1. 12 7月, 2018 1 次提交
  2. 04 7月, 2018 1 次提交
  3. 27 6月, 2018 1 次提交
  4. 26 6月, 2018 3 次提交
    • L
      RDMA/uverbs: Fix slab-out-of-bounds in ib_uverbs_ex_create_flow · 4fae7f17
      Leon Romanovsky 提交于
      The check of cmd.flow_attr.size should check into account the size of the
      reserved field (2 bytes), otherwise user can provide a size which will
      cause a slab-out-of-bounds warning below.
      
      ==================================================================
      BUG: KASAN: slab-out-of-bounds in ib_uverbs_ex_create_flow+0x1740/0x1d00
      Read of size 2 at addr ffff880068dff1a6 by task syz-executor775/269
      
      CPU: 0 PID: 269 Comm: syz-executor775 Not tainted 4.18.0-rc1+ #245
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
      rel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org 04/01/2014
      Call Trace:
       dump_stack+0xef/0x17e
       print_address_description+0x83/0x3b0
       kasan_report+0x18d/0x4d0
       ib_uverbs_ex_create_flow+0x1740/0x1d00
       ib_uverbs_write+0x923/0x1010
       __vfs_write+0x10d/0x720
       vfs_write+0x1b0/0x550
       ksys_write+0xc6/0x1a0
       do_syscall_64+0xa7/0x590
       entry_SYSCALL_64_after_hwframe+0x49/0xbe
      RIP: 0033:0x433899
      Code: fd ff 48 81 c4 80 00 00 00 e9 f1 fe ff ff 0f 1f 00 48 89 f8 48 89
      f7 48 89 d6 48 89 ca 4d 89 c2 4d
      89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 91 fd ff c3 66
      2e 0f 1f 84 00 00 00 00
      RSP: 002b:00007ffc2724db58 EFLAGS: 00000217 ORIG_RAX: 0000000000000001
      RAX: ffffffffffffffda RBX: 0000000020006880 RCX: 0000000000433899
      RDX: 00000000000000e0 RSI: 0000000020002480 RDI: 0000000000000003
      RBP: 00000000006d7018 R08: 00000000004002f8 R09: 00000000004002f8
      R10: 00000000004002f8 R11: 0000000000000217 R12: 0000000000000000
      
      R13: 000000000040cd20 R14: 000000000040cdb0 R15: 0000000000000006
      
      Allocated by task 269:
       kasan_kmalloc+0xa0/0xd0
       __kmalloc+0x1a9/0x510
       ib_uverbs_ex_create_flow+0x26c/0x1d00
       ib_uverbs_write+0x923/0x1010
       __vfs_write+0x10d/0x720
       vfs_write+0x1b0/0x550
       ksys_write+0xc6/0x1a0
       do_syscall_64+0xa7/0x590
       entry_SYSCALL_64_after_hwframe+0x49/0xbe
      
      Freed by task 0:
       __kasan_slab_free+0x12e/0x180
       kfree+0x159/0x630
       detach_buf+0x559/0x7a0
       virtqueue_get_buf_ctx+0x3cc/0xab0
       virtblk_done+0x1eb/0x3d0
       vring_interrupt+0x16d/0x2b0
       __handle_irq_event_percpu+0x10a/0x980
       handle_irq_event_percpu+0x77/0x190
       handle_irq_event+0xc6/0x1a0
       handle_edge_irq+0x211/0xd80
       handle_irq+0x3d/0x60
       do_IRQ+0x9b/0x220
      
      The buggy address belongs to the object at ffff880068dff180
       which belongs to the cache kmalloc-64 of size 64
      The buggy address is located 38 bytes inside of
       64-byte region [ffff880068dff180, ffff880068dff1c0)
      The buggy address belongs to the page:
      page:ffffea0001a37fc0 count:1 mapcount:0 mapping:ffff88006c401780
      index:0x0
      flags: 0x4000000000000100(slab)
      raw: 4000000000000100 ffffea0001a31100 0000001100000011 ffff88006c401780
      raw: 0000000000000000 00000000802a002a 00000001ffffffff 0000000000000000
      page dumped because: kasan: bad access detected
      
      Memory state around the buggy address:
       ffff880068dff080: fb fb fb fb fc fc fc fc fb fb fb fb fb fb fb fb
       ffff880068dff100: fc fc fc fc fb fb fb fb fb fb fb fb fc fc fc fc
      >ffff880068dff180: 00 00 00 00 07 fc fc fc fc fc fc fc fb fb fb fb
                                     ^
       ffff880068dff200: fb fb fb fb fc fc fc fc 00 00 00 00 00 00 fc fc
       ffff880068dff280: fc fc fc fc 00 00 00 00 00 00 00 00 fc fc fc fc
      ==================================================================
      
      Cc: <stable@vger.kernel.org> # 3.12
      Fixes: f8848274 ("IB/core: clarify overflow/underflow checks on ib_create/destroy_flow")
      Cc: syzkaller <syzkaller@googlegroups.com>
      Reported-by: NNoa Osherovich <noaos@mellanox.com>
      Signed-off-by: NLeon Romanovsky <leonro@mellanox.com>
      Signed-off-by: NJason Gunthorpe <jgg@mellanox.com>
      4fae7f17
    • L
      RDMA/uverbs: Protect from attempts to create flows on unsupported QP · 940efcc8
      Leon Romanovsky 提交于
      Flows can be created on UD and RAW_PACKET QP types. Attempts to provide
      other QP types as an input causes to various unpredictable failures.
      
      The reason is that in order to support all various types (e.g. XRC), we
      are supposed to use real_qp handle and not qp handle and expect to
      driver/FW to fail such (XRC) flows. The simpler and safer variant is to
      ban all QP types except UD and RAW_PACKET, instead of relying on
      driver/FW.
      
      Cc: <stable@vger.kernel.org> # 3.11
      Fixes: 436f2ad0 ("IB/core: Export ib_create/destroy_flow through uverbs")
      Cc: syzkaller <syzkaller@googlegroups.com>
      Reported-by: NNoa Osherovich <noaos@mellanox.com>
      Signed-off-by: NLeon Romanovsky <leonro@mellanox.com>
      Signed-off-by: NJason Gunthorpe <jgg@mellanox.com>
      940efcc8
    • S
      iw_cxgb4: correctly enforce the max reg_mr depth · 7b72717a
      Steve Wise 提交于
      The code was mistakenly using the length of the page array memory instead
      of the depth of the page array.
      
      This would cause MR creation to fail in some cases.
      
      Fixes: 8376b86d ("iw_cxgb4: Support the new memory registration API")
      Cc: stable@vger.kernel.org
      Signed-off-by: NSteve Wise <swise@opengridcomputing.com>
      Signed-off-by: NJason Gunthorpe <jgg@mellanox.com>
      7b72717a
  5. 25 6月, 2018 1 次提交
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 6f0d349d
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
      
       1) Fix netpoll OOPS in r8169, from Ville Syrjälä.
      
       2) Fix bpf instruction alignment on powerpc et al., from Eric Dumazet.
      
       3) Don't ignore IFLA_MTU attribute when creating new ipvlan links. From
          Xin Long.
      
       4) Fix use after free in AF_PACKET, from Eric Dumazet.
      
       5) Mis-matched RTNL unlock in xen-netfront, from Ross Lagerwall.
      
       6) Fix VSOCK loopback on big-endian, from Claudio Imbrenda.
      
       7) Missing RX buffer offset correction when computing DMA addresses in
          mvneta driver, from Antoine Tenart.
      
       8) Fix crashes in DCCP's ccid3_hc_rx_send_feedback, from Eric Dumazet.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (34 commits)
        sfc: make function efx_rps_hash_bucket static
        strparser: Corrected typo in documentation.
        qmi_wwan: add support for the Dell Wireless 5821e module
        cxgb4: when disabling dcb set txq dcb priority to 0
        net_sched: remove a bogus warning in hfsc
        net: dccp: switch rx_tstamp_last_feedback to monotonic clock
        net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
        net: Remove depends on HAS_DMA in case of platform dependency
        MAINTAINERS: Add file patterns for dsa device tree bindings
        net: mscc: make sparse happy
        net: mvneta: fix the Rx desc DMA address in the Rx path
        Documentation: e1000: Fix docs build error
        Documentation: e100: Fix docs build error
        Documentation: e1000: Use correct heading adornment
        Documentation: e100: Use correct heading adornment
        ipv6: mcast: fix unsolicited report interval after receiving querys
        vhost_net: validate sock before trying to put its fd
        VSOCK: fix loopback on big-endian systems
        net: ethernet: ti: davinci_cpdma: make function cpdma_desc_pool_create static
        xen-netfront: Update features after registering netdev
        ...
      6f0d349d
  6. 24 6月, 2018 22 次提交
    • C
      sfc: make function efx_rps_hash_bucket static · 829eb053
      Colin Ian King 提交于
      The function efx_rps_hash_bucket is local to the source and
      does not need to be in global scope, so make it static.
      
      Cleans up sparse warning:
      symbol 'efx_rps_hash_bucket' was not declared. Should it be static?
      Signed-off-by: NColin Ian King <colin.king@canonical.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      829eb053
    • L
      Linux 4.18-rc2 · 7daf201d
      Linus Torvalds 提交于
      7daf201d
    • L
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · c81b995f
      Linus Torvalds 提交于
      Pull perf fixes from Thomas Gleixner:
       "A pile of perf updates:
      
        Kernel side:
      
         - Remove an incorrect warning in uprobe_init_insn() when
           insn_get_length() fails. The error return code is handled at the
           call site.
      
         - Move the inline keyword to the right place in the perf ringbuffer
           code to address a W=1 build warning.
      
        Tooling:
      
        perf stat:
      
         - Fix metric column header display alignment
      
         - Improve error messages for default attributes, providing better
           output for error in command line.
      
         - Add --interval-clear option, to provide a 'watch' like printing
      
        perf script:
      
         - Show hw-cache events too
      
        perf c2c:
      
         - Fix data dependency problem in layout of 'struct c2c_hist_entry'
      
        Core:
      
         - Do not blindly assume that 'struct perf_evsel' can be obtained via
           a straight forward container_of() as there are call sites which
           hand in a plain 'struct hist' which is not part of a container.
      
         - Fix error index in the PMU event parser, so that error messages can
           point to the problematic token"
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/core: Move the inline keyword at the beginning of the function declaration
        uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn()
        perf script: Show hw-cache events
        perf c2c: Keep struct hist_entry at the end of struct c2c_hist_entry
        perf stat: Add event parsing error handling to add_default_attributes
        perf stat: Allow to specify specific metric column len
        perf stat: Fix metric column header display alignment
        perf stat: Use only color_fprintf call in print_metric_only
        perf stat: Add --interval-clear option
        perf tools: Fix error index for pmu event parser
        perf hists: Reimplement hists__has_callchains()
        perf hists browser gtk: Use hist_entry__has_callchains()
        perf hists: Make hist_entry__has_callchains() work with 'perf c2c'
        perf hists: Save the callchain_size in struct hist_entry
      c81b995f
    • L
      Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 2ce413ec
      Linus Torvalds 提交于
      Pull rseq fixes from Thomas Gleixer:
       "A pile of rseq related fixups:
      
         - Prevent infinite recursion when delivering SIGSEGV
      
         - Remove the abort of rseq critical section on fork() as syscalls
           inside rseq critical sections are explicitely forbidden. So no
           point in doing the abort on the child.
      
         - Align the rseq structure on 32 bytes in the ARM selftest code.
      
         - Fix file permissions of the test script"
      
      * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        rseq: Avoid infinite recursion when delivering SIGSEGV
        rseq/cleanup: Do not abort rseq c.s. in child on fork()
        rseq/selftests/arm: Align 'struct rseq_cs' on 32 bytes
        rseq/selftests: Make run_param_test.sh executable
      2ce413ec
    • L
      Merge branch 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 64dd7655
      Linus Torvalds 提交于
      Pull EFI fixes from Thomas Gleixner:
       "Two fixlets for the EFI maze:
      
         - Properly zero variables to prevent an early boot hang on EFI mixed
           mode systems
      
         - Fix the fallout of merging the 32bit and 64bit variants of EFI PCI
           related code which ended up chosing the 32bit variant of the actual
           EFi call invocation which leads to failures on 64bit"
      
      * 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        efi/x86: Fix incorrect invocation of PciIo->Attributes()
        efi/libstub/tpm: Initialize efi_physical_addr_t vars to zero for mixed mode
      64dd7655
    • L
      Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · d3a6749c
      Linus Torvalds 提交于
      Pull core fixes from Thomas Gleixner:
       "Two tiny fixes:
      
         - Add the missing machine_real_restart() to objtools noreturn list so
           it stops complaining
      
         - Fix a trivial comment typo"
      
      * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        kernel.h: Fix a typo in comment
        objtool: Add machine_real_restart() to the noreturn list
      d3a6749c
    • L
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · d4e860ea
      Linus Torvalds 提交于
      Pull x86 fixes from Thomas Gleixner:
       "A set of fixes for x86:
      
         - Make Xen PV guest deal with speculative store bypass correctly
      
         - Address more fallout from the 5-Level pagetable handling. Undo an
           __initdata annotation to avoid section mismatch and malfunction
           when post init code would touch the freed variable.
      
         - Handle exception fixup in math_error() before calling notify_die().
           The reverse call order incorrectly triggers notify_die() listeners
           for soemthing which is handled correctly at the site which issues
           the floating point instruction.
      
         - Fix an off by one in the LLC topology calculation on AMD
      
         - Handle non standard memory block sizes gracefully un UV platforms
      
         - Plug a memory leak in the microcode loader
      
         - Sanitize the purgatory build magic
      
         - Add the x86 specific device tree bindings directory to the x86
           MAINTAINER file patterns"
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/mm: Fix 'no5lvl' handling
        Revert "x86/mm: Mark __pgtable_l5_enabled __initdata"
        x86/CPU/AMD: Fix LLC ID bit-shift calculation
        MAINTAINERS: Add file patterns for x86 device tree bindings
        x86/microcode/intel: Fix memleak in save_microcode_patch()
        x86/platform/UV: Add kernel parameter to set memory block size
        x86/platform/UV: Use new set memory block size function
        x86/platform/UV: Add adjustable set memory block size function
        x86/build: Remove unnecessary preparation for purgatory
        Revert "kexec/purgatory: Add clean-up for purgatory directory"
        x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths
        x86: Call fixup_exception() before notify_die() in math_error()
      d4e860ea
    • L
      Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 177d363e
      Linus Torvalds 提交于
      Pull x86 pti fixes from Thomas Gleixner:
       "Two small updates for the speculative distractions:
      
         - Make it more clear to the compiler that array_index_mask_nospec()
           is not subject for optimizations. It's not perfect, but ...
      
         - Don't report XEN PV guests as vulnerable because their mitigation
           state depends on the hypervisor. Report unknown and refer to the
           hypervisor requirement"
      
      * 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec()
        x86/pti: Don't report XenPV as vulnerable
      177d363e
    • L
      Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 2da2ca24
      Linus Torvalds 提交于
      Pull locking fixes from Thomas Gleixner:
       "A set of fixes and updates for the locking code:
      
         - Prevent lockdep from updating irq state within its own code and
           thereby confusing itself.
      
         - Buid fix for older GCCs which mistreat anonymous unions
      
         - Add a missing lockdep annotation in down_read_non_onwer() which
           causes up_read_non_owner() to emit a lockdep splat
      
         - Remove the custom alpha dec_and_lock() implementation which is
           incorrect in terms of ordering and use the generic one.
      
        The remaining two commits are not strictly fixes. They provide irqsave
        variants of atomic_dec_and_lock() and refcount_dec_and_lock(). These
        are required to merge the relevant updates and cleanups into different
        maintainer trees for 4.19, so routing them into mainline without
        actual users is the sanest approach.
      
        They should have been in -rc1, but last weekend I took the liberty to
        just avoid computers in order to regain some mental sanity"
      
      * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        locking/qspinlock: Fix build for anonymous union in older GCC compilers
        locking/lockdep: Do not record IRQ state within lockdep code
        locking/rwsem: Fix up_read_non_owner() warning with DEBUG_RWSEMS
        locking/refcounts: Implement refcount_dec_and_lock_irqsave()
        atomic: Add irqsave variant of atomic_dec_and_lock()
        alpha: Remove custom dec_and_lock() implementation
      2da2ca24
    • L
      Merge branch 'ras-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · a43de489
      Linus Torvalds 提交于
      Pull ras fixes from Thomas Gleixner:
       "A set of fixes for RAS/MCE:
      
         - Improve the error message when the kernel cannot recover from a MCE
           so the maximum amount of information gets provided.
      
         - Individually check MCE recovery features on SkyLake CPUs instead of
           assuming none when the CAPID0 register does not advertise the
           general ability for recovery.
      
         - Prevent MCE to output inconsistent messages which first show an
           error location and then claim that the source is unknown.
      
         - Prevent overwriting MCi_STATUS in the attempt to gather more
           information when a fatal MCE has alreay been detected. This leads
           to empty status values in the printout and failing to react
           promptly on the fatal event"
      
      * 'ras-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/mce: Fix incorrect "Machine check from unknown source" message
        x86/mce: Do not overwrite MCi_STATUS in mce_no_way_out()
        x86/mce: Check for alternate indication of machine check recovery on Skylake
        x86/mce: Improve error message when kernel cannot recover
      a43de489
    • L
      Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 6242258b
      Linus Torvalds 提交于
      Pull timer fixes from Thomas Gleixner:
       "A small set of fixes for time(r) related issues:
      
         - Fix a long standing conversion issue in jiffies_to_msecs() for odd
           HZ values like 1024 or 1200 which resulted in returning 0 for small
           jiffies values due to rounding down.
      
         - Use the proper CONFIG symbol in the new Y2038 safe compat code for
           posix-timers. Not yet a visible breakage, but this will immediately
           trigger when the architecture support for the new interfaces is
           merged.
      
         - Return an error code in the STM32 clocksource driver on failure
           instead of success.
      
         - Remove the redundant and stale irq disabled check in the posix cpu
           timer code. The check is at the wrong place anyway and lockdep
           already covers it via the sighand lock locking coverage"
      
      * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        time: Make sure jiffies_to_msecs() preserves non-zero time periods
        posix-timers: Fix nanosleep_copyout() for CONFIG_COMPAT_32BIT_TIME
        clocksource/drivers/stm32: Fix error return code
        posix-cpu-timers: Remove lockdep_assert_irqs_disabled()
      6242258b
    • L
      Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 78fea633
      Linus Torvalds 提交于
      Pull irq fixes from Thomas Gleixner:
       "A set of fixes mostly for the ARM/GIC world:
      
         - Fix the MSI affinity handling in the ls-scfg irq chip driver so it
           updates and uses the effective affinity mask correctly
      
         - Prevent binding LPIs to offline CPUs and respect the Cavium erratum
           which requires that LPIs which belong to an offline NUMA node are
           not bound to a CPU on a different NUMA node.
      
         - Free only the amount of allocated interrupts in the GIC-V2M driver
           instead of trying to free log2(nrirqs).
      
         - Prevent emitting SYNC and VSYNC targetting non existing interrupt
           collections in the GIC-V3 ITS driver
      
         - Ensure that the GIV-V3 interrupt redistributor is correctly
           reprogrammed on CPU hotplug
      
         - Remove a stale unused helper function"
      
      * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        irqdesc: Delete irq_desc_get_msi_desc()
        irqchip/gic-v3-its: Fix reprogramming of redistributors on CPU hotplug
        irqchip/gic-v3-its: Only emit VSYNC if targetting a valid collection
        irqchip/gic-v3-its: Only emit SYNC if targetting a valid collection
        irqchip/gic-v3-its: Don't bind LPI to unavailable NUMA node
        irqchip/gic-v2m: Fix SPI release on error path
        irqchip/ls-scfg-msi: Fix MSI affinity handling
        genirq/debugfs: Add missing IRQCHIP_SUPPORTS_LEVEL_MSI debug
      78fea633
    • L
      Merge tag 'mips_fixes_4.18_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux · e0bc833d
      Linus Torvalds 提交于
      Pull MIPS fixes from Paul Burton:
       "A few MIPS fixes for 4.18:
      
         - a GPIO device name fix for a regression in v4.15-rc1.
      
         - an errata workaround for the BCM5300X platform.
      
         - a fix to ftrace function graph tracing, broken for a long time with
           the fix applying cleanly back as far as v3.17.
      
         - addition of read barriers to in{b,w,l,q}() functions, matching
           behavior of other architectures & mirroring the equivalent addition
           to read{b,w,l,q} in v4.17-rc2.
      
        Plus changes to wire up new syscalls introduced in the 4.18 cycle:
      
         - Restartable sequences support is added, including MIPS support in
           the selftests.
      
         - io_pgetevents is wired up"
      
      * tag 'mips_fixes_4.18_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux:
        MIPS: Wire up io_pgetevents syscall
        rseq/selftests: Implement MIPS support
        MIPS: Wire up the restartable sequences (rseq) syscall
        MIPS: Add syscall detection for restartable sequences
        MIPS: Add support for restartable sequences
        MIPS: io: Add barrier after register read in inX()
        mips: ftrace: fix static function graph tracing
        MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum
        MIPS: pb44: Fix i2c-gpio GPIO descriptor table
      e0bc833d
    • V
      strparser: Corrected typo in documentation. · 3531456a
      Vakul Garg 提交于
      Replaced strp_pause() with strp_unpause() to correct a seemingly copy
      paste documentation mistake.
      Signed-off-by: NVakul Garg <vakul.garg@nxp.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3531456a
    • A
      efi/x86: Fix incorrect invocation of PciIo->Attributes() · 2e6eb40c
      Ard Biesheuvel 提交于
      The following commit:
      
        2c3625cb ("efi/x86: Fold __setup_efi_pci32() and __setup_efi_pci64() into one function")
      
      ... merged the two versions of __setup_efi_pciXX(), without taking into
      account that the 32-bit version used a rather dodgy trick to pass an
      immediate 0 constant as argument for a uint64_t parameter.
      
      The issue is caused by the fact that on x86, UEFI protocol method calls
      are redirected via struct efi_config::call(), which is a variadic function,
      and so the compiler has to infer the types of the parameters from the
      arguments rather than from the prototype.
      
      As the 32-bit x86 calling convention passes arguments via the stack,
      passing the unqualified constant 0 twice is the same as passing 0ULL,
      which is why the 32-bit code in __setup_efi_pci32() contained the
      following call:
      
        status = efi_early->call(pci->attributes, pci,
                                 EfiPciIoAttributeOperationGet, 0, 0,
                                 &attributes);
      
      to invoke this UEFI protocol method:
      
        typedef
        EFI_STATUS
        (EFIAPI *EFI_PCI_IO_PROTOCOL_ATTRIBUTES) (
          IN  EFI_PCI_IO_PROTOCOL                     *This,
          IN  EFI_PCI_IO_PROTOCOL_ATTRIBUTE_OPERATION Operation,
          IN  UINT64                                  Attributes,
          OUT UINT64                                  *Result OPTIONAL
          );
      
      After the merge, we inadvertently ended up with this version for both
      32-bit and 64-bit builds, breaking the latter.
      
      So replace the two zeroes with the explicitly typed constant 0ULL,
      which works as expected on both 32-bit and 64-bit builds.
      
      Wilfried tested the 64-bit build, and I checked the generated assembly
      of a 32-bit build with and without this patch, and they are identical.
      Reported-by: NWilfried Klaebe <linux-kernel@lebenslange-mailadresse.de>
      Tested-by: NWilfried Klaebe <linux-kernel@lebenslange-mailadresse.de>
      Signed-off-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Matt Fleming <matt@codeblueprint.co.uk>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: hdegoede@redhat.com
      Cc: linux-efi@vger.kernel.org
      Signed-off-by: NIngo Molnar <mingo@kernel.org>
      2e6eb40c
    • A
      qmi_wwan: add support for the Dell Wireless 5821e module · e7e197ed
      Aleksander Morgado 提交于
      This module exposes two USB configurations: a QMI+AT capable setup on
      USB config #1 and a MBIM capable setup on USB config #2.
      
      By default the kernel will choose the MBIM capable configuration as
      long as the cdc_mbim driver is available. This patch adds support for
      the QMI port in the secondary configuration.
      Signed-off-by: NAleksander Morgado <aleksander@aleksander.es>
      Acked-by: NBjørn Mork <bjorn@mork.no>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e7e197ed
    • G
      cxgb4: when disabling dcb set txq dcb priority to 0 · 5ce36338
      Ganesh Goudar 提交于
      When we are disabling DCB, store "0" in txq->dcb_prio
      since that's used for future TX Work Request "OVLAN_IDX"
      values. Setting non zero priority upon disabling DCB
      would halt the traffic.
      Reported-by: NAMG Zollner Robert <robert@cloudmedia.eu>
      CC: David Ahern <dsa@cumulusnetworks.com>
      Signed-off-by: NCasey Leedom <leedom@chelsio.com>
      Signed-off-by: NGanesh Goudar <ganeshgr@chelsio.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      5ce36338
    • L
      Merge tag 'for-linus-20180623' of git://git.kernel.dk/linux-block · 77072ca5
      Linus Torvalds 提交于
      Pull block fixes from Jens Axboe:
      
       - Further timeout fixes. We aren't quite there yet, so expect another
         round of fixes for that to completely close some of the IRQ vs
         completion races. (Christoph/Bart)
      
       - Set of NVMe fixes from the usual suspects, mostly error handling
      
       - Two off-by-one fixes (Dan)
      
       - Another bdi race fix (Jan)
      
       - Fix nbd reconfigure with NBD_DISCONNECT_ON_CLOSE (Doron)
      
      * tag 'for-linus-20180623' of git://git.kernel.dk/linux-block:
        blk-mq: Fix timeout handling in case the timeout handler returns BLK_EH_DONE
        bdi: Fix another oops in wb_workfn()
        lightnvm: Remove depends on HAS_DMA in case of platform dependency
        nvme-pci: limit max IO size and segments to avoid high order allocations
        nvme-pci: move nvme_kill_queues to nvme_remove_dead_ctrl
        nvme-fc: release io queues to allow fast fail
        nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag.
        block: sed-opal: Fix a couple off by one bugs
        blk-mq-debugfs: Off by one in blk_mq_rq_state_name()
        nvmet: reset keep alive timer in controller enable
        nvme-rdma: don't override opts->queue_size
        nvme-rdma: Fix command completion race at error recovery
        nvme-rdma: fix possible free of a non-allocated async event buffer
        nvme-rdma: fix possible double free condition when failing to create a controller
        Revert "block: Add warning for bi_next not NULL in bio_endio()"
        block: fix timeout changes for legacy request drivers
      77072ca5
    • L
      Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 2dd3f7c9
      Linus Torvalds 提交于
      Pull crypto fixes from Herbert Xu:
      
       - Fix use after free in chtls
      
       - Fix RBP breakage in sha3
      
       - Fix use after free in hwrng_unregister
      
       - Fix overread in morus640
      
       - Move sleep out of kernel_neon in arm64/aes-blk
      
      * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        hwrng: core - Always drop the RNG in hwrng_unregister()
        crypto: morus640 - Fix out-of-bounds access
        crypto: don't optimize keccakf()
        crypto: arm64/aes-blk - fix and move skcipher_walk_done out of kernel_neon_begin, _end
        crypto: chtls - use after free in chtls_pt_recvmsg()
      2dd3f7c9
    • L
      Merge tag 'linux-kselftest-4.18-rc2' of... · b13fbe77
      Linus Torvalds 提交于
      Merge tag 'linux-kselftest-4.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
      
      Pull kselftest fixes from Shuah Khan:
      
       - fix new sparc64 adi driver test compile errors on non-sparc systems
      
       - fix config fragment for sync framework for improved test coverage
      
       - fix several tests to return correct Kselftest skip code
      
      * tag 'linux-kselftest-4.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
        selftests: sparc64: Add missing SPDX License Identifiers
        selftests: sparc64: delete RUN_TESTS and EMIT_TESTS overrides
        selftests: sparc64: Fix to do nothing on non-sparc64
        selftests: sync: add config fragment for testing sync framework
        selftests: vm: return Kselftest Skip code for skipped tests
        selftests: zram: return Kselftest Skip code for skipped tests
        selftests: user: return Kselftest Skip code for skipped tests
        selftests: sysctl: return Kselftest Skip code for skipped tests
        selftests: static_keys: return Kselftest Skip code for skipped tests
        selftests: pstore: return Kselftest Skip code for skipped tests
      b13fbe77
    • L
      Merge tag 'trace-v4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · 81f9c4e4
      Linus Torvalds 提交于
      Pull tracing fixes from Steven Rostedt:
       "This contains a few fixes and a clean up.
      
         - a bad merge caused an "endif" to go in the wrong place in
           scripts/Makefile.build
      
         - softirq tracing fix for tracing that corrupts lockdep and causes a
           false splat
      
         - histogram documentation typo fixes
      
         - fix a bad memory reference when passing in no filter to the filter
           code
      
         - simplify code by using the swap macro instead of open coding the
           swap"
      
      * tag 'trace-v4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        tracing: Fix SKIP_STACK_VALIDATION=1 build due to bad merge with -mrecord-mcount
        tracing: Fix some errors in histogram documentation
        tracing: Use swap macro in update_max_tr
        softirq: Reorder trace_softirqs_on to prevent lockdep splat
        tracing: Check for no filter when processing event filters
      81f9c4e4
    • B
      blk-mq: Fix timeout handling in case the timeout handler returns BLK_EH_DONE · f5e350f0
      Bart Van Assche 提交于
      Make sure that RQF_TIMED_OUT is cleared when a request is reused
      after a block driver timeout handler has returned BLK_EH_DONE.
      
      Fixes: da661267 ("blk-mq: don't time out requests again that are in the timeout handler")
      Signed-off-by: NBart Van Assche <bart.vanassche@wdc.com>
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Jianchao Wang <jianchao.w.wang@oracle.com>
      Cc: Andrew Randrianasulu <randrianasulu@gmail.com>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      f5e350f0
  7. 23 6月, 2018 11 次提交
    • L
      Merge tag 'powerpc-4.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · 5e220483
      Linus Torvalds 提交于
      Pull powerpc fixes from Michael Ellerman:
      
       - a fix for hugetlb with 4K pages, broken by our recent changes for
         split PMD PTL.
      
       - set the correct assembler machine type on e500mc, needed since
         binutils 2.26 introduced two forms for the "wait" instruction.
      
       - a fix for potential missed TLB flushes with MADV_[FREE|DONTNEED] etc.
         and THP on Power9 Radix.
      
       - three fixes to try and make our panic handling more robust by hard
         disabling interrupts, and not marking stopped CPUs as offline because
         they haven't been properly offlined.
      
       - three other minor fixes.
      
      Thanks to: Aneesh Kumar K.V, Michael Jeanson, Nicholas Piggin.
      
      * tag 'powerpc-4.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/mm/hash/4k: Free hugetlb page table caches correctly.
        powerpc/64s/radix: Fix radix_kvm_prefetch_workaround paca access of not possible CPU
        powerpc/64s: Fix build failures with CONFIG_NMI_IPI=n
        powerpc/64: hard disable irqs on the panic()ing CPU
        powerpc: smp_send_stop do not offline stopped CPUs
        powerpc/64: hard disable irqs in panic_smp_self_stop
        powerpc/64s: Fix DT CPU features Power9 DD2.1 logic
        powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP
        powerpc/e500mc: Set assembler machine type to e500mc
      5e220483
    • L
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 7ab366e4
      Linus Torvalds 提交于
      Pull arm64 fixes from Catalin Marinas:
      
       - clear buffers allocated with FORCE_CONTIGUOUS explicitly until the
         CMA code honours __GFP_ZERO
      
       - notrace annotation for secondary_start_kernel()
      
       - use early_param() instead of __setup() for "kpti=" as it is needed
         for the cpufeature callback remapping swapper to non-global mappings
      
       - ensure writes to swapper are ordered wrt subsequent cache maintenance
         in the kpti non-global remapping code
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: mm: Ensure writes to swapper are ordered wrt subsequent cache maintenance
        arm64: kpti: Use early_param for kpti= command-line option
        arm64: make secondary_start_kernel() notrace
        arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag
      7ab366e4
    • L
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 8b88ed3c
      Linus Torvalds 提交于
      Pull KVM fixes from Radim Krčmář:
       "ARM:
         - Lazy FPSIMD switching fixes
         - Really disable compat ioctls on architectures that don't want it
         - Disable compat on arm64 (it was never implemented...)
         - Rely on architectural requirements for GICV on GICv3
         - Detect bad alignments in unmap_stage2_range
      
        x86:
         - Add nested VM entry checks to avoid broken error recovery path
         - Minor documentation fix"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: fix KVM_CAP_HYPERV_TLBFLUSH paragraph number
        kvm: vmx: Nested VM-entry prereqs for event inj.
        KVM: arm64: Prevent KVM_COMPAT from being selected
        KVM: Enforce error in ioctl for compat tasks when !KVM_COMPAT
        KVM: arm/arm64: add WARN_ON if size is not PAGE_SIZE aligned in unmap_stage2_range
        KVM: arm64: Avoid mistaken attempts to save SVE state for vcpus
        KVM: arm64/sve: Fix SVE trap restoration for non-current tasks
        KVM: arm64: Don't mask softirq with IRQs disabled in vcpu_put()
        arm64: Introduce sysreg_clear_set()
        KVM: arm/arm64: Drop resource size check for GICV window
      8b88ed3c
    • L
      Merge tag 'for-linus-4.18-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · 4ab59fcf
      Linus Torvalds 提交于
      Pull xen fixes from Juergen Gross:
       "This contains the following fixes/cleanups:
      
         - the removal of a BUG_ON() which wasn't necessary and which could
           trigger now due to a recent change
      
         - a correction of a long standing bug happening very rarely in Xen
           dom0 when a hypercall buffer from user land was not accessible by
           the hypervisor for very short periods of time due to e.g. page
           migration or compaction
      
         - usage of EXPORT_SYMBOL_GPL() instead of EXPORT_SYMBOL() in a
           Xen-related driver (no breakage possible as using those symbols
           without others already exported via EXPORT-SYMBOL_GPL() wouldn't
           make any sense)
      
         - a simplification for Xen PVH or Xen ARM guests
      
         - some additional error handling for callers of xenbus_printf()"
      
      * tag 'for-linus-4.18-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        xen: Remove unnecessary BUG_ON from __unbind_from_irq()
        xen: add new hypercall buffer mapping device
        xen/scsiback: add error handling for xenbus_printf
        scsi: xen-scsifront: add error handling for xenbus_printf
        xen/grant-table: Export gnttab_{alloc|free}_pages as GPL
        xen: add error handling for xenbus_printf
        xen: share start flags between PV and PVH
      4ab59fcf
    • K
      x86/mm: Fix 'no5lvl' handling · 2458e53f
      Kirill A. Shutemov 提交于
      early_identify_cpu() has to use early version of pgtable_l5_enabled()
      that doesn't rely on cpu_feature_enabled().
      
      Defining USE_EARLY_PGTABLE_L5 before all includes does the trick.
      
      I lost the define in one of reworks of the original patch.
      
      Fixes: 372fddf7 ("x86/mm: Introduce the 'no5lvl' kernel parameter")
      Signed-off-by: NKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Link: https://lkml.kernel.org/r/20180622220841.54135-3-kirill.shutemov@linux.intel.com
      2458e53f
    • K
      Revert "x86/mm: Mark __pgtable_l5_enabled __initdata" · 51be1335
      Kirill A. Shutemov 提交于
      This reverts commit e4e961e3.
      
      We need to use early version of pgtable_l5_enabled() in
      early_identify_cpu() as this code runs before cpu_feature_enabled() is
      usable.
      
      But it leads to section mismatch:
      
      cpu_init()
        load_mm_ldt()
          ldt_slot_va()
            LDT_BASE_ADDR
              LDT_PGD_ENTRY
      	  pgtable_l5_enabled()
      	    __pgtable_l5_enabled
      
      __pgtable_l5_enabled marked as __initdata, but cpu_init() is not __init.
      
      It's fixable: early code can be isolated into a separate translation unit,
      but such change collides with other work in the area.  That's too much
      hassle to save 4 bytes of memory.
      
      Return __pgtable_l5_enabled back to be __ro_after_init.
      Signed-off-by: NKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Link: https://lkml.kernel.org/r/20180622220841.54135-2-kirill.shutemov@linux.intel.com
      51be1335
    • C
      net_sched: remove a bogus warning in hfsc · 35b42da6
      Cong Wang 提交于
      In update_vf():
      
        cftree_remove(cl);
        update_cfmin(cl->cl_parent);
      
      the cl_cfmin of cl->cl_parent is intentionally updated to 0
      when that parent only has one child. And if this parent is
      root qdisc, we could end up, in hfsc_schedule_watchdog(),
      that we can't decide the next schedule time for qdisc watchdog.
      But it seems safe that we can just skip it, as this watchdog is
      not always scheduled anyway.
      
      Thanks to Marco for testing all the cases, nothing is broken.
      Reported-by: NMarco Berizzi <pupilla@libero.it>
      Tested-by: NMarco Berizzi <pupilla@libero.it>
      Signed-off-by: NCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      35b42da6
    • D
      Merge branch 'dccp-fixes-around-rx_tstamp_last_feedback' · 2ca4eb85
      David S. Miller 提交于
      Eric Dumazet says:
      
      ====================
      net: dccp: fixes around rx_tstamp_last_feedback
      
      This patch series fix some issues with rx_tstamp_last_feedback.
      
      - Switch to monotonic clock.
      - Avoid potential overflows on fast hosts/networks.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      2ca4eb85
    • E
      net: dccp: switch rx_tstamp_last_feedback to monotonic clock · 0ce4e70f
      Eric Dumazet 提交于
      To compute delays, better not use time of the day which can
      be changed by admins or malicious programs.
      
      Also change ccid3_first_li() to use s64 type for delta variable
      to avoid potential overflows.
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Cc: Gerrit Renker <gerrit@erg.abdn.ac.uk>
      Cc: dccp@vger.kernel.org
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      0ce4e70f
    • E
      net: dccp: avoid crash in ccid3_hc_rx_send_feedback() · 74174fe5
      Eric Dumazet 提交于
      On fast hosts or malicious bots, we trigger a DCCP_BUG() which
      seems excessive.
      
      syzbot reported :
      
      BUG: delta (-6195) <= 0 at net/dccp/ccids/ccid3.c:628/ccid3_hc_rx_send_feedback()
      CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.18.0-rc1+ #112
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      Call Trace:
       __dump_stack lib/dump_stack.c:77 [inline]
       dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
       ccid3_hc_rx_send_feedback net/dccp/ccids/ccid3.c:628 [inline]
       ccid3_hc_rx_packet_recv.cold.16+0x38/0x71 net/dccp/ccids/ccid3.c:793
       ccid_hc_rx_packet_recv net/dccp/ccid.h:185 [inline]
       dccp_deliver_input_to_ccids+0xf0/0x280 net/dccp/input.c:180
       dccp_rcv_established+0x87/0xb0 net/dccp/input.c:378
       dccp_v4_do_rcv+0x153/0x180 net/dccp/ipv4.c:654
       sk_backlog_rcv include/net/sock.h:914 [inline]
       __sk_receive_skb+0x3ba/0xd80 net/core/sock.c:517
       dccp_v4_rcv+0x10f9/0x1f58 net/dccp/ipv4.c:875
       ip_local_deliver_finish+0x2eb/0xda0 net/ipv4/ip_input.c:215
       NF_HOOK include/linux/netfilter.h:287 [inline]
       ip_local_deliver+0x1e9/0x750 net/ipv4/ip_input.c:256
       dst_input include/net/dst.h:450 [inline]
       ip_rcv_finish+0x823/0x2220 net/ipv4/ip_input.c:396
       NF_HOOK include/linux/netfilter.h:287 [inline]
       ip_rcv+0xa18/0x1284 net/ipv4/ip_input.c:492
       __netif_receive_skb_core+0x2488/0x3680 net/core/dev.c:4628
       __netif_receive_skb+0x2c/0x1e0 net/core/dev.c:4693
       process_backlog+0x219/0x760 net/core/dev.c:5373
       napi_poll net/core/dev.c:5771 [inline]
       net_rx_action+0x7da/0x1980 net/core/dev.c:5837
       __do_softirq+0x2e8/0xb17 kernel/softirq.c:284
       run_ksoftirqd+0x86/0x100 kernel/softirq.c:645
       smpboot_thread_fn+0x417/0x870 kernel/smpboot.c:164
       kthread+0x345/0x410 kernel/kthread.c:240
       ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Reported-by: Nsyzbot <syzkaller@googlegroups.com>
      Cc: Gerrit Renker <gerrit@erg.abdn.ac.uk>
      Cc: dccp@vger.kernel.org
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      74174fe5
    • G
      net: Remove depends on HAS_DMA in case of platform dependency · e020797b
      Geert Uytterhoeven 提交于
      Remove dependencies on HAS_DMA where a Kconfig symbol depends on another
      symbol that implies HAS_DMA, and, optionally, on "|| COMPILE_TEST".
      In most cases this other symbol is an architecture or platform specific
      symbol, or PCI.
      
      Generic symbols and drivers without platform dependencies keep their
      dependencies on HAS_DMA, to prevent compiling subsystems or drivers that
      cannot work anyway.
      
      This simplifies the dependencies, and allows to improve compile-testing.
      Signed-off-by: NGeert Uytterhoeven <geert@linux-m68k.org>
      Reviewed-by: NMark Brown <broonie@kernel.org>
      Acked-by: NRobin Murphy <robin.murphy@arm.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e020797b