| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
there is a chance that always get response CRC error after HS200 tuning,
the reason is that need set CMD_TA to 2. this modification is only for
MT8173.
Signed-off-by: Chaotian Jing <[email protected]>
Tested-by: Hsin-Yi Wang <[email protected]>
Cc: [email protected]
Fixes: 1ede5cb88a29 ("mmc: mediatek: Use data tune for CMD line tune")
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Ulf Hansson <[email protected]>
|
|
The DDR_CONFIG register offset got updated after a specific
minor version of sdcc V4. This offset change has not been properly
taken care of while updating register changes for sdcc V5.
Correcting proper offset for this register.
Also updating this register value to reflect the recommended RCLK
delay.
Signed-off-by: Veerabhadrarao Badiganti <[email protected]>
Link: https://lore.kernel.org/r/0101016ea738ec72-fa0f852d-20f8-474a-80b2-4b0ef63b132c-000000@us-west-2.amazonses.com
Fixes: f15358885dda ("mmc: sdhci-msm: Define new Register address map")
Cc: [email protected]
Signed-off-by: Ulf Hansson <[email protected]>
|
|
This reverts commit c894e33ddc1910e14d6f2a2016f60ab613fd8b37.
This commit aims to treat SD High speed and SDR25 as the same while
setting UHS Timings in HOST_CONTROL2 which leads to failures with some
SD cards in AM65x. Revert this commit.
The issue this commit was trying to fix can be implemented in a platform
specific callback instead of common sdhci code.
Cc: <[email protected]>
Signed-off-by: Faiz Abbas <[email protected]>
Acked-by: Adrian Hunter <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Ulf Hansson <[email protected]>
|
|
JZ4760 support was added in parallel of the previous patch so this one
slipped through. The first SoC to use the new register is the JZ4760 and
not the JZ4770, fix it here.
Fixes: 7009d046a601 ("pinctrl: ingenic: Handle PIN_CONFIG_OUTPUT config")
Signed-off-by: Paul Cercueil <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
[Folded into OF dependency]
Signed-off-by: Linus Walleij <[email protected]>
|
|
The TGL workaround database no longer shows Wa #1178 (or anything
similar under different workaround names/numbers) so we should be able
to drop it. In fact Swati just discovered that applying this workaround
is the root cause of some power well enable failures we've been seeing
in CI (gitlab issue 498).
Once we stop applying this WA, TGL no longer utilizes any of the special
handling provided by icl_combo_phy_aux_power_well_ops so we can just
drop back to using the standard hsw-style power well ops instead.
v3: Drop now-unused _TGL_AUX_ANAOVRD1_C definition too. (Lucas)
Closes: https://gitlab.freedesktop.org/drm/intel/issues/498
Fixes: deea06b47574 ("drm/i915/tgl: apply Display WA #1178 to fix type C dongles")
Cc: Lucas De Marchi <[email protected]>
Cc: Swati Sharma <[email protected]>
Cc: Imre Deak <[email protected]>
Signed-off-by: Matt Roper <[email protected]>
Reviewed-by: Lucas De Marchi <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
(cherry picked from commit ab3402581d0fa58e63e36875995f43ab02b4d0a0)
Signed-off-by: Joonas Lahtinen <[email protected]>
|
|
Outputs C and D on EHL are combo PHY outputs and thus should not be
using the same TC AUX power well handlers as ICL. And even though
icl_combo_phy_aux_power_well_ops works okay for EHL/JSL combo PHYs none
of its special handling is actually necessary for this platform:
* EHL/JSL don't actually need to program PORT_CL_DW12
* Display WA #1178 does not apply to EHL/JSL
Thus we can simply drop back to using our standard "hsw-style" power
well ops for EHL AUX power wells.
Bspec: 4301
Fixes: f722b8c1e2a2 ("drm/i915/ehl: All EHL ports are combo phys")
Cc: Jose Souza <[email protected]>
Cc: Bob Paauwe <[email protected]>
Cc: Vivek Kasireddy <[email protected]>
Cc: Lucas De Marchi <[email protected]>
Signed-off-by: Matt Roper <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
Reviewed-by: Lucas De Marchi <[email protected]>
(cherry picked from commit e8ab8d669d046a8e9b07707d2f00b9ba3e25d0ae)
Signed-off-by: Joonas Lahtinen <[email protected]>
|
|
Since dma_fence_init may call ops (because of a meaningless
trace_dma_fence), we need to set the worker ops prior to that call.
Reported-by: Vince Weaver <[email protected]>
Fixes: 8e458fe2ee05 ("drm/i915: Generalise the clflush dma-worker")
Signed-off-by: Chris Wilson <[email protected]>
Cc: Matthew Auld <[email protected]>
Cc: Vince Weaver <[email protected]>
Reviewed-by: Matthew Auld <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
(cherry picked from commit 1bc9865d8df3e1c6857a27c4b2b8a9ce8f027349)
Signed-off-by: Joonas Lahtinen <[email protected]>
|
|
We want the bonded request to have the same scheduler properties as its
master so that it is placed at the same depth in the queue. For example,
consider we have requests A, B and B', where B & B' are a bonded pair to
run in parallel on two engines.
A -> B
\- B'
B will run after A and so may be scheduled on an idle engine and wait on
A using a semaphore. B' sees B being executed and so enters the queue on
the same engine as A. As B' did not inherit the semaphore-chain from B,
it may have higher precedence than A and so preempts execution. However,
B' then sits on a semaphore waiting for B, who is waiting for A, who is
blocked by B.
Ergo B' needs to inherit the scheduler properties from B (i.e. the
semaphore chain) so that it is scheduled with the same priority as B and
will not be executed ahead of Bs dependencies.
Furthermore, to prevent the priorities changing via the expose fence on
B', we need to couple in the dependencies for PI. This requires us to
relax our sanity-checks that dependencies are strictly in order.
v2: Synchronise (B, B') execution on all platforms, regardless of using
a scheduler, any no-op syncs should be elided.
Fixes: ee1136908e9b ("drm/i915/execlists: Virtual engine bonding")
Closes: https://gitlab.freedesktop.org/drm/intel/issues/464
Testcase: igt/gem_exec_balancer/bonded-chain
Testcase: igt/gem_exec_balancer/bonded-semaphore
Signed-off-by: Chris Wilson <[email protected]>
Cc: Tvrtko Ursulin <[email protected]>
Reviewed-by: Tvrtko Ursulin <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
(cherry picked from commit c81471f5e95c79c55687282ff6800f112b5d560b)
Signed-off-by: Joonas Lahtinen <[email protected]>
|
|
As the current usage is restricted to first DSB instance per pipe, so
existing code could not catch the issue to calculate the mmio offset
of different DSB instance per pipe. Corrected the offset calculation.
Fixes: a6e58d9a2e04 ("drm/i915/dsb: Check DSB engine status.")
Signed-off-by: Animesh Manna <[email protected]>
Reviewed-by: Anshuman Gupta <[email protected]>
Signed-off-by: Jani Nikula <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
(cherry picked from commit d04a661a2c7169b48782aa5e9d85d4b4383d562e)
Signed-off-by: Joonas Lahtinen <[email protected]>
|
|
In rfkill_register, the struct rfkill pointer is first derefernced
and then checked for NULL. This patch removes the BUG_ON and returns
an error to the caller in case rfkill is NULL.
Signed-off-by: Aditya Pakki <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Johannes Berg <[email protected]>
|
|
git://people.freedesktop.org/~gabbayo/linux into char-misc-linus
Oded writes:
This tag contains the following fixes:
- change dev_err to dev_err_ratelimited in hl_cs_wait_ioctl() as this can
be called by the user multiple times and can spam the kernel log.
- Eliminate GCC warnings by removing unused variables.
* tag 'misc-habanalabs-fixes-2019-12-14' of git://people.freedesktop.org/~gabbayo/linux:
habanalabs: remove variable 'val' set but not used
habanalabs: rate limit error msg on waiting for CS
|
|
If we have to punt the recvmsg to async context, we copy all the
context. But since the iovec used can be either on-stack (if small) or
dynamically allocated, if it's on-stack, then we need to ensure we reset
the iov pointer. If we don't, then we're reusing old stack data, and
that can lead to -EFAULTs if things get overwritten.
Ensure we retain the right pointers for the iov, and free it as well if
we end up having to go beyond UIO_FASTIOV number of vectors.
Fixes: 03b1230ca12a ("io_uring: ensure async punted sendmsg/recvmsg requests copy data")
Reported-by: 李通洲 <[email protected]>
Signed-off-by: Jens Axboe <[email protected]>
|
|
commit 781fa0a95424 ("ARM: bcm: Add support for BCM2711 SoC")
breaks boot of many other platforms (e.g. OMAP or i.MX6) if
CONFIG_ARCH_BCM2835 is enabled in addition to some multiplatform
config (e.g. omap2plus_defconfig). The symptom is that the OMAP
based board does not show any activity beyond "Starting Kernel ..."
even with earlycon.
Reverting the mentioned commit makes it work again.
The real fix is to add the missing NULL sentinel to the
bcm2711_compat[] variable-length array.
Fixes: 781fa0a95424 ("ARM: bcm: Add support for BCM2711 SoC")
Acked-by: Stefan Wahren <[email protected]>
Signed-off-by: H. Nikolaus Schaller <[email protected]>
Signed-off-by: Florian Fainelli <[email protected]>
|
|
|
|
Pull rdma fixes from Doug Ledford:
"A small collection of -rc fixes. Mostly. One API addition, but that's
because we wanted to use it in a fix. There's also a bug fix that is
going to render the 5.5 kernel's soft-RoCE driver incompatible with
all soft-RoCE versions prior, but it's required to actually implement
the protocol according to the RoCE spec and required in order for the
soft-RoCE driver to be able to successfully work with actual RoCE
hardware.
Summary:
- Update Steve Wise info
- Fix for soft-RoCE crc calculations (will break back compatibility,
but only with the soft-RoCE driver, which has had this bug since it
was introduced and it is an on-the-wire bug, but will make
soft-RoCE fully compatible with real RoCE hardware)
- cma init fixup
- counters oops fix
- fix for mlx4 init/teardown sequence
- fix for mkx5 steering rules
- introduce a cleanup API, which isn't a fix, but we want to use it
in the next fix
- fix for mlx5 memory management that uses API in previous patch"
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
IB/mlx5: Fix device memory flows
IB/core: Introduce rdma_user_mmap_entry_insert_range() API
IB/mlx5: Fix steering rule of drop and count
IB/mlx4: Follow mirror sequence of device add during device removal
RDMA/counter: Prevent auto-binding a QP which are not tracked with res
rxe: correctly calculate iCRC for unaligned payloads
Update mailmap info for Steve Wise
RDMA/cma: add missed unregister_pernet_subsys in init failure
|
|
- Fix a few typos found while reading the code.
- Fix stale io_get_sqring comment referencing s->sqe, the 's' parameter
was renamed to 'req', but the comment still holds.
Signed-off-by: Brian Gianforcaro <[email protected]>
Signed-off-by: Jens Axboe <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux
Pull RISC-V fixes from Paul Walmsley:
"Two minor build fixes:
- Fix builds of the ELF loader when built with 'make -j1' (nommu
only)
- Fix CONFIG_SOC_SIFIVE builds when CONFIG_TTY is disabled (found
during randconfig testing)"
* tag 'riscv/for-v5.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
riscv: only select serial sifive if TTY is enabled
riscv: Fix build dependency for loader
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip
Pull xen fixes from Juergen Gross:
"Two fixes: one for a resource accounting bug in some configurations
and a fix for another patch which went into rc1"
* tag 'for-linus-5.5b-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
xen/balloon: fix ballooned page accounting without hotplug enabled
xen-blkback: prevent premature module unload
|
|
compilation failed with:
MODPOST vmlinux.o
WARNING: vmlinux.o(.text.unlikely+0xa0c): Section mismatch in reference from the function walk_lower_bus() to the function .init.text:walk_native_bus()
The function walk_lower_bus() references
the function __init walk_native_bus().
This is often because walk_lower_bus lacks a __init
annotation or the annotation of walk_native_bus is wrong.
FATAL: modpost: Section mismatches detected.
Set CONFIG_SECTION_MISMATCH_WARN_ONLY=y to allow them.
make[2]: *** [/home/svens/linux/parisc-linux/src/scripts/Makefile.modpost:64: __modpost] Error 1
make[1]: *** [/home/svens/linux/parisc-linux/src/Makefile:1077: vmlinux] Error 2
make[1]: Leaving directory '/home/svens/linux/parisc-linux/build'
make: *** [Makefile:179: sub-make] Error 2
Signed-off-by: Sven Schnelle <[email protected]>
Signed-off-by: Helge Deller <[email protected]>
|
|
Fix compilation when the CONFIG_KEXEC_FILE=y and
CONFIG_KEXEC=n.
Reported-by: kbuild test robot <[email protected]>
Signed-off-by: Sven Schnelle <[email protected]>
Signed-off-by: Helge Deller <[email protected]>
|
|
In function xenvif_disconnect_queue(), the value of queue->rx_irq is
zeroed *before* queue->task is stopped. Unfortunately that task may call
notify_remote_via_irq(queue->rx_irq) and calling that function with a
zero value results in a NULL pointer dereference in evtchn_from_irq().
This patch simply re-orders things, stopping all tasks before zero-ing the
irq values, thereby avoiding the possibility of the race.
Fixes: 2ac061ce97f4 ("xen/netback: cleanup init and deinit code")
Signed-off-by: Paul Durrant <[email protected]>
Acked-by: Wei Liu <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/brodo/linux
Pull ksys_mount() and ksys_dup() removal from Dominik Brodowski:
"This small series replaces all in-kernel calls to the
userspace-focused ksys_mount() and ksys_dup() with calls to
kernel-centric functions:
For each replacement of ksys_mount() with do_mount(), one needs to
verify that the first and third parameter (char *dev_name, char *type)
are strings allocated in kernelspace and that the fifth parameter
(void *data) is either NULL or refers to a full page (only occurence
in init/do_mounts.c::do_mount_root()). The second and fourth
parameters (char *dir_name, unsigned long flags) are passed by
ksys_mount() to do_mount() unchanged, and therefore do not require
particular care.
Moreover, instead of pretending to be userspace, the opening of
/dev/console as stdin/stdout/stderr can be implemented using in-kernel
functions as well. Thereby, ksys_dup() can be removed for good"
[ This doesn't get rid of the special "kernel init runs with KERNEL_DS"
case, but it at least removes _some_ of the users of "treat kernel
pointers as user pointers for our magical init sequence".
One day we'll hopefully be rid of it all, and can initialize our
init_thread addr_limit to USER_DS. - Linus ]
* 'remove-ksys-mount-dup' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/linux:
fs: remove ksys_dup()
init: unify opening /dev/console as stdin/stdout/stderr
init: use do_mount() instead of ksys_mount()
initrd: use do_mount() instead of ksys_mount()
devtmpfs: use do_mount() instead of ksys_mount()
|
|
Display the return code as decimal integer.
Fixes: 55d7de9de6c3 ("Microchip's LAN7800 family USB 2/3 to 10/100/1000 Ethernet device driver")
Signed-off-by: Cristian Birsan <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
|
|
The sge_info debugfs collects offload queue info even when offload
capability is disabled and leads to panic.
[ 144.139871] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 144.139874] CR2: 0000000000000000 CR3: 000000082d456005 CR4: 00000000001606e0
[ 144.139876] Call Trace:
[ 144.139887] sge_queue_start+0x12/0x30 [cxgb4]
[ 144.139897] seq_read+0x1d4/0x3d0
[ 144.139906] full_proxy_read+0x50/0x70
[ 144.139913] vfs_read+0x89/0x140
[ 144.139916] ksys_read+0x55/0xd0
[ 144.139924] do_syscall_64+0x5b/0x1d0
[ 144.139933] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 144.139936] RIP: 0033:0x7f4b01493990
Fix this crash by skipping the offload queue access in sge_qinfo when
offload capability is disabled
Signed-off-by: Herat Ramani <[email protected]>
Signed-off-by: Vishal Kulkarni <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
|
|
FASTOPEN setsockopt() or sendmsg() may switch the SMC socket to fallback
mode. Once fallback mode is active, the native TCP socket functions are
called. Nevertheless there is a small race window, when FASTOPEN
setsockopt/sendmsg runs in parallel to a connect(), and switch the
socket into fallback mode before connect() takes the sock lock.
Make sure the SMC-specific connect setup is omitted in this case.
This way a syzbot-reported refcount problem is fixed, triggered by
different threads running non-blocking connect() and FASTOPEN_KEY
setsockopt.
Reported-by: [email protected]
Fixes: 6d6dd528d5af ("net/smc: fix refcount non-blocking connect() -part 2")
Signed-off-by: Ursula Braun <[email protected]>
Signed-off-by: Karsten Graul <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
|
|
A mismerge between the following two commits:
c678726305b9 ("net: phylink: ensure consistent phy interface mode")
27755ff88c0e ("net: phylink: Add phylink_mac_link_{up, down} wrapper functions")
resulted in the wrong interface being passed to the mac_link_up()
function. Fix this up.
Fixes: b4b12b0d2f02 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net")
Signed-off-by: Russell King <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
|
|
This test only works when [1] is applied, which was rejected.
Basically, the errors are reported and cleared. In this particular case of
tls sockets, following reads will block.
The test case was originally submitted with the rejected patch, but, then,
was included as part of a different patchset, possibly by mistake.
[1] https://lore.kernel.org/netdev/[email protected]/#t
Thanks Paolo Pisati for pointing out the original patchset where this
appeared.
Fixes: 65190f77424d (selftests/tls: add a test for fragmented messages)
Reported-by: Paolo Pisati <[email protected]>
Signed-off-by: Thadeu Lima de Souza Cascardo <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
|
|
Taehee Yoo says:
====================
gtp: fix several bugs in gtp module
This patchset fixes several bugs in the GTP module.
1. Do not allow adding duplicate TID and ms_addr pdp context.
In the current code, duplicate TID and ms_addr pdp context could be added.
So, RX and TX path could find correct pdp context.
2. Fix wrong condition in ->dumpit() callback.
->dumpit() callback is re-called if dump packet size is too big.
So, before return, it saves last position and then restart from
last dump position.
TID value is used to find last dump position.
GTP module allows adding zero TID value. But ->dumpit() callback ignores
zero TID value.
So, dump would not work correctly if dump packet size too big.
3. Fix use-after-free in ipv4_pdp_find().
RX and TX patch always uses gtp->tid_hash and gtp->addr_hash.
but while packet processing, these hash pointer would be freed.
So, use-after-free would occur.
4. Fix panic because of zero size hashtable
GTP hashtable size could be set by user-space.
If hashsize is set to 0, hashtable will not work and panic will occur.
====================
Signed-off-by: Jakub Kicinski <[email protected]>
|
|
GTP default hashtable size is 1024 and userspace could set specific
hashtable size with IFLA_GTP_PDP_HASHSIZE. If hashtable size is set to 0
from userspace, hashtable will not work and panic will occur.
Fixes: 459aa660eb1d ("gtp: add initial driver for datapath of GPRS Tunneling Protocol (GTP-U)")
Signed-off-by: Taehee Yoo <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
|
|
ipv4_pdp_find() is called in TX packet path of GTP.
ipv4_pdp_find() internally uses gtp->tid_hash to lookup pdp context.
In the current code, gtp->tid_hash and gtp->addr_hash are freed by
->dellink(), which is gtp_dellink().
But gtp_dellink() would be called while packets are processing.
So, gtp_dellink() should not free gtp->tid_hash and gtp->addr_hash.
Instead, dev->priv_destructor() would be used because this callback
is called after all packet processing safely.
Test commands:
ip link add veth1 type veth peer name veth2
ip a a 172.0.0.1/24 dev veth1
ip link set veth1 up
ip a a 172.99.0.1/32 dev lo
gtp-link add gtp1 &
gtp-tunnel add gtp1 v1 200 100 172.99.0.2 172.0.0.2
ip r a 172.99.0.2/32 dev gtp1
ip link set gtp1 mtu 1500
ip netns add ns2
ip link set veth2 netns ns2
ip netns exec ns2 ip a a 172.0.0.2/24 dev veth2
ip netns exec ns2 ip link set veth2 up
ip netns exec ns2 ip a a 172.99.0.2/32 dev lo
ip netns exec ns2 ip link set lo up
ip netns exec ns2 gtp-link add gtp2 &
ip netns exec ns2 gtp-tunnel add gtp2 v1 100 200 172.99.0.1 172.0.0.1
ip netns exec ns2 ip r a 172.99.0.1/32 dev gtp2
ip netns exec ns2 ip link set gtp2 mtu 1500
hping3 172.99.0.2 -2 --flood &
ip link del gtp1
Splat looks like:
[ 72.568081][ T1195] BUG: KASAN: use-after-free in ipv4_pdp_find.isra.12+0x130/0x170 [gtp]
[ 72.568916][ T1195] Read of size 8 at addr ffff8880b9a35d28 by task hping3/1195
[ 72.569631][ T1195]
[ 72.569861][ T1195] CPU: 2 PID: 1195 Comm: hping3 Not tainted 5.5.0-rc1 #199
[ 72.570547][ T1195] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[ 72.571438][ T1195] Call Trace:
[ 72.571764][ T1195] dump_stack+0x96/0xdb
[ 72.572171][ T1195] ? ipv4_pdp_find.isra.12+0x130/0x170 [gtp]
[ 72.572761][ T1195] print_address_description.constprop.5+0x1be/0x360
[ 72.573400][ T1195] ? ipv4_pdp_find.isra.12+0x130/0x170 [gtp]
[ 72.573971][ T1195] ? ipv4_pdp_find.isra.12+0x130/0x170 [gtp]
[ 72.574544][ T1195] __kasan_report+0x12a/0x16f
[ 72.575014][ T1195] ? ipv4_pdp_find.isra.12+0x130/0x170 [gtp]
[ 72.575593][ T1195] kasan_report+0xe/0x20
[ 72.576004][ T1195] ipv4_pdp_find.isra.12+0x130/0x170 [gtp]
[ 72.576577][ T1195] gtp_build_skb_ip4+0x199/0x1420 [gtp]
[ ... ]
[ 72.647671][ T1195] BUG: unable to handle page fault for address: ffff8880b9a35d28
[ 72.648512][ T1195] #PF: supervisor read access in kernel mode
[ 72.649158][ T1195] #PF: error_code(0x0000) - not-present page
[ 72.649849][ T1195] PGD a6c01067 P4D a6c01067 PUD 11fb07067 PMD 11f939067 PTE 800fffff465ca060
[ 72.652958][ T1195] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI
[ 72.653834][ T1195] CPU: 2 PID: 1195 Comm: hping3 Tainted: G B 5.5.0-rc1 #199
[ 72.668062][ T1195] RIP: 0010:ipv4_pdp_find.isra.12+0x86/0x170 [gtp]
[ ... ]
[ 72.679168][ T1195] Call Trace:
[ 72.679603][ T1195] gtp_build_skb_ip4+0x199/0x1420 [gtp]
[ 72.681915][ T1195] ? ipv4_pdp_find.isra.12+0x170/0x170 [gtp]
[ 72.682513][ T1195] ? lock_acquire+0x164/0x3b0
[ 72.682966][ T1195] ? gtp_dev_xmit+0x35e/0x890 [gtp]
[ 72.683481][ T1195] gtp_dev_xmit+0x3c2/0x890 [gtp]
[ ... ]
Fixes: 459aa660eb1d ("gtp: add initial driver for datapath of GPRS Tunneling Protocol (GTP-U)")
Signed-off-by: Taehee Yoo <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
|
|
gtp_genl_dump_pdp() is ->dumpit() callback of GTP module and it is used
to dump pdp contexts. it would be re-executed because of dump packet size.
If dump packet size is too big, it saves current dump pointer
(gtp interface pointer, bucket, TID value) then it restarts dump from
last pointer.
Current GTP code allows adding zero TID pdp context but dump code
ignores zero TID value. So, last dump pointer will not be found.
In addition, this patch adds missing rcu_read_lock() in
gtp_genl_dump_pdp().
Fixes: 459aa660eb1d ("gtp: add initial driver for datapath of GPRS Tunneling Protocol (GTP-U)")
Signed-off-by: Taehee Yoo <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
|
|
GTP RX packet path lookups pdp context with TID. If duplicate TID pdp
contexts are existing in the list, it couldn't select correct pdp context.
So, TID value should be unique.
GTP TX packet path lookups pdp context with ms_addr. If duplicate ms_addr pdp
contexts are existing in the list, it couldn't select correct pdp context.
So, ms_addr value should be unique.
Fixes: 459aa660eb1d ("gtp: add initial driver for datapath of GPRS Tunneling Protocol (GTP-U)")
Signed-off-by: Taehee Yoo <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
|
|
After the recent fix in commit 1899bb325149 ("bonding: fix state
transition issue in link monitoring"), the active-backup mode with
miimon initially come-up fine but after a link-failure, both members
transition into backup state.
Following steps to reproduce the scenario (eth1 and eth2 are the
slaves of the bond):
ip link set eth1 up
ip link set eth2 down
sleep 1
ip link set eth2 up
ip link set eth1 down
cat /sys/class/net/eth1/bonding_slave/state
cat /sys/class/net/eth2/bonding_slave/state
Fixes: 1899bb325149 ("bonding: fix state transition issue in link monitoring")
CC: Jay Vosburgh <[email protected]>
Signed-off-by: Mahesh Bandewar <[email protected]>
Acked-by: Jay Vosburgh <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux
Pull fall through fix from Gustavo Silva:
"Fix compile error on sh by marking expected switch fall-through"
* tag 'Wimplicit-fallthrough-5.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux:
sh: kgdb: Mark expected switch fall-throughs
|
|
Manish Chopra says:
====================
bnx2x: bug fixes
This series has two driver changes, one to fix some unexpected
hardware behaviour casued during the parity error recovery in
presence of SR-IOV VFs and another one related for fixing resource
management in the driver among the PFs configured on an engine.
Please consider applying it to "net".
V1->V2:
=======
Fix the compilation errors reported by kbuild test robot
on the patch #1 with CONFIG_BNX2X_SRIOV=n
====================
Signed-off-by: Jakub Kicinski <[email protected]>
|
|
Driver doesn't calculate total number of PFs configured on a
given engine correctly which messed up resources in the PFs
loaded on that engine, leading driver to exceed configuration
of resources (like vlan filters etc.) beyond the limit per
engine, which ended up with asserts from the firmware.
Signed-off-by: Manish Chopra <[email protected]>
Signed-off-by: Ariel Elior <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
|
|
Parity error from the hardware will cause PF to lose the state
of their VFs due to PF's internal reload and hardware reset following
the parity error. Restrict any configuration request from the VFs after
the parity as it could cause unexpected hardware behavior, only way
for VFs to recover would be to trigger FLR on VFs and reload them.
Signed-off-by: Manish Chopra <[email protected]>
Signed-off-by: Ariel Elior <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"24 fixes, all in drivers. The lion's share (16) are qla2xxx and the
rest are iscsi (3), ufs (2), smarpqi, lpfc and libsas"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (24 commits)
scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func
scsi: iscsi: Fix a potential deadlock in the timeout handler
scsi: smartpqi: Update attribute name to `driver_version`
scsi: libsas: stop discovering if oob mode is disconnected
scsi: ufs: Disable autohibern8 feature in Cadence UFS
scsi: iscsi: qla4xxx: fix double free in probe
scsi: ufs: Give an unique ID to each ufs-bsg
scsi: qla2xxx: Add debug dump of LOGO payload and ELS IOCB
scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI
scsi: qla2xxx: Don't defer relogin unconditonally
scsi: qla2xxx: Send Notify ACK after N2N PLOGI
scsi: qla2xxx: Configure local loop for N2N target
scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length
scsi: qla2xxx: Don't call qlt_async_event twice
scsi: qla2xxx: Allow PLOGI in target mode
scsi: qla2xxx: Change discovery state before PLOGI
scsi: qla2xxx: Drop superfluous INIT_WORK of del_work
scsi: qla2xxx: Initialize free_work before flushing it
scsi: qla2xxx: Use explicit LOGO in target mode
scsi: qla2xxx: Ignore NULL pointer in tcm_qla2xxx_free_mcmd
...
|
|
Without the common part of the driver, the new file fails to link:
drivers/net/ethernet/ti/cpsw_new.o: In function `cpsw_probe':
cpsw_new.c:(.text+0x312c): undefined reference to `ti_cm_get_macid'
Use the same Makefile hack as before, and build cpsw-common.o for
any driver that needs it.
Fixes: ed3525eda4c4 ("net: ethernet: ti: introduce cpsw switchdev based driver part 1 - dual-emac")
Signed-off-by: Arnd Bergmann <[email protected]>
Reviewed-by: Grygorii Strashko <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
|
|
The new driver misses a dependency:
drivers/net/ethernet/ti/cpsw_new.o: In function `cpsw_rx_handler':
cpsw_new.c:(.text+0x259c): undefined reference to `__page_pool_put_page'
cpsw_new.c:(.text+0x25d0): undefined reference to `page_pool_alloc_pages'
drivers/net/ethernet/ti/cpsw_priv.o: In function `cpsw_fill_rx_channels':
cpsw_priv.c:(.text+0x22d8): undefined reference to `page_pool_alloc_pages'
cpsw_priv.c:(.text+0x2420): undefined reference to `__page_pool_put_page'
drivers/net/ethernet/ti/cpsw_priv.o: In function `cpsw_create_xdp_rxqs':
cpsw_priv.c:(.text+0x2624): undefined reference to `page_pool_create'
drivers/net/ethernet/ti/cpsw_priv.o: In function `cpsw_run_xdp':
cpsw_priv.c:(.text+0x2dc8): undefined reference to `__page_pool_put_page'
Other drivers use 'select' for PAGE_POOL, so do the same here.
Fixes: ed3525eda4c4 ("net: ethernet: ti: introduce cpsw switchdev based driver part 1 - dual-emac")
Signed-off-by: Arnd Bergmann <[email protected]>
Acked-by: Ilias Apalodimas <[email protected]>
Acked-by: Jesper Dangaard Brouer <[email protected]>
Reviewed-by: Grygorii Strashko <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
Pull char/misc driver fixes from Greg KH:
"Here are six small fixes for some reported char/misc driver issues:
- fix build warnings with new 'awk' with the raid6 code
- four interconnect driver bugfixes
- binder fix for reported problem
All of these except the binder fix have been in linux-next with no
reported issues. The binder fix is "new" but Todd says it is good as
he has tested it :)"
* tag 'char-misc-5.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
binder: fix incorrect calculation for num_valid
interconnect: qcom: msm8974: Walk the list safely on node removal
interconnect: qcom: qcs404: Walk the list safely on node removal
interconnect: qcom: sdm845: Walk the list safely on node removal
interconnect: qcom: Fix Kconfig indentation
lib: raid6: fix awk build warnings
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
Pull driver core fixes from Greg KH:
"Here are two small driver core fixes to resolve some reported issues
The first is to handle the much-reported (by the build systems)
problem that superH does not boot anymore.
The second handles an issue in the new platform logic that a number of
people ran into with the automated tests in kbuild
Both of these have been in linux-next with no reported issues"
* tag 'driver-core-5.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
drivers: Fix boot problem on SuperH
of/platform: Unconditionally pause/resume sync state during kernel init
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
Pull staging/IIO fixes from Greg KH:
"Here are a number of small staging and IIO driver fixes for reported
issues for 5.5-rc2
Nothing major, a bunch of tiny IIO driver issues resolved, and some
staging driver fixes for things that people ran into with 5.5-rc1.
Full details are in the shortlog.
All of these have been in linux-next with no reported issues"
* tag 'staging-5.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (28 commits)
fbtft: Fix the initialization from property algorithm
staging: rtl8712: fix interface sanity check
staging: rtl8188eu: fix interface sanity check
staging: gigaset: add endpoint-type sanity check
staging: gigaset: fix illegal free on probe errors
staging: gigaset: fix general protection fault on probe
staging: vchiq: call unregister_chrdev_region() when driver registration fails
staging: exfat: fix multiple definition error of `rename_file'
staging/wlan-ng: add CRC32 dependency in Kconfig
staging: hp100: Fix build error without ETHERNET
staging: fbtft: Do not hardcode SPI CS polarity inversion
staging: exfat: properly support discard in clr_alloc_bitmap()
staging/octeon: Mark Ethernet driver as BROKEN
iio: adc: max9611: Fix too short conversion time delay
iio: ad7949: fix channels mixups
iio: imu: st_lsm6dsx: do not power-off accel if events are enabled
iio: imu: st_lsm6dsx: track hw FIFO buffering with fifo_mask
iio: imu: st_lsm6dsx: fix decimation factor estimation
iio: imu: inv_mpu6050: fix temperature reporting using bad unit
iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting
...
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Pull USB fixes from Greg KH:
"Here are some small USB driver fixes for reported issues for 5.5-rc2
There's the usual gadget and xhci fixes, as well as some other
problems that syzbot has been finding during it's fuzzing runs. Full
details are in the shortlog.
All of these have been in linux-next with no reported issues"
* tag 'usb-5.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (21 commits)
usb: dwc3: pci: add ID for the Intel Comet Lake -H variant
xhci: make sure interrupts are restored to correct state
xhci: handle some XHCI_TRUST_TX_LENGTH quirks cases as default behaviour.
xhci: Increase STS_HALT timeout in xhci_suspend()
usb: xhci: only set D3hot for pci device
xhci: fix USB3 device initiated resume race with roothub autosuspend
xhci: Fix memory leak in xhci_add_in_port()
USB: Fix incorrect DMA allocations for local memory pool drivers
usb: gadget: fix wrong endpoint desc
usb: dwc3: ep0: Clear started flag on completion
usb: dwc3: gadget: Clear started flag for non-IOC
usb: dwc3: gadget: Fix logical condition
USB: atm: ueagle-atm: add missing endpoint check
USB: adutux: fix interface sanity check
USB: idmouse: fix interface sanity checks
USB: serial: io_edgeport: fix epic endpoint lookup
usb: mon: Fix a deadlock in usbmon between mmap and read
usb: common: usb-conn-gpio: Don't log an error on probe deferral
usb: core: urb: fix URB structure initialization function
usb: typec: fix use after free in typec_register_port()
...
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Pull s390 updates from Vasily Gorbik:
- Add support for KASAN_VMALLOC feature.
- Remove the last user of problematic diag 0x44 call.
- Adjust sampling interval and avoid sample data block overflow
condition on pressure in perf code.
- Prefer EOPNOTSUPP over ENOTSUPP and comments fixes.
* tag 's390-5.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/kasan: add KASAN_VMALLOC support
s390: remove last diag 0x44 caller
s390/uv: use EOPNOTSUPP instead of ENOTSUPP
s390/cpum_sf: Avoid SBD overflow condition in irq handler
s390/cpum_sf: Adjust sampling interval to avoid hitting sample limits
s390/test_unwind: fix spelling mistake "reqister" -> "register"
s390/spinlock: remove confusing comment in arch_spin_lock_wait
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto fix from Herbert Xu:
"Fix another build problem for Wireguard without Crypto"
* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: arm/curve25519 - add arch-specific key generation function
|
|
Pull cfis fixes from Steve French:
"Three small smb3 fixes: this addresses two recent issues reported in
additional testing during rc1, a refcount underflow and a problem with
an intermittent crash in SMB2_open_init"
* tag '5.5-rc1-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
CIFS: Close cached root handle only if it has a lease
SMB3: Fix crash in SMB2_open_init due to uninitialized field in compounding path
smb3: fix refcount underflow warning on unmount when no directory leases
|
|
Host can provide send indirection table messages anytime after RSS is
enabled by calling rndis_filter_set_rss_param(). So the host provided
table values may be overwritten by the initialization in
rndis_set_subchannel().
To prevent this problem, move the tx_table initialization before calling
rndis_filter_set_rss_param().
Fixes: a6fb6aa3cfa9 ("hv_netvsc: Set tx_table to equal weight after subchannels open")
Signed-off-by: Haiyang Zhang <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs
Pull overlayfs fixes from Miklos Szeredi:
"Fix some bugs and documentation"
* tag 'ovl-fixes-5.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
docs: filesystems: overlayfs: Fix restview warnings
docs: filesystems: overlayfs: Rename overlayfs.txt to .rst
ovl: relax WARN_ON() on rename to self
ovl: fix corner case of non-unique st_dev;st_ino
ovl: don't use a temp buf for encoding real fh
ovl: make sure that real fid is 32bit aligned in memory
ovl: fix lookup failure on multi lower squashfs
|
|
phylink requires the MAC to report when its link status changes when
operating in inband modes. Failure to report link status changes
means that phylink has no idea when the link events happen, which
results in either the network interface's carrier remaining up or
remaining permanently down.
For example, with a fiber module, if the interface is brought up and
link is initially established, taking the link down at the far end
will cut the optical power. The SFP module's LOS asserts, we
deactivate the link, and the network interface reports no carrier.
When the far end is brought back up, the SFP module's LOS deasserts,
but the MAC may be slower to establish link. If this happens (which
in my tests is a certainty) then phylink never hears that the MAC
has established link with the far end, and the network interface is
stuck reporting no carrier. This means the interface is
non-functional.
Avoiding the link interrupt when we have phylink is basically not
an option, so remove the !port->phylink from the test.
Fixes: 4bb043262878 ("net: mvpp2: phylink support")
Tested-by: Sven Auhagen <[email protected]>
Tested-by: Antoine Tenart <[email protected]>
Signed-off-by: Russell King <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
|