Commit Graph

949316 Commits

Author SHA1 Message Date
Christoph Hellwig
5f764d624a fs: remove the compat readv/writev syscalls
Now that import_iovec handles compat iovecs, the native readv and writev
syscalls can be used for the compat case as well.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-10-03 00:02:14 -04:00
Christoph Hellwig
3523a9d454 fs: remove various compat readv/writev helpers
Now that import_iovec handles compat iovecs as well, all the duplicated
code in the compat readv/writev helpers is not needed.  Remove them
and switch the compat syscall handlers to use the native helpers.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-10-03 00:02:14 -04:00
Christoph Hellwig
89cd35c58b iov_iter: transparently handle compat iovecs in import_iovec
Use in compat_syscall to import either native or the compat iovecs, and
remove the now superflous compat_import_iovec.

This removes the need for special compat logic in most callers, and
the remaining ones can still be simplified by using __import_iovec
with a bool compat parameter.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-10-03 00:02:13 -04:00
Christoph Hellwig
bfdc59701d iov_iter: refactor rw_copy_check_uvector and import_iovec
Split rw_copy_check_uvector into two new helpers with more sensible
calling conventions:

 - iovec_from_user copies a iovec from userspace either into the provided
   stack buffer if it fits, or allocates a new buffer for it.  Returns
   the actually used iovec.  It also verifies that iov_len does fit a
   signed type, and handles compat iovecs if the compat flag is set.
 - __import_iovec consolidates the native and compat versions of
   import_iovec. It calls iovec_from_user, then validates each iovec
   actually points to user addresses, and ensures the total length
   doesn't overflow.

This has two major implications:

 - the access_process_vm case loses the total lenght checking, which
   wasn't required anyway, given that each call receives two iovecs
   for the local and remote side of the operation, and it verifies
   the total length on the local side already.
 - instead of a single loop there now are two loops over the iovecs.
   Given that the iovecs are cache hot this doesn't make a major
   difference

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-10-03 00:01:56 -04:00
David Laight
fb041b5989 iov_iter: move rw_copy_check_uvector() into lib/iov_iter.c
This lets the compiler inline it into import_iovec() generating
much better code.

Signed-off-by: David Laight <david.laight@aculab.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-09-25 11:36:02 -04:00
Christoph Hellwig
576d0703a8 compat.h: fix a spelling error in <linux/compat.h>
There is no compat_sys_readv64v2 syscall, only a compat_sys_preadv64v2
one.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-09-25 11:36:02 -04:00
Linus Torvalds
d012a7190f Linux 5.9-rc2 2020-08-23 14:08:43 -07:00
Linus Torvalds
cb95712138 powerpc fixes for 5.9 #3
Add perf support for emitting extended registers for power10.
 
 A fix for CPU hotplug on pseries, where on large/loaded systems we may not wait
 long enough for the CPU to be offlined, leading to crashes.
 
 Addition of a raw cputable entry for Power10, which is not required to boot, but
 is required to make our PMU setup work correctly in guests.
 
 Three fixes for the recent changes on 32-bit Book3S to move modules into their
 own segment for strict RWX.
 
 A fix for a recent change in our powernv PCI code that could lead to crashes.
 
 A change to our perf interrupt accounting to avoid soft lockups when using some
 events, found by syzkaller.
 
 A change in the way we handle power loss events from the hypervisor on pseries.
 We no longer immediately shut down if we're told we're running on a UPS.
 
 A few other minor fixes.
 
 Thanks to:
   Alexey Kardashevskiy, Andreas Schwab, Aneesh Kumar K.V, Anju T Sudhakar,
   Athira Rajeev, Christophe Leroy, Frederic Barrat, Greg Kurz, Kajol Jain,
   Madhavan Srinivasan, Michael Neuling, Michael Roth, Nageswara R Sastry, Oliver
   O'Halloran, Thiago Jung Bauermann, Vaidyanathan Srinivasan, Vasant Hegde.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEJFGtCPCthwEv2Y/bUevqPMjhpYAFAl9CYMwTHG1wZUBlbGxl
 cm1hbi5pZC5hdQAKCRBR6+o8yOGlgC/wEACljEVnfHzUObmIgqn9Ru3JlfEI6Hlk
 ts7kajCgS/I/bV6DoDMZ8rlZX87QFOwiBkNM1I+vGHSLAuzsmFAnbFPyxw/idxpQ
 XUoNy8OCvbbzCPzChYdiU0PxW2h2i+QxkmktlWSN1SAPudJUWvoPS2Y4+sC4zksk
 B4B6tbW2DT8TFO1kKeZsU9r2t+EH5KwlIOi+uxbH8d76lJINKkBNSnjzMytl7drM
 TZx/HWr8+s/WJo1787x6bv8gxs5tV9b4vIKt2YZNTY2kvYsEDE+fBR1XfCAneXMw
 ASYnZV+/xCLIUpRF6DI4RAShLBT/Sfiy1yMTndZgfqAgquokFosszNx2zrk0IzCd
 AgqX93YGbGz/H72W3Y/B0W9+74XyO/u2D9zhNpkCRMpdcsM5MbvOQrQA5Ustu47E
 av5MOaF/nNCd8J+OC4Qjgt5VFb/s0h4FdtrwT80srOa2U6Of9cD/T6xAfOszSJ96
 cWdSb5qhn5wuD9pP32KjwdmWBiUw38/gnRGKpRlOVzyHL/GKZijyaBbWBlkoEmty
 0nbjWW/IVfsOb5Weuiybg541h/QOVuOkb2pOvPClITiH83MY/AciDJ+auo4M//hW
 haKz9IgV/KctmzDE+v9d0BD8sGmW03YUcQAPdRufI0eGXijDLcnHeuk2B3Nu84Pq
 8mtev+VQ+T6cZA==
 =sdJ1
 -----END PGP SIGNATURE-----

Merge tag 'powerpc-5.9-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

Pull powerpc fixes from Michael Ellerman:

 - Add perf support for emitting extended registers for power10.

 - A fix for CPU hotplug on pseries, where on large/loaded systems we
   may not wait long enough for the CPU to be offlined, leading to
   crashes.

 - Addition of a raw cputable entry for Power10, which is not required
   to boot, but is required to make our PMU setup work correctly in
   guests.

 - Three fixes for the recent changes on 32-bit Book3S to move modules
   into their own segment for strict RWX.

 - A fix for a recent change in our powernv PCI code that could lead to
   crashes.

 - A change to our perf interrupt accounting to avoid soft lockups when
   using some events, found by syzkaller.

 - A change in the way we handle power loss events from the hypervisor
   on pseries. We no longer immediately shut down if we're told we're
   running on a UPS.

 - A few other minor fixes.

Thanks to Alexey Kardashevskiy, Andreas Schwab, Aneesh Kumar K.V, Anju T
Sudhakar, Athira Rajeev, Christophe Leroy, Frederic Barrat, Greg Kurz,
Kajol Jain, Madhavan Srinivasan, Michael Neuling, Michael Roth,
Nageswara R Sastry, Oliver O'Halloran, Thiago Jung Bauermann,
Vaidyanathan Srinivasan, Vasant Hegde.

* tag 'powerpc-5.9-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  powerpc/perf/hv-24x7: Move cpumask file to top folder of hv-24x7 driver
  powerpc/32s: Fix module loading failure when VMALLOC_END is over 0xf0000000
  powerpc/pseries: Do not initiate shutdown when system is running on UPS
  powerpc/perf: Fix soft lockups due to missed interrupt accounting
  powerpc/powernv/pci: Fix possible crash when releasing DMA resources
  powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death
  powerpc/32s: Fix is_module_segment() when MODULES_VADDR is defined
  powerpc/kasan: Fix KASAN_SHADOW_START on BOOK3S_32
  powerpc/fixmap: Fix the size of the early debug area
  powerpc/pkeys: Fix build error with PPC_MEM_KEYS disabled
  powerpc/kernel: Cleanup machine check function declarations
  powerpc: Add POWER10 raw mode cputable entry
  powerpc/perf: Add extended regs support for power10 platform
  powerpc/perf: Add support for outputting extended regs in perf intr_regs
  powerpc: Fix P10 PVR revision in /proc/cpuinfo for SMT4 cores
2020-08-23 11:37:23 -07:00
Linus Torvalds
550c2129d9 A single fix for x86 which removes the RDPID usage from the paranoid entry
path and unconditionally uses LSL to retrieve the CPU number. RDPID depends
 on MSR_TSX_AUX.  KVM has an optmization to avoid expensive MRS read/writes
 on VMENTER/EXIT. It caches the MSR values and restores them either when
 leaving the run loop, on preemption or when going out to user
 space. MSR_TSX_AUX is part of that lazy MSR set, so after writing the guest
 value and before the lazy restore any exception using the paranoid entry
 will read the guest value and use it as CPU number to retrieve the GSBASE
 value for the current CPU when FSGSBASE is enabled. As RDPID is only used
 in that particular entry path, there is no reason to burden VMENTER/EXIT
 with two extra MSR writes. Remove the RDPID optimization, which is not even
 backed by numbers from the paranoid entry path instead.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCgAxFiEEQp8+kY+LLUocC4bMphj1TA10mKEFAl9CJqgTHHRnbHhAbGlu
 dXRyb25peC5kZQAKCRCmGPVMDXSYoaAvD/sHkSx1V0hupUh9budLhSPhUyWvXiar
 AmAvWl8dKEFG2UOhOT57zD6DgFN3uu5rqjxTG7ha9XEspsVaP5jOji4evus37IAe
 z2EB9J5c3ih4VSdaM+8ODTMls5rjQrvJjeDV0ETTQ9Xb+FOT0vNAub6D5PVms6J3
 FObDKiIpdB3s5INAWPknIYves0EJP5BP3+gOktovMStfcy8tm8N9S/yA4cNL4nbi
 IZ0h1H6xcGrQ79dv+2/vC0cdqlbm6y2KWfNKpSTGwPMdRl0PpHrovsOVPKF+6pio
 Ad230t7xnWMlrHghbSvDyyJ67/N6AA6CaqHECWtgsDuzbqcD2MoQ2l97atoZInh7
 83n8ZWFaw10T4ksw9SWqAex+ZJh6/rD4vcQYUncPN66/kOVM186ezICc+QsPV99s
 ukw29xge4uHz91Hy0Bo8SP+w1bvntKJn6XyJuTFgDt8bmFRIeajSxyOGw7hTs+ZD
 TONw9dMeteWZhZRIXYDjlYc83xFYGkX6hmxLrDJ4jg8UGojaca83s7oZtxgZxWzu
 L9wfCRJIEA33ihvqtbTEOHbJvl6eyDt8b/kBGGHbAbqweQ3mWEH3WDQ5cyhlLrfA
 tnDToX1DvsxfVg94saprNt249qHNZlFIj8EaGfjxxEngd8xAgfU0vxJpI8sBtdsw
 SMIwyLLbLz573A==
 =AEel
 -----END PGP SIGNATURE-----

Merge tag 'x86-urgent-2020-08-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 fix from Thomas Gleixner:
 "A single fix for x86 which removes the RDPID usage from the paranoid
  entry path and unconditionally uses LSL to retrieve the CPU number.

  RDPID depends on MSR_TSX_AUX. KVM has an optmization to avoid
  expensive MRS read/writes on VMENTER/EXIT. It caches the MSR values
  and restores them either when leaving the run loop, on preemption or
  when going out to user space. MSR_TSX_AUX is part of that lazy MSR
  set, so after writing the guest value and before the lazy restore any
  exception using the paranoid entry will read the guest value and use
  it as CPU number to retrieve the GSBASE value for the current CPU when
  FSGSBASE is enabled. As RDPID is only used in that particular entry
  path, there is no reason to burden VMENTER/EXIT with two extra MSR
  writes. Remove the RDPID optimization, which is not even backed by
  numbers from the paranoid entry path instead"

* tag 'x86-urgent-2020-08-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/entry/64: Do not use RDPID in paranoid entry to accomodate KVM
2020-08-23 11:21:16 -07:00
Linus Torvalds
cea05c192b A single update for perf on x86 which ass support for the
broken down bandwith counters.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCgAxFiEEQp8+kY+LLUocC4bMphj1TA10mKEFAl9CJSkTHHRnbHhAbGlu
 dXRyb25peC5kZQAKCRCmGPVMDXSYoUmoD/9xdmi6Pi8cqsN61zoqzDMygyd45rYH
 x9oe1QOYHPBp7fIEv0EeG/HcZpBG23Oyj7XnAGZlUuSzHzRYSK3ceQHqo0VEP7qv
 ZrPzBJCI+wx/zVBFN62IbSZmZF3omBjo+TKT1bTKmDRov+qovAEcD040Vt45SkW2
 NKiD/u2iJemLrF9g7KKgNCv+alqGAeH6YzZpWgFycP550psIF3WgIY2eMjSY9+XD
 i7DrEg/OWY5vvCYbHBxrbhvqkXlhyMzw0jqWJtRHTIPRjMuDCM9yef5KiCExPdFX
 e+rE+O2gp/9xMEcAvi4SK3s1QUe0wjq+e7stNiOKrBhNA0CNhvJxAmIBO2y4Bi5+
 BKJelWt0vDDxCiQgW9mctq0rvu8KM6C3w6AgKWiQNbirVLKHNdx4AvF5SNWGVRhf
 ZGMVaFlpwuuTZfahbdmwi88j6968h8izjkQeQ2gZMXEOgv8P/Df+C9IcHH/HxEgI
 OwW6htpU3LeOSbEu9201AJqjqAtpXxYzodBWuGWLF7+BF6NACciITQPApkYvWGPN
 bKol/kbX52ZRzBEEUHWfrIred7KPH/2UZltPz6Fo5wwuuI2zKBYecIN/vWppzITH
 uj5sq2UVAdRQy8/9wKys1bu0uVhlILVa/KTYuf+9cuCWGELfRTN5iHaKviUEEFWB
 aVfI8o2ThyQyvQ==
 =vF1u
 -----END PGP SIGNATURE-----

Merge tag 'perf-urgent-2020-08-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 perf fix from Thomas Gleixner:
 "A single update for perf on x86 which has support for the broken down
  bandwith counters"

* tag 'perf-urgent-2020-08-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf/x86/intel/uncore: Add BW counters for GT, IA and IO breakdown
2020-08-23 11:15:14 -07:00
Linus Torvalds
10c091b62e A set of EFI fixes:
- Enforce NX on RO data in mixed EFI mode
  - Destroy workqueue in an error handling path to prevent UAF
  - Stop argument parser at '--' which is the delimiter for init
  - Treat a NULL command line pointer as empty instead of dereferncing it
    unconditionally.
  - Handle an unterminated command line correctly
  - Cleanup the 32bit code leftovers and remove obsolete documentation
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCgAxFiEEQp8+kY+LLUocC4bMphj1TA10mKEFAl9CJMATHHRnbHhAbGlu
 dXRyb25peC5kZQAKCRCmGPVMDXSYoXDXD/4ypNf6J1B7VX/eSO8IRW5LepYaatUb
 nOYESLCFF9RcWV4ff1ujs1Wow8rmTV0U+uCb6auSAMvmFu53VA5uJ9U8lHLjx/cZ
 2qFpz6PScXr+cv4oPZ/8T4i7zuT887He1jtwsc+ABRHDUu9yd+qt0IZxqhLAqGQW
 dBal0WdZIfMftR1IBZvdbp8hNqHU/sEnVYJOovf2PpKNe8Z+IR2eeQVUoryM7V1b
 VNL+KtfpsYAbG5Gr4QVB18tHLnfEEJZHh8Dt7TlTOMF8hFJ6lAE7MutydWqHDMVv
 DlXtbs07C1aFIlpJuRdiwKHvNh4/9cUG0XgPqXW44NAXKK2yynV33oidlu9xjLNA
 uuFZ7Ni3XyHYgI4PyNX81tC4tG/krIRi5282KRh1OEUc7zgJvHRXo8cCy4HLgpEM
 VU4R7bI3LLBJgAdEHh/4EXNnryXOdk2ATUMcLgWGH54ZvnKRCFo1soNggzmiZb+2
 WXVRHbSS3nsc0udmXmoUSqqWkud29o9r3KnuC/2qomCXMwtVSTEamTiok+86ICfc
 BiNZRu3DeoZqovyssBuSEeNGazrLsg8cGR0lhlpkAf0nu12y+quawdOj13SB8QcH
 XGrsCEmXD4jE9cpHt/+qIipyRzFt8RcamJCMH9m5ZNhx1GS6ddunxZAZFD2Fbg/9
 +CSclYiPCfH0cw==
 =+nbs
 -----END PGP SIGNATURE-----

Merge tag 'efi-urgent-2020-08-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull EFI fixes from Thomas Gleixner:

 - Enforce NX on RO data in mixed EFI mode

 - Destroy workqueue in an error handling path to prevent UAF

 - Stop argument parser at '--' which is the delimiter for init

 - Treat a NULL command line pointer as empty instead of dereferncing it
   unconditionally.

 - Handle an unterminated command line correctly

 - Cleanup the 32bit code leftovers and remove obsolete documentation

* tag 'efi-urgent-2020-08-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  Documentation: efi: remove description of efi=old_map
  efi/x86: Move 32-bit code into efi_32.c
  efi/libstub: Handle unterminated cmdline
  efi/libstub: Handle NULL cmdline
  efi/libstub: Stop parsing arguments at "--"
  efi: add missed destroy_workqueue when efisubsys_init fails
  efi/x86: Mark kernel rodata non-executable for mixed mode
2020-08-23 11:08:32 -07:00
Linus Torvalds
e99b2507ba A single bug fix for the common entry code. The transcript of the x86
version messed up the reload of the syscall number from pt_regs after
 ptrace and seccomp which breaks syscall number rewriting.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCgAxFiEEQp8+kY+LLUocC4bMphj1TA10mKEFAl9CI6YTHHRnbHhAbGlu
 dXRyb25peC5kZQAKCRCmGPVMDXSYoQCvEACoc8+Nd3sFR1UoNASbu5DV6PkUmgGy
 eQLKUA42toTzqJIcyXPRAjBrRc51IFEaxZlqGC7KWjQM9d9cdJGylg4zfwspZoI+
 tsvYKCPxvswVJ09QZmibn35+dbJEiYtQ96Cq0BQx/kaaouNeceRtDXV2ptP9dPSx
 pyv3pb8nchjADcKrqbMYe8t647X1kM25BglbTkHOJZDSubEsgMbN6P3d70n2sNO6
 8jQC4o9DX2AJnN5K3tLyN1yoLUYKUdFlj6X2BgusK8HbBVQ2m7eTPaIT2aNGs648
 7CrY49ggFnr8BVJuhIvjAwdyJPcTm9rcWphfD+WBAWrVO7r205aKAINDsoZwrhBe
 4ykfhs2PzfvHMrqKfKfbfNDQu9p6ZWwh3ZLbUpbunZQPCFB8EwL1x/5O/pGWGCNF
 F4rvfh02BuRPTljjM0pXFx05etT/OKKHjgdB7vxKJzb52dxcIZqqbut+lcTCYAmS
 n2M2H/Tgt4NgJsu4dgGamL6JNvHf1JUhyWVB2ZfRLvGMiiEDmyttct2E1Ji+AVqZ
 Dufui4KajQda+bS6VjCLtBNjC5WJ3gOzpIa4nrRw8mlTGWCgRGjsqu/Ze0Fkds6X
 r6WT4NzJ4pD3E/bXpbegf0eikLIx+sEfiLpJGbuQ+stD52/AQjef1oaLDmmiPXKY
 Ep+yR6l58erLbg==
 =2OhI
 -----END PGP SIGNATURE-----

Merge tag 'core-urgent-2020-08-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull entry fix from Thomas Gleixner:
 "A single bug fix for the common entry code.

  The transcription of the x86 version messed up the reload of the
  syscall number from pt_regs after ptrace and seccomp which breaks
  syscall number rewriting"

* tag 'core-urgent-2020-08-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  core/entry: Respect syscall number rewrites
2020-08-23 11:05:47 -07:00
Linus Torvalds
d9232cb796 A single fix correcting a reversed error severity determination check
which lead to a recoverable error getting marked as fatal, by Tony
 Luck.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAl9CP7YACgkQEsHwGGHe
 VUoJXBAAqU4LtWFva6XCA7TvIV8tGaxIGTqS92+eKuHON+dmoxgt5ipu5SPgg47I
 tSClJtfHAbHZJkHGuE213vXytMAji6r9w2EvY+pXlEfqN3E8d9Yek6udPuJC+zF3
 hX8uRDpYqn3MaHN/vuNPcBeB3I5jO0Wg5LXvo9udDYoxW+CoS4+lBBArHe0gWZIR
 JCJoYoLnwWSbrB3y5wJC8CrJ9vZqQXB2icTAwVbBpQa7mqu5pMVYfb1KgrzqXVCS
 6eNBSE2ZPQDdJZdzoj+22/IcFjcngAFiLFHbwwe3wc1XTX1BxdwDeaw6BKfkgkfY
 oLsD9TT1znhU3oQlraikn8IWcaewZgoCfF9mU4+AJUeSXEBenc9vZWtZ9vTRt3lo
 q2i5POUbwivi3Jn5YD4e6L9L7lBJHHHo4Wby/X5yWB/cZT/ygQ84VoRKB8L6cNZE
 DKmOHgpmqJkkTe7AyH6M+zYuH5Oq+yubmmzfZHCukcrDonDkN1z2pdf/FNj0aHfk
 7M23lyHZTnXhH60d1bgF0GqeK8lm+iVAbS8Mshbq7WvIuLXs4nv2HJkGtG/3Iwj6
 JX3DwSu4XepRL6spBTi8YiKQX9OHuJDfwttHdCyn+FcCc5iHIEJvH4fbF0Vr1qLC
 3oh9IFF7UIQGABfCA9J3frdcQymYGX3I757ZNN3RgWne23nb8Ks=
 =RYEr
 -----END PGP SIGNATURE-----

Merge tag 'edac_urgent_for_v5.9_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras

Pull EDAC fix from Borislav Petkov:
 "A single fix correcting a reversed error severity determination check
  which lead to a recoverable error getting marked as fatal, by Tony
  Luck"

* tag 'edac_urgent_for_v5.9_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras:
  EDAC/{i7core,sb,pnd2,skx}: Fix error event severity
2020-08-23 10:57:19 -07:00
Linus Torvalds
9d045ed1eb Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from David Miller:
 "Nothing earth shattering here, lots of small fixes (f.e. missing RCU
  protection, bad ref counting, missing memset(), etc.) all over the
  place:

   1) Use get_file_rcu() in task_file iterator, from Yonghong Song.

   2) There are two ways to set remote source MAC addresses in macvlan
      driver, but only one of which validates things properly. Fix this.
      From Alvin Šipraga.

   3) Missing of_node_put() in gianfar probing, from Sumera
      Priyadarsini.

   4) Preserve device wanted feature bits across multiple netlink
      ethtool requests, from Maxim Mikityanskiy.

   5) Fix rcu_sched stall in task and task_file bpf iterators, from
      Yonghong Song.

   6) Avoid reset after device destroy in ena driver, from Shay
      Agroskin.

   7) Missing memset() in netlink policy export reallocation path, from
      Johannes Berg.

   8) Fix info leak in __smc_diag_dump(), from Peilin Ye.

   9) Decapsulate ECN properly for ipv6 in ipv4 tunnels, from Mark
      Tomlinson.

  10) Fix number of data stream negotiation in SCTP, from David Laight.

  11) Fix double free in connection tracker action module, from Alaa
      Hleihel.

  12) Don't allow empty NHA_GROUP attributes, from Nikolay Aleksandrov"

* git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (46 commits)
  net: nexthop: don't allow empty NHA_GROUP
  bpf: Fix two typos in uapi/linux/bpf.h
  net: dsa: b53: check for timeout
  tipc: call rcu_read_lock() in tipc_aead_encrypt_done()
  net/sched: act_ct: Fix skb double-free in tcf_ct_handle_fragments() error flow
  net: sctp: Fix negotiation of the number of data streams.
  dt-bindings: net: renesas, ether: Improve schema validation
  gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY
  hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit()
  hv_netvsc: Remove "unlikely" from netvsc_select_queue
  bpf: selftests: global_funcs: Check err_str before strstr
  bpf: xdp: Fix XDP mode when no mode flags specified
  selftests/bpf: Remove test_align leftovers
  tools/resolve_btfids: Fix sections with wrong alignment
  net/smc: Prevent kernel-infoleak in __smc_diag_dump()
  sfc: fix build warnings on 32-bit
  net: phy: mscc: Fix a couple of spelling mistakes "spcified" -> "specified"
  libbpf: Fix map index used in error message
  net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe()
  net: atlantic: Use readx_poll_timeout() for large timeout
  ...
2020-08-23 10:52:33 -07:00
Linus Torvalds
f320ac6e13 Merge branch 'work.epoll' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull epoll fixes from Al Viro:
 "Fix reference counting and clean up exit paths"

* 'work.epoll' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  do_epoll_ctl(): clean the failure exits up a bit
  epoll: Keep a reference on files added to the check list
2020-08-22 17:11:38 -07:00
Al Viro
52c479697c do_epoll_ctl(): clean the failure exits up a bit
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-08-22 18:25:52 -04:00
Marc Zyngier
a9ed4a6560 epoll: Keep a reference on files added to the check list
When adding a new fd to an epoll, and that this new fd is an
epoll fd itself, we recursively scan the fds attached to it
to detect cycles, and add non-epool files to a "check list"
that gets subsequently parsed.

However, this check list isn't completely safe when deletions
can happen concurrently. To sidestep the issue, make sure that
a struct file placed on the check list sees its f_count increased,
ensuring that a concurrent deletion won't result in the file
disapearing from under our feet.

Cc: stable@vger.kernel.org
Signed-off-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2020-08-22 18:23:57 -04:00
Nikolay Aleksandrov
eeaac3634e net: nexthop: don't allow empty NHA_GROUP
Currently the nexthop code will use an empty NHA_GROUP attribute, but it
requires at least 1 entry in order to function properly. Otherwise we
end up derefencing null or random pointers all over the place due to not
having any nh_grp_entry members allocated, nexthop code relies on having at
least the first member present. Empty NHA_GROUP doesn't make any sense so
just disallow it.
Also add a WARN_ON for any future users of nexthop_create_group().

 BUG: kernel NULL pointer dereference, address: 0000000000000080
 #PF: supervisor read access in kernel mode
 #PF: error_code(0x0000) - not-present page
 PGD 0 P4D 0
 Oops: 0000 [#1] SMP
 CPU: 0 PID: 558 Comm: ip Not tainted 5.9.0-rc1+ #93
 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-2.fc32 04/01/2014
 RIP: 0010:fib_check_nexthop+0x4a/0xaa
 Code: 0f 84 83 00 00 00 48 c7 02 80 03 f7 81 c3 40 80 fe fe 75 12 b8 ea ff ff ff 48 85 d2 74 6b 48 c7 02 40 03 f7 81 c3 48 8b 40 10 <48> 8b 80 80 00 00 00 eb 36 80 78 1a 00 74 12 b8 ea ff ff ff 48 85
 RSP: 0018:ffff88807983ba00 EFLAGS: 00010213
 RAX: 0000000000000000 RBX: ffff88807983bc00 RCX: 0000000000000000
 RDX: ffff88807983bc00 RSI: 0000000000000000 RDI: ffff88807bdd0a80
 RBP: ffff88807983baf8 R08: 0000000000000dc0 R09: 000000000000040a
 R10: 0000000000000000 R11: ffff88807bdd0ae8 R12: 0000000000000000
 R13: 0000000000000000 R14: ffff88807bea3100 R15: 0000000000000001
 FS:  00007f10db393700(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000000080 CR3: 000000007bd0f004 CR4: 00000000003706f0
 Call Trace:
  fib_create_info+0x64d/0xaf7
  fib_table_insert+0xf6/0x581
  ? __vma_adjust+0x3b6/0x4d4
  inet_rtm_newroute+0x56/0x70
  rtnetlink_rcv_msg+0x1e3/0x20d
  ? rtnl_calcit.isra.0+0xb8/0xb8
  netlink_rcv_skb+0x5b/0xac
  netlink_unicast+0xfa/0x17b
  netlink_sendmsg+0x334/0x353
  sock_sendmsg_nosec+0xf/0x3f
  ____sys_sendmsg+0x1a0/0x1fc
  ? copy_msghdr_from_user+0x4c/0x61
  ___sys_sendmsg+0x63/0x84
  ? handle_mm_fault+0xa39/0x11b5
  ? sockfd_lookup_light+0x72/0x9a
  __sys_sendmsg+0x50/0x6e
  do_syscall_64+0x54/0xbe
  entry_SYSCALL_64_after_hwframe+0x44/0xa9
 RIP: 0033:0x7f10dacc0bb7
 Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb cd 66 0f 1f 44 00 00 8b 05 9a 4b 2b 00 85 c0 75 2e 48 63 ff 48 63 d2 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 b1 f2 2a 00 f7 d8 64 89 02 48
 RSP: 002b:00007ffcbe628bf8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
 RAX: ffffffffffffffda RBX: 00007ffcbe628f80 RCX: 00007f10dacc0bb7
 RDX: 0000000000000000 RSI: 00007ffcbe628c60 RDI: 0000000000000003
 RBP: 000000005f41099c R08: 0000000000000001 R09: 0000000000000008
 R10: 00000000000005e9 R11: 0000000000000246 R12: 0000000000000000
 R13: 0000000000000000 R14: 00007ffcbe628d70 R15: 0000563a86c6e440
 Modules linked in:
 CR2: 0000000000000080

CC: David Ahern <dsahern@gmail.com>
Fixes: 430a049190 ("nexthop: Add support for nexthop groups")
Reported-by: syzbot+a61aa19b0c14c8770bd9@syzkaller.appspotmail.com
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Reviewed-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-08-22 12:39:55 -07:00
Linus Torvalds
c3d8f220d0 Kbuild fixes for v5.9
- move -Wsign-compare warning from W=2 to W=3
 
  - fix the keyword _restrict to __restrict in genksyms
 
  - fix more bugs in qconf
 -----BEGIN PGP SIGNATURE-----
 
 iQJJBAABCgAzFiEEbmPs18K1szRHjPqEPYsBB53g2wYFAl9BIv8VHG1hc2FoaXJv
 eUBrZXJuZWwub3JnAAoJED2LAQed4NsGgUgQAKvWTNNvrY0YEY5YrFjh5swT/bBs
 9YfYdrEe7MOkmUtIf0DemwzdmaiZmLSGLAZZNfMEElLdk4bofi13uznh/7M/Yd7H
 Vws7qeQDypRYxieUhrQMubpxoK/ZFPb89x+zX9LlFO9nB1/810iMVJkrysSbVDDU
 QnQWcKIa7X+narruX3DWz5I9FxarODXTIVLz4mR29z7xo1UGfuGuLlH3/mmGLaCt
 kmVnDs0eEFpRt1y70plZ5YZqhFV3619LvRQW8RwJgVXEPzXb5FaWhoJnfIlLgcJb
 epZ0miZgTMAugqryfD0cyqAImNglQTkfhXtmWJR5g77qrqwqHkSi/xnMHhbEP499
 h/GwUmmfUzcjwJJlCzfLE1tuSPRgOvoy6Yp/6T0f+rCVhr8EyZ15BG0qDF3leHY9
 Wlz6CdnRvmBKicMyK6MhH0MFWGmE4h2XM7eCMkVYG6u7WiDxC/FjCYI/73I2632t
 YXeMevAtXfNM5J0TOk1zzUeIordan4s5J5ddlRCRd7GMMmqq5BnfuNI+B9n5Npev
 6g+XerkCreHEgOX1HSAj1SYmSykHjIyIl5AmWwRJEvRlxMKuNPPvar0oJqSUlJ7j
 HPsKAhdl+dlKCxKmz7e3nyfkc5IfMrMAfc6dD9/DAxggWBTeCU0UgaB0ZrFkHMdm
 yx4fimZilwKm3wUA
 =bySb
 -----END PGP SIGNATURE-----

Merge tag 'kbuild-fixes-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild

Pull Kbuild fixes from Masahiro Yamada:

 - move -Wsign-compare warning from W=2 to W=3

 - fix the keyword _restrict to __restrict in genksyms

 - fix more bugs in qconf

* tag 'kbuild-fixes-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
  kconfig: qconf: replace deprecated QString::sprintf() with QTextStream
  kconfig: qconf: remove redundant help in the info view
  kconfig: qconf: remove qInfo() to get back Qt4 support
  kconfig: qconf: remove unused colNr
  kconfig: qconf: fix the popup menu in the ConfigInfoView window
  kconfig: qconf: fix signal connection to invalid slots
  genksyms: keywords: Use __restrict not _restrict
  kbuild: remove redundant patterns in filter/filter-out
  extract-cert: add static to local data
  Makefile.extrawarn: Move sign-compare from W=2 to W=3
2020-08-22 10:22:44 -07:00
Linus Torvalds
dd105d64a0 - Allow booting of late secondary CPUs affected by erratum 1418040
(currently they are parked if none of the early CPUs are affected by
   this erratum).
 
 - Add the 32-bit vdso Makefile to the vdso_install rule so that 'make
   vdso_install' installs the 32-bit compat vdso when it is compiled.
 
 - Print a warning that untrusted guests without a CPU erratum workaround
   (Cortex-A57 832075) may deadlock the affected system.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE5RElWfyWxS+3PLO2a9axLQDIXvEFAl9BOb8ACgkQa9axLQDI
 XvFnixAAladNjLswpC8gm0PSv2fXD+OJU7XiJKl1McG0UcnkRp1brgruOi7WMyQg
 I0cbY6Kjfb6mFJaHfEA9uuQ0P44FGmI+gz+3Injl+a0qJgdu0QLU1uJQG/Rae+zG
 kdoimf+/CnLnJTiIA5YXsdrFhSQsn2lVConJx26QrSJO0SB0TROy86aRSrRSMyYy
 mXrK4xCm/cx4LqJQJrFmShpgs/IjuK8T/LZBInjgB43e3y++SHwGTSA2kf3NOldz
 Rx4HqQVJ37IeROZ8B2v8MggZsTk/5C+DaxJu6QBk7REDKPnI9+RAr3BhPUAAVWDn
 BONYtsjBLgf/Q9bmXNsHlGAhjIIeOAgaIIr10oVhSFScCHsjEU15hqyNP2jfgLSC
 Q4cgU8bA0sm36CHNI0vd5phAnMBN6HJZtmSzu2xb/GJKYW4yiuXupYiOWbBAhhiu
 uAFjMRW+dwfOXY/59kwpmedBZ0WvHod2mPhp3n4FRzo3X0NfRgHzgg1kDRwqVAzv
 eh8ynUYMjuy5H3siNR0279M6epIK/hTtqSvnzIqkCTBkftsYX+32v4UzEardRGiv
 +/gKJ1XQGmWD3OCISuMZwaRK+tH5V68eT+3P0gGmssJLYMtRJFzzVtuv3mz1yXRD
 USsww/SY2etlGU+N8r+66NSqU0KPRdQ0tkK6eCX8DTyl3MPLQfQ=
 =VkR3
 -----END PGP SIGNATURE-----

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fixes from Catalin Marinas:

 - Allow booting of late secondary CPUs affected by erratum 1418040
   (currently they are parked if none of the early CPUs are affected by
   this erratum).

 - Add the 32-bit vdso Makefile to the vdso_install rule so that 'make
   vdso_install' installs the 32-bit compat vdso when it is compiled.

 - Print a warning that untrusted guests without a CPU erratum
   workaround (Cortex-A57 832075) may deadlock the affected system.

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  ARM64: vdso32: Install vdso32 from vdso_install
  KVM: arm64: Print warning when cpu erratum can cause guests to deadlock
  arm64: Allow booting of late CPUs affected by erratum 1418040
  arm64: Move handling of erratum 1418040 into C code
2020-08-22 10:17:36 -07:00
Linus Torvalds
d57ce84004 s390 fixes for 5.9-rc2
- Couple of fixes for storage key handling relevant for debugging.
 
 - Add cond_resched into potentially slow subchannels scanning loop.
 
 - Fixes for PF/VF linking and to ignore stale PCI configuration request
   events.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEE3QHqV+H2a8xAv27vjYWKoQLXFBgFAl9BDkAACgkQjYWKoQLX
 FBhF3gf+KmVa7/Eb9Z0jE6dS1op5mggBASIMk7wr/enwSBQ7bLa42iGQPP9b7lWu
 5FTLifmrelVIAadDjFU7+vfBYY4CtTg+KvaajlJeAe4QScND+KN3G7LkT+kRnqxy
 n6evcW19yKKos2I+cVlqL0QxOXQBsQFM7wmpOrf373OBRqDyJAkV1DjcLopPZr8I
 eMaKyhlLMoyxaoXkddk+RC417aIkuL900WaUMmdEkREIhawWbuyKoWqypk76CXih
 Jtxgi1nSCX7nSVUnrLHLl4xPdpBziQ3iqccliddysNEbLsaqrdWbiP8XAPBrI8na
 WxbFFOmHXTcTzhqpUDgyMv10fQtkBg==
 =bgLc
 -----END PGP SIGNATURE-----

Merge tag 's390-5.9-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

Pull s390 fixes from Vasily Gorbik:

 - a couple of fixes for storage key handling relevant for debugging

 - add cond_resched into potentially slow subchannels scanning loop

 - fixes for PF/VF linking and to ignore stale PCI configuration request
   events

* tag 's390-5.9-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/pci: fix PF/VF linking on hot plug
  s390/pci: re-introduce zpci_remove_device()
  s390/pci: fix zpci_bus_link_virtfn()
  s390/ptrace: fix storage key handling
  s390/runtime_instrumentation: fix storage key handling
  s390/pci: ignore stale configuration request event
  s390/cio: add cond_resched() in the slow_eval_known_fn() loop
2020-08-22 10:12:49 -07:00
Linus Torvalds
b2d9e99622 * PAE and PKU bugfixes for x86
* selftests fix for new binutils
 * MMU notifier fix for arm64
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAl9ARnoUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroP2YAf/dgLrPm4y4jxm7Aiz3/txqrHEwogT
 ZtvnzqUPb6+vkFrkop8QMOPw7A8NCfkn3/6sWbyUN5ObgOG1pxKyPraeN3ZdsDoR
 KGwv6P0dKgI8B4UuGEMe9GazXv+oOv8+bSUJnE+HZiUHzJKlX4HJbxDwUhvSSatY
 qYCZb/Uzqundh79TYULa7oI1/3F15A2J1zQPe4QgkToH9tsVB8PVfkH5uPJPp64M
 DTm5+qgwwsBULFaAuuo3FTs9f3pWJxn8GOuico1Sm+RnR53mhbUJggUfFzP0rwzZ
 Emevunje5r1rluFs+JWeNtflGH0gI4CLak7jvlOOBjrNb5XJgUSbzLXxkA==
 =Jwic
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull kvm fixes from Paolo Bonzini:

 - PAE and PKU bugfixes for x86

 - selftests fix for new binutils

 - MMU notifier fix for arm64

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: arm64: Only reschedule if MMU_NOTIFIER_RANGE_BLOCKABLE is not set
  KVM: Pass MMU notifier range flags to kvm_unmap_hva_range()
  kvm: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode
  kvm: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode
  KVM: x86: fix access code passed to gva_to_gpa
  selftests: kvm: Use a shorter encoding to clear RAX
2020-08-22 10:03:05 -07:00
Linus Torvalds
9e574b74b7 SCSI fixes on 20200821
23 fixes in 5 drivers (qla2xxx, ufs, scsi_debug, fcoe, zfcp).  The
 bulk of the changes are in qla2xxx and ufs and all are mostly small
 and definitely don't impact the core.
 
 Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com>
 -----BEGIN PGP SIGNATURE-----
 
 iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCX0CxgiYcamFtZXMuYm90
 dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishVI9AP40cRrH
 p0wrE1fKUyj+LbtnWrrHUXsuknS3Sf58zyPeEAEA3qxxLspTxWgLuSnT/KC2gqFB
 Kv/XJyKM9CnRg7Uo4mo=
 =GRmA
 -----END PGP SIGNATURE-----

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "23 fixes in 5 drivers (qla2xxx, ufs, scsi_debug, fcoe, zfcp). The bulk
  of the changes are in qla2xxx and ufs and all are mostly small and
  definitely don't impact the core"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (23 commits)
  Revert "scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe"
  Revert "scsi: qla2xxx: Fix crash on qla2x00_mailbox_command"
  scsi: qla2xxx: Fix null pointer access during disconnect from subsystem
  scsi: qla2xxx: Check if FW supports MQ before enabling
  scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba
  scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime
  scsi: qla2xxx: Reduce noisy debug message
  scsi: qla2xxx: Fix login timeout
  scsi: qla2xxx: Indicate correct supported speeds for Mezz card
  scsi: qla2xxx: Flush I/O on zone disable
  scsi: qla2xxx: Flush all sessions on zone disable
  scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values
  scsi: scsi_debug: Fix scp is NULL errors
  scsi: zfcp: Fix use-after-free in request timeout handlers
  scsi: ufs: No need to send Abort Task if the task in DB was cleared
  scsi: ufs: Clean up completed request without interrupt notification
  scsi: ufs: Improve interrupt handling for shared interrupts
  scsi: ufs: Fix interrupt error message for shared interrupts
  scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL
  scsi: ufs-mediatek: Fix incorrect time to wait link status
  ...
2020-08-22 09:56:42 -07:00
Linus Torvalds
d6af633056 Devicetree fixes for v5.9, take 2:
- Restore range parsing error check
 
 - Workaround PCI range parsing with missing 'device_type' now required
 
 - Correct description of 'phy-connection-type'
 
 - Fix erroneous matching on 'snps,dw-pcie' by 'intel,lgm-pcie' schema
 
 - A couple of grammar and whitespace fixes
 
 - Update Shawn Guo's email
 -----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCgAuFiEEktVUI4SxYhzZyEuo+vtdtY28YcMFAl9ATB0QHHJvYmhAa2Vy
 bmVsLm9yZwAKCRD6+121jbxhwxNzD/0WVFITEE7iH8+x+oP3CR5yIiwoGmTVdcK2
 JZ8+SrwwUGuOsky2zSLza6QjEuZW1LtQhmz6lfQ0ceUwdZh3zxySeB2j5JBJKnGC
 VsglrqWKyn7jGlTKZ9KEtAMqnwQudEPN14hcdb05bjGXTu12qUI39Nc5sITaA5Fd
 X80H0/hmDIGnfq7RnAKmSVmXcEObsL3uimBB1h3h6Swr42oZqj2SYae1370yLa60
 xcOvq0QefUMM/8a/NzgllMMZAyiQq+2QvDBS8XKskiYfXw5j2TrXxDIA1zb47vKR
 9pcn3N0RcMRzfBPIpTFtHVKwPTMLxR80stgn+jgg+qUhQ2sJobGKrtkCVaO9Vlui
 r+OHZ1KDzbvfB7GeKKVTIdMVfDr6VZ41Gm2psj21wGLjnLGVa15HQYE0VT2IIprb
 PfgxeDPNDghXPP8nssSCEcZ7lzzrmlQHi/fbAoMV0l6ynJPASkbrPixC4dGIy5YZ
 OpMZMb+rsb3jc7iQIemo+XB1QmZaAzG/XbY0nLXD4QSz9yC6AZIQYIVzZEV4q/dH
 wpxtbQyhZyRIXz7NmulQrHVs65F0pGJOmaWLhG7gmR5yJDJCK4SsmuVvf3YXb5Gq
 YiAqv5kJk4BOvOW6v91vJ6VBSjd/DOoWoygyaNCLpixjBE1ar9mJX8T6byemFRad
 m+yVrxJBmw==
 =3Xgj
 -----END PGP SIGNATURE-----

Merge tag 'devicetree-fixes-for-5.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux

Pull devicetree fixes from Rob Herring:
 "Another set of DT fixes:

   - restore range parsing error check

   - workaround PCI range parsing with missing 'device_type' now
     required

   - correct description of 'phy-connection-type'

   - fix erroneous matching on 'snps,dw-pcie' by 'intel,lgm-pcie' schema

   - a couple of grammar and whitespace fixes

   - update Shawn Guo's email"

* tag 'devicetree-fixes-for-5.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
  dt-bindings: vendor-prefixes: Remove trailing whitespace
  dt-bindings: net: correct description of phy-connection-type
  dt-bindings: PCI: intel,lgm-pcie: Fix matching on all snps,dw-pcie instances
  of: address: Work around missing device_type property in pcie nodes
  dt: writing-schema: Miscellaneous grammar fixes
  dt-bindings: Use Shawn Guo's preferred e-mail for i.MX bindings
  of/address: check for invalid range.cpu_addr
2020-08-22 09:31:11 -07:00
Geert Uytterhoeven
5cd841d267 dt-bindings: vendor-prefixes: Remove trailing whitespace
Fixes: f516fb704d ("dt-bindings: Whitespace clean-ups in schema files")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/20200819092058.1526-1-geert+renesas@glider.be
Signed-off-by: Rob Herring <robh@kernel.org>
2020-08-21 16:27:57 -06:00
Will Deacon
b5331379bc KVM: arm64: Only reschedule if MMU_NOTIFIER_RANGE_BLOCKABLE is not set
When an MMU notifier call results in unmapping a range that spans multiple
PGDs, we end up calling into cond_resched_lock() when crossing a PGD boundary,
since this avoids running into RCU stalls during VM teardown. Unfortunately,
if the VM is destroyed as a result of OOM, then blocking is not permitted
and the call to the scheduler triggers the following BUG():

 | BUG: sleeping function called from invalid context at arch/arm64/kvm/mmu.c:394
 | in_atomic(): 1, irqs_disabled(): 0, non_block: 1, pid: 36, name: oom_reaper
 | INFO: lockdep is turned off.
 | CPU: 3 PID: 36 Comm: oom_reaper Not tainted 5.8.0 #1
 | Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015
 | Call trace:
 |  dump_backtrace+0x0/0x284
 |  show_stack+0x1c/0x28
 |  dump_stack+0xf0/0x1a4
 |  ___might_sleep+0x2bc/0x2cc
 |  unmap_stage2_range+0x160/0x1ac
 |  kvm_unmap_hva_range+0x1a0/0x1c8
 |  kvm_mmu_notifier_invalidate_range_start+0x8c/0xf8
 |  __mmu_notifier_invalidate_range_start+0x218/0x31c
 |  mmu_notifier_invalidate_range_start_nonblock+0x78/0xb0
 |  __oom_reap_task_mm+0x128/0x268
 |  oom_reap_task+0xac/0x298
 |  oom_reaper+0x178/0x17c
 |  kthread+0x1e4/0x1fc
 |  ret_from_fork+0x10/0x30

Use the new 'flags' argument to kvm_unmap_hva_range() to ensure that we
only reschedule if MMU_NOTIFIER_RANGE_BLOCKABLE is set in the notifier
flags.

Cc: <stable@vger.kernel.org>
Fixes: 8b3405e345 ("kvm: arm/arm64: Fix locking for kvm_free_stage2_pgd")
Cc: Marc Zyngier <maz@kernel.org>
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: James Morse <james.morse@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
Message-Id: <20200811102725.7121-3-will@kernel.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-08-21 18:06:43 -04:00
Will Deacon
fdfe7cbd58 KVM: Pass MMU notifier range flags to kvm_unmap_hva_range()
The 'flags' field of 'struct mmu_notifier_range' is used to indicate
whether invalidate_range_{start,end}() are permitted to block. In the
case of kvm_mmu_notifier_invalidate_range_start(), this field is not
forwarded on to the architecture-specific implementation of
kvm_unmap_hva_range() and therefore the backend cannot sensibly decide
whether or not to block.

Add an extra 'flags' parameter to kvm_unmap_hva_range() so that
architectures are aware as to whether or not they are permitted to block.

Cc: <stable@vger.kernel.org>
Cc: Marc Zyngier <maz@kernel.org>
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: James Morse <james.morse@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
Message-Id: <20200811102725.7121-2-will@kernel.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-08-21 18:03:47 -04:00
Madalin Bucur
5f53584ce9 dt-bindings: net: correct description of phy-connection-type
The phy-connection-type parameter is described in ePAPR 1.1:

Specifies interface type between the Ethernet device and a physical
layer (PHY) device. The value of this property is specific to the
implementation.

Signed-off-by: Madalin Bucur <madalin.bucur@oss.nxp.com>
Link: https://lore.kernel.org/r/1597917724-11127-1-git-send-email-madalin.bucur@oss.nxp.com
Signed-off-by: Rob Herring <robh@kernel.org>
2020-08-21 16:01:50 -06:00
Linus Torvalds
f873db9acd io_uring-5.9-2020-08-21
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAl9AMgoQHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgpsqjEAC3hNnlu7BwVRFMeJzOyxZUqvvtT2ktYTZs
 9duV7qezounq022nKihl0/wy0KWOxfg4HDT492la54nKYAPf6xhszrbuAUx9pW8Z
 pwcUccaci7nB29V4a4wedtxz+jegCN2LXbRNk4DOpchlVKULfrOIcfW5/rL/7gkp
 15n/AAIZNChJ6y9dJDqYRoiF152/6uk7t+BolU/+W9QCKi2PW40nTOgfkzSnBvJV
 WaHlYHKAOUaiurIUjZQolgohNNBUzNwWtF/4HSeT5n8c94gSpI3IKFkmNCjxQQ96
 I0gjJZIss7N8ysKFBy3WALqx9FqxSWS3pi/G9fai4o/VPEFj+fhfBTh+H1fzLaoM
 V+oOHMCt5Cwlw+n8vSgtUU0JF6ZnmoolfpHWPchtCJyQ42i/gt41MrePdu/tUC+n
 tV7wvftuM/+AN36vDDgbDc5BTKjCnRQSHz80M3EwUznJJjaeTAPxnQ+pVlpN9IS+
 sbywlg+Xake9F19qA/astAH9n3U2+m3HdmoIXfG1vrXKFt/I9d36gh5hzlCh5//5
 zAu1/iwy1fAlaI4CWRR14+e8/ozu5SCxlswsI79sGZcFuv+WQsQ84q297rq8v0Wr
 HdtmiRDGlBFfcuiEOjoSzSEwMWPc1F+8EcmiEp8SZBglKDM+kQI9XMKKXakqh7K0
 yEWGAMm+1g==
 =dLiS
 -----END PGP SIGNATURE-----

Merge tag 'io_uring-5.9-2020-08-21' of git://git.kernel.dk/linux-block

Pull io_uring fixes from Jens Axboe:

 - Make sure the head link cancelation includes async work

 - Get rid of kiocb_wait_page_queue_init(), makes no sense to have it as
   a separate function since you moved it into io_uring itself

 - io_import_iovec cleanups (Pavel, me)

 - Use system_unbound_wq for ring exit work, to avoid spawning tons of
   these if we have tons of rings exiting at the same time

 - Fix req->flags overflow flag manipulation (Pavel)

* tag 'io_uring-5.9-2020-08-21' of git://git.kernel.dk/linux-block:
  io_uring: kill extra iovec=NULL in import_iovec()
  io_uring: comment on kfree(iovec) checks
  io_uring: fix racy req->flags modification
  io_uring: use system_unbound_wq for ring exit work
  io_uring: cleanup io_import_iovec() of pre-mapped request
  io_uring: get rid of kiocb_wait_page_queue_init()
  io_uring: find and cancel head link async work on files exit
2020-08-21 14:59:16 -07:00
Rob Herring
a326462cba dt-bindings: PCI: intel,lgm-pcie: Fix matching on all snps,dw-pcie instances
The intel,lgm-pcie binding is matching on all snps,dw-pcie instances
which is wrong. Add a custom 'select' entry to fix this.

Fixes: e54ea45a49 ("dt-bindings: PCI: intel: Add YAML schemas for the PCIe RC controller")
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: linux-pci@vger.kernel.org
Reviewed-by: Dilip Kota <eswara.kota@linux.intel.com>
Signed-off-by: Rob Herring <robh@kernel.org>
2020-08-21 15:51:01 -06:00
Linus Torvalds
349111f050 Merge branch 'akpm' (patches from Andrew)
Merge misc fixes from Andrew Morton:
 "11 patches.

  Subsystems affected by this: misc, mm/hugetlb, mm/vmalloc, mm/misc,
  romfs, relay, uprobes, squashfs, mm/cma, mm/pagealloc"

* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
  mm, page_alloc: fix core hung in free_pcppages_bulk()
  mm: include CMA pages in lowmem_reserve at boot
  squashfs: avoid bio_alloc() failure with 1Mbyte blocks
  uprobes: __replace_page() avoid BUG in munlock_vma_page()
  kernel/relay.c: fix memleak on destroy relay channel
  romfs: fix uninitialized memory leak in romfs_dev_read()
  mm/rodata_test.c: fix missing function declaration
  mm/vunmap: add cond_resched() in vunmap_pmd_range
  khugepaged: adjust VM_BUG_ON_MM() in __khugepaged_enter()
  hugetlb_cgroup: convert comma to semicolon
  mailmap: add Andi Kleen
2020-08-21 14:44:48 -07:00
David S. Miller
4af7b32f84 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf
Alexei Starovoitov says:

====================
pull-request: bpf 2020-08-21

The following pull-request contains BPF updates for your *net* tree.

We've added 11 non-merge commits during the last 5 day(s) which contain
a total of 12 files changed, 78 insertions(+), 24 deletions(-).

The main changes are:

1) three fixes in BPF task iterator logic, from Yonghong.

2) fix for compressed dwarf sections in vmlinux, from Jiri.

3) fix xdp attach regression, from Andrii.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2020-08-21 12:54:50 -07:00
Linus Torvalds
f22c5579a7 RISC-V Fixes for 5.9-rc2
* The CLINT driver has been split in two: one to handle the M-mode CLINT
   (memory mapped and used on NOMMU systems) and one to handle the S-mode CLINT
   (via SBI).
 * The addition of SiFive's drivers to rv32_defconfig
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCgAxFiEEKzw3R0RoQ7JKlDp6LhMZ81+7GIkFAl9AECkTHHBhbG1lckBk
 YWJiZWx0LmNvbQAKCRAuExnzX7sYiZMAD/wKrUd1yCPvg5lKMWLN34+CAJHKU/oH
 ASK3/AdwHS1B3zohk2Eq04hycBEzmFhz2TcoLResZb3CHyqXUN090xBz0Z4qAPlT
 NvOJE+fCZLdxXu35HS2wPpjkZnnBTom3kv3q2D+Cyq3nrFrGt1mGJ4a91oxebktP
 RODyooO982KjTSs/t10GUzuZFIDc7UzvyNQMv0EipXmPaVEPxPbnNhMbdkuCXWjs
 PKj6ZNMx7HVv5ms3RNQP83w3X1czLc8t/2ATfo2fApnrpizWvukzyIhDK3Ar37d+
 f9u/SQdhv6NaAzacv8GYJ79o72e4hu6+llPrTrkTPQq5WtzAHQNTqYA+99+/Lj13
 2Hh9DlRyLc7tUF2bidY6po7XluWVYbYk4JEVbTPDOUP5kmKM/MN6r14TzKxch+26
 ghu1RI70cJkE3hn2DrbG7Errcs1+I+59Fhh+PzzxhY12V0d1EUY7SVETBw5GoOce
 YOz3327rJ6f0sozUwx9bZT2x6udVAPVDTyxZ2egmzay6xlFeMQJBxWSmleAHdZce
 0O1qTOcfAp6Nyx8SIv7Ust208hGXzpsULFn6z9QQsQhfu4PIWQUUR7c3P15Sf3r8
 3vyK5slBlBm2vgkfbsmf9hZ5u+BEc/ly8M/lotbXdjJXjzoAKsg5PSYQ4KjyO/qr
 2xYMHVNsSoaFkw==
 =MBvG
 -----END PGP SIGNATURE-----

Merge tag 'riscv-for-linus-5.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux

Pull RISC-V fixes from Palmer Dabbelt:

 - The CLINT driver has been split in two: one to handle the M-mode
   CLINT (memory mapped and used on NOMMU systems) and one to handle the
   S-mode CLINT (via SBI).

 - The addition of SiFive's drivers to rv32_defconfig

* tag 'riscv-for-linus-5.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
  riscv: Add SiFive drivers to rv32_defconfig
  dt-bindings: timer: Add CLINT bindings
  RISC-V: Remove CLINT related code from timer and arch
  clocksource/drivers: Add CLINT timer driver
  RISC-V: Add mechanism to provide custom IPI operations
2020-08-21 12:32:42 -07:00
Linus Torvalds
c0a4f5b354 xen: branch for v5.9-rc2
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQRTLbB6QfY48x44uB6AXGG7T9hjvgUCX0ALjQAKCRCAXGG7T9hj
 voZ2AQCXYVDclEXoNwkD6sS0RuVSc4T6ypEzeGM6tP4Z/VInaAD/eJ8zP+aJx9wL
 oeTPsOEJzAax6Xj/c+tQ7maCQdxFpQQ=
 =K3yj
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-5.9-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip

Pull xen fixes from Juergen Gross:
 "One build fix and a minor fix for suppressing a useless warning when
  booting a Xen dom0 via UEFI"

* tag 'for-linus-5.9-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
  Fix build error when CONFIG_ACPI is not set/enabled:
  efi: avoid error message when booting under Xen
2020-08-21 12:28:33 -07:00
Linus Torvalds
985c788b6d Power management fixes for 5.9-rc2
- Fix re-enabling of resources in dev_pm_opp_set_rate() (Rajendra
    Nayak).
 
  - Fix OPP table reference counting in error paths (Stephen Boyd).
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAl9AC7oSHHJqd0Byand5
 c29ja2kubmV0AAoJEILEb/54YlRxW2AP+gN4h8yIpyn9G0HSEv8zUPy+CwOSOL5U
 Mrzcoln2eBj9MGE+Pny5JcOUTRcdpBtN0k/0/OfZMNwKm228eWlkcolG/HeRWY2K
 AjE3a80drxjqBxsaoJraGgK8KjbtfZGJzV2iFrBNU9LPr0deuJ83CKTTa07YyefM
 gKMijLQDWzxKMsvnE1ZlPzuPPruQjsN0h+NjXZiEkdovQWZuQyiKNmUDS/L78o4o
 eDP8g3z7FOz21KBytzO2QikSXzqX2cPQw2Ydbry9mRGBZxJ8woyCxj1jsxjv22IK
 YiTJKnZAlLKaGF2X1r1PO9Ccu4Js6MGgeWKhHAUBpI4dT4ssVybJmzl1iI4Um5EH
 39JJ07dClt+INsvhLQ6VoTQkpP4kds+yJVGdkhUyinxWXkMAt3ibEqeKqFmUu7Cb
 t0+sPkJYFmLkfNL81/E1thrXk/sEZ0ixA5Nlg49Gk+fSv6riG6bugpnJEEKYpFb8
 5rqWQKKcVp4p1IrrVbSaaqPRCvvfu3Zk3LZc4ycYsVPPVng6+PvFgGLlBHxK1ath
 m0F2kY6WJA0MrA4JeQCQ7Jpgt4TiIa+DPzFu1OD3tWBms1IF3DGd2HSAlaz4EI1i
 Ad0ozgXIhwnYIh6EbWfjSBiwkOK4cltpZG0cD0rNYHl/S1e46BbYCHow1i2h4x/u
 P/fVdxK6zVeE
 =7DWg
 -----END PGP SIGNATURE-----

Merge tag 'pm-5.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull power management fixes from Rafael Wysocki:
 "These fix a few issues in the operating performance points (OPP)
  framework.

  Specifics:

   - Fix re-enabling of resources in dev_pm_opp_set_rate() (Rajendra
     Nayak)

   - Fix OPP table reference counting in error paths (Stephen Boyd)"

* tag 'pm-5.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  opp: Enable resources again if they were disabled earlier
  opp: Put opp table in dev_pm_opp_set_rate() if _set_opp_bw() fails
  opp: Put opp table in dev_pm_opp_set_rate() for empty tables
2020-08-21 12:26:58 -07:00
Tobias Klauser
b16fc097bc bpf: Fix two typos in uapi/linux/bpf.h
Also remove trailing whitespaces in bpf_skb_get_tunnel_key example code.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20200821133642.18870-1-tklauser@distanz.ch
2020-08-21 12:26:17 -07:00
Tom Rix
774d977abf net: dsa: b53: check for timeout
clang static analysis reports this problem

b53_common.c:1583:13: warning: The left expression of the compound
  assignment is an uninitialized value. The computed value will
  also be garbage
        ent.port &= ~BIT(port);
        ~~~~~~~~ ^

ent is set by a successful call to b53_arl_read().  Unsuccessful
calls are caught by an switch statement handling specific returns.
b32_arl_read() calls b53_arl_op_wait() which fails with the
unhandled -ETIMEDOUT.

So add -ETIMEDOUT to the switch statement.  Because
b53_arl_op_wait() already prints out a message, do not add another
one.

Fixes: 1da6df85c6 ("net: dsa: b53: Implement ARL add/del/dump operations")
Signed-off-by: Tom Rix <trix@redhat.com>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-08-21 11:46:12 -07:00
Stephen Boyd
8d75785a81 ARM64: vdso32: Install vdso32 from vdso_install
Add the 32-bit vdso Makefile to the vdso_install rule so that 'make
vdso_install' installs the 32-bit compat vdso when it is compiled.

Fixes: a7f71a2c89 ("arm64: compat: Add vDSO")
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Reviewed-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
Acked-by: Will Deacon <will@kernel.org>
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
Link: https://lore.kernel.org/r/20200818014950.42492-1-swboyd@chromium.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2020-08-21 19:11:44 +01:00
Linus Torvalds
d723b99ec9 Improvements to ext4's block allocator performance for very large file
systems, especially when the file system or files which are highly
 fragmented.  There is a new mount option, prefetch_block_bitmaps which
 will pull in the block bitmaps and set up the in-memory buddy bitmaps
 when the file system is initially mounted.
 
 Beyond that, a lot of bug fixes and cleanups.  In particular, a number
 of changes to make ext4 more robust in the face of write errors or
 file system corruptions.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEK2m5VNv+CHkogTfJ8vlZVpUNgaMFAl8/Q9YACgkQ8vlZVpUN
 gaPz+wgAkiWwpge0pfcukABW9FcHK9R82IPggA/NnFu0I+3trpqVQP8mYWqg+1l7
 X0W6B6GHMcITGdwxVDNGHHv0WabXCqFPT0ENwW1cnl9UL6I91Ev2NjmG9HP6hVZa
 g3+NyXJwiOP38xsxpPJGPoYFw2wZyv8/e41MMnsE6goYjMmB04sHvXCUQkbN41Fn
 3CMdsiueYZDAKflvAlL50Jy7Imz5tq9oy81/z+amqvWo4T0U8zRwQuf25nBAhr25
 1WdT4CbCNGO2Qwyu9X+t/KGNVIQhCctkx/yz71l3p2piEGkw/XE4VJNrkmWb0zN7
 k9F5uGOZlAlQEzx+5PN//Qtz1Db0QQ==
 =E6vv
 -----END PGP SIGNATURE-----

Merge tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4

Pull ext4 updates from Ted Ts'o:
 "Improvements to ext4's block allocator performance for very large file
  systems, especially when the file system or files which are highly
  fragmented. There is a new mount option, prefetch_block_bitmaps which
  will pull in the block bitmaps and set up the in-memory buddy bitmaps
  when the file system is initially mounted.

  Beyond that, a lot of bug fixes and cleanups. In particular, a number
  of changes to make ext4 more robust in the face of write errors or
  file system corruptions"

* tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: (46 commits)
  ext4: limit the length of per-inode prealloc list
  ext4: reorganize if statement of ext4_mb_release_context()
  ext4: add mb_debug logging when there are lost chunks
  ext4: Fix comment typo "the the".
  jbd2: clean up checksum verification in do_one_pass()
  ext4: change to use fallthrough macro
  ext4: remove unused parameter of ext4_generic_delete_entry function
  mballoc: replace seq_printf with seq_puts
  ext4: optimize the implementation of ext4_mb_good_group()
  ext4: delete invalid comments near ext4_mb_check_limits()
  ext4: fix typos in ext4_mb_regular_allocator() comment
  ext4: fix checking of directory entry validity for inline directories
  fs: prevent BUG_ON in submit_bh_wbc()
  ext4: correctly restore system zone info when remount fails
  ext4: handle add_system_zone() failure in ext4_setup_system_zone()
  ext4: fold ext4_data_block_valid_rcu() into the caller
  ext4: check journal inode extents more carefully
  ext4: don't allow overlapping system zones
  ext4: handle error of ext4_setup_system_zone() on remount
  ext4: delete the invalid BUGON in ext4_mb_load_buddy_gfp()
  ...
2020-08-21 11:03:38 -07:00
David Howells
5e0b17b026 afs: Fix NULL deref in afs_dynroot_depopulate()
If an error occurs during the construction of an afs superblock, it's
possible that an error occurs after a superblock is created, but before
we've created the root dentry.  If the superblock has a dynamic root
(ie.  what's normally mounted on /afs), the afs_kill_super() will call
afs_dynroot_depopulate() to unpin any created dentries - but this will
oops if the root hasn't been created yet.

Fix this by skipping that bit of code if there is no root dentry.

This leads to an oops looking like:

	general protection fault, ...
	KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]
	...
	RIP: 0010:afs_dynroot_depopulate+0x25f/0x529 fs/afs/dynroot.c:385
	...
	Call Trace:
	 afs_kill_super+0x13b/0x180 fs/afs/super.c:535
	 deactivate_locked_super+0x94/0x160 fs/super.c:335
	 afs_get_tree+0x1124/0x1460 fs/afs/super.c:598
	 vfs_get_tree+0x89/0x2f0 fs/super.c:1547
	 do_new_mount fs/namespace.c:2875 [inline]
	 path_mount+0x1387/0x2070 fs/namespace.c:3192
	 do_mount fs/namespace.c:3205 [inline]
	 __do_sys_mount fs/namespace.c:3413 [inline]
	 __se_sys_mount fs/namespace.c:3390 [inline]
	 __x64_sys_mount+0x27f/0x300 fs/namespace.c:3390
	 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
	 entry_SYSCALL_64_after_hwframe+0x44/0xa9

which is oopsing on this line:

	inode_lock(root->d_inode);

presumably because sb->s_root was NULL.

Fixes: 0da0b7fd73 ("afs: Display manually added cells in dynamic root mount")
Reported-by: syzbot+c1eff8205244ae7e11a6@syzkaller.appspotmail.com
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-08-21 10:56:40 -07:00
Linus Torvalds
cd02217a5d RDMA first 5.9rc pull request
One regression from 5.8 and a few bugs from earlier kernels.
 
 - Various spelling corrections in kernel prints
 
 - Bug fixes in hfi1 and bntx_re
 
 - Revert a 5.8 patch in hns
 
 - Batch update for Mellanox and Cumulus maintainers emails
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEfB7FMLh+8QxL+6i3OG33FX4gmxoFAl8/0OsACgkQOG33FX4g
 mxo7Pg/8CJzOQdb9KmR1bwqzi18i0BQ7ev81NucQvBzJNY/grx2LYQUTbZCQx+QJ
 em+PdUmjtdcA1C1fBEbeS++/LIQxIpBZbU36Yvz4syxJqYHV+GX9EAoy02zitd6O
 tyQST6boCAZQln7ya0VmCREW5EVOgWOdBmxmxO7B5VViXbFb1BShysxtekQAOpTk
 TZU9HDhVaG4LRktr5IfyZLBeS6agbvBEXcwoeOkk+YvxDnwE3BYyveeDluEJdvh8
 NqbYRxDZM0yKjVoxi08ceMhTJ7U+igCpoUP9O3NQCgWPaBHwE6udeWoT/5VEA+AJ
 522477WPlsX88FL40m4F+qjbgctD+MjoswqgMXXhXJWIgnae3hvTnsMYAOH0xHGn
 F+LfwMct5kFNn3cueOxNmUfwylwxpnx5SiknDw1VnpNhybU2arPI2Tnkz9und848
 WDUdOlgmWRjKgOjcN6KkqFb2cTXMbr1yRuid0sutmVXSeH7FtiNR3VdvZuS8VeYF
 pfev3XZFjRGy3AOTc83oSg6h0SDWAOvs0m24y0Jut1Lb49N1QpCITIHUeQhB8L+W
 udCVHvYSZdlnXKkrj7FDDwKBy43krJrGrNw+CM50o4eTHi+WlZ2dVlzVMtoU8YeJ
 qZw79pcsC8OY7nD2PJ456xFy1OhxKDY0iJXmjvIyi45GsOYNPks=
 =5gq2
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma

Pull rdma fixes from Jason Gunthorpe:
 "One regression from 5.8 and a few bugs from earlier kernels:

   - Various spelling corrections in kernel prints

   - Bug fixes in hfi1 and bntx_re

   - Revert a 5.8 patch in hns

   - Batch update for Mellanox and Cumulus maintainers emails"

* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
  MAINTAINERS: Update Mellanox and Cumulus Network addresses to new domain
  Revert "RDMA/hns: Reserve one sge in order to avoid local length error"
  RDMA/hfi1: Correct an interlock issue for TID RDMA WRITE request
  RDMA/bnxt_re: Do not add user qps to flushlist
  RDMA/core: Fix spelling mistake "Could't" -> "Couldn't"
  RDMA/usnic: Fix spelling mistake "transistion" -> "transition"
  RDMA/hns: Fix spelling mistake "epmty" -> "empty"
2020-08-21 10:14:16 -07:00
Linus Torvalds
7f04f3ed62 sound fixes for 5.9-rc2
A collection of small fixes over several drivers, but all are driver-
 specific and nothing looks scary.  Slightly large changes are seen in
 ASoC qcom driver for the bugs that were revealed by the recent ASoC
 core change to report the invalid register access errors.  Also ASoC
 fsl got a slight intensive change for the distortion fix.  Others are
 only trivial fixes or device-specific quirks.
 -----BEGIN PGP SIGNATURE-----
 
 iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAl8/kt4OHHRpd2FpQHN1
 c2UuZGUACgkQLtJE4w1nLE+sexAAoPtgbUActijlJY34J4cm7kIt1wVulKKgdxMu
 LQEbuJPbRuv80fcr7MIcYTc6Q20frb3kQYJNxyPAG7afVV5wkGa/dO6mUrS3LHyg
 UsQLqm6iHqZNg0wo8cZK9Lhs+VwWrD1VWnV+5ODL5koT/SYfzqI7Km3lKketA4y/
 MvsRFhW03Mc6SabRINqxNcE3YTUHi8HPgM4aF9mQmBQTqm3tnld6MSCgo4B129cY
 rnNoGcpJmcZRGo1ZM7kUGS+FfLeclt3STvepbpz2iAoTWiI55X67uVwjAO3GHW4s
 5EoycKu0f8D6g3ZO0evari1vJRhC0X2QVHO42CaDk32PKxnh+xlR4sBfuJW0Zsqt
 AR+Jibv/wiF+vmlC0s+DQqgaxPkCJrK6zJ4uvjZi+iZhqXhq8Rl9DmIOCUwPoPZd
 PsKhenrmjecL3yd7kgYMtSm6orjaAzkG9r8rUnTWuWvtnpIyMe9eN3BsOGZnI0GV
 sn0UCVJQSmlxNcbWfFX+w/hYajY82FGRYbUf8bOAMWIxZP5ecPu54cn5eta70JQk
 w+b3Th9FSFJDlnATA+WAoh4TmYHmuYBISjmx4tLjnMwKxUCirJt90o7hl04Ntwwe
 1/pA4bIN6dN+csaLgWJzstlCxr/8H0LyQgRdvCfAES2ejboUQliiNOO0fDHkdf87
 PTCJtUg=
 =T8Rb
 -----END PGP SIGNATURE-----

Merge tag 'sound-5.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "A collection of small fixes over several drivers, but all are driver-
  specific and nothing looks scary.

  Slightly large changes are seen in ASoC qcom driver for the bugs that
  were revealed by the recent ASoC core change to report the invalid
  register access errors. Also ASoC fsl got a slight intensive change
  for the distortion fix.

  Others are only trivial fixes or device-specific quirks"

* tag 'sound-5.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (25 commits)
  ALSA: hda: avoid reset of sdo_limit
  ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion
  ALSA: usb-audio: ignore broken processing/extension unit
  ASoC: intel: Fix memleak in sst_media_open
  ASoC: wm8994: Avoid attempts to read unreadable registers
  ASoC: msm8916-wcd-analog: fix register Interrupt offset
  ASoC: wm8994: Prevent access to invalid VU register bits on WM1811
  ALSA: hda/realtek: Add model alc298-samsung-headphone
  ALSA: usb-audio: Update documentation comment for MS2109 quirk
  ALSA: isa: fix spelling mistakes in the comments
  ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1)
  ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book
  ASoC: q6routing: add dummy register read/write function
  ASoC: q6afe-dai: mark all widgets registers as SND_SOC_NOPM
  ASoC: Make soc_component_read() returning an error code again
  ASoC: amd: Replacing component->name with codec_dai->name.
  ASoC: fsl: Fix unused variable warning
  ASoC: tegra: tegra210_i2s: Fix compile warning with CONFIG_PM=n
  ASoC: tegra: tegra210_dmic: Fix compile warning with CONFIG_PM=n
  ASoC: tegra: tegra210_ahub: Fix compile warning with CONFIG_PM=n
  ...
2020-08-21 10:07:54 -07:00
Linus Torvalds
43d387a4ad drm fixes for 5.9-rc2
amdgpu:
 - Fix allocation size
 - SR-IOV fixes
 - Vega20 SMU feature state caching fix
 - Fix custom pptable handling
 - Arcturus golden settings update
 - Several display fixes
 - Fixes for Navy Flounder
 - Misc display fixes
 - RAS fix
 
 amdkfd:
 - SDMA fix for renoir
 
 i915:
 - Fix device parameter usage for selftest mock i915 device
 - Fix LPSP capability debugfs NULL dereference
 - Fix buddy register pagemask table
 - Fix intel_atomic_check() non-negative return value
 - Fix selftests passing a random 0 into ilog2()
 - Fix TGL power well enable/disable ordering
 - Switch to PMU module refcounting
 - GVT fixes
 
 virtio:
 - Add missing dma_fence_put() in virtio_gpu_execbuffer_ioctl().
 - Fix memory leak in virtio_gpu_cleanup_object().
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJfPyfDAAoJEAx081l5xIa+FZMP/1I13j/J/uaxThFuAc8m0By5
 wvDLu4EdzV1zIXmAT1m/bUzvXVxsCgg6XSQjZEQ4nK0SqEN5dU8g/Kg+u0E3ojJc
 g4A3XJydrQ+CSkiuP51QenRXZPMdj3rAIKXYelb7UylSdw0tPKdBP0ISXTwQUZcS
 PSN6PPUiVTJHZ52EatO7yIDV2QGyV4h9qnKcGsyLIEBa567kClrQPqdUdLa+WBSf
 9uTVdulx7CQg5vO5qZCQYpEDbhToZQA2DTYx9m640D5OCP0M6XCXTQIgpK7sISdk
 N1XkqhfiWr5ivnXJBRdqTkXv3PAUrxGNVYfXvkK3+oP5Vz4yrM9tB8AyCorWXzps
 WibnqejHgYhG57uwo3APNg/1j4EDJDdq01pDl65TEz2YyDLHAV1FiYW98XveKL2k
 8uNqCmxFnnj4p9xWhsmNIm7dwkud3QxOs17vX7odzlLq63QX+8tTnjhAKw8aXFhC
 USJqmMNY5pI3kVX1jUHLGvPxakLngLWH2T+Bozk55Rm1f0JyMCY6ZSHPVaq48mqv
 2ZifBgBb12h6MKENZvHXbGUrK1p+Q+uo4ueXvpQs1vAMNx1kQ0hJwoCJqNq+WxQN
 /P9XtQJUJ6jg/w1PSMNA3hipg4jtqy511pf9+jrdDOHbIYhIxEK3F1cmjasMjBya
 +zwVzm3p5u+TKuw+z4wF
 =eivO
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-2020-08-21' of git://anongit.freedesktop.org/drm/drm

Pull drm fixes from Dave Airlie:
 "Regular fixes pull for rc2. Usual rc2 doesn't seem too busy, mainly
  i915 and amdgpu. I'd expect the usual uptick for rc3.

  amdgpu:
   - Fix allocation size
   - SR-IOV fixes
   - Vega20 SMU feature state caching fix
   - Fix custom pptable handling
   - Arcturus golden settings update
   - Several display fixes
   - Fixes for Navy Flounder
   - Misc display fixes
   - RAS fix

  amdkfd:
   - SDMA fix for renoir

  i915:
   - Fix device parameter usage for selftest mock i915 device
   - Fix LPSP capability debugfs NULL dereference
   - Fix buddy register pagemask table
   - Fix intel_atomic_check() non-negative return value
   - Fix selftests passing a random 0 into ilog2()
   - Fix TGL power well enable/disable ordering
   - Switch to PMU module refcounting
   - GVT fixes

  virtio:
   - Add missing dma_fence_put() in virtio_gpu_execbuffer_ioctl()
   - Fix memory leak in virtio_gpu_cleanup_object()"

* tag 'drm-fixes-2020-08-21' of git://anongit.freedesktop.org/drm/drm: (34 commits)
  Revert "drm/amdgpu: disable gfxoff for navy_flounder"
  drm/i915/tgl: Make sure TC-cold is blocked before enabling TC AUX power wells
  drm/i915/selftests: Avoid passing a random 0 into ilog2
  drm/i915: Fix wrong return value in intel_atomic_check()
  drm/i915: Update bw_buddy pagemask table
  drm/i915/display: Check for an LPSP encoder before dereferencing
  drm/i915: Copy default modparams to mock i915_device
  drm/i915: Provide the perf pmu.module
  drm/amd/display: fix pow() crashing when given base 0
  drm/amd/display: Reset scrambling on Test Pattern
  drm/amd/display: fix dcn3 wide timing dsc validation
  drm/amd/display: Fix DFPstate hang due to view port changed
  drm/amd/display: Assign correct left shift
  drm/amd/display: Call DMUB for eDP power control
  drm/amdkfd: fix the wrong sdma instance query for renoir
  drm/amdgpu: parse ta firmware for navy_flounder
  drm/amdgpu: fix NULL pointer access issue when unloading driver
  drm/amdgpu: fix uninit-value in arcturus_log_thermal_throttling_event()
  drm/amdgpu: disable gfxoff for navy_flounder
  drm/amdgpu/display: use GFP_ATOMIC in dcn20_validate_bandwidth_internal
  ...
2020-08-21 10:02:44 -07:00
Charan Teja Reddy
88e8ac11d2 mm, page_alloc: fix core hung in free_pcppages_bulk()
The following race is observed with the repeated online, offline and a
delay between two successive online of memory blocks of movable zone.

P1						P2

Online the first memory block in
the movable zone. The pcp struct
values are initialized to default
values,i.e., pcp->high = 0 &
pcp->batch = 1.

					Allocate the pages from the
					movable zone.

Try to Online the second memory
block in the movable zone thus it
entered the online_pages() but yet
to call zone_pcp_update().
					This process is entered into
					the exit path thus it tries
					to release the order-0 pages
					to pcp lists through
					free_unref_page_commit().
					As pcp->high = 0, pcp->count = 1
					proceed to call the function
					free_pcppages_bulk().
Update the pcp values thus the
new pcp values are like, say,
pcp->high = 378, pcp->batch = 63.
					Read the pcp's batch value using
					READ_ONCE() and pass the same to
					free_pcppages_bulk(), pcp values
					passed here are, batch = 63,
					count = 1.

					Since num of pages in the pcp
					lists are less than ->batch,
					then it will stuck in
					while(list_empty(list)) loop
					with interrupts disabled thus
					a core hung.

Avoid this by ensuring free_pcppages_bulk() is called with proper count of
pcp list pages.

The mentioned race is some what easily reproducible without [1] because
pcp's are not updated for the first memory block online and thus there is
a enough race window for P2 between alloc+free and pcp struct values
update through onlining of second memory block.

With [1], the race still exists but it is very narrow as we update the pcp
struct values for the first memory block online itself.

This is not limited to the movable zone, it could also happen in cases
with the normal zone (e.g., hotplug to a node that only has DMA memory, or
no other memory yet).

[1]: https://patchwork.kernel.org/patch/11696389/

Fixes: 5f8dcc2121 ("page-allocator: split per-cpu list into one-list-per-migrate-type")
Signed-off-by: Charan Teja Reddy <charante@codeaurora.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: David Hildenbrand <david@redhat.com>
Acked-by: David Rientjes <rientjes@google.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Vinayak Menon <vinmenon@codeaurora.org>
Cc: <stable@vger.kernel.org> [2.6+]
Link: http://lkml.kernel.org/r/1597150703-19003-1-git-send-email-charante@codeaurora.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-08-21 09:52:53 -07:00
Doug Berger
e08d3fdfe2 mm: include CMA pages in lowmem_reserve at boot
The lowmem_reserve arrays provide a means of applying pressure against
allocations from lower zones that were targeted at higher zones.  Its
values are a function of the number of pages managed by higher zones and
are assigned by a call to the setup_per_zone_lowmem_reserve() function.

The function is initially called at boot time by the function
init_per_zone_wmark_min() and may be called later by accesses of the
/proc/sys/vm/lowmem_reserve_ratio sysctl file.

The function init_per_zone_wmark_min() was moved up from a module_init to
a core_initcall to resolve a sequencing issue with khugepaged.
Unfortunately this created a sequencing issue with CMA page accounting.

The CMA pages are added to the managed page count of a zone when
cma_init_reserved_areas() is called at boot also as a core_initcall.  This
makes it uncertain whether the CMA pages will be added to the managed page
counts of their zones before or after the call to
init_per_zone_wmark_min() as it becomes dependent on link order.  With the
current link order the pages are added to the managed count after the
lowmem_reserve arrays are initialized at boot.

This means the lowmem_reserve values at boot may be lower than the values
used later if /proc/sys/vm/lowmem_reserve_ratio is accessed even if the
ratio values are unchanged.

In many cases the difference is not significant, but for example
an ARM platform with 1GB of memory and the following memory layout

  cma: Reserved 256 MiB at 0x0000000030000000
  Zone ranges:
    DMA      [mem 0x0000000000000000-0x000000002fffffff]
    Normal   empty
    HighMem  [mem 0x0000000030000000-0x000000003fffffff]

would result in 0 lowmem_reserve for the DMA zone.  This would allow
userspace to deplete the DMA zone easily.

Funnily enough

  $ cat /proc/sys/vm/lowmem_reserve_ratio

would fix up the situation because as a side effect it forces
setup_per_zone_lowmem_reserve.

This commit breaks the link order dependency by invoking
init_per_zone_wmark_min() as a postcore_initcall so that the CMA pages
have the chance to be properly accounted in their zone(s) and allowing
the lowmem_reserve arrays to receive consistent values.

Fixes: bc22af74f2 ("mm: update min_free_kbytes from khugepaged after core initialization")
Signed-off-by: Doug Berger <opendmb@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Jason Baron <jbaron@akamai.com>
Cc: David Rientjes <rientjes@google.com>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/1597423766-27849-1-git-send-email-opendmb@gmail.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-08-21 09:52:53 -07:00
Phillip Lougher
f26044c83e squashfs: avoid bio_alloc() failure with 1Mbyte blocks
This is a regression introduced by the patch "migrate from ll_rw_block
usage to BIO".

Bio_alloc() is limited to 256 pages (1 Mbyte).  This can cause a failure
when reading 1 Mbyte block filesystems.  The problem is a datablock can be
fully (or almost uncompressed), requiring 256 pages, but, because blocks
are not aligned to page boundaries, it may require 257 pages to read.

Bio_kmalloc() can handle 1024 pages, and so use this for the edge
condition.

Fixes: 93e72b3c61 ("squashfs: migrate from ll_rw_block usage to BIO")
Reported-by: Nicolas Prochazka <nicolas.prochazka@gmail.com>
Reported-by: Tomoatsu Shimada <shimada@walbrix.com>
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>
Cc: Philippe Liard <pliard@google.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Adrien Schildknecht <adrien+dev@schischi.me>
Cc: Daniel Rosenberg <drosen@google.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200815035637.15319-1-phillip@squashfs.org.uk
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-08-21 09:52:53 -07:00
Hugh Dickins
c17c3dc9d0 uprobes: __replace_page() avoid BUG in munlock_vma_page()
syzbot crashed on the VM_BUG_ON_PAGE(PageTail) in munlock_vma_page(), when
called from uprobes __replace_page().  Which of many ways to fix it?
Settled on not calling when PageCompound (since Head and Tail are equals
in this context, PageCompound the usual check in uprobes.c, and the prior
use of FOLL_SPLIT_PMD will have cleared PageMlocked already).

Fixes: 5a52c9df62 ("uprobe: use FOLL_SPLIT_PMD instead of FOLL_SPLIT")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Acked-by: Song Liu <songliubraving@fb.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Cc: <stable@vger.kernel.org>	[5.4+]
Link: http://lkml.kernel.org/r/alpine.LSU.2.11.2008161338360.20413@eggly.anvils
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-08-21 09:52:53 -07:00
Wei Yongjun
71e843295c kernel/relay.c: fix memleak on destroy relay channel
kmemleak report memory leak as follows:

  unreferenced object 0x607ee4e5f948 (size 8):
  comm "syz-executor.1", pid 2098, jiffies 4295031601 (age 288.468s)
  hex dump (first 8 bytes):
  00 00 00 00 00 00 00 00 ........
  backtrace:
     relay_open kernel/relay.c:583 [inline]
     relay_open+0xb6/0x970 kernel/relay.c:563
     do_blk_trace_setup+0x4a8/0xb20 kernel/trace/blktrace.c:557
     __blk_trace_setup+0xb6/0x150 kernel/trace/blktrace.c:597
     blk_trace_ioctl+0x146/0x280 kernel/trace/blktrace.c:738
     blkdev_ioctl+0xb2/0x6a0 block/ioctl.c:613
     block_ioctl+0xe5/0x120 fs/block_dev.c:1871
     vfs_ioctl fs/ioctl.c:48 [inline]
     __do_sys_ioctl fs/ioctl.c:753 [inline]
     __se_sys_ioctl fs/ioctl.c:739 [inline]
     __x64_sys_ioctl+0x170/0x1ce fs/ioctl.c:739
     do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46
     entry_SYSCALL_64_after_hwframe+0x44/0xa9

'chan->buf' is malloced in relay_open() by alloc_percpu() but not free
while destroy the relay channel.  Fix it by adding free_percpu() before
return from relay_destroy_channel().

Fixes: 017c59c042 ("relay: Use per CPU constructs for the relay channel buffer pointers")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: David Rientjes <rientjes@google.com>
Cc: Michel Lespinasse <walken@google.com>
Cc: Daniel Axtens <dja@axtens.net>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Akash Goel <akash.goel@intel.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200817122826.48518-1-weiyongjun1@huawei.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-08-21 09:52:53 -07:00
Jann Horn
bcf85fcedf romfs: fix uninitialized memory leak in romfs_dev_read()
romfs has a superblock field that limits the size of the filesystem; data
beyond that limit is never accessed.

romfs_dev_read() fetches a caller-supplied number of bytes from the
backing device.  It returns 0 on success or an error code on failure;
therefore, its API can't represent short reads, it's all-or-nothing.

However, when romfs_dev_read() detects that the requested operation would
cross the filesystem size limit, it currently silently truncates the
requested number of bytes.  This e.g.  means that when the content of a
file with size 0x1000 starts one byte before the filesystem size limit,
->readpage() will only fill a single byte of the supplied page while
leaving the rest uninitialized, leaking that uninitialized memory to
userspace.

Fix it by returning an error code instead of truncating the read when the
requested read operation would go beyond the end of the filesystem.

Fixes: da4458bda2 ("NOMMU: Make it possible for RomFS to use MTD devices directly")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: David Howells <dhowells@redhat.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200818013202.2246365-1-jannh@google.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-08-21 09:52:53 -07:00
Leon Romanovsky
86f54bb7e4 mm/rodata_test.c: fix missing function declaration
The compilation with CONFIG_DEBUG_RODATA_TEST set produces the following
warning due to the missing include.

 mm/rodata_test.c:15:6: warning: no previous prototype for 'rodata_test' [-Wmissing-prototypes]
    15 | void rodata_test(void)
       |      ^~~~~~~~~~~

Fixes: 2959a5f726 ("mm: add arch-independent testcases for RODATA")
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Anshuman Khandual <anshuman.khandual@arm.com>
Link: https://lkml.kernel.org/r/20200819080026.918134-1-leon@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-08-21 09:52:53 -07:00