| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Correct the broken uapi for the BPF_PROG_TYPE_PERF_EVENT program type
by exporting the user_pt_regs structure instead of the pt_regs structure
that is in-kernel only.
Signed-off-by: Hendrik Brueckner <[email protected]>
Reviewed-by: Thomas Richter <[email protected]>
Acked-by: Alexei Starovoitov <[email protected]>
Cc: Will Deacon <[email protected]>
Cc: Mark Rutland <[email protected]>
Cc: Arnaldo Carvalho de Melo <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
|
|
To mitigate and correct the broken uapi for the BPF_PROG_TYPE_PERF_EVENT
program type, introduce a user_pt_regs structure (similar to arm64) that
exports parts from the beginnig of the pt_regs structure.
The export must start with the beginning of the pt_regs structure because
to correctly calculate BPF prologues for perf (regs_query_register_offset()).
For BPF_PROG_TYPE_PERF_EVENT program types, the BPF program is then passed
a user_pt_regs structure.
Note: Depending on future changes to the s390 pt_regs structure, consider
the user_pt_regs structure to be stable for a particular kernel version
only. (Of course, s390 tries to ensure keep it stable as much as possible.)
Signed-off-by: Hendrik Brueckner <[email protected]>
Reviewed-and-tested-by: Thomas Richter <[email protected]>
Acked-by: Alexei Starovoitov <[email protected]>
Cc: Martin Schwidefsky <[email protected]>
Cc: Heiko Carstens <[email protected]>
Cc: Arnaldo Carvalho de Melo <[email protected]>
Cc: Daniel Borkmann <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
|
|
Commit 0515e5999a466dfe ("bpf: introduce BPF_PROG_TYPE_PERF_EVENT
program type") introduced the bpf_perf_event_data structure which
exports the pt_regs structure. This is OK for multiple architectures
but fail for s390 and arm64 which do not export pt_regs. Programs
using them, for example, the bpf selftest fail to compile on these
architectures.
For s390, exporting the pt_regs is not an option because s390 wants
to allow changes to it. For arm64, there is a user_pt_regs structure
that covers parts of the pt_regs structure for use by user space.
To solve the broken uapi for s390 and arm64, introduce an abstract
type for pt_regs and add an asm/bpf_perf_event.h file that concretes
the type. An asm-generic header file covers the architectures that
export pt_regs today.
The arch-specific enablement for s390 and arm64 follows in separate
commits.
Reported-by: Thomas Richter <[email protected]>
Fixes: 0515e5999a466dfe ("bpf: introduce BPF_PROG_TYPE_PERF_EVENT program type")
Signed-off-by: Hendrik Brueckner <[email protected]>
Reviewed-and-tested-by: Thomas Richter <[email protected]>
Acked-by: Alexei Starovoitov <[email protected]>
Cc: Arnaldo Carvalho de Melo <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Ingo Molnar <[email protected]>
Cc: Alexander Shishkin <[email protected]>
Cc: Jiri Olsa <[email protected]>
Cc: Namhyung Kim <[email protected]>
Cc: Arnd Bergmann <[email protected]>
Cc: Daniel Borkmann <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
|
|
This reverts commit a3b2cb30f252b21a6f962e0dd107c8b897ca65e4.
That commit tried to fix problems with panic on powerpc in certain
circumstances, where some output from the generic panic code was being
dropped.
Unfortunately, it breaks things worse in other circumstances. In
particular when running a PAPR guest, it will now attempt to reboot
instead of informing the hypervisor (KVM or PowerVM) that the guest
has crashed. The crash notification is important to some
virtualization management layers.
Revert it for now until we can come up with a better solution.
Fixes: a3b2cb30f252 ("powerpc: Do not call ppc_md.panic in fadump panic notifier")
Cc: [email protected] # v4.14+
Signed-off-by: David Gibson <[email protected]>
[mpe: Tweak change log a bit]
Signed-off-by: Michael Ellerman <[email protected]>
|
|
Add new support for ALC257 codec.
[ It's supposed to be almost equivalent with other ALC25x variants,
just adding another type and id -- tiwai ]
Signed-off-by: Kailang Yang <[email protected]>
Cc: <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
|
|
Martin Cermak reported that setting a uprobe doesn't work. Reason for
this is that the common uprobes code tries to get an unmapped area at
the last possible page within an address space.
This broke with commit 1aea9b3f9210 ("s390/mm: implement 5 level pages
tables") which introduced an off-by-one bug which prevents to map
anything at the last possible page within an address space.
The check with the off-by-one bug however can be removed since with
commit 8ab867cb0806 ("s390/mm: fix BUG_ON in crst_table_upgrade") the
necessary check is done at both call sites.
Reported-by: Martin Cermak <[email protected]>
Bisected-by: Thomas Richter <[email protected]>
Fixes: 1aea9b3f9210 ("s390/mm: implement 5 level pages tables")
Cc: <[email protected]> # v4.13+
Reviewed-by: Hendrik Brueckner <[email protected]>
Signed-off-by: Heiko Carstens <[email protected]>
Signed-off-by: Martin Schwidefsky <[email protected]>
|
|
More files under arch/s390 have been tagged with the SPDX identifier,
a few of those files have a GPL license text. Remove the GPL text
as it is no longer needed.
Signed-off-by: Martin Schwidefsky <[email protected]>
|
|
Add the correct SPDX license to a few more files under arch/s390 and
drivers/s390 which have been missed to far.
The SPDX identifier is a legally binding shorthand, which can be used
instead of the full boiler plate text.
Signed-off-by: Martin Schwidefsky <[email protected]>
|
|
Prevent that a prefix flag is set based on invalid configuration data.
The validity.verify_base flag should only be set for alias devices.
Usually the unit address type is either one of base, PAV alias or
HyperPAV alias. But in cases where the unit address type is not set or
any other value the validity.verify_base flag might be set as well.
This would lead to follow on errors.
Explicitly check for alias devices and set the validity flag only for
them.
Signed-off-by: Stefan Haberland <[email protected]>
Reviewed-by: Jan Hoeppner <[email protected]>
Signed-off-by: Martin Schwidefsky <[email protected]>
|
|
The switch_to() macro has an optimization to avoid saving and
restoring register contents that aren't needed for kernel threads.
There is however the possibility that a kernel thread execve's a user
space program. In such a case the execve'd process can partially see
the contents of the previous process, which shouldn't be allowed.
To avoid this, simply always save and restore register contents on
context switch.
Cc: <[email protected]> # v2.6.37+
Fixes: fdb6d070effba ("switch_to: dont restore/save access & fpu regs for kernel threads")
Signed-off-by: Heiko Carstens <[email protected]>
Signed-off-by: Martin Schwidefsky <[email protected]>
|
|
getnstimeofday() and timespec are deprecated since they can
overflow on 32-bit architectures. This simply changes to the
explicitly typed timespec64 version that doesn't have that
problem.
It would be nice to also convert to monotonic timestamps
and call ktime_get_ts64() rather than ktime_get_real_ts64(),
but that would be a user-visible change.
Signed-off-by: Arnd Bergmann <[email protected]>
Signed-off-by: Stefan Haberland <[email protected]>
Signed-off-by: Martin Schwidefsky <[email protected]>
|
|
The 'no target buffer empty' error code only applies to HiperSockets.
If this code is reported on a different queue type, be sure to make the
same amount of noise as for any other error code.
Signed-off-by: Julian Wiedmann <[email protected]>
Reviewed-by: Benjamin Block <[email protected]>
Signed-off-by: Martin Schwidefsky <[email protected]>
|
|
In the unlikely case that an ERROR buffer (presented by the HW)
consumed the last available slot on the input queue, increment the
corresponding statistics counter.
Signed-off-by: Julian Wiedmann <[email protected]>
Reviewed-by: Benjamin Block <[email protected]>
Signed-off-by: Martin Schwidefsky <[email protected]>
|
|
The original intent of the virtio header relicensing
from 2008 was to make sure anyone can implement compatible
devices/drivers. The virtio-ccw was omitted by mistake.
We have an ack from the only contributor as well as the
maintainer from IBM, so it's not too late to fix that.
Make it dual-licensed with GPLv2, as the whole kernel is GPL2.
Acked-by: Christian Borntraeger <[email protected]>
Acked-by: Cornelia Huck <[email protected]>
Signed-off-by: Michael S. Tsirkin <[email protected]>
Signed-off-by: Heiko Carstens <[email protected]>
Signed-off-by: Martin Schwidefsky <[email protected]>
|
|
Pull documentation fixes from Jonathan Corbet:
"A handful of documentation fixes.
The most significant of these addresses a problem with the new warning
mode: it can break the build when confronted with a source file
containing malformed kerneldoc comments"
* tag 'docs-4.15-fixes' of git://git.lwn.net/linux:
Documentation: fix docs build error after source file removed
scsi: documentation: Fix case of 'scsi_device' struct mention(s)
genericirq.rst: Remove :c:func:`...` in code blocks
dmaengine: doc : Fix warning "Title underline too short" while make xmldocs
scripts/kernel-doc: Don't fail with status != 0 if error encountered with -none
|
|
The irq_balancing_disabled and irq_is_percpu{,_devid} functions are
clearly intended to return bool like the functions in
kernel/irq/settings.h, but actually return an int containing a masked
value of desc->status_use_accessors. This can lead to subtle breakage
if, for example, the return value is subsequently truncated when
assigned to a narrower type.
As Linus points out:
| In particular, what can (and _has_ happened) is that people end up
| using these functions that return true or false, and they assign the
| result to something like a bitfield (or a char) or whatever.
|
| And the code looks *obviously* correct, when you have things like
|
| dev->percpu = irq_is_percpu_devid(dev->irq);
|
| and that "percpu" thing is just one status bit among many. It may even
| *work*, because maybe that "percpu" flag ends up not being all that
| important, or it just happens to never be set on the particular
| hardware that people end up testing.
|
| But while it looks obviously correct, and might even work, it's really
| fundamentally broken. Because that "true or false" function didn't
| actually return 0/1, it returned 0 or 0x20000.
|
| And 0x20000 may not fit in a bitmask or a "char" or whatever.
Fix the problem by consistently using bool as the return type for these
functions.
Reported-by: Linus Torvalds <[email protected]>
Signed-off-by: Will Deacon <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
Cc: [email protected]
Link: https://lkml.kernel.org/r/[email protected]
|
|
The previous commit which made the operator precedence in
irq_matrix_available() explicit made the implicit brokenness explicitely
wrong. It was wrong in the original commit already. The overworked
maintainer did not notice it either when merging the patch.
Replace the confusing '?' construct by a simple and obvious if ().
Fixes: 75f1133873d6 ("genirq/matrix: Make - vs ?: Precedence explicit")
Reported-by: Rasmus Villemoes <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
Cc: Kees Cook <[email protected]>
|
|
Pull virtio fixes from Michael Tsirkin:
"virtio and qemu bugfixes
A couple of bugfixes that just became ready"
* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
virtio_balloon: fix increment of vb->num_pfns in fill_balloon()
virtio: release virtio index when fail to device_register
fw_cfg: fix driver remove
|
|
Pull networking fixes from David Miller:
1) Various TCP control block fixes, including one that crashes with
SELinux, from David Ahern and Eric Dumazet.
2) Fix ACK generation in rxrpc, from David Howells.
3) ipvlan doesn't set the mark properly in the ipv4 route lookup key,
from Gao Feng.
4) SIT configuration doesn't take on the frag_off ipv4 field
configuration properly, fix from Hangbin Liu.
5) TSO can fail after device down/up on stmmac, fix from Lars Persson.
6) Various bpftool fixes (mostly in JSON handling) from Quentin Monnet.
7) Various SKB leak fixes in vhost/tun/tap (mostly observed as
performance problems). From Wei Xu.
8) mvpps's TX descriptors were not zero initialized, from Yan Markman.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (57 commits)
tcp: use IPCB instead of TCP_SKB_CB in inet_exact_dif_match()
tcp: add tcp_v4_fill_cb()/tcp_v4_restore_cb()
rxrpc: Fix the MAINTAINERS record
rxrpc: Use correct netns source in rxrpc_release_sock()
liquidio: fix incorrect indentation of assignment statement
stmmac: reset last TSO segment size after device open
ipvlan: Add the skb->mark as flow4's member to lookup route
s390/qeth: build max size GSO skbs on L2 devices
s390/qeth: fix GSO throughput regression
s390/qeth: fix thinko in IPv4 multicast address tracking
tap: free skb if flags error
tun: free skb in early errors
vhost: fix skb leak in handle_rx()
bnxt_en: Fix a variable scoping in bnxt_hwrm_do_send_msg()
bnxt_en: fix dst/src fid for vxlan encap/decap actions
bnxt_en: wildcard smac while creating tunnel decap filter
bnxt_en: Need to unconditionally shut down RoCE in bnxt_shutdown
phylink: ensure we take the link down when phylink_stop() is called
sfp: warn about modules requiring address change sequence
sfp: improve RX_LOS handling
...
|
|
The chip family of TILEPro and TILE-Gx was developed by Tilera, which
was eventually acquired by Mellanox. The tile architecture was added to
the kernel in 2010 and first appeared in 2.6.36.
Now at Mellanox we are developing new chips based on the ARM64
architecture; our last TILE-Gx chip (the Gx72) was released in 2013, and
our customers using tile architecture products are not, as far as we
know, looking to upgrade to newer kernel releases. In the absence of
someone in the community stepping up to take over maintainership, this
commit marks the architecture as orphaned.
Cc: Chris Metcalf <[email protected]>
Signed-off-by: Chris Metcalf <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
instances left.
Unregistering the driver before calling cpuhp_remove_multi_state() removes
any remaining hotplug cpu instances so __cpuhp_remove_state_cpuslocked()
doesn't emit this warning:
[ 268.748362] Error: Removing state 147 which has instances left.
[ 268.748373] ------------[ cut here ]------------
[ 268.748386] WARNING: CPU: 2 PID: 5476 at kernel/cpu.c:1734 __cpuhp_remove_state_cpuslocked+0x454/0x4f0
[ 268.748389] Modules linked in: arm_ccn(-) [last unloaded: arm_ccn]
[ 268.748403] CPU: 2 PID: 5476 Comm: rmmod Tainted: G W 4.14.0-rc4+ #3
[ 268.748406] Hardware name: AMD Seattle/Seattle, BIOS 10:18:39 Dec 8 2016
[ 268.748410] task: ffff8001a18ca000 task.stack: ffff80019c120000
[ 268.748416] PC is at __cpuhp_remove_state_cpuslocked+0x454/0x4f0
[ 268.748421] LR is at __cpuhp_remove_state_cpuslocked+0x448/0x4f0
[ 268.748425] pc : [<ffff2000081729ec>] lr : [<ffff2000081729e0>] pstate: 60000145
[ 268.748427] sp : ffff80019c127d30
[ 268.748430] x29: ffff80019c127d30 x28: ffff8001a18ca000
[ 268.748437] x27: ffff20000c2cb000 x26: 1fffe4000042d490
[ 268.748443] x25: ffff20000216a480 x24: 0000000000000000
[ 268.748449] x23: ffff20000b08e000 x22: 0000000000000001
[ 268.748455] x21: 0000000000000093 x20: 00000000000016f8
[ 268.748460] x19: ffff20000c2cbb80 x18: 0000ffffb5fe7c58
[ 268.748466] x17: 00000000004402d0 x16: 1fffe40001864f01
[ 268.748472] x15: ffff20000c4bf8b0 x14: 0000000000000000
[ 268.748477] x13: 0000000000007032 x12: ffff20000829ae48
[ 268.748483] x11: ffff20000c4bf000 x10: 0000000000000004
[ 268.748488] x9 : 0000000000006fbc x8 : ffff20000c318a40
[ 268.748494] x7 : 0000000000000000 x6 : ffff040001864f02
[ 268.748500] x5 : 0000000000000000 x4 : 0000000000000000
[ 268.748505] x3 : 0000000000000007 x2 : dfff200000000000
[ 268.748510] x1 : 000000000000ad3d x0 : 00000000000001f0
[ 268.748516] Call trace:
[ 268.748521] Exception stack(0xffff80019c127bf0 to 0xffff80019c127d30)
[ 268.748526] 7be0: 00000000000001f0 000000000000ad3d
[ 268.748531] 7c00: dfff200000000000 0000000000000007 0000000000000000 0000000000000000
[ 268.748535] 7c20: ffff040001864f02 0000000000000000 ffff20000c318a40 0000000000006fbc
[ 268.748539] 7c40: 0000000000000004 ffff20000c4bf000 ffff20000829ae48 0000000000007032
[ 268.748544] 7c60: 0000000000000000 ffff20000c4bf8b0 1fffe40001864f01 00000000004402d0
[ 268.748548] 7c80: 0000ffffb5fe7c58 ffff20000c2cbb80 00000000000016f8 0000000000000093
[ 268.748553] 7ca0: 0000000000000001 ffff20000b08e000 0000000000000000 ffff20000216a480
[ 268.748557] 7cc0: 1fffe4000042d490 ffff20000c2cb000 ffff8001a18ca000 ffff80019c127d30
[ 268.748562] 7ce0: ffff2000081729e0 ffff80019c127d30 ffff2000081729ec 0000000060000145
[ 268.748566] 7d00: 00000000000001f0 0000000000000000 0001000000000000 0000000000000000
[ 268.748569] 7d20: ffff80019c127d30 ffff2000081729ec
[ 268.748575] [<ffff2000081729ec>] __cpuhp_remove_state_cpuslocked+0x454/0x4f0
[ 268.748580] [<ffff200008172adc>] __cpuhp_remove_state+0x54/0x80
[ 268.748597] [<ffff20000215dd84>] arm_ccn_exit+0x2c/0x70 [arm_ccn]
[ 268.748604] [<ffff20000834cfbc>] SyS_delete_module+0x5a4/0x708
[ 268.748607] Exception stack(0xffff80019c127ec0 to 0xffff80019c128000)
[ 268.748612] 7ec0: 0000000019bb7258 0000000000000800 ba64d0fb3d26a800 00000000000000da
[ 268.748616] 7ee0: 0000ffffb6144e28 0000ffffcd95b409 fefefefefefefeff 7f7f7f7f7f7f7f7f
[ 268.748621] 7f00: 000000000000006a 1999999999999999 0000ffffb6179000 0000000000bbcc6d
[ 268.748625] 7f20: 0000ffffb6176b98 0000ffffcd95c2d0 0000ffffb5fe7b58 0000ffffb6163000
[ 268.748630] 7f40: 0000ffffb60ad3e0 00000000004402d0 0000ffffb5fe7c58 0000000019bb71f0
[ 268.748634] 7f60: 0000ffffcd95c740 0000000000000000 0000000019bb71f0 0000000000416700
[ 268.748639] 7f80: 0000000000000000 00000000004402e8 0000000019bb6010 0000ffffcd95c748
[ 268.748643] 7fa0: 0000000000000000 0000ffffcd95c460 00000000004113a8 0000ffffcd95c460
[ 268.748648] 7fc0: 0000ffffb60ad3e8 0000000080000000 0000000019bb7258 000000000000006a
[ 268.748652] 7fe0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 268.748657] [<ffff200008084f9c>] __sys_trace_return+0x0/0x4
[ 268.748661] ---[ end trace a996d358dcaa7f9c ]---
Fixes: 8df038725ad5 ("bus/arm-ccn: Use cpu-hp's multi instance support instead custom list")
Signed-off-by: Kim Phillips <[email protected]>
Acked-by: Sebastian Andrzej Siewior <[email protected]>
Cc: [email protected] # 4.8+
Signed-off-by: Pawel Moll <[email protected]>
|
|
The ARM CCI driver seem to be using smp_processor_id() in a
preemptible context, which is likely to make a DEBUG_PREMPT
kernel scream at boot time.
Turn this into a get_cpu()/put_cpu() that extends over the CPU
hotplug registration, making sure that we don't race against
a CPU down operation.
Signed-off-by: Marc Zyngier <[email protected]>
Acked-by: Mark Rutland <[email protected]>
Cc: [email protected] # 4.2+
Signed-off-by: Pawel Moll <[email protected]>
|
|
Booting a DEBUG_PREEMPT enabled kernel on a CCN-based system
results in the following splat:
[...]
arm-ccn e8000000.ccn: No access to interrupts, using timer.
BUG: using smp_processor_id() in preemptible [00000000] code: swapper/0/1
caller is debug_smp_processor_id+0x1c/0x28
CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.13.0 #6111
Hardware name: AMD Seattle/Seattle, BIOS 17:08:23 Jun 26 2017
Call trace:
[<ffff000008089e78>] dump_backtrace+0x0/0x278
[<ffff00000808a22c>] show_stack+0x24/0x30
[<ffff000008bc3bc4>] dump_stack+0x8c/0xb0
[<ffff00000852b534>] check_preemption_disabled+0xfc/0x100
[<ffff00000852b554>] debug_smp_processor_id+0x1c/0x28
[<ffff000008551bd8>] arm_ccn_probe+0x358/0x4f0
[...]
as we use smp_processor_id() in the wrong context.
Turn this into a get_cpu()/put_cpu() that extends over the CPU hotplug
registration, making sure that we don't race against a CPU down operation.
Signed-off-by: Marc Zyngier <[email protected]>
Acked-by: Mark Rutland <[email protected]>
Cc: [email protected] # 4.2+
Signed-off-by: Pawel Moll <[email protected]>
|
|
Use 'devm_kasprintf()' to simplify the code.
Signed-off-by: Christophe JAILLET <[email protected]>
Acked-by: Scott Branden <[email protected]>
Signed-off-by: Pawel Moll <[email protected]>
|
|
Check memory allocation failures and return -ENOMEM in such cases
This avoids a potential NULL pointer dereference.
Signed-off-by: Christophe JAILLET <[email protected]>
Acked-by: Scott Branden <[email protected]>
Cc: [email protected] # 3.17+
Signed-off-by: Pawel Moll <[email protected]>
|
|
These files were missing it before.
Acked-by: Harry Wentland <[email protected]>
Acked-by: Felix Kuehling <[email protected]>
Acked-by: Christian König <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
|
|
Was missing license text.
Acked-by: Harry Wentland <[email protected]>
Acked-by: Felix Kuehling <[email protected]>
Acked-by: Christian König <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
|
|
attribute_groups are not supposed to change at runtime. All functions
working with attribute_groups provided by <linux/sysfs.h> work with const
attribute_group. So mark the non-const structs as const.
File size before:
text data bss dec hex filename
9074 5592 416 15082 3aea drivers/bus/arm-ccn.o
File size After adding 'const':
text data bss dec hex filename
9327 5336 416 15079 3ae7 drivers/bus/arm-ccn.o
Signed-off-by: Arvind Yadav <[email protected]>
Signed-off-by: Pawel Moll <[email protected]>
|
|
Prevent rpm_get_suppliers() from returning an error code if runtime
PM is disabled for one or more of the supplier devices it wants to
runtime-resume, so as to make runtime PM work for devices with links
to suppliers that don't use runtime PM (such links may be created
during device enumeration even before it is known whether or not
runtime PM will be enabled for the devices in question, for example).
Fixes: 21d5c57b3726 (PM / runtime: Use device links)
Reported-by: Adrian Hunter <[email protected]>
Signed-off-by: Rafael J. Wysocki <[email protected]>
Reviewed-by: Lukas Wunner <[email protected]>
Tested-by: Adrian Hunter <[email protected]>
|
|
We are incorrectly rearranging 32-bit words inside a 64-bit typed value
for big endian systems, which would result in never marking a virtual
interrupt as inactive on big endian systems (assuming 32 or fewer LRs on
the hardware). Fix this by not doing any word order manipulation for
the typed values.
Cc: <[email protected]>
Acked-by: Christoffer Dall <[email protected]>
Signed-off-by: Christoffer Dall <[email protected]>
|
|
Signed-off-by: Angelo Dureghello <[email protected]>
Signed-off-by: Greg Ungerer <[email protected]>
|
|
snd_usb_copy_string_desc() returns zero if usb_string() fails.
In case of failure, we need to check the snd_usb_copy_string_desc()'s
return value and add an exception case
Signed-off-by: Jaejoong Kim <[email protected]>
Cc: <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
|
|
The snd_usb_copy_string_desc() retrieves the usb string corresponding to
the index number through the usb_string(). The problem is that the
usb_string() returns the length of the string (>= 0) when successful, but
it can also return a negative value about the error case or status of
usb_control_msg().
If iClockSource is '0' as shown below, usb_string() will returns -EINVAL.
This will result in '0' being inserted into buf[-22], and the following
KASAN out-of-bound error message will be output.
AudioControl Interface Descriptor:
bLength 8
bDescriptorType 36
bDescriptorSubtype 10 (CLOCK_SOURCE)
bClockID 1
bmAttributes 0x07 Internal programmable Clock (synced to SOF)
bmControls 0x07
Clock Frequency Control (read/write)
Clock Validity Control (read-only)
bAssocTerminal 0
iClockSource 0
To fix it, check usb_string()'return value and bail out.
==================================================================
BUG: KASAN: stack-out-of-bounds in parse_audio_unit+0x1327/0x1960 [snd_usb_audio]
Write of size 1 at addr ffff88007e66735a by task systemd-udevd/18376
CPU: 0 PID: 18376 Comm: systemd-udevd Not tainted 4.13.0+ #3
Hardware name: LG Electronics 15N540-RFLGL/White Tip Mountain, BIOS 15N5
Call Trace:
dump_stack+0x63/0x8d
print_address_description+0x70/0x290
? parse_audio_unit+0x1327/0x1960 [snd_usb_audio]
kasan_report+0x265/0x350
__asan_store1+0x4a/0x50
parse_audio_unit+0x1327/0x1960 [snd_usb_audio]
? save_stack+0xb5/0xd0
? save_stack_trace+0x1b/0x20
? save_stack+0x46/0xd0
? kasan_kmalloc+0xad/0xe0
? kmem_cache_alloc_trace+0xff/0x230
? snd_usb_create_mixer+0xb0/0x4b0 [snd_usb_audio]
? usb_audio_probe+0x4de/0xf40 [snd_usb_audio]
? usb_probe_interface+0x1f5/0x440
? driver_probe_device+0x3ed/0x660
? build_feature_ctl+0xb10/0xb10 [snd_usb_audio]
? save_stack_trace+0x1b/0x20
? init_object+0x69/0xa0
? snd_usb_find_csint_desc+0xa8/0xf0 [snd_usb_audio]
snd_usb_mixer_controls+0x1dc/0x370 [snd_usb_audio]
? build_audio_procunit+0x890/0x890 [snd_usb_audio]
? snd_usb_create_mixer+0xb0/0x4b0 [snd_usb_audio]
? kmem_cache_alloc_trace+0xff/0x230
? usb_ifnum_to_if+0xbd/0xf0
snd_usb_create_mixer+0x25b/0x4b0 [snd_usb_audio]
? snd_usb_create_stream+0x255/0x2c0 [snd_usb_audio]
usb_audio_probe+0x4de/0xf40 [snd_usb_audio]
? snd_usb_autosuspend.part.7+0x30/0x30 [snd_usb_audio]
? __pm_runtime_idle+0x90/0x90
? kernfs_activate+0xa6/0xc0
? usb_match_one_id_intf+0xdc/0x130
? __pm_runtime_set_status+0x2d4/0x450
usb_probe_interface+0x1f5/0x440
Cc: <[email protected]>
Signed-off-by: Jaejoong Kim <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
|
|
When user tries to group imc (In-Memory Collections) event with
normal event, (sometime) kernel crashes with following log:
Faulting instruction address: 0x00000000
[link register ] c00000000010ce88 power_check_constraints+0x128/0x980
...
c00000000010e238 power_pmu_event_init+0x268/0x6f0
c0000000002dc60c perf_try_init_event+0xdc/0x1a0
c0000000002dce88 perf_event_alloc+0x7b8/0xac0
c0000000002e92e0 SyS_perf_event_open+0x530/0xda0
c00000000000b004 system_call+0x38/0xe0
'event_base' field of 'struct hw_perf_event' is used as flags for
normal hw events and used as memory address for imc events. While
grouping these two types of events, collect_events() tries to
interpret imc 'event_base' as a flag, which causes a corruption
resulting in a crash.
Consider only those events which belongs to 'perf_hw_context' in
collect_events().
Signed-off-by: Ravi Bangoria <[email protected]>
Reviewed-By: Madhavan Srinivasan <[email protected]>
Signed-off-by: Michael Ellerman <[email protected]>
|
|
* fixes: (27 commits)
firmware: arm_scpi: Revert updates made during v4.15 merge window
arm: dts: marvell: Add missing #phy-cells to usb-nop-xceiv
arm64: dts: sort vendor subdirectories in Makefile alphabetically
MAINTAINERS: exclude other Socionext SoC DT files from ARM/UNIPHIER entry
arm64: dts: uniphier: remove unnecessary interrupt-parent
arm64: dts: uniphier: correct on-board device IRQ number for PXs3
optee: fix invalid of_node_put() in optee_driver_init()
Revert "ARM: dts: imx53: add srtc node"
ARM: dts: vf610-zii-dev-rev-c: Fix the I2C EEPROM address
ARM: dts: am437x-cm-t43: Correct the dmas property of spi0
ARM: dts: am4372: Correct the interrupts_properties of McASP
ARM: dts: logicpd-somlv: Fix wl127x pinmux
ARM: dts: logicpd-som-lv: Fix gpmc addresses for NAND and enet
ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
ARM: OMAP2+: Missing error code in omap_device_build()
ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
ARM: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context
ARM: dts: NSP: Fix PPI interrupt types
ARM: dts: NSP: Disable AHCI controller for HR NSP boards
ARM: dts: r8a779x: Add '#reset-cells' in cpg-mssr
...
|
|
Revert "Merge tag 'scpi-updates-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux into next/drivers"
Paraphrased from email from Kevin Hilman:
Revert ARM SCPI changes since v4.14.
Untested changes caused regressions in SCPI and CPUfreq/DVFS failures
on most Amlogic SoCs. Changes reverted for v4.15 so they can be better
reviewed and tested.
These ARM SCPI changes caused SCPI regressions resulting in CPUfreq
failures on most Amlogic SoCs (found by kernelci.org.)
Unfortunately, this was not caught in linux-next due to other bugs/panics
on these platforms masking this problem so we've only found it since
we've fixed the other issues.
Since we're already in the -rc cycle, I'd prefer to revert to a known
working state (that of v4.14) rather than finding/reverting a subset,
which would just lead to another untested state.
These changes can then have some time to be better reviewed and tested
and resubmitted for v4.16.
Kevin Hilman has tested this revert on the affected Amlogic SoCs and
verified that we're back to the previous (working) condition.
This reverts commit 6710acf2596a29f7351e8165d981645f403e0025, reversing
changes made to 4b367f2e8854da34d14bd154ff4432fb49f69b36.
Reported-by: Kevin Hilman <[email protected]>
Signed-off-by: Olof Johansson <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes
Fixes for omaps for v4.15-rc cycle with two fixes for hangs with the
rest being compiler warning fixes and fixes for power states and devices
on various boards:
- Fix smatch issue introduced by recent omap device changes for legacy
resources
- Fix SRAM virt to phys related boot hang affecting n900 and other omap3 hs
devices found by pending CMA changes. While it seems that we have not hit
this in other use cases, let's fix it to avoid a nasty and hard to find
suprise as right now there is just luck keeping the SRAM virtual address
to physical address translation working with the 0xffff high_mask.
- Fix am335x reading of domain state registers that only exist for the
PM_CEFUSE domain and produce wrong results for other domains
- Fix missing setting for error code for omap device if allocation fails
- Fix missing modules_offs for omap3 MMC3 affecting n9/n950
- Fix cm_split_idlest() reading reserved registers showing wrong
idlestatus
- Fixes to correct #phy-cells property for compiler warnings that
recently started happening
- Add a missing OHCI remote-wakeup-connected property that I was supposed
to merge after the ohci-omap3 to ohci-platform changes but somehow managed
to drop. I only noticed this was missing while debugging the OHCI/EHCI GPS
and modem hang
- Fix a system hang with GPS or modem connected to the OHCI/EHCI bus that
typically happened within 20 - 40 minutes on an idle system. This turned
out to be an issue caused by using the parent interrupt controller directly
with the WUGEN + GIC stacked interrupt controller domains
- Fixes for logicpd-somlv GPMC for Ethernet and NAND that clearly
have been broken since we changed GPMC to use the interrupt controller
binding for some pins. And fix the wrong pin muxing for WLAN while at it
- Fixes for am437x interrupt and dma properties to fix compiler warnings
that recently started happening
* tag 'omap-for-v4.15/fixes-v2-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
ARM: dts: am437x-cm-t43: Correct the dmas property of spi0
ARM: dts: am4372: Correct the interrupts_properties of McASP
ARM: dts: logicpd-somlv: Fix wl127x pinmux
ARM: dts: logicpd-som-lv: Fix gpmc addresses for NAND and enet
ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
ARM: OMAP2+: Missing error code in omap_device_build()
ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
ARM: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context
ARM: dts: Add remote-wakeup-connected for omap OHCI
ARM: dts: am33xx: Add missing #phy-cells to ti,am335x-usb-phy
ARM: dts: omap: Add missing #phy-cells to usb-nop-xceiv
ARM: OMAP2+: Fix smatch found issue for omap_device
ARM: OMAP2/3: CM: fix cm_split_idlest functionality
ARM: OMAP3: hwmod_data: add missing module_offs for MMC3
Signed-off-by: Olof Johansson <[email protected]>
|
|
Commit be7635e7287e ("arch, ftrace: for KASAN put hard/soft IRQ entries
into separate sections") added a new linker section, SOFTIRQENTRY_TEXT,
to the linker scripts for most architectures. It didn't add it to any of
the linker scripts for the m68k architecture. This was not really a problem
because it is only defined if either of CONFIG_FUNCTION_GRAPH_TRACER or
CONFIG_KASAN are enabled - which can never be true for m68k.
However commit 229a71860547 ("irq: Make the irqentry text section
unconditional") means that SOFTIRQENTRY_TEXT is now always defined. So on
m68k we now end up with a separate ELF section for .softirqentry.text
instead of it being part of the .text section. On some m68k targets in some
configurations this can also cause a fatal link error:
LD vmlinux
/usr/local/bin/../m68k-uclinux/bin/ld.real: section .softirqentry.text loaded at [0000000010de10c0,0000000010de12dd] overlaps section .rodata loaded at [0000000010de10c0,0000000010e0fd67]
To fix add in the missing SOFTIRQENTRY_TEXT section into the m68k linker
scripts. I noticed that m68k is also missing the IRQENTRY_TEXT section,
so this patch also adds an entry for that too.
Signed-off-by: Greg Ungerer <[email protected]>
|
|
The pci/htirq.c file was removed so remove it from the documentation
file also.
Error: Cannot open file ../drivers/pci/htirq.c
WARNING: kernel-doc '../scripts/kernel-doc -rst -enable-lineno -export ../drivers/pci/htirq.c' failed with return code 2
Fixes: fd2fa6c18b72 ("x86/PCI: Remove unused HyperTransport interrupt support")
Signed-off-by: Randy Dunlap <[email protected]>
Signed-off-by: Jonathan Corbet <[email protected]>
|
|
Daniel Borkmann says:
====================
pull-request: bpf 2017-12-02
The following pull-request contains BPF updates for your *net* tree.
The main changes are:
1) Fix a compilation warning in xdp redirect tracepoint due to
missing bpf.h include that pulls in struct bpf_map, from Xie.
2) Limit the maximum number of attachable BPF progs for a given
perf event as long as uabi is not frozen yet. The hard upper
limit is now 64 and therefore the same as with BPF multi-prog
for cgroups. Also add related error checking for the sample
BPF loader when enabling and attaching to the perf event, from
Yonghong.
3) Specifically set the RLIMIT_MEMLOCK for the test_verifier_log
case, so that the test case can always pass and not fail in
some environments due to too low default limit, also from
Yonghong.
4) Fix up a missing license header comment for kernel/bpf/offload.c,
from Jakub.
5) Several fixes for bpftool, among others a crash on incorrect
arguments when json output is used, error message handling
fixes on unknown options and proper destruction of json writer
for some exit cases, all from Quentin.
====================
Signed-off-by: David S. Miller <[email protected]>
|
|
Eric Dumazet says:
====================
tcp: add tcp_v4_fill_cb()/tcp_v4_restore_cb()
James Morris reported kernel stack corruption bug that
we tracked back to commit 971f10eca186 ("tcp: better TCP_SKB_CB
layout to reduce cache line misses")
First patch needs to be backported to kernels >= 3.18,
while second patch needs to be backported to kernels >= 4.9, since
this was the time when inet_exact_dif_match appeared.
====================
Signed-off-by: David S. Miller <[email protected]>
|
|
After this fix : ("tcp: add tcp_v4_fill_cb()/tcp_v4_restore_cb()"),
socket lookups happen while skb->cb[] has not been mangled yet by TCP.
Fixes: a04a480d4392 ("net: Require exact match for TCP socket lookups if dif is l3mdev")
Signed-off-by: David Ahern <[email protected]>
Signed-off-by: Eric Dumazet <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
James Morris reported kernel stack corruption bug [1] while
running the SELinux testsuite, and bisected to a recent
commit bffa72cf7f9d ("net: sk_buff rbnode reorg")
We believe this commit is fine, but exposes an older bug.
SELinux code runs from tcp_filter() and might send an ICMP,
expecting IP options to be found in skb->cb[] using regular IPCB placement.
We need to defer TCP mangling of skb->cb[] after tcp_filter() calls.
This patch adds tcp_v4_fill_cb()/tcp_v4_restore_cb() in a very
similar way we added them for IPv6.
[1]
[ 339.806024] SELinux: failure in selinux_parse_skb(), unable to parse packet
[ 339.822505] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff81745af5
[ 339.822505]
[ 339.852250] CPU: 4 PID: 3642 Comm: client Not tainted 4.15.0-rc1-test #15
[ 339.868498] Hardware name: LENOVO 10FGS0VA1L/30BC, BIOS FWKT68A 01/19/2017
[ 339.885060] Call Trace:
[ 339.896875] <IRQ>
[ 339.908103] dump_stack+0x63/0x87
[ 339.920645] panic+0xe8/0x248
[ 339.932668] ? ip_push_pending_frames+0x33/0x40
[ 339.946328] ? icmp_send+0x525/0x530
[ 339.958861] ? kfree_skbmem+0x60/0x70
[ 339.971431] __stack_chk_fail+0x1b/0x20
[ 339.984049] icmp_send+0x525/0x530
[ 339.996205] ? netlbl_skbuff_err+0x36/0x40
[ 340.008997] ? selinux_netlbl_err+0x11/0x20
[ 340.021816] ? selinux_socket_sock_rcv_skb+0x211/0x230
[ 340.035529] ? security_sock_rcv_skb+0x3b/0x50
[ 340.048471] ? sk_filter_trim_cap+0x44/0x1c0
[ 340.061246] ? tcp_v4_inbound_md5_hash+0x69/0x1b0
[ 340.074562] ? tcp_filter+0x2c/0x40
[ 340.086400] ? tcp_v4_rcv+0x820/0xa20
[ 340.098329] ? ip_local_deliver_finish+0x71/0x1a0
[ 340.111279] ? ip_local_deliver+0x6f/0xe0
[ 340.123535] ? ip_rcv_finish+0x3a0/0x3a0
[ 340.135523] ? ip_rcv_finish+0xdb/0x3a0
[ 340.147442] ? ip_rcv+0x27c/0x3c0
[ 340.158668] ? inet_del_offload+0x40/0x40
[ 340.170580] ? __netif_receive_skb_core+0x4ac/0x900
[ 340.183285] ? rcu_accelerate_cbs+0x5b/0x80
[ 340.195282] ? __netif_receive_skb+0x18/0x60
[ 340.207288] ? process_backlog+0x95/0x140
[ 340.218948] ? net_rx_action+0x26c/0x3b0
[ 340.230416] ? __do_softirq+0xc9/0x26a
[ 340.241625] ? do_softirq_own_stack+0x2a/0x40
[ 340.253368] </IRQ>
[ 340.262673] ? do_softirq+0x50/0x60
[ 340.273450] ? __local_bh_enable_ip+0x57/0x60
[ 340.285045] ? ip_finish_output2+0x175/0x350
[ 340.296403] ? ip_finish_output+0x127/0x1d0
[ 340.307665] ? nf_hook_slow+0x3c/0xb0
[ 340.318230] ? ip_output+0x72/0xe0
[ 340.328524] ? ip_fragment.constprop.54+0x80/0x80
[ 340.340070] ? ip_local_out+0x35/0x40
[ 340.350497] ? ip_queue_xmit+0x15c/0x3f0
[ 340.361060] ? __kmalloc_reserve.isra.40+0x31/0x90
[ 340.372484] ? __skb_clone+0x2e/0x130
[ 340.382633] ? tcp_transmit_skb+0x558/0xa10
[ 340.393262] ? tcp_connect+0x938/0xad0
[ 340.403370] ? ktime_get_with_offset+0x4c/0xb0
[ 340.414206] ? tcp_v4_connect+0x457/0x4e0
[ 340.424471] ? __inet_stream_connect+0xb3/0x300
[ 340.435195] ? inet_stream_connect+0x3b/0x60
[ 340.445607] ? SYSC_connect+0xd9/0x110
[ 340.455455] ? __audit_syscall_entry+0xaf/0x100
[ 340.466112] ? syscall_trace_enter+0x1d0/0x2b0
[ 340.476636] ? __audit_syscall_exit+0x209/0x290
[ 340.487151] ? SyS_connect+0xe/0x10
[ 340.496453] ? do_syscall_64+0x67/0x1b0
[ 340.506078] ? entry_SYSCALL64_slow_path+0x25/0x25
Fixes: 971f10eca186 ("tcp: better TCP_SKB_CB layout to reduce cache line misses")
Signed-off-by: Eric Dumazet <[email protected]>
Reported-by: James Morris <[email protected]>
Tested-by: James Morris <[email protected]>
Tested-by: Casey Schaufler <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
|
|
Pull ARM fix from Russell King:
"Just one fix this time around, for the late commit in the merge window
that triggered a problem with qemu. Qemu is apparently also going to
receive a fix for the discovered issue"
* 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm:
ARM: avoid faulting on qemu
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
Pull i2c fixes from Wolfram Sang:
"Here are two bugfixes for I2C, fixing a memleak in the core and irq
allocation for i801.
Also three bugfixes for the at24 eeprom driver which Bartosz collected
while taking over maintainership for this driver"
* 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
eeprom: at24: check at24_read/write arguments
eeprom: at24: fix reading from 24MAC402/24MAC602
eeprom: at24: correctly set the size for at24mac402
i2c: i2c-boardinfo: fix memory leaks on devinfo
i2c: i801: Fix Failed to allocate irq -2147483648 error
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging
Pull hwmon fixes from Guenter Roeck:
"Fixes:
- Drop reference to obsolete maintainer tree
- Fix overflow bug in pmbus driver
- Fix SMBUS timeout problem in jc42 driver
For the SMBUS timeout handling, we had a brief discussion if this
should be considered a bug fix or a feature. Peter says "it fixes real
problems where the application misbehave due to faulty content when
reading from an eeprom", and he needs the patch in his company's v4.14
images. This is good enough for me and warrants backport to stable
kernels"
* tag 'hwmon-for-linus-v4.15-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
hwmon: (jc42) optionally try to disable the SMBUS timeout
hwmon: (pmbus) Use 64bit math for DIRECT format values
hwmon: Drop reference to Jean's tree
|
|
Fix the MAINTAINERS record so that it's more obvious who the maintainer for
AF_RXRPC is.
Reported-by: Joe Perches <[email protected]>
Reported-by: David Miller <[email protected]>
Signed-off-by: David Howells <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
In rxrpc_release_sock() there may be no rx->local value to access, so we
can't unconditionally follow it to the rxrpc network namespace information
to poke the connection reapers.
Instead, use the socket's namespace pointer to find the namespace.
This unfixed code causes the following static checker warning:
net/rxrpc/af_rxrpc.c:898 rxrpc_release_sock()
error: we previously assumed 'rx->local' could be null (see line 887)
Fixes: 3d18cbb7fd0c ("rxrpc: Fix conn expiry timers")
Reported-by: Dan Carpenter <[email protected]>
Signed-off-by: David Howells <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into staging-linus
Jonathan writes:
First set of IIO fixes in the 4.15 cycle.
* kernel-doc
- fix a build error from symbols ending in _ by making them _*
* cpcap
- Fix wrong handling of platform_get_irq_by_name which can return a
postive value on success.
* max30102
- ABI says temperature should bein milli Celsius after scaling. Here it
was in Celsius.
* meson-saradc:
- for Meson8/8b the gate clock bit was wrongly selected due to ffs/fls fun.
- bandgap was not initialized properly on older socs. Mostly got away
with this because the bootloader was doing it for us.
- Meson8/8b don't have some registers in the general regmap config. Give
them their own ones.
* stm32-lptimer/stm32-adc trigger
- Fix a link error when optional stm32-lptimer driver isn't built.
* sx9500
- we recently removed explict handling of ACPI provided gpio interrupts
as the core i2c acpi code started providing them directly. Unfortuantely
there are ACPI tables out there that use GpioIO resources and it doesn't
know to map those as interrupts. As such partial revert the removal
of this handling from the driver.
|