Commit Graph

871259 Commits

Author SHA1 Message Date
David Ahern 2d819d250a ipv6: Handle missing host route in __ipv6_ifa_notify
Rajendra reported a kernel panic when a link was taken down:

    [ 6870.263084] BUG: unable to handle kernel NULL pointer dereference at 00000000000000a8
    [ 6870.271856] IP: [<ffffffff8efc5764>] __ipv6_ifa_notify+0x154/0x290

    <snip>

    [ 6870.570501] Call Trace:
    [ 6870.573238] [<ffffffff8efc58c6>] ? ipv6_ifa_notify+0x26/0x40
    [ 6870.579665] [<ffffffff8efc98ec>] ? addrconf_dad_completed+0x4c/0x2c0
    [ 6870.586869] [<ffffffff8efe70c6>] ? ipv6_dev_mc_inc+0x196/0x260
    [ 6870.593491] [<ffffffff8efc9c6a>] ? addrconf_dad_work+0x10a/0x430
    [ 6870.600305] [<ffffffff8f01ade4>] ? __switch_to_asm+0x34/0x70
    [ 6870.606732] [<ffffffff8ea93a7a>] ? process_one_work+0x18a/0x430
    [ 6870.613449] [<ffffffff8ea93d6d>] ? worker_thread+0x4d/0x490
    [ 6870.619778] [<ffffffff8ea93d20>] ? process_one_work+0x430/0x430
    [ 6870.626495] [<ffffffff8ea99dd9>] ? kthread+0xd9/0xf0
    [ 6870.632145] [<ffffffff8f01ade4>] ? __switch_to_asm+0x34/0x70
    [ 6870.638573] [<ffffffff8ea99d00>] ? kthread_park+0x60/0x60
    [ 6870.644707] [<ffffffff8f01ae77>] ? ret_from_fork+0x57/0x70
    [ 6870.650936] Code: 31 c0 31 d2 41 b9 20 00 08 02 b9 09 00 00 0

addrconf_dad_work is kicked to be scheduled when a device is brought
up. There is a race between addrcond_dad_work getting scheduled and
taking the rtnl lock and a process taking the link down (under rtnl).
The latter removes the host route from the inet6_addr as part of
addrconf_ifdown which is run for NETDEV_DOWN. The former attempts
to use the host route in __ipv6_ifa_notify. If the down event removes
the host route due to the race to the rtnl, then the BUG listed above
occurs.

Since the DAD sequence can not be aborted, add a check for the missing
host route in __ipv6_ifa_notify. The only way this should happen is due
to the previously mentioned race. The host route is created when the
address is added to an interface; it is only removed on a down event
where the address is kept. Add a warning if the host route is missing
AND the device is up; this is a situation that should never happen.

Fixes: f1705ec197 ("net: ipv6: Make address flushing on ifdown optional")
Reported-by: Rajendra Dendukuri <rajendra.dendukuri@broadcom.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-10-04 18:08:58 -07:00
Andrea Merello ea977d19d9 net: phy: allow for reset line to be tied to a sleepy GPIO controller
mdio_device_reset() makes use of the atomic-pretending API flavor for
handling the PHY reset GPIO line.

I found no hint that mdio_device_reset() is called from atomic context
and indeed it uses usleep_range() since long time, so I would assume that
it is OK to sleep there.

This patch switch to gpiod_set_value_cansleep() in mdio_device_reset().
This is relevant if e.g. the PHY reset line is tied to a I2C GPIO
controller.

This has been tested on a ZynqMP board running an upstream 4.19 kernel and
then hand-ported on current kernel tree.

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-10-04 18:07:45 -07:00
Paolo Abeni b406472b5a net: ipv4: avoid mixed n_redirects and rate_tokens usage
Since commit c09551c6ff ("net: ipv4: use a dedicated counter
for icmp_v4 redirect packets") we use 'n_redirects' to account
for redirect packets, but we still use 'rate_tokens' to compute
the redirect packets exponential backoff.

If the device sent to the relevant peer any ICMP error packet
after sending a redirect, it will also update 'rate_token' according
to the leaking bucket schema; typically 'rate_token' will raise
above BITS_PER_LONG and the redirect packets backoff algorithm
will produce undefined behavior.

Fix the issue using 'n_redirects' to compute the exponential backoff
in ip_rt_send_redirect().

Note that we still clear rate_tokens after a redirect silence period,
to avoid changing an established behaviour.

The root cause predates git history; before the mentioned commit in
the critical scenario, the kernel stopped sending redirects, after
the mentioned commit the behavior more randomic.

Reported-by: Xiumei Mu <xmu@redhat.com>
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Fixes: c09551c6ff ("net: ipv4: use a dedicated counter for icmp_v4 redirect packets")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-10-04 17:27:04 -07:00
Kai-Heng Feng a54cdeeb04 r8152: Set macpassthru in reset_resume callback
r8152 may fail to establish network connection after resume from system
suspend.

If the USB port connects to r8152 lost its power during system suspend,
the MAC address was written before is lost. The reason is that The MAC
address doesn't get written again in its reset_resume callback.

So let's set MAC address again in reset_resume callback. Also remove
unnecessary lock as no other locking attempt will happen during
reset_resume.

Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-10-04 17:26:03 -07:00
Vishal Kulkarni 6b517374f4 cxgb4:Fix out-of-bounds MSI-X info array access
When fetching free MSI-X vectors for ULDs, check for the error code
before accessing MSI-X info array. Otherwise, an out-of-bounds access is
attempted, which results in kernel panic.

Fixes: 94cdb8bb99 ("cxgb4: Add support for dynamic allocation of resources for ULD")
Signed-off-by: Shahjada Abul Husain <shahjada@chelsio.com>
Signed-off-by: Vishal Kulkarni <vishal@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-10-04 14:42:13 -07:00
David Ahern 8ae72cbf62 Revert "ipv6: Handle race in addrconf_dad_work"
This reverts commit a3ce2a21bb.

Eric reported tests failings with commit. After digging into it,
the bottom line is that the DAD sequence is not to be messed with.
There are too many cases that are expected to proceed regardless
of whether a device is up.

Revert the patch and I will send a different solution for the
problem Rajendra reported.

Signed-off-by: David Ahern <dsahern@gmail.com>
Cc: Eric Dumazet <edumazet@google.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-10-04 14:31:10 -07:00
Alexey Dobriyan 7a512eb865 net: make sock_prot_memory_pressure() return "const char *"
This function returns string literals which are "const char *".

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-10-04 14:30:23 -07:00
David Howells db9b2e0af6 rxrpc: Fix rxrpc_recvmsg tracepoint
Fix the rxrpc_recvmsg tracepoint to handle being called with a NULL call
parameter.

Fixes: a25e21f0bc ("rxrpc, afs: Use debug_ids rather than pointers in traces")
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-10-04 13:57:14 -07:00
Reinhard Speyerer cf74ac6db2 qmi_wwan: add support for Cinterion CLS8 devices
Add support for Cinterion CLS8 devices.
Use QMI_QUIRK_SET_DTR as required for Qualcomm MDM9x07 chipsets.

T:  Bus=01 Lev=03 Prnt=05 Port=01 Cnt=02 Dev#= 25 Spd=480  MxCh= 0
D:  Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs=  1
P:  Vendor=1e2d ProdID=00b0 Rev= 3.18
S:  Manufacturer=GEMALTO
S:  Product=USB Modem
C:* #Ifs= 5 Cfg#= 1 Atr=80 MxPwr=500mA
I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none)
E:  Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E:  Ad=83(I) Atr=03(Int.) MxPS=  10 Ivl=32ms
E:  Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E:  Ad=85(I) Atr=03(Int.) MxPS=  10 Ivl=32ms
E:  Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E:  Ad=87(I) Atr=03(Int.) MxPS=  10 Ivl=32ms
E:  Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
E:  Ad=89(I) Atr=03(Int.) MxPS=   8 Ivl=32ms
E:  Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms

Signed-off-by: Reinhard Speyerer <rspmn@arcor.de>
Acked-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-10-04 13:55:47 -07:00
Linus Torvalds 4ea655343c Some MIPS fixes for the 5.4 cycle:
- Build fixes for Cavium Octeon & PMC-Sierra MSP systems, as well as
   all pre-MIPSr6 configurations built with binutils < 2.25.
 
 - Boot fixes for 64-bit Loongson systems & SGI IP28 systems.
 
 - Wire up the new clone3 syscall.
 
 - Clean ups for a few build-time warnings.
 -----BEGIN PGP SIGNATURE-----
 
 iIsEABYIADMWIQRgLjeFAZEXQzy86/s+p5+stXUA3QUCXZekBBUccGF1bC5idXJ0
 b25AbWlwcy5jb20ACgkQPqefrLV1AN1aSQD+OSdb9fs1Gqakn1bM/TmvAB5lNxhM
 8Xy47aqWURt4rpIBAJegfqjq2SWyVNxeNV0fNcqQl9DcjABhOyCJ316U6rMD
 =TNtT
 -----END PGP SIGNATURE-----

Merge tag 'mips_fixes_5.4_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux

Pull MIPS fixes from Paul Burton:

 - Build fixes for Cavium Octeon & PMC-Sierra MSP systems, as well as
   all pre-MIPSr6 configurations built with binutils < 2.25.

 - Boot fixes for 64-bit Loongson systems & SGI IP28 systems.

 - Wire up the new clone3 syscall.

 - Clean ups for a few build-time warnings.

* tag 'mips_fixes_5.4_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux:
  MIPS: fw/arc: Remove unused addr variable
  MIPS: pmcs-msp71xx: Remove unused addr variable
  MIPS: pmcs-msp71xx: Add missing MAX_PROM_MEM definition
  mips: Loongson: Fix the link time qualifier of 'serial_exit()'
  MIPS: init: Prevent adding memory before PHYS_OFFSET
  MIPS: init: Fix reservation of memory between PHYS_OFFSET and mem start
  MIPS: VDSO: Fix build for binutils < 2.25
  MIPS: VDSO: Remove unused gettimeofday.c
  MIPS: Wire up clone3 syscall
  MIPS: octeon: Include required header; fix octeon ethernet build
  MIPS: cpu-bugs64: Mark inline functions as __always_inline
  MIPS: dts: ar9331: fix interrupt-controller size
  MIPS: Loongson64: Fix boot failure after dropping boot_mem_map
2019-10-04 13:31:56 -07:00
Linus Torvalds 812ad49d88 RISC-V updates for v5.4-rc2
Two RISC-V fixes for v5.4-rc2:
 
 - Ensure that exclusive-load reservations are terminated after system
   call or exception handling.  This primarily affects QEMU, which does
     not expire load reservations.
 
 - Fix an issue primarily affecting RV32 platforms that can cause the
   DT header to be corrupted, causing boot failures.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEElRDoIDdEz9/svf2Kx4+xDQu9KksFAl2Xge8ACgkQx4+xDQu9
 KkuRpQ/+PvRuMmcC2IHL5P1SAq/U3ExVS81d0lPRrSMRnUoIdZeKyVfKM6CyxsmA
 CbTl6GEem60Pb/+35Y6rIaW/mEusBBJpgyzP9Wkkl9uRrlpr3ofmjg9WOg5jLHVh
 2gajke8MvKMVfAtVgdWLH/OtaoXLW2pHx7FY/pj2YALgzDLnykA8BgO30w5T+bzr
 SxoA1L+oqb6FMtwUPVyvUh4pC5I4TPsCZVFyqAGSGSJcFm6A+I333PMnqGmt5d9L
 bExTcFhlPimhEUH2V+j7FPrL3m3jewS5w9VMfQ5QZ+63g7+SvYDzW2NievoaZ3p3
 /ts1c1+folMzENMMQ7IdGgC9+sTwtLTVaO06OAiBOgbrhKCllz+JbuKw5tEqA68x
 JvvQPGm+OX3W6NWjTbbmfiL+7S3i8j5ZBrURFHqfBmYzvfSP9jkG/IZeD9FvX49D
 Fkx7A5YB8BwfNFoGrFS+iW9dHCrDM8qefYqDF7pmgIE6rooWxKNRamHAwNYvJ1jG
 8uvYP6RHZdSlHxf4hbrD6C379j7awDXa4t0fTpNywZtXan3i56DhFImEFUuYcPV7
 ARahcaiBl2eCFI/HssPS5bn+xwVGPzbC3/5A+hGpCBOQf1DU5GkKHp8FQjcAl/9U
 RRu6v+2N77oBIZGwnt7yh8cfM40+4y4hZ1bn8Vz4tNh5j2ycNao=
 =yka9
 -----END PGP SIGNATURE-----

Merge tag 'riscv/for-v5.4-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux

Pull RISC-V fixes from Paul Walmsley:

 - Ensure that exclusive-load reservations are terminated after system
   call or exception handling. This primarily affects QEMU, which does
   not expire load reservations.

 - Fix an issue primarily affecting RV32 platforms that can cause the DT
   header to be corrupted, causing boot failures.

* tag 'riscv/for-v5.4-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
  riscv: Fix memblock reservation for device tree blob
  RISC-V: Clear load reservations while restoring hart contexts
2019-10-04 13:02:47 -07:00
Linus Torvalds a4ad51e952 DeviceTree fixes for v5.4:
Fix several 'dt_binding_check' build failures.
 -----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCgAuFiEEktVUI4SxYhzZyEuo+vtdtY28YcMFAl2XRhMQHHJvYmhAa2Vy
 bmVsLm9yZwAKCRD6+121jbxhw437EACF9D3OjcvV04S6fPsQ5QOw+SMow8+X93mo
 tC4yrJQagLKSBzevm4DxhueCsOtNf0+hPoaOUoPPbuGd6VCHqKjPn2pbo4Ee+rfU
 SoMZTZpgAK/A52NGmbyCAnNqS6j7ij7i8YSNhT5y/Y0XAHzZshQdnvPeGQbVLNHF
 ELwbW3fyauGPagwFmIwURdSMnUNsqyV7r3Wuc0GqUr4I0M42Bqhq739lq8eUf7sx
 VWN5foQedW9fuFfa0ADMYD/iElMnEOaPIxQh+5h4uDklA43rnpUgmroCRoZNZlqi
 aPq1LVRZkGpypaDqJ0hzJ8RYMIuM2Dptu814tp5bekd0us3lG4bWvlaiw+ryILip
 h1dUHQ8H1gTAe2CTWmfl0xeBZSuEAK6GnuprVVmC3uyHK4MXdvqX7ZVnO+sK1Cxk
 UuIYeDQTEd3FmmGRDYpazfQTKPJzyy/OiBFV47gw0V9WLbCJWby30IRIyjHrq9ft
 KbOk0gReagIGuU3EUKY3nHiGpiBtgYU79amtHazX5dziEfpTuaUauCaAf8+Ndw3T
 J/Jgqk9/UET2qkN+MTQ/Ta8ruyCyHOVvXCF6xaKwD/8lH+ndgFvvg52LmPhO1uH2
 XQSUs1ezwHZvJQwxqQSE4DKGsMAfp6ZJC//07LHciiAWzQqncSleeBW1vKvCnXnF
 cWzN+YEBVQ==
 =qDkQ
 -----END PGP SIGNATURE-----

Merge tag 'devicetree-fixes-for-5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux

Pull DeviceTree fixes from Rob Herring:
 "Fix several 'dt_binding_check' build failures"

* tag 'devicetree-fixes-for-5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
  dt-bindings: phy: lantiq: Fix Property Name
  dt-bindings: iio: ad7192: Fix DTC warning in the example
  dt-bindings: iio: ad7192: Fix Regulator Properties
  dt-bindings: media: rc: Fix redundant string
  dt-bindings: dsp: Fix fsl,dsp example
2019-10-04 12:57:45 -07:00
Paul Burton 6822c29ddb
MIPS: fw/arc: Remove unused addr variable
The addr variable in prom_free_prom_memory() has been unused since
commit 0df1007677 ("MIPS: fw: Record prom memory"), leading to a
compiler warning:

  arch/mips/fw/arc/memory.c:163:16:
    warning: unused variable 'addr' [-Wunused-variable]

Fix this by removing the unused variable.

Signed-off-by: Paul Burton <paul.burton@mips.com>
Fixes: 0df1007677 ("MIPS: fw: Record prom memory")
Cc: Jiaxun Yang <jiaxun.yang@flygoat.com>
Cc: linux-mips@vger.kernel.org
2019-10-04 11:46:22 -07:00
Linus Torvalds b145b0eb20 ARM and x86 bugfixes of all kinds. The most visible one is that migrating
a nested hypervisor has always been busted on Broadwell and newer processors,
 and that has finally been fixed.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJdlzTRAAoJEL/70l94x66DElcH/Rvhn5VQE/n2J+tKEXAICxQu
 FqcTBJ5x2mp04aFe7xD3kWoKRJmz2lmHdw2ahFd4sqqLfGEFF/KW24ADI33vzLx/
 UmT78O0Je3PX77TRnEXy+napbJny0iT6ikTAQKPbyQ151JlqlbPvatpDXXLPWQHv
 jj6nKHCvMBrhV3kgaXO3cTFl8swX1hvR9lo9PcA2gRNt+HMN0heUmpfKughPoOes
 JH+UNjsEr7MYlXYlIIc9o71EYH+kgPObwlLejy0ture+dvvZEJUJjZJE8H/XG5f2
 ryXG9favaCOTAvaGf0R5Es+47A3crqUr6gHS0N28QKPn7x4hehIkKpA9dXQnWIw=
 =1/LN
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull KVM fixes from Paolo Bonzini:
 "ARM and x86 bugfixes of all kinds.

  The most visible one is that migrating a nested hypervisor has always
  been busted on Broadwell and newer processors, and that has finally
  been fixed"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (22 commits)
  KVM: x86: omit "impossible" pmu MSRs from MSR list
  KVM: nVMX: Fix consistency check on injected exception error code
  KVM: x86: omit absent pmu MSRs from MSR list
  selftests: kvm: Fix libkvm build error
  kvm: vmx: Limit guest PMCs to those supported on the host
  kvm: x86, powerpc: do not allow clearing largepages debugfs entry
  KVM: selftests: x86: clarify what is reported on KVM_GET_MSRS failure
  KVM: VMX: Set VMENTER_L1D_FLUSH_NOT_REQUIRED if !X86_BUG_L1TF
  selftests: kvm: add test for dirty logging inside nested guests
  KVM: x86: fix nested guest live migration with PML
  KVM: x86: assign two bits to track SPTE kinds
  KVM: x86: Expose XSAVEERPTR to the guest
  kvm: x86: Enumerate support for CLZERO instruction
  kvm: x86: Use AMD CPUID semantics for AMD vCPUs
  kvm: x86: Improve emulation of CPUID leaves 0BH and 1FH
  KVM: X86: Fix userspace set invalid CR4
  kvm: x86: Fix a spurious -E2BIG in __do_cpuid_func
  KVM: LAPIC: Loosen filter for adaptive tuning of lapic_timer_advance_ns
  KVM: arm/arm64: vgic: Use the appropriate TRACE_INCLUDE_PATH
  arm64: KVM: Kill hyp_alternate_select()
  ...
2019-10-04 11:17:51 -07:00
Linus Torvalds 50dfd03d95 xen: fixes and cleanups for 5.4-rc2
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQRTLbB6QfY48x44uB6AXGG7T9hjvgUCXZbQhwAKCRCAXGG7T9hj
 vh03AP9mOLNY8r16u6a+Iy0YVccTaeiQiquG6HgFVEGX2Ki38gD/Xf5u6bPRYBts
 uSRL/eYDvtfU4YGGMjogn20Fdzhc5Ak=
 =EkVp
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-5.4-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip

Pull xen fixes and cleanups from Juergen Gross:

 - a fix in the Xen balloon driver avoiding hitting a BUG_ON() in some
   cases, plus a follow-on cleanup series for that driver

 - a patch for introducing non-blocking EFI callbacks in Xen's EFI
   driver, plu a cleanup patch for Xen EFI handling merging the x86 and
   ARM arch specific initialization into the Xen EFI driver

 - a fix of the Xen xenbus driver avoiding a self-deadlock when cleaning
   up after a user process has died

 - a fix for Xen on ARM after removal of ZONE_DMA

 - a cleanup patch for avoiding build warnings for Xen on ARM

* tag 'for-linus-5.4-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
  xen/xenbus: fix self-deadlock after killing user process
  xen/efi: have a common runtime setup function
  arm: xen: mm: use __GPF_DMA32 for arm64
  xen/balloon: Clear PG_offline in balloon_retrieve()
  xen/balloon: Mark pages PG_offline in balloon_append()
  xen/balloon: Drop __balloon_append()
  xen/balloon: Set pages PageOffline() in balloon_add_region()
  ARM: xen: unexport HYPERVISOR_platform_op function
  xen/efi: Set nonblocking callbacks
2019-10-04 11:13:09 -07:00
Linus Torvalds e524d16e7e copy-struct-from-user-v5.4-rc2
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQRAhzRXHqcMeLMyaSiRxhvAZXjcogUCXZZIgQAKCRCRxhvAZXjc
 orNOAP98B2nmoxvq8d5Z6PhoyTBC5NIUuJ5h2YMwcX/hAaj5uQEA58NTKtPmOPDR
 2ffUFFerGZ2+brlHgACa0ZKdH27TjAA=
 =QryD
 -----END PGP SIGNATURE-----

Merge tag 'copy-struct-from-user-v5.4-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux

Pull copy_struct_from_user() helper from Christian Brauner:
 "This contains the copy_struct_from_user() helper which got split out
  from the openat2() patchset. It is a generic interface designed to
  copy a struct from userspace.

  The helper will be especially useful for structs versioned by size of
  which we have quite a few. This allows for backwards compatibility,
  i.e. an extended struct can be passed to an older kernel, or a legacy
  struct can be passed to a newer kernel. For the first case (extended
  struct, older kernel) the new fields in an extended struct can be set
  to zero and the struct safely passed to an older kernel.

  The most obvious benefit is that this helper lets us get rid of
  duplicate code present in at least sched_setattr(), perf_event_open(),
  and clone3(). More importantly it will also help to ensure that users
  implementing versioning-by-size end up with the same core semantics.

  This point is especially crucial since we have at least one case where
  versioning-by-size is used but with slighly different semantics:
  sched_setattr(), perf_event_open(), and clone3() all do do similar
  checks to copy_struct_from_user() while rt_sigprocmask(2) always
  rejects differently-sized struct arguments.

  With this pull request we also switch over sched_setattr(),
  perf_event_open(), and clone3() to use the new helper"

* tag 'copy-struct-from-user-v5.4-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux:
  usercopy: Add parentheses around assignment in test_copy_struct_from_user
  perf_event_open: switch to copy_struct_from_user()
  sched_setattr: switch to copy_struct_from_user()
  clone3: switch to copy_struct_from_user()
  lib: introduce copy_struct_from_user() helper
2019-10-04 10:36:31 -07:00
Linus Torvalds af0622f6ae for-linus-20191003
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQRAhzRXHqcMeLMyaSiRxhvAZXjcogUCXZZKNgAKCRCRxhvAZXjc
 otfIAPsHUZn+Wfa/8uftNDJ6RLDXDsq6l8xiQTkz+k4YdnDj2AD/aIPjrM950jrS
 W7+8R7CSSQOLmIif6R+S0A1fyFoVlQA=
 =HVz0
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-20191003' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux

Pull clone3/pidfd fixes from Christian Brauner:
 "This contains a couple of fixes:

   - Fix pidfd selftest compilation (Shuah Kahn)

     Due to a false linking instruction in the Makefile compilation for
     the pidfd selftests would fail on some systems.

   - Fix compilation for glibc on RISC-V systems (Seth Forshee)

     In some scenarios linux/uapi/linux/sched.h is included where
     __ASSEMBLY__ is defined causing a build failure because struct
     clone_args was not guarded by an #ifndef __ASSEMBLY__.

   - Add missing clone3() and struct clone_args kernel-doc (Christian Brauner)

     clone3() and struct clone_args were missing kernel-docs. (The goal
     is to use kernel-doc for any function or type where it's worth it.)
     For struct clone_args this also contains a comment about the fact
     that it's versioned by size"

* tag 'for-linus-20191003' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux:
  sched: add kernel-doc for struct clone_args
  fork: add kernel-doc for clone3
  selftests: pidfd: Fix undefined reference to pthread_create()
  sched: Add __ASSEMBLY__ guards around struct clone_args
2019-10-04 10:18:56 -07:00
Patrice Chotard 60c1b3e257 ARM: multi_v7_defconfig: Fix SPI_STM32_QSPI support
SPI_STM32_QSPI must be set in buildin as rootfs can be
located on QSPI memory device.

Link: https://lore.kernel.org/r/20191004124025.17394-1-patrice.chotard@st.com
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
2019-10-04 10:18:55 -07:00
Linus Torvalds 768b47b7a9 drm fixes for 5.4-rc2
core:
 - writeback fixes
 
 i915:
 - Fix DP-MST crtc_mask
 - Fix dsc dpp calculations
 - Fix g4x sprite scaling stride check with GTT remapping
 - Fix concurrence on cases where requests where getting retired at same time as resubmitted to HW
 - Fix gen9 display resolutions by setting the right max plane width
 - Fix GPU hang on preemption
 - Mark contents as dirty on a write fault. This was breaking cursor sprite with dumb buffers.
 
 komeda:
 - memory leak fix
 
 tilcdc:
 - include fix
 
 amdgpu:
 - Enable bulk moves
 - Power metrics fixes for Navi
 - Fix S4 regression
 - Add query for tcc disabled mask
 - Fix several leaks in error paths
 - randconfig fixes
 - clang fixes
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJdlvpMAAoJEAx081l5xIa+yowP/2m/4P0V7u/BOopf83h6O2OD
 iWf6IbnPA6UdZbGiwyTu1814hhc1ijDKBcj005YLK7CXhangzhTYUBdYDKJTjJzP
 OYnDWV+CP03qX87CHozb7dHqdAtosdaXnXNipUkLFRM9fx8Q6yA4ERyt7NB25qn+
 c3GIaC7uU6yN9nn/FLaAc94FCn8Jy0HY6Fm/VIbugRulVeRp2Gq9jV+BIXoxTCxE
 OBhxQnSS25VCoo/lyUGVEZ+LFtfaiRJVO+MMhYKdNNAgxXnGqkxVk8jfxnK4MRBP
 lhbSL1WC0T2B5+ahT4bwKu9eluW2DONfkiQ5HzQKUepcmHKNgIWjOKcf9lxSZ0yz
 ITzh4qyjF7+qjtSKXFPSYGQuBnLrU2wY4euMa1S7qQAq0fLXia5IJL63jNqc5iSG
 e5vziPeP1iwouDIvekE4PDpUt58VyFIiD4z0jTNJPwN3w0OqKfqAWsFZdTHIIKwy
 2qQhEv+RnVwCKN0uT+9YgkKKvAOmeBJ5MZHueQv9PJfVRndk8Zqzog38whsgSebZ
 Z5i3AO7SPzPusEULkSc/gR5EyLHiklUXS6DaTuJCZ80DVlNs5+QPCcFAnKAPh0kj
 isyt2/l9rEZucRiPe1t9OMQ+zVmfCnxZIMtxo5K0TmHon1Rrc11XOI4wtOzsyDmo
 eEvWg+JWqlm57TS1jzqq
 =2MxC
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-2019-10-04' of git://anongit.freedesktop.org/drm/drm

Pull drm fixes from Dave Airlie:
 "Been offline for 3 days, got back and had some fixes queued up.

  Nothing too major, the i915 dp-mst fix is important, and amdgpu has a
  bulk move speedup fix and some regressions, but nothing too insane for
  an rc2 pull. The intel fixes are also 2 weeks worth, they missed the
  boat last week.

  core:
   - writeback fixes

  i915:
   - Fix DP-MST crtc_mask
   - Fix dsc dpp calculations
   - Fix g4x sprite scaling stride check with GTT remapping
   - Fix concurrence on cases where requests where getting retired at
     same time as resubmitted to HW
   - Fix gen9 display resolutions by setting the right max plane width
   - Fix GPU hang on preemption
   - Mark contents as dirty on a write fault. This was breaking cursor
     sprite with dumb buffers.

  komeda:
   - memory leak fix

  tilcdc:
   - include fix

  amdgpu:
   - Enable bulk moves
   - Power metrics fixes for Navi
   - Fix S4 regression
   - Add query for tcc disabled mask
   - Fix several leaks in error paths
   - randconfig fixes
   - clang fixes"

* tag 'drm-fixes-2019-10-04' of git://anongit.freedesktop.org/drm/drm: (21 commits)
  Revert "drm/i915: Fix DP-MST crtc_mask"
  drm/omap: fix max fclk divider for omap36xx
  drm/i915: Fix g4x sprite scaling stride check with GTT remapping
  drm/i915/dp: Fix dsc bpp calculations, v5.
  drm/amd/display: fix dcn21 Makefile for clang
  drm/amd/display: hide an unused variable
  drm/amdgpu: display_mode_vba_21: remove uint typedef
  drm/amdgpu: hide another #warning
  drm/amdgpu: make pmu support optional, again
  drm/amd/display: memory leak
  drm/amdgpu: fix multiple memory leaks in acp_hw_init
  drm/amdgpu: return tcc_disabled_mask to userspace
  drm/amdgpu: don't increment vram lost if we are in hibernation
  Revert "drm/amdgpu: disable stutter mode for renoir"
  drm/amd/powerplay: add sensor lock support for smu
  drm/amd/powerplay: change metrics update period from 1ms to 100ms
  drm/amdgpu: revert "disable bulk moves for now"
  drm/tilcdc: include linux/pinctrl/consumer.h again
  drm/komeda: prevent memory leak in komeda_wb_connector_add
  drm: Clear the fence pointer when writeback job signaled
  ...
2019-10-04 10:12:37 -07:00
Linus Torvalds c4bd70e8c9 for-linus-2019-10-03
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAl2WrkYQHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgpjf1D/9wy2L/yAXA/KLQkwDZ2kn3tMtzMrsv6bOJ
 4UTdlLWKH2ihGg69iAE5f19iQSeNmqqXxBz0VvIBpFR7TqcRbGe0d9iVtoOsDhpZ
 c1OvQ2Ey35Xx1T2w6uMh0llgeWY2J/gJkY64unUxwUBUZwNOPA8ZjxqeXcMQmyAt
 sYmXpNLCT/f4YTYOYDgzoh5960TsCB/H+m/bLEVRvr0MaonvlaBUKRcysQikDFCQ
 yobzDmlSJqGKqlFJ2fnRVSkJC0BmBE5p8Ric9HHiUOT8BO31079IHUGbkbSh/csH
 0yPipNaYNMv+Hr0t9pgfcNbAt2weMK5HFgtpQwv8Frl4xjvBSWDS5fQesCVDjkZt
 +ROeOvQtjfeKtLy5PCu6BJwYpu8iYG9eGF8zxBQ4FBHM3tghcVhqssaNbfrVOW+u
 YXYbAuLMkLwKlmJ+6WBiVIMefyF59ue3+UJGECiCrj/BrgxUyw8HcGKwpKEAZSok
 VFGDukL0Y3flnoO/gyOf0GFaD5Uovr1sx82DCz05B/XEMfkqFMJRGkbyZBarJL69
 9QrnyGpF4rwtfg+usR1PmJ+9/oY/ypSk8N9MAIkoK9e1YIexxvBiXAf0k8AxuDyC
 uPuOiQgKcqUr3aF+ivao8dQB9NiK1bJGc4pqBPPN4ZYRSjMSfBT/cms4IeUyj0K6
 sokcB1p+CQ==
 =vKVl
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-2019-10-03' of git://git.kernel.dk/linux-block

Pull block fixes from Jens Axboe:

 - Mandate timespec64 for the io_uring timeout ABI (Arnd)

 - Set of NVMe changes via Sagi:
     - controller removal race fix from Balbir
     - quirk additions from Gabriel and Jian-Hong
     - nvme-pci power state save fix from Mario
     - Add 64bit user commands (for 64bit registers) from Marta
     - nvme-rdma/nvme-tcp fixes from Max, Mark and Me
     - Minor cleanups and nits from James, Dan and John

 - Two s390 dasd fixes (Jan, Stefan)

 - Have loop change block size in DIO mode (Martijn)

 - paride pg header ifdef guard (Masahiro)

 - Two blk-mq queue scheduler tweaks, fixing an ordering issue on zoned
   devices and suboptimal performance on others (Ming)

* tag 'for-linus-2019-10-03' of git://git.kernel.dk/linux-block: (22 commits)
  block: sed-opal: fix sparse warning: convert __be64 data
  block: sed-opal: fix sparse warning: obsolete array init.
  block: pg: add header include guard
  Revert "s390/dasd: Add discard support for ESE volumes"
  s390/dasd: Fix error handling during online processing
  io_uring: use __kernel_timespec in timeout ABI
  loop: change queue block size to match when using DIO
  blk-mq: apply normal plugging for HDD
  blk-mq: honor IO scheduler for multiqueue devices
  nvme-rdma: fix possible use-after-free in connect timeout
  nvme: Move ctrl sqsize to generic space
  nvme: Add ctrl attributes for queue_count and sqsize
  nvme: allow 64-bit results in passthru commands
  nvme: Add quirk for Kingston NVME SSD running FW E8FK11.T
  nvmet-tcp: remove superflous check on request sgl
  Added QUIRKs for ADATA XPG SX8200 Pro 512GB
  nvme-rdma: Fix max_hw_sectors calculation
  nvme: fix an error code in nvme_init_subsystem()
  nvme-pci: Save PCI state before putting drive into deepest state
  nvme-tcp: fix wrong stop condition in io_work
  ...
2019-10-04 09:56:51 -07:00
Heiko Carstens 61c3134715 s390: update defconfigs
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-10-04 16:37:33 +02:00
Heiko Carstens 771c24f6da s390/pci: mark function(s) __always_inline
Always inline asm inlines with variable operands for "i" constraints,
since they won't compile if the compiler would decide to not inline
them.

Reported-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-10-04 16:37:33 +02:00
Heiko Carstens 6818b542a0 s390/mm: mark function(s) __always_inline
Always inline asm inlines with variable operands for "i" constraints,
since they won't compile if the compiler would decide to not inline
them.

Reported-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-10-04 16:37:33 +02:00
Heiko Carstens 7f032febb6 s390/jump_label: mark function(s) __always_inline
Always inline asm inlines with variable operands for "i" constraints,
since they won't compile if the compiler would decide to not inline
them.

Reported-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-10-04 16:37:33 +02:00
Heiko Carstens 44967bfb55 s390/cpu_mf: mark function(s) __always_inline
Always inline asm inlines with variable operands for "i" constraints,
since they won't compile if the compiler would decide to not inline
them.

Reported-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-10-04 16:37:33 +02:00
Heiko Carstens b4fd5a0a92 s390/atomic,bitops: mark function(s) __always_inline
Always inline asm inlines with variable operands for "i" constraints,
since they won't compile if the compiler would decide to not inline
them.

Reported-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-10-04 16:37:33 +02:00
Qian Cai 51ce02216d s390/mm: fix -Wunused-but-set-variable warnings
Convert two functions to static inline to get ride of W=1 GCC warnings
like,

mm/gup.c: In function 'gup_pte_range':
mm/gup.c:1816:16: warning: variable 'ptem' set but not used
[-Wunused-but-set-variable]
  pte_t *ptep, *ptem;
                ^~~~

mm/mmap.c: In function 'acct_stack_growth':
mm/mmap.c:2322:16: warning: variable 'new_start' set but not used
[-Wunused-but-set-variable]
  unsigned long new_start;
                ^~~~~~~~~

Signed-off-by: Qian Cai <cai@lca.pw>
Link: https://lore.kernel.org/lkml/1570138596-11913-1-git-send-email-cai@lca.pw/
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-10-04 16:37:33 +02:00
Jiri Kosina 5c8e10f832 s390: mark __cpacf_query() as __always_inline
arch/s390/kvm/kvm-s390.c calls on several places __cpacf_query() directly,
which makes it impossible to meet the "i" constraint for the asm operands
(opcode in this case).

As we are now force-enabling CONFIG_OPTIMIZE_INLINING on all
architectures, this causes a build failure on s390:

   In file included from arch/s390/kvm/kvm-s390.c:44:
   ./arch/s390/include/asm/cpacf.h: In function '__cpacf_query':
   ./arch/s390/include/asm/cpacf.h:179:2: warning: asm operand 3 probably doesn't match constraints
     179 |  asm volatile(
         |  ^~~
   ./arch/s390/include/asm/cpacf.h:179:2: error: impossible constraint in 'asm'

Mark __cpacf_query() as __always_inline in order to fix that, analogically
how we fixes __cpacf_check_opcode(), cpacf_query_func() and scpacf_query()
already.

Reported-and-tested-by: Michal Kubecek <mkubecek@suse.cz>
Fixes: d83623c5ea ("s390: mark __cpacf_check_opcode() and cpacf_query_func() as __always_inline")
Fixes: e60fb8bf68 ("s390/cpacf: mark scpacf_query() as __always_inline")
Fixes: ac7c3e4ff4 ("compiler: enable CONFIG_OPTIMIZE_INLINING forcibly")
Fixes: 9012d01166 ("compiler: allow all arches to enable CONFIG_OPTIMIZE_INLINING")
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Link: https://lore.kernel.org/lkml/nycvar.YFH.7.76.1910012203010.13160@cbobk.fhfr.pm
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2019-10-04 16:37:33 +02:00
Paolo Bonzini cf05a67b68 KVM: x86: omit "impossible" pmu MSRs from MSR list
INTEL_PMC_MAX_GENERIC is currently 32, which exceeds the 18
contiguous MSR indices reserved by Intel for event selectors.
Since some machines actually have MSRs past the reserved range,
filtering them against x86_pmu.num_counters_gp may have false
positives.  Cut the list to 18 entries to avoid this.

Reported-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Suggested-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: Jim Mattson <jamttson@google.com>
Fixes: e2ada66ec4 ("kvm: x86: Add Intel PMU MSRs to msrs_to_save[]", 2019-08-21)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-10-04 14:01:28 +02:00
Dave Airlie 07bba341c9 - Fix DP-MST crtc_mask
- Fix dsc dpp calculations
 - Fix g4x sprite scaling stride check with GTT remapping
 
 Short summary of fixes pull (less than what git shortlog provides):
 - explain anything non-fixes (e.g. cleanups) and why it's appropriate
 - highlight regressions
 - summarize pull requests contained
 This shouldn't be more than a few lines (or it indicates your fixes pull is a
 bit too big).
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJdlkvzAAoJEPpiX2QO6xPKKXgIALMMAvQGqQ1zYK852zBl74fJ
 ou4Ig0xQN25lhx0cMiefAolsT3pbo/FZ/RQmhDuVMrg2xxWx3vVm0y1kPMefs/Zs
 Hrva65elI6DaYG7mXTclPTz8sPDQ66Mn5vXpb9biSvZc9DBEORYPsmGOPHdcQ1NG
 GBie/Ct66nDja1taREFqPIu/Z6TKlGtJRcslDmChLfPq9GXYPAfFB3NpP0f1yomd
 mSEURPo8kYC2seFfV6nJoAMijnT6oBkgM1AickK1qGvvbmmFs4g/kW+jkjqrl5Sl
 oMZ8OXL5LOZ1OgVN+Uf5P2X3dB7TeUEVInWQkS5beCJIL9p3aGSwzXjUJGgu/m0=
 =j1HZ
 -----END PGP SIGNATURE-----

Merge tag 'drm-intel-fixes-2019-10-03-1' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes

- Fix DP-MST crtc_mask
- Fix dsc dpp calculations
- Fix g4x sprite scaling stride check with GTT remapping

Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Rodrigo Vivi <rodrigo.vivi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20191003193051.GA26421@intel.com
2019-10-04 16:31:06 +10:00
Dave Airlie 63c4cec742 - One include fix for tilcdc
- A clock fix for OMAP
  - A memory leak fix for Komeda
  - Some fixes for resources cleanups with writeback
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQRcEzekXsqa64kGDp7j7w1vZxhRxQUCXZWsmAAKCRDj7w1vZxhR
 xUFsAP450HCcj+9OzT6tk05zkMPSZeNwXHVSm5O7qN1W9qRFGQD+P8mWuPMfvymw
 IOB/LhHd6J/95uGflUZdxwxv/HYlswk=
 =Mq5n
 -----END PGP SIGNATURE-----

Merge tag 'drm-misc-fixes-2019-10-03' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes

 - One include fix for tilcdc
 - A clock fix for OMAP
 - A memory leak fix for Komeda
 - Some fixes for resources cleanups with writeback

Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Maxime Ripard <mripard@kernel.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20191003081031.oykms5fg4tijvdri@gilmour
2019-10-04 16:30:38 +10:00
Dave Airlie 0f83eb8888 Merge tag 'drm-fixes-5.4-2019-10-02' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
drm-fixes-5.4-2019-10-02:

amdgpu:
- Enable bulk moves
- Power metrics fixes for Navi
- Fix S4 regression
- Add query for tcc disabled mask
- Fix several leaks in error paths
- randconfig fixes
- clang fixes

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Alex Deucher <alexdeucher@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20191002204909.3519-1-alexander.deucher@amd.com
2019-10-04 16:27:51 +10:00
Paul Burton 437450cf09
MIPS: pmcs-msp71xx: Remove unused addr variable
The addr variable in prom_free_prom_memory() has been unused since
commit b3c948e2c0 ("MIPS: msp: Record prom memory"), causing a warning
& build failure due to -Werror. Remove the unused variable.

Signed-off-by: Paul Burton <paul.burton@mips.com>
Fixes: b3c948e2c0 ("MIPS: msp: Record prom memory")
Cc: Jiaxun Yang <jiaxun.yang@flygoat.com>
Cc: linux-mips@vger.kernel.org
2019-10-03 15:47:17 -07:00
Paul Burton 101c40ed26
MIPS: pmcs-msp71xx: Add missing MAX_PROM_MEM definition
Commit b3c948e2c0 ("MIPS: msp: Record prom memory") introduced use of
a MAX_PROM_MEM value but didn't define it. A bounds check in
prom_meminit() suggests its value was supposed to be 5, so define it as
such & adjust the bounds check to use the macro rather than a magic
number.

Signed-off-by: Paul Burton <paul.burton@mips.com>
Fixes: b3c948e2c0 ("MIPS: msp: Record prom memory")
Cc: Jiaxun Yang <jiaxun.yang@flygoat.com>
Cc: linux-mips@vger.kernel.org
2019-10-03 15:47:14 -07:00
Eric Sandeen cc3a7bfe62 vfs: Fix EOVERFLOW testing in put_compat_statfs64
Today, put_compat_statfs64() disallows nearly any field value over
2^32 if f_bsize is only 32 bits, but that makes no sense.
compat_statfs64 is there for the explicit purpose of providing 64-bit
fields for f_files, f_ffree, etc.  And f_bsize is always only 32 bits.

As a result, 32-bit userspace gets -EOVERFLOW for i.e.  large file
counts even with -D_FILE_OFFSET_BITS=64 set.

In reality, only f_bsize and f_frsize can legitimately overflow
(fields like f_type and f_namelen should never be large), so test
only those fields.

This bug was discussed at length some time ago, and this is the proposal
Al suggested at https://lkml.org/lkml/2018/8/6/640.  It seemed to get
dropped amid the discussion of other related changes, but this
part seems obviously correct on its own, so I've picked it up and
sent it, for expediency.

Fixes: 64d2ab32ef ("vfs: fix put_compat_statfs64() does not handle errors")
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-10-03 14:21:35 -07:00
Randy Dunlap a9eb49c964 block: sed-opal: fix sparse warning: convert __be64 data
sparse warns about incorrect type when using __be64 data.
It is not being converted to CPU-endian but it should be.

Fixes these sparse warnings:

../block/sed-opal.c:375:20: warning: incorrect type in assignment (different base types)
../block/sed-opal.c:375:20:    expected unsigned long long [usertype] align
../block/sed-opal.c:375:20:    got restricted __be64 const [usertype] alignment_granularity
../block/sed-opal.c:376:25: warning: incorrect type in assignment (different base types)
../block/sed-opal.c:376:25:    expected unsigned long long [usertype] lowest_lba
../block/sed-opal.c:376:25:    got restricted __be64 const [usertype] lowest_aligned_lba

Fixes: 455a7b238c ("block: Add Sed-opal library")
Cc: Scott Bauer <scott.bauer@intel.com>
Cc: Rafael Antognolli <rafael.antognolli@intel.com>
Cc: linux-block@vger.kernel.org
Reviewed-by: Jon Derrick <jonathan.derrick@intel.com>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2019-10-03 14:21:32 -06:00
Randy Dunlap dc30102565 block: sed-opal: fix sparse warning: obsolete array init.
Fix sparse warning: (missing '=')
../block/sed-opal.c:133:17: warning: obsolete array initializer, use C99 syntax

Fixes: ff91064ea3 ("block: sed-opal: check size of shadow mbr")
Cc: linux-block@vger.kernel.org
Cc: Jonas Rabenstein <jonas.rabenstein@studium.uni-erlangen.de>
Cc: David Kozub <zub@linux.fjfi.cvut.cz>
Reviewed-by: Scott Bauer <sbauer@plzdonthack.me>
Reviewed-by:  Revanth Rajashekar <revanth.rajashekar@intel.com>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2019-10-03 14:21:30 -06:00
Ville Syrjälä 485f682be9 Revert "drm/i915: Fix DP-MST crtc_mask"
This reverts commit 4eaceea3a0.

Several userspace clients (modesetting ddx and mutter+wayland at least)
handle encoder.possible_crtcs incorrectly. What they essentially do is
the following:

possible_crtcs = ~0;
for_each_possible_encoder(connector)
	possible_crtcs &= encoder->possible_crtcs;

Ie. they calculate the intersection of the possible_crtcs
for the connector when they really should be calculating the
union instead.

In our case each MST encoder now has just one unique bit set,
and so the intersection is always zero. The end result is that
MST connectors can't be lit up because no crtc can be found to
drive them.

I've submitted a fix for the modesetting ddx [1], and complained
on #wayland about mutter, so hopefully the situation will improve
in the future. In the meantime we have regression, and so must go
back to the old way of misconfiguring possible_crtcs in the kernel.

[1] https://gitlab.freedesktop.org/xorg/xserver/merge_requests/277

Cc: Jonas Ådahl <jadahl@gmail.com>
Cc: Stanislav Lisovskiy <stanislav.lisovskiy@intel.com>
Cc: Lionel Landwerlin <lionel.g.landwerlin@intel.com>
Cc: Dhinakaran Pandiyan <dhinakaran.pandiyan@intel.com>
Cc: Lucas De Marchi <lucas.demarchi@intel.com>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=111507
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190903154018.26357-1-ville.syrjala@linux.intel.com
Reviewed-by: José Roberto de Souza <jose.souza@intel.com>
(cherry picked from commit e838bfa8e1)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
2019-10-03 12:23:07 -07:00
Christian Brauner 78f6face5a
sched: add kernel-doc for struct clone_args
Add kernel-doc for struct clone_args for the clone3() syscall.

Link: https://lore.kernel.org/r/20191001114701.24661-3-christian.brauner@ubuntu.com
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-10-03 21:19:29 +02:00
Christian Brauner 501bd0166e
fork: add kernel-doc for clone3
Add kernel-doc for the clone3() syscall.

Link: https://lore.kernel.org/r/20191001114701.24661-2-christian.brauner@ubuntu.com
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-10-03 21:18:06 +02:00
Nathan Chancellor 341115822f
usercopy: Add parentheses around assignment in test_copy_struct_from_user
Clang warns:

lib/test_user_copy.c:96:10: warning: using the result of an assignment
as a condition without parentheses [-Wparentheses]
        if (ret |= test(umem_src == NULL, "kmalloc failed"))
            ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/test_user_copy.c:96:10: note: place parentheses around the
assignment to silence this warning
        if (ret |= test(umem_src == NULL, "kmalloc failed"))
                ^
            (                                              )
lib/test_user_copy.c:96:10: note: use '!=' to turn this compound
assignment into an inequality comparison
        if (ret |= test(umem_src == NULL, "kmalloc failed"))
                ^~
                !=

Add the parentheses as it suggests because this is intentional.

Fixes: f5a1a536fa ("lib: introduce copy_struct_from_user() helper")
Link: https://github.com/ClangBuiltLinux/linux/issues/731
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Acked-by: Aleksa Sarai <cyphar@cyphar.com>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Link: https://lore.kernel.org/r/20191003171121.2723619-1-natechancellor@gmail.com
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-10-03 21:13:27 +02:00
Eric Dumazet 3afb096188 tcp: fix slab-out-of-bounds in tcp_zerocopy_receive()
Apparently a refactoring patch brought a bug, that was caught
by syzbot [1]

Original code was correct, do not try to be smarter than the
compiler :/

[1]
BUG: KASAN: slab-out-of-bounds in tcp_zerocopy_receive net/ipv4/tcp.c:1807 [inline]
BUG: KASAN: slab-out-of-bounds in do_tcp_getsockopt.isra.0+0x2c6c/0x3120 net/ipv4/tcp.c:3654
Read of size 4 at addr ffff8880943cf188 by task syz-executor.2/17508

CPU: 0 PID: 17508 Comm: syz-executor.2 Not tainted 5.3.0-rc7+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 print_address_description.cold+0xd4/0x306 mm/kasan/report.c:351
 __kasan_report.cold+0x1b/0x36 mm/kasan/report.c:482
 kasan_report+0x12/0x17 mm/kasan/common.c:618
 __asan_report_load4_noabort+0x14/0x20 mm/kasan/generic_report.c:131
 tcp_zerocopy_receive net/ipv4/tcp.c:1807 [inline]
 do_tcp_getsockopt.isra.0+0x2c6c/0x3120 net/ipv4/tcp.c:3654
 tcp_getsockopt+0xbf/0xe0 net/ipv4/tcp.c:3680
 sock_common_getsockopt+0x94/0xd0 net/core/sock.c:3098
 __sys_getsockopt+0x16d/0x310 net/socket.c:2129
 __do_sys_getsockopt net/socket.c:2144 [inline]
 __se_sys_getsockopt net/socket.c:2141 [inline]
 __x64_sys_getsockopt+0xbe/0x150 net/socket.c:2141
 do_syscall_64+0xfd/0x6a0 arch/x86/entry/common.c:296

Fixes: d8e18a516f ("net: Use skb accessors in network core")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-10-03 12:05:34 -07:00
Linus Torvalds c1053cd122 kgdb patches for 5.4-rc2
This is just a single patch adding a new reviewer for kgdb. New reviewers
 will be a big help so I decided to consider this to be a fix!
 
 I'm looking forward to working more closely with Doug.
 
 Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEELzVBU1D3lWq6cKzwfOMlXTn3iKEFAl2WGIYACgkQfOMlXTn3
 iKFIjQ//aWFuGD4qtlL9Czgn2jq/EWWv1jOrdiVc8zLtawjY8yDKl0k/s12zD2OY
 cxPL3noOjGwAMAUo2H4pTDmdIkceKpGfLHENQphFuyzdGYkPWzSLOKtjXCcX9Vre
 ceCwAhmX1zA8kRpOdIqTxScdDO+qPizspMzf70A669YN3OH4xwwyDgPperciutd5
 GUW3rjqoKby360Se+ZnSCJ9Srm0B8oeccvGurx3IYTmYefP/oaBaWFlo6vLaiAek
 O776OcQ5YU0mSWDzQ8wrMNUyP4MwMYdeDxWScsCcJN7gNOZGZRQljLeYrr/rJACL
 T5eBY8yRUqNoKYRmrf6TO20Bzx3+qD3GgNenl536k/SO5diItTXGRHDVJy56vIxm
 s6yEGaIckMQhchbFGNMcdkimc9gTH6d+vt5/vA7q2fmHibu1qqasNVX6YVOaHzU7
 xfPUUYIZ6vz4hCh70kDXRLmGKSyNe9nnuCPQNkFHc98EJ8+mIu9UwsW3+pMFYPdM
 u33nOyRp3RMeLVVSMPPtPeXZ1/F85mog9fNt3xBl0ylg54guPDjXdvDvDqX0SOPO
 ZYKqe/fLb0ZpOUb4s1uwQ7KkWXOR+fyMwebXPHxfiU3p4UxsFN5p3LvYLR0bwI4f
 hXOGgx0Gs4OUhu74uN/6Ph8zT636NnGtwsweiaIgrSPaShXOFoc=
 =cYqi
 -----END PGP SIGNATURE-----

Merge tag 'kgdb-5.4-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/danielt/linux

Pull kgdb update from Daniel Thompson:
 "This is just a single patch adding a new reviewer for kgdb. New
  reviewers will be a big help so I decided to consider this to be a
  fix!

  I'm looking forward to working more closely with Doug"

* tag 'kgdb-5.4-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/danielt/linux:
  MAINTAINERS: kgdb: Add myself as a reviewer for kgdb/kdb
2019-10-03 11:17:57 -07:00
Olof Johansson bcec1221c9 Fixes for omaps for v5.4-rc cycle
Here are fixes for omaps to deal with few regressions, and to fix
 more boot time errors and warnings:
 
 - The recent ti-sysc interconnect target module driver changes had
   incorrect clock bits for both clocks and dts that cause warnings
 
 - For omap3-gta04, gpio changes caused the LCD to break a while back,
   and after discussing things the right fix is to set spi-cs-high
 
 - Recent omapdrm changes to use generic panels caused tfp410 to be
   disabled as we now must enable the generic support for it in
   defconfig
 
 - Recent omapdrm and backlight changes also finally made droid4 LCD
   to work, so let's enable it in the defconfig it can be used out
   of the box. This is not strictly a fix, but we still also have the
   older CONFIG_MFD_TI_LMU options available so this cuts down the
   confusion for trying to guess which display and which backlight
   is needed
 
 - Recent ti-sysc interconnect target module changes need the gpio
   module disabled on some boards, but this now needs to happen at
   the module level, not at the gpio driver level
 
 - Recent changes to probe system timers with ti-sysc caused warnings
   about mismatch in syconfig registers, so let's configure the option
   for RESET_STATUS as available in the TRMs
 
 - Recent changes to probe LCDC with ti-sysc caused warnings about
   mismatch in sysconfig registers, so let's configure the missing
   idlemodes for both platform data and dts as documented in TRMs
 
 - Since we moved mach-omap2 to probe with device tree, we've been
   getting voltage controller warnings. Turns out this code is no
   longer needed, so let's just remove omap2_set_init_voltage() to
   get rid of the pointless warnings
 
 - Configure am4372 dispc memory bandwidth to avoid underflow errors
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEEkgNvrZJU/QSQYIcQG9Q+yVyrpXMFAl2U6fcRHHRvbnlAYXRv
 bWlkZS5jb20ACgkQG9Q+yVyrpXMu5RAAi9bqFTwKU3YiA4o0yDufGtx63fMziCD4
 pMct5DMqyIfkCbU6KIp/pC3g3x35zl7WjoAbyB9Q8o33g/9mnQUSSTkB1TID/fZ0
 +d7epXsGPRWymP2B13xOH/yRJv8dDeVWVHLBJdatuaAJ0mygpf4a4ChkXYKp+nhl
 oShxeRiOYYCrhowklmjvzV0atz17QSNc42GvAUpL3aicU9XmeYn7JLcxZ+3dBXuz
 5IRbM/kt66i0owT6Oymf2lvf+UXELLXL/bXINPbPyYrXw94WuIk1z3i3gtQLsRk+
 CyoYczBsgSWZRoFJB03324HY+KhGNHbC6kjfqoWk5UrbbX13L1+tSnKSlFRcZddx
 64HPZISsgPOlx+i4TlTw/7YMq6FbLB8Z9gp+J1hxycynjYrfVQNCJADMlQDqA1DS
 gncdaz0O1RVcQULndFu7EYyLvybUjFmr0Q1wrW7mOFbIQn7KVTNYJ9GUJjWwmYcI
 N9yw6H7FjNad0TA+5prXKvQj+iP6budedW9Ke3mvyhkePMKwvORX5I6aVKjL0vKo
 gjUKuZC2x75GxgiUwYIJwDOEQGkBySFtf7RGFBjJ7l73/r4kDH6X/kG5AQDB0l3e
 sTSgMTM8KbkNWdQsvATSEN0Tf4Z7UsuhAhKLihNmkt7YXaYXEtBu0xoKPR8y6Xbd
 ZkiGMxkpLUY=
 =SkMF
 -----END PGP SIGNATURE-----

Merge tag 'omap-for-v5.4/fixes-rc1-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into arm/fixes

Fixes for omaps for v5.4-rc cycle

Here are fixes for omaps to deal with few regressions, and to fix
more boot time errors and warnings:

- The recent ti-sysc interconnect target module driver changes had
  incorrect clock bits for both clocks and dts that cause warnings

- For omap3-gta04, gpio changes caused the LCD to break a while back,
  and after discussing things the right fix is to set spi-cs-high

- Recent omapdrm changes to use generic panels caused tfp410 to be
  disabled as we now must enable the generic support for it in
  defconfig

- Recent omapdrm and backlight changes also finally made droid4 LCD
  to work, so let's enable it in the defconfig it can be used out
  of the box. This is not strictly a fix, but we still also have the
  older CONFIG_MFD_TI_LMU options available so this cuts down the
  confusion for trying to guess which display and which backlight
  is needed

- Recent ti-sysc interconnect target module changes need the gpio
  module disabled on some boards, but this now needs to happen at
  the module level, not at the gpio driver level

- Recent changes to probe system timers with ti-sysc caused warnings
  about mismatch in syconfig registers, so let's configure the option
  for RESET_STATUS as available in the TRMs

- Recent changes to probe LCDC with ti-sysc caused warnings about
  mismatch in sysconfig registers, so let's configure the missing
  idlemodes for both platform data and dts as documented in TRMs

- Since we moved mach-omap2 to probe with device tree, we've been
  getting voltage controller warnings. Turns out this code is no
  longer needed, so let's just remove omap2_set_init_voltage() to
  get rid of the pointless warnings

- Configure am4372 dispc memory bandwidth to avoid underflow errors

* tag 'omap-for-v5.4/fixes-rc1-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
  ARM: dts: am4372: Set memory bandwidth limit for DISPC
  ARM: OMAP2+: Fix warnings with broken omap2_set_init_voltage()
  ARM: OMAP2+: Add missing LCDC midlemode for am335x
  ARM: OMAP2+: Fix missing reset done flag for am3 and am43
  ARM: dts: Fix gpio0 flags for am335x-icev2
  ARM: omap2plus_defconfig: Enable more droid4 devices as loadable modules
  ARM: omap2plus_defconfig: Enable DRM_TI_TFP410
  DTS: ARM: gta04: introduce legacy spi-cs-high to make display work again
  ARM: dts: Fix wrong clocks for dra7 mcasp
  clk: ti: dra7: Fix mcasp8 clock bits

Link: https://lore.kernel.org/r/pull-1570040410-308159@atomide.com
Signed-off-by: Olof Johansson <olof@lixom.net>
2019-10-03 09:15:19 -07:00
Randy Dunlap 2105b52e30 lib: textsearch: fix escapes in example code
This textsearch code example does not need the '\' escapes and they can
be misleading to someone reading the example. Also, gcc and sparse warn
that the "\%d" is an unknown escape sequence.

Fixes: 5968a70d7a ("textsearch: fix kernel-doc warnings and add kernel-api section")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-10-03 12:12:23 -04:00
Josh Hunt 4094871db1 udp: only do GSO if # of segs > 1
Prior to this change an application sending <= 1MSS worth of data and
enabling UDP GSO would fail if the system had SW GSO enabled, but the
same send would succeed if HW GSO offload is enabled. In addition to this
inconsistency the error in the SW GSO case does not get back to the
application if sending out of a real device so the user is unaware of this
failure.

With this change we only perform GSO if the # of segments is > 1 even
if the application has enabled segmentation. I've also updated the
relevant udpgso selftests.

Fixes: bec1f6f697 ("udp: generate gso with UDP_SEGMENT")
Signed-off-by: Josh Hunt <johunt@akamai.com>
Reviewed-by: Willem de Bruijn <willemb@google.com>
Reviewed-by: Alexander Duyck <alexander.h.duyck@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-10-03 11:47:10 -04:00
Josh Hunt 44b321e502 udp: fix gso_segs calculations
Commit dfec0ee22c ("udp: Record gso_segs when supporting UDP segmentation offload")
added gso_segs calculation, but incorrectly got sizeof() the pointer and
not the underlying data type. In addition let's fix the v6 case.

Fixes: bec1f6f697 ("udp: generate gso with UDP_SEGMENT")
Fixes: dfec0ee22c ("udp: Record gso_segs when supporting UDP segmentation offload")
Signed-off-by: Josh Hunt <johunt@akamai.com>
Reviewed-by: Alexander Duyck <alexander.h.duyck@linux.intel.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-10-03 11:47:10 -04:00
Douglas Anderson 086bf301f5 MAINTAINERS: kgdb: Add myself as a reviewer for kgdb/kdb
I'm interested in kdb / kgdb and have sent various fixes over the
years.  I'd like to get CCed on patches so I can be aware of them and
also help review.

Signed-off-by: Douglas Anderson <dianders@chromium.org>
Acked-by: Daniel Thompson <daniel.thompson@linaro.org>
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
2019-10-03 16:42:10 +01:00
Eric Dumazet 6af1799aaf ipv6: drop incoming packets having a v4mapped source address
This began with a syzbot report. syzkaller was injecting
IPv6 TCP SYN packets having a v4mapped source address.

After an unsuccessful 4-tuple lookup, TCP creates a request
socket (SYN_RECV) and calls reqsk_queue_hash_req()

reqsk_queue_hash_req() calls sk_ehashfn(sk)

At this point we have AF_INET6 sockets, and the heuristic
used by sk_ehashfn() to either hash the IPv4 or IPv6 addresses
is to use ipv6_addr_v4mapped(&sk->sk_v6_daddr)

For the particular spoofed packet, we end up hashing V4 addresses
which were not initialized by the TCP IPv6 stack, so KMSAN fired
a warning.

I first fixed sk_ehashfn() to test both source and destination addresses,
but then faced various problems, including user-space programs
like packetdrill that had similar assumptions.

Instead of trying to fix the whole ecosystem, it is better
to admit that we have a dual stack behavior, and that we
can not build linux kernels without V4 stack anyway.

The dual stack API automatically forces the traffic to be IPv4
if v4mapped addresses are used at bind() or connect(), so it makes
no sense to allow IPv6 traffic to use the same v4mapped class.

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Florian Westphal <fw@strlen.de>
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-10-03 11:40:21 -04:00
Sean Christopherson 567926cca9 KVM: nVMX: Fix consistency check on injected exception error code
Current versions of Intel's SDM incorrectly state that "bits 31:15 of
the VM-Entry exception error-code field" must be zero.  In reality, bits
31:16 must be zero, i.e. error codes are 16-bit values.

The bogus error code check manifests as an unexpected VM-Entry failure
due to an invalid code field (error number 7) in L1, e.g. when injecting
a #GP with error_code=0x9f00.

Nadav previously reported the bug[*], both to KVM and Intel, and fixed
the associated kvm-unit-test.

[*] https://patchwork.kernel.org/patch/11124749/

Reported-by: Nadav Amit <namit@vmware.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-10-03 12:32:44 +02:00