Commit Graph

1106728 Commits

Author SHA1 Message Date
Linus Torvalds
23458ac91d ipc: Free mq_sysctls if ipc namespace creation fails
This fixes a bug with error handling if ipc creation fails that
 was reported by syzbot.
 
 Alexey Gladkov (1):
       ipc: Free mq_sysctls if ipc namespace creation failed
 
  ipc/namespace.c | 5 ++++-
  1 file changed, 4 insertions(+), 1 deletion(-)
 
 Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEgjlraLDcwBA2B+6cC/v6Eiajj0AFAmLMfwQACgkQC/v6Eiaj
 j0DFahAAjYtgqmSDyIhdkD+vvv4342KDar9apH0bB++Sxv5FaAtrjDWgcI2MvLMB
 Xo347ZuMLV08KtiF3/y13kpQMcMKN+IcU+kGeACPRQC7J9XqBwJaF+odCgGl0V9M
 VBaVdUhFmiW5XI5an2MaXRz8CriX3Wrjclkn4Mhk7svfdfajY5IyDQkIBpo+Ku7y
 3pIkgryWQOvMga4WY7gURf9ehuJVdoZ80SSplWhiEj87bW7g59cX2ZSQ4xiUGMGe
 j/RR9BM4iO/wqRZr8BEeQa3D4O7VGtEVUKL4QLo/COPRBE9Nyv492Fa/W98makWB
 cbYUEHSnaBYCIG9CdALzsr/EXfix1f1N36SPMabQvR6CQSvEAd9ACg4HUkjNr4Gq
 07SBI8MokFIkOFkVJrqfH7+ePUlJ+ZOMF902dUjxx9MhRgnhPjv3aWhuglW9uAEm
 aIYIoxjGmA0x6KBPTn0O2RoBLb0QUMwVoLDVPZIoLy0KgFpsoFvs1KiqQHcxksnz
 fjdYKALyIyg/c1KCaLd2YNI2WSf1wtLgXjZZOm5ofGxe5Z2U934eSYsgQZ8YWpQE
 MMVk7b8EJ9XnRYYoK/nX7IC6Zej4LUD4KRc8U2wirtb5KDcxiWBveSd6cgpfMRxr
 tLRJbauo9NkWdpCBQageW38XC3g84Cs04DP7jClNTUZb3zxvNUc=
 =4sfy
 -----END PGP SIGNATURE-----
mergetag object 3418357a32
 type commit
 tag ptrace_unfreeze_fix-for-v5.19
 tagger Eric W. Biederman <ebiederm@xmission.com> 1657569245 -0500
 
 ptrace: fix clearing of JOBCTL_TRACED in ptrace_unfreeze_traced()
 
 This change fixes a small but very annoying typo.
 
 Sven Schnelle (1):
       ptrace: fix clearing of JOBCTL_TRACED in ptrace_unfreeze_traced()
 
  kernel/ptrace.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEgjlraLDcwBA2B+6cC/v6Eiajj0AFAmLMf9wACgkQC/v6Eiaj
 j0Bx4BAAs0a/QPG4PeHWfHBAydW81qr1DX95MZLN5Neec8abMe5hel0Z0JMpAnlq
 yM2hjxBy3kux6MbKbaqkIpdcKH0TMNg/D+11vyfID6hMzzPNr7SKzoyePWy07kNa
 gLv5BLEuyg9tvs7fVI26SxEBOyK+DhrBMr8pADWlakMOshorvuQWOmyiHdWgWtRU
 d0SQm310fdltTqX6x6PJ2cXrRtXU3Kg7zUVfw8twu7Z1yYXJG8UpXkyKXAl1ttt2
 GtCpPsy788TrmHfUJQUKPyGMRvsOKu1kkP3caKMdT8k0oEpXAppAFsE7maEEkodp
 YLyUSnTwobPg6TmnwrbmYPPI+QdWDpzltQPVvV1Jun6cU41qXbES+2ULq0AKJIOG
 NtY1QIQxy49BRxudXu3hDiR185JA6x3BrhnBKTpoe4A53EvejH8K2CWStuMq35qU
 X0AhahEcd86Ol192gKUo69F0d8v8CbR/z3E0ULOzY+jIDXg2b470jLADBSktRLXT
 WpMp1nGOVy5TZb6R7U3kDDkBPG4+yLB+aIRAWM5NE5Bb4rzBBt4wBrsJ0Vhhf+sf
 CUwTDftKo7pNNjeRV+ad7DrW0rcHZ++YgQB8kpG/VwrypRmR77zc39Qtn0+OXwq4
 2rhR8NxLnu5pxblLMzb0IQXuTG4Llr6olmao1imfS78XsrP4DZc=
 =gOnj
 -----END PGP SIGNATURE-----

Merge tags 'free-mq_sysctls-for-v5.19' and 'ptrace_unfreeze_fix-for-v5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace

Pull ipc namespace fix from Eric Biederman:
 "This fixes a bug with error handling if ipc creation fails that was
  reported by syzbot"

For completeness, this also pulls the ptrace_unfreeze_fix tag that
contains the original version of one of the hotfixes that I manually
applied earlier so that it would be fixed in rc6.

* tag 'free-mq_sysctls-for-v5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
  ipc: Free mq_sysctls if ipc namespace creation failed

* tag 'ptrace_unfreeze_fix-for-v5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
  ptrace: fix clearing of JOBCTL_TRACED in ptrace_unfreeze_traced()
2022-07-11 14:33:41 -07:00
Jeff Layton
1197eb5906 lockd: fix nlm_close_files
This loop condition tries a bit too hard to be clever. Just test for
the two indices we care about explicitly.

Cc: J. Bruce Fields <bfields@fieldses.org>
Fixes: 7f024fcd5c ("Keep read and write fds with each nlm_file")
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2022-07-11 15:49:56 -04:00
Linus Torvalds
8e59a6a7a4 Mainly MM fixes. About half for issues which were introduced after 5.18
and the remainder for longer-term issues.
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTTMBEPP41GrTpTJgfdBJ7gKXxAjgUCYsxt9wAKCRDdBJ7gKXxA
 jnjWAQD6ts4tgsX+hQ5lrZjWRvYIxH/I4jbtxyMyhc+iKarotAD+NILVgrzIvr0v
 ijlA4LLtmdhN1UWdSomUm3bZVn6n+QA=
 =1375
 -----END PGP SIGNATURE-----

Merge tag 'mm-hotfixes-stable-2022-07-11' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

Pull hotfixes from Andrew Morton:
 "Mainly MM fixes. About half for issues which were introduced after
  5.18 and the remainder for longer-term issues"

* tag 'mm-hotfixes-stable-2022-07-11' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm:
  mm: split huge PUD on wp_huge_pud fallback
  nilfs2: fix incorrect masking of permission flags for symlinks
  mm/rmap: fix dereferencing invalid subpage pointer in try_to_migrate_one()
  riscv/mm: fix build error while PAGE_TABLE_CHECK enabled without MMU
  Documentation: highmem: use literal block for code example in highmem.h comment
  mm: sparsemem: fix missing higher order allocation splitting
  mm/damon: use set_huge_pte_at() to make huge pte old
  sh: convert nommu io{re,un}map() to static inline functions
  mm: userfaultfd: fix UFFDIO_CONTINUE on fallocated shmem pages
2022-07-11 12:49:56 -07:00
Jeff Layton
aec158242b lockd: set fl_owner when unlocking files
Unlocking a POSIX lock on an inode with vfs_lock_file only works if
the owner matches. Ensure we set it in the request.

Cc: J. Bruce Fields <bfields@fieldses.org>
Fixes: 7f024fcd5c ("Keep read and write fds with each nlm_file")
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2022-07-11 15:49:56 -04:00
Linus Torvalds
b5374396e5 modules-5.19-rc7
Although most of the move of code in in v5.19-rc1 should have not
 introduced a regression patch review on one of the file changes captured
 a checkpatch warning which advised to use strscpy() and it caused a
 buffer overflow when an incorrect length is passed.
 
 Another change which checkpatch complained about was an odd RCU usage,
 but that was properly addressed in a separate patch to the move by Aaron.
 That caused a regression with PREEMPT_RT=y due to an unbounded latency.
 
 This series fixes both and adjusts documentation which we forgot to do
 for the move.
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCgAwFiEENnNq2KuOejlQLZofziMdCjCSiKcFAmLMXgQSHG1jZ3JvZkBr
 ZXJuZWwub3JnAAoJEM4jHQowkoint0UQAMSK4fMIDO/u6WcRCguYxTaDJCQ7mYVA
 y9cJQU5Dhrtjn4vO+tyqiURTQ7mCgifqMfhtB27+2mA/wxulDaOF7N9CvnobzB0/
 R8LZ8AUkfU5fgQrc2IgfFMwQj0bTdEb9SQ0/UWq/ypoy3ZF/ha1s7NVh21E2pQWj
 MAJhtVPMlZhyobBXLs8LLb70pRetGhMtOoX3Cm0JbEqX48DjXYqmfbqNkAh2L8TS
 JU9qx4XOFPdzgMEc6y1MnKvWSBGdZGe7O6yu7eOiS3kgwN9tzkAFTphEDF9xtezV
 hKIHUgImxUV7BNknjr86gow7UEZ+/uE1to/+D27t/Dg9Spon2oFQhbnXFwb041KT
 1k1/8H4q4msIgKwD/lOPXgP8/UBSlx5yCgzlsI5z/ChturPePKwN7etxOuWq6eDB
 bQTjv3baSqBtNK+4dgI2nNgJXvvrFGabGnkovO5fMiLA8nYhpqV3uO1BUgqLS4+V
 Dz+MgFe04G0DKHL1qeYm9WF6FTE7oze/TrLDyn66D6WLgZDMkuHL5OGUnJ8gNUsj
 A7urlOkxv+HxmfB7VQxRQCgol6BLiaW5jhXRoYWsv1tcAAbJY4UeCppxcQTaXJp1
 7GoE0qPQmR7xe3QapYe8AOcAfXX+a/x6vB4dVXimwPbkPwQjXmPC7QIcWvAiKxiR
 +uBkCBLQ8cw6
 =DsSg
 -----END PGP SIGNATURE-----

Merge tag 'modules-5.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux

Pull module fixes from Luis Chamberlain:
 "Although most of the move of code in in v5.19-rc1 should have not
  introduced a regression patch review on one of the file changes
  captured a checkpatch warning which advised to use strscpy() and it
  caused a buffer overflow when an incorrect length is passed.

  Another change which checkpatch complained about was an odd RCU usage,
  but that was properly addressed in a separate patch to the move by
  Aaron. That caused a regression with PREEMPT_RT=y due to an unbounded
  latency.

  This series fixes both and adjusts documentation which we forgot to do
  for the move"

* tag 'modules-5.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux:
  module: kallsyms: Ensure preemption in add_kallsyms() with PREEMPT_RT
  doc: module: update file references
  module: Fix "warning: variable 'exit' set but not used"
  module: Fix selfAssignment cppcheck warning
  modules: Fix corruption of /proc/kallsyms
2022-07-11 12:39:12 -07:00
Chuck Lever
5b2f3e0777 NFSD: Decode NFSv4 birth time attribute
NFSD has advertised support for the NFSv4 time_create attribute
since commit e377a3e698 ("nfsd: Add support for the birth time
attribute").

Igor Mammedov reports that Mac OS clients attempt to set the NFSv4
birth time attribute via OPEN(CREATE) and SETATTR if the server
indicates that it supports it, but since the above commit was
merged, those attempts now fail.

Table 5 in RFC 8881 lists the time_create attribute as one that can
be both set and retrieved, but the above commit did not add server
support for clients to provide a time_create attribute. IMO that's
a bug in our implementation of the NFSv4 protocol, which this commit
addresses.

Whether NFSD silently ignores the new birth time or actually sets it
is another matter. I haven't found another filesystem service in the
Linux kernel that enables users or clients to modify a file's birth
time attribute.

This commit reflects my (perhaps incorrect) understanding of whether
Linux users can set a file's birth time. NFSD will now recognize a
time_create attribute but it ignores its value. It clears the
time_create bit in the returned attribute bitmask to indicate that
the value was not used.

Reported-by: Igor Mammedov <imammedo@redhat.com>
Fixes: e377a3e698 ("nfsd: Add support for the birth time attribute")
Tested-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2022-07-11 13:52:22 -04:00
Aaron Tomlin
e69a66147d module: kallsyms: Ensure preemption in add_kallsyms() with PREEMPT_RT
The commit 08126db5ff ("module: kallsyms: Fix suspicious rcu usage")
under PREEMPT_RT=y, disabling preemption introduced an unbounded
latency since the loop is not fixed. This change caused a regression
since previously preemption was not disabled and we would dereference
RCU-protected pointers explicitly. That being said, these pointers
cannot change.

Before kallsyms-specific data is prepared/or set-up, we ensure that
the unformed module is known to be unique i.e. does not already exist
(see load_module()). Therefore, we can fix this by using the common and
more appropriate RCU flavour as this section of code can be safely
preempted.

Reported-by: Steven Rostedt <rostedt@goodmis.org>
Fixes: 08126db5ff ("module: kallsyms: Fix suspicious rcu usage")
Signed-off-by: Aaron Tomlin <atomlin@redhat.com>
Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
2022-07-11 10:19:09 -07:00
Linus Torvalds
816e51dfb5 VFIO fix for v5.19-rc7
- Move IOMMU test to unbreak no-iommu support (Jason Gunthorpe)
 -----BEGIN PGP SIGNATURE-----
 
 iQJPBAABCAA5FiEEQvbATlQL0amee4qQI5ubbjuwiyIFAmLMIWIbHGFsZXgud2ls
 bGlhbXNvbkByZWRoYXQuY29tAAoJECObm247sIsigG8P/2Kk4D+atyoEGWWzuH1P
 Is6LyGLLS7zbGOySWNm+ibJDiIDwlDyrZJhHx8SSpf2h55XO4PSxWQrPXzM4B0l0
 qejk4PynKskAGUakXI2hPvxLnbSzadrPaKAdg6RIPjK1hKBqUlQEy12mhVL7QKxg
 Re6+kGRKiCEQWKZfPOURgHyjYIvUSrRF3REi0hDGW7BSxg/EbEYuj36kNU9H4Zg0
 vUwp/mf8rRYWmbBb4IRTr5vV+pDA8unnPvKeLUw/uMVbGSglTIo1vQs4kTgzPECH
 uVJRO8z2GhY3epRdste/fNuQSqOmXPo6vOTd/SrVgafcI1HxGQl57wCfe8EqwXVU
 GG/xoCkcocPBMtcM7U31clt9lfbDeWQw2n9dWnr+cD6mLOI9lXLt9NM/P+A5pY9n
 hExqoDBZoE+JQfZFngNckMuhqAQIh6XokDQaeSOygwLpKFR369j9uBrn5cnf5TML
 8w9Ayl5jYPYPGbNRLtSyc+SxCK5Uox0GvCfS3mvuczjgianXZwmK+SNHHhMuHy92
 sjDpcyQHjoIVlLaZkWG6z0oADkzXhYRH+rjudLbS5gIDgeEs848QXtvhSwySB+8u
 k+JywWXD1MTyIucfPXm88w1lfMxBgi1WXOAZF+hXyzJcmTNzBK9U8ayE+vGBanTL
 ki4gkMYW/f1/1GeE0C6iQUp1
 =Y1K4
 -----END PGP SIGNATURE-----

Merge tag 'vfio-v5.19-rc7' of https://github.com/awilliam/linux-vfio

Pull VFIO fix from Alex Williamson:

 - Move IOMMU test to unbreak no-iommu support (Jason Gunthorpe)

* tag 'vfio-v5.19-rc7' of https://github.com/awilliam/linux-vfio:
  vfio: Move IOMMU_CAP_CACHE_COHERENCY test to after we know we have a group
2022-07-11 10:02:03 -07:00
Oleg Nesterov
d5b36a4dbd fix race between exit_itimers() and /proc/pid/timers
As Chris explains, the comment above exit_itimers() is not correct,
we can race with proc_timers_seq_ops. Change exit_itimers() to clear
signal->posix_timers with ->siglock held.

Cc: <stable@vger.kernel.org>
Reported-by: chris@accessvector.net
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2022-07-11 09:52:59 -07:00
Meng Tang
d16d69bf5a ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model
There is another HP ProDesk 600 G3 model with the PCI SSID 103c:82b4
that requires the quirk HP_MIC_NO_PRESENCE. Add the corresponding
entry to the quirk table.

Signed-off-by: Meng Tang <tangmeng@uniontech.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220711101744.25189-1-tangmeng@uniontech.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-07-11 16:15:06 +02:00
Meng Tang
5f3fe25e70 ALSA: hda/realtek: Fix headset mic for Acer SF313-51
The issue on Acer SWIFT SF313-51 is that headset microphone
doesn't work. The following quirk fixed headset microphone issue.
Note that the fixup of SF314-54/55 (ALC256_FIXUP_ACER_HEADSET_MIC)
was not successful on my SF313-51.

Signed-off-by: Meng Tang <tangmeng@uniontech.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220711081527.6254-1-tangmeng@uniontech.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-07-11 16:14:45 +02:00
Arnd Bergmann
01277737e9 i.MX fixes for 5.19, round 3:
- Fix GPIO property for imx6qdl-ts7970 board.
 - Fix touchscreen pinctrl for imx6ull-colibri board by moving iomuxc-snvs
   pin to the correct controller device.
 - Fix SFP node of fsl-ls1028a to have a required clock property.
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCgAyFiEEFmJXigPl4LoGSz08UFdYWoewfM4FAmLI9LwUHHNoYXduZ3Vv
 QGtlcm5lbC5vcmcACgkQUFdYWoewfM5wlgf9GAvH/GjYKERJjCR8HvHy2hZ2we0a
 bNt+Xf//NCjJsTbn6dxx0GXBB1SO/T9PZgdtCRsoECrINMn2cBX5lbSIOxVrqD0t
 MTUE/LlOBYiBLR7mWUMiuqQ29OeoEIwqgCaJQ8NC9qbFq/XC8Y8C3umXcdfrhznE
 5WHjO2XtRAACVvt79YmmeCbYqePdi6e8OIoScjAyGQXPU6beWhpuMs2gp4guivfm
 ZIRe+rjQvYM8B65eDiPNgYoFbNCjzDqD4CTuyoIG+jjjVUOUy8lJzl5k9tL634VY
 6jm21SxmYk8HqrUxWG/RmpzyeAbST1C4GbL9p3o83Y0rqcf4kidL6Gq5ow==
 =1Mag
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmLMBsQACgkQmmx57+YA
 GNlNpQ//TS6ILttHo8OTvwFKr4ofKf1xDQ5RhqOi908CksXBhmJgQSpGh0EIHk3e
 7GyqcZwq2I0mBsmRTmryUjVvk27j4s5XoYBxGCHtACA5W33kZHk3MZppTHbmjMsI
 2fG4qOWZfgGdoYIeszmie+ogeqZWZG6knHOVl3qpnxgGAtz/if+J55l7/T0WKy5K
 v6IRf4QW50E0U1miaNBqEa66Fqmeu8zSrTqMzri66qEiiQctiO/lKMs97ZXgzVek
 d7OSv2X8T/rr2KAx1a+VCyjr8f0It7o5LD3A506bIECEr1XUIvokoUkwB//4lIvv
 YDE5oP1dVHhyshX4zt3Bv2z5HKhymHkVs1NmKxZroEprd5ssEUDujfAwbqEc+X7l
 YmQL8t203vWIn0H0rYSoijoQUOj5Haw/3z/CgMpelxUohuzdEtjYLdgCCEG7RiGT
 uOz2l3kD26l4MDhRkf5EKgjFm6ixkuNJtRMf250wOmwNeWHokSurbV/gPJLhsKWK
 4AqPqGKoi6NIiPy9FPLzG0RrT3jrpaEC4EqXdMCtyEnon7XVal2eeVfHtG9w2sbp
 1sCMYHbK0ykOoCaJBzGqNwOdu+eND5tK+i495agoPaZ8oF1/3Bi0lQbNBnCoIy3E
 VuYq8gCQ8pmzJ/tg6GTYNiv6myE9BF2Rvo9UGjCNxHbW8cDrTsQ=
 =VnF0
 -----END PGP SIGNATURE-----

Merge tag 'imx-fixes-5.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into arm/fixes

i.MX fixes for 5.19, round 3:

- Fix GPIO property for imx6qdl-ts7970 board.
- Fix touchscreen pinctrl for imx6ull-colibri board by moving iomuxc-snvs
  pin to the correct controller device.
- Fix SFP node of fsl-ls1028a to have a required clock property.

* tag 'imx-fixes-5.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux:
  ARM: dts: colibri-imx6ull: fix snvs pinmux group
  ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count
  arm64: dts: ls1028a: Update SFP node to include clock

Link: https://lore.kernel.org/r/20220709032716.GA9868@dragon
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2022-07-11 13:17:24 +02:00
David S. Miller
e45955766b Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for net:

1) refcount_inc_not_zero() is not semantically equivalent to
   atomic_int_not_zero(), from Florian Westphal. My understanding was
   that refcount_*() API provides a wrapper to easier debugging of
   reference count leaks, however, there are semantic differences
   between these two APIs, where refcount_inc_not_zero() needs a barrier.
   Reason for this subtle difference to me is unknown.

2) packet logging is not correct for ARP and IP packets, from the
   ARP family and netdev/egress respectively. Use skb_network_offset()
   to reach the headers accordingly.

3) set element extension length have been growing over time, replace
   a BUG_ON by EINVAL which might be triggerable from userspace.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2022-07-11 11:58:38 +01:00
David S. Miller
3c079a22db Merge branch 'mptcp-fixes'
Mat Martineau says:

====================
mptcp: Disconnect and selftest fixes

Patch 1 switches to a safe list iterator in the MPTCP disconnect code.

Patch 2 adds the userspace_pm.sh selftest script to the MPTCP selftest
Makefile, resolving the netdev/check_selftest CI failure.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2022-07-11 11:31:38 +01:00
Matthieu Baerts
3ddabc4336 selftests: mptcp: validate userspace PM tests by default
The new script was not listed in the programs to test.

By consequence, some CIs running MPTCP selftests were not validating
these new tests. Note that MPTCP CI was validating it as it executes all
.sh scripts from 'tools/testing/selftests/net/mptcp' directory.

Fixes: 259a834fad ("selftests: mptcp: functional tests for the userspace PM type")
Reported-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2022-07-11 11:31:38 +01:00
Paolo Abeni
5c835bb142 mptcp: fix subflow traversal at disconnect time
At disconnect time the MPTCP protocol traverse the subflows
list closing each of them. In some circumstances - MPJ subflow,
passive MPTCP socket, the latter operation can remove the
subflow from the list, invalidating the current iterator.

Address the issue using the safe list traversing helper
variant.

Reported-by: van fantasy <g1042620637@gmail.com>
Fixes: b29fcfb54c ("mptcp: full disconnect implementation")
Tested-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2022-07-11 11:31:38 +01:00
Demi Marie Obenour
166d386323 xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
The error paths of gntdev_mmap() can call unmap_grant_pages() even
though not all of the pages have been successfully mapped.  This will
trigger the WARN_ON()s in __unmap_grant_pages_done().  The number of
warnings can be very large; I have observed thousands of lines of
warnings in the systemd journal.

Avoid this problem by only warning on unmapping failure if the handle
being unmapped is not INVALID_GRANT_HANDLE.  The handle field of any
page that was not successfully mapped will be INVALID_GRANT_HANDLE, so
this catches all cases where unmapping can legitimately fail.

Fixes: dbe97cff7d ("xen/gntdev: Avoid blocking in unmap_grant_pages()")
Cc: stable@vger.kernel.org
Suggested-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Reviewed-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Link: https://lore.kernel.org/r/20220710230522.1563-1-demi@invisiblethingslab.com
Signed-off-by: Juergen Gross <jgross@suse.com>
2022-07-11 11:39:45 +02:00
Felix Fietkau
50e2ab3929 wifi: mac80211: fix queue selection for mesh/OCB interfaces
When using iTXQ, the code assumes that there is only one vif queue for
broadcast packets, using the BE queue. Allowing non-BE queue marking
violates that assumption and txq->ac == skb_queue_mapping is no longer
guaranteed. This can cause issues with queue handling in the driver and
also causes issues with the recent ATF change, resulting in an AQL
underflow warning.

Cc: stable@vger.kernel.org
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Link: https://lore.kernel.org/r/20220702145227.39356-1-nbd@nbd.name
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2022-07-11 10:36:55 +02:00
Dan Carpenter
e87197fbd1 drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist()
The shmem_pin_map() function returns NULL, it doesn't return error
pointers.

Fixes: 97ea656521 ("drm/i915/gvt: Parse default state to update reg whitelist")
Reviewed-by: Andrzej Hajda <andrzej.hajda@intel.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Link: http://patchwork.freedesktop.org/patch/msgid/Ysftoia2BPUyqVcD@kili
Acked-by: Zhenyu Wang <zhenyuw@linux.intel.com>
2022-07-11 13:05:05 +08:00
Anup Patel
be82abe6a7 RISC-V: KVM: Fix SRCU deadlock caused by kvm_riscv_check_vcpu_requests()
The kvm_riscv_check_vcpu_requests() is called with SRCU read lock held
and for KVM_REQ_SLEEP request it will block the VCPU without releasing
SRCU read lock. This causes KVM ioctls (such as KVM_IOEVENTFD) from
other VCPUs of the same Guest/VM to hang/deadlock if there is any
synchronize_srcu() or synchronize_srcu_expedited() in the path.

To fix the above in kvm_riscv_check_vcpu_requests(), we should do SRCU
read unlock before blocking the VCPU and do SRCU read lock after VCPU
wakeup.

Fixes: cce69aff68 ("RISC-V: KVM: Implement VCPU interrupts and requests handling")
Reported-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Anup Patel <apatel@ventanamicro.com>
Reviewed-by: Atish Patra <atishp@rivosinc.com>
Tested-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Anup Patel <anup@brainfault.org>
2022-07-11 09:36:32 +05:30
Alexandre Ghiti
88573389aa riscv: Fix missing PAGE_PFN_MASK
There are a bunch of functions that use the PFN from a page table entry
that end up with the svpbmt upper-bits because they are missing the newly
introduced PAGE_PFN_MASK which leads to wrong addresses conversions and
then crash: fix this by adding this mask.

Fixes: 100631b48d ("riscv: Fix accessing pfn bits in PTEs for non-32bit variants")
Signed-off-by: Alexandre Ghiti <alexandre.ghiti@canonical.com>
Signed-off-by: Anup Patel <anup@brainfault.org>
2022-07-11 09:33:35 +05:30
Linus Torvalds
32346491dd Linux 5.19-rc6 2022-07-10 14:40:51 -07:00
Linus Torvalds
24f4b40ec2 Merge branch 'hot-fixes' (fixes for rc6)
This is a collection of three fixes for small annoyances.

Two of these are already pending in other trees, but I really don't want
to release another -rc with these issues pending, so I picked up the
patches for these things directly.  We'll end up with duplicate commits
eventually, I prefer that over having these issues pending.

The third one is just me getting rid of another BUG_ON() just because it
was reported and I dislike those things so much.

* merge 'hot-fixes' branch:
  ida: don't use BUG_ON() for debugging
  drm/aperture: Run fbdev removal before internal helpers
  ptrace: fix clearing of JOBCTL_TRACED in ptrace_unfreeze_traced()
2022-07-10 14:26:49 -07:00
Linus Torvalds
fc82bbf4de ida: don't use BUG_ON() for debugging
This is another old BUG_ON() that just shouldn't exist (see also commit
a382f8fee4: "signal handling: don't use BUG_ON() for debugging").

In fact, as Matthew Wilcox points out, this condition shouldn't really
even result in a warning, since a negative id allocation result is just
a normal allocation failure:

  "I wonder if we should even warn here -- sure, the caller is trying to
   free something that wasn't allocated, but we don't warn for
   kfree(NULL)"

and goes on to point out how that current error check is only causing
people to unnecessarily do their own index range checking before freeing
it.

This was noted by Itay Iellin, because the bluetooth HCI socket cookie
code does *not* do that range checking, and ends up just freeing the
error case too, triggering the BUG_ON().

The HCI code requires CAP_NET_RAW, and seems to just result in an ugly
splat, but there really is no reason to BUG_ON() here, and we have
generally striven for allocation models where it's always ok to just do

    free(alloc());

even if the allocation were to fail for some random reason (usually
obviously that "random" reason being some resource limit).

Fixes: 88eca0207c ("ida: simplified functions for id allocation")
Reported-by: Itay Iellin <ieitayie@gmail.com>
Suggested-by: Matthew Wilcox <willy@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2022-07-10 13:55:49 -07:00
Linus Torvalds
952c53cd35 dmaengine fixes for v5.19
Core:
  - Revert verification of DMA_INTERRUPT capability as that was incorrect
 
 Bunch of driver fixes for:
  - ti: refcount and put_device leak
  - qcom_bam: runtime pm overflow
  - idxd: force wq context cleanup and call idxd_enable_system_pasid() on
    success
  - dw-axi-dmac: RMW on channel suspend register
  - imx-sdma: restart cyclic channel when enabled
  - at_xdma: error handling for at_xdmac_alloc_desc
  - pl330: lockdep warning
  - lgm: error handling path in probe
  - allwinner: Fix min/max typo in binding
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+vs47OPLdNbVcHzyfBQHDyUjg0cFAmLLB+oACgkQfBQHDyUj
 g0c9URAAgNrLzEJFBFRkZW3gKw0PH66a7HZjV88roGI5d9fAZ67O8A21Sn3VKQCs
 0dUOxPWT6lAMt1kPz/AOug80oiEo8dxaf/eai45eP2kyaLFEaHvulHUGQv4ZrRRq
 YaWDoLi5iXly3LYF/skMoXY4XQrbGw6mjgGbwzfn27JqiG9pL7aPx3QAHBYtHf//
 w7O/u9AUaJmSHd7FviKJ9vcun1P4dCUMt7dy2Qhctv6+CBzUmBEMFFMc7FA7ORtP
 kQz2qk5wErG5hQfwJeLPrgKOwdfbEol7crZlyRmi7DwbewA8R9iU/ms7e7498Nhi
 Lh6G+Q9BnTeM+hwRql8Eok+8Oc56xIseWdRPrXiW6EDOpgWSNhuRI7jy0iICs4Wl
 fz9ogDjr3buQI5DrB967IuxD+lD8p80J1jMxaunWrCB5y4MxRJd7n2BuYhjAngeD
 Fsb4NQItHThTiVy86SPFhNfxQbzGOJmWyrerGU+0g3Mnxh8FdGIS5gbk+IfcBcgo
 6Ef7qbypq85DAOkmNx2ZY3E3H2amatLFvJ1cBdtxZp5Nj+rvV+dqvXXFzIped8xP
 GS96uLfWZZKgG4PwyZoK8/fOmU/vxrNsPmHXHpMt9BEa5rNmB8VDB6Txrn3pJywY
 Tm0KK5tgxXYpdUmTL7cDeslJZ4r51LlXUuAbf4wPZr/cEScQwJc=
 =knzk
 -----END PGP SIGNATURE-----

Merge tag 'dmaengine-fix-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine

Pull dmaengine fixes from Vinod Koul:
 "One core fix for DMA_INTERRUPT and rest driver fixes.

  Core:

   - Revert verification of DMA_INTERRUPT capability as that was
     incorrect

  Bunch of driver fixes for:

   - ti: refcount and put_device leak

   - qcom_bam: runtime pm overflow

   - idxd: force wq context cleanup and call idxd_enable_system_pasid()
     on success

   - dw-axi-dmac: RMW on channel suspend register

   - imx-sdma: restart cyclic channel when enabled

   - at_xdma: error handling for at_xdmac_alloc_desc

   - pl330: lockdep warning

   - lgm: error handling path in probe

   - allwinner: Fix min/max typo in binding"

* tag 'dmaengine-fix-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine:
  dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
  dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
  dmaengine: pl330: Fix lockdep warning about non-static key
  dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature
  dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly
  dmaengine: imx-sdma: only restart cyclic channel when enabled
  dmaengine: dw-axi-dmac: Fix RMW on channel suspend register
  dmaengine: idxd: force wq context cleanup on device disable path
  dmaengine: qcom: bam_dma: fix runtime PM underflow
  dmaengine: imx-sdma: Allow imx8m for imx7 FW revs
  dmaengine: Revert "dmaengine: add verification of DMA_INTERRUPT capability for dmatest"
  dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate
  dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
2022-07-10 11:23:01 -07:00
Hans de Goede
b0d55983b2 platform/x86: intel_atomisp2_led: Also turn off the always-on camera LED on the Asus T100TAF
Like the Asus T100TA the Asus T100TAF has a camera LED which is always
on by default and both also use the same GPIO for the LED.

Relax the DMI match for the Asus T100TA so that it also matches
the T100TAF.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20220710173658.221528-1-hdegoede@redhat.com
2022-07-10 19:46:31 +02:00
Linus Torvalds
5867f3b88b Staging driver fix for 5.19-rc6
Here is a single staging driver fix for a reported problem that showed
 up in 5.19-rc1 in the wlan-ng driver.  It has been in linux-next for a
 week with no reported problems.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCYsruGg8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ynAQgCfXSGupNIxfeHhJAYddEBChbsXCrIAn1zzLzDc
 f8kYJqwoJiacHK0vIrBu
 =r7+w
 -----END PGP SIGNATURE-----

Merge tag 'staging-5.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging

Pull staging driver fix from Greg KH:
 "Here is a single staging driver fix for a reported problem that showed
  up in 5.19-rc1 in the wlan-ng driver. It has been in linux-next for a
  week with no reported problems"

* tag 'staging-5.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
  staging/wlan-ng: get the correct struct hfa384x in work callback
2022-07-10 09:51:56 -07:00
Linus Torvalds
b41362fdf2 Char/Misc driver fixes for 5.19-rc6
Here are 4 small char/misc driver fixes for 5.19-rc6 to resolve some
 reported issues.  They only affect 2 drivers:
 	- rtsx_usb: fix for of-reported DMA warning error, the driver
 	  was handling memory buffers in odd ways, it has now been fixed
 	  up to be much simpler and correct by Shuah.
 	- at25 eeprom driver bugfix for reported problem
 
 All of these have been in linux-next for a week with no reported
 problems.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCYsrtqw8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ykJ5ACfUhLVzGk2IZYz4kddkvu1znlADdgAn2QfXNna
 zGNe/HQuoBWDjq346bGt
 =6Cx6
 -----END PGP SIGNATURE-----

Merge tag 'char-misc-5.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc

Pull char/misc driver fixes from Greg KH:
 "Here are four small char/misc driver fixes for 5.19-rc6 to resolve
  some reported issues. They only affect two drivers:

   - rtsx_usb: fix for of-reported DMA warning error, the driver was
     handling memory buffers in odd ways, it has now been fixed up to be
     much simpler and correct by Shuah.

   - at25 eeprom driver bugfix for reported problem

  All of these have been in linux-next for a week with no reported
  problems"

* tag 'char-misc-5.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
  misc: rtsx_usb: set return value in rsp_buf alloc err path
  misc: rtsx_usb: use separate command and response buffers
  misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer
  eeprom: at25: Rework buggy read splitting
2022-07-10 09:45:29 -07:00
Linus Torvalds
d9919d43cb o_uring-5.19-2022-07-09
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmLJpHQQHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgpmHAD/9r8+hKrvYwoBVoi0r8SD/hDkOJMJAnJOBb
 IBzpDRGcZhdLqGvMkhkdk1s83TTsKysStYSsr0jTlNMtevHNUx5jalYY0x7sIJBt
 S5WEwJ8aKbCs4G7pRU/T/wtRtYFz+JmlKT3VNGjkLWVrWn77CGEWtAHCSgzIgScn
 7QzZiQIVheDr9RsqU8xre1m21+rQWvOssip82UfuTpiYOKTYyHkb91MoNdTGd3JB
 ABrr1Ind4lSbMaXXcUtUP6iV15NU95CplEr8ln4DS9/syoM7O1ZiOdJb5uo/ywyC
 +VEh2LO+UyRn7V4me743C1UGASNTYoyOjGJs0t0en2L10gTZHx3tWLkKRvk0uF0E
 MOXJ/F8QRZxtb/RTUPX2MED/U/ZERLBbF/Jrdfunwj4NuF6mxOhM0MhFb+DCyxK0
 BmEfTIdmYzHkyKgp46OeaoJ+8cuyoHKC2DlZMoCl+mw6Fmv1XjVnnDag0Oxl2rv4
 ANCPZNGHvi5kC2t5fHu7zgOBgbb1IAkLLwcUA8SQ27dRQPfmsB6sm7YUAabuTu8N
 zc937WxpXw9FsjtmFb7JQR5yLsTIG4BYHSZFM1FF8YX6nFptm4OhKFevgYH8r3sg
 sj4qUZFVVc60xTnFR7Yr+ccBbNPQPzy1tRG70OZvMYtkPFqn+IrfxrBzZTxl6/bl
 5dWh6Y8L+A==
 =ZK3Q
 -----END PGP SIGNATURE-----

Merge tag 'io_uring-5.19-2022-07-09' of git://git.kernel.dk/linux-block

Pull io_uring fix from Jens Axboe:
 "A single fix for an issue that came up yesterday that we should plug
  for -rc6.

  This is a regression introduced in this cycle"

* tag 'io_uring-5.19-2022-07-09' of git://git.kernel.dk/linux-block:
  io_uring: check that we have a file table when allocating update slots
2022-07-10 09:14:54 -07:00
Linus Torvalds
2fbd36dfae Kbuild fixes for v5.19 (3rd)
- Adjust gen_compile_commands.py to the format change of *.mod files
 
  - Remove unused macro in scripts/Makefile.modinst
 -----BEGIN PGP SIGNATURE-----
 
 iQJJBAABCgAzFiEEbmPs18K1szRHjPqEPYsBB53g2wYFAmLKxggVHG1hc2FoaXJv
 eUBrZXJuZWwub3JnAAoJED2LAQed4NsGb7kP/2eio4+sPt3aCPULfV22DEX9z6Ki
 BbdODt8yr/K9WnVvXfOvVszZKukTVyROPkixztUSDNuHGCpiuGeYvOFK3v0Eb8lz
 Sq3NscWw1Z+t8JF8RlFyopdgQ17pTiPDTjaYedPkL/zictRgHrVB4Jma/80kI3N4
 wmKsvUdnD2waj8aaEJ2AoGm4fmNBMR3inT6I2BnDq0jB40DNFHgCMVZQKQpgOxv8
 ACxL0jPm9PjmWS4vy/gWN10/3C4WHkFvqjQREXMNcmJEZPWYEcvZ1VIfmjBD+2mu
 NdxL0YyJOhsylhPPsWyaPVP8oUTSwisjU9GPQqnJ0YLxYFCnQLcGPuDs4CAkVYkH
 FD8au6KIQsBRu26F2qPR7YkbK7pLIcM/CkKNW34PweaC2uw0WVkSYnbhVPXe8yK0
 n2m9m9ovEAiJ0sAz8RLHRdLdD8dnaF7Y4frJAWPKsP785keicGN+kZ9/dDc/KULt
 OXrG7yU+eLp4vROWjj8UqFWsTvX2gBwSMTZY0l87twudodyURcnV1WWd7QsnoWZh
 cuNcLa6U2bSiauNrYlIo85gWDtMqGFbfI9sFJYhU/wsM0JaeXY7EW4Bosd5RFTHA
 fKtEARzl4QNiNrCtUsWNvdPiQ1H/c1a9eYsxpciz/GUm3emBNIFQVcqpkdUPUe5o
 07SxCZDhPJvCwIb6
 =Uoq2
 -----END PGP SIGNATURE-----

Merge tag 'kbuild-fixes-v5.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild

Pull Kbuild fixes from Masahiro Yamada:

 - Adjust gen_compile_commands.py to the format change of *.mod files

 - Remove unused macro in scripts/Makefile.modinst

* tag 'kbuild-fixes-v5.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
  kbuild: remove unused cmd_none in scripts/Makefile.modinst
  gen_compile_commands: handle multiple lines per .mod file
2022-07-10 08:59:02 -07:00
Linus Torvalds
2b9b31cedb IRQ urgent fixes by way of Marc Zygnier:
- Gracefully handle failure to request MMIO resources in the GICv3 driver
 
  - Make a static key static in the Apple AIC driver
 
  - Fix the Xilinx intc driver dependency on OF_ADDRESS
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmLKsgMACgkQEsHwGGHe
 VUo3hBAAl+01wmvn1AnCPbuF85f/q4P1gUMvXQNkEohiYpJ84KE9Xo/aCZV0LPKj
 tHf4+jECswy17v8XPdqYLTmhaQsjnZcGNMwTEmkUIKx1miiEhWYQmXWyn60fEpLL
 0xUeUVGCSMwRTOOKkctcetLvhcnHvdDAc0QlWDXgN1n9AcH+DQXl7AxGfTQwdBuq
 WiE+tBANx8ymJgY2m8v9stU32AG9NOAim39t0SgGmqJl7D0Irf142f3KIBhDgNel
 0Ol3AKnf9Vb74mXxifNB6hm4meaKCmqmMuSl2FK5SjPvGStqYI+ytKq5kxvsXu91
 jIlP+tBQFzYJUmdYlZmQ1uSreMYBWfUlGSozm5WJvGQBX5LVK1OpzI6z5G2YNmqC
 LPtbJub/c5eCIFZDsQ/pfzpLGhpWHoqhyUY6WxwK7Z3WyePlRrqaxS9gNFdtl1Sz
 7BtN6gWaERVVdGnM06duNWJ+8ZUuRUT0rTaTSrIoiq8zLMjMxIctxemy4vzhnY8I
 CuCq9l22TPu4fY30bUuWEMNUpdCAlUIDM3I2cGMmpjGE1P1arKr4oE9u6MJVd2iH
 rkua5FVKElM8wGvxwsWlkEwx5zGaEpSR1KMb2r/QegpG55LrnI7h+hGidQ9sXj3N
 1te7mqlLpWxORRmD/TUV2hLGnw2ovMJJ/yrzKMl0UXAYvMNmfnw=
 =zRMB
 -----END PGP SIGNATURE-----

Merge tag 'irq_urgent_for_v5.19_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull irq fixes from Borislav Petkov:

 - Gracefully handle failure to request MMIO resources in the GICv3
   driver

 - Make a static key static in the Apple AIC driver

 - Fix the Xilinx intc driver dependency on OF_ADDRESS

* tag 'irq_urgent_for_v5.19_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  irqchip/apple-aic: Make symbol 'use_fast_ipi' static
  irqchip/xilinx: Add explicit dependency on OF_ADDRESS
  irqchip/gicv3: Handle resource request failure consistently
2022-07-10 08:52:12 -07:00
Linus Torvalds
74a0032b85 - Prepare for and clear .brk early in order to address XenPV guests
failures where the hypervisor verifies page tables and uninitialized
 data in that range leads to bogus failures in those checks
 
 - Add any potential setup_data entries supplied at boot to the identity
 pagetable mappings to prevent kexec kernel boot failures. Usually, this
 is not a problem for the normal kernel as those mappings are part of
 the initially mapped 2M pages but if kexec gets to allocate the second
 kernel somewhere else, those setup_data entries need to be mapped there
 too.
 
 - Fix objtool not to discard text references from the __tracepoints
 section so that ENDBR validation still works
 
 - Correct the setup_data types limit as it is user-visible, before 5.19
 releases
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmLKpf8ACgkQEsHwGGHe
 VUrc5w/8DIVLQ8w+Balf2TGfp5Sl3mPkg+eoARH29qtXhvVBs5KJB9sbT1IGnxao
 nE4yNeiIKhH5SEd17l11E7eWuUtNgZENLsUb3aiAdsItNS+MzOWQuEOPbnAwgJmk
 oKdxiI1SHiVoPy5KVXOcyAS90PSJIkhhxwgR5MInGdmpSUzEFsx5SY82ZfOjOkZU
 L7zCsJzeDfhJdWiR4N0MXWRaFbIvRxI1uXyqgv+Lo6JK5l8dyUUSEdWyLUqZ7E4M
 GFo6LwR3lskQM2bE9vBWS0h1X00d5oDMzfono8kZzRGA/11plZHRI007PCez8yZh
 4sUnnxsfCy2YF8/8hs4IhrHZdcWW9XoN4gTUsjD0wekGTHhOEqu5qpAnVSrXbvvM
 ZfPF8vM+DLPTWQqAT0a4aj1vd1RflDIQPSXKDzJDjeF49zouAj1ae/3KSOYJDzN9
 V6NGiKBnzj1rbtm0+8jOsTQusmh/oDage7uLlmel3hTfNOc2Ay0LXrJWcvqhj66V
 4CtCd12sLeavin+mGptni6lXbsue61EolRtH44RvZJsXLVY8iclM4onl728xOrxj
 CBtJo6bd3oQYy0SQsysXGDVR7BSXtwAYfArYR8BrMTtgHxuyULt/BDoew4r7XADB
 Xxz7ADJZ3DI3Gqza5H6r89Tj6Oi3yXiBWUVUNXFCMYc6ZrqvZc0=
 =tOvF
 -----END PGP SIGNATURE-----

Merge tag 'x86_urgent_for_v5.19_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 fixes from Borislav Petkov:

 - Prepare for and clear .brk early in order to address XenPV guests
   failures where the hypervisor verifies page tables and uninitialized
   data in that range leads to bogus failures in those checks

 - Add any potential setup_data entries supplied at boot to the identity
   pagetable mappings to prevent kexec kernel boot failures. Usually,
   this is not a problem for the normal kernel as those mappings are
   part of the initially mapped 2M pages but if kexec gets to allocate
   the second kernel somewhere else, those setup_data entries need to be
   mapped there too.

 - Fix objtool not to discard text references from the __tracepoints
   section so that ENDBR validation still works

 - Correct the setup_data types limit as it is user-visible, before 5.19
   releases

* tag 'x86_urgent_for_v5.19_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/boot: Fix the setup data types max limit
  x86/ibt, objtool: Don't discard text references from tracepoint section
  x86/compressed/64: Add identity mappings for setup_data entries
  x86: Fix .brk attribute in linker script
  x86: Clear .brk area at early boot
  x86/xen: Use clear_bss() for Xen PV guests
2022-07-10 08:43:52 -07:00
Hans de Goede
c483e7ea10 platform/x86/intel/ifs: Mark as BROKEN
A recent suggested change to the IFS code has shown that the userspace
API needs a bit more work, see:
https://lore.kernel.org/platform-driver-x86/20220708151938.986530-1-jithu.joseph@intel.com/

Mark it as BROKEN before 5.19 ships, to give ourselves one more
kernel-devel cycle to get the userspace API right.

Link: https://lore.kernel.org/platform-driver-x86/20220708151938.986530-1-jithu.joseph@intel.com/
Cc: Jithu Joseph <jithu.joseph@intel.com>
Cc: Ashok Raj <ashok.raj@intel.com>
Cc: Tony Luck <tony.luck@intel.com>
Suggested-by: Greg KH <gregkh@linuxfoundation.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Link: https://lore.kernel.org/r/20220710140736.6492-1-hdegoede@redhat.com
2022-07-10 17:41:06 +02:00
Misaka19465
f56e676a7f platform/x86: asus-wmi: Add key mappings
On laptops like ASUS TUF Gaming A15, which have hotkeys to start Armoury
Crate or AURA Sync, these hotkeys are unavailable. This patch add
mappings for them.

Signed-off-by: Misaka19465 <misaka19465@olddoctor.net>
Link: https://lore.kernel.org/r/20220710113727.281634-1-misaka19465@olddoctor.net
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2022-07-10 17:41:06 +02:00
Hans de Goede
d40908f262 efi: Fix efi_power_off() not being run before acpi_power_off() when necessary
Commit 98f30d0ecf ("ACPI: power: Switch to sys-off handler API")
switched the ACPI sleep code from directly setting the old global
pm_power_off handler to using the new register_sys_off_handler()
mechanism with a priority of SYS_OFF_PRIO_FIRMWARE.

This is a problem when the old global pm_power_off handler would later
be overwritten, such as done by the late_initcall(efi_shutdown_init):

	if (efi_poweroff_required())
		pm_power_off = efi_power_off;

The old global pm_power_off handler gets run with a priority of
SYS_OFF_PRIO_DEFAULT which is lower then SYS_OFF_PRIO_FIRMWARE, causing
acpi_power_off() to run first, changing the behavior from before
the ACPI sleep code switched to the new register_sys_off_handler().

Switch the registering of efi_power_off over to register_sys_off_handler()
with a priority of SYS_OFF_PRIO_FIRMWARE + 1 so that it will run before
acpi_power_off() as before.

Note since the new sys-off-handler code will try all handlers in
priority order, there is no more need for the EFI code to store and
call the original pm_power_off handler.

Fixes: 98f30d0ecf ("ACPI: power: Switch to sys-off handler API")
Cc: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20220708131412.81078-3-hdegoede@redhat.com
2022-07-10 17:41:06 +02:00
Hans de Goede
4ce8f4c202 platform/x86: x86-android-tablets: Fix Lenovo Yoga Tablet 2 830/1050 poweroff again
Commit 98f30d0ecf ("ACPI: power: Switch to sys-off handler API")
switched the ACPI sleep code from directly setting the old global
pm_power_off handler to using the new register_sys_off_handler()
mechanism with a priority of SYS_OFF_PRIO_FIRMWARE.

This is a problem in special cases where the old global pm_power_off
handler later gets overwritten, such as the Lenovo Tab2 poweroff bugfix
in x86-android-tablets. The old global pm_power_off handler gets run
with a priority of SYS_OFF_PRIO_DEFAULT which is lower then
SYS_OFF_PRIO_FIRMWARE, causing the troublesome ACPI poweroff (which
freezes the system) to run first.

Switch the registering of lenovo_yoga_tab2_830_1050_power_off over to
register_sys_off_handler() with a priority of SYS_OFF_PRIO_FIRMWARE + 1
so that it will run before acpi_power_off() to fix this.

Fixes: 98f30d0ecf ("ACPI: power: Switch to sys-off handler API")
Cc: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20220708131412.81078-2-hdegoede@redhat.com
2022-07-10 17:41:05 +02:00
Pär Eriksson
5d62261a65 platform/x86: gigabyte-wmi: add support for B660I AORUS PRO DDR4
Add support for the B660I AORUS PRO DDR4.

Signed-off-by: Pär Eriksson <parherman@gmail.com>
Link: https://lore.kernel.org/r/20220705184407.14181-1-parherman@gmail.com
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2022-07-10 17:41:05 +02:00
Shyam Sundar S K
4ddef52f26 platform/x86/amd/pmc: Add new platform support
PMC driver can be supported on a new upcoming platform.
Add this information to the support list.

Signed-off-by: Shyam Sundar S K <Shyam-sundar.S-k@amd.com>
Link: https://lore.kernel.org/r/20220630050324.3780654-2-Shyam-sundar.S-k@amd.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2022-07-10 17:40:43 +02:00
Shyam Sundar S K
1968f2be5c platform/x86/amd/pmc: Add new acpi id for PMC controller
New version of PMC controller will have a separate ACPI id, add that
to the support list.

Signed-off-by: Shyam Sundar S K <Shyam-sundar.S-k@amd.com>
Link: https://lore.kernel.org/r/20220630050324.3780654-1-Shyam-sundar.S-k@amd.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2022-07-10 17:40:26 +02:00
Masahiro Yamada
f5a4618587 kbuild: remove unused cmd_none in scripts/Makefile.modinst
Commit 65ce9c3832 ("kbuild: move module strip/compression code into
scripts/Makefile.modinst") added this unused code.

Perhaps, I thought cmd_none was useful for CONFIG_MODULE_COMPRESS_NONE,
but I did not use it after all.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
2022-07-10 21:25:15 +09:00
Borislav Petkov
cb8a4beac3 x86/boot: Fix the setup data types max limit
Commit in Fixes forgot to change the SETUP_TYPE_MAX definition which
contains the highest valid setup data type.

Correct that.

Fixes: 5ea98e01ab ("x86/boot: Add Confidential Computing type to setup_data")
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/ddba81dd-cc92-699c-5274-785396a17fb5@zytor.com
2022-07-10 11:17:40 +02:00
Linus Torvalds
b1c428b6c3 Two I2C driver bugfixes preventing resource leaks
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEOZGx6rniZ1Gk92RdFA3kzBSgKbYFAmLJwtgACgkQFA3kzBSg
 KbYUWw//Vmbr/juumYEqQ0L62zNU1TBFJNZe8tD5+tIP2a3bivUWLWoJkcEuvmmP
 No3c0Bq6384CE91xcO2rFKgoZWhg86C4b++8i98eckUA5QJjHguXemCxUqm1yJWS
 qEbpeEhWYAVnY8ptWRD8ov9d5PT6aPQta1WYT7T3wYLFl5h1kCZy/lTKmZDluh3u
 zMJQQg1SLoI0zfbK7unl9AHDtMpcc/9NwhXii7TCWEJmrmFnsGAi0JoEwWXsHsTL
 bLM8qsRsnVI25yX1T+5dR05RSc0a1bBrDctRgFs0aqun9ZoL12c9MzZUg0UQ1ETh
 zm7TuB97kYxNhnD8rU0JniqqqcP+dMHRmQFyRXPr5BH+XtgHP3inkDvO5Ju1MhiC
 dqSlsGvqCi1TlgbpU0or3kzkz3CQBawzsUnmrYRJ3tPRAY+4Z48Qj+Fdin7Hitz/
 gEm1Qf/vKv9uHOqUHQLaBTRQuVYKZVvpioX6hasZLoaIsKGxm/0UYqdd+7MviPZv
 hXck4kOKqBMaOQtBIQUTiryM51bkRxn4X/Nm6TMOZBHWJKfnJHdvG0N4yjdtXRjy
 0NDrEHLMK0p4BfRoUtWSFgNWWgjryNpCfne3CsXBFuSxsLE0OmZWVb7KwPydsH6s
 iVooxoB1LDGVWzGMK1fudnSScgE+ByDn9x/8q6zgx6ybXKKpdQo=
 =4AoP
 -----END PGP SIGNATURE-----

Merge tag 'i2c-for-5.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux

Pull i2c fixes from Wolfram Sang:
 "Two I2C driver bugfixes preventing resource leaks"

* tag 'i2c-for-5.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
  i2c: cadence: Unregister the clk notifier in error path
  i2c: piix4: Fix a memory leak in the EFCH MMIO support
2022-07-09 11:20:15 -07:00
Thomas Zimmermann
84499c5d22 drm/aperture: Run fbdev removal before internal helpers
Always run fbdev removal first to remove simpledrm via sysfb_disable().
This clears the internal state.

The later call to drm_aperture_detach_drivers() then does nothing.
Otherwise, with drm_aperture_detach_drivers() running first, the call to
sysfb_disable() uses inconsistent state.

Example backtrace show below:

  BUG: KASAN: use-after-free in device_del+0x79/0x5f0
  Read of size 8 at addr ffff888108185050 by task systemd-udevd/311
  CPU: 0 PID: 311 Comm: systemd-udevd Tainted: G            E     5.19.0-rc2-1-default+ #1689
  Hardware name: HP ProLiant DL120 G7, BIOS J01 04/21/2011
  Call Trace:
    device_del+0x79/0x5f0
    platform_device_del.part.0+0x19/0xe0
    platform_device_unregister+0x1c/0x30
    sysfb_disable+0x2d/0x70
    remove_conflicting_framebuffers+0x1c/0xf0
    remove_conflicting_pci_framebuffers+0x130/0x1a0
    drm_aperture_remove_conflicting_pci_framebuffers+0x86/0xb0
    mgag200_pci_probe+0x2d/0x140 [mgag200]

Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Fixes: 873eb3b118 ("fbdev: Disable sysfb device registration when removing conflicting FBs")
Cc: Javier Martinez Canillas <javierm@redhat.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: Helge Deller <deller@gmx.de>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Cc: Alex Deucher <alexander.deucher@amd.com>
Cc: Zhen Lei <thunder.leizhen@huawei.com>
Cc: Changcheng Deng <deng.changcheng@zte.com.cn>
Reviewed-by: Zack Rusin <zackr@vmware.com>
Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2022-07-09 11:12:05 -07:00
Sven Schnelle
de2a34771f ptrace: fix clearing of JOBCTL_TRACED in ptrace_unfreeze_traced()
CI reported the following splat while running the strace testsuite:

  WARNING: CPU: 1 PID: 3570031 at kernel/ptrace.c:272 ptrace_check_attach+0x12e/0x178
  CPU: 1 PID: 3570031 Comm: strace Tainted: G           OE     5.19.0-20220624.rc3.git0.ee819a77d4e7.300.fc36.s390x #1
  Hardware name: IBM 3906 M04 704 (z/VM 7.1.0)
  Call Trace:
   [<00000000ab4b645a>] ptrace_check_attach+0x132/0x178
  ([<00000000ab4b6450>] ptrace_check_attach+0x128/0x178)
   [<00000000ab4b6cde>] __s390x_sys_ptrace+0x86/0x160
   [<00000000ac03fcec>] __do_syscall+0x1d4/0x200
   [<00000000ac04e312>] system_call+0x82/0xb0
  Last Breaking-Event-Address:
   [<00000000ab4ea3c8>] wait_task_inactive+0x98/0x190

This is because JOBCTL_TRACED is set, but the task is not in TASK_TRACED
state. Caused by ptrace_unfreeze_traced() which does:

	task->jobctl &= ~TASK_TRACED

but it should be:

	task->jobctl &= ~JOBCTL_TRACED

Fixes: 31cae1eaae ("sched,signal,ptrace: Rework TASK_TRACED, TASK_STOPPED state")
Signed-off-by: Sven Schnelle <svens@linux.ibm.com>
Tested-by: Alexander Gordeev <agordeev@linux.ibm.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Peter Zijlstra <peterz@infradead.org>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2022-07-09 11:06:19 -07:00
Linus Torvalds
d9cdc3b125 powerpc fixes for 5.19 #5
- On Power8 bare metal, fix creation of RNG platform devices, which are needed
    for the /dev/hwrng driver to probe correctly.
 
 Thanks to: Jason A. Donenfeld, Sachin Sant.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEJFGtCPCthwEv2Y/bUevqPMjhpYAFAmLJSdATHG1wZUBlbGxl
 cm1hbi5pZC5hdQAKCRBR6+o8yOGlgDIzEACy0D2CLdJq1YSvjVfuTbon6WpzUkBq
 5ld1cIst+tLkmq9ixpwaGe+x0/7eELRL5/yfdp1/cFTLirKX1fJOlM2/P52Q+ehN
 DOJfSlDLBHP+os4klKw1g3HrbyP5IBLL0Up6fiebd83SpRHHQ8gmANlfb0KZH5MD
 mUH33cE0egSqkZmTIeMW5cCOq9tnppaM/2CFl5ijxXs5xdJodZAR1HV6uhfxhf0N
 Gqj2O44VVHyckMEVrdd2NmqXeOufWCObGAI/4WYVAijMyyewMnJDnTpso5ZBcgGv
 Y2cX5kCdN1D6rfBEKqTVkECt+Q340KbB86kIJqnPuc7T7ay7Ky4mfVOTRF2EXDQs
 mc0+MUTn1W0ydEuktO2A8lXN/3y/Y4S3SzkPDPKCLJ0+iKMx5Hij6aBqyV+gxyBp
 oc7XC4VCMNChnpxgqVzEuweTUf/3YiEDI0pQqG7pt2E/SLFoi98r4T3OH23PjdWM
 13HjilUFKVD4DNWSLCtdS9+TksvYirL7SiRhqL6x1e1qHKsvWaNwP346kEmKG5Gl
 sls152oyiNrLLiIZucuzLsJthlqJIWH+r5GNBtvxx/TO8i7O82c24wyohJm+U4lt
 liwyPQtudDTnPkA4fbTevNqQlPRMXv1/w5B2LMfJiLmbbh0fVHWaU7beHwyDji73
 xF4zYtzEp4zmIQ==
 =rqGK
 -----END PGP SIGNATURE-----

Merge tag 'powerpc-5.19-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

Pull powerpc fix from Michael Ellerman:

 - On Power8 bare metal, fix creation of RNG platform devices, which are
   needed for the /dev/hwrng driver to probe correctly.

Thanks to Jason A. Donenfeld, and Sachin Sant.

* tag 'powerpc-5.19-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  powerpc/powernv: delay rng platform device creation until later in boot
2022-07-09 10:34:08 -07:00
Takashi Iwai
a4bd9358d5 ASoC: Fixes for v5.19
Quite a large batch due to things building up for a couple of weeks but
 all driver specific apart from Marek's documentation fix.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmLHDQcACgkQJNaLcl1U
 h9DaoAf+LjanLg76KbeHMQg/IaG2dhvKJvSAjixMdLlNixMDpSOVr/2UR4lzLCpw
 gfoJk9liujPjtKMsIlQT/OiVdsMROc8vfb10PdmV7rntaBwCN01aqyr4NMauOmby
 ccdZlsoj7D0k3iTtP0nlZ+Xvm+L0zTEfI66bSB9UU+/h8PDSoK/RHMCjNBtqenAd
 4QMQWxQTvqt3xfgrWxiZeFPUJrLFjDypEDqG8qx8roIcbzEhVYInGq52XZw3ST9o
 mvC/LIFK96WvDGgiOj2UNmSuWpe3lF7cMPmomwyYkdUMcMwbSdVfDOsnAdnyqONi
 RiWIr7g5NOPkYa4mSNhB9Ia1PTzf0Q==
 =V5ia
 -----END PGP SIGNATURE-----

Merge tag 'asoc-fix-v5.19-rc4' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

ASoC: Fixes for v5.19

Quite a large batch due to things building up for a couple of weeks but
all driver specific apart from Marek's documentation fix.
2022-07-09 18:23:54 +02:00
Pablo Neira Ayuso
c39ba4de6b netfilter: nf_tables: replace BUG_ON by element length check
BUG_ON can be triggered from userspace with an element with a large
userdata area. Replace it by length check and return EINVAL instead.
Over time extensions have been growing in size.

Pick a sufficiently old Fixes: tag to propagate this fix.

Fixes: 7d7402642e ("netfilter: nf_tables: variable sized set element keys / data")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2022-07-09 16:25:09 +02:00
Jens Axboe
d785a773be io_uring: check that we have a file table when allocating update slots
If IORING_FILE_INDEX_ALLOC is set asking for an allocated slot, the
helper doesn't check if we actually have a file table or not. The non
alloc path does do that correctly, and returns -ENXIO if we haven't set
one up.

Do the same for the allocated path, avoiding a NULL pointer dereference
when trying to find a free bit.

Fixes: a7c41b4687 ("io_uring: let IORING_OP_FILES_UPDATE support choosing fixed file slots")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2022-07-09 07:02:10 -06:00
Eric Dumazet
72a0b32911 vlan: fix memory leak in vlan_newlink()
Blamed commit added back a bug I fixed in commit 9bbd917e0b
("vlan: fix memory leak in vlan_dev_set_egress_priority")

If a memory allocation fails in vlan_changelink() after other allocations
succeeded, we need to call vlan_dev_free_egress_priority()
to free all allocated memory because after a failed ->newlink()
we do not call any methods like ndo_uninit() or dev->priv_destructor().

In following example, if the allocation for last element 2000:2001 fails,
we need to free eight prior allocations:

ip link add link dummy0 dummy0.100 type vlan id 100 \
	egress-qos-map 1:2 2:3 3:4 4:5 5:6 6:7 7:8 8:9 2000:2001

syzbot report was:

BUG: memory leak
unreferenced object 0xffff888117bd1060 (size 32):
comm "syz-executor408", pid 3759, jiffies 4294956555 (age 34.090s)
hex dump (first 32 bytes):
09 00 00 00 00 a0 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff83fc60ad>] kmalloc include/linux/slab.h:600 [inline]
[<ffffffff83fc60ad>] vlan_dev_set_egress_priority+0xed/0x170 net/8021q/vlan_dev.c:193
[<ffffffff83fc6628>] vlan_changelink+0x178/0x1d0 net/8021q/vlan_netlink.c:128
[<ffffffff83fc67c8>] vlan_newlink+0x148/0x260 net/8021q/vlan_netlink.c:185
[<ffffffff838b1278>] rtnl_newlink_create net/core/rtnetlink.c:3363 [inline]
[<ffffffff838b1278>] __rtnl_newlink+0xa58/0xdc0 net/core/rtnetlink.c:3580
[<ffffffff838b1629>] rtnl_newlink+0x49/0x70 net/core/rtnetlink.c:3593
[<ffffffff838ac66c>] rtnetlink_rcv_msg+0x21c/0x5c0 net/core/rtnetlink.c:6089
[<ffffffff839f9c37>] netlink_rcv_skb+0x87/0x1d0 net/netlink/af_netlink.c:2501
[<ffffffff839f8da7>] netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
[<ffffffff839f8da7>] netlink_unicast+0x397/0x4c0 net/netlink/af_netlink.c:1345
[<ffffffff839f9266>] netlink_sendmsg+0x396/0x710 net/netlink/af_netlink.c:1921
[<ffffffff8384dbf6>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff8384dbf6>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff8384e15c>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2488
[<ffffffff838523cb>] ___sys_sendmsg+0x8b/0xd0 net/socket.c:2542
[<ffffffff838525b8>] __sys_sendmsg net/socket.c:2571 [inline]
[<ffffffff838525b8>] __do_sys_sendmsg net/socket.c:2580 [inline]
[<ffffffff838525b8>] __se_sys_sendmsg net/socket.c:2578 [inline]
[<ffffffff838525b8>] __x64_sys_sendmsg+0x78/0xf0 net/socket.c:2578
[<ffffffff845ad8d5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff845ad8d5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff8460006a>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

Fixes: 37aa50c539 ("vlan: introduce vlan_dev_free_egress_priority")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Xin Long <lucien.xin@gmail.com>
Reviewed-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2022-07-09 12:26:59 +01:00
Baowen Zheng
9c840d5f9a nfp: fix issue of skb segments exceeds descriptor limitation
TCP packets will be dropped if the segments number in the tx skb
exceeds limitation when sending iperf3 traffic with --zerocopy option.

we make the following changes:

Get nr_frags in nfp_nfdk_tx_maybe_close_block instead of passing from
outside because it will be changed after skb_linearize operation.

Fill maximum dma_len in first tx descriptor to make sure the whole
head is included in the first descriptor.

Fixes: c10d12e3dc ("nfp: add support for NFDK data path")
Signed-off-by: Baowen Zheng <baowen.zheng@corigine.com>
Reviewed-by: Louis Peens <louis.peens@corigine.com>
Signed-off-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2022-07-09 12:25:02 +01:00