Input: tca6416-keypad - replace zero-length array with flexible-array member
The current codebase makes use of the zero-length array language
extension to the C90 standard, but the preferred mechanism to declare
variable-length types such as these ones is a flexible array member[1][2],
introduced in C99:
struct foo {
int stuff;
struct boo array[];
};
By making use of the mechanism above, we will get a compiler warning
in case the flexible array does not occur last in the structure, which
will help us prevent some kind of undefined behavior bugs from being
inadvertently introduced[3] to the codebase from now on.
Also, notice that, dynamic memory allocations won't be affected by
this change:
"Flexible array members have incomplete type, and so the sizeof operator
may not be applied. As a quirk of the original implementation of
zero-length arrays, sizeof evaluates to zero."[1]
Input: gpio_keys_polled - replace zero-length array with flexible-array member
The current codebase makes use of the zero-length array language
extension to the C90 standard, but the preferred mechanism to declare
variable-length types such as these ones is a flexible array member[1][2],
introduced in C99:
struct foo {
int stuff;
struct boo array[];
};
By making use of the mechanism above, we will get a compiler warning
in case the flexible array does not occur last in the structure, which
will help us prevent some kind of undefined behavior bugs from being
inadvertently introduced[3] to the codebase from now on.
Also, notice that, dynamic memory allocations won't be affected by
this change:
"Flexible array members have incomplete type, and so the sizeof operator
may not be applied. As a quirk of the original implementation of
zero-length arrays, sizeof evaluates to zero."[1]
Linus Torvalds [Fri, 14 Feb 2020 22:46:11 +0000 (14:46 -0800)]
Merge tag 'nfs-for-5.6-2' of git://git.linux-nfs.org/projects/anna/linux-nfs
Pull NFS client bugfixes from Anna Schumaker:
"The only stable fix this time is the DMA scatter-gather list bug fixed
by Chuck.
The rest fix up races and refcounting issues that have been found
during testing.
Stable fix:
- fix DMA scatter-gather list mapping imbalance
The rest:
- fix directory verifier races
- fix races between open and dentry revalidation
- fix revalidation of dentries with delegations
- fix "cachethis" setting for writes
- fix delegation and delegation cred pinning"
* tag 'nfs-for-5.6-2' of git://git.linux-nfs.org/projects/anna/linux-nfs:
NFSv4: Ensure the delegation cred is pinned when we call delegreturn
NFSv4: Ensure the delegation is pinned in nfs_do_return_delegation()
NFSv4.1 make cachethis=no for writes
xprtrdma: Fix DMA scatter-gather list mapping imbalance
NFSv4: Fix revalidation of dentries with delegations
NFSv4: Fix races between open and dentry revalidation
NFS: Fix up directory verifier races
Linus Torvalds [Fri, 14 Feb 2020 22:42:31 +0000 (14:42 -0800)]
Merge tag 'ceph-for-5.6-rc2' of https://github.com/ceph/ceph-client
Pull ceph fixes from Ilya Dryomov:
- make O_DIRECT | O_APPEND combination work better
- redo the server path canonicalization patch that went into -rc1
- fix the 'noacl' mount option that got broken by the conversion to the
new mount API in 5.5
* tag 'ceph-for-5.6-rc2' of https://github.com/ceph/ceph-client:
ceph: noacl mount option is effectively ignored
ceph: canonicalize server path in place
ceph: do not execute direct write in parallel if O_APPEND is specified
Linus Torvalds [Fri, 14 Feb 2020 21:47:02 +0000 (13:47 -0800)]
Merge tag 'io_uring-5.6-2020-02-14' of git://git.kernel.dk/linux-block
Pull io_uring fixes from Jens Axboe:
"Here's a set of fixes for io_uring:
- Various fixes with cleanups from Pavel, fixing corner cases where
we're not correctly dealing with iovec cleanup.
- Clarify that statx/openat/openat2 don't accept fixed files
- Buffered raw device write EOPTNOTSUPP fix
- Ensure async workers grab current->fs
- A few task exit fixes with pending requests that grab the file
table
- send/recvmsg async load fix
- io-wq offline node setup fix
- CQ overflow flush in poll"
* tag 'io_uring-5.6-2020-02-14' of git://git.kernel.dk/linux-block: (21 commits)
io_uring: prune request from overflow list on flush
io-wq: don't call kXalloc_node() with non-online node
io_uring: retain sockaddr_storage across send/recvmsg async punt
io_uring: cancel pending async work if task exits
io-wq: add io_wq_cancel_pid() to cancel based on a specific pid
io-wq: make io_wqe_cancel_work() take a match handler
io_uring: fix openat/statx's filename leak
io_uring: fix double prep iovec leak
io_uring: fix async close() with f_op->flush()
io_uring: allow AT_FDCWD for non-file openat/openat2/statx
io_uring: grab ->fs as part of async preparation
io-wq: add support for inheriting ->fs
io_uring: retry raw bdev writes if we hit -EOPNOTSUPP
io_uring: add cleanup for openat()/statx()
io_uring: fix iovec leaks
io_uring: remove unused struct io_async_open
io_uring: flush overflowed CQ events in the io_uring_poll()
io_uring: statx/openat/openat2 don't support fixed files
io_uring: fix deferred req iovec leak
io_uring: fix 1-bit bitfields to be unsigned
...
1) Fix interrupt name truncation in mv88e6xxx dsa driver, from Andrew
Lunn.
2) Process generic XDP even if SKB is cloned, from Toke Høiland-Jørgensen.
3) Fix leak of kernel memory to userspace in smc, from Eric Dumazet.
4) Add some missing netlink attribute validation to matchall and
flower, from Davide Caratti.
5) Send icmp responses properly when NAT has been applied to the frame
before we get to the tunnel emitting the icmp, from Jason Donenfeld.
6) Make sure there is enough SKB headroom when adding dsa tags for qca
and ar9331. From Per Forlin.
* git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (62 commits)
netdevice.h: fix all kernel-doc and Sphinx warnings
net: dsa: tag_ar9331: Make sure there is headroom for tag
net: dsa: tag_qca: Make sure there is headroom for tag
net, ip6_tunnel: enhance tunnel locate with link check
net/smc: no peer ID in CLC decline for SMCD
net/smc: transfer fasync_list in case of fallback
net: hns3: fix a copying IPv6 address error in hclge_fd_get_flow_tuples()
net: hns3: fix VF bandwidth does not take effect in some case
net: hns3: add management table after IMP reset
mac80211: fix wrong 160/80+80 MHz setting
cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE
xfrm: interface: use icmp_ndo_send helper
wireguard: device: use icmp_ndo_send helper
sunvnet: use icmp_ndo_send helper
gtp: use icmp_ndo_send helper
icmp: introduce helper for nat'd source address in network device context
net/sched: flower: add missing validation of TCA_FLOWER_FLAGS
net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS
net/flow_dissector: remove unexist field description
page_pool: refill page when alloc.count of pool is zero
...
Linus Torvalds [Fri, 14 Feb 2020 20:34:30 +0000 (12:34 -0800)]
Merge tag 'pm-5.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull power management fixes from Rafael Wysocki:
"Fix three issues related to the handling of wakeup events signaled
through the ACPI SCI while suspended to idle (Rafael Wysocki) and
unexport an internal cpufreq variable (Yangtao Li)"
* tag 'pm-5.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI: PM: s2idle: Prevent spurious SCIs from waking up the system
ACPICA: Introduce acpi_any_gpe_status_set()
ACPI: PM: s2idle: Avoid possible race related to the EC GPE
ACPI: EC: Fix flushing of pending work
cpufreq: Make cpufreq_global_kobject static
Linus Torvalds [Fri, 14 Feb 2020 20:27:54 +0000 (12:27 -0800)]
Merge tag 'sound-5.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"The only common change is the regression fix of the previous PCM fix
patch for managed buffers while the rest are usual suspects, USB-audio
and HD-audio device-specific quirks.
The change for UAC2 clock validation workaround became a bit big, but
the changes are fairly straightforward"
* tag 'sound-5.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: pcm: Fix double hw_free calls
ALSA: usb-audio: Add clock validity quirk for Denon MC7000/MCX8000
ALSA: hda/realtek - Fix silent output on MSI-GL73
ALSA: hda/realtek - Add more codec supported Headset Button
ALSA: usb-audio: Apply sample rate quirk for Audioengine D1
ALSA: usb-audio: Fix UAC2/3 effect unit parsing
ALSA: usb-audio: Apply 48kHz fixed rate playback for Jabra Evolve 65 headset
Linus Torvalds [Fri, 14 Feb 2020 20:23:16 +0000 (12:23 -0800)]
Merge tag 'drm-fixes-2020-02-14' of git://anongit.freedesktop.org/drm/drm
Pull drm fixes from Dave Airlie:
"The core has a build fix for edid code on certain compilers/arches/,
one MST fix and one vgem fix. Regular amdgpu fixes, and a couple of
small driver fixes.
The i915 fixes are bit larger than normal for this stage, but they
were having CI issues last week, and they hadn't sent any fixes last
week due to this.
core:
- edid build fix
mst:
- fix NULL ptr deref
vgem:
- fix close after free
msm:
- better dma-api usage
sun4i:
- disable allow_fb_modifiers
amdgpu:
- Additional OD fixes for navi
- Misc display fixes
- VCN 2.5 DPG fix
- Prevent build errors on PowerPC on some configs
- GDS EDC fix
* tag 'drm-fixes-2020-02-14' of git://anongit.freedesktop.org/drm/drm: (50 commits)
drm/i915: Mark the removal of the i915_request from the sched.link
drm/i915/execlists: Reclaim the hanging virtual request
drm/i915/execlists: Take a reference while capturing the guilty request
drm/i915/execlists: Offline error capture
drm/i915/gt: Allow temporary suspension of inflight requests
drm/i915: Keep track of request among the scheduling lists
drm/i915/gem: Tighten checks and acquiring the mmap object
drm/i915: Fix preallocated barrier list append
drm/i915/gt: Acquire ce->active before ce->pin_count/ce->pin_mutex
drm/i915: Tighten atomicity of i915_active_acquire vs i915_active_release
drm/i915: Stub out i915_gpu_coredump_put
drm/amdgpu:/navi10: use the ODCAP enum to index the caps array
drm/amdgpu: update smu_v11_0_pptable.h
drm/amdgpu: correct comment to clear up the confusion
drm/amd/display: DCN2.x Do not program DPPCLK if same value
drm/amd/display: Don't map ATOM_ENABLE to ATOM_INIT
drm/amdgpu/vcn2.5: fix warning
drm/amdgpu: limit GDS clearing workaround in cold boot sequence
drm/amdgpu: fix amdgpu pmu to use hwc->config instead of hwc->conf
amdgpu: Prevent build errors regarding soft/hard-float FP ABI tags
...
Keith Busch [Wed, 12 Feb 2020 16:41:05 +0000 (01:41 +0900)]
nvme/pci: move cqe check after device shutdown
Many users have reported nvme triggered irq_startup() warnings during
shutdown. The driver uses the nvme queue's irq to synchronize scanning
for completions, and enabling an interrupt affined to only offline CPUs
triggers the alarming warning.
Move the final CQE check to after disabling the device and all
registered interrupts have been torn down so that we do not have any
IRQ to synchronize.
Nigel Kirkland [Tue, 11 Feb 2020 00:01:45 +0000 (16:01 -0800)]
nvme: prevent warning triggered by nvme_stop_keep_alive
Delayed keep alive work is queued on system workqueue and may be cancelled
via nvme_stop_keep_alive from nvme_reset_wq, nvme_fc_wq or nvme_wq.
Check_flush_dependency detects mismatched attributes between the work-queue
context used to cancel the keep alive work and system-wq. Specifically
system-wq does not have the WQ_MEM_RECLAIM flag, whereas the contexts used
to cancel keep alive work have WQ_MEM_RECLAIM flag.
Example warning:
workqueue: WQ_MEM_RECLAIM nvme-reset-wq:nvme_fc_reset_ctrl_work [nvme_fc]
is flushing !WQ_MEM_RECLAIM events:nvme_keep_alive_work [nvme_core]
To avoid the flags mismatch, delayed keep alive work is queued on nvme_wq.
However this creates a secondary concern where work and a request to cancel
that work may be in the same work queue - namely err_work in the rdma and
tcp transports, which will want to flush/cancel the keep alive work which
will now be on nvme_wq.
After reviewing the transports, it looks like err_work can be moved to
nvme_reset_wq. In fact that aligns them better with transition into
RESETTING and performing related reset work in nvme_reset_wq.
Change nvme-rdma and nvme-tcp to perform err_work in nvme_reset_wq.
Anton Eidelman [Mon, 10 Feb 2020 18:37:18 +0000 (10:37 -0800)]
nvme/tcp: fix bug on double requeue when send fails
When nvme_tcp_io_work() fails to send to socket due to
connection close/reset, error_recovery work is triggered
from nvme_tcp_state_change() socket callback.
This cancels all the active requests in the tagset,
which requeues them.
The failed request, however, was ended and thus requeued
individually as well unless send returned -EPIPE.
Another return code to be treated the same way is -ECONNRESET.
Double requeue caused BUG_ON(blk_queued_rq(rq))
in blk_mq_requeue_request() from either the individual requeue
of the failed request or the bulk requeue from
blk_mq_tagset_busy_iter(, nvme_cancel_request, );
Before we add a new EA we should check that this will not overflow
the maximum buffer we have available to read the EAs back.
Otherwise we can get into a situation where the EAs are so big that
we can not read them back to the client and thus we can not list EAs
anymore or delete them.
Steve French [Thu, 13 Feb 2020 04:37:08 +0000 (22:37 -0600)]
cifs: enable change notification for SMB2.1 dialect
It was originally enabled only for SMB3 or later dialects, but
had requests to add it to SMB2.1 mounts as well given the
large number of systems at that dialect level.
Chris Wilson [Fri, 14 Feb 2020 12:06:59 +0000 (12:06 +0000)]
drm/i915/selftests: Check for the error interrupt before we wait!
Sometimes the error interrupt can fire even before we have seen the
request go active -- in which case, we end up waiting until the timeout
as the request is already completed. Double check for this case!
Randy Dunlap [Thu, 13 Feb 2020 06:28:20 +0000 (22:28 -0800)]
netdevice.h: fix all kernel-doc and Sphinx warnings
Eliminate all kernel-doc and Sphinx warnings in
<linux/netdevice.h>. Fixes these warnings:
../include/linux/netdevice.h:2100: warning: Function parameter or member 'gso_partial_features' not described in 'net_device'
../include/linux/netdevice.h:2100: warning: Function parameter or member 'l3mdev_ops' not described in 'net_device'
../include/linux/netdevice.h:2100: warning: Function parameter or member 'xfrmdev_ops' not described in 'net_device'
../include/linux/netdevice.h:2100: warning: Function parameter or member 'tlsdev_ops' not described in 'net_device'
../include/linux/netdevice.h:2100: warning: Function parameter or member 'name_assign_type' not described in 'net_device'
../include/linux/netdevice.h:2100: warning: Function parameter or member 'ieee802154_ptr' not described in 'net_device'
../include/linux/netdevice.h:2100: warning: Function parameter or member 'mpls_ptr' not described in 'net_device'
../include/linux/netdevice.h:2100: warning: Function parameter or member 'xdp_prog' not described in 'net_device'
../include/linux/netdevice.h:2100: warning: Function parameter or member 'gro_flush_timeout' not described in 'net_device'
../include/linux/netdevice.h:2100: warning: Function parameter or member 'xdp_bulkq' not described in 'net_device'
../include/linux/netdevice.h:2100: warning: Function parameter or member 'xps_cpus_map' not described in 'net_device'
../include/linux/netdevice.h:2100: warning: Function parameter or member 'xps_rxqs_map' not described in 'net_device'
../include/linux/netdevice.h:2100: warning: Function parameter or member 'qdisc_hash' not described in 'net_device'
../include/linux/netdevice.h:3552: WARNING: Inline emphasis start-string without end-string.
../include/linux/netdevice.h:3552: WARNING: Inline emphasis start-string without end-string.
David S. Miller [Fri, 14 Feb 2020 15:34:51 +0000 (07:34 -0800)]
Merge branch 'dsa-headroom'
Per Forlin says:
====================
net: dsa: Make sure there is headroom for tag
Sorry for re-posting yet another time....
I manage to include multiple email-senders and forgot to include cover-letter.
Let's hope everyhthing is in order this time.
Fix two tag drivers to make sure there is headroom for the tag data.
====================
Per Forlin [Thu, 13 Feb 2020 14:37:10 +0000 (15:37 +0100)]
net: dsa: tag_ar9331: Make sure there is headroom for tag
Passing tag size to skb_cow_head will make sure
there is enough headroom for the tag data.
This change does not introduce any overhead in case there
is already available headroom for tag.
Per Forlin [Thu, 13 Feb 2020 14:37:09 +0000 (15:37 +0100)]
net: dsa: tag_qca: Make sure there is headroom for tag
Passing tag size to skb_cow_head will make sure
there is enough headroom for the tag data.
This change does not introduce any overhead in case there
is already available headroom for tag.
William Dauchy [Thu, 13 Feb 2020 17:19:22 +0000 (18:19 +0100)]
net, ip6_tunnel: enhance tunnel locate with link check
With ipip, it is possible to create an extra interface explicitly
attached to a given physical interface:
# ip link show tunl0
4: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
# ip link add tunl1 type ipip dev eth0
# ip link show tunl1
6: tunl1@eth0: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
But it is not possible with ip6tnl:
# ip link show ip6tnl0
5: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/tunnel6 :: brd ::
# ip link add ip6tnl1 type ip6tnl dev eth0
RTNETLINK answers: File exists
This patch aims to make it possible by adding link comparaison in both
tunnel locate and lookup functions; we also modify mtu calculation when
attached to an interface with a lower mtu.
This permits to make use of x-netns communication by moving the newly
created tunnel in a given netns.
David S. Miller [Fri, 14 Feb 2020 15:16:08 +0000 (07:16 -0800)]
Merge tag 'mac80211-for-net-2020-02-14' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
Johannes Berg says:
====================
Just a few fixes:
* avoid running out of tracking space for frames that need
to be reported to userspace by using more bits
* fix beacon handling suppression by adding some relevant
elements to the CRC calculation
* fix quiet mode in action frames
* fix crash in ethtool for virt_wifi and similar
* add a missing policy entry
* fix 160 & 80+80 bandwidth to take local capabilities into
account
====================
Ursula Braun [Fri, 14 Feb 2020 07:59:00 +0000 (08:59 +0100)]
net/smc: no peer ID in CLC decline for SMCD
Just SMCR requires a CLC Peer ID, but not SMCD. The field should be
zero for SMCD.
Fixes: c758dfddc1b5 ("net/smc: add SMC-D support in CLC messages") Signed-off-by: Ursula Braun <[email protected]> Signed-off-by: Karsten Graul <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Ursula Braun [Fri, 14 Feb 2020 07:58:59 +0000 (08:58 +0100)]
net/smc: transfer fasync_list in case of fallback
SMC does not work together with FASTOPEN. If sendmsg() is called with
flag MSG_FASTOPEN in SMC_INIT state, the SMC-socket switches to
fallback mode. To handle the previous ioctl FIOASYNC call correctly
in this case, it is necessary to transfer the socket wait queue
fasync_list to the internal TCP socket.
David S. Miller [Fri, 14 Feb 2020 15:05:18 +0000 (07:05 -0800)]
Merge branch 'hns3-fixes'
Huazhong Tan says:
====================
net: hns3: fixes for -net
This series includes three bugfixes for the HNS3 ethernet driver.
[patch 1] fixes a management table lost issue after IMP reset.
[patch 2] fixes a VF bandwidth configuration not work problem.
[patch 3] fixes a problem related to IPv6 address copying.
====================
Guangbin Huang [Fri, 14 Feb 2020 01:53:43 +0000 (09:53 +0800)]
net: hns3: fix a copying IPv6 address error in hclge_fd_get_flow_tuples()
The IPv6 address defined in struct in6_addr is specified as
big endian, but there is no specified endian in struct
hclge_fd_rule_tuples, so it will cause a problem if directly
use memcpy() to copy ipv6 address between these two structures
since this field in struct hclge_fd_rule_tuples is little endian.
This patch fixes this problem by using be32_to_cpu() to convert
endian of IPv6 address of struct in6_addr before copying.
Fixes: d93ed94fbeaf ("net: hns3: add aRFS support for PF") Signed-off-by: Guangbin Huang <[email protected]> Signed-off-by: Huazhong Tan <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Yonglong Liu [Fri, 14 Feb 2020 01:53:42 +0000 (09:53 +0800)]
net: hns3: fix VF bandwidth does not take effect in some case
When enabling 4 TC after setting the bandwidth of VF, the bandwidth
of VF will resume to default value, because of the qset resources
changed in this case.
This patch fixes it by using a fixed VF's qset resources according to
HNAE3_MAX_TC macro.
Fixes: ee9e44248f52 ("net: hns3: add support for configuring bandwidth of VF on the host") Signed-off-by: Yonglong Liu <[email protected]> Signed-off-by: Huazhong Tan <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Yufeng Mo [Fri, 14 Feb 2020 01:53:41 +0000 (09:53 +0800)]
net: hns3: add management table after IMP reset
In the current process, the management table is missing after the
IMP reset. This patch adds the management table to the reset process.
Fixes: f5aac71c0327 ("net: hns3: add manager table initialization for hardware") Signed-off-by: Yufeng Mo <[email protected]> Signed-off-by: Huazhong Tan <[email protected]> Signed-off-by: David S. Miller <[email protected]>
perf llvm: Fix script used to obtain kernel make directives to work with new kbuild
Before this patch:
# ./perf test 39 41
39: LLVM search and compile :
39.1: Basic BPF llvm compile : Ok
39.2: kbuild searching : FAILED!
39.3: Compile source for BPF prologue generation : Skip
39.4: Compile source for BPF relocation : Skip
41: BPF filter :
41.1: Basic BPF filtering : Ok
41.2: BPF pinning : Ok
41.3: BPF prologue generation : FAILED!
41.4: BPF relocation checker : Skip
#
Using 'perf test -v' for these tests shows that it is not finding
uapi/linux/fs.h, which ends up being because we don't setup the right header
path. Fix it.
After this patch:
# perf test 39 41
39: LLVM search and compile :
39.1: Basic BPF llvm compile : Ok
39.2: kbuild searching : Ok
39.3: Compile source for BPF prologue generation : Ok
39.4: Compile source for BPF relocation : Ok
41: BPF filter :
41.1: Basic BPF filtering : Ok
41.2: BPF pinning : Ok
41.3: BPF prologue generation : Ok
41.4: BPF relocation checker : Ok
#
Longer description:
In llvm-utils.c we use some techniques to obtain the kbuild make
directives and that recently stopped working as now 'ar' gets called and
expects to find the dummy.o used to echo these variables:
$(NOSTDINC_FLAGS) $(LINUXINCLUDE) $(EXTRA_CFLAGS)
Add the $(CC) line to satisfy that, making sure this works with all
kernels, i.e. preserving the temp directory and files in it used for
this technique we can see that it works everywhere:
# make -s -C /lib/modules/5.4.18-100.fc30.x86_64/build M=/tmp/tmp.qgaFHgxjZ4/ clean
# ls -la /tmp/tmp.qgaFHgxjZ4/
total 4
drwx------. 2 root root 80 Feb 14 09:42 .
drwxrwxrwt. 47 root root 1200 Feb 14 09:42 ..
-rw-r--r--. 1 root root 0 Feb 13 17:14 dummy.c
-rw-r--r--. 1 root root 121 Feb 13 17:14 Makefile
#
# cat /tmp/tmp.qgaFHgxjZ4/Makefile
obj-y := dummy.o
$(obj)/%.o: $(src)/%.c
@echo -n "$(NOSTDINC_FLAGS) $(LINUXINCLUDE) $(EXTRA_CFLAGS)"
$(CC) -c -o $@ $<
#
Then build with an old kernel Makefile:
# make -s -C /lib/modules/5.4.18-100.fc30.x86_64/build M=/tmp/tmp.qgaFHgxjZ4/ dummy.o
-nostdinc -isystem /usr/lib/gcc/x86_64-redhat-linux/9/include -I./arch/x86/include -I./arch/x86/include/generated -I./include -I./arch/x86/include/uapi -I./arch/x86/include/generated/uapi -I./include/uapi -I./include/generated/uapi -include ./include/linux/kconfig.h
#
# ls -la /tmp/tmp.qgaFHgxjZ4/
total 8
drwx------. 2 root root 100 Feb 14 09:43 .
drwxrwxrwt. 47 root root 1200 Feb 14 09:43 ..
-rw-r--r--. 1 root root 0 Feb 13 17:14 dummy.c
-rw-r--r--. 1 root root 936 Feb 14 09:43 dummy.o
-rw-r--r--. 1 root root 121 Feb 13 17:14 Makefile
#
And a new one:
# make -s -C /lib/modules/5.4.18-100.fc30.x86_64/build M=/tmp/tmp.qgaFHgxjZ4/ clean
# ls -la /tmp/tmp.qgaFHgxjZ4/
total 4
drwx------. 2 root root 80 Feb 14 09:43 .
drwxrwxrwt. 47 root root 1200 Feb 14 09:43 ..
-rw-r--r--. 1 root root 0 Feb 13 17:14 dummy.c
-rw-r--r--. 1 root root 121 Feb 13 17:14 Makefile
# make -s -C /lib/modules/5.6.0-rc1+/build M=/tmp/tmp.qgaFHgxjZ4/ dummy.o
-nostdinc -isystem /usr/lib/gcc/x86_64-redhat-linux/9/include -I/home/acme/git/linux/arch/x86/include -I./arch/x86/include/generated -I/home/acme/git/linux/include -I./include -I/home/acme/git/linux/arch/x86/include/uapi -I./arch/x86/include/generated/uapi -I/home/acme/git/linux/include/uapi -I./include/generated/uapi -include /home/acme/git/linux/include/linux/kconfig.h
#
# ls -la /tmp/tmp.qgaFHgxjZ4/
total 16
drwx------. 2 root root 160 Feb 14 09:44 .
drwxrwxrwt. 47 root root 1200 Feb 14 09:44 ..
-rw-r--r--. 1 root root 158 Feb 14 09:44 built-in.a
-rw-r--r--. 1 root root 149 Feb 14 09:44 .built-in.a.cmd
-rw-r--r--. 1 root root 0 Feb 13 17:14 dummy.c
-rw-r--r--. 1 root root 936 Feb 14 09:44 dummy.o
-rw-r--r--. 1 root root 121 Feb 13 17:14 Makefile
-rw-r--r--. 1 root root 0 Feb 14 09:44 modules.order
#
Jani Nikula [Tue, 11 Feb 2020 16:14:51 +0000 (18:14 +0200)]
drm/i915: split out display debugfs to a separate file
The i915_debugfs.c has grown more than a little unwieldy. Split out the
display related debugfs code to a file of its own under display/,
initialized with a separate call. No functional changes.
v2:
- Also moved i915_frontbuffer_tracking, i915_gem_framebuffer,
i915_power_domain_info, i915_dmc_info, i915_ipc_status (Ville)
Shay Bar [Mon, 10 Feb 2020 13:07:28 +0000 (15:07 +0200)]
mac80211: fix wrong 160/80+80 MHz setting
Before this patch, STA's would set new width of 160/80+80 MHz based on AP capability only.
This is wrong because STA may not support > 80MHz BW.
Fix is to verify STA has 160/80+80 MHz capability before increasing its width to > 80MHz.
The "support_80_80" and "support_160" setting is based on:
"Table 9-272 — Setting of the Supported Channel Width Set subfield and Extended NSS BW
Support subfield at a STA transmitting the VHT Capabilities Information field"
From "Draft P802.11REVmd_D3.0.pdf"
Dave Airlie [Fri, 14 Feb 2020 03:03:51 +0000 (13:03 +1000)]
Merge tag 'drm-intel-next-fixes-2020-02-13' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
drm/i915 fixes for v5.6-rc2
Most of these were aimed at a "next fixes" pull already during the merge
window, but there were issues with the baseline I used, which resulted
in a lot of issues in CI. I've regenerated this stuff piecemeal now,
adding gradually to it, and it seems healthy now.
Due to the issues this is much bigger than I'd like. But it was
obviously necessary to take the time to ensure it's not garbage...
Dave Airlie [Fri, 14 Feb 2020 02:52:49 +0000 (12:52 +1000)]
Merge tag 'drm-misc-fixes-2020-02-07' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes
Fixes for v5.6:
- Revert allow_fb_modifiers in sun4i, as it causes a regression for DE2 and DE3.
- Fix null pointer deref in drm_dp_mst_process_up_req().
Input: gpio_keys - replace zero-length array with flexible-array member
The current codebase makes use of the zero-length array language
extension to the C90 standard, but the preferred mechanism to declare
variable-length types such as these ones is a flexible array member[1][2],
introduced in C99:
struct foo {
int stuff;
struct boo array[];
};
By making use of the mechanism above, we will get a compiler warning
in case the flexible array does not occur last in the structure, which
will help us prevent some kind of undefined behavior bugs from being
inadvertently introduced[3] to the codebase from now on.
Also, notice that, dynamic memory allocations won't be affected by
this change:
"Flexible array members have incomplete type, and so the sizeof operator
may not be applied. As a quirk of the original implementation of
zero-length arrays, sizeof evaluates to zero."[1]
Input: goldfish_events - replace zero-length array with flexible-array member
The current codebase makes use of the zero-length array language
extension to the C90 standard, but the preferred mechanism to declare
variable-length types such as these ones is a flexible array member[1][2],
introduced in C99:
struct foo {
int stuff;
struct boo array[];
};
By making use of the mechanism above, we will get a compiler warning
in case the flexible array does not occur last in the structure, which
will help us prevent some kind of undefined behavior bugs from being
inadvertently introduced[3] to the codebase from now on.
Also, notice that, dynamic memory allocations won't be affected by
this change:
"Flexible array members have incomplete type, and so the sizeof operator
may not be applied. As a quirk of the original implementation of
zero-length arrays, sizeof evaluates to zero."[1]
Jens Axboe [Fri, 14 Feb 2020 00:17:35 +0000 (17:17 -0700)]
io_uring: prune request from overflow list on flush
Carter reported an issue where he could produce a stall on ring exit,
when we're cleaning up requests that match the given file table. For
this particular test case, a combination of a few things caused the
issue:
- The cq ring was overflown
- The request being canceled was in the overflow list
The combination of the above means that the cq overflow list holds a
reference to the request. The request is canceled correctly, but since
the overflow list holds a reference to it, the final put won't happen.
Since the final put doesn't happen, the request remains in the inflight.
Hence we never finish the cancelation flush.
Fix this by removing requests from the overflow list if we're canceling
them.
Linus Torvalds [Thu, 13 Feb 2020 22:36:57 +0000 (14:36 -0800)]
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fixes from Will Deacon:
"Summary below, but it's all reasonably straightforward. There are some
more fixes on the horizon, but nothing disastrous yet.
Summary:
- Fix build when KASLR is enabled but CONFIG_ARCH_RANDOM is not set
- Fix context-switching of SSBS state on systems that implement it
- Fix spinlock compiler warning introduced during the merge window
- Use SYSCTL_{ZERO,ONE} instead of rolling our own static variables
- Don't scream if optional SMMUv3 PMU irq is missing
- Remove some unused function prototypes"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: time: Replace <linux/clk-provider.h> by <linux/of_clk.h>
arm64: Fix CONFIG_ARCH_RANDOM=n build
perf/smmuv3: Use platform_get_irq_optional() for wired interrupt
arm64/spinlock: fix a -Wunused-function warning
arm64: ssbs: Fix context-switch when SSBS is present on all CPUs
arm64: use shared sysctl constants
arm64: Drop do_el0_ia_bp_hardening() & do_sp_pc_abort() declarations
Linus Torvalds [Thu, 13 Feb 2020 22:34:58 +0000 (14:34 -0800)]
Merge tag 'gpio-v5.6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio
Pull GPIO fixes from Linus Walleij:
- Revert two patches to gpio_do_set_config() and implement the proper
solution that works, also drop an unecessary call in set_config()
- Fix up the lockdep class for hierarchical IRQ domains.
- Remove some bridge code for line directions.
- Fix a register access bug in the Xilinx driver.
* tag 'gpio-v5.6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
gpio: sifive: fix static checker warning
spmi: pmic-arb: Set lockdep class for hierarchical irq domains
gpio: xilinx: Fix bug where the wrong GPIO register is written to
gpiolib: remove unnecessary argument from set_config call
gpio: bd71828: Remove unneeded defines for GPIO_LINE_DIRECTION_IN/OUT
MAINTAINERS: Sort entries in database for GPIO
gpiolib: fix gpio_do_set_config()
Revert "gpiolib: remove set but not used variable 'config'"
Revert "gpiolib: Remove duplicated function gpio_do_set_config()"
====================
icmp: account for NAT when sending icmps from ndo layer
The ICMP routines use the source address for two reasons:
1. Rate-limiting ICMP transmissions based on source address, so
that one source address cannot provoke a flood of replies. If
the source address is wrong, the rate limiting will be
incorrectly applied.
2. Choosing the interface and hence new source address of the
generated ICMP packet. If the original packet source address
is wrong, ICMP replies will be sent from the wrong source
address, resulting in either a misdelivery, infoleak, or just
general network admin confusion.
Most of the time, the icmp_send and icmpv6_send routines can just reach
down into the skb's IP header to determine the saddr. However, if
icmp_send or icmpv6_send is being called from a network device driver --
there are a few in the tree -- then it's possible that by the time
icmp_send or icmpv6_send looks at the packet, the packet's source
address has already been transformed by SNAT or MASQUERADE or some other
transformation that CONNTRACK knows about. In this case, the packet's
source address is most certainly the *wrong* source address to be used
for the purpose of ICMP replies.
Rather, the source address we want to use for ICMP replies is the
original one, from before the transformation occurred.
Fortunately, it's very easy to just ask CONNTRACK if it knows about this
packet, and if so, how to fix it up. The saddr is the only field in the
header we need to fix up, for the purposes of the subsequent processing
in the icmp_send and icmpv6_send functions, so we do the lookup very
early on, so that the rest of the ICMP machinery can progress as usual.
Changes v3->v4:
- Add back the skb_shared checking, since the previous assumption isn't
actually true [Eric]. This implies dropping the additional patches v3 had
for removing skb_share_check from various drivers. We can revisit that
general set of ideas later, but that's probably better suited as a net-next
patchset rather than this stable one which is geared at fixing bugs. So,
this implements things in the safe conservative way.
Changes v2->v3:
- Add selftest to ensure this actually does what we want and never regresses.
- Check the size of the skb header before operating on it.
- Use skb_ensure_writable to ensure we can modify the cloned skb [Florian].
- Conditionalize this on IPS_SRC_NAT so we don't do anything unnecessarily
[Florian].
- It turns out that since we're calling these from the xmit path,
skb_share_check isn't required, so remove that [Florian]. This simplifes the
code a bit too. **The supposition here is that skbs passed to ndo_start_xmit
are _never_ shared. If this is not correct NOW IS THE TIME TO PIPE UP, for
doom awaits us later.**
- While investigating the shared skb business, several drivers appeared to be
calling it incorrectly in the xmit path, so this series also removes those
unnecessary calls, based on the supposition mentioned in the previous point.
Changes v1->v2:
- icmpv6 takes subtly different types than icmpv4, like u32 instead of be32,
u8 instead of int.
- Since we're technically writing to the skb, we need to make sure it's not
a shared one [Dave, 2017].
- Restore the original skb data after icmp_send returns. All current users
are freeing the packet right after, so it doesn't matter, but future users
might not.
- Remove superfluous route lookup in sunvnet [Dave].
- Use NF_NAT instead of NF_CONNTRACK for condition [Florian].
- Include this cover letter [Dave].
====================
Because wireguard is calling icmp from network device context, it should
use the ndo helper so that the rate limiting applies correctly. This
commit adds a small test to the wireguard test suite to ensure that the
new functions continue doing the right thing in the context of
wireguard. It does this by setting up a condition that will definately
evoke an icmp error message from the driver, but along a nat'd path.
Because sunvnet is calling icmp from network device context, it should use
the ndo helper so that the rate limiting applies correctly. While we're
at it, doing the additional route lookup before calling icmp_ndo_send is
superfluous, since this is the job of the icmp code in the first place.
icmp: introduce helper for nat'd source address in network device context
This introduces a helper function to be called only by network drivers
that wraps calls to icmp[v6]_send in a conntrack transformation, in case
NAT has been used. We don't want to pollute the non-driver path, though,
so we introduce this as a helper to be called by places that actually
make use of this, as suggested by Florian.
Davide Caratti [Tue, 11 Feb 2020 18:33:40 +0000 (19:33 +0100)]
net/sched: flower: add missing validation of TCA_FLOWER_FLAGS
unlike other classifiers that can be offloaded (i.e. users can set flags
like 'skip_hw' and 'skip_sw'), 'cls_flower' doesn't validate the size of
netlink attribute 'TCA_FLOWER_FLAGS' provided by user: add a proper entry
to fl_policy.
Fixes: 5b33f48842fa ("net/flower: Introduce hardware offload support") Signed-off-by: Davide Caratti <[email protected]> Acked-by: Jiri Pirko <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Davide Caratti [Tue, 11 Feb 2020 18:33:39 +0000 (19:33 +0100)]
net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS
unlike other classifiers that can be offloaded (i.e. users can set flags
like 'skip_hw' and 'skip_sw'), 'cls_matchall' doesn't validate the size
of netlink attribute 'TCA_MATCHALL_FLAGS' provided by user: add a proper
entry to mall_policy.
Fixes: b87f7936a932 ("net/sched: Add match-all classifier hw offloading.") Signed-off-by: Davide Caratti <[email protected]> Acked-by: Jiri Pirko <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Hangbin Liu [Tue, 11 Feb 2020 10:31:54 +0000 (18:31 +0800)]
net/flow_dissector: remove unexist field description
@thoff has moved to struct flow_dissector_key_control.
Fixes: 42aecaa9bb2b ("net: Get skb hash over flow_keys structure") Signed-off-by: Hangbin Liu <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Li RongQing [Tue, 11 Feb 2020 02:13:44 +0000 (10:13 +0800)]
page_pool: refill page when alloc.count of pool is zero
"do {} while" in page_pool_refill_alloc_cache will always
refill page once whether refill is true or false, and whether
alloc.count of pool is less than PP_ALLOC_CACHE_REFILL or not
this is wrong, and will cause overflow of pool->alloc.cache
the caller of __page_pool_get_cached should provide guarantee
that pool->alloc.cache is safe to access, so in_serving_softirq
should be removed as suggested by Jesper Dangaard Brouer in
https://patchwork.ozlabs.org/patch/1233713/
so fix this issue by calling page_pool_refill_alloc_cache()
only when pool->alloc.count is zero
David S. Miller [Thu, 13 Feb 2020 22:10:11 +0000 (14:10 -0800)]
Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-queue
Jeff Kirsher says:
====================
Intel Wired LAN Driver Updates 2020-02-12
This series contains fixes to only the ice driver.
Dave fixes logic flaws in the DCB rebuild function which is used after a
reset. Also fixed a configuration issue when switching between firmware
and software LLDP mode where the number of TLV's configured was getting
out of sync with what lldpad thinks is configured.
Paul fixes how the driver displayed all the supported and advertised
link modes by basing it on the PHY capabilities, and in the process
cleaned up a lot of code.
Brett fixes duplicate receive tail bumps by comparing the value we are
writing to tail with the previously written tail value. Also cleaned up
workarounds that are no longer needed with the latest NVM images.
Anirudh cleaned up unnecessary CONFIG_PCI_IOV wrappers. Updated the
driver to use ice_pf_to_dev() instead of &pf->pdev->dev or
&vsi->back->pdev->dev. Cleaned up the string format in print function
calls to remove newlines where applicable.
Akeem updates the link message logging to include "Full Duplex" and
"Negotiated", to help distinguish from "Requested" for FEC.
Bruce fixes and consolidates the logging of firmware/NVM information
during driver load, since the information is duplicate of what is
available via ethtool. Fixed the checking of the Unit Load Status bits
after reset to ensure they are 0x7FF before continuing, by updating the
mask. Cleanup up possible NULL dereferences that were created by a
previous commit.
Ben fixes the driver to use the correct netif_msg_tx/rx_error() to
determine whether to print the MDD event type.
Tony provides several trivial fixes, which include whitespace, typos,
function header comments, reverse Christmas tree issues.
====================
Move vga switcheroo and dsm handler register later in
i915_driver_register(), and unregister in i915_driver_unregister(). The
dsm handler unregister is a nop, and is only added for completeness.
My unsubstantiated suspicion is that the vga switcheroo state change
would not work as early as we register the hooks currently. In any case
exposing the interfaces to the world only after we've got everything set
up seems prudent.
Also replace the error handling in vga switcheroo register with a simple
error message. This is done at the same time due to lack of error
propagation from i915_driver_register().
Trond Myklebust [Thu, 13 Feb 2020 19:51:07 +0000 (14:51 -0500)]
NFSv4: Ensure the delegation cred is pinned when we call delegreturn
Ensure we don't release the delegation cred during the call to
nfs4_proc_delegreturn().
Fixes: ee05f456772d ("NFSv4: Fix races between open and delegreturn") Signed-off-by: Trond Myklebust <[email protected]> Signed-off-by: Anna Schumaker <[email protected]>
Trond Myklebust [Thu, 13 Feb 2020 19:51:06 +0000 (14:51 -0500)]
NFSv4: Ensure the delegation is pinned in nfs_do_return_delegation()
The call to nfs_do_return_delegation() needs to be taken without
any RCU locks. Add a refcount to make sure the delegation remains
pinned in memory until we're done.
Fixes: ee05f456772d ("NFSv4: Fix races between open and delegreturn") Signed-off-by: Trond Myklebust <[email protected]> Signed-off-by: Anna Schumaker <[email protected]>
Chuck Lever [Wed, 12 Feb 2020 16:12:30 +0000 (11:12 -0500)]
xprtrdma: Fix DMA scatter-gather list mapping imbalance
The @nents value that was passed to ib_dma_map_sg() has to be passed
to the matching ib_dma_unmap_sg() call. If ib_dma_map_sg() choses to
concatenate sg entries, it will return a different nents value than
it was passed.
The bug was exposed by recent changes to the AMD IOMMU driver, which
enabled sg entry concatenation.
Looking all the way back to commit 4143f34e01e9 ("xprtrdma: Port to
new memory registration API") and reviewing other kernel ULPs, it's
not clear that the frwr_map() logic was ever correct for this case.
Jani Nikula [Tue, 11 Feb 2020 13:44:27 +0000 (15:44 +0200)]
drm/i915/hdmi: prefer to_i915() over drm->dev_private to get at i915
drm->dev_private is to be avoided. Use to_i915() on the struct
drm_device pointer instead. Rename the affected local dev_priv variables
to i915 while at it.
zhangyi (F) [Thu, 13 Feb 2020 06:38:21 +0000 (14:38 +0800)]
jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer
Commit 904cdbd41d74 ("jbd2: clear dirty flag when revoking a buffer from
an older transaction") set the BH_Freed flag when forgetting a metadata
buffer which belongs to the committing transaction, it indicate the
committing process clear dirty bits when it is done with the buffer. But
it also clear the BH_Mapped flag at the same time, which may trigger
below NULL pointer oops when block_size < PAGE_SIZE.
*) Dir entry block bh1 and bh2 belongs to one page, and the bh2 has
already been unmapped.
For the metadata buffer we forgetting, we should always keep the mapped
flag and clear the dirty flags is enough, so this patch pick out the
these buffers and keep their BH_Mapped flag.
zhangyi (F) [Thu, 13 Feb 2020 06:38:20 +0000 (14:38 +0800)]
jbd2: move the clearing of b_modified flag to the journal_unmap_buffer()
There is no need to delay the clearing of b_modified flag to the
transaction committing time when unmapping the journalled buffer, so
just move it to the journal_unmap_buffer().
Shijie Luo [Tue, 11 Feb 2020 01:17:52 +0000 (20:17 -0500)]
ext4: add cond_resched() to ext4_protect_reserved_inode
When journal size is set too big by "mkfs.ext4 -J size=", or when
we mount a crafted image to make journal inode->i_size too big,
the loop, "while (i < num)", holds cpu too long. This could cause
soft lockup.
Jan Kara [Mon, 10 Feb 2020 14:43:16 +0000 (15:43 +0100)]
ext4: fix checksum errors with indexed dirs
DIR_INDEX has been introduced as a compat ext4 feature. That means that
even kernels / tools that don't understand the feature may modify the
filesystem. This works because for kernels not understanding indexed dir
format, internal htree nodes appear just as empty directory entries.
Index dir aware kernels then check the htree structure is still
consistent before using the data. This all worked reasonably well until
metadata checksums were introduced. The problem is that these
effectively made DIR_INDEX only ro-compatible because internal htree
nodes store checksums in a different place than normal directory blocks.
Thus any modification ignorant to DIR_INDEX (or just clearing
EXT4_INDEX_FL from the inode) will effectively cause checksum mismatch
and trigger kernel errors. So we have to be more careful when dealing
with indexed directories on filesystems with checksumming enabled.
1) We just disallow loading any directory inodes with EXT4_INDEX_FL when
DIR_INDEX is not enabled. This is harsh but it should be very rare (it
means someone disabled DIR_INDEX on existing filesystem and didn't run
e2fsck), e2fsck can fix the problem, and we don't want to answer the
difficult question: "Should we rather corrupt the directory more or
should we ignore that DIR_INDEX feature is not set?"
2) When we find out htree structure is corrupted (but the filesystem and
the directory should in support htrees), we continue just ignoring htree
information for reading but we refuse to add new entries to the
directory to avoid corrupting it more.
Theodore Ts'o [Thu, 6 Feb 2020 22:35:01 +0000 (17:35 -0500)]
ext4: fix support for inode sizes > 1024 bytes
A recent commit, 9803387c55f7 ("ext4: validate the
debug_want_extra_isize mount option at parse time"), moved mount-time
checks around. One of those changes moved the inode size check before
the blocksize variable was set to the blocksize of the file system.
After 9803387c55f7 was set to the minimum allowable blocksize, which
in practice on most systems would be 1024 bytes. This cuased file
systems with inode sizes larger than 1024 bytes to be rejected with a
message:
crypto/testmgr: enable selftests for paes-s390 ciphers
This patch enables the selftests for the s390 specific protected key
AES (PAES) cipher implementations:
* cbc-paes-s390
* ctr-paes-s390
* ecb-paes-s390
* xts-paes-s390
PAES is an AES cipher but with encrypted ('protected') key
material. However, the paes ciphers are able to derive an protected
key from clear key material with the help of the pkey kernel module.
So this patch now enables the generic AES tests for the paes
ciphers. Under the hood the setkey() functions rearrange the clear key
values as clear key token and so the pkey kernel module is able to
provide protected key blobs from the given clear key values. The
derived protected key blobs are then used within the paes cipers and
should produce the very same results as the generic AES implementation
with the clear key values.
The s390-paes cipher testlist entries are surrounded
by #if IS_ENABLED(CONFIG_CRYPTO_PAES_S390) because they don't
make any sense on non s390 platforms or without the PAES
cipher implementation.
Jan Kara [Thu, 30 Jan 2020 11:11:48 +0000 (12:11 +0100)]
ext4: simplify checking quota limits in ext4_statfs()
Coverity reports that conditions checking quota limits in ext4_statfs()
contain dead code. Indeed it is right and current conditions can be
simplified.
Andreas Dilger [Sun, 26 Jan 2020 22:03:34 +0000 (15:03 -0700)]
ext4: don't assume that mmp_nodename/bdevname have NUL
Don't assume that the mmp_nodename and mmp_bdevname strings are NUL
terminated, since they are filled in by snprintf(), which is not
guaranteed to do so.
Chris Wilson [Thu, 13 Feb 2020 14:01:50 +0000 (14:01 +0000)]
drm/i915/selftests: Exercise timeslice rewinding
Originally, I did not expect having to rewind a context upon
timeslicing: the point was to replace the executing context with a
non-executing one! However, given a second context that depends on
requests from the first, we may have to split the requests along the
first context to execute the second, causing us to partially replay the
first context and so have to rewind its RING_TAIL.
Leon Romanovsky [Wed, 12 Feb 2020 08:06:51 +0000 (10:06 +0200)]
RDMA/core: Fix protection fault in get_pkey_idx_qp_list
We don't need to set pkey as valid in case that user set only one of pkey
index or port number, otherwise it will be resulted in NULL pointer
dereference while accessing to uninitialized pkey list. The following
crash from Syzkaller revealed it.
Coly Li [Thu, 13 Feb 2020 14:12:07 +0000 (22:12 +0800)]
bcache: remove macro nr_to_fifo_front()
Macro nr_to_fifo_front() is only used once in btree_flush_write(),
it is unncessary indeed. This patch removes this macro and does
calculation directly in place.
In my testing, sometimes even all the cached btree nodes are freed,
creating gc and allocator kernel threads may still fail. Finally it
turns out that kthread_run() may fail if there is pending signal for
current task. And the pending signal is sent from OOM killer which
is triggered by memory consuption in bch_btree_check().
Therefore explicitly shrinking bcache btree node here does not help,
and after the shrinker callback is improved, as well as pending signals
are ignored before creating kernel threads, now such operation is
unncessary anymore.
This patch reverts the commit 1df3877ff6a4 ("bcache: shrink btree node
cache after bch_btree_check()") because we have better improvement now.
Coly Li [Thu, 13 Feb 2020 14:12:05 +0000 (22:12 +0800)]
bcache: ignore pending signals when creating gc and allocator thread
When run a cache set, all the bcache btree node of this cache set will
be checked by bch_btree_check(). If the bcache btree is very large,
iterating all the btree nodes will occupy too much system memory and
the bcache registering process might be selected and killed by system
OOM killer. kthread_run() will fail if current process has pending
signal, therefore the kthread creating in run_cache_set() for gc and
allocator kernel threads are very probably failed for a very large
bcache btree.
Indeed such OOM is safe and the registering process will exit after
the registration done. Therefore this patch flushes pending signals
during the cache set start up, specificly in bch_cache_allocator_start()
and bch_gc_thread_start(), to make sure run_cache_set() won't fail for
large cahced data set.
Takashi Iwai [Thu, 13 Feb 2020 06:03:49 +0000 (07:03 +0100)]
ALSA: pcm: Fix double hw_free calls
The commit 66f2d19f8116 ("ALSA: pcm: Fix memory leak at closing a
stream without hw_free") tried to fix the regression wrt the missing
hw_free call at closing without SNDRV_PCM_IOCTL_HW_FREE ioctl.
However, the code change dropped mistakenly the state check, resulting
in calling hw_free twice when SNDRV_PCM_IOCTL_HW_FRE got called
beforehand. For most drivers, this is almost harmless, but the
drivers like SOF show another regression now.
This patch adds the state condition check before calling do_hw_free()
at releasing the stream for avoiding the double hw_free calls.
The root cause is that tasklet is actually a softirq. In a tasklet
handler, another softirq handler is triggered. Usually these softirq
handlers run on the same cpu core. So this will cause "soft lockup Bug".
Leon Romanovsky [Wed, 12 Feb 2020 07:26:35 +0000 (09:26 +0200)]
RDMA/mlx5: Prevent overflow in mmap offset calculations
The cmd and index variables declared as u16 and the result is supposed to
be stored in u64. The C arithmetic rules doesn't promote "(index >> 8) <<
16" to be u64 and leaves the end result to be u16.
Yonatan Cohen [Wed, 12 Feb 2020 07:26:34 +0000 (09:26 +0200)]
IB/umad: Fix kernel crash while unloading ib_umad
When disassociating a device from umad we must ensure that the sysfs
access is prevented before blocking the fops, otherwise assumptions in
syfs don't hold:
The prior patch made an error in moving the device_destroy(), it should
have been split into device_del() (above) and put_device() (below). At
this point we already have the split, so move the device_del() back to its
original place.
Yishai Hadas [Wed, 12 Feb 2020 07:26:32 +0000 (09:26 +0200)]
RDMA/mlx5: Fix async events cleanup flows
As in the prior patch, the devx code is not fully cleaning up its
event_lists before finishing driver_destroy allowing a later read to
trigger user after free conditions.
Re-arrange things so that the event_list is always empty after destroy and
ensure it remains empty until the file is closed.
Michael Guralnik [Wed, 12 Feb 2020 07:26:31 +0000 (09:26 +0200)]
RDMA/core: Add missing list deletion on freeing event queue
When the uobject file scheme was revised to allow device disassociation
from the file it became possible for read() to still happen the driver
destroys the uobject.
The old clode code was not tolerant to concurrent read, and when it was
moved to the driver destroy it creates a bug.
Ensure the event_list is empty after driver destroy by adding the missing
list_del(). Otherwise read() can trigger a use after free and double
kfree.
Robert Richter [Wed, 12 Feb 2020 12:03:39 +0000 (13:03 +0100)]
EDAC/sysfs: Remove csrow objects on errors
All created csrow objects must be removed in the error path of
edac_create_csrow_objects(). The objects have been added as devices.
They need to be removed by doing a device_del() *and* put_device() call
to also free their memory. The missing put_device() leaves a memory
leak. Use device_unregister() instead of device_del() which properly
unregisters the device doing both.
Robert Richter [Wed, 12 Feb 2020 17:25:18 +0000 (18:25 +0100)]
EDAC/mc: Fix use-after-free and memleaks during device removal
A test kernel with the options DEBUG_TEST_DRIVER_REMOVE, KASAN and
DEBUG_KMEMLEAK set, revealed several issues when removing an mci device:
1) Use-after-free:
On 27.11.19 17:07:33, John Garry wrote:
> [ 22.104498] BUG: KASAN: use-after-free in
> edac_remove_sysfs_mci_device+0x148/0x180
The use-after-free is caused by the mci_for_each_dimm() macro called in
edac_remove_sysfs_mci_device(). The iterator was introduced with
c498afaf7df8 ("EDAC: Introduce an mci_for_each_dimm() iterator").
The iterator loop calls device_unregister(&dimm->dev), which removes
the sysfs entry of the device, but also frees the dimm struct in
dimm_attr_release(). When incrementing the loop in mci_for_each_dimm(),
the dimm struct is accessed again, after having been freed already.
The fix is to free all the mci device's subsequent dimm and csrow
objects at a later point, in _edac_mc_free(), when the mci device itself
is being freed.
This keeps the data structures intact and the mci device can be
fully used until its removal. The change allows the safe usage of
mci_for_each_dimm() to release dimm devices from sysfs.
All leaks are from memory allocated by edac_mc_alloc().
Note: The test above shows that edac_mc_alloc() was called here from
ghes_edac_register(), thus both functions show up in the stack trace
but the module causing the leaks is edac_mc. The comments with the data
structures involved were made manually by analyzing the objdump.
The data structures listed above and created by edac_mc_alloc() are
not properly removed during device removal, which is done in
edac_mc_free().
There are two paths implemented to remove the device depending on device
registration, _edac_mc_free() is called if the device is not registered
and edac_unregister_sysfs() otherwise.
The implemenations differ. For the sysfs case, the mci device removal
lacks the removal of subsequent data structures (csrows, channels,
dimms). This causes the memory leaks (see mci_attr_release()).
Alexander Tsoy [Wed, 12 Feb 2020 23:54:50 +0000 (02:54 +0300)]
ALSA: usb-audio: Add clock validity quirk for Denon MC7000/MCX8000
It should be safe to ignore clock validity check result if the following
conditions are met:
- only one single sample rate is supported;
- the terminal is directly connected to the clock source;
- the clock type is internal.
This is to deal with some Denon DJ controllers that always reports that
clock is invalid.
which is due to the 'wqe' and 'worker' allocation being node affine.
But it isn't valid to call the node affine allocation if the node isn't
online.
Setup structures for even offline nodes, as usual, but skip them in
terms of thread setup to not waste resources. If the node isn't online,
just alloc memory with NUMA_NO_NODE.
Randy Dunlap [Mon, 10 Feb 2020 03:36:14 +0000 (19:36 -0800)]
linux/pipe_fs_i.h: fix kernel-doc warnings after @wait was split
Fix kernel-doc warnings in struct pipe_inode_info after @wait was
split into @rd_wait and @wr_wait.
include/linux/pipe_fs_i.h:66: warning: Function parameter or member 'rd_wait' not described in 'pipe_inode_info'
include/linux/pipe_fs_i.h:66: warning: Function parameter or member 'wr_wait' not described in 'pipe_inode_info'
Fixes: 0ddad21d3e99 ("pipe: use exclusive waits when reading or writing") Signed-off-by: Randy Dunlap <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
projects / linux.git / log