f54ca91fe6
1057322 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
David Hildenbrand
|
434b90f39e |
x86/xen: update xen_oldmem_pfn_is_ram() documentation
After removing /dev/kmem, sanitizing /proc/kcore and handling /dev/mem, this series tackles the last sane way how a VM could accidentially access logically unplugged memory managed by a virtio-mem device: /proc/vmcore When dumping memory via "makedumpfile", PG_offline pages, used by virtio-mem to flag logically unplugged memory, are already properly excluded; however, especially when accessing/copying /proc/vmcore "the usual way", we can still end up reading logically unplugged memory part of a virtio-mem device. Patch #1-#3 are cleanups. Patch #4 extends the existing oldmem_pfn_is_ram mechanism. Patch #5-#7 are virtio-mem refactorings for patch #8, which implements the virtio-mem logic to query the state of device blocks. Patch #8: "Although virtio-mem currently supports reading unplugged memory in the hypervisor, this will change in the future, indicated to the device via a new feature flag. We similarly sanitized /proc/kcore access recently. [...] Distributions that support virtio-mem+kdump have to make sure that the virtio_mem module will be part of the kdump kernel or the kdump initrd; dracut was recently [2] extended to include virtio-mem in the generated initrd. As long as no special kdump kernels are used, this will automatically make sure that virtio-mem will be around in the kdump initrd and sanitize /proc/vmcore access -- with dracut" This is the last remaining bit to support VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE [3] in the Linux implementation of virtio-mem. Note: this is best-effort. We'll never be able to control what runs inside the second kernel, really, but we also don't have to care: we only care about sane setups where we don't want our VM getting zapped once we touch the wrong memory location while dumping. While we usually expect sane setups to use "makedumfile", nothing really speaks against just copying /proc/vmcore, especially in environments where HWpoisioning isn't typically expected. Also, we really don't want to put all our trust completely on the memmap, so sanitizing also makes sense when just using "makedumpfile". [1] https://lkml.kernel.org/r/20210526093041.8800-1-david@redhat.com [2] https://github.com/dracutdevs/dracut/pull/1157 [3] https://lists.oasis-open.org/archives/virtio-comment/202109/msg00021.html This patch (of 9): The callback is only used for the vmcore nowadays. Link: https://lkml.kernel.org/r/20211005121430.30136-1-david@redhat.com Link: https://lkml.kernel.org/r/20211005121430.30136-2-david@redhat.com Signed-off-by: David Hildenbrand <david@redhat.com> Reviewed-by: Boris Ostrovsky <boris.ostrvsky@oracle.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@redhat.com> Cc: Borislav Petkov <bp@alien8.de> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Juergen Gross <jgross@suse.com> Cc: Stefano Stabellini <sstabellini@kernel.org> Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Jason Wang <jasowang@redhat.com> Cc: Dave Young <dyoung@redhat.com> Cc: Baoquan He <bhe@redhat.com> Cc: Vivek Goyal <vgoyal@redhat.com> Cc: Michal Hocko <mhocko@suse.com> Cc: Oscar Salvador <osalvador@suse.de> Cc: Mike Rapoport <rppt@kernel.org> Cc: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
Florian Weimer
|
0658a0961b |
procfs: do not list TID 0 in /proc/<pid>/task
If a task exits concurrently, task_pid_nr_ns may return 0. [akpm@linux-foundation.org: coding style tweaks] [adobriyan@gmail.com: test that /proc/*/task doesn't contain "0"] Link: https://lkml.kernel.org/r/YV88AnVzHxPafQ9o@localhost.localdomain Link: https://lkml.kernel.org/r/8735pn5dx7.fsf@oldenburg.str.redhat.com Signed-off-by: Florian Weimer <fweimer@redhat.com> Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Acked-by: Christian Brauner <christian.brauner@ubuntu.com> Reviewed-by: Alexey Dobriyan <adobriyan@gmail.com> Cc: Kees Cook <keescook@chromium.org> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
zhangyiru
|
83c1fd763b |
mm,hugetlb: remove mlock ulimit for SHM_HUGETLB
Commit
|
||
Johannes Weiner
|
51b8c1fe25 |
vfs: keep inodes with page cache off the inode shrinker LRU
Historically (pre-2.5), the inode shrinker used to reclaim only empty inodes and skip over those that still contained page cache. This caused problems on highmem hosts: struct inode could put fill lowmem zones before the cache was getting reclaimed in the highmem zones. To address this, the inode shrinker started to strip page cache to facilitate reclaiming lowmem. However, this comes with its own set of problems: the shrinkers may drop actively used page cache just because the inodes are not currently open or dirty - think working with a large git tree. It further doesn't respect cgroup memory protection settings and can cause priority inversions between containers. Nowadays, the page cache also holds non-resident info for evicted cache pages in order to detect refaults. We've come to rely heavily on this data inside reclaim for protecting the cache workingset and driving swap behavior. We also use it to quantify and report workload health through psi. The latter in turn is used for fleet health monitoring, as well as driving automated memory sizing of workloads and containers, proactive reclaim and memory offloading schemes. The consequences of dropping page cache prematurely is that we're seeing subtle and not-so-subtle failures in all of the above-mentioned scenarios, with the workload generally entering unexpected thrashing states while losing the ability to reliably detect it. To fix this on non-highmem systems at least, going back to rotating inodes on the LRU isn't feasible. We've tried (commit |
||
Ming Lei
|
26af1cd003 |
nvme: wait until quiesce is done
NVMe uses one atomic flag to check if quiesce is needed. If quiesce is
started, the helper returns immediately. This way is wrong, since we
have to wait until quiesce is done.
Fixes:
|
||
|
Ming Lei
|
93542fbfa7 |
scsi: make sure that request queue queiesce and unquiesce balanced
For fixing queue quiesce race between driver and block layer(elevator
switch, update nr_requests, ...), we need to support concurrent quiesce
and unquiesce, which requires the two call balanced.
It isn't easy to audit that in all scsi drivers, especially the two may
be called from different contexts, so do it in scsi core with one
per-device atomic variable to balance quiesce and unquiesce.
Reported-by: Yi Zhang <yi.zhang@redhat.com>
Fixes:
|
||
|
Ming Lei
|
d2b9f12b0f |
scsi: avoid to quiesce sdev->request_queue two times
For fixing queue quiesce race between driver and block layer(elevator
switch, update nr_requests, ...), we need to support concurrent quiesce
and unquiesce, which requires the two to be balanced.
blk_mq_quiesce_queue() calls blk_mq_quiesce_queue_nowait() for updating
quiesce depth and marking the flag, then scsi_internal_device_block() calls
blk_mq_quiesce_queue_nowait() two times actually.
Fix the double quiesce and keep quiesce and unquiesce balanced.
Reported-by: Yi Zhang <yi.zhang@redhat.com>
Fixes:
|
||
|
Ming Lei
|
9ef4d0209c |
blk-mq: add one API for waiting until quiesce is done
Some drivers(NVMe, SCSI) need to call quiesce and unquiesce in pair, but it is hard to switch to this style, so these drivers need one atomic flag for helping to balance quiesce and unquiesce. When quiesce is in-progress, the driver still needs to wait until the quiesce is done, so add API of blk_mq_wait_quiesce_done() for these drivers. Signed-off-by: Ming Lei <ming.lei@redhat.com> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com> Link: https://lore.kernel.org/r/20211109071144.181581-2-ming.lei@redhat.com Signed-off-by: Jens Axboe <axboe@kernel.dk> |
||
Arnd Bergmann
|
9758aba854 |
amt: add IPV6 Kconfig dependency
This driver cannot be built-in if IPV6 is a loadable module:
x86_64-linux-ld: drivers/net/amt.o: in function `amt_build_mld_gq':
amt.c:(.text+0x2e7d): undefined reference to `ipv6_dev_get_saddr'
Add the idiomatic Kconfig dependency that all such modules
have.
Fixes:
|
||
Dan Carpenter
|
1c360cc1cc |
gve: Fix off by one in gve_tx_timeout()
The priv->ntfy_blocks[] has "priv->num_ntfy_blks" elements so this >
needs to be >= to prevent an off by one bug. The priv->ntfy_blocks[]
array is allocated in gve_alloc_notify_blocks().
Fixes:
|
||
Filipe Manana
|
51bd9563b6 |
btrfs: fix deadlock due to page faults during direct IO reads and writes
If we do a direct IO read or write when the buffer given by the user is
memory mapped to the file range we are going to do IO, we end up ending
in a deadlock. This is triggered by the new test case generic/647 from
fstests.
For a direct IO read we get a trace like this:
[967.872718] INFO: task mmap-rw-fault:12176 blocked for more than 120 seconds.
[967.874161] Not tainted 5.14.0-rc7-btrfs-next-95 #1
[967.874909] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[967.875983] task:mmap-rw-fault state:D stack: 0 pid:12176 ppid: 11884 flags:0x00000000
[967.875992] Call Trace:
[967.875999] __schedule+0x3ca/0xe10
[967.876015] schedule+0x43/0xe0
[967.876020] wait_extent_bit.constprop.0+0x1eb/0x260 [btrfs]
[967.876109] ? do_wait_intr_irq+0xb0/0xb0
[967.876118] lock_extent_bits+0x37/0x90 [btrfs]
[967.876150] btrfs_lock_and_flush_ordered_range+0xa9/0x120 [btrfs]
[967.876184] ? extent_readahead+0xa7/0x530 [btrfs]
[967.876214] extent_readahead+0x32d/0x530 [btrfs]
[967.876253] ? lru_cache_add+0x104/0x220
[967.876255] ? kvm_sched_clock_read+0x14/0x40
[967.876258] ? sched_clock_cpu+0xd/0x110
[967.876263] ? lock_release+0x155/0x4a0
[967.876271] read_pages+0x86/0x270
[967.876274] ? lru_cache_add+0x125/0x220
[967.876281] page_cache_ra_unbounded+0x1a3/0x220
[967.876291] filemap_fault+0x626/0xa20
[967.876303] __do_fault+0x36/0xf0
[967.876308] __handle_mm_fault+0x83f/0x15f0
[967.876322] handle_mm_fault+0x9e/0x260
[967.876327] __get_user_pages+0x204/0x620
[967.876332] ? get_user_pages_unlocked+0x69/0x340
[967.876340] get_user_pages_unlocked+0xd3/0x340
[967.876349] internal_get_user_pages_fast+0xbca/0xdc0
[967.876366] iov_iter_get_pages+0x8d/0x3a0
[967.876374] bio_iov_iter_get_pages+0x82/0x4a0
[967.876379] ? lock_release+0x155/0x4a0
[967.876387] iomap_dio_bio_actor+0x232/0x410
[967.876396] iomap_apply+0x12a/0x4a0
[967.876398] ? iomap_dio_rw+0x30/0x30
[967.876414] __iomap_dio_rw+0x29f/0x5e0
[967.876415] ? iomap_dio_rw+0x30/0x30
[967.876420] ? lock_acquired+0xf3/0x420
[967.876429] iomap_dio_rw+0xa/0x30
[967.876431] btrfs_file_read_iter+0x10b/0x140 [btrfs]
[967.876460] new_sync_read+0x118/0x1a0
[967.876472] vfs_read+0x128/0x1b0
[967.876477] __x64_sys_pread64+0x90/0xc0
[967.876483] do_syscall_64+0x3b/0xc0
[967.876487] entry_SYSCALL_64_after_hwframe+0x44/0xae
[967.876490] RIP: 0033:0x7fb6f2c038d6
[967.876493] RSP: 002b:00007fffddf586b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[967.876496] RAX: ffffffffffffffda RBX: 0000000000001000 RCX: 00007fb6f2c038d6
[967.876498] RDX: 0000000000001000 RSI: 00007fb6f2c17000 RDI: 0000000000000003
[967.876499] RBP: 0000000000001000 R08: 0000000000000003 R09: 0000000000000000
[967.876501] R10: 0000000000001000 R11: 0000000000000246 R12: 0000000000000003
[967.876502] R13: 0000000000000000 R14: 00007fb6f2c17000 R15: 0000000000000000
This happens because at btrfs_dio_iomap_begin() we lock the extent range
and return with it locked - we only unlock in the endio callback, at
end_bio_extent_readpage() -> endio_readpage_release_extent(). Then after
iomap called the btrfs_dio_iomap_begin() callback, it triggers the page
faults that resulting in reading the pages, through the readahead callback
btrfs_readahead(), and through there we end to attempt to lock again the
same extent range (or a subrange of what we locked before), resulting in
the deadlock.
For a direct IO write, the scenario is a bit different, and it results in
trace like this:
[1132.442520] run fstests generic/647 at 2021-08-31 18:53:35
[1330.349355] INFO: task mmap-rw-fault:184017 blocked for more than 120 seconds.
[1330.350540] Not tainted 5.14.0-rc7-btrfs-next-95 #1
[1330.351158] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[1330.351900] task:mmap-rw-fault state:D stack: 0 pid:184017 ppid:183725 flags:0x00000000
[1330.351906] Call Trace:
[1330.351913] __schedule+0x3ca/0xe10
[1330.351930] schedule+0x43/0xe0
[1330.351935] btrfs_start_ordered_extent+0x108/0x1c0 [btrfs]
[1330.352020] ? do_wait_intr_irq+0xb0/0xb0
[1330.352028] btrfs_lock_and_flush_ordered_range+0x8c/0x120 [btrfs]
[1330.352064] ? extent_readahead+0xa7/0x530 [btrfs]
[1330.352094] extent_readahead+0x32d/0x530 [btrfs]
[1330.352133] ? lru_cache_add+0x104/0x220
[1330.352135] ? kvm_sched_clock_read+0x14/0x40
[1330.352138] ? sched_clock_cpu+0xd/0x110
[1330.352143] ? lock_release+0x155/0x4a0
[1330.352151] read_pages+0x86/0x270
[1330.352155] ? lru_cache_add+0x125/0x220
[1330.352162] page_cache_ra_unbounded+0x1a3/0x220
[1330.352172] filemap_fault+0x626/0xa20
[1330.352176] ? filemap_map_pages+0x18b/0x660
[1330.352184] __do_fault+0x36/0xf0
[1330.352189] __handle_mm_fault+0x1253/0x15f0
[1330.352203] handle_mm_fault+0x9e/0x260
[1330.352208] __get_user_pages+0x204/0x620
[1330.352212] ? get_user_pages_unlocked+0x69/0x340
[1330.352220] get_user_pages_unlocked+0xd3/0x340
[1330.352229] internal_get_user_pages_fast+0xbca/0xdc0
[1330.352246] iov_iter_get_pages+0x8d/0x3a0
[1330.352254] bio_iov_iter_get_pages+0x82/0x4a0
[1330.352259] ? lock_release+0x155/0x4a0
[1330.352266] iomap_dio_bio_actor+0x232/0x410
[1330.352275] iomap_apply+0x12a/0x4a0
[1330.352278] ? iomap_dio_rw+0x30/0x30
[1330.352292] __iomap_dio_rw+0x29f/0x5e0
[1330.352294] ? iomap_dio_rw+0x30/0x30
[1330.352306] btrfs_file_write_iter+0x238/0x480 [btrfs]
[1330.352339] new_sync_write+0x11f/0x1b0
[1330.352344] ? NF_HOOK_LIST.constprop.0.cold+0x31/0x3e
[1330.352354] vfs_write+0x292/0x3c0
[1330.352359] __x64_sys_pwrite64+0x90/0xc0
[1330.352365] do_syscall_64+0x3b/0xc0
[1330.352369] entry_SYSCALL_64_after_hwframe+0x44/0xae
[1330.352372] RIP: 0033:0x7f4b0a580986
[1330.352379] RSP: 002b:00007ffd34d75418 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
[1330.352382] RAX: ffffffffffffffda RBX: 0000000000001000 RCX: 00007f4b0a580986
[1330.352383] RDX: 0000000000001000 RSI: 00007f4b0a3a4000 RDI: 0000000000000003
[1330.352385] RBP: 00007f4b0a3a4000 R08: 0000000000000003 R09: 0000000000000000
[1330.352386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[1330.352387] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Unlike for reads, at btrfs_dio_iomap_begin() we return with the extent
range unlocked, but later when the page faults are triggered and we try
to read the extents, we end up btrfs_lock_and_flush_ordered_range() where
we find the ordered extent for our write, created by the iomap callback
btrfs_dio_iomap_begin(), and we wait for it to complete, which makes us
deadlock since we can't complete the ordered extent without reading the
pages (the iomap code only submits the bio after the pages are faulted
in).
Fix this by setting the nofault attribute of the given iov_iter and retry
the direct IO read/write if we get an -EFAULT error returned from iomap.
For reads, also disable page faults completely, this is because when we
read from a hole or a prealloc extent, we can still trigger page faults
due to the call to iov_iter_zero() done by iomap - at the moment, it is
oblivious to the value of the ->nofault attribute of an iov_iter.
We also need to keep track of the number of bytes written or read, and
pass it to iomap_dio_rw(), as well as use the new flag IOMAP_DIO_PARTIAL.
This depends on the iov_iter and iomap changes introduced in commit
|
||
Lin Ma
|
0b9111922b |
hamradio: defer 6pack kfree after unregister_netdev
There is a possible race condition (use-after-free) like below
(USE) | (FREE)
dev_queue_xmit |
__dev_queue_xmit |
__dev_xmit_skb |
sch_direct_xmit | ...
xmit_one |
netdev_start_xmit | tty_ldisc_kill
__netdev_start_xmit | 6pack_close
sp_xmit | kfree
sp_encaps |
|
According to the patch "defer ax25 kfree after unregister_netdev", this
patch reorder the kfree after the unregister_netdev to avoid the possible
UAF as the unregister_netdev() is well synchronized and won't return if
there is a running routine.
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||
|
Lin Ma
|
3e0588c291 |
hamradio: defer ax25 kfree after unregister_netdev
There is a possible race condition (use-after-free) like below
(USE) | (FREE)
ax25_sendmsg |
ax25_queue_xmit |
dev_queue_xmit |
__dev_queue_xmit |
__dev_xmit_skb |
sch_direct_xmit | ...
xmit_one |
netdev_start_xmit | tty_ldisc_kill
__netdev_start_xmit | mkiss_close
ax_xmit | kfree
ax_encaps |
|
Even though there are two synchronization primitives before the kfree:
1. wait_for_completion(&ax->dead). This can prevent the race with
routines from mkiss_ioctl. However, it cannot stop the routine coming
from upper layer, i.e., the ax25_sendmsg.
2. netif_stop_queue(ax->dev). It seems that this line of code aims to
halt the transmit queue but it fails to stop the routine that already
being xmit.
This patch reorder the kfree after the unregister_netdev to avoid the
possible UAF as the unregister_netdev() is well synchronized and won't
return if there is a running routine.
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||
Jean Sacren
|
54f0bad668 |
net: sungem_phy: fix code indentation
Remove extra space in front of the return statement.
Fixes:
|
||
Kishon Vijay Abraham I
|
eb91224e47 |
dmaengine: ti: k3-udma: Set r/tchan or rflow to NULL if request fail
udma_get_*() checks if rchan/tchan/rflow is already allocated by checking if it has a NON NULL value. For the error cases, rchan/tchan/rflow will have error value and udma_get_*() considers this as already allocated (PASS) since the error values are NON NULL. This results in NULL pointer dereference error while de-referencing rchan/tchan/rflow. Reset the value of rchan/tchan/rflow to NULL if a channel request fails. CC: stable@vger.kernel.org Acked-by: Peter Ujfalusi <peter.ujfalusi@gmail.com> Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com> Link: https://lore.kernel.org/r/20211031032411.27235-3-kishon@ti.com Signed-off-by: Vinod Koul <vkoul@kernel.org> |
||
|
Kishon Vijay Abraham I
|
5c6c6d60e4 |
dmaengine: ti: k3-udma: Set bchan to NULL if a channel request fail
bcdma_get_*() checks if bchan is already allocated by checking if it has a NON NULL value. For the error cases, bchan will have error value and bcdma_get_*() considers this as already allocated (PASS) since the error values are NON NULL. This results in NULL pointer dereference error while de-referencing bchan. Reset the value of bchan to NULL if a channel request fails. CC: stable@vger.kernel.org Acked-by: Peter Ujfalusi <peter.ujfalusi@gmail.com> Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com> Link: https://lore.kernel.org/r/20211031032411.27235-2-kishon@ti.com Signed-off-by: Vinod Koul <vkoul@kernel.org> |
||
|
Arnd Bergmann
|
2498363310 |
dmaengine: stm32-dma: avoid 64-bit division in stm32_dma_get_max_width
Using the % operator on a 64-bit variable is expensive and can
cause a link failure:
arm-linux-gnueabi-ld: drivers/dma/stm32-dma.o: in function `stm32_dma_get_max_width':
stm32-dma.c:(.text+0x170): undefined reference to `__aeabi_uldivmod'
arm-linux-gnueabi-ld: drivers/dma/stm32-dma.o: in function `stm32_dma_set_xfer_param':
stm32-dma.c:(.text+0x1cd4): undefined reference to `__aeabi_uldivmod'
As we know that we just want to check the alignment in
stm32_dma_get_max_width(), there is no need for a full division, and
using a simple mask is a faster replacement.
Same in stm32_dma_set_xfer_param(), change this to only allow burst
transfers if the address is a multiple of the length.
stm32_dma_get_best_burst just after will take buf_len into account to fix
burst in case of misalignment.
Fixes:
|
||
Jussi Maki
|
b2c4618162 |
bpf, sockmap: sk_skb data_end access incorrect when src_reg = dst_reg
The current conversion of skb->data_end reads like this: ; data_end = (void*)(long)skb->data_end; 559: (79) r1 = *(u64 *)(r2 +200) ; r1 = skb->data 560: (61) r11 = *(u32 *)(r2 +112) ; r11 = skb->len 561: (0f) r1 += r11 562: (61) r11 = *(u32 *)(r2 +116) 563: (1f) r1 -= r11 But similar to the case in |
||
John Fastabend
|
e0dc3b93bd |
bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding
Strparser is reusing the qdisc_skb_cb struct to stash the skb message handling
progress, e.g. offset and length of the skb. First this is poorly named and
inherits a struct from qdisc that doesn't reflect the actual usage of cb[] at
this layer.
But, more importantly strparser is using the following to access its metadata.
(struct _strp_msg *)((void *)skb->cb + offsetof(struct qdisc_skb_cb, data))
Where _strp_msg is defined as:
struct _strp_msg {
struct strp_msg strp; /* 0 8 */
int accum_len; /* 8 4 */
/* size: 12, cachelines: 1, members: 2 */
/* last cacheline: 12 bytes */
};
So we use 12 bytes of ->data[] in struct. However in BPF code running parser
and verdict the user has read capabilities into the data[] array as well. Its
not too problematic, but we should not be exposing internal state to BPF
program. If its really needed then we can use the probe_read() APIs which allow
reading kernel memory. And I don't believe cb[] layer poses any API breakage by
moving this around because programs can't depend on cb[] across layers.
In order to fix another issue with a ctx rewrite we need to stash a temp
variable somewhere. To make this work cleanly this patch builds a cb struct
for sk_skb types called sk_skb_cb struct. Then we can use this consistently
in the strparser, sockmap space. Additionally we can start allowing ->cb[]
write access after this.
Fixes:
|
||
|
John Fastabend
|
c5d2177a72 |
bpf, sockmap: Fix race in ingress receive verdict with redirect to self
A socket in a sockmap may have different combinations of programs attached
depending on configuration. There can be no programs in which case the socket
acts as a sink only. There can be a TX program in this case a BPF program is
attached to sending side, but no RX program is attached. There can be an RX
program only where sends have no BPF program attached, but receives are hooked
with BPF. And finally, both TX and RX programs may be attached. Giving us the
permutations:
None, Tx, Rx, and TxRx
To date most of our use cases have been TX case being used as a fast datapath
to directly copy between local application and a userspace proxy. Or Rx cases
and TxRX applications that are operating an in kernel based proxy. The traffic
in the first case where we hook applications into a userspace application looks
like this:
AppA redirect AppB
Tx <-----------> Rx
| |
+ +
TCP <--> lo <--> TCP
In this case all traffic from AppA (after 3whs) is copied into the AppB
ingress queue and no traffic is ever on the TCP recieive_queue.
In the second case the application never receives, except in some rare error
cases, traffic on the actual user space socket. Instead the send happens in
the kernel.
AppProxy socket pool
sk0 ------------->{sk1,sk2, skn}
^ |
| |
| v
ingress lb egress
TCP TCP
Here because traffic is never read off the socket with userspace recv() APIs
there is only ever one reader on the sk receive_queue. Namely the BPF programs.
However, we've started to introduce a third configuration where the BPF program
on receive should process the data, but then the normal case is to push the
data into the receive queue of AppB.
AppB
recv() (userspace)
-----------------------
tcp_bpf_recvmsg() (kernel)
| |
| |
| |
ingress_msgQ |
| |
RX_BPF |
| |
v v
sk->receive_queue
This is different from the App{A,B} redirect because traffic is first received
on the sk->receive_queue.
Now for the issue. The tcp_bpf_recvmsg() handler first checks the ingress_msg
queue for any data handled by the BPF rx program and returned with PASS code
so that it was enqueued on the ingress msg queue. Then if no data exists on
that queue it checks the socket receive queue. Unfortunately, this is the same
receive_queue the BPF program is reading data off of. So we get a race. Its
possible for the recvmsg() hook to pull data off the receive_queue before the
BPF hook has a chance to read it. It typically happens when an application is
banging on recv() and getting EAGAINs. Until they manage to race with the RX
BPF program.
To fix this we note that before this patch at attach time when the socket is
loaded into the map we check if it needs a TX program or just the base set of
proto bpf hooks. Then it uses the above general RX hook regardless of if we
have a BPF program attached at rx or not. This patch now extends this check to
handle all cases enumerated above, TX, RX, TXRX, and none. And to fix above
race when an RX program is attached we use a new hook that is nearly identical
to the old one except now we do not let the recv() call skip the RX BPF program.
Now only the BPF program pulls data from sk->receive_queue and recv() only
pulls data from the ingress msgQ post BPF program handling.
With this resolved our AppB from above has been up and running for many hours
without detecting any errors. We do this by correlating counters in RX BPF
events and the AppB to ensure data is never skipping the BPF program. Selftests,
was not able to detect this because we only run them for a short period of time
on well ordered send/recvs so we don't get any of the noise we see in real
application environments.
Fixes:
|
||
|
John Fastabend
|
b8b8315e39 |
bpf, sockmap: Remove unhash handler for BPF sockmap usage
We do not need to handle unhash from BPF side we can simply wait for the
close to happen. The original concern was a socket could transition from
ESTABLISHED state to a new state while the BPF hook was still attached.
But, we convinced ourself this is no longer possible and we also improved
BPF sockmap to handle listen sockets so this is no longer a problem.
More importantly though there are cases where unhash is called when data is
in the receive queue. The BPF unhash logic will flush this data which is
wrong. To be correct it should keep the data in the receive queue and allow
a receiving application to continue reading the data. This may happen when
tcp_abort() is received for example. Instead of complicating the logic in
unhash simply moving all this to tcp_close() hook solves this.
Fixes:
|
||
|
John Fastabend
|
40a34121ac |
bpf, sockmap: Use stricter sk state checks in sk_lookup_assign
In order to fix an issue with sockets in TCP sockmap redirect cases we plan to allow CLOSE state sockets to exist in the sockmap. However, the check in bpf_sk_lookup_assign() currently only invalidates sockets in the TCP_ESTABLISHED case relying on the checks on sockmap insert to ensure we never SOCK_CLOSE state sockets in the map. To prepare for this change we flip the logic in bpf_sk_lookup_assign() to explicitly test for the accepted cases. Namely, a tcp socket in TCP_LISTEN or a udp socket in TCP_CLOSE state. This also makes the code more resilent to future changes. Suggested-by: Jakub Sitnicki <jakub@cloudflare.com> Signed-off-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Reviewed-by: Jakub Sitnicki <jakub@cloudflare.com> Link: https://lore.kernel.org/bpf/20211103204736.248403-2-john.fastabend@gmail.com |
||
Linus Torvalds
|
d2f38a3c65 |
- Fix-ups
- Standardise *_exit() and *_remove() return values; ili9320, vgg2432a4
- Bug Fixes
- Do not override maximum brightness; backlight
- Propagate errors from get_brightness(); backlight
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEdrbJNaO+IJqU8IdIUa+KL4f8d2EFAmGJTUMACgkQUa+KL4f8
d2FQ+w/+PMsuCZwyf1tcIfUTZJA5y5n8vnsLLzIkkjLlnaNbtD+y85gZzLWa0CgC
H3nyKrcV/rbaTC5mAM+meKcmDxfbCGYDL7bleIZ2aQd1YtmvGnmspGnNwl8vHTjA
DN8eagNssW+V1i/uPbKN76RRaOMleIwm/zjA4TZATMs6Q1MddDeJN4g5mIqbcd1i
k5aE2Jc9ZqPuE18w7I5gOuibGo8If1IroeTJ1V2/npJJhlWAA+nJzH2bGG7I1OQm
4AjrJ+n8twKhAbaFhi3IYcQhpbGACGo/HZ3SGS3sPjlqo2+/vdrsTqjCkiQREfZ1
5QmOHk1/X0bFTcO5u6rhldq3qbS3qg7DwRzTb8LmY3bcPVHj5JD8jJcbnHgzXkOz
UncS0Y5sMImn+BKDVVvsosMH45XnZtngyYEEbgpzMI3JXGf9LxilxCVTZ8rrfogF
TYbM+i1bzs3Tvl3mKaecSqvsKJgJUVNKFOSb0oGlXd9WaEb3WmTgFi6CfATeokif
buTdPGt2rD2WcanNFV8A32z3byuvS8C7EXRkprhbUVjkO//rOam7HgR8SBP6rkRo
IYs2CUAviawfiCypGPUCjBz6JwgcG9uQrdpFBrWEp26dkx+m/MP5OvkuwgjIPNrI
4Bu12kU1mTRrR9CenJP1Ka/1fKQbQaFsNxiKM3C7SYOnt90XMRs=
=PbxD
-----END PGP SIGNATURE-----
Merge tag 'backlight-next-5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/backlight
Pull backlight updates from Lee Jones:
"Fix-ups:
- Standardise *_exit() and *_remove() return values in ili9320 and
vgg2432a4
Bug Fixes:
- Do not override maximum brightness
- Propagate errors from get_brightness()"
* tag 'backlight-next-5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/backlight:
video: backlight: ili9320: Make ili9320_remove() return void
backlight: Propagate errors from get_brightness()
video: backlight: Drop maximum brightness override for brightness zero
|
||
|
Linus Torvalds
|
3a9b0a46e1 |
- Remove Drivers
- Remove support for TI TPS80031/TPS80032 PMICs
- New Device Support
- Add support for Magnetic Reader to TI AM335x
- Add support for DA9063_EA to Dialog DA9063
- Add support for SC2730 PMIC to Spreadtrum SC27xx
- Add support for MacBookPro16,2 ICL-N UART Intel LPSS PCI
- Add support for lots of new PMICS in QCom SPMI PMIC
- Add support for ADC to Diolan DLN2
- New Functionality
- Add support for Power Off to Rockchip RK817
- Fix-ups
- Simplify Regmap passing to child devices; hi6421-spmi-pmic
- SPDX licensing updates; ti_am335x_tscadc
- Improve error handling; ti_am335x_tscadc
- Expedite clock search; ti_am335x_tscadc
- Generic simplifications; ti_am335x_tscadc
- Use generic macros/defines; ti_am335x_tscadc
- Remove unused code; ti_am335x_tscadc, cros_ec_dev
- Convert to GPIOD; wcd934x
- Add namespacing; ti_am335x_tscadc
- Restrict compilation to relevant arches; intel_pmt
- Provide better description/documentation; exynos_lpass
- Add SPI device ID table; altera-a10sr, motorola-cpcap, sprd-sc27xx-spi
- Change IRQ handling; qcom-pm8xxx
- Split out I2C and SPI code; arizona
- Explicitly include used headers; altera-a10sr
- Convert sysfs show() function to; sysfs_emit
- Standardise *_exit() and *_remove() return values; mc13xxx, stmpe, tps65912
- Trivial (style/spelling/whitespace) fixups; ti_am335x_tscadc, qcom-spmi-pmic,
max77686-private
- Device Tree fix-ups; ti,am3359-tscadc, samsung,s2mps11, samsung,s2mpa01,
samsung,s5m8767, brcm,misc, brcm,cru, syscon, qcom,tcsr,
xylon,logicvc, max77686, x-powers,ac100, x-powers,axp152,
x-powers,axp209-gpio, syscon, qcom,spmi-pmic
- Bug Fixes
- Balance refcounting (get/put); ti_am335x_tscadc, mfd-core
- Fix IRQ trigger type; sec-irq, max77693, max14577
- Repair off-by-one; altera-sysmgr
- Add explicit 'select MFD_CORE' to MFD_SIMPLE_MFD_I2C
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEdrbJNaO+IJqU8IdIUa+KL4f8d2EFAmGJTIAACgkQUa+KL4f8
d2FYsRAAhcTUP7PH5gWko1mQnCzh6h3Q7iQ1MHEokZgIvqc/U2Zmxu57cF9f3jOt
goZdVsU7x6qiMD4SfmInyEp32Emo1pbUTVz6kB3o0G+YACPHOU17xyKuh0FnzQkm
yu/EbEDYNPbNWx9BTA9wgjSOTzCrKMBSd/p9zPzq9M69ihAf2uE9sn5Hbmso1Pdu
tSJ7XYqWVwYzZh8OVzQd6lEIDkA+o+/gR4nCgxqAvGiXQq6yVVOCpnNzj4GrAcep
hkuQVkg14+rmXRbLiZsmc1V+yT13bueKu2fD96gMFpXI8NkR1KZ6QRInI6FtJcl/
m2LGPUuICpd2IiKRa1XtXFZWcMbZ2JVjJSWArgfHj7YBs9+0KcRsbpfHHirpcf14
9LFy4TzjX2A1K0vvKhHSTAhh13HFcvWyd0GCrEhLRmapeiLDXohkUHGMVFVedXzE
tQLCEByjcL+/OCJiQ4Jwk1aaU2cAVEXtvYuciXcBOtHkfaQR/bOYwjRm4Z3AdZyU
zLYMkw/LWvzAaV3Rh1zP6W47WLFHbeMgTmApFOSxAbRsmun0loasVzXWrkvxZlYF
p39l4UcSOIK08PzxqF9ZEM/LtUglShbZbg2wf0VSHzomA+oIsxT7fN16vPHLYDYL
tsQ5fYVN0a3j4ltKFeQl7l2HV/ZzUI/Q6iGmMia5sFbwRN8tlZM=
=SJ7N
-----END PGP SIGNATURE-----
Merge tag 'mfd-next-5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd
Pull MFD updates from Lee Jones:
"Removed Drivers:
- Remove support for TI TPS80031/TPS80032 PMICs
New Device Support:
- Add support for Magnetic Reader to TI AM335x
- Add support for DA9063_EA to Dialog DA9063
- Add support for SC2730 PMIC to Spreadtrum SC27xx
- Add support for MacBookPro16,2 ICL-N UART Intel LPSS PCI
- Add support for lots of new PMICS in QCom SPMI PMIC
- Add support for ADC to Diolan DLN2
New Functionality:
- Add support for Power Off to Rockchip RK817
Fix-ups:
- Simplify Regmap passing to child devices in hi6421-spmi-pmic
- SPDX licensing updates in ti_am335x_tscadc
- Improve error handling in ti_am335x_tscadc
- Expedite clock search in ti_am335x_tscadc
- Generic simplifications in ti_am335x_tscadc
- Use generic macros/defines in ti_am335x_tscadc
- Remove unused code in ti_am335x_tscadc, cros_ec_dev
- Convert to GPIOD in wcd934x
- Add namespacing in ti_am335x_tscadc
- Restrict compilation to relevant arches in intel_pmt
- Provide better description/documentation in exynos_lpass
- Add SPI device ID table in altera-a10sr, motorola-cpcap,
sprd-sc27xx-spi
- Change IRQ handling in qcom-pm8xxx
- Split out I2C and SPI code in arizona
- Explicitly include used headers in altera-a10sr
- Convert sysfs show() function to in sysfs_emit
- Standardise *_exit() and *_remove() return values in mc13xxx,
stmpe, tps65912
- Trivial (style/spelling/whitespace) fixups in ti_am335x_tscadc,
qcom-spmi-pmic, max77686-private
- Device Tree fix-ups in ti,am3359-tscadc, samsung,s2mps11,
samsung,s2mpa01, samsung,s5m8767, brcm,misc, brcm,cru, syscon,
qcom,tcsr, xylon,logicvc, max77686, x-powers,ac100,
x-powers,axp152, x-powers,axp209-gpio, syscon, qcom,spmi-pmic
Bug Fixes:
- Balance refcounting (get/put) in ti_am335x_tscadc, mfd-core
- Fix IRQ trigger type in sec-irq, max77693, max14577
- Repair off-by-one in altera-sysmgr
- Add explicit 'select MFD_CORE' to MFD_SIMPLE_MFD_I2C"
* tag 'mfd-next-5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd: (95 commits)
mfd: simple-mfd-i2c: Select MFD_CORE to fix build error
mfd: tps80031: Remove driver
mfd: max77686: Correct tab-based alignment of register addresses
mfd: wcd934x: Replace legacy gpio interface for gpiod
dt-bindings: mfd: qcom: pm8xxx: Add pm8018 compatible
mfd: dln2: Add cell for initializing DLN2 ADC
mfd: qcom-spmi-pmic: Add missing PMICs supported by socinfo
mfd: qcom-spmi-pmic: Document ten more PMICs in the binding
mfd: qcom-spmi-pmic: Sort compatibles in the driver
mfd: qcom-spmi-pmic: Sort the compatibles in the binding
mfd: janz-cmoio: Replace snprintf in show functions with sysfs_emit
mfd: altera-a10sr: Include linux/module.h
mfd: tps65912: Make tps65912_device_exit() return void
mfd: stmpe: Make stmpe_remove() return void
mfd: mc13xxx: Make mc13xxx_common_exit() return void
dt-bindings: mfd: syscon: Add samsung,exynosautov9-sysreg compatible
mfd: altera-sysmgr: Fix a mistake caused by resource_size conversion
dt-bindings: gpio: Convert X-Powers AXP209 GPIO binding to a schema
dt-bindings: mfd: syscon: Add rk3368 QoS register compatible
mfd: arizona: Split of_match table into I2C and SPI versions
...
|
||
|
Linus Torvalds
|
d20f7a09e5 |
gpio updates for v5.16
- new driver: gpio-modepin (plus relevant change in zynqmp firmware)
- add interrupt support to gpio-virtio
- enable the 'gpio-line-names' property in the DT bindings for gpio-rockchip
- use the subsystem helpers where applicable in gpio-uniphier instead of
accessing IRQ structures directly
- code shrink in gpio-xilinx
- add interrupt to gpio-mlxbf2 (and include the removal of custom interrupt
code from the mellanox ethernet driver)
- support multiple interrupts per bank in gpio-tegra186 (and force one interrupt
per bank in older models)
- fix GPIO line IRQ offset calculation in gpio-realtek-otto
- drop unneeded MODULE_ALIAS expansions in multiple drivers
- code cleanup in gpio-aggregator
- minor improvements in gpio-max730x and gpio-mc33880
- Kconfig cleanups
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEFp3rbAvDxGAT0sefEacuoBRx13IFAmGJH+MACgkQEacuoBRx
13JjGg//YKoAby35hcclft5xJYDwnx2or001TJ+nFLOQ9d24gUI7+UMFVnZ2ifMP
9F/yO0934pkHNUqcTuIMbeALW6Cg2DglXJFCQSXT6Ng5ETjENOhLHRa4bRdoIEim
HC+YJg/DS6CpSkMAH09ljZfkTPz3B2DHt+Y4phIDg2PIrt+UUsN/RC685B4jSwds
pcAwdP1mqBV1da8uRjtfc7UcFSxR6/lvBBWQSo9RAEse5R6Rmm7XIOKBlQ+Exdts
jAmVqxz7BnfuYug9Y3y3fOiAQYoRvZBaSjkeMJALub3GEd3W30vAKoQhq7gC9ea3
XvCj7V6C59JVp9aQUXo1cL6VqcesSGMWoRi2vll8/7gluXV2gCoNPVb+9KwxG9Ed
+xwXBpCsOVQCXl8jgIHBWNfxOS31wafWlK8Ng42Cjov+uQfsccgufTvhQXBumKbM
oECSOgjg9k3/AMpym3buOgAzqSec5R1iiSWHNPT+P6cSFXa2Bl3A8X0RgF/TwXPC
Bn9BDfSiYfOcD6y6yx2GPMCrCXNJRWgfJ/2j3Jsb66XtGwtBDhmK7rcqcg9qIws9
mWWyISiJgO0gfk24hIIw7OxeKCidm3iVskryJAQUfTX+BBcR5nZfiuF3EeDXZv95
whkSoN7J5fmMYDDJ7wd0pFwbW5fe5C/i/2tjOlNBgdXsNgAv/r4=
=mKh0
-----END PGP SIGNATURE-----
Merge tag 'gpio-updates-for-v5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux
Pull gpio updates from Bartosz Golaszewski:
"We have a single new driver, new features in others and some cleanups
all over the place.
Nothing really stands out and it is all relatively small.
- new driver: gpio-modepin (plus relevant change in zynqmp firmware)
- add interrupt support to gpio-virtio
- enable the 'gpio-line-names' property in the DT bindings for
gpio-rockchip
- use the subsystem helpers where applicable in gpio-uniphier instead
of accessing IRQ structures directly
- code shrink in gpio-xilinx
- add interrupt to gpio-mlxbf2 (and include the removal of custom
interrupt code from the mellanox ethernet driver)
- support multiple interrupts per bank in gpio-tegra186 (and force
one interrupt per bank in older models)
- fix GPIO line IRQ offset calculation in gpio-realtek-otto
- drop unneeded MODULE_ALIAS expansions in multiple drivers
- code cleanup in gpio-aggregator
- minor improvements in gpio-max730x and gpio-mc33880
- Kconfig cleanups"
* tag 'gpio-updates-for-v5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
virtio_gpio: drop packed attribute
gpio: virtio: Add IRQ support
gpio: realtek-otto: fix GPIO line IRQ offset
gpio: clean up Kconfig file
net: mellanox: mlxbf_gige: Replace non-standard interrupt handling
gpio: mlxbf2: Introduce IRQ support
gpio: mc33880: Drop if with an always false condition
gpio: max730x: Make __max730x_remove() return void
gpio: aggregator: Wrap access to gpiochip_fwd.tmp[]
gpio: modepin: Add driver support for modepin GPIO controller
dt-bindings: gpio: zynqmp: Add binding documentation for modepin
firmware: zynqmp: Add MMIO read and write support for PS_MODE pin
gpio: tps65218: drop unneeded MODULE_ALIAS
gpio: max77620: drop unneeded MODULE_ALIAS
gpio: xilinx: simplify getting .driver_data
gpio: tegra186: Support multiple interrupts per bank
gpio: tegra186: Force one interrupt per bank
gpio: uniphier: Use helper functions to get private data from IRQ data
gpio: uniphier: Use helper function to get IRQ hardware number
dt-bindings: gpio: add gpio-line-names to rockchip,gpio-bank.yaml
|
||
|
Linus Torvalds
|
dd72945c43 |
cxl for v5.16
- Fix support for platforms that do not enumerate every ACPI0016 (CXL
Host Bridge) in the CHBS (ACPI Host Bridge Structure).
- Introduce a common pci_find_dvsec_capability() helper, clean up open
coded implementations in various drivers.
- Add 'cxl_test' for regression testing CXL subsystem ABIs. 'cxl_test'
is a module built from tools/testing/cxl/ that mocks up a CXL topology
to augment the nascent support for emulation of CXL devices in QEMU.
- Convert libnvdimm to use the uuid API.
- Complete the definition of CXL namespace labels in libnvdimm.
- Tunnel libnvdimm label operations from nd_ioctl() back to the CXL
mailbox driver. Enable 'ndctl {read,write}-labels' for CXL.
- Continue to sort and refactor functionality into distinct driver and
core-infrastructure buckets. For example, mailbox handling is now a
generic core capability consumed by the PCI and cxl_test drivers.
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQSbo+XnGs+rwLz9XGXfioYZHlFsZwUCYYRtyQAKCRDfioYZHlFs
Z7UsAP9DzUN6IWWnYk1R95YXYVxFriRtRsBjujAqTg49EMghawEAoHaA9lxO3Hho
l25TLYUOmB/zFTlUbe6YQptMJZ5YLwY=
=im9j
-----END PGP SIGNATURE-----
Merge tag 'cxl-for-5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl
Pull cxl updates from Dan Williams:
"More preparation and plumbing work in the CXL subsystem.
From an end user perspective the highlight here is lighting up the CXL
Persistent Memory related commands (label read / write) with the
generic ioctl() front-end in LIBNVDIMM.
Otherwise, the ability to instantiate new persistent and volatile
memory regions is still on track for v5.17.
Summary:
- Fix support for platforms that do not enumerate every ACPI0016 (CXL
Host Bridge) in the CHBS (ACPI Host Bridge Structure).
- Introduce a common pci_find_dvsec_capability() helper, clean up
open coded implementations in various drivers.
- Add 'cxl_test' for regression testing CXL subsystem ABIs.
'cxl_test' is a module built from tools/testing/cxl/ that mocks up
a CXL topology to augment the nascent support for emulation of CXL
devices in QEMU.
- Convert libnvdimm to use the uuid API.
- Complete the definition of CXL namespace labels in libnvdimm.
- Tunnel libnvdimm label operations from nd_ioctl() back to the CXL
mailbox driver. Enable 'ndctl {read,write}-labels' for CXL.
- Continue to sort and refactor functionality into distinct driver
and core-infrastructure buckets. For example, mailbox handling is
now a generic core capability consumed by the PCI and cxl_test
drivers"
* tag 'cxl-for-5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl: (34 commits)
ocxl: Use pci core's DVSEC functionality
cxl/pci: Use pci core's DVSEC functionality
PCI: Add pci_find_dvsec_capability to find designated VSEC
cxl/pci: Split cxl_pci_setup_regs()
cxl/pci: Add @base to cxl_register_map
cxl/pci: Make more use of cxl_register_map
cxl/pci: Remove pci request/release regions
cxl/pci: Fix NULL vs ERR_PTR confusion
cxl/pci: Remove dev_dbg for unknown register blocks
cxl/pci: Convert register block identifiers to an enum
cxl/acpi: Do not fail cxl_acpi_probe() based on a missing CHBS
cxl/pci: Disambiguate cxl_pci further from cxl_mem
Documentation/cxl: Add bus internal docs
cxl/core: Split decoder setup into alloc + add
tools/testing/cxl: Introduce a mock memory device + driver
cxl/mbox: Move command definitions to common location
cxl/bus: Populate the target list at decoder create
tools/testing/cxl: Introduce a mocked-up CXL port hierarchy
cxl/pmem: Add support for multiple nvdimm-bridge objects
cxl/pmem: Translate NVDIMM label commands to CXL label commands
...
|
||
|
Linus Torvalds
|
dab334c98b |
Merge branch 'i2c/for-mergewindow' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
Pull i2c updates from Wolfram Sang: - big refactoring of the PASEMI driver to support the Apple M1 - huge improvements to the XIIC in terms of locking and SMP safety - refactoring and clean ups for the i801 driver ... and the usual bunch of small driver updates * 'i2c/for-mergewindow' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: (43 commits) i2c: amd-mp2-plat: ACPI: Use ACPI_COMPANION() directly i2c: i801: Add support for Intel Ice Lake PCH-N i2c: virtio: update the maintainer to Conghui i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' i2c: qup: move to use request_irq by IRQF_NO_AUTOEN flag i2c: qup: fix a trivial typo i2c: tegra: Ensure that device is suspended before driver is removed i2c: i801: Fix incorrect and needless software PEC disabling i2c: mediatek: Dump i2c/dma register when a timeout occurs i2c: mediatek: Reset the handshake signal between i2c and dma i2c: mlxcpld: Allow flexible polling time setting for I2C transactions i2c: pasemi: Set enable bit for Apple variant i2c: pasemi: Add Apple platform driver i2c: pasemi: Refactor _probe to use devm_* i2c: pasemi: Allow to configure bus frequency i2c: pasemi: Move common reset code to own function i2c: pasemi: Split pci driver to its own file i2c: pasemi: Split off common probing code i2c: pasemi: Remove usage of pci_dev i2c: pasemi: Use dev_name instead of port number ... |
||
|
Linus Torvalds
|
206825f50f |
Core:
* Remove obsolete macros only used by the old nand_ecclayout struct
* Don't remove debugfs directory if device is in use
* MAINTAINERS:
- Add entry for Qualcomm NAND controller driver
- Update the devicetree documentation path of hyperbus
MTD devices:
* block2mtd:
- Add support for an optional custom MTD label
- Minor refactor to avoid hard coded constant
* mtdswap: Remove redundant assignment of pointer eb
CFI:
* Fixup CFI on ixp4xx
Raw NAND controller drivers:
* Arasan:
- Prevent an unsupported configuration
* Xway, Socrates: plat_nand, Pasemi, Orion, mpc5121, GPIO, Au1550nd, AMS-Delta:
- Keep the driver compatible with on-die ECC engines
* cs553x, lpc32xx_slc, ndfc, sharpsl, tmio, txx9ndfmc:
- Revert the commits: "Fix external use of SW Hamming ECC helper"
- And let callers use the bare Hamming helpers
* Fsmc: Fix use of SM ORDER
* Intel:
- Fix potential buffer overflow in probe
* xway, vf610, txx9ndfm, tegra, stm32, plat_nand, oxnas, omap, mtk, hisi504,
gpmi, gpio, denali, bcm6368, atmel:
- Make use of the helper function devm_platform_ioremap_resource{,byname}()
Onenand drivers:
* Samsung: Drop Exynos4 and describe driver in KConfig
Raw NAND chip drivers:
* Hynix: Add support for H27UCG8T2ETR-BC MLC NAND
SPI NOR core:
* Add spi-nor device tree binding under SPI NOR maintainers
SPI NOR manufacturer drivers:
* Enable locking for n25q128a13
SPI NOR controller drivers:
* Use devm_platform_ioremap_resource_byname()
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEE9HuaYnbmDhq/XIDIJWrqGEe9VoQFAmGIAdEACgkQJWrqGEe9
VoQHEAgAkFvFxIOyPSwAJfyeEklWmGSh+cm+X9EqWxZ5d6iwFE3FZH4X4XiqdyVY
+rzy37o6Tp3pQVYDqxmPM8GGoHy8wYPR5h/U1IozbBaNeCJma1HyK4Sjb/cuX1eQ
23EM1pWT8N9CbRG2S9mz5C9uHcP9mImtyvU4WhTLKOEc9XGbpuj+k1cacSuEEbeF
rZklOa7tvUiOFIDfr7Kf+DfxbpYabgB2dJgWPEtZmKmefWMiODHgvBJo0MT6MKr7
kOlIkgq5zYIFRNaxApWLI3JmH9+lsw6MHBe+cCqemV6q2OZlMV/5VGFElEywJt+4
L3VmlJQpMiCEMo2Cgc1jigHKryk4Xw==
=h6o3
-----END PGP SIGNATURE-----
Merge tag 'mtd/for-5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux
Pull mtd updates from Miquel Raynal:
"Core:
- Remove obsolete macros only used by the old nand_ecclayout struct
- Don't remove debugfs directory if device is in use
- MAINTAINERS:
- Add entry for Qualcomm NAND controller driver
- Update the devicetree documentation path of hyperbus
MTD devices:
- block2mtd:
- Add support for an optional custom MTD label
- Minor refactor to avoid hard coded constant
- mtdswap: Remove redundant assignment of pointer eb
CFI:
- Fixup CFI on ixp4xx
Raw NAND controller drivers:
- Arasan:
- Prevent an unsupported configuration
- Xway, Socrates: plat_nand, Pasemi, Orion, mpc5121, GPIO, Au1550nd,
AMS-Delta:
- Keep the driver compatible with on-die ECC engines
- cs553x, lpc32xx_slc, ndfc, sharpsl, tmio, txx9ndfmc:
- Revert the commits: "Fix external use of SW Hamming ECC helper"
- And let callers use the bare Hamming helpers
- Fsmc: Fix use of SM ORDER
- Intel:
- Fix potential buffer overflow in probe
- xway, vf610, txx9ndfm, tegra, stm32, plat_nand, oxnas, omap, mtk,
hisi504, gpmi, gpio, denali, bcm6368, atmel:
- Make use of the helper function devm_platform_ioremap_resource{,byname}()
Onenand drivers:
- Samsung: Drop Exynos4 and describe driver in KConfig
Raw NAND chip drivers:
- Hynix: Add support for H27UCG8T2ETR-BC MLC NAND
SPI NOR core:
- Add spi-nor device tree binding under SPI NOR maintainers
SPI NOR manufacturer drivers:
- Enable locking for n25q128a13
SPI NOR controller drivers:
- Use devm_platform_ioremap_resource_byname()"
* tag 'mtd/for-5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux: (50 commits)
mtd: core: don't remove debugfs directory if device is in use
MAINTAINERS: Update the devicetree documentation path of hyperbus
mtd: block2mtd: add support for an optional custom MTD label
mtd: block2mtd: minor refactor to avoid hard coded constant
mtd: fixup CFI on ixp4xx
mtd: rawnand: arasan: Prevent an unsupported configuration
MAINTAINERS: Add entry for Qualcomm NAND controller driver
mtd: rawnand: hynix: Add support for H27UCG8T2ETR-BC MLC NAND
mtd: rawnand: xway: Keep the driver compatible with on-die ECC engines
mtd: rawnand: socrates: Keep the driver compatible with on-die ECC engines
mtd: rawnand: plat_nand: Keep the driver compatible with on-die ECC engines
mtd: rawnand: pasemi: Keep the driver compatible with on-die ECC engines
mtd: rawnand: orion: Keep the driver compatible with on-die ECC engines
mtd: rawnand: mpc5121: Keep the driver compatible with on-die ECC engines
mtd: rawnand: gpio: Keep the driver compatible with on-die ECC engines
mtd: rawnand: au1550nd: Keep the driver compatible with on-die ECC engines
mtd: rawnand: ams-delta: Keep the driver compatible with on-die ECC engines
Revert "mtd: rawnand: cs553x: Fix external use of SW Hamming ECC helper"
Revert "mtd: rawnand: lpc32xx_slc: Fix external use of SW Hamming ECC helper"
Revert "mtd: rawnand: ndfc: Fix external use of SW Hamming ECC helper"
...
|
||
|
Linus Torvalds
|
05b8cd3db7 |
Add 'tools/perf/libbpf/' to ignored files
Commit
|
||
|
Linus Torvalds
|
e851dfae43 |
kgdb patches for 5.16
A single patch this cycle. We replace some open-coded routines to classify task states with the scheduler's own function to do this. Alongside the obvious benefits of removing funky code and aligning more exactly with the scheduler's task classification, this also fixes a long standing compiler warning by removing the open-coded routines that generated the warning. Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org> -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEELzVBU1D3lWq6cKzwfOMlXTn3iKEFAmGJA90ACgkQfOMlXTn3 iKFJcw/9FLy94FS+y/F8xpTU89d2j92f8q1mxS9g7ToDzDOiIPLyNazbX+4PsXVQ FGgLpTqzNZX3+D5eAnOA/BNwWXtsvdxpsNnkY5ZCsVY5kZ0zsBYHe1O5CM2TbcMg bOvJRQVI/FjydlrwqxIz9gAD7FmT/QvyecIbHZm/zFiCxdQwZy3rFwREd5ENsjoG wumCCCH8Gh/afi9Pu3ZKHoZggNy/gmtSP3h3wmyoQneVFIJ4Vw5J61GFCvMPD+pN wuAXWpuzWaND5IPTr4aZMKHNSaxqADQoEpNWxkgRh0cNL4NGBKsdLZMcqTTiyWww TJSDtQKqocQB99eouwzQoA8SBsZwRvKRf/33QUXrWCAjl5YRK+9fSd8+dEf9Zd0o A3sh99ecmHXknY6K2uO7NFjUPLSA/QeMGBzNx9lt7RoL+14tjqZkrAvWXooZzBY3 j39gwI1kSplmmCSoXwoW3AFVcCLJcGzE9qh0NUmZgt3kv8K1SUo3gxotKs8KwKj/ xVozOokmZV2ZuCTf8oIw7ntLwIFjiUaYBE7JY+c8mT8VWCbs5ztyOb11I35YYT0V InXMDICLxZBD85eNOHyPC0fAud5emfboHl5GSUxo2hPgrRKuBmqElGtxG9CC8DLR SItPjKfrYI1CJd4uoFX54nC3GmwLVSAq3xDwpYsN4A4lLbJJytc= =vIfI -----END PGP SIGNATURE----- Merge tag 'kgdb-5.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/danielt/linux Pull kgdb update from Daniel Thompson: "A single patch this cycle. We replace some open-coded routines to classify task states with the scheduler's own function to do this. Alongside the obvious benefits of removing funky code and aligning more exactly with the scheduler's task classification, this also fixes a long standing compiler warning by removing the open-coded routines that generated the warning" * tag 'kgdb-5.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/danielt/linux: kdb: Adopt scheduler's task classification |
||
|
Linus Torvalds
|
a2b03e48e9 |
OpenRISC updates for 5.16
This includes 2 minor cleanups, plus a bug fix for OpenRISC TLB flush code that allows the the SMP kernel to boot again. -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE2cRzVK74bBA6Je/xw7McLV5mJ+QFAmGIOh4ACgkQw7McLV5m J+Ts7hAApLDmupgPlJfc9hsIIxiCZcMnP5vyF2gNSkaDVkWkLkM24WuAfcCusEUE VIrI/K6AV8wQUfG9n3sAQ/v5bkKrLCkt3UYsOViidHJsrTeW7CO8v+Nzair3gbNa zKZEs6EyoGrd9l5nMv3D0z/PFWnTCMehRBHYYp6D/chgT+2cpQsVsq9SbN3gV5CR sdFrGOzWSemtWCqVibdsKa4j0IqLVNRAPv1MYC7jECOkRvMkbkXFWZK8Q8ijs0Mv th4nt9SJOSH+OAzBhXoH7bW9BUwfCEwnBYXhsidHVwf1S6+5/yFj24zQAz/1YZ21 ydTS6PHS66oFqa5QITNbfNuqeprrnb+8JavkYvJnWiPfg8yJ2gURZ/4pCHS8iMsB mQpLaQlTsEHODj7Vc4GSTlbzWDgtCSB6v0fOPJP01Bzf+z2wsqG6dLJVrWMl6nT9 0sNvfnU9egne8UhbTJ8fot9SISRjc/sFMXKnMMdcY+7KWdw+Kh4t7/hL5ZbKCZ8H Pg3NNTA37puqTn9qvd0ZA5Ey9L0bSjeQpGa2A+nutE3zfRL9MQFWWrpHPgfJyoZe VOZSK0dtSfYtTsCnno5S2px2XqPpXIf0P5LiXzvtc+x7JjZsP3G4jZxB8ql+ZaQF IeBI4Kvg4QPU2T/TUwt5VIMEL/I3yZ63/0L+d1xnIqaVZVK0RDQ= =c5nj -----END PGP SIGNATURE----- Merge tag 'for-linus' of git://github.com/openrisc/linux Pull OpenRISC updates from Stafford Horne: "This includes two minor cleanups, plus a bug fix for OpenRISC TLB flush code that allows the the SMP kernel to boot again" * tag 'for-linus' of git://github.com/openrisc/linux: openrisc: fix SMP tlb flush NULL pointer dereference openrisc: signal: remove unused DEBUG_SIG macro openrisc: time: don't mark comment as kernel-doc |
||
|
Linus Torvalds
|
bbdbeb0048 |
perf tools changes for v5.16:
perf annotate:
- Add riscv64 support.
- Add fusion logic for AMD microarchs.
perf record:
- Add an option to control the synthesizing behavior:
--synth <no|all|task|mmap|cgroup>
Fine-tune event synthesis: default=all
core:
- Allow controlling synthesizing PERF_RECORD_ metadata events during record.
- perf.data reader prep work for multithreaded processing.
- Fix missing exclude_{host,guest} setting in PMUs that don't support it and
that were causing the feature detection code to disable it for all events,
even the ones in PMUs that support it.
- Fix the default use of precise events on AMD, that were always falling back
to non-precise because perf_event_attr.exclude_guest=1 was set and IBS does
not have filtering capability, refusing precise + exclude_guest.
- Add bitfield_swap() to handle branch_stack endian issue.
perf script:
- Show binary offsets for userspace addresses in callchains.
- Support instruction latency via new "ins_lat" selectable field.
- Add dlfilter-show-cycles
perf inject:
- Add vmlinux and ignore-vmlinux arguments, similar to other tools.
perf list:
- Display PMU prefix for partially supported hybrid cache events.
- Display hybrid PMU events with cpu type.
perf stat:
- Improve metrics documentation of data structures.
- Fix memory leaks in the metric code.
- Use NAN for missing event IDs.
- Don't compute unused events.
- Fix memory leak on error path.
- Encode and use metric-id as a metric qualifier.
- Allow metrics with no events.
- Avoid events for an 'if' constant result.
- Only add a referenced metric once.
- Simplify metric_refs calculation.
- Allow modifiers on metrics.
perf test:
- Add workload test of metric and metric groups.
- Workload test of all PMUs.
- vmlinux-kallsyms: Ignore hidden symbols.
- Add pmu-event test for event described as "config=".
- Verify more event members in pmu-events test.
- Add endian test for struct branch_flags on the sample-parsing test.
- Improve temp file cleanup in several tests.
perf daemon:
- Address MSAN warnings on send_cmd().
perf kmem:
- Improve man page for record options
perf srcline:
- Use long-running addr2line per DSO, greatly speeding up the 'srcline' sort order.
perf symbols:
- Ignore $a/$d symbols for ARM modules.
- Fix /proc/kcore access on 32 bit systems.
Kernel UAPI copies:
- Update copy of linux/socket.h with the kernel sources, no change in tooling output.
libbpf:
- Pull in bpf_program__get_prog_info_linear() from libbpf, too much specific to perf.
- Deprecate bpf_map__resize() in favor of bpf_map_set_max_entries()
- Install libbpf headers locally when building.
- Bump minimum LLVM C++ std to GNU++14.
libperf:
- Use binary search in perf_cpu_map__idx() as array are sorted.
libtracefs:
- Enable libtracefs dynamic linking.
libtraceevent:
- Increase logging when verbose.
Arch specific:
PowerPC:
- Add support to expose instruction and data address registers as part of
extended regs.
Vendor events:
JSON parser:
- Support ConfigCode to set the config= in PMUs like:
$ cat /sys/bus/event_source/devices/hisi_sccl1_ddrc3/events/act_cmd
config=0x5
- Make the JSON parser more conformant when in strict mode.
All JSON files:
- Fix all remaining invalid JSON files.
ARM:
- Syntax corrections in Neoverse N1 json.
- Categorise the Neoverse V1 counters.
- Add new armv8 PMU events.
- Revise hip08 uncore events.
Hardware tracing:
auxtrace:
- Add missing Z option to ITRACE_HELP.
- Add itrace A option to approximate IPC.
- Add itrace d+o option to direct debug log to stdout.
Intel PT:
- Add support for PERF_RECORD_AUX_OUTPUT_HW_ID
- Support itrace A option to approximate IPC
- Support itrace d+o option to direct debug log to stdout.
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQR2GiIUctdOfX2qHhGyPKLppCJ+JwUCYYg7RwAKCRCyPKLppCJ+
J1KgAQCGC3802gsI38/xwli1SLBNHsZ9DEy2nX5Ikw/f64K+0QEA6DsU0hpRTR0D
i8ZFa2zNX748n+pU2WX6E7AjO01hrQo=
=sXHg
-----END PGP SIGNATURE-----
Merge tag 'perf-tools-for-v5.16-2021-11-07-without-bpftool-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux
Pull perf tools updates from Arnaldo Carvalho de Melo:
"perf annotate:
- Add riscv64 support.
- Add fusion logic for AMD microarchs.
perf record:
- Add an option to control the synthesizing behavior:
--synth <no|all|task|mmap|cgroup>
core:
- Allow controlling synthesizing PERF_RECORD_ metadata events during
record.
- perf.data reader prep work for multithreaded processing.
- Fix missing exclude_{host,guest} setting in PMUs that don't support
it and that were causing the feature detection code to disable it
for all events, even the ones in PMUs that support it.
- Fix the default use of precise events on AMD, that were always
falling back to non-precise because perf_event_attr.exclude_guest=1
was set and IBS does not have filtering capability, refusing
precise + exclude_guest.
- Add bitfield_swap() to handle branch_stack endian issue.
perf script:
- Show binary offsets for userspace addresses in callchains.
- Support instruction latency via new "ins_lat" selectable field.
- Add dlfilter-show-cycles
perf inject:
- Add vmlinux and ignore-vmlinux arguments, similar to other tools.
perf list:
- Display PMU prefix for partially supported hybrid cache events.
- Display hybrid PMU events with cpu type.
perf stat:
- Improve metrics documentation of data structures.
- Fix memory leaks in the metric code.
- Use NAN for missing event IDs.
- Don't compute unused events.
- Fix memory leak on error path.
- Encode and use metric-id as a metric qualifier.
- Allow metrics with no events.
- Avoid events for an 'if' constant result.
- Only add a referenced metric once.
- Simplify metric_refs calculation.
- Allow modifiers on metrics.
perf test:
- Add workload test of metric and metric groups.
- Workload test of all PMUs.
- vmlinux-kallsyms: Ignore hidden symbols.
- Add pmu-event test for event described as "config=".
- Verify more event members in pmu-events test.
- Add endian test for struct branch_flags on the sample-parsing test.
- Improve temp file cleanup in several tests.
perf daemon:
- Address MSAN warnings on send_cmd().
perf kmem:
- Improve man page for record options
perf srcline:
- Use long-running addr2line per DSO, greatly speeding up the
'srcline' sort order.
perf symbols:
- Ignore $a/$d symbols for ARM modules.
- Fix /proc/kcore access on 32 bit systems.
Kernel UAPI copies:
- Update copy of linux/socket.h with the kernel sources, no change in
tooling output.
libbpf:
- Pull in bpf_program__get_prog_info_linear() from libbpf, too much
specific to perf.
- Deprecate bpf_map__resize() in favor of bpf_map_set_max_entries()
- Install libbpf headers locally when building.
- Bump minimum LLVM C++ std to GNU++14.
libperf:
- Use binary search in perf_cpu_map__idx() as array are sorted.
libtracefs:
- Enable libtracefs dynamic linking.
libtraceevent:
- Increase logging when verbose.
Arch specific:
* PowerPC:
- Add support to expose instruction and data address registers as
part of extended regs.
Vendor events:
* JSON parser:
- Support ConfigCode to set the config= in PMUs
- Make the JSON parser more conformant when in strict mode.
* All JSON files:
- Fix all remaining invalid JSON files.
* ARM:
- Syntax corrections in Neoverse N1 json.
- Categorise the Neoverse V1 counters.
- Add new armv8 PMU events.
- Revise hip08 uncore events.
Hardware tracing:
* auxtrace:
- Add missing Z option to ITRACE_HELP.
- Add itrace A option to approximate IPC.
- Add itrace d+o option to direct debug log to stdout.
* Intel PT:
- Add support for PERF_RECORD_AUX_OUTPUT_HW_ID
- Support itrace A option to approximate IPC
- Support itrace d+o option to direct debug log to stdout"
* tag 'perf-tools-for-v5.16-2021-11-07-without-bpftool-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux: (120 commits)
perf build: Install libbpf headers locally when building
perf MANIFEST: Add bpftool files to allow building with BUILD_BPF_SKEL=1
perf metric: Fix memory leaks
perf parse-event: Add init and exit to parse_event_error
perf parse-events: Rename parse_events_error functions
perf stat: Fix memory leak on error path
perf tools: Use __BYTE_ORDER__
perf inject: Add vmlinux and ignore-vmlinux arguments
perf tools: Check vmlinux/kallsyms arguments in all tools
perf tools: Refactor out kernel symbol argument sanity checking
perf symbols: Ignore $a/$d symbols for ARM modules
perf evsel: Don't set exclude_guest by default
perf evsel: Fix missing exclude_{host,guest} setting
perf bpf: Add missing free to bpf_event__print_bpf_prog_info()
perf beauty: Update copy of linux/socket.h with the kernel sources
perf clang: Fixes for more recent LLVM/clang
tools: Bump minimum LLVM C++ std to GNU++14
perf bpf: Pull in bpf_program__get_prog_info_linear()
Revert "perf bench futex: Add support for 32-bit systems with 64-bit time_t"
perf test sample-parsing: Add endian test for struct branch_flags
...
|
||
|
Linus Torvalds
|
1e9ed9360f |
Kbuild updates for v5.16
- Remove the global -isystem compiler flag, which was made possible by
the introduction of <linux/stdarg.h>
- Improve the Kconfig help to print the location in the top menu level
- Fix "FORCE prerequisite is missing" build warning for sparc
- Add new build targets, tarzst-pkg and perf-tarzst-src-pkg, which generate
a zstd-compressed tarball
- Prevent gen_init_cpio tool from generating a corrupted cpio when
KBUILD_BUILD_TIMESTAMP is set to 2106-02-07 or later
- Misc cleanups
-----BEGIN PGP SIGNATURE-----
iQJJBAABCgAzFiEEbmPs18K1szRHjPqEPYsBB53g2wYFAmGGkysVHG1hc2FoaXJv
eUBrZXJuZWwub3JnAAoJED2LAQed4NsGgZkQAIX4i9Tt6pyl/2xGDGkzUqjprfoH
QUIo1DoUclLUygoakrrrX3EnZLWrslgPTKjQxdiV6RA6xHfe4cYgNTSq8zM9lsPT
lu+B4nEDqoXQ5gyLxMlnjS3FRQTNYIeBZEhSAIiW8TENdLKlKc+NYdoj7th50dO0
SkXRa2dpWHa6t7ZRqHIHMpUWA7gm0w22ZbgQmyUv1CDGO4IHPLqe2b2PMsrzhSZ1
yypP1l6aQVKuP0hN9aytbTRqDxUd0uOzBf00PK5zx23hjdwZ9wmZrFTKDf9fAu/+
nR7gBsa5YoYNQh3UkayZXjR5dClmgsCXZ25OXI7YucQp/8OJ5fadfn1NFpJHsw56
n5cckbHIXgnFUcel5YlkR6qTHjpzdr9vHm90MmiuX99b3oy9czl6pY3qkNfRkllQ
v7ME5L1qlw3P3ia1KA+H4zW/LIJ8p5cbKBwaY22m3kY3bTx7PiOfMlep4UVqxXSb
0/OqxSsmYg5LlmwEQ0SSsx45hE0o9nG/cdjkHu1jUOUHxYfpt1T4MTILeGUwmjzd
TydJym5MZyXBawu4NVB3QLoKm5Jt2BXtyaWOtq74VSrs77roNCdYuQWJ+1aBf2Pg
0s4CVC2cC7KlxJDImoqswZATGXPMfbiVDcuVSSukYRgBMeCBPUzRhB8YP36BZyD3
9vFYmqSujtUU7nWb
=ATFN
-----END PGP SIGNATURE-----
Merge tag 'kbuild-v5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
Pull Kbuild updates from Masahiro Yamada:
- Remove the global -isystem compiler flag, which was made possible by
the introduction of <linux/stdarg.h>
- Improve the Kconfig help to print the location in the top menu level
- Fix "FORCE prerequisite is missing" build warning for sparc
- Add new build targets, tarzst-pkg and perf-tarzst-src-pkg, which
generate a zstd-compressed tarball
- Prevent gen_init_cpio tool from generating a corrupted cpio when
KBUILD_BUILD_TIMESTAMP is set to 2106-02-07 or later
- Misc cleanups
* tag 'kbuild-v5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: (28 commits)
kbuild: use more subdir- for visiting subdirectories while cleaning
sh: remove meaningless archclean line
initramfs: Check timestamp to prevent broken cpio archive
kbuild: split DEBUG_CFLAGS out to scripts/Makefile.debug
gen_init_cpio: add static const qualifiers
kbuild: Add make tarzst-pkg build option
scripts: update the comments of kallsyms support
sparc: Add missing "FORCE" target when using if_changed
kconfig: refactor conf_touch_dep()
kconfig: refactor conf_write_dep()
kconfig: refactor conf_write_autoconf()
kconfig: add conf_get_autoheader_name()
kconfig: move sym_escape_string_value() to confdata.c
kconfig: refactor listnewconfig code
kconfig: refactor conf_write_symbol()
kconfig: refactor conf_write_heading()
kconfig: remove 'const' from the return type of sym_escape_string_value()
kconfig: rename a variable in the lexer to a clearer name
kconfig: narrow the scope of variables in the lexer
kconfig: Create links to main menu items in search
...
|
||
|
Linus Torvalds
|
67b7e1f241 |
modules patches for 5.16-rc1
As requested by Jessica I'm stepping in to help with modules maintenance. This is my first pull request to you. I've collected only two patches for modules for the 5.16-rc1 merge window. These patches are from Shuah Khan as she debugged some corner case error with modules. The error messages are improved for elf_validity_check(). While doing this work a corner case fix was spotted on validate_section_offset() due to a possible overflow bug on 64-bit. The impact of this fix is low given this just limits module section headers placed within the 32-bit boundary, and we obviously don't have insane module sizes. Even if a specially crafted module is constructed later checks would invalidate the module right away. I've let this sit through 0-day testing since October 15th with no issues found. Signed-off-by: Luis Chamberlain <mcgrof@kernel.org> -----BEGIN PGP SIGNATURE----- iQJGBAABCgAwFiEENnNq2KuOejlQLZofziMdCjCSiKcFAmGFrvcSHG1jZ3JvZkBr ZXJuZWwub3JnAAoJEM4jHQowkoinhFAP/1BBXuM/vevC1IdZaEU4M8pg07NOpkZt PYJc8CxWKTtEg5hrLJMqOexXGwvAg/nq28IFWvUKh3bGtEghPyrQu6+I4mXsjnjJ t9/AO+BOYU14DJGDAYEuReNsaAcyeRooHLriuUaNvhhaN9q+v+FRyBWNphmA6Tz7 VkCtmCNMFJZlhd9Cu4jOZpJe6CIe9gZ0czYfRshAl/3ZRSQjYaddtbYf1Cs8Vwah by4o2YyvctrRzeOj/Fy+kbqZw2St39nZ5fKYwijRn1ZwHRQo6NQqrlMeS8rI0LgG 1YwWgNWO1FjaPzyIFcAhk2bUF2TxEf5/eVpXn2qXHnmVZ55oBPP/O7Th0/5OK9gD utOMbO1nqBLBXUyX/1dO/UT36XcrqtUP0Y9VgjIvj9n8Y82RGYmBScH/TOU1f7A7 sH56sW9/3YvIOe8AShBHJ7IKqZXU0inIGasFYwKKm2pAOLtajaC9Sr5fqVbuyfNF J2+nXipVzjI0f9SGTqmE41jynFGln6nfd1pgOOiysg9ZqxieINB0J8l0OHe6fZz/ zU4TehXZHE9DApP8D+rVpP0ltwR2YWs2u0zRqHr/0GEWYH00JZu2ymDR13W7izSp KiiveBxhwBpewgV5cyua8TDyeKhn3mEJFNmijlaq4yq1P2oKeWTQRDRZjwUP8EZY s16oV+BW7Kp+ =Evek -----END PGP SIGNATURE----- Merge tag 'modules-5.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux Pull module updates from Luis Chamberlain: "As requested by Jessica I'm stepping in to help with modules maintenance. This is my first pull request to you. I've collected only two patches for modules for the 5.16-rc1 merge window. These patches are from Shuah Khan as she debugged some corner case error with modules. The error messages are improved for elf_validity_check(). While doing this work a corner case fix was spotted on validate_section_offset() due to a possible overflow bug on 64-bit. The impact of this fix is low given this just limits module section headers placed within the 32-bit boundary, and we obviously don't have insane module sizes. Even if a specially crafted module is constructed later checks would invalidate the module right away. I've let this sit through 0-day testing since October 15th with no issues found" * tag 'modules-5.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux: module: change to print useful messages from elf_validity_check() module: fix validate_section_offset() overflow bug on 64-bit |
||
|
Arnd Bergmann
|
f91140e455 |
soc: ti: fix wkup_m3_rproc_boot_thread return type
The wkup_m3_rproc_boot_thread() function uses a nonstandard prototype,
which broke after Eric's recent cleanup:
drivers/soc/ti/wkup_m3_ipc.c: In function 'wkup_m3_rproc_boot_thread':
drivers/soc/ti/wkup_m3_ipc.c:429:16: error: 'return' with a value, in function returning void [-Werror=return-type]
429 | return 0;
| ^
drivers/soc/ti/wkup_m3_ipc.c:416:13: note: declared here
416 | static void wkup_m3_rproc_boot_thread(struct wkup_m3_ipc *m3_ipc)
| ^~~~~~~~~~~~~~~~~~~~~~~~~
Change it to the normal prototype as it should have been from the
start.
Fixes:
|
||
|
Arnd Bergmann
|
501586ea59 |
xen/balloon: fix unused-variable warning
In configurations with CONFIG_XEN_BALLOON_MEMORY_HOTPLUG=n
and CONFIG_XEN_BALLOON_MEMORY_HOTPLUG=y, gcc warns about an
unused variable:
drivers/xen/balloon.c:83:12: error: 'xen_hotplug_unpopulated' defined but not used [-Werror=unused-variable]
Since this is always zero when CONFIG_XEN_BALLOON_MEMORY_HOTPLUG
is disabled, turn it into a preprocessor constant in that case.
Fixes:
|
||
Pavel Begunkov
|
bad119b9a0 |
io_uring: honour zeroes as io-wq worker limits
When we pass in zero as an io-wq worker number limit it shouldn't
actually change the limits but return the old value, follow that
behaviour with deferred limits setup as well.
Cc: stable@kernel.org # 5.15
Reported-by: Beld Zhang <beldzhang@gmail.com>
Fixes:
|
||
Ye Bin
|
a846a8e6c9 |
blk-mq: don't free tags if the tag_set is used by other device in queue initialztion
We got UAF report on v5.10 as follows:
[ 1446.674930] ==================================================================
[ 1446.675970] BUG: KASAN: use-after-free in blk_mq_get_driver_tag+0x9a4/0xa90
[ 1446.676902] Read of size 8 at addr ffff8880185afd10 by task kworker/1:2/12348
[ 1446.677851]
[ 1446.678073] CPU: 1 PID: 12348 Comm: kworker/1:2 Not tainted 5.10.0-10177-gc9c81b1e346a #2
[ 1446.679168] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[ 1446.680692] Workqueue: kthrotld blk_throtl_dispatch_work_fn
[ 1446.681448] Call Trace:
[ 1446.681800] dump_stack+0x9b/0xce
[ 1446.682916] print_address_description.constprop.6+0x3e/0x60
[ 1446.685999] kasan_report.cold.9+0x22/0x3a
[ 1446.687186] blk_mq_get_driver_tag+0x9a4/0xa90
[ 1446.687785] blk_mq_dispatch_rq_list+0x21a/0x1d40
[ 1446.692576] __blk_mq_do_dispatch_sched+0x394/0x830
[ 1446.695758] __blk_mq_sched_dispatch_requests+0x398/0x4f0
[ 1446.698279] blk_mq_sched_dispatch_requests+0xdf/0x140
[ 1446.698967] __blk_mq_run_hw_queue+0xc0/0x270
[ 1446.699561] __blk_mq_delay_run_hw_queue+0x4cc/0x550
[ 1446.701407] blk_mq_run_hw_queue+0x13b/0x2b0
[ 1446.702593] blk_mq_sched_insert_requests+0x1de/0x390
[ 1446.703309] blk_mq_flush_plug_list+0x4b4/0x760
[ 1446.705408] blk_flush_plug_list+0x2c5/0x480
[ 1446.708471] blk_finish_plug+0x55/0xa0
[ 1446.708980] blk_throtl_dispatch_work_fn+0x23b/0x2e0
[ 1446.711236] process_one_work+0x6d4/0xfe0
[ 1446.711778] worker_thread+0x91/0xc80
[ 1446.713400] kthread+0x32d/0x3f0
[ 1446.714362] ret_from_fork+0x1f/0x30
[ 1446.714846]
[ 1446.715062] Allocated by task 1:
[ 1446.715509] kasan_save_stack+0x19/0x40
[ 1446.716026] __kasan_kmalloc.constprop.1+0xc1/0xd0
[ 1446.716673] blk_mq_init_tags+0x6d/0x330
[ 1446.717207] blk_mq_alloc_rq_map+0x50/0x1c0
[ 1446.717769] __blk_mq_alloc_map_and_request+0xe5/0x320
[ 1446.718459] blk_mq_alloc_tag_set+0x679/0xdc0
[ 1446.719050] scsi_add_host_with_dma.cold.3+0xa0/0x5db
[ 1446.719736] virtscsi_probe+0x7bf/0xbd0
[ 1446.720265] virtio_dev_probe+0x402/0x6c0
[ 1446.720808] really_probe+0x276/0xde0
[ 1446.721320] driver_probe_device+0x267/0x3d0
[ 1446.721892] device_driver_attach+0xfe/0x140
[ 1446.722491] __driver_attach+0x13a/0x2c0
[ 1446.723037] bus_for_each_dev+0x146/0x1c0
[ 1446.723603] bus_add_driver+0x3fc/0x680
[ 1446.724145] driver_register+0x1c0/0x400
[ 1446.724693] init+0xa2/0xe8
[ 1446.725091] do_one_initcall+0x9e/0x310
[ 1446.725626] kernel_init_freeable+0xc56/0xcb9
[ 1446.726231] kernel_init+0x11/0x198
[ 1446.726714] ret_from_fork+0x1f/0x30
[ 1446.727212]
[ 1446.727433] Freed by task 26992:
[ 1446.727882] kasan_save_stack+0x19/0x40
[ 1446.728420] kasan_set_track+0x1c/0x30
[ 1446.728943] kasan_set_free_info+0x1b/0x30
[ 1446.729517] __kasan_slab_free+0x111/0x160
[ 1446.730084] kfree+0xb8/0x520
[ 1446.730507] blk_mq_free_map_and_requests+0x10b/0x1b0
[ 1446.731206] blk_mq_realloc_hw_ctxs+0x8cb/0x15b0
[ 1446.731844] blk_mq_init_allocated_queue+0x374/0x1380
[ 1446.732540] blk_mq_init_queue_data+0x7f/0xd0
[ 1446.733155] scsi_mq_alloc_queue+0x45/0x170
[ 1446.733730] scsi_alloc_sdev+0x73c/0xb20
[ 1446.734281] scsi_probe_and_add_lun+0x9a6/0x2d90
[ 1446.734916] __scsi_scan_target+0x208/0xc50
[ 1446.735500] scsi_scan_channel.part.3+0x113/0x170
[ 1446.736149] scsi_scan_host_selected+0x25a/0x360
[ 1446.736783] store_scan+0x290/0x2d0
[ 1446.737275] dev_attr_store+0x55/0x80
[ 1446.737782] sysfs_kf_write+0x132/0x190
[ 1446.738313] kernfs_fop_write_iter+0x319/0x4b0
[ 1446.738921] new_sync_write+0x40e/0x5c0
[ 1446.739429] vfs_write+0x519/0x720
[ 1446.739877] ksys_write+0xf8/0x1f0
[ 1446.740332] do_syscall_64+0x2d/0x40
[ 1446.740802] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1446.741462]
[ 1446.741670] The buggy address belongs to the object at ffff8880185afd00
[ 1446.741670] which belongs to the cache kmalloc-256 of size 256
[ 1446.743276] The buggy address is located 16 bytes inside of
[ 1446.743276] 256-byte region [ffff8880185afd00, ffff8880185afe00)
[ 1446.744765] The buggy address belongs to the page:
[ 1446.745416] page:ffffea0000616b00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x185ac
[ 1446.746694] head:ffffea0000616b00 order:2 compound_mapcount:0 compound_pincount:0
[ 1446.747719] flags: 0x1fffff80010200(slab|head)
[ 1446.748337] raw: 001fffff80010200 ffffea00006a3208 ffffea000061bf08 ffff88801004f240
[ 1446.749404] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 1446.750455] page dumped because: kasan: bad access detected
[ 1446.751227]
[ 1446.751445] Memory state around the buggy address:
[ 1446.752102] ffff8880185afc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1446.753090] ffff8880185afc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1446.754079] >ffff8880185afd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1446.755065] ^
[ 1446.755589] ffff8880185afd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1446.756574] ffff8880185afe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1446.757566] ==================================================================
Flag 'BLK_MQ_F_TAG_QUEUE_SHARED' will be set if the second device on the
same host initializes it's queue successfully. However, if the second
device failed to allocate memory in blk_mq_alloc_and_init_hctx() from
blk_mq_realloc_hw_ctxs() from blk_mq_init_allocated_queue(),
__blk_mq_free_map_and_rqs() will be called on error path, and if
'BLK_MQ_TAG_HCTX_SHARED' is not set, 'tag_set->tags' will be freed
while it's still used by the first device.
To fix this issue we move release newly allocated hardware context from
blk_mq_realloc_hw_ctxs to __blk_mq_update_nr_hw_queues. As there is needn't to
release hardware context in blk_mq_init_allocated_queue.
Fixes:
|
||
Coly Li
|
2878feaed5 |
bcache: Revert "bcache: use bvec_virt"
This reverts commit |
||
|
Arnd Bergmann
|
c7c386fbc2 |
arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions
gcc warns about undefined behavior the vmalloc code when building
with CONFIG_ARM64_PA_BITS_52, when the 'idx++' in the argument to
__phys_to_pte_val() is evaluated twice:
mm/vmalloc.c: In function 'vmap_pfn_apply':
mm/vmalloc.c:2800:58: error: operation on 'data->idx' may be undefined [-Werror=sequence-point]
2800 | *pte = pte_mkspecial(pfn_pte(data->pfns[data->idx++], data->prot));
| ~~~~~~~~~^~
arch/arm64/include/asm/pgtable-types.h:25:37: note: in definition of macro '__pte'
25 | #define __pte(x) ((pte_t) { (x) } )
| ^
arch/arm64/include/asm/pgtable.h:80:15: note: in expansion of macro '__phys_to_pte_val'
80 | __pte(__phys_to_pte_val((phys_addr_t)(pfn) << PAGE_SHIFT) | pgprot_val(prot))
| ^~~~~~~~~~~~~~~~~
mm/vmalloc.c:2800:30: note: in expansion of macro 'pfn_pte'
2800 | *pte = pte_mkspecial(pfn_pte(data->pfns[data->idx++], data->prot));
| ^~~~~~~
I have no idea why this never showed up earlier, but the safest
workaround appears to be changing those macros into inline functions
so the arguments get evaluated only once.
Cc: Matthew Wilcox <willy@infradead.org>
Fixes:
|
||
Qian Cai
|
c6975d7cab |
arm64: Track no early_pgtable_alloc() for kmemleak
After switched page size from 64KB to 4KB on several arm64 servers here,
kmemleak starts to run out of early memory pool due to a huge number of
those early_pgtable_alloc() calls:
kmemleak_alloc_phys()
memblock_alloc_range_nid()
memblock_phys_alloc_range()
early_pgtable_alloc()
init_pmd()
alloc_init_pud()
__create_pgd_mapping()
__map_memblock()
paging_init()
setup_arch()
start_kernel()
Increased the default value of DEBUG_KMEMLEAK_MEM_POOL_SIZE by 4 times
won't be enough for a server with 200GB+ memory. There isn't much
interesting to check memory leaks for those early page tables and those
early memory mappings should not reference to other memory. Hence, no
kmemleak false positives, and we can safely skip tracking those early
allocations from kmemleak like we did in the commit
|
||
Peter Collingbourne
|
aedad3e1c6 |
arm64: mte: change PR_MTE_TCF_NONE back into an unsigned long
This constant was previously an unsigned long, but was changed
into an int in commit
|
||
Masahiro Yamada
|
34688c7691 |
arm64: vdso: remove -nostdlib compiler flag
The -nostdlib option requests the compiler to not use the standard
system startup files or libraries when linking. It is effective only
when $(CC) is used as a linker driver.
Since commit
|
||
Reiji Watanabe
|
9dc232a8ab |
arm64: arm64_ftr_reg->name may not be a human-readable string
The id argument of ARM64_FTR_REG_OVERRIDE() is used for two purposes:
one as the system register encoding (used for the sys_id field of
__ftr_reg_entry), and the other as the register name (stringified
and used for the name field of arm64_ftr_reg), which is debug
information. The id argument is supposed to be a macro that
indicates an encoding of the register (eg. SYS_ID_AA64PFR0_EL1, etc).
ARM64_FTR_REG(), which also has the same id argument,
uses ARM64_FTR_REG_OVERRIDE() and passes the id to the macro.
Since the id argument is completely macro-expanded before it is
substituted into a macro body of ARM64_FTR_REG_OVERRIDE(),
the stringified id in the body of ARM64_FTR_REG_OVERRIDE is not
a human-readable register name, but a string of numeric bitwise
operations.
Fix this so that human-readable register names are available as
debug information.
Fixes:
|
||
Christophe JAILLET
|
c45231a766 |
litex_liteeth: Fix a double free in the remove function
'netdev' is a managed resource allocated in the probe using
'devm_alloc_etherdev()'.
It must not be freed explicitly in the remove function.
Fixes:
|
||
Chengfeng Ye
|
9fec40f850 |
nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
skb is already freed by dev_kfree_skb in pn533_fill_fragment_skbs, but follow error handler branch when pn533_fill_fragment_skbs() fails, skb is freed again, results in double free issue. Fix this by not free skb in error path of pn533_fill_fragment_skbs. Fixes: |
||
Anders Roxell
|
62b12ab5df |
selftests: net: tls: remove unused variable and code
When building selftests/net with clang, the compiler warn about the
function abs() see below:
tls.c:657:15: warning: variable 'len_compared' set but not used [-Wunused-but-set-variable]
unsigned int len_compared = 0;
^
Rework to remove the unused variable and the for-loop where the variable
'len_compared' was assinged.
Fixes:
|
||
Volodymyr Mytnyk
|
e1464db5c5 |
net: marvell: prestera: fix hw structure laid out
The prestera FW v4.0 support commit has been merged
accidentally w/o review comments addressed and waiting
for the final patch set to be uploaded. So, fix the remaining
comments related to structure laid out and build issues.
Reported-by: kernel test robot <lkp@intel.com>
Fixes:
|
||
Alexey Khoroshilov
|
e7ea51cd87 |
sctp: remove unreachable code from sctp_sf_violation_chunk()
sctp_sf_violation_chunk() is not called with asoc argument equal to NULL, but if that happens it would lead to NULL pointer dereference in sctp_vtag_verify(). The patch removes code that handles NULL asoc in sctp_sf_violation_chunk(). Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru> Proposed-by: Xin Long <lucien.xin@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
Eric Dumazet
|
8ac9dfd58b |
llc: fix out-of-bound array index in llc_sk_dev_hash()
Both ifindex and LLC_SK_DEV_HASH_ENTRIES are signed.
This means that (ifindex % LLC_SK_DEV_HASH_ENTRIES) is negative
if @ifindex is negative.
We could simply make LLC_SK_DEV_HASH_ENTRIES unsigned.
In this patch I chose to use hash_32() to get more entropy
from @ifindex, like llc_sk_laddr_hashfn().
UBSAN: array-index-out-of-bounds in ./include/net/llc.h:75:26
index -43 is out of range for type 'hlist_head [64]'
CPU: 1 PID: 20999 Comm: syz-executor.3 Not tainted 5.15.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
ubsan_epilogue+0xb/0x5a lib/ubsan.c:151
__ubsan_handle_out_of_bounds.cold+0x62/0x6c lib/ubsan.c:291
llc_sk_dev_hash include/net/llc.h:75 [inline]
llc_sap_add_socket+0x49c/0x520 net/llc/llc_conn.c:697
llc_ui_bind+0x680/0xd70 net/llc/af_llc.c:404
__sys_bind+0x1e9/0x250 net/socket.c:1693
__do_sys_bind net/socket.c:1704 [inline]
__se_sys_bind net/socket.c:1702 [inline]
__x64_sys_bind+0x6f/0xb0 net/socket.c:1702
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fa503407ae9
Fixes:
|