Pavel Shilovsky [Thu, 3 Jan 2019 23:53:10 +0000 (15:53 -0800)]
CIFS: Move credit processing to mid callbacks for SMB3
Currently we account for credits in the thread initiating a request
and waiting for a response. The demultiplex thread receives the response,
wakes up the thread and the latter collects credits from the response
buffer and add them to the server structure on the client. This approach
is not accurate, because it may race with reconnect events in the
demultiplex thread which resets the number of credits.
Fix this by moving credit processing to new mid callbacks that collect
credits granted by the server from the response in the demultiplex thread.
Pavel Shilovsky [Fri, 4 Jan 2019 00:45:27 +0000 (16:45 -0800)]
CIFS: Fix credits calculation for cancelled requests
If a request is cancelled, we can't assume that the server returns
1 credit back. Instead we need to wait for a response and process
the number of credits granted by the server.
Create a separate mid callback for cancelled request, parse the number
of credits in a response buffer and add them to the client's credits.
If the didn't get a response (no response buffer available) assume
0 credits granted. The latter most probably happens together with
session reconnect, so the client's credits are adjusted anyway.
Ross Lagerwall [Tue, 8 Jan 2019 18:30:56 +0000 (18:30 +0000)]
cifs: Limit memory used by lock request calls to a page
The code tries to allocate a contiguous buffer with a size supplied by
the server (maxBuf). This could fail if memory is fragmented since it
results in high order allocations for commonly used server
implementations. It is also wasteful since there are probably
few locks in the usual case. Limit the buffer to be no larger than a
page to avoid memory allocation failures due to fragmentation.
Pavel Shilovsky [Thu, 10 Jan 2019 19:27:28 +0000 (11:27 -0800)]
CIFS: Do not hide EINTR after sending network packets
Currently we hide EINTR code returned from sock_sendmsg()
and return 0 instead. This makes a caller think that we
successfully completed the network operation which is not
true. Fix this by properly returning EINTR to callers.
ARM: integrator: impd1: use struct_size() in devm_kzalloc()
One of the more common cases of allocation size calculations is finding
the size of a structure that has a zero-sized array at the end, along
with memory for some number of elements for that array. For example:
AKASHI Takahiro [Fri, 11 Jan 2019 07:40:21 +0000 (16:40 +0900)]
arm64: kexec_file: return successfully even if kaslr-seed doesn't exist
In kexec_file_load, kaslr-seed property of the current dtb will be deleted
any way before setting a new value if possible. It doesn't matter whether
it exists in the current dtb.
When executed for a PCI_ROOT_COMPLEX type, iort_match_node_callback()
expects the opaque pointer argument to be a PCI bus device. At the
moment rc_dma_get_range() passes the PCI endpoint instead of the bus,
and we've been lucky to have pci_domain_nr(ptr) return 0 instead of
crashing. Pass the bus device to iort_scan_node().
Daniel Borkmann [Fri, 11 Jan 2019 09:40:55 +0000 (10:40 +0100)]
Merge branch 'bpf-fix-bitfield-printing'
Yonghong Song says:
====================
The previous BTF kind_flag support patch set introduced a bug
for kernel bpffs pretty printing and another bug for bpftool
map pretty printing. If a bitfield struct member offset is
greater than 256 bits, printed value for that struct
member will be incorrect.
- Patch #1 fixed the bug in kernel bpffs pretty printing.
- Patch #2 enhanced the test_btf test case to cover the
issue exposed by patch #1.
- Patch #3 fixed the bug in bpftool map pretty printing.
====================
Yonghong Song [Thu, 10 Jan 2019 19:14:02 +0000 (11:14 -0800)]
tools/bpf: fix bpftool map dump with bitfields
Commit 8772c8bc093b ("tools: bpftool: support pretty print
with kind_flag set") added bpftool map dump with kind_flag
support. When bitfield_size can be retrieved directly from
btf_member, function btf_dumper_bitfield() is called to
dump the bitfield. The implementation passed the
wrong parameter "bit_offset" to the function. The excepted
value is the bit_offset within a byte while the passed-in
value is the struct member offset.
This commit fixed the bug with passing correct "bit_offset"
with adjusted data pointer.
Fixes: 8772c8bc093b ("tools: bpftool: support pretty print with kind_flag set") Acked-by: Martin KaFai Lau <[email protected]> Signed-off-by: Yonghong Song <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]>
With the kernel fix, the modified test will succeed:
$ test_btf -p
......
BTF pretty print array(#1)......OK
BTF pretty print array(#2)......OK
PASS:8 SKIP:0 FAIL:0
Fixes: 9d5f9f701b18 ("bpf: btf: fix struct/union/fwd types with kind_flag") Acked-by: Martin KaFai Lau <[email protected]> Signed-off-by: Yonghong Song <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]>
Yonghong Song [Thu, 10 Jan 2019 19:14:00 +0000 (11:14 -0800)]
bpf: fix bpffs bitfield pretty print
Commit 9d5f9f701b18 ("bpf: btf: fix struct/union/fwd types
with kind_flag") introduced kind_flag and used bitfield_size
in the btf_member to directly pretty print member values.
The commit contained a bug where the incorrect parameters could be
passed to function btf_bitfield_seq_show(). The bits_offset
parameter in the function expects a value less than 8.
Instead, the member offset in the structure is passed.
The below is btf_bitfield_seq_show() func signature:
void btf_bitfield_seq_show(void *data, u8 bits_offset,
u8 nr_bits, struct seq_file *m)
both bits_offset and nr_bits are u8 type. If the bitfield
member offset is greater than 256, incorrect value will
be printed.
This patch fixed the issue by calculating correct proper
data offset and bits_offset similar to non kind_flag case.
Fixes: 9d5f9f701b18 ("bpf: btf: fix struct/union/fwd types with kind_flag") Acked-by: Martin KaFai Lau <[email protected]> Signed-off-by: Yonghong Song <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]>
Daniel Vetter [Fri, 11 Jan 2019 09:26:21 +0000 (10:26 +0100)]
Merge tag 'drm-intel-fixes-2019-01-11' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
i915 fixes for v5.0-rc2:
- Disable PSR for Apple panels
- Broxton ERR_PTR error state fix
- Kabylake VECS workaround fix
- Unwind failure on pinning the gen7 ppgtt
- GVT workload request allocation fix
Daniel Vetter [Fri, 11 Jan 2019 09:25:05 +0000 (10:25 +0100)]
Merge tag 'drm-misc-fixes-2019-01-10-1' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes
Second pull request, drm-misc-fixes for v5.0-rc2:
- Fix fb-helper to work correctly with SDL 1.2 bugs.
- Fix lockdep warning in the atomic ioctl and setproperty.
* pm-cpufreq:
cpufreq: scmi: Fix frequency invariance in slow path
cpufreq: check if policy is inactive early in __cpufreq_get()
cpufreq: scpi/scmi: Fix freeing of dynamic OPPs
cpufreq / Documentation: Update cpufreq MAINTAINERS entry
Ingo Molnar [Fri, 11 Jan 2019 07:12:09 +0000 (08:12 +0100)]
Merge tag 'perf-core-for-mingo-5.0-20190110' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent
Pull perf/core fixes and improvements from Arnaldo Carvalho de Melo:
perf trace:
Ravi Bangoria:
- Rework PowerPC syscall table generation, now using a .tbl file just like
x86_64 and S/390, also silencing a tools build warning about headers out of
sync with the kernel sources.
tools include uapi:
Arnaldo Carvalho de Melo:
- Sync linux/if_link.h copy with the kernel sources, silencing a build warning.
perf top:
Arnaldo Carvalho de Melo:
- Add 'arch_cpu_idle' to the list of kernel idle symbols, noticed on a Orange
Pi Zero ARM board, just like with other symbols in other arches.
drm/nouveau: Don't disable polling in fallback mode
When a fan is controlled via linear fallback without cstate, we
shouldn't stop polling. Otherwise it won't be adjusted again and
keeps running at an initial crazy pace.
Fixes: 800efb4c2857 ("drm/nouveau/drm/therm/fan: add a fallback if no fan control is specified in the vbios")
Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=1103356
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107447 Reported-by: Thomas Blume <[email protected]> Signed-off-by: Takashi Iwai <[email protected]> Reviewed-by: Martin Peres <[email protected]> Signed-off-by: Ben Skeggs <[email protected]>
wenxu [Thu, 10 Jan 2019 06:51:35 +0000 (14:51 +0800)]
netfilter: nft_flow_offload: fix interaction with vrf slave device
In the forward chain, the iif is changed from slave device to master vrf
device. Thus, flow offload does not find a match on the lower slave
device.
This patch uses the cached route, ie. dst->dev, to update the iif and
oif fields in the flow entry.
After this patch, the following example works fine:
# ip addr add dev eth0 1.1.1.1/24
# ip addr add dev eth1 10.0.0.1/24
# ip link add user1 type vrf table 1
# ip l set user1 up
# ip l set dev eth0 master user1
# ip l set dev eth1 master user1
# nft add table firewall
# nft add flowtable f fb1 { hook ingress priority 0 \; devices = { eth0, eth1 } \; }
# nft add chain f ftb-all {type filter hook forward priority 0 \; policy accept \; }
# nft add rule f ftb-all ct zone 1 ip protocol tcp flow offload @fb1
# nft add rule f ftb-all ct zone 1 ip protocol udp flow offload @fb1
Shakeel Butt [Thu, 3 Jan 2019 03:14:31 +0000 (19:14 -0800)]
netfilter: ebtables: account ebt_table_info to kmemcg
The [ip,ip6,arp]_tables use x_tables_info internally and the underlying
memory is already accounted to kmemcg. Do the same for ebtables. The
syzbot, by using setsockopt(EBT_SO_SET_ENTRIES), was able to OOM the
whole system from a restricted memcg, a potential DoS.
By accounting the ebt_table_info, the memory used for ebt_table_info can
be contained within the memcg of the allocating process. However the
lifetime of ebt_table_info is independent of the allocating process and
is tied to the network namespace. So, the oom-killer will not be able to
relieve the memory pressure due to ebt_table_info memory. The memory for
ebt_table_info is allocated through vmalloc. Currently vmalloc does not
handle the oom-killed allocating process correctly and one large
allocation can bypass memcg limit enforcement. So, with this patch,
at least the small allocations will be contained. For large allocations,
we need to fix vmalloc.
Yi Zeng [Wed, 9 Jan 2019 07:33:07 +0000 (15:33 +0800)]
i2c: dev: prevent adapter retries and timeout being set as minus value
If adapter->retries is set to a minus value from user space via ioctl,
it will make __i2c_transfer and __i2c_smbus_xfer skip the calling to
adapter->algo->master_xfer and adapter->algo->smbus_xfer that is
registered by the underlying bus drivers, and return value 0 to all the
callers. The bus driver will never be accessed anymore by all users,
besides, the users may still get successful return value without any
error or information log print out.
If adapter->timeout is set to minus value from user space via ioctl,
it will make the retrying loop in __i2c_transfer and __i2c_smbus_xfer
always break after the the first try, due to the time_after always
returns true.
Fabio Estevam [Wed, 26 Dec 2018 12:06:19 +0000 (10:06 -0200)]
qcom-scm: Include <linux/err.h> header
Since commit e6f6d63ed14c ("drm/msm: add headless gpu device for imx5")
the DRM_MSM symbol can be selected by SOC_IMX5 causing the following
error when building imx_v6_v7_defconfig:
In file included from ../drivers/gpu/drm/msm/adreno/a5xx_gpu.c:17:0:
../include/linux/qcom_scm.h: In function 'qcom_scm_set_cold_boot_addr':
../include/linux/qcom_scm.h:73:10: error: 'ENODEV' undeclared (first use in this function)
return -ENODEV;
Include the <linux/err.h> header file to fix this problem.
Jens Axboe [Thu, 10 Jan 2019 22:29:57 +0000 (15:29 -0700)]
Merge branch 'nvme-5.0' of git://git.infradead.org/nvme into for-linus
Pull NVMe fixes from Christoph.
* 'nvme-5.0' of git://git.infradead.org/nvme:
nvme: don't initlialize ctrl->cntlid twice
nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN
nvme: pad fake subsys NQN vid and ssvid with zeros
nvme-multipath: zero out ANA log buffer
nvme-fabrics: unset write/poll queues for discovery controllers
nvme-tcp: don't ask if controller is fabrics
nvme-tcp: remove dead code
nvme-pci: fix out of bounds access in nvme_cqe_pending
nvme-pci: rerun irq setup on IO queue init errors
nvme-pci: use the same attributes when freeing host_mem_desc_bufs.
nvme-pci: fix the wrong setting of nr_maps
Yuchung Cheng [Wed, 9 Jan 2019 02:14:28 +0000 (18:14 -0800)]
tcp: change txhash on SYN-data timeout
Previously upon SYN timeouts the sender recomputes the txhash to
try a different path. However this does not apply on the initial
timeout of SYN-data (active Fast Open). Therefore an active IPv6
Fast Open connection may incur one second RTO penalty to take on
a new path after the second SYN retransmission uses a new flow label.
This patch removes this undesirable behavior so Fast Open changes
the flow label just like the regular connections. This also helps
avoid falsely disabling Fast Open on the sender which triggers
after two consecutive SYN timeouts on Fast Open.
A network device stack with multiple layers of bonding devices can
trigger a false positive lockdep warning. Adding lockdep nest levels
fixes this. Update the level on both enslave and unlink, to avoid the
following series of events ..
ip netns add test
ip netns exec test bash
ip link set dev lo addr 00:11:22:33:44:55
ip link set dev lo down
ip link add dev bond1 type bond
ip link add dev bond2 type bond
ip link set dev lo master bond1
ip link set dev bond1 master bond2
ip link set dev bond1 nomaster
ip link set dev bond2 master bond1
.. from still generating a splat:
[ 193.652127] ======================================================
[ 193.658231] WARNING: possible circular locking dependency detected
[ 193.664350] 4.20.0 #8 Not tainted
[ 193.668310] ------------------------------------------------------
[ 193.674417] ip/15577 is trying to acquire lock:
[ 193.678897] 00000000a40e3b69 (&(&bond->stats_lock)->rlock#3/3){+.+.}, at: bond_get_stats+0x58/0x290
[ 193.687851]
but task is already holding lock:
[ 193.693625] 00000000807b9d9f (&(&bond->stats_lock)->rlock#2/2){+.+.}, at: bond_get_stats+0x58/0x290
Fixes: 7e2556e40026 ("bonding: avoid lockdep confusion in bond_get_stats()") Reported-by: syzbot <[email protected]> Signed-off-by: Willem de Bruijn <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Dave Airlie [Thu, 10 Jan 2019 21:37:56 +0000 (07:37 +1000)]
Merge branch 'drm-fixes-5.0' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
- Powerplay fixes
- Virtual display pinning fixes
- Golden register updates for vega
- Pitch and gem size validation fixes
- Fix for error case in sr-iov init
- Disable page tables in system memory on RV due to issues with IOMMU
reported on some platforms
Linus Torvalds [Thu, 10 Jan 2019 21:36:53 +0000 (13:36 -0800)]
Merge tag 'riscv-for-linus-4.21-rc2-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux
Pull RISC-V updates from Palmer Dabbelt:
"This tag contains a handful of updates that slipped through the cracks
during the merge window due to the holidays. The fixes are mostly
independent, with the exception of one larger audit-related branch.
Core RISC-V updates:
- The BSS has been moved, which shrinks flat images.
- A fix to test-bpf so it compiles on RV64I-based systems.
- A fix to respect the kernel commandline when there is no device
tree.
- A fix to prevent CPUs from trying to put themselves to sleep when
bringing down the system.
- Support for MODULE_SECTIONS on RV32I-based systems.
- [new in v2] The addition of an SBI earlycon driver. This is
definately a new feature, but I'd like to include it now because I
dropped this patch when submitting the merge window PR that removed
our EARLY_PRINTK support.
RISC-V audit updates:
- The addition of NR_syscalls into unistd.h, which is necessary for
CONFIG_FTRACE_SYSCALLS.
- The definition of CREATE_TRACE_POINTS so __tracepoint_sys_{enter,exit}
get defined.
- A fix for trace_sys_exit() so we can enable HAVE_SYSCALL_TRACEPOINTS
As usual, I've tested this by booting a Fedora-based image on a recent
QEMU (this time just whatever I had lying around).
* tag 'riscv-for-linus-4.21-rc2-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux:
tty/serial: Add RISC-V SBI earlycon support
riscv: add HAVE_SYSCALL_TRACEPOINTS to Kconfig
riscv: fix trace_sys_exit hook
riscv: define CREATE_TRACE_POINTS in ptrace.c
riscv: define NR_syscalls in unistd.h
riscv: audit: add audit hook in do_syscall_trace_enter/exit()
riscv: add audit support
RISC-V: Support MODULE_SECTIONS mechanism on RV32
MAINTAINERS: SiFive drivers: add myself as a SiFive driver maintainer
MAINTAINERS: SiFive drivers: change the git tree to a SiFive git tree
riscv: don't stop itself in smp_send_stop
arch: riscv: support kernel command line forcing when no DTB passed
tools uapi: fix RISC-V 64-bit support
RISC-V: Make BSS section as the last section in vmlinux.lds.S
Dave Airlie [Thu, 10 Jan 2019 20:32:37 +0000 (06:32 +1000)]
Merge tag 'drm-misc-fixes-2019-01-10' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes
Pull request for drm-misc-fixes for v5.0-rc2:
- Fixes for the tc358767 bridge to work correctly with
tc358867 using a DP connector.
- Make resume work on amdgpu when a DP-MST display is unplugged.
Pavel Shilovsky [Sat, 22 Dec 2018 20:40:05 +0000 (12:40 -0800)]
CIFS: Fix credit computation for compounded requests
In SMB3 protocol every part of the compound chain consumes credits
individually, so we need to call wait_for_free_credits() for each
of the PDUs in the chain. If an operation is interrupted, we must
ensure we return all credits taken from the server structure back.
Without this patch server can sometimes disconnect the session
due to credit mismatches, especially when first operation(s)
are large writes.
Pavel Shilovsky [Fri, 4 Jan 2019 00:45:13 +0000 (16:45 -0800)]
CIFS: Do not set credits to 1 if the server didn't grant anything
Currently we reset the number of total credits granted by the server
to 1 if the server didn't grant us anything int the response. This
violates the SMB3 protocol - we need to trust the server and use
the credit values from the response. Fix this by removing the
corresponding code.
Pavel Shilovsky [Wed, 19 Dec 2018 22:49:09 +0000 (22:49 +0000)]
CIFS: Fix adjustment of credits for MTU requests
Currently for MTU requests we allocate maximum possible credits
in advance and then adjust them according to the request size.
While we were adjusting the number of credits belonging to the
server, we were skipping adjustment of credits belonging to the
request. This patch fixes it by setting request credits to
CreditCharge field value of SMB2 packet header.
Also ask 1 credit more for async read and write operations to
increase parallelism and match the behavior of other operations.
Dan Carpenter [Sat, 5 Jan 2019 18:18:03 +0000 (21:18 +0300)]
cifs: Fix a tiny potential memory leak
The most recent "it" allocation is leaked on this error path. I
believe that small allocations always succeed in current kernels so
this doesn't really affect run time.
Fixes: 54be1f6c1c37 ("cifs: Add DFS cache routines") Signed-off-by: Dan Carpenter <[email protected]> Signed-off-by: Steve French <[email protected]>
Dan Carpenter [Sat, 5 Jan 2019 12:25:29 +0000 (15:25 +0300)]
cifs: Fix a debug message
This debug message was never shown because it was checking for NULL
returns but extract_hostname() returns error pointers.
Fixes: 93d5cb517db3 ("cifs: Add support for failover in cifs_reconnect()") Signed-off-by: Dan Carpenter <[email protected]> Signed-off-by: Steve French <[email protected]> Reviewed-by: Paulo Alcantara <[email protected]>
Will Deacon [Tue, 8 Jan 2019 16:19:01 +0000 (16:19 +0000)]
arm64: kpti: Avoid rewriting early page tables when KASLR is enabled
A side effect of commit c55191e96caa ("arm64: mm: apply r/o permissions
of VM areas to its linear alias as well") is that the linear map is
created with page granularity, which means that transitioning the early
page table from global to non-global mappings when enabling kpti can
take a significant amount of time during boot.
Given that most CPU implementations do not require kpti, this mainly
impacts KASLR builds where kpti is forcefully enabled. However, in these
situations we know early on that non-global mappings are required and
can avoid the use of global mappings from the beginning. The only gotcha
is Cavium erratum #27456, which we must detect based on the MIDR value
of the boot CPU.
Linus Torvalds [Thu, 10 Jan 2019 17:20:46 +0000 (09:20 -0800)]
Merge tag 'vfio-v5.0-rc2' of git://github.com/awilliam/linux-vfio
Pull VFIO fixes from Alex Williamson:
- Fix trace header include path for in-tree builds (Masahiro Yamada)
- Fix overflow in unmap wrap-around test (Alex Williamson)
* tag 'vfio-v5.0-rc2' of git://github.com/awilliam/linux-vfio:
vfio/type1: Fix unmap overflow off-by-one
vfio/pci: set TRACE_INCLUDE_PATH to fix the build error
Linus Torvalds [Thu, 10 Jan 2019 17:17:48 +0000 (09:17 -0800)]
Merge tag 'sound-5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"A collection of small fixes for USB-audio, HD-audio and cs46xx.
The USB-audio fixes are for out-of-bound accesses and a regression in
the recent cleanup, while HD-audio fixes are usual device-specific
quirks"
* tag 'sound-5.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225
ALSA: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225
ALSA: usb-audio: fix CM6206 register definitions
ALSA: cs46xx: Potential NULL dereference in probe
ALSA: hda/realtek - Support Dell headset mode for New AIO platform
ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks
ALSA: usb-audio: Always check descriptor sizes in parser code
ALSA: usb-audio: Check mixer unit descriptors more strictly
ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit()
Linus Torvalds [Thu, 10 Jan 2019 17:14:12 +0000 (09:14 -0800)]
Merge tag 'mtd/fixes-for-5.0-rc2' of git://git.infradead.org/linux-mtd
Pull mtd fixes from Boris Brezillon:
"Core MTD Fixes:
- Fix a bug introduced when exposing MTD devs as NVMEM providers and
check for add_mtd_device() return code everywhere
raw NAND fixes:
- Fix a memory corruption in the QCOM driver"
* tag 'mtd/fixes-for-5.0-rc2' of git://git.infradead.org/linux-mtd:
mtd: rawnand: qcom: fix memory corruption that causes panic
mtd: Check add_mtd_device() ret code
mtd: Fix the check on nvmem_register() ret code
Qu Wenruo [Tue, 8 Jan 2019 06:08:18 +0000 (14:08 +0800)]
btrfs: Use real device structure to verify dev extent
[BUG]
Linux v5.0-rc1 will fail fstests/btrfs/163 with the following kernel
message:
BTRFS error (device dm-6): dev extent devid 1 physical offset 13631488 len 8388608 is beyond device boundary 0
BTRFS error (device dm-6): failed to verify dev extents against chunks: -117
BTRFS error (device dm-6): open_ctree failed
[CAUSE]
Commit cf90d884b347 ("btrfs: Introduce mount time chunk <-> dev extent
mapping check") introduced strict check on dev extents.
We use btrfs_find_device() with dev uuid and fs uuid set to NULL, and
only dependent on @devid to find the real device.
For seed devices, we call clone_fs_devices() in open_seed_devices() to
allow us search seed devices directly.
However clone_fs_devices() just populates devices with devid and dev
uuid, without populating other essential members, like disk_total_bytes.
This makes any device returned by btrfs_find_device(fs_info, devid,
NULL, NULL) is just a dummy, with 0 disk_total_bytes, and any dev
extents on the seed device will not pass the device boundary check.
[FIX]
This patch will try to verify the device returned by btrfs_find_device()
and if it's a dummy then re-search in seed devices.
Song Liu [Tue, 8 Jan 2019 22:20:44 +0000 (14:20 -0800)]
bpf: fix panic in stack_map_get_build_id() on i386 and arm32
As Naresh reported, test_stacktrace_build_id() causes panic on i386 and
arm32 systems. This is caused by page_address() returns NULL in certain
cases.
This patch fixes this error by using kmap_atomic/kunmap_atomic instead
of page_address.
Fixes: 615755a77b24 (" bpf: extend stackmap to save binary_build_id+offset instead of address") Reported-by: Naresh Kamboju <[email protected]> Signed-off-by: Song Liu <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]>
devm_kzalloc(), devm_kstrdup() and devm_kasprintf() all can
fail internal allocation and return NULL. Using any of the assigned
objects without checking is not safe. As this is early in the boot
phase and these allocations really should not fail, any failure here
is probably an indication of a more serious issue so it makes little
sense to try and rollback the previous allocated resources or try to
continue; but rather the probe function is simply exited with -ENOMEM.
Signed-off-by: Nicholas Mc Guire <[email protected]> Fixes: 684284b64aae ("ARM: integrator: add MMCI device to IM-PD1") Signed-off-by: Linus Walleij <[email protected]>
selftests/bpf: add missing executables to .gitignore
We build test_libbpf with CXX to make sure linking against C++ works.
$ make -s -C tools/lib/bpf
$ git status -sb
? tools/lib/bpf/test_libbpf
$ make -s -C tools/testing/selftests/bpf
$ git status -sb
? tools/lib/bpf/test_libbpf
? tools/testing/selftests/bpf/test_libbpf
Fixes: 8c4905b995c6 ("libbpf: make sure bpf headers are c++ include-able") Signed-off-by: Stanislav Fomichev <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]>
ip: on queued skb use skb_header_pointer instead of pskb_may_pull
Commit 2efd4fca703a ("ip: in cmsg IP(V6)_ORIGDSTADDR call
pskb_may_pull") avoided a read beyond the end of the skb linear
segment by calling pskb_may_pull.
That function can trigger a BUG_ON in pskb_expand_head if the skb is
shared, which it is when when peeking. It can also return ENOMEM.
Avoid both by switching to safer skb_header_pointer.
Move rcu_assign_pointer(tfile->tun) and rcu_assign_pointer(tun->tfiles) to
be the last thing we do in tun_attach(); this should guarantee that when we
call tun_get() we always get an initialized object.
v2 changes:
* remove extra napi_mutex locks/unlocks for napi operations
Reported-by: syzbot <[email protected]> Fixes: 90e33d459407 ("tun: enable napi_gro_frags() for TUN/TAP driver") Signed-off-by: Stanislav Fomichev <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Ravi Bangoria [Thu, 10 Jan 2019 09:49:35 +0000 (15:19 +0530)]
perf powerpc: Rework syscall table generation
Commit aff850393200 ("powerpc: add system call table generation
support") changed how systemcall table is generated for powerpc.
Incorporate these changes into perf as well.
Committer testing:
$ podman run --entrypoint=/bin/sh --privileged -v /home/acme/git:/git --rm -ti docker.io/acmel/linux-perf-tools-build-ubuntu:18.04-x-powerpc64
perfbuilder@d7a7af166a80:/git/perf$ head -2 /etc/os-release
NAME="Ubuntu"
VERSION="18.04.1 LTS (Bionic Beaver)"
perfbuilder@d7a7af166a80:/git/perf$
perfbuilder@d7a7af166a80:/git/perf$ make ARCH=powerpc CROSS_COMPILE=powerpc64-linux-gnu- EXTRA_CFLAGS= -C /git/linux/tools/perf O=/tmp/build/perf
make: Entering directory '/git/linux/tools/perf'
BUILD: Doing 'make -j8' parallel build
HOSTCC /tmp/build/perf/fixdep.o
HOSTLD /tmp/build/perf/fixdep-in.o
LINK /tmp/build/perf/fixdep
Warning: Kernel ABI header at 'tools/include/uapi/linux/mman.h' differs from latest version at 'include/uapi/linux/mman.h'
diff -u tools/include/uapi/linux/mman.h include/uapi/linux/mman.h
sh: 1: command: Illegal option -c
Auto-detecting system features:
... dwarf: [ on ]
... dwarf_getlocations: [ on ]
... glibc: [ on ]
... gtk2: [ OFF ]
... libaudit: [ OFF ]
... libbfd: [ OFF ]
... libelf: [ on ]
... libnuma: [ OFF ]
... numa_num_possible_cpus: [ OFF ]
... libperl: [ OFF ]
... libpython: [ OFF ]
... libslang: [ OFF ]
... libcrypto: [ OFF ]
... libunwind: [ OFF ]
... libdw-dwarf-unwind: [ on ]
... zlib: [ on ]
... lzma: [ OFF ]
... get_cpuid: [ OFF ]
... bpf: [ on ]
Makefile.config:445: No sys/sdt.h found, no SDT events are defined, please install systemtap-sdt-devel or systemtap-sdt-dev
Makefile.config:491: No libunwind found. Please install libunwind-dev[el] >= 1.1 and/or set LIBUNWIND_DIR
Makefile.config:583: No libcrypto.h found, disables jitted code injection, please install libssl-devel or libssl-dev
Makefile.config:598: slang not found, disables TUI support. Please install slang-devel, libslang-dev or libslang2-dev
Makefile.config:612: GTK2 not found, disables GTK2 support. Please install gtk2-devel or libgtk2.0-dev
Makefile.config:639: Missing perl devel files. Disabling perl scripting support, please install perl-ExtUtils-Embed/libperl-dev
Makefile.config:666: No python interpreter was found: disables Python support - please install python-devel/python-dev
Makefile.config:721: No bfd.h/libbfd found, please install binutils-dev[el]/zlib-static/libiberty-dev to gain symbol demangling
Makefile.config:750: No liblzma found, disables xz kernel module decompression, please install xz-devel/liblzma-dev
Makefile.config:763: No numa.h found, disables 'perf bench numa mem' benchmark, please install numactl-devel/libnuma-devel/libnuma-dev
Makefile.config:814: No libbabeltrace found, disables 'perf data' CTF format support, please install libbabeltrace-dev[el]/libbabeltrace-ctf-dev
Makefile.config:840: No alternatives command found, you need to set JDIR= to point to the root of your Java directory
GEN /tmp/build/perf/common-cmds.h
<SNIP>
CC /tmp/build/perf/util/syscalltbl.o
<SNIP>
LD /tmp/build/perf/libperf-in.o
AR /tmp/build/perf/libperf.a
LINK /tmp/build/perf/perf
make: Leaving directory '/git/linux/tools/perf'
perfbuilder@d7a7af166a80:/git/perf$ head /tmp/build/perf/arch/powerpc/include/generated/asm/syscalls_64.c
static const char *syscalltbl_powerpc_64[] = {
[0] = "restart_syscall",
[1] = "exit",
[2] = "fork",
[3] = "read",
[4] = "write",
[5] = "open",
[6] = "close",
[7] = "waitpid",
[8] = "creat",
perfbuilder@d7a7af166a80:/git/perf$ tail /tmp/build/perf/arch/powerpc/include/generated/asm/syscalls_64.c
[381] = "pwritev2",
[382] = "kexec_file_load",
[383] = "statx",
[384] = "pkey_alloc",
[385] = "pkey_free",
[386] = "pkey_mprotect",
[387] = "rseq",
[388] = "io_pgetevents",
};
#define SYSCALLTBL_POWERPC_64_MAX_ID 388
perfbuilder@d7a7af166a80:/git/perf$ head /tmp/build/perf/arch/powerpc/include/generated/asm/syscalls_32.c
static const char *syscalltbl_powerpc_32[] = {
[0] = "restart_syscall",
[1] = "exit",
[2] = "fork",
[3] = "read",
[4] = "write",
[5] = "open",
[6] = "close",
[7] = "waitpid",
[8] = "creat",
perfbuilder@d7a7af166a80:/git/perf$ tail /tmp/build/perf/arch/powerpc/include/generated/asm/syscalls_32.c
[381] = "pwritev2",
[382] = "kexec_file_load",
[383] = "statx",
[384] = "pkey_alloc",
[385] = "pkey_free",
[386] = "pkey_mprotect",
[387] = "rseq",
[388] = "io_pgetevents",
};
#define SYSCALLTBL_POWERPC_32_MAX_ID 388
perfbuilder@d7a7af166a80:/git/perf$
commit 4a15c75c4246 ("drm/i915: Introduce per-engine workarounds")
refactored the workaround code to have functions per-engine, but didn't
call any of them from logical_xcs_ring_init. Since we do have a non-RCS
workaround for KBL (WaKBLVECSSemaphoreWaitPoll) we do need to call
intel_engine_init_workarounds for non-RCS engines.
Note that whitelist is still RCS-only.
Chris Wilson [Sat, 22 Dec 2018 03:06:23 +0000 (03:06 +0000)]
drm/i915: Unwind failure on pinning the gen7 ppgtt
If we fail to pin the ggtt vma slot for the ppgtt page tables, we need
to unwind the locals before reporting the error. Or else on subsequent
attempts to bind the page tables into the ggtt, we will already believe
that the vma has been pinned and continue on blithely. If something else
should happen to be at that location, choas ensues.
Chris Wilson [Fri, 7 Dec 2018 11:05:54 +0000 (11:05 +0000)]
drm/i915: Skip the ERR_PTR error state
Although commit fb6f0b64e455 ("drm/i915: Prevent machine hang from
Broxton's vtd w/a and error capture") applied cleanly after a 24 month
hiatus, the code had moved on with new methods for peeking and fetching
the captured gpu info. Make sure we catch all uses of the stashed error
state and avoid dereferencing the error pointer.
v2: Move error pointer determination into i915_gpu_capture_state
v3: Restore early check to avoid capturing and then throwing away
subsequent GPU error states.
arm64: dts: marvell: armada-ap806: reserve PSCI area
The memory area [0x4000000-0x4200000[ is occupied by the PSCI firmware. Any
attempt to access it from Linux leads to an immediate crash.
So let's make the same memory reservation as the vendor kernel.
[gregory: added as comment that this region matches the mainline U-boot] Signed-off-by: Heinrich Schuchardt <[email protected]> Signed-off-by: Gregory CLEMENT <[email protected]>
mm/mmu_notifier: mm/rmap.c: Fix a mmu_notifier range bug in try_to_unmap_one
The conversion to use a structure for mmu_notifier_invalidate_range_*()
unintentionally changed the usage in try_to_unmap_one() to init the
'struct mmu_notifier_range' with vma->vm_start instead of @address,
i.e. it invalidates the wrong address range. Revert to the correct
address range.
Manifests as KVM use-after-free WARNINGs and subsequent "BUG: Bad page
state in process X" errors when reclaiming from a KVM guest due to KVM
removing the wrong pages from its own mappings.
Tetsuo Handa [Thu, 10 Jan 2019 10:19:31 +0000 (19:19 +0900)]
gpu/drm: Fix lock held when returning to user space.
We need to call drm_modeset_acquire_fini() when drm_atomic_state_alloc()
failed or call drm_modeset_acquire_init() after drm_atomic_state_alloc()
succeeded.
Ladislav Michl [Wed, 9 Jan 2019 23:19:44 +0000 (00:19 +0100)]
PM-runtime: Fix 'jiffies' in comments after switch to hrtimers
PM-runtime now uses the hrtimers infrastructure for autosuspend, however
comments still reference 'jiffies'.
Fixes: 8234f6734c5d (PM-runtime: Switch autosuspend over to using hrtimers) Signed-off-by: Ladislav Michl <[email protected]> Signed-off-by: Rafael J. Wysocki <[email protected]>
Ilya Dryomov [Tue, 8 Jan 2019 18:47:38 +0000 (19:47 +0100)]
rbd: don't return 0 on unmap if RBD_DEV_FLAG_REMOVING is set
There is a window between when RBD_DEV_FLAG_REMOVING is set and when
the device is removed from rbd_dev_list. During this window, we set
"already" and return 0.
Returning 0 from write(2) can confuse userspace tools because
0 indicates that nothing was written. In particular, "rbd unmap"
will retry the write multiple times a second:
ARM: davinci: omapl138-hawk: fix label names in GPIO lookup entries
Since commit 587f7a694f01 ("gpio: davinci: Use dev name for label and
automatic base selection") the gpiochip label no longer has an ID
suffix. Update the GPIO lookup entries.
Fixes: 587f7a694f01 ("gpio: davinci: Use dev name for label and automatic base selection") Cc: [email protected] Signed-off-by: Bartosz Golaszewski <[email protected]> Signed-off-by: Sekhar Nori <[email protected]>
ARM: davinci: dm644x-evm: fix label names in GPIO lookup entries
Since commit 587f7a694f01 ("gpio: davinci: Use dev name for label and
automatic base selection") the gpiochip label no longer has an ID
suffix. Update the GPIO lookup entries.
Fixes: 587f7a694f01 ("gpio: davinci: Use dev name for label and automatic base selection") Cc: [email protected] Signed-off-by: Bartosz Golaszewski <[email protected]> Signed-off-by: Sekhar Nori <[email protected]>
ARM: davinci: dm355-evm: fix label names in GPIO lookup entries
Since commit 587f7a694f01 ("gpio: davinci: Use dev name for label and
automatic base selection") the gpiochip label no longer has an ID
suffix. Update the GPIO lookup entries.
Fixes: 587f7a694f01 ("gpio: davinci: Use dev name for label and automatic base selection") Cc: [email protected] Signed-off-by: Bartosz Golaszewski <[email protected]> Signed-off-by: Sekhar Nori <[email protected]>
ARM: davinci: da850-evm: fix label names in GPIO lookup entries
Since commit 587f7a694f01 ("gpio: davinci: Use dev name for label and
automatic base selection") the gpiochip label no longer has an ID
suffix. Update the GPIO lookup entries.
Fixes: 587f7a694f01 ("gpio: davinci: Use dev name for label and automatic base selection") Cc: [email protected] Signed-off-by: Bartosz Golaszewski <[email protected]> Signed-off-by: Sekhar Nori <[email protected]>
ARM: davinci: da830-evm: fix label names in GPIO lookup entries
Since commit 587f7a694f01 ("gpio: davinci: Use dev name for label and
automatic base selection") the gpiochip label no longer has an ID
suffix. Update the GPIO lookup entries.
Fixes: 587f7a694f01 ("gpio: davinci: Use dev name for label and automatic base selection") Cc: [email protected] Signed-off-by: Bartosz Golaszewski <[email protected]> Signed-off-by: Sekhar Nori <[email protected]>
Ivan Mironov [Tue, 8 Jan 2019 07:23:53 +0000 (12:23 +0500)]
drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock
Strict requirement of pixclock to be zero breaks support of SDL 1.2
which contains hardcoded table of supported video modes with non-zero
pixclock values[1].
To better understand which pixclock values are considered valid and how
driver should handle these values, I briefly examined few existing fbdev
drivers and documentation in Documentation/fb/. And it looks like there
are no strict rules on that and actual behaviour varies:
* some drivers treat (pixclock == 0) as "use defaults" (uvesafb.c);
* some treat (pixclock == 0) as invalid value which leads to
-EINVAL (clps711x-fb.c);
* some pass converted pixclock value to hardware (uvesafb.c);
* some are trying to find nearest value from predefined table
(vga16fb.c, video_gx.c).
Given this, I believe that it should be safe to just ignore this value if
changing is not supported. It seems that any portable fbdev application
which was not written only for one specific device working under one
specific kernel version should not rely on any particular behaviour of
pixclock anyway.
However, while enabling SDL1 applications to work out of the box when
there is no /etc/fb.modes with valid settings, this change affects the
video mode choosing logic in SDL. Depending on current screen
resolution, contents of /etc/fb.modes and resolution requested by
application, this may lead to user-visible difference (not always):
image will be displayed in a right way, but it will be aligned to the
left instead of center. There is no "right behaviour" here as well, as
emulated fbdev, opposing to old fbdev drivers, simply ignores any
requsts of video mode changes with resolutions smaller than current.
The easiest way to reproduce this problem is to install sdl-sopwith[2],
remove /etc/fb.modes file if it exists, and then try to run sopwith
from console without X. At least in Fedora 29, sopwith may be simply
installed from standard repositories.
Ivan Mironov [Tue, 8 Jan 2019 07:23:52 +0000 (12:23 +0500)]
drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2
SDL 1.2 sets all fields related to the pixel format to zero in some
cases[1]. Prior to commit db05c48197759 ("drm: fb-helper: Reject all
pixel format changing requests"), there was an unintentional workaround
for this that existed for more than a decade. First in device-specific DRM
drivers, then here in drm_fb_helper.c.
Previous code containing this workaround just ignores pixel format fields
from userspace code. Not a good thing either, as this way, driver may
silently use pixel format different from what client actually requested,
and this in turn will lead to displaying garbage on the screen. I think
that returning EINVAL to userspace in this particular case is the right
option, so I decided to left code from problematic commit untouched
instead of just reverting it entirely.
Here is the steps required to reproduce this problem exactly:
1) Compile fceux[2] with SDL 1.2.15 and without GTK or OpenGL
support. SDL should be compiled with fbdev support (which is
on by default).
2) Create /etc/fb.modes with following contents (values seems
not used, and just required to trigger problematic code in
SDL):
Jaegeuk Kim [Thu, 10 Jan 2019 03:17:14 +0000 (19:17 -0800)]
loop: drop caches if offset or block_size are changed
If we don't drop caches used in old offset or block_size, we can get old data
from new offset/block_size, which gives unexpected data to user.
For example, Martijn found a loopback bug in the below scenario.
1) LOOP_SET_FD loads first two pages on loop file
2) LOOP_SET_STATUS64 changes the offset on the loop file
3) mount is failed due to the cached pages having wrong superblock
Yuchung Cheng [Wed, 9 Jan 2019 02:12:24 +0000 (18:12 -0800)]
bpf: correctly set initial window on active Fast Open sender
The existing BPF TCP initial congestion window (TCP_BPF_IW) does not
to work on (active) Fast Open sender. This is because it changes the
(initial) window only if data_segs_out is zero -- but data_segs_out
is also incremented on SYN-data. This patch fixes the issue by
proerly accounting for SYN-data additionally.
Anup Patel [Tue, 4 Dec 2018 13:55:05 +0000 (19:25 +0530)]
tty/serial: Add RISC-V SBI earlycon support
In RISC-V, the M-mode runtime firmware provide SBI calls for
debug prints. This patch adds earlycon support using RISC-V
SBI console calls. To enable it, just pass "earlycon=sbi" in
kernel parameters.
Jonathan Corbet [Wed, 9 Jan 2019 20:59:32 +0000 (13:59 -0700)]
block: fix kerneldoc comment for blk_attempt_plug_merge()
Commit 5f0ed774ed29 ("block: sum requests in the plug structure") removed
the request_count parameter from block_attempt_plug_merge(), but did not
remove the associated kerneldoc comment, introducing this warning to the
docs build:
./block/blk-core.c:685: warning: Excess function parameter 'request_count' description in 'blk_attempt_plug_merge'
Remove the obsolete description and make things a little quieter.
perf symbols: Add 'arch_cpu_idle' to the list of kernel idle symbols
When testing 'perf top' on a armhf system (32-bit, Orange Pi Zero), I
noticed that 'arch_cpu_idle' dominated, add it to the list of idle
symbols, so that we can see what is that being done when not idle.
Andrey Smirnov [Tue, 8 Jan 2019 03:08:49 +0000 (19:08 -0800)]
nvme: don't initlialize ctrl->cntlid twice
ctrl->cntlid will already be initialized from id->cntlid for
non-NVME_F_FABRICS controllers few lines below. For NVME_F_FABRICS
controllers this field should already be initialized, otherwise the
check
James Dingwall [Tue, 8 Jan 2019 17:20:51 +0000 (10:20 -0700)]
nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN
If a device provides an NQN it is expected to be globally unique.
Unfortunately some firmware revisions for Intel 760p/Pro 7600p devices did
not satisfy this requirement. In these circumstances if a system has >1
affected device then only one device is enabled. If this quirk is enabled
then the device supplied subnqn is ignored and we fallback to generating
one as if the field was empty. In this case we also suppress the version
check so we don't print a warning when the quirk is enabled.
projects / linux.git / log