We don't disable VIRTIO_NET_F_GUEST_CSUM if XDP was set. This means we
can receive partial csumed packets with metadata kept in the
vnet_hdr. This may have several side effects:
- It could be overridden by header adjustment, thus is might be not
correct after XDP processing.
- There's no way to pass such metadata information through
XDP_REDIRECT to another driver.
- XDP does not support checksum offload right now.
So simply disable guest csum if possible in this the case of XDP.
Fixes: 3f93522ffa ("virtio-net: switch off offloads on demand if possible on XDP set")
Reported-by: Jesper Dangaard Brouer <brouer@redhat.com>
Cc: Jesper Dangaard Brouer <brouer@redhat.com>
Cc: Pavel Popa <pashinho1990@gmail.com>
Cc: David Ahern <dsahern@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-----BEGIN PGP SIGNATURE-----
iQFHBAABCAAxFiEEydHwtzie9C7TfviiSn/eOAIR84sFAlv4ScMTHGlkcnlvbW92
QGdtYWlsLmNvbQAKCRBKf944AhHzi1AlCACGgnN3hy/1AS2/fWVkPNZmfAyNC2vb
1MZcYY2eXV+gx5MGr9/DKAGgvlxDRjn+FQAXqTVGNGULTNBEujWa4Z+Hl/gzYXfX
LdK90pBe/E2WwcuDMK8WrMSuumJYElLpAcvEoxmAdJCDSXZ4ZGLfktGuaBqBGEJm
9NftKpJzqavuhVMt3wlNnaiZCD++BzMXTnMvcgpSWZIdlGpAXYYfeyFkPu5s1tUl
0PnsS2fP53JPR3nUz5EOksJidn0A9RYnYz/jKMvKFDLwURuRouHbugaZw/tXqUB3
atcd6u+XV3v7RS/fhIybJ7yoO5bE0TehcP7D7qY2R4R8bG+yWc1L124g
=yrY2
-----END PGP SIGNATURE-----
Merge tag 'ceph-for-4.20-rc4' of https://github.com/ceph/ceph-client
Pullk ceph fix from Ilya Dryomov:
"A messenger fix, marked for stable"
* tag 'ceph-for-4.20-rc4' of https://github.com/ceph/ceph-client:
libceph: fall back to sendmsg for slab pages
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAlv4RQUQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgprfJEACnPxJfX+v1nGan+Al5gwdL4/2nU7yOXmb9
6KLs27fbFfRuB+1HxPM4GOgPyfNUmzwdcwMEt/slrPQ85Zykl2ooDv48xmFh3Orr
zRdHi00CRoIOhqRcobfXiBak8VwwBxxb8TNp1WbcbCxeaURRETSqylxRhyzVoNYL
2h5AqcnrnHzDRdYWW7iNmoj5D+opUoV8oiRWeq5t+g3lDFt73w9IAxFM+OD9edSm
wXvFVcCaijAAGlESww+DjfAl9g7JiJlvrP+y1Yz2HR4ZPvFFX+PP7rr2Mx+FV7rn
lluA2NBE2I+I6KrErmwrpWbonWOH1tgTvaGeNemXy1FWbLLdhoCInbkmqyPnDHnD
GTzaWuMe6nbtp3Wr+rnHwdqpjLxMjik9eGvI5JsLMFHfT0n9BjCJuqLBjU+QARU/
D3rKLoKZeIVasM0NFhd/vPzK1P2kVPjszJ48orksnIvkjxzoG/YKzlN6wYMW+/z3
eEWzO9u9BDUjA7ayShmzL6LjRsOts0IRtVU3fYJIsvtKUbwo6JXTiqDpNQWLYUIj
qspuu0TehMy4mDq9ynNpRjL/PIQ7KUMb7OMtyheLVBpqbJ2GK+wohxU/wKZws4WM
8IfYcvsnOfR0muMFCBZyPefO9q4wKrVqp4VP48R2lZ7S9YOndLBCxeDw/5xYAsH7
ht/GCtxfOA==
=7Ur6
-----END PGP SIGNATURE-----
Merge tag 'for-linus-20181123' of git://git.kernel.dk/linux-block
Pull block fix from Jens Axboe:
"Just a single fix for this week, fixing an issue with nvme-fc"
* tag 'for-linus-20181123' of git://git.kernel.dk/linux-block:
nvme-fc: resolve io failures during connect
Eric noted that with UDP GRO and NAPI timeout, we could keep a single
UDP packet inside the GRO hash forever, if the related NAPI instance
calls napi_gro_complete() at an higher frequency than the NAPI timeout.
Willem noted that even TCP packets could be trapped there, till the
next retransmission.
This patch tries to address the issue, flushing the old packets -
those with a NAPI_GRO_CB age before the current jiffy - before scheduling
the NAPI timeout. The rationale is that such a timeout should be
well below a jiffy and we are not flushing packets eligible for sane GRO.
v1 -> v2:
- clarified the commit message and comment
RFC -> v1:
- added 'Fixes tags', cleaned-up the wording.
Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Fixes: 3b47d30396 ("net: gro: add a per device gro flush timer")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
When we add a new IPv6 address, we should also join corresponding solicited-node
multicast address, unless the interface has IFF_NOARP flag, as function
addrconf_join_solict() did. But if we remove IFF_NOARP flag later, we do
not do dad and add the mcast address. So we will drop corresponding neighbour
discovery message that came from other nodes.
A typical example is after creating a ipvlan with mode l3, setting up an ipv6
address and changing the mode to l2. Then we will not be able to ping this
address as the interface doesn't join related solicited-node mcast address.
Fix it by re-doing dad when interface changed IFF_NOARP flag. Then we will add
corresponding mcast group and check if there is a duplicate address on the
network.
Reported-by: Jianlin Shi <jishi@redhat.com>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Including:
- Two fixes for the Intel VT-d driver to fix a NULL-ptr
dereference and an unbalance in an allocate/free path
(allocated with memremap, freed with iounmap)
- Fix for a crash in the Renesas IOMMU driver
- Fix for the Advanced Virtual Interrupt Controler (AVIC) code
in the AMD IOMMU driver
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJb+CxJAAoJECvwRC2XARrjKYoQAMWv6cWDNzr8phjTS8Lj53XN
H2uQDCu4V7ysDrmUuN1zWn5R3MPbD3/1XlJuen7cKaI7Uwx1/ivzOi8f+MAfGEY2
SSy/uJsGr8z0qh+QiIUyju8hK3iZe0WWntkwQ//LoJcZyF6JgpaaBwnXvU9KIkId
m8wr38hgzYz/KoRZwMQ2rD/5wTG1AcEaR/gQC2UUaSXNmiFuh0MiHQqB46nCFUNx
5fvpRI+Df3pqYXwC0TTic9BI5DAeZgz2j/r5BPOYorLMZm1cgSMaGvnJkGGVlxKJ
LDcxKcvuZQbJXTtZ9mumtx6Z9sBhhCLhJcX2eJHmWA/9caSzBJsCEgzh0ZBvRhf+
23zH0MvxP8IcddIGNzteCcr31GFXPtnLaXEJyRDJ3xuDIr4IwMwUBcvyGhzohDPQ
G5SyNG8MP0PYvcypMARcpvn+zldGb5sZZXykrkRYY7y0jxwLBQ5P3mYjEYlGDhhN
yHftLid9bAyoSIizSyNUlHf1NmPMamT0d/L4v96JSuC2a1fTgboXC2R7qrkzrx0+
RH2zkEIVfITPDX6/r5zZsHEf1raRtGGnUOyvxJOkAV2zsxoCEQC1xBR8BpeyDjHn
plfKBTCdAD8WrQKOgo4kVIgZtTGlc1bNwTgpN0N+SNTrNCsRq8a9tyoXGjGWcFxc
C7Q67vcD4TfRxQgx0CF7
=28EU
-----END PGP SIGNATURE-----
Merge tag 'iommu-fixes-v4.20-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu
Pull IOMMU fixes from Joerg Roedel:
- Two fixes for the Intel VT-d driver to fix a NULL-ptr dereference and
an unbalance in an allocate/free path (allocated with memremap, freed
with iounmap)
- Fix for a crash in the Renesas IOMMU driver
- Fix for the Advanced Virtual Interrupt Controler (AVIC) code in the
AMD IOMMU driver
* tag 'iommu-fixes-v4.20-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
iommu/vt-d: Use memunmap to free memremap
amd/iommu: Fix Guest Virtual APIC Log Tail Address Register
iommu/ipmmu-vmsa: Fix crash on early domain free
iommu/vt-d: Fix NULL pointer dereference in prq_event_thread()
tpacket_snd sends packets with user pages linked into skb frags. It
notifies that pages can be reused when the skb is released by setting
skb->destructor to tpacket_destruct_skb.
This can cause data corruption if the skb is orphaned (e.g., on
transmit through veth) or cloned (e.g., on mirror to another psock).
Create a kernel-private copy of data in these cases, same as tun/tap
zerocopy transmission. Reuse that infrastructure: mark the skb as
SKBTX_ZEROCOPY_FRAG, which will trigger copy in skb_orphan_frags(_rx).
Unlike other zerocopy packets, do not set shinfo destructor_arg to
struct ubuf_info. tpacket_destruct_skb already uses that ptr to notify
when the original skb is released and a timestamp is recorded. Do not
change this timestamp behavior. The ubuf_info->callback is not needed
anyway, as no zerocopy notification is expected.
Mark destructor_arg as not-a-uarg by setting the lower bit to 1. The
resulting value is not a valid ubuf_info pointer, nor a valid
tpacket_snd frame address. Add skb_zcopy_.._nouarg helpers for this.
The fix relies on features introduced in commit 52267790ef ("sock:
add MSG_ZEROCOPY"), so can be backported as is only to 4.14.
Tested with from `./in_netns.sh ./txring_overwrite` from
http://github.com/wdebruij/kerneltools/tests
Fixes: 69e3c75f4d ("net: TX_RING and packet mmap")
Reported-by: Anand H. Krishnan <anandhkrishnan@gmail.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Prevent the ACPI core from registering a platform device for
the SMB0001 HID to avoid IRQ allocation issues (Hans de Goede).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJb98+6AAoJEILEb/54YlRx7YEP/0qU1ZBzNojPOu6fQZW9M2SD
LWu4QY0/2Cv1mzt8D9/7aiu7V1saGfXRlKzcWmJKkfvrc80WPaSPXktiKz5IWGid
fMQory7czTuuEuYZS1HyZ+qJ7OLwOAXFIxb6t87/KgT9I4nUGtCUk2C+W+aqYvY4
4AVApDT/EHrU3SzF6BO5NXgDgz2IRs9kA//hrtn4Vo7uh1qHdrhvEjODsj1Wotlc
f/ypHHHqp/8cFBv5eTnIjFKht0ErWC4GKN/BX5ufRVxHsJcuV4o+vS6aCS8faCTO
G6iDL+qZoW86Afz2kFCQUD+KZiZ+s0ZQZZf4kMACRCXz/WtEPB1fVhBMtnFmHygX
mp7OMX+Iyj+H0BOz3ohPEb+iLSoWPSkG2imbqxI9TQ38/JWkqAy6lMJcfTc7h8KM
gV2XO1d1m2QcD6NWSulaEikzn+4Ig+Iv+iEsQ14HCcAV5TOF8BU2ad/I4G5n03hM
z2wucVMK2cxzJC8ikn6EpVBzXt7+oNvfoUtVBFpzk0yMWjrqpC2ZbzZjxlGlR35N
9A8YHfXpxPkF4wJKb2vK/7DYxR4zuOXmwKspalBdJB2BqvcIClj0fz8dmA8UtU1i
3H1Pwp9q6MkVrHDGx4Jg1djatjHTtr0Kip5MEuyssZ2NbrPsIPfNAv0hNK0Jw+XK
yvh1+DHI183Z3DmwKwRn
=bTMI
-----END PGP SIGNATURE-----
Merge tag 'acpi-4.20-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI fix from Rafael Wysocki:
"Prevent the ACPI core from registering a platform device for the
SMB0001 HID to avoid IRQ allocation issues (Hans de Goede)"
* tag 'acpi-4.20-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI / platform: Add SMB0001 HID to forbidden_id_list
- Fix tasks freezer deadlock in de_thread() that occurs if one
of its sub-threads has been frozen already (Chanho Min).
- Avoid registering a platform device by the ti-cpufreq driver
on platforms that cannot use it (Dave Gerlach).
- Fix a mistake in the ti-opp-supply operating performance points
(OPP) driver that caused an incorrect reference voltage to be
used and make it adjust the minimum voltage dynamically to avoid
hangs or crashes in some cases (Keerthy).
- Fix issues related to compiler flags in the cpupower utility
and correct a linking problem in it by renaming a file with
a duplicate name (Jiri Olsa, Konstantin Khlebnikov).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJb99ANAAoJEILEb/54YlRxUk4QAIkpXmLdEm0zvQXJZKJxuxu/
8eiglPcoCAAVgR3uRjezTyQeFCDjqGIqmpiipFOkxgAaeb+aiFta2B88B4oZ3OAf
G5yJG4CMs5+Tp/oH2+McX4PMo2WfoEIDoOGVOdtlk4iGAIh9tT5KvNfCUyxHLP7c
cFjdeUQuc8PRPzutESxYHB23FmECCEprVmEFVckQ7vSCnWX6dm1mFteCiNZADH8/
YNgRWRYtyWXlPRNCPJuCvYmVHLgm0Tw6CVhG4ttXT9wIkYyiLK9Flx9X6gsBWdoS
ej1jbJM7R/EAUzHvCjUCSfMKDNWvQySR3gC2m0vG5Goext2UXWieSHaI6BfqjPP2
wTBX9lAKu3iIGISoorjJZAMe4v26Tpbs0v5ApsOGr50WNZKZtRkBwaJ0EFT2hEa8
MsDtUjr+d7CIQ+ZDHmAbOzghpDlSuhGypfkD7IPtA/AY1dy1wJ3BUYya8ucqSdr3
iKkQcndN3ASR1+Fyb3c1cflh9fWe84aeSmYPihcX2m+/D43keYXbj2ANdCH1dF3E
cwAXw9+VteUQ1tihqgJapFogK3VphMbRErPSGXryuyiMxr38g7tgHAd2rId0JG4g
QftqpZa19aEed8tJNaQWWjBaBFgYeAT9BQqcP6CjFOO9klPH//NSiqzQUFMdzsEc
Qql1V/aoOIsflb7gJH3/
=JQxr
-----END PGP SIGNATURE-----
Merge tag 'pm-4.20-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull power management fixes from Rafael Wysocki:
"These fix two issues in the Operating Performance Points (OPP)
framework, one cpufreq driver issue, one problem related to the tasks
freezer and a few build-related issues in the cpupower utility.
Specifics:
- Fix tasks freezer deadlock in de_thread() that occurs if one of its
sub-threads has been frozen already (Chanho Min).
- Avoid registering a platform device by the ti-cpufreq driver on
platforms that cannot use it (Dave Gerlach).
- Fix a mistake in the ti-opp-supply operating performance points
(OPP) driver that caused an incorrect reference voltage to be used
and make it adjust the minimum voltage dynamically to avoid hangs
or crashes in some cases (Keerthy).
- Fix issues related to compiler flags in the cpupower utility and
correct a linking problem in it by renaming a file with a duplicate
name (Jiri Olsa, Konstantin Khlebnikov)"
* tag 'pm-4.20-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
exec: make de_thread() freezable
cpufreq: ti-cpufreq: Only register platform_device when supported
opp: ti-opp-supply: Correct the supply in _get_optimal_vdd_voltage call
opp: ti-opp-supply: Dynamically update u_volt_min
tools cpupower: Override CFLAGS assignments
tools cpupower debug: Allow to use outside build flags
tools/power/cpupower: fix compilation with STATIC=true
When merging support for SSBD and the CRC32 instructions, the conflict
resolution for the new capability entries in arm64_features[]
inadvertedly predicated the availability of the CRC32 instructions on
CONFIG_ARM64_SSBD, despite the functionality being entirely unrelated.
Move the #ifdef CONFIG_ARM64_SSBD down so that it only covers the SSBD
capability.
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
- Do not lose an IDA on the gpiochip register errorpath.
- Fix the PXA non-pincontrol GPIO-using platforms.
- Fix the direction on the mockup GPIO driver.
- Add some MAINTAINERS stuff: Bartosz stepped up as GPIO
co-maintainer, and Andy established an Intel git tree.
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJb97VPAAoJEEEQszewGV1zLZwQAIotWspRLkhgCrZuREynPYoZ
sUy/HHDRHtmuaq61aR2TYk1Z3IYGmHVQ1oQq08ythLGIhmnnaO450T5FVTJDJoTg
Ow2PkttWN7uT2R6tlqDlRU5m5ZsHqh8W4g0GIHTN0DChTOP4W/v8iNONrbYd3oFv
JPMPP2ZWmbD9ZhhM4MlqOJmhDnNvze/2B5FaAzoO4wUUIz9eTBpiCqW9VHgycUKS
GDpzoePRaGklrGhcvMOycxVK8Q/EGHv72fhW1vATsVj66Z/QQoMHwn83E3PfmXjI
oEqEKRKiE6dkmHg55mYqyn2li76QmGRoRlTpanXH/M5wAkDBCRTXyyM2WZCprmLm
Thfnno++f9kC8i0DnevkNHS2OfHgbK2tEwxMGoKdjeMeEbX5xd29ooJpnv8DXbo7
hUGr/MaKst++nPvVaAoE0bcNDjdvZDzgSpfie+gaaWqhVZn8yUSUP7jCYckIGY53
Cdb54+eEj+BLCLwIyqnMurKhnEGpZ74aMdz47lPcp1zrnkkt8ffgycO/xJRBdtKo
qSk6P7K5GvFzRb5jEHdfDlTjro34bpx+cr+qvenJoHXufoJE5FykQNtz7TGl4jzq
Ohxlz1oNNip5gxvwsYDKSf+3rhSUAJB0ZpiwgknPx6wDeugdCywozsIHqBlcdN9+
i7BI0xpG1AM+cghZrfvO
=Z8GG
-----END PGP SIGNATURE-----
Merge tag 'gpio-v4.20-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio
Pull GPIO fixes from Linus Walleij:
"Minor stuff except the IDA leak which was kind of important to fix.
Also new maintainers, yay.
- Do not lose an IDA on the gpiochip register errorpath.
- Fix the PXA non-pincontrol GPIO-using platforms.
- Fix the direction on the mockup GPIO driver.
- Add some MAINTAINERS stuff: Bartosz stepped up as GPIO
co-maintainer, and Andy established an Intel git tree"
* tag 'gpio-v4.20-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
MAINTAINERS: Do maintain Intel GPIO drivers via separate tree
gpio: mockup: fix indicated direction
gpio: pxa: fix legacy non pinctrl aware builds again
gpio: don't free unallocated ida on gpiochip_add_data_with_key() error path
MAINTAINERS: add myself as co-maintainer of gpiolib
Specify correct type for the constants to avoid
the following sparse complaints:
./arch/arm64/include/asm/sysreg.h:471:42: warning: constant 0xffffffffffffffff is so big it is unsigned long
./arch/arm64/include/asm/sysreg.h:512:42: warning: constant 0xffffffffffffffff is so big it is unsigned long
Acked-by: Will Deacon <will.deacon@arm.com>
Acked-by: Olof Johansson <olof@lixom.net>
Acked-by: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
- Fix for fastboot DSI panel boot time flicker regression, also fixes Bugzilla #108225
- Fix Bugzilla #101269 to avoid GPU hangs on Sandybridge machines
- Avoid GPU hang on error capture on Broxton with Vt-d enabled
- Avoid missing GPU relocations on Pineview and Bearlake (Gen3)
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20181122120555.GA18282@jlahtine-desk.ger.corp.intel.com
Thomas Falcon says:
====================
ibmvnic: Fix queue and buffer accounting errors
This series includes two small fixes. The first resolves a typo bug
in the code to clean up unused RX buffers during device queue removal.
The second ensures that device queue memory is updated to reflect new
supported queue ring sizes after migration to other backing hardware.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
During device reset, queue memory is not being updated to accommodate
changes in ring buffer sizes supported by backing hardware. Track
any differences in ring buffer sizes following the reset and update
queue memory when possible.
Signed-off-by: Thomas Falcon <tlfalcon@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The wrong index is used when cleaning up RX buffer objects during release
of RX queues. Update to use the correct index counter.
Signed-off-by: Thomas Falcon <tlfalcon@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Set xdp_prog pointer to NULL if bpf_prog_add fails since that routine
reports the error code instead of NULL in case of failure and xdp_prog
pointer value is used in the driver to verify if XDP is currently
enabled.
Moreover report the error code to userspace if nicvf_xdp_setup fails
Fixes: 05c773f52b ("net: thunderx: Add basic XDP support")
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
On every iteration of net_dim, the algorithm may choose to
check for the system state by comparing current data sample
with previous data sample. After each of these comparison,
regardless of the action taken, the sample used as baseline
is needed to be updated.
This patch fixes a bug that causes DIM to take wrong decisions,
due to never updating the baseline sample for comparison between
iterations. This way, DIM always compares current sample with
zeros.
Although this is a functional fix, it also improves and stabilizes
performance as the algorithm works properly now.
Performance:
Tested single UDP TX stream with pktgen:
samples/pktgen/pktgen_sample03_burst_single_flow.sh -i p4p2 -d 1.1.1.1
-m 24:8a:07:88:26:8b -f 3 -b 128
ConnectX-5 100GbE packet rate improved from 15-19Mpps to 19-20Mpps.
Also, toggling between profiles is less frequent with the fix.
Fixes: 8115b750db ("net/dim: use struct net_dim_sample as arg to net_dim")
Signed-off-by: Tal Gilboa <talgi@mellanox.com>
Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The only significant change is for OSS PCM emulation to convert
with kvcalloc() to address both performance and security issues.
It's a pretty straightforward change, which should be safe.
The rest are, as usual, device-specific small fixes for HD-audio.
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAlv2hqEOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE87zA/+LhGdC0o4jI25J8dVQhi2tGC8md8L4YENy2Uk
cTYV3tATNsZeNpWY/PvI46NQU3fiSUucIWEWjm1dLvSzbAFYtLXSriQLUK/ioZbg
sWIrR8wJyPlrsMZOJZFtHeJhLkjuBjRxXLp4N420svyb8IMSOq41Z5xaQXDPD0jq
BRykR8C3ZUhCnTuLJ+ZoSjRht/18+Rxb2DbT5sPyaP7iBJ4xNZkY9yKsLI9XbXbn
2R+5iYlftYTr+NZ8KQuNQQ4+0HBTcYeJ/AYma2+wtgHJrJq0ATuOR1/v2TBJfOc9
j1GtSfHUZagw1G1kdJ4QzKvc0mVGjFgEhVjRYgNWBEPg9RKYR6v1QXTEVZvel4dt
fv5RLfLQaRmKTofTwiWROPe4rwKef/SmCeu7+1/ZaNIK0QuoPbvVSV5Ye9aNQxfk
1VWTMbHGMJ2ZomGWLUkmDP7426J7xitHErE5tO4P3SXQiln8vbJwfKbVaWwsQgGB
wlYJqOua2pvcimIq5wAOHJwJxwKxOCi+iOLwQRdQZE6V5sQcwoV1adKiMKq3sLxJ
AUbfq1kilpzZ1/3GYyHikiN1W31ihOcmdvb9pIjiH5WamY4QgZPqf//nOLvO2U4s
M0biO9rZHyrglwGSMuRCEP+sR5SBc+Pppe8/3uE/Onm2hgB+KvMghY2Hex5DcxaM
WOCxND8=
=ISp2
-----END PGP SIGNATURE-----
Merge tag 'sound-4.20-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"The only significant change is for OSS PCM emulation to convert with
kvcalloc() to address both performance and security issues. It's a
pretty straightforward change, which should be safe.
The rest are, as usual, device-specific small fixes for HD-audio"
* tag 'sound-4.20-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda/ca0132 - fix AE-5 pincfg
ALSA: hda/ca0132 - Add new ZxR quirk
ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap()
ALSA: hda/realtek - Add quirk entry for HP Pavilion 15
ALSA: oss: Use kvzalloc() for local buffer allocations
Here are some small char/misc driver fixes for issues that have been
reported.
Nothing major, highlights include:
- gnss sync write fixes
- uio oops fix
- nvmem fixes
- other minor fixes and some documentation/maintainers updates
Full details are in the shortlog.
All of these have been in linux-next for a while with no reported
issues.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCW/ZqSw8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+yks8gCgm0Amv9/GLpE7qZqe/Az2S7t7pm4An2NHYfS1
/vrBi80OCiSLGakl/zs2
=MYVD
-----END PGP SIGNATURE-----
Merge tag 'char-misc-4.20-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
Pull char/misc driver fixes from Greg KH:
"Here are some small char/misc driver fixes for issues that have been
reported.
Nothing major, highlights include:
- gnss sync write fixes
- uio oops fix
- nvmem fixes
- other minor fixes and some documentation/maintainers updates
Full details are in the shortlog.
All of these have been in linux-next for a while with no reported
issues"
* tag 'char-misc-4.20-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
Documentation/security-bugs: Postpone fix publication in exceptional cases
MAINTAINERS: Add Sasha as a stable branch maintainer
gnss: sirf: fix synchronous write timeout
gnss: serial: fix synchronous write timeout
uio: Fix an Oops on load
test_firmware: fix error return getting clobbered
nvmem: core: fix regression in of_nvmem_cell_get()
misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data
drivers/misc/sgi-gru: fix Spectre v1 vulnerability
Drivers: hv: kvp: Fix the recent regression caused by incorrect clean-up
slimbus: ngd: remove unnecessary check
Here are a number of small USB fixes for 4.20-rc4.
There's the usual xhci and dwc2/3 fixes as well as a few minor other
issues resolved for problems that have been reported. Full details are
in the shortlog.
All have been in linux-next for a while with no reported issues.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCW/ZsOg8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ymPlACeO1ii05UG6Mb47AC0sZbgMk5diWwAnRK3A0Pe
fSupZy5v6u1HBEormFco
=5k0S
-----END PGP SIGNATURE-----
Merge tag 'usb-4.20-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Pull USB fixes from Greg KH:
"Here are a number of small USB fixes for 4.20-rc4.
There's the usual xhci and dwc2/3 fixes as well as a few minor other
issues resolved for problems that have been reported. Full details are
in the shortlog.
All have been in linux-next for a while with no reported issues"
* tag 'usb-4.20-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
usb: cdc-acm: add entry for Hiro (Conexant) modem
usb: xhci: Prevent bus suspend if a port connect change or polling state is detected
usb: core: Fix hub port connection events lost
usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers
Revert "usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers"
usb: dwc2: pci: Fix an error code in probe
usb: dwc3: Fix NULL pointer exception in dwc3_pci_remove()
xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc
usb: xhci: fix timeout for transition from RExit to U0
usb: xhci: fix uninitialized completion when USB3 port got wrong status
xhci: Add check for invalid byte size error when UAS devices are connected.
xhci: handle port status events for removed USB3 hcd
xhci: Fix leaking USB3 shared_hcd at xhci removal
USB: misc: appledisplay: add 20" Apple Cinema Display
USB: quirks: Add no-lpm quirk for Raydium touchscreens
usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB
USB: Wait for extra delay time after USB_PORT_FEAT_RESET for quirky hub
usb: dwc3: gadget: Properly check last unaligned/zero chain TRB
usb: dwc3: core: Clean up ULPI device
- Various fixes related to the SFDP parsing code merged in 4.20
- Fix for a page fault in the cadence-qspi
NAND fixes:
- Fix a macro name conflict between the QCOM NAND controller driver
and the RISC-V asm headers
- Fix of-node handling in the atmel driver
-----BEGIN PGP SIGNATURE-----
iQJQBAABCgA6FiEEKmCqpbOU668PNA69Ze02AX4ItwAFAlv2Y7QcHGJvcmlzLmJy
ZXppbGxvbkBib290bGluLmNvbQAKCRBl7TYBfgi3AOOoD/9FpLnRt20eUe4AFeio
98Jxm5Hr8Eh0VEMEOeV2/06zJrkg1qpf0hKsdiQoX6pdWBfrce01oKpaK3lzSFso
t9bWKrqDR1rGFsoN7BBlSHVSsHvCr6yWF9rFJImKB5gZOxO8CosHY2J2m1KKUC+v
FRA4rZOCasOd6IQGlG+KUJyjKSOquSJyFHOV3K1HqhItExgUdwTOKJsuB/CZC0rd
7ges2HfvRAJy8lE5gOnoJA3S3Z7UVCvOZl7+Gh+blRye17nqzYXO+9yPOHLp6ZVA
nLdQZX7Z+5ZqkKnXfzSKkVSQosIGpHmvhr9rxzrOL2aXf96Hb+s1cAuXf1toYyGY
bj2DtZ2FXs+0bHWBNmBayeheY59FuPRF9mH3AnV1tRCpP6XtnIBtqVQao1Pf30sR
7N1bsHOOtfyITuaeR9jTRaPzVn70zCrhvWPdZvu0Ui6RRBACJi/mB6FzY+3dwsRy
rMR823WUwxjDqfMfEp/KDP9lRHHDW+Hfcq+ZnidcqbFNIYyg8YYY9K2OFjYWXjNf
S9XgBVDo4DlKR+eXyYYxjvpQwP6tnVfMrsnBU4dIIn74BTFIRX6gifjtiCd2eX39
v6fLEtzaSR7nK00Q2V5rpKah5yjy21sV6TGIA/MIKfEfm60AeN8u9j1+melqKMn+
QnbNZ6rTVzloUROD8OHAjcwUbQ==
=9R0Y
-----END PGP SIGNATURE-----
Merge tag 'mtd/fixes-for-4.20-rc4' of git://git.infradead.org/linux-mtd
Pull mtd fixes from Boris Brezillon:
"SPI NOR fixes:
- Various fixes related to the SFDP parsing code merged in 4.20
- Fix for a page fault in the cadence-qspi
NAND fixes:
- Fix a macro name conflict between the QCOM NAND controller driver
and the RISC-V asm headers
- Fix of-node handling in the atmel driver"
* tag 'mtd/fixes-for-4.20-rc4' of git://git.infradead.org/linux-mtd:
mtd: spi-nor: fix selection of uniform erase type in flexible conf
mtd: spi-nor: Fix Cadence QSPI page fault kernel panic
mtd: rawnand: qcom: Namespace prefix some commands
mtd: rawnand: atmel: fix OF child-node lookup
mtd: spi_nor: pass DMA-able buffer to spi_nor_read_raw()
mtd: spi-nor: don't overwrite errno in spi_nor_get_map_in_use()
mtd: spi-nor: fix iteration over smpt array
mtd: spi-nor: don't drop sfdp data if optional parsers fail
Two small fixes. The qla2xxx is a regression from 4.18 and the ufs
one is a device enablement fix.
Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com>
-----BEGIN PGP SIGNATURE-----
iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCW/Yo4CYcamFtZXMuYm90
dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishaVLAQCHzxoa
RFlf8FXz+LTT1AVI7mbKTh3Kfv/8fIDRXd9OPQD+M0p45olpmk3a4EqHSm+jW7ue
JxsGplw8HCTEsvHrRqw=
=GBzo
-----END PGP SIGNATURE-----
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"Two small fixes.
The qla2xxx is a regression from 4.18 and the ufs one is a device
enablement fix"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: ufs: Fix hynix ufs bug with quirk on hi36xx SoC
scsi: qla2xxx: Timeouts occur on surprise removal of QLogic adapter
memunmap() should be used to free the return of memremap(), not
iounmap().
Fixes: dfddb969ed ('iommu/vt-d: Switch from ioremap_cache to memremap')
Signed-off-by: Pan Bian <bianpan2016@163.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
- OD fixes for powerplay
- Vega20 fixes
- KFD fix for Kaveri
- add missing firmware declaration for hainan (SI chip)
- Fix DC user experience regressions related to panels that support >8 bpc
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Alex Deucher <alexdeucher@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20181121163647.2847-1-alexander.deucher@amd.com
In the original ftmac100_interrupt(), the interrupts are only disabled when
the condition "netif_running(netdev)" is true. However, this condition
causes kerenl hang in the following case. When the user requests to
disable the network device, kernel will clear the bit __LINK_STATE_START
from the dev->state and then call the driver's ndo_stop function. Network
device interrupts are not blocked during this process. If an interrupt
occurs between clearing __LINK_STATE_START and stopping network device,
kernel cannot disable the interrupts due to the condition
"netif_running(netdev)" in the ISR. Hence, kernel will hang due to the
continuous interruption of the network device.
In order to solve the above problem, the interrupts of the network device
should always be disabled in the ISR without being restricted by the
condition "netif_running(netdev)".
[V2]
Remove unnecessary curly braces.
Signed-off-by: Vincent Chen <vincentc@andestech.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The value of pitches is not correct while calling mode_set.
The issue we found so far on following system:
- Debian8 with XFCE Desktop
- Ubuntu with KDE Desktop
- SUSE15 with KDE Desktop
Signed-off-by: Y.C. Chen <yc_chen@aspeedtech.com>
Cc: <stable@vger.kernel.org>
Tested-by: Jean Delvare <jdelvare@suse.de>
Reviewed-by: Jean Delvare <jdelvare@suse.de>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Ursula Braun says:
====================
net/smc: fixes 2018-11-12
here is V4 of some net/smc fixes in different areas for the net tree.
v1->v2:
do not define 8-byte alignment for union smcd_cdc_cursor in
patch 4/5 "net/smc: atomic SMCD cursor handling"
v2->v3:
stay with 8-byte alignment for union smcd_cdc_cursor in
patch 4/5 "net/smc: atomic SMCD cursor handling", but get rid of
__packed for struct smcd_cdc_msg
v3->v4:
get rid of another __packed for struct smc_cdc_msg in
patch 4/5 "net/smc: atomic SMCD cursor handling"
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
In smc_wr_tx_put_slot() field pend->idx is used after being
cleared. That means always idx 0 is cleared in the wr_tx_mask.
This results in a broken administration of available WR send
payload buffers.
Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Running uperf tests with SMCD on LPARs results in corrupted cursors.
SMCD cursors should be treated atomically to fix cursor corruption.
Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
When a SMC-D link group is freed, a shutdown signal should be sent to
the peer to indicate that the link group is invalid. This patch adds the
shutdown signal to the SMC code.
Signed-off-by: Hans Wippel <hwippel@linux.ibm.com>
Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
When searching for an existing link group the queue pair number is also
to be taken into consideration. When the SMC server sends a new number
in a CLC packet (keeping all other values equal) then a new link group
is to be created on the SMC client side.
Signed-off-by: Karsten Graul <kgraul@linux.ibm.com>
Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
In case of a non-blocking SMC socket, the initial CLC handshake is
performed over a blocking TCP connection in a worker. If the SMC socket
is released, smc_release has to wait for the blocking CLC socket
operations (e.g., kernel_connect) inside the worker.
This patch aborts a CLC connection when the respective non-blocking SMC
socket is released to avoid waiting on socket operations or timeouts.
Signed-off-by: Hans Wippel <hwippel@linux.ibm.com>
Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
First set of fixes for 4.20, this time we have quite a few them but
all very small.
ath9k
* fix a locking regression found by a static checker
wlcore
* fix a crash which was a regression with wakeirq handling
brcm80211
* yet another fix for 160 MHz channel handling
mt76
* fix a longstaning build problem when CONFIG_LEDS_CLASS is disabled
* don't use uninitialised mutex
iwlwifi
* do note that the iwlwifi merge tag (commit 4ec321c146) seems to
contain wrong list of changes so ignore that
* fix ACPI data handling, a memory leak and other smaller fixes
ath10k
* fix a crash during suspend which was a recent regression
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJb9CR9AAoJEG4XJFUm622bMdAH/2z0jY38RTPqLYH7BKfIzQkB
M8GC4bi0c3NexkwS+S0xLr6A5FyTcbi2pKOqdZ2eXEoiopso5OocWXYnIw0IDA9C
ll5aI4DfIoqTIVBvYWp/Rnar67oRAfND5z3iOnu0C34KNiMbUY2WfJ6RUTo+gjZ4
Wokaf6EWOCODDtL2atBtvT96JSlM7t398aUksKzcOGX+0XPGYfyho/wQGZIYE9iQ
Exgmp9KyBBlQugu+EyGH+Dxt8J+1sSveIJXnfaCb9avtpo+C/SG7+pnJhX8ij7fH
+pYuWOq/YyliUVHVxfpK5+lVJB3ICGezbZ6xp3G3MURBqdX/E2oouFJvyKrESPc=
=je2r
-----END PGP SIGNATURE-----
Merge tag 'wireless-drivers-for-davem-2018-11-20' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers
Kalle Valo says:
====================
wireless-drivers fixes for 4.20
First set of fixes for 4.20, this time we have quite a few them but
all very small.
ath9k
* fix a locking regression found by a static checker
wlcore
* fix a crash which was a regression with wakeirq handling
brcm80211
* yet another fix for 160 MHz channel handling
mt76
* fix a longstaning build problem when CONFIG_LEDS_CLASS is disabled
* don't use uninitialised mutex
iwlwifi
* do note that the iwlwifi merge tag (commit 4ec321c146) seems to
contain wrong list of changes so ignore that
* fix ACPI data handling, a memory leak and other smaller fixes
ath10k
* fix a crash during suspend which was a recent regression
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Jean-Louis reported a TCP regression and bisected to recent SACK
compression.
After a loss episode (receiver not able to keep up and dropping
packets because its backlog is full), linux TCP stack is sending
a single SACK (DUPACK).
Sender waits a full RTO timer before recovering losses.
While RFC 6675 says in section 5, "Algorithm Details",
(2) If DupAcks < DupThresh but IsLost (HighACK + 1) returns true --
indicating at least three segments have arrived above the current
cumulative acknowledgment point, which is taken to indicate loss
-- go to step (4).
...
(4) Invoke fast retransmit and enter loss recovery as follows:
there are old TCP stacks not implementing this strategy, and
still counting the dupacks before starting fast retransmit.
While these stacks probably perform poorly when receivers implement
LRO/GRO, we should be a little more gentle to them.
This patch makes sure we do not enable SACK compression unless
3 dupacks have been sent since last rcv_nxt update.
Ideally we should even rearm the timer to send one or two
more DUPACK if no more packets are coming, but that will
be work aiming for linux-4.21.
Many thanks to Jean-Louis for bisecting the issue, providing
packet captures and testing this patch.
Fixes: 5d9f4262b7 ("tcp: add SACK compression")
Reported-by: Jean-Louis Dupond <jean-louis@dupond.be>
Tested-by: Jean-Louis Dupond <jean-louis@dupond.be>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch fixes a possible null pointer dereference in
do_load, detected by the semantic patch deref_null.cocci,
with the following warning:
./tools/bpf/bpftool/prog.c:1021:23-25: ERROR: map_replace is NULL but dereferenced.
The following code has potential null pointer references:
881 map_replace = reallocarray(map_replace, old_map_fds + 1,
882 sizeof(*map_replace));
883 if (!map_replace) {
884 p_err("mem alloc failed");
885 goto err_free_reuse_maps;
886 }
...
1019 err_free_reuse_maps:
1020 for (i = 0; i < old_map_fds; i++)
1021 close(map_replace[i].fd);
1022 free(map_replace);
Fixes: 3ff5a4dc5d ("tools: bpftool: allow reuse of maps with bpftool prog load")
Co-developed-by: Wen Yang <wen.yang99@zte.com.cn>
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
When a packet is trapped and the corresponding SKB marked as
already-forwarded, it retains this marking even after it is forwarded
across veth links into another bridge. There, since it ingresses the
bridge over veth, which doesn't have offload_fwd_mark, it triggers a
warning in nbp_switchdev_frame_mark().
Then nbp_switchdev_allowed_egress() decides not to allow egress from
this bridge through another veth, because the SKB is already marked, and
the mark (of 0) of course matches. Thus the packet is incorrectly
blocked.
Solve by resetting offload_fwd_mark() in skb_scrub_packet(). That
function is called from tunnels and also from veth, and thus catches the
cases where traffic is forwarded between bridges and transformed in a
way that invalidates the marking.
Fixes: 6bc506b4fb ("bridge: switchdev: Add forward mark support for stacked devices")
Fixes: abf4bb6b63 ("skbuff: Add the offload_mr_fwd_mark field")
Signed-off-by: Petr Machata <petrm@mellanox.com>
Suggested-by: Ido Schimmel <idosch@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This week is a bit bigger than I expected. That's my fault, as I missed
a few patches while I was at Plumbers last week. We have:
* A fix to a quite embarassing issue where raw_copy_to_user() was
implemented with asm_copy_from_user() (and vice versa).
* Improvements to our makefile to allow flat binaries to be generated.
* A build fix that predeclares "struct module" at the top of
<asm/module.h>, which triggers warnings later in that header.
* The addition of our own <uapi/asm/unistd> header, which is necessary
to align our stat ABI on 32-bit systems.
* A fix to avoid printing a warning when the S or U bits are set in
print_isa().
I already have one patch in the queue for next week.
-----BEGIN PGP SIGNATURE-----
iQJHBAABCAAxFiEEAM520YNJYN/OiG3470yhUCzLq0EFAlv0TPYTHHBhbG1lckBk
YWJiZWx0LmNvbQAKCRDvTKFQLMurQbdLD/9B5m4rAgYKLTtxNNGs0WJWsTyODjq+
OTK/PPq+AAhRBtnUeERtcHLs3EEyRN6NVA/KS+j4D02H+cu1/3q3xO6h/+r+ACv3
jOe+vJT7vs/ziTG3YK4VI7gZUu9qUbYUlAObCCWo2k5PnA4kH0HTsI95X4+tizN4
B+vmx21XksppwQ9I74czbp7nbFpZdXYOewm4lCv1PPRTsHQCxQbxgvv+JW24xher
KECnlUInFYelUUF6tRYWWVP9WcVrxrZFxQRP8yf2WmK3WGIXy5q4+HvM3TLfW29E
aAwNYd0Ohs57VstCGwSAQ/tgIKcDOFKd3NyChGep7/g6CrFeiQ9hk+9A4bTQRtiJ
Zv+WmQjEyh0g9oWaEgdFcHthfOvi9QknLJkWjv2SkgIwKISom+tICtcDsabx2279
fAhqV0bKuzFhmihOBbDE4Kp0lY+kwVUUncvG/P8aPBdFjUXjRudxefdZ1cjOgL44
oeOdvhwCJrf3lBoGmAEhj2vtQ//xKF+PI2a8ei6Oum32yLgkqiDLLpXONq5wvpxm
/Qrc/6W9UFoQAM6NPTaoBPUu6QG2rt4QVyahSWKHPsOLK0jLQITi0P00pW/oRSs0
yDx/sdHi95DBDSpj7zgkyDGgZIfHG4IVncipplXuSBb9vrlTa7LckAPBSUo6KFeg
i+9xKcrf3fhmHg==
=xGZd
-----END PGP SIGNATURE-----
Merge tag 'riscv-for-linus-4.20-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux
Pull RISC-V fixes from Palmer Dabbelt:
"This week is a bit bigger than I expected. That's my fault, as I
missed a few patches while I was at Plumbers last week. We have:
- A fix to a quite embarassing issue where raw_copy_to_user() was
implemented with asm_copy_from_user() (and vice versa).
- Improvements to our makefile to allow flat binaries to be
generated.
- A build fix that predeclares "struct module" at the top of
<asm/module.h>, which triggers warnings later in that header.
- The addition of our own <uapi/asm/unistd> header, which is
necessary to align our stat ABI on 32-bit systems.
- A fix to avoid printing a warning when the S or U bits are set in
print_isa().
I already have one patch in the queue for next week"
* tag 'riscv-for-linus-4.20-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux:
RISC-V: recognize S/U mode bits in print_isa
riscv: add asm/unistd.h UAPI header
riscv: fix warning in arch/riscv/include/asm/module.h
RISC-V: Build flat and compressed kernel images
RISC-V: Fix raw_copy_{to,from}_user()
When we read the EOF page of the file via readpages, we need
to zero the region beyond EOF that we either do not read or
should not contain data so that mmap does not expose stale data to
user applications.
However, iomap_adjust_read_range() fails to detect EOF correctly,
and so fsx on 1k block size filesystems fails very quickly with
mapreads exposing data beyond EOF. There are two problems here.
Firstly, when calculating the end block of the EOF byte, we have
to round the size by one to avoid a block aligned EOF from reporting
a block too large. i.e. a size of 1024 bytes is 1 block, which in
index terms is block 0. Therefore we have to calculate the end block
from (isize - 1), not isize.
The second bug is determining if the current page spans EOF, and so
whether we need split it into two half, one for the IO, and the
other for zeroing. Unfortunately, the code that checks whether
we should split the block doesn't actually check if we span EOF, it
just checks if the read spans the /offset in the page/ that EOF
sits on. So it splits every read into two if EOF is not page
aligned, regardless of whether we are reading the EOF block or not.
Hence we need to restrict the "does the read span EOF" check to
just the page that spans EOF, not every page we read.
This patch results in correct EOF detection through readpages:
xfs_vm_readpages: dev 259:0 ino 0x43 nr_pages 24
xfs_iomap_found: dev 259:0 ino 0x43 size 0x66c00 offset 0x4f000 count 98304 type hole startoff 0x13c startblock 1368 blockcount 0x4
iomap_readpage_actor: orig pos 323584 pos 323584, length 4096, poff 0 plen 4096, isize 420864
xfs_iomap_found: dev 259:0 ino 0x43 size 0x66c00 offset 0x50000 count 94208 type hole startoff 0x140 startblock 1497 blockcount 0x5c
iomap_readpage_actor: orig pos 327680 pos 327680, length 94208, poff 0 plen 4096, isize 420864
iomap_readpage_actor: orig pos 331776 pos 331776, length 90112, poff 0 plen 4096, isize 420864
iomap_readpage_actor: orig pos 335872 pos 335872, length 86016, poff 0 plen 4096, isize 420864
iomap_readpage_actor: orig pos 339968 pos 339968, length 81920, poff 0 plen 4096, isize 420864
iomap_readpage_actor: orig pos 344064 pos 344064, length 77824, poff 0 plen 4096, isize 420864
iomap_readpage_actor: orig pos 348160 pos 348160, length 73728, poff 0 plen 4096, isize 420864
iomap_readpage_actor: orig pos 352256 pos 352256, length 69632, poff 0 plen 4096, isize 420864
iomap_readpage_actor: orig pos 356352 pos 356352, length 65536, poff 0 plen 4096, isize 420864
iomap_readpage_actor: orig pos 360448 pos 360448, length 61440, poff 0 plen 4096, isize 420864
iomap_readpage_actor: orig pos 364544 pos 364544, length 57344, poff 0 plen 4096, isize 420864
iomap_readpage_actor: orig pos 368640 pos 368640, length 53248, poff 0 plen 4096, isize 420864
iomap_readpage_actor: orig pos 372736 pos 372736, length 49152, poff 0 plen 4096, isize 420864
iomap_readpage_actor: orig pos 376832 pos 376832, length 45056, poff 0 plen 4096, isize 420864
iomap_readpage_actor: orig pos 380928 pos 380928, length 40960, poff 0 plen 4096, isize 420864
iomap_readpage_actor: orig pos 385024 pos 385024, length 36864, poff 0 plen 4096, isize 420864
iomap_readpage_actor: orig pos 389120 pos 389120, length 32768, poff 0 plen 4096, isize 420864
iomap_readpage_actor: orig pos 393216 pos 393216, length 28672, poff 0 plen 4096, isize 420864
iomap_readpage_actor: orig pos 397312 pos 397312, length 24576, poff 0 plen 4096, isize 420864
iomap_readpage_actor: orig pos 401408 pos 401408, length 20480, poff 0 plen 4096, isize 420864
iomap_readpage_actor: orig pos 405504 pos 405504, length 16384, poff 0 plen 4096, isize 420864
iomap_readpage_actor: orig pos 409600 pos 409600, length 12288, poff 0 plen 4096, isize 420864
iomap_readpage_actor: orig pos 413696 pos 413696, length 8192, poff 0 plen 4096, isize 420864
iomap_readpage_actor: orig pos 417792 pos 417792, length 4096, poff 0 plen 3072, isize 420864
iomap_readpage_actor: orig pos 420864 pos 420864, length 1024, poff 3072 plen 1024, isize 420864
As you can see, it now does full page reads until the last one which
is split correctly at the block aligned EOF, reading 3072 bytes and
zeroing the last 1024 bytes. The original version of the patch got
this right, but it got another case wrong.
The EOF detection crossing really needs to the the original length
as plen, while it starts at the end of the block, will be shortened
as up-to-date blocks are found on the page. This means "orig_pos +
plen" no longer points to the end of the page, and so will not
correctly detect EOF crossing. Hence we have to use the length
passed in to detect this partial page case:
xfs_filemap_fault: dev 259:1 ino 0x43 write_fault 0
xfs_vm_readpage: dev 259:1 ino 0x43 nr_pages 1
xfs_iomap_found: dev 259:1 ino 0x43 size 0x2cc00 offset 0x2c000 count 4096 type hole startoff 0xb0 startblock 282 blockcount 0x4
iomap_readpage_actor: orig pos 180224 pos 181248, length 4096, poff 1024 plen 2048, isize 183296
xfs_iomap_found: dev 259:1 ino 0x43 size 0x2cc00 offset 0x2cc00 count 1024 type hole startoff 0xb3 startblock 285 blockcount 0x1
iomap_readpage_actor: orig pos 183296 pos 183296, length 1024, poff 3072 plen 1024, isize 183296
Heere we see a trace where the first block on the EOF page is up to
date, hence poff = 1024 bytes. The offset into the page of EOF is
3072, so the range we want to read is 1024 - 3071, and the range we
want to zero is 3072 - 4095. You can see this is split correctly
now.
This fixes the stale data beyond EOF problem that fsx quickly
uncovers on 1k block size filesystems.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
It returns EINVAL when the operation is not supported by the
filesystem. Fix it to return EOPNOTSUPP to be consistent with
the man page and clone_file_range().
Clean up the inconsistent error return handling while I'm there.
(I know, lipstick on a pig, but every little bit helps...)
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
When doing direct IO to a pipe for do_splice_direct(), then pipe is
trivial to fill up and overflow as it can only hold 16 pages. At
this point bio_iov_iter_get_pages() then returns -EFAULT, and we
abort the IO submission process. Unfortunately, iomap_dio_rw()
propagates the error back up the stack.
The error is converted from the EFAULT to EAGAIN in
generic_file_splice_read() to tell the splice layers that the pipe
is full. do_splice_direct() completely fails to handle EAGAIN errors
(it aborts on error) and returns EAGAIN to the caller.
copy_file_write() then completely fails to handle EAGAIN as well,
and so returns EAGAIN to userspace, having failed to copy the data
it was asked to.
Avoid this whole steaming pile of fail by having iomap_dio_rw()
silently swallow EFAULT errors and so do short reads.
To make matters worse, iomap_dio_actor() has a stale data exposure
bug bio_iov_iter_get_pages() fails - it does not zero the tail block
that it may have been left uncovered by partial IO. Fix the error
handling case to drop to the sub-block zeroing rather than
immmediately returning the -EFAULT error.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
If we are doing sub-block dio that extends EOF, we need to zero
the unused tail of the block to initialise the data in it it. If we
do not zero the tail of the block, then an immediate mmap read of
the EOF block will expose stale data beyond EOF to userspace. Found
with fsx running sub-block DIO sizes vs MAPREAD/MAPWRITE operations.
Fix this by detecting if the end of the DIO write is beyond EOF
and zeroing the tail if necessary.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
