Commit Graph

900356 Commits

Author SHA1 Message Date
Jakub Sitnicki
5d3919a953 selftests/bpf: Test freeing sockmap/sockhash with a socket in it
Commit 7e81a35302 ("bpf: Sockmap, ensure sock lock held during tear
down") introduced sleeping issues inside RCU critical sections and while
holding a spinlock on sockmap/sockhash tear-down. There has to be at least
one socket in the map for the problem to surface.

This adds a test that triggers the warnings for broken locking rules. Not a
fix per se, but rather tooling to verify the accompanying fixes. Run on a
VM with 1 vCPU to reproduce the warnings.

Fixes: 7e81a35302 ("bpf: Sockmap, ensure sock lock held during tear down")
Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/bpf/20200206111652.694507-4-jakub@cloudflare.com
2020-02-07 22:36:26 +01:00
Jakub Sitnicki
0b2dc83906 bpf, sockhash: Synchronize_rcu before free'ing map
We need to have a synchronize_rcu before free'ing the sockhash because any
outstanding psock references will have a pointer to the map and when they
use it, this could trigger a use after free.

This is a sister fix for sockhash, following commit 2bb90e5cc9 ("bpf:
sockmap, synchronize_rcu before free'ing map") which addressed sockmap,
which comes from a manual audit.

Fixes: 604326b41a ("bpf, sockmap: convert to generic sk_msg interface")
Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/bpf/20200206111652.694507-3-jakub@cloudflare.com
2020-02-07 22:36:26 +01:00
Jakub Sitnicki
db6a5018b6 bpf, sockmap: Don't sleep while holding RCU lock on tear-down
rcu_read_lock is needed to protect access to psock inside sock_map_unref
when tearing down the map. However, we can't afford to sleep in lock_sock
while in RCU read-side critical section. Grab the RCU lock only after we
have locked the socket.

This fixes RCU warnings triggerable on a VM with 1 vCPU when free'ing a
sockmap/sockhash that contains at least one socket:

| =============================
| WARNING: suspicious RCU usage
| 5.5.0-04005-g8fc91b972b73 #450 Not tainted
| -----------------------------
| include/linux/rcupdate.h:272 Illegal context switch in RCU read-side critical section!
|
| other info that might help us debug this:
|
|
| rcu_scheduler_active = 2, debug_locks = 1
| 4 locks held by kworker/0:1/62:
|  #0: ffff88813b019748 ((wq_completion)events){+.+.}, at: process_one_work+0x1d7/0x5e0
|  #1: ffffc900000abe50 ((work_completion)(&map->work)){+.+.}, at: process_one_work+0x1d7/0x5e0
|  #2: ffffffff82065d20 (rcu_read_lock){....}, at: sock_map_free+0x5/0x170
|  #3: ffff8881368c5df8 (&stab->lock){+...}, at: sock_map_free+0x64/0x170
|
| stack backtrace:
| CPU: 0 PID: 62 Comm: kworker/0:1 Not tainted 5.5.0-04005-g8fc91b972b73 #450
| Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014
| Workqueue: events bpf_map_free_deferred
| Call Trace:
|  dump_stack+0x71/0xa0
|  ___might_sleep+0x105/0x190
|  lock_sock_nested+0x28/0x90
|  sock_map_free+0x95/0x170
|  bpf_map_free_deferred+0x58/0x80
|  process_one_work+0x260/0x5e0
|  worker_thread+0x4d/0x3e0
|  kthread+0x108/0x140
|  ? process_one_work+0x5e0/0x5e0
|  ? kthread_park+0x90/0x90
|  ret_from_fork+0x3a/0x50

| =============================
| WARNING: suspicious RCU usage
| 5.5.0-04005-g8fc91b972b73-dirty #452 Not tainted
| -----------------------------
| include/linux/rcupdate.h:272 Illegal context switch in RCU read-side critical section!
|
| other info that might help us debug this:
|
|
| rcu_scheduler_active = 2, debug_locks = 1
| 4 locks held by kworker/0:1/62:
|  #0: ffff88813b019748 ((wq_completion)events){+.+.}, at: process_one_work+0x1d7/0x5e0
|  #1: ffffc900000abe50 ((work_completion)(&map->work)){+.+.}, at: process_one_work+0x1d7/0x5e0
|  #2: ffffffff82065d20 (rcu_read_lock){....}, at: sock_hash_free+0x5/0x1d0
|  #3: ffff888139966e00 (&htab->buckets[i].lock){+...}, at: sock_hash_free+0x92/0x1d0
|
| stack backtrace:
| CPU: 0 PID: 62 Comm: kworker/0:1 Not tainted 5.5.0-04005-g8fc91b972b73-dirty #452
| Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014
| Workqueue: events bpf_map_free_deferred
| Call Trace:
|  dump_stack+0x71/0xa0
|  ___might_sleep+0x105/0x190
|  lock_sock_nested+0x28/0x90
|  sock_hash_free+0xec/0x1d0
|  bpf_map_free_deferred+0x58/0x80
|  process_one_work+0x260/0x5e0
|  worker_thread+0x4d/0x3e0
|  kthread+0x108/0x140
|  ? process_one_work+0x5e0/0x5e0
|  ? kthread_park+0x90/0x90
|  ret_from_fork+0x3a/0x50

Fixes: 7e81a35302 ("bpf: Sockmap, ensure sock lock held during tear down")
Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/bpf/20200206111652.694507-2-jakub@cloudflare.com
2020-02-07 22:36:26 +01:00
Toke Høiland-Jørgensen
d95f1e8b46 bpftool: Don't crash on missing xlated program instructions
Turns out the xlated program instructions can also be missing if
kptr_restrict sysctl is set. This means that the previous fix to check the
jited_prog_insns pointer was insufficient; add another check of the
xlated_prog_insns pointer as well.

Fixes: 5b79bcdf03 ("bpftool: Don't crash on missing jited insns or ksyms")
Fixes: cae73f2339 ("bpftool: use bpf_program__get_prog_info_linear() in prog.c:do_dump()")
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Quentin Monnet <quentin@isovalent.com>
Link: https://lore.kernel.org/bpf/20200206102906.112551-1-toke@redhat.com
2020-02-07 22:29:45 +01:00
Lorenz Bauer
85b8ac01a4 bpf, sockmap: Check update requirements after locking
It's currently possible to insert sockets in unexpected states into
a sockmap, due to a TOCTTOU when updating the map from a syscall.
sock_map_update_elem checks that sk->sk_state == TCP_ESTABLISHED,
locks the socket and then calls sock_map_update_common. At this
point, the socket may have transitioned into another state, and
the earlier assumptions don't hold anymore. Crucially, it's
conceivable (though very unlikely) that a socket has become unhashed.
This breaks the sockmap's assumption that it will get a callback
via sk->sk_prot->unhash.

Fix this by checking the (fixed) sk_type and sk_protocol without the
lock, followed by a locked check of sk_state.

Unfortunately it's not possible to push the check down into
sock_(map|hash)_update_common, since BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB
run before the socket has transitioned from TCP_SYN_RECV into
TCP_ESTABLISHED.

Fixes: 604326b41a ("bpf, sockmap: convert to generic sk_msg interface")
Signed-off-by: Lorenz Bauer <lmb@cloudflare.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Jakub Sitnicki <jakub@cloudflare.com>
Link: https://lore.kernel.org/bpf/20200207103713.28175-1-lmb@cloudflare.com
2020-02-07 22:28:04 +01:00
Linus Torvalds
41dcd67e88 A handful of small documentation fixes that wandered in.
-----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCAAtFiEEIw+MvkEiF49krdp9F0NaE2wMflgFAl49mtYPHGNvcmJldEBs
 d24ubmV0AAoJEBdDWhNsDH5Y/5sH+wX3mdrcC7pX2XALDvl35P+QB5CFy0v1bkMY
 KAi/Ulxd6aicnowsBx6wdqSZO01Bh0E/nc9x42WIbHBR9/J5ZlitpKj5pGi0JYE/
 vguMEFgAPQb1dx3EGJ56dxKqJ/+zICVLhf7pawP82QqE6z4Kuonp9AXR1UMRvWej
 /b1qobQB++skh+nfGYqt7c7D6MQjaSb+5+TkU6xbHfoeMHDJkNdBHiiM5IbVE/s2
 KgAngM7cTYeu4el4h6ue1ZJjbU2iOi1FJU95r2ufMYEt6EEfP2zkzCYXju/xyIbO
 2NsdY3xUHhr9H32xkopPMoYrnzuzoTv8xi1xkhsnbOPZzZQMPls=
 =zx2k
 -----END PGP SIGNATURE-----

Merge tag 'docs-5.6-2' of git://git.lwn.net/linux

Pull Documentation fixes from Jonathan Corbet:
 "A handful of small documentation fixes that wandered in"

* tag 'docs-5.6-2' of git://git.lwn.net/linux:
  Allow git builds of Sphinx
  Documentation: changes.rst: update several outdated project URLs
  Documentation: build warnings related to missing blank lines after explicit markups has been fixed
  mailmap: add entry for Tiezhu Yang
  Documentation/ko_KR/howto: Update a broken link
  Documentation/ko_KR/howto: Update broken web addresses
  docs/locking: Fix outdated section names
2020-02-07 13:03:10 -08:00
Linus Torvalds
11777ee8b0 Merge branch 'i2c/for-5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
Pull i2c updates from Wolfram Sang:
 "i2c core:

   - huge improvements and refactorizations of the Linux I2C
     documentation (lots of thanks to Luca for doing it and Jean for the
     careful review)

   - subsystem wide API conversion to i2c_new_client_device()

   - remove obsolete parport-light driver

   - smaller core updates (removal of 'extern', enabling more compile
     testing, use more helper macros)

   - and quite a bunch of driver updates (new IDs, simplifications,
     better PM, support of atomic transfers and other improvements)

  i2c-mux:

   - The main feature is the idle-state rework of the pca954x driver
     from Biwen Li

  at24 driver:

   - minor maintenance: update the license tag, sort headers

   - move support for the write-protect pin into nvmem core

   - add a reference to the new wp-gpios property in nvmem to at25
     bindings

   - add support for regulator and pm_runtime control"

* 'i2c/for-5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: (91 commits)
  i2c: cros-ec-tunnel: Fix ACPI identifier
  i2c: cros-ec-tunnel: Fix slave device enumeration
  i2c: stm32f7: add PM_SLEEP suspend/resume support
  i2c: cadence: Fix wording in i2c-cadence driver
  i2c: cadence: Fix power management order of operations
  i2c: cadence: Fix error printing in case of defer
  i2c: cadence: Handle transfer_size rollover
  i2c: i801: Add support for Intel Comet Lake PCH-V
  docs: i2c: writing-clients: properly name the stop condition
  docs: i2c: i2c-protocol: use same wording as smbus-protocol
  docs: i2c: rename sections so the overall picture is clearer
  docs: i2c: old-module-parameters: use monospace instead of ""
  docs: i2c: old-module-parameters: clarify this is for obsolete kernels
  docs: i2c: old-module-parameters: fix internal hyperlink
  docs: i2c: instantiating-devices: use monospace for sysfs attributes
  docs: i2c: instantiating-devices: rearrange static instatiation
  docs: i2c: instantiating-devices: fix internal hyperlink
  docs: i2c: smbus-protocol: improve I2C Block transactions description
  docs: i2c: smbus-protocol: fix punctuation
  docs: i2c: smbus-protocol: fix typo
  ...
2020-02-07 12:54:13 -08:00
Linus Torvalds
ed39ba0ec1 Additional ACPI updates for 5.6-rc1
Add Hisilicon Hip08-Lite I2C controller clock frequency support
 to the ACPI driver for AMD SoCs (APD) and to the Designware I2C
 driver (Hanjun Guo).
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAl49OosSHHJqd0Byand5
 c29ja2kubmV0AAoJEILEb/54YlRxVfcP/3bOt+bpD4hbgh+TjLTJaRV8t2391Gyx
 j/HR8+S/NVE0P1EiGJCabOhDd1aX+eQU7nCD0QEWReGrhfY6DbLXazNhr5fRS4AO
 IQ7QUUoQSUhdylTOG/y5h/KX8tDyDDawr8buuXFCe1+Aa0wrLagLleCGk87aeX9k
 Pfz159gxZclEFsF93A7WW1sT5GYYCRKZouwBpgYMVgq/9mYceDZmO0LmopV1S5N/
 sk3m3c9rmftU2rxKR0iW2vir8KaUP4gLSG6Oo0jcEjlyGkqR4zRuTPMb1ROagNXW
 sdqLBZfg3gN7AAsDbom5F2lMuW8K0ZJ6+N8DdcR3d3ul9ELb7TEBa0597lyZbty7
 Xss+49Cqy4DdVSmF1C36SJW+ifEtESbBaMhhcNhHJKNrucECWiNlIr29SA/HmdYj
 X/bKJzqjORR0Fd93CimXookdukviBr4spCYwXa3fWd7bvczqGq5H/EBcmhBNcYiQ
 F/Gw833cVJgM+W1lRXfso7/JjvjM5OYnHZIyL2w10S5OqPte7YAKxZhHJODXsaYG
 tn6DLHcnYaCS7pBKXP9Rv03R4hgXSWquQQ6f6Ipo/esIPl1TBwhwA4ECElx5cGzw
 hMdhAWA5MwWnJD+7XVA9302XcpitlAJTCSTNYsW96vfdnUE8YjNeOBAJcm1/Lt0W
 PqUsklKI+zPc
 =9BkB
 -----END PGP SIGNATURE-----

Merge tag 'acpi-5.6-rc1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull more ACPI updates from Rafael Wysocki:
 "Add Hisilicon Hip08-Lite I2C controller clock frequency support to the
  ACPI driver for AMD SoCs (APD) and to the Designware I2C driver
  (Hanjun Guo)"

* tag 'acpi-5.6-rc1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  i2c: designware: Add ACPI HID for Hisilicon Hip08-Lite I2C controller
  ACPI / APD: Add clock frequency for Hisilicon Hip08-Lite I2C controller
2020-02-07 12:51:54 -08:00
Linus Torvalds
ba7dcfc7ba Additional power management updates for 5.6-rc1
Update the recently merged CPR (Core Power Reduction) support in the
 AVS (Adaptive Voltage Scaling) subsystem (Brendan Higgins, Nathan
 Chancellor, Niklas Cassel) and the rockchip-io AVS driver (Heiko
 Stuebner), add two more module parameters to intel_idle on top of the
 recently merged material, clean up a piece of cpuidle documentation
 and consolidate system sleep states documentation (Rafael Wysocki).
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAl49O1kSHHJqd0Byand5
 c29ja2kubmV0AAoJEILEb/54YlRx7OMP/34DA5zPXhughdawhrw4z9N8Xl/VKbva
 k6wr26C4Bwrd19i4MU6LdrjbbMBfbg7gsUtuO/sF9dXjsFlcMrfsgsdIO5QH26qL
 yD68wwv/F7/MWUWhY7wVcTI5bnBnS1WF6ygnhRCfhI7R7Zq/WWQwK6D9/yZG/9uo
 AfTEv+yfXSBg+ByzaFqYt7S6QTTnUPrp29ROOJNE7Eryz2n1S9cSxCZPAQbqVNfr
 0SRX9EPUNkNTYfR+QEtIs6uXrCWpbAePdxenirRYMvTYidjDvWG3kXNp+MlwR9co
 ieiYmCELOnlmYXu2vOPmBWW5rnxP+4aQuOVpuCPRxRwecKUxZwcGL0eh7e4A0wP8
 /WwiTHyKphlqPWSaYvWKWDI2razDNnFnqkmXgfb68rAZNUNRRMbTErHzu2w4A1vj
 NiGCWqR+5Wimp4Ztk/WfFQYxPb2wr+a8PdwNWtH03goB2JOvHSZbNCB+BqX0yJJt
 GECDn6mFKCqJRQXfsxa+RIrVj3oXouExlb6VtKc3AHPSn+XyzQgRbo+CH0XvTnNI
 uoiL3PY4ayR6WBJjveRW9lLw3Acul475O1Xd0OzCNx2gsD6cRG7sE9cj4vRltdpl
 qW/t7vkS4JiqASgQEfZui4EZFxIk0Brv9v7KNl43bIcyW5SCkyjAbWeCR18I9l6l
 kxn8zXSTxtKZ
 =Yc9a
 -----END PGP SIGNATURE-----

Merge tag 'pm-5.6-rc1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull more power management updates from Rafael Wysocki:

 - Update the recently merged CPR (Core Power Reduction) support in the
   AVS (Adaptive Voltage Scaling) subsystem (Brendan Higgins, Nathan
   Chancellor, Niklas Cassel)

 - Update the rockchip-io AVS driver (Heiko Stuebner)

 - Add two more module parameters to intel_idle on top of the recently
   merged material (Rafael Wysocki)

 - Clean up a piece of cpuidle documentation and consolidate system
   sleep states documentation (Rafael Wysocki)

* tag 'pm-5.6-rc1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  cpuidle: Documentation: Clean up PM QoS description
  Documentation: admin-guide: PM: Update sleep states documentation
  intel_idle: Introduce 'states_off' module parameter
  intel_idle: Introduce 'use_acpi' module parameter
  power: avs: qcom-cpr: Avoid clang -Wsometimes-uninitialized in cpr_scale
  power: avs: qcom-cpr: add unspecified HAS_IOMEM dependency
  PM / AVS: rockchip-io: fix the supply naming for the emmc supply on px30
  power: avs: qcom-cpr: add a printout after the driver has been initialized
2020-02-07 12:49:10 -08:00
Linus Torvalds
c16b99d6c5 drm fixes for 5.6-rc1
tegra:
 - merge window regression fixes
 
 nouveau:
 - couple of volta/turing modesetting fixes
 
 amdgpu:
 - EDC fixes for Arcturus
 - GDDR6 memory training fixe
 - Fix for reading gfx clockgating registers while in GFXOFF state
 - i2c freq fixes
 - Misc display fixes
 - TLB invalidation fix when using semaphores
 - VCN 2.5 instancing fixes
 - Switch raven1 gfxoff to a blacklist
 - Coreboot workaround for KV/KB
 - Root cause dongle fixes for display and revert workaround
 - Enable GPU reset for renoir and navi
 - Navi overclocking fixes
 - Fix up confusing warnings in display clock validation on raven
 
 amdkfd:
 - SDMA fix
 
 radeon:
 - Misc LUT fixes
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJePNasAAoJEAx081l5xIa+axgP+wZbUkJZYt75p5thhptp2CY3
 235yIZQcDy0T+J/34Agv0e5DfK2hCafPIVv7dIV1A9AjWxhVzIoZmD2mHSLKnxVb
 MsfemKsrm1WO9KezDkDIEOgkN5rY811xTIsg89VSjyiiPXQmwAcXQBbmIBHg9YtT
 7ttek1afJv7h0HD4W2JdTxLEeKn9lpZHUXESXz+xoE8OUMDizMgmbt8nWXlbFpcw
 Tx1EmxZ3jbCYGsrcQBOLURZiwzOb2zbXJ9o8BgNdomvtI69l2/3mMonavw+IgVq+
 aiHMgWViVsDDP8ijn8uBa7EEqtGWuqTRaL/Ei71w2MGkG7S3Nz4PxbLbl5P9NHAc
 D3OsiaXGdNhoSGfGD6sr7TlOIEo7gjLGKJ3fMW15XmBF4isb0lwlnIB7dTiU9Zaq
 UBMpNA9/Vtty2MtT1SkVKQrC+Mujl4lAYssWhcrh1/RX0Ij6do4aFswy17dbVg3Q
 LIigj1quIfNPXONb0fwkg5JGQyOMnrYs0Q6SkrhQfSR2UzsNWnGoBRyROcZipNnQ
 STaM8F6eEi7RbFUaT0uWL71GBxM00PyjQgpf5fnrOiKp6rfgK3B3ThpsVoAQ2OW4
 CnodlCa1uxIkIgQdcoG/3vT5B6nzpdhgRVjHt+N5sraLjOZFZHxex0YmJAYXcN+/
 QR8ARNgILJvA14xCsOT7
 =C0nE
 -----END PGP SIGNATURE-----

Merge tag 'drm-next-2020-02-07' of git://anongit.freedesktop.org/drm/drm

Pull drm fixes from Dave Airlie:
 "Just some fixes for this merge window: the tegra changes fix some
  regressions in the merge, nouveau has a few modesetting fixes.

  The amdgpu fixes are bit bigger, but they contain a couple of weeks of
  fixes, and don't seem to contain anything that isn't really a fix.

  Summary:

  tegra:
   - merge window regression fixes

  nouveau:
   - couple of volta/turing modesetting fixes

  amdgpu:
   - EDC fixes for Arcturus
   - GDDR6 memory training fixe
   - Fix for reading gfx clockgating registers while in GFXOFF state
   - i2c freq fixes
   - Misc display fixes
   - TLB invalidation fix when using semaphores
   - VCN 2.5 instancing fixes
   - Switch raven1 gfxoff to a blacklist
   - Coreboot workaround for KV/KB
   - Root cause dongle fixes for display and revert workaround
   - Enable GPU reset for renoir and navi
   - Navi overclocking fixes
   - Fix up confusing warnings in display clock validation on raven

  amdkfd:
   - SDMA fix

  radeon:
   - Misc LUT fixes"

* tag 'drm-next-2020-02-07' of git://anongit.freedesktop.org/drm/drm: (90 commits)
  gpu: host1x: Set DMA direction only for DMA-mapped buffer objects
  drm/tegra: Reuse IOVA mapping where possible
  drm/tegra: Relax IOMMU usage criteria on old Tegra
  drm/amd/dm/mst: Ignore payload update failures
  drm/amdgpu: update default voltage for boot od table for navi1x
  drm/amdgpu/smu10: fix smu10_get_clock_by_type_with_voltage
  drm/amdgpu/smu10: fix smu10_get_clock_by_type_with_latency
  drm/amdgpu/display: handle multiple numbers of fclks in dcn_calcs.c (v2)
  drm/amdgpu: fetch default VDDC curve voltages (v2)
  drm/amdgpu/smu_v11_0: Correct behavior of restoring default tables (v2)
  drm/amdgpu/navi10: add OD_RANGE for navi overclocking
  drm/amdgpu/navi: fix index for OD MCLK
  drm/amd/display: Fix HW/SW state mismatch
  drm/amd/display: Fix a typo when computing dsc configuration
  drm/amd/powerplay: fix navi10 system intermittent reboot issue V2
  drm/amdkfd: Fix a bug in SDMA RLC queue counting under HWS mode
  drm/amd/display: Only enable cursor on pipes that need it
  drm/nouveau/kms/gv100-: avoid sending a core update until the first modeset
  drm/nouveau/kms/gv100-: move window ownership setup into modesetting path
  drm/nouveau/disp/gv100-: halt NV_PDISP_FE_RM_INTR_STAT_CTRL_DISP_ERROR storms
  ...
2020-02-07 12:46:08 -08:00
Linus Torvalds
8bf5973a4e A collection of fixes that would be good to get merged before -rc1.
- Make of_clk.h self contained
  - Fix new qcom DT bindings that just merged to match the DTS files
  - Fix qcom clk driver to properly detect DFS clk frequencies
  - Fix the ls1028a driver to not deref a pointer before assigning it
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEE9L57QeeUxqYDyoaDrQKIl8bklSUFAl48WfERHHNib3lkQGtl
 cm5lbC5vcmcACgkQrQKIl8bklSWtnw/+P0xw3S0Wdkr4UEkfCmSf8/JAP6xXc4Of
 TFeJoXTCqqvgq66BpFVRMSPvA7jr2hx4siHBJbpXT4M+VpGhw5sRcEumQChHtZpX
 WDSUszR86hxQCyq4ONdU0hQ6YfL/Erx14WqAK/DMHMLUtqIbSkfeVlZNTqpBHrBk
 Nyx9S4rG0RerddmI1DPPikx3oPCwVxi+biqX3H+T1Ndsn2L/Iol+jerRfa9kbjRU
 kaH/gXByikMKt+EdKlVLoCEl9jOC9gDu3MvM5ik01pFF5+SVeUD89wSDRHjuyVf/
 mfag7xwXxxbjQNYJdEJu3keZslzezBUDY1DDnxIXstA7NhaQp2Jw6CX1S+S4KszR
 Bh21okQGgSZUsnOVJmOOweqCPh8cvfyLb0sDjYlTgUog2QcQmBQbkTVqV5ZvvtF6
 e5cdcxI7zHZQ5tszFXYk32GkXqN7QcucYy6HYbh6fcivkJOE5DozOUOP8DDkoP39
 fWRCZiZLM3bWYx3he2MnMpZMxo7sLAMwpO2v+jxtqTZFVfvBPYaITuM08t+o9YH1
 D+hIuSXoDKDzliQYEmo7p2k+JHstTw91sBuH9NRgNhcUZ1z/Fg8osfW7uBnuu5qv
 vpK/xZJo8zJF3046xlnaRDz/oO2VKv6Wvq/04ayE087MEKps6OxE9AwxreB3brj1
 kPWlYe0uexQ=
 =fchl
 -----END PGP SIGNATURE-----

Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux

Pull clk fixes from Stephen Boyd:
 "A collection of fixes:

   - Make of_clk.h self contained

   - Fix new qcom DT bindings that just merged to match the DTS files

   - Fix qcom clk driver to properly detect DFS clk frequencies

   - Fix the ls1028a driver to not deref a pointer before assigning it"

* tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
  of: clk: Make <linux/of_clk.h> self-contained
  clk: qcom: Use ARRAY_SIZE in videocc-sc7180 for parent clocks
  clk: qcom: Get rid of the test clock for videocc-sc7180
  dt-bindings: clock: Cleanup qcom,videocc bindings for sdm845/sc7180
  clk: qcom: Use ARRAY_SIZE in gpucc-sc7180 for parent clocks
  clk: qcom: Get rid of the test clock for gpucc-sc7180
  dt-bindings: clock: Fix qcom,gpucc bindings for sdm845/sc7180/msm8998
  clk: qcom: Use ARRAY_SIZE in dispcc-sc7180 for parent clocks
  clk: qcom: Get rid of the test clock for dispcc-sc7180
  clk: qcom: Get rid of fallback global names for dispcc-sc7180
  dt-bindings: clock: Fix qcom,dispcc bindings for sdm845/sc7180
  clk: qcom: rcg2: Don't crash if our parent can't be found; return an error
  clk: ls1028a: fix a dereference of pointer 'parent' before a null check
  dt-bindings: clk: qcom: Fix self-validation, split, and clean cruft
  clk: qcom: Don't overwrite 'cfg' in clk_rcg2_dfs_populate_freq()
2020-02-07 12:40:50 -08:00
Stephen Boyd
f9f21cea31 genirq: Clarify that irq wake state is orthogonal to enable/disable
There's some confusion around if an irq that's disabled with disable_irq()
can still wake the system from sleep states such as "suspend to RAM".

Clarify this in the kernel documentation for irq_set_irq_wake() so that
it's clear that an irq can be disabled and still wake the system if it has
been marked for wakeup.

Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Link: https://lkml.kernel.org/r/20200206191521.94559-1-swboyd@chromium.org
2020-02-07 21:37:08 +01:00
Linus Torvalds
b34f01f76a linux-watchdog 5.6-rc1 tag
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.14 (GNU/Linux)
 
 iEYEABECAAYFAl48a0YACgkQ+iyteGJfRsoOcQCeMHtMpkUEYQa6X/bMkEnlu9DT
 bhEAoN0fFm53Y/SVPipe/r1+0JQOkMoI
 =/D+E
 -----END PGP SIGNATURE-----

Merge tag 'linux-watchdog-5.6-rc1' of git://www.linux-watchdog.org/linux-watchdog

Pull watchdog updates from Wim Van Sebroeck:

 - add IT8786 chipset ID

 - addition of sam9x60 compatible watchdog

 - da9062 improvements

 - fix UAF in reboot notifier handling in watchdog core code

 - other fixes and small improvements

* tag 'linux-watchdog-5.6-rc1' of git://www.linux-watchdog.org/linux-watchdog:
  watchdog: da9062: make restart handler atomic safe
  watchdog: mtk_wdt: mt2712: Add reset controller
  watchdog: mtk_wdt: mt8183: Add reset controller
  dt-bindings: mediatek: mt2712: Add #reset-cells
  dt-bindings: mediatek: mt8183: Add #reset-cells
  dt-bindings: watchdog: da9062: add suspend disable option
  watchdog: it87_wdt: add IT8786 ID
  watchdog: dw_wdt: ping watchdog to reset countdown before start
  watchdog: fix UAF in reboot notifier handling in watchdog core code
  watchdog: cadence: Skip printing pointer value
  watchdog: qcom: Use platform_get_irq_optional() for bark irq
  watchdog: da9062: add power management ops
  watchdog: make DesignWare watchdog allow users to set bigger timeout value
  drivers: watchdog: stm32_iwdg: set WDOG_HW_RUNNING at probe
  watchdog: sama5d4_wdt: addition of sam9x60 compatible watchdog
2020-02-07 12:30:16 -08:00
Linus Torvalds
e0f121c5cc virtio: fixes, cleanups
Some bug fixes/cleanups.
 Deprecated scsi passthrough for blk removed.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAl49E/4PHG1zdEByZWRo
 YXQuY29tAAoJECgfDbjSjVRpyecH/AlBzCOlv9kBHKvx30h2QTgbvZlZM++SRQ18
 XAuvU/gRVTPLeSsXnJGz0hMD8hxBti6esqvxHzSzs2a6DqkqLrRdnMXsjs6QlAdX
 6NwP4VesL7RNKTAjjrtmXQMr8iADtTy8FKCw/sZM+6sqhPeKAzFbBrjfH6amINru
 orEF+eGwNXLkegK4+QVQx8f1rlIm7+/Z4lAP75FsaisYWLxklvn3VjZ7YjsCNexi
 4zMxv64W8AHCRJK8k7/+vluedwwTghY9ayubw4zeRWmcfRw568bxlCZUQBmNWspC
 lj4/ZWzGmd60UQx9fUvEd7T6QCRzaaUYVzXC0Mh8I3pLV+V5tKY=
 =uqtg
 -----END PGP SIGNATURE-----

Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost

Pull virtio updates from Michael Tsirkin:
 "Some bug fixes/cleanups.

  The deprecated scsi passthrough for virtio_blk is removed"

* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
  virtio_balloon: Fix memory leaks on errors in virtballoon_probe()
  virtio-balloon: Fix memory leak when unloading while hinting is in progress
  virtio_balloon: prevent pfn array overflow
  virtio-blk: remove VIRTIO_BLK_F_SCSI support
  virtio-pci: check name when counting MSI-X vectors
  virtio-balloon: initialize all vq callbacks
  virtio-mmio: convert to devm_platform_ioremap_resource
2020-02-07 12:26:34 -08:00
Linus Torvalds
9b7fa2880f Xtensa updates for v5.6:
- reorganize exception vectors placement;
 - small cleanups (drop unused functions/headers/defconfig entries,
   spelling fixes).
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCgAxFiEEK2eFS5jlMn3N6xfYUfnMkfg/oEQFAl48XNkTHGpjbXZia2Jj
 QGdtYWlsLmNvbQAKCRBR+cyR+D+gREb7D/kBxtOyNtf6Y2hw5OVHiAP/S5lUBN6f
 I+kRwBWoWF8YbRqCQTg8o7FyuUVW9M7x+eZmqRk7R5ea7e1dnVCWLjZThpdIITBm
 520s04vElfCdcxwSRQtEHWFcppUqzix0b3hdNBgzwirV1HlwFy1ymjaj7muLppFw
 7iL5JpOLVHz8Oc1JPwgjXsNJiFQ5tucC6mj+KZTcdjps3sDs9wnnTy0GwkY+oHhy
 RZsjT+ETK5BquhqpDGm1/02bqgYudGjOYIhalzuxToxGQSk2ejk9UQJK/VzYiG0t
 PB/xYJJiR2k/TP0w99E1Y3SwV3g+60T6EQ3524RS3xqcZcj1E/GGUHjLt5Ktevti
 rZdYuWeDsALvFxcAuRerB/vNC7R60I6h+GctnkXfXvdQ4d1Wzw9tCNbsbEDUTvI1
 I9O6wmavukzDFq8QXv47iWYgsMwEgJUwLt6em8PIP3ek+hOMCPg42BSy8spfLhfT
 2q23BrrrC0CseG8MtikNl6mNChWfDvhHB5mTaQ2eNvHx7JVzrrBLkN2Rap7aUpb5
 Sl6A+GWizIJyylruhTTnUShkd+4b7SwWP4dTH0KxvxDB5Z1au7yP4bhpHrRzQ5EY
 iCOYOVW7hLziZbtejF2UvtMuw+KTBgftmLlERlpbh3jKqA5eKyuErpfzBL1p7VeN
 nCE6DXCvC72euA==
 =GGAT
 -----END PGP SIGNATURE-----

Merge tag 'xtensa-20200206' of git://github.com/jcmvbkbc/linux-xtensa

Pull xtensa updates from Max Filippov:

 - reorganize exception vectors placement

 - small cleanups (drop unused functions/headers/defconfig entries,
   spelling fixes)

* tag 'xtensa-20200206' of git://github.com/jcmvbkbc/linux-xtensa:
  xtensa: ISS: improve simcall assembly
  xtensa: reorganize vectors placement
  xtensa: separate SMP and XIP support
  xtensa: move fast exception handlers close to vectors
  arch/xtensa: fix Kconfig typos for HAVE_SMP
  xtensa: clean up optional XCHAL_* definitions
  xtensa: drop unused function fast_coprocessor_double
  xtensa: drop empty platform_* functions from platforms
  xtensa: clean up platform headers
  xtensa: drop set_except_vector declaration
  xtensa: configs: Cleanup old Kconfig IO scheduler options
2020-02-07 12:22:29 -08:00
Al Viro
f35aa2bc80 tmpfs: switch to use of invalfc()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-02-07 14:48:44 -05:00
Al Viro
58c025f0e8 cgroup1: switch to use of errorfc() et.al.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-02-07 14:48:43 -05:00
Al Viro
bf45f7fcc4 procfs: switch to use of invalfc()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-02-07 14:48:42 -05:00
Al Viro
b5db30cfb9 hugetlbfs: switch to use of invalfc()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-02-07 14:48:42 -05:00
Al Viro
e1ee7d8511 cramfs: switch to use of errofc() et.al.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-02-07 14:48:41 -05:00
Al Viro
77cb271e6a gfs2: switch to use of errorfc() et.al.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-02-07 14:48:41 -05:00
Al Viro
2e28c49ea6 fuse: switch to use errorfc() et.al.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-02-07 14:48:40 -05:00
Al Viro
d53d0f7461 ceph: use errorfc() and friends instead of spelling the prefix out
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-02-07 14:48:39 -05:00
Al Viro
a3ff937b33 prefix-handling analogues of errorf() and friends
called errorfc/infofc/warnfc/invalfc

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-02-07 14:48:39 -05:00
Al Viro
328de5287b turn fs_param_is_... into functions
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-02-07 14:48:38 -05:00
Al Viro
48ce73b1be fs_parse: handle optional arguments sanely
Don't bother with "mixed" options that would allow both the
form with and without argument (i.e. both -o foo and -o foo=bar).
Rather than trying to shove both into a single fs_parameter_spec,
allow having with-argument and no-argument specs with the same
name and teach fs_parse to handle that.

There are very few options of that sort, and they are actually
easier to handle that way - callers end up with less postprocessing.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-02-07 14:48:37 -05:00
Al Viro
d7167b1499 fs_parse: fold fs_parameter_desc/fs_parameter_spec
The former contains nothing but a pointer to an array of the latter...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-02-07 14:48:37 -05:00
Eric Sandeen
96cafb9ccb fs_parser: remove fs_parameter_description name field
Unused now.

Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-02-07 14:48:36 -05:00
Al Viro
cc3c0b533a add prefix to fs_context->log
... turning it into struct p_log embedded into fs_context.  Initialize
the prefix with fs_type->name, turning fs_parse() into a trivial
inline wrapper for __fs_parse().

This makes fs_parameter_description->name completely unused.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-02-07 14:48:35 -05:00
Al Viro
c80c98f0dc ceph_parse_param(), ceph_parse_mon_ips(): switch to passing fc_log
... and now errorf() et.al. are never called with NULL fs_context,
so we can get rid of conditional in those.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-02-07 14:48:34 -05:00
Al Viro
7f5d38141e new primitive: __fs_parse()
fs_parse() analogue taking p_log instead of fs_context.
fs_parse() turned into a wrapper, callers in ceph_common and rbd
switched to __fs_parse().

As the result, fs_parse() never gets NULL fs_context and neither
do fs_context-based logging primitives

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-02-07 14:48:34 -05:00
Al Viro
2c3f3dc315 switch rbd and libceph to p_log-based primitives
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-02-07 14:48:33 -05:00
Al Viro
3fbb8d5554 struct p_log, variants of warnf() et.al. taking that one instead
primitives for prefixed logging

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-02-07 14:48:32 -05:00
Al Viro
9f09f649ca teach logfc() to handle prefices, give it saner calling conventions
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-02-07 14:48:32 -05:00
Al Viro
fbc2d1686d get rid of cg_invalf()
pointless alias for invalf()...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-02-07 14:48:31 -05:00
Al Viro
aa1918f949 get rid of fs_value_is_filename_empty
Its behaviour is identical to that of fs_value_is_filename.
It makes no sense, anyway - LOOKUP_EMPTY affects nothing
whatsoever once the pathname has been imported from userland.
And both fs_value_is_filename and fs_value_is_filename_empty
carry an already imported pathname.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-02-07 14:48:30 -05:00
Al Viro
34264ae3fa don't bother with explicit length argument for __lookup_constant()
Have the arrays of constant_table self-terminated (by NULL ->name
in the final entry).  Simplifies lookup_constant() and allows to
reuse the search for enum params as well.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-02-07 14:47:52 -05:00
Roberto Bergantinos Corpas
3d96208c30 sunrpc: expiry_time should be seconds not timeval
When upcalling gssproxy, cache_head.expiry_time is set as a
timeval, not seconds since boot. As such, RPC cache expiry
logic will not clean expired objects created under
auth.rpcsec.context cache.

This has proven to cause kernel memory leaks on field. Using
64 bit variants of getboottime/timespec

Expiration times have worked this way since 2010's c5b29f885a "sunrpc:
use seconds since boot in expiry cache".  The gssproxy code introduced
in 2012 added gss_proxy_save_rsc and introduced the bug.  That's a while
for this to lurk, but it required a bit of an extreme case to make it
obvious.

Signed-off-by: Roberto Bergantinos Corpas <rbergant@redhat.com>
Cc: stable@vger.kernel.org
Fixes: 030d794bf4 "SUNRPC: Use gssproxy upcall for server..."
Tested-By: Frank Sorenson <sorenson@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2020-02-07 13:30:41 -05:00
Chen Zhou
50d0def966 nfsd: make nfsd_filecache_wq variable static
Fix sparse warning:

fs/nfsd/filecache.c:55:25: warning:
	symbol 'nfsd_filecache_wq' was not declared. Should it be static?

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Chen Zhou <chenzhou10@huawei.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2020-02-07 13:30:41 -05:00
Ido Schimmel
dfa7f70959 drop_monitor: Do not cancel uninitialized work item
Drop monitor uses a work item that takes care of constructing and
sending netlink notifications to user space. In case drop monitor never
started to monitor, then the work item is uninitialized and not
associated with a function.

Therefore, a stop command from user space results in canceling an
uninitialized work item which leads to the following warning [1].

Fix this by not processing a stop command if drop monitor is not
currently monitoring.

[1]
[   31.735402] ------------[ cut here ]------------
[   31.736470] WARNING: CPU: 0 PID: 143 at kernel/workqueue.c:3032 __flush_work+0x89f/0x9f0
...
[   31.738120] CPU: 0 PID: 143 Comm: dwdump Not tainted 5.5.0-custom-09491-g16d4077796b8 #727
[   31.741968] RIP: 0010:__flush_work+0x89f/0x9f0
...
[   31.760526] Call Trace:
[   31.771689]  __cancel_work_timer+0x2a6/0x3b0
[   31.776809]  net_dm_cmd_trace+0x300/0xef0
[   31.777549]  genl_rcv_msg+0x5c6/0xd50
[   31.781005]  netlink_rcv_skb+0x13b/0x3a0
[   31.784114]  genl_rcv+0x29/0x40
[   31.784720]  netlink_unicast+0x49f/0x6a0
[   31.787148]  netlink_sendmsg+0x7cf/0xc80
[   31.790426]  ____sys_sendmsg+0x620/0x770
[   31.793458]  ___sys_sendmsg+0xfd/0x170
[   31.802216]  __sys_sendmsg+0xdf/0x1a0
[   31.806195]  do_syscall_64+0xa0/0x540
[   31.806885]  entry_SYSCALL_64_after_hwframe+0x49/0xbe

Fixes: 8e94c3bc92 ("drop_monitor: Allow user to start monitoring hardware drops")
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-02-07 18:48:36 +01:00
David S. Miller
e036c587ca Merge branch 'mlxsw-Various-fixes'
Ido Schimmel says:

====================
mlxsw: Various fixes

This patch set contains various fixes for the mlxsw driver.

Patch #1 fixes an issue introduced in 5.6 in which a route in the main
table can replace an identical route in the local table despite the
local table having an higher precedence.

Patch #2 contains a test case for the bug fixed in patch #1.

Patch #3 also fixes an issue introduced in 5.6 in which the driver
failed to clear the offload indication from IPv6 nexthops upon abort.

Patch #4 fixes an issue that prevents the driver from loading on
Spectrum-3 systems. The problem and solution are explained in detail in
the commit message.

Patch #5 adds a missing error path. Discovered using smatch.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2020-02-07 18:47:01 +01:00
Ido Schimmel
3a99cbb6fa mlxsw: spectrum_dpipe: Add missing error path
In case devlink_dpipe_entry_ctx_prepare() failed, release RTNL that was
previously taken and free the memory allocated by
mlxsw_sp_erif_entry_prepare().

Fixes: 2ba5999f00 ("mlxsw: spectrum: Add Support for erif table entries access")
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-02-07 18:47:01 +01:00
Vadim Pasternak
36844c855b mlxsw: core: Add validation of hardware device types for MGPIR register
When reading the number of gearboxes from the hardware, the driver does
not validate the returned 'device type' field. The driver can therefore
wrongly assume that the queried devices are gearboxes.

On Spectrum-3 systems that support different types of devices, this can
prevent the driver from loading, as it will try to query the
temperature sensors from devices which it assumes are gearboxes and in
fact are not.

For example:
[  218.129230] mlxsw_minimal 2-0048: Reg cmd access status failed (status=7(bad parameter))
[  218.138282] mlxsw_minimal 2-0048: Reg cmd access failed (reg_id=900a(mtmp),type=write)
[  218.147131] mlxsw_minimal 2-0048: Failed to setup temp sensor number 256
[  218.534480] mlxsw_minimal 2-0048: Fail to register core bus
[  218.540714] mlxsw_minimal: probe of 2-0048 failed with error -5

Fix this by validating the 'device type' field.

Fixes: 2e265a8b6c ("mlxsw: core: Extend hwmon interface with inter-connect temperature attributes")
Fixes: f14f4e621b ("mlxsw: core: Extend thermal core with per inter-connect device thermal zones")
Signed-off-by: Vadim Pasternak <vadimp@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-02-07 18:47:01 +01:00
Ido Schimmel
490f0542a7 mlxsw: spectrum_router: Clear offload indication from IPv6 nexthops on abort
Unlike IPv4, in IPv6 there is no unique structure to represent the
nexthop and both the route and nexthop information are squashed to the
same structure ('struct fib6_info'). In order to improve resource
utilization the driver consolidates identical nexthop groups to the same
internal representation of a nexthop group.

Therefore, when the offload indication of a nexthop changes, the driver
needs to iterate over all the linked fib6_info and toggle their offload
flag accordingly.

During abort, all the routes are removed from the device and unlinked
from their nexthop group. The offload indication is cleared just before
the group is destroyed, but by that time no fib6_info is linked to the
group and the offload indication remains set.

Fix this by clearing the offload indication just before dropping the
reference from the nexthop.

Fixes: ee5a0448e7 ("mlxsw: spectrum_router: Set hardware flags for routes")
Reported-by: Alex Kushnarov <alexanderk@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Tested-by: Alex Kushnarov <alexanderk@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-02-07 18:47:01 +01:00
Ido Schimmel
6c05ca26f1 selftests: mlxsw: Add test cases for local table route replacement
Test that routes in the main table do not replace identical routes in
the local table and that routes in the local table do replace identical
routes in the main table.

Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-02-07 18:47:01 +01:00
Ido Schimmel
0508ff8934 mlxsw: spectrum_router: Prevent incorrect replacement of local table routes
The driver uses the same table to represent both the main and local
routing tables. Prevent routes in the main table from replacing routes
in the local table to reflect the fact that the local table is consulted
first during lookup.

Fixes: b6a1d871d3 ("mlxsw: spectrum_router: Start using new IPv4 route notifications")
Fixes: dacad7b34b ("mlxsw: spectrum_router: Start using new IPv6 route notifications")
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-02-07 18:47:01 +01:00
Razvan Stefanescu
f8c2afa66d net: dsa: microchip: enable module autoprobe
This matches /sys/devices/.../spi1.0/modalias content.

Fixes: 9b2d9f05cd ("net: dsa: microchip: add ksz9567 to ksz9477 driver")
Fixes: d9033ae95c ("net: dsa: microchip: add KSZ8563 compatibility string")
Fixes: 8c29bebb1f ("net: dsa: microchip: add KSZ9893 switch support")
Fixes: 4531681837 ("net: dsa: add support for ksz9897 ethernet switch")
Fixes: b987e98e50 ("dsa: add DSA switch driver for Microchip KSZ9477")
Signed-off-by: Razvan Stefanescu <razvan.stefanescu@microchip.com>
Signed-off-by: Codrin Ciubotariu <codrin.ciubotariu@microchip.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-02-07 18:45:12 +01:00
Eric Dumazet
db3fa27102 ipv6/addrconf: fix potential NULL deref in inet6_set_link_af()
__in6_dev_get(dev) called from inet6_set_link_af() can return NULL.

The needed check has been recently removed, let's add it back.

While do_setlink() does call validate_linkmsg() :
...
err = validate_linkmsg(dev, tb); /* OK at this point */
...

It is possible that the following call happening before the
->set_link_af() removes IPv6 if MTU is less than 1280 :

if (tb[IFLA_MTU]) {
    err = dev_set_mtu_ext(dev, nla_get_u32(tb[IFLA_MTU]), extack);
    if (err < 0)
          goto errout;
    status |= DO_SETLINK_MODIFIED;
}
...

if (tb[IFLA_AF_SPEC]) {
   ...
   err = af_ops->set_link_af(dev, af);
      ->inet6_set_link_af() // CRASH because idev is NULL

Please note that IPv4 is immune to the bug since inet_set_link_af() does :

struct in_device *in_dev = __in_dev_get_rcu(dev);
if (!in_dev)
    return -EAFNOSUPPORT;

This problem has been mentioned in commit cf7afbfeb8 ("rtnl: make
link af-specific updates atomic") changelog :

    This method is not fail proof, while it is currently sufficient
    to make set_link_af() inerrable and thus 100% atomic, the
    validation function method will not be able to detect all error
    scenarios in the future, there will likely always be errors
    depending on states which are f.e. not protected by rtnl_mutex
    and thus may change between validation and setting.

IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
general protection fault, probably for non-canonical address 0xdffffc0000000056: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x00000000000002b0-0x00000000000002b7]
CPU: 0 PID: 9698 Comm: syz-executor712 Not tainted 5.5.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:inet6_set_link_af+0x66e/0xae0 net/ipv6/addrconf.c:5733
Code: 38 d0 7f 08 84 c0 0f 85 20 03 00 00 48 8d bb b0 02 00 00 45 0f b6 64 24 04 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 1a 03 00 00 44 89 a3 b0 02 00
RSP: 0018:ffffc90005b06d40 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff86df39a6
RDX: 0000000000000056 RSI: ffffffff86df3e74 RDI: 00000000000002b0
RBP: ffffc90005b06e70 R08: ffff8880a2ac0380 R09: ffffc90005b06db0
R10: fffff52000b60dbe R11: ffffc90005b06df7 R12: 0000000000000000
R13: 0000000000000000 R14: ffff8880a1fcc424 R15: dffffc0000000000
FS:  0000000000c46880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055f0494ca0d0 CR3: 000000009e4ac000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 do_setlink+0x2a9f/0x3720 net/core/rtnetlink.c:2754
 rtnl_group_changelink net/core/rtnetlink.c:3103 [inline]
 __rtnl_newlink+0xdd1/0x1790 net/core/rtnetlink.c:3257
 rtnl_newlink+0x69/0xa0 net/core/rtnetlink.c:3377
 rtnetlink_rcv_msg+0x45e/0xaf0 net/core/rtnetlink.c:5438
 netlink_rcv_skb+0x177/0x450 net/netlink/af_netlink.c:2477
 rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5456
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0x59e/0x7e0 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x91c/0xea0 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xd7/0x130 net/socket.c:672
 ____sys_sendmsg+0x753/0x880 net/socket.c:2343
 ___sys_sendmsg+0x100/0x170 net/socket.c:2397
 __sys_sendmsg+0x105/0x1d0 net/socket.c:2430
 __do_sys_sendmsg net/socket.c:2439 [inline]
 __se_sys_sendmsg net/socket.c:2437 [inline]
 __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2437
 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4402e9
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fffd62fbcf8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402e9
RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 0000000000000008 R09: 00000000004002c8
R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000401b70
R13: 0000000000401c00 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace cfa7664b8fdcdff3 ]---
RIP: 0010:inet6_set_link_af+0x66e/0xae0 net/ipv6/addrconf.c:5733
Code: 38 d0 7f 08 84 c0 0f 85 20 03 00 00 48 8d bb b0 02 00 00 45 0f b6 64 24 04 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 1a 03 00 00 44 89 a3 b0 02 00
RSP: 0018:ffffc90005b06d40 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff86df39a6
RDX: 0000000000000056 RSI: ffffffff86df3e74 RDI: 00000000000002b0
RBP: ffffc90005b06e70 R08: ffff8880a2ac0380 R09: ffffc90005b06db0
R10: fffff52000b60dbe R11: ffffc90005b06df7 R12: 0000000000000000
R13: 0000000000000000 R14: ffff8880a1fcc424 R15: dffffc0000000000
FS:  0000000000c46880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000004 CR3: 000000009e4ac000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Fixes: 7dc2bccab0 ("Validate required parameters in inet6_validate_link_af")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Bisected-and-reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Maxim Mikityanskiy <maximmi@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-02-07 18:43:23 +01:00
Paul E. McKenney
1e474b28e7 smp/up: Make smp_call_function_single() match SMP semantics
In CONFIG_SMP=y kernels, smp_call_function_single() returns -ENXIO when
invoked for a non-existent CPU.  In contrast, in CONFIG_SMP=n kernels,
a splat is emitted and smp_call_function_single() otherwise silently
ignores its "cpu" argument, instead pretending that the caller intended
to have something happen on CPU 0.  Given that there is now code that
expects smp_call_function_single() to return an error if a bad CPU was
specified, this difference in semantics needs to be addressed.

Bring the semantics of the CONFIG_SMP=n version of
smp_call_function_single() into alignment with its CONFIG_SMP=y
counterpart.

Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20200205143409.GA7021@paulmck-ThinkPad-P72
2020-02-07 15:34:12 +01:00
Tony W Wang-oc
0f378d73d4 x86/apic: Mask IOAPIC entries when disabling the local APIC
When a system suspends, the local APIC is disabled in the suspend sequence,
but the IOAPIC is left in the current state. This means unmasked interrupt
lines stay unmasked. This is usually the case for IOAPIC pin 9 to which the
ACPI interrupt is connected.

That means that in suspended state the IOAPIC can respond to an external
interrupt, e.g. the wakeup via keyboard/RTC/ACPI, but the interrupt message
cannot be handled by the disabled local APIC. As a consequence the Remote
IRR bit is set, but the local APIC does not send an EOI to acknowledge
it. This causes the affected interrupt line to become stale and the stale
Remote IRR bit will cause a hang when __synchronize_hardirq() is invoked
for that interrupt line.

To prevent this, mask all IOAPIC entries before disabling the local
APIC. The resume code already has the unmask operation inside.

[ tglx: Massaged changelog ]

Signed-off-by: Tony W Wang-oc <TonyWWang-oc@zhaoxin.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/1579076539-7267-1-git-send-email-TonyWWang-oc@zhaoxin.com
2020-02-07 15:32:16 +01:00