David Howells [Thu, 10 May 2018 22:26:00 +0000 (23:26 +0100)]
rxrpc: Fix error reception on AF_INET6 sockets
AF_RXRPC tries to turn on IP_RECVERR and IP_MTU_DISCOVER on the UDP socket
it just opened for communications with the outside world, regardless of the
type of socket. Unfortunately, this doesn't work with an AF_INET6 socket.
Fix this by turning on IPV6_RECVERR and IPV6_MTU_DISCOVER instead if the
socket is of the AF_INET6 family.
Without this, kAFS server and address rotation doesn't work correctly
because the algorithm doesn't detect received network errors.
David Howells [Thu, 10 May 2018 22:26:00 +0000 (23:26 +0100)]
rxrpc: Fix missing start of call timeout
The expect_rx_by call timeout is supposed to be set when a call is started
to indicate that we need to receive a packet by that point. This is
currently put back every time we receive a packet, but it isn't started
when we first send a packet. Without this, the call may wait forever if
the server doesn't deign to reply.
Fix this by setting the timeout upon a successful UDP sendmsg call for the
first DATA packet. The timeout is initiated only for initial transmission
and not for subsequent retries as we don't want the retry mechanism to
extend the timeout indefinitely.
Fixes: a158bdd3247b ("rxrpc: Fix call timeouts") Reported-by: Marc Dionne <[email protected]> Signed-off-by: David Howells <[email protected]>
Xin Long [Thu, 10 May 2018 09:34:13 +0000 (17:34 +0800)]
sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg
In Commit 1f45f78f8e51 ("sctp: allow GSO frags to access the chunk too"),
it held the chunk in sctp_ulpevent_make_rcvmsg to access it safely later
in recvmsg. However, it also added sctp_chunk_put in fail_mark err path,
which is only triggered before holding the chunk.
syzbot reported a use-after-free crash happened on this err path, where
it shouldn't call sctp_chunk_put.
The hyper-v transparent bonding should have used master_dev_link.
The netvsc device should look like a master bond device not
like the upper side of a tunnel.
This makes the semantics the same so that userspace applications
looking at network devices see the correct master relationshipship.
Fixes: 0c195567a8f6 ("netvsc: transparent VF management") Signed-off-by: Stephen Hemminger <[email protected]> Signed-off-by: David S. Miller <[email protected]>
David S. Miller [Thu, 10 May 2018 21:34:50 +0000 (17:34 -0400)]
Merge tag 'mac80211-for-davem-2018-05-09' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
Johannes Berg says:
====================
We only have a few fixes this time:
* WMM element validation
* SAE timeout
* add-BA timeout
* docbook parsing
* a few memory leaks in error paths
====================
Davide Caratti [Wed, 9 May 2018 16:45:42 +0000 (18:45 +0200)]
tc-testing: fix tdc tests for 'bpf' action
- correct a typo in the value of 'matchPattern' of test 282d, potentially
causing false negative
- allow errors when 'teardown' executes '$TC action flush action bpf' in
test 282d, to fix false positive when it is run with act_bpf unloaded
- correct the value of 'matchPattern' in test e939, causing false positive
in case the BPF JIT is enabled
Fixes: 440ea4ae1828 ("tc-testing: add selftests for 'bpf' action") Signed-off-by: Davide Caratti <[email protected]> Acked-by: Lucas Bates <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Moshe Shemesh [Wed, 9 May 2018 15:35:13 +0000 (18:35 +0300)]
net/mlx4_en: Verify coalescing parameters are in range
Add check of coalescing parameters received through ethtool are within
range of values supported by the HW.
Driver gets the coalescing rx/tx-usecs and rx/tx-frames as set by the
users through ethtool. The ethtool support up to 32 bit value for each.
However, mlx4 modify cq limits the coalescing time parameter and
coalescing frames parameters to 16 bits.
Return out of range error if user tries to set these parameters to
higher values.
Change type of sample-interval and adaptive_rx_coal parameters in mlx4
driver to u32 as the ethtool holds them as u32 and these parameters are
not limited due to mlx4 HW.
Fixes: c27a02cd94d6 ('mlx4_en: Add driver for Mellanox ConnectX 10GbE NIC') Signed-off-by: Moshe Shemesh <[email protected]> Signed-off-by: Tariq Toukan <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Paolo Abeni [Wed, 9 May 2018 10:42:34 +0000 (12:42 +0200)]
udp: fix SO_BINDTODEVICE
Damir reported a breakage of SO_BINDTODEVICE for UDP sockets.
In absence of VRF devices, after commit fb74c27735f0 ("net:
ipv4: add second dif to udp socket lookups") the dif mismatch
isn't fatal anymore for UDP socket lookup with non null
sk_bound_dev_if, breaking SO_BINDTODEVICE semantics.
This changeset addresses the issue making the dif match mandatory
again in the above scenario.
Reported-by: Damir Mansurov <[email protected]> Fixes: fb74c27735f0 ("net: ipv4: add second dif to udp socket lookups") Fixes: 1801b570dd2a ("net: ipv6: add second dif to udp socket lookups") Signed-off-by: Paolo Abeni <[email protected]> Acked-by: David Ahern <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Hangbin Liu [Wed, 9 May 2018 10:06:44 +0000 (18:06 +0800)]
ipv4: reset fnhe_mtu_locked after cache route flushed
After route cache is flushed via ipv4_sysctl_rtcache_flush(), we forget
to reset fnhe_mtu_locked in rt_bind_exception(). When pmtu is updated
in __ip_rt_update_pmtu(), it will return directly since the pmtu is
still locked. e.g.
+ ip netns exec client ping 10.10.1.1 -c 1 -s 1400 -M do
PING 10.10.1.1 (10.10.1.1) 1400(1428) bytes of data.
>From 10.10.0.254 icmp_seq=1 Frag needed and DF set (mtu = 0)
Mohammed Gamal [Wed, 9 May 2018 08:17:34 +0000 (10:17 +0200)]
hv_netvsc: Fix net device attach on older Windows hosts
On older windows hosts the net_device instance is returned to
the caller of rndis_filter_device_add() without having the presence
bit set first. This would cause any subsequent calls to network device
operations (e.g. MTU change, channel change) to fail after the device
is detached once, returning -ENODEV.
Instead of returning the device instabce, we take the exit path where
we call netif_device_attach()
Fixes: 7b2ee50c0cd5 ("hv_netvsc: common detach logic") Signed-off-by: Mohammed Gamal <[email protected]> Reviewed-by: Stephen Hemminger <[email protected]> Signed-off-by: David S. Miller <[email protected]>
nfp: flower: remove headroom from max MTU calculation
Since commit 29a5dcae2790 ("nfp: flower: offload phys port MTU change") we
take encapsulation headroom into account when calculating the max allowed
MTU. This is unnecessary as the max MTU advertised by firmware should have
already accounted for encap headroom.
Subtracting headroom twice brings the max MTU below what's necessary for
some deployments.
David S. Miller [Thu, 10 May 2018 19:22:36 +0000 (15:22 -0400)]
Merge branch 'qed-rdma-fixes'
Michal Kalderon says:
====================
qed*: Rdma fixes
This patch series include two fixes for bugs related to rdma.
The first has to do with loading the driver over an iWARP
device.
The second fixes a previous commit that added proper link
indication for iWARP / RoCE.
====================
Michal Kalderon [Tue, 8 May 2018 18:29:19 +0000 (21:29 +0300)]
qede: Fix gfp flags sent to rdma event node allocation
A previous commit 4609adc27175 ("qede: Fix qedr link update")
added a flow that could allocate rdma event objects from an
interrupt path (link notification). Therefore the kzalloc call
should be done with GFP_ATOMIC.
Linus Torvalds [Thu, 10 May 2018 18:42:01 +0000 (11:42 -0700)]
Merge tag 'for-4.17/dm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
Pull device mapper fixes from Mike Snitzer:
- a stable fix for DM integrity to use kvfree
- fix for a 4.17-rc1 change to dm-bufio's buffer alignment
- fixes for a few sparse warnings
- remove VLA usage in DM mirror target
- improve DM thinp Documentation for the "read_only" feature
* tag 'for-4.17/dm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
dm thin: update Documentation to clarify when "read_only" is valid
dm mirror: remove VLA usage
dm: fix some sparse warnings and whitespace in dax methods
dm cache background tracker: fix sparse warning
dm bufio: fix buffer alignment
dm integrity: use kvfree for kvmalloc'd memory
Lukas Wunner [Wed, 9 May 2018 12:43:43 +0000 (14:43 +0200)]
can: hi311x: Work around TX complete interrupt erratum
When sending packets as fast as possible using "cangen -g 0 -i -x", the
HI-3110 occasionally latches the interrupt pin high on completion of a
packet, but doesn't set the TXCPLT bit in the INTF register. The INTF
register contains 0x00 as if no interrupt has occurred. Even waiting
for a few milliseconds after the interrupt doesn't help.
Work around this apparent erratum by instead checking the TXMTY bit in
the STATF register ("TX FIFO empty"). We know that we've queued up a
packet for transmission if priv->tx_len is nonzero. If the TX FIFO is
empty, transmission of that packet must have completed.
Note that this is congruent with our handling of received packets, which
likewise gleans from the STATF register whether a packet is waiting in
the RX FIFO, instead of looking at the INTF register.
Lukas Wunner [Wed, 9 May 2018 12:38:43 +0000 (14:38 +0200)]
can: hi311x: Acquire SPI lock on ->do_get_berr_counter
hi3110_get_berr_counter() may run concurrently to the rest of the driver
but neglects to acquire the lock protecting access to the SPI device.
As a result, it and the rest of the driver may clobber each other's tx
and rx buffers.
We became aware of this issue because transmission of packets with
"cangen -g 0 -i -x" frequently hung. It turns out that agetty executes
->do_get_berr_counter every few seconds via the following call stack:
agetty listens to netlink messages in order to update the login prompt
when IP addresses change (if /etc/issue contains \4 or \6 escape codes):
https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=e36deb6424e8
It's a useful feature, though it seems questionable that it causes CAN
bit error statistics to be queried.
Be that as it may, if hi3110_get_berr_counter() is invoked while a frame
is sent by hi3110_hw_tx(), bogus SPI transfers like the following may
occur:
=> 12 00 (hi3110_get_berr_counter() wanted to transmit
EC 00 to query the transmit error counter,
but the first byte was overwritten by
hi3110_hw_tx_frame())
=> EA 00 3E 80 01 FB (hi3110_hw_tx_frame() wanted to transmit a
frame, but the first byte was overwritten by
hi3110_get_berr_counter() because it wanted
to query the receive error counter)
This sequence hangs the transmission because the driver believes it has
sent a frame and waits for the interrupt signaling completion, but in
reality the chip has never sent away the frame since the commands it
received were malformed.
Fix by acquiring the SPI lock in hi3110_get_berr_counter().
I've scrutinized the entire driver for further unlocked SPI accesses but
found no others.
PCI / PM: Check device_may_wakeup() in pci_enable_wake()
Commit 0847684cfc5f0 (PCI / PM: Simplify device wakeup settings code)
went too far and dropped the device_may_wakeup() check from
pci_enable_wake() which causes wakeup to be enabled during system
suspend, hibernation or shutdown for some PCI devices that are not
allowed by user space to wake up the system from sleep (or power off).
As a result of this, excessive power is drawn by some of the affected
systems while in sleep states or off.
Restore the device_may_wakeup() check in pci_enable_wake(), but make
sure that the PCI bus type's runtime suspend callback will not call
device_may_wakeup() which is about system wakeup from sleep and not
about device wakeup from runtime suspend.
Ying Xue [Tue, 8 May 2018 13:44:06 +0000 (21:44 +0800)]
tipc: eliminate KMSAN uninit-value in strcmp complaint
When we get link properties through netlink interface with
tipc_nl_node_get_link(), we don't validate TIPC_NLA_LINK_NAME
attribute at all, instead we directly use it. As a consequence,
KMSAN detected the TIPC_NLA_LINK_NAME attribute was an uninitialized
value, and then posted the following complaint:
Sun Lianwen [Tue, 8 May 2018 01:49:38 +0000 (09:49 +0800)]
net/9p: correct some comment errors in 9p file system code
There are follow comment errors:
1 The function name is wrong in p9_release_pages() comment.
2 The function name and variable name is wrong in p9_poll_workfn() comment.
3 There is no variable dm_mr and lkey in struct p9_trans_rdma.
4 The function name is wrong in rdma_create_trans() comment.
5 There is no variable initialized in struct virtio_chan.
6 The variable name is wrong in p9_virtio_zc_request() comment.
Ilya Dryomov [Fri, 4 May 2018 14:57:31 +0000 (16:57 +0200)]
ceph: fix iov_iter issues in ceph_direct_read_write()
dio_get_pagev_size() and dio_get_pages_alloc() introduced in commit b5b98989dc7e ("ceph: combine as many iovec as possile into one OSD
request") assume that the passed iov_iter is ITER_IOVEC. This isn't
the case with splice where it ends up poking into the guts of ITER_BVEC
or ITER_PIPE iterators, causing lockups and crashes easily reproduced
with generic/095.
Rather than trying to figure out gap alignment and stuff pages into
a page vector, add a helper for going from iov_iter to a bio_vec array
and make use of the new CEPH_OSD_DATA_TYPE_BVECS code.
Ilya Dryomov [Thu, 3 May 2018 14:10:09 +0000 (16:10 +0200)]
ceph: fix rsize/wsize capping in ceph_direct_read_write()
rsize/wsize cap should be applied before ceph_osdc_new_request() is
called. Otherwise, if the size is limited by the cap instead of the
stripe unit, ceph_osdc_new_request() would setup an extent op that is
bigger than what dio_get_pages_alloc() would pin and add to the page
vector, triggering asserts in the messenger.
Boris Brezillon [Fri, 4 May 2018 19:24:31 +0000 (21:24 +0200)]
mtd: rawnand: Make sure we wait tWB before polling the STATUS reg
NAND chips require a bit of time to take the NAND operation into
account and set the BUSY bit in the STATUS reg. Make sure we don't poll
the STATUS reg too early in nand_soft_waitrdy().
Dave Airlie [Thu, 10 May 2018 03:48:52 +0000 (13:48 +1000)]
Merge branch 'linux-4.17' of git://github.com/skeggsb/linux into drm-fixes
Two nouveau crasher/deadlock fixes.
* 'linux-4.17' of git://github.com/skeggsb/linux:
drm/nouveau: Fix deadlock in nv50_mstm_register_connector()
drm/nouveau/ttm: don't dereference nvbo::cli, it can outlive client
Lyude Paul [Wed, 2 May 2018 23:38:48 +0000 (19:38 -0400)]
drm/nouveau: Fix deadlock in nv50_mstm_register_connector()
Currently; we're grabbing all of the modesetting locks before adding MST
connectors to fbdev. This isn't actually necessary, and causes a
deadlock as well:
======================================================
WARNING: possible circular locking dependency detected
4.17.0-rc3Lyude-Test+ #1 Tainted: G O
------------------------------------------------------
kworker/1:0/18 is trying to acquire lock: 00000000c832f62d (&helper->lock){+.+.}, at: drm_fb_helper_add_one_connector+0x2a/0x60 [drm_kms_helper]
but task is already holding lock: 00000000942e28e2 (crtc_ww_class_mutex){+.+.}, at: drm_modeset_backoff+0x8e/0x1c0 [drm]
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
other info that might help us debug this:
Chain exists of:
&helper->lock --> crtc_ww_class_acquire --> crtc_ww_class_mutex
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(crtc_ww_class_mutex);
lock(crtc_ww_class_acquire);
lock(crtc_ww_class_mutex);
lock(&helper->lock);
Taking example from i915, the only time we need to hold any modesetting
locks is when changing the port on the mstc, and in that case we only
need to hold the connection mutex.
Dave Airlie [Thu, 10 May 2018 01:28:46 +0000 (11:28 +1000)]
Merge branch 'drm-fixes-4.17' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
A little bigger than normal since this is two weeks of fixes.
- Atom firmware table updates for vega12
- Fix fallout from huge page support
- Fix up smu7 power profile interface to be consistent with vega
- Misc other fixes
* 'drm-fixes-4.17' of git://people.freedesktop.org/~agd5f/linux:
drm/amd/pp: Refine the output of pp_power_profile_mode on VI
drm/amdgpu: Switch to interruptable wait to recover from ring hang.
drm/ttm: Use GFP_TRANSHUGE_LIGHT for allocating huge pages
drm/amd/display: Use kvzalloc for potentially large allocations
drm/amd/display: Don't return ddc result and read_bytes in same return value
drm/amd/display: Add get_firmware_info_v3_2 for VG12
drm/amd: Add BIOS smu_info v3_3 required struct def.
drm/amd/display: Add VG12 ASIC IDs
Dave Airlie [Thu, 10 May 2018 01:28:27 +0000 (11:28 +1000)]
Merge tag 'drm-misc-fixes-2018-05-09' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes
atomic: Clear state pointers on clear (Ville)
vc4: Fix oops in dpi disable (Eric)
omap: Various error-checking + uninitialized var fixes (Tomi)
Cc: Ville Syrjälä <[email protected]> Cc: Eric Anholt <[email protected]> Cc: Tomi Valkeinen <[email protected]>
* tag 'drm-misc-fixes-2018-05-09' of git://anongit.freedesktop.org/drm/drm-misc:
drm/vc4: Fix scaling of uni-planar formats
drm/bridge/sii8620: add Kconfig dependency on extcon
drm/omap: handle alloc failures in omap_connector
drm/omap: add missing linefeeds to prints
drm/omap: handle error if scale coefs are not found
drm/omap: check return value from soc_device_match
drm/omap: fix possible NULL ref issue in tiler_reserve_2d
drm/omap: fix uninitialized ret variable
drm/omap: silence unititialized variable warning
drm/vc4: Fix oops dereferencing DPI's connector since panel_bridge.
drm/atomic: Clean private obj old_state/new_state in drm_atomic_state_default_clear()
drm/atomic: Clean old_state/new_state in drm_atomic_state_default_clear()
Dave Airlie [Thu, 10 May 2018 01:27:47 +0000 (11:27 +1000)]
Merge tag 'drm-intel-fixes-2018-05-09' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
- Increase LVDS panel timeout to 5s to avoid spurious *ERROR*
- Fix 2 WARNS: BIOS framebuffer related (FDO #105992) and eDP cdclk mismatch
* tag 'drm-intel-fixes-2018-05-09' of git://anongit.freedesktop.org/drm/drm-intel:
drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log
drm/i915: Correctly populate user mode h/vdisplay with pipe src size during readout
drm/i915: Adjust eDP's logical vco in a reliable place.
Dave Airlie [Thu, 10 May 2018 01:27:04 +0000 (11:27 +1000)]
Merge tag 'exynos-drm-fixes-for-v4.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos into drm-fixes
Fixup pagefault issue of mixer driver
- it makes sure to check shadow register for interlace scan.
- it corrects chroma_addr[1], height and vertical position values.
And trivial cleanup
- it just removes duplicated drm_bridge_attach.
* tag 'exynos-drm-fixes-for-v4.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos:
drm/exynos: hdmi: avoid duplicating drm_bridge_attach
drm/exynos: mixer: avoid Oops in vp_video_buffer()
drm/exynos/mixer: fix synchronization check in interlaced mode
Linus Torvalds [Wed, 9 May 2018 20:49:52 +0000 (10:49 -1000)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid
Pull HID fixes from Jiri Kosina:
- quirk for Toshiba Click Mini L9W-B, from Hans de Goede
- intel-ish-hid and wacom error handling (device freeing) path fixes
from Arvind Yadav
- memory corruption fix in intel-ish-hid driver from Hans de Goede
- a few new device ID additions to hid-lenovo from Peter Ganzhorn
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
HID: i2c-hid: Add RESEND_REPORT_DESCR quirk for Toshiba Click Mini L9W-B
HID: intel-ish-hid: use put_device() instead of kfree()
HID: intel_ish-hid: Stop using a static local buffer in get_report()
HID: intel_ish-hid: Move header size check to inside the loop
HID: wacom: Release device resource data obtained by devres_alloc()
HID: lenovo: Add support for IBM/Lenovo Scrollpoint mice
Rex Zhu [Mon, 7 May 2018 06:23:04 +0000 (14:23 +0800)]
drm/amd/pp: Refine the output of pp_power_profile_mode on VI
In order to keep consist with Vega,
the output format of the pp_power_profile_mode would be
<integer><mode name string>< “*” for current profile>:"detail settings"
and remove the "CURRENT" mode line.
Michel Dänzer [Wed, 25 Apr 2018 15:32:10 +0000 (17:32 +0200)]
drm/ttm: Use GFP_TRANSHUGE_LIGHT for allocating huge pages
GFP_TRANSHUGE tries very hard to allocate huge pages, which can result
in long delays with high memory pressure. I have observed firefox
freezing for up to around a minute due to this while restic was taking
a full system backup.
Since we don't really need huge pages, use GFP_TRANSHUGE_LIGHT |
__GFP_NORETRY instead, in order to fail quickly when there are no huge
pages available.
Set __GFP_KSWAPD_RECLAIM as well, in order for huge pages to be freed
up in the background if necessary.
With these changes, I'm no longer seeing freezes during a restic backup.
Paulo Alcantara [Fri, 4 May 2018 14:25:26 +0000 (11:25 -0300)]
cifs: smb2ops: Fix listxattr() when there are no EAs
As per listxattr(2):
On success, a nonnegative number is returned indicating the size
of the extended attribute name list. On failure, -1 is returned
and errno is set appropriately.
In SMB1, when the server returns an empty EA list through a listxattr(),
it will correctly return 0 as there are no EAs for the given file.
However, in SMB2+, it returns -ENODATA in listxattr() which is wrong since
the request and response were sent successfully, although there's no actual
EA for the given file.
This patch fixes listxattr() for SMB2+ by returning 0 in cifs_listxattr()
when the server returns an empty list of EAs.
Long Li [Wed, 25 Apr 2018 18:30:04 +0000 (11:30 -0700)]
cifs: Allocate validate negotiation request through kmalloc
The data buffer allocated on the stack can't be DMA'ed, ib_dma_map_page will
return an invalid DMA address for a buffer on stack. Even worse, this
incorrect address can't be detected by ib_dma_mapping_error. Sending data
from this address to hardware will not fail, but the remote peer will get
junk data.
Fix this by allocating the request on the heap in smb3_validate_negotiate.
Changes in v2:
Removed duplicated code on freeing buffers on function exit.
(Thanks to Parav Pandit <[email protected]>)
Fixed typo in the patch title.
Changes in v3:
Added "Fixes" to the patch.
Changed several sizeof() to use *pointer in place of struct.
Changes in v4:
Added detailed comments on the failure through RDMA.
Allocate request buffer using GPF_NOFS.
Fixed possible memory leak.
Changes in v5:
Removed variable ret for checking return value.
Changed to use pneg_inbuf->Dialects[0] to calculate unused space in pneg_inbuf.
Hans de Goede [Thu, 3 May 2018 09:32:33 +0000 (11:32 +0200)]
HID: i2c-hid: Add RESEND_REPORT_DESCR quirk for Toshiba Click Mini L9W-B
The 0457:10fb touchscreen found on the Toshiba Click Mini L9W-B needs
to have a report-decriptors command send to it on resume in order for
the touchscreen to start generating events again on resume.
Kai Heng Feng [Mon, 7 May 2018 06:11:20 +0000 (14:11 +0800)]
PCI / PM: Always check PME wakeup capability for runtime wakeup support
USB controller ASM1042 stops working after commit de3ef1eb1cd0 (PM /
core: Drop run_wake flag from struct dev_pm_info).
The device in question is not power managed by platform firmware,
furthermore, it only supports PME# from D3cold:
Capabilities: [78] Power Management version 3
Flags: PMEClk- DSI- D1- D2- AuxCurrent=55mA PME(D0-,D1-,D2-,D3hot-,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Before commit de3ef1eb1cd0, the device never gets runtime suspended.
After that commit, the device gets runtime suspended to D3hot, which can
not generate any PME#.
So pci_dev_run_wake() needs to check PME wakeup capability as its first
condition.
In addition, change wakeup flag passed to pci_target_state() from false
to true, because we want to find the deepest state different from D3cold
that the device can still generate PME#. In this case, it's D0 for the
device in question.
If the next_freq field of struct sugov_policy is set to UINT_MAX,
it shouldn't be used for updating the CPU frequency (this is a
special "invalid" value), but after commit b7eaf1aab9f8 (cpufreq:
schedutil: Avoid reducing frequency of busy CPUs prematurely) it
may be passed as the new frequency to sugov_update_commit() in
sugov_update_single().
Fix that by adding an extra check for the special UINT_MAX value
of next_freq to sugov_update_single().
Juri Lelli [Wed, 9 May 2018 08:40:51 +0000 (10:40 +0200)]
cpufreq: schedutil: remove stale comment
After commit 794a56ebd9a57 (sched/cpufreq: Change the worker kthread to
SCHED_DEADLINE) schedutil kthreads are "ignored" for a clock frequency
selection point of view, so the potential corner case for RT tasks is not
possible at all now.
Juri Lelli [Tue, 8 May 2018 15:12:09 +0000 (17:12 +0200)]
PM: docs: intel_pstate: fix Active Mode w/o HWP paragraph
P-state selection algorithm (powersave or performance) is selected by
echoing the desired choice to scaling_governor sysfs attribute and not
to scaling_cur_freq (as currently stated).
Heiner Kallweit [Mon, 7 May 2018 19:11:21 +0000 (21:11 +0200)]
r8169: fix powering up RTL8168h
Since commit a92a08499b1f "r8169: improve runtime pm in general and
suspend unused ports" interfaces w/o link are runtime-suspended after
10s. On systems where drivers take longer to load this can lead to the
situation that the interface is runtime-suspended already when it's
initially brought up.
This shouldn't be a problem because rtl_open() resumes MAC/PHY.
However with at least one chip version the interface doesn't properly
come up, as reported here:
https://bugzilla.kernel.org/show_bug.cgi?id=199549
The vendor driver uses a delay to give certain chip versions some
time to resume before starting the PHY configuration. So let's do
the same. I don't know which chip versions may be affected,
therefore apply this delay always.
This patch was reported to fix the issue for RTL8168h.
I was able to reproduce the issue on an Asus H310I-Plus which also
uses a RTL8168h. Also in my case the patch fixed the issue.
Linus Torvalds [Tue, 8 May 2018 15:40:17 +0000 (05:40 -1000)]
Merge branch 'for-4.17-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata
Pull libata fixes from Tejun Heo:
"An earlier commit to add reset control for embedded ahci controllers
affected some of the hardware specific drivers and got reverted for
now.
Other than that, just per-device workarounds and trivial changes"
* 'for-4.17-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata:
driver core: add __printf verification to __ata_ehi_pushv_desc
ata: fix spelling mistake: "directon" -> "direction"
libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs
libata: Apply NOLPM quirk for SAMSUNG MZMPC128HBFU-000MV SSD
ata: ahci: mvebu: override ahci_stop_engine for mvebu AHCI
libahci: Allow drivers to override stop_engine
Revert "ata: ahci-platform: add reset control support"
Linus Torvalds [Tue, 8 May 2018 15:37:17 +0000 (05:37 -1000)]
Merge tag 'pinctrl-v4.17-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
Pull pin control fixes from Linus Walleij:
"Here are three pin control fixes.
The Intel fixes are the most serious and important things I had queued
since it affects a large portion of deployed Chromebooks.
- Two major fixes for the Intel Cherryview and Sunrisepoint pin
controllers, adjusting numberspaces so that they get aligned with
various messed-up numbers encoded into the BIOS.
- A fix for the Meson driver GPIO pin range"
* tag 'pinctrl-v4.17-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
pinctrl: sunrisepoint: Align GPIO number space with Windows
pinctrl: cherryview: Associate IRQ descriptors to irqdomain
pinctrl: meson-axg: fix the range of aobus bank
Linus Torvalds [Tue, 8 May 2018 15:35:12 +0000 (05:35 -1000)]
Merge tag 'gpio-v4.17-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio
Pull GPIO fixes from Linus Walleij:
"Sorry for lagging behind on sending the first batch of GPIO fixes for
this cycle. Just too busy conferencing and the weather was too nice.
Here it is anyway: some real important polishing on the error path
facing userspace (tagged for stable as well) and some normal driver
fixes.
- Fix proper IRQ unmasking in the Aspeed driver.
- Do not free unrequested descriptors on the errorpath when creating
line handles from the userspace chardev requested GPIO lines.
- Also fix the errorpath in the linehandle creation function.
- Fix the get/set multiple GPIO lines for a few of the funky
industrial GPIO cards on the ISA bus"
* tag 'gpio-v4.17-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
gpio: pcie-idio-24: Fix off-by-one error in get_multiple loop
gpio: pcie-idio-24: Fix port memory offset for get_multiple/set_multiple callbacks
gpio: pci-idio-16: Fix port memory offset for get_multiple callback
gpio: fix error path in lineevent_create
gpioib: do not free unrequested descriptors
gpio: fix aspeed_gpio unmask irq
David S. Miller [Tue, 8 May 2018 14:19:53 +0000 (10:19 -0400)]
Merge tag 'linux-can-fixes-for-4.17-20180508' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
Marc Kleine-Budde says:
====================
pull-request: can 2018-05-08
this is a pull request for 7 patches for net/master.
The first patch is by Jakob Unterwurzacher and increases the severity of
bus-off messages in the generic CAN device infrastructure. The next two patches
are by Uwe Kleine-König and fix the endianess detection in the flexcan driver.
Jimmy Assarsson's patch for the kvaser driver corrects the stats counter for
dropped tx-messages. Geert Uytterhoeven provides one patch and Sergei Shtylyov
two patches for the rcan_canfd device tree binding description.
====================
Two fixes for the mcr20a driver, which was being added in the 4.17 merge window,
by Gustavo and myself.
The atusb driver got a change to GFP_KERNEL where no GFP_ATOMIC is needed by
Jia-Ju.
The last and most important fix is from Alex to get IPv6 reassembly working
again for the ieee802154 6lowpan adaptation. This got broken in 4.16 so please
queue this one also up for the 4.16 stable tree.
====================
drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log
Fix `[drm:intel_enable_lvds] *ERROR* timed out waiting for panel to
power on` in kernel log at boot time.
Toshiba Satellite Z930 laptops needs between 1 and 2 seconds to power
on its screen during Intel i915 DRM initialization. This currently
results in a `[drm:intel_enable_lvds] *ERROR* timed out waiting for
panel to power on` message appearing in the kernel log during boot
time and when stopping the machine.
This change increases the timeout of the `intel_enable_lvds` function
from 1 to 5 seconds, letting enough time for the Satellite 930 LCD
screen to power on, and suppressing the error message from the kernel
log.
This patch has been successfully tested on Linux 4.14 running on a
Toshiba Satellite Z930.
[vsyrjala: bump the timeout from 2 to 5 seconds to match the DP
code and properly cover the max hw timeout of ~4 seconds, and
drop the comment about the specific machine since this is not
a particulary surprising issue, nor specific to that one machine]
Ville Syrjälä [Thu, 26 Apr 2018 16:30:15 +0000 (19:30 +0300)]
drm/i915: Correctly populate user mode h/vdisplay with pipe src size during readout
During state readout we first read out the pipe src size, store
that information in the user mode h/vdisplay, but later on we overwrite
that with the actual crtc timings. That makes our read out crtc state
inconsistent with itself when the BIOS has enabled the panel fitter to
scale the pipe contents. Let's preserve the pipe src size based
information in the user mode to make things consistent again.
This fixes a problem introduced by commit a2936e3d9a9c ("drm/i915:
Use drm_mode_get_hv_timing() to populate plane clip rectangle")
where the inconsistent state is now leading the plane clipping code
to report a failure on account the plane dst coordinates not matching
the user mode size. Previously we did the plane clipping based on
the pipe src size instead and thus never noticed the inconsistency.
The failure manifests as a WARN:
[ 0.762117] [drm:intel_dump_pipe_config [i915]] requested mode:
[ 0.762142] [drm:drm_mode_debug_printmodeline [drm]] Modeline 0:"1366x768" 60 72143 1366 1414 1446 1526 768 771 777 784 0x40 0xa
...
[ 0.762327] [drm:intel_dump_pipe_config [i915]] port clock: 72143, pipe src size: 1024x768, pixel rate 72143
...
[ 0.764666] [drm:drm_atomic_helper_check_plane_state [drm_kms_helper]] Plane must cover entire CRTC
[ 0.764690] [drm:drm_rect_debug_print [drm]] dst: 1024x768+0+0
[ 0.764711] [drm:drm_rect_debug_print [drm]] clip: 1366x768+0+0
[ 0.764713] ------------[ cut here ]------------
[ 0.764714] Could not determine valid watermarks for inherited state
[ 0.764792] WARNING: CPU: 4 PID: 159 at drivers/gpu/drm/i915/intel_display.c:14584 intel_modeset_init+0x3ce/0x19d0 [i915]
...
Rodrigo Vivi [Wed, 2 May 2018 17:52:55 +0000 (10:52 -0700)]
drm/i915: Adjust eDP's logical vco in a reliable place.
On intel_dp_compute_config() we were calculating the needed vco
for eDP on gen9 and we stashing it in
intel_atomic_state.cdclk.logical.vco
However few moments later on intel_modeset_checks() we fully
replace entire intel_atomic_state.cdclk.logical with
dev_priv->cdclk.logical fully overwriting the logical desired
vco for eDP on gen9.
So, with wrong VCO value we end up with wrong desired cdclk, but
also it will raise a lot of WARNs: On gen9, when we read
CDCLK_CTL to verify if we configured properly the desired
frequency the CD Frequency Select bits [27:26] == 10b can mean
337.5 or 308.57 MHz depending on the VCO. So if we have wrong
VCO value stashed we will believe the frequency selection didn't
stick and start to raise WARNs of cdclk mismatch.
arm: dts: imx[35]*: declare flexcan devices to be compatible to imx25's flexcan
Commit d50f4630c2e1 ("arm: dts: Remove p1010-flexcan compatible from imx
series dts") removed the fallback compatible "fsl,p1010-flexcan" from
the imx device trees. As the flexcan cores on i.MX25, i.MX35 and i.MX53
are identical, introduce the first as fallback for the two latter ones.
Fixes: d50f4630c2e1 ("arm: dts: Remove p1010-flexcan compatible from imx series dts") Signed-off-by: Uwe Kleine-König <[email protected]> Cc: linux-stable <[email protected]> # >= v4.16 Signed-off-by: Marc Kleine-Budde <[email protected]>
In commit 88462d2a7830 ("can: flexcan: Remodel FlexCAN register r/w APIs
for big endian FlexCAN controllers.") the following logic was
implemented:
if the dt property "big-endian" is given or
the device is compatible to "fsl,p1010-flexcan":
use big-endian mode;
else
use little-endian mode;
This relies on commit d50f4630c2e1 ("arm: dts: Remove p1010-flexcan
compatible from imx series dts") which was applied a few commits later.
Without this commit (or an old device tree used for booting a new
kernel) the flexcan devices on i.MX25, i.MX28, i.MX35 and i.MX53 match
the 'the device is compatible to "fsl,p1010-flexcan"' test and so are
switched erroneously to big endian mode.
Instead of the check above put a quirk in devtype data and rely on
of_match_device yielding the most compatible match
bus-off is usually caused by hardware malfunction or configuration error
(baud rate mismatch) and causes a complete loss of communication.
Increase the "bus-off" message's severity from netdev_dbg() to
netdev_info() to make it visible to the user.
A can interface going into bus-off is similar in severity to ethernet's
"Link is Down" message, which is also printed at info level.
It is debatable whether the the "restarted" message should also be
changed to netdev_info() to make the interface state changes
comprehensible from the kernel log. I have chosen to keep the
"restarted" message at dbg for now as the "bus-off" message should be
enough for the user to notice and investigate the problem.
The build is failing with CONFIG_NUMA=n and some compiler versions:
arch/powerpc/platforms/pseries/hotplug-cpu.o: In function `dlpar_online_cpu':
hotplug-cpu.c:(.text+0x12c): undefined reference to `timed_topology_update'
arch/powerpc/platforms/pseries/hotplug-cpu.o: In function `dlpar_cpu_remove':
hotplug-cpu.c:(.text+0x400): undefined reference to `timed_topology_update'
Fix it by moving the empty version of timed_topology_update() into the
existing #ifdef block, which has the right guard of SPLPAR && NUMA.
Fixes: cee5405da402 ("powerpc/hotplug: Improve responsiveness of hotplug change") Signed-off-by: Michael Ellerman <[email protected]>
Igor Russkikh [Mon, 7 May 2018 13:10:39 +0000 (16:10 +0300)]
net: aquantia: Limit number of vectors to actually allocated irqs
Driver should use pci_alloc_irq_vectors return value to correct number
of allocated vectors and napi instances. Otherwise it'll panic later
in pci_irq_vector.
Driver also should allow more than one MSI vectors to be allocated.
Error return path from pci_alloc_irq_vectors is also fixed to revert
resources in a correct sequence when error happens.
Reported-by: Long, Nicholas <[email protected]> Fixes: 23ee07a ("net: aquantia: Cleanup pci functions module") Signed-off-by: Igor Russkikh <[email protected]> Signed-off-by: David S. Miller <[email protected]>
MAINTAINERS: Update the 3c59x network driver entry
Replace my old E-Mail address with a working one.
While at it, change the maintainance status to
'Odd Fixes'. I'm still around with some knowledge,
but don't actively maintain it anymore.
Andre Tomt [Mon, 7 May 2018 02:24:39 +0000 (04:24 +0200)]
net/tls: Fix connection stall on partial tls record
In the case of writing a partial tls record we forgot to clear the
ctx->in_tcp_sendpages flag, causing some connections to stall.
Fixes: c212d2c7fc47 ("net/tls: Don't recursively call push_record during tls_write_space callbacks") Signed-off-by: Andre Tomt <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Andrew Lunn [Sat, 5 May 2018 18:58:22 +0000 (20:58 +0200)]
net: dsa: mv88e6xxx: Fix PHY interrupts by parameterising PHY base address
Most of the mv88e6xxx switches have the PHYs at address 0, 1, 2, ...
The 6341 however has the PHYs at 0x10, 0x11, 0x12. Add a parameter to
the info structure for this base address.
Testing of 6f88284f3bd7 ("net: dsa: mv88e6xxx: Add MDIO interrupts for
internal PHYs") was performed on the 6341. So it works only on the
6341. Use this base information to correctly set the interrupt.
Fixes: 6f88284f3bd7 ("net: dsa: mv88e6xxx: Add MDIO interrupts for internal PHYs") Signed-off-by: Andrew Lunn <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Eric Dumazet [Sat, 5 May 2018 15:35:04 +0000 (08:35 -0700)]
tls: fix use after free in tls_sk_proto_close
syzbot reported a use-after-free in tls_sk_proto_close
Add a boolean value to cleanup a bit this function.
BUG: KASAN: use-after-free in tls_sk_proto_close+0x8ab/0x9c0 net/tls/tls_main.c:297
Read of size 1 at addr ffff8801ae40a858 by task syz-executor363/4503
Xin Long [Sat, 5 May 2018 06:59:47 +0000 (14:59 +0800)]
sctp: delay the authentication for the duplicated cookie-echo chunk
Now sctp only delays the authentication for the normal cookie-echo
chunk by setting chunk->auth_chunk in sctp_endpoint_bh_rcv(). But
for the duplicated one with auth, in sctp_assoc_bh_rcv(), it does
authentication first based on the old asoc, which will definitely
fail due to the different auth info in the old asoc.
The duplicated cookie-echo chunk will create a new asoc with the
auth info from this chunk, and the authentication should also be
done with the new asoc's auth info for all of the collision 'A',
'B' and 'D'. Otherwise, the duplicated cookie-echo chunk with auth
will never pass the authentication and create the new connection.
This issue exists since very beginning, and this fix is to make
sctp_assoc_bh_rcv() follow the way sctp_endpoint_bh_rcv() does
for the normal cookie-echo chunk to delay the authentication.
While at it, remove the unused params from sctp_sf_authenticate()
and define sctp_auth_chunk_verify() used for all the places that
do the delayed authentication.
v1->v2:
fix the typo in changelog as Marcelo noticed.
Moritz Fischer [Fri, 4 May 2018 17:18:33 +0000 (10:18 -0700)]
net: nixge: Fix error path for obtaining mac address
Fix issue where nixge_get_nvmem_address() returns a non-NULL
return value on a failed nvmem_cell_get() that causes an invalid
access when error value encoded in pointer is dereferenced.
Furthermore ensure that buffer allocated by nvmem_cell_read()
actually gets kfreed() if the function succeeds.
Anders Roxell [Fri, 4 May 2018 16:47:25 +0000 (18:47 +0200)]
selftests: net: use TEST_PROGS_EXTENDED
When a script file that isn't generated uses the variable
TEST_GEN_PROGS_EXTENDED and a 'make -C tools/testing/selftests clean' is
performed the script file gets removed and git shows the file as
deleted. For script files that isn't generated TEST_PROGS_EXTENDED
should be used.
Fixes: 9faedd643fd9 ("selftests: net: add in_netns.sh TEST_GEN_PROGS_EXTENDED") Signed-off-by: Anders Roxell <[email protected]> Signed-off-by: David S. Miller <[email protected]>
x86/xen: Reset VCPU0 info pointer after shared_info remap
This patch fixes crashes during boot for HVM guests on older (pre HVM
vector callback) Xen versions. Without this, current kernels will always
fail to boot on those Xen versions.
During boot, the HYPERVISOR_shared_info page gets remapped to make it work
with KASLR. This means that any pointer derived from it needs to be
adjusted.
The only value that this applies to is the vcpu_info pointer for VCPU 0.
For PV and HVM with the callback vector feature, this gets done via the
smp_ops prepare_boot_cpu callback. Older Xen versions do not support the
HVM callback vector, so there is no Xen-specific smp_ops set up in that
scenario. So, the vcpu_info pointer for VCPU 0 never gets set to the proper
value, and the first reference of it will be bad. Fix this by resetting it
immediately after the remap.
projects / linux.git / log