Commit Graph

888071 Commits

Author SHA1 Message Date
Yang Shi e0153fc2c7 mm: move_pages: return valid node id in status if the page is already on the target node
Felix Abecassis reports move_pages() would return random status if the
pages are already on the target node by the below test program:

  int main(void)
  {
	const long node_id = 1;
	const long page_size = sysconf(_SC_PAGESIZE);
	const int64_t num_pages = 8;

	unsigned long nodemask =  1 << node_id;
	long ret = set_mempolicy(MPOL_BIND, &nodemask, sizeof(nodemask));
	if (ret < 0)
		return (EXIT_FAILURE);

	void **pages = malloc(sizeof(void*) * num_pages);
	for (int i = 0; i < num_pages; ++i) {
		pages[i] = mmap(NULL, page_size, PROT_WRITE | PROT_READ,
				MAP_PRIVATE | MAP_POPULATE | MAP_ANONYMOUS,
				-1, 0);
		if (pages[i] == MAP_FAILED)
			return (EXIT_FAILURE);
	}

	ret = set_mempolicy(MPOL_DEFAULT, NULL, 0);
	if (ret < 0)
		return (EXIT_FAILURE);

	int *nodes = malloc(sizeof(int) * num_pages);
	int *status = malloc(sizeof(int) * num_pages);
	for (int i = 0; i < num_pages; ++i) {
		nodes[i] = node_id;
		status[i] = 0xd0; /* simulate garbage values */
	}

	ret = move_pages(0, num_pages, pages, nodes, status, MPOL_MF_MOVE);
	printf("move_pages: %ld\n", ret);
	for (int i = 0; i < num_pages; ++i)
		printf("status[%d] = %d\n", i, status[i]);
  }

Then running the program would return nonsense status values:

  $ ./move_pages_bug
  move_pages: 0
  status[0] = 208
  status[1] = 208
  status[2] = 208
  status[3] = 208
  status[4] = 208
  status[5] = 208
  status[6] = 208
  status[7] = 208

This is because the status is not set if the page is already on the
target node, but move_pages() should return valid status as long as it
succeeds.  The valid status may be errno or node id.

We can't simply initialize status array to zero since the pages may be
not on node 0.  Fix it by updating status with node id which the page is
already on.

Link: http://lkml.kernel.org/r/1575584353-125392-1-git-send-email-yang.shi@linux.alibaba.com
Fixes: a49bd4d716 ("mm, numa: rework do_pages_move")
Signed-off-by: Yang Shi <yang.shi@linux.alibaba.com>
Reported-by: Felix Abecassis <fabecassis@nvidia.com>
Tested-by: Felix Abecassis <fabecassis@nvidia.com>
Suggested-by: Michal Hocko <mhocko@suse.com>
Reviewed-by: John Hubbard <jhubbard@nvidia.com>
Acked-by: Christoph Lameter <cl@linux.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Reviewed-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Mel Gorman <mgorman@techsingularity.net>
Cc: <stable@vger.kernel.org>	[4.17+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-01-04 13:55:09 -08:00
Shakeel Butt 84029fd04c memcg: account security cred as well to kmemcg
The cred_jar kmem_cache is already memcg accounted in the current kernel
but cred->security is not.  Account cred->security to kmemcg.

Recently we saw high root slab usage on our production and on further
inspection, we found a buggy application leaking processes.  Though that
buggy application was contained within its memcg but we observe much
more system memory overhead, couple of GiBs, during that period.  This
overhead can adversely impact the isolation on the system.

One source of high overhead we found was cred->security objects, which
have a lifetime of at least the life of the process which allocated
them.

Link: http://lkml.kernel.org/r/20191205223721.40034-1-shakeelb@google.com
Signed-off-by: Shakeel Butt <shakeelb@google.com>
Acked-by: Chris Down <chris@chrisdown.name>
Reviewed-by: Roman Gushchin <guro@fb.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-01-04 13:55:09 -08:00
Andrey Konovalov a69b83e1ae kcov: fix struct layout for kcov_remote_arg
Make the layout of kcov_remote_arg the same for 32-bit and 64-bit code.
This makes it more convenient to write userspace apps that can be
compiled into 32-bit or 64-bit binaries and still work with the same
64-bit kernel.

Also use proper __u32 types in uapi headers instead of unsigned ints.

Link: http://lkml.kernel.org/r/9e91020876029cfefc9211ff747685eba9536426.1575638983.git.andreyknvl@google.com
Fixes: eec028c938 ("kcov: remote coverage support")
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Acked-by: Marco Elver <elver@google.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: Felipe Balbi <balbi@kernel.org>
Cc: Chunfeng Yun <chunfeng.yun@mediatek.com>
Cc: "Jacky . Cao @ sony . com" <Jacky.Cao@sony.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Marco Elver <elver@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-01-04 13:55:09 -08:00
Chanho Min ac8f05da51 mm/zsmalloc.c: fix the migrated zspage statistics.
When zspage is migrated to the other zone, the zone page state should be
updated as well, otherwise the NR_ZSPAGE for each zone shows wrong
counts including proc/zoneinfo in practice.

Link: http://lkml.kernel.org/r/1575434841-48009-1-git-send-email-chanho.min@lge.com
Fixes: 91537fee00 ("mm: add NR_ZSMALLOC to vmstat")
Signed-off-by: Chanho Min <chanho.min@lge.com>
Signed-off-by: Jinsuk Choi <jjinsuk.choi@lge.com>
Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Acked-by: Minchan Kim <minchan@kernel.org>
Cc: <stable@vger.kernel.org>        [4.9+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-01-04 13:55:09 -08:00
David Hildenbrand feee6b2989 mm/memory_hotplug: shrink zones when offlining memory
We currently try to shrink a single zone when removing memory.  We use
the zone of the first page of the memory we are removing.  If that
memmap was never initialized (e.g., memory was never onlined), we will
read garbage and can trigger kernel BUGs (due to a stale pointer):

    BUG: unable to handle page fault for address: 000000000000353d
    #PF: supervisor write access in kernel mode
    #PF: error_code(0x0002) - not-present page
    PGD 0 P4D 0
    Oops: 0002 [#1] SMP PTI
    CPU: 1 PID: 7 Comm: kworker/u8:0 Not tainted 5.3.0-rc5-next-20190820+ #317
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.4
    Workqueue: kacpi_hotplug acpi_hotplug_work_fn
    RIP: 0010:clear_zone_contiguous+0x5/0x10
    Code: 48 89 c6 48 89 c3 e8 2a fe ff ff 48 85 c0 75 cf 5b 5d c3 c6 85 fd 05 00 00 01 5b 5d c3 0f 1f 840
    RSP: 0018:ffffad2400043c98 EFLAGS: 00010246
    RAX: 0000000000000000 RBX: 0000000200000000 RCX: 0000000000000000
    RDX: 0000000000200000 RSI: 0000000000140000 RDI: 0000000000002f40
    RBP: 0000000140000000 R08: 0000000000000000 R09: 0000000000000001
    R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000140000
    R13: 0000000000140000 R14: 0000000000002f40 R15: ffff9e3e7aff3680
    FS:  0000000000000000(0000) GS:ffff9e3e7bb00000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 000000000000353d CR3: 0000000058610000 CR4: 00000000000006e0
    DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
    Call Trace:
     __remove_pages+0x4b/0x640
     arch_remove_memory+0x63/0x8d
     try_remove_memory+0xdb/0x130
     __remove_memory+0xa/0x11
     acpi_memory_device_remove+0x70/0x100
     acpi_bus_trim+0x55/0x90
     acpi_device_hotplug+0x227/0x3a0
     acpi_hotplug_work_fn+0x1a/0x30
     process_one_work+0x221/0x550
     worker_thread+0x50/0x3b0
     kthread+0x105/0x140
     ret_from_fork+0x3a/0x50
    Modules linked in:
    CR2: 000000000000353d

Instead, shrink the zones when offlining memory or when onlining failed.
Introduce and use remove_pfn_range_from_zone(() for that.  We now
properly shrink the zones, even if we have DIMMs whereby

 - Some memory blocks fall into no zone (never onlined)

 - Some memory blocks fall into multiple zones (offlined+re-onlined)

 - Multiple memory blocks that fall into different zones

Drop the zone parameter (with a potential dubious value) from
__remove_pages() and __remove_section().

Link: http://lkml.kernel.org/r/20191006085646.5768-6-david@redhat.com
Fixes: f1dd2cd13c ("mm, memory_hotplug: do not associate hotadded memory to zones until online")	[visible after d0dc12e86b]
Signed-off-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Oscar Salvador <osalvador@suse.de>
Cc: Michal Hocko <mhocko@suse.com>
Cc: "Matthew Wilcox (Oracle)" <willy@infradead.org>
Cc: "Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>
Cc: Pavel Tatashin <pasha.tatashin@soleen.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Logan Gunthorpe <logang@deltatee.com>
Cc: <stable@vger.kernel.org>	[5.0+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-01-04 13:55:08 -08:00
Linus Torvalds 5613970af3 dmaengine fixes for v5.5-rc5
Bunch of fixes for:
  - uninitialized dma_slave_caps access
  - virt-dma use after free in vchan_complete()
  - driver fixes for ioat, k3dma and jz4780
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+vs47OPLdNbVcHzyfBQHDyUjg0cFAl4Qy3oACgkQfBQHDyUj
 g0eh9g//YtG2TGE8+FpMc55Rd8WKuvsVAAR5shuQmt4iHxymiA6/AvLv7r91nHKa
 CucL6Qs0ZLFH65vfUEf5qnW0veOFqv097HqoUdkR5rhH/E8hH+Id+PhvKfqdlgSw
 oHwnf7HK4Hq1Laq97OFe+FLhbjaA+yjVYfJem/c/EAfCiYSMICkZAxa2JIJlPkmR
 DdH+ZruJPEteJR1IV0AnSfx5xxVJFGGNAGSPdmmmP+gTY1mBEdUe18FpZjL+1UiQ
 okC7AYhB12FFSKfDJp3boN2ygmCeqTZErju2Vtb8KV5AasvsZsl9zxALhJkTu6Sl
 5QX124J1n+m2DCqJwpY+eVRzqIlEGtjw8qYfn2nb5WaKFJ2DkayTYMPVr6sCWjfq
 ud0GOZNUL2dX7l8H1SSEVPXhRC9gaNcRDK5iwu+a9rVxf3Q0p6p+/A5YLoG52Lwu
 rAzpYCMjCxU2DylO5/d9yxqUdrYkkbFv2wRhDQUMFdjujNq7ZkbfDLkZPMx91Kh4
 Iv0lx/QWd7fwtH1CYxz8GiMf3dsOVOlPOuNREUKm2aGMIgjHzNb/PnwZkpRhcbU6
 goyCnNuJlz6cKnxlW9bh386LHyKrxttg2SmZLGpgxjdhNI8V5H//jGphHtgzX+yb
 VVfvHKt6UyioXfOKH8p/a1EHSaUDWOft3ncCfbTipKhr4FpwgWo=
 =eXEU
 -----END PGP SIGNATURE-----

Merge tag 'dmaengine-fix-5.5-rc5' of git://git.infradead.org/users/vkoul/slave-dma

Pull dmaengine fixes from Vinod Koul:
 "A bunch of fixes for:

   - uninitialized dma_slave_caps access

   - virt-dma use after free in vchan_complete()

   - driver fixes for ioat, k3dma and jz4780"

* tag 'dmaengine-fix-5.5-rc5' of git://git.infradead.org/users/vkoul/slave-dma:
  ioat: ioat_alloc_ring() failure handling.
  dmaengine: virt-dma: Fix access after free in vchan_complete()
  dmaengine: k3dma: Avoid null pointer traversal
  dmaengine: dma-jz4780: Also break descriptor chains on JZ4725B
  dmaengine: Fix access to uninitialized dma_slave_caps
2020-01-04 10:49:15 -08:00
Linus Torvalds 50978df311 media updates for v5.5-rc5
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+QmuaPwR3wnBdVwACF8+vY7k4RUFAl4QQpUACgkQCF8+vY7k
 4RVKqw/+IAbmIFcJewYCw31axnjDLAxqzIP0+44zg9nSiUKz/1vpl0cmV1HUbUBP
 hVUuhHMVPyyJjrepJiZXukFTgnLtyd3GsGlB9zEekXfvJPKMbewA6PW554NpIqWb
 Y2baBfpwG608ea2CBxdYjd0WCLc+sawJN9rBu3CntqZpKuJafQ5Ya4jmIMg/9Pav
 hiDJUs4Xg0M0VIf7A5VxWCfL+ztU1ZSWJe8vnG0ieW0EaGwt4FFzABLYlfzYSOq/
 V6l+ZjBejsVYtX3/+nvob05l+7gQMo2u/DH5VFu8kF5xDyfCN5JaBx4+jmVuBVNx
 vBFeHUOQTb38Dow4Q7NpoISV5BkslxgVCCn2wVO+Kn+Z/VBSnMs0TdQDnSNBjatC
 ityTsouMltb+mbvwokkhY2uKb7wYzpcTs/3e838zQ9ACurrqNBnTGKA6gpcD1cQs
 7XK7LX2ykbns0V1aimwMXQVuCckh296uljtwGtPsI32U9TaSCDR6YiTKeqAhHIMr
 6rbfyjT3NjGm/B/9aubjYWUDPLPFIVasz3OosYckxpY4yaU45KswHsxaOyuQDzmF
 dMN+4PeEV4mIoBrcPf0kp66ZYUD7cupgC1BM3tx197rXPJEQeJ4s6/Ac1WlXhGkh
 X3/31dxSg6aSRRcFtrT7ZJ/fv/zzKah5qnni1dv0dGlYZhU8G5s=
 =kakx
 -----END PGP SIGNATURE-----

Merge tag 'media/v5.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media

Pull media fixes from Mauro Carvalho Chehab:

 - some fixes at CEC core to comply with HDMI 2.0 specs and fix some
   border cases

 - a fix at the transmission logic of the pulse8-cec driver

 - one alignment fix on a data struct at ipu3 when built with 32 bits

* tag 'media/v5.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media:
  media: intel-ipu3: Align struct ipu3_uapi_awb_fr_config_s to 32 bytes
  media: pulse8-cec: fix lost cec_transmit_attempt_done() call
  media: cec: check 'transmit_in_progress', not 'transmitting'
  media: cec: avoid decrementing transmit_queue_sz if it is 0
  media: cec: CEC 2.0-only bcast messages were ignored
2020-01-04 10:41:08 -08:00
Linus Torvalds 3a562aee72 for-5.5-rc4-tag
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE8rQSAMVO+zA4DBdWxWXV+ddtWDsFAl4PenMACgkQxWXV+ddt
 WDtsyg/6A86Da1zpLQKHiQtfhH629oeL/lFI0Cz+52xcgKSAUX8pHrWzKawSVpTT
 OTgksskHREPDjyDQytxAUKJnuplFEF7sCFNhzhsjQ7cvhC0lLDmW0VQr1Wob1/c4
 miW18YXN2DrYFQqdCeypvq1FItglxuBmsa9eITYzytRZcATY+3b506FhT/d8NIiH
 f3nnChUiNuyfAiez1SC4FavDpVma1O6SpPMk29wUN/+/Dnd4aBrfvhuygy7xyIOK
 rzotRR5xagQDpei+99lT2hys4Pv0yEOajoGmgbgpaZNP0vgQcBLaF5UTeMv/Ib2j
 i+muu1rWi4R6lS3hh30kRSifKmPF7I9JB1dbd5gPfZiERlDQk+qZWrPFv9l0lf7M
 R3jn04EaPVNr0dtftRFF2VvpIlUQYgIvwZHx4Td6Oy9XO0X4n5vlKxYg9aHmybJ2
 Vni13ad2oWNLo2Dd1eUYrEJ/QwGc1pq7JU9HiOST7yEJv1FN++AF4qTYTyvc7Yl4
 HrN349/2k2J9vU88BIlXIxYG73AL9lIpGF2ROiEw+xn4oOevDP/5HCP8ZvELoNVM
 NqhJGoURu+AhZ7Rm3RYAYySShjQPF+qw/Dnz8sowQsEFUQ990E1wUxWZwTOP6+JQ
 cdwzYiXYIExTghfQdUDdwNlpCXUbSuJxFOGjKmhBuzA7HHwGf1Q=
 =jGvW
 -----END PGP SIGNATURE-----

Merge tag 'for-5.5-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux

Pull btrfs fixes from David Sterba:
 "A few fixes for btrfs:

   - blkcg accounting problem with compression that could stall writes

   - setting up blkcg bio for compression crashes due to NULL bdev
     pointer

   - fix possible infinite loop in writeback for nocow files (here
     possible means almost impossible, 13 things that need to happen to
     trigger it)"

* tag 'for-5.5-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
  Btrfs: fix infinite loop during nocow writeback due to race
  btrfs: fix compressed write bio blkcg attribution
  btrfs: punt all bios created in btrfs_submit_compressed_write()
2020-01-03 12:20:21 -08:00
Linus Torvalds b6b4aafc99 block-5.5-20200103
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAl4PauoQHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgpkqMD/4zcRGP8LhkVG3I8QMqmhhJNyZb5WP5O/mV
 ekWYYzxaPhn/WQjM17Y6MBuvPTqUk1R/FiZdjW+OPUOrXUPsasSSKmLvcpiHIRHY
 YTMhzNNRpainakM7q+BwhfeNm/T3d0JXMfN8oufIfrdFHy7+bcZupctv0aQgnLdz
 Z8f40nR8t/uYfRrMzCjEM9mY2P9qelwP3ylnloS2XC0r+O/j/tBZEtnormhFwnfa
 NGx732WyHBK4Qt9bRK8FzmuUmUmhxU+MWHcR5erCCzeFEY4DnzzthFuKGvZ3Ai0f
 qWMjYJBrWHvNJL6M4Dm3zE/tVWIFg3//zo7buuZD29Ms3GoqGj88mbrS/BFKNp1+
 U5cShEMqd/7y5RUB0nOzRnfGVVHz/2WRRKvhc0/cFHulJb0q28u5pHhmlrduvxr/
 VogoSiimo7qLVGiBeXgfubuyB3nvzGvDICgiqt3rIVgpgMytoiBz53HgnNLB8QtO
 CtYDJOm8sCTtnkEPshij9Ly0dfIYUVKz7QIx65qSfcv+vxag/WmWuG5woRtqtB6N
 AoFqf8PpHXHtVrokbqAG4j4R7QrLSrYSTh/vDa6muTaiu7fe5Gb2gXKWPbIGU5n+
 b+2oKqlpVN1ZqOvhUv/PXW0U/nMx2j5Untank1ebHd+416nfNqM5lN6jsfZ3HnaR
 tpST+JtLDg==
 =ll2G
 -----END PGP SIGNATURE-----

Merge tag 'block-5.5-20200103' of git://git.kernel.dk/linux-block

Pull block fixes from Jens Axboe:
 "Three fixes in here:

   - Fix for a missing split on default memory boundary mask (4G) (Ming)

   - Fix for multi-page read bio truncate (Ming)

   - Fix for null_blk zone close request handling (Damien)"

* tag 'block-5.5-20200103' of git://git.kernel.dk/linux-block:
  null_blk: Fix REQ_OP_ZONE_CLOSE handling
  block: fix splitting segments on boundary masks
  block: add bio_truncate to fix guard_bio_eod
2020-01-03 12:11:30 -08:00
Linus Torvalds bed723519a Kbuild fixes for v5.5 (2nd)
- fix build error in usr/gen_initramfs_list.sh
 
  - fix libelf-dev dependency in deb-pkg build
 -----BEGIN PGP SIGNATURE-----
 
 iQJJBAABCgAzFiEEbmPs18K1szRHjPqEPYsBB53g2wYFAl4PWEoVHG1hc2FoaXJv
 eUBrZXJuZWwub3JnAAoJED2LAQed4NsG78kP/RbG7Xw+sv5Xw0vTdRwaYt+tdLIW
 JlP4jkieuOUH3cJhhGfUNL6aftAU2BBQBAriPuvVgv78NdVQK39X9xP51LYY36Qy
 Xtpp26QiJNxav5UTTZvqsCkYgWgKq8EpS7AMG25YQHI27SsykT9AX19ui1kq1nFT
 e+2Wotss0ToafUyycnmEGnmC6Wfd34/ORt7e469WDks8/ci0/Bh8p5wPuRylRhZG
 WXHGcbjG9UcYBgYjR+Mrn817N/+NDWCub8Bnt6EeugMBLz8qDqPS5HCkg7JEihhw
 qgq/IK4npntVtuPDfYeVZq6DNcu7EAKMttPn5cKs1+hPbiHEZQmcx0G3L5eeG6oP
 1Zj/spjApAssO6Qo4shgZ2VKm8OfpNShU2nTezcRlqGOgGW2vHl8ECHoHVIpHRwc
 oVJHAL59HyovkgxTCW75x0Ql6kbIUfWeGTjgjqchw5vTH294pSe4WJwCDJkUGb8+
 2dKS73l3k1fBbg2YtHsrnSUqMsoNDQDAU4njgkCm4bvK7KODmLdAIG3Luef448ED
 C33EgvND6OjoxBXOFXBv0byXQZuK145NfEobLunBrz6plQS+MteWbYRSf4UoTahA
 bFg1iyt11IT9nsphz98k0CxbOo8AoG9WUlxVl9uY5tZCd8OeaT5uPfKWFhf3Sja3
 hDbcKN5Prox98OgP
 =pDjb
 -----END PGP SIGNATURE-----

Merge tag 'kbuild-fixes-v5.5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild

Pull Kbuild fixes from Masahiro Yamada:

 - fix build error in usr/gen_initramfs_list.sh

 - fix libelf-dev dependency in deb-pkg build

* tag 'kbuild-fixes-v5.5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
  kbuild/deb-pkg: annotate libelf-dev dependency as :native
  gen_initramfs_list.sh: fix 'bad variable name' error
2020-01-03 11:21:25 -08:00
Linus Torvalds d9c82fd8c8 for-linus-2020-01-03
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQRAhzRXHqcMeLMyaSiRxhvAZXjcogUCXg9C5wAKCRCRxhvAZXjc
 oiZXAPsGFXyDCWlKnShBpKufdFh6XugADlyZK0Si2ISWQoJJsgD/Ri1g3zg6V7YC
 HBG0sz8+vSk/Ys55yDQz+K1d1MTkdQ4=
 =8uQe
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-2020-01-03' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux

Pull thread fixes from Christian Brauner:
 "Here are two fixes:

   - Panic earlier when global init exits to generate useable coredumps.

     Currently, when global init and all threads in its thread-group
     have exited we panic via:

       do_exit()
       -> exit_notify()
          -> forget_original_parent()
             -> find_child_reaper()

     This makes it hard to extract a useable coredump for global init
     from a kernel crashdump because by the time we panic exit_mm() will
     have already released global init's mm. We now panic slightly
     earlier. This has been a problem in certain environments such as
     Android.

   - Fix a race in assigning and reading taskstats for thread-groups
     with more than one thread.

     This patch has been waiting for quite a while since people
     disagreed on what the correct fix was at first"

* tag 'for-linus-2020-01-03' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux:
  exit: panic before exit_mm() on global init exit
  taskstats: fix data-race
2020-01-03 11:17:14 -08:00
Linus Torvalds 6f2e9c3d28 powerpc fixes for 5.5 #5
One commit to fix a build error when CONFIG_JUMP_LABEL=n, introduced by our
 recent fix to is_shared_processor().
 
 A commit marking some SLB related functions as notrace, as tracing them triggers
 warnings.
 
 Thanks to:
   Jason A. Donenfeld.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEJFGtCPCthwEv2Y/bUevqPMjhpYAFAl4PHRATHG1wZUBlbGxl
 cm1hbi5pZC5hdQAKCRBR6+o8yOGlgHUfD/wKW4+HM8sYSLsjsAz/1Sr5vuYl0lcu
 LLaFAv3OuukYIguHcY91K5YuISYsRfVY26OuhS99mEuP0/dhPSnGh5UGD0P1iWSg
 u0VQRUQZPuslaY9OD6TXeRbD16F4oEsV9xmQ5lmUDnwuVvRtfMzCW77ldWEaJxgO
 0hfsaxDIqzACSWS9bLYldMIfL3c8X1IXvqJrFDGvt19NDqXf5xP+Fprtr3Bg1cTS
 FybHhJwkHAPJQDLyu94FdSZKb/ITQ9ODTvPtgW7PRqLwhvqyR9CQCpkNL0pw01Dw
 9BVrnflaicwGmR/SFmDBaugCKs2JZmt6aUCcn6qU+Ehdi6/O6a5AY8MApI4WuaQ6
 oPhhFdpYKM22JInhJsKpr4FP845jGqTgsBX+dWBmClGIT1zKChQJTPydPNUk5j5I
 pjHyv7An/cpl1uOc4cr4JYdixSBOVRJnaghCBVABtdW3eRUdf763d5XXvxmxrIgm
 agIfK81mqbUgPst8vV0Oky3651iNu7DTJLTBppo19QEUoApm3nl1u3+K26+drovr
 lW6tIfFf8RdTvepnjXe6O+uahUeMG+AtSrkzToDaXmzUltoLlKyDbHfrsr24XXdZ
 LO7CaPD7Dr+jfqDcIw19KUxJXlMI8VqWQTi3L8sldK1uVmrPaYkg8gjcDweS5ZYN
 KCZwEJE+hFmmCA==
 =pI26
 -----END PGP SIGNATURE-----

Merge tag 'powerpc-5.5-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

Pull powerpc fixes from Michael Ellerman:
 "Two more powerpc fixes for 5.5:

   - One commit to fix a build error when CONFIG_JUMP_LABEL=n,
     introduced by our recent fix to is_shared_processor().

   - A commit marking some SLB related functions as notrace, as tracing
     them triggers warnings.

  Thanks to Jason A Donenfeld"

* tag 'powerpc-5.5-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  powerpc/spinlocks: Include correct header for static key
  powerpc/mm: Mark get_slice_psize() & slice_addr_is_low() as notrace
2020-01-03 11:13:50 -08:00
Linus Torvalds e35d016590 sound fixes for 5.5-rc5
Nothing to worry at this stage but all nice small changes:
 - A regression fix for AMD GPU detection in HD-audio
 - A long-standing sleep-in-atomic fix for an ice1724 device
 - Usual suspects, the device-specific quirks for HD- and USB-audio
 -----BEGIN PGP SIGNATURE-----
 
 iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAl4O9hYOHHRpd2FpQHN1
 c2UuZGUACgkQLtJE4w1nLE+x9RAAl59MhUqA+FmjNsQ+1tKHt6cfAlyvR5xnJ6vn
 95XefS1BFWhOjH6Xu4egF1QJIfah6XHAgrIHm/mjml9g2dGTGQuzSnUDB7klxnKi
 uPVfrZOTvqvNV+CaLPNr7LEFNYzuljMCRtoeWiPcn3Z3+C3qWjqpRkJw8YR7Mgzx
 J6IbUNuFKtWiQ6DoH19oSQUIZhwWDAFyl7JAE6JUQ2L5haMqE6T1w5Gw7g8BQZLC
 L7+ozmTT8g+v4yD/E2NAxZ5vzjHxA6Er9H4I5m7cAEVjXBEBwT4zVXElCk/x6Gh1
 sR7a8AfNVjPkesFpITQFc8Q/7kvMC/OpNv0nZLhEEdfv+6DkY7RQ0K+mH7oQsIQw
 3p9XJxsPtlFmcpeoCaSgUGTMHEUiE+up6RiXyITQGK00CBF9HzNRne5/UURkw/5f
 G/oOqxQITEVQJE8zTx+WQy95UnPXfwe7SFMMlpGU8Vsf4qlVKIGcQoDMA6GlKLOg
 2t/jeBLGKltcchyg+IgELymcQGvyq1OwjhCbs9UUds2PpfTJIjOsqJNvGWrQRs0q
 5ROBr/RkHD+BzA0cK0JIMABe1vuiQO1o5RoCe1KZ7r5SwgsuAYGPo934ejJuCDW2
 wJ7ezfiZu9+tFIRXyqc116QrX/vDessKKKIGp0UNm9SsboNzmZ/8I6IdSMP3JFEz
 iTHe8kI=
 =mm0Z
 -----END PGP SIGNATURE-----

Merge tag 'sound-5.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "Nothing to worry at this stage but all nice small changes:

   - A regression fix for AMD GPU detection in HD-audio

   - A long-standing sleep-in-atomic fix for an ice1724 device

   - Usual suspects, the device-specific quirks for HD- and USB-audio"

* tag 'sound-5.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: hda/realtek - Enable the bass speaker of ASUS UX431FLC
  ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code
  ALSA: hda/realtek - Add Bass Speaker and fixed dac for bass speaker
  ALSA: hda - Apply sync-write workaround to old Intel platforms, too
  ALSA: hda/hdmi - fix atpx_present when CLASS is not VGA
  ALSA: usb-audio: fix set_format altsetting sanity check
  ALSA: hda/realtek - Add headset Mic no shutup for ALC283
  ALSA: usb-audio: set the interface format after resume on Dell WD19
2020-01-03 11:10:31 -08:00
Linus Torvalds ca78fdeb00 drm fixes for 5.5-rc5
agp:
 - two unused variable removed
 
 amdgpu:
 - ATPX regression fix
 - SMU metrics table locking fixes
 - gfxoff fix for raven
 - RLC firmware loading stability fix
 
 mediatek:
 - external display fix
 - dsi timing fix
 
 sun4i:
 - Fix double-free in connector/encoder cleanup (Stefan)
 
 maildp:
 - Make vtable static (Ben)
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJeDuShAAoJEAx081l5xIa+0usQAIwwMJtgLqTjXKDqLn1h8blY
 lTmpjUX/sbMgVdKA3asoQuLEKP9ZjzQtBNAK1XodeI6u4Z/y/KJa3j6mdRr5Zz9o
 gNQgJpg66O+48mq/bXImpev3O31Avs+Ij79/eSbxwVTnQeYjORDEqw4dS+4tF6dW
 62RFuZnzPpOt9amV0a83Vjq6PutPy7z+ulpfBGc3C9F+YAEFGFRTd+u5lSS0h2wz
 FlZllBn1Joqxi2vKjymh+E9Rxzr2BEe30yx3cShXcFrRXrstkGIfTuQkkeTvmj+P
 Fohymt7D3U07p+11CA9GD2Dvbh2Zkqrj4MFLlaaNtUnJ4xz2EHb8Na6h3HJQNcTT
 xgHeQ56eMIKhQD76xC9mjJU7NHGbLjlSgmiWMD7AVEQsTpXpmPqckYPOFnRDVcuJ
 HAaHmo2KwcaG05ct1H6G4x81B9xl+kCtwzyJY9yXvndZthpUX3FuZ3p2FskkrBH2
 iDmNZLPVJ98Prz8ytvO4XvKxoFTmMUU17xZprE7gftfL031tAZYvp52rH29uDqgx
 RhprhH9O00B+Gx5KuOxro+f5kOqn0Fp/s5oSdAU8ySMGc2sngxHElfSle4AJjnaN
 78OvggBNPkrl3z8RssOkzs+AckFItVUU26horzzUy7mY6QyYz+F6HfGjlwiwzQrn
 XCc86rgW+ieYq7QXYTuq
 =H4/Q
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-2020-01-03' of git://anongit.freedesktop.org/drm/drm

Pull drm fixes from Dave Airlie:
 "New Years fixes! Mostly amdgpu with a light smattering of arm
  graphics, and two AGP warning fixes.

  Quiet as expected, hopefully we don't get a post holiday rush.

  agp:
   - two unused variable removed

  amdgpu:
   - ATPX regression fix
   - SMU metrics table locking fixes
   - gfxoff fix for raven
   - RLC firmware loading stability fix

  mediatek:
   - external display fix
   - dsi timing fix

  sun4i:
   - Fix double-free in connector/encoder cleanup (Stefan)

  maildp:
   - Make vtable static (Ben)"

* tag 'drm-fixes-2020-01-03' of git://anongit.freedesktop.org/drm/drm:
  agp: remove unused variable arqsz in agp_3_5_enable()
  agp: remove unused variable mcapndx
  drm/amdgpu: correct RLC firmwares loading sequence
  drm/amdgpu: enable gfxoff for raven1 refresh
  drm/amdgpu/smu: add metrics table lock for vega20 (v2)
  drm/amdgpu/smu: add metrics table lock for navi (v2)
  drm/amdgpu/smu: add metrics table lock for arcturus (v2)
  drm/amdgpu/smu: add metrics table lock
  Revert "drm/amdgpu: simplify ATPX detection"
  drm/arm/mali: make malidp_mw_connector_helper_funcs static
  drm/sun4i: hdmi: Remove duplicate cleanup calls
  drm/mediatek: reduce the hbp and hfp for phy timing
  drm/mediatek: Fix can't get component for external display plane.
  drm/mediatek: Check return value of mtk_drm_ddp_comp_for_plane.
2020-01-03 11:08:30 -08:00
Jan Stancek 15f0ec941f mm/hugetlbfs: fix for_each_hstate() loop in init_hugetlbfs_fs()
LTP memfd_create04 started failing for some huge page sizes
after v5.4-10135-gc3bfc5dd73c6.

The problem is the check introduced to for_each_hstate() loop that
should skip default_hstate_idx.  Since it doesn't update 'i' counter,
all subsequent huge page sizes are skipped as well.

Fixes: 8fc312b32b ("mm/hugetlbfs: fix error handling when setting up mounts")
Signed-off-by: Jan Stancek <jstancek@redhat.com>
Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-01-03 10:39:08 -08:00
Ard Biesheuvel 8ffdc54b6f kbuild/deb-pkg: annotate libelf-dev dependency as :native
Cross compiling the x86 kernel on a non-x86 build machine produces
the following error when CONFIG_UNWINDER_ORC is enabled, regardless
of whether libelf-dev is installed or not.

  dpkg-checkbuilddeps: error: Unmet build dependencies: libelf-dev
  dpkg-buildpackage: warning: build dependencies/conflicts unsatisfied; aborting
  dpkg-buildpackage: warning: (Use -d flag to override.)

Since this is a build time dependency for a build tool, we need to
depend on the native version of libelf-dev so add the appropriate
annotation.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
2020-01-04 00:00:48 +09:00
Masahiro Yamada cc976614f5 gen_initramfs_list.sh: fix 'bad variable name' error
Prior to commit 858805b336 ("kbuild: add $(BASH) to run scripts with
bash-extension"), this shell script was almost always run by bash since
bash is usually installed on the system by default.

Now, this script is run by sh, which might be a symlink to dash. On such
distributions, the following code emits an error:

  local dev=`LC_ALL=C ls -l "${location}"`

You can reproduce the build error, for example by setting
CONFIG_INITRAMFS_SOURCE="/dev".

    GEN     usr/initramfs_data.cpio.gz
  ./usr/gen_initramfs_list.sh: 131: local: 1: bad variable name
  make[1]: *** [usr/Makefile:61: usr/initramfs_data.cpio.gz] Error 2

This is because `LC_ALL=C ls -l "${location}"` contains spaces.
Surrounding it with double-quotes fixes the error.

Fixes: 858805b336 ("kbuild: add $(BASH) to run scripts with bash-extension")
Reported-by: Jory A. Pratt <anarchy@gentoo.org>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
2020-01-04 00:00:48 +09:00
Sakari Ailus ce644cf3fa media: intel-ipu3: Align struct ipu3_uapi_awb_fr_config_s to 32 bytes
A struct that needs to be aligned to 32 bytes has a size of 28. Increase
the size to 32.

This makes elements of arrays of this struct aligned to 32 as well, and
other structs where members are aligned to 32 mixing
ipu3_uapi_awb_fr_config_s as well as other types.

Fixes: commit dca5ef2aa1 ("media: staging/intel-ipu3: remove the unnecessary compiler flags")
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Tested-by: Bingbu Cao <bingbu.cao@intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
2020-01-03 15:02:59 +01:00
Zong Li 1d8f657982 riscv: ftrace: correct the condition logic in function graph tracer
The condition should be logical NOT to assign the hook address to parent
address. Because the return value 0 of function_graph_enter upon
success.

Fixes: e949b6db51 (riscv/function_graph: Simplify with function_graph_enter())
Signed-off-by: Zong Li <zong.li@sifive.com>
Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Cc: stable@vger.kernel.org
Signed-off-by: Paul Walmsley <paul.walmsley@sifive.com>
2020-01-03 00:56:37 -08:00
Yash Shah cfda8617e2 riscv: dts: Add DT support for SiFive L2 cache controller
Add the L2 cache controller DT node in SiFive FU540 soc-specific DT file

Signed-off-by: Yash Shah <yash.shah@sifive.com>
Reviewed-by: Palmer Dabbelt <palmerdabbelt@google.com>
Signed-off-by: Paul Walmsley <paul.walmsley@sifive.com>
2020-01-03 00:56:23 -08:00
Zong Li 0da310e82d riscv: gcov: enable gcov for RISC-V
This patch enables GCOV code coverage measurement on RISC-V.
Lightly tested on QEMU and Hifive Unleashed board, seems to work as
expected.

Signed-off-by: Zong Li <zong.li@sifive.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
Acked-by: Jonathan Corbet <corbet@lwn.net>
Signed-off-by: Paul Walmsley <paul.walmsley@sifive.com>
2020-01-03 00:47:02 -08:00
Zong Li ac51e005fe riscv: mm: use __pa_symbol for kernel symbols
__pa_symbol is the marcro that should be used for kernel symbols. It is
also a pre-requisite for DEBUG_VIRTUAL which will do bounds checking.

Signed-off-by: Zong Li <zong.li@sifive.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
Signed-off-by: Paul Walmsley <paul.walmsley@sifive.com>
2020-01-03 00:33:34 -08:00
Yunfeng Ye a6204fc7b8 agp: remove unused variable arqsz in agp_3_5_enable()
This patch fix the following warning:
drivers/char/agp/isoch.c: In function ‘agp_3_5_enable’:
drivers/char/agp/isoch.c:322:13: warning: variable ‘arqsz’ set but not
used [-Wunused-but-set-variable]
  u32 isoch, arqsz;
             ^~~~~

Signed-off-by: Yunfeng Ye <yeyunfeng@huawei.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2020-01-03 16:08:05 +10:00
Yunfeng Ye 2fec966f59 agp: remove unused variable mcapndx
This patch fix the following warning:
drivers/char/agp/isoch.c: In function ‘agp_3_5_isochronous_node_enable’:
drivers/char/agp/isoch.c:87:5: warning: variable ‘mcapndx’ set but not
used [-Wunused-but-set-variable]
  u8 mcapndx;
     ^~~~~~~

Signed-off-by: Yunfeng Ye <yeyunfeng@huawei.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2020-01-03 16:08:03 +10:00
Linus Torvalds 7ca4ad5ba8 sizeof_field conversion
- Remove now unused FIELD_SIZEOF() macro (Kees Cook)
 -----BEGIN PGP SIGNATURE-----
 Comment: Kees Cook <kees@outflux.net>
 
 iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAl4OZFwWHGtlZXNjb29r
 QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJggDEACoIIUge64ouJ8lQmc/UZPX/fup
 BhNckvn1DCRL05FVG8U9TSsvDHtKzZHuB4g4h04BWdVhyRdTQzQoECHUAKzOKgB/
 7qBEBt1P4qYcLAcVdLo4kRz/8o2xBm4lzofF7OTGzkEqSE5Qqk1h0RSoFsBnmeCg
 kkDf2JqWG2kmMl0A4NOxwpfgq8s72EMVbiqKrd63GYHJD7wvZrPxpUn/BYNrWSh9
 HxWT0iqngjtdE/mLwMhSr5accbVHyA5LaLmymsHT/epQxB6proNUx0UUrvCNMSiw
 V2MbpNyAxq7hdWN2qvPQw3UtCCjOEAPsmlTr5IxSp5HHhkVp1O6WAWi/hkNRAQMd
 rvxbZRpb8IxeKJp96KWqPsBf7zcmCsvIg+65HgGR84AIMYLe97xGcNHY/qnyiEZn
 SMDCKYvDqPLK48wbcLll9kSfzYtEkuVop6KWaGPGsucq/A+KYSL2AE7rhg9nCOnx
 zhcwv+OlclicaAENTeUD0Ddokf1qUr15nAXfDSvhc1LEap4dDYUl8MvNiU6wTZAi
 R2XzKOW3AIIsIRVrMADY/VNwztMHw/OfH4BC/UsBBOLvB8m89yxSdMwqOPsy8/Kc
 h29pMMMituMkudlVC57qH1yL5JZRl7OwnDx/xefOpyO2mawK+9/pKDcpdtTZThXY
 /nwSqvbPlxj/TxdC5g==
 =Utqq
 -----END PGP SIGNATURE-----

Merge tag 'sizeof_field-v5.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull final sizeof_field conversion from Kees Cook:
 "Remove now unused FIELD_SIZEOF() macro (Kees Cook)"

* tag 'sizeof_field-v5.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  kernel.h: Remove unused FIELD_SIZEOF()
2020-01-02 17:04:43 -08:00
Linus Torvalds 90e0a47be9 gcc-plugins build flexibility fix
- Allow builds to disable plugins even when plugins available (Arnd Bergmann)
 -----BEGIN PGP SIGNATURE-----
 Comment: Kees Cook <kees@outflux.net>
 
 iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAl4OYcsWHGtlZXNjb29r
 QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJgg2D/95JSjJHv6TD4J+dYvzLXG6NR24
 THlHKQymDzDUOPbqrEO+3kJlIy9tXoAmLswuttOv44sfW+VtRqKFyIDWDNUnsJwo
 tfbJRl5JGjTFdrJC4Gsk82d/bIzkdvQvUoF1gRLYUDjUH0DsoW88JUxGdObRCK/Z
 qCkj3xbaRSR75eYflKLSTUTwG2hHQQwxbr/nTNzX/MUP6oQNpdSm+OXrplXC+6rO
 /lvxBccys0OXCoIYZMybxvzeUfeyWK6kIF7VNuJLctC/Wd5/dhpYuilp6MBQdFeK
 S+a5JU6d4A5zB3IkvwHAzqxiJToMW5YqucMQAG6Isdr6lnSPF+bUNjkHVekO5rov
 q0FN3sIqeWtFVBTL7ejbq2l/ZGmapKzw0afn/gi2Tvg52LziQYDdariO4G1Tjs0i
 U5z7jeI7pF37ZcUc06DdmyN6KhliGM8BkEFmRCZWpaGInsEAHJ8XW4E9c/c7prHf
 nwrDXko8IVqztnKAMgUM9iZ/0Bh6e6Am5zcI6SLMSJhICGPQ64RMqItFBBWZSQrD
 u/v4TSkfs6h1rVvpEarqrhdGaYQprAWcJB0PkikGkrd2a7AbIpdCFaP5xpdXDTxc
 DAoIC1I5m8HQMTLhc/G/IW+2Qcg06vW3RhcKvEtef4Po9ullDnpSuUw9uyI6dyi7
 9adNZ203Ipys5aoTTg==
 =Y3WG
 -----END PGP SIGNATURE-----

Merge tag 'gcc-plugins-v5.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull gcc-plugins fix from Kees Cook:
 "Build flexibility fix: allow builds to disable plugins even when
  plugins available (Arnd Bergmann)"

* tag 'gcc-plugins-v5.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again
2020-01-02 16:46:30 -08:00
Linus Torvalds bf6dd9a58e Fixes for seccomp_notify_ioctl uapi sanity
- Fix samples and selftests to zero passed-in buffer (Sargun Dhillon)
 - Enforce zeroed buffer checking (Sargun Dhillon)
 - Verify buffer sanity check in selftest (Sargun Dhillon)
 -----BEGIN PGP SIGNATURE-----
 Comment: Kees Cook <kees@outflux.net>
 
 iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAl4OX5wWHGtlZXNjb29r
 QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJtJZD/4iLG7mOUQNXdcPidjcIMO/tjST
 UzW+9Cb3buePgmCHO9v1TKGL29fVwP5TkuxdrBYDGrJ4rEYANSDX0aNmpHsO8/8M
 2/B/Lo/f9cxFgoKI4QLY2XZ1YR+zkH980mtIG7ZcpYjsNl5AwmT27m2lo6iE7J+x
 7rsaTRPFmUfgbblB6Z5gNwwATudrWJgq066lY2fg3GADP81s6lGQB+ul8rtu84ME
 mTvtb3w6piJb3E+DeYY8p4ykyiewDuYqZWDY+dvWi3kRDjNWX+yFJaPW0YNhM+yh
 HaMXnbuh6gDyCbeUHorC9ypQhJJKzEWCUW8e60BND+fOFCdKMa1AdCtlXWHjrXDQ
 x9hUgQ3UhEedYtQeYtYuoltf0W8Ft4wAapxKJJRegYPQ0RPOgcfdAg4UquusCaLo
 fWK2Hy4XFrxOwISqsFUczUVkBcXl+w0GGH59pSyTImgoQPlTpbVP6f7Axbl+qpKo
 pqOe4bO8curLGlZpdBN6syR5Ik0bizQK0kDZeo+wPmEClp/1zJWMJ4MTP4T80rxY
 74DiQyfNH2iHfsOkdfHCsJC3jM8nmdKk5wMqtrAiIoT8/vdTBgumHrnmkORWFf8c
 R/NHCCLVs9q9sKV0s+VUR3OM2RjqpG1Wo/EBjTlbDQnibC5qdha8X2uVJWIHiF61
 ZgwZ9BoKV/+mKSqTAQ==
 =WgBI
 -----END PGP SIGNATURE-----

Merge tag 'seccomp-v5.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull seccomp fixes from Kees Cook:
 "Fixes for seccomp_notify_ioctl uapi sanity from Sargun Dhillon.

  The bulk of this is fixing the surrounding samples and selftests so
  that seccomp can correctly validate the seccomp_notify_ioctl buffer as
  being initially zeroed.

  Summary:

   - Fix samples and selftests to zero passed-in buffer

   - Enforce zeroed buffer checking

   - Verify buffer sanity check in selftest"

* tag 'seccomp-v5.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  selftests/seccomp: Catch garbage on SECCOMP_IOCTL_NOTIF_RECV
  seccomp: Check that seccomp_notif is zeroed out by the user
  selftests/seccomp: Zero out seccomp_notif
  samples/seccomp: Zero out members based on seccomp_notif_sizes
2020-01-02 16:42:10 -08:00
Paul Burton bbcc5672b0
MIPS: Avoid VDSO ABI breakage due to global register variable
Declaring __current_thread_info as a global register variable has the
effect of preventing GCC from saving & restoring its value in cases
where the ABI would typically do so.

To quote GCC documentation:

> If the register is a call-saved register, call ABI is affected: the
> register will not be restored in function epilogue sequences after the
> variable has been assigned. Therefore, functions cannot safely return
> to callers that assume standard ABI.

When our position independent VDSO is built for the n32 or n64 ABIs all
functions it exposes should be preserving the value of $gp/$28 for their
caller, but in the presence of the __current_thread_info global register
variable GCC stops doing so & simply clobbers $gp/$28 when calculating
the address of the GOT.

In cases where the VDSO returns success this problem will typically be
masked by the caller in libc returning & restoring $gp/$28 itself, but
that is by no means guaranteed. In cases where the VDSO returns an error
libc will typically contain a fallback path which will now fail
(typically with a bad memory access) if it attempts anything which
relies upon the value of $gp/$28 - eg. accessing anything via the GOT.

One fix for this would be to move the declaration of
__current_thread_info inside the current_thread_info() function,
demoting it from global register variable to local register variable &
avoiding inadvertently creating a non-standard calling ABI for the VDSO.
Unfortunately this causes issues for clang, which doesn't support local
register variables as pointed out by commit fe92da0f35 ("MIPS: Changed
current_thread_info() to an equivalent supported by both clang and GCC")
which introduced the global register variable before we had a VDSO to
worry about.

Instead, fix this by continuing to use the global register variable for
the kernel proper but declare __current_thread_info as a simple extern
variable when building the VDSO. It should never be referenced, and will
cause a link error if it is. This resolves the calling convention issue
for the VDSO without having any impact upon the build of the kernel
itself for either clang or gcc.

Signed-off-by: Paul Burton <paulburton@kernel.org>
Fixes: ebb5e78cc6 ("MIPS: Initial implementation of a VDSO")
Reported-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
Tested-by: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Christian Brauner <christian.brauner@canonical.com>
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
Cc: <stable@vger.kernel.org> # v4.4+
Cc: linux-mips@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
2020-01-02 16:41:16 -08:00
Linus Torvalds 278b14eb92 pstore bug fixes
- always reset circular buffer state when writing new dump (Aleksandr Yashkin)
 - fix rare error-path memory leak (Kees Cook)
 -----BEGIN PGP SIGNATURE-----
 Comment: Kees Cook <kees@outflux.net>
 
 iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAl4OWFsWHGtlZXNjb29r
 QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJg3FD/0Vp/Qf0zfjGlV657kNhbYMKYSM
 h/ItNhFovnRnxobY2CzjZyYoU9ZCsv2bEhplILlJxG84l+nb3nUubHGhUVcoQ6iE
 aDJAdz632qB+R8l/Ouk0xUp/UnVvoheA68RCaeY6R7G/vAHqceoGD72Ji5kFe1T8
 QxPqVAJAIn+hdBHtZVhuueqINQ+3nCUUwE4Yu0veqEG5wcf+awGDjDrha2ZsMyfM
 Zl54co7l5Z5MwLLTxXO8RRFXlGtmMXnLQcKUwdPIxi+ZBZRan2pdj2zX5Sr0eGA2
 HtZchn9Bc5bbwERRobbwWzQeqbwfoRHMOWFq7mUHyaho/5Pbv67A0lOib2cuXG+U
 WjpXV9nLiAbVqIH0wph4Vppx5acDI7o0JRS0oct/f7trZE58zXfHLJHLqPrblV8J
 3pr989yGBEYI8YCf2dJXIKQlT0+s24Iyby0RmkCwQC/DkRWf9+a6BBYLHvGS96Y2
 gZ4wKGJRXbDP3m4NuojYRv3DwF71jtSw5bR1kLAdjEygbtxG064mTcACH+DsScKK
 6zBbOA2qBf1ReFdz4KVN9TAOnPIsTgeBG5ttmzGgkKZUUAe9+65AJH8jS22NSD2S
 mn4S2hXio5hV3bMUJtItEzMjYwMkdeyac8EubPlLH4DoNdZ01ER6L07x83m5cPjl
 wZ845V9VZ14i4bkq8w==
 =yG+c
 -----END PGP SIGNATURE-----

Merge tag 'pstore-v5.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull pstore bug fixes from Kees Cook:

 - always reset circular buffer state when writing new dump (Aleksandr
   Yashkin)

 - fix rare error-path memory leak (Kees Cook)

* tag 'pstore-v5.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  pstore/ram: Write new dumps to start of recycled zones
  pstore/ram: Fix error-path memory leak in persistent_ram_new() callers
2020-01-02 16:39:51 -08:00
Dominik Brodowski 74f1a29910 Revert "fs: remove ksys_dup()"
This reverts commit 8243186f0c ("fs: remove ksys_dup()") and the
subsequent fix for it in commit 2d3145f8d2 ("early init: fix error
handling when opening /dev/console").

Trying to use filp_open() and f_dupfd() instead of pseudo-syscalls
caused more trouble than what is worth it: it requires accessing vfs
internals and it turns out there were other bugs in it too.

In particular, the file reference counting was wrong - because unlike
the original "open+2*dup" sequence it used "filp_open+3*f_dupfd" and
thus had an extra leaked file reference.

That in turn then caused odd problems with Androidx86 long after boot
becaue of how the extra reference to the console kept the session active
even after all file descriptors had been closed.

Reported-by: youling 257 <youling257@gmail.com>
Cc: Arvind Sankar <nivedita@alum.mit.edu>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-01-02 16:15:33 -08:00
Arnd Bergmann a5b0dc5a46 gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again
I noticed that randconfig builds with gcc no longer produce a lot of
ccache hits, unlike with clang, and traced this back to plugins
now being enabled unconditionally if they are supported.

I am now working around this by adding

   export CCACHE_COMPILERCHECK=/usr/bin/size -A %compiler%

to my top-level Makefile. This changes the heuristic that ccache uses
to determine whether the plugins are the same after a 'make clean'.

However, it also seems that being able to just turn off the plugins is
generally useful, at least for build testing it adds noticeable overhead
but does not find a lot of bugs additional bugs, and may be easier for
ccache users than my workaround.

Fixes: 9f671e5815 ("security: Create "kernel hardening" config area")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Masahiro Yamada <masahiroy@kernel.org>
Link: https://lore.kernel.org/r/20191211133951.401933-1-arnd@arndb.de
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
2020-01-02 13:30:14 -08:00
Sargun Dhillon e4ab5ccc35 selftests/seccomp: Catch garbage on SECCOMP_IOCTL_NOTIF_RECV
This adds logic to the user_notification_basic test to set a member
of struct seccomp_notif to an invalid value to ensure that the kernel
returns EINVAL if any of the struct seccomp_notif members are set to
invalid values.

Signed-off-by: Sargun Dhillon <sargun@sargun.me>
Suggested-by: Christian Brauner <christian.brauner@ubuntu.com>
Link: https://lore.kernel.org/r/20191230203811.4996-1-sargun@sargun.me
Fixes: 6a21cc50f0 ("seccomp: add a return code to trap to userspace")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
2020-01-02 13:15:45 -08:00
Sargun Dhillon 2882d53c9c seccomp: Check that seccomp_notif is zeroed out by the user
This patch is a small change in enforcement of the uapi for
SECCOMP_IOCTL_NOTIF_RECV ioctl. Specifically, the datastructure which
is passed (seccomp_notif) must be zeroed out. Previously any of its
members could be set to nonsense values, and we would ignore it.

This ensures all fields are set to their zero value.

Signed-off-by: Sargun Dhillon <sargun@sargun.me>
Reviewed-by: Christian Brauner <christian.brauner@ubuntu.com>
Reviewed-by: Aleksa Sarai <cyphar@cyphar.com>
Acked-by: Tycho Andersen <tycho@tycho.ws>
Link: https://lore.kernel.org/r/20191229062451.9467-2-sargun@sargun.me
Fixes: 6a21cc50f0 ("seccomp: add a return code to trap to userspace")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
2020-01-02 13:03:45 -08:00
Sargun Dhillon 88c13f8bd7 selftests/seccomp: Zero out seccomp_notif
The seccomp_notif structure should be zeroed out prior to calling the
SECCOMP_IOCTL_NOTIF_RECV ioctl. Previously, the kernel did not check
whether these structures were zeroed out or not, so these worked.

This patch zeroes out the seccomp_notif data structure prior to calling
the ioctl.

Signed-off-by: Sargun Dhillon <sargun@sargun.me>
Reviewed-by: Tycho Andersen <tycho@tycho.ws>
Reviewed-by: Christian Brauner <christian.brauner@ubuntu.com>
Link: https://lore.kernel.org/r/20191229062451.9467-1-sargun@sargun.me
Fixes: 6a21cc50f0 ("seccomp: add a return code to trap to userspace")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
2020-01-02 13:03:42 -08:00
Sargun Dhillon 771b894f2f samples/seccomp: Zero out members based on seccomp_notif_sizes
The sizes by which seccomp_notif and seccomp_notif_resp are allocated are
based on the SECCOMP_GET_NOTIF_SIZES ioctl. This allows for graceful
extension of these datastructures. If userspace zeroes out the
datastructure based on its version, and it is lagging behind the kernel's
version, it will end up sending trailing garbage. On the other hand,
if it is ahead of the kernel version, it will write extra zero space,
and potentially cause corruption.

Signed-off-by: Sargun Dhillon <sargun@sargun.me>
Suggested-by: Tycho Andersen <tycho@tycho.ws>
Link: https://lore.kernel.org/r/20191230203503.4925-1-sargun@sargun.me
Fixes: fec7b66905 ("samples: add an example of seccomp user trap")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
2020-01-02 13:03:39 -08:00
Aleksandr Yashkin 9e5f1c1980 pstore/ram: Write new dumps to start of recycled zones
The ram_core.c routines treat przs as circular buffers. When writing a
new crash dump, the old buffer needs to be cleared so that the new dump
doesn't end up in the wrong place (i.e. at the end).

The solution to this problem is to reset the circular buffer state before
writing a new Oops dump.

Signed-off-by: Aleksandr Yashkin <a.yashkin@inango-systems.com>
Signed-off-by: Nikolay Merinov <n.merinov@inango-systems.com>
Signed-off-by: Ariel Gilman <a.gilman@inango-systems.com>
Link: https://lore.kernel.org/r/20191223133816.28155-1-n.merinov@inango-systems.com
Fixes: 896fc1f0c4 ("pstore/ram: Switch to persistent_ram routines")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
2020-01-02 12:30:50 -08:00
Kees Cook 8df955a32a pstore/ram: Fix error-path memory leak in persistent_ram_new() callers
For callers that allocated a label for persistent_ram_new(), if the call
fails, they must clean up the allocation.

Suggested-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Fixes: 1227daa43b ("pstore/ram: Clarify resource reservation labels")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/lkml/20191211191353.14385-1-navid.emamdoost@gmail.com
Signed-off-by: Kees Cook <keescook@chromium.org>
2020-01-02 12:30:39 -08:00
John Johansen 20d4e80d25 apparmor: only get a label reference if the fast path check fails
The common fast path check can be done under rcu_read_lock() and
doesn't need a reference count on the label. Only take a reference
count if entering the slow path.

Fixes reported hackbench regression
  - sha1 79e178a57d ("Merge tag 'apparmor-pr-2019-12-03' of
    git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor")

  hackbench -l (256000/#grp) -g #grp
   128 groups     19.679 ±0.90%

  - previous sha1 01d1dff646 ("Merge tag 's390-5.5-2' of
    git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux")

  hackbench -l (256000/#grp) -g #grp
   128 groups     3.1689 ±3.04%

Reported-by: Vincent Guittot <vincent.guittot@linaro.org>
Tested-by: Vincent Guittot <vincent.guittot@linaro.org>
Tested-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Fixes: bce4e7e9c4 ("apparmor: reduce rcu_read_lock scope for aa_file_perm mediation")
Signed-off-by: John Johansen <john.johansen@canonical.com>
2020-01-02 05:31:40 -08:00
Patrick Steinhardt 9c95a278ba apparmor: fix bind mounts aborting with -ENOMEM
With commit df323337e5 ("apparmor: Use a memory pool instead per-CPU
caches, 2019-05-03"), AppArmor code was converted to use memory pools. In
that conversion, a bug snuck into the code that polices bind mounts that
causes all bind mounts to fail with -ENOMEM, as we erroneously error out
if `aa_get_buffer` returns a pointer instead of erroring out when it
does _not_ return a valid pointer.

Fix the issue by correctly checking for valid pointers returned by
`aa_get_buffer` to fix bind mounts with AppArmor.

Fixes: df323337e5 ("apparmor: Use a memory pool instead per-CPU caches")
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: John Johansen <john.johansen@canonical.com>
2020-01-02 05:31:40 -08:00
Dave Airlie 866bd5eeaf Merge tag 'amd-drm-fixes-5.5-2020-01-01' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
amd-drm-fixes-5.5-2020-01-01:

amdgpu:
- ATPX regression fix
- SMU metrics table locking fixes
- gfxoff fix for raven
- RLC firmware loading stability fix

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Alex Deucher <alexdeucher@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200101151307.5242-1-alexander.deucher@amd.com
2020-01-02 10:16:04 +10:00
Dave Airlie e7cbcb16fa -sun4i: Fix double-free in connector/encoder cleanup (Stefan)
-malidp: Make vtable static (Ben)
 
 Cc: Ben Dooks <ben.dooks@codethink.co.uk>
 Cc: Stefan Mavrodiev <stefan@olimex.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEHF6rntfJ3enn8gh8cywAJXLcr3kFAl4LaBgACgkQcywAJXLc
 r3l58ggA2PKL0955KFeWAV1T8JZEaGSA6i5TNhtQFHbLQO2Ks5tE/YXsAROcA+ry
 Eblqk36Yg0NyhsJ8e6FwQYiRdkL3Vh+kpxV+zbexfeKqSuyX12Xqy1Ukbxij0qYt
 faDhwh4TYHQnA1QvsPfXSkf0gQt0nWAq2EahHaT9qn0tjjmA1YmAyIh851kBtT4B
 UeyDJgLh4l0ALs2dptaVrpB+uKT7GKeQvFoAMddYOBFAQ21/ihJwCQdGBqfYAaO0
 PTsfNxjfDnm8s1N/qNV+21Pk1pMm6g9xKTmP/cuD6iwiaWlB5GYxeo6xFLjQ3NVU
 EOHv4SJdsm3CFGEggJvqCiBYIJfG9Q==
 =+u2K
 -----END PGP SIGNATURE-----

Merge tag 'drm-misc-fixes-2019-12-31' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes

-sun4i: Fix double-free in connector/encoder cleanup (Stefan)
-malidp: Make vtable static (Ben)

Cc: Ben Dooks <ben.dooks@codethink.co.uk>
Cc: Stefan Mavrodiev <stefan@olimex.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Sean Paul <sean@poorly.run>
Link: https://patchwork.freedesktop.org/patch/msgid/20191231152503.GA46740@art_vandelay
2020-01-02 09:41:00 +10:00
Dave Airlie 886a0dc04d Mediatek DRM fixes for Linux 5.5
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJeCrsAAAoJEOHKc6PJWU4k7rsP/jh81H+i4vO+derBdItdCa81
 b9eQjyVZNOdVvCpYAugIz2Xa71PkjcnB53Ck885bEhSJ9sHPewMFq/K+1dHpzzqB
 X+68pD83B07KU6x8Y9g+DcCsksR2zOANtE0I8Y0ElraCsCN2KkUzWKUa5wefFw5M
 J3xWqDboad8MTUDIDs0eo4JoVFApj7PmXPKRKQfFy7In/888sCFWtC3zDKxk9OHF
 zj5PQ43E8cy1bCQIKnMRJjB5PuPdI0SUZlFLoxu7YbSOPkA8QGqkkOKqi4qBZ2n5
 e0AcCXrwrQSqkiSZybHcUsvihJLSW64LlgorfRCDzl4TOexHVAZDgc/lg8UgEiQ2
 JC/piFB1vTeI/3DMELWx6U+ULbX5hx+yAFc5zQIrio+WJYETZyVHLBLl1GE2SA8F
 hbEq5xjuJHvWDCsr2nsR0qHO3ozodSGgfg03vhKtQp5J0wUMIvr9kNI/4HUSJGe4
 7GYBLcsPFPS6huscakkGn2hF5FL8v1Sxvqk+m/3chUU2PfsNxyVLlUztFJkaAGkH
 6WjLxxpFgWVSnSqig+5wC67fF3FjUa+HtAclIi9zrnG64joH7+M/1wsTvuldo20R
 GPdr2iOgGkxjg8NsB9IYXTJjSFi+CBGsCxmM53K8+e3lpwN8km4pSKOHCsi1TsO6
 Y5pZw4+yirymE8kKiCMo
 =6y+R
 -----END PGP SIGNATURE-----

Merge tag 'mediatek-drm-fixes-5.5' of https://github.com/ckhu-mediatek/linux.git-tags into drm-fixes

Mediatek DRM fixes for Linux 5.5

Signed-off-by: Dave Airlie <airlied@redhat.com>

From: CK Hu <ck.hu@mediatek.com>
Link: https://patchwork.freedesktop.org/patch/msgid/1577762298.23194.2.camel@mtksdaap41
2020-01-02 09:40:30 +10:00
Evan Quan 969e115292 drm/amdgpu: correct RLC firmwares loading sequence
Per confirmation with RLC firmware team, the RLC should
be unhalted after all RLC related firmwares uploaded.
However, in fact the RLC is unhalted immediately after
RLCG firmware uploaded. And that may causes unexpected
PSP hang on loading the succeeding RLC save restore
list related firmwares.
So, we correct the firmware loading sequence to load
RLC save restore list related firmwares before RLCG
ucode. That will help to get around this issue.

Signed-off-by: Evan Quan <evan.quan@amd.com>
Reviewed-by: Hawking Zhang <Hawking.Zhang@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
2020-01-01 09:26:09 -05:00
Linus Torvalds 738d290277 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from David Miller:

 1) Fix big endian overflow in nf_flow_table, from Arnd Bergmann.

 2) Fix port selection on big endian in nft_tproxy, from Phil Sutter.

 3) Fix precision tracking for unbound scalars in bpf verifier, from
    Daniel Borkmann.

 4) Fix integer overflow in socket rcvbuf check in UDP, from Antonio
    Messina.

 5) Do not perform a neigh confirmation during a pmtu update over a
    tunnel, from Hangbin Liu.

 6) Fix DMA mapping leak in dpaa_eth driver, from Madalin Bucur.

 7) Various PTP fixes for sja1105 dsa driver, from Vladimir Oltean.

 8) Add missing to dummy definition of of_mdiobus_child_is_phy(), from
    Geert Uytterhoeven

* git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (54 commits)
  hsr: fix slab-out-of-bounds Read in hsr_debugfs_rename()
  net/sched: add delete_empty() to filters and use it in cls_flower
  tcp: Fix highest_sack and highest_sack_seq
  ptp: fix the race between the release of ptp_clock and cdev
  net: dsa: sja1105: Reconcile the meaning of TPID and TPID2 for E/T and P/Q/R/S
  Documentation: net: dsa: sja1105: Remove text about taprio base-time limitation
  net: dsa: sja1105: Remove restriction of zero base-time for taprio offload
  net: dsa: sja1105: Really make the PTP command read-write
  net: dsa: sja1105: Take PTP egress timestamp by port, not mgmt slot
  cxgb4/cxgb4vf: fix flow control display for auto negotiation
  mlxsw: spectrum: Use dedicated policer for VRRP packets
  mlxsw: spectrum_router: Skip loopback RIFs during MAC validation
  net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs
  net/sched: act_mirred: Pull mac prior redir to non mac_header_xmit device
  net_sched: sch_fq: properly set sk->sk_pacing_status
  bnx2x: Fix accounting of vlan resources among the PFs
  bnx2x: Use appropriate define for vlan credit
  of: mdio: Add missing inline to of_mdiobus_child_is_phy() dummy
  net: phy: aquantia: add suspend / resume ops for AQR105
  dpaa_eth: fix DMA mapping leak
  ...
2019-12-31 11:14:58 -08:00
Linus Torvalds c5c928c667 Two bugfix patches for 5.5.
tomoyo: Suppress RCU warning at list_for_each_entry_rcu().
   tomoyo: Don't use nifty names on sockets.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJeCqRMAAoJEEJfEo0MZPUqmRoQAJdWfsAObzNRq8VsiZJTQ7NV
 Y4Nz1QYAUMjsSnWCTY1iI/9a4SY7zOmlGoCO9pC4leGeV/H9FCp+flBVBs6nEiQF
 A/bRT9P9ek3urr+kOj1A9udxRRXQdQ292TVd9Ll7fJuamLHsLAQSTht27SdJyStQ
 FY5COJCTC3Qvoz/jdkqQ1qEyYUavH6FvNjN9eIsjLow6BahHzDj/sw6WC/iUQhOC
 55mK10bN7jHvewRsrW5HLQ0aUazz/6FTZIuVckFpk/R67aljEIsMccAeYw7XeBWS
 a4AqI5a+8Go8ryXeM6y76JF3SnWpX9PZYLMYZz2SYkohBbl+ivVKJZOWEOQPhYTO
 wFAFSwZVA4uEsYEQF7qWGsQGMS/QR1tre2na4dWjpSZ0Ly2xX81tcjEhVYq6jsuk
 1MGHTDCc93dMJW8OKx31CRRr9mIkJ4C1pJqQzlApjkqxUMq3Bxdidc4WOshB20y6
 cLf1nfIor4/8VBb8LdBICPcedfHWk3KY6nL5yTqUjtETln7Ba/UeXpPKL9kH15Pg
 N29AzQfNuRyTL/s51ZRrvmh/WJWIrl2xLue3s5u8yJA6DivUb8U46BK+BQn+POHG
 XJDydAxynKYbPlqbNE6yoFl36BwyNwy5vWQp/0ONiwXHPSl3lsi5LYWy0XGODS8a
 9SSbLovjKTvMeLnoN+AI
 =11MC
 -----END PGP SIGNATURE-----

Merge tag 'tomoyo-fixes-for-5.5' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1

Pull tomoyo fixes from Tetsuo Handa:
 "Two bug fixes:

   - Suppress RCU warning at list_for_each_entry_rcu()

   - Don't use fancy names on sockets"

* tag 'tomoyo-fixes-for-5.5' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1:
  tomoyo: Suppress RCU warning at list_for_each_entry_rcu().
  tomoyo: Don't use nifty names on sockets.
2019-12-31 10:51:27 -08:00
Taehee Yoo 04b69426d8 hsr: fix slab-out-of-bounds Read in hsr_debugfs_rename()
hsr slave interfaces don't have debugfs directory.
So, hsr_debugfs_rename() shouldn't be called when hsr slave interface name
is changed.

Test commands:
    ip link add dummy0 type dummy
    ip link add dummy1 type dummy
    ip link add hsr0 type hsr slave1 dummy0 slave2 dummy1
    ip link set dummy0 name ap

Splat looks like:
[21071.899367][T22666] ap: renamed from dummy0
[21071.914005][T22666] ==================================================================
[21071.919008][T22666] BUG: KASAN: slab-out-of-bounds in hsr_debugfs_rename+0xaa/0xb0 [hsr]
[21071.923640][T22666] Read of size 8 at addr ffff88805febcd98 by task ip/22666
[21071.926941][T22666]
[21071.927750][T22666] CPU: 0 PID: 22666 Comm: ip Not tainted 5.5.0-rc2+ #240
[21071.929919][T22666] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[21071.935094][T22666] Call Trace:
[21071.935867][T22666]  dump_stack+0x96/0xdb
[21071.936687][T22666]  ? hsr_debugfs_rename+0xaa/0xb0 [hsr]
[21071.937774][T22666]  print_address_description.constprop.5+0x1be/0x360
[21071.939019][T22666]  ? hsr_debugfs_rename+0xaa/0xb0 [hsr]
[21071.940081][T22666]  ? hsr_debugfs_rename+0xaa/0xb0 [hsr]
[21071.940949][T22666]  __kasan_report+0x12a/0x16f
[21071.941758][T22666]  ? hsr_debugfs_rename+0xaa/0xb0 [hsr]
[21071.942674][T22666]  kasan_report+0xe/0x20
[21071.943325][T22666]  hsr_debugfs_rename+0xaa/0xb0 [hsr]
[21071.944187][T22666]  hsr_netdev_notify+0x1fe/0x9b0 [hsr]
[21071.945052][T22666]  ? __module_text_address+0x13/0x140
[21071.945897][T22666]  notifier_call_chain+0x90/0x160
[21071.946743][T22666]  dev_change_name+0x419/0x840
[21071.947496][T22666]  ? __read_once_size_nocheck.constprop.6+0x10/0x10
[21071.948600][T22666]  ? netdev_adjacent_rename_links+0x280/0x280
[21071.949577][T22666]  ? __read_once_size_nocheck.constprop.6+0x10/0x10
[21071.950672][T22666]  ? lock_downgrade+0x6e0/0x6e0
[21071.951345][T22666]  ? do_setlink+0x811/0x2ef0
[21071.951991][T22666]  do_setlink+0x811/0x2ef0
[21071.952613][T22666]  ? is_bpf_text_address+0x81/0xe0
[ ... ]

Reported-by: syzbot+9328206518f08318a5fd@syzkaller.appspotmail.com
Fixes: 4c2d5e33dc ("hsr: rename debugfs file when interface name is changed")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-30 20:36:27 -08:00
Davide Caratti a5b72a083d net/sched: add delete_empty() to filters and use it in cls_flower
Revert "net/sched: cls_u32: fix refcount leak in the error path of
u32_change()", and fix the u32 refcount leak in a more generic way that
preserves the semantic of rule dumping.
On tc filters that don't support lockless insertion/removal, there is no
need to guard against concurrent insertion when a removal is in progress.
Therefore, for most of them we can avoid a full walk() when deleting, and
just decrease the refcount, like it was done on older Linux kernels.
This fixes situations where walk() was wrongly detecting a non-empty
filter, like it happened with cls_u32 in the error path of change(), thus
leading to failures in the following tdc selftests:

 6aa7: (filter, u32) Add/Replace u32 with source match and invalid indev
 6658: (filter, u32) Add/Replace u32 with custom hash table and invalid handle
 74c2: (filter, u32) Add/Replace u32 filter with invalid hash table id

On cls_flower, and on (future) lockless filters, this check is necessary:
move all the check_empty() logic in a callback so that each filter
can have its own implementation. For cls_flower, it's sufficient to check
if no IDRs have been allocated.

This reverts commit 275c44aa19.

Changes since v1:
 - document the need for delete_empty() when TCF_PROTO_OPS_DOIT_UNLOCKED
   is used, thanks to Vlad Buslov
 - implement delete_empty() without doing fl_walk(), thanks to Vlad Buslov
 - squash revert and new fix in a single patch, to be nice with bisect
   tests that run tdc on u32 filter, thanks to Dave Miller

Fixes: 275c44aa19 ("net/sched: cls_u32: fix refcount leak in the error path of u32_change()")
Fixes: 6676d5e416 ("net: sched: set dedicated tcf_walker flag when tp is empty")
Suggested-by: Jamal Hadi Salim <jhs@mojatatu.com>
Suggested-by: Vlad Buslov <vladbu@mellanox.com>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Reviewed-by: Vlad Buslov <vladbu@mellanox.com>
Tested-by: Jamal Hadi Salim <jhs@mojatatu.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-30 20:35:19 -08:00
Cambda Zhu 853697504d tcp: Fix highest_sack and highest_sack_seq
>From commit 50895b9de1 ("tcp: highest_sack fix"), the logic about
setting tp->highest_sack to the head of the send queue was removed.
Of course the logic is error prone, but it is logical. Before we
remove the pointer to the highest sack skb and use the seq instead,
we need to set tp->highest_sack to NULL when there is no skb after
the last sack, and then replace NULL with the real skb when new skb
inserted into the rtx queue, because the NULL means the highest sack
seq is tp->snd_nxt. If tp->highest_sack is NULL and new data sent,
the next ACK with sack option will increase tp->reordering unexpectedly.

This patch sets tp->highest_sack to the tail of the rtx queue if
it's NULL and new data is sent. The patch keeps the rule that the
highest_sack can only be maintained by sack processing, except for
this only case.

Fixes: 50895b9de1 ("tcp: highest_sack fix")
Signed-off-by: Cambda Zhu <cambda@linux.alibaba.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-30 20:28:39 -08:00
Vladis Dronov a33121e548 ptp: fix the race between the release of ptp_clock and cdev
In a case when a ptp chardev (like /dev/ptp0) is open but an underlying
device is removed, closing this file leads to a race. This reproduces
easily in a kvm virtual machine:

ts# cat openptp0.c
int main() { ... fp = fopen("/dev/ptp0", "r"); ... sleep(10); }
ts# uname -r
5.5.0-rc3-46cf053e
ts# cat /proc/cmdline
... slub_debug=FZP
ts# modprobe ptp_kvm
ts# ./openptp0 &
[1] 670
opened /dev/ptp0, sleeping 10s...
ts# rmmod ptp_kvm
ts# ls /dev/ptp*
ls: cannot access '/dev/ptp*': No such file or directory
ts# ...woken up
[   48.010809] general protection fault: 0000 [#1] SMP
[   48.012502] CPU: 6 PID: 658 Comm: openptp0 Not tainted 5.5.0-rc3-46cf053e #25
[   48.014624] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), ...
[   48.016270] RIP: 0010:module_put.part.0+0x7/0x80
[   48.017939] RSP: 0018:ffffb3850073be00 EFLAGS: 00010202
[   48.018339] RAX: 000000006b6b6b6b RBX: 6b6b6b6b6b6b6b6b RCX: ffff89a476c00ad0
[   48.018936] RDX: fffff65a08d3ea08 RSI: 0000000000000247 RDI: 6b6b6b6b6b6b6b6b
[   48.019470] ...                                              ^^^ a slub poison
[   48.023854] Call Trace:
[   48.024050]  __fput+0x21f/0x240
[   48.024288]  task_work_run+0x79/0x90
[   48.024555]  do_exit+0x2af/0xab0
[   48.024799]  ? vfs_write+0x16a/0x190
[   48.025082]  do_group_exit+0x35/0x90
[   48.025387]  __x64_sys_exit_group+0xf/0x10
[   48.025737]  do_syscall_64+0x3d/0x130
[   48.026056]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   48.026479] RIP: 0033:0x7f53b12082f6
[   48.026792] ...
[   48.030945] Modules linked in: ptp i6300esb watchdog [last unloaded: ptp_kvm]
[   48.045001] Fixing recursive fault but reboot is needed!

This happens in:

static void __fput(struct file *file)
{   ...
    if (file->f_op->release)
        file->f_op->release(inode, file); <<< cdev is kfree'd here
    if (unlikely(S_ISCHR(inode->i_mode) && inode->i_cdev != NULL &&
             !(mode & FMODE_PATH))) {
        cdev_put(inode->i_cdev); <<< cdev fields are accessed here

Namely:

__fput()
  posix_clock_release()
    kref_put(&clk->kref, delete_clock) <<< the last reference
      delete_clock()
        delete_ptp_clock()
          kfree(ptp) <<< cdev is embedded in ptp
  cdev_put
    module_put(p->owner) <<< *p is kfree'd, bang!

Here cdev is embedded in posix_clock which is embedded in ptp_clock.
The race happens because ptp_clock's lifetime is controlled by two
refcounts: kref and cdev.kobj in posix_clock. This is wrong.

Make ptp_clock's sysfs device a parent of cdev with cdev_device_add()
created especially for such cases. This way the parent device with its
ptp_clock is not released until all references to the cdev are released.
This adds a requirement that an initialized but not exposed struct
device should be provided to posix_clock_register() by a caller instead
of a simple dev_t.

This approach was adopted from the commit 72139dfa24 ("watchdog: Fix
the race between the release of watchdog_core_data and cdev"). See
details of the implementation in the commit 233ed09d7f ("chardev: add
helper function to register char devs with a struct device").

Link: https://lore.kernel.org/linux-fsdevel/20191125125342.6189-1-vdronov@redhat.com/T/#u
Analyzed-by: Stephen Johnston <sjohnsto@redhat.com>
Analyzed-by: Vern Lovejoy <vlovejoy@redhat.com>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Acked-by: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-30 20:19:27 -08:00
Vladimir Oltean 54fa49ee88 net: dsa: sja1105: Reconcile the meaning of TPID and TPID2 for E/T and P/Q/R/S
For first-generation switches (SJA1105E and SJA1105T):
- TPID means C-Tag (typically 0x8100)
- TPID2 means S-Tag (typically 0x88A8)

While for the second generation switches (SJA1105P, SJA1105Q, SJA1105R,
SJA1105S) it is the other way around:
- TPID means S-Tag (typically 0x88A8)
- TPID2 means C-Tag (typically 0x8100)

In other words, E/T tags untagged traffic with TPID, and P/Q/R/S with
TPID2.

So the patch mentioned below fixed VLAN filtering for P/Q/R/S, but broke
it for E/T.

We strive for a common code path for all switches in the family, so just
lie in the static config packing functions that TPID and TPID2 are at
swapped bit offsets than they actually are, for P/Q/R/S. This will make
both switches understand TPID to be ETH_P_8021Q and TPID2 to be
ETH_P_8021AD. The meaning from the original E/T was chosen over P/Q/R/S
because E/T is actually the one with public documentation available
(UM10944.pdf).

Fixes: f9a1a7646c ("net: dsa: sja1105: Reverse TPID and TPID2")
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-30 20:15:02 -08:00