Commit Graph

547298 Commits

Author SHA1 Message Date
Maxim Sheviakov
e786547991 drm/radeon: add quirk for MSI R7 370
Just adds the quirk for MSI R7 370 Armor 2X
Bug:
https://bugs.freedesktop.org/show_bug.cgi?id=91294

Signed-off-by: Maxim Sheviakov <mrader3940@yandex.ru>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
2015-09-23 17:23:47 -04:00
Alex Deucher
4c7fbc39b1 drm/amdgpu: Sprinkle drm_modeset_lock_all to appease locking checks
In

commit 7a3f3d6667
Author: Daniel Vetter <daniel.vetter@ffwll.ch>
Date:   Thu Jul 9 23:44:28 2015 +0200

    drm: Check locking in drm_for_each_connector

I added locking checks to drm_for_each_connector but failed that
through drm_helper_connector_dpms -> drm_helper_choose_encoder_dpms
it's used in a few more places in the amdgpu resume/suspend code.

Fix them up.

Note that we could use the connector iterator macros in there too, but
that's for the future.

Port of radeon commit:
drm/radeon: Sprinkle drm_modeset_lock_all to appease locking checks

Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
2015-09-23 17:23:46 -04:00
Daniel Vetter
6adaed5bfe drm/radeon: Sprinkle drm_modeset_lock_all to appease locking checks
In

commit 7a3f3d6667
Author: Daniel Vetter <daniel.vetter@ffwll.ch>
Date:   Thu Jul 9 23:44:28 2015 +0200

    drm: Check locking in drm_for_each_connector

I added locking checks to drm_for_each_connector but failed that
through drm_helper_connector_dpms -> drm_helper_choose_encoder_dpms
it's used in a few more places in the radeon resume/suspend code.

Fix them up.

Note that we could use the connector iterator macros in there too, but
that's for the future.

Reported-and-tested-by: Borislav Petkov <bp@alien8.de>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
2015-09-23 17:23:46 -04:00
monk.liu
5c3422b0b1 drm/amdgpu: sync ce and me with SWITCH_BUFFER(2)
we used to adopt wait_reg_mem to let CE wait before DE finish page
updating, but from Tonga+, CE doesn't support wait_reg_mem package so
this logic no longer works.

so here is another approach to do same thing:
Insert two of SWITCH_BUFFER at both front and end of vm_flush can
guarantee that CE not go further to process IB_const before vm_flush
done.

Insert two of SWITCH_BUFFER also works on CI, so remove legency method
to sync CE and ME

v2:
Insert double SWITCH_BUFFER at front of vm flush as well.

Signed-off-by: monk.liu <monk.liu@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
2015-09-23 17:23:45 -04:00
Dan Carpenter
54ef0b5461 drm/amdgpu: integer overflow in amdgpu_mode_dumb_create()
args->size is a u64.  arg->pitch and args->height are u32.  The
multiplication will overflow instead of using the high 32 bits as
intended.

Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
2015-09-23 17:23:44 -04:00
Dan Carpenter
0913eab648 drm/amdgpu: info leak in amdgpu_gem_metadata_ioctl()
There is no limit on args->data.data_size_bytes so we could read beyond
the end of the args->data.data[] array.

Reviewed-by: Christian König <christian.koenig@amd.com>
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
2015-09-23 17:23:44 -04:00
Dan Carpenter
0d2edd3791 drm/amdgpu: integer overflow in amdgpu_info_ioctl()
The "alloc_size" calculation can overflow leading to memory corruption.

Reviewed-by: Christian König <christian.koenig@amd.com>
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
2015-09-23 17:23:43 -04:00
Dan Carpenter
1d263474c4 drm/amdgpu: unwind properly in amdgpu_cs_parser_init()
The amdgpu_cs_parser_init() function doesn't clean up after itself but
instead the caller uses a free everything function amdgpu_cs_parser_fini()
on failure.  This style of error handling is often buggy.  In this
example, we call "drm_free_large(parser->chunks[i].kdata);" when it is
an unintialized pointer or when "parser->chunks" is NULL.

I fixed this bug by adding unwind code so that it frees everything that
it allocates.

I also mode some other very minor changes:
1) Renamed "r" to "ret".
2) Moved the chunk_array allocation to the start of the function.
3) Removed some initializers which are no longer needed.

Reviewed-by: Christian König <christian.koenig@amd.com>
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
2015-09-23 17:23:43 -04:00
Alex Deucher
5a6adfa20b drm/amdgpu: Fix max_vblank_count value for current display engines
The value was much too low, which could cause the userspace visible
vblank counter to move backwards when the hardware counter wrapped
around.

Ported from radeon commit:
b0b9bb4dd5

Reviewed-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Jammy Zhou <Jammy.Zhou@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
2015-09-23 17:23:42 -04:00
Andrzej Hajda
71affda522 drm/amdgpu: use kmemdup rather than duplicating its implementation
The patch was generated using fixed coccinelle semantic patch
scripts/coccinelle/api/memdup.cocci [1].

[1]: http://permalink.gmane.org/gmane.linux.kernel/2014320

Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
2015-09-23 17:23:41 -04:00
Leo Liu
1f4452105c drm/amdgpu: fix UVD suspend and resume for VI APU
User space passed the same handle before suspend and after resume,
so we have remove the session and handle destroy, and keep the
firmware untouched.

Signed-off-by: Leo Liu <leo.liu@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Cc: stable@vger.kernel.org
2015-09-23 17:23:41 -04:00
Leo Liu
2bd188d016 drm/amdgpu: fix the UVD suspend sequence order
Fixes suspend issues with UVD.

Signed-off-by: Leo Liu <leo.liu@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Cc: stable@vger.kernel.org
2015-09-23 17:23:40 -04:00
Leo Liu
5146419e6f drm/amdgpu: make UVD handle checking more strict
Invalid messages can crash the hw otherwise

Ported from radeon commit a1b403da70

Signed-off-by: Leo Liu <leo.liu@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Cc: stable@vger.kernel.org
2015-09-23 17:23:40 -04:00
Leo Liu
1ee4478a26 drm/amdgpu: Disable UVD PG
This causes problems with multiple suspend/resume cycles.

Signed-off-by: Leo Liu <leo.liu@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Cc: stable@vger.kernel.org
2015-09-23 17:23:39 -04:00
Christian König
4f839a243d drm/amdgpu: more scheduler cleanups v2
Embed the scheduler into the ring structure instead of allocating it.
Use the ring name directly instead of the id.

v2: rebased, whitespace cleanup

Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Junwei Zhang <Jerry.Zhang@amd.com>
Reviewed-by: Chunming Zhou<david1.zhou@amd.com>
2015-09-23 17:23:39 -04:00
Christian König
5ec92a7692 drm/amdgpu: cleanup fence queue init v2
Move the fence related stuff into amdgpu_fence.c

v2: rework commit message, cause this is actually not a bug

Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Chunming Zhou<david1.zhou@amd.com>
Reviewed-by: Junwei Zhang <Jerry.Zhang@amd.com>
2015-09-23 17:23:38 -04:00
Christian König
9b398fa5c2 drm/amdgpu: rename fence->scheduler to sched v2
Just to be consistent with the other members.

v2: rename the ring member as well.

Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Junwei Zhang <Jerry.Zhang@amd.com> (v1)
Reviewed-by: Chunming Zhou<david1.zhou@amd.com>
2015-09-23 17:23:37 -04:00
Christian König
0f75aee751 drm/amdgpu: cleanup entity init
Reorder the fields and properly return the kfifo_alloc error code.

Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Junwei Zhang <Jerry.Zhang@amd.com>
Reviewed-by: Chunming Zhou<david1.zhou@amd.com>
2015-09-23 17:23:37 -04:00
Junwei Zhang
a6db8a33e1 drm/amdgpu: refine the scheduler job type conversion
Use container_of rather than casting.

Reviewed-by: Christian König <christian.koenig@amd.com>
Reviewed-by: David Zhou <david1.zhou@amd.com>
Signed-off-by: Junwei Zhang <Jerry.Zhang@amd.com>
2015-09-23 17:23:36 -04:00
Junwei Zhang
4c7eb91cae drm/amdgpu: refine the job naming for amdgpu_job and amdgpu_sched_job
Use consistent naming across functions.

Reviewed-by: Christian König <christian.koenig@amd.com>
Reviewed-by: David Zhou <david1.zhou@amd.com>
Signed-off-by: Junwei Zhang <Jerry.Zhang@amd.com>
2015-09-23 17:23:36 -04:00
Christian König
bf60efd353 drm/amdgpu: use only one reservation object for each VM v2
Reduces the locking and fencing overhead.

v2: add comment why we need the duplicates list in the GEM op.

Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Reviewed-by: Jammy Zhou <Jammy.Zhou@amd.com>
2015-09-23 17:23:35 -04:00
Christian König
a5b750583e drm/amdgpu: validate duplicates in the CS as well
This allows for multiple BOs to have the same reservation object.

Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Jammy Zhou <Jammy.Zhou@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
2015-09-23 17:23:34 -04:00
Christian König
72d7668b5b drm/amdgpu: export reservation_object from dmabuf to ttm (v2)
Adds an extra argument to amdgpu_bo_create, which is only used in amdgpu_prime.c.

Port of radeon commit 831b6966a6.

v2: fix up kfd.

Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Jammy Zhou <Jammy.Zhou@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
2015-09-23 17:23:34 -04:00
Christian König
b7d698d7fd drm/amdgpu: fix overflow on 32bit systems
mem->start is a long, so this can overflow on 32bit systems.

Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Jammy Zhou <Jammy.Zhou@amd.com>
Cc: stable@vger.kernel.org
2015-09-23 17:23:33 -04:00
Christian König
1886d1a9ca drm/amdgpu: remove process_job callback from the scheduler
Just free the resources immediately after submitting the job.

Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Chunming Zhou <david1.zhou@amd.com>
Reviewed-by: Junwei Zhang <Jerry.Zhang@amd.com>
Reviewed-by: Jammy Zhou <Jammy.Zhou@amd.com>
2015-09-23 17:23:33 -04:00
Christian König
258f3f99d5 drm/amdgpu: move scheduler fence callback into fence v2
And call the processed callback directly after submitting the job.

v2: split adding error handling into separate patch.

Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Chunming Zhou <david1.zhou@amd.com>
Reviewed-by: Junwei Zhang <Jerry.Zhang@amd.com>
Reviewed-by: Jammy Zhou <Jammy.Zhou@amd.com>
2015-09-23 17:23:32 -04:00
Christian König
27439fcac0 drm/amdgpu: signal scheduler fence when hw submission fails v3
Otherwise the resource blocked by it will never be reclaimed.

v2: add DRM_ERROR.
v3: fix typo in commit message

Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Junwei Zhang <Jerry.Zhang@amd.com>
Reviewed-by: Chunming Zhou<david1.zhou@amd.com>
Reviewed-by: Jammy Zhou <Jammy.Zhou@amd.com>
2015-09-23 17:23:31 -04:00
Chunming Zhou
353da3c520 drm/amdgpu: add tracepoint for scheduler (v2)
track sched job status like the length of job queue and hw job queue.

v2: fix build after rebase

Signed-off-by: Chunming Zhou <david1.zhou@amd.com>
Reviewed-by: Jammy Zhou <Jammy.Zhou@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
2015-09-23 17:23:31 -04:00
Christian König
20a85ff846 drm/amdgpu: use write confirm for vm_flush()
Make sure the CP waits for the write to be confirmed before
invalidating.

Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
2015-09-23 17:23:30 -04:00
Anatoli Antonovitch
22c01cc483 drm/amdgpu: execution barrier after fence v2
Insert wait for reg mem after EOP to fix potential issue with vm context switch

v2: move wait to vm_flush() use equal instead of greater than.

Signed-off-by: Anatoli Antonovitch <anatoli.antonovitch@amd.com>
Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
2015-09-23 17:23:30 -04:00
Christian König
3daea9e3d3 drm/amdgpu: add option to disable semaphores
Provide module parameter to enable/disable them. Still
enabled by default.

Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
2015-09-23 17:23:29 -04:00
Johan Hovold
cbb4be652d USB: whiteheat: fix potential null-deref at probe
Fix potential null-pointer dereference at probe by making sure that the
required endpoints are present.

The whiteheat driver assumes there are at least five pairs of bulk
endpoints, of which the final pair is used for the "command port". An
attempt to bind to an interface with fewer bulk endpoints would
currently lead to an oops.

Fixes CVE-2015-5257.

Reported-by: Moein Ghasemzadeh <moein@istuary.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-09-23 12:15:19 -07:00
Mark Brown
ed14ee0eea Merge remote-tracking branches 'asoc/fix/wm8960' and 'asoc/fix/wm8962' into asoc-linus 2015-09-23 11:01:12 -07:00
Mark Brown
d86a2fe4dc Merge remote-tracking branches 'asoc/fix/mtk', 'asoc/fix/psc', 'asoc/fix/pxa', 'asoc/fix/spear', 'asoc/fix/sti' and 'asoc/fix/wm0010' into asoc-linus 2015-09-23 11:01:08 -07:00
Mark Brown
312e0bce7f Merge remote-tracking branches 'asoc/fix/davinci', 'asoc/fix/doc', 'asoc/fix/fsl-card', 'asoc/fix/fsl-ssi', 'asoc/fix/intel' and 'asoc/fix/maintainers' into asoc-linus 2015-09-23 11:01:03 -07:00
Mark Brown
fcffa0dbb6 Merge remote-tracking branch 'asoc/fix/rt5645' into asoc-linus 2015-09-23 11:01:02 -07:00
Mark Brown
5ee84ba8c7 Merge remote-tracking branch 'asoc/fix/dapm' into asoc-linus 2015-09-23 11:01:00 -07:00
Oder Chiou
fce97b4d70 ASoC: rt5645: Prevent the pop sound in case of playback and the jack is plugging
Signed-off-by: Oder Chiou <oder_chiou@realtek.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
2015-09-23 10:59:13 -07:00
Oder Chiou
4f4794124e ASoC: rt5645: Increase the delay time to remove the pop sound
Signed-off-by: Oder Chiou <oder_chiou@realtek.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
2015-09-23 10:59:10 -07:00
Oder Chiou
21cb13e72b ASoC: rt5645: Use the type SOC_DAPM_SINGLE_AUTODISABLE to prevent the weird sound in runtime of power up
Signed-off-by: Oder Chiou <oder_chiou@realtek.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
2015-09-23 10:59:07 -07:00
Andy Gross
50b956f3d8 firmware: qcom: scm: Add function stubs for ARM64
This patch adds stubs for the SCM functions exposed in the QCOM SCM API.

Signed-off-by: Andy Gross <agross@codeaurora.org>
Acked-by: Russell King <rmk+kernel@arm.linux.org.uk>
Acked-by: Bjorn Andersson <bjorn.andersson@sonymobile.com>
2015-09-23 12:00:43 -05:00
Jani Nikula
cd67d226eb drm/i915/bios: handle MIPI Sequence Block v3+ gracefully
The VBT MIPI Sequence Block version 3 has forward incompatible changes:

First, the block size in the header has been specified reserved, and the
actual size is a separate 32-bit value within the block. The current
find_section() function to will only look at the size in the block
header, and, depending on what's in that now reserved size field,
continue looking for other sections in the wrong place.

Fix this by taking the new block size field into account. This will
ensure that the lookups for other sections will work properly, as long
as the new 32-bit size does not go beyond the opregion VBT mailbox size.

Second, the contents of the block have been completely
changed. Gracefully refuse parsing the yet unknown data version.

Cc: Deepak M <m.deepak@intel.com>
Cc: stable@vger.kernel.org
Reviewed-by: Deepak M <m.deepak@intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
2015-09-23 16:59:37 +03:00
Peng Tao
500d701f33 NFS41: make close wait for layoutreturn
If we send a layoutreturn asynchronously before close, the close
might reach server first and layoutreturn would fail with BADSTATEID
because there is nothing keeping the layout stateid alive.

Also do not pretend sending layoutreturn if we are not.

Signed-off-by: Peng Tao <tao.peng@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
2015-09-23 08:55:32 -04:00
Vaibhav Jain
d6eb71a6d2 cxl: Fix lockdep warning while creating afu_err_buff attribute
Presently a lockdep warning is reported during creation of afu_err_buff
bin_attribute for the afu. This is caused due to the variable attr.key
not pointing to a static class key, hence the function lockdep_init_map
reports this warning:

 BUG: key <some-address> not in .data!

The patch fixes this issue by calling sysfs_attr_init on the
attr_eb.attr structure before populating it with the afu_err_buff file
details. This will populate the attr.key variable with a static class
key so that lockdep_init_map stops complaining about the lockdep key not
being static.

Reported-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Vaibhav Jain <vaibhav@linux.vnet.ibm.com>
Acked-by: Ian Munsie <imunsie@au1.ibm.com>
Reviewed-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2015-09-23 20:57:13 +10:00
Maarten Lankhorst
721a09f739 drm/i915: Add primary plane to mask if it's visible
This fixes the warnings like

"plane A assertion failure, should be disabled but not"

that on the initial modeset during boot. This can happen if
the primary plane is enabled by the firmware, but inheriting
it fails because the DMAR is active or for other reasons.

Most likely caused by

commit 36750f284b
Author: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Date:   Mon Jun 1 12:49:54 2015 +0200

    drm/i915: update plane state during init

Reported-by: Andreas Reis <andreas.reis@gmail.com>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=91429
Reported-and-tested-by: Emil Renner Berthing <kernel@esmil.dk>
Tested-by: Andreas Reis <andreas.reis@gmail.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
2015-09-23 13:18:26 +03:00
Jesse Barnes
41b578fb0e drm/i915: workaround bad DSL readout v3
On HSW at least (still testing other platforms, but should be harmless
elsewhere), the DSL reg reads back as 0 when read around vblank start
time.  This ends up confusing the atomic start/end checking code, since
it causes the update to appear as if it crossed a frame count boundary.
Avoid the problem by making sure we don't return scanline_offset from
the get_crtc_scanline function.  In moving the code there, I add to add
an additional delay since it could be called and have a legitimate 0
result for some time (depending on the pixel clock).

v2: move hsw dsl read hack to get_crtc_scanline (Ville)
v3: use break instead of goto (Ville)
    update comment with workaround details (Ville)

References: https://bugs.freedesktop.org/show_bug.cgi?id=91579
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
2015-09-23 10:13:50 +03:00
Neil Armstrong
fbd03513bf net: dsa: Fix Marvell Egress Trailer check
The Marvell Egress rx trailer check must be fixed to
correctly detect bad bits in the third byte of the
Eggress trailer as described in the Table 28 of the
88E6060 datasheet.
The current code incorrectly omits to check the third
byte and checks the fourth byte twice.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Acked-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-22 17:37:03 -07:00
Dmitriy Vyukov
7def0f952e lib: fix data race in rhashtable_rehash_one
rhashtable_rehash_one() uses complex logic to update entry->next field,
after INIT_RHT_NULLS_HEAD and NULLS_MARKER expansion:

entry->next = 1 | ((base + off) << 1)

This can be compiled along the lines of:

entry->next = base + off
entry->next <<= 1
entry->next |= 1

Which will break concurrent readers.

NULLS value recomputation is not needed here, so just remove
the complex logic.

The data race was found with KernelThreadSanitizer (KTSAN).

Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-22 17:36:07 -07:00
Tobias Klauser
23eedbc243 ch9200: Convert to use module_usb_driver
Converts the ch9200 driver to use the module_usb_driver() macro which
makes the code smaller and a bit simpler.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Acked-by: Matthew Garrett <mjg59@srcf.ucam.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-22 17:34:57 -07:00
Jesse Gross
ae5f2fb1d5 openvswitch: Zero flows on allocation.
When support for megaflows was introduced, OVS needed to start
installing flows with a mask applied to them. Since masking is an
expensive operation, OVS also had an optimization that would only
take the parts of the flow keys that were covered by a non-zero
mask. The values stored in the remaining pieces should not matter
because they are masked out.

While this works fine for the purposes of matching (which must always
look at the mask), serialization to netlink can be problematic. Since
the flow and the mask are serialized separately, the uninitialized
portions of the flow can be encoded with whatever values happen to be
present.

In terms of functionality, this has little effect since these fields
will be masked out by definition. However, it leaks kernel memory to
userspace, which is a potential security vulnerability. It is also
possible that other code paths could look at the masked key and get
uninitialized data, although this does not currently appear to be an
issue in practice.

This removes the mask optimization for flows that are being installed.
This was always intended to be the case as the mask optimizations were
really targetting per-packet flow operations.

Fixes: 03f0d916 ("openvswitch: Mega flow implementation")
Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-22 17:33:41 -07:00