Before 98f4c65176, we returned zeros for unopened channels.
With 98f4c65176, we started to return random on-stack values.
We'd better return -EINVAL instead.
Fixes: 98f4c65176 ("hv: move ringbuffer bus attributes to dev_groups")
Cc: stable@vger.kernel.org
Cc: K. Y. Srinivasan <kys@microsoft.com>
Cc: Haiyang Zhang <haiyangz@microsoft.com>
Cc: Stephen Hemminger <sthemmin@microsoft.com>
Signed-off-by: Dexuan Cui <decui@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Specifying a starting ID greater than the maximum ID isn't something
attempted very often, but it should fail. It was succeeding due to
xas_find_marked() returning the wrong error state, so add tests for
both xa_alloc() and xas_find_marked().
Fixes: b803b42823 ("xarray: Add XArray iterators")
Signed-off-by: Matthew Wilcox <willy@infradead.org>
- One performance regression for hfi1
- One kasan fix for hfi1
- A couple mlx5 fixes
- A core oops fix
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJcEo1oAAoJELgmozMOVy/dUr8QAJiAsiUxm6F5KDLubocvNpLp
rGNi43Rc1wFOKg0c4epPCxU2vQSfuIeERCCdPSX/vTvpzKjgtXN3+PP0iPyn2mUV
88MFAG/HE0QOnyyDYCa8nIWNKLnuFiJ0eaEBWRT1vVFgBpVS1zSriT63+ZEslGC+
PoB2EQiwCY/ORpZp967r08LwdiFHk7czYgadtNkOPvBceF5raeKH74rJ65l9Nb/T
JmW7liMmXbq1rbLBf6/aC134Q8NTHRKLb+MfkjYjUph8qRQ6Pj4XK5mA/m+bR6L8
Tj8H+JUZG4DNpiHrVr5LmVIS7uW1B6L59iH7c98m41gC/TOQKxC5cuee5I1QS4QX
xIT5gqW/dKJ9vmnjfDqPUzFjxg+RlaHytHry85/51+cjltWwszcR9gW1mjqysSwp
1Knm2emB/DGyr9DMTO592gVuDaJtWGKgKKcXOr9H4LqmQftczyWfgINr5SXQ//Ej
PTO8PtHwPV2DHd8qkeQjgB2U5TB60wthB9akeqY+mgNe7A147abGWDhWNRSFIHEy
G+5jX6iwng1VNe90Qd1g3vaLhmmbcwOIs7lip94OxePrx1NMAqiRwv6LvUMM1GOs
dm4fLXbj1aWeMZ+x8IYGSnpxjPIdCe4gQAeZ5WJRxkhv/x+xkNXoT6jqhqS7qeDO
8QP87gemR/LuISS7TTGL
=P1FB
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
Pull rdma fixes from Doug Ledford:
"We have 5 small fixes for this pull request. One is a performance
regression, so not necessarily strictly a fix, but it was small and
reasonable and claimed to avoid thrashing in the scheduler, so I took
it. The remaining are all legitimate fixes that match the "we take
fixes any time" criteria.
Summary:
- One performance regression for hfi1
- One kasan fix for hfi1
- A couple mlx5 fixes
- A core oops fix"
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
IB/core: Fix oops in netdev_next_upper_dev_rcu()
IB/mlx5: Block DEVX umem from the non applicable cases
IB/mlx5: Fix implicit ODP interrupted page fault
IB/hfi1: Fix an out-of-bounds access in get_hw_stats
IB/hfi1: Fix a latency issue for small messages
Only usual suspects here: a few more fixups for Realtek HD-audio on
various PCs, including a regression fix in the previous fix for
Lenovo X1 Carbon, as well as a typo fix in the recent Fireface patch.
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAlwSEwMOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE+Wzg//QJ5MQfbOi4TqAVuk4BSqLd4PPxksiCC92981
JGW/LcNZFw1tj/dH9Y3d99555wc21jBGVjRT9UvA8aQ+R0Hj8+A5jwpybk2Z9JPF
RgpR2pboa/PQ0bGdE0CFnotD+sa5//AxC++KoekLSq6BDGOhPUprQfqJxs/pK+kf
Wsmh87VIpHuljWXaBARoXdkRSIDeOUAUnI+a2XkxLiJR2/2BGljZLYo5oOJlfVqc
YMwsmjffClYlF6yeUjg+MkleE8AIzrsyztHVid3vu3Hbh1HmPVwjMMYT9Zt9Q1lQ
gb++XOtUqWh2kFbQH8PgdlhGOz4SGZEygHunViQ30Fl54KpI+xKdWrtr5aPduqwH
eLMjURD91QWMwaBpz0V04QDbTr8H5MoCIXiVs46pgSEXyyd2eCoewu3+X9aBKmCZ
L/oViKUnIwp1m0EcKBn6QFAHJVEUnUeOBZbLaSNxgKjaHhAyNDaZs2w1goUWpaZL
Jy4fvbFj2H1f6fNTZGSyJOpIJ4+DYAYeJFRmJJC0PpZJodr3shOPTjzBI506Lz8U
dREQSqZMfmqjfCr52hwcCAwtCfL45zD1OqeLEzN3St1ZUEw5GL3Fvg2eZBLfDFD1
LXxUT/S+ColfiZicqcHpD74JCWiT3hFprAHs118NDUbl54ZARGxdscJ/8AOZ8Qbq
SfOTzP0=
=3Ked
-----END PGP SIGNATURE-----
Merge tag 'sound-4.20-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"Only usual suspects here: a few more fixups for Realtek HD-audio on
various PCs, including a regression fix in the previous fix for Lenovo
X1 Carbon, as well as a typo fix in the recent Fireface patch"
* tag 'sound-4.20-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294
ALSA: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294
ALSA: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN
ALSA: fireface: fix reference to wrong register for clock configuration
ALSA: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon
ALSA: hda/realtek - Fixed headphone issue for ALC700
Currently for liveness and state pruning the register parentage
chains don't include states of the callee. This makes some sense
as the callee can't access those registers. However, this means
that READs done after the callee returns will not propagate into
the states of the callee. Callee will then perform pruning
disregarding differences in caller state.
Example:
0: (85) call bpf_user_rnd_u32
1: (b7) r8 = 0
2: (55) if r0 != 0x0 goto pc+1
3: (b7) r8 = 1
4: (bf) r1 = r8
5: (85) call pc+4
6: (15) if r8 == 0x1 goto pc+1
7: (05) *(u64 *)(r9 - 8) = r3
8: (b7) r0 = 0
9: (95) exit
10: (15) if r1 == 0x0 goto pc+0
11: (95) exit
Here we acquire unknown state with call to get_random() [1]. Then
we store this random state in r8 (either 0 or 1) [1 - 3], and make
a call on line 5. Callee does nothing but a trivial conditional
jump (to create a pruning point). Upon return caller checks the
state of r8 and either performs an unsafe read or not.
Verifier will first explore the path with r8 == 1, creating a pruning
point at [11]. The parentage chain for r8 will include only callers
states so once verifier reaches [6] it will mark liveness only on states
in the caller, and not [11]. Now when verifier walks the paths with
r8 == 0 it will reach [11] and since REG_LIVE_READ on r8 was not
propagated there it will prune the walk entirely (stop walking
the entire program, not just the callee). Since [6] was never walked
with r8 == 0, [7] will be considered dead and replaced with "goto -1"
causing hang at runtime.
This patch weaves the callee's explored states onto the callers
parentage chain. Rough parentage for r8 would have looked like this
before:
[0] [1] [2] [3] [4] [5] [10] [11] [6] [7]
| | ,---|----. | | |
sl0: sl0: / sl0: \ sl0: sl0: sl0:
fr0: r8 <-- fr0: r8<+--fr0: r8 `fr0: r8 ,fr0: r8<-fr0: r8
\ fr1: r8 <- fr1: r8 /
\__________________/
after:
[0] [1] [2] [3] [4] [5] [10] [11] [6] [7]
| | | | | |
sl0: sl0: sl0: sl0: sl0: sl0:
fr0: r8 <-- fr0: r8 <- fr0: r8 <- fr0: r8 <-fr0: r8<-fr0: r8
fr1: r8 <- fr1: r8
Now the mark from instruction 6 will travel through callees states.
Note that we don't have to connect r0 because its overwritten by
callees state on return and r1 - r5 because those are not alive
any more once a call is made.
v2:
- don't connect the callees registers twice (Alexei: suggestion & code)
- add more details to the comment (Ed & Alexei)
v1: don't unnecessarily link caller saved regs (Jiong)
Fixes: f4d7e40a5b ("bpf: introduce function calls (verification)")
Reported-by: David Beckett <david.beckett@netronome.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Jiong Wang <jiong.wang@netronome.com>
Reviewed-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Add entry for mt76 driver in MAINTAINERS file
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Starting from mac80211 commit adf8ed01e4 ("mac80211: add an optional
TXQ for other PS-buffered frames") and commit 0eeb2b674f ("mac80211:
add an option for station management TXQ") a new per-sta queue has been
introduced for bufferable management frames.
sta->txq[IEEE80211_NUM_TIDS] is initialized just if the driver reports
the following hw flags:
- IEEE80211_HW_STA_MMPDU_TXQ
- IEEE80211_HW_BUFF_MMPDU_TXQ
This can produce a NULL pointer dereference in mt76_stop_tx_queues
since mt76 iterates on all available sta tx queues assuming they are
initialized by mac80211. This issue has been spotted analyzing the code
(it has not triggered any crash yet)
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
This reverts commit 5188d5453b, because it
introduced lock recursion:
BUG: spinlock recursion on CPU#2, kworker/u13:1/395
lock: 0xffffffc0e28a47f0, .magic: dead4ead, .owner: kworker/u13:1/395, .owner_cpu: 2
CPU: 2 PID: 395 Comm: kworker/u13:1 Not tainted 4.20.0-rc4+ #2
Hardware name: Google Kevin (DT)
Workqueue: MWIFIEX_RX_WORK_QUEUE mwifiex_rx_work_queue [mwifiex]
Call trace:
dump_backtrace+0x0/0x140
show_stack+0x20/0x28
dump_stack+0x84/0xa4
spin_bug+0x98/0xa4
do_raw_spin_lock+0x5c/0xdc
_raw_spin_lock_irqsave+0x38/0x48
mwifiex_flush_data+0x2c/0xa4 [mwifiex]
call_timer_fn+0xcc/0x1c4
run_timer_softirq+0x264/0x4f0
__do_softirq+0x1a8/0x35c
do_softirq+0x54/0x64
netif_rx_ni+0xe8/0x120
mwifiex_recv_packet+0xfc/0x10c [mwifiex]
mwifiex_process_rx_packet+0x1d4/0x238 [mwifiex]
mwifiex_11n_dispatch_pkt+0x190/0x1ac [mwifiex]
mwifiex_11n_rx_reorder_pkt+0x28c/0x354 [mwifiex]
mwifiex_process_sta_rx_packet+0x204/0x26c [mwifiex]
mwifiex_handle_rx_packet+0x15c/0x16c [mwifiex]
mwifiex_rx_work_queue+0x104/0x134 [mwifiex]
worker_thread+0x4cc/0x72c
kthread+0x134/0x13c
ret_from_fork+0x10/0x18
This was clearly not tested well at all. I simply performed 'wget' in a
loop and it fell over within a few seconds.
Fixes: 5188d5453b ("mwifiex: restructure rx_reorder_tbl_lock usage")
Cc: <stable@vger.kernel.org>
Cc: Ganapathi Bhat <gbhat@marvell.com>
Signed-off-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
With commit 0a9f8f0a1b ("rtlwifi: fix btmpinfo timeout while processing
C2H_BT_INFO"), calling rtl_c2hcmd_enqueue() with rtl_c2h_fast_cmd() true,
the routine returns without freeing that skb, thereby leaking it.
This issue has been discussed at https://github.com/lwfinger/rtlwifi_new/issues/401
and the fix tested there.
Fixes: 0a9f8f0a1b ("rtlwifi: fix btmpinfo timeout while processing C2H_BT_INFO")
Reported-and-tested-by: Francisco Machado Magalhães Neto <franmagneto@gmail.com>
Cc: Francisco Machado Magalhães Neto <franmagneto@gmail.com>
Cc: Ping-Ke Shih <pkshih@realtek.com>
Cc: Stable <stable@vger.kernel.org> # 4.18+
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
With the new validation code, a malicious user-space app could
potentially submit command streams with enough buffer-object and resource
references in them to have the resulting allocated validion nodes and
relocations make the kernel run out of GFP_KERNEL memory.
Protect from this by having the validation code reserve TTM graphics
memory when allocating.
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Reviewed-by: Deepak Rawat <drawat@vmware.com>
---
v2: Removed leftover debug printouts
TXQ SQ closure is followed by closing the corresponding CQ. A pending
DIM work would try to modify the now non-existing CQ.
This would trigger an error:
[85535.835926] mlx5_core 0000:af:00.0: mlx5_cmd_check:769:(pid 124399):
MODIFY_CQ(0x403) op_mod(0x0) failed, status bad resource state(0x9), syndrome (0x1d7771)
Fix by making sure to cancel any pending DIM work before destroying the SQ.
Fixes: cbce4f4447 ("net/mlx5e: Enable adaptive-TX moderation")
Signed-off-by: Tal Gilboa <talgi@mellanox.com>
Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Remove tx_udp_seg_rem counter from ethtool output, as it is no longer
being updated in the driver's data flow.
Fixes: 3f44899ef2 ("net/mlx5e: Use PARTIAL_GSO for UDP segmentation")
Signed-off-by: Mikhael Goikhman <migo@mellanox.com>
Reviewed-by: Eran Ben Elisha <eranbe@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Currently, we are deleting offloaded encap flows in case the relevant neigh
becomes unconnected while the encap is valid (a sign that it used to be
connected), or if the curr neigh mac is different from the cached mac
(a sign that the remote side changed their mac).
The 2nd check also applies when the neigh becomes connected on the 1st
time (we start with zero mac). Before the offending commit, the deleting
handler was practically no op, as no flows were offloaded. But since
that commit, we offload neigh-less encap flows to slow path.
Under mirroring scheme, we go into the delete handler, attempt to unoffload a
mirror rule which was never set (as we were offloading to slow path) and crash.
Fix that by calling the delete handler only when the encap is valid,
which covers both cases mentioned above.
Fixes: 5dbe906ff1 ('net/mlx5e: Use a slow path rule instead if vxlan neighbour isn't available')
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: Eli Britstein <elibr@mellanox.com>
Reviewed-by: Paul Blakey <paulb@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
When a neighbour is resolved, we delete the goto slow path rule from HW.
The eswitch flow attributes where not properly initialized on that case,
hence we mess up the eswitch refcounts for chain zero (the default one).
Fix that along with making sure to use semicolons and not commas on that code;
Fixes: 5dbe906ff1 ('net/mlx5e: Use a slow path rule instead if vxlan neighbour isn't available')
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Reviewed-by: Paul Blakey <paulb@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Just a leftover which was wrongly left there, remove it while spawning
a message to suggest firmware upgrade.
Fixes: bf07aa730a ('net/mlx5e: Support offloading tc priorities and chains for eswitch flows')
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Reviewed-by: Paul Blakey <paulb@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Currently we are not supporting this and not err-ing on that either.
For now, just err if asked to do that.
Fixes: bf07aa730a ('net/mlx5e: Support offloading tc priorities and chains for eswitch flows')
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Reported-by: Eli Britstein <elibr@mellanox.com>
Reviewed-by: Eli Britstein <elibr@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Add check of MPWQE stride size is within range supported by HW. In case
calculated MPWQE stride size exceed range, linear SKB can't be used and
we should use non linear MPWQE instead.
Fixes: 619a8f2a42 ("net/mlx5e: Use linear SKB in Striding RQ")
Signed-off-by: Moshe Shemesh <moshe@mellanox.com>
Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
The default amount of channels a representor opens was erroneously
changed from one to the maximum amount of channels, restore to its
intended value.
Fixes: 779d986d60 ("net/mlx5e: Do not ignore netdevice TX/RX queues number")
Signed-off-by: Gavi Teitz <gavi@mellanox.com>
Reviewed-by: Or Gerlitz <ogerlitz@mellanox.com>
Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
The cap bits locations for the fdb caps of multi path to table (used for
local mirroring) and multi encap (used for prio/chains) were wrongly used
in swapped locations. This went unnoted so far b/c we tested the offending
patch with CX5 FW that supports both of them. On different environments where
not both caps are supported, we will be messed up, fix that.
Fixes: b9aa0ba17a ('net/mlx5: Add cap bits for multi fdb encap')
Signed-off-by: Vu Pham <vu@mellanox.com>
Reviewed-by: Or Gerlitz <ogerlitz@mellanox.com>
Tested-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Jason Wang says:
====================
Fix various issue of vhost
This series tries to fix various issues of vhost:
- Patch 1 adds a missing write barrier between used idx updating and
logging.
- Patch 2-3 brings back the protection of device IOTLB through vq
mutex, this fixes possible use after free in device IOTLB entries.
Please consider them for -stable.
Changes from V2:
- drop dirty page fix and make it for net-next
Changes from V1:
- silent compiler warning for 32bit.
- use mutex_trylock() on slowpath instead of mutex_lock() even on fast
path.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
This reverts commit 78139c94dc. We don't
protect device IOTLB with vq mutex, which will lead e.g use after free
for device IOTLB entries. And since we've switched to use
mutex_trylock() in previous patch, it's safe to revert it without
having deadlock.
Fixes: commit 78139c94dc ("net: vhost: lock the vqs one by one")
Cc: Tonghao Zhang <xiangxia.m.yue@gmail.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
We used to hold the mutex of paired virtqueue in
vhost_net_busy_poll(). But this will results an inconsistent lock
order which may cause deadlock if we try to bring back the protection
of device IOTLB with vq mutex that requires to hold mutex of all
virtqueues at the same time.
Fix this simply by switching to use mutex_trylock(), when fail just
skip the busy polling. This can happen when device IOTLB is under
updating which should be rare.
Fixes: commit 78139c94dc ("net: vhost: lock the vqs one by one")
Cc: Tonghao Zhang <xiangxia.m.yue@gmail.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
We miss a write barrier that guarantees used idx is updated and seen
before log. This will let userspace sync and copy used ring before
used idx is update. Fix this by adding a barrier before log_write().
Fixes: 8dd014adfe ("vhost-net: mergeable buffers support")
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jeff Kirsher says:
====================
Intel Wired LAN Driver Fixes 2018-12-12
This series contains fixes to i40e and ixgbe.
Stefan Assmann fixes an issue created by a previous fix, where
ether_addr_copy() was moved to avoid a race but did not take into
account that it alters the MAC address being handed to
i40e_del_mac_filter().
Michał Mirosław provides 2 fixes for i40e, first resolves issues in the
hardware VLAN offload where VLAN.TCI equal to 0 was being dropped and a
race between disabling VLAN receive feature in hardware and processing
the receive queue, where packets could have their VLAN information
dropped.
Ross Lagerwall fixes a racy condition during a ixgbe VF reset, where
writing the register to issue a reset and sending the reset message via
the mailbox API could result of the mailbox memory getting cleared
during the reset before the message gets successfully sent which results
in a VF driver malfunction.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following patchset contains Netfilter fixes for net:
1) Fix warnings suspicious rcu usage when handling base chain
statistics, from Taehee Yoo.
2) Refetch pointer to tcp header from nf_ct_sack_adjust() since
skb_make_writable() may reallocate data area, reported by Google
folks patch from Florian.
3) Incorrect netlink nest end after previous cancellation from error
path in ipset, from Pan Bian.
4) Use dst_hold_safe() from nf_xfrm_me_harder(), from Florian.
5) Use rb_link_node_rcu() for rcu-protected rbtree node in
nf_conncount, from Taehee Yoo.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
to continue with operation that requires them.
- Fix bio-based DM core's dm_make_request() to properly impose device
limits on individual bios by making use of blk_queue_split().
- Fix long-standing race with how DM thinp notified userspace of
thin-pool mode state changes before they were actually made.
- Fix the zoned target's bio completion handling; this is a fairly
invassive fix at this stage but it is localized to the zoned target.
Any zoned target users will benefit from this fix.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJcEUXZAAoJEMUj8QotnQNaBykIANWuydEZ0bleZQvdcUCK256K
MYQi16kdettxwAlzojxgpD1gjpAYuQJWRBeSyLxpMPa/jrNh8U5pcgkb8EQkaSd0
0KWxJS8V85a+fKTGpyaK5vVmbZcezY3GADGv5GDC2yeBTZJTcFWhsGQwfP/Il/X3
fKo9qOs2sabdCbR11U3psicsRbMVIkyDfX23hIZWSdVPNI43YKWugFZ1irOhh9gD
QNyUJ1cDOGYTwmTKHuJ9IidjuuU6rfhkbAek9TWTkhmWHoshlr3j9fpIOteB8U0M
vNu4oLedm+QBV8jOwplyAbDG7hxx8V4RNiNy31g4Er6KJltiMVpAbfOYdBpa3WE=
=YHnh
-----END PGP SIGNATURE-----
Merge tag 'for-4.20/dm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
Pull device mapper fixes from Mike Snitzer:
- Fix DM cache metadata to verify that a cache has block before trying
to continue with operation that requires them.
- Fix bio-based DM core's dm_make_request() to properly impose device
limits on individual bios by making use of blk_queue_split().
- Fix long-standing race with how DM thinp notified userspace of
thin-pool mode state changes before they were actually made.
- Fix the zoned target's bio completion handling; this is a fairly
invassive fix at this stage but it is localized to the zoned target.
Any zoned target users will benefit from this fix.
* tag 'for-4.20/dm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
dm thin: bump target version
dm thin: send event about thin-pool state change _after_ making it
dm zoned: Fix target BIO completion handling
dm: call blk_queue_split() to impose device limits on bios
dm cache metadata: verify cache has blocks in blocks_are_clean_separate_dirty()
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJcESwuAAoJEAhfPr2O5OEVMOUQAIZ/elsn9V2Dgiie16TkPvRc
/QNXSKJt7/5VMiF+iNrYr6NUxBL+y8FuwlcKVnyjWQHB9PKzhgd6G7QTqQbW4biz
1Ii4GGBIpyLlcsnCm3e8GdmhrBx1azs2yHuMKuy0nKurCySVXK+29E+N5Em/CWc5
Tz24KhkL+1C5Om9MtluZzIUndA6gXpYJzyO3Jb5emwOPnWdtO/CUO3aInCL9RLT7
imkfNgoG4n0TmJUo6vpzLIN9NmdVcwaGPH98iCLEmvCSEE3C+R4nMUGmvQkMadX2
nsJ+v7jhIDjR521x0pZ8R7TdGnFypX+WOMtI+S735FqG4SvXcFdtEhZ99f1IcKC8
oEgCIbbENSyKo3wrY97fTOIjY6fcdHp+kArCuMoRBehguIKk7dppNVX3uhNCS/t/
kN2alWvVgSNqhkp7Pzx36wKsol8l8lVsOr9sex6H9qPNddYFl5RWg5oSfdxmVyIG
qcNe4Gd6ARsg4J/946oDijLJouCYsAsT5W+BqYEK82BzzRJZcqpvM0Je2CQlky+1
Vj0tq70FNya/28CznlJEYdBmvWDZub/foQh4fKdc5bNtGMALo2bxIqOiFMNqhp+N
AqAbZFyA8K5DZfNYsxt0jHlOFdSIh5mDX/LOqnIXrHylOOZ5w+2xxoCxFaujdNjD
sKlqXfp1zSVvVEv7xWgz
=fz+k
-----END PGP SIGNATURE-----
Merge tag 'media/v4.20-5' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
Pull media fixes from Mauro Carvalho Chehab:
- one regression at vsp1 driver
- some last time changes for the upcoming request API logic and for
stateless codec support. As the stateless codec "cedrus" driver is at
staging, don't apply the MPEG controls as part of the main V4L2 API,
as those may not be ready for production yet.
* tag 'media/v4.20-5' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media:
media: Add a Kconfig option for the Request API
media: extended-controls.rst: add note to the MPEG2 state controls
media: mpeg2-ctrls.h: move MPEG2 state controls to non-public header
media: vicodec: set state resolution from raw format
media: vivid: drop v4l2_ctrl_request_complete() from start_streaming
media: vb2: don't unbind/put the object when going to state QUEUED
media: vb2: keep a reference to the request until dqbuf
media: vb2: skip request checks for VIDIOC_PREPARE_BUF
media: vb2: don't call __vb2_queue_cancel if vb2_start_streaming failed
media: cedrus: Fix a NULL vs IS_ERR() check
media: vsp1: Fix LIF buffer thresholds
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQSQHSd0lITzzeNWNm3h3BK/laaZPAUCXBDMLgAKCRDh3BK/laaZ
PPuRAP0X4zYWFh3mcGlcjjfzaP2W/3F8nVsXjo+YADi9nJ+wAwD+LIeL7zGr8Mw8
EixiC+OJyL31O5ZOyHGoPEhhDz4O+Ao=
=hWRh
-----END PGP SIGNATURE-----
Merge tag 'ovl-fixes-4.20-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs
Pull overlayfs fixes from Miklos Szeredi:
"Needed to revert a patch, because it possibly introduces a security
hole. Since the patch is basically a conceptual cleanup, not a bug
fix, it's safe to revert. I'm not giving up on this, and discussions
seemed to have reached an agreement over how to move forward, but that
can wait 'till the next release.
The other two patches are fixes for bugs introduced in recent
releases"
* tag 'ovl-fixes-4.20-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
Revert "ovl: relax permission checking on underlying layers"
ovl: fix decode of dir file handle with multi lower layers
ovl: fix missing override creds in link of a metacopy upper
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQSQHSd0lITzzeNWNm3h3BK/laaZPAUCXBDKkAAKCRDh3BK/laaZ
PCXdAPwOWqLXpkBL76YaIbgFVzS+S5btlhHwVSZ0w/r7HGA3uQD+IgsHbky1MdSv
rYyKcg+lVzA7GI7tcoQUhC2D9aZ8tAQ=
=I0eL
-----END PGP SIGNATURE-----
Merge tag 'fuse-fixes-4.20-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
Pull fuse fixes from Miklos Szeredi:
"There's one patch fixing a minor but long lived bug, the others are
fixing regressions introduced in this cycle"
* tag 'fuse-fixes-4.20-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS
fuse: Fix memory leak in fuse_dev_free()
fuse: fix revalidation of attributes for permission check
fuse: fix fsync on directory
fuse: Add bad inode check in fuse_destroy_inode()
detector found some allocations that were not freed correctly.
This fixes a couple of leaks in the event trigger code as well as
in adding function trace filters in trace instances.
-----BEGIN PGP SIGNATURE-----
iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCXBAHphQccm9zdGVkdEBn
b29kbWlzLm9yZwAKCRAp5XQQmuv6qphzAP4mTz45V9gq9vyXCVPPzg8T6lV4ZjJh
bPaumlHGumaJHAD9FipqlhCOCVfv8Qyxv5iWuBpoGKcp37ULb6d+dtM+qg4=
=S1FK
-----END PGP SIGNATURE-----
Merge tag 'trace-v4.20-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull tracing fixes from Steven Rostedt:
"While running various ftrace tests on new development code, the
kmemleak detector found some allocations that were not freed
correctly.
This fixes a couple of leaks in the event trigger code as well as in
adding function trace filters in trace instances"
* tag 'trace-v4.20-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
tracing: Fix memory leak of instance function hash filters
tracing: Fix memory leak in set_trigger_filter()
tracing: Fix memory leak in create_filter()
Sudarsana Reddy Kalluru says:
====================
bnx2x: Fix series
The patch series addresses few important issues in the bnx2x driver.
Please consider applying it 'net' tree.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Driver sends update-SVID ramrod in the MFW notification path.
If there is a pending ramrod, driver doesn't retry the command
and storm firmware will never be updated with the SVID value.
The patch adds changes to send update-svid ramrod in process context with
retry/poll flags set.
Signed-off-by: Sudarsana Reddy Kalluru <Sudarsana.Kalluru@cavium.com>
Signed-off-by: Ariel Elior <ariel.elior@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
There will be only one PHC clock per port. PTP should be enabled only on
one PF per port. The change enables PTP functionality on the PF that
initializes the port. The change is useful in multi-function modes e.g.,
NPAR where a port can have more than one PF.
Signed-off-by: Sudarsana Reddy Kalluru <Sudarsana.Kalluru@cavium.com>
Signed-off-by: Ariel Elior <ariel.elior@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vlans are not getting removed when drivers are unloaded. The recent storm
firmware versions had added safeguards against re-configuring an already
configured vlan. As a result, PF inner reload flows (e.g., mtu change)
might trigger an assertion.
This change is going to remove vlans (same as we do for MACs) when doing
a chip cleanup during unload.
Signed-off-by: Sudarsana Reddy Kalluru <Sudarsana.Kalluru@cavium.com>
Signed-off-by: Ariel Elior <ariel.elior@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
On some customer setups it was observed that shmem contains a non-zero fip
MAC for 57711 which would lead to enabling of SW FCoE.
Add a software workaround to clear the bad fip mac address if no FCoE
connections are supported.
Signed-off-by: Sudarsana Reddy Kalluru <Sudarsana.Kalluru@cavium.com>
Signed-off-by: Ariel Elior <ariel.elior@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
rbnode in insert_tree() is rcu protected pointer.
So, in order to handle this pointer, _rcu function should be used.
rb_link_node_rcu() is a rcu version of rb_link_node().
Fixes: 34848d5c89 ("netfilter: nf_conncount: Split insert and traversal")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
In the error handling block, nla_nest_cancel(skb, atd) is called to
cancel the nest operation. But then, ipset_nest_end(skb, atd) is
unexpected called to end the nest operation. This patch calls the
ipset_nest_end only on the branch that nla_nest_cancel is not called.
Fixes: 45040978c8 ("netfilter: ipset: Fix set:list type crash when flush/dump set in parallel")
Signed-off-by: Pan Bian <bianpan2016@163.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
When the VF driver does a reset, it (at least the Linux one) writes to
the VFCTRL register to issue a reset and then immediately sends a reset
message using the mailbox API. This is racy because when the PF driver
detects that the VFCTRL register reset pin has been asserted, it clears
the mailbox memory. Depending on ordering, the reset message sent by
the VF could be cleared by the PF driver. It then responds to the
cleared message with a NACK which causes the VF driver to malfunction.
Fix this by deferring clearing the mailbox memory until the reset
message is received.
Fixes: 939b701ad6 ("ixgbe: fix driver behaviour after issuing VFLR")
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Move rx_ptype extracting to i40e_process_skb_fields() to avoid
duplicating the code.
Signed-off-by: Michał Mirosław <michal.miroslaw@atendesoftware.pl>
Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
The function hso_probe reads if_num from the USB device (as an u8) and uses
it without a length check to index an array, resulting in an OOB memory read
in hso_probe or hso_get_config_data.
Add a length check for both locations and updated hso_probe to bail on
error.
This issue has been assigned CVE-2018-19985.
Reported-by: Hui Peng <benquike@gmail.com>
Reported-by: Mathias Payer <mathias.payer@nebelwelt.net>
Signed-off-by: Hui Peng <benquike@gmail.com>
Signed-off-by: Mathias Payer <mathias.payer@nebelwelt.net>
Reviewed-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This fixes two bugs in hardware VLAN offload:
1. VLAN.TCI == 0 was being dropped
2. there was a race between disabling of VLAN RX feature in hardware
and processing RX queue, where packets processed in this window
could have their VLAN information dropped
Fix moves the VLAN handling into i40e_process_skb_fields() to save on
duplicated code. i40e_receive_skb() becomes trivial and so is removed.
Signed-off-by: Michał Mirosław <michal.miroslaw@atendesoftware.pl>
Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
lkml and Linus gained a CoC, and it's serious this time. Which means
my no 1 reason for declining to officially step up as drm maintainer
is gone, and I didn't find any new good excuse.
I chatted with a few people in private already, and the biggest
concern is that I mislay my community hat and start running around
with my intel hat only. Or some other convenient abuse of trust.
That's why this patch doesn't just need a lot of acks that mean "yeah
seems fine to me", but a lot of acks that mean "yeah we'll tell you
when you're over the line and usurp you from that comfy chair if you
don't get it". Which I think we've been done a fairly good job here at
dri-devel in general, but better to be clear.
Rough idea is that I'll do this for maybe 2-3 years, helping Dave
figure out a group model for drm overall. And getting the tooling and
infrastructure for that off the ground. Then step down again because
some other shiny thing that needs chasing. Of course as plans tend to
do, this one will probably pan out a bit different in reality.
Cc: David Airlie <airlied@linux.ie>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Acked-by: Christian König <christian.koenig@amd.com>
Acked-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Acked-by: Alex Deucher <alexander.deucher@amd.com>
Acked-by: Eric Anholt <eric@anholt.net>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Daniel Stone <daniels@collabora.com>
Signed-off-by: Daniel Vetter <daniel@ffwll.ch>
Acked-by: Neil Armstrong <narmstrong@baylibre.com>
Acked-by: Thierry Reding <treding@nvidia.com>
Acked-by: Thomas Hellstrom <thellstrom@vmware.com>
Acked-by: Sean Paul <sean@poorly.run>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20181210103001.30549-1-daniel.vetter@ffwll.ch
