Geert Uytterhoeven [Thu, 2 Jan 2020 13:38:17 +0000 (14:38 +0100)]
spi: Add generic support for unused native cs with cs-gpios
Some SPI master controllers always drive a native chip select when
performing a transfer. Hence when using both native and GPIO chip
selects, at least one native chip select must be left unused, to be
driven when performing transfers with slave devices using GPIO chip
selects.
Currently, to find an unused native chip select, SPI controller drivers
need to parse and process cs-gpios theirselves. This is not only
duplicated in each driver that needs it, but also duplicates part of the
work done later at SPI controller registration time. Note that this
cannot be done after spi_register_controller() returns, as at that time,
slave devices may have been probed already.
Hence add generic support to the SPI subsystem for finding an unused
native chip select. Optionally, this unused native chip select, and all
other in-use native chip selects, can be validated against the maximum
number of native chip selects available on the controller hardware.
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/20200102133822.29346-2-geert+renesas@glider.be
Signed-off-by: Mark Brown <broonie@kernel.org>
Rayagonda Kokatanur [Tue, 7 Jan 2020 04:09:12 +0000 (09:39 +0530)]
spi: bcm-qspi: Use platform_get_irq_byname_optional() to avoid error message
Use platform_get_irq_byname_optional() instead of platform_get_irq_byname()
to avoid below error message during probe:
[3.265115] bcm_iproc
68c70200.spi: IRQ spi_lr_fullness_reached not found
[3.272121] bcm_iproc
68c70200.spi: IRQ spi_lr_session_aborted not found
[3.284965] bcm_iproc
68c70200.spi: IRQ spi_lr_impatient not found
[3.291344] bcm_iproc
68c70200.spi: IRQ spi_lr_session_done not found
[3.297992] bcm_iproc
68c70200.spi: IRQ mspi_done not found
[3.303742] bcm_iproc
68c70200.spi: IRQ mspi_halted not found
Signed-off-by: Rayagonda Kokatanur <rayagonda.kokatanur@broadcom.com>
Link: https://lore.kernel.org/r/20200107040912.16426-1-rayagonda.kokatanur@broadcom.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Vladimir Oltean [Fri, 27 Dec 2019 01:24:44 +0000 (03:24 +0200)]
spi: Catch improper use of PTP system timestamping API
We can catch whether the SPI controller has declared it can take care of
software timestamping transfers, but didn't. So do it.
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Link: https://lore.kernel.org/r/20191227012444.1204-1-olteanv@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Linus Walleij [Thu, 5 Dec 2019 09:24:11 +0000 (10:24 +0100)]
spi: oc-tiny: Use GPIO descriptors
Switch the OC Tiny driver over to handling CS GPIOs using
GPIO descriptors in the core.
This driver is entirely relying on GPIOs to be used for
chipselect, so let the core pick these out using either
device tree or machine descriptors.
There are no in-tree users of this driver so no board files
need to be patched, out-of-tree boardfiles can use machine
descriptor tables, c.f. commit
1dfbf334f123.
Cc: Thomas Chou <thomas@wytron.com.tw>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20191205092411.64341-1-linus.walleij@linaro.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Kunihiko Hayashi [Tue, 24 Dec 2019 00:58:27 +0000 (09:58 +0900)]
spi: uniphier: Add DMA transfer mode support
This adds DMA transfer mode support for UniPhier SPI controller.
Since this controller requires simulteaneous transmission and reception,
this indicates SPI_CONTROLLER_MUST_RX and SPI_CONTROLLER_MUST_TX.
Because the supported dma controller has alignment restiction,
there is also a restriction that 'maxburst' parameters in dma_slave_config
corresponds to one word width.
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
Link: https://lore.kernel.org/r/1577149107-30670-6-git-send-email-hayashi.kunihiko@socionext.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Mark Brown [Wed, 25 Dec 2019 18:18:54 +0000 (18:18 +0000)]
Merge branch 'for-5.5' of https://git./linux/kernel/git/broonie/spi into spi-5.6
zhengbin [Tue, 24 Dec 2019 03:52:06 +0000 (11:52 +0800)]
spi: tegra114: use true,false for bool variable
Fixes coccicheck warning:
drivers/spi/spi-tegra114.c:272:2-17: WARNING: Assignment of 0/1 to bool variable
drivers/spi/spi-tegra114.c:275:2-17: WARNING: Assignment of 0/1 to bool variable
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: zhengbin <zhengbin13@huawei.com>
Link: https://lore.kernel.org/r/1577159526-33689-4-git-send-email-zhengbin13@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
zhengbin [Tue, 24 Dec 2019 03:52:05 +0000 (11:52 +0800)]
spi: imx: use true,false for bool variable
Fixes coccicheck warning:
drivers/spi/spi-imx.c:1233:2-17: WARNING: Assignment of 0/1 to bool variable
drivers/spi/spi-imx.c:1235:2-17: WARNING: Assignment of 0/1 to bool variable
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: zhengbin <zhengbin13@huawei.com>
Link: https://lore.kernel.org/r/1577159526-33689-3-git-send-email-zhengbin13@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
zhengbin [Tue, 24 Dec 2019 03:52:04 +0000 (11:52 +0800)]
spi: fsl-lpspi: use true,false for bool variable
Fixes coccicheck warning:
drivers/spi/spi-fsl-lpspi.c:472:2-19: WARNING: Assignment of 0/1 to bool variable
drivers/spi/spi-fsl-lpspi.c:474:2-19: WARNING: Assignment of 0/1 to bool variable
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: zhengbin <zhengbin13@huawei.com>
Link: https://lore.kernel.org/r/1577159526-33689-2-git-send-email-zhengbin13@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Kunihiko Hayashi [Tue, 24 Dec 2019 00:58:25 +0000 (09:58 +0900)]
spi: uniphier: Add handle_err callback function
This adds master->handle_err() callback function to stop transfer due to
error. The function also resets FIFOs and disables interrupt.
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
Link: https://lore.kernel.org/r/1577149107-30670-4-git-send-email-hayashi.kunihiko@socionext.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Kunihiko Hayashi [Tue, 24 Dec 2019 00:58:24 +0000 (09:58 +0900)]
spi: uniphier: Change argument of irq functions to private structure
This changes each argument of functions uniphier_irq_{enable,disable}()
to uniphier_spi_priv because these functions are used not only for
spi_device but also for the entire controller.
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
Link: https://lore.kernel.org/r/1577149107-30670-3-git-send-email-hayashi.kunihiko@socionext.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Kunihiko Hayashi [Tue, 24 Dec 2019 00:58:23 +0000 (09:58 +0900)]
spi: uniphier: Fix FIFO threshold
Rx threshold means the value to inform the receiver when the number of words
in Rx FIFO is equal to or more than the value. Similarly, Tx threshold means
the value to inform the sender when the number of words in Tx FIFO is equal
to or less than the value. The controller triggers the driver to start
the transfer.
In case of Rx, the driver wants to detect that the specified number of words
N are in Rx FIFO, so the value of Rx threshold should be N. In case of Tx,
the driver wants to detect that the same number of spaces as Rx are in
Tx FIFO, so the value of Tx threshold should be (FIFO size - N).
For example, in order for the driver to receive at least 3 words from
Rx FIFO, set 3 to Rx threshold.
+-+-+-+-+-+-+-+-+
| | | | | |*|*|*|
+-+-+-+-+-+-+-+-+
In order for the driver to send at least 3 words to Tx FIFO, because
it needs at least 3 spaces, set 8(FIFO size) - 3 = 5 to Tx threshold.
+-+-+-+-+-+-+-+-+
|*|*|*|*|*| | | |
+-+-+-+-+-+-+-+-+
This adds new function uniphier_spi_set_fifo_threshold() to set
threshold value to the register.
And more, FIFO counts by 'words', so this renames 'fill_bytes' with
'fill_words', and fixes the calculation using bytes_per_words.
Fixes: 37ffab817098 ("spi: uniphier: introduce polling mode")
Cc: Keiji Hayashibara <hayashibara.keiji@socionext.com>
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
Link: https://lore.kernel.org/r/1577149107-30670-2-git-send-email-hayashi.kunihiko@socionext.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Benjamin Gaignard [Tue, 17 Dec 2019 09:07:15 +0000 (10:07 +0100)]
dt-bindings: spi: Convert stm32 spi bindings to json-schema
Convert the STM32 spi binding to DT schema format using json-schema
Signed-off-by: Benjamin Gaignard <benjamin.gaignard@st.com>
CC: Erwan Leray <erwan.leray@st.com>
CC: Fabrice Gasnier <fabrice.gasnier@st.com>
CC: Amelie Delaunay <amelie.delaunay@st.com>
Reviewed-by: Rob Herring <robh@kernel.org>
Link: https://lore.kernel.org/r/20191217090715.13334-1-benjamin.gaignard@st.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Jim Quinlan [Mon, 16 Dec 2019 23:08:02 +0000 (18:08 -0500)]
spi: bcm2835: no dev_err() on clk_get() -EPROBE_DEFER
Use dev_dbg() on -EPROBE_DEFER and dev_err() on all
other errors.
Signed-off-by: Jim Quinlan <jquinlan@broadcom.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Reviewed-by: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
Link: https://lore.kernel.org/r/20191216230802.45715-2-jquinlan@broadcom.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Jean Pihet [Wed, 11 Dec 2019 19:39:52 +0000 (20:39 +0100)]
spi: spi-ti-qspi: Remove unused macro for fclk frequency
The fclk and its rate are retrieved from DT.
Signed-off-by: Jean Pihet <jean.pihet@newoldbits.com>
Cc: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Cc: Conrad Ratschan <conrad.ratschan@rockwellcollins.com>
Cc: Arnout Vandecappelle <arnout.vandecappelle@essensium.com>
Link: https://lore.kernel.org/r/20191211193954.747745-2-jean.pihet@newoldbits.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Linus Walleij [Thu, 5 Dec 2019 08:39:15 +0000 (09:39 +0100)]
spi: meson-spicc: Use GPIO descriptors
Instead of grabbing GPIOs using the legacy interface and
handling them in the setup callback, just let the core
grab and use the GPIOs using descriptors.
Cc: Neil Armstrong <narmstrong@baylibre.com>
Cc: Sunny Luo <sunny.luo@amlogic.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Acked-by: Neil Armstrong <narmstrong@baylibre.com>
Link: https://lore.kernel.org/r/20191205083915.27650-1-linus.walleij@linaro.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Peter Ujfalusi [Thu, 12 Dec 2019 13:55:50 +0000 (15:55 +0200)]
spi: stm32: Use dma_request_chan() instead dma_request_slave_channel()
dma_request_slave_channel() is a wrapper on top of dma_request_chan()
eating up the error code.
By using dma_request_chan() directly the driver can support deferred
probing against DMA.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Link: https://lore.kernel.org/r/20191212135550.4634-10-peter.ujfalusi@ti.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Peter Ujfalusi [Thu, 12 Dec 2019 13:55:49 +0000 (15:55 +0200)]
spi: stm32-qspi: Use dma_request_chan() instead dma_request_slave_channel()
dma_request_slave_channel() is a wrapper on top of dma_request_chan()
eating up the error code.
By using dma_request_chan() directly the driver can support deferred
probing against DMA.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Link: https://lore.kernel.org/r/20191212135550.4634-9-peter.ujfalusi@ti.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Peter Ujfalusi [Thu, 12 Dec 2019 13:55:48 +0000 (15:55 +0200)]
spi: spi-fsl-dspi: Use dma_request_chan() instead dma_request_slave_channel()
dma_request_slave_channel() is a wrapper on top of dma_request_chan()
eating up the error code.
By using dma_request_chan() directly the driver can support deferred
probing against DMA.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Link: https://lore.kernel.org/r/20191212135550.4634-8-peter.ujfalusi@ti.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Peter Ujfalusi [Thu, 12 Dec 2019 13:55:47 +0000 (15:55 +0200)]
spi: sirf: Use dma_request_chan() instead dma_request_slave_channel()
dma_request_slave_channel() is a wrapper on top of dma_request_chan()
eating up the error code.
By using dma_request_chan() directly the driver can support deferred
probing against DMA.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Link: https://lore.kernel.org/r/20191212135550.4634-7-peter.ujfalusi@ti.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Peter Ujfalusi [Thu, 12 Dec 2019 13:55:46 +0000 (15:55 +0200)]
spi: mxs: Use dma_request_chan() instead dma_request_slave_channel()
dma_request_slave_channel() is a wrapper on top of dma_request_chan()
eating up the error code.
By using dma_request_chan() directly the driver can support deferred
probing against DMA.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Link: https://lore.kernel.org/r/20191212135550.4634-6-peter.ujfalusi@ti.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Peter Ujfalusi [Thu, 12 Dec 2019 13:55:45 +0000 (15:55 +0200)]
spi: img-spfi: Use dma_request_chan() instead dma_request_slave_channel()
dma_request_slave_channel() is a wrapper on top of dma_request_chan()
eating up the error code.
By using dma_request_chan() directly the driver can support deferred
probing against DMA.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Link: https://lore.kernel.org/r/20191212135550.4634-5-peter.ujfalusi@ti.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Peter Ujfalusi [Thu, 12 Dec 2019 13:55:44 +0000 (15:55 +0200)]
spi: bcm2835: Use dma_request_chan() instead dma_request_slave_channel()
dma_request_slave_channel() is a wrapper on top of dma_request_chan()
eating up the error code.
By using dma_request_chan() directly the driver can support deferred
probing against DMA.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Link: https://lore.kernel.org/r/20191212135550.4634-4-peter.ujfalusi@ti.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Peter Ujfalusi [Thu, 12 Dec 2019 13:55:43 +0000 (15:55 +0200)]
spi: bcm2835: Release the DMA channel if probe fails after dma_init
The DMA channel was not released if either devm_request_irq() or
devm_spi_register_controller() failed.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Reviewed-by: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
Link: https://lore.kernel.org/r/20191212135550.4634-3-peter.ujfalusi@ti.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Peter Ujfalusi [Thu, 12 Dec 2019 13:55:42 +0000 (15:55 +0200)]
spi: atmel: Use dma_request_chan() instead dma_request_slave_channel()
dma_request_slave_channel() is a wrapper on top of dma_request_chan()
eating up the error code.
By using dma_request_chan() directly the driver can support deferred
probing against DMA.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Link: https://lore.kernel.org/r/20191212135550.4634-2-peter.ujfalusi@ti.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Christophe Leroy [Thu, 12 Dec 2019 17:47:24 +0000 (17:47 +0000)]
spi: fsl: use platform_get_irq() instead of of_irq_to_resource()
Unlike irq_of_parse_and_map() which has a dummy definition on SPARC,
of_irq_to_resource() hasn't.
But as platform_get_irq() can be used instead and is generic, use it.
Reported-by: kbuild test robot <lkp@intel.com>
Suggested-by: Mark Brown <broonie@kernel.org>
Fixes: 3194d2533eff ("spi: fsl: don't map irq during probe")
Cc: stable@vger.kernel.org
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Link: https://lore.kernel.org/r/091a277fd0b3356dca1e29858c1c96983fc9cb25.1576172743.git.christophe.leroy@c-s.fr
Signed-off-by: Mark Brown <broonie@kernel.org>
Michael Walle [Wed, 11 Dec 2019 19:57:30 +0000 (20:57 +0100)]
spi: nxp-fspi: Ensure width is respected in spi-mem operations
Make use of a core helper to ensure the desired width is respected
when calling spi-mem operators.
Otherwise only the SPI controller will be matched with the flash chip,
which might lead to wrong widths. Also consider the width specified by
the user in the device tree.
Fixes: a5356aef6a90 ("spi: spi-mem: Add driver for NXP FlexSPI controller")
Signed-off-by: Michael Walle <michael@walle.cc>
Link: https://lore.kernel.org/r/20191211195730.26794-1-michael@walle.cc
Signed-off-by: Mark Brown <broonie@kernel.org>
Geert Uytterhoeven [Wed, 11 Dec 2019 13:15:53 +0000 (14:15 +0100)]
spi: rspi: Remove obsolete platform_device_id entries
Since commits
05104c266ae9a167 ("ARM: shmobile: r7s72100: genmai: Remove
legacy board file") and
a483dcbfa21f919c ("ARM: shmobile: lager: Remove
legacy board support", RZ/A1 and R-Car Gen2 SoCs are only supported in
generic DT-only ARM multi-platform builds. The driver doesn't need to
match platform devices by name anymore for these platforms, hence remove
the corresponding platform_device_id entries.
The platform_device_id entry for "rspi" is retained, as it is used by
the SH7757 platform, which hasn't been converted to DT yet.
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Acked-by: Simon Horman <horms+renesas@verge.net.au>
Link: https://lore.kernel.org/r/20191211131553.23960-1-geert+renesas@glider.be
Signed-off-by: Mark Brown <broonie@kernel.org>
Aditya Pakki [Thu, 5 Dec 2019 23:14:21 +0000 (17:14 -0600)]
spi: dw: Avoid BUG_ON() in case of host failure
If dws is NULL in dw_spi_host_add(), we return the error to the
upper callers instead of crashing. The patch replaces BUG_ON by
returning -EINVAL to the caller.
Signed-off-by: Aditya Pakki <pakki001@umn.edu>
Link: https://lore.kernel.org/r/20191205231421.9333-1-pakki001@umn.edu
Signed-off-by: Mark Brown <broonie@kernel.org>
Vignesh Raghavendra [Wed, 11 Dec 2019 15:52:16 +0000 (21:22 +0530)]
spi: spi-ti-qspi: Fix a bug when accessing non default CS
When switching ChipSelect from default CS0 to any other CS, driver fails
to update the bits in system control module register that control which
CS is mapped for MMIO access. This causes reads to fail when driver
tries to access QSPI flash on CS1/2/3.
Fix this by updating appropriate bits whenever active CS changes.
Reported-by: Andreas Dannenberg <dannenberg@ti.com>
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Link: https://lore.kernel.org/r/20191211155216.30212-1-vigneshr@ti.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Linus Walleij [Thu, 5 Dec 2019 09:13:40 +0000 (10:13 +0100)]
spi: bitbang: Make chipselect callback optional
The ->chipselect() callback on the bit-banged SPI library
master is optional if using GPIO descriptors: when using
descriptors exclusively without any native chipselects,
the core does not even call out the the native ->set_cs()
and therefore ->chipselect() on a bit-banged SPI master
will not even be called in this case.
Make sure to respect the SPI_MASTER_GPIO_SS as used by
e.g. spi-gpio.c though: this setting will make the core
handle the chip select using GPIO descriptors *AND* call
the local chipselect handler.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20191205091340.59850-1-linus.walleij@linaro.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Linus Walleij [Thu, 5 Dec 2019 08:34:01 +0000 (09:34 +0100)]
spi: stm32: Switch to use GPIO descriptors for CS
This switches the STM32 SPI driver over to using GPIO
descriptors for chip select. Instead of the callbacks for
picking the GPIO lines using the legacy API we just let
the core handle it all using descriptors.
Cc: Fabien Dessenne <fabien.dessenne@st.com>
Cc: Amelie Delaunay <amelie.delaunay@st.com>
Cc: Cezary Gapinski <cezary.gapinski@gmail.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20191205083401.27077-1-linus.walleij@linaro.org
Signed-off-by: Mark Brown <broonie@kernel.org>
zhengbin [Thu, 28 Nov 2019 02:51:52 +0000 (10:51 +0800)]
spi/topcliff-pch: Remove unneeded semicolon
Fixes coccicheck warning:
drivers/spi/spi-topcliff-pch.c:866:47-48: Unneeded semicolon
drivers/spi/spi-topcliff-pch.c:881:53-54: Unneeded semicolon
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: zhengbin <zhengbin13@huawei.com>
Link: https://lore.kernel.org/r/1574909512-24260-1-git-send-email-zhengbin13@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Christophe Leroy [Mon, 9 Dec 2019 15:27:27 +0000 (15:27 +0000)]
spi: fsl: don't map irq during probe
With lastest kernel, the following warning is observed at startup:
[ 1.500609] ------------[ cut here ]------------
[ 1.505225] remove_proc_entry: removing non-empty directory 'irq/22', leaking at least 'fsl_spi'
[ 1.514234] WARNING: CPU: 0 PID: 1 at fs/proc/generic.c:682 remove_proc_entry+0x198/0x1c0
[ 1.522403] CPU: 0 PID: 1 Comm: swapper Not tainted
5.4.0-s3k-dev-02248-g93532430a4ff #2564
[ 1.530724] NIP:
c0197694 LR:
c0197694 CTR:
c0050d80
[ 1.535762] REGS:
df4a5af0 TRAP: 0700 Not tainted (
5.4.0-02248-g93532430a4ff)
[ 1.543818] MSR:
00029032 <EE,ME,IR,DR,RI> CR:
22028222 XER:
00000000
[ 1.550524]
[ 1.550524] GPR00:
c0197694 df4a5ba8 df4a0000 00000054 00000000 00000000 00004a38 00000010
[ 1.550524] GPR08:
c07c5a30 00000800 00000000 00001032 22000208 00000000 c0004b14 00000000
[ 1.550524] GPR16:
00000000 00000000 00000000 00000000 00000000 00000000 c0830000 c07fc078
[ 1.550524] GPR24:
c08e8ca0 df665d10 df60ea98 c07c9db8 00000001 df5d5ae3 df5d5a80 df43f8e3
[ 1.585327] NIP [
c0197694] remove_proc_entry+0x198/0x1c0
[ 1.590628] LR [
c0197694] remove_proc_entry+0x198/0x1c0
[ 1.595829] Call Trace:
[ 1.598280] [
df4a5ba8] [
c0197694] remove_proc_entry+0x198/0x1c0 (unreliable)
[ 1.605321] [
df4a5bd8] [
c0067acc] unregister_irq_proc+0x5c/0x70
[ 1.611238] [
df4a5bf8] [
c005fbc4] free_desc+0x3c/0x80
[ 1.616286] [
df4a5c18] [
c005fe2c] irq_free_descs+0x70/0xa8
[ 1.621778] [
df4a5c38] [
c033d3fc] of_fsl_spi_probe+0xdc/0x3cc
[ 1.627525] [
df4a5c88] [
c02f0f64] platform_drv_probe+0x44/0xa4
[ 1.633350] [
df4a5c98] [
c02eee44] really_probe+0x1ac/0x418
[ 1.638829] [
df4a5cc8] [
c02ed3e8] bus_for_each_drv+0x64/0xb0
[ 1.644481] [
df4a5cf8] [
c02ef950] __device_attach+0xd4/0x128
[ 1.650132] [
df4a5d28] [
c02ed61c] bus_probe_device+0xa0/0xbc
[ 1.655783] [
df4a5d48] [
c02ebbe8] device_add+0x544/0x74c
[ 1.661096] [
df4a5d88] [
c0382b78] of_platform_device_create_pdata+0xa4/0x100
[ 1.668131] [
df4a5da8] [
c0382cf4] of_platform_bus_create+0x120/0x20c
[ 1.674474] [
df4a5df8] [
c0382d50] of_platform_bus_create+0x17c/0x20c
[ 1.680818] [
df4a5e48] [
c0382e88] of_platform_bus_probe+0x9c/0xf0
[ 1.686907] [
df4a5e68] [
c0751404] __machine_initcall_cmpcpro_cmpcpro_declare_of_platform_devices+0x74/0x1a4
[ 1.696629] [
df4a5e98] [
c072a4cc] do_one_initcall+0x8c/0x1d4
[ 1.702282] [
df4a5ef8] [
c072a768] kernel_init_freeable+0x154/0x204
[ 1.708455] [
df4a5f28] [
c0004b2c] kernel_init+0x18/0x110
[ 1.713769] [
df4a5f38] [
c00122ac] ret_from_kernel_thread+0x14/0x1c
[ 1.719926] Instruction dump:
[ 1.722889]
2c030000 4182004c 3863ffb0 3c80c05f 80e3005c 388436a0 3c60c06d 7fa6eb78
[ 1.730630]
7fe5fb78 38840280 38634178 4be8c611 <
0fe00000>
4bffff6c 3c60c071 7fe4fb78
[ 1.738556] ---[ end trace
05d0720bf2e352e2 ]---
The problem comes from the error path which calls
irq_dispose_mapping() while the IRQ has been requested with
devm_request_irq().
IRQ doesn't need to be mapped with irq_of_parse_and_map(). The only
need is to get the IRQ virtual number. For that, use
of_irq_to_resource() instead of the
irq_of_parse_and_map()/irq_dispose_mapping() pair.
Fixes: 500a32abaf81 ("spi: fsl: Call irq_dispose_mapping in err path")
Cc: stable@vger.kernel.org
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Link: https://lore.kernel.org/r/518cfb83347d5372748e7fe72f94e2e9443d0d4a.1575905123.git.christophe.leroy@c-s.fr
Signed-off-by: Mark Brown <broonie@kernel.org>
Chuhong Yuan [Fri, 6 Dec 2019 07:55:00 +0000 (15:55 +0800)]
spi: spi-cavium-thunderx: Add missing pci_release_regions()
The driver forgets to call pci_release_regions() in probe failure
and remove.
Add the missed calls to fix it.
Signed-off-by: Chuhong Yuan <hslester96@gmail.com>
Link: https://lore.kernel.org/r/20191206075500.18525-1-hslester96@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Linus Torvalds [Sun, 8 Dec 2019 22:57:55 +0000 (14:57 -0800)]
Linux 5.5-rc1
Linus Torvalds [Sun, 8 Dec 2019 21:28:11 +0000 (13:28 -0800)]
Merge git://git./linux/kernel/git/netdev/net
Pull networking fixes from David Miller:
1) More jumbo frame fixes in r8169, from Heiner Kallweit.
2) Fix bpf build in minimal configuration, from Alexei Starovoitov.
3) Use after free in slcan driver, from Jouni Hogander.
4) Flower classifier port ranges don't work properly in the HW offload
case, from Yoshiki Komachi.
5) Use after free in hns3_nic_maybe_stop_tx(), from Yunsheng Lin.
6) Out of bounds access in mqprio_dump(), from Vladyslav Tarasiuk.
7) Fix flow dissection in dsa TX path, from Alexander Lobakin.
8) Stale syncookie timestampe fixes from Guillaume Nault.
[ Did an evil merge to silence a warning introduced by this pull - Linus ]
* git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (84 commits)
r8169: fix rtl_hw_jumbo_disable for RTL8168evl
net_sched: validate TCA_KIND attribute in tc_chain_tmplt_add()
r8169: add missing RX enabling for WoL on RTL8125
vhost/vsock: accept only packets with the right dst_cid
net: phy: dp83867: fix hfs boot in rgmii mode
net: ethernet: ti: cpsw: fix extra rx interrupt
inet: protect against too small mtu values.
gre: refetch erspan header from skb->data after pskb_may_pull()
pppoe: remove redundant BUG_ON() check in pppoe_pernet
tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE()
tcp: tighten acceptance of ACKs not matching a child socket
tcp: fix rejected syncookies due to stale timestamps
lpc_eth: kernel BUG on remove
tcp: md5: fix potential overestimation of TCP option space
net: sched: allow indirect blocks to bind to clsact in TC
net: core: rename indirect block ingress cb function
net-sysfs: Call dev_hold always in netdev_queue_add_kobject
net: dsa: fix flow dissection on Tx path
net/tls: Fix return values to avoid ENOTSUPP
net: avoid an indirect call in ____sys_recvmsg()
...
Linus Torvalds [Sun, 8 Dec 2019 20:23:42 +0000 (12:23 -0800)]
Merge tag 'scsi-misc' of git://git./linux/kernel/git/jejb/scsi
Pull more SCSI updates from James Bottomley:
"Eleven patches, all in drivers (no core changes) that are either minor
cleanups or small fixes.
They were late arriving, but still safe for -rc1"
* tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: MAINTAINERS: Add the linux-scsi mailing list to the ISCSI entry
scsi: megaraid_sas: Make poll_aen_lock static
scsi: sd_zbc: Improve report zones error printout
scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI
scsi: qla2xxx: unregister ports after GPN_FT failure
scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan
scsi: pm80xx: Remove unused include of linux/version.h
scsi: pm80xx: fix logic to break out of loop when register value is 2 or 3
scsi: scsi_transport_sas: Fix memory leak when removing devices
scsi: lpfc: size cpu map by last cpu id set
scsi: ibmvscsi_tgt: Remove unneeded variable rc
Linus Torvalds [Sun, 8 Dec 2019 20:12:18 +0000 (12:12 -0800)]
Merge tag '5.5-rc-smb3-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6
Pull cifs fixes from Steve French:
"Nine cifs/smb3 fixes:
- one fix for stable (oops during oplock break)
- two timestamp fixes including important one for updating mtime at
close to avoid stale metadata caching issue on dirty files (also
improves perf by using SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB over the
wire)
- two fixes for "modefromsid" mount option for file create (now
allows mode bits to be set more atomically and accurately on create
by adding "sd_context" on create when modefromsid specified on
mount)
- two fixes for multichannel found in testing this week against
different servers
- two small cleanup patches"
* tag '5.5-rc-smb3-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6:
smb3: improve check for when we send the security descriptor context on create
smb3: fix mode passed in on create for modetosid mount option
cifs: fix possible uninitialized access and race on iface_list
cifs: Fix lookup of SMB connections on multichannel
smb3: query attributes on file close
smb3: remove unused flag passed into close functions
cifs: remove redundant assignment to pointer pneg_ctxt
fs: cifs: Fix atime update check vs mtime
CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks
Linus Torvalds [Sun, 8 Dec 2019 19:08:28 +0000 (11:08 -0800)]
Merge branch 'work.misc' of git://git./linux/kernel/git/viro/vfs
Pull misc vfs cleanups from Al Viro:
"No common topic, just three cleanups".
* 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
make __d_alloc() static
fs/namespace: add __user to open_tree and move_mount syscalls
fs/fnctl: fix missing __user in fcntl_rw_hint()
Linus Torvalds [Sun, 8 Dec 2019 02:38:17 +0000 (18:38 -0800)]
Merge tag 'ntb-5.5' of git://github.com/jonmason/ntb
Pull NTB update from Jon Mason:
"Just a simple patch to add a new Hygon Device ID to the AMD NTB device
driver"
* tag 'ntb-5.5' of git://github.com/jonmason/ntb:
NTB: Add Hygon Device ID
Linus Torvalds [Sun, 8 Dec 2019 02:33:01 +0000 (18:33 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/dtor/input
Pull more input updates from Dmitry Torokhov:
- fixups for Synaptics RMI4 driver
- a quirk for Goodinx touchscreen on Teclast tablet
- a new keycode definition for activating privacy screen feature found
on a few "enterprise" laptops
- updates to snvs_pwrkey driver
- polling uinput device for writing (which is always allowed) now works
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: synaptics-rmi4 - don't increment rmiaddr for SMBus transfers
Input: synaptics-rmi4 - re-enable IRQs in f34v7_do_reflash
Input: goodix - add upside-down quirk for Teclast X89 tablet
Input: add privacy screen toggle keycode
Input: uinput - fix returning EPOLLOUT from uinput_poll
Input: snvs_pwrkey - remove gratuitous NULL initializers
Input: snvs_pwrkey - send key events for i.MX6 S, DL and Q
Linus Torvalds [Sun, 8 Dec 2019 01:07:18 +0000 (17:07 -0800)]
Merge tag 'iomap-5.5-merge-14' of git://git./fs/xfs/xfs-linux
Pull iomap fixes from Darrick Wong:
"Fix a race condition and a use-after-free error:
- Fix a UAF when reporting writeback errors
- Fix a race condition when handling page uptodate on fragmented file
with blocksize < pagesize"
* tag 'iomap-5.5-merge-14' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
iomap: stop using ioend after it's been freed in iomap_finish_ioend()
iomap: fix sub-page uptodate handling
Linus Torvalds [Sun, 8 Dec 2019 01:05:33 +0000 (17:05 -0800)]
Merge tag 'xfs-5.5-merge-17' of git://git./fs/xfs/xfs-linux
Pull xfs fixes from Darrick Wong:
"Fix a couple of resource management errors and a hang:
- fix a crash in the log setup code when log mounting fails
- fix a hang when allocating space on the realtime device
- fix a block leak when freeing space on the realtime device"
* tag 'xfs-5.5-merge-17' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
xfs: fix mount failure crash on invalid iclog memory access
xfs: don't check for AG deadlock for realtime files in bunmapi
xfs: fix realtime file data space leak
Linus Torvalds [Sun, 8 Dec 2019 00:59:25 +0000 (16:59 -0800)]
Merge tag 'for-linus-5.5-ofs1' of git://git./linux/kernel/git/hubcap/linux
Pull orangefs update from Mike Marshall:
"orangefs: posix open permission checking...
Orangefs has no open, and orangefs checks file permissions on each
file access. Posix requires that file permissions be checked on open
and nowhere else. Orangefs-through-the-kernel needs to seem posix
compliant.
The VFS opens files, even if the filesystem provides no method. We can
see if a file was successfully opened for read and or for write by
looking at file->f_mode.
When writes are flowing from the page cache, file is no longer
available. We can trust the VFS to have checked file->f_mode before
writing to the page cache.
The mode of a file might change between when it is opened and IO
commences, or it might be created with an arbitrary mode.
We'll make sure we don't hit EACCES during the IO stage by using
UID 0"
[ This is "posixish", but not a great solution in the long run, since a
proper secure network server shouldn't really trust the client like this.
But proper and secure POSIX behavior requires an open method and a
resulting cookie for IO of some kind, or similar. - Linus ]
* tag 'for-linus-5.5-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux:
orangefs: posix open permission checking...
Linus Torvalds [Sun, 8 Dec 2019 00:56:00 +0000 (16:56 -0800)]
Merge tag 'nfsd-5.5' of git://linux-nfs.org/~bfields/linux
Pull nfsd updates from Bruce Fields:
"This is a relatively quiet cycle for nfsd, mainly various bugfixes.
Possibly most interesting is Trond's fixes for some callback races
that were due to my incomplete understanding of rpc client shutdown.
Unfortunately at the last minute I've started noticing a new
intermittent failure to send callbacks. As the logic seems basically
correct, I'm leaving Trond's patches in for now, and hope to find a
fix in the next week so I don't have to revert those patches"
* tag 'nfsd-5.5' of git://linux-nfs.org/~bfields/linux: (24 commits)
nfsd: depend on CRYPTO_MD5 for legacy client tracking
NFSD fixing possible null pointer derefering in copy offload
nfsd: check for EBUSY from vfs_rmdir/vfs_unink.
nfsd: Ensure CLONE persists data and metadata changes to the target file
SUNRPC: Fix backchannel latency metrics
nfsd: restore NFSv3 ACL support
nfsd: v4 support requires CRYPTO_SHA256
nfsd: Fix cld_net->cn_tfm initialization
lockd: remove __KERNEL__ ifdefs
sunrpc: remove __KERNEL__ ifdefs
race in exportfs_decode_fh()
nfsd: Drop LIST_HEAD where the variable it declares is never used.
nfsd: document callback_wq serialization of callback code
nfsd: mark cb path down on unknown errors
nfsd: Fix races between nfsd4_cb_release() and nfsd4_shutdown_callback()
nfsd: minor 4.1 callback cleanup
SUNRPC: Fix svcauth_gss_proxy_init()
SUNRPC: Trace gssproxy upcall results
sunrpc: fix crash when cache_head become valid before update
nfsd: remove private bin2hex implementation
...
Linus Torvalds [Sun, 8 Dec 2019 00:50:55 +0000 (16:50 -0800)]
Merge tag 'nfs-for-5.5-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs
Pull NFS client updates from Trond Myklebust:
"Highlights include:
Features:
- NFSv4.2 now supports cross device offloaded copy (i.e. offloaded
copy of a file from one source server to a different target
server).
- New RDMA tracepoints for debugging congestion control and Local
Invalidate WRs.
Bugfixes and cleanups
- Drop the NFSv4.1 session slot if nfs4_delegreturn_prepare waits for
layoutreturn
- Handle bad/dead sessions correctly in nfs41_sequence_process()
- Various bugfixes to the delegation return operation.
- Various bugfixes pertaining to delegations that have been revoked.
- Cleanups to the NFS timespec code to avoid unnecessary conversions
between timespec and timespec64.
- Fix unstable RDMA connections after a reconnect
- Close race between waking an RDMA sender and posting a receive
- Wake pending RDMA tasks if connection fails
- Fix MR list corruption, and clean up MR usage
- Fix another RPCSEC_GSS issue with MIC buffer space"
* tag 'nfs-for-5.5-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: (79 commits)
SUNRPC: Capture completion of all RPC tasks
SUNRPC: Fix another issue with MIC buffer space
NFS4: Trace lock reclaims
NFS4: Trace state recovery operation
NFSv4.2 fix memory leak in nfs42_ssc_open
NFSv4.2 fix kfree in __nfs42_copy_file_range
NFS: remove duplicated include from nfs4file.c
NFSv4: Make _nfs42_proc_copy_notify() static
NFS: Fallocate should use the nfs4_fattr_bitmap
NFS: Return -ETXTBSY when attempting to write to a swapfile
fs: nfs: sysfs: Remove NULL check before kfree
NFS: remove unneeded semicolon
NFSv4: add declaration of current_stateid
NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn
NFSv4.x: Handle bad/dead sessions correctly in nfs41_sequence_process()
nfsv4: Move NFSPROC4_CLNT_COPY_NOTIFY to end of list
SUNRPC: Avoid RPC delays when exiting suspend
NFS: Add a tracepoint in nfs_fh_to_dentry()
NFSv4: Don't retry the GETATTR on old stateid in nfs4_delegreturn_done()
NFSv4: Handle NFS4ERR_OLD_STATEID in delegreturn
...
Steve French [Sat, 7 Dec 2019 23:38:22 +0000 (17:38 -0600)]
smb3: improve check for when we send the security descriptor context on create
We had cases in the previous patch where we were sending the security
descriptor context on SMB3 open (file create) in cases when we hadn't
mounted with with "modefromsid" mount option.
Add check for that mount flag before calling ad_sd_context in
open init.
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
Linus Torvalds [Sat, 7 Dec 2019 22:51:04 +0000 (14:51 -0800)]
Merge tag 'vfio-v5.5-rc1' of git://github.com/awilliam/linux-vfio
Pull VFIO updates from Alex Williamson:
- Remove hugepage checks for reserved pfns (Ben Luo)
- Fix irq-bypass unregister ordering (Jiang Yi)
* tag 'vfio-v5.5-rc1' of git://github.com/awilliam/linux-vfio:
vfio/pci: call irq_bypass_unregister_producer() before freeing irq
vfio/type1: remove hugepage checks in is_invalid_reserved_pfn()
Linus Torvalds [Sat, 7 Dec 2019 22:49:20 +0000 (14:49 -0800)]
Merge tag 'for-linus-5.5b-rc1-tag' of git://git./linux/kernel/git/xen/tip
Pull more xen updates from Juergen Gross:
- a patch to fix a build warning
- a cleanup of no longer needed code in the Xen event handling
- a small series for the Xen grant driver avoiding high order
allocations and replacing an insane global limit by a per-call one
- a small series fixing Xen frontend/backend module referencing
* tag 'for-linus-5.5b-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
xen-blkback: allow module to be cleanly unloaded
xen/xenbus: reference count registered modules
xen/gntdev: switch from kcalloc() to kvcalloc()
xen/gntdev: replace global limit of mapped pages by limit per call
xen/gntdev: remove redundant non-zero check on ret
xen/events: remove event handling recursion detection
Linus Torvalds [Sat, 7 Dec 2019 22:43:46 +0000 (14:43 -0800)]
Merge branch 'akpm' (patches from Andrew)
Merge misc Kconfig updates from Andrew Morton:
"A number of changes to Kconfig files under lib/ from Changbin Du and
Krzysztof Kozlowski"
* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
lib/: fix Kconfig indentation
kernel-hacking: move DEBUG_FS to 'Generic Kernel Debugging Instruments'
kernel-hacking: move DEBUG_BUGVERBOSE to 'printk and dmesg options'
kernel-hacking: create a submenu for scheduler debugging options
kernel-hacking: move SCHED_STACK_END_CHECK after DEBUG_STACK_USAGE
kernel-hacking: move Oops into 'Lockups and Hangs'
kernel-hacking: move kernel testing and coverage options to same submenu
kernel-hacking: group kernel data structures debugging together
kernel-hacking: create submenu for arch special debugging options
kernel-hacking: group sysrq/kgdb/ubsan into 'Generic Kernel Debugging Instruments'
Heiner Kallweit [Sat, 7 Dec 2019 21:21:52 +0000 (22:21 +0100)]
r8169: fix rtl_hw_jumbo_disable for RTL8168evl
In referenced fix we removed the RTL8168e-specific jumbo config for
RTL8168evl in rtl_hw_jumbo_enable(). We have to do the same in
rtl_hw_jumbo_disable().
v2: fix referenced commit id
Fixes: 14012c9f3bb9 ("r8169: fix jumbo configuration for RTL8168evl")
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Sat, 7 Dec 2019 21:53:09 +0000 (13:53 -0800)]
pipe: don't use 'pipe_wait() for basic pipe IO
pipe_wait() may be simple, but since it relies on the pipe lock, it
means that we have to do the wakeup while holding the lock. That's
unfortunate, because the very first thing the waked entity will want to
do is to get the pipe lock for itself.
So get rid of the pipe_wait() usage by simply releasing the pipe lock,
doing the wakeup (if required) and then using wait_event_interruptible()
to wait on the right condition instead.
wait_event_interruptible() handles races on its own by comparing the
wakeup condition before and after adding itself to the wait queue, so
you can use an optimistic unlocked condition for it.
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jiasen Lin [Sun, 17 Nov 2019 21:48:36 +0000 (16:48 -0500)]
NTB: Add Hygon Device ID
Signed-off-by: Jiasen Lin <linjiasen@hygon.cn>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Linus Torvalds [Sat, 7 Dec 2019 21:21:01 +0000 (13:21 -0800)]
pipe: remove 'waiting_writers' merging logic
This code is ancient, and goes back to when we only had a single page
for the pipe buffers. The exact history is hidden in the mists of time
(ie "before git", and in fact predates the BK repository too).
At that long-ago point in time, it actually helped to try to merge big
back-and-forth pipe reads and writes, and not limit pipe reads to the
single pipe buffer in length just because that was all we had at a time.
However, since then we've expanded the pipe buffers to multiple pages,
and this logic really doesn't seem to make sense. And a lot of it is
somewhat questionable (ie "hmm, the user asked for a non-blocking read,
but we see that there's a writer pending, so let's wait anyway to get
the extra data that the writer will have").
But more importantly, it makes the "go to sleep" logic much less
obvious, and considering the wakeup issues we've had, I want to make for
less of those kinds of things.
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Sat, 7 Dec 2019 20:54:26 +0000 (12:54 -0800)]
pipe: fix and clarify pipe read wakeup logic
This is the read side version of the previous commit: it simplifies the
logic to only wake up waiting writers when necessary, and makes sure to
use a synchronous wakeup. This time not so much for GNU make jobserver
reasons (that pipe never fills up), but simply to get the writer going
quickly again.
A bit less verbose commentary this time, if only because I assume that
the write side commentary isn't going to be ignored if you touch this
code.
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Sat, 7 Dec 2019 20:14:28 +0000 (12:14 -0800)]
pipe: fix and clarify pipe write wakeup logic
The pipe rework ends up having been extra painful, partly becaused of
actual bugs with ordering and caching of the pipe state, but also
because of subtle performance issues.
In particular, the pipe rework caused the kernel build to inexplicably
slow down.
The reason turns out to be that the GNU make jobserver (which limits the
parallelism of the build) uses a pipe to implement a "token" system: a
parallel submake will read a character from the pipe to get the job
token before starting a new job, and will write a character back to the
pipe when it is done. The overall job limit is thus easily controlled
by just writing the appropriate number of initial token characters into
the pipe.
But to work well, that really means that the old behavior of write
wakeups being synchronous (WF_SYNC) is very important - when the pipe
writer wakes up a reader, we want the reader to actually get scheduled
immediately. Otherwise you lose the parallelism of the build.
The pipe rework lost that synchronous wakeup on write, and we had
clearly all forgotten the reasons and rules for it.
This rewrites the pipe write wakeup logic to do the required Wsync
wakeups, but also clarifies the logic and avoids extraneous wakeups.
It also ends up addign a number of comments about what oit does and why,
so that we hopefully don't end up forgetting about this next time we
change this code.
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Eric Dumazet [Sat, 7 Dec 2019 19:34:45 +0000 (11:34 -0800)]
net_sched: validate TCA_KIND attribute in tc_chain_tmplt_add()
Use the new tcf_proto_check_kind() helper to make sure user
provided value is well formed.
BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:606 [inline]
BUG: KMSAN: uninit-value in string+0x4be/0x600 lib/vsprintf.c:668
CPU: 0 PID: 12358 Comm: syz-executor.1 Not tainted 5.4.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c9/0x220 lib/dump_stack.c:118
kmsan_report+0x128/0x220 mm/kmsan/kmsan_report.c:108
__msan_warning+0x64/0xc0 mm/kmsan/kmsan_instr.c:245
string_nocheck lib/vsprintf.c:606 [inline]
string+0x4be/0x600 lib/vsprintf.c:668
vsnprintf+0x218f/0x3210 lib/vsprintf.c:2510
__request_module+0x2b1/0x11c0 kernel/kmod.c:143
tcf_proto_lookup_ops+0x171/0x700 net/sched/cls_api.c:139
tc_chain_tmplt_add net/sched/cls_api.c:2730 [inline]
tc_ctl_chain+0x1904/0x38a0 net/sched/cls_api.c:2850
rtnetlink_rcv_msg+0x115a/0x1580 net/core/rtnetlink.c:5224
netlink_rcv_skb+0x431/0x620 net/netlink/af_netlink.c:2477
rtnetlink_rcv+0x50/0x60 net/core/rtnetlink.c:5242
netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
netlink_unicast+0xf3e/0x1020 net/netlink/af_netlink.c:1328
netlink_sendmsg+0x110f/0x1330 net/netlink/af_netlink.c:1917
sock_sendmsg_nosec net/socket.c:637 [inline]
sock_sendmsg net/socket.c:657 [inline]
___sys_sendmsg+0x14ff/0x1590 net/socket.c:2311
__sys_sendmsg net/socket.c:2356 [inline]
__do_sys_sendmsg net/socket.c:2365 [inline]
__se_sys_sendmsg+0x305/0x460 net/socket.c:2363
__x64_sys_sendmsg+0x4a/0x70 net/socket.c:2363
do_syscall_64+0xb6/0x160 arch/x86/entry/common.c:291
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45a649
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:
00007f0790795c78 EFLAGS:
00000246 ORIG_RAX:
000000000000002e
RAX:
ffffffffffffffda RBX:
0000000000000003 RCX:
000000000045a649
RDX:
0000000000000000 RSI:
0000000020000300 RDI:
0000000000000006
RBP:
000000000075bfc8 R08:
0000000000000000 R09:
0000000000000000
R10:
0000000000000000 R11:
0000000000000246 R12:
00007f07907966d4
R13:
00000000004c8db5 R14:
00000000004df630 R15:
00000000ffffffff
Uninit was created at:
kmsan_save_stack_with_flags mm/kmsan/kmsan.c:149 [inline]
kmsan_internal_poison_shadow+0x5c/0x110 mm/kmsan/kmsan.c:132
kmsan_slab_alloc+0x97/0x100 mm/kmsan/kmsan_hooks.c:86
slab_alloc_node mm/slub.c:2773 [inline]
__kmalloc_node_track_caller+0xe27/0x11a0 mm/slub.c:4381
__kmalloc_reserve net/core/skbuff.c:141 [inline]
__alloc_skb+0x306/0xa10 net/core/skbuff.c:209
alloc_skb include/linux/skbuff.h:1049 [inline]
netlink_alloc_large_skb net/netlink/af_netlink.c:1174 [inline]
netlink_sendmsg+0x783/0x1330 net/netlink/af_netlink.c:1892
sock_sendmsg_nosec net/socket.c:637 [inline]
sock_sendmsg net/socket.c:657 [inline]
___sys_sendmsg+0x14ff/0x1590 net/socket.c:2311
__sys_sendmsg net/socket.c:2356 [inline]
__do_sys_sendmsg net/socket.c:2365 [inline]
__se_sys_sendmsg+0x305/0x460 net/socket.c:2363
__x64_sys_sendmsg+0x4a/0x70 net/socket.c:2363
do_syscall_64+0xb6/0x160 arch/x86/entry/common.c:291
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Fixes: 6f96c3c6904c ("net_sched: fix backward compatibility for TCA_KIND")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
Heiner Kallweit [Fri, 6 Dec 2019 22:27:15 +0000 (23:27 +0100)]
r8169: add missing RX enabling for WoL on RTL8125
RTL8125 also requires to enable RX for WoL.
v2: add missing Fixes tag
Fixes: f1bce4ad2f1c ("r8169: add support for RTL8125")
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stefano Garzarella [Fri, 6 Dec 2019 14:39:12 +0000 (15:39 +0100)]
vhost/vsock: accept only packets with the right dst_cid
When we receive a new packet from the guest, we check if the
src_cid is correct, but we forgot to check the dst_cid.
The host should accept only packets where dst_cid is
equal to the host CID.
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Grygorii Strashko [Fri, 6 Dec 2019 12:34:32 +0000 (14:34 +0200)]
net: phy: dp83867: fix hfs boot in rgmii mode
The commit
ef87f7da6b28 ("net: phy: dp83867: move dt parsing to probe")
causes regression on TI dra71x-evm and dra72x-evm, where DP83867 PHY is
used in "rgmii-id" mode - the networking stops working.
Unfortunately, it's not enough to just move DT parsing code to .probe() as
it depends on phydev->interface value, which is set to correct value abter
the .probe() is completed and before calling .config_init(). So, RGMII
configuration can't be loaded from DT.
To fix and issue
- move RGMII validation code to .config_init()
- parse RGMII parameters in dp83867_of_init(), but consider them as
optional.
Fixes: ef87f7da6b28 ("net: phy: dp83867: move dt parsing to probe")
Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Grygorii Strashko [Fri, 6 Dec 2019 12:28:20 +0000 (14:28 +0200)]
net: ethernet: ti: cpsw: fix extra rx interrupt
Now RX interrupt is triggered twice every time, because in
cpsw_rx_interrupt() it is asked first and then disabled. So there will be
pending interrupt always, when RX interrupt is enabled again in NAPI
handler.
Fix it by first disabling IRQ and then do ask.
Fixes: 870915feabdc ("drivers: net: cpsw: remove disable_irq/enable_irq as irq can be masked from cpsw itself")
Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Fri, 6 Dec 2019 04:43:46 +0000 (20:43 -0800)]
inet: protect against too small mtu values.
syzbot was once again able to crash a host by setting a very small mtu
on loopback device.
Let's make inetdev_valid_mtu() available in include/net/ip.h,
and use it in ip_setup_cork(), so that we protect both ip_append_page()
and __ip_append_data()
Also add a READ_ONCE() when the device mtu is read.
Pairs this lockless read with one WRITE_ONCE() in __dev_set_mtu(),
even if other code paths might write over this field.
Add a big comment in include/linux/netdevice.h about dev->mtu
needing READ_ONCE()/WRITE_ONCE() annotations.
Hopefully we will add the missing ones in followup patches.
[1]
refcount_t: saturated; leaking memory.
WARNING: CPU: 0 PID: 9464 at lib/refcount.c:22 refcount_warn_saturate+0x138/0x1f0 lib/refcount.c:22
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 9464 Comm: syz-executor850 Not tainted 5.4.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x197/0x210 lib/dump_stack.c:118
panic+0x2e3/0x75c kernel/panic.c:221
__warn.cold+0x2f/0x3e kernel/panic.c:582
report_bug+0x289/0x300 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
fixup_bug arch/x86/kernel/traps.c:169 [inline]
do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:267
do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:refcount_warn_saturate+0x138/0x1f0 lib/refcount.c:22
Code: 06 31 ff 89 de e8 c8 f5 e6 fd 84 db 0f 85 6f ff ff ff e8 7b f4 e6 fd 48 c7 c7 e0 71 4f 88 c6 05 56 a6 a4 06 01 e8 c7 a8 b7 fd <0f> 0b e9 50 ff ff ff e8 5c f4 e6 fd 0f b6 1d 3d a6 a4 06 31 ff 89
RSP: 0018:
ffff88809689f550 EFLAGS:
00010286
RAX:
0000000000000000 RBX:
0000000000000000 RCX:
0000000000000000
RDX:
0000000000000000 RSI:
ffffffff815e4336 RDI:
ffffed1012d13e9c
RBP:
ffff88809689f560 R08:
ffff88809c50a3c0 R09:
fffffbfff15d31b1
R10:
fffffbfff15d31b0 R11:
ffffffff8ae98d87 R12:
0000000000000001
R13:
0000000000040100 R14:
ffff888099041104 R15:
ffff888218d96e40
refcount_add include/linux/refcount.h:193 [inline]
skb_set_owner_w+0x2b6/0x410 net/core/sock.c:1999
sock_wmalloc+0xf1/0x120 net/core/sock.c:2096
ip_append_page+0x7ef/0x1190 net/ipv4/ip_output.c:1383
udp_sendpage+0x1c7/0x480 net/ipv4/udp.c:1276
inet_sendpage+0xdb/0x150 net/ipv4/af_inet.c:821
kernel_sendpage+0x92/0xf0 net/socket.c:3794
sock_sendpage+0x8b/0xc0 net/socket.c:936
pipe_to_sendpage+0x2da/0x3c0 fs/splice.c:458
splice_from_pipe_feed fs/splice.c:512 [inline]
__splice_from_pipe+0x3ee/0x7c0 fs/splice.c:636
splice_from_pipe+0x108/0x170 fs/splice.c:671
generic_splice_sendpage+0x3c/0x50 fs/splice.c:842
do_splice_from fs/splice.c:861 [inline]
direct_splice_actor+0x123/0x190 fs/splice.c:1035
splice_direct_to_actor+0x3b4/0xa30 fs/splice.c:990
do_splice_direct+0x1da/0x2a0 fs/splice.c:1078
do_sendfile+0x597/0xd00 fs/read_write.c:1464
__do_sys_sendfile64 fs/read_write.c:1525 [inline]
__se_sys_sendfile64 fs/read_write.c:1511 [inline]
__x64_sys_sendfile64+0x1dd/0x220 fs/read_write.c:1511
do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x441409
Code: e8 ac e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:
00007fffb64c4f78 EFLAGS:
00000246 ORIG_RAX:
0000000000000028
RAX:
ffffffffffffffda RBX:
0000000000000000 RCX:
0000000000441409
RDX:
0000000000000000 RSI:
0000000000000006 RDI:
0000000000000005
RBP:
0000000000073b8a R08:
0000000000000010 R09:
0000000000000010
R10:
0000000000010001 R11:
0000000000000246 R12:
0000000000402180
R13:
0000000000402210 R14:
0000000000000000 R15:
0000000000000000
Kernel Offset: disabled
Rebooting in 86400 seconds..
Fixes: 1470ddf7f8ce ("inet: Remove explicit write references to sk/inet in ip_append_data")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cong Wang [Fri, 6 Dec 2019 03:39:02 +0000 (19:39 -0800)]
gre: refetch erspan header from skb->data after pskb_may_pull()
After pskb_may_pull() we should always refetch the header
pointers from the skb->data in case it got reallocated.
In gre_parse_header(), the erspan header is still fetched
from the 'options' pointer which is fetched before
pskb_may_pull().
Found this during code review of a KMSAN bug report.
Fixes: cb73ee40b1b3 ("net: ip_gre: use erspan key field for tunnel lookup")
Cc: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Acked-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Acked-by: William Tu <u9012063@gmail.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Aditya Pakki [Thu, 5 Dec 2019 23:04:49 +0000 (17:04 -0600)]
pppoe: remove redundant BUG_ON() check in pppoe_pernet
Passing NULL to pppoe_pernet causes a crash via BUG_ON.
Dereferencing net in net_generici() also has the same effect. This patch
removes the redundant BUG_ON check on the same parameter.
Signed-off-by: Aditya Pakki <pakki001@umn.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Krzysztof Kozlowski [Sat, 7 Dec 2019 01:04:08 +0000 (17:04 -0800)]
lib/: fix Kconfig indentation
Adjust indentation from spaces to tab (+optional two spaces) as in
coding style with command like:
$ sed -e 's/^ / /' -i */Kconfig
Link: http://lkml.kernel.org/r/20191120140140.19148-1-krzk@kernel.org
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Changbin Du [Sat, 7 Dec 2019 01:04:06 +0000 (17:04 -0800)]
kernel-hacking: move DEBUG_FS to 'Generic Kernel Debugging Instruments'
DEBUG_FS does not belong to 'Compile-time checks and compiler options'.
Link: http://lkml.kernel.org/r/20190909144453.3520-10-changbin.du@gmail.com
Cc: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Changbin Du <changbin.du@gmail.com>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Tested-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Changbin Du [Sat, 7 Dec 2019 01:04:03 +0000 (17:04 -0800)]
kernel-hacking: move DEBUG_BUGVERBOSE to 'printk and dmesg options'
I think DEBUG_BUGVERBOSE is a dmesg option which gives more debug info
to dmesg.
Link: http://lkml.kernel.org/r/20190909144453.3520-9-changbin.du@gmail.com
Signed-off-by: Changbin Du <changbin.du@gmail.com>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Tested-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Changbin Du [Sat, 7 Dec 2019 01:04:00 +0000 (17:04 -0800)]
kernel-hacking: create a submenu for scheduler debugging options
Create a submenu 'Scheduler Debugging' for scheduler debugging options.
Link: http://lkml.kernel.org/r/20190909144453.3520-8-changbin.du@gmail.com
Signed-off-by: Changbin Du <changbin.du@gmail.com>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Tested-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Changbin Du [Sat, 7 Dec 2019 01:03:57 +0000 (17:03 -0800)]
kernel-hacking: move SCHED_STACK_END_CHECK after DEBUG_STACK_USAGE
They are both memory debug options to debug kernel stack issues.
Link: http://lkml.kernel.org/r/20190909144453.3520-7-changbin.du@gmail.com
Signed-off-by: Changbin Du <changbin.du@gmail.com>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Tested-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Changbin Du [Sat, 7 Dec 2019 01:03:54 +0000 (17:03 -0800)]
kernel-hacking: move Oops into 'Lockups and Hangs'
They are similar options so place them together.
Link: http://lkml.kernel.org/r/20190909144453.3520-6-changbin.du@gmail.com
Signed-off-by: Changbin Du <changbin.du@gmail.com>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Tested-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Changbin Du [Sat, 7 Dec 2019 01:03:51 +0000 (17:03 -0800)]
kernel-hacking: move kernel testing and coverage options to same submenu
Move error injection, coverage, testing options to a new top level
submenu 'Kernel Testing and Coverage'. They are all for test purpose.
Link: http://lkml.kernel.org/r/20190909144453.3520-5-changbin.du@gmail.com
Signed-off-by: Changbin Du <changbin.du@gmail.com>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Tested-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Changbin Du [Sat, 7 Dec 2019 01:03:48 +0000 (17:03 -0800)]
kernel-hacking: group kernel data structures debugging together
Group these similar runtime data structures verification options
together.
Link: http://lkml.kernel.org/r/20190909144453.3520-4-changbin.du@gmail.com
Signed-off-by: Changbin Du <changbin.du@gmail.com>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Tested-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Changbin Du [Sat, 7 Dec 2019 01:03:45 +0000 (17:03 -0800)]
kernel-hacking: create submenu for arch special debugging options
The arch special options are a little long, so create a submenu for
them.
Link: http://lkml.kernel.org/r/20190909144453.3520-3-changbin.du@gmail.com
Signed-off-by: Changbin Du <changbin.du@gmail.com>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Tested-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Changbin Du [Sat, 7 Dec 2019 01:03:42 +0000 (17:03 -0800)]
kernel-hacking: group sysrq/kgdb/ubsan into 'Generic Kernel Debugging Instruments'
Patch series "hacking: make 'kernel hacking' menu better structurized", v3.
This series is a trivial improvment for the layout of 'kernel hacking'
configuration menu. Now we have many items in it which makes takes a
little time to look up them since they are not well structurized yet.
Early discussion is here:
https://lkml.org/lkml/2019/9/1/39
This patch (of 9):
Group generic kernel debugging instruments sysrq/kgdb/ubsan together
into a new submenu.
Link: http://lkml.kernel.org/r/20190909144453.3520-2-changbin.du@gmail.com
Signed-off-by: Changbin Du <changbin.du@gmail.com>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Tested-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Sat, 7 Dec 2019 18:41:17 +0000 (10:41 -0800)]
pipe: fix poll/select race introduced by the pipe rework
The kernel wait queues have a basic rule to them: you add yourself to
the wait-queue first, and then you check the things that you're going to
wait on. That avoids the races with the event you're waiting for.
The same goes for poll/select logic: the "poll_wait()" goes first, and
then you check the things you're polling for.
Of course, if you use locking, the ordering doesn't matter since the
lock will serialize with anything that changes the state you're looking
at. That's not the case here, though.
So move the poll_wait() first in pipe_poll(), before you start looking
at the pipe state.
Fixes: 8cefc107ca54 ("pipe: Use head and tail pointers for the ring, not cursor and length")
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Patrick Steinhardt [Wed, 4 Dec 2019 06:13:22 +0000 (07:13 +0100)]
nfsd: depend on CRYPTO_MD5 for legacy client tracking
The legacy client tracking infrastructure of nfsd makes use of MD5 to
derive a client's recovery directory name. As the nfsd module doesn't
declare any dependency on CRYPTO_MD5, though, it may fail to allocate
the hash if the kernel was compiled without it. As a result, generation
of client recovery directories will fail with the following error:
NFSD: unable to generate recoverydir name
The explicit dependency on CRYPTO_MD5 was removed as redundant back in
6aaa67b5f3b9 (NFSD: Remove redundant "select" clauses in fs/Kconfig
2008-02-11) as it was already implicitly selected via RPCSEC_GSS_KRB5.
This broke when RPCSEC_GSS_KRB5 was made optional for NFSv4 in commit
df486a25900f (NFS: Fix the selection of security flavours in Kconfig) at
a later point.
Fix the issue by adding back an explicit dependency on CRYPTO_MD5.
Fixes: df486a25900f (NFS: Fix the selection of security flavours in Kconfig)
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Olga Kornievskaia [Wed, 4 Dec 2019 20:13:54 +0000 (15:13 -0500)]
NFSD fixing possible null pointer derefering in copy offload
Static checker revealed possible error path leading to possible
NULL pointer dereferencing.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Fixes: e0639dc5805a: ("NFSD introduce async copy feature")
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
David S. Miller [Sat, 7 Dec 2019 05:05:14 +0000 (21:05 -0800)]
Merge branch 'tcp-fix-handling-of-stale-syncookies-timestamps'
Guillaume Nault says:
====================
tcp: fix handling of stale syncookies timestamps
The synflood timestamps (->ts_recent_stamp and ->synq_overflow_ts) are
only refreshed when the syncookie protection triggers. Therefore, their
value can become very far apart from jiffies if no synflood happens for
a long time.
If jiffies grows too much and wraps while the synflood timestamp isn't
refreshed, then time_after32() might consider the later to be in the
future. This can trick tcp_synq_no_recent_overflow() into returning
erroneous values and rejecting valid ACKs.
Patch 1 handles the case of ACKs using legitimate syncookies.
Patch 2 handles the case of stray ACKs.
Patch 3 annotates lockless timestamp operations with READ_ONCE() and
WRITE_ONCE().
Changes from v3:
- Fix description of time_between32() (found by Eric Dumazet).
- Use more accurate Fixes tag in patch 3 (suggested by Eric Dumazet).
Changes from v2:
- Define and use time_between32() instead of a pair of
time_before32/time_after32 (suggested by Eric Dumazet).
- Use 'last_overflow - HZ' as lower bound in
tcp_synq_no_recent_overflow(), to accommodate for concurrent
timestamp updates (found by Eric Dumazet).
- Add a third patch to annotate lockless accesses to .ts_recent_stamp.
Changes from v1:
- Initialising timestamps at socket creation time is not enough
because jiffies wraps in 24 days with HZ=1000 (Eric Dumazet).
Handle stale timestamps in tcp_synq_overflow() and
tcp_synq_no_recent_overflow() instead.
- Rework commit description.
- Add a second patch to handle the case of stray ACKs.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Guillaume Nault [Fri, 6 Dec 2019 11:38:49 +0000 (12:38 +0100)]
tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE()
Syncookies borrow the ->rx_opt.ts_recent_stamp field to store the
timestamp of the last synflood. Protect them with READ_ONCE() and
WRITE_ONCE() since reads and writes aren't serialised.
Use of .rx_opt.ts_recent_stamp for storing the synflood timestamp was
introduced by
a0f82f64e269 ("syncookies: remove last_synq_overflow from
struct tcp_sock"). But unprotected accesses were already there when
timestamp was stored in .last_synq_overflow.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Guillaume Nault [Fri, 6 Dec 2019 11:38:43 +0000 (12:38 +0100)]
tcp: tighten acceptance of ACKs not matching a child socket
When no synflood occurs, the synflood timestamp isn't updated.
Therefore it can be so old that time_after32() can consider it to be
in the future.
That's a problem for tcp_synq_no_recent_overflow() as it may report
that a recent overflow occurred while, in fact, it's just that jiffies
has grown past 'last_overflow' + TCP_SYNCOOKIE_VALID + 2^31.
Spurious detection of recent overflows lead to extra syncookie
verification in cookie_v[46]_check(). At that point, the verification
should fail and the packet dropped. But we should have dropped the
packet earlier as we didn't even send a syncookie.
Let's refine tcp_synq_no_recent_overflow() to report a recent overflow
only if jiffies is within the
[last_overflow, last_overflow + TCP_SYNCOOKIE_VALID] interval. This
way, no spurious recent overflow is reported when jiffies wraps and
'last_overflow' becomes in the future from the point of view of
time_after32().
However, if jiffies wraps and enters the
[last_overflow, last_overflow + TCP_SYNCOOKIE_VALID] interval (with
'last_overflow' being a stale synflood timestamp), then
tcp_synq_no_recent_overflow() still erroneously reports an
overflow. In such cases, we have to rely on syncookie verification
to drop the packet. We unfortunately have no way to differentiate
between a fresh and a stale syncookie timestamp.
In practice, using last_overflow as lower bound is problematic.
If the synflood timestamp is concurrently updated between the time
we read jiffies and the moment we store the timestamp in
'last_overflow', then 'now' becomes smaller than 'last_overflow' and
tcp_synq_no_recent_overflow() returns true, potentially dropping a
valid syncookie.
Reading jiffies after loading the timestamp could fix the problem,
but that'd require a memory barrier. Let's just accommodate for
potential timestamp growth instead and extend the interval using
'last_overflow - HZ' as lower bound.
Signed-off-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Guillaume Nault [Fri, 6 Dec 2019 11:38:36 +0000 (12:38 +0100)]
tcp: fix rejected syncookies due to stale timestamps
If no synflood happens for a long enough period of time, then the
synflood timestamp isn't refreshed and jiffies can advance so much
that time_after32() can't accurately compare them any more.
Therefore, we can end up in a situation where time_after32(now,
last_overflow + HZ) returns false, just because these two values are
too far apart. In that case, the synflood timestamp isn't updated as
it should be, which can trick tcp_synq_no_recent_overflow() into
rejecting valid syncookies.
For example, let's consider the following scenario on a system
with HZ=1000:
* The synflood timestamp is 0, either because that's the timestamp
of the last synflood or, more commonly, because we're working with
a freshly created socket.
* We receive a new SYN, which triggers synflood protection. Let's say
that this happens when jiffies ==
2147484649 (that is,
'synflood timestamp' + HZ + 2^31 + 1).
* Then tcp_synq_overflow() doesn't update the synflood timestamp,
because time_after32(
2147484649, 1000) returns false.
With:
-
2147484649: the value of jiffies, aka. 'now'.
- 1000: the value of 'last_overflow' + HZ.
* A bit later, we receive the ACK completing the 3WHS. But
cookie_v[46]_check() rejects it because tcp_synq_no_recent_overflow()
says that we're not under synflood. That's because
time_after32(
2147484649, 120000) returns false.
With:
-
2147484649: the value of jiffies, aka. 'now'.
- 120000: the value of 'last_overflow' + TCP_SYNCOOKIE_VALID.
Of course, in reality jiffies would have increased a bit, but this
condition will last for the next 119 seconds, which is far enough
to accommodate for jiffie's growth.
Fix this by updating the overflow timestamp whenever jiffies isn't
within the [last_overflow, last_overflow + HZ] range. That shouldn't
have any performance impact since the update still happens at most once
per second.
Now we're guaranteed to have fresh timestamps while under synflood, so
tcp_synq_no_recent_overflow() can safely use it with time_after32() in
such situations.
Stale timestamps can still make tcp_synq_no_recent_overflow() return
the wrong verdict when not under synflood. This will be handled in the
next patch.
For 64 bits architectures, the problem was introduced with the
conversion of ->tw_ts_recent_stamp to 32 bits integer by commit
cca9bab1b72c ("tcp: use monotonic timestamps for PAWS").
The problem has always been there on 32 bits architectures.
Fixes: cca9bab1b72c ("tcp: use monotonic timestamps for PAWS")
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Sat, 7 Dec 2019 04:52:16 +0000 (20:52 -0800)]
Merge tag 'mlx5-fixes-2019-12-05' of git://git./linux/kernel/git/saeed/linux
Saeed Mahameed says:
====================
Mellanox, mlx5 fixes 2019-12-05
This series introduces some fixes to mlx5 driver.
Please pull and let me know if there is any problem.
For -stable v4.19:
('net/mlx5e: Query global pause state before setting prio2buffer')
For -stable v5.3
('net/mlx5e: Fix SFF 8472 eeprom length')
('net/mlx5e: Fix translation of link mode into speed')
('net/mlx5e: Fix freeing flow with kfree() and not kvfree()')
('net/mlx5e: ethtool, Fix analysis of speed setting')
('net/mlx5e: Fix TXQ indices to be sequential')
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Bruno Carneiro da Cunha [Thu, 5 Dec 2019 20:16:26 +0000 (17:16 -0300)]
lpc_eth: kernel BUG on remove
We may have found a bug in the nxp/lpc_eth.c driver. The function
platform_set_drvdata() is called twice, the second time it is called,
in lpc_mii_init(), it overwrites the struct net_device which should be
at pdev->dev->driver_data with pldat->mii_bus. When trying to remove
the driver, in lpc_eth_drv_remove(), platform_get_drvdata() will
return the pldat->mii_bus pointer and try to use it as a struct
net_device pointer. This causes unregister_netdev to segfault and
generate a kernel BUG. Is this reproducible?
Signed-off-by: Daniel Martinez <linux@danielsmartinez.com>
Signed-off-by: Bruno Carneiro da Cunha <brunocarneirodacunha@usp.br>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Thu, 5 Dec 2019 18:10:15 +0000 (10:10 -0800)]
tcp: md5: fix potential overestimation of TCP option space
Back in 2008, Adam Langley fixed the corner case of packets for flows
having all of the following options : MD5 TS SACK
Since MD5 needs 20 bytes, and TS needs 12 bytes, no sack block
can be cooked from the remaining 8 bytes.
tcp_established_options() correctly sets opts->num_sack_blocks
to zero, but returns 36 instead of 32.
This means TCP cooks packets with 4 extra bytes at the end
of options, containing unitialized bytes.
Fixes: 33ad798c924b ("tcp: options clean up")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Sat, 7 Dec 2019 04:45:09 +0000 (20:45 -0800)]
Merge branch 'net-tc-indirect-block-relay'
John Hurley says:
====================
Ensure egress un/bind are relayed with indirect blocks
On register and unregister for indirect blocks, a command is called that
sends a bind/unbind event to the registering driver. This command assumes
that the bind to indirect block will be on ingress. However, drivers such
as NFP have allowed binding to clsact qdiscs as well as ingress qdiscs
from mainline Linux 5.2. A clsact qdisc binds to an ingress and an egress
block.
Rather than assuming that an indirect bind is always ingress, modify the
function names to remove the ingress tag (patch 1). In cls_api, which is
used by NFP to offload TC flower, generate bind/unbind message for both
ingress and egress blocks on the event of indirectly
registering/unregistering from that block. Doing so mimics the behaviour
of both ingress and clsact qdiscs on initialise and destroy.
This now ensures that drivers such as NFP receive the correct binder type
for the indirect block registration.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
John Hurley [Thu, 5 Dec 2019 17:03:35 +0000 (17:03 +0000)]
net: sched: allow indirect blocks to bind to clsact in TC
When a device is bound to a clsact qdisc, bind events are triggered to
registered drivers for both ingress and egress. However, if a driver
registers to such a device using the indirect block routines then it is
assumed that it is only interested in ingress offload and so only replays
ingress bind/unbind messages.
The NFP driver supports the offload of some egress filters when
registering to a block with qdisc of type clsact. However, on unregister,
if the block is still active, it will not receive an unbind egress
notification which can prevent proper cleanup of other registered
callbacks.
Modify the indirect block callback command in TC to send messages of
ingress and/or egress bind depending on the qdisc in use. NFP currently
supports egress offload for TC flower offload so the changes are only
added to TC.
Fixes: 4d12ba42787b ("nfp: flower: allow offloading of matches on 'internal' ports")
Signed-off-by: John Hurley <john.hurley@netronome.com>
Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
John Hurley [Thu, 5 Dec 2019 17:03:34 +0000 (17:03 +0000)]
net: core: rename indirect block ingress cb function
With indirect blocks, a driver can register for callbacks from a device
that is does not 'own', for example, a tunnel device. When registering to
or unregistering from a new device, a callback is triggered to generate
a bind/unbind event. This, in turn, allows the driver to receive any
existing rules or to properly clean up installed rules.
When first added, it was assumed that all indirect block registrations
would be for ingress offloads. However, the NFP driver can, in some
instances, support clsact qdisc binds for egress offload.
Change the name of the indirect block callback command in flow_offload to
remove the 'ingress' identifier from it. While this does not change
functionality, a follow up patch will implement a more more generic
callback than just those currently just supporting ingress offload.
Fixes: 4d12ba42787b ("nfp: flower: allow offloading of matches on 'internal' ports")
Signed-off-by: John Hurley <john.hurley@netronome.com>
Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jouni Hogander [Thu, 5 Dec 2019 13:57:07 +0000 (15:57 +0200)]
net-sysfs: Call dev_hold always in netdev_queue_add_kobject
Dev_hold has to be called always in netdev_queue_add_kobject.
Otherwise usage count drops below 0 in case of failure in
kobject_init_and_add.
Fixes: b8eb718348b8 ("net-sysfs: Fix reference count leak in rx|netdev_queue_add_kobject")
Reported-by: Hulk Robot <hulkci@huawei.com>
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: David Miller <davem@davemloft.net>
Cc: Lukas Bulwahn <lukas.bulwahn@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Alexander Lobakin [Thu, 5 Dec 2019 10:02:35 +0000 (13:02 +0300)]
net: dsa: fix flow dissection on Tx path
Commit
43e665287f93 ("net-next: dsa: fix flow dissection") added an
ability to override protocol and network offset during flow dissection
for DSA-enabled devices (i.e. controllers shipped as switch CPU ports)
in order to fix skb hashing for RPS on Rx path.
However, skb_hash() and added part of code can be invoked not only on
Rx, but also on Tx path if we have a multi-queued device and:
- kernel is running on UP system or
- XPS is not configured.
The call stack in this two cases will be like: dev_queue_xmit() ->
__dev_queue_xmit() -> netdev_core_pick_tx() -> netdev_pick_tx() ->
skb_tx_hash() -> skb_get_hash().
The problem is that skbs queued for Tx have both network offset and
correct protocol already set up even after inserting a CPU tag by DSA
tagger, so calling tag_ops->flow_dissect() on this path actually only
breaks flow dissection and hashing.
This can be observed by adding debug prints just before and right after
tag_ops->flow_dissect() call to the related block of code:
Before the patch:
Rx path (RPS):
[ 19.240001] Rx: proto: 0x00f8, nhoff: 0 /* ETH_P_XDSA */
[ 19.244271] tag_ops->flow_dissect()
[ 19.247811] Rx: proto: 0x0800, nhoff: 8 /* ETH_P_IP */
[ 19.215435] Rx: proto: 0x00f8, nhoff: 0 /* ETH_P_XDSA */
[ 19.219746] tag_ops->flow_dissect()
[ 19.223241] Rx: proto: 0x0806, nhoff: 8 /* ETH_P_ARP */
[ 18.654057] Rx: proto: 0x00f8, nhoff: 0 /* ETH_P_XDSA */
[ 18.658332] tag_ops->flow_dissect()
[ 18.661826] Rx: proto: 0x8100, nhoff: 8 /* ETH_P_8021Q */
Tx path (UP system):
[ 18.759560] Tx: proto: 0x0800, nhoff: 26 /* ETH_P_IP */
[ 18.763933] tag_ops->flow_dissect()
[ 18.767485] Tx: proto: 0x920b, nhoff: 34 /* junk */
[ 22.800020] Tx: proto: 0x0806, nhoff: 26 /* ETH_P_ARP */
[ 22.804392] tag_ops->flow_dissect()
[ 22.807921] Tx: proto: 0x920b, nhoff: 34 /* junk */
[ 16.898342] Tx: proto: 0x86dd, nhoff: 26 /* ETH_P_IPV6 */
[ 16.902705] tag_ops->flow_dissect()
[ 16.906227] Tx: proto: 0x920b, nhoff: 34 /* junk */
After:
Rx path (RPS):
[ 16.520993] Rx: proto: 0x00f8, nhoff: 0 /* ETH_P_XDSA */
[ 16.525260] tag_ops->flow_dissect()
[ 16.528808] Rx: proto: 0x0800, nhoff: 8 /* ETH_P_IP */
[ 15.484807] Rx: proto: 0x00f8, nhoff: 0 /* ETH_P_XDSA */
[ 15.490417] tag_ops->flow_dissect()
[ 15.495223] Rx: proto: 0x0806, nhoff: 8 /* ETH_P_ARP */
[ 17.134621] Rx: proto: 0x00f8, nhoff: 0 /* ETH_P_XDSA */
[ 17.138895] tag_ops->flow_dissect()
[ 17.142388] Rx: proto: 0x8100, nhoff: 8 /* ETH_P_8021Q */
Tx path (UP system):
[ 15.499558] Tx: proto: 0x0800, nhoff: 26 /* ETH_P_IP */
[ 20.664689] Tx: proto: 0x0806, nhoff: 26 /* ETH_P_ARP */
[ 18.565782] Tx: proto: 0x86dd, nhoff: 26 /* ETH_P_IPV6 */
In order to fix that we can add the check 'proto == htons(ETH_P_XDSA)'
to prevent code from calling tag_ops->flow_dissect() on Tx.
I also decided to initialize 'offset' variable so tagger callbacks can
now safely leave it untouched without provoking a chaos.
Fixes: 43e665287f93 ("net-next: dsa: fix flow dissection")
Signed-off-by: Alexander Lobakin <alobakin@dlink.ru>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Valentin Vidic [Thu, 5 Dec 2019 06:41:18 +0000 (07:41 +0100)]
net/tls: Fix return values to avoid ENOTSUPP
ENOTSUPP is not available in userspace, for example:
setsockopt failed, 524, Unknown error 524
Signed-off-by: Valentin Vidic <vvidic@valentin-vidic.from.hr>
Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Sat, 7 Dec 2019 00:12:39 +0000 (16:12 -0800)]
Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm
Pull ARM fixes from Russell King:
- fix CPU topology setup for SCHED_MC case
- fix VDSO regression
* tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm:
ARM: 8947/1: Fix __arch_get_hw_counter() access to CNTVCT
ARM: 8943/1: Fix topology setup in case of CPU hotplug for CONFIG_SCHED_MC
Linus Torvalds [Fri, 6 Dec 2019 22:19:37 +0000 (14:19 -0800)]
Merge tag 'armsoc-fixes' of git://git./linux/kernel/git/soc/soc
Pull ARM SoC fixes from Olof Johansson:
"A set of fixes that we've merged late, but for the most part that have
been sitting in -next for a while through platform maintainer trees:
- Fixes to suspend/resume on Tegra, caused by the added features this
merge window
- Cleanups and minor fixes to TI additions this merge window
- Tee fixes queued up late before the merge window, included here.
- A handful of other fixlets
There's also a refresh of the shareed config files (multi_v* on
32-bit, and defconfig on 64-bit), to avoid conflicts when we get new
contributions"
* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (32 commits)
ARM: multi_v7_defconfig: Restore debugfs support
ARM: defconfig: re-run savedefconfig on multi_v* configs
arm64: defconfig: re-run savedefconfig
ARM: pxa: Fix resource properties
soc: mediatek: cmdq: fixup wrong input order of write api
soc: aspeed: Fix snoop_file_poll()'s return type
MAINTAINERS: Switch to Marvell addresses
MAINTAINERS: update Cavium ThunderX drivers
Revert "arm64: dts: juno: add dma-ranges property"
MAINTAINERS: Make Nicolas Saenz Julienne the new bcm2835 maintainer
firmware: arm_scmi: Avoid double free in error flow
arm64: dts: juno: Fix UART frequency
ARM: dts: Fix sgx sysconfig register for omap4
arm: socfpga: execute cold reboot by default
ARM: dts: Fix vcsi regulator to be always-on for droid4 to prevent hangs
ARM: dts: dra7: fix cpsw mdio fck clock
ARM: dts: am57xx-beagle-x15: Update pinmux name to ddr_3_3v
ARM: dts: omap3-tao3530: Fix incorrect MMC card detection GPIO polarity
soc/tegra: pmc: Add reset sources and levels on Tegra194
soc/tegra: pmc: Add missing IRQ callbacks on Tegra194
...
Linus Torvalds [Fri, 6 Dec 2019 22:18:01 +0000 (14:18 -0800)]
Merge tag 'arm64-upstream' of git://git./linux/kernel/git/arm64/linux
Pull arm64 fixes from Catalin Marinas:
- ZONE_DMA32 initialisation fix when memblocks fall entirely within the
first GB (used by ZONE_DMA in 5.5 for Raspberry Pi 4).
- Couple of ftrace fixes following the FTRACE_WITH_REGS patchset.
- access_ok() fix for the Tagged Address ABI when called from from a
kernel thread (asynchronous I/O): the kthread does not have the TIF
flags of the mm owner, so untag the user address unconditionally.
- KVM compute_layout() called before the alternatives code patching.
- Minor clean-ups.
* tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: entry: refine comment of stack overflow check
arm64: ftrace: fix ifdeffery
arm64: KVM: Invoke compute_layout() before alternatives are applied
arm64: Validate tagged addresses in access_ok() called from kernel threads
arm64: mm: Fix column alignment for UXN in kernel_page_tables
arm64: insn: consistently handle exit text
arm64: mm: Fix initialisation of DMA zones on non-NUMA systems
David Howells [Fri, 6 Dec 2019 21:34:51 +0000 (21:34 +0000)]
pipe: Fix iteration end check in fuse_dev_splice_write()
Fix the iteration end check in fuse_dev_splice_write(). The iterator
position can only be compared with == or != since wrappage may be involved.
Fixes: 8cefc107ca54 ("pipe: Use head and tail pointers for the ring, not cursor and length")
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Fri, 6 Dec 2019 21:36:31 +0000 (13:36 -0800)]
Merge tag 'powerpc-5.5-2' of git://git./linux/kernel/git/powerpc/linux
Pull more powerpc updates from Michael Ellerman:
"A few commits splitting the KASAN instrumented bitops header in three,
to match the split of the asm-generic bitops headers.
This is needed on powerpc because we use the generic bitops for the
non-atomic case only, whereas the existing KASAN instrumented bitops
assume all the underlying operations are provided by the arch as
arch_foo() versions.
Thanks to: Daniel Axtens & Christophe Leroy"
* tag 'powerpc-5.5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
docs/core-api: Remove possibly confusing sub-headings from Bit Operations
powerpc: support KASAN instrumentation of bitops
kasan: support instrumented bitops combined with generic bitops
Linus Torvalds [Fri, 6 Dec 2019 21:34:31 +0000 (13:34 -0800)]
Merge tag 'powerpc-5.5-3' of git://git./linux/kernel/git/powerpc/linux
Pull powerpc fixes from Michael Ellerman:
"One fix for a regression introduced by our recent rework of cache
flushing on memory hotunplug.
Like several other arches, our VDSO clock_getres() needed a fix to
match the semantics of posix_get_hrtimer_res().
A fix for a boot crash on Power9 LPARs using PCI LSI interrupts.
A commit disabling use of the trace_imc PMU (not the core PMU) on
Power9 systems, because it can lead to checkstops, until a workaround
is developed.
A handful of other minor fixes.
Thanks to: Aneesh Kumar K.V, Anju T Sudhakar, Ard Biesheuvel,
Christophe Leroy, Cédric Le Goater, Madhavan Srinivasan, Vincenzo
Frascino"
* tag 'powerpc-5.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
powerpc/perf: Disable trace_imc pmu
powerpc/powernv: Avoid re-registration of imc debugfs directory
powerpc/pmem: Convert to EXPORT_SYMBOL_GPL
powerpc/archrandom: fix arch_get_random_seed_int()
powerpc: Fix vDSO clock_getres()
powerpc/pmem: Fix kernel crash due to wrong range value usage in flush_dcache_range
powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts
powerpc/kasan: Fix boot failure with RELOCATABLE && FSL_BOOKE
Linus Torvalds [Fri, 6 Dec 2019 21:06:14 +0000 (13:06 -0800)]
Merge tag 'sound-fix-5.5-rc1' of git://git./linux/kernel/git/tiwai/sound
Pull more sound updates from Takashi Iwai:
"A few last-minute updates, most of them are the regression fixes:
- AMD HD-audio HDMI runtime PM improvements
- Fixes for HD-audio HDMI regressions wrt DP-MST
- A regression fix for the previous aloop enhancement
- A fix for a long-time problem in PCM OSS layer that was spotted by
fuzzer now
- A few HD-audio quirks"
* tag 'sound-fix-5.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: pcm: oss: Avoid potential buffer overflows
ALSA: hda: hdmi - Keep old slot assignment behavior for Intel platforms
ALSA: hda: Modify stream stripe mask only when needed
ALSA: hda - fixup for the bass speaker on Lenovo Carbon X1 7th gen
ALSA: hda: hdmi - preserve non-MST PCM routing for Intel platforms
ALSA: hda: hdmi - fix kernel oops caused by invalid PCM idx
ALSA: hda/realtek - Fix inverted bass GPIO pin on Acer 8951G
ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236
ALSA: hda: hdmi - fix regression in connect list handling
ALSA: aloop: Avoid pointer dereference before null-check
ALSA: hda/hdmi - enable automatic runtime pm for AMD HDMI codecs by default
ALSA: hda/hdmi - enable runtime pm for newer AMD display audio
ALSA: hda/hdmi - Add new pci ids for AMD GPU display audio
ALSA: hda/hdmi - fix vgaswitcheroo detection for AMD
Linus Torvalds [Fri, 6 Dec 2019 20:40:35 +0000 (12:40 -0800)]
pipe: fix incorrect caching of pipe state over pipe_wait()
Similarly to commit
8f868d68d335 ("pipe: Fix missing mask update after
pipe_wait()") this fixes a case where the pipe rewrite ended up caching
the pipe state incorrectly over a pipe lock drop event.
It wasn't quite as obvious, because you needed to splice data from a
pipe to a file, which is a fairly unusual operation, but it's completely
wrong.
Make sure we load the pipe head/tail/size information only after we've
waited for there to be data in the pipe.
While in that file, also make one of the splice helper functions use the
canonical arghument order for pipe_empty(). That's syntactic - pipe
emptiness is just that head and tail are equal, and thus mixing up head
and tail doesn't really matter. It's still wrong, though.
Reported-by: David Sterba <dsterba@suse.cz>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Steve French [Fri, 6 Dec 2019 08:02:38 +0000 (02:02 -0600)]
smb3: fix mode passed in on create for modetosid mount option
When using the special SID to store the mode bits in an ACE (See
http://technet.microsoft.com/en-us/library/hh509017(v=ws.10).aspx)
which is enabled with mount parm "modefromsid" we were not
passing in the mode via SMB3 create (although chmod was enabled).
SMB3 create allows a security descriptor context to be passed
in (which is more atomic and thus preferable to setting the mode
bits after create via a setinfo).
This patch enables setting the mode bits on create when using
modefromsid mount option. In addition it fixes an endian
error in the definition of the Control field flags in the SMB3
security descriptor. It also makes the ACE type of the special
SID better match the documentation (and behavior of servers
which use this to store mode bits in SMB3 ACLs).
Signed-off-by: Steve French <stfrench@microsoft.com>
Acked-by: Ronnie Sahlberg <lsahlber@redhat.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>