Commit Graph

998405 Commits

Author SHA1 Message Date
Nicolas Dichtel
292ecd9f5a doc: move seg6_flowlabel to seg6-sysctl.rst
Let's have all seg6 sysctl at the same place.

Fixes: a6dc6670cd ("ipv6: sr: Add documentation for seg_flowlabel sysctl")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-04-14 13:13:15 -07:00
David S. Miller
49963eed2c Merge branch 'ibmvnic-napi-fixes'
Lijun Pan says:

====================
ibmvnic: correctly call NAPI APIs

This series correct some misuse of NAPI APIs in the driver.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2021-04-14 13:10:58 -07:00
Lijun Pan
7c451f3ef6 ibmvnic: remove duplicate napi_schedule call in open function
Remove the unnecessary napi_schedule() call in __ibmvnic_open() since
interrupt_rx() calls napi_schedule_prep/__napi_schedule during every
receive interrupt.

Fixes: ed651a1087 ("ibmvnic: Updated reset handling")
Signed-off-by: Lijun Pan <lijunp213@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-04-14 13:10:58 -07:00
Lijun Pan
d3a6abccbd ibmvnic: remove duplicate napi_schedule call in do_reset function
During adapter reset, do_reset/do_hard_reset calls ibmvnic_open(),
which will calls napi_schedule if previous state is VNIC_CLOSED
(i.e, the reset case, and "ifconfig down" case). So there is no need
for do_reset to call napi_schedule again at the end of the function
though napi_schedule will neglect the request if napi is already
scheduled.

Fixes: ed651a1087 ("ibmvnic: Updated reset handling")
Signed-off-by: Lijun Pan <lijunp213@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-04-14 13:10:58 -07:00
Lijun Pan
0775ebc4cf ibmvnic: avoid calling napi_disable() twice
__ibmvnic_open calls napi_disable without checking whether NAPI polling
has already been disabled or not. This could cause napi_disable
being called twice, which could generate deadlock. For example,
the first napi_disable will spin until NAPI_STATE_SCHED is cleared
by napi_complete_done, then set it again.
When napi_disable is called the second time, it will loop infinitely
because no dev->poll will be running to clear NAPI_STATE_SCHED.

To prevent above scenario from happening, call ibmvnic_napi_disable()
which checks if napi is disabled or not before calling napi_disable.

Fixes: bfc32f2973 ("ibmvnic: Move resource initialization to its own routine")
Suggested-by: Thomas Falcon <tlfalcon@linux.ibm.com>
Signed-off-by: Lijun Pan <lijunp213@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-04-14 13:10:58 -07:00
Heiner Kallweit
453a77894e r8169: don't advertise pause in jumbo mode
It has been reported [0] that using pause frames in jumbo mode impacts
performance. There's no available chip documentation, but vendor
drivers r8168 and r8125 don't advertise pause in jumbo mode. So let's
do the same, according to Roman it fixes the issue.

[0] https://bugzilla.kernel.org/show_bug.cgi?id=212617

Fixes: 9cf9b84cc7 ("r8169: make use of phy_set_asym_pause")
Reported-by: Roman Mamedov <rm+bko@romanrm.net>
Tested-by: Roman Mamedov <rm+bko@romanrm.net>
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-04-14 13:05:40 -07:00
Jakub Kicinski
16756d3e77 ethtool: pause: make sure we init driver stats
The intention was for pause statistics to not be reported
when driver does not have the relevant callback (only
report an empty netlink nest). What happens currently
we report all 0s instead. Make sure statistics are
initialized to "not set" (which is -1) so the dumping
code skips them.

Fixes: 9a27a33027 ("ethtool: add standard pause stats")
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-04-14 13:03:06 -07:00
Pavel Begunkov
c7d95613c7 io_uring: fix early sqd_list removal sqpoll hangs
[  245.463317] INFO: task iou-sqp-1374:1377 blocked for more than 122 seconds.
[  245.463334] task:iou-sqp-1374    state:D flags:0x00004000
[  245.463345] Call Trace:
[  245.463352]  __schedule+0x36b/0x950
[  245.463376]  schedule+0x68/0xe0
[  245.463385]  __io_uring_cancel+0xfb/0x1a0
[  245.463407]  do_exit+0xc0/0xb40
[  245.463423]  io_sq_thread+0x49b/0x710
[  245.463445]  ret_from_fork+0x22/0x30

It happens when sqpoll forgot to run park_task_work and goes to exit,
then exiting user may remove ctx from sqd_list, and so corresponding
io_sq_thread() -> io_uring_cancel_sqpoll() won't be executed. Hopefully
it just stucks in do_exit() in this case.

Fixes: dbe1bdbb39 ("io_uring: handle signals for IO threads like a normal thread")
Reported-by: Joakim Hassila <joj@mac.com>
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-04-14 13:07:27 -06:00
Jaegeuk Kim
8ca7cab82b dm verity fec: fix misaligned RS roots IO
commit df7b59ba92 ("dm verity: fix FEC for RS roots unaligned to
block size") introduced the possibility for misaligned roots IO
relative to the underlying device's logical block size. E.g. Android's
default RS roots=2 results in dm_bufio->block_size=1024, which causes
the following EIO if the logical block size of the device is 4096,
given v->data_dev_block_bits=12:

E sd 0    : 0:0:0: [sda] tag#30 request not aligned to the logical block size
E blk_update_request: I/O error, dev sda, sector 10368424 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
E device-mapper: verity-fec: 254:8: FEC 9244672: parity read failed (block 18056): -5

Fix this by onlu using f->roots for dm_bufio blocksize IFF it is
aligned to v->data_dev_block_bits.

Fixes: df7b59ba92 ("dm verity: fix FEC for RS roots unaligned to block size")
Cc: stable@vger.kernel.org
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
2021-04-14 14:28:29 -04:00
Linus Torvalds
8e2e0104ef s390 updates
- setup stack backchain properly in external and i/o interrupt handler
   to fix stack unwinding. This broke when converting to generic entry.
 
 - save caller address of psw_idle to get a sane stacktrace.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEECMNfWEw3SLnmiLkZIg7DeRspbsIFAmB3J3cACgkQIg7DeRsp
 bsIulA//dPjg3svRY02bTzIhrv7QZ3BALa+K0ieQRneIvGLNXBd4OTHn1/PCOSzm
 XmODcfTMu5YejyVRWBh90KxraG3PdG5MqKBJaMyGhdswMWKl9OR1li0ANaiaStQu
 Adhrqc1ra3NshkKNZj0K+kBpvUZlv2cjLloaVuAu4tJyy8Vd8MExsCgMJdypX6IM
 pq4/Od3jBQhMgwHbjvaH+YpKEXQy+L2YWuWLMjsUL1C99MosGFia/xmanHcZVA5N
 VeHeP/qEX05XTpU1jgFEew/UiDQ4s7FkRgRjlLnK3a+4Cbd+x4FbQPteO5geZwcv
 CfB98jrtYzALdKRcaMFiWL2RctJuoFk+s3v+RJQ36YW7/n4IQ7bz4mm/6rCeqmLp
 CkaYuUfFrQHn8qZfqVTyzHoSRvjiD4v4GkZFEBCmQ+1fTn744h/VIg0jiKWzrxLm
 3RyY1+8uZDxZlM3WhyZGga/uJlx82bm5XQDlr2N5RIjaUdvpX3ohPlwbMDQIQWTj
 TsBEvgydK3jCYtvQgqu8w+tcsbhmbdTpoX6Q1uSIl0RgAJLflBoEVy+SH2KjPjf3
 eZjRdPviFtxutnD495YQE9lucm+OiOtPlWu3IA5mjBP8ViEo6ngNUwU298mOmCYc
 QZtzjhtWI8Eo9CCVALiFe4T0bAtLVene+3KUFJkm3ZY57/pnVos=
 =Xav5
 -----END PGP SIGNATURE-----

Merge tag 's390-5.12-7' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

Pull s390 fixes from Heiko Carstens:

 - setup stack backchain properly in external and i/o interrupt handler
   to fix stack unwinding. This broke when converting to generic entry

  - save caller address of psw_idle to get a sane stacktrace

* tag 's390-5.12-7' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/entry: save the caller of psw_idle
  s390/entry: avoid setting up backchain in ext|io handlers
2021-04-14 10:55:56 -07:00
Linus Torvalds
ec97a7296a arm64 fixes for -rc8
- Fix incorrect asm constraint for load_unaligned_zeropad() fixup
 
 - Fix thread flag update when setting TIF_MTE_ASYNC_FAULT
 
 - Fix restored irq state when handling fault on kprobe
 -----BEGIN PGP SIGNATURE-----
 
 iQFEBAABCgAuFiEEPxTL6PPUbjXGY88ct6xw3ITBYzQFAmB2sKMQHHdpbGxAa2Vy
 bmVsLm9yZwAKCRC3rHDchMFjNEViB/47lQncMY12/AFYk16Dn3qgY7wvrZNLEPoz
 fCUr05So46OyRhzIfOhakCPRQzXYapMTWJzPDL6Ok9VmdawSf1UA80oNs02UAQsA
 63j4/jEXC+rICS42mbfbwNgNA7BNx9Ek0AR778iqQglwrVEVhMF5M1epgaGOairG
 4HH2NMzrP6P60gRwGVOsGrmpDfXMMuX45DE1ca8EKN5TnDGTfczrZ8sw8MrVTSDe
 cT5H++qOdH8NalqlOeOB9XcHoL2Af4OG4LJQOlg3UZztQm6jnBrNe/VU9IgLPQl4
 kb+HP6qTtMAVOMHn6w6glK93rXaK2PCOOfL3yFyZfHc1Q1xAMU4S
 =3J2L
 -----END PGP SIGNATURE-----

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fixes from Will Deacon:

 - Fix incorrect asm constraint for load_unaligned_zeropad() fixup

 - Fix thread flag update when setting TIF_MTE_ASYNC_FAULT

 - Fix restored irq state when handling fault on kprobe

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64: kprobes: Restore local irqflag if kprobes is cancelled
  arm64: mte: Ensure TIF_MTE_ASYNC_FAULT is set atomically
  arm64: fix inline asm in load_unaligned_zeropad()
2021-04-14 10:36:03 -07:00
Linus Torvalds
c17a3066b4 dmaengine fixes for v5.12
Couple of dmaengine driver fixes for:
 - race and descriptor issue for xilinx driver
 - fix interrupt handling, wq state & cleanup, field sizes for
   completion, msix permissions for idxd driver
 - rumtim pm fix for tegra driver
 - double free fix in dma_async_device_register
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+vs47OPLdNbVcHzyfBQHDyUjg0cFAmB3F20ACgkQfBQHDyUj
 g0d4GhAAw24ujgoKFdtV11h8eVyHwbsP45saRD8FVZ81oQ/3PI60rwnfuBNRnv4y
 KkWxQj0TsV1XezJ2t16Ovoq/9y8m/x5pWgP0LxwYj463P8PP40p31WZJ1qaAcSCp
 elau7TaoUSPW5HmD+Rv9IKpzVwLR9VLu0nqL22aJV62zouTJ0CCBFC/tJO+qrnmx
 vsa8kE3B85M+KzONUlmYstclgYEMaH2IROnrY0fhY68Txg2BENl9+mT69YaY6btb
 UABhKCUlfHYlXqCZNNsXlPo0E+n/jjVnTUceblCWWMwz3bPuYlc2KQLz49Nd3dWQ
 CRj2WQ9YWBXcPntUOicLMOFEUiAyUEC+bRssCfLofqKltRDXI5vyq6Wdo23L1Dz5
 eXLqI9DgccX4uoDQNp72AIPR7WO2pJnWjeLf7+tiXQ+htyr/SLfaZm2jciI4DcvK
 NLczhwMo0aWb50XYPI1iyN+Rhohq/s724xHPx5JrlxJlacuXwHIqUs27GrMpdEQv
 7Cpn4Hb0orPVjDeMQLFUcN8L7OmxC3M+vfTTl35ACI0EyAaeMW5Bm8SsKY8FjmFz
 f6OioKE7wDlfUnJqqQyYaZoeaW40ofGJoVSB6cs3XyJXH6PNYoVD+rKw5joS06Jt
 PbKkSJm3ZyV/m4Dd+GALRqntpHuYB4AaJbDI/blPzRzCJj4olJI=
 =GduB
 -----END PGP SIGNATURE-----

Merge tag 'dmaengine-fix-5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine

Pull dmaengine fixes from Vinod Koul:
 "A couple of dmaengine driver fixes for:

   - race and descriptor issue for xilinx driver

   - fix interrupt handling, wq state & cleanup, field sizes for
     completion, msix permissions for idxd driver

   - runtime pm fix for tegra driver

   - double free fix in dma_async_device_register"

* tag 'dmaengine-fix-5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine:
  dmaengine: idxd: fix wq cleanup of WQCFG registers
  dmaengine: idxd: clear MSIX permission entry on shutdown
  dmaengine: plx_dma: add a missing put_device() on error path
  dmaengine: tegra20: Fix runtime PM imbalance on error
  dmaengine: Fix a double free in dma_async_device_register
  dmaengine: dw: Make it dependent to HAS_IOMEM
  dmaengine: idxd: fix wq size store permission state
  dmaengine: idxd: fix opcap sysfs attribute output
  dmaengine: idxd: fix delta_rec and crc size field for completion record
  dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback
  dmaengine: xilinx: dpdma: Fix race condition in done IRQ
  dmaengine: xilinx: dpdma: Fix descriptor issuing on video group
2021-04-14 09:36:54 -07:00
Linus Torvalds
e70b911acc VFIO fix for v5.12-rc8/final
- Verify mmap region within range (Christian A. Ehrhardt)
 -----BEGIN PGP SIGNATURE-----
 
 iQJPBAABCAA5FiEEQvbATlQL0amee4qQI5ubbjuwiyIFAmB3AoEbHGFsZXgud2ls
 bGlhbXNvbkByZWRoYXQuY29tAAoJECObm247sIsiXWQP/RwBkdxgM7vwFXVpzTKi
 o2IDWOJphP8Z/hqE8j8NMoMl7anUJXW+Gg8vjTmGTiA5e1Q44tSIKgJD06ECwyXf
 T7Eqww9DIUKmi1OEyka6rNl6q+WBgVP49iLg7XQb3fs20K4vcCVjzBU7DHoojxKw
 eBuhTFqh+OBF7vZI3OJARS6gGdc8zXubnqPc9QX/rKbpVzEEiUMMlM87hRsohJZd
 VYvxguG1fnT1LDMKXg8JoJzYaUD13oXxJIzoz7FcR5inGDGSAphiGTb7HQTzL92m
 g86lrF1Mnh9paYjF8GzM23RErGPwrXWL2GZxmwbrDzYEACH4xQrO7b45cdyVg1yi
 CwStudQxFF4ZupvCX6n0k2umRB3Lgn1p4u74nclQCJZjl8opUSKFv+4H14qrf8Rn
 47cCeLQEo9M6tuRknveKliINHx5GDaqVPfeUNYEusPIBHxZso4qLOX0j3nSo7vIp
 4msXNqAzZqePYyFMOrX4B5Lk+99ieRm9y4lyONCO02m4xQimxjXaOjgOs8EedqPt
 ok2/U9SxBWEYneWNnwWc+SoejJv+PFaurB62Qo2hldGjkAQpgMFbX7LRCjhD6Ndu
 My8W4h13cWYtWrtjzqm0na2U09O9wS2as0dUX2PTVTnd6jeKr7R7WkZhKTRanccy
 buW+mb21Qq74GzM3a8FXa6h0
 =3Ohj
 -----END PGP SIGNATURE-----

Merge tag 'vfio-v5.12-rc8' of git://github.com/awilliam/linux-vfio

Pull VFIO fix from Alex Williamson:
 "Verify mmap region within range (Christian A. Ehrhardt)"

* tag 'vfio-v5.12-rc8' of git://github.com/awilliam/linux-vfio:
  vfio/pci: Add missing range check in vfio_pci_mmap
2021-04-14 09:10:54 -07:00
Linus Torvalds
2558258d78 Fix for a possible out-of-bounds access.
-----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmB2GmYUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroOOwAf/Qc56PZYWi0iGkoEn57b06Xb8shOC
 85of9i9DN55FTKDkiU3BEz2t4Q89UZJGDEfBN83QPzafem3ihRonBVTU5AYT1yPo
 0Q8cYF9H+/86onZWx7FHlHN2rLBOL9druiXSrbZWe6hVj2sasTHHTAV0DFr3V+UX
 H7dWP9I1V77icZj1M2yDWfg3umE3baiJnylpSduH/1oM9ox5x2en/bAzgtpEKAgl
 vgC9dT4c8zpGXh7hfpOoo8QJo61pjHJC12T2+lieQjmaH9yDh5JNXBcGtm2K2jVQ
 UF6t+aOQVD1Bho18EM6+aYfcnhaLpExpLUX0FA1dJB6fEC+Z8UcLrErb3w==
 =9tir
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull kvm fix from Paolo Bonzini:
 "Fix for a possible out-of-bounds access"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: VMX: Don't use vcpu->run->internal.ndata as an array index
2021-04-14 08:50:46 -07:00
Linus Walleij
33cc5270d8 intel-pinctrl for v5.12-4
* Fix pin numbering per community in Intel Lewisburg driver
 
 The following is an automated git shortlog grouped by driver:
 
 lewisburg:
  -  Update number of pins in community
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEqaflIX74DDDzMJJtb7wzTHR8rCgFAmB1fMwACgkQb7wzTHR8
 rCiRShAAvJHwbCL4TSryWys8HNLBM94WOhOVpq+4QFzQMRfVAOKBLqz6+AnLuFQo
 HkfeVwRBkv4m+LDbGgxY0ayvCVOyBC/gC3MxnpurG2NorlUYLhAvQJ0o6qbkhsT6
 y+bCo1gI/SKeStaO9HbYtBoi09xTXQcHVOVDOZDdqgdS4THT1lQlnldnvr6w3CQo
 XsOFremfqEOBJr6UqwcDgm4E0wFbEanRWJERoSGXeqaFMokmJdzrUV3tMD1TXYdW
 dr29uVYop6eaPH/OO9gAxhw0C7Gsck3zRihDUzW1b7wpTzOUzYiwfBiKl+yfeyDF
 qTY75aqkpPlRs46teSotOWCTVe3h9I+IdM/E+pZVKR967cNm7BlFi8SyWOFQZDFZ
 +bwdndOhqL3EkJ+BewF1wG+y1/ppMzdNlrWZ0HTrEGrEWkE1Dxy1ylGjFrC8AY8d
 p/phwv8hAIBcK3th4GSyS7sZ/sVoekMwu1AzDT0T67C6v9tRksN8C81eveiRMB22
 l8JW3QgmYr059GkGoCs9WUZCCHA0He4i9oNAE/dzkzPOrz5zaIAUz2npFgQseV/K
 /pXFs5FsVb09NiRQHWDgkkLp3Kzm5ZnXH8+d0BSXmtyYeDjVAizXzUnN+BU/me5N
 nd+jSb72NQykWddbRZk6ou2eVwW923SpXiSKBGffi/pq0cOuX+U=
 =vMXg
 -----END PGP SIGNATURE-----

Merge tag 'intel-pinctrl-v5.12-4' of gitolite.kernel.org:pub/scm/linux/kernel/git/pinctrl/intel into fixes

intel-pinctrl for v5.12-4

* Fix pin numbering per community in Intel Lewisburg driver

The following is an automated git shortlog grouped by driver:

lewisburg:
 -  Update number of pins in community
2021-04-14 09:09:10 +02:00
Linus Torvalds
50987beca0 tracing/dynevent: Fix a memory link in dyn_event_release()
An error path exited the function before freeing the allocated
 "argv" variable.
 -----BEGIN PGP SIGNATURE-----
 
 iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCYHY3LRQccm9zdGVkdEBn
 b29kbWlzLm9yZwAKCRAp5XQQmuv6qigOAPwOvbUI9PQTW3hs16XHDGbgtzdzX6A7
 kF7GlId5tXbZDwD/bW2gilFCjULCEPDuqsDy5EXrbZ7V7kulOfIw2e8CAQM=
 =HwKu
 -----END PGP SIGNATURE-----

Merge tag 'trace-v5.12-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace

Pull tracing fix from Steven Rostedt:
 "Fix a memory link in dyn_event_release().

  An error path exited the function before freeing the allocated 'argv'
  variable"

* tag 'trace-v5.12-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
  tracing/dynevent: Fix a memory leak in an error handling path
2021-04-13 18:40:00 -07:00
Michael Brown
2afeec08ab xen-netback: Check for hotplug-status existence before watching
The logic in connect() is currently written with the assumption that
xenbus_watch_pathfmt() will return an error for a node that does not
exist.  This assumption is incorrect: xenstore does allow a watch to
be registered for a nonexistent node (and will send notifications
should the node be subsequently created).

As of commit 1f2565780 ("xen-netback: remove 'hotplug-status' once it
has served its purpose"), this leads to a failure when a domU
transitions into XenbusStateConnected more than once.  On the first
domU transition into Connected state, the "hotplug-status" node will
be deleted by the hotplug_status_changed() callback in dom0.  On the
second or subsequent domU transition into Connected state, the
hotplug_status_changed() callback will therefore never be invoked, and
so the backend will remain stuck in InitWait.

This failure prevents scenarios such as reloading the xen-netfront
module within a domU, or booting a domU via iPXE.  There is
unfortunately no way for the domU to work around this dom0 bug.

Fix by explicitly checking for existence of the "hotplug-status" node,
thereby creating the behaviour that was previously assumed to exist.

Signed-off-by: Michael Brown <mbrown@fensystems.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-04-13 15:24:14 -07:00
Reiji Watanabe
04c4f2ee3f KVM: VMX: Don't use vcpu->run->internal.ndata as an array index
__vmx_handle_exit() uses vcpu->run->internal.ndata as an index for
an array access.  Since vcpu->run is (can be) mapped to a user address
space with a writer permission, the 'ndata' could be updated by the
user process at anytime (the user process can set it to outside the
bounds of the array).
So, it is not safe that __vmx_handle_exit() uses the 'ndata' that way.

Fixes: 1aa561b1a4 ("kvm: x86: Add "last CPU" to some KVM_EXIT information")
Signed-off-by: Reiji Watanabe <reijiw@google.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Message-Id: <20210413154739.490299-1-reijiw@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-04-13 18:23:41 -04:00
Eric Dumazet
38ec4944b5 gro: ensure frag0 meets IP header alignment
After commit 0f6925b3e8 ("virtio_net: Do not pull payload in skb->head")
Guenter Roeck reported one failure in his tests using sh architecture.

After much debugging, we have been able to spot silent unaligned accesses
in inet_gro_receive()

The issue at hand is that upper networking stacks assume their header
is word-aligned. Low level drivers are supposed to reserve NET_IP_ALIGN
bytes before the Ethernet header to make that happen.

This patch hardens skb_gro_reset_offset() to not allow frag0 fast-path
if the fragment is not properly aligned.

Some arches like x86, arm64 and powerpc do not care and define NET_IP_ALIGN
as 0, this extra check will be a NOP for them.

Note that if frag0 is not used, GRO will call pskb_may_pull()
as many times as needed to pull network and transport headers.

Fixes: 0f6925b3e8 ("virtio_net: Do not pull payload in skb->head")
Fixes: 78a478d0ef ("gro: Inline skb_gro_header and cache frag0 virtual address")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Guenter Roeck <linux@roeck-us.net>
Cc: Xuan Zhuo <xuanzhuo@linux.alibaba.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-04-13 15:09:31 -07:00
Or Cohen
b166a20b07 net/sctp: fix race condition in sctp_destroy_sock
If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock
held and sp->do_auto_asconf is true, then an element is removed
from the auto_asconf_splist without any proper locking.

This can happen in the following functions:
1. In sctp_accept, if sctp_sock_migrate fails.
2. In inet_create or inet6_create, if there is a bpf program
   attached to BPF_CGROUP_INET_SOCK_CREATE which denies
   creation of the sctp socket.

The bug is fixed by acquiring addr_wq_lock in sctp_destroy_sock
instead of sctp_close.

This addresses CVE-2021-23133.

Reported-by: Or Cohen <orcohen@paloaltonetworks.com>
Reviewed-by: Xin Long <lucien.xin@gmail.com>
Fixes: 6102365876 ("bpf: Add new cgroup attach type to enable sock modifications")
Signed-off-by: Or Cohen <orcohen@paloaltonetworks.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-04-13 14:59:46 -07:00
Lijun Pan
ca09bf7bb1 ibmvnic: correctly use dev_consume/free_skb_irq
It is more correct to use dev_kfree_skb_irq when packets are dropped,
and to use dev_consume_skb_irq when packets are consumed.

Fixes: 0d97338818 ("ibmvnic: Introduce xmit_more support using batched subCRQ hcalls")
Suggested-by: Thomas Falcon <tlfalcon@linux.ibm.com>
Signed-off-by: Lijun Pan <lijunp213@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-04-13 14:49:30 -07:00
Jonathon Reinhart
97684f0970 net: Make tcp_allowed_congestion_control readonly in non-init netns
Currently, tcp_allowed_congestion_control is global and writable;
writing to it in any net namespace will leak into all other net
namespaces.

tcp_available_congestion_control and tcp_allowed_congestion_control are
the only sysctls in ipv4_net_table (the per-netns sysctl table) with a
NULL data pointer; their handlers (proc_tcp_available_congestion_control
and proc_allowed_congestion_control) have no other way of referencing a
struct net. Thus, they operate globally.

Because ipv4_net_table does not use designated initializers, there is no
easy way to fix up this one "bad" table entry. However, the data pointer
updating logic shouldn't be applied to NULL pointers anyway, so we
instead force these entries to be read-only.

These sysctls used to exist in ipv4_table (init-net only), but they were
moved to the per-net ipv4_net_table, presumably without realizing that
tcp_allowed_congestion_control was writable and thus introduced a leak.

Because the intent of that commit was only to know (i.e. read) "which
congestion algorithms are available or allowed", this read-only solution
should be sufficient.

The logic added in recent commit
31c4d2f160: ("net: Ensure net namespace isolation of sysctls")
does not and cannot check for NULL data pointers, because
other table entries (e.g. /proc/sys/net/netfilter/nf_log/) have
.data=NULL but use other methods (.extra2) to access the struct net.

Fixes: 9cb8e048e5 ("net/ipv4/sysctl: show tcp_{allowed, available}_congestion_control in non-initial netns")
Signed-off-by: Jonathon Reinhart <jonathon.reinhart@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-04-13 14:42:51 -07:00
David S. Miller
61aaa1aa9a Merge branch 'catch-all-devices'
Hristo Venev says:

====================
net: Fix two use-after-free bugs

The two patches fix two use-after-free bugs related to cleaning up
network namespaces, one in sit and one in ip6_tunnel. They are easy to
trigger if the user has the ability to create network namespaces.

The bugs can be used to trigger null pointer dereferences. I am not
sure if they can be exploited further, but I would guess that they
can. I am not sending them to the mailing list without confirmation
that doing so would be OK.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2021-04-13 14:31:52 -07:00
Hristo Venev
941ea91e87 net: ip6_tunnel: Unregister catch-all devices
Similarly to the sit case, we need to remove the tunnels with no
addresses that have been moved to another network namespace.

Fixes: 0bd8762824 ("ip6tnl: add x-netns support")
Signed-off-by: Hristo Venev <hristo@venev.name>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-04-13 14:31:52 -07:00
Hristo Venev
610f8c0fc8 net: sit: Unregister catch-all devices
A sit interface created without a local or a remote address is linked
into the `sit_net::tunnels_wc` list of its original namespace. When
deleting a network namespace, delete the devices that have been moved.

The following script triggers a null pointer dereference if devices
linked in a deleted `sit_net` remain:

    for i in `seq 1 30`; do
        ip netns add ns-test
        ip netns exec ns-test ip link add dev veth0 type veth peer veth1
        ip netns exec ns-test ip link add dev sit$i type sit dev veth0
        ip netns exec ns-test ip link set dev sit$i netns $$
        ip netns del ns-test
    done
    for i in `seq 1 30`; do
        ip link del dev sit$i
    done

Fixes: 5e6700b3bf ("sit: add support of x-netns")
Signed-off-by: Hristo Venev <hristo@venev.name>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-04-13 14:31:52 -07:00
Linus Torvalds
eebe426d32 This pull request contains the following bug fix for MTD:
- nand: Fix WAITRDY break condition and timeout in mtk driver
 -----BEGIN PGP SIGNATURE-----
 
 iQJKBAABCAA0FiEEdgfidid8lnn52cLTZvlZhesYu8EFAmB183EWHHJpY2hhcmRA
 c2lnbWEtc3Rhci5hdAAKCRBm+VmF6xi7wWBTEAChRPDMpnf2xOMe2ju+YvKNSbaA
 ZjEz+LMs2iYJHciZWwalRtmBS1rNqF92G8PS0IaFhsJjswdRy00oDxPunFlTH0Sd
 DuJUpkLZ86eNy0aB7Ph1nB7xAb8nKwaEnXPV8BjsG0CvzFCT8yrKG9Og5rJi7Eez
 51bWOjhAO1ibR9H8BDoruahVZrsve7YH2F4unkx+lEkTNrR/Qj0LwLVFGKkc5YeP
 O+PQ1MNWNDPSj4zytepCoWAA+IMtGsj8164PgRVKiaxH4Y6v2KgbKKMk++rfbmXY
 Nqfgl48uxizQkuHcDcF5NO1O4FiQ23jgV5E5bGG53HWKnW+w9j9dvTjw0XYz1qvb
 dkNmw+f1abwtg79c5EiSb/TtQ3g+dqazW+BHyr7iME6ZpA1nh3ZBfYfBgeuuls4e
 ghEF2xTWNAcmYMMq7gD9r9SzHojzN6/lg5478Nl1CXerFXi2wPHD216A4eTnZ/Xf
 +rt9fJGuRqSUZ0jqa9DULvOTOjmPDuHwm3edVV6xXLQME6zhHSD0gds8Je+Ycmrv
 ChkRDzfOkMwKnSAU6LhN1TV3gEAJzQn/ii/NoP/QZHp3VbbY+h3FHfybcYI1QahN
 AYMtC7UUHlPFrFUdbxR3q0QxqEKiiQj3Yar9JT04iaB4X+j32veGVBhgzeF7B69z
 DRhaWsHl5GItjSaGzQ==
 =C/B2
 -----END PGP SIGNATURE-----

Merge tag 'fixes-for-5.12-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux

Pull MTD fix from Richard Weinberger:
 "Fix WAITRDY break condition and timeout in mtk nand driver"

* tag 'fixes-for-5.12-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux:
  mtd: rawnand: mtk: Fix WAITRDY break condition and timeout
2021-04-13 14:01:34 -07:00
Colin Ian King
ef963ae427 ice: Fix potential infinite loop when using u8 loop counter
A for-loop is using a u8 loop counter that is being compared to
a u32 cmp_dcbcfg->numapp to check for the end of the loop. If
cmp_dcbcfg->numapp is larger than 255 then the counter j will wrap
around to zero and hence an infinite loop occurs. Fix this by making
counter j the same type as cmp_dcbcfg->numapp.

Addresses-Coverity: ("Infinite loop")
Fixes: aeac8ce864 ("ice: Recognize 860 as iSCSI port in CEE mode")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Tested-by: Tony Brelinski <tonyx.brelinski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
2021-04-13 11:50:38 -07:00
Yongxin Liu
debb9df311 ixgbe: fix unbalanced device enable/disable in suspend/resume
pci_disable_device() called in __ixgbe_shutdown() decreases
dev->enable_cnt by 1. pci_enable_device_mem() which increases
dev->enable_cnt by 1, was removed from ixgbe_resume() in commit
6f82b25587 ("ixgbe: use generic power management"). This caused
unbalanced increase/decrease. So add pci_enable_device_mem() back.

Fix the following call trace.

  ixgbe 0000:17:00.1: disabling already-disabled device
  Call Trace:
   __ixgbe_shutdown+0x10a/0x1e0 [ixgbe]
   ixgbe_suspend+0x32/0x70 [ixgbe]
   pci_pm_suspend+0x87/0x160
   ? pci_pm_freeze+0xd0/0xd0
   dpm_run_callback+0x42/0x170
   __device_suspend+0x114/0x460
   async_suspend+0x1f/0xa0
   async_run_entry_fn+0x3c/0xf0
   process_one_work+0x1dd/0x410
   worker_thread+0x34/0x3f0
   ? cancel_delayed_work+0x90/0x90
   kthread+0x14c/0x170
   ? kthread_park+0x90/0x90
   ret_from_fork+0x1f/0x30

Fixes: 6f82b25587 ("ixgbe: use generic power management")
Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Tested-by: Dave Switzer <david.switzer@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
2021-04-13 11:49:11 -07:00
Alexander Duyck
31166efb1c ixgbe: Fix NULL pointer dereference in ethtool loopback test
The ixgbe driver currently generates a NULL pointer dereference when
performing the ethtool loopback test. This is due to the fact that there
isn't a q_vector associated with the test ring when it is setup as
interrupts are not normally added to the test rings.

To address this I have added code that will check for a q_vector before
returning a napi_id value. If a q_vector is not present it will return a
value of 0.

Fixes: b02e5a0ebb ("xsk: Propagate napi_id to XDP socket Rx path")
Signed-off-by: Alexander Duyck <alexanderduyck@fb.com>
Acked-by: Björn Töpel <bjorn.topel@intel.com>
Tested-by: Dave Switzer <david.switzer@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
2021-04-13 11:03:36 -07:00
Christophe JAILLET
8db403b963 tracing/dynevent: Fix a memory leak in an error handling path
We must free 'argv' before returning, as already done in all the other
paths of this function.

Link: https://lkml.kernel.org/r/21e3594ccd7fc88c5c162c98450409190f304327.1618136448.git.christophe.jaillet@wanadoo.fr

Fixes: d262271d04 ("tracing/dynevent: Delegate parsing to create function")
Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
2021-04-13 12:29:48 -04:00
Christian A. Ehrhardt
909290786e vfio/pci: Add missing range check in vfio_pci_mmap
When mmaping an extra device region verify that the region index
derived from the mmap offset is valid.

Fixes: a15b1883fe ("vfio_pci: Allow mapping extra regions")
Cc: stable@vger.kernel.org
Signed-off-by: Christian A. Ehrhardt <lk@c--e.de>
Message-Id: <20210412214124.GA241759@lisa.in-ulm.de>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2021-04-13 08:29:16 -06:00
Rafael J. Wysocki
6998a8800d ACPI: x86: Call acpi_boot_table_init() after acpi_table_upgrade()
Commit 1a1c130ab7 ("ACPI: tables: x86: Reserve memory occupied by
ACPI tables") attempted to address an issue with reserving the memory
occupied by ACPI tables, but it broke the initrd-based table override
mechanism relied on by multiple users.

To restore the initrd-based ACPI table override functionality, move
the acpi_boot_table_init() invocation in setup_arch() on x86 after
the acpi_table_upgrade() one.

Fixes: 1a1c130ab7 ("ACPI: tables: x86: Reserve memory occupied by ACPI tables")
Reported-by: Hans de Goede <hdegoede@redhat.com>
Tested-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2021-04-13 16:03:01 +02:00
Yuanyuan Zhong
196d941753 pinctrl: lewisburg: Update number of pins in community
When updating pin names for Intel Lewisburg, the numbers of pins were
left behind. Update them accordingly.

Fixes: e66ff71fd0 ("pinctrl: lewisburg: Update pin list according to v1.1v6")
Signed-off-by: Yuanyuan Zhong <yzhong@purestorage.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-04-13 14:09:48 +03:00
Jisheng Zhang
738fa58ee1 arm64: kprobes: Restore local irqflag if kprobes is cancelled
If instruction being single stepped caused a page fault, the kprobes
is cancelled to let the page fault handler continue as a normal page
fault. But the local irqflags are disabled so cpu will restore pstate
with DAIF masked. After pagefault is serviced, the kprobes is
triggerred again, we overwrite the saved_irqflag by calling
kprobes_save_local_irqflag(). NOTE, DAIF is masked in this new saved
irqflag. After kprobes is serviced, the cpu pstate is retored with
DAIF masked.

This patch is inspired by one patch for riscv from Liao Chang.

Signed-off-by: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
Link: https://lore.kernel.org/r/20210412174101.6bfb0594@xhacker.debian
Signed-off-by: Will Deacon <will@kernel.org>
2021-04-13 09:30:16 +01:00
David S. Miller
ccb39c6285 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for net:

1) Fix NAT IPv6 offload in the flowtable.

2) icmpv6 is printed as unknown in /proc/net/nf_conntrack.

3) Use div64_u64() in nft_limit, from Eric Dumazet.

4) Use pre_exit to unregister ebtables and arptables hooks,
   from Florian Westphal.

5) Fix out-of-bound memset in x_tables compat match/target,
   also from Florian.

6) Clone set elements expression to ensure proper initialization.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2021-04-12 16:17:50 -07:00
Pablo Neira Ayuso
4d8f906583 netfilter: nftables: clone set element expression template
memcpy() breaks when using connlimit in set elements. Use
nft_expr_clone() to initialize the connlimit expression list, otherwise
connlimit garbage collector crashes when walking on the list head copy.

[  493.064656] Workqueue: events_power_efficient nft_rhash_gc [nf_tables]
[  493.064685] RIP: 0010:find_or_evict+0x5a/0x90 [nf_conncount]
[  493.064694] Code: 2b 43 40 83 f8 01 77 0d 48 c7 c0 f5 ff ff ff 44 39 63 3c 75 df 83 6d 18 01 48 8b 43 08 48 89 de 48 8b 13 48 8b 3d ee 2f 00 00 <48> 89 42 08 48 89 10 48 b8 00 01 00 00 00 00 ad de 48 89 03 48 83
[  493.064699] RSP: 0018:ffffc90000417dc0 EFLAGS: 00010297
[  493.064704] RAX: 0000000000000000 RBX: ffff888134f38410 RCX: 0000000000000000
[  493.064708] RDX: 0000000000000000 RSI: ffff888134f38410 RDI: ffff888100060cc0
[  493.064711] RBP: ffff88812ce594a8 R08: ffff888134f38438 R09: 00000000ebb9025c
[  493.064714] R10: ffffffff8219f838 R11: 0000000000000017 R12: 0000000000000001
[  493.064718] R13: ffffffff82146740 R14: ffff888134f38410 R15: 0000000000000000
[  493.064721] FS:  0000000000000000(0000) GS:ffff88840e440000(0000) knlGS:0000000000000000
[  493.064725] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  493.064729] CR2: 0000000000000008 CR3: 00000001330aa002 CR4: 00000000001706e0
[  493.064733] Call Trace:
[  493.064737]  nf_conncount_gc_list+0x8f/0x150 [nf_conncount]
[  493.064746]  nft_rhash_gc+0x106/0x390 [nf_tables]

Reported-by: Laura Garcia Liebana <nevola@gmail.com>
Fixes: 4094445229 ("netfilter: nf_tables: add elements with stateful expressions")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2021-04-13 00:19:05 +02:00
Florian Westphal
b29c457a65 netfilter: x_tables: fix compat match/target pad out-of-bound write
xt_compat_match/target_from_user doesn't check that zeroing the area
to start of next rule won't write past end of allocated ruleset blob.

Remove this code and zero the entire blob beforehand.

Reported-by: syzbot+cfc0247ac173f597aaaa@syzkaller.appspotmail.com
Reported-by: Andy Nguyen <theflow@google.com>
Fixes: 9fa492cdc1 ("[NETFILTER]: x_tables: simplify compat API")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2021-04-13 00:18:57 +02:00
Jakub Kicinski
f33b0e196e ethtool: fix kdoc attr name
Add missing 't' in attrtype.

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-04-12 14:21:51 -07:00
Pali Rohár
1fe976d308 net: phy: marvell: fix detection of PHY on Topaz switches
Since commit fee2d54641 ("net: phy: marvell: mv88e6390 temperature
sensor reading"), Linux reports the temperature of Topaz hwmon as
constant -75°C.

This is because switches from the Topaz family (88E6141 / 88E6341) have
the address of the temperature sensor register different from Peridot.

This address is instead compatible with 88E1510 PHYs, as was used for
Topaz before the above mentioned commit.

Create a new mapping table between switch family and PHY ID for families
which don't have a model number. And define PHY IDs for Topaz and Peridot
families.

Create a new PHY ID and a new PHY driver for Topaz's internal PHY.
The only difference from Peridot's PHY driver is the HWMON probing
method.

Prior this change Topaz's internal PHY is detected by kernel as:

  PHY [...] driver [Marvell 88E6390] (irq=63)

And afterwards as:

  PHY [...] driver [Marvell 88E6341 Family] (irq=63)

Signed-off-by: Pali Rohár <pali@kernel.org>
BugLink: https://github.com/globalscaletechnologies/linux/issues/1
Fixes: fee2d54641 ("net: phy: marvell: mv88e6390 temperature sensor reading")
Reviewed-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-04-12 14:20:19 -07:00
Dave Jiang
ea9aadc06a dmaengine: idxd: fix wq cleanup of WQCFG registers
A pre-release silicon erratum workaround where wq reset does not clear
WQCFG registers was leaked into upstream code. Use wq reset command
instead of blasting the MMIO region. This also address an issue where
we clobber registers in future devices.

Fixes: da32b28c95 ("dmaengine: idxd: cleanup workqueue config after disabling")
Reported-by: Shreenivaas Devarajan <shreenivaas.devarajan@intel.com>
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Link: https://lore.kernel.org/r/161824330020.881560.16375921906426627033.stgit@djiang5-desk3.ch.intel.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
2021-04-12 22:08:39 +05:30
Dave Jiang
6df0e6c57d dmaengine: idxd: clear MSIX permission entry on shutdown
Add disabling/clearing of MSIX permission entries on device shutdown to
mirror the enabling of the MSIX entries on probe. Current code left the
MSIX enabled and the pasid entries still programmed at device shutdown.

Fixes: 8e50d39265 ("dmaengine: idxd: Add shared workqueue support")
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Link: https://lore.kernel.org/r/161824457969.882533.6020239898682672311.stgit@djiang5-desk3.ch.intel.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
2021-04-12 22:08:38 +05:30
Linus Torvalds
89698becf0 Single regression fix:
. fix pfn offset (stops booting on some platforms)
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEmsfM6tQwfNjBOxr3TiQVqaG9L4AFAmBzmvUACgkQTiQVqaG9
 L4Bz4g//RZLcKjtbNTrjISchVanN0nDggLp895Yyz0/uZ8nAMlatNi8tocwYxQFE
 uCODO0+iVe+BfPC7YvOJ8aiRT/YplpTlQittL30kJIAKPdQ4qCfSvcVzkb5iIaPc
 VUjhw1vdjQmd8q6iJWXxNlEfNiB6B5JA9gwb3unnsPTHHY8PBSns4CIl3bbh1EMx
 nHG8ak+RmzecVtyqZZiape2kH0JLHQFD8MSXNKFyPm66gzeJhQRG/AfSzSbO+G9F
 DQHaCaIYlsD+88w0+5lbaj7XT+XYusC+SKR6q6BCEJneJNv/OyDECesN3DgtboSX
 289siQGQ5Wsgix8nKMfMHv+OgSnZsyf/b0Z8LRLfcBuZltYA738g4cAmPhPLgfIW
 i5gon3yhnxgW2xECGsbt/oJqKdZha5fG7gMTYVzbH95VgyA/PFC4id7pj24H7n4W
 n25vlhpyMYBFWsanCl0een9hHIjNbwPbb5zJ0Vqhi9MCi53reQwf3HQrLRy/GXtn
 h7+8cvfJXitibv248UO/nQyP15Q8bZ2XRLEj0GHD5R3lUkQd/I5EPm5Pxp1L34TZ
 yihDF7bTJmUNzPJHn5oEkDAh5571RuIqh8xFg5mMyZlXIQIr5GYjDFlBEZ/Uwv4q
 yXBtF1keNVXZk3gQ1CC44HfoyXE4cgzgbOFr0926X+6LRFzJRvY=
 =UoDX
 -----END PGP SIGNATURE-----

Merge tag 'm68knommu-for-v5.12-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu

Pull m68knommu fix from Greg Ungerer:
 "Some m68k platforms with a non-zero memory base fail to boot with the
  recent flatmem changes.

  This is a single regression fix to the pfn offset for that case"

* tag 'm68knommu-for-v5.12-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu:
  m68k: fix flatmem memory model setup
2021-04-12 09:03:49 -07:00
Catalin Marinas
2decad92f4 arm64: mte: Ensure TIF_MTE_ASYNC_FAULT is set atomically
The entry from EL0 code checks the TFSRE0_EL1 register for any
asynchronous tag check faults in user space and sets the
TIF_MTE_ASYNC_FAULT flag. This is not done atomically, potentially
racing with another CPU calling set_tsk_thread_flag().

Replace the non-atomic ORR+STR with an STSET instruction. While STSET
requires ARMv8.1 and an assembler that understands LSE atomics, the MTE
feature is part of ARMv8.5 and already requires an updated assembler.

Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Fixes: 637ec831ea ("arm64: mte: Handle synchronous and asynchronous tag check faults")
Cc: <stable@vger.kernel.org> # 5.10.x
Reported-by: Will Deacon <will@kernel.org>
Cc: Will Deacon <will@kernel.org>
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Link: https://lore.kernel.org/r/20210409173710.18582-1-catalin.marinas@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
2021-04-12 13:38:45 +01:00
Hans de Goede
aee6f25e9c drm/i915/display/vlv_dsi: Do not skip panel_pwr_cycle_delay when disabling the panel
After the recently added commit fe0f1e3bfd ("drm/i915: Shut down
displays gracefully on reboot"), the DSI panel on a Cherry Trail based
Predia Basic tablet would no longer properly light up after reboot.

I've managed to reproduce this without rebooting by doing:
chvt 3; echo 1 > /sys/class/graphics/fb0/blank;\
echo 0 > /sys/class/graphics/fb0/blank

Which rapidly turns the panel off and back on again.

The vlv_dsi.c code uses an intel_dsi_msleep() helper for the various delays
used for panel on/off, since starting with MIPI-sequences version >= 3 the
delays are already included inside the MIPI-sequences.

The problems exposed by the "Shut down displays gracefully on reboot"
change, show that using this helper for the panel_pwr_cycle_delay is
not the right thing to do. This has not been noticed until now because
normally the panel never is cycled off and directly on again in quick
succession.

Change the msleep for the panel_pwr_cycle_delay to a normal msleep()
call to avoid the panel staying black after a quick off + on cycle.

Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Fixes: fe0f1e3bfd ("drm/i915: Shut down displays gracefully on reboot")
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20210325114823.44922-1-hdegoede@redhat.com
(cherry picked from commit 2878b29fc2)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
2021-04-12 08:00:33 -04:00
Ville Syrjälä
bf52dc49ba drm/i915: Don't zero out the Y plane's watermarks
Don't zero out the watermarks for the Y plane since we've already
computed them when computing the UV plane's watermarks (since the
UV plane always appears before ethe Y plane when iterating through
the planes).

This leads to allocating no DDB for the Y plane since .min_ddb_alloc
also gets zeroed. And that of course leads to underruns when scanning
out planar formats.

Cc: stable@vger.kernel.org
Cc: Stanislav Lisovskiy <stanislav.lisovskiy@intel.com>
Fixes: dbf71381d7 ("drm/i915: Nuke intel_atomic_crtc_state_for_each_plane_state() from skl+ wm code")
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20210327005945.4929-1-ville.syrjala@linux.intel.com
Reviewed-by: Stanislav Lisovskiy <stanislav.lisovskiy@intel.com>
(cherry picked from commit f99b805fb9)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
2021-04-12 08:00:28 -04:00
Lyude Paul
1166416998 drm/i915/dpcd_bl: Don't try vesa interface unless specified by VBT
Looks like that there actually are another subset of laptops on the market
that don't support the Intel HDR backlight interface, but do advertise
support for the VESA DPCD backlight interface despite the fact it doesn't
seem to work.

Note though I'm not entirely clear on this - on one of the machines where
this issue was observed, I also noticed that we appeared to be rejecting
the VBT defined backlight frequency in
intel_dp_aux_vesa_calc_max_backlight(). It's noted in this function that:

/* Use highest possible value of Pn for more granularity of brightness
 * adjustment while satifying the conditions below.
 * ...
 * - FxP is within 25% of desired value.
 *   Note: 25% is arbitrary value and may need some tweak.
 */

So it's possible that this value might just need to be tweaked, but for now
let's just disable the VESA backlight interface unless it's specified in
the VBT just to be safe. We might be able to try enabling this again by
default in the future.

Fixes: 2227816e64 ("drm/i915/dp: Allow forcing specific interfaces through enable_dpcd_backlight")
Cc: Jani Nikula <jani.nikula@intel.com>
Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
Bugzilla: https://gitlab.freedesktop.org/drm/intel/-/issues/3169
Signed-off-by: Lyude Paul <lyude@redhat.com>
Reviewed-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20210318170204.513000-1-lyude@redhat.com
(cherry picked from commit 9e2eb6d538)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
2021-04-12 08:00:24 -04:00
Vasily Gorbik
a994eddb94 s390/entry: save the caller of psw_idle
Currently psw_idle does not allocate a stack frame and does not
save its r14 and r15 into the save area. Even though this is valid from
call ABI point of view, because psw_idle does not make any calls
explicitly, in reality psw_idle is an entry point for controlled
transition into serving interrupts. So, in practice, psw_idle stack
frame is analyzed during stack unwinding. Depending on build options
that r14 slot in the save area of psw_idle might either contain a value
saved by previous sibling call or complete garbage.

  [task    0000038000003c28] do_ext_irq+0xd6/0x160
  [task    0000038000003c78] ext_int_handler+0xba/0xe8
  [task   *0000038000003dd8] psw_idle_exit+0x0/0x8 <-- pt_regs
 ([task    0000038000003dd8] 0x0)
  [task    0000038000003e10] default_idle_call+0x42/0x148
  [task    0000038000003e30] do_idle+0xce/0x160
  [task    0000038000003e70] cpu_startup_entry+0x36/0x40
  [task    0000038000003ea0] arch_call_rest_init+0x76/0x80

So, to make a stacktrace nicer and actually point for the real caller of
psw_idle in this frequently occurring case, make psw_idle save its r14.

  [task    0000038000003c28] do_ext_irq+0xd6/0x160
  [task    0000038000003c78] ext_int_handler+0xba/0xe8
  [task   *0000038000003dd8] psw_idle_exit+0x0/0x6 <-- pt_regs
 ([task    0000038000003dd8] arch_cpu_idle+0x3c/0xd0)
  [task    0000038000003e10] default_idle_call+0x42/0x148
  [task    0000038000003e30] do_idle+0xce/0x160
  [task    0000038000003e70] cpu_startup_entry+0x36/0x40
  [task    0000038000003ea0] arch_call_rest_init+0x76/0x80

Reviewed-by: Sven Schnelle <svens@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
2021-04-12 12:44:31 +02:00
Vasily Gorbik
b74e409ea1 s390/entry: avoid setting up backchain in ext|io handlers
Currently when interrupt arrives to cpu while in kernel context
INT_HANDLER macro (used for ext_int_handler and io_int_handler)
allocates new stack frame and pt_regs on the kernel stack and
sets up the backchain to jump over the pt_regs to the frame which has
been interrupted. This is not ideal to two reasons:

1. This hides the fact that kernel stack contains interrupt frame in it
   and hence breaks arch_stack_walk_reliable(), which needs to know that to
   guarantee "reliability" and checks that there are no pt_regs on the way.

2. It breaks the backchain unwinder logic, which assumes that the next
   stack frame after an interrupt frame is reliable, while it is not.
   In some cases (when r14 contains garbage) this leads to early unwinding
   termination with an error, instead of marking frame as unreliable
   and continuing.

To address that, only set backchain to 0.

Fixes: 56e62a7370 ("s390: convert to generic entry")
Reviewed-by: Sven Schnelle <svens@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
2021-04-12 12:44:30 +02:00
Dan Carpenter
07503e6aef dmaengine: plx_dma: add a missing put_device() on error path
Add a missing put_device(&pdev->dev) if the call to
dma_async_device_register(dma); fails.

Fixes: 905ca51e63 ("dmaengine: plx-dma: Introduce PLX DMA engine PCI driver skeleton")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Logan Gunthorpe <logang@deltatee.com>
Link: https://lore.kernel.org/r/YFnq/0IQzixtAbC1@mwanda
Signed-off-by: Vinod Koul <vkoul@kernel.org>
2021-04-12 15:13:51 +05:30
Dinghao Liu
917a3200b9 dmaengine: tegra20: Fix runtime PM imbalance on error
pm_runtime_get_sync() will increase the runtime PM counter
even it returns an error. Thus a pairing decrement is needed
to prevent refcount leak. Fix this by replacing this API with
pm_runtime_resume_and_get(), which will not change the runtime
PM counter on error.

Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
Acked-by: Thierry Reding <treding@nvidia.com>
Link: https://lore.kernel.org/r/20210409082805.23643-1-dinghao.liu@zju.edu.cn
Signed-off-by: Vinod Koul <vkoul@kernel.org>
2021-04-12 15:10:44 +05:30