- 24 2月, 2019 2 次提交
-
-
由 Yang Fan 提交于
Commit ae7c8cba ("platform/x86: ideapad-laptop: add lenovo RESCUER R720-15IKBN to no_hw_rfkill_list") added DMI_MATCH(DMI_BOARD_NAME, "80WW") for Lenovo RESCUER R720-15IKBN. But DMI_BOARD_NAME does not match 80WW on Lenovo RESCUER R720-15IKBN, thus cause Wireless LAN still be hard blocked. On Lenovo RESCUER R720-15IKBN: ~$ cat /sys/class/dmi/id/sys_vendor LENOVO ~$ cat /sys/class/dmi/id/board_name Provence-5R3 ~$ cat /sys/class/dmi/id/product_name 80WW ~$ cat /sys/class/dmi/id/product_version Lenovo R720-15IKBN So on Lenovo RESCUER R720-15IKBN: DMI_SYS_VENDOR should match "LENOVO", DMI_BOARD_NAME should match "Provence-5R3", DMI_PRODUCT_NAME should match "80WW", DMI_PRODUCT_VERSION should match "Lenovo R720-15IKBN". Fix it, and in according with other entries in no_hw_rfkill_list, use DMI_PRODUCT_VERSION instead of DMI_BOARD_NAME. Fixes: ae7c8cba ("platform/x86: ideapad-laptop: add lenovo RESCUER R720-15IKBN to no_hw_rfkill_list") Signed-off-by: NYang Fan <nullptr.cpp@gmail.com> Signed-off-by: NDarren Hart (VMware) <dvhart@infradead.org>
-
由 Hans de Goede 提交于
hid-asus depends on asus-wmi through the asus_wmi_evaluate_method. Before this commit asus-wmi, and thus hid-asus, could not be loaded on non-Asus systems. This breaks using Asus bluetooth keyboards such as the Asus T100CHI keyboard with non Asus systems. This commit fixes this by allowing asus-wmi to load on systems without the Asus Management GUID. This is safe to do since all asus-wmi sub drivers use asus_wmi_register_driver which also checks for the GUID. This commit also improves the error messages in asus_wmi_register_driver to include "ASUS" in their description to make them more clear. This is important since we now rely on those errors when loaded on systems without the Asus Management GUID. Signed-off-by: NHans de Goede <hdegoede@redhat.com> Signed-off-by: NDarren Hart (VMware) <dvhart@infradead.org>
-
- 21 2月, 2019 2 次提交
-
-
由 Rajneesh Bhardwaj 提交于
Recently introduced commit "platform/x86: intel_pmc_core: Show Latency Tolerance info <51337cd94d18184601ac0fb4cf1a02b8bbabc3d7> skipped the LTR from a reserved IP. Though this doesn't cause any functional issue but it is needed for the consumers of "ltr_ignore" as the index printing for "ltr_show" is missing. For example, w/o this change, a user that wants to ignore LTR from ME would do something like echo 5 > ltr_ignore but the index for ME is 6. Printing a reserved IP helps to properly calculate LTR ignore offsets. Cc: "David E. Box" <david.e.box@intel.com> Cc: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com> Signed-off-by: NRajneesh Bhardwaj <rajneesh.bhardwaj@linux.intel.com> Signed-off-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com>
-
由 Rajneesh Bhardwaj 提交于
File permissions for ltr_show attribute should be similar to other debugfs attributes created by this driver. '0644' should be used only when there is a write operation desired such as for ltr_ignore. Cc: "David E. Box" <david.e.box@intel.com> Cc: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com> Fixes: 2eb15055 ("platform/x86: intel_pmc_core: Show Latency Tolerance info") Signed-off-by: NRajneesh Bhardwaj <rajneesh.bhardwaj@linux.intel.com> Signed-off-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com>
-
- 06 2月, 2019 9 次提交
-
-
由 Rajneesh Bhardwaj 提交于
For Cannonlake and Icelake, the IP name for Res_6 should be SPF i.e. South Port F. No functional change is intended other than just renaming the IP appropriately. Cc: "David E. Box" <david.e.box@intel.com> Cc: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com> Fixes: 291101f6 ("platform/x86: intel_pmc_core: Add CannonLake PCH support") Signed-off-by: NRajneesh Bhardwaj <rajneesh.bhardwaj@linux.intel.com> Signed-off-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com>
-
由 Rajneesh Bhardwaj 提交于
A previous commit "platform/x86: intel_pmc_core: Make the driver PCH family agnostic <c977b98b>" provided better abstraction to this driver but has some fundamental issues. e.g. the following condition for (index = 0; index < pmcdev->map->ppfear_buckets && index < PPFEAR_MAX_NUM_ENTRIES; index++, iter++) is wrong because for CNL, PPFEAR_MAX_NUM_ENTRIES is hardcoded as 5 which is _wrong_ and even though ppfear_buckets is 8, the loop fails to read all eight registers needed for CNL PCH i.e. PPFEAR0 and PPFEAR1. This patch refactors the pfear show logic to correctly read PCH IP power gating status for Cannonlake and beyond. Cc: "David E. Box" <david.e.box@intel.com> Cc: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com> Fixes: c977b98b ("platform/x86: intel_pmc_core: Make the driver PCH family agnostic") Signed-off-by: NRajneesh Bhardwaj <rajneesh.bhardwaj@linux.intel.com> Signed-off-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com>
-
由 Rajneesh Bhardwaj 提交于
Only Coffeelake should use Cannonlake regmap other than Cannonlake platform. This allows Coffeelake special handling only when there is no matching PCI device and default reg map selected as per CPUID is for Sunrisepoint PCH. This change is needed to enable support for newer SoCs such as Icelake. Cc: "David E. Box" <david.e.box@intel.com> Cc: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com> Fixes: 661405bd ("platform/x86: intel_pmc_core: Special case for Coffeelake") Acked-by: N"David E. Box" <david.e.box@linux.intel.com> Signed-off-by: NRajneesh Bhardwaj <rajneesh.bhardwaj@linux.intel.com> Signed-off-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com>
-
由 Hans de Goede 提交于
Commit c3b8e884 ("platform/x86: intel_int0002_vgpio: Implement irq_set_wake"), was written to fix some wakeup issues on Bay Trail (BYT) devices. We've received a bug report that this causes a suspend regression on some Cherry Trail (CHT) based devices. To fix the issues this causes on CHT devices, this commit modifies the irq_set_wake support so that we only implement irq_set_wake on BYT devices, Fixes: c3b8e884 ("platform/x86: intel_int0002_vgpio: ... irq_set_wake") Reported-and-tested-by: NMaxim Mikityanskiy <maxtram95@gmail.com> Signed-off-by: NHans de Goede <hdegoede@redhat.com> Signed-off-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com>
-
由 Anthony Wong 提交于
Lenovo ideapad 330-15ICH does not have hardware radio switch but driver wrongly reports all radios as hard-blocked, add it to no_hw_rfkill to fix it. BugLink: https://bugs.launchpad.net/bugs/1811815Signed-off-by: NAnthony Wong <anthony.wong@ubuntu.com> Signed-off-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com>
-
由 Kai Renzig 提交于
Add touchscreen platform data for the Chuwi Hi8 Air tablet. Signed-off-by: NKai Renzig <k.renzig@gmail.com> [andy: fixed driver name and rewrote subject] Signed-off-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com>
-
由 Hans de Goede 提交于
Add touchscreen info for the Point of View Wintab P1006w (v1.0) tablet. Signed-off-by: NHans de Goede <hdegoede@redhat.com> Signed-off-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com>
-
由 Kai-Heng Feng 提交于
There's a new wmi event generated by dell-wmi when pressing keyboard backlight hotkey: [ 3285.474172] dell_wmi: Unknown key with type 0x0010 and code 0x003f pressed This event is for notification purpose, let's ignore it. The keyboard backlight hotkey uses another event so it still works without event 0x3f. Signed-off-by: NKai-Heng Feng <kai.heng.feng@canonical.com> Reviewed-by: NPali Rohár <pali.rohar@gmail.com> Signed-off-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com>
-
由 Hans de Goede 提交于
The Point of View TAB-P1006W-232-3G tablet has an ACPI firmware node with a HID of BSG2150 describing the 2 Bosch sensors used in the device a BMC150 compatible accelerometer and a BMC150 compatible magnetometer. The ACPI firmware node actually contains 3 I2cSerialBusV2 resources, but this seems to be a copy and paste job from the BSG1160 firmware node on other devices, since there is no i2c-client listening to the 0x68 address listed in the third resource and the 0x68 address is identical to the address of the third resource in the BSG1160 nodes, where as the other 2 addresses are different. Add the ID to the I2C multi instantiate list, so that the i2c-multi-instantiate.c driver can handle it; And add the necessary info to the i2c-multi-instantiate.c driver to enumerate all I2C slaves correctly. To avoid triggering the: if (i < multi->num_clients) { dev_err(dev, "Error finding driver, idx %d\n", i); Error this commit lists the 3th device in the i2c_inst_data with a type of "bsg2150_dummy_dev". Signed-off-by: NHans de Goede <hdegoede@redhat.com> Acked-by: NRafael J. Wysocki <rafael.j.wysocki@intel.com> Signed-off-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com>
-
- 27 1月, 2019 8 次提交
-
-
由 Vadim Pasternak 提交于
Add support for new Mellanox system type MSN3700C, which is a cost reduced flavor of the MSN37 system class. Signed-off-by: NVadim Pasternak <vadimp@mellanox.com> Signed-off-by: NDarren Hart (VMware) <dvhart@infradead.org>
-
由 Vadim Pasternak 提交于
Provide support for the fan capability registers for the next generation systems of types MQM87xx, MSN34xx, MSN37xx. These new registers provide configuration for tachometers and fan drawers connectivity. Use these registers for next generation led, fan and hotplug structures in order to distinguish between the systems which have minor configuration differences. This reduces the amount of code used to describe such systems. Signed-off-by: NVadim Pasternak <vadimp@mellanox.com> Signed-off-by: NDarren Hart (VMware) <dvhart@infradead.org>
-
由 Vadim Pasternak 提交于
Add capability field to "mlxreg_core_platform_data" structure. The purpose of this register is to provide additional info to platform driver through the atribute related capability register. Signed-off-by: NVadim Pasternak <vadimp@mellanox.com> Signed-off-by: NDarren Hart (VMware) <dvhart@infradead.org>
-
由 Vadim Pasternak 提交于
Remove "led" from the description, since the structure "mlxreg_core_platform_data" is used not only for led data. Signed-off-by: NVadim Pasternak <vadimp@mellanox.com> Signed-off-by: NDarren Hart (VMware) <dvhart@infradead.org>
-
由 Vadim Pasternak 提交于
Add documentation for the new attribute fan_dir (fan direction for systems of types MQM87xx, MSN34xx, MSN37xx. Signed-off-by: NVadim Pasternak <vadimp@mellanox.com> [dvhart: minor gramatical correction] Signed-off-by: NDarren Hart (VMware) <dvhart@infradead.org>
-
由 Vadim Pasternak 提交于
Provide support for the fan direction register. This register shows configuration for system fans direction, which could be forward or reversed. For forward direction - relevant bit is set 0; For reversed direction - relevant bit is set 1. Signed-off-by: NVadim Pasternak <vadimp@mellanox.com> Signed-off-by: NDarren Hart (VMware) <dvhart@infradead.org>
-
由 Darren Hart (VMware) 提交于
The mlxreg-io for the merge window assumed 4.21 as the next kernel version. Replace 4.21 with 5.0. Signed-off-by: NDarren Hart (VMware) <dvhart@infradead.org> Reviewed-by: NAndy Shevchenko <andy.shevchenko@gmail.com>
-
由 Jérôme de Bretagne 提交于
Power button suspend for some Dell models was added in: commit 821b8536 ("platform/x86: intel-hid: Power button suspend on Dell Latitude 7275") by checking against the power button press notification (0xCE) to report the power button press event. The corresponding power button release notification (0xCF) was caught and ignored to stop it from being reported as an "unknown event" in the logs. The missing button release event is creating issues on Android-x86, as reported on the project mailing list for a Dell Latitude 5175 model, since the events are expected in down/up pairs. Report the power button release event to fix this issue. Link: https://groups.google.com/forum/#!topic/android-x86/aSwZK9Nf9RoTested-by: NTristian Celestin <tristian.celestin@outlook.com> Tested-by: NJérôme de Bretagne <jerome.debretagne@gmail.com> Signed-off-by: NJérôme de Bretagne <jerome.debretagne@gmail.com> Reviewed-by: NMario Limonciello <mario.limonciello@dell.com> [dvhart: corrected commit reference format per checkpatch] Signed-off-by: NDarren Hart (VMware) <dvhart@infradead.org>
-
- 21 1月, 2019 11 次提交
-
-
由 Linus Torvalds 提交于
-
git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux由 Linus Torvalds 提交于
Pull pstore fixes from Kees Cook: - Fix console ramoops to show the previous boot logs (Sai Prakash Ranjan) - Avoid allocation and leak of platform data * tag 'pstore-v5.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: pstore/ram: Avoid allocation and leak of platform data pstore/ram: Fix console ramoops to show the previous boot logs
-
git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux由 Linus Torvalds 提交于
Pull gcc-plugins fixes from Kees Cook: "Fix ARM per-task stack protector plugin under GCC 9 (Ard Biesheuvel)" * tag 'gcc-plugins-v5.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: gcc-plugins: arm_ssp_per_task_plugin: fix for GCC 9+ gcc-plugins: arm_ssp_per_task_plugin: sign extend the SP mask
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net由 Linus Torvalds 提交于
Pull networking fixes from David Miller: 1) Fix endless loop in nf_tables, from Phil Sutter. 2) Fix cross namespace ip6_gre tunnel hash list corruption, from Olivier Matz. 3) Don't be too strict in phy_start_aneg() otherwise we might not allow restarting auto negotiation. From Heiner Kallweit. 4) Fix various KMSAN uninitialized value cases in tipc, from Ying Xue. 5) Memory leak in act_tunnel_key, from Davide Caratti. 6) Handle chip errata of mv88e6390 PHY, from Andrew Lunn. 7) Remove linear SKB assumption in fou/fou6, from Eric Dumazet. 8) Missing udplite rehash callbacks, from Alexey Kodanev. 9) Log dirty pages properly in vhost, from Jason Wang. 10) Use consume_skb() in neigh_probe() as this is a normal free not a drop, from Yang Wei. Likewise in macvlan_process_broadcast(). 11) Missing device_del() in mdiobus_register() error paths, from Thomas Petazzoni. 12) Fix checksum handling of short packets in mlx5, from Cong Wang. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (96 commits) bpf: in __bpf_redirect_no_mac pull mac only if present virtio_net: bulk free tx skbs net: phy: phy driver features are mandatory isdn: avm: Fix string plus integer warning from Clang net/mlx5e: Fix cb_ident duplicate in indirect block register net/mlx5e: Fix wrong (zero) TX drop counter indication for representor net/mlx5e: Fix wrong error code return on FEC query failure net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames tools: bpftool: Cleanup license mess bpf: fix inner map masking to prevent oob under speculation bpf: pull in pkt_sched.h header for tooling to fix bpftool build selftests: forwarding: Add a test case for externally learned FDB entries selftests: mlxsw: Test FDB offload indication mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky net: bridge: Mark FDB entries that were added by user as such mlxsw: spectrum_fid: Update dummy FID index mlxsw: pci: Return error on PCI reset timeout mlxsw: pci: Increase PCI SW reset timeout mlxsw: pci: Ring CQ's doorbell before RDQ's MAINTAINERS: update email addresses of liquidio driver maintainers ...
-
由 Kees Cook 提交于
Yue Hu noticed that when parsing device tree the allocated platform data was never freed. Since it's not used beyond the function scope, this switches to using a stack variable instead. Reported-by: NYue Hu <huyue2@yulong.com> Fixes: 35da6094 ("pstore/ram: add Device Tree bindings") Cc: stable@vger.kernel.org Signed-off-by: NKees Cook <keescook@chromium.org>
-
由 Ard Biesheuvel 提交于
GCC 9 reworks the way the references to the stack canary are emitted, to prevent the value from being spilled to the stack before the final comparison in the epilogue, defeating the purpose, given that the spill slot is under control of the attacker that we are protecting ourselves from. Since our canary value address is obtained without accessing memory (as opposed to pre-v7 code that will obtain it from a literal pool), it is unlikely (although not guaranteed) that the compiler will spill the canary value in the same way, so let's just disable this improvement when building with GCC9+. Signed-off-by: NArd Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: NKees Cook <keescook@chromium.org>
-
由 Ard Biesheuvel 提交于
The ARM per-task stack protector GCC plugin hits an assert in the compiler in some case, due to the fact the the SP mask expression is not sign-extended as it should be. So fix that. Suggested-by: NKugan Vivekanandarajah <kugan.vivekanandarajah@linaro.org> Signed-off-by: NArd Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: NKees Cook <keescook@chromium.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost由 Linus Torvalds 提交于
Pull virtio/vhost fixes and cleanups from Michael Tsirkin: "Fixes and cleanups all over the place" * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: vhost/scsi: Use copy_to_iter() to send control queue response vhost: return EINVAL if iovecs size does not match the message size virtio-balloon: tweak config_changed implementation virtio: don't allocate vqs when names[i] = NULL virtio_pci: use queue idx instead of array idx to set up the vq virtio: document virtio_config_ops restrictions virtio: fix virtio_config_ops description
-
git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux由 Linus Torvalds 提交于
Pull btrfs fixes from David Sterba: "A handful of fixes (some of them in testing for a long time): - fix some test failures regarding cleanup after transaction abort - revert of a patch that could cause a deadlock - delayed iput fixes, that can help in ENOSPC situation when there's low space and a lot data to write" * tag 'for-5.0-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux: btrfs: wakeup cleaner thread when adding delayed iput btrfs: run delayed iputs before committing btrfs: wait on ordered extents on abort cleanup btrfs: handle delayed ref head accounting cleanup in abort Revert "btrfs: balance dirty metadata pages in btrfs_finish_ordered_io"
-
由 Linus Torvalds 提交于
Merge tags 'compiler-attributes-for-linus-v5.0-rc3' and 'clang-format-for-linus-v5.0-rc3' of git://github.com/ojeda/linux Pull misc clang fixes from Miguel Ojeda: - A fix for OPTIMIZER_HIDE_VAR from Michael S Tsirkin - Update clang-format with the latest for_each macro list from Jason Gunthorpe * tag 'compiler-attributes-for-linus-v5.0-rc3' of git://github.com/ojeda/linux: include/linux/compiler*.h: fix OPTIMIZER_HIDE_VAR * tag 'clang-format-for-linus-v5.0-rc3' of git://github.com/ojeda/linux: clang-format: Update .clang-format with the latest for_each macro list
-
由 Florian La Roche 提交于
If an input number x for int_sqrt64() has the highest bit set, then fls64(x) is 64. (1UL << 64) is an overflow and breaks the algorithm. Subtracting 1 is a better guess for the initial value of m anyway and that's what also done in int_sqrt() implicitly [*]. [*] Note how int_sqrt() uses __fls() with two underscores, which already returns the proper raw bit number. In contrast, int_sqrt64() used fls64(), and that returns bit numbers illogically starting at 1, because of error handling for the "no bits set" case. Will points out that he bug probably is due to a copy-and-paste error from the regular int_sqrt() case. Signed-off-by: NFlorian La Roche <Florian.LaRoche@googlemail.com> Acked-by: NWill Deacon <will.deacon@arm.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 20 1月, 2019 8 次提交
-
-
由 Will Deacon 提交于
Commit 594cc251 ("make 'user_access_begin()' do 'access_ok()'") makes the access_ok() check part of the user_access_begin() preceding a series of 'unsafe' accesses. This has the desirable effect of ensuring that all 'unsafe' accesses have been range-checked, without having to pick through all of the callsites to verify whether the appropriate checking has been made. However, the consolidated range check does not inhibit speculation, so it is still up to the caller to ensure that they are not susceptible to any speculative side-channel attacks for user addresses that ultimately fail the access_ok() check. This is an oversight, so use __uaccess_begin_nospec() to ensure that speculation is inhibited until the access_ok() check has passed. Reported-by: NJulien Thierry <julien.thierry@arm.com> Signed-off-by: NWill Deacon <will.deacon@arm.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux由 Linus Torvalds 提交于
Pull arm64 fixes from Will Deacon: "Three arm64 fixes for -rc3. We've plugged a couple of nasty issues involving KASLR-enabled kernels, and removed a redundant #define that was introduced as part of the KHWASAN fixes from akpm at -rc2. - Fix broken kpti page-table rewrite in bizarre KASLR configuration - Fix module loading with KASLR - Remove redundant definition of ARCH_SLAB_MINALIGN" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: kasan, arm64: remove redundant ARCH_SLAB_MINALIGN define arm64: kaslr: ensure randomized quantities are clean to the PoC arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on
-
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf由 David S. Miller 提交于
Daniel Borkmann says: ==================== pull-request: bpf 2019-01-20 The following pull-request contains BPF updates for your *net* tree. The main changes are: 1) Fix a out-of-bounds access in __bpf_redirect_no_mac, from Willem. 2) Fix bpf_setsockopt to reset sock dst on SO_MARK changes, from Peter. 3) Fix map in map masking to prevent out-of-bounds access under speculative execution, from Daniel. 4) Fix bpf_setsockopt's SO_MAX_PACING_RATE to support TCP internal pacing, from Yuchung. 5) Fix json writer license in bpftool, from Thomas. 6) Fix AF_XDP to check if an actually queue exists during umem setup, from Krzysztof. 7) Several fixes to BPF stackmap's build id handling. Another fix for bpftool build to account for libbfd variations wrt linking requirements, from Stanislav. 8) Fix BPF samples build with clang by working around missing asm goto, from Yonghong. 9) Fix libbpf to retry program load on signal interrupt, from Lorenz. 10) Various minor compile warning fixes in BPF code, from Mathieu. ==================== Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Willem de Bruijn 提交于
Syzkaller was able to construct a packet of negative length by redirecting from bpf_prog_test_run_skb with BPF_PROG_TYPE_LWT_XMIT: BUG: KASAN: slab-out-of-bounds in memcpy include/linux/string.h:345 [inline] BUG: KASAN: slab-out-of-bounds in skb_copy_from_linear_data include/linux/skbuff.h:3421 [inline] BUG: KASAN: slab-out-of-bounds in __pskb_copy_fclone+0x2dd/0xeb0 net/core/skbuff.c:1395 Read of size 4294967282 at addr ffff8801d798009c by task syz-executor2/12942 kasan_report.cold.9+0x242/0x309 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 memcpy+0x23/0x50 mm/kasan/kasan.c:302 memcpy include/linux/string.h:345 [inline] skb_copy_from_linear_data include/linux/skbuff.h:3421 [inline] __pskb_copy_fclone+0x2dd/0xeb0 net/core/skbuff.c:1395 __pskb_copy include/linux/skbuff.h:1053 [inline] pskb_copy include/linux/skbuff.h:2904 [inline] skb_realloc_headroom+0xe7/0x120 net/core/skbuff.c:1539 ipip6_tunnel_xmit net/ipv6/sit.c:965 [inline] sit_tunnel_xmit+0xe1b/0x30d0 net/ipv6/sit.c:1029 __netdev_start_xmit include/linux/netdevice.h:4325 [inline] netdev_start_xmit include/linux/netdevice.h:4334 [inline] xmit_one net/core/dev.c:3219 [inline] dev_hard_start_xmit+0x295/0xc90 net/core/dev.c:3235 __dev_queue_xmit+0x2f0d/0x3950 net/core/dev.c:3805 dev_queue_xmit+0x17/0x20 net/core/dev.c:3838 __bpf_tx_skb net/core/filter.c:2016 [inline] __bpf_redirect_common net/core/filter.c:2054 [inline] __bpf_redirect+0x5cf/0xb20 net/core/filter.c:2061 ____bpf_clone_redirect net/core/filter.c:2094 [inline] bpf_clone_redirect+0x2f6/0x490 net/core/filter.c:2066 bpf_prog_41f2bcae09cd4ac3+0xb25/0x1000 The generated test constructs a packet with mac header, network header, skb->data pointing to network header and skb->len 0. Redirecting to a sit0 through __bpf_redirect_no_mac pulls the mac length, even though skb->data already is at skb->network_header. bpf_prog_test_run_skb has already pulled it as LWT_XMIT !is_l2. Update the offset calculation to pull only if skb->data differs from skb->network_header, which is not true in this case. The test itself can be run only from commit 1cf1cae9 ("bpf: introduce BPF_PROG_TEST_RUN command"), but the same type of packets with skb at network header could already be built from lwt xmit hooks, so this fix is more relevant to that commit. Also set the mac header on redirect from LWT_XMIT, as even after this change to __bpf_redirect_no_mac that field is expected to be set, but is not yet in ip_finish_output2. Fixes: 3a0af8fd ("bpf: BPF for lightweight tunnel infrastructure") Reported-by: Nsyzbot <syzkaller@googlegroups.com> Signed-off-by: NWillem de Bruijn <willemb@google.com> Acked-by: NMartin KaFai Lau <kafai@fb.com> Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
-
由 Michael S. Tsirkin 提交于
Use napi_consume_skb() to get bulk free. Note that napi_consume_skb is safe to call in a non-napi context as long as the napi_budget flag is correct. Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Acked-by: NJason Wang <jasowang@redhat.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux由 Linus Torvalds 提交于
Pull MIPS fixes from Paul Burton: - Fix IPI handling for Lantiq SoCs, which was broken by changes made back in v4.12. - Enable OF/DT serial support in ath79_defconfig to give us working serial by default. - Fix 64b builds for the Jazz platform. - Set up a struct device for the BCM47xx SoC to allow BCM47xx drivers to perform DMA again following the major DMA mapping changes made in v4.19. - Disable MSI on Cavium Octeon systems when the pcie_disable command line parameter introduced in v3.3 is used, in order to avoid inadvetently accessing PCIe controller registers despite the command line. - Fix a build failure for Cavium Octeon kernels with kexec enabled, introduced in v4.20. - Fix a regression in the behaviour of semctl/shmctl/msgctl IPC syscalls for kernels including n32 support but not o32 support caused by some cleanup in v3.19. * tag 'mips_fixes_5.0_2' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux: MIPS: OCTEON: fix kexec support mips: fix n32 compat_ipc_parse_version Disable MSI also when pcie-octeon.pcie_disable on MIPS: BCM47XX: Setup struct device for the SoC MIPS: jazz: fix 64bit build MIPS: ath79: Enable OF serial ports in the default config MIPS: lantiq: Use CP0_LEGACY_COMPARE_IRQ MIPS: lantiq: Fix IPI interrupt handling
-
git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux由 Linus Torvalds 提交于
Pull Devicetree fix from Rob Herring: "A single build fix for powerpc due to device_node.type removal" * tag 'devicetree-fixes-for-5.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux: powerpc: chrp: Use of_node_is_type to access device_type
-
git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm由 Linus Torvalds 提交于
Pull libnvdimm fixes from Dan Williams: "A crash fix, a build warning fix, a miscellaneous small cleanups. In case anyone is looking for them, there was a regression caught by testing that caused two patches to be dropped from this update. Those patches have been reworked and will soak for another week / re-target 5.0-rc4. - Fix driver initialization crash due to the inability to report an 'error' state for a DIMM's security capability. - Build warning fix for little-endian ARM64 builds - Fix a potential race between the EDAC driver's usage of the NFIT SMBIOS id for a DIMM and the driver shutdown path. - A small collection of one-line benign cleanups for duplicate variable assignments, a duplicate header include and a mis-typed function argument" * tag 'libnvdimm-fixes-5.0-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: libnvdimm/security: Fix nvdimm_security_state() state request selection acpi/nfit: Remove duplicate set nd_set in acpi_nfit_init_interleave_set() acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id() libnvdimm/dimm: Fix security capability detection for non-Intel NVDIMMs nfit: Mark some functions as __maybe_unused ACPI/nfit: delete the function to_acpi_nfit_desc ACPI/nfit: delete the redundant header file
-