recalculated send and receive window using linkspeed.
Determine correct value of eck_ok from SYN received and
option configured on local system.
Signed-off-by: Atul Gupta <atul.gupta@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
corrected macro used in tx path. removed redundant hdrlen
and check for !page in chtls_sendmsg
Signed-off-by: Atul Gupta <atul.gupta@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
listen fails when more than one tls capable device is
registered. tls_hw_hash is called for each dev which loops
again for each cdev_list causing listen failure. Hence
call chtls_listen_start/stop for specific device than loop over all
devices.
Signed-off-by: Atul Gupta <atul.gupta@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
HW unhash within mutex for registered tls devices cause sleep
when called from tcp_set_state for TCP_CLOSE. Release lock and
re-acquire after function call with ref count incr/dec.
defined kref and fp release for tls_device to ensure device
is not released outside lock.
BUG: sleeping function called from invalid context at
kernel/locking/mutex.c:748
in_atomic(): 1, irqs_disabled(): 0, pid: 0, name: swapper/7
INFO: lockdep is turned off.
CPU: 7 PID: 0 Comm: swapper/7 Tainted: G W O
Call Trace:
<IRQ>
dump_stack+0x5e/0x8b
___might_sleep+0x222/0x260
__mutex_lock+0x5c/0xa50
? vprintk_emit+0x1f3/0x440
? kmem_cache_free+0x22d/0x2a0
? tls_hw_unhash+0x2f/0x80
? printk+0x52/0x6e
? tls_hw_unhash+0x2f/0x80
tls_hw_unhash+0x2f/0x80
tcp_set_state+0x5f/0x180
tcp_done+0x2e/0xe0
tcp_rcv_state_process+0x92c/0xdd3
? lock_acquire+0xf5/0x1f0
? tcp_v4_rcv+0xa7c/0xbe0
? tcp_v4_do_rcv+0x70/0x1e0
Signed-off-by: Atul Gupta <atul.gupta@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
create_ctx is called from tls_init and tls_hw_prot
hence initialize function pointers in common routine.
Signed-off-by: Atul Gupta <atul.gupta@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Clang warns:
drivers/net/ethernet/apm/xgene/xgene_enet_main.c:33:36: warning:
tentative array definition assumed to have one element
static const struct acpi_device_id xgene_enet_acpi_match[];
^
1 warning generated.
Both xgene_enet_acpi_match and xgene_enet_of_match are defined before
their uses at the bottom of the file so this is unnecessary. When
CONFIG_ACPI is disabled, ACPI_PTR becomes NULL so xgene_enet_acpi_match
doesn't need to be defined.
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
When TIPC_NLA_UDP_REMOTE is an IPv6 mcast address but
TIPC_NLA_UDP_LOCAL is an IPv4 address, a NULL-ptr deref is triggered
as the UDP tunnel sock is initialized to IPv4 or IPv6 sock merely
based on the protocol in local address.
We should just error out when the remote address and local address
have different protocols.
Reported-by: syzbot+eb4da3a20fad2e52555d@syzkaller.appspotmail.com
Cc: Ying Xue <ying.xue@windriver.com>
Cc: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Acked-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
tipc_udp_xmit() drops the packet on error, there is no
need to drop it again.
Fixes: ef20cd4dd1 ("tipc: introduce UDP replicast")
Reported-and-tested-by: syzbot+eae585ba2cc2752d3704@syzkaller.appspotmail.com
Cc: Ying Xue <ying.xue@windriver.com>
Cc: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
lock_sock() must be used in process context to be race-free with
other lock_sock() callers, for example, tipc_release(). Otherwise
using the spinlock directly can't serialize a parallel tipc_release().
As it is blocking, we have to hold the sock refcnt before
rhashtable_walk_stop() and release it after rhashtable_walk_start().
Fixes: 07f6c4bc04 ("tipc: convert tipc reference table to use generic rhashtable")
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Ying Xue <ying.xue@windriver.com>
Cc: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAlwUCecQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgpsAvD/9Uwn/Mthw/w3BBHL1eVjFnCGHJ8/zVDSSu
/XaP3nXugHicL7Je2EyHs0l4teUC42nIU7SQ+9B/UtyXA+usNvV7YEYqTD0U4ZYy
gLuBL70f6L17uDq5821jR4e64Q3sDy/OgcTpKu3VwnJPYUhJpQuU7fKqN4zi7Asn
5sI4KD99txmFMRNu33uusy98kJ4w5aeg6W1ACP7AxXYjyCY6Chi/7go8fEEK1Szb
9jx0BhbscuZplvvzHw3WAHAaVGGUIjLlmUdqJOisj/GVnCck2IqKqhXND9H/WNWk
FmzJeNTIq9Ag6kKN2WJ6xweNF6U+0Kb1Nn3F4jhoaVBhLxhpsjZ6BdHGWiT5wu4T
xd+hIC4pykA7Y7CqPfpbNZzriX4SJd508XerVjfBmgWIumJLG2D2IfquHmT0udRw
Qlb8pa3na5/dWXYbCOSjQdeBC5vCKCUuGnw15F5wA293khBNGiXVlztwCNgrkclQ
4IpAEUYpRZiK138hDx/BL++yanALYdPHHUS4HtwVMhpi89Bel3FioNzGaaBlElZc
mdSCyHc0RC7uMPMEbWl4bR+/cE3yjf43Gg3ftLaKLo5IQmZtu1pCEVXMatplZ1U/
jbbwwPtx44RYV3gjPirr+YgF0smS9ZgMkkk3oLwysWSjAV5v+wW2MxjTBae3xaSJ
VNoLhtefkw==
=wHit
-----END PGP SIGNATURE-----
Merge tag 'for-linus-20181214' of git://git.kernel.dk/linux-block
Pull block fixes from Jens Axboe:
"Three small fixes for this week. contains:
- spectre indexing fix for aio (Jeff)
- fix for the previous zeroing bio fix, we don't need it for user
mapped pages, and in fact it breaks some applications if we do
(Keith)
- allocation failure fix for null_blk with zoned (Shin'ichiro)"
* tag 'for-linus-20181214' of git://git.kernel.dk/linux-block:
block: Fix null_blk_zoned creation failure with small number of zones
aio: fix spectre gadget in lookup_ioctx
block/bio: Do not zero user pages
It specified the wrong parent for a PLL so a part of the clk tree wasn't
rooted correctly. This fixes it by using the right name.
-----BEGIN PGP SIGNATURE-----
iQJFBAABCAAvFiEE9L57QeeUxqYDyoaDrQKIl8bklSUFAlwT8aMRHHNib3lkQGtl
cm5lbC5vcmcACgkQrQKIl8bklSX5UA//WnPiGepAncVYE7IrrQvuMaEYRCNYJriV
/BWJwKQfE2rOkTcHD15eEkofQWOMcBKvOWcT+Eggs8MMdU+/qsr05z01RbYe3+4G
NApF/5LciTx+2Elxa2ENTUTjH3oFbmoCRCPBc8kelahNkHD2PEhoOC/wXwH0BwwC
2veW1CGTYsFdfkCTf0JbWQCt6ngPbtKZrcU4zkGtnOcDg4h33MwXC/F7N2tVjYuC
QHHSradsuHqb+KLHV+FU925lxPz/uke3lXVEbH4vWQ1fhQV4h4kHrd9UGQuxoetE
uX6KwyBSwX2FhPI16DHOHDGkW3RSxed8HuNlDGa0pRIcaNxEQbVaEzEOngHo4Lu6
gZNM5Pd40SW0T+pfNI4K8sgHxLi2sf86wyKyL93P7Ox97SL8T3jth1jg05B7qEay
14r/nAJTe6ceMY0iC0ZzA6BJyr6kvZNNp3iA47VzKEe7iJddEZWlQV3pRvQkDA33
duD1IlYHzFEGNQhkjy3RA2XlQ4XY5SQWthu/P8ZkBwBoft17xKQGMHAZVcMbUhaf
5mwgsoY+7lVCcNrV8uB39iwccfNmdH5UkbImWR25f2mx+rn8PzZGKvt92i2tEyEr
ifgJbzu0c3d00nFeXooet5f+9U1oWMSmmek2af9DWnNBuDCsQljgNALKmx09QQw4
Jceck++9qwA=
=ajpa
-----END PGP SIGNATURE-----
Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux
Pull clk fix from Stephen Boyd:
"One fix for the qcom QCS404 clk driver that was merged for this
release.
It specified the wrong parent for a PLL so a part of the clk tree
wasn't rooted correctly. This fixes it by using the right name"
* tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
clk: qcom: qcs404: Fix gpll0_out_main parent
NETLINK_DUMP_STRICT_CHK can be used for all GET requests,
dumps as well as doit handlers. Replace the DUMP in the
name with GET make that clearer.
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
non-cacheable alias in the FORCE_CONTIGUOUS case
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE5RElWfyWxS+3PLO2a9axLQDIXvEFAlwT5e4ACgkQa9axLQDI
XvGYhg//bU9qdZ0xDxVIiuA6/H/ptiFYDFd15vAKBXF+PJkREQSqFqZc5gsZrEa1
y3e1cJ8zcP9wSsuYbUFuN3LWaIPRqrUdNrD6d+IfGgx8o+WbdexCLhus0NyAwQUQ
CqR/CVOBGfpdOXqKKoryXGP4yPnBcrxjhXB6tqlOahoQj3ZF1RxO4uqOw+w6bUn8
gXd00DBOqomsqRimKFksXrslO5aAhw6opkF0tsHSSh0v1V3M+GRAKMQ7O7s/Khf/
yvJ75r0IVwP5/dE2FqxXJAjyPv8sXZudIR+jSxAS40v2azultyRJEjaOduB+qLHw
PqqcmXMaQhZ54hq1YnVC67h9WpvfVsUfE/TrwgRopcNikbhGQsJ7AlYUmQuxiIej
5bKcy3YC4i+/xLOCoGjmxps3Q3tUsfr+aGj76n+yL1xLwhZK3VjKqbjnXl/OV7kf
N2SAtPJUeVTBkCbLCwqG5k4cVNoS7Ncu/Nk3r1fuArRBc4OH4B4kQHVauHnZ51hA
nzbnBjyLfee37E9b7IwKZGXxedRYtEjRM1NpdFg4yYuc2k3oc9J+6LPVnliA8dc7
CnhxdlxxBSAzP5BFSPN5kytSNXZXGjBWfrMbDFw3GmMihQXOT8Oskq80sxYjFOqO
0u/kA4E9nySAUVA7QxKY76Ez1u2lf1BxzvmYdgZegplwvTxewPg=
=FMny
-----END PGP SIGNATURE-----
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fix from Catalin Marinas:
"Invalidate the caches before clearing the DMA buffer via the
non-cacheable alias in the FORCE_CONTIGUOUS case"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing
One notable fix for our change to split pt_regs between user/kernel, we forgot
to update BPF to use the user-visible type which was an ABI break for BPF
programs.
A slightly ugly but minimal fix to do_syscall_trace_enter() so that we use
tracehook_report_syscall_entry() properly. We'll rework the code in next to
avoid the empty if body.
Seven commits fixing bugs in the new papr_scm (Storage Class Memory) driver.
The driver was finally able to be tested on the other hypervisor which exposed
several bugs. The fixes are all fairly minimal at least.
Fix a crash in our MSI code if an MSI-capable device is plugged into a non-MSI
capable PHB, only seen on older hardware (MPC8378).
Fix our legacy serial code to look for "stdout-path" since the device trees were
updated to use that instead of "linux,stdout-path".
A change to the COFF zImage code to fix booting old powermacs.
A couple of minor build fixes.
Thanks to:
Benjamin Herrenschmidt, Daniel Axtens, Dmitry V. Levin, Elvira Khabirova,
Oliver O'Halloran, Paul Mackerras, Radu Rendec, Rob Herring, Sandipan Das.
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJcE7YGAAoJEFHr6jzI4aWA/rAP/2k8NqgbkfKMdY/nHQ/+Tvwu
6EdKZ5dMi875380TomrP80mIyAAwwtN/c1MmJT7plZRCwYcuhGk4UnQjTRcNzrfK
Q7SokdMAzSjSDaj7VPiVdpJ6yVaedZYmsRe9m+uP7frmcHr9KL4vjgDn3z8IL8bV
I46dvjuSCvgWhFvhXkxf9PHIsC+sP4Z6JRNVhyBjlzQHZiGparq238H8jJVsNHRs
f/fsze0z6m3S6dVKEZKZyDlCb3TkP+DjuXpv4hbT9nvnOY132kqO53L++7rQ2YvV
TNkabwFfj+p/DnrXXH7OHNkvnDW4cy3KjhyStOnTH5lxYYVYNd5vnjj1AnXa37xE
GCBFiHExEHbdG6vifwBmQjvoNRPf6Kh4RGYuRMm8ci7W0WUmq00LKZhxeLbwoou9
1K7lNp0JwLHgqOxCSy9liwNV7YQp1upvC/caQ1qE/ZISnUOXMLxomVfmGQYW51Xc
0/OXCdmacViA0RGatrGSScMO+CTNG0Wa3pm+fo/ufLahxspTDMVdJgs/kEfCAGeN
6BruUoEvm6wAOsPF8+zDumYOpUN9cD7tOQ573B2pMbJYIv3HJxRMDHYGBSijEgRK
xy8BbQ0ZtxgfILjIuA95QfGQ5V35ZjugQfM4mt33GPrQ/qIV9SJ+/zZJNISSqaKI
Y1xgZdJeVbECA9YYswRK
=wI/G
-----END PGP SIGNATURE-----
Merge tag 'powerpc-4.20-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
Pull powerpc fixes from Michael Ellerman:
"One notable fix for our change to split pt_regs between user/kernel,
we forgot to update BPF to use the user-visible type which was an ABI
break for BPF programs.
A slightly ugly but minimal fix to do_syscall_trace_enter() so that we
use tracehook_report_syscall_entry() properly. We'll rework the code
in next to avoid the empty if body.
Seven commits fixing bugs in the new papr_scm (Storage Class Memory)
driver. The driver was finally able to be tested on the other
hypervisor which exposed several bugs. The fixes are all fairly
minimal at least.
Fix a crash in our MSI code if an MSI-capable device is plugged into a
non-MSI capable PHB, only seen on older hardware (MPC8378).
Fix our legacy serial code to look for "stdout-path" since the device
trees were updated to use that instead of "linux,stdout-path".
A change to the COFF zImage code to fix booting old powermacs.
A couple of minor build fixes.
Thanks to: Benjamin Herrenschmidt, Daniel Axtens, Dmitry V. Levin,
Elvira Khabirova, Oliver O'Halloran, Paul Mackerras, Radu Rendec, Rob
Herring, Sandipan Das"
* tag 'powerpc-4.20-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
powerpc/ptrace: replace ptrace_report_syscall() with a tracehook call
powerpc/mm: Fallback to RAM if the altmap is unusable
powerpc/papr_scm: Use ibm,unit-guid as the iset cookie
powerpc/papr_scm: Fix DIMM device registration race
powerpc/papr_scm: Remove endian conversions
powerpc/papr_scm: Update DT properties
powerpc/papr_scm: Fix resource end address
powerpc/papr_scm: Use depend instead of select
powerpc/bpf: Fix broken uapi for BPF_PROG_TYPE_PERF_EVENT
powerpc/boot: Fix build failures with -j 1
powerpc: Look for "stdout-path" when setting up legacy consoles
powerpc/msi: Fix NULL pointer access in teardown code
powerpc/mm: Fix linux page tables build with some configs
powerpc: Fix COFF zImage booting on old powermacs
ecae65e133 ("PCI/AER: Use kfifo_in_spinlocked() to insert locked
elements") replaced kfifo_put() with kfifo_in_spinlocked(), but passed the
*size* of the queue entry, where kfifo_in_spinlocked() expects the *number*
of entries to be copied.
We want to insert only one element into kfifo, not "sizeof(entry) = 16".
Without this patch, we would get 15 uninitialized elements.
Fixes: ecae65e133 ("PCI/AER: Use kfifo_in_spinlocked() to insert locked elements")
Signed-off-by: Yanjiang Jin <yanjiang.jin@hxt-semitech.com>
[bhelgaas: changelog]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Keith Busch <keith.busch@intel.com>
side. Disable it for now.
-----BEGIN PGP SIGNATURE-----
iQFHBAABCAAxFiEEydHwtzie9C7TfviiSn/eOAIR84sFAlwTzaUTHGlkcnlvbW92
QGdtYWlsLmNvbQAKCRBKf944AhHzi6eyB/97jq3Wzipr9I+Y3LwJeNKUu/8+LZ1d
EDSbL1mgskzv0iX9fCds+wTzMksvm4V+n7I/DvoadbSEgTz2dUXYqoKBf3+4PEd1
f7K69XHe8X/+ME3wGoOc4oLgNws0yGE5kcmiP5wB9Tlo8EkfqFuu6753wWi8xaUf
so3TX9C+prqYmmhqRI8sesU84rMKjTkkK5dvIgVW4WLBJKsVAhmooyuRSwdVGZOv
m7+8m7PWUJm8stMRDqsJ/0j4COiMeteQGQx6T67gkCUF6pBdJjO2IRNx2VAhybsx
k/sMM/VfrQth/V4zsHZQD75BDQ+wu3Ncz8axIT5QYsAtuh9x0zr2av2e
=kQS2
-----END PGP SIGNATURE-----
Merge tag 'ceph-for-4.20-rc7' of https://github.com/ceph/ceph-client
Pull ceph fix from Ilya Dryomov:
"Luis discovered a problem with the new copyfrom offload on the server
side. Disable it for now"
* tag 'ceph-for-4.20-rc7' of https://github.com/ceph/ceph-client:
ceph: make 'nocopyfrom' a default mount option
- Set the tile property on Qualcomm SDM60.
- Fix up enable register calculation for the Meson
- Fix an IRQ offset on the Sunxi (Allwinner)
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJcE2UYAAoJEEEQszewGV1zDNYP/iT12DGl02gz/uvNFYdQiriL
o6d8rN/OmOxDFE63G6QzVYuRF+w93D2OSqFWcqLzI/6tBaK9DfXgxPR6RjCOU9N7
qqzU4r75E8uwl5caISRaITxf/LcDrgR0sSpoVE6Y7qvIXq7k68MIUUvd1JfqxHhi
uDji842nbFqtqIrYC67EwYM18tnCdrfDeTBlZcHiusIn5SIpwz+EVngm+K5WpAQJ
EbfdSR6SWh3eFRsLnk2qb6/3Q5y2oLnrDQdg4qjQXl/K8/UT2WfvwHo030h4G6r2
EP5liFc5MI56f0KMBVxsPkulF9NaWyBGKTeuP0ZY96XDgk8a2d5JQA+9AJ/FTIHr
7g46tmv3oUT5pWbNfuCdv8xG2tKJn38IaAJIcvJQ34mhRANLmJM6g9rmVP6ZZUdU
jPIq4ckE77RhaGife2+sbbqtdfk/zzkHbWI/HaNn506VAys9bBlbYUIdkm0Hgp8k
98zqmnI9GZCk2uC7sS41/Jzg9QxJsN+wpTDYjUg9LRsdQvyUIHXOfIYWg0rkwwlq
CkbGJMhAcmIDWjg2VjowpimvGmvG3gnj5+ITHBuvRrGZf95gpHBfUr73+vxsj8pA
7eK9jkfjhhsZmQq8L1CQ9wmZUTA5A1i4JvhvEEHD2lMqHAYETdxJx1FgCkI71LtN
3ER3VitYRe1J34drkQHC
=n8Yg
-----END PGP SIGNATURE-----
Merge tag 'pinctrl-v4.20-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
Pull pin control fixes from Linus Walleij:
"Three pin control fixes for the v4.20 series. Just odd drivers, so
nothing particularly interesting:
- Set the tile property on Qualcomm SDM60.
- Fix up enable register calculation for the Meson
- Fix an IRQ offset on the Sunxi (Allwinner)"
* tag 'pinctrl-v4.20-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11
pinctrl: meson: fix pull enable register calculation
pinctrl: sdm660: Set tile property for pingroups
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJcEwZcAAoJEAx081l5xIa+7osP/Rc6vVnKHyywi40DAdWK/e+v
Wg0BsDa99ce3Bkx29iDq8khfiMkjJt4FeO0fj5+kLDPnk3m/N39d3dzgrm/tNnbY
oYrmF31AfrxSP1MaUFvBPbGSJSNJL5DGlV1C+NKHJdzwSRcr+HNrQh+YUom0bCOn
Kjc2kN1XUYZ68v9J7cGyHvg5O5BUrnEsnFxEUDg8BWS26u22scNbnA+1pw7J/g4Q
cltdcMBbF/hfLulk/MBJrkFsL7fyjYycWAPr883m7MJZpgXsp6b1gRcWKY8WOxSa
cq+m6q0icDMDgm5UXPv197vrdzROr1A2BQCtpI8EJglmPU6h4aULKr54Y5Ol6dbD
/cbWqtUeWOG/uwzDyrzYLpZY76QoMZDxlqbAMVRnLFEiIWRy1PnPiXmcEwD5jumh
eC2W7xZO643YA75ZstfObodjDlni5ttbW7JJtGHNGKlqSpVUoEFhmQLHMu8Ke0RJ
0ftARpSHTqsyMkZN5GdXcB/cmBKkYSjDl9UGnUhmR/HVGKpUbixKKxqym73ovKbC
gejmTb0v8NXdGdvVO5T+lmfEsMKsP5j8drJOBWquFtNmJLhGG3sxFlO54ONKAzry
RZtyX7g9iVAULfxV0YpbaMgsEoeVz8W/cnu9Va517KaRuUmHHg1mi/GWhgwUr49F
v9DZxkSiMGYo4x2SWYmJ
=DWGG
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-2018-12-14' of git://anongit.freedesktop.org/drm/drm
Pull drm fixes from Dave Airlie:
"While I hoped things would calm down, the world hasn't joined with me,
but it's a few things scattered over a wide area. The i915 workarounds
regression fix is probably the largest, the rest are more usual sized.
We also get some new AMD PCI IDs.
There is also a patch in here to MAINTAINERS to added Daniel as an
official DRM toplevel co-maintainer, he's decided he wants to step up
and share the glory, and he'll likely process next weeks fixes while
I'm away on holidays.
Summary:
amdgpu:
- some new PCI IDs
- fixed firmware image updates
- power management fixes
- locking warning fix
nouveau:
- framebuffer flushing fix
- memory leak fix
- tegra device init regression fix
vmwgfx:
- OOM kernel memory fix
- excess return in function fix
i915:
- the biggest fix is a regression fix where workarounds weren't
getting reapplied after a gpu hang causing further crashing, this
fixes the workaround application to make it happen again
- GPU hang fixes for Braswell and some GEN3 GPUs
- GVT fix for broadwell tiling
rockchip:
- revert to fix a regression causing a WARN on shutdown
mediatek:
- avoid crash attaching to non-existant bridges"
* tag 'drm-fixes-2018-12-14' of git://anongit.freedesktop.org/drm/drm: (23 commits)
drm/vmwgfx: Protect from excessive execbuf kernel memory allocations v3
MAINTAINERS: Daniel for drm co-maintainer
drm/amdgpu: drop fclk/gfxclk ratio setting
drm/vmwgfx: remove redundant return ret statement
drm/i915: Flush GPU relocs harder for gen3
drm/i915: Allocate a common scratch page
drm/i915/execlists: Apply a full mb before execution for Braswell
drm/nouveau/kms: Fix memory leak in nv50_mstm_del()
drm/nouveau/kms/nv50-: also flush fb writes when rewinding push buffer
drm/amdgpu: Fix DEBUG_LOCKS_WARN_ON(depth <= 0) in amdgpu_ctx.lock
Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec"
drm/nouveau/drm/nouveau: tegra: Call nouveau_drm_device_init()
drm/amdgpu/powerplay: Apply avfs cks-off voltages on VI
drm/amdgpu: update SMC firmware image for polaris10 variants
drm/amdkfd: add new vega20 pci id
drm/amdkfd: add new vega10 pci ids
drm/amdgpu: add some additional vega20 pci ids
drm/amdgpu: add some additional vega10 pci ids
drm/amdgpu: update smu firmware images for VI variants (v2)
drm/i915: Introduce per-engine workarounds
...
Here are some new modem device ids.
All have been in linux-next with no reported issues.
Signed-off-by: Johan Hovold <johan@kernel.org>
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQQHbPq+cpGvN/peuzMLxc3C7H1lCAUCXBPTKwAKCRALxc3C7H1l
CKtnAQCMMhEqKVlPbvWAxEvyx9/1tm7fOaj052HBuYSZL5W0LQEA9mh8A/0+HpBC
lXyfNs77XsOlNjbgctouMgECKv5QKwU=
=RBJX
-----END PGP SIGNATURE-----
Merge tag 'usb-serial-4.20-rc7' of https://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-linus
Johan writes:
USB-serial fixes for 4.20-rc7
Here are some new modem device ids.
All have been in linux-next with no reported issues.
Signed-off-by: Johan Hovold <johan@kernel.org>
* tag 'usb-serial-4.20-rc7' of https://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial:
USB: serial: option: add Telit LN940 series
USB: serial: option: add Fibocom NL668 series
USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode)
USB: serial: option: add GosunCn ZTE WeLink ME3630
USB: serial: option: add HP lt4132
Macros 'inline' and '__gnu_inline' used to be defined in compiler-gcc.h,
which was (and is) included entirely in (__KERNEL__ && !__ASSEMBLY__).
Commit 815f0ddb34 ("include/linux/compiler*.h: make compiler-*.h mutually
exclusive") had those macros exposed to userspace, unintentionally.
Then commit a3f8a30f3f ("Compiler Attributes: use feature checks
instead of version checks") moved '__gnu_inline' back into
(__KERNEL__ && !__ASSEMBLY__) and 'inline' was left behind. Since 'inline'
depends on '__gnu_inline', compiling error showing "unknown type name
‘__gnu_inline’" will pop up, if userspace somehow includes
<linux/compiler.h>.
Other macros like __must_check, notrace, etc. are in a similar situation.
So just move all these macros back into (__KERNEL__ && !__ASSEMBLY__).
Note:
1. This patch only affects what userspace sees.
2. __must_check (when !CONFIG_ENABLE_MUST_CHECK) and noinline_for_stack
were once defined in __KERNEL__ only, but we believe that they can
be put into !__ASSEMBLY__ too.
Acked-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Xiaozhou Liu <liuxiaozhou@bytedance.com>
Signed-off-by: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>
The code to prevent a bus suspend if a USB3 port was still in link training
also reacted to USB2 port polling state.
This caused bus suspend to busyloop in some cases.
USB2 polling state is different from USB3, and should not prevent bus
suspend.
Limit the USB3 link training state check to USB3 root hub ports only.
The origial commit went to stable so this need to be applied there as well
Fixes: 2f31a67f01 ("usb: xhci: Prevent bus suspend if a port connect change or polling state is detected")
Cc: stable@vger.kernel.org
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The value for OEM_CFG_UPDATE command differs between driver and the
Management firmware (mfw). Fix this gap with adding a reserved field.
Fixes: cac6f69154 ("qed: Add support for Unified Fabric Port.")
Signed-off-by: Sudarsana Reddy Kalluru <Sudarsana.Kalluru@cavium.com>
Signed-off-by: Ariel Elior <ariel.elior@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-----BEGIN PGP SIGNATURE-----
iQEcBAABAgAGBQJcEiXXAAoJEEg/ir3gV/o+xxQH/jGS6GQrty9puL40sXKE4ryK
GKVSwbKLnu4WatPcLe/CGxJwRoCVUUKfsbprsuy+oYxhUd5M5h6qu215kZgsfdDC
CfxznbEj3o6mN+ZyZjL+F2gEG6e96bpkKvayb2a9YYQaY/9+V6CMKh3U5jHI+Q2V
D4ToCjWbMXkQ0jsevfpV9W2T0DNfXIa5QGvsvH+D+PoLF/ke/YALZd+yJT0Cm9N2
/vp0qvnHnZO5YavEThN2Lh8f9AY/pAwuGgTrPyddfkZC/6QLH+c8948gF14V+03l
Nz78uSpurQ97X511UBcabSQB0xTCHSAw3/SKCVSxFrpMvkhj4mTbjohwc567Gy4=
=YxUz
-----END PGP SIGNATURE-----
Merge tag 'mlx5-fixes-2018-12-13' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux
mlx5-fixes-2018-12-13
Subject: [pull request][net 0/9] Mellanox, mlx5 fixes 2018-12-13
Saeed Mahameed says:
====================
This series introduces some fixes to the mlx5 core and mlx5e netdevice
driver.
=======
Conflict with net-next: When merged with net-next this series will
cause a moderate conflict:
1) in drivers/net/ethernet/mellanox/mlx5/core/en_tc.c (2 hunks)
Take hunks from net only and just replace *attr->mirror_count to *attr->split_count
1.1) there is one more instance of slow_attr->mirror_count to be replaced
with slow_attr->split_count, it doesn't appear in the conflict, it will
cause a compilation error if left out.
2) in mlx5_ifc.h, take hunks only from net.
Example for the merge resolution can be found at:
https://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux.git/commit/?h=merge/mlx5-fixes&id=48830adf29804d85d77ed8a251d625db0eb5b8a8
branch merge/mlx5-fixes of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux
(I simply merged this pull request tag into net-next and resolved the conflict)
I don't know if it's ok with you, but to save your time, you can just:
git pull git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux merge/mlx5-fixes
Into net-next, before your next net merge, and you will have a clean
merge of net into net-next (at least for mlx5 files).
======
Please pull and let me know if there's any problem.
For -stable v4.18
338d615be484 ('net/mlx5e: Cancel DIM work on close SQ')
91f40f9904ad ('net/mlx5e: RX, Verify MPWQE stride size is in range')
For -stable v4.19
c5c7e1c41bbe ('net/mlx5e: Remove unused UDP GSO remaining counter')
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
proc_sys_lookup can fail with ENOMEM instead of ENOENT when the
corresponding sysctl table is being unregistered. In our case we see
this upon opening /proc/sys/net/*/conf files while network interfaces
are being deleted, which confuses our configuration daemon.
The problem was successfully reproduced and this fix tested on v4.9.122
and v4.20-rc6.
v2: return ERR_PTRs in all cases when proc_sys_make_inode fails instead
of mixing them with NULL. Thanks Al Viro for the feedback.
Fixes: ace0c791e6 ("proc/sysctl: Don't grab i_lock under sysctl_lock.")
Cc: stable@vger.kernel.org
Signed-off-by: Ivan Delalande <colona@arista.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Two bugfixes, each with test-suite updates, two improvements to the
test-suite without associated bugs, and one patch adding a missing API.
-----BEGIN PGP SIGNATURE-----
iQFIBAABCgAyFiEEejHryeLBw/spnjHrDpNsjXcpgj4FAlwS8ZUUHHdpbGx5QGlu
ZnJhZGVhZC5vcmcACgkQDpNsjXcpgj5h0wf9Fmc3z3WjmX05he+XKhGq1jQuHYVi
zt8Eggsc7ns1hX8xPdwSw240CDOCBcbXxCyNL9KFCqlIkfxTAe8pYgoTDKuXhVAK
U7VTCHCxJpsYzfhkEke5DaASGb/YP1kmvoTJs7qCfhBuI9ERXLVK6cESJNDZhlMA
/d7VfRwRiqSLnK13AXPZAA9Pnw2GtAolMDU9CC9nOtMRlRDVwsQiwYiQ/mBRYK00
u0LoruwBJ7XAoe7Bo1CFmkvJuIV794cmhqkEY2cY85e9aoj15+BDqOu1la8DTaOl
e7+7PwK1I6Ed6DfPixGleUP7BYHHXCfb/RVEYn22qGC/YHUQRtpbwrY37Q==
=b+pK
-----END PGP SIGNATURE-----
Merge tag 'xarray-4.20-rc7' of git://git.infradead.org/users/willy/linux-dax
Pull XArray fixes from Matthew Wilcox:
"Two bugfixes, each with test-suite updates, two improvements to the
test-suite without associated bugs, and one patch adding a missing
API"
* tag 'xarray-4.20-rc7' of git://git.infradead.org/users/willy/linux-dax:
XArray: Fix xa_alloc when id exceeds max
XArray tests: Check iterating over multiorder entries
XArray tests: Handle larger indices more elegantly
XArray: Add xa_cmpxchg_irq and xa_cmpxchg_bh
radix tree: Don't return retry entries from lookup
UBIFS's recovery code strictly assumes that a deleted inode will never
come back, therefore it removes all data which belongs to that inode
as soon it faces an inode with link count 0 in the replay list.
Before O_TMPFILE this assumption was perfectly fine. With O_TMPFILE
it can lead to data loss upon a power-cut.
Consider a journal with entries like:
0: inode X (nlink = 0) /* O_TMPFILE was created */
1: data for inode X /* Someone writes to the temp file */
2: inode X (nlink = 0) /* inode was changed, xattr, chmod, … */
3: inode X (nlink = 1) /* inode was re-linked via linkat() */
Upon replay of entry #2 UBIFS will drop all data that belongs to inode X,
this will lead to an empty file after mounting.
As solution for this problem, scan the replay list for a re-link entry
before dropping data.
Fixes: 474b93704f ("ubifs: Implement O_TMPFILE")
Cc: stable@vger.kernel.org
Cc: Russell Senior <russell@personaltelco.net>
Cc: Rafał Miłecki <zajec5@gmail.com>
Reported-by: Russell Senior <russell@personaltelco.net>
Reported-by: Rafał Miłecki <zajec5@gmail.com>
Tested-by: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: Richard Weinberger <richard@nod.at>
The UBI device reference is dropped but then the device is used as a
parameter of ubi_err. The bug is introduced in changing ubi_err's
behavior. The old ubi_err does not require a UBI device as its first
parameter, but the new one does.
Fixes: 3260870331 ("UBI: Extend UBI layer debug/messaging capabilities")
Signed-off-by: Pan Bian <bianpan2016@163.com>
Reviewed-by: Boris Brezillon <boris.brezillon@bootlin.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
The MTD device reference is dropped via put_mtd_device, however its
field ->index is read and passed to ubi_msg. To fix this, the patch
moves the reference dropping after calling ubi_msg.
Signed-off-by: Pan Bian <bianpan2016@163.com>
Reviewed-by: Boris Brezillon <boris.brezillon@bootlin.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
When ubifs is build without the LZO compressor and no compressor is
given the creation of the default file system will fail. before
selection the LZO compressor check if it is present and if not fall back
to the zlib or none.
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Richard Weinberger <richard@nod.at>
If the call to ubifs_read_nnode() fails in ubifs_lpt_calc_hash() an
error is returned without freeing the memory allocated to 'buf'.
Read and check the root node before allocating the buffer.
Detected by CoverityScan, CID 1441025 ("Resource leak")
Signed-off-by: Garry McNulty <garrmcnu@gmail.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
The new authentication support causes a build failure
when CONFIG_KEYS is disabled, so add a dependency.
fs/ubifs/auth.c: In function 'ubifs_init_authentication':
fs/ubifs/auth.c:249:16: error: implicit declaration of function 'request_key'; did you mean 'request_irq'? [-Werror=implicit-function-declaration]
keyring_key = request_key(&key_type_logon, c->auth_key_name, NULL);
Fixes: d8a22773a1 ("ubifs: Enable authentication support")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Richard Weinberger <richard@nod.at>
Instead of adding yet another dependency on UBIFS_FS, wrap the whole
block of ubifs config options in a single "if UBIFS_FS".
Fixes: d8a22773a1 ("ubifs: Enable authentication support")
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Acked-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Richard Weinberger <richard@nod.at>
Having two shash descriptors on the stack cause a very significant kernel
stack usage that can cross the warning threshold:
fs/ubifs/replay.c: In function 'authenticate_sleb':
fs/ubifs/replay.c:633:1: error: the frame size of 1144 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
Normally, gcc optimizes the out, but with CONFIG_CC_OPTIMIZE_FOR_DEBUGGING,
it does not. Splitting the two stack allocations into separate functions
means that they will use the same memory again. In normal configurations
(optimizing for size or performance), those should get inlined and we get
the same behavior as before.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Richard Weinberger <richard@nod.at>
This Kselftest update for Linux 4.20-rc7 consists of a single fix for
seccomp test from Kees Cook.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEPZKym/RZuOCGeA/kCwJExA0NQxwFAlwSv6sACgkQCwJExA0N
QxyMog/+OU7CdkJSjuWnu+8I0uWlmmtco0xb0fRh25do4QSlxoaZloixHupakK2+
RbV32pXMuvc+Sdg8ALHrYT4KVcFmIgFDieaflj4SoECwbBUMAB7YPSPW0EsYoM41
IRNYcOGzOv3FTDr+74es9vyN2vv20+G3IIl0urGJJTLiG3VKmphrcF2/x7RDC3fb
2VCo1zBvUm+nN2+TOQQNmQxUOSn92A3Rq0Tpz3RqAFun9+bPq7amha0p8et5vcaY
yCUVegRA7KKtTlqV2RQpPNhXr9vBtWVoBmFn02JVE74/Vh4Y7sKwKUekyPtBFUQD
4ncSuk5v7MjrEuCcmZH1eXO/KaxoYelf/1q8B/ZblqKQJV5elQt2vtoX5zwRU9BJ
5Zsal+/CJCJvYe9zJt3eola3OYmCmUsvImPfvl9c4ruo9hFBDTfwCCABnHkD0Kvg
hbHAEeLRLWviVufy3jHI3HxsaULMWtId5KIISuXWY1aqLN5noqAql5befqjYgXzp
EeZ1fr0MBa3gXrhlZ6TVMU2leRX7C4NP1ig4IZArugdD7Bh9fqJlTa+GITIMLGub
IGf0j188p2PZUJbOFDaqbnHXkf+7IvAFqBCYydJmILSbPOyLUprtpPZa9xA5jp5R
A2ggHtxCGWsE05MoOQwP7SQZB7R3iUJ9lA07wh4l62MGK2jeeyI=
=bp9r
-----END PGP SIGNATURE-----
Merge tag 'linux-kselftest-4.20-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
Pull Kselftest fix from Shuah Khan:
"A single fix for a seccomp test from Kees Cook."
* tag 'linux-kselftest-4.20-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
selftests/seccomp: Remove SIGSTOP si_pid check
Before 98f4c65176, we returned zeros for unopened channels.
With 98f4c65176, we started to return random on-stack values.
We'd better return -EINVAL instead.
Fixes: 98f4c65176 ("hv: move ringbuffer bus attributes to dev_groups")
Cc: stable@vger.kernel.org
Cc: K. Y. Srinivasan <kys@microsoft.com>
Cc: Haiyang Zhang <haiyangz@microsoft.com>
Cc: Stephen Hemminger <sthemmin@microsoft.com>
Signed-off-by: Dexuan Cui <decui@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Specifying a starting ID greater than the maximum ID isn't something
attempted very often, but it should fail. It was succeeding due to
xas_find_marked() returning the wrong error state, so add tests for
both xa_alloc() and xas_find_marked().
Fixes: b803b42823 ("xarray: Add XArray iterators")
Signed-off-by: Matthew Wilcox <willy@infradead.org>
- One performance regression for hfi1
- One kasan fix for hfi1
- A couple mlx5 fixes
- A core oops fix
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJcEo1oAAoJELgmozMOVy/dUr8QAJiAsiUxm6F5KDLubocvNpLp
rGNi43Rc1wFOKg0c4epPCxU2vQSfuIeERCCdPSX/vTvpzKjgtXN3+PP0iPyn2mUV
88MFAG/HE0QOnyyDYCa8nIWNKLnuFiJ0eaEBWRT1vVFgBpVS1zSriT63+ZEslGC+
PoB2EQiwCY/ORpZp967r08LwdiFHk7czYgadtNkOPvBceF5raeKH74rJ65l9Nb/T
JmW7liMmXbq1rbLBf6/aC134Q8NTHRKLb+MfkjYjUph8qRQ6Pj4XK5mA/m+bR6L8
Tj8H+JUZG4DNpiHrVr5LmVIS7uW1B6L59iH7c98m41gC/TOQKxC5cuee5I1QS4QX
xIT5gqW/dKJ9vmnjfDqPUzFjxg+RlaHytHry85/51+cjltWwszcR9gW1mjqysSwp
1Knm2emB/DGyr9DMTO592gVuDaJtWGKgKKcXOr9H4LqmQftczyWfgINr5SXQ//Ej
PTO8PtHwPV2DHd8qkeQjgB2U5TB60wthB9akeqY+mgNe7A147abGWDhWNRSFIHEy
G+5jX6iwng1VNe90Qd1g3vaLhmmbcwOIs7lip94OxePrx1NMAqiRwv6LvUMM1GOs
dm4fLXbj1aWeMZ+x8IYGSnpxjPIdCe4gQAeZ5WJRxkhv/x+xkNXoT6jqhqS7qeDO
8QP87gemR/LuISS7TTGL
=P1FB
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
Pull rdma fixes from Doug Ledford:
"We have 5 small fixes for this pull request. One is a performance
regression, so not necessarily strictly a fix, but it was small and
reasonable and claimed to avoid thrashing in the scheduler, so I took
it. The remaining are all legitimate fixes that match the "we take
fixes any time" criteria.
Summary:
- One performance regression for hfi1
- One kasan fix for hfi1
- A couple mlx5 fixes
- A core oops fix"
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
IB/core: Fix oops in netdev_next_upper_dev_rcu()
IB/mlx5: Block DEVX umem from the non applicable cases
IB/mlx5: Fix implicit ODP interrupted page fault
IB/hfi1: Fix an out-of-bounds access in get_hw_stats
IB/hfi1: Fix a latency issue for small messages
Only usual suspects here: a few more fixups for Realtek HD-audio on
various PCs, including a regression fix in the previous fix for
Lenovo X1 Carbon, as well as a typo fix in the recent Fireface patch.
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAlwSEwMOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE+Wzg//QJ5MQfbOi4TqAVuk4BSqLd4PPxksiCC92981
JGW/LcNZFw1tj/dH9Y3d99555wc21jBGVjRT9UvA8aQ+R0Hj8+A5jwpybk2Z9JPF
RgpR2pboa/PQ0bGdE0CFnotD+sa5//AxC++KoekLSq6BDGOhPUprQfqJxs/pK+kf
Wsmh87VIpHuljWXaBARoXdkRSIDeOUAUnI+a2XkxLiJR2/2BGljZLYo5oOJlfVqc
YMwsmjffClYlF6yeUjg+MkleE8AIzrsyztHVid3vu3Hbh1HmPVwjMMYT9Zt9Q1lQ
gb++XOtUqWh2kFbQH8PgdlhGOz4SGZEygHunViQ30Fl54KpI+xKdWrtr5aPduqwH
eLMjURD91QWMwaBpz0V04QDbTr8H5MoCIXiVs46pgSEXyyd2eCoewu3+X9aBKmCZ
L/oViKUnIwp1m0EcKBn6QFAHJVEUnUeOBZbLaSNxgKjaHhAyNDaZs2w1goUWpaZL
Jy4fvbFj2H1f6fNTZGSyJOpIJ4+DYAYeJFRmJJC0PpZJodr3shOPTjzBI506Lz8U
dREQSqZMfmqjfCr52hwcCAwtCfL45zD1OqeLEzN3St1ZUEw5GL3Fvg2eZBLfDFD1
LXxUT/S+ColfiZicqcHpD74JCWiT3hFprAHs118NDUbl54ZARGxdscJ/8AOZ8Qbq
SfOTzP0=
=3Ked
-----END PGP SIGNATURE-----
Merge tag 'sound-4.20-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"Only usual suspects here: a few more fixups for Realtek HD-audio on
various PCs, including a regression fix in the previous fix for Lenovo
X1 Carbon, as well as a typo fix in the recent Fireface patch"
* tag 'sound-4.20-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294
ALSA: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294
ALSA: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN
ALSA: fireface: fix reference to wrong register for clock configuration
ALSA: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon
ALSA: hda/realtek - Fixed headphone issue for ALC700
Currently for liveness and state pruning the register parentage
chains don't include states of the callee. This makes some sense
as the callee can't access those registers. However, this means
that READs done after the callee returns will not propagate into
the states of the callee. Callee will then perform pruning
disregarding differences in caller state.
Example:
0: (85) call bpf_user_rnd_u32
1: (b7) r8 = 0
2: (55) if r0 != 0x0 goto pc+1
3: (b7) r8 = 1
4: (bf) r1 = r8
5: (85) call pc+4
6: (15) if r8 == 0x1 goto pc+1
7: (05) *(u64 *)(r9 - 8) = r3
8: (b7) r0 = 0
9: (95) exit
10: (15) if r1 == 0x0 goto pc+0
11: (95) exit
Here we acquire unknown state with call to get_random() [1]. Then
we store this random state in r8 (either 0 or 1) [1 - 3], and make
a call on line 5. Callee does nothing but a trivial conditional
jump (to create a pruning point). Upon return caller checks the
state of r8 and either performs an unsafe read or not.
Verifier will first explore the path with r8 == 1, creating a pruning
point at [11]. The parentage chain for r8 will include only callers
states so once verifier reaches [6] it will mark liveness only on states
in the caller, and not [11]. Now when verifier walks the paths with
r8 == 0 it will reach [11] and since REG_LIVE_READ on r8 was not
propagated there it will prune the walk entirely (stop walking
the entire program, not just the callee). Since [6] was never walked
with r8 == 0, [7] will be considered dead and replaced with "goto -1"
causing hang at runtime.
This patch weaves the callee's explored states onto the callers
parentage chain. Rough parentage for r8 would have looked like this
before:
[0] [1] [2] [3] [4] [5] [10] [11] [6] [7]
| | ,---|----. | | |
sl0: sl0: / sl0: \ sl0: sl0: sl0:
fr0: r8 <-- fr0: r8<+--fr0: r8 `fr0: r8 ,fr0: r8<-fr0: r8
\ fr1: r8 <- fr1: r8 /
\__________________/
after:
[0] [1] [2] [3] [4] [5] [10] [11] [6] [7]
| | | | | |
sl0: sl0: sl0: sl0: sl0: sl0:
fr0: r8 <-- fr0: r8 <- fr0: r8 <- fr0: r8 <-fr0: r8<-fr0: r8
fr1: r8 <- fr1: r8
Now the mark from instruction 6 will travel through callees states.
Note that we don't have to connect r0 because its overwritten by
callees state on return and r1 - r5 because those are not alive
any more once a call is made.
v2:
- don't connect the callees registers twice (Alexei: suggestion & code)
- add more details to the comment (Ed & Alexei)
v1: don't unnecessarily link caller saved regs (Jiong)
Fixes: f4d7e40a5b ("bpf: introduce function calls (verification)")
Reported-by: David Beckett <david.beckett@netronome.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Jiong Wang <jiong.wang@netronome.com>
Reviewed-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Add entry for mt76 driver in MAINTAINERS file
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Starting from mac80211 commit adf8ed01e4 ("mac80211: add an optional
TXQ for other PS-buffered frames") and commit 0eeb2b674f ("mac80211:
add an option for station management TXQ") a new per-sta queue has been
introduced for bufferable management frames.
sta->txq[IEEE80211_NUM_TIDS] is initialized just if the driver reports
the following hw flags:
- IEEE80211_HW_STA_MMPDU_TXQ
- IEEE80211_HW_BUFF_MMPDU_TXQ
This can produce a NULL pointer dereference in mt76_stop_tx_queues
since mt76 iterates on all available sta tx queues assuming they are
initialized by mac80211. This issue has been spotted analyzing the code
(it has not triggered any crash yet)
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
This reverts commit 5188d5453b, because it
introduced lock recursion:
BUG: spinlock recursion on CPU#2, kworker/u13:1/395
lock: 0xffffffc0e28a47f0, .magic: dead4ead, .owner: kworker/u13:1/395, .owner_cpu: 2
CPU: 2 PID: 395 Comm: kworker/u13:1 Not tainted 4.20.0-rc4+ #2
Hardware name: Google Kevin (DT)
Workqueue: MWIFIEX_RX_WORK_QUEUE mwifiex_rx_work_queue [mwifiex]
Call trace:
dump_backtrace+0x0/0x140
show_stack+0x20/0x28
dump_stack+0x84/0xa4
spin_bug+0x98/0xa4
do_raw_spin_lock+0x5c/0xdc
_raw_spin_lock_irqsave+0x38/0x48
mwifiex_flush_data+0x2c/0xa4 [mwifiex]
call_timer_fn+0xcc/0x1c4
run_timer_softirq+0x264/0x4f0
__do_softirq+0x1a8/0x35c
do_softirq+0x54/0x64
netif_rx_ni+0xe8/0x120
mwifiex_recv_packet+0xfc/0x10c [mwifiex]
mwifiex_process_rx_packet+0x1d4/0x238 [mwifiex]
mwifiex_11n_dispatch_pkt+0x190/0x1ac [mwifiex]
mwifiex_11n_rx_reorder_pkt+0x28c/0x354 [mwifiex]
mwifiex_process_sta_rx_packet+0x204/0x26c [mwifiex]
mwifiex_handle_rx_packet+0x15c/0x16c [mwifiex]
mwifiex_rx_work_queue+0x104/0x134 [mwifiex]
worker_thread+0x4cc/0x72c
kthread+0x134/0x13c
ret_from_fork+0x10/0x18
This was clearly not tested well at all. I simply performed 'wget' in a
loop and it fell over within a few seconds.
Fixes: 5188d5453b ("mwifiex: restructure rx_reorder_tbl_lock usage")
Cc: <stable@vger.kernel.org>
Cc: Ganapathi Bhat <gbhat@marvell.com>
Signed-off-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
With commit 0a9f8f0a1b ("rtlwifi: fix btmpinfo timeout while processing
C2H_BT_INFO"), calling rtl_c2hcmd_enqueue() with rtl_c2h_fast_cmd() true,
the routine returns without freeing that skb, thereby leaking it.
This issue has been discussed at https://github.com/lwfinger/rtlwifi_new/issues/401
and the fix tested there.
Fixes: 0a9f8f0a1b ("rtlwifi: fix btmpinfo timeout while processing C2H_BT_INFO")
Reported-and-tested-by: Francisco Machado Magalhães Neto <franmagneto@gmail.com>
Cc: Francisco Machado Magalhães Neto <franmagneto@gmail.com>
Cc: Ping-Ke Shih <pkshih@realtek.com>
Cc: Stable <stable@vger.kernel.org> # 4.18+
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
With the new validation code, a malicious user-space app could
potentially submit command streams with enough buffer-object and resource
references in them to have the resulting allocated validion nodes and
relocations make the kernel run out of GFP_KERNEL memory.
Protect from this by having the validation code reserve TTM graphics
memory when allocating.
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Reviewed-by: Deepak Rawat <drawat@vmware.com>
---
v2: Removed leftover debug printouts
