVM module to the kernel just for this use. In addition, the value would be nonsensical (or an error would have to be returned) until the KVM module is loaded in. Therefore, to limit the growth of system ioctls, add a /dev/kvm variant of KVM_{GET,HAS}_DEVICE_ATTR, and implement it in x86 with just one group (0) and attribute (KVM_X86_XCOMP_GUEST_SUPP). Signed-off-by: Paolo Bonzini <[email protected]>
2022-01-28KVM: x86: Add a helper to retrieve userspace address from kvm_device_attrSean Christopherson1-6/+14
Add a helper to handle converting the u64 userspace address embedded in struct kvm_device_attr into a userspace pointer, it's all too easy to forget the intermediate "unsigned long" cast as well as the truncation check. No functional change intended. Signed-off-by: Sean Christopherson <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]>
2022-01-28xen/x2apic: enable x2apic mode when supported for HVMRoger Pau Monne2-23/+4
There's no point in disabling x2APIC mode when running as a Xen HVM guest, just enable it when available. Remove some unneeded wrapping around the detection functions, and simply provide a xen_x2apic_available helper that's a wrapper around x2apic_supported. Signed-off-by: Roger Pau Monné <[email protected]> Reviewed-by: Boris Ostrovsky <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Juergen Gross <[email protected]>
2022-01-28kselftest/arm64: Correct logging of FPSIMD register read via ptraceMark Brown1-1/+1
There's a cut'n'paste error in the logging for our test for reading register state back via ptrace, correctly say that we did a read instead of a write. Signed-off-by: Mark Brown <[email protected]> Reviewed-by: Shuah Khan <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Catalin Marinas <[email protected]>
2022-01-28kselftest/arm64: Skip VL_INHERIT tests for unsupported vector typesMark Brown1-1/+8
Currently we unconditionally test the ability to set the vector length inheritance flag via ptrace meaning that we generate false failures on systems that don't support SVE when we attempt to set the vector length there. Check the hwcap and mark the tests as skipped when it's not present. Fixes: 0ba1ce1e8605 ("selftests: arm64: Add coverage of ptrace flags for SVE VL inheritance") Signed-off-by: Mark Brown <[email protected]> Reviewed-by: Shuah Khan <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Catalin Marinas <[email protected]>
2022-01-28Merge tag 'ata-5.17-rc2' of ↵Linus Torvalds1-0/+2
git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata Pull ATA fix from Damien Le Moal: "A single fix for 5.17-rc2, adding a missing resource allocation error check in the pata_platform driver, from Zhou" * tag 'ata-5.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata: ata: pata_platform: Fix a NULL pointer dereference in __pata_platform_probe()
2022-01-28ALSA: hda: Fix signedness of sscanf() argumentsTakashi Iwai1-1/+1
The %x format of sscanf() takes an unsigned int pointer, while we pass a signed int pointer. Practically it's OK, but this may result in a compile warning. Let's fix it. Fixes: a235d5b8e550 ("ALSA: hda: Allow model option to specify PCI SSID alias") Reported-by: kernel test robot <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Takashi Iwai <[email protected]>
2022-01-28Merge tag 'hwmon-for-v5.17-rc2' of ↵Linus Torvalds4-14/+18
git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull hwmon fixes from Guenter Roeck: - Fix crash in nct6775 driver - Prevent divide by zero in adt7470 driver - Fix conditional compile warning in pmbus/ir38064 driver - Various minor fixes in lm90 driver * tag 'hwmon-for-v5.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: hwmon: (nct6775) Fix crash in clear_caseopen hwmon: (adt7470) Prevent divide by zero in adt7470_fan_write() hwmon: (pmbus/ir38064) Mark ir38064_of_match as __maybe_unused hwmon: (lm90) Fix sysfs and udev notifications hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 hwmon: (lm90) Mark alert as broken for MAX6680 hwmon: (lm90) Mark alert as broken for MAX6654 hwmon: (lm90) Re-enable interrupts after alert clears hwmon: (lm90) Reduce maximum conversion rate for G781
2022-01-28Merge tag 'drm-fixes-2022-01-28' of git://anongit.freedesktop.org/drm/drmLinus Torvalds38-70/+307
Pull drm fixes from Dave Airlie: "This week's regular normal fixes. amdgpu and msm make up the bulk of it, with a scattering of fixes elsewhere. atomic: - fix CRTC handling during modeset privcy-screen: - honor acpi=off ttm: - build fix for um panel: - add orientation quirk for 1NetBook OneXPlayer amdgpu: - Proper fix for otg synchronization logic regression - DCN3.01 fixes - Filter out secondary radeon PCI IDs - udelay fixes - Fix a memory leak in an error path msm: - parameter check fixes - put_device balancing - idle/suspend fixes etnaviv: - relax submit size checks vc4: - fix potential deadlock in DSI code ast: - revert 1600x900 mode change" * tag 'drm-fixes-2022-01-28' of git://anongit.freedesktop.org/drm/drm: (25 commits) drm/privacy-screen: honor acpi=off in detect_thinkpad_privacy_screen Revert "drm/ast: Support 1600x900 with 108MHz PCLK" drm/amdgpu/display: Remove t_srx_delay_us. drm/amd/display: Wrap dcn301_calculate_wm_and_dlg for FPU. drm/amd/display: Fix FP start/end for dcn30_internal_validate_bw. drm/amd/display/dc/calcs/dce_calcs: Fix a memleak in calculate_bandwidth() drm/amdgpu/display: use msleep rather than udelay for long delays drm/amdgpu/display: adjust msleep limit in dp_wait_for_training_aux_rd_interval drm/amdgpu: filter out radeon secondary ids as well drm/amd/display: change FIFO reset condition to embedded display only drm/amd/display: Correct MPC split policy for DCN301 drm/amd/display: Fix for otg synchronization logic drm/etnaviv: relax submit size limits drm/msm/gpu: Cancel idle/boost work on suspend drm/msm/gpu: Wait for idle before suspending drm/atomic: Add the crtc to affected crtc only if uapi.enable = true drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable drm/msm/a6xx: Add missing suspend_count increment drm/msm: Fix wrong size calculation drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc ...
2022-01-28Merge tag 'amd-drm-fixes-5.17-2022-01-26' of ↵Dave Airlie22-41/+208
https://gitlab.freedesktop.org/agd5f/linux into drm-fixes amd-drm-fixes-5.17-2022-01-26: amdgpu: - Proper fix for otg synchronization logic regression - DCN3.01 fixes - Filter out secondary radeon PCI IDs - udelay fixes - Fix a memory leak in an error path Signed-off-by: Dave Airlie <[email protected]> From: Alex Deucher <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2022-01-28Merge branch 'etnaviv/fixes' of https://git.pengutronix.de/git/lst/linux ↵Dave Airlie1-2/+2
into drm-fixes - relax submit size checks. Signed-off-by: Dave Airlie <[email protected]> From: Lucas Stach <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2022-01-28Merge tag 'drm-msm-fixes-2022-01-25' of ↵Dave Airlie10-11/+70
https://gitlab.freedesktop.org/drm/msm into drm-fixes A few msm fixes. - parameter checks - put_device balancing - idle/suspend fixes Signed-off-by: Dave Airlie <[email protected]> From: Rob Clark <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/CAF6AEGvAfsgtr==VM4wixAC_hSTuV=eNWXxX=BhZqQrbxHjKgg@mail.gmail.com
2022-01-28Merge tag 'drm-misc-fixes-2022-01-27' of ↵Dave Airlie3-6/+11
git://anongit.freedesktop.org/drm/drm-misc into drm-fixes * drm/ast: Revert 1600x800 with 108MHz PCLK * drm/atomic: fix CRTC handling during modeset * drm/privacy-screen: Honor acpi=off * drm/ttm: build fix for ARCH=um Signed-off-by: Dave Airlie <[email protected]> From: Thomas Zimmermann <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2022-01-28Merge tag 'drm-misc-next-fixes-2022-01-21' of ↵Dave Airlie2-10/+16
git://anongit.freedesktop.org/drm/drm-misc into drm-fixes * vc4: Fix potential deadlock in DSI code * panel: Add orientation quirk for 1Netbook OneXPlayer Signed-off-by: Dave Airlie <[email protected]> From: Thomas Zimmermann <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/Yepuhj+Ks+IyJ9Dp@linux-uq9g
2022-01-27net: amd-xgbe: ensure to reset the tx_timer_active flagRaju Rangoju1-0/+2
Ensure to reset the tx_timer_active flag in xgbe_stop(), otherwise a port restart may result in tx timeout due to uncleared flag. Fixes: c635eaacbf77 ("amd-xgbe: Remove Tx coalescing") Co-developed-by: Sudheesh Mavila <[email protected]> Signed-off-by: Sudheesh Mavila <[email protected]> Signed-off-by: Raju Rangoju <[email protected]> Acked-by: Tom Lendacky <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Jakub Kicinski <[email protected]>
2022-01-27Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nfJakub Kicinski11-24/+249
Pablo Neira Ayuso says: ==================== Netfilter fixes for net 1) Remove leftovers from flowtable modules, from Geert Uytterhoeven. 2) Missing refcount increment of conntrack template in nft_ct, from Florian Westphal. 3) Reduce nft_zone selftest time, also from Florian. 4) Add selftest to cover stateless NAT on fragments, from Florian Westphal. 5) Do not set net_device when for reject packets from the bridge path, from Phil Sutter. 6) Cancel register tracking info on nft_byteorder operations. 7) Extend nft_concat_range selftest to cover set reload with no elements, from Florian Westphal. 8) Remove useless update of pointer in chain blob builder, reported by kbuild test robot. * git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf: netfilter: nf_tables: remove assignment with no effect in chain blob builder selftests: nft_concat_range: add test for reload with no element add/del netfilter: nft_byteorder: track register operations netfilter: nft_reject_bridge: Fix for missing reply from prerouting selftests: netfilter: check stateless nat udp checksum fixup selftests: netfilter: reduce zone stress test running time netfilter: nft_ct: fix use after free when attaching zone template netfilter: Remove flowtable relics ==================== Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Jakub Kicinski <[email protected]>
2022-01-27net: amd-xgbe: Fix skb data length underflowShyam Sundar S K1-1/+11
There will be BUG_ON() triggered in include/linux/skbuff.h leading to intermittent kernel panic, when the skb length underflow is detected. Fix this by dropping the packet if such length underflows are seen because of inconsistencies in the hardware descriptors. Fixes: 622c36f143fc ("amd-xgbe: Fix jumbo MTU processing on newer hardware") Suggested-by: Tom Lendacky <[email protected]> Signed-off-by: Shyam Sundar S K <[email protected]> Acked-by: Tom Lendacky <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Jakub Kicinski <[email protected]>
2022-01-27tracing: Don't inc err_log entry count if entry allocation failsTom Zanussi1-1/+2
tr->n_err_log_entries should only be increased if entry allocation succeeds. Doing it when it fails won't cause any problems other than wasting an entry, but should be fixed anyway. Link: https://lkml.kernel.org/r/cad1ab28f75968db0f466925e7cba5970cec6c29.1643319703.git.zanussi@kernel.org Cc: [email protected] Fixes: 2f754e771b1a6 ("tracing: Don't inc err_log entry count if entry allocation fails") Signed-off-by: Tom Zanussi <[email protected]> Signed-off-by: Steven Rostedt (Google) <[email protected]>
2022-01-27tracing: Propagate is_signed to expressionTom Zanussi1-0/+3
During expression parsing, a new expression field is created which should inherit the properties of the operands, such as size and is_signed. is_signed propagation was missing, causing spurious errors with signed operands. Add it in parse_expr() and parse_unary() to fix the problem. Link: https://lkml.kernel.org/r/f4dac08742fd7a0920bf80a73c6c44042f5eaa40.1643319703.git.zanussi@kernel.org Cc: [email protected] Fixes: 100719dcef447 ("tracing: Add simple expression support to hist triggers") Reported-by: Yordan Karadzhov <[email protected]> BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=215513 Signed-off-by: Tom Zanussi <[email protected]> Signed-off-by: Steven Rostedt (Google) <[email protected]>
2022-01-27tracing: Fix smatch warning for do while check in event_hist_trigger_parse()Tom Zanussi1-1/+1
The patch ec5ce0987541: "tracing: Allow whitespace to surround hist trigger filter" from Jan 15, 2018, leads to the following Smatch static checker warning: kernel/trace/trace_events_hist.c:6199 event_hist_trigger_parse() warn: 'p' can't be NULL. Since p is always checked for a NULL value at the top of loop and nothing in the rest of the loop will set it to NULL, the warning is correct and might as well be 1 to silence the warning. Link: https://lkml.kernel.org/r/a1d4c79766c0cf61e20438dc35244d216633fef6.1643319703.git.zanussi@kernel.org Fixes: ec5ce09875410 ("tracing: Allow whitespace to surround hist trigger filter") Reported-by: kernel test robot <[email protected]> Reported-by: Dan Carpenter <[email protected]> Signed-off-by: Tom Zanussi <[email protected]> Signed-off-by: Steven Rostedt (Google) <[email protected]>
2022-01-27tracing: Fix smatch warning for null glob in event_hist_trigger_parse()Tom Zanussi1-1/+3
The recent rename of event_hist_trigger_parse() caused smatch re-evaluation of trace_events_hist.c and as a result an old warning was found: kernel/trace/trace_events_hist.c:6174 event_hist_trigger_parse() error: we previously assumed 'glob' could be null (see line 6166) glob should never be null (and apparently smatch can also figure that out and skip the warning when using the cross-function DB (but which can't be used with a 0day build as it takes too much time to generate)). Nonetheless for clarity, remove the test but add a WARN_ON() in case the code ever changes. Link: https://lkml.kernel.org/r/96925e5c1f116654ada7ea0613d930b1266b5e1c.1643319703.git.zanussi@kernel.org Fixes: f404da6e1d46c ("tracing: Add 'last error' error facility for hist triggers") Reported-by: kernel test robot <[email protected]> Reported-by: Dan Carpenter <[email protected]> Signed-off-by: Tom Zanussi <[email protected]> Signed-off-by: Steven Rostedt (Google) <[email protected]>
2022-01-27tools/tracing: Update Makefile to build rtlaShuah Khan1-4/+14
Update tracing Makefile to build/install/clean rtla tragets. Link: https://lkml.kernel.org/r/[email protected] Reviewed-by: Daniel Bristot de Oliveira <[email protected]> Signed-off-by: Shuah Khan <[email protected]> Signed-off-by: Steven Rostedt (Google) <[email protected]>
2022-01-27rtla: Make doc build optionalShuah Khan1-1/+1
rtla build fails due to doc build dependency on rst2man. Make doc build optional so rtla could be built without docs. Leave the install dependency on doc_install alone. Link: https://lkml.kernel.org/r/[email protected] Acked-by: Daniel Bristot de Oliveira <[email protected]> Signed-off-by: Shuah Khan <[email protected]> Signed-off-by: Steven Rostedt (Google) <[email protected]>
2022-01-27tracing/perf: Avoid -Warray-bounds warning for __rel_loc macroKees Cook2-3/+4
As done for trace_events.h, also fix the __rel_loc macro in perf.h, which silences the -Warray-bounds warning: In file included from ./include/linux/string.h:253, from ./include/linux/bitmap.h:11, from ./include/linux/cpumask.h:12, from ./include/linux/mm_types_task.h:14, from ./include/linux/mm_types.h:5, from ./include/linux/buildid.h:5, from ./include/linux/module.h:14, from samples/trace_events/trace-events-sample.c:2: In function '__fortify_strcpy', inlined from 'perf_trace_foo_rel_loc' at samples/trace_events/./trace-events-sample.h:519:1: ./include/linux/fortify-string.h:47:33: warning: '__builtin_strcpy' offset 12 is out of the bounds [ 0, 4] [-Warray-bounds] 47 | #define __underlying_strcpy __builtin_strcpy | ^ ./include/linux/fortify-string.h:445:24: note: in expansion of macro '__underlying_strcpy' 445 | return __underlying_strcpy(p, q); | ^~~~~~~~~~~~~~~~~~~ Also make __data struct member a proper flexible array to avoid future problems. Link: https://lkml.kernel.org/r/[email protected] Cc: Steven Rostedt <[email protected]> Cc: Masami Hiramatsu <[email protected]> Fixes: 55de2c0b5610c ("tracing: Add '__rel_loc' using trace event macros") Reported-by: Stephen Rothwell <[email protected]> Signed-off-by: Kees Cook <[email protected]> Signed-off-by: Steven Rostedt (Google) <[email protected]>
2022-01-27tracing: Avoid -Warray-bounds warning for __rel_loc macroMasami Hiramatsu1-3/+4
Since -Warray-bounds checks the destination size from the type of given pointer, __assign_rel_str() macro gets warned because it passes the pointer to the 'u32' field instead of 'trace_event_raw_*' data structure. Pass the data address calculated from the 'trace_event_raw_*' instead of 'u32' __rel_loc field. Link: https://lkml.kernel.org/r/[email protected] Cc: Stephen Rothwell <[email protected]> Cc: Kees Cook <[email protected]> Signed-off-by: Masami Hiramatsu <[email protected]> [ This did not fix the warning, but is still a nice clean up ] Signed-off-by: Steven Rostedt (Google) <[email protected]>
2022-01-27tracing/histogram: Fix a potential memory leak for kstrdup()Xiaoke Wang1-0/+1
kfree() is missing on an error path to free the memory allocated by kstrdup(): p = param = kstrdup(data->params[i], GFP_KERNEL); So it is better to free it via kfree(p). Link: https://lkml.kernel.org/r/[email protected] Cc: [email protected] Fixes: d380dcde9a07c ("tracing: Fix now invalid var_ref_vals assumption in trace action") Signed-off-by: Xiaoke Wang <[email protected]> Signed-off-by: Steven Rostedt (Google) <[email protected]>
2022-01-27ftrace: Have architectures opt-in for mcount build time sortingSteven Rostedt (Google)4-2/+10
First S390 complained that the sorting of the mcount sections at build time caused the kernel to crash on their architecture. Now PowerPC is complaining about it too. And also ARM64 appears to be having issues. It may be necessary to also update the relocation table for the values in the mcount table. Not only do we have to sort the table, but also update the relocations that may be applied to the items in the table. If the system is not relocatable, then it is fine to sort, but if it is, some architectures may have issues (although x86 does not as it shifts all addresses the same). Add a HAVE_BUILDTIME_MCOUNT_SORT that an architecture can set to say it is safe to do the sorting at build time. Also update the config to compile in build time sorting in the sorttable code in scripts/ to depend on CONFIG_BUILDTIME_MCOUNT_SORT. Link: https://lore.kernel.org/all/[email protected]/ Link: https://lkml.kernel.org/r/[email protected] Cc: Ingo Molnar <[email protected]> Cc: Andrew Morton <[email protected]> Cc: Russell King <[email protected]> Cc: Yinan Liu <[email protected]> Cc: Ard Biesheuvel <[email protected]> Cc: Kees Cook <[email protected]> Reported-by: Sachin Sant <[email protected]> Reviewed-by: Mark Rutland <[email protected]> Tested-by: Mark Rutland <[email protected]> [arm64] Tested-by: Sachin Sant <[email protected]> Fixes: 72b3942a173c ("scripts: ftrace - move the sort-processing in ftrace_init") Signed-off-by: Steven Rostedt (Google) <[email protected]>
2022-01-27selftests: skip mincore.check_file_mmap when fs lacks needed supportCristian Marussi1-6/+14
Report mincore.check_file_mmap as SKIP instead of FAIL if the underlying filesystem lacks support of O_TMPFILE or fallocate since such failures are not really related to mincore functionality. Cc: Ricardo Cañuelo <[email protected]> Signed-off-by: Cristian Marussi <[email protected]> Signed-off-by: Shuah Khan <[email protected]>
2022-01-27selftests: openat2: Skip testcases that fail with EOPNOTSUPPCristian Marussi1-1/+11
Skip testcases that fail since the requested valid flags combination is not supported by the underlying filesystem. Cc: Aleksa Sarai <[email protected]> Signed-off-by: Cristian Marussi <[email protected]> Signed-off-by: Shuah Khan <[email protected]>
2022-01-27selftests: openat2: Add missing dependency in MakefileCristian Marussi2-1/+2
Add a dependency on header helpers.h to the main target; while at that add to helpers.h also a missing include for bool types. Cc: Aleksa Sarai <[email protected]> Signed-off-by: Cristian Marussi <[email protected]> Signed-off-by: Shuah Khan <[email protected]>
2022-01-27selftests: openat2: Print also errno in failure messagesCristian Marussi1-5/+6
In E_func() macro, on error, print also errno in order to aid debugging. Cc: Aleksa Sarai <[email protected]> Signed-off-by: Cristian Marussi <[email protected]> Signed-off-by: Shuah Khan <[email protected]>
2022-01-27selftests: futex: Use variable MAKE instead of makeMuhammad Usama Anjum1-2/+2
Recursive make commands should always use the variable MAKE, not the explicit command name ‘make’. This has benefits and removes the following warning when multiple jobs are used for the build: make[2]: warning: jobserver unavailable: using -j1. Add '+' to parent make rule. Fixes: a8ba798bc8ec ("selftests: enable O and KBUILD_OUTPUT") Signed-off-by: Muhammad Usama Anjum <[email protected]> Reviewed-by: André Almeida <[email protected]> Signed-off-by: Shuah Khan <[email protected]>
2022-01-27drm/kmb: Fix for build errors with Warray-boundsAnitha Chrisanthus1-6/+0
This fixes the following build error drivers/gpu/drm/kmb/kmb_plane.c: In function 'kmb_plane_atomic_disable': drivers/gpu/drm/kmb/kmb_plane.c:165:34: error: array subscript 3 is above array bounds of 'struct layer_status[2]' [-Werror=array-bounds] 165 | kmb->plane_status[plane_id].ctrl = LCD_CTRL_GL2_ENABLE; | ~~~~~~~~~~~~~~~~~^~~~~~~~~~ In file included from drivers/gpu/drm/kmb/kmb_plane.c:17: drivers/gpu/drm/kmb/kmb_drv.h:61:41: note: while referencing 'plane_status' 61 | struct layer_status plane_status[KMB_MAX_PLANES]; | ^~~~~~~~~~~~ drivers/gpu/drm/kmb/kmb_plane.c:162:34: error: array subscript 2 is above array bounds of 'struct layer_status[2]' [-Werror=array-bounds] 162 | kmb->plane_status[plane_id].ctrl = LCD_CTRL_GL1_ENABLE; | ~~~~~~~~~~~~~~~~~^~~~~~~~~~ In file included from drivers/gpu/drm/kmb/kmb_plane.c:17: drivers/gpu/drm/kmb/kmb_drv.h:61:41: note: while referencing 'plane_status' 61 | struct layer_status plane_status[KMB_MAX_PLANES]; | ^~~~~~~~~~~~ Fixes: 7f7b96a8a0a1 ("drm/kmb: Add support for KeemBay Display") Signed-off-by: Anitha Chrisanthus <[email protected]> Reviewed-by: Kees Cook <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]