aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2018-12-13Merge tag 'mlx5-fixes-2018-12-13' of ↵David S. Miller6-27/+38
git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux mlx5-fixes-2018-12-13 Subject: [pull request][net 0/9] Mellanox, mlx5 fixes 2018-12-13 Saeed Mahameed says: ==================== This series introduces some fixes to the mlx5 core and mlx5e netdevice driver. ======= Conflict with net-next: When merged with net-next this series will cause a moderate conflict: 1) in drivers/net/ethernet/mellanox/mlx5/core/en_tc.c (2 hunks) Take hunks from net only and just replace *attr->mirror_count to *attr->split_count 1.1) there is one more instance of slow_attr->mirror_count to be replaced with slow_attr->split_count, it doesn't appear in the conflict, it will cause a compilation error if left out. 2) in mlx5_ifc.h, take hunks only from net. Example for the merge resolution can be found at: https://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux.git/commit/?h=merge/mlx5-fixes&id=48830adf29804d85d77ed8a251d625db0eb5b8a8 branch merge/mlx5-fixes of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux (I simply merged this pull request tag into net-next and resolved the conflict) I don't know if it's ok with you, but to save your time, you can just: git pull git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux merge/mlx5-fixes Into net-next, before your next net merge, and you will have a clean merge of net into net-next (at least for mlx5 files). ====== Please pull and let me know if there's any problem. For -stable v4.18 338d615be484 ('net/mlx5e: Cancel DIM work on close SQ') 91f40f9904ad ('net/mlx5e: RX, Verify MPWQE stride size is in range') For -stable v4.19 c5c7e1c41bbe ('net/mlx5e: Remove unused UDP GSO remaining counter') ==================== Signed-off-by: David S. Miller <[email protected]>
2018-12-13proc/sysctl: don't return ENOMEM on lookup when a table is unregisteringIvan Delalande1-7/+6
proc_sys_lookup can fail with ENOMEM instead of ENOENT when the corresponding sysctl table is being unregistered. In our case we see this upon opening /proc/sys/net/*/conf files while network interfaces are being deleted, which confuses our configuration daemon. The problem was successfully reproduced and this fix tested on v4.9.122 and v4.20-rc6. v2: return ERR_PTRs in all cases when proc_sys_make_inode fails instead of mixing them with NULL. Thanks Al Viro for the feedback. Fixes: ace0c791e6c3 ("proc/sysctl: Don't grab i_lock under sysctl_lock.") Cc: [email protected] Signed-off-by: Ivan Delalande <[email protected]> Signed-off-by: Al Viro <[email protected]>
2018-12-13Merge tag 'xarray-4.20-rc7' of git://git.infradead.org/users/willy/linux-daxLinus Torvalds10-54/+258
Pull XArray fixes from Matthew Wilcox: "Two bugfixes, each with test-suite updates, two improvements to the test-suite without associated bugs, and one patch adding a missing API" * tag 'xarray-4.20-rc7' of git://git.infradead.org/users/willy/linux-dax: XArray: Fix xa_alloc when id exceeds max XArray tests: Check iterating over multiorder entries XArray tests: Handle larger indices more elegantly XArray: Add xa_cmpxchg_irq and xa_cmpxchg_bh radix tree: Don't return retry entries from lookup
2018-12-13ubifs: Handle re-linking of inodes correctly while recoveryRichard Weinberger1-0/+37
UBIFS's recovery code strictly assumes that a deleted inode will never come back, therefore it removes all data which belongs to that inode as soon it faces an inode with link count 0 in the replay list. Before O_TMPFILE this assumption was perfectly fine. With O_TMPFILE it can lead to data loss upon a power-cut. Consider a journal with entries like: 0: inode X (nlink = 0) /* O_TMPFILE was created */ 1: data for inode X /* Someone writes to the temp file */ 2: inode X (nlink = 0) /* inode was changed, xattr, chmod, … */ 3: inode X (nlink = 1) /* inode was re-linked via linkat() */ Upon replay of entry #2 UBIFS will drop all data that belongs to inode X, this will lead to an empty file after mounting. As solution for this problem, scan the replay list for a re-link entry before dropping data. Fixes: 474b93704f32 ("ubifs: Implement O_TMPFILE") Cc: [email protected] Cc: Russell Senior <[email protected]> Cc: Rafał Miłecki <[email protected]> Reported-by: Russell Senior <[email protected]> Reported-by: Rafał Miłecki <[email protected]> Tested-by: Rafał Miłecki <[email protected]> Signed-off-by: Richard Weinberger <[email protected]>
2018-12-13ubi: Do not drop UBI device reference before usingPan Bian1-1/+1
The UBI device reference is dropped but then the device is used as a parameter of ubi_err. The bug is introduced in changing ubi_err's behavior. The old ubi_err does not require a UBI device as its first parameter, but the new one does. Fixes: 32608703310 ("UBI: Extend UBI layer debug/messaging capabilities") Signed-off-by: Pan Bian <[email protected]> Reviewed-by: Boris Brezillon <[email protected]> Signed-off-by: Richard Weinberger <[email protected]>
2018-12-13ubi: Put MTD device after it is not usedPan Bian1-1/+1
The MTD device reference is dropped via put_mtd_device, however its field ->index is read and passed to ubi_msg. To fix this, the patch moves the reference dropping after calling ubi_msg. Signed-off-by: Pan Bian <[email protected]> Reviewed-by: Boris Brezillon <[email protected]> Signed-off-by: Richard Weinberger <[email protected]>
2018-12-13ubifs: Fix default compression selection in ubifsGabor Juhos1-1/+12
When ubifs is build without the LZO compressor and no compressor is given the creation of the default file system will fail. before selection the LZO compressor check if it is present and if not fall back to the zlib or none. Signed-off-by: Gabor Juhos <[email protected]> Signed-off-by: Hauke Mehrtens <[email protected]> Signed-off-by: Richard Weinberger <[email protected]>
2018-12-13ubifs: Fix memory leak on error conditionGarry McNulty1-6/+6
If the call to ubifs_read_nnode() fails in ubifs_lpt_calc_hash() an error is returned without freeing the memory allocated to 'buf'. Read and check the root node before allocating the buffer. Detected by CoverityScan, CID 1441025 ("Resource leak") Signed-off-by: Garry McNulty <[email protected]> Signed-off-by: Richard Weinberger <[email protected]>
2018-12-13ubifs: auth: Add CONFIG_KEYS dependencyArnd Bergmann1-0/+1
The new authentication support causes a build failure when CONFIG_KEYS is disabled, so add a dependency. fs/ubifs/auth.c: In function 'ubifs_init_authentication': fs/ubifs/auth.c:249:16: error: implicit declaration of function 'request_key'; did you mean 'request_irq'? [-Werror=implicit-function-declaration] keyring_key = request_key(&key_type_logon, c->auth_key_name, NULL); Fixes: d8a22773a12c ("ubifs: Enable authentication support") Signed-off-by: Arnd Bergmann <[email protected]> Signed-off-by: Richard Weinberger <[email protected]>
2018-12-13ubifs: CONFIG_UBIFS_FS_AUTHENTICATION should depend on UBIFS_FSGeert Uytterhoeven1-8/+7
Instead of adding yet another dependency on UBIFS_FS, wrap the whole block of ubifs config options in a single "if UBIFS_FS". Fixes: d8a22773a12c6d78 ("ubifs: Enable authentication support") Signed-off-by: Geert Uytterhoeven <[email protected]> Acked-by: Sascha Hauer <[email protected]> Signed-off-by: Richard Weinberger <[email protected]>
2018-12-13ubifs: replay: Fix high stack usageArnd Bergmann1-11/+24
Having two shash descriptors on the stack cause a very significant kernel stack usage that can cross the warning threshold: fs/ubifs/replay.c: In function 'authenticate_sleb': fs/ubifs/replay.c:633:1: error: the frame size of 1144 bytes is larger than 1024 bytes [-Werror=frame-larger-than=] Normally, gcc optimizes the out, but with CONFIG_CC_OPTIMIZE_FOR_DEBUGGING, it does not. Splitting the two stack allocations into separate functions means that they will use the same memory again. In normal configurations (optimizing for size or performance), those should get inlined and we get the same behavior as before. Signed-off-by: Arnd Bergmann <[email protected]> Signed-off-by: Richard Weinberger <[email protected]>
2018-12-13Merge tag 'linux-kselftest-4.20-rc7' of ↵Linus Torvalds1-2/+7
git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest Pull Kselftest fix from Shuah Khan: "A single fix for a seccomp test from Kees Cook." * tag 'linux-kselftest-4.20-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: selftests/seccomp: Remove SIGSTOP si_pid check
2018-12-13Merge branch 'fixes' of ↵Linus Torvalds2-8/+8
git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal Pull thermal fixes from Eduardo Valentin: "Fixes for STM and HISI thermal drivers" * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal: thermal: stm32: Fix stm_thermal_read_factory_settings thermal: stm32: read factory settings inside stm_thermal_prepare thermal/drivers/hisi: Fix number of sensors on hi3660 thermal/drivers/hisi: Fix wrong platform_get_irq_byname()
2018-12-13Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channelsDexuan Cui1-0/+20
Before 98f4c651762c, we returned zeros for unopened channels. With 98f4c651762c, we started to return random on-stack values. We'd better return -EINVAL instead. Fixes: 98f4c651762c ("hv: move ringbuffer bus attributes to dev_groups") Cc: [email protected] Cc: K. Y. Srinivasan <[email protected]> Cc: Haiyang Zhang <[email protected]> Cc: Stephen Hemminger <[email protected]> Signed-off-by: Dexuan Cui <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
2018-12-13x86, hyperv: remove PCI dependencySinan Kaya1-1/+1
Need to be able to boot without PCI devices present. Signed-off-by: Sinan Kaya <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
2018-12-14Merge branch 'vmwgfx-fixes-4.20' of ↵Dave Airlie6-4/+103
git://people.freedesktop.org/~thomash/linux into drm-fixes One regression fix for avoiding kernel OOM, one cleanup return fix. Signed-off-by: Dave Airlie <[email protected]> From: Thomas Hellstrom <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
2018-12-13USB: serial: option: add Telit LN940 seriesJörgen Storvist1-0/+4
Added USB serial option driver support for Telit LN940 series cellular modules. Covering both QMI and MBIM modes. usb-devices output (0x1900): T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 21 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=1900 Rev=03.10 S: Manufacturer=Telit S: Product=Telit LN940 Mobile Broadband S: SerialNumber=0123456789ABCDEF C: #Ifs= 5 Cfg#= 1 Atr=a0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option usb-devices output (0x1901): T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 20 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=1901 Rev=03.10 S: Manufacturer=Telit S: Product=Telit LN940 Mobile Broadband S: SerialNumber=0123456789ABCDEF C: #Ifs= 6 Cfg#= 1 Atr=a0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option I: If#= 4 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0e Prot=00 Driver=cdc_mbim I: If#= 5 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim Signed-off-by: Jörgen Storvist <[email protected]> Cc: stable <[email protected]> Signed-off-by: Johan Hovold <[email protected]>
2018-12-13XArray: Fix xa_alloc when id exceeds maxMatthew Wilcox2-5/+36
Specifying a starting ID greater than the maximum ID isn't something attempted very often, but it should fail. It was succeeding due to xas_find_marked() returning the wrong error state, so add tests for both xa_alloc() and xas_find_marked(). Fixes: b803b42823d0 ("xarray: Add XArray iterators") Signed-off-by: Matthew Wilcox <[email protected]>
2018-12-13Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdmaLinus Torvalds7-8/+22
Pull rdma fixes from Doug Ledford: "We have 5 small fixes for this pull request. One is a performance regression, so not necessarily strictly a fix, but it was small and reasonable and claimed to avoid thrashing in the scheduler, so I took it. The remaining are all legitimate fixes that match the "we take fixes any time" criteria. Summary: - One performance regression for hfi1 - One kasan fix for hfi1 - A couple mlx5 fixes - A core oops fix" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma: IB/core: Fix oops in netdev_next_upper_dev_rcu() IB/mlx5: Block DEVX umem from the non applicable cases IB/mlx5: Fix implicit ODP interrupted page fault IB/hfi1: Fix an out-of-bounds access in get_hw_stats IB/hfi1: Fix a latency issue for small messages
2018-12-13Merge tag 'mmc-v4.20-rc5' of ↵Linus Torvalds4-16/+40
git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull mmc fixes from Ulf Hansson: "MMC core: - Fixup RPMB requests to use mrq->sbc when sending CMD23 MMC host: - omap: Fix broken MMC/SD on OMAP15XX/OMAP5910/OMAP310 - sdhci-omap: Fix DCRC error handling during tuning - sdhci: Fixup the timeout check window for clock and reset" * tag 'mmc-v4.20-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: sdhci: fix the timeout check window for clock and reset mmc: sdhci-omap: Fix DCRC error handling during tuning MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 mmc: core: use mrq->sbc when sending CMD23 for RPMB
2018-12-13Merge tag 'sound-4.20-rc7' of ↵Linus Torvalds2-1/+78
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "Only usual suspects here: a few more fixups for Realtek HD-audio on various PCs, including a regression fix in the previous fix for Lenovo X1 Carbon, as well as a typo fix in the recent Fireface patch" * tag 'sound-4.20-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 ALSA: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 ALSA: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN ALSA: fireface: fix reference to wrong register for clock configuration ALSA: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon ALSA: hda/realtek - Fixed headphone issue for ALC700
2018-12-13bpf: verifier: make sure callees don't prune with caller differencesJakub Kicinski2-3/+38
Currently for liveness and state pruning the register parentage chains don't include states of the callee. This makes some sense as the callee can't access those registers. However, this means that READs done after the callee returns will not propagate into the states of the callee. Callee will then perform pruning disregarding differences in caller state. Example: 0: (85) call bpf_user_rnd_u32 1: (b7) r8 = 0 2: (55) if r0 != 0x0 goto pc+1 3: (b7) r8 = 1 4: (bf) r1 = r8 5: (85) call pc+4 6: (15) if r8 == 0x1 goto pc+1 7: (05) *(u64 *)(r9 - 8) = r3 8: (b7) r0 = 0 9: (95) exit 10: (15) if r1 == 0x0 goto pc+0 11: (95) exit Here we acquire unknown state with call to get_random() [1]. Then we store this random state in r8 (either 0 or 1) [1 - 3], and make a call on line 5. Callee does nothing but a trivial conditional jump (to create a pruning point). Upon return caller checks the state of r8 and either performs an unsafe read or not. Verifier will first explore the path with r8 == 1, creating a pruning point at [11]. The parentage chain for r8 will include only callers states so once verifier reaches [6] it will mark liveness only on states in the caller, and not [11]. Now when verifier walks the paths with r8 == 0 it will reach [11] and since REG_LIVE_READ on r8 was not propagated there it will prune the walk entirely (stop walking the entire program, not just the callee). Since [6] was never walked with r8 == 0, [7] will be considered dead and replaced with "goto -1" causing hang at runtime. This patch weaves the callee's explored states onto the callers parentage chain. Rough parentage for r8 would have looked like this before: [0] [1] [2] [3] [4] [5] [10] [11] [6] [7] | | ,---|----. | | | sl0: sl0: / sl0: \ sl0: sl0: sl0: fr0: r8 <-- fr0: r8<+--fr0: r8 `fr0: r8 ,fr0: r8<-fr0: r8 \ fr1: r8 <- fr1: r8 / \__________________/ after: [0] [1] [2] [3] [4] [5] [10] [11] [6] [7] | | | | | | sl0: sl0: sl0: sl0: sl0: sl0: fr0: r8 <-- fr0: r8 <- fr0: r8 <- fr0: r8 <-fr0: r8<-fr0: r8 fr1: r8 <- fr1: r8 Now the mark from instruction 6 will travel through callees states. Note that we don't have to connect r0 because its overwritten by callees state on return and r1 - r5 because those are not alive any more once a call is made. v2: - don't connect the callees registers twice (Alexei: suggestion & code) - add more details to the comment (Ed & Alexei) v1: don't unnecessarily link caller saved regs (Jiong) Fixes: f4d7e40a5b71 ("bpf: introduce function calls (verification)") Reported-by: David Beckett <[email protected]> Signed-off-by: Jakub Kicinski <[email protected]> Reviewed-by: Jiong Wang <[email protected]> Reviewed-by: Edward Cree <[email protected]> Signed-off-by: Alexei Starovoitov <[email protected]>
2018-12-13mt76: add entry in MAINTAINERS fileLorenzo Bianconi1-0/+7
Add entry for mt76 driver in MAINTAINERS file Signed-off-by: Lorenzo Bianconi <[email protected]> Signed-off-by: Kalle Valo <[email protected]>
2018-12-13mt76: fix potential NULL pointer dereference in mt76_stop_tx_queuesLorenzo Bianconi1-1/+6
Starting from mac80211 commit adf8ed01e4fd ("mac80211: add an optional TXQ for other PS-buffered frames") and commit 0eeb2b674f05 ("mac80211: add an option for station management TXQ") a new per-sta queue has been introduced for bufferable management frames. sta->txq[IEEE80211_NUM_TIDS] is initialized just if the driver reports the following hw flags: - IEEE80211_HW_STA_MMPDU_TXQ - IEEE80211_HW_BUFF_MMPDU_TXQ This can produce a NULL pointer dereference in mt76_stop_tx_queues since mt76 iterates on all available sta tx queues assuming they are initialized by mac80211. This issue has been spotted analyzing the code (it has not triggered any crash yet) Signed-off-by: Lorenzo Bianconi <[email protected]> Signed-off-by: Kalle Valo <[email protected]>
2018-12-13Revert "mwifiex: restructure rx_reorder_tbl_lock usage"Brian Norris3-53/+51
This reverts commit 5188d5453bc9380ccd4ae1086138dd485d13aef2, because it introduced lock recursion: BUG: spinlock recursion on CPU#2, kworker/u13:1/395 lock: 0xffffffc0e28a47f0, .magic: dead4ead, .owner: kworker/u13:1/395, .owner_cpu: 2 CPU: 2 PID: 395 Comm: kworker/u13:1 Not tainted 4.20.0-rc4+ #2 Hardware name: Google Kevin (DT) Workqueue: MWIFIEX_RX_WORK_QUEUE mwifiex_rx_work_queue [mwifiex] Call trace: dump_backtrace+0x0/0x140 show_stack+0x20/0x28 dump_stack+0x84/0xa4 spin_bug+0x98/0xa4 do_raw_spin_lock+0x5c/0xdc _raw_spin_lock_irqsave+0x38/0x48 mwifiex_flush_data+0x2c/0xa4 [mwifiex] call_timer_fn+0xcc/0x1c4 run_timer_softirq+0x264/0x4f0 __do_softirq+0x1a8/0x35c do_softirq+0x54/0x64 netif_rx_ni+0xe8/0x120 mwifiex_recv_packet+0xfc/0x10c [mwifiex] mwifiex_process_rx_packet+0x1d4/0x238 [mwifiex] mwifiex_11n_dispatch_pkt+0x190/0x1ac [mwifiex] mwifiex_11n_rx_reorder_pkt+0x28c/0x354 [mwifiex] mwifiex_process_sta_rx_packet+0x204/0x26c [mwifiex] mwifiex_handle_rx_packet+0x15c/0x16c [mwifiex] mwifiex_rx_work_queue+0x104/0x134 [mwifiex] worker_thread+0x4cc/0x72c kthread+0x134/0x13c ret_from_fork+0x10/0x18 This was clearly not tested well at all. I simply performed 'wget' in a loop and it fell over within a few seconds. Fixes: 5188d5453bc9 ("mwifiex: restructure rx_reorder_tbl_lock usage") Cc: <[email protected]> Cc: Ganapathi Bhat <[email protected]> Signed-off-by: Brian Norris <[email protected]> Signed-off-by: Kalle Valo <[email protected]>
2018-12-13rtlwifi: Fix leak of skb when processing C2H_BT_INFOLarry Finger1-0/+1
With commit 0a9f8f0a1ba9 ("rtlwifi: fix btmpinfo timeout while processing C2H_BT_INFO"), calling rtl_c2hcmd_enqueue() with rtl_c2h_fast_cmd() true, the routine returns without freeing that skb, thereby leaking it. This issue has been discussed at https://github.com/lwfinger/rtlwifi_new/issues/401 and the fix tested there. Fixes: 0a9f8f0a1ba9 ("rtlwifi: fix btmpinfo timeout while processing C2H_BT_INFO") Reported-and-tested-by: Francisco Machado Magalhães Neto <[email protected]> Cc: Francisco Machado Magalhães Neto <[email protected]> Cc: Ping-Ke Shih <[email protected]> Cc: Stable <[email protected]> # 4.18+ Signed-off-by: Larry Finger <[email protected]> Signed-off-by: Kalle Valo <[email protected]>
2018-12-13drm/vmwgfx: Protect from excessive execbuf kernel memory allocations v3Thomas Hellstrom6-2/+103
With the new validation code, a malicious user-space app could potentially submit command streams with enough buffer-object and resource references in them to have the resulting allocated validion nodes and relocations make the kernel run out of GFP_KERNEL memory. Protect from this by having the validation code reserve TTM graphics memory when allocating. Signed-off-by: Thomas Hellstrom <[email protected]> Reviewed-by: Deepak Rawat <[email protected]> --- v2: Removed leftover debug printouts
2018-12-13USB: serial: option: add Fibocom NL668 seriesJörgen Storvist1-0/+2
Added USB serial option driver support for Fibocom NL668 series cellular modules. Reserved USB endpoints 4, 5 and 6 for network + ADB interfaces. usb-devices output (QMI mode) T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 16 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1508 ProdID=1001 Rev=03.18 S: Manufacturer=Nodecom NL668 Modem S: Product=Nodecom NL668-CN Modem S: SerialNumber= C: #Ifs= 6 Cfg#= 1 Atr=a0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan I: If#= 5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) usb-devices output (ECM mode) T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 17 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1508 ProdID=1001 Rev=03.18 S: Manufacturer=Nodecom NL668 Modem S: Product=Nodecom NL668-CN Modem S: SerialNumber= C: #Ifs= 7 Cfg#= 1 Atr=a0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option I: If#= 4 Alt= 0 #EPs= 1 Cls=02(commc) Sub=06 Prot=00 Driver=cdc_ether I: If#= 5 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=cdc_ether I: If#= 6 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) Signed-off-by: Jörgen Storvist <[email protected]> Cc: stable <[email protected]> Signed-off-by: Johan Hovold <[email protected]>
2018-12-13net/mlx5e: Cancel DIM work on close SQTal Gilboa1-0/+1
TXQ SQ closure is followed by closing the corresponding CQ. A pending DIM work would try to modify the now non-existing CQ. This would trigger an error: [85535.835926] mlx5_core 0000:af:00.0: mlx5_cmd_check:769:(pid 124399): MODIFY_CQ(0x403) op_mod(0x0) failed, status bad resource state(0x9), syndrome (0x1d7771) Fix by making sure to cancel any pending DIM work before destroying the SQ. Fixes: cbce4f444798 ("net/mlx5e: Enable adaptive-TX moderation") Signed-off-by: Tal Gilboa <[email protected]> Reviewed-by: Tariq Toukan <[email protected]> Signed-off-by: Saeed Mahameed <[email protected]>
2018-12-13net/mlx5e: Remove unused UDP GSO remaining counterMikhael Goikhman2-4/+0
Remove tx_udp_seg_rem counter from ethtool output, as it is no longer being updated in the driver's data flow. Fixes: 3f44899ef2ce ("net/mlx5e: Use PARTIAL_GSO for UDP segmentation") Signed-off-by: Mikhael Goikhman <[email protected]> Reviewed-by: Eran Ben Elisha <[email protected]> Signed-off-by: Saeed Mahameed <[email protected]>
2018-12-13net/mlx5e: Avoid encap flows deletion attempt the 1st time a neigh is resolvedOr Gerlitz2-6/+5
Currently, we are deleting offloaded encap flows in case the relevant neigh becomes unconnected while the encap is valid (a sign that it used to be connected), or if the curr neigh mac is different from the cached mac (a sign that the remote side changed their mac). The 2nd check also applies when the neigh becomes connected on the 1st time (we start with zero mac). Before the offending commit, the deleting handler was practically no op, as no flows were offloaded. But since that commit, we offload neigh-less encap flows to slow path. Under mirroring scheme, we go into the delete handler, attempt to unoffload a mirror rule which was never set (as we were offloading to slow path) and crash. Fix that by calling the delete handler only when the encap is valid, which covers both cases mentioned above. Fixes: 5dbe906ff1d5 ('net/mlx5e: Use a slow path rule instead if vxlan neighbour isn't available') Signed-off-by: Or Gerlitz <[email protected]> Signed-off-by: Eli Britstein <[email protected]> Reviewed-by: Paul Blakey <[email protected]> Signed-off-by: Saeed Mahameed <[email protected]>
2018-12-13net/mlx5e: Properly initialize flow attributes for slow path eswitch rule ↵Or Gerlitz1-3/+6
deletion When a neighbour is resolved, we delete the goto slow path rule from HW. The eswitch flow attributes where not properly initialized on that case, hence we mess up the eswitch refcounts for chain zero (the default one). Fix that along with making sure to use semicolons and not commas on that code; Fixes: 5dbe906ff1d5 ('net/mlx5e: Use a slow path rule instead if vxlan neighbour isn't available') Signed-off-by: Or Gerlitz <[email protected]> Reviewed-by: Paul Blakey <[email protected]> Signed-off-by: Saeed Mahameed <[email protected]>
2018-12-13net/mlx5e: Avoid overriding the user provided priority for offloaded tc rulesOr Gerlitz1-5/+4
Just a leftover which was wrongly left there, remove it while spawning a message to suggest firmware upgrade. Fixes: bf07aa730a04 ('net/mlx5e: Support offloading tc priorities and chains for eswitch flows') Signed-off-by: Or Gerlitz <[email protected]> Reviewed-by: Paul Blakey <[email protected]> Signed-off-by: Saeed Mahameed <[email protected]>
2018-12-13net/mlx5e: Err if asked to mirror a goto chain tc eswitch ruleOr Gerlitz1-2/+9
Currently we are not supporting this and not err-ing on that either. For now, just err if asked to do that. Fixes: bf07aa730a04 ('net/mlx5e: Support offloading tc priorities and chains for eswitch flows') Signed-off-by: Or Gerlitz <[email protected]> Reported-by: Eli Britstein <[email protected]> Reviewed-by: Eli Britstein <[email protected]> Signed-off-by: Saeed Mahameed <[email protected]>
2018-12-13net/mlx5e: RX, Verify MPWQE stride size is in rangeMoshe Shemesh1-0/+5
Add check of MPWQE stride size is within range supported by HW. In case calculated MPWQE stride size exceed range, linear SKB can't be used and we should use non linear MPWQE instead. Fixes: 619a8f2a42f1 ("net/mlx5e: Use linear SKB in Striding RQ") Signed-off-by: Moshe Shemesh <[email protected]> Reviewed-by: Tariq Toukan <[email protected]> Signed-off-by: Saeed Mahameed <[email protected]>
2018-12-13net/mlx5e: Fix default amount of channels for VF representorsGavi Teitz1-3/+2
The default amount of channels a representor opens was erroneously changed from one to the maximum amount of channels, restore to its intended value. Fixes: 779d986d60de ("net/mlx5e: Do not ignore netdevice TX/RX queues number") Signed-off-by: Gavi Teitz <[email protected]> Reviewed-by: Or Gerlitz <[email protected]> Reviewed-by: Tariq Toukan <[email protected]> Signed-off-by: Saeed Mahameed <[email protected]>
2018-12-13net/mlx5: E-Switch, Fix fdb cap bits swapVu Pham1-4/+6
The cap bits locations for the fdb caps of multi path to table (used for local mirroring) and multi encap (used for prio/chains) were wrongly used in swapped locations. This went unnoted so far b/c we tested the offending patch with CX5 FW that supports both of them. On different environments where not both caps are supported, we will be messed up, fix that. Fixes: b9aa0ba17af5 ('net/mlx5: Add cap bits for multi fdb encap') Signed-off-by: Vu Pham <[email protected]> Reviewed-by: Or Gerlitz <[email protected]> Tested-by: Or Gerlitz <[email protected]> Signed-off-by: Saeed Mahameed <[email protected]>
2018-12-12Merge branch 'vhost-fixes'David S. Miller2-5/+26
Jason Wang says: ==================== Fix various issue of vhost This series tries to fix various issues of vhost: - Patch 1 adds a missing write barrier between used idx updating and logging. - Patch 2-3 brings back the protection of device IOTLB through vq mutex, this fixes possible use after free in device IOTLB entries. Please consider them for -stable. Changes from V2: - drop dirty page fix and make it for net-next Changes from V1: - silent compiler warning for 32bit. - use mutex_trylock() on slowpath instead of mutex_lock() even on fast path. ==================== Signed-off-by: David S. Miller <[email protected]>
2018-12-12Revert "net: vhost: lock the vqs one by one"Jason Wang1-4/+17
This reverts commit 78139c94dc8c96a478e67dab3bee84dc6eccb5fd. We don't protect device IOTLB with vq mutex, which will lead e.g use after free for device IOTLB entries. And since we've switched to use mutex_trylock() in previous patch, it's safe to revert it without having deadlock. Fixes: commit 78139c94dc8c ("net: vhost: lock the vqs one by one") Cc: Tonghao Zhang <[email protected]> Acked-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Jason Wang <[email protected]> Signed-off-by: David S. Miller <[email protected]>
2018-12-12vhost_net: switch to use mutex_trylock() in vhost_net_busy_poll()Jason Wang1-1/+7
We used to hold the mutex of paired virtqueue in vhost_net_busy_poll(). But this will results an inconsistent lock order which may cause deadlock if we try to bring back the protection of device IOTLB with vq mutex that requires to hold mutex of all virtqueues at the same time. Fix this simply by switching to use mutex_trylock(), when fail just skip the busy polling. This can happen when device IOTLB is under updating which should be rare. Fixes: commit 78139c94dc8c ("net: vhost: lock the vqs one by one") Cc: Tonghao Zhang <[email protected]> Acked-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Jason Wang <[email protected]> Signed-off-by: David S. Miller <[email protected]>
2018-12-12vhost: make sure used idx is seen before log in vhost_add_used_n()Jason Wang1-0/+2
We miss a write barrier that guarantees used idx is updated and seen before log. This will let userspace sync and copy used ring before used idx is update. Fix this by adding a barrier before log_write(). Fixes: 8dd014adfea6f ("vhost-net: mergeable buffers support") Acked-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Jason Wang <[email protected]> Signed-off-by: David S. Miller <[email protected]>
2018-12-12Merge branch '40GbE' of ↵David S. Miller5-53/+32
git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-queue Jeff Kirsher says: ==================== Intel Wired LAN Driver Fixes 2018-12-12 This series contains fixes to i40e and ixgbe. Stefan Assmann fixes an issue created by a previous fix, where ether_addr_copy() was moved to avoid a race but did not take into account that it alters the MAC address being handed to i40e_del_mac_filter(). Michał Mirosław provides 2 fixes for i40e, first resolves issues in the hardware VLAN offload where VLAN.TCI equal to 0 was being dropped and a race between disabling VLAN receive feature in hardware and processing the receive queue, where packets could have their VLAN information dropped. Ross Lagerwall fixes a racy condition during a ixgbe VF reset, where writing the register to issue a reset and sending the reset message via the mailbox API could result of the mailbox memory getting cleared during the reset before the message gets successfully sent which results in a VF driver malfunction. ==================== Signed-off-by: David S. Miller <[email protected]>
2018-12-12Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nfDavid S. Miller7-27/+22
Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for net: 1) Fix warnings suspicious rcu usage when handling base chain statistics, from Taehee Yoo. 2) Refetch pointer to tcp header from nf_ct_sack_adjust() since skb_make_writable() may reallocate data area, reported by Google folks patch from Florian. 3) Incorrect netlink nest end after previous cancellation from error path in ipset, from Pan Bian. 4) Use dst_hold_safe() from nf_xfrm_me_harder(), from Florian. 5) Use rb_link_node_rcu() for rcu-protected rbtree node in nf_conncount, from Taehee Yoo. ==================== Signed-off-by: David S. Miller <[email protected]>
2018-12-12Merge tag 'for-4.20/dm-fixes' of ↵Linus Torvalds4-119/+81
git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Pull device mapper fixes from Mike Snitzer: - Fix DM cache metadata to verify that a cache has block before trying to continue with operation that requires them. - Fix bio-based DM core's dm_make_request() to properly impose device limits on individual bios by making use of blk_queue_split(). - Fix long-standing race with how DM thinp notified userspace of thin-pool mode state changes before they were actually made. - Fix the zoned target's bio completion handling; this is a fairly invassive fix at this stage but it is localized to the zoned target. Any zoned target users will benefit from this fix. * tag 'for-4.20/dm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: dm thin: bump target version dm thin: send event about thin-pool state change _after_ making it dm zoned: Fix target BIO completion handling dm: call blk_queue_split() to impose device limits on bios dm cache metadata: verify cache has blocks in blocks_are_clean_separate_dirty()
2018-12-12Merge tag 'media/v4.20-5' of ↵Linus Torvalds20-103/+181
git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media Pull media fixes from Mauro Carvalho Chehab: - one regression at vsp1 driver - some last time changes for the upcoming request API logic and for stateless codec support. As the stateless codec "cedrus" driver is at staging, don't apply the MPEG controls as part of the main V4L2 API, as those may not be ready for production yet. * tag 'media/v4.20-5' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: media: Add a Kconfig option for the Request API media: extended-controls.rst: add note to the MPEG2 state controls media: mpeg2-ctrls.h: move MPEG2 state controls to non-public header media: vicodec: set state resolution from raw format media: vivid: drop v4l2_ctrl_request_complete() from start_streaming media: vb2: don't unbind/put the object when going to state QUEUED media: vb2: keep a reference to the request until dqbuf media: vb2: skip request checks for VIDIOC_PREPARE_BUF media: vb2: don't call __vb2_queue_cancel if vb2_start_streaming failed media: cedrus: Fix a NULL vs IS_ERR() check media: vsp1: Fix LIF buffer thresholds
2018-12-12Merge tag 'ovl-fixes-4.20-rc7' of ↵Linus Torvalds3-17/+20
git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs Pull overlayfs fixes from Miklos Szeredi: "Needed to revert a patch, because it possibly introduces a security hole. Since the patch is basically a conceptual cleanup, not a bug fix, it's safe to revert. I'm not giving up on this, and discussions seemed to have reached an agreement over how to move forward, but that can wait 'till the next release. The other two patches are fixes for bugs introduced in recent releases" * tag 'ovl-fixes-4.20-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs: Revert "ovl: relax permission checking on underlying layers" ovl: fix decode of dir file handle with multi lower layers ovl: fix missing override creds in link of a metacopy upper
2018-12-12Merge tag 'fuse-fixes-4.20-rc7' of ↵Linus Torvalds4-37/+60
git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse Pull fuse fixes from Miklos Szeredi: "There's one patch fixing a minor but long lived bug, the others are fixing regressions introduced in this cycle" * tag 'fuse-fixes-4.20-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse: fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS fuse: Fix memory leak in fuse_dev_free() fuse: fix revalidation of attributes for permission check fuse: fix fsync on directory fuse: Add bad inode check in fuse_destroy_inode()
2018-12-12Merge tag 'trace-v4.20-rc6' of ↵Linus Torvalds3-3/+9
git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull tracing fixes from Steven Rostedt: "While running various ftrace tests on new development code, the kmemleak detector found some allocations that were not freed correctly. This fixes a couple of leaks in the event trigger code as well as in adding function trace filters in trace instances" * tag 'trace-v4.20-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: tracing: Fix memory leak of instance function hash filters tracing: Fix memory leak in set_trigger_filter() tracing: Fix memory leak in create_filter()
2018-12-12scsi: sd: use mempool for discard special pageJens Axboe1-4/+19
When boxes are run near (or to) OOM, we have a problem with the discard page allocation in sd. If we fail allocating the special page, we return busy, and it'll get retried. But since ordering is honored for dispatch requests, we can keep retrying this same IO and failing. Behind that IO could be requests that want to free memory, but they never get the chance. This means you get repeated spews of traces like this: [1201401.625972] Call Trace: [1201401.631748] dump_stack+0x4d/0x65 [1201401.639445] warn_alloc+0xec/0x190 [1201401.647335] __alloc_pages_slowpath+0xe84/0xf30 [1201401.657722] ? get_page_from_freelist+0x11b/0xb10 [1201401.668475] ? __alloc_pages_slowpath+0x2e/0xf30 [1201401.679054] __alloc_pages_nodemask+0x1f9/0x210 [1201401.689424] alloc_pages_current+0x8c/0x110 [1201401.699025] sd_setup_write_same16_cmnd+0x51/0x150 [1201401.709987] sd_init_command+0x49c/0xb70 [1201401.719029] scsi_setup_cmnd+0x9c/0x160 [1201401.727877] scsi_queue_rq+0x4d9/0x610 [1201401.736535] blk_mq_dispatch_rq_list+0x19a/0x360 [1201401.747113] blk_mq_sched_dispatch_requests+0xff/0x190 [1201401.758844] __blk_mq_run_hw_queue+0x95/0xa0 [1201401.768653] blk_mq_run_work_fn+0x2c/0x30 [1201401.777886] process_one_work+0x14b/0x400 [1201401.787119] worker_thread+0x4b/0x470 [1201401.795586] kthread+0x110/0x150 [1201401.803089] ? rescuer_thread+0x320/0x320 [1201401.812322] ? kthread_park+0x90/0x90 [1201401.820787] ? do_syscall_64+0x53/0x150 [1201401.829635] ret_from_fork+0x29/0x40 Ensure that the discard page allocation has a mempool backing, so we know we can make progress. Cc: [email protected] Signed-off-by: Jens Axboe <[email protected]> Reviewed-by: Christoph Hellwig <[email protected]> Signed-off-by: Martin K. Petersen <[email protected]>
2018-12-12scsi: target: iscsi: cxgbit: add missing spin_lock_init()Varun Prakash1-0/+1
Add missing spin_lock_init() for cdev->np_lock. Signed-off-by: Varun Prakash <[email protected]> Signed-off-by: Martin K. Petersen <[email protected]>