1. 02 3月, 2020 6 次提交
  2. 01 3月, 2020 4 次提交
    • L
      Merge branch 'i2c/for-current-fixed' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · fb279f4e
      Linus Torvalds 提交于
      Pull i2c fixes from Wolfram Sang:
       "I2C has three driver bugfixes for you. We agreed on the Mac regression
        to go in via I2C"
      
      * 'i2c/for-current-fixed' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        macintosh: therm_windtunnel: fix regression when instantiating devices
        i2c: altera: Fix potential integer overflow
        i2c: jz4780: silence log flood on txabrt
      fb279f4e
    • D
      ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() · 37b0b6b8
      Dan Carpenter 提交于
      If sbi->s_flex_groups_allocated is zero and the first allocation fails
      then this code will crash.  The problem is that "i--" will set "i" to
      -1 but when we compare "i >= sbi->s_flex_groups_allocated" then the -1
      is type promoted to unsigned and becomes UINT_MAX.  Since UINT_MAX
      is more than zero, the condition is true so we call kvfree(new_groups[-1]).
      The loop will carry on freeing invalid memory until it crashes.
      
      Fixes: 7c990728 ("ext4: fix potential race between s_flex_groups online resizing and access")
      Reviewed-by: NSuraj Jitindar Singh <surajjs@amazon.com>
      Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
      Cc: stable@kernel.org
      Link: https://lore.kernel.org/r/20200228092142.7irbc44yaz3by7nb@kili.mountainSigned-off-by: NTheodore Ts'o <tytso@mit.edu>
      37b0b6b8
    • W
      macintosh: therm_windtunnel: fix regression when instantiating devices · 38b17afb
      Wolfram Sang 提交于
      Removing attach_adapter from this driver caused a regression for at
      least some machines. Those machines had the sensors described in their
      DT, too, so they didn't need manual creation of the sensor devices. The
      old code worked, though, because manual creation came first. Creation of
      DT devices then failed later and caused error logs, but the sensors
      worked nonetheless because of the manually created devices.
      
      When removing attach_adaper, manual creation now comes later and loses
      the race. The sensor devices were already registered via DT, yet with
      another binding, so the driver could not be bound to it.
      
      This fix refactors the code to remove the race and only manually creates
      devices if there are no DT nodes present. Also, the DT binding is updated
      to match both, the DT and manually created devices. Because we don't
      know which device creation will be used at runtime, the code to start
      the kthread is moved to do_probe() which will be called by both methods.
      
      Fixes: 3e7bed52 ("macintosh: therm_windtunnel: drop using attach_adapter")
      Link: https://bugzilla.kernel.org/show_bug.cgi?id=201723Reported-by: NErhard Furtner <erhard_f@mailbox.org>
      Tested-by: NErhard Furtner <erhard_f@mailbox.org>
      Acked-by: Michael Ellerman <mpe@ellerman.id.au> (powerpc)
      Signed-off-by: NWolfram Sang <wsa@the-dreams.de>
      Cc: stable@kernel.org # v4.19+
      38b17afb
    • Q
      jbd2: fix data races at struct journal_head · 6c5d9112
      Qian Cai 提交于
      journal_head::b_transaction and journal_head::b_next_transaction could
      be accessed concurrently as noticed by KCSAN,
      
       LTP: starting fsync04
       /dev/zero: Can't open blockdev
       EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
       EXT4-fs (loop0): mounted filesystem with ordered data mode. Opts: (null)
       ==================================================================
       BUG: KCSAN: data-race in __jbd2_journal_refile_buffer [jbd2] / jbd2_write_access_granted [jbd2]
      
       write to 0xffff99f9b1bd0e30 of 8 bytes by task 25721 on cpu 70:
        __jbd2_journal_refile_buffer+0xdd/0x210 [jbd2]
        __jbd2_journal_refile_buffer at fs/jbd2/transaction.c:2569
        jbd2_journal_commit_transaction+0x2d15/0x3f20 [jbd2]
        (inlined by) jbd2_journal_commit_transaction at fs/jbd2/commit.c:1034
        kjournald2+0x13b/0x450 [jbd2]
        kthread+0x1cd/0x1f0
        ret_from_fork+0x27/0x50
      
       read to 0xffff99f9b1bd0e30 of 8 bytes by task 25724 on cpu 68:
        jbd2_write_access_granted+0x1b2/0x250 [jbd2]
        jbd2_write_access_granted at fs/jbd2/transaction.c:1155
        jbd2_journal_get_write_access+0x2c/0x60 [jbd2]
        __ext4_journal_get_write_access+0x50/0x90 [ext4]
        ext4_mb_mark_diskspace_used+0x158/0x620 [ext4]
        ext4_mb_new_blocks+0x54f/0xca0 [ext4]
        ext4_ind_map_blocks+0xc79/0x1b40 [ext4]
        ext4_map_blocks+0x3b4/0x950 [ext4]
        _ext4_get_block+0xfc/0x270 [ext4]
        ext4_get_block+0x3b/0x50 [ext4]
        __block_write_begin_int+0x22e/0xae0
        __block_write_begin+0x39/0x50
        ext4_write_begin+0x388/0xb50 [ext4]
        generic_perform_write+0x15d/0x290
        ext4_buffered_write_iter+0x11f/0x210 [ext4]
        ext4_file_write_iter+0xce/0x9e0 [ext4]
        new_sync_write+0x29c/0x3b0
        __vfs_write+0x92/0xa0
        vfs_write+0x103/0x260
        ksys_write+0x9d/0x130
        __x64_sys_write+0x4c/0x60
        do_syscall_64+0x91/0xb05
        entry_SYSCALL_64_after_hwframe+0x49/0xbe
      
       5 locks held by fsync04/25724:
        #0: ffff99f9911093f8 (sb_writers#13){.+.+}, at: vfs_write+0x21c/0x260
        #1: ffff99f9db4c0348 (&sb->s_type->i_mutex_key#15){+.+.}, at: ext4_buffered_write_iter+0x65/0x210 [ext4]
        #2: ffff99f5e7dfcf58 (jbd2_handle){++++}, at: start_this_handle+0x1c1/0x9d0 [jbd2]
        #3: ffff99f9db4c0168 (&ei->i_data_sem){++++}, at: ext4_map_blocks+0x176/0x950 [ext4]
        #4: ffffffff99086b40 (rcu_read_lock){....}, at: jbd2_write_access_granted+0x4e/0x250 [jbd2]
       irq event stamp: 1407125
       hardirqs last  enabled at (1407125): [<ffffffff980da9b7>] __find_get_block+0x107/0x790
       hardirqs last disabled at (1407124): [<ffffffff980da8f9>] __find_get_block+0x49/0x790
       softirqs last  enabled at (1405528): [<ffffffff98a0034c>] __do_softirq+0x34c/0x57c
       softirqs last disabled at (1405521): [<ffffffff97cc67a2>] irq_exit+0xa2/0xc0
      
       Reported by Kernel Concurrency Sanitizer on:
       CPU: 68 PID: 25724 Comm: fsync04 Tainted: G L 5.6.0-rc2-next-20200221+ #7
       Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/10/2019
      
      The plain reads are outside of jh->b_state_lock critical section which result
      in data races. Fix them by adding pairs of READ|WRITE_ONCE().
      Reviewed-by: NJan Kara <jack@suse.cz>
      Signed-off-by: NQian Cai <cai@lca.pw>
      Link: https://lore.kernel.org/r/20200222043111.2227-1-cai@lca.pwSigned-off-by: NTheodore Ts'o <tytso@mit.edu>
      6c5d9112
  3. 29 2月, 2020 8 次提交
  4. 28 2月, 2020 22 次提交
    • P
      Merge tag 'kvmarm-fixes-5.6-1' of... · e951445f
      Paolo Bonzini 提交于
      Merge tag 'kvmarm-fixes-5.6-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD
      
      KVM/arm fixes for 5.6, take #1
      
      - Fix compilation on 32bit
      - Move  VHE guest entry/exit into the VHE-specific entry code
      - Make sure all functions called by the non-VHE HYP code is tagged as __always_inline
      e951445f
    • E
      kvm: x86: Limit the number of "kvm: disabled by bios" messages · ef935c25
      Erwan Velu 提交于
      In older version of systemd(219), at boot time, udevadm is called with :
      	/usr/bin/udevadm trigger --type=devices --action=add"
      
      This program generates an echo "add" in /sys/devices/system/cpu/cpu<x>/uevent,
      leading to the "kvm: disabled by bios" message in case of your Bios disabled
      the virtualization extensions.
      
      On a modern system running up to 256 CPU threads, this pollutes the Kernel logs.
      
      This patch offers to ratelimit this message to avoid any userspace program triggering
      this uevent printing this message too often.
      
      This patch is only a workaround but greatly reduce the pollution without
      breaking the current behavior of printing a message if some try to instantiate
      KVM on a system that doesn't support it.
      
      Note that recent versions of systemd (>239) do not have trigger this behavior.
      
      This patch will be useful at least for some using older systemd with recent Kernels.
      Signed-off-by: NErwan Velu <e.velu@criteo.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      ef935c25
    • R
      Merge branches 'pm-sleep' and 'pm-devfreq' · 189c6967
      Rafael J. Wysocki 提交于
      * pm-sleep:
        PM / hibernate: fix typo "reserverd_size" -> "reserved_size"
        Documentation: power: Drop reference to interface.rst
      
      * pm-devfreq:
        Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs"
      189c6967
    • P
      KVM: x86: avoid useless copy of cpufreq policy · aaec7c03
      Paolo Bonzini 提交于
      struct cpufreq_policy is quite big and it is not a good idea
      to allocate one on the stack.  Just use cpufreq_cpu_get and
      cpufreq_cpu_put which is even simpler.
      Reported-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      aaec7c03
    • P
      KVM: allow disabling -Werror · 4f337faf
      Paolo Bonzini 提交于
      Restrict -Werror to well-tested configurations and allow disabling it
      via Kconfig.
      Reported-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      4f337faf
    • V
      KVM: x86: allow compiling as non-module with W=1 · 575b255c
      Valdis Klētnieks 提交于
      Compile error with CONFIG_KVM_INTEL=y and W=1:
      
        CC      arch/x86/kvm/vmx/vmx.o
      arch/x86/kvm/vmx/vmx.c:68:32: error: 'vmx_cpu_id' defined but not used [-Werror=unused-const-variable=]
         68 | static const struct x86_cpu_id vmx_cpu_id[] = {
            |                                ^~~~~~~~~~
      cc1: all warnings being treated as errors
      
      When building with =y, the MODULE_DEVICE_TABLE macro doesn't generate a
      reference to the structure (or any code at all).  This makes W=1 compiles
      unhappy.
      
      Wrap both in a #ifdef to avoid the issue.
      Signed-off-by: NValdis Kletnieks <valdis.kletnieks@vt.edu>
      [Do the same for CONFIG_KVM_AMD. - Paolo]
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      575b255c
    • W
      KVM: Pre-allocate 1 cpumask variable per cpu for both pv tlb and pv ipis · 8a9442f4
      Wanpeng Li 提交于
      Nick Desaulniers Reported:
      
        When building with:
        $ make CC=clang arch/x86/ CFLAGS=-Wframe-larger-than=1000
        The following warning is observed:
        arch/x86/kernel/kvm.c:494:13: warning: stack frame size of 1064 bytes in
        function 'kvm_send_ipi_mask_allbutself' [-Wframe-larger-than=]
        static void kvm_send_ipi_mask_allbutself(const struct cpumask *mask, int
        vector)
                    ^
        Debugging with:
        https://github.com/ClangBuiltLinux/frame-larger-than
        via:
        $ python3 frame_larger_than.py arch/x86/kernel/kvm.o \
          kvm_send_ipi_mask_allbutself
        points to the stack allocated `struct cpumask newmask` in
        `kvm_send_ipi_mask_allbutself`. The size of a `struct cpumask` is
        potentially large, as it's CONFIG_NR_CPUS divided by BITS_PER_LONG for
        the target architecture. CONFIG_NR_CPUS for X86_64 can be as high as
        8192, making a single instance of a `struct cpumask` 1024 B.
      
      This patch fixes it by pre-allocate 1 cpumask variable per cpu and use it for
      both pv tlb and pv ipis..
      Reported-by: NNick Desaulniers <ndesaulniers@google.com>
      Acked-by: NNick Desaulniers <ndesaulniers@google.com>
      Reviewed-by: NVitaly Kuznetsov <vkuznets@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Nick Desaulniers <ndesaulniers@google.com>
      Signed-off-by: NWanpeng Li <wanpengli@tencent.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      8a9442f4
    • W
      KVM: Introduce pv check helpers · a262bca3
      Wanpeng Li 提交于
      Introduce some pv check helpers for consistency.
      Suggested-by: NVitaly Kuznetsov <vkuznets@redhat.com>
      Reviewed-by: NKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      Signed-off-by: NWanpeng Li <wanpengli@tencent.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      a262bca3
    • C
      KVM: let declaration of kvm_get_running_vcpus match implementation · fcd07f9a
      Christian Borntraeger 提交于
      Sparse notices that declaration and implementation do not match:
      arch/s390/kvm/../../../virt/kvm/kvm_main.c:4435:17: warning: incorrect type in return expression (different address spaces)
      arch/s390/kvm/../../../virt/kvm/kvm_main.c:4435:17:    expected struct kvm_vcpu [noderef] <asn:3> **
      arch/s390/kvm/../../../virt/kvm/kvm_main.c:4435:17:    got struct kvm_vcpu *[noderef] <asn:3> *
      Signed-off-by: NChristian Borntraeger <borntraeger@de.ibm.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      fcd07f9a
    • P
      KVM: SVM: allocate AVIC data structures based on kvm_amd module parameter · 7943f4ac
      Paolo Bonzini 提交于
      Even if APICv is disabled at startup, the backing page and ir_list need
      to be initialized in case they are needed later.  The only case in
      which this can be skipped is for userspace irqchip, and that must be
      done because avic_init_backing_page dereferences vcpu->arch.apic
      (which is NULL for userspace irqchip).
      
      Tested-by: rmuncrief@humanavance.com
      Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=206579Reviewed-by: NMiaohe Lin <linmiaohe@huawei.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      7943f4ac
    • L
      Merge tag 'drm-fixes-2020-02-28' of git://anongit.freedesktop.org/drm/drm · 45d0b75b
      Linus Torvalds 提交于
      Pull drm fixes from Dave Airlie:
       "Just some fixes for this week: amdgpu, radeon and i915.
      
        The main i915 one is a regression Gen7 (Ivybridge/Haswell), this moves
        them back from trying to use the full-ppgtt support to the aliasing
        version it used to use due to gpu hangs. Otherwise it's pretty quiet.
      
        amdgpu:
         - Drop DRIVER_USE_AGP
         - Fix memory leak in GPU reset
         - Resume fix for raven
      
        radeon:
         - Drop DRIVER_USE_AGP
      
        i915:
         - downgrade gen7 back to aliasing-ppgtt to avoid GPU hangs
         - shrinker fix
         - pmu leak and double free fixes
         - gvt user after free and virtual display reset fixes
         - randconfig build fix"
      
      * tag 'drm-fixes-2020-02-28' of git://anongit.freedesktop.org/drm/drm:
        drm/radeon: Inline drm_get_pci_dev
        drm/amdgpu: Drop DRIVER_USE_AGP
        drm/i915: Avoid recursing onto active vma from the shrinker
        drm/i915/pmu: Avoid using globals for PMU events
        drm/i915/pmu: Avoid using globals for CPU hotplug state
        drm/i915/gtt: Downgrade gen7 (ivb, byt, hsw) back to aliasing-ppgtt
        drm/i915: fix header test with GCOV
        amdgpu/gmc_v9: save/restore sdpif regs during S3
        drm/amdgpu: fix memory leak during TDR test(v2)
        drm/i915/gvt: Fix orphan vgpu dmabuf_objs' lifetime
        drm/i915/gvt: Separate display reset from ALL_ENGINES reset
      45d0b75b
    • D
      Merge tag 'drm-intel-fixes-2020-02-27' of... · f091bf39
      Dave Airlie 提交于
      Merge tag 'drm-intel-fixes-2020-02-27' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
      
      drm/i915 fixes for v5.6-rc4:
      - downgrade gen7 back to aliasing-ppgtt to avoid GPU hangs
      - shrinker fix
      - pmu leak and double free fixes
      - gvt user after free and virtual display reset fixes
      - randconfig build fix
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      
      From: Jani Nikula <jani.nikula@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/874kvcsh00.fsf@intel.com
      f091bf39
    • D
      Merge tag 'amd-drm-fixes-5.6-2020-02-26' of... · e180af19
      Dave Airlie 提交于
      Merge tag 'amd-drm-fixes-5.6-2020-02-26' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
      
      amd-drm-fixes-5.6-2020-02-26:
      
      amdgpu:
      - Drop DRIVER_USE_AGP
      - Fix memory leak in GPU reset
      - Resume fix for raven
      
      radeon:
      - Drop DRIVER_USE_AGP
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      From: Alex Deucher <alexdeucher@gmail.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20200227034106.3912-1-alexander.deucher@amd.com
      e180af19
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 7058b837
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
      
       1) Fix leak in nl80211 AP start where we leak the ACL memory, from
          Johannes Berg.
      
       2) Fix double mutex unlock in mac80211, from Andrei Otcheretianski.
      
       3) Fix RCU stall in ipset, from Jozsef Kadlecsik.
      
       4) Fix devlink locking in devlink_dpipe_table_register, from Madhuparna
          Bhowmik.
      
       5) Fix race causing TX hang in ll_temac, from Esben Haabendal.
      
       6) Stale eth hdr pointer in br_dev_xmit(), from Nikolay Aleksandrov.
      
       7) Fix TX hash calculation bounds checking wrt. tc rules, from Amritha
          Nambiar.
      
       8) Size netlink responses properly in schedule action code to take into
          consideration TCA_ACT_FLAGS. From Jiri Pirko.
      
       9) Fix firmware paths for mscc PHY driver, from Antoine Tenart.
      
      10) Don't register stmmac notifier multiple times, from Aaro Koskinen.
      
      11) Various rmnet bug fixes, from Taehee Yoo.
      
      12) Fix vsock deadlock in vsock transport release, from Stefano
          Garzarella.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (61 commits)
        net: dsa: mv88e6xxx: Fix masking of egress port
        mlxsw: pci: Wait longer before accessing the device after reset
        sfc: fix timestamp reconstruction at 16-bit rollover points
        vsock: fix potential deadlock in transport->release()
        unix: It's CONFIG_PROC_FS not CONFIG_PROCFS
        net: rmnet: fix packet forwarding in rmnet bridge mode
        net: rmnet: fix bridge mode bugs
        net: rmnet: use upper/lower device infrastructure
        net: rmnet: do not allow to change mux id if mux id is duplicated
        net: rmnet: remove rcu_read_lock in rmnet_force_unassociate_device()
        net: rmnet: fix suspicious RCU usage
        net: rmnet: fix NULL pointer dereference in rmnet_changelink()
        net: rmnet: fix NULL pointer dereference in rmnet_newlink()
        net: phy: marvell: don't interpret PHY status unless resolved
        mlx5: register lag notifier for init network namespace only
        unix: define and set show_fdinfo only if procfs is enabled
        hinic: fix a bug of rss configuration
        hinic: fix a bug of setting hw_ioctxt
        hinic: fix a irq affinity bug
        net/smc: check for valid ib_client_data
        ...
      7058b837
    • L
      MAINTAINERS: Correct Cadence PCI driver path · 5901b51f
      Lukas Bulwahn 提交于
      de80f95c ("PCI: cadence: Move all files to per-device cadence
      directory") moved files of the PCI cadence drivers, but did not update the
      MAINTAINERS entry.
      
      Since then, ./scripts/get_maintainer.pl --self-test complains:
      
        warning: no file matches F: drivers/pci/controller/pcie-cadence*
      
      Repair the MAINTAINERS entry.
      
      Link: https://lore.kernel.org/r/20200221185402.4703-1-lukas.bulwahn@gmail.comSigned-off-by: NLukas Bulwahn <lukas.bulwahn@gmail.com>
      Signed-off-by: NBjorn Helgaas <bhelgaas@google.com>
      5901b51f
    • J
      io_uring: fix 32-bit compatability with sendmsg/recvmsg · d8768362
      Jens Axboe 提交于
      We must set MSG_CMSG_COMPAT if we're in compatability mode, otherwise
      the iovec import for these commands will not do the right thing and fail
      the command with -EINVAL.
      
      Found by running the test suite compiled as 32-bit.
      
      Cc: stable@vger.kernel.org
      Fixes: aa1fa28f ("io_uring: add support for recvmsg()")
      Fixes: 0fa03c62 ("io_uring: add support for sendmsg()")
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      d8768362
    • A
      net: dsa: mv88e6xxx: Fix masking of egress port · 3ee339eb
      Andrew Lunn 提交于
      Add missing ~ to the usage of the mask.
      Reported-by: NKevin Benson <Kevin.Benson@zii.aero>
      Reported-by: NChris Healy <Chris.Healy@zii.aero>
      Fixes: 5c74c54c ("net: dsa: mv88e6xxx: Split monitor port configuration")
      Signed-off-by: NAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3ee339eb
    • A
      mlxsw: pci: Wait longer before accessing the device after reset · ac004e84
      Amit Cohen 提交于
      During initialization the driver issues a reset to the device and waits
      for 100ms before checking if the firmware is ready. The waiting is
      necessary because before that the device is irresponsive and the first
      read can result in a completion timeout.
      
      While 100ms is sufficient for Spectrum-1 and Spectrum-2, it is
      insufficient for Spectrum-3.
      
      Fix this by increasing the timeout to 200ms.
      
      Fixes: da382875 ("mlxsw: spectrum: Extend to support Spectrum-3 ASIC")
      Signed-off-by: NAmit Cohen <amitc@mellanox.com>
      Signed-off-by: NIdo Schimmel <idosch@mellanox.com>
      Signed-off-by: NJiri Pirko <jiri@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ac004e84
    • A
      sfc: fix timestamp reconstruction at 16-bit rollover points · 23797b98
      Alex Maftei (amaftei) 提交于
      We can't just use the top bits of the last sync event as they could be
      off-by-one every 65,536 seconds, giving an error in reconstruction of
      65,536 seconds.
      
      This patch uses the difference in the bottom 16 bits (mod 2^16) to
      calculate an offset that needs to be applied to the last sync event to
      get to the current time.
      Signed-off-by: NAlexandru-Mihai Maftei <amaftei@solarflare.com>
      Acked-by: NMartin Habets <mhabets@solarflare.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      23797b98
    • S
      vsock: fix potential deadlock in transport->release() · 3f74957f
      Stefano Garzarella 提交于
      Some transports (hyperv, virtio) acquire the sock lock during the
      .release() callback.
      
      In the vsock_stream_connect() we call vsock_assign_transport(); if
      the socket was previously assigned to another transport, the
      vsk->transport->release() is called, but the sock lock is already
      held in the vsock_stream_connect(), causing a deadlock reported by
      syzbot:
      
          INFO: task syz-executor280:9768 blocked for more than 143 seconds.
            Not tainted 5.6.0-rc1-syzkaller #0
          "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
          syz-executor280 D27912  9768   9766 0x00000000
          Call Trace:
           context_switch kernel/sched/core.c:3386 [inline]
           __schedule+0x934/0x1f90 kernel/sched/core.c:4082
           schedule+0xdc/0x2b0 kernel/sched/core.c:4156
           __lock_sock+0x165/0x290 net/core/sock.c:2413
           lock_sock_nested+0xfe/0x120 net/core/sock.c:2938
           virtio_transport_release+0xc4/0xd60 net/vmw_vsock/virtio_transport_common.c:832
           vsock_assign_transport+0xf3/0x3b0 net/vmw_vsock/af_vsock.c:454
           vsock_stream_connect+0x2b3/0xc70 net/vmw_vsock/af_vsock.c:1288
           __sys_connect_file+0x161/0x1c0 net/socket.c:1857
           __sys_connect+0x174/0x1b0 net/socket.c:1874
           __do_sys_connect net/socket.c:1885 [inline]
           __se_sys_connect net/socket.c:1882 [inline]
           __x64_sys_connect+0x73/0xb0 net/socket.c:1882
           do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
           entry_SYSCALL_64_after_hwframe+0x49/0xbe
      
      To avoid this issue, this patch remove the lock acquiring in the
      .release() callback of hyperv and virtio transports, and it holds
      the lock when we call vsk->transport->release() in the vsock core.
      
      Reported-by: syzbot+731710996d79d0d58fbc@syzkaller.appspotmail.com
      Fixes: 408624af ("vsock: use local transport when it is loaded")
      Signed-off-by: NStefano Garzarella <sgarzare@redhat.com>
      Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3f74957f
    • D
      unix: It's CONFIG_PROC_FS not CONFIG_PROCFS · 5c05a164
      David S. Miller 提交于
      Fixes: 3a12500e ("unix: define and set show_fdinfo only if procfs is enabled")
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      5c05a164
    • D
      Merge branch 'net-rmnet-fix-several-bugs' · 795c03a5
      David S. Miller 提交于
      Taehee Yoo says:
      
      ====================
      net: rmnet: fix several bugs
      
      This patchset is to fix several bugs in RMNET module.
      
      1. The first patch fixes NULL-ptr-deref in rmnet_newlink().
      When rmnet interface is being created, it uses IFLA_LINK
      without checking NULL.
      So, if userspace doesn't set IFLA_LINK, panic will occur.
      In this patch, checking NULL pointer code is added.
      
      2. The second patch fixes NULL-ptr-deref in rmnet_changelink().
      To get real device in rmnet_changelink(), it uses IFLA_LINK.
      But, IFLA_LINK should not be used in rmnet_changelink().
      
      3. The third patch fixes suspicious RCU usage in rmnet_get_port().
      rmnet_get_port() uses rcu_dereference_rtnl().
      But, rmnet_get_port() is used by datapath.
      So, rcu_dereference_bh() should be used instead of rcu_dereference_rtnl().
      
      4. The fourth patch fixes suspicious RCU usage in
      rmnet_force_unassociate_device().
      RCU critical section should not be scheduled.
      But, unregister_netdevice_queue() in the rmnet_force_unassociate_device()
      would be scheduled.
      So, the RCU warning occurs.
      In this patch, the rcu_read_lock() in the rmnet_force_unassociate_device()
      is removed because it's unnecessary.
      
      5. The fifth patch fixes duplicate MUX ID case.
      RMNET MUX ID is unique.
      So, rmnet interface isn't allowed to be created, which have
      a duplicate MUX ID.
      But, only rmnet_newlink() checks this condition, rmnet_changelink()
      doesn't check this.
      So, duplicate MUX ID case would happen.
      
      6. The sixth patch fixes upper/lower interface relationship problems.
      When IFLA_LINK is used, the upper/lower infrastructure should be used.
      Because it checks the maximum depth of upper/lower interfaces and it also
      checks circular interface relationship, etc.
      In this patch, netdev_upper_dev_link() is used.
      
      7. The seventh patch fixes bridge related problems.
      a) ->ndo_del_slave() doesn't work.
      b) It couldn't detect circular upper/lower interface relationship.
      c) It couldn't prevent stack overflow because of too deep depth
      of upper/lower interface
      d) It doesn't check the number of lower interfaces.
      e) Panics because of several reasons.
      These problems are actually the same problem.
      So, this patch fixes these problems.
      
      8. The eighth patch fixes packet forwarding issue in bridge mode
      Packet forwarding is not working in rmnet bridge mode.
      Because when a packet is forwarded, skb_push() for an ethernet header
      is needed. But it doesn't call skb_push().
      So, the ethernet header will be lost.
      
      Change log:
       - update commit logs.
       - drop two patches in this patchset because of wrong target branch.
         - ("net: rmnet: add missing module alias")
         - ("net: rmnet: print error message when command fails")
       - remove unneessary rcu_read_lock() in the third patch.
       - use rcu_dereference_bh() instead of rcu_dereference in third patch.
       - do not allow to add a bridge device if rmnet interface is already
         bridge mode in the seventh patch.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      795c03a5