1. 06 3月, 2019 40 次提交
    • T
      ibmveth: Do not process frames after calling napi_reschedule · e91cbe1d
      Thomas Falcon 提交于
      [ Upstream commit e95d22c69b2c130ccce257b84daf283fd82d611e ]
      
      The IBM virtual ethernet driver's polling function continues
      to process frames after rescheduling NAPI, resulting in a warning
      if it exhausted its budget. Do not restart polling after calling
      napi_reschedule. Instead let frames be processed in the following
      instance.
      Signed-off-by: NThomas Falcon <tlfalcon@linux.ibm.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      e91cbe1d
    • M
      net: dev_is_mac_header_xmit() true for ARPHRD_RAWIP · 61fe1005
      Maciej Żenczykowski 提交于
      [ Upstream commit 3b707c3008cad04604c1f50e39f456621821c414 ]
      
      __bpf_redirect() and act_mirred checks this boolean
      to determine whether to prefix an ethernet header.
      Signed-off-by: NMaciej Żenczykowski <maze@google.com>
      Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      61fe1005
    • Z
      net: usb: asix: ax88772_bind return error when hw_reset fail · f7901f15
      Zhang Run 提交于
      [ Upstream commit 6eea3527e68acc22483f4763c8682f223eb90029 ]
      
      The ax88772_bind() should return error code immediately when the PHY
      was not reset properly through ax88772a_hw_reset().
      Otherwise, The asix_get_phyid() will block when get the PHY
      Identifier from the PHYSID1 MII registers through asix_mdio_read()
      due to the PHY isn't ready. Furthermore, it will produce a lot of
      error message cause system crash.As follows:
      asix 1-1:1.0 (unnamed net_device) (uninitialized): Failed to write
       reg index 0x0000: -71
      asix 1-1:1.0 (unnamed net_device) (uninitialized): Failed to send
       software reset: ffffffb9
      asix 1-1:1.0 (unnamed net_device) (uninitialized): Failed to write
       reg index 0x0000: -71
      asix 1-1:1.0 (unnamed net_device) (uninitialized): Failed to enable
       software MII access
      asix 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read
       reg index 0x0000: -71
      asix 1-1:1.0 (unnamed net_device) (uninitialized): Failed to write
       reg index 0x0000: -71
      asix 1-1:1.0 (unnamed net_device) (uninitialized): Failed to enable
       software MII access
      asix 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read
       reg index 0x0000: -71
      ...
      Signed-off-by: NZhang Run <zhang.run@zte.com.cn>
      Reviewed-by: NYang Wei <yang.wei9@zte.com.cn>
      Tested-by: NMarcel Ziswiler <marcel.ziswiler@toradex.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      f7901f15
    • D
      drm/msm: Fix A6XX support for opp-level · 156a43cc
      Douglas Anderson 提交于
      [ Upstream commit a3c5e2cd79753121f49a8662c1e0a60ddb5486ca ]
      
      The bindings for Qualcomm opp levels changed after being Acked but
      before landing.  Thus the code in the GPU driver that was relying on
      the old bindings is now broken.
      
      Let's change the code to match the new bindings by adjusting the old
      string 'qcom,level' to the new string 'opp-level'.  See the patch
      ("dt-bindings: opp: Introduce opp-level bindings").
      
      NOTE: we will do additional cleanup to totally remove the string from
      the code and use the new dev_pm_opp_get_level() but we'll do it in a
      future patch.  This will facilitate getting the important code fix in
      sooner without having to deal with cross-maintainer dependencies.
      
      This patch needs to land before the patch ("arm64: dts: sdm845: Add
      gpu and gmu device nodes") since if a tree contains the device tree
      patch but not this one you'll get a crash at bootup.
      
      Fixes: 4b565ca5 ("drm/msm: Add A6XX device support")
      Signed-off-by: NDouglas Anderson <dianders@chromium.org>
      Reviewed-by: NJordan Crouse <jcrouse@codeaurora.org>
      Signed-off-by: NRob Clark <robdclark@gmail.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      156a43cc
    • H
      nvme-multipath: drop optimization for static ANA group IDs · 9f260d76
      Hannes Reinecke 提交于
      [ Upstream commit 78a61cd42a64f3587862b372a79e1d6aaf131fd7 ]
      
      Bit 6 in the ANACAP field is used to indicate that the ANA group ID
      doesn't change while the namespace is attached to the controller.
      There is an optimisation in the code to only allocate space
      for the ANA group header, as the namespace list won't change and
      hence would not need to be refreshed.
      However, this optimisation was never carried over to the actual
      workflow, which always assumes that the buffer is large enough
      to hold the ANA header _and_ the namespace list.
      So drop this optimisation and always allocate enough space.
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NHannes Reinecke <hare@suse.com>
      Signed-off-by: NSagi Grimberg <sagi@grimberg.me>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      9f260d76
    • S
      nvme-rdma: fix timeout handler · 550e0ea7
      Sagi Grimberg 提交于
      [ Upstream commit 4c174e6366746ae8d49f9cc409f728eebb7a9ac9 ]
      
      Currently, we have several problems with the timeout
      handler:
      1. If we timeout on the controller establishment flow, we will hang
      because we don't execute the error recovery (and we shouldn't because
      the create_ctrl flow needs to fail and cleanup on its own)
      2. We might also hang if we get a disconnet on a queue while the
      controller is already deleting. This racy flow can cause the controller
      disable/shutdown admin command to hang.
      
      We cannot complete a timed out request from the timeout handler without
      mutual exclusion from the teardown flow (e.g. nvme_rdma_error_recovery_work).
      So we serialize it in the timeout handler and teardown io and admin
      queues to guarantee that no one races with us from completing the
      request.
      Reported-by: NJaesoo Lee <jalee@purestorage.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NSagi Grimberg <sagi@grimberg.me>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      550e0ea7
    • H
      hv_netvsc: Fix hash key value reset after other ops · bbbb9874
      Haiyang Zhang 提交于
      [ Upstream commit 17d91256898402daf4425cc541ac9cbf64574d9a ]
      
      Changing mtu, channels, or buffer sizes ops call to netvsc_attach(),
      rndis_set_subchannel(), which always reset the hash key to default
      value. That will override hash key changed previously. This patch
      fixes the problem by save the hash key, then restore it when we re-
      add the netvsc device.
      
      Fixes: ff4a4419 ("netvsc: allow get/set of RSS indirection table")
      Signed-off-by: NHaiyang Zhang <haiyangz@microsoft.com>
      Reviewed-by: NMichael Kelley <mikelley@microsoft.com>
      [sl: fix up subject line]
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      bbbb9874
    • H
      hv_netvsc: Refactor assignments of struct netvsc_device_info · d2ce8e1b
      Haiyang Zhang 提交于
      [ Upstream commit 7c9f335a3ff20557a92584199f3d35c7e992bbe5 ]
      
      These assignments occur in multiple places. The patch refactor them
      to a function for simplicity. It also puts the struct to heap area
      for future expension.
      Signed-off-by: NHaiyang Zhang <haiyangz@microsoft.com>
      Reviewed-by: NMichael Kelley <mikelley@microsoft.com>
      [sl: fix up subject line]
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      d2ce8e1b
    • H
      hv_netvsc: Fix ethtool change hash key error · 51b547f2
      Haiyang Zhang 提交于
      [ Upstream commit b4a10c750424e01b5e37372fef0a574ebf7b56c3 ]
      
      Hyper-V hosts require us to disable RSS before changing RSS key,
      otherwise the changing request will fail. This patch fixes the
      coding error.
      
      Fixes: ff4a4419 ("netvsc: allow get/set of RSS indirection table")
      Reported-by: NWei Hu <weh@microsoft.com>
      Signed-off-by: NHaiyang Zhang <haiyangz@microsoft.com>
      Reviewed-by: NMichael Kelley <mikelley@microsoft.com>
      [sl: fix up subject line]
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      51b547f2
    • A
      net: altera_tse: fix connect_local_phy error path · ad74456b
      Atsushi Nemoto 提交于
      [ Upstream commit 17b42a20d7ca59377788c6a2409e77569570cc10 ]
      
      The connect_local_phy should return NULL (not negative errno) on
      error, since its caller expects it.
      Signed-off-by: NAtsushi Nemoto <atsushi.nemoto@sord.co.jp>
      Acked-by: NThor Thayer <thor.thayer@linux.intel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      ad74456b
    • V
      scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() · 9de38811
      Varun Prakash 提交于
      [ Upstream commit fe35a40e675473eb65f2f5462b82770f324b5689 ]
      
      Assign fc_vport to ln->fc_vport before calling csio_fcoe_alloc_vnp() to
      avoid a NULL pointer dereference in csio_vport_set_state().
      
      ln->fc_vport is dereferenced in csio_vport_set_state().
      Signed-off-by: NVarun Prakash <varun@chelsio.com>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      9de38811
    • E
      scsi: lpfc: nvmet: avoid hang / use-after-free when destroying targetport · ee2a02a6
      Ewan D. Milne 提交于
      [ Upstream commit c41f59884be5cca293ed61f3d64637dbba3a6381 ]
      
      We cannot wait on a completion object in the lpfc_nvme_targetport structure
      in the _destroy_targetport() code path because the NVMe/fc transport will
      free that structure immediately after the .targetport_delete() callback.
      This results in a use-after-free, and a hang if slub_debug=FZPU is enabled.
      
      Fix this by putting the completion on the stack.
      Signed-off-by: NEwan D. Milne <emilne@redhat.com>
      Acked-by: NJames Smart <james.smart@broadcom.com>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      ee2a02a6
    • E
      scsi: lpfc: nvme: avoid hang / use-after-free when destroying localport · 30b62656
      Ewan D. Milne 提交于
      [ Upstream commit 7961cba6f7d8215fa632df3d220e5154bb825249 ]
      
      We cannot wait on a completion object in the lpfc_nvme_lport structure in
      the _destroy_localport() code path because the NVMe/fc transport will free
      that structure immediately after the .localport_delete() callback.  This
      results in a use-after-free, and a hang if slub_debug=FZPU is enabled.
      
      Fix this by putting the completion on the stack.
      Signed-off-by: NEwan D. Milne <emilne@redhat.com>
      Acked-by: NJames Smart <james.smart@broadcom.com>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      30b62656
    • T
      writeback: synchronize sync(2) against cgroup writeback membership switches · edca54b8
      Tejun Heo 提交于
      [ Upstream commit 7fc5854f8c6efae9e7624970ab49a1eac2faefb1 ]
      
      sync_inodes_sb() can race against cgwb (cgroup writeback) membership
      switches and fail to writeback some inodes.  For example, if an inode
      switches to another wb while sync_inodes_sb() is in progress, the new
      wb might not be visible to bdi_split_work_to_wbs() at all or the inode
      might jump from a wb which hasn't issued writebacks yet to one which
      already has.
      
      This patch adds backing_dev_info->wb_switch_rwsem to synchronize cgwb
      switch path against sync_inodes_sb() so that sync_inodes_sb() is
      guaranteed to see all the target wbs and inodes can't jump wbs to
      escape syncing.
      
      v2: Fixed misplaced rwsem init.  Spotted by Jiufei.
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Reported-by: NJiufei Xue <xuejiufei@gmail.com>
      Link: http://lkml.kernel.org/r/dc694ae2-f07f-61e1-7097-7c8411cee12d@gmail.comAcked-by: NJan Kara <jack@suse.cz>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      edca54b8
    • E
      direct-io: allow direct writes to empty inodes · c5a1dc25
      Ernesto A. Fernández 提交于
      [ Upstream commit 8b9433eb4de3c26a9226c981c283f9f4896ae030 ]
      
      On a DIO_SKIP_HOLES filesystem, the ->get_block() method is currently
      not allowed to create blocks for an empty inode.  This confusion comes
      from trying to bit shift a negative number, so check the size of the
      inode first.
      
      The problem is most visible for hfsplus, because the fallback to
      buffered I/O doesn't happen and the write fails with EIO.  This is in
      part the fault of the module, because it gives a wrong return value on
      ->get_block(); that will be fixed in a separate patch.
      Reviewed-by: NJeff Moyer <jmoyer@redhat.com>
      Reviewed-by: NJan Kara <jack@suse.cz>
      Signed-off-by: NErnesto A. Fernández <ernesto.mnd.fernandez@gmail.com>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      c5a1dc25
    • L
      staging: android: ion: Support cpu access during dma_buf_detach · bcb8e0a2
      Liam Mark 提交于
      [ Upstream commit 31eb79db420a3f94c4c45a8c0a05cd30e333f981 ]
      
      Often userspace doesn't know when the kernel will be calling dma_buf_detach
      on the buffer.
      If userpace starts its CPU access at the same time as the sg list is being
      freed it could end up accessing the sg list after it has been freed.
      
      Thread A				Thread B
      - DMA_BUF_IOCTL_SYNC IOCT
       - ion_dma_buf_begin_cpu_access
        - list_for_each_entry
      					- ion_dma_buf_detatch
      					 - free_duped_table
         - dma_sync_sg_for_cpu
      
      Fix this by getting the ion_buffer lock before freeing the sg table memory.
      
      Fixes: 2a55e7b5 ("staging: android: ion: Call dma_map_sg for syncing and mapping")
      Signed-off-by: NLiam Mark <lmark@codeaurora.org>
      Acked-by: NLaura Abbott <labbott@redhat.com>
      Acked-by: NAndrew F. Davis <afd@ti.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      bcb8e0a2
    • P
      drm/sun4i: hdmi: Fix usage of TMDS clock · f7357735
      Priit Laes 提交于
      [ Upstream commit 5e1bc251cebc84b41b8eb5d2434e54d939a85430 ]
      
      Although TMDS clock is required for HDMI to properly function,
      nobody called clk_prepare_enable(). This fixes reference counting
      issues and makes sure clock is running when it needs to be running.
      
      Due to TDMS clock being parent clock for DDC clock, TDMS clock
      was turned on/off for each EDID probe, causing spurious failures
      for certain HDMI/DVI screens.
      
      Fixes: 9c568101 ("drm/sun4i: Add HDMI support")
      Signed-off-by: NPriit Laes <priit.laes@paf.com>
      [Maxime: Moved the TMDS clock enable earlier]
      Signed-off-by: NMaxime Ripard <maxime.ripard@bootlin.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20190122073232.7240-1-plaes@plaes.orgSigned-off-by: NSasha Levin <sashal@kernel.org>
      f7357735
    • T
      serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling · 89d9a533
      Tomonori Sakita 提交于
      [ Upstream commit 815d835b7ba46685c316b000013367dacb2b461b ]
      
      Using over-sampling ratio, lpuart can accept baud rate upto uartclk / 4.
      Signed-off-by: NTomonori Sakita <tomonori.sakita@sord.co.jp>
      Signed-off-by: NAtsushi Nemoto <atsushi.nemoto@sord.co.jp>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      89d9a533
    • M
      tty: serial: qcom_geni_serial: Allow mctrl when flow control is disabled · 1ed436cd
      Matthias Kaehlcke 提交于
      [ Upstream commit e8a6ca808c5ed1e2b43ab25f1f2cbd43a7574f73 ]
      
      The geni set/get_mctrl() functions currently do nothing unless
      hardware flow control is enabled. Remove this arbitrary limitation.
      Suggested-by: NJohan Hovold <johan@kernel.org>
      Fixes: 8a8a66a1 ("tty: serial: qcom_geni_serial: Add support for flow control")
      Signed-off-by: NMatthias Kaehlcke <mka@chromium.org>
      Reviewed-by: NJohan Hovold <johan@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      1ed436cd
    • K
      drm/amd/powerplay: OD setting fix on Vega10 · 8c5571b9
      Kenneth Feng 提交于
      [ Upstream commit 6d87dc97eb3341de3f7b1efa3156cb0e014f4a96 ]
      
      gfxclk for OD setting is limited to 1980M for non-acg
      ASICs of Vega10
      Signed-off-by: NKenneth Feng <kenneth.feng@amd.com>
      Reviewed-by: NEvan Quan <evan.quan@amd.com>
      Signed-off-by: NAlex Deucher <alexander.deucher@amd.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      8c5571b9
    • X
      locking/rwsem: Fix (possible) missed wakeup · 9ad6216e
      Xie Yongji 提交于
      [ Upstream commit e158488be27b157802753a59b336142dc0eb0380 ]
      
      Because wake_q_add() can imply an immediate wakeup (cmpxchg failure
      case), we must not rely on the wakeup being delayed. However, commit:
      
        e3851390 ("locking/rwsem: Rework zeroing reader waiter->task")
      
      relies on exactly that behaviour in that the wakeup must not happen
      until after we clear waiter->task.
      
      [ peterz: Added changelog. ]
      Signed-off-by: NXie Yongji <xieyongji@baidu.com>
      Signed-off-by: NZhang Yu <zhangyu31@baidu.com>
      Signed-off-by: NPeter Zijlstra (Intel) <peterz@infradead.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Fixes: e3851390 ("locking/rwsem: Rework zeroing reader waiter->task")
      Link: https://lkml.kernel.org/r/1543495830-2644-1-git-send-email-xieyongji@baidu.comSigned-off-by: NIngo Molnar <mingo@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      9ad6216e
    • P
      futex: Fix (possible) missed wakeup · 2368e6d3
      Peter Zijlstra 提交于
      [ Upstream commit b061c38bef43406df8e73c5be06cbfacad5ee6ad ]
      
      We must not rely on wake_q_add() to delay the wakeup; in particular
      commit:
      
        1d0dcb3a ("futex: Implement lockless wakeups")
      
      moved wake_q_add() before smp_store_release(&q->lock_ptr, NULL), which
      could result in futex_wait() waking before observing ->lock_ptr ==
      NULL and going back to sleep again.
      Signed-off-by: NPeter Zijlstra (Intel) <peterz@infradead.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Fixes: 1d0dcb3a ("futex: Implement lockless wakeups")
      Signed-off-by: NIngo Molnar <mingo@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      2368e6d3
    • P
      sched/wake_q: Fix wakeup ordering for wake_q · 653a1dbc
      Peter Zijlstra 提交于
      [ Upstream commit 4c4e3731564c8945ac5ac90fc2a1e1f21cb79c92 ]
      
      Notable cmpxchg() does not provide ordering when it fails, however
      wake_q_add() requires ordering in this specific case too. Without this
      it would be possible for the concurrent wakeup to not observe our
      prior state.
      
      Andrea Parri provided:
      
        C wake_up_q-wake_q_add
      
        {
      	int next = 0;
      	int y = 0;
        }
      
        P0(int *next, int *y)
        {
      	int r0;
      
      	/* in wake_up_q() */
      
      	WRITE_ONCE(*next, 1);   /* node->next = NULL */
      	smp_mb();               /* implied by wake_up_process() */
      	r0 = READ_ONCE(*y);
        }
      
        P1(int *next, int *y)
        {
      	int r1;
      
      	/* in wake_q_add() */
      
      	WRITE_ONCE(*y, 1);      /* wake_cond = true */
      	smp_mb__before_atomic();
      	r1 = cmpxchg_relaxed(next, 1, 2);
        }
      
        exists (0:r0=0 /\ 1:r1=0)
      
        This "exists" clause cannot be satisfied according to the LKMM:
      
        Test wake_up_q-wake_q_add Allowed
        States 3
        0:r0=0; 1:r1=1;
        0:r0=1; 1:r1=0;
        0:r0=1; 1:r1=1;
        No
        Witnesses
        Positive: 0 Negative: 3
        Condition exists (0:r0=0 /\ 1:r1=0)
        Observation wake_up_q-wake_q_add Never 0 3
      Reported-by: NYongji Xie <elohimes@gmail.com>
      Signed-off-by: NPeter Zijlstra (Intel) <peterz@infradead.org>
      Cc: Davidlohr Bueso <dave@stgolabs.net>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Waiman Long <longman@redhat.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Signed-off-by: NIngo Molnar <mingo@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      653a1dbc
    • P
      sched/wait: Fix rcuwait_wake_up() ordering · 5024f0a2
      Prateek Sood 提交于
      [ Upstream commit 6dc080eeb2ba01973bfff0d79844d7a59e12542e ]
      
      For some peculiar reason rcuwait_wake_up() has the right barrier in
      the comment, but not in the code.
      
      This mistake has been observed to cause a deadlock in the following
      situation:
      
          P1					P2
      
          percpu_up_read()			percpu_down_write()
            rcu_sync_is_idle() // false
      					  rcu_sync_enter()
      					  ...
            __percpu_up_read()
      
      [S] ,-  __this_cpu_dec(*sem->read_count)
          |   smp_rmb();
      [L] |   task = rcu_dereference(w->task) // NULL
          |
          |				    [S]	    w->task = current
          |					    smp_mb();
          |				    [L]	    readers_active_check() // fail
          `-> <store happens here>
      
      Where the smp_rmb() (obviously) fails to constrain the store.
      
      [ peterz: Added changelog. ]
      Signed-off-by: NPrateek Sood <prsood@codeaurora.org>
      Signed-off-by: NPeter Zijlstra (Intel) <peterz@infradead.org>
      Reviewed-by: NAndrea Parri <andrea.parri@amarulasolutions.com>
      Acked-by: NDavidlohr Bueso <dbueso@suse.de>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Fixes: 8f95c90c ("sched/wait, RCU: Introduce rcuwait machinery")
      Link: https://lkml.kernel.org/r/1543590656-7157-1-git-send-email-prsood@codeaurora.orgSigned-off-by: NIngo Molnar <mingo@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      5024f0a2
    • B
      mac80211: fix miscounting of ttl-dropped frames · a2887f6f
      Bob Copeland 提交于
      [ Upstream commit a0dc02039a2ee54fb4ae400e0b755ed30e73e58c ]
      
      In ieee80211_rx_h_mesh_fwding, we increment the 'dropped_frames_ttl'
      counter when we decrement the ttl to zero.  For unicast frames
      destined for other hosts, we stop processing the frame at that point.
      
      For multicast frames, we do not rebroadcast it in this case, but we
      do pass the frame up the stack to process it on this STA.  That
      doesn't match the usual definition of "dropped," so don't count
      those as such.
      
      With this change, something like `ping6 -i0.2 ff02::1%mesh0` from a
      peer in a ttl=1 network no longer increments the counter rapidly.
      Signed-off-by: NBob Copeland <bobcopeland@fb.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      a2887f6f
    • N
      staging: rtl8723bs: Fix build error with Clang when inlining is disabled · bbc300c8
      Nathan Chancellor 提交于
      [ Upstream commit 97715058b70da1262fd07798c8b2e3e894f759dd ]
      
      When CONFIG_NO_AUTO_INLINE was present in linux-next (which added
      '-fno-inline-functions' to KBUILD_CFLAGS), an allyesconfig build with
      Clang failed at the modpost stage:
      
      ERROR: "is_broadcast_mac_addr" [drivers/staging/rtl8723bs/r8723bs.ko] undefined!
      ERROR: "is_zero_mac_addr" [drivers/staging/rtl8723bs/r8723bs.ko] undefined!
      ERROR: "is_multicast_mac_addr" [drivers/staging/rtl8723bs/r8723bs.ko] undefined!
      
      These functions were marked as extern inline, meaning that if inlining
      doesn't happen, the function will be undefined, as it is above.
      
      This happens to work with GCC because the '-fno-inline-functions' option
      respects the __inline attribute so all instances of these functions are
      inlined as expected and the definition doesn't actually matter. However,
      with Clang and '-fno-inline-functions', a function has to be marked with
      the __always_inline attribute to be considered for inlining, which none
      of these functions are. Clang tries to find the symbol definition
      elsewhere as it was told and fails, which trickles down to modpost.
      
      To make sure that this code compiles regardless of compiler and make the
      intention of the code clearer, use 'static' to ensure these functions
      are always defined, regardless of inlining. Additionally, silence a
      checkpatch warning by switching from '__inline' to 'inline'.
      Signed-off-by: NNathan Chancellor <natechancellor@gmail.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      bbc300c8
    • A
      drivers: thermal: int340x_thermal: Fix sysfs race condition · a99e0377
      Aaron Hill 提交于
      [ Upstream commit 129699bb8c7572106b5bbb2407c2daee4727ccad ]
      
      Changes since V1:
      * Use dev_info instead of printk
      * Use dev_warn instead of BUG_ON
      
      Previously, sysfs_create_group was called before all initialization had
      fully run - specifically, before pci_set_drvdata was called. Since the
      sysctl group is visible to userspace as soon as sysfs_create_group
      returns, a small window of time existed during which a process could read
      from an uninitialized/partially-initialized device.
      
      This commit moves the creation of the sysctl group to after all
      initialized is completed. This ensures that it's impossible for
      userspace to read from a sysctl file before initialization has fully
      completed.
      
      To catch any future regressions, I've added a check to ensure
      that proc_thermal_emum_mode is never PROC_THERMAL_NONE when a process
      tries to read from a sysctl file. Previously, the aforementioned race
      condition could result in the 'else' branch
      running while PROC_THERMAL_NONE was set,
      leading to a null pointer deference.
      Signed-off-by: NAaron Hill <aa1ronham@gmail.com>
      Signed-off-by: NZhang Rui <rui.zhang@intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      a99e0377
    • V
      ARC: show_regs: lockdep: avoid page allocator... · 4749ffdf
      Vineet Gupta 提交于
      [ Upstream commit ab6c03676cb190156603cf4c5ecf97aa406c9c53 ]
      
      and use smaller/on-stack buffer instead
      
      The motivation for this change was lockdep splat like below.
      
      | potentially unexpected fatal signal 11.
      | BUG: sleeping function called from invalid context at ../mm/page_alloc.c:4317
      | in_atomic(): 1, irqs_disabled(): 0, pid: 57, name: segv
      | no locks held by segv/57.
      | Preemption disabled at:
      | [<8182f17e>] get_signal+0x4a6/0x7c4
      | CPU: 0 PID: 57 Comm: segv Not tainted 4.17.0+ #23
      |
      | Stack Trace:
      |  arc_unwind_core.constprop.1+0xd0/0xf4
      |  __might_sleep+0x1f6/0x234
      |  __get_free_pages+0x174/0xca0
      |  show_regs+0x22/0x330
      |  get_signal+0x4ac/0x7c4     # print_fatal_signals() -> preempt_disable()
      |  do_signal+0x30/0x224
      |  resume_user_mode_begin+0x90/0xd8
      
      So signal handling core calls show_regs() with preemption disabled but
      an ensuing GFP_KERNEL page allocator call is flagged by lockdep.
      
      We could have switched to GFP_NOWAIT, but turns out that is not enough
      anways and eliding page allocator call leads to less code and
      instruction traces to sift thru when debugging pesky crashes.
      
      FWIW, this patch doesn't cure the lockdep splat (which next patch does).
      Reviewed-by: NWilliam Kucharski <william.kucharski@oracle.com>
      Signed-off-by: NVineet Gupta <vgupta@synopsys.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      4749ffdf
    • E
      ARC: fix __ffs return value to avoid build warnings · 4e34dd37
      Eugeniy Paltsev 提交于
      [ Upstream commit 4e868f8419cb4cb558c5d428e7ab5629cef864c7 ]
      
      |  CC      mm/nobootmem.o
      |In file included from ./include/asm-generic/bug.h:18:0,
      |                 from ./arch/arc/include/asm/bug.h:32,
      |                 from ./include/linux/bug.h:5,
      |                 from ./include/linux/mmdebug.h:5,
      |                 from ./include/linux/gfp.h:5,
      |                 from ./include/linux/slab.h:15,
      |                 from mm/nobootmem.c:14:
      |mm/nobootmem.c: In function '__free_pages_memory':
      |./include/linux/kernel.h:845:29: warning: comparison of distinct pointer types lacks a cast
      |   (!!(sizeof((typeof(x) *)1 == (typeof(y) *)1)))
      |                             ^
      |./include/linux/kernel.h:859:4: note: in expansion of macro '__typecheck'
      |   (__typecheck(x, y) && __no_side_effects(x, y))
      |    ^~~~~~~~~~~
      |./include/linux/kernel.h:869:24: note: in expansion of macro '__safe_cmp'
      |  __builtin_choose_expr(__safe_cmp(x, y), \
      |                        ^~~~~~~~~~
      |./include/linux/kernel.h:878:19: note: in expansion of macro '__careful_cmp'
      | #define min(x, y) __careful_cmp(x, y, <)
      |                   ^~~~~~~~~~~~~
      |mm/nobootmem.c:104:11: note: in expansion of macro 'min'
      |   order = min(MAX_ORDER - 1UL, __ffs(start));
      
      Change __ffs return value from 'int' to 'unsigned long' as it
      is done in other implementations (like asm-generic, x86, etc...)
      to avoid build-time warnings in places where type is strictly
      checked.
      
      As __ffs may return values in [0-31] interval changing return
      type to unsigned is valid.
      Signed-off-by: NEugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
      Signed-off-by: NVineet Gupta <vgupta@synopsys.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      4e34dd37
    • Y
      irqchip/gic-v3-mbi: Fix uninitialized mbi_lock · 0655618d
      Yang Yingliang 提交于
      [ Upstream commit c530bb8a726a37811e9fb5d68cd6b5408173b545 ]
      
      The mbi_lock mutex is left uninitialized, so let's use DEFINE_MUTEX
      to initialize it statically.
      
      Fixes: 50528752 ("irqchip/gic-v3: Add support for Message Based Interrupts as an MSI controller")
      Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
      Signed-off-by: NMarc Zyngier <marc.zyngier@arm.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      0655618d
    • G
      selftests: gpio-mockup-chardev: Check asprintf() for error · f352e84e
      Geert Uytterhoeven 提交于
      [ Upstream commit 508cacd7da6659ae7b7bdd0a335f675422277758 ]
      
      With gcc 7.3.0:
      
          gpio-mockup-chardev.c: In function ‘get_debugfs’:
          gpio-mockup-chardev.c:62:3: warning: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Wunused-result]
             asprintf(path, "%s/gpio", mnt_fs_get_target(fs));
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Handle asprintf() failures to fix this.
      Signed-off-by: NGeert Uytterhoeven <geert+renesas@glider.be>
      Signed-off-by: NShuah Khan <shuah@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      f352e84e
    • F
      selftests: seccomp: use LDLIBS instead of LDFLAGS · 357d9c7a
      Fathi Boudra 提交于
      [ Upstream commit 5bbc73a841d7f0bbe025a342146dde462a796a5a ]
      
      seccomp_bpf fails to build due to undefined reference errors:
      
       aarch64-linaro-linux-gcc --sysroot=/build/tmp-rpb-glibc/sysroots/hikey
       -O2 -pipe -g -feliminate-unused-debug-types -Wl,-no-as-needed -Wall
       -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -lpthread seccomp_bpf.c -o
       /build/tmp-rpb-glibc/work/hikey-linaro-linux/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf
       /tmp/ccrlR3MW.o: In function `tsync_sibling':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1920: undefined reference to `sem_post'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1920: undefined reference to `sem_post'
       /tmp/ccrlR3MW.o: In function `TSYNC_setup':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1863: undefined reference to `sem_init'
       /tmp/ccrlR3MW.o: In function `TSYNC_teardown':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1904: undefined reference to `sem_destroy'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1897: undefined reference to `pthread_kill'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1898: undefined reference to `pthread_cancel'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1899: undefined reference to `pthread_join'
       /tmp/ccrlR3MW.o: In function `tsync_start_sibling':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
       /tmp/ccrlR3MW.o: In function `TSYNC_siblings_fail_prctl':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1978: undefined reference to `sem_wait'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1990: undefined reference to `pthread_join'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1992: undefined reference to `pthread_join'
       /tmp/ccrlR3MW.o: In function `tsync_start_sibling':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
       /tmp/ccrlR3MW.o: In function `TSYNC_two_siblings_with_ancestor':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2016: undefined reference to `sem_wait'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2032: undefined reference to `pthread_join'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2034: undefined reference to `pthread_join'
       /tmp/ccrlR3MW.o: In function `tsync_start_sibling':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
       /tmp/ccrlR3MW.o: In function `TSYNC_two_sibling_want_nnp':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2046: undefined reference to `sem_wait'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2058: undefined reference to `pthread_join'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2060: undefined reference to `pthread_join'
       /tmp/ccrlR3MW.o: In function `tsync_start_sibling':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
       /tmp/ccrlR3MW.o: In function `TSYNC_two_siblings_with_no_filter':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2073: undefined reference to `sem_wait'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2098: undefined reference to `pthread_join'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2100: undefined reference to `pthread_join'
       /tmp/ccrlR3MW.o: In function `tsync_start_sibling':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
       /tmp/ccrlR3MW.o: In function `TSYNC_two_siblings_with_one_divergence':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2125: undefined reference to `sem_wait'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2143: undefined reference to `pthread_join'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2145: undefined reference to `pthread_join'
       /tmp/ccrlR3MW.o: In function `tsync_start_sibling':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
       /tmp/ccrlR3MW.o: In function `TSYNC_two_siblings_not_under_filter':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2169: undefined reference to `sem_wait'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2202: undefined reference to `pthread_join'
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:2227: undefined reference to `pthread_join'
       /tmp/ccrlR3MW.o: In function `tsync_start_sibling':
       /usr/src/debug/kselftests/4.12-r0/linux-4.12-rc7/tools/testing/selftests/seccomp/seccomp_bpf.c:1941: undefined reference to `pthread_create'
      
      It's GNU Make and linker specific.
      
      The default Makefile rule looks like:
      
      $(CC) $(CFLAGS) $(LDFLAGS) $@ $^ $(LDLIBS)
      
      When linking is done by gcc itself, no issue, but when it needs to be passed
      to proper ld, only LDLIBS follows and then ld cannot know what libs to link
      with.
      
      More detail:
      https://www.gnu.org/software/make/manual/html_node/Implicit-Variables.html
      
      LDFLAGS
      Extra flags to give to compilers when they are supposed to invoke the linker,
      ‘ld’, such as -L. Libraries (-lfoo) should be added to the LDLIBS variable
      instead.
      
      LDLIBS
      Library flags or names given to compilers when they are supposed to invoke the
      linker, ‘ld’. LOADLIBES is a deprecated (but still supported) alternative to
      LDLIBS. Non-library linker flags, such as -L, should go in the LDFLAGS
      variable.
      
      https://lkml.org/lkml/2010/2/10/362
      
      tools/perf: libraries must come after objects
      
      Link order matters, use LDLIBS instead of LDFLAGS to properly link against
      libpthread.
      Signed-off-by: NFathi Boudra <fathi.boudra@linaro.org>
      Acked-by: NKees Cook <keescook@chromium.org>
      Signed-off-by: NShuah Khan <shuah@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      357d9c7a
    • A
      phy: ath79-usb: Fix the main reset name to match the DT binding · eecde0a0
      Alban Bedel 提交于
      [ Upstream commit 827cb0323928952c0db9515aba9d534fb1285b3f ]
      
      I submitted this driver several times before it got accepted. The
      first series hasn't been accepted but the DTS binding did made it.
      I then made a second series that added generic reset support to the
      PHY core, this in turn required a change to the DT binding. This
      second series seemed to have been ignored, so I did a third one
      without the change to the PHY core and the DT binding update, and this
      last attempt finally made it.
      
      But two months later the DT binding update from the second series has
      been integrated too. So now the driver doesn't match the binding and
      the only DTS using it. This patch fix the driver to match the new
      binding.
      Signed-off-by: NAlban Bedel <albeu@free.fr>
      Signed-off-by: NKishon Vijay Abraham I <kishon@ti.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      eecde0a0
    • A
      phy: ath79-usb: Fix the power on error path · e55af638
      Alban Bedel 提交于
      [ Upstream commit 009808154c69c48d5b41fc8cf5ad5ab5704efd8f ]
      
      In the power on function the error path doesn't return the suspend
      override to its proper state. It should should deassert this reset
      line to enable the suspend override.
      Signed-off-by: NAlban Bedel <albeu@free.fr>
      Signed-off-by: NKishon Vijay Abraham I <kishon@ti.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      e55af638
    • A
      selftests/vm/gup_benchmark.c: match gup struct to kernel · fc8176da
      Alison Schofield 提交于
      [ Upstream commit 91cd63d320f84dcbf21d4327f31f7e1f85adebd0 ]
      
      An expansion field was added to the kernel copy of this structure for
      future use. See mm/gup_benchmark.c.
      
      Add the same expansion field here, so that the IOCTL command decodes
      correctly. Otherwise, it fails with EINVAL.
      Signed-off-by: NAlison Schofield <alison.schofield@intel.com>
      Acked-by: NKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Signed-off-by: NShuah Khan <shuah@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      fc8176da
    • S
      ASoC: imx-audmux: change snprintf to scnprintf for possible overflow · 7bba7aff
      Silvio Cesare 提交于
      [ Upstream commit c407cd008fd039320d147088b52d0fa34ed3ddcb ]
      
      Change snprintf to scnprintf. There are generally two cases where using
      snprintf causes problems.
      
      1) Uses of size += snprintf(buf, SIZE - size, fmt, ...)
      In this case, if snprintf would have written more characters than what the
      buffer size (SIZE) is, then size will end up larger than SIZE. In later
      uses of snprintf, SIZE - size will result in a negative number, leading
      to problems. Note that size might already be too large by using
      size = snprintf before the code reaches a case of size += snprintf.
      
      2) If size is ultimately used as a length parameter for a copy back to user
      space, then it will potentially allow for a buffer overflow and information
      disclosure when size is greater than SIZE. When the size is used to index
      the buffer directly, we can have memory corruption. This also means when
      size = snprintf... is used, it may also cause problems since size may become
      large.  Copying to userspace is mitigated by the HARDENED_USERCOPY kernel
      configuration.
      
      The solution to these issues is to use scnprintf which returns the number of
      characters actually written to the buffer, so the size variable will never
      exceed SIZE.
      Signed-off-by: NSilvio Cesare <silvio.cesare@gmail.com>
      Cc: Timur Tabi <timur@kernel.org>
      Cc: Nicolin Chen <nicoleotsuka@gmail.com>
      Cc: Mark Brown <broonie@kernel.org>
      Cc: Xiubo Li <Xiubo.Lee@gmail.com>
      Cc: Fabio Estevam <fabio.estevam@nxp.com>
      Cc: Dan Carpenter <dan.carpenter@oracle.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: Greg KH <greg@kroah.com>
      Signed-off-by: NWilly Tarreau <w@1wt.eu>
      Acked-by: NNicolin Chen <nicoleotsuka@gmail.com>
      Reviewed-by: NKees Cook <keescook@chromium.org>
      Signed-off-by: NMark Brown <broonie@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      7bba7aff
    • S
      ASoC: dapm: change snprintf to scnprintf for possible overflow · 9500ecb9
      Silvio Cesare 提交于
      [ Upstream commit e581e151e965bf1f2815dd94620b638fec4d0a7e ]
      
      Change snprintf to scnprintf. There are generally two cases where using
      snprintf causes problems.
      
      1) Uses of size += snprintf(buf, SIZE - size, fmt, ...)
      In this case, if snprintf would have written more characters than what the
      buffer size (SIZE) is, then size will end up larger than SIZE. In later
      uses of snprintf, SIZE - size will result in a negative number, leading
      to problems. Note that size might already be too large by using
      size = snprintf before the code reaches a case of size += snprintf.
      
      2) If size is ultimately used as a length parameter for a copy back to user
      space, then it will potentially allow for a buffer overflow and information
      disclosure when size is greater than SIZE. When the size is used to index
      the buffer directly, we can have memory corruption. This also means when
      size = snprintf... is used, it may also cause problems since size may become
      large.  Copying to userspace is mitigated by the HARDENED_USERCOPY kernel
      configuration.
      
      The solution to these issues is to use scnprintf which returns the number of
      characters actually written to the buffer, so the size variable will never
      exceed SIZE.
      Signed-off-by: NSilvio Cesare <silvio.cesare@gmail.com>
      Cc: Liam Girdwood <lgirdwood@gmail.com>
      Cc: Mark Brown <broonie@kernel.org>
      Cc: Dan Carpenter <dan.carpenter@oracle.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: Greg KH <greg@kroah.com>
      Signed-off-by: NWilly Tarreau <w@1wt.eu>
      Signed-off-by: NMark Brown <broonie@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      9500ecb9
    • S
      ASoC: rt5682: Fix PLL source register definitions · 375a9673
      Shuming Fan 提交于
      [ Upstream commit ee7ea2a9a318a89d21b156dc75e54d53904bdbe5 ]
      
      Fix typo which causes headphone no sound while using BCLK
      as PLL source.
      Signed-off-by: NShuming Fan <shumingf@realtek.com>
      Signed-off-by: NMark Brown <broonie@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      375a9673
    • P
      x86/mm/mem_encrypt: Fix erroneous sizeof() · 7ff77864
      Peng Hao 提交于
      [ Upstream commit bf7d28c53453ea904584960de55e33e03b9d93b1 ]
      
      Using sizeof(pointer) for determining the size of a memset() only works
      when the size of the pointer and the size of type to which it points are
      the same. For pte_t this is only true for 64bit and 32bit-NONPAE. On 32bit
      PAE systems this is wrong as the pointer size is 4 byte but the PTE entry
      is 8 bytes. It's actually not a real world issue as this code depends on
      64bit, but it's wrong nevertheless.
      
      Use sizeof(*p) for correctness sake.
      
      Fixes: aad98391 ("x86/mm/encrypt: Simplify sme_populate_pgd() and sme_populate_pgd_large()")
      Signed-off-by: NPeng Hao <peng.hao2@zte.com.cn>
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: dave.hansen@linux.intel.com
      Cc: peterz@infradead.org
      Cc: luto@kernel.org
      Link: https://lkml.kernel.org/r/1546065252-97996-1-git-send-email-peng.hao2@zte.com.cnSigned-off-by: NSasha Levin <sashal@kernel.org>
      7ff77864
    • S
      genirq: Make sure the initial affinity is not empty · 17fab891
      Srinivas Ramana 提交于
      [ Upstream commit bddda606ec76550dd63592e32a6e87e7d32583f7 ]
      
      If all CPUs in the irq_default_affinity mask are offline when an interrupt
      is initialized then irq_setup_affinity() can set an empty affinity mask for
      a newly allocated interrupt.
      
      Fix this by falling back to cpu_online_mask in case the resulting affinity
      mask is zero.
      Signed-off-by: NSrinivas Ramana <sramana@codeaurora.org>
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Cc: linux-arm-msm@vger.kernel.org
      Link: https://lkml.kernel.org/r/1545312957-8504-1-git-send-email-sramana@codeaurora.orgSigned-off-by: NSasha Levin <sashal@kernel.org>
      17fab891