LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH 4.19 00/87] 4.19.108-stable review
@ 2020-03-03 17:42 Greg Kroah-Hartman
  2020-03-03 17:42 ` [PATCH 4.19 01/87] irqchip/gic-v3-its: Fix misuse of GENMASK macro Greg Kroah-Hartman
                   ` (90 more replies)
  0 siblings, 91 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:42 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
	ben.hutchings, lkft-triage, stable

This is the start of the stable review cycle for the 4.19.108 release.
There are 87 patches in this series, all will be posted as a response
to this one.  If anyone has any issues with these being applied, please
let me know.

Responses should be made by Thu, 05 Mar 2020 17:43:27 +0000.
Anything received after that time might be too late.

The whole patch series can be found in one patch at:
	https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.108-rc1.gz
or in the git tree and branch at:
	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
and the diffstat can be found below.

thanks,

greg k-h

-------------
Pseudo-Shortlog of commits:

Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Linux 4.19.108-rc1

David Rientjes <rientjes@google.com>
    mm, thp: fix defrag setting if newline is not used

Wei Yang <richardw.yang@linux.intel.com>
    mm/huge_memory.c: use head to check huge zero page

Daniel Jordan <daniel.m.jordan@oracle.com>
    padata: always acquire cpu_hotplug_lock before pinst->lock

Matteo Croce <mcroce@redhat.com>
    netfilter: nf_flowtable: fix documentation

Xin Long <lucien.xin@gmail.com>
    netfilter: nft_tunnel: no need to call htons() when dumping ports

Florian Fainelli <f.fainelli@gmail.com>
    thermal: brcmstb_thermal: Do not use DT coefficients

Sean Christopherson <sean.j.christopherson@intel.com>
    KVM: x86: Remove spurious clearing of async #PF MSR

Sean Christopherson <sean.j.christopherson@intel.com>
    KVM: x86: Remove spurious kvm_mmu_unload() from vcpu destruction path

Arnaldo Carvalho de Melo <acme@redhat.com>
    perf hists browser: Restore ESC as "Zoom out" of DSO/thread/etc

Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
    pwm: omap-dmtimer: put_device() after of_find_device_by_node()

Masami Hiramatsu <mhiramat@kernel.org>
    kprobes: Set unoptimized flag after unoptimizing code

Christophe JAILLET <christophe.jaillet@wanadoo.fr>
    drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()'

Ravi Bangoria <ravi.bangoria@linux.ibm.com>
    perf stat: Fix shadow stats for clock events

Ravi Bangoria <ravi.bangoria@linux.ibm.com>
    perf stat: Use perf_evsel__is_clocki() for clock events

Vincent Guittot <vincent.guittot@linaro.org>
    sched/fair: Fix O(nr_cgroups) in the load balancing path

Vincent Guittot <vincent.guittot@linaro.org>
    sched/fair: Optimize update_blocked_averages()

Sean Christopherson <sean.j.christopherson@intel.com>
    KVM: Check for a bad hva before dropping into the ghc slow path

Tom Lendacky <thomas.lendacky@amd.com>
    KVM: SVM: Override default MMIO mask if memory encryption is enabled

Brian Norris <briannorris@chromium.org>
    mwifiex: delete unused mwifiex_get_intf_num()

Brian Norris <briannorris@chromium.org>
    mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame()

Aleksa Sarai <cyphar@cyphar.com>
    namei: only return -ECHILD from follow_dotdot_rcu()

Arthur Kiyanovski <akiyano@amazon.com>
    net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE

Ursula Braun <ubraun@linux.ibm.com>
    net/smc: no peer ID in CLC decline for SMCD

Pavel Belous <pbelous@marvell.com>
    net: atlantic: fix potential error handling

Pavel Belous <pbelous@marvell.com>
    net: atlantic: fix use after free kasan warn

Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
    net: netlink: cap max groups which will be considered in netlink_bind()

Alexandra Winter <wintera@linux.ibm.com>
    s390/qeth: vnicc Fix EOPNOTSUPP precedence

Peter Chen <peter.chen@nxp.com>
    usb: charger: assign specific number for enum value

Haiyang Zhang <haiyangz@microsoft.com>
    hv_netvsc: Fix unwanted wakeup in netvsc_attach()

Tina Zhang <tina.zhang@intel.com>
    drm/i915/gvt: Separate display reset from ALL_ENGINES reset

Tina Zhang <tina.zhang@intel.com>
    drm/i915/gvt: Fix orphan vgpu dmabuf_objs' lifetime

Wolfram Sang <wsa@the-dreams.de>
    i2c: jz4780: silence log flood on txabrt

Gustavo A. R. Silva <gustavo@embeddedor.com>
    i2c: altera: Fix potential integer overflow

Christophe JAILLET <christophe.jaillet@wanadoo.fr>
    MIPS: VPE: Fix a double free and a memory leak in 'release_vpe()'

dan.carpenter@oracle.com <dan.carpenter@oracle.com>
    HID: hiddev: Fix race in in hiddev_disconnect()

Christophe JAILLET <christophe.jaillet@wanadoo.fr>
    HID: alps: Fix an error handling path in 'alps_input_configured()'

Eugenio Pérez <eperezma@redhat.com>
    vhost: Check docket sk_family instead of call getname

Shirish S <shirish.s@amd.com>
    amdgpu/gmc_v9: save/restore sdpif regs during S3

Orson Zhai <orson.unisoc@gmail.com>
    Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs"

Steven Rostedt (VMware) <rostedt@goodmis.org>
    tracing: Disable trace_printk() on post poned tests

Wolfram Sang <wsa@the-dreams.de>
    macintosh: therm_windtunnel: fix regression when instantiating devices

Johan Korsnes <jkorsnes@cisco.com>
    HID: core: increase HID report buffer size to 8KiB

Johan Korsnes <jkorsnes@cisco.com>
    HID: core: fix off-by-one memset in hid_report_raw_event()

Hans de Goede <hdegoede@redhat.com>
    HID: ite: Only bind to keyboard USB interface on Acer SW5-012 keyboard dock

Oliver Upton <oupton@google.com>
    KVM: VMX: check descriptor table exits on instruction emulation

Mika Westerberg <mika.westerberg@linux.intel.com>
    ACPI: watchdog: Fix gas->access_width usage

Mika Westerberg <mika.westerberg@linux.intel.com>
    ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro

Paul Moore <paul@paul-moore.com>
    audit: fix error handling in audit_data_to_entry()

Dan Carpenter <dan.carpenter@oracle.com>
    ext4: potential crash on allocation error in ext4_alloc_flex_bg_array()

Rohit Maheshwari <rohitm@chelsio.com>
    net/tls: Fix to avoid gettig invalid tls record

Michal Kalderon <michal.kalderon@marvell.com>
    qede: Fix race between rdma destroy workqueue and link change event

Benjamin Poirier <bpoirier@cumulusnetworks.com>
    ipv6: Fix nlmsg_flags when splitting a multipath route

Benjamin Poirier <bpoirier@cumulusnetworks.com>
    ipv6: Fix route replacement with dev-only route

Xin Long <lucien.xin@gmail.com>
    sctp: move the format error check out of __sctp_sf_do_9_1_abort

Dmitry Osipenko <digetx@gmail.com>
    nfc: pn544: Fix occasional HW initialization failure

Jason Baron <jbaron@akamai.com>
    net: sched: correct flower port blocking

Arun Parameswaran <arun.parameswaran@broadcom.com>
    net: phy: restore mdio regs in the iproc mdio driver

Horatiu Vultur <horatiu.vultur@microchip.com>
    net: mscc: fix in frame extraction

Jethro Beekman <jethro@fortanix.com>
    net: fib_rules: Correctly set table field when table number exceeds 8 bits

Petr Mladek <pmladek@suse.com>
    sysrq: Remove duplicated sysrq message

Petr Mladek <pmladek@suse.com>
    sysrq: Restore original console_loglevel when sysrq disabled

Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
    cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE

Coly Li <colyli@suse.de>
    bcache: ignore pending signals when creating gc and allocator thread

Frank Sorenson <sorenson@redhat.com>
    cifs: Fix mode output in debugging statements

Arthur Kiyanovski <akiyano@amazon.com>
    net: ena: ena-com.c: prevent NULL pointer dereference

Sameeh Jubran <sameehj@amazon.com>
    net: ena: ethtool: use correct value for crc32 hash

Arthur Kiyanovski <akiyano@amazon.com>
    net: ena: fix incorrectly saving queue numbers when setting RSS indirection table

Arthur Kiyanovski <akiyano@amazon.com>
    net: ena: rss: store hash function as values and not bits

Sameeh Jubran <sameehj@amazon.com>
    net: ena: rss: fix failure to get indirection table

Arthur Kiyanovski <akiyano@amazon.com>
    net: ena: fix incorrect default RSS key

Arthur Kiyanovski <akiyano@amazon.com>
    net: ena: add missing ethtool TX timestamping indication

Arthur Kiyanovski <akiyano@amazon.com>
    net: ena: fix uses of round_jiffies()

Arthur Kiyanovski <akiyano@amazon.com>
    net: ena: fix potential crash when rxfh key is NULL

Thierry Reding <treding@nvidia.com>
    soc/tegra: fuse: Fix build with Tegra194 configuration

Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
    ARM: dts: sti: fixup sound frame-inversion for stihxxx-b2120.dtsi

Peter Zijlstra <peterz@infradead.org>
    arm/ftrace: Fix BE text poking

Bjørn Mork <bjorn@mork.no>
    qmi_wwan: unconditionally reject 2 ep interfaces

Bjørn Mork <bjorn@mork.no>
    qmi_wwan: re-add DW5821e pre-production variant

Harald Freudenberger <freude@linux.ibm.com>
    s390/zcrypt: fix card and queue total counter wrap

Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
    cfg80211: check wiphy driver existence for drvinfo report

Johannes Berg <johannes.berg@intel.com>
    mac80211: consider more elements in parsing CRC

Jeff Moyer <jmoyer@redhat.com>
    dax: pass NOWAIT flag to iomap_apply

Scott Wood <swood@redhat.com>
    sched/core: Don't skip remote tick for idle CPUs

Sean Paul <seanpaul@chromium.org>
    drm/msm: Set dma maximum segment size for mdss

Corey Minyard <cminyard@mvista.com>
    ipmi:ssif: Handle a possible NULL pointer reference

Johannes Berg <johannes.berg@intel.com>
    iwlwifi: pcie: fix rb_allocator workqueue allocation

Joe Perches <joe@perches.com>
    irqchip/gic-v3-its: Fix misuse of GENMASK macro


-------------

Diffstat:

 Documentation/networking/nf_flowtable.txt          |  2 +-
 Makefile                                           |  4 +-
 arch/arm/boot/dts/stihxxx-b2120.dtsi               |  2 +-
 arch/arm/kernel/ftrace.c                           |  7 +-
 arch/mips/kernel/vpe.c                             |  2 +-
 arch/x86/kvm/svm.c                                 | 43 +++++++++++++
 arch/x86/kvm/vmx.c                                 | 15 +++++
 arch/x86/kvm/x86.c                                 |  6 --
 drivers/acpi/acpi_watchdog.c                       |  3 +-
 drivers/char/ipmi/ipmi_ssif.c                      | 10 ++-
 drivers/devfreq/devfreq.c                          |  4 +-
 drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.h            |  1 +
 drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c              | 37 ++++++++++-
 .../drm/amd/include/asic_reg/dce/dce_12_0_offset.h |  2 +
 drivers/gpu/drm/i915/gvt/dmabuf.c                  |  2 +-
 drivers/gpu/drm/i915/gvt/vgpu.c                    |  2 +-
 drivers/gpu/drm/msm/msm_drv.c                      |  8 +++
 drivers/hid/hid-alps.c                             |  2 +-
 drivers/hid/hid-core.c                             |  4 +-
 drivers/hid/hid-ite.c                              |  5 +-
 drivers/hid/usbhid/hiddev.c                        |  2 +-
 drivers/i2c/busses/i2c-altera.c                    |  2 +-
 drivers/i2c/busses/i2c-jz4780.c                    | 36 +----------
 drivers/irqchip/irq-gic-v3-its.c                   |  2 +-
 drivers/macintosh/therm_windtunnel.c               | 52 +++++++++------
 drivers/md/bcache/alloc.c                          | 18 +++++-
 drivers/md/bcache/btree.c                          | 13 ++++
 drivers/net/ethernet/amazon/ena/ena_com.c          | 48 +++++++++++---
 drivers/net/ethernet/amazon/ena/ena_com.h          |  9 +++
 drivers/net/ethernet/amazon/ena/ena_ethtool.c      | 46 ++++++++++++-
 drivers/net/ethernet/amazon/ena/ena_netdev.c       |  6 +-
 drivers/net/ethernet/amazon/ena/ena_netdev.h       |  2 +
 drivers/net/ethernet/apm/xgene/xgene_enet_main.c   |  2 +-
 drivers/net/ethernet/aquantia/atlantic/aq_nic.c    |  8 +--
 drivers/net/ethernet/aquantia/atlantic/aq_ring.c   |  7 +-
 drivers/net/ethernet/mscc/ocelot_board.c           |  8 +++
 drivers/net/ethernet/qlogic/qede/qede.h            |  2 +
 drivers/net/ethernet/qlogic/qede/qede_rdma.c       | 29 ++++++++-
 drivers/net/hyperv/netvsc.c                        |  2 +-
 drivers/net/hyperv/netvsc_drv.c                    |  3 +
 drivers/net/phy/mdio-bcm-iproc.c                   | 20 ++++++
 drivers/net/usb/qmi_wwan.c                         | 43 +++++--------
 drivers/net/wireless/intel/iwlwifi/pcie/trans.c    | 15 +++--
 drivers/net/wireless/marvell/mwifiex/main.h        | 13 ----
 drivers/net/wireless/marvell/mwifiex/tdls.c        | 75 ++++++++--------------
 drivers/nfc/pn544/i2c.c                            |  1 +
 drivers/pwm/pwm-omap-dmtimer.c                     | 21 ++++--
 drivers/s390/crypto/ap_bus.h                       |  4 +-
 drivers/s390/crypto/ap_card.c                      |  8 +--
 drivers/s390/crypto/ap_queue.c                     |  6 +-
 drivers/s390/crypto/zcrypt_api.c                   | 16 +++--
 drivers/s390/net/qeth_l2_main.c                    | 29 ++++-----
 drivers/soc/tegra/fuse/fuse-tegra30.c              |  3 +-
 drivers/thermal/broadcom/brcmstb_thermal.c         | 31 +++------
 drivers/tty/sysrq.c                                |  8 +--
 drivers/vhost/net.c                                | 10 +--
 drivers/watchdog/wdat_wdt.c                        |  2 +-
 fs/cifs/cifsacl.c                                  |  4 +-
 fs/cifs/connect.c                                  |  2 +-
 fs/cifs/inode.c                                    |  2 +-
 fs/dax.c                                           |  3 +
 fs/ext4/super.c                                    |  6 +-
 fs/namei.c                                         |  2 +-
 include/acpi/actypes.h                             |  3 +-
 include/linux/hid.h                                |  2 +-
 include/net/flow_dissector.h                       |  9 +++
 include/uapi/linux/usb/charger.h                   | 16 ++---
 kernel/auditfilter.c                               | 71 +++++++++++---------
 kernel/kprobes.c                                   |  4 +-
 kernel/padata.c                                    |  4 +-
 kernel/sched/core.c                                | 18 +++---
 kernel/sched/fair.c                                | 69 ++++++++++++++++----
 kernel/trace/trace.c                               |  2 +
 mm/huge_memory.c                                   | 26 +++-----
 net/core/fib_rules.c                               |  2 +-
 net/ipv6/ip6_fib.c                                 |  7 +-
 net/ipv6/route.c                                   |  1 +
 net/mac80211/util.c                                | 18 ++++--
 net/netfilter/nft_tunnel.c                         |  4 +-
 net/netlink/af_netlink.c                           |  5 +-
 net/sched/cls_flower.c                             |  1 +
 net/sctp/sm_statefuns.c                            | 29 ++++++---
 net/smc/smc_clc.c                                  |  4 +-
 net/tls/tls_device.c                               | 21 +++++-
 net/wireless/ethtool.c                             |  8 ++-
 net/wireless/nl80211.c                             |  1 +
 tools/perf/ui/browsers/hists.c                     |  1 +
 tools/perf/util/stat-shadow.c                      |  6 +-
 tools/testing/selftests/net/fib_tests.sh           |  6 ++
 virt/kvm/kvm_main.c                                | 12 ++--
 90 files changed, 722 insertions(+), 410 deletions(-)



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 01/87] irqchip/gic-v3-its: Fix misuse of GENMASK macro
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
@ 2020-03-03 17:42 ` Greg Kroah-Hartman
  2020-03-03 17:42 ` [PATCH 4.19 02/87] iwlwifi: pcie: fix rb_allocator workqueue allocation Greg Kroah-Hartman
                   ` (89 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:42 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Joe Perches, Thomas Gleixner,
	Marc Zyngier, Sasha Levin

From: Joe Perches <joe@perches.com>

[ Upstream commit 20faba848752901de23a4d45a1174d64d2069dde ]

Arguments are supposed to be ordered high then low.

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Link: https://lkml.kernel.org/r/ab5deb4fc3cd604cb620054770b7d00016d736bc.1562734889.git.joe@perches.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/irqchip/irq-gic-v3-its.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c
index bf7b69449b438..f9b73336a39ee 100644
--- a/drivers/irqchip/irq-gic-v3-its.c
+++ b/drivers/irqchip/irq-gic-v3-its.c
@@ -208,7 +208,7 @@ static struct its_collection *dev_event_to_col(struct its_device *its_dev,
 
 static struct its_collection *valid_col(struct its_collection *col)
 {
-	if (WARN_ON_ONCE(col->target_address & GENMASK_ULL(0, 15)))
+	if (WARN_ON_ONCE(col->target_address & GENMASK_ULL(15, 0)))
 		return NULL;
 
 	return col;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 02/87] iwlwifi: pcie: fix rb_allocator workqueue allocation
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
  2020-03-03 17:42 ` [PATCH 4.19 01/87] irqchip/gic-v3-its: Fix misuse of GENMASK macro Greg Kroah-Hartman
@ 2020-03-03 17:42 ` Greg Kroah-Hartman
  2020-03-03 17:42 ` [PATCH 4.19 03/87] ipmi:ssif: Handle a possible NULL pointer reference Greg Kroah-Hartman
                   ` (88 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:42 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Johannes Berg, Luca Coelho,
	Ajay Kaher, Sasha Levin

From: Johannes Berg <johannes.berg@intel.com>

commit 8188a18ee2e48c9a7461139838048363bfce3fef upstream

We don't handle failures in the rb_allocator workqueue allocation
correctly. To fix that, move the code earlier so the cleanup is
easier and we don't have to undo all the interrupt allocations in
this case.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
[Ajay: Modified to apply on v4.19.y and v4.14.y]
Signed-off-by: Ajay Kaher <akaher@vmware.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/trans.c b/drivers/net/wireless/intel/iwlwifi/pcie/trans.c
index 4f5571123f70a..24da496151353 100644
--- a/drivers/net/wireless/intel/iwlwifi/pcie/trans.c
+++ b/drivers/net/wireless/intel/iwlwifi/pcie/trans.c
@@ -3283,6 +3283,15 @@ struct iwl_trans *iwl_trans_pcie_alloc(struct pci_dev *pdev,
 	spin_lock_init(&trans_pcie->reg_lock);
 	mutex_init(&trans_pcie->mutex);
 	init_waitqueue_head(&trans_pcie->ucode_write_waitq);
+
+	trans_pcie->rba.alloc_wq = alloc_workqueue("rb_allocator",
+						   WQ_HIGHPRI | WQ_UNBOUND, 1);
+	if (!trans_pcie->rba.alloc_wq) {
+		ret = -ENOMEM;
+		goto out_free_trans;
+	}
+	INIT_WORK(&trans_pcie->rba.rx_alloc, iwl_pcie_rx_allocator_work);
+
 	trans_pcie->tso_hdr_page = alloc_percpu(struct iwl_tso_hdr_page);
 	if (!trans_pcie->tso_hdr_page) {
 		ret = -ENOMEM;
@@ -3485,10 +3494,6 @@ struct iwl_trans *iwl_trans_pcie_alloc(struct pci_dev *pdev,
 		trans_pcie->inta_mask = CSR_INI_SET_MASK;
 	 }
 
-	trans_pcie->rba.alloc_wq = alloc_workqueue("rb_allocator",
-						   WQ_HIGHPRI | WQ_UNBOUND, 1);
-	INIT_WORK(&trans_pcie->rba.rx_alloc, iwl_pcie_rx_allocator_work);
-
 #ifdef CONFIG_IWLWIFI_PCIE_RTPM
 	trans->runtime_pm_mode = IWL_PLAT_PM_MODE_D0I3;
 #else
@@ -3501,6 +3506,8 @@ out_free_ict:
 	iwl_pcie_free_ict(trans);
 out_no_pci:
 	free_percpu(trans_pcie->tso_hdr_page);
+	destroy_workqueue(trans_pcie->rba.alloc_wq);
+out_free_trans:
 	iwl_trans_free(trans);
 	return ERR_PTR(ret);
 }
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 03/87] ipmi:ssif: Handle a possible NULL pointer reference
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
  2020-03-03 17:42 ` [PATCH 4.19 01/87] irqchip/gic-v3-its: Fix misuse of GENMASK macro Greg Kroah-Hartman
  2020-03-03 17:42 ` [PATCH 4.19 02/87] iwlwifi: pcie: fix rb_allocator workqueue allocation Greg Kroah-Hartman
@ 2020-03-03 17:42 ` Greg Kroah-Hartman
  2020-03-03 17:42 ` [PATCH 4.19 04/87] drm/msm: Set dma maximum segment size for mdss Greg Kroah-Hartman
                   ` (87 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:42 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, kbuild test robot, Corey Minyard,
	Sasha Levin

From: Corey Minyard <cminyard@mvista.com>

[ Upstream commit 6b8526d3abc02c08a2f888e8c20b7ac9e5776dfe ]

In error cases a NULL can be passed to memcpy.  The length will always
be zero, so it doesn't really matter, but go ahead and check for NULL,
anyway, to be more precise and avoid static analysis errors.

Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/char/ipmi/ipmi_ssif.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/drivers/char/ipmi/ipmi_ssif.c b/drivers/char/ipmi/ipmi_ssif.c
index af44db2dfb68a..fec679433f72d 100644
--- a/drivers/char/ipmi/ipmi_ssif.c
+++ b/drivers/char/ipmi/ipmi_ssif.c
@@ -735,10 +735,14 @@ static void msg_done_handler(struct ssif_info *ssif_info, int result,
 	flags = ipmi_ssif_lock_cond(ssif_info, &oflags);
 	msg = ssif_info->curr_msg;
 	if (msg) {
+		if (data) {
+			if (len > IPMI_MAX_MSG_LENGTH)
+				len = IPMI_MAX_MSG_LENGTH;
+			memcpy(msg->rsp, data, len);
+		} else {
+			len = 0;
+		}
 		msg->rsp_size = len;
-		if (msg->rsp_size > IPMI_MAX_MSG_LENGTH)
-			msg->rsp_size = IPMI_MAX_MSG_LENGTH;
-		memcpy(msg->rsp, data, msg->rsp_size);
 		ssif_info->curr_msg = NULL;
 	}
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 04/87] drm/msm: Set dma maximum segment size for mdss
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (2 preceding siblings ...)
  2020-03-03 17:42 ` [PATCH 4.19 03/87] ipmi:ssif: Handle a possible NULL pointer reference Greg Kroah-Hartman
@ 2020-03-03 17:42 ` Greg Kroah-Hartman
  2020-03-04 15:13   ` Pavel Machek
  2020-03-03 17:42 ` [PATCH 4.19 05/87] sched/core: Dont skip remote tick for idle CPUs Greg Kroah-Hartman
                   ` (86 subsequent siblings)
  90 siblings, 1 reply; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:42 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Stephen Boyd, Sai Prakash Ranjan,
	Rob Clark, Sean Paul, Douglas Anderson, Sasha Levin

From: Sean Paul <seanpaul@chromium.org>

[ Upstream commit db735fc4036bbe1fbe606819b5f0ff26cc76cdff ]

Turning on CONFIG_DMA_API_DEBUG_SG results in the following error:

[   12.078665] msm ae00000.mdss: DMA-API: mapping sg segment longer than device claims to support [len=3526656] [max=65536]
[   12.089870] WARNING: CPU: 6 PID: 334 at /mnt/host/source/src/third_party/kernel/v4.19/kernel/dma/debug.c:1301 debug_dma_map_sg+0x1dc/0x318
[   12.102655] Modules linked in: joydev
[   12.106442] CPU: 6 PID: 334 Comm: frecon Not tainted 4.19.0 #2
[   12.112450] Hardware name: Google Cheza (rev3+) (DT)
[   12.117566] pstate: 60400009 (nZCv daif +PAN -UAO)
[   12.122506] pc : debug_dma_map_sg+0x1dc/0x318
[   12.126995] lr : debug_dma_map_sg+0x1dc/0x318
[   12.131487] sp : ffffff800cc3ba80
[   12.134913] x29: ffffff800cc3ba80 x28: 0000000000000000
[   12.140395] x27: 0000000000000004 x26: 0000000000000004
[   12.145868] x25: ffffff8008e55b18 x24: 0000000000000000
[   12.151337] x23: 00000000ffffffff x22: ffffff800921c000
[   12.156809] x21: ffffffc0fa75b080 x20: ffffffc0f7195090
[   12.162280] x19: ffffffc0f1c53280 x18: 0000000000000000
[   12.167749] x17: 0000000000000000 x16: 0000000000000000
[   12.173218] x15: 0000000000000000 x14: 0720072007200720
[   12.178689] x13: 0720072007200720 x12: 0720072007200720
[   12.184161] x11: 0720072007200720 x10: 0720072007200720
[   12.189641] x9 : ffffffc0f1fc6b60 x8 : 0000000000000000
[   12.195110] x7 : ffffff8008132ce0 x6 : 0000000000000000
[   12.200585] x5 : 0000000000000000 x4 : ffffff8008134734
[   12.206058] x3 : ffffff800cc3b830 x2 : ffffffc0f1fc6240
[   12.211532] x1 : 25045a74f48a7400 x0 : 25045a74f48a7400
[   12.217006] Call trace:
[   12.219535]  debug_dma_map_sg+0x1dc/0x318
[   12.223671]  get_pages+0x19c/0x20c
[   12.227177]  msm_gem_fault+0x64/0xfc
[   12.230874]  __do_fault+0x3c/0x140
[   12.234383]  __handle_mm_fault+0x70c/0xdb8
[   12.238603]  handle_mm_fault+0xac/0xc4
[   12.242473]  do_page_fault+0x1bc/0x3d4
[   12.246342]  do_translation_fault+0x54/0x88
[   12.250652]  do_mem_abort+0x60/0xf0
[   12.254250]  el0_da+0x20/0x24
[   12.257317] irq event stamp: 67260
[   12.260828] hardirqs last  enabled at (67259): [<ffffff8008132d0c>] console_unlock+0x214/0x608
[   12.269693] hardirqs last disabled at (67260): [<ffffff8008080e0c>] do_debug_exception+0x5c/0x178
[   12.278820] softirqs last  enabled at (67256): [<ffffff8008081664>] __do_softirq+0x4d4/0x520
[   12.287510] softirqs last disabled at (67249): [<ffffff80080be574>] irq_exit+0xa8/0x100
[   12.295742] ---[ end trace e63cfc40c313ffab ]---

The root of the problem is that the default segment size for sgt is
(UINT_MAX & PAGE_MASK), and the default segment size for device dma is
64K. As such, if you compare the 2, you would deduce that the sg segment
will overflow the device's capacity. In reality, the hardware can
accommodate the larger sg segments, it's just not initializing its max
segment properly. This patch initializes the max segment size for the
mdss device, which gets rid of that pesky warning.

Reported-by: Stephen Boyd <swboyd@chromium.org>
Tested-by: Stephen Boyd <swboyd@chromium.org>
Tested-by: Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>
Reviewed-by: Rob Clark <robdclark@gmail.com>
Signed-off-by: Sean Paul <seanpaul@chromium.org>
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20200121111813.REPOST.1.I92c66a35fb13f368095b05287bdabdbe88ca6922@changeid
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/msm/msm_drv.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/drivers/gpu/drm/msm/msm_drv.c b/drivers/gpu/drm/msm/msm_drv.c
index dbfd2c006f740..6f81de85fb860 100644
--- a/drivers/gpu/drm/msm/msm_drv.c
+++ b/drivers/gpu/drm/msm/msm_drv.c
@@ -492,6 +492,14 @@ static int msm_drm_init(struct device *dev, struct drm_driver *drv)
 	if (ret)
 		goto err_msm_uninit;
 
+	if (!dev->dma_parms) {
+		dev->dma_parms = devm_kzalloc(dev, sizeof(*dev->dma_parms),
+					      GFP_KERNEL);
+		if (!dev->dma_parms)
+			return -ENOMEM;
+	}
+	dma_set_max_seg_size(dev, DMA_BIT_MASK(32));
+
 	msm_gem_shrinker_init(ddev);
 
 	switch (get_mdp_ver(pdev)) {
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 05/87] sched/core: Dont skip remote tick for idle CPUs
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (3 preceding siblings ...)
  2020-03-03 17:42 ` [PATCH 4.19 04/87] drm/msm: Set dma maximum segment size for mdss Greg Kroah-Hartman
@ 2020-03-03 17:42 ` Greg Kroah-Hartman
  2020-03-04 15:15   ` Pavel Machek
  2020-03-03 17:42 ` [PATCH 4.19 06/87] dax: pass NOWAIT flag to iomap_apply Greg Kroah-Hartman
                   ` (85 subsequent siblings)
  90 siblings, 1 reply; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:42 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Scott Wood, Peter Zijlstra (Intel),
	Ingo Molnar, Sasha Levin

From: Scott Wood <swood@redhat.com>

[ Upstream commit 488603b815a7514c7009e6fc339d74ed4a30f343 ]

This will be used in the next patch to get a loadavg update from
nohz cpus.  The delta check is skipped because idle_sched_class
doesn't update se.exec_start.

Signed-off-by: Scott Wood <swood@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lkml.kernel.org/r/1578736419-14628-2-git-send-email-swood@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/sched/core.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index 2befd2c4ce9e6..3c7e039eae9a1 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -3117,22 +3117,24 @@ static void sched_tick_remote(struct work_struct *work)
 	 * statistics and checks timeslices in a time-independent way, regardless
 	 * of when exactly it is running.
 	 */
-	if (idle_cpu(cpu) || !tick_nohz_tick_stopped_cpu(cpu))
+	if (!tick_nohz_tick_stopped_cpu(cpu))
 		goto out_requeue;
 
 	rq_lock_irq(rq, &rf);
 	curr = rq->curr;
-	if (is_idle_task(curr) || cpu_is_offline(cpu))
+	if (cpu_is_offline(cpu))
 		goto out_unlock;
 
 	update_rq_clock(rq);
-	delta = rq_clock_task(rq) - curr->se.exec_start;
 
-	/*
-	 * Make sure the next tick runs within a reasonable
-	 * amount of time.
-	 */
-	WARN_ON_ONCE(delta > (u64)NSEC_PER_SEC * 3);
+	if (!is_idle_task(curr)) {
+		/*
+		 * Make sure the next tick runs within a reasonable
+		 * amount of time.
+		 */
+		delta = rq_clock_task(rq) - curr->se.exec_start;
+		WARN_ON_ONCE(delta > (u64)NSEC_PER_SEC * 3);
+	}
 	curr->sched_class->task_tick(rq, curr, 0);
 
 out_unlock:
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 06/87] dax: pass NOWAIT flag to iomap_apply
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (4 preceding siblings ...)
  2020-03-03 17:42 ` [PATCH 4.19 05/87] sched/core: Dont skip remote tick for idle CPUs Greg Kroah-Hartman
@ 2020-03-03 17:42 ` Greg Kroah-Hartman
  2020-03-03 17:42 ` [PATCH 4.19 07/87] mac80211: consider more elements in parsing CRC Greg Kroah-Hartman
                   ` (84 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:42 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jeff Moyer, Christoph Hellwig,
	Jan Kara, Dan Williams, Sasha Levin

From: Jeff Moyer <jmoyer@redhat.com>

[ Upstream commit 96222d53842dfe54869ec4e1b9d4856daf9105a2 ]

fstests generic/471 reports a failure when run with MOUNT_OPTIONS="-o
dax".  The reason is that the initial pwrite to an empty file with the
RWF_NOWAIT flag set does not return -EAGAIN.  It turns out that
dax_iomap_rw doesn't pass that flag through to iomap_apply.

With this patch applied, generic/471 passes for me.

Signed-off-by: Jeff Moyer <jmoyer@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/x49r1z86e1d.fsf@segfault.boston.devel.redhat.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/dax.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/dax.c b/fs/dax.c
index f0d932fa39c20..d09701aa6f2f4 100644
--- a/fs/dax.c
+++ b/fs/dax.c
@@ -1301,6 +1301,9 @@ dax_iomap_rw(struct kiocb *iocb, struct iov_iter *iter,
 		lockdep_assert_held(&inode->i_rwsem);
 	}
 
+	if (iocb->ki_flags & IOCB_NOWAIT)
+		flags |= IOMAP_NOWAIT;
+
 	while (iov_iter_count(iter)) {
 		ret = iomap_apply(inode, pos, iov_iter_count(iter), flags, ops,
 				iter, dax_iomap_actor);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 07/87] mac80211: consider more elements in parsing CRC
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (5 preceding siblings ...)
  2020-03-03 17:42 ` [PATCH 4.19 06/87] dax: pass NOWAIT flag to iomap_apply Greg Kroah-Hartman
@ 2020-03-03 17:42 ` Greg Kroah-Hartman
  2020-03-03 17:42 ` [PATCH 4.19 08/87] cfg80211: check wiphy driver existence for drvinfo report Greg Kroah-Hartman
                   ` (83 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:42 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Johannes Berg, Luca Coelho, Sasha Levin

From: Johannes Berg <johannes.berg@intel.com>

[ Upstream commit a04564c99bb4a92f805a58e56b2d22cc4978f152 ]

We only use the parsing CRC for checking if a beacon changed,
and elements with an ID > 63 cannot be represented in the
filter. Thus, like we did before with WMM and Cisco vendor
elements, just statically add these forgotten items to the
CRC:
 - WLAN_EID_VHT_OPERATION
 - WLAN_EID_OPMODE_NOTIF

I guess that in most cases when VHT/HE operation change, the HT
operation also changed, and so the change was picked up, but we
did notice that pure operating mode notification changes were
ignored.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/20200131111300.891737-22-luca@coelho.fi
[restrict to VHT for the mac80211 branch]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/mac80211/util.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index f101a6460b44b..7fa9871b1db9f 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -945,16 +945,22 @@ u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
 				elem_parse_failed = true;
 			break;
 		case WLAN_EID_VHT_OPERATION:
-			if (elen >= sizeof(struct ieee80211_vht_operation))
+			if (elen >= sizeof(struct ieee80211_vht_operation)) {
 				elems->vht_operation = (void *)pos;
-			else
-				elem_parse_failed = true;
+				if (calc_crc)
+					crc = crc32_be(crc, pos - 2, elen + 2);
+				break;
+			}
+			elem_parse_failed = true;
 			break;
 		case WLAN_EID_OPMODE_NOTIF:
-			if (elen > 0)
+			if (elen > 0) {
 				elems->opmode_notif = pos;
-			else
-				elem_parse_failed = true;
+				if (calc_crc)
+					crc = crc32_be(crc, pos - 2, elen + 2);
+				break;
+			}
+			elem_parse_failed = true;
 			break;
 		case WLAN_EID_MESH_ID:
 			elems->mesh_id = pos;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 08/87] cfg80211: check wiphy driver existence for drvinfo report
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (6 preceding siblings ...)
  2020-03-03 17:42 ` [PATCH 4.19 07/87] mac80211: consider more elements in parsing CRC Greg Kroah-Hartman
@ 2020-03-03 17:42 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 09/87] s390/zcrypt: fix card and queue total counter wrap Greg Kroah-Hartman
                   ` (82 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:42 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sergey Matyukevich, Johannes Berg,
	Sasha Levin

From: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>

[ Upstream commit bfb7bac3a8f47100ebe7961bd14e924c96e21ca7 ]

When preparing ethtool drvinfo, check if wiphy driver is defined
before dereferencing it. Driver may not exist, e.g. if wiphy is
attached to a virtual platform device.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Link: https://lore.kernel.org/r/20200203105644.28875-1-sergey.matyukevich.os@quantenna.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/wireless/ethtool.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/net/wireless/ethtool.c b/net/wireless/ethtool.c
index a9c0f368db5d2..24e18405cdb48 100644
--- a/net/wireless/ethtool.c
+++ b/net/wireless/ethtool.c
@@ -7,9 +7,13 @@
 void cfg80211_get_drvinfo(struct net_device *dev, struct ethtool_drvinfo *info)
 {
 	struct wireless_dev *wdev = dev->ieee80211_ptr;
+	struct device *pdev = wiphy_dev(wdev->wiphy);
 
-	strlcpy(info->driver, wiphy_dev(wdev->wiphy)->driver->name,
-		sizeof(info->driver));
+	if (pdev->driver)
+		strlcpy(info->driver, pdev->driver->name,
+			sizeof(info->driver));
+	else
+		strlcpy(info->driver, "N/A", sizeof(info->driver));
 
 	strlcpy(info->version, init_utsname()->release, sizeof(info->version));
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 09/87] s390/zcrypt: fix card and queue total counter wrap
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (7 preceding siblings ...)
  2020-03-03 17:42 ` [PATCH 4.19 08/87] cfg80211: check wiphy driver existence for drvinfo report Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 10/87] qmi_wwan: re-add DW5821e pre-production variant Greg Kroah-Hartman
                   ` (81 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Harald Freudenberger, Vasily Gorbik,
	Sasha Levin

From: Harald Freudenberger <freude@linux.ibm.com>

[ Upstream commit fcd98d4002539f1e381916fc1b6648938c1eac76 ]

The internal statistic counters for the total number of
requests processed per card and per queue used integers. So they do
wrap after a rather huge amount of crypto requests processed. This
patch introduces uint64 counters which should hold much longer but
still may wrap. The sysfs attributes request_count for card and queue
also used only %ld and now display the counter value with %llu.

This is not a security relevant fix. The int overflow which happened
is not in any way exploitable as a security breach.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/s390/crypto/ap_bus.h     |  4 ++--
 drivers/s390/crypto/ap_card.c    |  8 ++++----
 drivers/s390/crypto/ap_queue.c   |  6 +++---
 drivers/s390/crypto/zcrypt_api.c | 16 +++++++++-------
 4 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/drivers/s390/crypto/ap_bus.h b/drivers/s390/crypto/ap_bus.h
index 7e85d238767ba..1c799ddd97092 100644
--- a/drivers/s390/crypto/ap_bus.h
+++ b/drivers/s390/crypto/ap_bus.h
@@ -158,7 +158,7 @@ struct ap_card {
 	unsigned int functions;		/* AP device function bitfield. */
 	int queue_depth;		/* AP queue depth.*/
 	int id;				/* AP card number. */
-	atomic_t total_request_count;	/* # requests ever for this AP device.*/
+	atomic64_t total_request_count;	/* # requests ever for this AP device.*/
 };
 
 #define to_ap_card(x) container_of((x), struct ap_card, ap_dev.device)
@@ -175,7 +175,7 @@ struct ap_queue {
 	enum ap_state state;		/* State of the AP device. */
 	int pendingq_count;		/* # requests on pendingq list. */
 	int requestq_count;		/* # requests on requestq list. */
-	int total_request_count;	/* # requests ever for this AP device.*/
+	u64 total_request_count;	/* # requests ever for this AP device.*/
 	int request_timeout;		/* Request timeout in jiffies. */
 	struct timer_list timeout;	/* Timer for request timeouts. */
 	struct list_head pendingq;	/* List of message sent to AP queue. */
diff --git a/drivers/s390/crypto/ap_card.c b/drivers/s390/crypto/ap_card.c
index 63b4cc6cd7e59..e85bfca1ed163 100644
--- a/drivers/s390/crypto/ap_card.c
+++ b/drivers/s390/crypto/ap_card.c
@@ -63,13 +63,13 @@ static ssize_t request_count_show(struct device *dev,
 				  char *buf)
 {
 	struct ap_card *ac = to_ap_card(dev);
-	unsigned int req_cnt;
+	u64 req_cnt;
 
 	req_cnt = 0;
 	spin_lock_bh(&ap_list_lock);
-	req_cnt = atomic_read(&ac->total_request_count);
+	req_cnt = atomic64_read(&ac->total_request_count);
 	spin_unlock_bh(&ap_list_lock);
-	return snprintf(buf, PAGE_SIZE, "%d\n", req_cnt);
+	return snprintf(buf, PAGE_SIZE, "%llu\n", req_cnt);
 }
 
 static ssize_t request_count_store(struct device *dev,
@@ -83,7 +83,7 @@ static ssize_t request_count_store(struct device *dev,
 	for_each_ap_queue(aq, ac)
 		aq->total_request_count = 0;
 	spin_unlock_bh(&ap_list_lock);
-	atomic_set(&ac->total_request_count, 0);
+	atomic64_set(&ac->total_request_count, 0);
 
 	return count;
 }
diff --git a/drivers/s390/crypto/ap_queue.c b/drivers/s390/crypto/ap_queue.c
index 576ac08777c50..e1647da122f7f 100644
--- a/drivers/s390/crypto/ap_queue.c
+++ b/drivers/s390/crypto/ap_queue.c
@@ -470,12 +470,12 @@ static ssize_t request_count_show(struct device *dev,
 				  char *buf)
 {
 	struct ap_queue *aq = to_ap_queue(dev);
-	unsigned int req_cnt;
+	u64 req_cnt;
 
 	spin_lock_bh(&aq->lock);
 	req_cnt = aq->total_request_count;
 	spin_unlock_bh(&aq->lock);
-	return snprintf(buf, PAGE_SIZE, "%d\n", req_cnt);
+	return snprintf(buf, PAGE_SIZE, "%llu\n", req_cnt);
 }
 
 static ssize_t request_count_store(struct device *dev,
@@ -667,7 +667,7 @@ void ap_queue_message(struct ap_queue *aq, struct ap_message *ap_msg)
 	list_add_tail(&ap_msg->list, &aq->requestq);
 	aq->requestq_count++;
 	aq->total_request_count++;
-	atomic_inc(&aq->card->total_request_count);
+	atomic64_inc(&aq->card->total_request_count);
 	/* Send/receive as many request from the queue as possible. */
 	ap_wait(ap_sm_event_loop(aq, AP_EVENT_POLL));
 	spin_unlock_bh(&aq->lock);
diff --git a/drivers/s390/crypto/zcrypt_api.c b/drivers/s390/crypto/zcrypt_api.c
index b2737bfeb8bb6..23c24a699cefe 100644
--- a/drivers/s390/crypto/zcrypt_api.c
+++ b/drivers/s390/crypto/zcrypt_api.c
@@ -190,8 +190,8 @@ static inline bool zcrypt_card_compare(struct zcrypt_card *zc,
 	weight += atomic_read(&zc->load);
 	pref_weight += atomic_read(&pref_zc->load);
 	if (weight == pref_weight)
-		return atomic_read(&zc->card->total_request_count) >
-			atomic_read(&pref_zc->card->total_request_count);
+		return atomic64_read(&zc->card->total_request_count) >
+			atomic64_read(&pref_zc->card->total_request_count);
 	return weight > pref_weight;
 }
 
@@ -719,11 +719,12 @@ static void zcrypt_qdepth_mask(char qdepth[], size_t max_adapters)
 	spin_unlock(&zcrypt_list_lock);
 }
 
-static void zcrypt_perdev_reqcnt(int reqcnt[], size_t max_adapters)
+static void zcrypt_perdev_reqcnt(u32 reqcnt[], size_t max_adapters)
 {
 	struct zcrypt_card *zc;
 	struct zcrypt_queue *zq;
 	int card;
+	u64 cnt;
 
 	memset(reqcnt, 0, sizeof(int) * max_adapters);
 	spin_lock(&zcrypt_list_lock);
@@ -735,8 +736,9 @@ static void zcrypt_perdev_reqcnt(int reqcnt[], size_t max_adapters)
 			    || card >= max_adapters)
 				continue;
 			spin_lock(&zq->queue->lock);
-			reqcnt[card] = zq->queue->total_request_count;
+			cnt = zq->queue->total_request_count;
 			spin_unlock(&zq->queue->lock);
+			reqcnt[card] = (cnt < UINT_MAX) ? (u32) cnt : UINT_MAX;
 		}
 	}
 	local_bh_enable();
@@ -907,9 +909,9 @@ static long zcrypt_unlocked_ioctl(struct file *filp, unsigned int cmd,
 		return 0;
 	}
 	case ZCRYPT_PERDEV_REQCNT: {
-		int *reqcnt;
+		u32 *reqcnt;
 
-		reqcnt = kcalloc(AP_DEVICES, sizeof(int), GFP_KERNEL);
+		reqcnt = kcalloc(AP_DEVICES, sizeof(u32), GFP_KERNEL);
 		if (!reqcnt)
 			return -ENOMEM;
 		zcrypt_perdev_reqcnt(reqcnt, AP_DEVICES);
@@ -966,7 +968,7 @@ static long zcrypt_unlocked_ioctl(struct file *filp, unsigned int cmd,
 	}
 	case Z90STAT_PERDEV_REQCNT: {
 		/* the old ioctl supports only 64 adapters */
-		int reqcnt[MAX_ZDEV_CARDIDS];
+		u32 reqcnt[MAX_ZDEV_CARDIDS];
 
 		zcrypt_perdev_reqcnt(reqcnt, MAX_ZDEV_CARDIDS);
 		if (copy_to_user((int __user *) arg, reqcnt, sizeof(reqcnt)))
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 10/87] qmi_wwan: re-add DW5821e pre-production variant
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (8 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 09/87] s390/zcrypt: fix card and queue total counter wrap Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 11/87] qmi_wwan: unconditionally reject 2 ep interfaces Greg Kroah-Hartman
                   ` (80 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Lars Melin, Aleksander Morgado,
	Bjørn Mork, David S. Miller, Sasha Levin

From: Bjørn Mork <bjorn@mork.no>

[ Upstream commit 88bf54603f6f2c137dfee1abf6436ceac3528d2d ]

Commit f25e1392fdb5 removed the support for the pre-production variant
of the Dell DW5821e to avoid probing another USB interface unnecessarily.
However, the pre-production samples are found in the wild, and this lack
of support is causing problems for users of such samples.  It is therefore
necessary to support both variants.

Matching on both interfaces 0 and 1 is not expected to cause any problem
with either variant, as only the QMI function will be probed successfully
on either.  Interface 1 will be rejected based on the HID class for the
production variant:

T:  Bus=01 Lev=03 Prnt=04 Port=00 Cnt=01 Dev#= 16 Spd=480 MxCh= 0
D:  Ver= 2.10 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs=  2
P:  Vendor=413c ProdID=81d7 Rev=03.18
S:  Manufacturer=DELL
S:  Product=DW5821e Snapdragon X20 LTE
S:  SerialNumber=0123456789ABCDEF
C:  #Ifs= 6 Cfg#= 1 Atr=a0 MxPwr=500mA
I:  If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
I:  If#= 1 Alt= 0 #EPs= 1 Cls=03(HID  ) Sub=00 Prot=00 Driver=usbhid
I:  If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
I:  If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
I:  If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
I:  If#= 5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option

And interface 0 will be rejected based on too few endpoints for the
pre-production variant:

T: Bus=01 Lev=02 Prnt=02 Port=03 Cnt=03 Dev#= 7 Spd=480 MxCh= 0
D: Ver= 2.10 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 2
P: Vendor=413c ProdID=81d7 Rev= 3.18
S: Manufacturer=DELL
S: Product=DW5821e Snapdragon X20 LTE
S: SerialNumber=0123456789ABCDEF
C: #Ifs= 5 Cfg#= 1 Atr=a0 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=
I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option

Fixes: f25e1392fdb5 ("qmi_wwan: fix interface number for DW5821e production firmware")
Link: https://whrl.pl/Rf0vNk
Reported-by: Lars Melin <larsm17@gmail.com>
Cc: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/usb/qmi_wwan.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
index 13c8788e3b6b2..f489df377f5d2 100644
--- a/drivers/net/usb/qmi_wwan.c
+++ b/drivers/net/usb/qmi_wwan.c
@@ -1298,6 +1298,7 @@ static const struct usb_device_id products[] = {
 	{QMI_FIXED_INTF(0x413c, 0x81b6, 8)},	/* Dell Wireless 5811e */
 	{QMI_FIXED_INTF(0x413c, 0x81b6, 10)},	/* Dell Wireless 5811e */
 	{QMI_FIXED_INTF(0x413c, 0x81d7, 0)},	/* Dell Wireless 5821e */
+	{QMI_FIXED_INTF(0x413c, 0x81d7, 1)},	/* Dell Wireless 5821e preproduction config */
 	{QMI_FIXED_INTF(0x413c, 0x81e0, 0)},	/* Dell Wireless 5821e with eSIM support*/
 	{QMI_FIXED_INTF(0x03f0, 0x4e1d, 8)},	/* HP lt4111 LTE/EV-DO/HSPA+ Gobi 4G Module */
 	{QMI_FIXED_INTF(0x03f0, 0x9d1d, 1)},	/* HP lt4120 Snapdragon X5 LTE */
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 11/87] qmi_wwan: unconditionally reject 2 ep interfaces
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (9 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 10/87] qmi_wwan: re-add DW5821e pre-production variant Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 12/87] arm/ftrace: Fix BE text poking Greg Kroah-Hartman
                   ` (79 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Kristian Evensen, Aleksander Morgado,
	Bjørn Mork, David S. Miller, Sasha Levin

From: Bjørn Mork <bjorn@mork.no>

[ Upstream commit 00516d13d4cfa56ce39da144db2dbf08b09b9357 ]

We have been using the fact that the QMI and DIAG functions
usually are the only ones with class/subclass/protocol being
ff/ff/ff on Quectel modems. This has allowed us to match the
QMI function without knowing the exact interface number,
which can vary depending on firmware configuration.

The ability to silently reject the DIAG function, which is
usually handled by the option driver, is important for this
method to work.  This is done based on the knowledge that it
has exactly 2 bulk endpoints.  QMI function control interfaces
will have either 3 or 1 endpoint. This rule is universal so
the quirk condition can be removed.

The fixed layouts known from the Gobi1k and Gobi2k modems
have been gradually replaced by more dynamic layouts, and
many vendors now use configurable layouts without changing
device IDs.  Renaming the class/subclass/protocol matching
macro makes it more obvious that this is now not Quectel
specific anymore.

Cc: Kristian Evensen <kristian.evensen@gmail.com>
Cc: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/usb/qmi_wwan.c | 42 ++++++++++++++------------------------
 1 file changed, 15 insertions(+), 27 deletions(-)

diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
index f489df377f5d2..a04f8577d9f21 100644
--- a/drivers/net/usb/qmi_wwan.c
+++ b/drivers/net/usb/qmi_wwan.c
@@ -63,7 +63,6 @@ enum qmi_wwan_flags {
 
 enum qmi_wwan_quirks {
 	QMI_WWAN_QUIRK_DTR = 1 << 0,	/* needs "set DTR" request */
-	QMI_WWAN_QUIRK_QUECTEL_DYNCFG = 1 << 1,	/* check num. endpoints */
 };
 
 struct qmimux_hdr {
@@ -853,16 +852,6 @@ static const struct driver_info	qmi_wwan_info_quirk_dtr = {
 	.data           = QMI_WWAN_QUIRK_DTR,
 };
 
-static const struct driver_info	qmi_wwan_info_quirk_quectel_dyncfg = {
-	.description	= "WWAN/QMI device",
-	.flags		= FLAG_WWAN | FLAG_SEND_ZLP,
-	.bind		= qmi_wwan_bind,
-	.unbind		= qmi_wwan_unbind,
-	.manage_power	= qmi_wwan_manage_power,
-	.rx_fixup       = qmi_wwan_rx_fixup,
-	.data           = QMI_WWAN_QUIRK_DTR | QMI_WWAN_QUIRK_QUECTEL_DYNCFG,
-};
-
 #define HUAWEI_VENDOR_ID	0x12D1
 
 /* map QMI/wwan function by a fixed interface number */
@@ -883,14 +872,18 @@ static const struct driver_info	qmi_wwan_info_quirk_quectel_dyncfg = {
 #define QMI_GOBI_DEVICE(vend, prod) \
 	QMI_FIXED_INTF(vend, prod, 0)
 
-/* Quectel does not use fixed interface numbers on at least some of their
- * devices. We need to check the number of endpoints to ensure that we bind to
- * the correct interface.
+/* Many devices have QMI and DIAG functions which are distinguishable
+ * from other vendor specific functions by class, subclass and
+ * protocol all being 0xff. The DIAG function has exactly 2 endpoints
+ * and is silently rejected when probed.
+ *
+ * This makes it possible to match dynamically numbered QMI functions
+ * as seen on e.g. many Quectel modems.
  */
-#define QMI_QUIRK_QUECTEL_DYNCFG(vend, prod) \
+#define QMI_MATCH_FF_FF_FF(vend, prod) \
 	USB_DEVICE_AND_INTERFACE_INFO(vend, prod, USB_CLASS_VENDOR_SPEC, \
 				      USB_SUBCLASS_VENDOR_SPEC, 0xff), \
-	.driver_info = (unsigned long)&qmi_wwan_info_quirk_quectel_dyncfg
+	.driver_info = (unsigned long)&qmi_wwan_info_quirk_dtr
 
 static const struct usb_device_id products[] = {
 	/* 1. CDC ECM like devices match on the control interface */
@@ -996,10 +989,10 @@ static const struct usb_device_id products[] = {
 		USB_DEVICE_AND_INTERFACE_INFO(0x03f0, 0x581d, USB_CLASS_VENDOR_SPEC, 1, 7),
 		.driver_info = (unsigned long)&qmi_wwan_info,
 	},
-	{QMI_QUIRK_QUECTEL_DYNCFG(0x2c7c, 0x0125)},	/* Quectel EC25, EC20 R2.0  Mini PCIe */
-	{QMI_QUIRK_QUECTEL_DYNCFG(0x2c7c, 0x0306)},	/* Quectel EP06/EG06/EM06 */
-	{QMI_QUIRK_QUECTEL_DYNCFG(0x2c7c, 0x0512)},	/* Quectel EG12/EM12 */
-	{QMI_QUIRK_QUECTEL_DYNCFG(0x2c7c, 0x0800)},	/* Quectel RM500Q-GL */
+	{QMI_MATCH_FF_FF_FF(0x2c7c, 0x0125)},	/* Quectel EC25, EC20 R2.0  Mini PCIe */
+	{QMI_MATCH_FF_FF_FF(0x2c7c, 0x0306)},	/* Quectel EP06/EG06/EM06 */
+	{QMI_MATCH_FF_FF_FF(0x2c7c, 0x0512)},	/* Quectel EG12/EM12 */
+	{QMI_MATCH_FF_FF_FF(0x2c7c, 0x0800)},	/* Quectel RM500Q-GL */
 
 	/* 3. Combined interface devices matching on interface number */
 	{QMI_FIXED_INTF(0x0408, 0xea42, 4)},	/* Yota / Megafon M100-1 */
@@ -1390,7 +1383,6 @@ static int qmi_wwan_probe(struct usb_interface *intf,
 {
 	struct usb_device_id *id = (struct usb_device_id *)prod;
 	struct usb_interface_descriptor *desc = &intf->cur_altsetting->desc;
-	const struct driver_info *info;
 
 	/* Workaround to enable dynamic IDs.  This disables usbnet
 	 * blacklisting functionality.  Which, if required, can be
@@ -1426,12 +1418,8 @@ static int qmi_wwan_probe(struct usb_interface *intf,
 	 * different. Ignore the current interface if the number of endpoints
 	 * equals the number for the diag interface (two).
 	 */
-	info = (void *)id->driver_info;
-
-	if (info->data & QMI_WWAN_QUIRK_QUECTEL_DYNCFG) {
-		if (desc->bNumEndpoints == 2)
-			return -ENODEV;
-	}
+	if (desc->bNumEndpoints == 2)
+		return -ENODEV;
 
 	return usbnet_probe(intf, id);
 }
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 12/87] arm/ftrace: Fix BE text poking
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (10 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 11/87] qmi_wwan: unconditionally reject 2 ep interfaces Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-05 13:49   ` Pavel Machek
  2020-03-03 17:43 ` [PATCH 4.19 13/87] ARM: dts: sti: fixup sound frame-inversion for stihxxx-b2120.dtsi Greg Kroah-Hartman
                   ` (78 subsequent siblings)
  90 siblings, 1 reply; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Dmitry Osipenko,
	Peter Zijlstra (Intel),
	Ingo Molnar, Sasha Levin

From: Peter Zijlstra <peterz@infradead.org>

[ Upstream commit be993e44badc448add6a18d6f12b20615692c4c3 ]

The __patch_text() function already applies __opcode_to_mem_*(), so
when __opcode_to_mem_*() is not the identity (BE*), it is applied
twice, wrecking the instruction.

Fixes: 42e51f187f86 ("arm/ftrace: Use __patch_text()")
Reported-by: Dmitry Osipenko <digetx@gmail.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Tested-by: Dmitry Osipenko <digetx@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/kernel/ftrace.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/arch/arm/kernel/ftrace.c b/arch/arm/kernel/ftrace.c
index ee673c09aa6c0..dd0215fb6fe23 100644
--- a/arch/arm/kernel/ftrace.c
+++ b/arch/arm/kernel/ftrace.c
@@ -106,13 +106,10 @@ static int ftrace_modify_code(unsigned long pc, unsigned long old,
 {
 	unsigned long replaced;
 
-	if (IS_ENABLED(CONFIG_THUMB2_KERNEL)) {
+	if (IS_ENABLED(CONFIG_THUMB2_KERNEL))
 		old = __opcode_to_mem_thumb32(old);
-		new = __opcode_to_mem_thumb32(new);
-	} else {
+	else
 		old = __opcode_to_mem_arm(old);
-		new = __opcode_to_mem_arm(new);
-	}
 
 	if (validate) {
 		if (probe_kernel_read(&replaced, (void *)pc, MCOUNT_INSN_SIZE))
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 13/87] ARM: dts: sti: fixup sound frame-inversion for stihxxx-b2120.dtsi
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (11 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 12/87] arm/ftrace: Fix BE text poking Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 14/87] soc/tegra: fuse: Fix build with Tegra194 configuration Greg Kroah-Hartman
                   ` (77 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Kuninori Morimoto, Patrice Chotard,
	Sasha Levin

From: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>

[ Upstream commit f24667779b5348279e5e4328312a141a730a1fc7 ]

frame-inversion is "flag" not "uint32".
This patch fixup it.

Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/boot/dts/stihxxx-b2120.dtsi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm/boot/dts/stihxxx-b2120.dtsi b/arch/arm/boot/dts/stihxxx-b2120.dtsi
index 4dedfcb0fcb30..ac42d3c6bda0b 100644
--- a/arch/arm/boot/dts/stihxxx-b2120.dtsi
+++ b/arch/arm/boot/dts/stihxxx-b2120.dtsi
@@ -45,7 +45,7 @@
 			/* DAC */
 			format = "i2s";
 			mclk-fs = <256>;
-			frame-inversion = <1>;
+			frame-inversion;
 			cpu {
 				sound-dai = <&sti_uni_player2>;
 			};
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 14/87] soc/tegra: fuse: Fix build with Tegra194 configuration
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (12 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 13/87] ARM: dts: sti: fixup sound frame-inversion for stihxxx-b2120.dtsi Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 15/87] net: ena: fix potential crash when rxfh key is NULL Greg Kroah-Hartman
                   ` (76 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, kbuild test robot, Thierry Reding,
	Olof Johansson, Sasha Levin

From: Thierry Reding <treding@nvidia.com>

[ Upstream commit 6f4ecbe284df5f22e386a640d9a4b32cede62030 ]

If only Tegra194 support is enabled, the tegra30_fuse_read() and
tegra30_fuse_init() function are not declared and cause a build failure.
Add Tegra194 to the preprocessor guard to make sure these functions are
available for Tegra194-only builds as well.

Link: https://lore.kernel.org/r/20200203143114.3967295-1-thierry.reding@gmail.com
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/soc/tegra/fuse/fuse-tegra30.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/soc/tegra/fuse/fuse-tegra30.c b/drivers/soc/tegra/fuse/fuse-tegra30.c
index 257e254c6137f..0ec6385eb15e6 100644
--- a/drivers/soc/tegra/fuse/fuse-tegra30.c
+++ b/drivers/soc/tegra/fuse/fuse-tegra30.c
@@ -47,7 +47,8 @@
     defined(CONFIG_ARCH_TEGRA_124_SOC) || \
     defined(CONFIG_ARCH_TEGRA_132_SOC) || \
     defined(CONFIG_ARCH_TEGRA_210_SOC) || \
-    defined(CONFIG_ARCH_TEGRA_186_SOC)
+    defined(CONFIG_ARCH_TEGRA_186_SOC) || \
+    defined(CONFIG_ARCH_TEGRA_194_SOC)
 static u32 tegra30_fuse_read_early(struct tegra_fuse *fuse, unsigned int offset)
 {
 	if (WARN_ON(!fuse->base))
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 15/87] net: ena: fix potential crash when rxfh key is NULL
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (13 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 14/87] soc/tegra: fuse: Fix build with Tegra194 configuration Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 16/87] net: ena: fix uses of round_jiffies() Greg Kroah-Hartman
                   ` (75 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sameeh Jubran, Arthur Kiyanovski,
	David S. Miller, Sasha Levin

From: Arthur Kiyanovski <akiyano@amazon.com>

[ Upstream commit 91a65b7d3ed8450f31ab717a65dcb5f9ceb5ab02 ]

When ethtool -X is called without an hkey, ena_com_fill_hash_function()
is called with key=NULL, which is passed to memcpy causing a crash.

This commit fixes this issue by checking key is not NULL.

Fixes: 1738cd3ed342 ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)")
Signed-off-by: Sameeh Jubran <sameehj@amazon.com>
Signed-off-by: Arthur Kiyanovski <akiyano@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/amazon/ena/ena_com.c | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/drivers/net/ethernet/amazon/ena/ena_com.c b/drivers/net/ethernet/amazon/ena/ena_com.c
index 92261c946e2a3..c9b21306cf6c4 100644
--- a/drivers/net/ethernet/amazon/ena/ena_com.c
+++ b/drivers/net/ethernet/amazon/ena/ena_com.c
@@ -2075,15 +2075,16 @@ int ena_com_fill_hash_function(struct ena_com_dev *ena_dev,
 
 	switch (func) {
 	case ENA_ADMIN_TOEPLITZ:
-		if (key_len > sizeof(hash_key->key)) {
-			pr_err("key len (%hu) is bigger than the max supported (%zu)\n",
-			       key_len, sizeof(hash_key->key));
-			return -EINVAL;
+		if (key) {
+			if (key_len != sizeof(hash_key->key)) {
+				pr_err("key len (%hu) doesn't equal the supported size (%zu)\n",
+				       key_len, sizeof(hash_key->key));
+				return -EINVAL;
+			}
+			memcpy(hash_key->key, key, key_len);
+			rss->hash_init_val = init_val;
+			hash_key->keys_num = key_len >> 2;
 		}
-
-		memcpy(hash_key->key, key, key_len);
-		rss->hash_init_val = init_val;
-		hash_key->keys_num = key_len >> 2;
 		break;
 	case ENA_ADMIN_CRC32:
 		rss->hash_init_val = init_val;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 16/87] net: ena: fix uses of round_jiffies()
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (14 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 15/87] net: ena: fix potential crash when rxfh key is NULL Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 17/87] net: ena: add missing ethtool TX timestamping indication Greg Kroah-Hartman
                   ` (74 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Arthur Kiyanovski, David S. Miller,
	Sasha Levin

From: Arthur Kiyanovski <akiyano@amazon.com>

[ Upstream commit 2a6e5fa2f4c25b66c763428a3e65363214946931 ]

>From the documentation of round_jiffies():
"Rounds a time delta  in the future (in jiffies) up or down to
(approximately) full seconds. This is useful for timers for which
the exact time they fire does not matter too much, as long as
they fire approximately every X seconds.
By rounding these timers to whole seconds, all such timers will fire
at the same time, rather than at various times spread out. The goal
of this is to have the CPU wake up less, which saves power."

There are 2 parts to this patch:
================================
Part 1:
-------
In our case we need timer_service to be called approximately every
X=1 seconds, and the exact time does not matter, so using round_jiffies()
is the right way to go.

Therefore we add round_jiffies() to the mod_timer() in ena_timer_service().

Part 2:
-------
round_jiffies() is used in check_for_missing_keep_alive() when
getting the jiffies of the expiration of the keep_alive timeout. Here it
is actually a mistake to use round_jiffies() because we want the exact
time when keep_alive should expire and not an approximate rounded time,
which can cause early, false positive, timeouts.

Therefore we remove round_jiffies() in the calculation of
keep_alive_expired() in check_for_missing_keep_alive().

Fixes: 82ef30f13be0 ("net: ena: add hardware hints capability to the driver")
Fixes: 1738cd3ed342 ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)")
Signed-off-by: Arthur Kiyanovski <akiyano@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/amazon/ena/ena_netdev.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/net/ethernet/amazon/ena/ena_netdev.c b/drivers/net/ethernet/amazon/ena/ena_netdev.c
index 9afb19ebba580..8736718b17359 100644
--- a/drivers/net/ethernet/amazon/ena/ena_netdev.c
+++ b/drivers/net/ethernet/amazon/ena/ena_netdev.c
@@ -2847,8 +2847,8 @@ static void check_for_missing_keep_alive(struct ena_adapter *adapter)
 	if (adapter->keep_alive_timeout == ENA_HW_HINTS_NO_TIMEOUT)
 		return;
 
-	keep_alive_expired = round_jiffies(adapter->last_keep_alive_jiffies +
-					   adapter->keep_alive_timeout);
+	keep_alive_expired = adapter->last_keep_alive_jiffies +
+			     adapter->keep_alive_timeout;
 	if (unlikely(time_is_before_jiffies(keep_alive_expired))) {
 		netif_err(adapter, drv, adapter->netdev,
 			  "Keep alive watchdog timeout.\n");
@@ -2950,7 +2950,7 @@ static void ena_timer_service(struct timer_list *t)
 	}
 
 	/* Reset the timer */
-	mod_timer(&adapter->timer_service, jiffies + HZ);
+	mod_timer(&adapter->timer_service, round_jiffies(jiffies + HZ));
 }
 
 static int ena_calc_io_queue_num(struct pci_dev *pdev,
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 17/87] net: ena: add missing ethtool TX timestamping indication
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (15 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 16/87] net: ena: fix uses of round_jiffies() Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 18/87] net: ena: fix incorrect default RSS key Greg Kroah-Hartman
                   ` (73 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ezequiel Lara Gomez,
	Arthur Kiyanovski, David S. Miller, Sasha Levin

From: Arthur Kiyanovski <akiyano@amazon.com>

[ Upstream commit cf6d17fde93bdda23c9b02dd5906a12bf8c55209 ]

Current implementation of the driver calls skb_tx_timestamp()to add a
software tx timestamp to the skb, however the software-transmit capability
is not reported in ethtool -T.

This commit updates the ethtool structure to report the software-transmit
capability in ethtool -T using the standard ethtool_op_get_ts_info().
This function reports all software timestamping capabilities (tx and rx),
as well as setting phc_index = -1. phc_index is the index of the PTP
hardware clock device that will be used for hardware timestamps. Since we
don't have such a device in ENA, using the default -1 value is the correct
setting.

Fixes: 1738cd3ed342 ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)")
Signed-off-by: Ezequiel Lara Gomez <ezegomez@amazon.com>
Signed-off-by: Arthur Kiyanovski <akiyano@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/amazon/ena/ena_ethtool.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/net/ethernet/amazon/ena/ena_ethtool.c b/drivers/net/ethernet/amazon/ena/ena_ethtool.c
index eb9e07fa427ee..237fbcac734f5 100644
--- a/drivers/net/ethernet/amazon/ena/ena_ethtool.c
+++ b/drivers/net/ethernet/amazon/ena/ena_ethtool.c
@@ -817,6 +817,7 @@ static const struct ethtool_ops ena_ethtool_ops = {
 	.get_channels		= ena_get_channels,
 	.get_tunable		= ena_get_tunable,
 	.set_tunable		= ena_set_tunable,
+	.get_ts_info            = ethtool_op_get_ts_info,
 };
 
 void ena_set_ethtool_ops(struct net_device *netdev)
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 18/87] net: ena: fix incorrect default RSS key
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (16 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 17/87] net: ena: add missing ethtool TX timestamping indication Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 19/87] net: ena: rss: fix failure to get indirection table Greg Kroah-Hartman
                   ` (72 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sameeh Jubran, Arthur Kiyanovski,
	David S. Miller, Sasha Levin

From: Arthur Kiyanovski <akiyano@amazon.com>

[ Upstream commit 0d1c3de7b8c78a5e44b74b62ede4a63629f5d811 ]

Bug description:
When running "ethtool -x <if_name>" the key shows up as all zeros.

When we use "ethtool -X <if_name> hfunc toeplitz hkey <some:random:key>" to
set the key and then try to retrieve it using "ethtool -x <if_name>" then
we return the correct key because we return the one we saved.

Bug cause:
We don't fetch the key from the device but instead return the key
that we have saved internally which is by default set to zero upon
allocation.

Fix:
This commit fixes the issue by initializing the key to a random value
using netdev_rss_key_fill().

Fixes: 1738cd3ed342 ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)")
Signed-off-by: Sameeh Jubran <sameehj@amazon.com>
Signed-off-by: Arthur Kiyanovski <akiyano@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/amazon/ena/ena_com.c | 15 +++++++++++++++
 drivers/net/ethernet/amazon/ena/ena_com.h |  1 +
 2 files changed, 16 insertions(+)

diff --git a/drivers/net/ethernet/amazon/ena/ena_com.c b/drivers/net/ethernet/amazon/ena/ena_com.c
index c9b21306cf6c4..ebc36d15441ce 100644
--- a/drivers/net/ethernet/amazon/ena/ena_com.c
+++ b/drivers/net/ethernet/amazon/ena/ena_com.c
@@ -842,6 +842,19 @@ static int ena_com_get_feature(struct ena_com_dev *ena_dev,
 				      0);
 }
 
+static void ena_com_hash_key_fill_default_key(struct ena_com_dev *ena_dev)
+{
+	struct ena_admin_feature_rss_flow_hash_control *hash_key =
+		(ena_dev->rss).hash_key;
+
+	netdev_rss_key_fill(&hash_key->key, sizeof(hash_key->key));
+	/* The key is stored in the device in u32 array
+	 * as well as the API requires the key to be passed in this
+	 * format. Thus the size of our array should be divided by 4
+	 */
+	hash_key->keys_num = sizeof(hash_key->key) / sizeof(u32);
+}
+
 static int ena_com_hash_key_allocate(struct ena_com_dev *ena_dev)
 {
 	struct ena_rss *rss = &ena_dev->rss;
@@ -2409,6 +2422,8 @@ int ena_com_rss_init(struct ena_com_dev *ena_dev, u16 indr_tbl_log_size)
 	if (unlikely(rc))
 		goto err_hash_key;
 
+	ena_com_hash_key_fill_default_key(ena_dev);
+
 	rc = ena_com_hash_ctrl_init(ena_dev);
 	if (unlikely(rc))
 		goto err_hash_ctrl;
diff --git a/drivers/net/ethernet/amazon/ena/ena_com.h b/drivers/net/ethernet/amazon/ena/ena_com.h
index 7b784f8a06a66..90fce5c0ca48a 100644
--- a/drivers/net/ethernet/amazon/ena/ena_com.h
+++ b/drivers/net/ethernet/amazon/ena/ena_com.h
@@ -42,6 +42,7 @@
 #include <linux/spinlock.h>
 #include <linux/types.h>
 #include <linux/wait.h>
+#include <linux/netdevice.h>
 
 #include "ena_common_defs.h"
 #include "ena_admin_defs.h"
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 19/87] net: ena: rss: fix failure to get indirection table
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (17 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 18/87] net: ena: fix incorrect default RSS key Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 20/87] net: ena: rss: store hash function as values and not bits Greg Kroah-Hartman
                   ` (71 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sameeh Jubran, David S. Miller, Sasha Levin

From: Sameeh Jubran <sameehj@amazon.com>

[ Upstream commit 0c8923c0a64fb5d14bebb9a9065d2dc25ac5e600 ]

On old hardware, getting / setting the hash function is not supported while
gettting / setting the indirection table is.

This commit enables us to still show the indirection table on older
hardwares by setting the hash function and key to NULL.

Fixes: 1738cd3ed342 ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)")
Signed-off-by: Sameeh Jubran <sameehj@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/amazon/ena/ena_ethtool.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/drivers/net/ethernet/amazon/ena/ena_ethtool.c b/drivers/net/ethernet/amazon/ena/ena_ethtool.c
index 237fbcac734f5..dc63aa912aebb 100644
--- a/drivers/net/ethernet/amazon/ena/ena_ethtool.c
+++ b/drivers/net/ethernet/amazon/ena/ena_ethtool.c
@@ -661,7 +661,21 @@ static int ena_get_rxfh(struct net_device *netdev, u32 *indir, u8 *key,
 	if (rc)
 		return rc;
 
+	/* We call this function in order to check if the device
+	 * supports getting/setting the hash function.
+	 */
 	rc = ena_com_get_hash_function(adapter->ena_dev, &ena_func, key);
+
+	if (rc) {
+		if (rc == -EOPNOTSUPP) {
+			key = NULL;
+			hfunc = NULL;
+			rc = 0;
+		}
+
+		return rc;
+	}
+
 	if (rc)
 		return rc;
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 20/87] net: ena: rss: store hash function as values and not bits
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (18 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 19/87] net: ena: rss: fix failure to get indirection table Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 21/87] net: ena: fix incorrectly saving queue numbers when setting RSS indirection table Greg Kroah-Hartman
                   ` (70 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sameeh Jubran, Arthur Kiyanovski,
	David S. Miller, Sasha Levin

From: Arthur Kiyanovski <akiyano@amazon.com>

[ Upstream commit 4844470d472d660c26149ad764da2406adb13423 ]

The device receives, stores and retrieves the hash function value as bits
and not as their enum value.

The bug:
* In ena_com_set_hash_function() we set
  cmd.u.flow_hash_func.selected_func to the bit value of rss->hash_func.
 (1 << rss->hash_func)
* In ena_com_get_hash_function() we retrieve the hash function and store
  it's bit value in rss->hash_func. (Now the bit value of rss->hash_func
  is stored in rss->hash_func instead of it's enum value)

The fix:
This commit fixes the issue by converting the retrieved hash function
values from the device to the matching enum value of the set bit using
ffs(). ffs() finds the first set bit's index in a word. Since the function
returns 1 for the LSB's index, we need to subtract 1 from the returned
value (note that BIT(0) is 1).

Fixes: 1738cd3ed342 ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)")
Signed-off-by: Sameeh Jubran <sameehj@amazon.com>
Signed-off-by: Arthur Kiyanovski <akiyano@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/amazon/ena/ena_com.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/amazon/ena/ena_com.c b/drivers/net/ethernet/amazon/ena/ena_com.c
index ebc36d15441ce..397fb49156a9a 100644
--- a/drivers/net/ethernet/amazon/ena/ena_com.c
+++ b/drivers/net/ethernet/amazon/ena/ena_com.c
@@ -2134,7 +2134,11 @@ int ena_com_get_hash_function(struct ena_com_dev *ena_dev,
 	if (unlikely(rc))
 		return rc;
 
-	rss->hash_func = get_resp.u.flow_hash_func.selected_func;
+	/* ffs() returns 1 in case the lsb is set */
+	rss->hash_func = ffs(get_resp.u.flow_hash_func.selected_func);
+	if (rss->hash_func)
+		rss->hash_func--;
+
 	if (func)
 		*func = rss->hash_func;
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 21/87] net: ena: fix incorrectly saving queue numbers when setting RSS indirection table
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (19 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 20/87] net: ena: rss: store hash function as values and not bits Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 22/87] net: ena: ethtool: use correct value for crc32 hash Greg Kroah-Hartman
                   ` (69 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sameeh Jubran, Arthur Kiyanovski,
	David S. Miller, Sasha Levin

From: Arthur Kiyanovski <akiyano@amazon.com>

[ Upstream commit 92569fd27f5cb0ccbdf7c7d70044b690e89a0277 ]

The indirection table has the indices of the Rx queues. When we store it
during set indirection operation, we convert the indices to our internal
representation of the indices.

Our internal representation of the indices is: even indices for Tx and
uneven indices for Rx, where every Tx/Rx pair are in a consecutive order
starting from 0. For example if the driver has 3 queues (3 for Tx and 3
for Rx) then the indices are as follows:
0  1  2  3  4  5
Tx Rx Tx Rx Tx Rx

The BUG:
The issue is that when we satisfy a get request for the indirection
table, we don't convert the indices back to the original representation.

The FIX:
Simply apply the inverse function for the indices of the indirection
table after we set it.

Fixes: 1738cd3ed342 ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)")
Signed-off-by: Sameeh Jubran <sameehj@amazon.com>
Signed-off-by: Arthur Kiyanovski <akiyano@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/amazon/ena/ena_ethtool.c | 24 ++++++++++++++++++-
 drivers/net/ethernet/amazon/ena/ena_netdev.h  |  2 ++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/amazon/ena/ena_ethtool.c b/drivers/net/ethernet/amazon/ena/ena_ethtool.c
index dc63aa912aebb..d6d79366b7fc1 100644
--- a/drivers/net/ethernet/amazon/ena/ena_ethtool.c
+++ b/drivers/net/ethernet/amazon/ena/ena_ethtool.c
@@ -649,6 +649,28 @@ static u32 ena_get_rxfh_key_size(struct net_device *netdev)
 	return ENA_HASH_KEY_SIZE;
 }
 
+static int ena_indirection_table_get(struct ena_adapter *adapter, u32 *indir)
+{
+	struct ena_com_dev *ena_dev = adapter->ena_dev;
+	int i, rc;
+
+	if (!indir)
+		return 0;
+
+	rc = ena_com_indirect_table_get(ena_dev, indir);
+	if (rc)
+		return rc;
+
+	/* Our internal representation of the indices is: even indices
+	 * for Tx and uneven indices for Rx. We need to convert the Rx
+	 * indices to be consecutive
+	 */
+	for (i = 0; i < ENA_RX_RSS_TABLE_SIZE; i++)
+		indir[i] = ENA_IO_RXQ_IDX_TO_COMBINED_IDX(indir[i]);
+
+	return rc;
+}
+
 static int ena_get_rxfh(struct net_device *netdev, u32 *indir, u8 *key,
 			u8 *hfunc)
 {
@@ -657,7 +679,7 @@ static int ena_get_rxfh(struct net_device *netdev, u32 *indir, u8 *key,
 	u8 func;
 	int rc;
 
-	rc = ena_com_indirect_table_get(adapter->ena_dev, indir);
+	rc = ena_indirection_table_get(adapter, indir);
 	if (rc)
 		return rc;
 
diff --git a/drivers/net/ethernet/amazon/ena/ena_netdev.h b/drivers/net/ethernet/amazon/ena/ena_netdev.h
index 7c7ae56c52cfd..f4783effe5c04 100644
--- a/drivers/net/ethernet/amazon/ena/ena_netdev.h
+++ b/drivers/net/ethernet/amazon/ena/ena_netdev.h
@@ -113,6 +113,8 @@
 
 #define ENA_IO_TXQ_IDX(q)	(2 * (q))
 #define ENA_IO_RXQ_IDX(q)	(2 * (q) + 1)
+#define ENA_IO_TXQ_IDX_TO_COMBINED_IDX(q)	((q) / 2)
+#define ENA_IO_RXQ_IDX_TO_COMBINED_IDX(q)	(((q) - 1) / 2)
 
 #define ENA_MGMNT_IRQ_IDX		0
 #define ENA_IO_IRQ_FIRST_IDX		1
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 22/87] net: ena: ethtool: use correct value for crc32 hash
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (20 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 21/87] net: ena: fix incorrectly saving queue numbers when setting RSS indirection table Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 23/87] net: ena: ena-com.c: prevent NULL pointer dereference Greg Kroah-Hartman
                   ` (68 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sameeh Jubran, David S. Miller, Sasha Levin

From: Sameeh Jubran <sameehj@amazon.com>

[ Upstream commit 886d2089276e40d460731765083a741c5c762461 ]

Up till kernel 4.11 there was no enum defined for crc32 hash in ethtool,
thus the xor enum was used for supporting crc32.

Fixes: 1738cd3ed342 ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)")
Signed-off-by: Sameeh Jubran <sameehj@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/amazon/ena/ena_ethtool.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/amazon/ena/ena_ethtool.c b/drivers/net/ethernet/amazon/ena/ena_ethtool.c
index d6d79366b7fc1..40354444ecbdf 100644
--- a/drivers/net/ethernet/amazon/ena/ena_ethtool.c
+++ b/drivers/net/ethernet/amazon/ena/ena_ethtool.c
@@ -706,7 +706,7 @@ static int ena_get_rxfh(struct net_device *netdev, u32 *indir, u8 *key,
 		func = ETH_RSS_HASH_TOP;
 		break;
 	case ENA_ADMIN_CRC32:
-		func = ETH_RSS_HASH_XOR;
+		func = ETH_RSS_HASH_CRC32;
 		break;
 	default:
 		netif_err(adapter, drv, netdev,
@@ -752,7 +752,7 @@ static int ena_set_rxfh(struct net_device *netdev, const u32 *indir,
 	case ETH_RSS_HASH_TOP:
 		func = ENA_ADMIN_TOEPLITZ;
 		break;
-	case ETH_RSS_HASH_XOR:
+	case ETH_RSS_HASH_CRC32:
 		func = ENA_ADMIN_CRC32;
 		break;
 	default:
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 23/87] net: ena: ena-com.c: prevent NULL pointer dereference
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (21 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 22/87] net: ena: ethtool: use correct value for crc32 hash Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 24/87] cifs: Fix mode output in debugging statements Greg Kroah-Hartman
                   ` (67 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sameeh Jubran, Arthur Kiyanovski,
	David S. Miller, Sasha Levin

From: Arthur Kiyanovski <akiyano@amazon.com>

[ Upstream commit c207979f5ae10ed70aff1bb13f39f0736973de99 ]

comp_ctx can be NULL in a very rare case when an admin command is executed
during the execution of ena_remove().

The bug scenario is as follows:

* ena_destroy_device() sets the comp_ctx to be NULL
* An admin command is executed before executing unregister_netdev(),
  this can still happen because our device can still receive callbacks
  from the netdev infrastructure such as ethtool commands.
* When attempting to access the comp_ctx, the bug occurs since it's set
  to NULL

Fix:
Added a check that comp_ctx is not NULL

Fixes: 1738cd3ed342 ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)")
Signed-off-by: Sameeh Jubran <sameehj@amazon.com>
Signed-off-by: Arthur Kiyanovski <akiyano@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/amazon/ena/ena_com.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/net/ethernet/amazon/ena/ena_com.c b/drivers/net/ethernet/amazon/ena/ena_com.c
index 397fb49156a9a..d52ab752b37f1 100644
--- a/drivers/net/ethernet/amazon/ena/ena_com.c
+++ b/drivers/net/ethernet/amazon/ena/ena_com.c
@@ -201,6 +201,11 @@ static inline void comp_ctxt_release(struct ena_com_admin_queue *queue,
 static struct ena_comp_ctx *get_comp_ctxt(struct ena_com_admin_queue *queue,
 					  u16 command_id, bool capture)
 {
+	if (unlikely(!queue->comp_ctx)) {
+		pr_err("Completion context is NULL\n");
+		return NULL;
+	}
+
 	if (unlikely(command_id >= queue->q_depth)) {
 		pr_err("command id is larger than the queue size. cmd_id: %u queue size %d\n",
 		       command_id, queue->q_depth);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 24/87] cifs: Fix mode output in debugging statements
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (22 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 23/87] net: ena: ena-com.c: prevent NULL pointer dereference Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 25/87] bcache: ignore pending signals when creating gc and allocator thread Greg Kroah-Hartman
                   ` (66 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Frank Sorenson, Steve French, Sasha Levin

From: Frank Sorenson <sorenson@redhat.com>

[ Upstream commit f52aa79df43c4509146140de0241bc21a4a3b4c7 ]

A number of the debug statements output file or directory mode
in hex.  Change these to print using octal.

Signed-off-by: Frank Sorenson <sorenson@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/cifs/cifsacl.c | 4 ++--
 fs/cifs/connect.c | 2 +-
 fs/cifs/inode.c   | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c
index 1d377b7f28605..130bdca9e5680 100644
--- a/fs/cifs/cifsacl.c
+++ b/fs/cifs/cifsacl.c
@@ -603,7 +603,7 @@ static void access_flags_to_mode(__le32 ace_flags, int type, umode_t *pmode,
 			((flags & FILE_EXEC_RIGHTS) == FILE_EXEC_RIGHTS))
 		*pmode |= (S_IXUGO & (*pbits_to_set));
 
-	cifs_dbg(NOISY, "access flags 0x%x mode now 0x%x\n", flags, *pmode);
+	cifs_dbg(NOISY, "access flags 0x%x mode now %04o\n", flags, *pmode);
 	return;
 }
 
@@ -632,7 +632,7 @@ static void mode_to_access_flags(umode_t mode, umode_t bits_to_use,
 	if (mode & S_IXUGO)
 		*pace_flags |= SET_FILE_EXEC_RIGHTS;
 
-	cifs_dbg(NOISY, "mode: 0x%x, access flags now 0x%x\n",
+	cifs_dbg(NOISY, "mode: %04o, access flags now 0x%x\n",
 		 mode, *pace_flags);
 	return;
 }
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 6c62ce40608a1..975f800b9dd4d 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -3794,7 +3794,7 @@ int cifs_setup_cifs_sb(struct smb_vol *pvolume_info,
 	cifs_sb->mnt_gid = pvolume_info->linux_gid;
 	cifs_sb->mnt_file_mode = pvolume_info->file_mode;
 	cifs_sb->mnt_dir_mode = pvolume_info->dir_mode;
-	cifs_dbg(FYI, "file mode: 0x%hx  dir mode: 0x%hx\n",
+	cifs_dbg(FYI, "file mode: %04ho  dir mode: %04ho\n",
 		 cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode);
 
 	cifs_sb->actimeo = pvolume_info->actimeo;
diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
index 26154db6c87f1..fbebf241dbf24 100644
--- a/fs/cifs/inode.c
+++ b/fs/cifs/inode.c
@@ -1579,7 +1579,7 @@ int cifs_mkdir(struct inode *inode, struct dentry *direntry, umode_t mode)
 	struct TCP_Server_Info *server;
 	char *full_path;
 
-	cifs_dbg(FYI, "In cifs_mkdir, mode = 0x%hx inode = 0x%p\n",
+	cifs_dbg(FYI, "In cifs_mkdir, mode = %04ho inode = 0x%p\n",
 		 mode, inode);
 
 	cifs_sb = CIFS_SB(inode->i_sb);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 25/87] bcache: ignore pending signals when creating gc and allocator thread
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (23 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 24/87] cifs: Fix mode output in debugging statements Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 26/87] cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE Greg Kroah-Hartman
                   ` (65 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Coly Li, Jens Axboe, Sasha Levin

From: Coly Li <colyli@suse.de>

[ Upstream commit 0b96da639a4874311e9b5156405f69ef9fc3bef8 ]

When run a cache set, all the bcache btree node of this cache set will
be checked by bch_btree_check(). If the bcache btree is very large,
iterating all the btree nodes will occupy too much system memory and
the bcache registering process might be selected and killed by system
OOM killer. kthread_run() will fail if current process has pending
signal, therefore the kthread creating in run_cache_set() for gc and
allocator kernel threads are very probably failed for a very large
bcache btree.

Indeed such OOM is safe and the registering process will exit after
the registration done. Therefore this patch flushes pending signals
during the cache set start up, specificly in bch_cache_allocator_start()
and bch_gc_thread_start(), to make sure run_cache_set() won't fail for
large cahced data set.

Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/md/bcache/alloc.c | 18 ++++++++++++++++--
 drivers/md/bcache/btree.c | 13 +++++++++++++
 2 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/drivers/md/bcache/alloc.c b/drivers/md/bcache/alloc.c
index 46794cac167e7..2074860cbb16c 100644
--- a/drivers/md/bcache/alloc.c
+++ b/drivers/md/bcache/alloc.c
@@ -67,6 +67,7 @@
 #include <linux/blkdev.h>
 #include <linux/kthread.h>
 #include <linux/random.h>
+#include <linux/sched/signal.h>
 #include <trace/events/bcache.h>
 
 #define MAX_OPEN_BUCKETS 128
@@ -733,8 +734,21 @@ int bch_open_buckets_alloc(struct cache_set *c)
 
 int bch_cache_allocator_start(struct cache *ca)
 {
-	struct task_struct *k = kthread_run(bch_allocator_thread,
-					    ca, "bcache_allocator");
+	struct task_struct *k;
+
+	/*
+	 * In case previous btree check operation occupies too many
+	 * system memory for bcache btree node cache, and the
+	 * registering process is selected by OOM killer. Here just
+	 * ignore the SIGKILL sent by OOM killer if there is, to
+	 * avoid kthread_run() being failed by pending signals. The
+	 * bcache registering process will exit after the registration
+	 * done.
+	 */
+	if (signal_pending(current))
+		flush_signals(current);
+
+	k = kthread_run(bch_allocator_thread, ca, "bcache_allocator");
 	if (IS_ERR(k))
 		return PTR_ERR(k);
 
diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c
index bb40bd66a10e4..83d6739fd067b 100644
--- a/drivers/md/bcache/btree.c
+++ b/drivers/md/bcache/btree.c
@@ -34,6 +34,7 @@
 #include <linux/random.h>
 #include <linux/rcupdate.h>
 #include <linux/sched/clock.h>
+#include <linux/sched/signal.h>
 #include <linux/rculist.h>
 #include <linux/delay.h>
 #include <trace/events/bcache.h>
@@ -1898,6 +1899,18 @@ static int bch_gc_thread(void *arg)
 
 int bch_gc_thread_start(struct cache_set *c)
 {
+	/*
+	 * In case previous btree check operation occupies too many
+	 * system memory for bcache btree node cache, and the
+	 * registering process is selected by OOM killer. Here just
+	 * ignore the SIGKILL sent by OOM killer if there is, to
+	 * avoid kthread_run() being failed by pending signals. The
+	 * bcache registering process will exit after the registration
+	 * done.
+	 */
+	if (signal_pending(current))
+		flush_signals(current);
+
 	c->gc_thread = kthread_run(bch_gc_thread, c, "bcache_gc");
 	return PTR_ERR_OR_ZERO(c->gc_thread);
 }
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 26/87] cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (24 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 25/87] bcache: ignore pending signals when creating gc and allocator thread Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 27/87] sysrq: Restore original console_loglevel when sysrq disabled Greg Kroah-Hartman
                   ` (64 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sergey Matyukevich, Johannes Berg,
	Sasha Levin

From: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>

[ Upstream commit ea75080110a4c1fa011b0a73cb8f42227143ee3e ]

The nl80211_policy is missing for NL80211_ATTR_STATUS_CODE attribute.
As a result, for strictly validated commands, it's assumed to not be
supported.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Link: https://lore.kernel.org/r/20200213131608.10541-2-sergey.matyukevich.os@quantenna.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/wireless/nl80211.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 823dea187691f..dfde06b8d25d1 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -323,6 +323,7 @@ static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
 	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
 	[NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
 	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
+	[NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 },
 	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
 	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
 	[NL80211_ATTR_PID] = { .type = NLA_U32 },
-- 
2.20.1




^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 27/87] sysrq: Restore original console_loglevel when sysrq disabled
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (25 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 26/87] cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 28/87] sysrq: Remove duplicated sysrq message Greg Kroah-Hartman
                   ` (63 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Petr Mladek, Sergey Senozhatsky,
	Steven Rostedt (VMware),
	Tommi Rantala

From: Petr Mladek <pmladek@suse.com>

commit 075e1a0c50f59ea210561d0d0fedbd945615df78 upstream.

The sysrq header line is printed with an increased loglevel
to provide users some positive feedback.

The original loglevel is not restored when the sysrq operation
is disabled. This bug was introduced in 2.6.12 (pre-git-history)
by the commit ("Allow admin to enable only some of the Magic-Sysrq
functions").

Signed-off-by: Petr Mladek <pmladek@suse.com>
Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Cc: Tommi Rantala <tommi.t.rantala@nokia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/tty/sysrq.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/tty/sysrq.c
+++ b/drivers/tty/sysrq.c
@@ -560,6 +560,7 @@ void __handle_sysrq(int key, bool check_
 			op_p->handler(key);
 		} else {
 			pr_cont("This sysrq operation is disabled.\n");
+			console_loglevel = orig_log_level;
 		}
 	} else {
 		pr_cont("HELP : ");



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 28/87] sysrq: Remove duplicated sysrq message
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (26 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 27/87] sysrq: Restore original console_loglevel when sysrq disabled Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 29/87] net: fib_rules: Correctly set table field when table number exceeds 8 bits Greg Kroah-Hartman
                   ` (62 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Petr Mladek, Sergey Senozhatsky,
	Tommi Rantala

From: Petr Mladek <pmladek@suse.com>

commit c3fee60908db4a8594f2e4a2131998384b8fa006 upstream.

The commit 97f5f0cd8cd0a0544 ("Input: implement SysRq as a separate input
handler") added pr_fmt() definition. It caused a duplicated message
prefix in the sysrq header messages, for example:

[  177.053931] sysrq: SysRq : Show backtrace of all active CPUs
[  742.864776] sysrq: SysRq : HELP : loglevel(0-9) reboot(b) crash(c)

Fixes: 97f5f0cd8cd0a05 ("Input: implement SysRq as a separate input handler")
Signed-off-by: Petr Mladek <pmladek@suse.com>
Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Tommi Rantala  <tommi.t.rantala@nokia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/tty/sysrq.c |    7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

--- a/drivers/tty/sysrq.c
+++ b/drivers/tty/sysrq.c
@@ -546,7 +546,6 @@ void __handle_sysrq(int key, bool check_
 	 */
 	orig_log_level = console_loglevel;
 	console_loglevel = CONSOLE_LOGLEVEL_DEFAULT;
-	pr_info("SysRq : ");
 
         op_p = __sysrq_get_key_op(key);
         if (op_p) {
@@ -555,15 +554,15 @@ void __handle_sysrq(int key, bool check_
 		 * should not) and is the invoked operation enabled?
 		 */
 		if (!check_mask || sysrq_on_mask(op_p->enable_mask)) {
-			pr_cont("%s\n", op_p->action_msg);
+			pr_info("%s\n", op_p->action_msg);
 			console_loglevel = orig_log_level;
 			op_p->handler(key);
 		} else {
-			pr_cont("This sysrq operation is disabled.\n");
+			pr_info("This sysrq operation is disabled.\n");
 			console_loglevel = orig_log_level;
 		}
 	} else {
-		pr_cont("HELP : ");
+		pr_info("HELP : ");
 		/* Only print the help msg once per handler */
 		for (i = 0; i < ARRAY_SIZE(sysrq_key_table); i++) {
 			if (sysrq_key_table[i]) {



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 29/87] net: fib_rules: Correctly set table field when table number exceeds 8 bits
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (27 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 28/87] sysrq: Remove duplicated sysrq message Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 30/87] net: mscc: fix in frame extraction Greg Kroah-Hartman
                   ` (61 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jethro Beekman, David S. Miller

From: Jethro Beekman <jethro@fortanix.com>

[ Upstream commit 540e585a79e9d643ede077b73bcc7aa2d7b4d919 ]

In 709772e6e06564ed94ba740de70185ac3d792773, RT_TABLE_COMPAT was added to
allow legacy software to deal with routing table numbers >= 256, but the
same change to FIB rule queries was overlooked.

Signed-off-by: Jethro Beekman <jethro@fortanix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/core/fib_rules.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/net/core/fib_rules.c
+++ b/net/core/fib_rules.c
@@ -968,7 +968,7 @@ static int fib_nl_fill_rule(struct sk_bu
 
 	frh = nlmsg_data(nlh);
 	frh->family = ops->family;
-	frh->table = rule->table;
+	frh->table = rule->table < 256 ? rule->table : RT_TABLE_COMPAT;
 	if (nla_put_u32(skb, FRA_TABLE, rule->table))
 		goto nla_put_failure;
 	if (nla_put_u32(skb, FRA_SUPPRESS_PREFIXLEN, rule->suppress_prefixlen))



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 30/87] net: mscc: fix in frame extraction
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (28 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 29/87] net: fib_rules: Correctly set table field when table number exceeds 8 bits Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 31/87] net: phy: restore mdio regs in the iproc mdio driver Greg Kroah-Hartman
                   ` (60 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Horatiu Vultur, Alexandre Belloni,
	David S. Miller

From: Horatiu Vultur <horatiu.vultur@microchip.com>

[ Upstream commit a81541041ceb55bcec9a8bb8ad3482263f0a205a ]

Each extracted frame on Ocelot has an IFH. The frame and IFH are extracted
by reading chuncks of 4 bytes from a register.

In case the IFH and frames were read corretly it would try to read the next
frame. In case there are no more frames in the queue, it checks if there
were any previous errors and in that case clear the queue. But this check
will always succeed also when there are no errors. Because when extracting
the IFH the error is checked against 4(number of bytes read) and then the
error is set only if the extraction of the frame failed. So in a happy case
where there are no errors the err variable is still 4. So it could be
a case where after the check that there are no more frames in the queue, a
frame will arrive in the queue but because the error is not reseted, it
would try to flush the queue. So the frame will be lost.

The fix consist in resetting the error after reading the IFH.

Signed-off-by: Horatiu Vultur <horatiu.vultur@microchip.com>
Acked-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/ethernet/mscc/ocelot_board.c |    8 ++++++++
 1 file changed, 8 insertions(+)

--- a/drivers/net/ethernet/mscc/ocelot_board.c
+++ b/drivers/net/ethernet/mscc/ocelot_board.c
@@ -105,6 +105,14 @@ static irqreturn_t ocelot_xtr_irq_handle
 		if (err != 4)
 			break;
 
+		/* At this point the IFH was read correctly, so it is safe to
+		 * presume that there is no error. The err needs to be reset
+		 * otherwise a frame could come in CPU queue between the while
+		 * condition and the check for error later on. And in that case
+		 * the new frame is just removed and not processed.
+		 */
+		err = 0;
+
 		ocelot_parse_ifh(ifh, &info);
 
 		dev = ocelot->ports[info.port]->dev;



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 31/87] net: phy: restore mdio regs in the iproc mdio driver
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (29 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 30/87] net: mscc: fix in frame extraction Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 32/87] net: sched: correct flower port blocking Greg Kroah-Hartman
                   ` (59 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Arun Parameswaran, Scott Branden,
	Andrew Lunn, Florian Fainelli, David S. Miller

From: Arun Parameswaran <arun.parameswaran@broadcom.com>

commit 6f08e98d62799e53c89dbf2c9a49d77e20ca648c upstream.

The mii management register in iproc mdio block
does not have a retention register so it is lost on suspend.
Save and restore value of register while resuming from suspend.

Fixes: bb1a619735b4 ("net: phy: Initialize mdio clock at probe function")
Signed-off-by: Arun Parameswaran <arun.parameswaran@broadcom.com>
Signed-off-by: Scott Branden <scott.branden@broadcom.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/phy/mdio-bcm-iproc.c |   20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

--- a/drivers/net/phy/mdio-bcm-iproc.c
+++ b/drivers/net/phy/mdio-bcm-iproc.c
@@ -188,6 +188,23 @@ static int iproc_mdio_remove(struct plat
 	return 0;
 }
 
+#ifdef CONFIG_PM_SLEEP
+int iproc_mdio_resume(struct device *dev)
+{
+	struct platform_device *pdev = to_platform_device(dev);
+	struct iproc_mdio_priv *priv = platform_get_drvdata(pdev);
+
+	/* restore the mii clock configuration */
+	iproc_mdio_config_clk(priv->base);
+
+	return 0;
+}
+
+static const struct dev_pm_ops iproc_mdio_pm_ops = {
+	.resume = iproc_mdio_resume
+};
+#endif /* CONFIG_PM_SLEEP */
+
 static const struct of_device_id iproc_mdio_of_match[] = {
 	{ .compatible = "brcm,iproc-mdio", },
 	{ /* sentinel */ },
@@ -198,6 +215,9 @@ static struct platform_driver iproc_mdio
 	.driver = {
 		.name = "iproc-mdio",
 		.of_match_table = iproc_mdio_of_match,
+#ifdef CONFIG_PM_SLEEP
+		.pm = &iproc_mdio_pm_ops,
+#endif
 	},
 	.probe = iproc_mdio_probe,
 	.remove = iproc_mdio_remove,



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 32/87] net: sched: correct flower port blocking
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (30 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 31/87] net: phy: restore mdio regs in the iproc mdio driver Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 33/87] nfc: pn544: Fix occasional HW initialization failure Greg Kroah-Hartman
                   ` (58 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Cong Wang, Jason Baron,
	David S. Miller

From: Jason Baron <jbaron@akamai.com>

[ Upstream commit 8a9093c79863b58cc2f9874d7ae788f0d622a596 ]

tc flower rules that are based on src or dst port blocking are sometimes
ineffective due to uninitialized stack data. __skb_flow_dissect() extracts
ports from the skb for tc flower to match against. However, the port
dissection is not done when when the FLOW_DIS_IS_FRAGMENT bit is set in
key_control->flags. All callers of __skb_flow_dissect(), zero-out the
key_control field except for fl_classify() as used by the flower
classifier. Thus, the FLOW_DIS_IS_FRAGMENT may be set on entry to
__skb_flow_dissect(), since key_control is allocated on the stack
and may not be initialized.

Since key_basic and key_control are present for all flow keys, let's
make sure they are initialized.

Fixes: 62230715fd24 ("flow_dissector: do not dissect l4 ports for fragments")
Co-developed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Jason Baron <jbaron@akamai.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 include/net/flow_dissector.h |    9 +++++++++
 net/sched/cls_flower.c       |    1 +
 2 files changed, 10 insertions(+)

--- a/include/net/flow_dissector.h
+++ b/include/net/flow_dissector.h
@@ -5,6 +5,7 @@
 #include <linux/types.h>
 #include <linux/in6.h>
 #include <linux/siphash.h>
+#include <linux/string.h>
 #include <uapi/linux/if_ether.h>
 
 /**
@@ -306,4 +307,12 @@ static inline void *skb_flow_dissector_t
 	return ((char *)target_container) + flow_dissector->offset[key_id];
 }
 
+static inline void
+flow_dissector_init_keys(struct flow_dissector_key_control *key_control,
+			 struct flow_dissector_key_basic *key_basic)
+{
+	memset(key_control, 0, sizeof(*key_control));
+	memset(key_basic, 0, sizeof(*key_basic));
+}
+
 #endif
--- a/net/sched/cls_flower.c
+++ b/net/sched/cls_flower.c
@@ -196,6 +196,7 @@ static int fl_classify(struct sk_buff *s
 	struct fl_flow_key skb_mkey;
 
 	list_for_each_entry_rcu(mask, &head->masks, list) {
+		flow_dissector_init_keys(&skb_key.control, &skb_key.basic);
 		fl_clear_masked_range(&skb_key, mask);
 
 		skb_key.indev_ifindex = skb->skb_iif;



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 33/87] nfc: pn544: Fix occasional HW initialization failure
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (31 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 32/87] net: sched: correct flower port blocking Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 34/87] sctp: move the format error check out of __sctp_sf_do_9_1_abort Greg Kroah-Hartman
                   ` (57 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dmitry Osipenko, David S. Miller

From: Dmitry Osipenko <digetx@gmail.com>

[ Upstream commit c3331d2fe3fd4d5e321f2467d01f72de7edfb5d0 ]

The PN544 driver checks the "enable" polarity during of driver's probe and
it's doing that by turning ON and OFF NFC with different polarities until
enabling succeeds. It takes some time for the hardware to power-down, and
thus, to deassert the IRQ that is raised by turning ON the hardware.
Since the delay after last power-down of the polarity-checking process is
missed in the code, the interrupt may trigger immediately after installing
the IRQ handler (right after the checking is done), which results in IRQ
handler trying to touch the disabled HW and ends with marking NFC as
'DEAD' during of the driver's probe:

  pn544_hci_i2c 1-002a: NFC: nfc_en polarity : active high
  pn544_hci_i2c 1-002a: NFC: invalid len byte
  shdlc: llc_shdlc_recv_frame: NULL Frame -> link is dead

This patch fixes the occasional NFC initialization failure on Nexus 7
device.

Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/nfc/pn544/i2c.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/nfc/pn544/i2c.c
+++ b/drivers/nfc/pn544/i2c.c
@@ -236,6 +236,7 @@ static void pn544_hci_i2c_platform_init(
 
 out:
 	gpiod_set_value_cansleep(phy->gpiod_en, !phy->en_polarity);
+	usleep_range(10000, 15000);
 }
 
 static void pn544_hci_i2c_enable_mode(struct pn544_i2c_phy *phy, int run_mode)



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 34/87] sctp: move the format error check out of __sctp_sf_do_9_1_abort
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (32 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 33/87] nfc: pn544: Fix occasional HW initialization failure Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 35/87] ipv6: Fix route replacement with dev-only route Greg Kroah-Hartman
                   ` (56 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hangbin Liu, Marcelo Ricardo Leitner,
	Xin Long, David S. Miller

From: Xin Long <lucien.xin@gmail.com>

[ Upstream commit 245709ec8be89af46ea7ef0444c9c80913999d99 ]

When T2 timer is to be stopped, the asoc should also be deleted,
otherwise, there will be no chance to call sctp_association_free
and the asoc could last in memory forever.

However, in sctp_sf_shutdown_sent_abort(), after adding the cmd
SCTP_CMD_TIMER_STOP for T2 timer, it may return error due to the
format error from __sctp_sf_do_9_1_abort() and miss adding
SCTP_CMD_ASSOC_FAILED where the asoc will be deleted.

This patch is to fix it by moving the format error check out of
__sctp_sf_do_9_1_abort(), and do it before adding the cmd
SCTP_CMD_TIMER_STOP for T2 timer.

Thanks Hangbin for reporting this issue by the fuzz testing.

v1->v2:
  - improve the comment in the code as Marcelo's suggestion.

Fixes: 96ca468b86b0 ("sctp: check invalid value of length parameter in error cause")
Reported-by: Hangbin Liu <liuhangbin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/sctp/sm_statefuns.c |   29 ++++++++++++++++++++---------
 1 file changed, 20 insertions(+), 9 deletions(-)

--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -185,6 +185,16 @@ static inline bool sctp_chunk_length_val
 	return true;
 }
 
+/* Check for format error in an ABORT chunk */
+static inline bool sctp_err_chunk_valid(struct sctp_chunk *chunk)
+{
+	struct sctp_errhdr *err;
+
+	sctp_walk_errors(err, chunk->chunk_hdr);
+
+	return (void *)err == (void *)chunk->chunk_end;
+}
+
 /**********************************************************
  * These are the state functions for handling chunk events.
  **********************************************************/
@@ -2270,6 +2280,9 @@ enum sctp_disposition sctp_sf_shutdown_p
 		    sctp_bind_addr_state(&asoc->base.bind_addr, &chunk->dest))
 		return sctp_sf_discard_chunk(net, ep, asoc, type, arg, commands);
 
+	if (!sctp_err_chunk_valid(chunk))
+		return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands);
+
 	return __sctp_sf_do_9_1_abort(net, ep, asoc, type, arg, commands);
 }
 
@@ -2313,6 +2326,9 @@ enum sctp_disposition sctp_sf_shutdown_s
 		    sctp_bind_addr_state(&asoc->base.bind_addr, &chunk->dest))
 		return sctp_sf_discard_chunk(net, ep, asoc, type, arg, commands);
 
+	if (!sctp_err_chunk_valid(chunk))
+		return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands);
+
 	/* Stop the T2-shutdown timer. */
 	sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
 			SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
@@ -2580,6 +2596,9 @@ enum sctp_disposition sctp_sf_do_9_1_abo
 		    sctp_bind_addr_state(&asoc->base.bind_addr, &chunk->dest))
 		return sctp_sf_discard_chunk(net, ep, asoc, type, arg, commands);
 
+	if (!sctp_err_chunk_valid(chunk))
+		return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands);
+
 	return __sctp_sf_do_9_1_abort(net, ep, asoc, type, arg, commands);
 }
 
@@ -2597,16 +2616,8 @@ static enum sctp_disposition __sctp_sf_d
 
 	/* See if we have an error cause code in the chunk.  */
 	len = ntohs(chunk->chunk_hdr->length);
-	if (len >= sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_errhdr)) {
-		struct sctp_errhdr *err;
-
-		sctp_walk_errors(err, chunk->chunk_hdr);
-		if ((void *)err != (void *)chunk->chunk_end)
-			return sctp_sf_pdiscard(net, ep, asoc, type, arg,
-						commands);
-
+	if (len >= sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_errhdr))
 		error = ((struct sctp_errhdr *)chunk->skb->data)->cause;
-	}
 
 	sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ECONNRESET));
 	/* ASSOC_FAILED will DELETE_TCB. */



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 35/87] ipv6: Fix route replacement with dev-only route
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (33 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 34/87] sctp: move the format error check out of __sctp_sf_do_9_1_abort Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 36/87] ipv6: Fix nlmsg_flags when splitting a multipath route Greg Kroah-Hartman
                   ` (55 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Benjamin Poirier, Michal Kubecek,
	David S. Miller

From: Benjamin Poirier <bpoirier@cumulusnetworks.com>

[ Upstream commit e404b8c7cfb31654c9024d497cec58a501501692 ]

After commit 27596472473a ("ipv6: fix ECMP route replacement") it is no
longer possible to replace an ECMP-able route by a non ECMP-able route.
For example,
	ip route add 2001:db8::1/128 via fe80::1 dev dummy0
	ip route replace 2001:db8::1/128 dev dummy0
does not work as expected.

Tweak the replacement logic so that point 3 in the log of the above commit
becomes:
3. If the new route is not ECMP-able, and no matching non-ECMP-able route
exists, replace matching ECMP-able route (if any) or add the new route.

We can now summarize the entire replace semantics to:
When doing a replace, prefer replacing a matching route of the same
"ECMP-able-ness" as the replace argument. If there is no such candidate,
fallback to the first route found.

Fixes: 27596472473a ("ipv6: fix ECMP route replacement")
Signed-off-by: Benjamin Poirier <bpoirier@cumulusnetworks.com>
Reviewed-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv6/ip6_fib.c                       |    7 ++++---
 tools/testing/selftests/net/fib_tests.sh |    6 ++++++
 2 files changed, 10 insertions(+), 3 deletions(-)

--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -981,8 +981,7 @@ static int fib6_add_rt2node(struct fib6_
 					found++;
 					break;
 				}
-				if (rt_can_ecmp)
-					fallback_ins = fallback_ins ?: ins;
+				fallback_ins = fallback_ins ?: ins;
 				goto next_iter;
 			}
 
@@ -1025,7 +1024,9 @@ next_iter:
 	}
 
 	if (fallback_ins && !found) {
-		/* No ECMP-able route found, replace first non-ECMP one */
+		/* No matching route with same ecmp-able-ness found, replace
+		 * first matching route
+		 */
 		ins = fallback_ins;
 		iter = rcu_dereference_protected(*ins,
 				    lockdep_is_held(&rt->fib6_table->tb6_lock));
--- a/tools/testing/selftests/net/fib_tests.sh
+++ b/tools/testing/selftests/net/fib_tests.sh
@@ -848,6 +848,12 @@ ipv6_rt_replace_mpath()
 	check_route6 "2001:db8:104::/64 via 2001:db8:101::3 dev veth1 metric 1024"
 	log_test $? 0 "Multipath with single path via multipath attribute"
 
+	# multipath with dev-only
+	add_initial_route6 "nexthop via 2001:db8:101::2 nexthop via 2001:db8:103::2"
+	run_cmd "$IP -6 ro replace 2001:db8:104::/64 dev veth1"
+	check_route6 "2001:db8:104::/64 dev veth1 metric 1024"
+	log_test $? 0 "Multipath with dev-only"
+
 	# route replace fails - invalid nexthop 1
 	add_initial_route6 "nexthop via 2001:db8:101::2 nexthop via 2001:db8:103::2"
 	run_cmd "$IP -6 ro replace 2001:db8:104::/64 nexthop via 2001:db8:111::3 nexthop via 2001:db8:103::3"



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 36/87] ipv6: Fix nlmsg_flags when splitting a multipath route
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (34 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 35/87] ipv6: Fix route replacement with dev-only route Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 37/87] qede: Fix race between rdma destroy workqueue and link change event Greg Kroah-Hartman
                   ` (54 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Benjamin Poirier, Michal Kubecek,
	David Ahern, David S. Miller

From: Benjamin Poirier <bpoirier@cumulusnetworks.com>

[ Upstream commit afecdb376bd81d7e16578f0cfe82a1aec7ae18f3 ]

When splitting an RTA_MULTIPATH request into multiple routes and adding the
second and later components, we must not simply remove NLM_F_REPLACE but
instead replace it by NLM_F_CREATE. Otherwise, it may look like the netlink
message was malformed.

For example,
	ip route add 2001:db8::1/128 dev dummy0
	ip route change 2001:db8::1/128 nexthop via fe80::30:1 dev dummy0 \
		nexthop via fe80::30:2 dev dummy0
results in the following warnings:
[ 1035.057019] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1035.057517] IPv6: NLM_F_CREATE should be set when creating new route

This patch makes the nlmsg sequence look equivalent for __ip6_ins_rt() to
what it would get if the multipath route had been added in multiple netlink
operations:
	ip route add 2001:db8::1/128 dev dummy0
	ip route change 2001:db8::1/128 nexthop via fe80::30:1 dev dummy0
	ip route append 2001:db8::1/128 nexthop via fe80::30:2 dev dummy0

Fixes: 27596472473a ("ipv6: fix ECMP route replacement")
Signed-off-by: Benjamin Poirier <bpoirier@cumulusnetworks.com>
Reviewed-by: Michal Kubecek <mkubecek@suse.cz>
Reviewed-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv6/route.c |    1 +
 1 file changed, 1 insertion(+)

--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -4514,6 +4514,7 @@ static int ip6_route_multipath_add(struc
 		 */
 		cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL |
 						     NLM_F_REPLACE);
+		cfg->fc_nlinfo.nlh->nlmsg_flags |= NLM_F_CREATE;
 		nhn++;
 	}
 



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 37/87] qede: Fix race between rdma destroy workqueue and link change event
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (35 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 36/87] ipv6: Fix nlmsg_flags when splitting a multipath route Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 38/87] net/tls: Fix to avoid gettig invalid tls record Greg Kroah-Hartman
                   ` (53 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ariel Elior, Michal Kalderon,
	David S. Miller

From: Michal Kalderon <michal.kalderon@marvell.com>

[ Upstream commit af6565adb02d3129d3fae4d9d5da945abaf4417a ]

If an event is added while the rdma workqueue is being destroyed
it could lead to several races, list corruption, null pointer
dereference during queue_work or init_queue.
This fixes the race between the two flows which can occur during
shutdown.

A kref object and a completion object are added to the rdma_dev
structure, these are initialized before the workqueue is created.
The refcnt is used to indicate work is being added to the
workqueue and ensures the cleanup flow won't start while we're in
the middle of adding the event.
Once the work is added, the refcnt is decreased and the cleanup flow
is safe to run.

Fixes: cee9fbd8e2e ("qede: Add qedr framework")
Signed-off-by: Ariel Elior <ariel.elior@marvell.com>
Signed-off-by: Michal Kalderon <michal.kalderon@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/ethernet/qlogic/qede/qede.h      |    2 +
 drivers/net/ethernet/qlogic/qede/qede_rdma.c |   29 ++++++++++++++++++++++++++-
 2 files changed, 30 insertions(+), 1 deletion(-)

--- a/drivers/net/ethernet/qlogic/qede/qede.h
+++ b/drivers/net/ethernet/qlogic/qede/qede.h
@@ -162,6 +162,8 @@ struct qede_rdma_dev {
 	struct list_head entry;
 	struct list_head rdma_event_list;
 	struct workqueue_struct *rdma_wq;
+	struct kref refcnt;
+	struct completion event_comp;
 };
 
 struct qede_ptp;
--- a/drivers/net/ethernet/qlogic/qede/qede_rdma.c
+++ b/drivers/net/ethernet/qlogic/qede/qede_rdma.c
@@ -57,6 +57,9 @@ static void _qede_rdma_dev_add(struct qe
 static int qede_rdma_create_wq(struct qede_dev *edev)
 {
 	INIT_LIST_HEAD(&edev->rdma_info.rdma_event_list);
+	kref_init(&edev->rdma_info.refcnt);
+	init_completion(&edev->rdma_info.event_comp);
+
 	edev->rdma_info.rdma_wq = create_singlethread_workqueue("rdma_wq");
 	if (!edev->rdma_info.rdma_wq) {
 		DP_NOTICE(edev, "qedr: Could not create workqueue\n");
@@ -81,8 +84,23 @@ static void qede_rdma_cleanup_event(stru
 	}
 }
 
+static void qede_rdma_complete_event(struct kref *ref)
+{
+	struct qede_rdma_dev *rdma_dev =
+		container_of(ref, struct qede_rdma_dev, refcnt);
+
+	/* no more events will be added after this */
+	complete(&rdma_dev->event_comp);
+}
+
 static void qede_rdma_destroy_wq(struct qede_dev *edev)
 {
+	/* Avoid race with add_event flow, make sure it finishes before
+	 * we start accessing the list and cleaning up the work
+	 */
+	kref_put(&edev->rdma_info.refcnt, qede_rdma_complete_event);
+	wait_for_completion(&edev->rdma_info.event_comp);
+
 	qede_rdma_cleanup_event(edev);
 	destroy_workqueue(edev->rdma_info.rdma_wq);
 }
@@ -287,15 +305,24 @@ static void qede_rdma_add_event(struct q
 	if (!edev->rdma_info.qedr_dev)
 		return;
 
+	/* We don't want the cleanup flow to start while we're allocating and
+	 * scheduling the work
+	 */
+	if (!kref_get_unless_zero(&edev->rdma_info.refcnt))
+		return; /* already being destroyed */
+
 	event_node = qede_rdma_get_free_event_node(edev);
 	if (!event_node)
-		return;
+		goto out;
 
 	event_node->event = event;
 	event_node->ptr = edev;
 
 	INIT_WORK(&event_node->work, qede_rdma_handle_event);
 	queue_work(edev->rdma_info.rdma_wq, &event_node->work);
+
+out:
+	kref_put(&edev->rdma_info.refcnt, qede_rdma_complete_event);
 }
 
 void qede_rdma_dev_event_open(struct qede_dev *edev)



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 38/87] net/tls: Fix to avoid gettig invalid tls record
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (36 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 37/87] qede: Fix race between rdma destroy workqueue and link change event Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 39/87] ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() Greg Kroah-Hartman
                   ` (52 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Rohit Maheshwari, Jakub Kicinski,
	David S. Miller

From: Rohit Maheshwari <rohitm@chelsio.com>

[ Upstream commit 06f5201c6392f998a49ca9c9173e2930c8eb51d8 ]

Current code doesn't check if tcp sequence number is starting from (/after)
1st record's start sequnce number. It only checks if seq number is before
1st record's end sequnce number. This problem will always be a possibility
in re-transmit case. If a record which belongs to a requested seq number is
already deleted, tls_get_record will start looking into list and as per the
check it will look if seq number is before the end seq of 1st record, which
will always be true and will return 1st record always, it should in fact
return NULL.
As part of the fix, start looking each record only if the sequence number
lies in the list else return NULL.
There is one more check added, driver look for the start marker record to
handle tcp packets which are before the tls offload start sequence number,
hence return 1st record if the record is tls start marker and seq number is
before the 1st record's starting sequence number.

Fixes: e8f69799810c ("net/tls: Add generic NIC offload infrastructure")
Signed-off-by: Rohit Maheshwari <rohitm@chelsio.com>
Reviewed-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/tls/tls_device.c |   21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -506,7 +506,7 @@ struct tls_record_info *tls_get_record(s
 				       u32 seq, u64 *p_record_sn)
 {
 	u64 record_sn = context->hint_record_sn;
-	struct tls_record_info *info;
+	struct tls_record_info *info, *last;
 
 	info = context->retransmit_hint;
 	if (!info ||
@@ -516,6 +516,25 @@ struct tls_record_info *tls_get_record(s
 		 */
 		info = list_first_entry(&context->records_list,
 					struct tls_record_info, list);
+
+		/* send the start_marker record if seq number is before the
+		 * tls offload start marker sequence number. This record is
+		 * required to handle TCP packets which are before TLS offload
+		 * started.
+		 *  And if it's not start marker, look if this seq number
+		 * belongs to the list.
+		 */
+		if (likely(!tls_record_is_start_marker(info))) {
+			/* we have the first record, get the last record to see
+			 * if this seq number belongs to the list.
+			 */
+			last = list_last_entry(&context->records_list,
+					       struct tls_record_info, list);
+
+			if (!between(seq, tls_record_start_seq(info),
+				     last->end_seq))
+				return NULL;
+		}
 		record_sn = context->unacked_record_sn;
 	}
 



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 39/87] ext4: potential crash on allocation error in ext4_alloc_flex_bg_array()
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (37 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 38/87] net/tls: Fix to avoid gettig invalid tls record Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 40/87] audit: fix error handling in audit_data_to_entry() Greg Kroah-Hartman
                   ` (51 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Suraj Jitindar Singh, Dan Carpenter,
	stable, Theodore Tso

From: Dan Carpenter <dan.carpenter@oracle.com>

commit 37b0b6b8b99c0e1c1f11abbe7cf49b6d03795b3f upstream.

If sbi->s_flex_groups_allocated is zero and the first allocation fails
then this code will crash.  The problem is that "i--" will set "i" to
-1 but when we compare "i >= sbi->s_flex_groups_allocated" then the -1
is type promoted to unsigned and becomes UINT_MAX.  Since UINT_MAX
is more than zero, the condition is true so we call kvfree(new_groups[-1]).
The loop will carry on freeing invalid memory until it crashes.

Fixes: 7c990728b99e ("ext4: fix potential race between s_flex_groups online resizing and access")
Reviewed-by: Suraj Jitindar Singh <surajjs@amazon.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: stable@kernel.org
Link: https://lore.kernel.org/r/20200228092142.7irbc44yaz3by7nb@kili.mountain
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/ext4/super.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -2298,7 +2298,7 @@ int ext4_alloc_flex_bg_array(struct supe
 {
 	struct ext4_sb_info *sbi = EXT4_SB(sb);
 	struct flex_groups **old_groups, **new_groups;
-	int size, i;
+	int size, i, j;
 
 	if (!sbi->s_log_groups_per_flex)
 		return 0;
@@ -2319,8 +2319,8 @@ int ext4_alloc_flex_bg_array(struct supe
 					 sizeof(struct flex_groups)),
 					 GFP_KERNEL);
 		if (!new_groups[i]) {
-			for (i--; i >= sbi->s_flex_groups_allocated; i--)
-				kvfree(new_groups[i]);
+			for (j = sbi->s_flex_groups_allocated; j < i; j++)
+				kvfree(new_groups[j]);
 			kvfree(new_groups);
 			ext4_msg(sb, KERN_ERR,
 				 "not enough memory for %d flex groups", size);



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 40/87] audit: fix error handling in audit_data_to_entry()
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (38 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 39/87] ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 41/87] ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro Greg Kroah-Hartman
                   ` (50 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, syzbot+1f4d90ead370d72e450b, Paul Moore

From: Paul Moore <paul@paul-moore.com>

commit 2ad3e17ebf94b7b7f3f64c050ff168f9915345eb upstream.

Commit 219ca39427bf ("audit: use union for audit_field values since
they are mutually exclusive") combined a number of separate fields in
the audit_field struct into a single union.  Generally this worked
just fine because they are generally mutually exclusive.
Unfortunately in audit_data_to_entry() the overlap can be a problem
when a specific error case is triggered that causes the error path
code to attempt to cleanup an audit_field struct and the cleanup
involves attempting to free a stored LSM string (the lsm_str field).
Currently the code always has a non-NULL value in the
audit_field.lsm_str field as the top of the for-loop transfers a
value into audit_field.val (both .lsm_str and .val are part of the
same union); if audit_data_to_entry() fails and the audit_field
struct is specified to contain a LSM string, but the
audit_field.lsm_str has not yet been properly set, the error handling
code will attempt to free the bogus audit_field.lsm_str value that
was set with audit_field.val at the top of the for-loop.

This patch corrects this by ensuring that the audit_field.val is only
set when needed (it is cleared when the audit_field struct is
allocated with kcalloc()).  It also corrects a few other issues to
ensure that in case of error the proper error code is returned.

Cc: stable@vger.kernel.org
Fixes: 219ca39427bf ("audit: use union for audit_field values since they are mutually exclusive")
Reported-by: syzbot+1f4d90ead370d72e450b@syzkaller.appspotmail.com
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 kernel/auditfilter.c |   71 ++++++++++++++++++++++++++++-----------------------
 1 file changed, 39 insertions(+), 32 deletions(-)

--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -452,6 +452,7 @@ static struct audit_entry *audit_data_to
 	bufp = data->buf;
 	for (i = 0; i < data->field_count; i++) {
 		struct audit_field *f = &entry->rule.fields[i];
+		u32 f_val;
 
 		err = -EINVAL;
 
@@ -460,12 +461,12 @@ static struct audit_entry *audit_data_to
 			goto exit_free;
 
 		f->type = data->fields[i];
-		f->val = data->values[i];
+		f_val = data->values[i];
 
 		/* Support legacy tests for a valid loginuid */
-		if ((f->type == AUDIT_LOGINUID) && (f->val == AUDIT_UID_UNSET)) {
+		if ((f->type == AUDIT_LOGINUID) && (f_val == AUDIT_UID_UNSET)) {
 			f->type = AUDIT_LOGINUID_SET;
-			f->val = 0;
+			f_val = 0;
 			entry->rule.pflags |= AUDIT_LOGINUID_LEGACY;
 		}
 
@@ -481,7 +482,7 @@ static struct audit_entry *audit_data_to
 		case AUDIT_SUID:
 		case AUDIT_FSUID:
 		case AUDIT_OBJ_UID:
-			f->uid = make_kuid(current_user_ns(), f->val);
+			f->uid = make_kuid(current_user_ns(), f_val);
 			if (!uid_valid(f->uid))
 				goto exit_free;
 			break;
@@ -490,11 +491,12 @@ static struct audit_entry *audit_data_to
 		case AUDIT_SGID:
 		case AUDIT_FSGID:
 		case AUDIT_OBJ_GID:
-			f->gid = make_kgid(current_user_ns(), f->val);
+			f->gid = make_kgid(current_user_ns(), f_val);
 			if (!gid_valid(f->gid))
 				goto exit_free;
 			break;
 		case AUDIT_ARCH:
+			f->val = f_val;
 			entry->rule.arch_f = f;
 			break;
 		case AUDIT_SUBJ_USER:
@@ -507,11 +509,13 @@ static struct audit_entry *audit_data_to
 		case AUDIT_OBJ_TYPE:
 		case AUDIT_OBJ_LEV_LOW:
 		case AUDIT_OBJ_LEV_HIGH:
-			str = audit_unpack_string(&bufp, &remain, f->val);
-			if (IS_ERR(str))
+			str = audit_unpack_string(&bufp, &remain, f_val);
+			if (IS_ERR(str)) {
+				err = PTR_ERR(str);
 				goto exit_free;
-			entry->rule.buflen += f->val;
-
+			}
+			entry->rule.buflen += f_val;
+			f->lsm_str = str;
 			err = security_audit_rule_init(f->type, f->op, str,
 						       (void **)&f->lsm_rule);
 			/* Keep currently invalid fields around in case they
@@ -520,68 +524,71 @@ static struct audit_entry *audit_data_to
 				pr_warn("audit rule for LSM \'%s\' is invalid\n",
 					str);
 				err = 0;
-			}
-			if (err) {
-				kfree(str);
+			} else if (err)
 				goto exit_free;
-			} else
-				f->lsm_str = str;
 			break;
 		case AUDIT_WATCH:
-			str = audit_unpack_string(&bufp, &remain, f->val);
-			if (IS_ERR(str))
+			str = audit_unpack_string(&bufp, &remain, f_val);
+			if (IS_ERR(str)) {
+				err = PTR_ERR(str);
 				goto exit_free;
-			entry->rule.buflen += f->val;
-
-			err = audit_to_watch(&entry->rule, str, f->val, f->op);
+			}
+			err = audit_to_watch(&entry->rule, str, f_val, f->op);
 			if (err) {
 				kfree(str);
 				goto exit_free;
 			}
+			entry->rule.buflen += f_val;
 			break;
 		case AUDIT_DIR:
-			str = audit_unpack_string(&bufp, &remain, f->val);
-			if (IS_ERR(str))
+			str = audit_unpack_string(&bufp, &remain, f_val);
+			if (IS_ERR(str)) {
+				err = PTR_ERR(str);
 				goto exit_free;
-			entry->rule.buflen += f->val;
-
+			}
 			err = audit_make_tree(&entry->rule, str, f->op);
 			kfree(str);
 			if (err)
 				goto exit_free;
+			entry->rule.buflen += f_val;
 			break;
 		case AUDIT_INODE:
+			f->val = f_val;
 			err = audit_to_inode(&entry->rule, f);
 			if (err)
 				goto exit_free;
 			break;
 		case AUDIT_FILTERKEY:
-			if (entry->rule.filterkey || f->val > AUDIT_MAX_KEY_LEN)
+			if (entry->rule.filterkey || f_val > AUDIT_MAX_KEY_LEN)
 				goto exit_free;
-			str = audit_unpack_string(&bufp, &remain, f->val);
-			if (IS_ERR(str))
+			str = audit_unpack_string(&bufp, &remain, f_val);
+			if (IS_ERR(str)) {
+				err = PTR_ERR(str);
 				goto exit_free;
-			entry->rule.buflen += f->val;
+			}
+			entry->rule.buflen += f_val;
 			entry->rule.filterkey = str;
 			break;
 		case AUDIT_EXE:
-			if (entry->rule.exe || f->val > PATH_MAX)
+			if (entry->rule.exe || f_val > PATH_MAX)
 				goto exit_free;
-			str = audit_unpack_string(&bufp, &remain, f->val);
+			str = audit_unpack_string(&bufp, &remain, f_val);
 			if (IS_ERR(str)) {
 				err = PTR_ERR(str);
 				goto exit_free;
 			}
-			entry->rule.buflen += f->val;
-
-			audit_mark = audit_alloc_mark(&entry->rule, str, f->val);
+			audit_mark = audit_alloc_mark(&entry->rule, str, f_val);
 			if (IS_ERR(audit_mark)) {
 				kfree(str);
 				err = PTR_ERR(audit_mark);
 				goto exit_free;
 			}
+			entry->rule.buflen += f_val;
 			entry->rule.exe = audit_mark;
 			break;
+		default:
+			f->val = f_val;
+			break;
 		}
 	}
 



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 41/87] ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (39 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 40/87] audit: fix error handling in audit_data_to_entry() Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 42/87] ACPI: watchdog: Fix gas->access_width usage Greg Kroah-Hartman
                   ` (49 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jean Delvare, Mika Westerberg,
	Rafael J. Wysocki

From: Mika Westerberg <mika.westerberg@linux.intel.com>

commit 1dade3a7048ccfc675650cd2cf13d578b095e5fb upstream.

Sometimes it is useful to find the access_width field value in bytes and
not in bits so add a helper that can be used for this purpose.

Suggested-by: Jean Delvare <jdelvare@suse.de>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Jean Delvare <jdelvare@suse.de>
Cc: 4.16+ <stable@vger.kernel.org> # 4.16+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 include/acpi/actypes.h |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/include/acpi/actypes.h
+++ b/include/acpi/actypes.h
@@ -528,11 +528,12 @@ typedef u64 acpi_integer;
 #define ACPI_MAKE_RSDP_SIG(dest)        (memcpy (ACPI_CAST_PTR (char, (dest)), ACPI_SIG_RSDP, 8))
 
 /*
- * Algorithm to obtain access bit width.
+ * Algorithm to obtain access bit or byte width.
  * Can be used with access_width of struct acpi_generic_address and access_size of
  * struct acpi_resource_generic_register.
  */
 #define ACPI_ACCESS_BIT_WIDTH(size)     (1 << ((size) + 2))
+#define ACPI_ACCESS_BYTE_WIDTH(size)    (1 << ((size) - 1))
 
 /*******************************************************************************
  *



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 42/87] ACPI: watchdog: Fix gas->access_width usage
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (40 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 41/87] ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 43/87] KVM: VMX: check descriptor table exits on instruction emulation Greg Kroah-Hartman
                   ` (48 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jean Delvare, Mika Westerberg,
	Rafael J. Wysocki

From: Mika Westerberg <mika.westerberg@linux.intel.com>

commit 2ba33a4e9e22ac4dda928d3e9b5978a3a2ded4e0 upstream.

ACPI Generic Address Structure (GAS) access_width field is not in bytes
as the driver seems to expect in few places so fix this by using the
newly introduced macro ACPI_ACCESS_BYTE_WIDTH().

Fixes: b1abf6fc4982 ("ACPI / watchdog: Fix off-by-one error at resource assignment")
Fixes: 058dfc767008 ("ACPI / watchdog: Add support for WDAT hardware watchdog")
Reported-by: Jean Delvare <jdelvare@suse.de>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Jean Delvare <jdelvare@suse.de>
Cc: 4.16+ <stable@vger.kernel.org> # 4.16+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/acpi/acpi_watchdog.c |    3 +--
 drivers/watchdog/wdat_wdt.c  |    2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

--- a/drivers/acpi/acpi_watchdog.c
+++ b/drivers/acpi/acpi_watchdog.c
@@ -129,12 +129,11 @@ void __init acpi_watchdog_init(void)
 		gas = &entries[i].register_region;
 
 		res.start = gas->address;
+		res.end = res.start + ACPI_ACCESS_BYTE_WIDTH(gas->access_width) - 1;
 		if (gas->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) {
 			res.flags = IORESOURCE_MEM;
-			res.end = res.start + ALIGN(gas->access_width, 4) - 1;
 		} else if (gas->space_id == ACPI_ADR_SPACE_SYSTEM_IO) {
 			res.flags = IORESOURCE_IO;
-			res.end = res.start + gas->access_width - 1;
 		} else {
 			pr_warn("Unsupported address space: %u\n",
 				gas->space_id);
--- a/drivers/watchdog/wdat_wdt.c
+++ b/drivers/watchdog/wdat_wdt.c
@@ -392,7 +392,7 @@ static int wdat_wdt_probe(struct platfor
 
 		memset(&r, 0, sizeof(r));
 		r.start = gas->address;
-		r.end = r.start + gas->access_width - 1;
+		r.end = r.start + ACPI_ACCESS_BYTE_WIDTH(gas->access_width) - 1;
 		if (gas->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) {
 			r.flags = IORESOURCE_MEM;
 		} else if (gas->space_id == ACPI_ADR_SPACE_SYSTEM_IO) {



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 43/87] KVM: VMX: check descriptor table exits on instruction emulation
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (41 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 42/87] ACPI: watchdog: Fix gas->access_width usage Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 44/87] HID: ite: Only bind to keyboard USB interface on Acer SW5-012 keyboard dock Greg Kroah-Hartman
                   ` (47 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jan Kiszka, Paolo Bonzini,
	Jim Mattson, Oliver Upton

From: Oliver Upton <oupton@google.com>

commit 86f7e90ce840aa1db407d3ea6e9b3a52b2ce923c upstream.

KVM emulates UMIP on hardware that doesn't support it by setting the
'descriptor table exiting' VM-execution control and performing
instruction emulation. When running nested, this emulation is broken as
KVM refuses to emulate L2 instructions by default.

Correct this regression by allowing the emulation of descriptor table
instructions if L1 hasn't requested 'descriptor table exiting'.

Fixes: 07721feee46b ("KVM: nVMX: Don't emulate instructions in guest mode")
Reported-by: Jan Kiszka <jan.kiszka@web.de>
Cc: stable@vger.kernel.org
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Jim Mattson <jmattson@google.com>
Signed-off-by: Oliver Upton <oupton@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/kvm/vmx.c |   15 +++++++++++++++
 1 file changed, 15 insertions(+)

--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -13724,6 +13724,7 @@ static int vmx_check_intercept_io(struct
 	else
 		intercept = nested_vmx_check_io_bitmaps(vcpu, port, size);
 
+	/* FIXME: produce nested vmexit and return X86EMUL_INTERCEPTED.  */
 	return intercept ? X86EMUL_UNHANDLEABLE : X86EMUL_CONTINUE;
 }
 
@@ -13753,6 +13754,20 @@ static int vmx_check_intercept(struct kv
 	case x86_intercept_outs:
 		return vmx_check_intercept_io(vcpu, info);
 
+	case x86_intercept_lgdt:
+	case x86_intercept_lidt:
+	case x86_intercept_lldt:
+	case x86_intercept_ltr:
+	case x86_intercept_sgdt:
+	case x86_intercept_sidt:
+	case x86_intercept_sldt:
+	case x86_intercept_str:
+		if (!nested_cpu_has2(vmcs12, SECONDARY_EXEC_DESC))
+			return X86EMUL_CONTINUE;
+
+		/* FIXME: produce nested vmexit and return X86EMUL_INTERCEPTED.  */
+		break;
+
 	/* TODO: check more intercepts... */
 	default:
 		break;



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 44/87] HID: ite: Only bind to keyboard USB interface on Acer SW5-012 keyboard dock
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (42 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 43/87] KVM: VMX: check descriptor table exits on instruction emulation Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 45/87] HID: core: fix off-by-one memset in hid_report_raw_event() Greg Kroah-Hartman
                   ` (46 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Zdeněk Rampas, Hans de Goede,
	Benjamin Tissoires

From: Hans de Goede <hdegoede@redhat.com>

commit beae56192a2570578ae45050e73c5ff9254f63e6 upstream.

Commit 8f18eca9ebc5 ("HID: ite: Add USB id match for Acer SW5-012 keyboard
dock") added the USB id for the Acer SW5-012's keyboard dock to the
hid-ite driver to fix the rfkill driver not working.

Most keyboard docks with an ITE 8595 keyboard/touchpad controller have the
"Wireless Radio Control" bits which need the special hid-ite driver on the
second USB interface (the mouse interface) and their touchpad only supports
mouse emulation, so using generic hid-input handling for anything but
the "Wireless Radio Control" bits is fine. On these devices we simply bind
to all USB interfaces.

But unlike other ITE8595 using keyboard docks, the Acer Aspire Switch 10
(SW5-012)'s touchpad not only does mouse emulation it also supports
HID-multitouch and all the keys including the "Wireless Radio Control"
bits have been moved to the first USB interface (the keyboard intf).

So we need hid-ite to handle the first (keyboard) USB interface and have
it NOT bind to the second (mouse) USB interface so that that can be
handled by hid-multitouch.c and we get proper multi-touch support.

This commit changes the hid_device_id for the SW5-012 keyboard dock to
only match on hid devices from the HID_GROUP_GENERIC group, this way
hid-ite will not bind the the mouse/multi-touch interface which has
HID_GROUP_MULTITOUCH_WIN_8 as group.
This fixes the regression to mouse-emulation mode introduced by adding
the keyboard dock USB id.

Cc: stable@vger.kernel.org
Fixes: 8f18eca9ebc5 ("HID: ite: Add USB id match for Acer SW5-012 keyboard dock")
Reported-by: Zdeněk Rampas <zdenda.rampas@gmail.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/hid/hid-ite.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- a/drivers/hid/hid-ite.c
+++ b/drivers/hid/hid-ite.c
@@ -44,8 +44,9 @@ static const struct hid_device_id ite_de
 	{ HID_USB_DEVICE(USB_VENDOR_ID_ITE, USB_DEVICE_ID_ITE8595) },
 	{ HID_USB_DEVICE(USB_VENDOR_ID_258A, USB_DEVICE_ID_258A_6A88) },
 	/* ITE8595 USB kbd ctlr, with Synaptics touchpad connected to it. */
-	{ HID_USB_DEVICE(USB_VENDOR_ID_SYNAPTICS,
-			 USB_DEVICE_ID_SYNAPTICS_ACER_SWITCH5_012) },
+	{ HID_DEVICE(BUS_USB, HID_GROUP_GENERIC,
+		     USB_VENDOR_ID_SYNAPTICS,
+		     USB_DEVICE_ID_SYNAPTICS_ACER_SWITCH5_012) },
 	{ }
 };
 MODULE_DEVICE_TABLE(hid, ite_devices);



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 45/87] HID: core: fix off-by-one memset in hid_report_raw_event()
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (43 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 44/87] HID: ite: Only bind to keyboard USB interface on Acer SW5-012 keyboard dock Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 46/87] HID: core: increase HID report buffer size to 8KiB Greg Kroah-Hartman
                   ` (45 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Johan Korsnes, Armando Visconti,
	Jiri Kosina, Alan Stern

From: Johan Korsnes <jkorsnes@cisco.com>

commit 5ebdffd25098898aff1249ae2f7dbfddd76d8f8f upstream.

In case a report is greater than HID_MAX_BUFFER_SIZE, it is truncated,
but the report-number byte is not correctly handled. This results in a
off-by-one in the following memset, causing a kernel Oops and ensuing
system crash.

Note: With commit 8ec321e96e05 ("HID: Fix slab-out-of-bounds read in
hid_field_extract") I no longer hit the kernel Oops as we instead fail
"controlled" at probe if there is a report too long in the HID
report-descriptor. hid_report_raw_event() is an exported symbol, so
presumabely we cannot always rely on this being the case.

Fixes: 966922f26c7f ("HID: fix a crash in hid_report_raw_event()
                     function.")
Signed-off-by: Johan Korsnes <jkorsnes@cisco.com>
Cc: Armando Visconti <armando.visconti@st.com>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/hid/hid-core.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -1566,7 +1566,9 @@ int hid_report_raw_event(struct hid_devi
 
 	rsize = ((report->size - 1) >> 3) + 1;
 
-	if (rsize > HID_MAX_BUFFER_SIZE)
+	if (report_enum->numbered && rsize >= HID_MAX_BUFFER_SIZE)
+		rsize = HID_MAX_BUFFER_SIZE - 1;
+	else if (rsize > HID_MAX_BUFFER_SIZE)
 		rsize = HID_MAX_BUFFER_SIZE;
 
 	if (csize < rsize) {



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 46/87] HID: core: increase HID report buffer size to 8KiB
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (44 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 45/87] HID: core: fix off-by-one memset in hid_report_raw_event() Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 47/87] macintosh: therm_windtunnel: fix regression when instantiating devices Greg Kroah-Hartman
                   ` (44 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Johan Korsnes, Alan Stern,
	Armando Visconti, Jiri Kosina

From: Johan Korsnes <jkorsnes@cisco.com>

commit 84a4062632462c4320704fcdf8e99e89e94c0aba upstream.

We have a HID touch device that reports its opens and shorts test
results in HID buffers of size 8184 bytes. The maximum size of the HID
buffer is currently set to 4096 bytes, causing probe of this device to
fail. With this patch we increase the maximum size of the HID buffer to
8192 bytes, making device probe and acquisition of said buffers succeed.

Signed-off-by: Johan Korsnes <jkorsnes@cisco.com>
Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: Armando Visconti <armando.visconti@st.com>
Cc: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 include/linux/hid.h |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/include/linux/hid.h
+++ b/include/linux/hid.h
@@ -495,7 +495,7 @@ struct hid_report_enum {
 };
 
 #define HID_MIN_BUFFER_SIZE	64		/* make sure there is at least a packet size of space */
-#define HID_MAX_BUFFER_SIZE	4096		/* 4kb */
+#define HID_MAX_BUFFER_SIZE	8192		/* 8kb */
 #define HID_CONTROL_FIFO_SIZE	256		/* to init devices with >100 reports */
 #define HID_OUTPUT_FIFO_SIZE	64
 



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 47/87] macintosh: therm_windtunnel: fix regression when instantiating devices
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (45 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 46/87] HID: core: increase HID report buffer size to 8KiB Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 48/87] tracing: Disable trace_printk() on post poned tests Greg Kroah-Hartman
                   ` (43 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Erhard Furtner, Wolfram Sang,
	Michael Ellerman, stable

From: Wolfram Sang <wsa@the-dreams.de>

commit 38b17afb0ebb9ecd41418d3c08bcf9198af4349d upstream.

Removing attach_adapter from this driver caused a regression for at
least some machines. Those machines had the sensors described in their
DT, too, so they didn't need manual creation of the sensor devices. The
old code worked, though, because manual creation came first. Creation of
DT devices then failed later and caused error logs, but the sensors
worked nonetheless because of the manually created devices.

When removing attach_adaper, manual creation now comes later and loses
the race. The sensor devices were already registered via DT, yet with
another binding, so the driver could not be bound to it.

This fix refactors the code to remove the race and only manually creates
devices if there are no DT nodes present. Also, the DT binding is updated
to match both, the DT and manually created devices. Because we don't
know which device creation will be used at runtime, the code to start
the kthread is moved to do_probe() which will be called by both methods.

Fixes: 3e7bed52719d ("macintosh: therm_windtunnel: drop using attach_adapter")
Link: https://bugzilla.kernel.org/show_bug.cgi?id=201723
Reported-by: Erhard Furtner <erhard_f@mailbox.org>
Tested-by: Erhard Furtner <erhard_f@mailbox.org>
Acked-by: Michael Ellerman <mpe@ellerman.id.au> (powerpc)
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Cc: stable@kernel.org # v4.19+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/macintosh/therm_windtunnel.c |   52 ++++++++++++++++++++---------------
 1 file changed, 31 insertions(+), 21 deletions(-)

--- a/drivers/macintosh/therm_windtunnel.c
+++ b/drivers/macintosh/therm_windtunnel.c
@@ -300,9 +300,11 @@ static int control_loop(void *dummy)
 /*	i2c probing and setup						*/
 /************************************************************************/
 
-static int
-do_attach( struct i2c_adapter *adapter )
+static void do_attach(struct i2c_adapter *adapter)
 {
+	struct i2c_board_info info = { };
+	struct device_node *np;
+
 	/* scan 0x48-0x4f (DS1775) and 0x2c-2x2f (ADM1030) */
 	static const unsigned short scan_ds1775[] = {
 		0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
@@ -313,25 +315,24 @@ do_attach( struct i2c_adapter *adapter )
 		I2C_CLIENT_END
 	};
 
-	if( strncmp(adapter->name, "uni-n", 5) )
-		return 0;
-
-	if( !x.running ) {
-		struct i2c_board_info info;
+	if (x.running || strncmp(adapter->name, "uni-n", 5))
+		return;
 
-		memset(&info, 0, sizeof(struct i2c_board_info));
-		strlcpy(info.type, "therm_ds1775", I2C_NAME_SIZE);
+	np = of_find_compatible_node(adapter->dev.of_node, NULL, "MAC,ds1775");
+	if (np) {
+		of_node_put(np);
+	} else {
+		strlcpy(info.type, "MAC,ds1775", I2C_NAME_SIZE);
 		i2c_new_probed_device(adapter, &info, scan_ds1775, NULL);
+	}
 
-		strlcpy(info.type, "therm_adm1030", I2C_NAME_SIZE);
+	np = of_find_compatible_node(adapter->dev.of_node, NULL, "MAC,adm1030");
+	if (np) {
+		of_node_put(np);
+	} else {
+		strlcpy(info.type, "MAC,adm1030", I2C_NAME_SIZE);
 		i2c_new_probed_device(adapter, &info, scan_adm1030, NULL);
-
-		if( x.thermostat && x.fan ) {
-			x.running = 1;
-			x.poll_task = kthread_run(control_loop, NULL, "g4fand");
-		}
 	}
-	return 0;
 }
 
 static int
@@ -404,8 +405,8 @@ out:
 enum chip { ds1775, adm1030 };
 
 static const struct i2c_device_id therm_windtunnel_id[] = {
-	{ "therm_ds1775", ds1775 },
-	{ "therm_adm1030", adm1030 },
+	{ "MAC,ds1775", ds1775 },
+	{ "MAC,adm1030", adm1030 },
 	{ }
 };
 MODULE_DEVICE_TABLE(i2c, therm_windtunnel_id);
@@ -414,6 +415,7 @@ static int
 do_probe(struct i2c_client *cl, const struct i2c_device_id *id)
 {
 	struct i2c_adapter *adapter = cl->adapter;
+	int ret = 0;
 
 	if( !i2c_check_functionality(adapter, I2C_FUNC_SMBUS_WORD_DATA
 				     | I2C_FUNC_SMBUS_WRITE_BYTE) )
@@ -421,11 +423,19 @@ do_probe(struct i2c_client *cl, const st
 
 	switch (id->driver_data) {
 	case adm1030:
-		return attach_fan( cl );
+		ret = attach_fan(cl);
+		break;
 	case ds1775:
-		return attach_thermostat(cl);
+		ret = attach_thermostat(cl);
+		break;
 	}
-	return 0;
+
+	if (!x.running && x.thermostat && x.fan) {
+		x.running = 1;
+		x.poll_task = kthread_run(control_loop, NULL, "g4fand");
+	}
+
+	return ret;
 }
 
 static struct i2c_driver g4fan_driver = {



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 48/87] tracing: Disable trace_printk() on post poned tests
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (46 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 47/87] macintosh: therm_windtunnel: fix regression when instantiating devices Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 49/87] Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs" Greg Kroah-Hartman
                   ` (42 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Steven Rostedt (VMware)

From: Steven Rostedt (VMware) <rostedt@goodmis.org>

commit 78041c0c9e935d9ce4086feeff6c569ed88ddfd4 upstream.

The tracing seftests checks various aspects of the tracing infrastructure,
and one is filtering. If trace_printk() is active during a self test, it can
cause the filtering to fail, which will disable that part of the trace.

To keep the selftests from failing because of trace_printk() calls,
trace_printk() checks the variable tracing_selftest_running, and if set, it
does not write to the tracing buffer.

As some tracers were registered earlier in boot, the selftest they triggered
would fail because not all the infrastructure was set up for the full
selftest. Thus, some of the tests were post poned to when their
infrastructure was ready (namely file system code). The postpone code did
not set the tracing_seftest_running variable, and could fail if a
trace_printk() was added and executed during their run.

Cc: stable@vger.kernel.org
Fixes: 9afecfbb95198 ("tracing: Postpone tracer start-up tests till the system is more robust")
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 kernel/trace/trace.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -1549,6 +1549,7 @@ static __init int init_trace_selftests(v
 
 	pr_info("Running postponed tracer tests:\n");
 
+	tracing_selftest_running = true;
 	list_for_each_entry_safe(p, n, &postponed_selftests, list) {
 		ret = run_tracer_selftest(p->type);
 		/* If the test fails, then warn and remove from available_tracers */
@@ -1567,6 +1568,7 @@ static __init int init_trace_selftests(v
 		list_del(&p->list);
 		kfree(p);
 	}
+	tracing_selftest_running = false;
 
  out:
 	mutex_unlock(&trace_types_lock);



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 49/87] Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs"
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (47 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 48/87] tracing: Disable trace_printk() on post poned tests Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 50/87] amdgpu/gmc_v9: save/restore sdpif regs during S3 Greg Kroah-Hartman
                   ` (41 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, John Stultz, Orson Zhai, Chanwoo Choi

From: Orson Zhai <orson.unisoc@gmail.com>

commit 66d0e797bf095d407479c89952d42b1d96ef0a7f upstream.

This reverts commit 4585fbcb5331fc910b7e553ad3efd0dd7b320d14.

The name changing as devfreq(X) breaks some user space applications,
such as Android HAL from Unisoc and Hikey [1].
The device name will be changed unexpectly after every boot depending
on module init sequence. It will make trouble to setup some system
configuration like selinux for Android.

So we'd like to revert it back to old naming rule before any better
way being found.

[1] https://lkml.org/lkml/2018/5/8/1042

Cc: John Stultz <john.stultz@linaro.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: stable@vger.kernel.org
Signed-off-by: Orson Zhai <orson.unisoc@gmail.com>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/devfreq/devfreq.c |    4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

--- a/drivers/devfreq/devfreq.c
+++ b/drivers/devfreq/devfreq.c
@@ -600,7 +600,6 @@ struct devfreq *devfreq_add_device(struc
 {
 	struct devfreq *devfreq;
 	struct devfreq_governor *governor;
-	static atomic_t devfreq_no = ATOMIC_INIT(-1);
 	int err = 0;
 
 	if (!dev || !profile || !governor_name) {
@@ -661,8 +660,7 @@ struct devfreq *devfreq_add_device(struc
 	}
 	devfreq->max_freq = devfreq->scaling_max_freq;
 
-	dev_set_name(&devfreq->dev, "devfreq%d",
-				atomic_inc_return(&devfreq_no));
+	dev_set_name(&devfreq->dev, "%s", dev_name(dev));
 	err = device_register(&devfreq->dev);
 	if (err) {
 		mutex_unlock(&devfreq->lock);



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 50/87] amdgpu/gmc_v9: save/restore sdpif regs during S3
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (48 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 49/87] Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs" Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 51/87] vhost: Check docket sk_family instead of call getname Greg Kroah-Hartman
                   ` (40 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alex Deucher, Shirish S

From: Shirish S <shirish.s@amd.com>

commit a3ed353cf8015ba84a0407a5dc3ffee038166ab0 upstream.

fixes S3 issue with IOMMU + S/G  enabled @ 64M VRAM.

Suggested-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Shirish S <shirish.s@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.h                    |    1 
 drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c                      |   37 ++++++++++++-
 drivers/gpu/drm/amd/include/asic_reg/dce/dce_12_0_offset.h |    2 
 3 files changed, 39 insertions(+), 1 deletion(-)

--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.h
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.h
@@ -97,6 +97,7 @@ struct amdgpu_gmc {
 	uint32_t                srbm_soft_reset;
 	bool			prt_warning;
 	uint64_t		stolen_size;
+	uint32_t		sdpif_register;
 	/* apertures */
 	u64			shared_aperture_start;
 	u64			shared_aperture_end;
--- a/drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c
@@ -993,6 +993,19 @@ static void gmc_v9_0_init_golden_registe
 }
 
 /**
+ * gmc_v9_0_restore_registers - restores regs
+ *
+ * @adev: amdgpu_device pointer
+ *
+ * This restores register values, saved at suspend.
+ */
+static void gmc_v9_0_restore_registers(struct amdgpu_device *adev)
+{
+	if (adev->asic_type == CHIP_RAVEN)
+		WREG32(mmDCHUBBUB_SDPIF_MMIO_CNTRL_0, adev->gmc.sdpif_register);
+}
+
+/**
  * gmc_v9_0_gart_enable - gart enable
  *
  * @adev: amdgpu_device pointer
@@ -1081,6 +1094,20 @@ static int gmc_v9_0_hw_init(void *handle
 }
 
 /**
+ * gmc_v9_0_save_registers - saves regs
+ *
+ * @adev: amdgpu_device pointer
+ *
+ * This saves potential register values that should be
+ * restored upon resume
+ */
+static void gmc_v9_0_save_registers(struct amdgpu_device *adev)
+{
+	if (adev->asic_type == CHIP_RAVEN)
+		adev->gmc.sdpif_register = RREG32(mmDCHUBBUB_SDPIF_MMIO_CNTRL_0);
+}
+
+/**
  * gmc_v9_0_gart_disable - gart disable
  *
  * @adev: amdgpu_device pointer
@@ -1112,9 +1139,16 @@ static int gmc_v9_0_hw_fini(void *handle
 
 static int gmc_v9_0_suspend(void *handle)
 {
+	int r;
 	struct amdgpu_device *adev = (struct amdgpu_device *)handle;
 
-	return gmc_v9_0_hw_fini(adev);
+	r = gmc_v9_0_hw_fini(adev);
+	if (r)
+		return r;
+
+	gmc_v9_0_save_registers(adev);
+
+	return 0;
 }
 
 static int gmc_v9_0_resume(void *handle)
@@ -1122,6 +1156,7 @@ static int gmc_v9_0_resume(void *handle)
 	int r;
 	struct amdgpu_device *adev = (struct amdgpu_device *)handle;
 
+	gmc_v9_0_restore_registers(adev);
 	r = gmc_v9_0_hw_init(adev);
 	if (r)
 		return r;
--- a/drivers/gpu/drm/amd/include/asic_reg/dce/dce_12_0_offset.h
+++ b/drivers/gpu/drm/amd/include/asic_reg/dce/dce_12_0_offset.h
@@ -7376,6 +7376,8 @@
 #define mmCRTC4_CRTC_DRR_CONTROL                                                                       0x0f3e
 #define mmCRTC4_CRTC_DRR_CONTROL_BASE_IDX                                                              2
 
+#define mmDCHUBBUB_SDPIF_MMIO_CNTRL_0                                                                  0x395d
+#define mmDCHUBBUB_SDPIF_MMIO_CNTRL_0_BASE_IDX                                                         2
 
 // addressBlock: dce_dc_fmt4_dispdec
 // base address: 0x2000



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 51/87] vhost: Check docket sk_family instead of call getname
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (49 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 50/87] amdgpu/gmc_v9: save/restore sdpif regs during S3 Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 52/87] HID: alps: Fix an error handling path in alps_input_configured() Greg Kroah-Hartman
                   ` (39 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, syzbot+f2a62d07a5198c819c7b,
	Eugenio Pérez, Michael S. Tsirkin, David S. Miller

From: Eugenio Pérez <eperezma@redhat.com>

commit 42d84c8490f9f0931786f1623191fcab397c3d64 upstream.

Doing so, we save one call to get data we already have in the struct.

Also, since there is no guarantee that getname use sockaddr_ll
parameter beyond its size, we add a little bit of security here.
It should do not do beyond MAX_ADDR_LEN, but syzbot found that
ax25_getname writes more (72 bytes, the size of full_sockaddr_ax25,
versus 20 + 32 bytes of sockaddr_ll + MAX_ADDR_LEN in syzbot repro).

Fixes: 3a4d5c94e9593 ("vhost_net: a kernel-level virtio server")
Reported-by: syzbot+f2a62d07a5198c819c7b@syzkaller.appspotmail.com
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/vhost/net.c |   10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

--- a/drivers/vhost/net.c
+++ b/drivers/vhost/net.c
@@ -1187,10 +1187,6 @@ static int vhost_net_release(struct inod
 
 static struct socket *get_raw_socket(int fd)
 {
-	struct {
-		struct sockaddr_ll sa;
-		char  buf[MAX_ADDR_LEN];
-	} uaddr;
 	int r;
 	struct socket *sock = sockfd_lookup(fd, &r);
 
@@ -1203,11 +1199,7 @@ static struct socket *get_raw_socket(int
 		goto err;
 	}
 
-	r = sock->ops->getname(sock, (struct sockaddr *)&uaddr.sa, 0);
-	if (r < 0)
-		goto err;
-
-	if (uaddr.sa.sll_family != AF_PACKET) {
+	if (sock->sk->sk_family != AF_PACKET) {
 		r = -EPFNOSUPPORT;
 		goto err;
 	}



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 52/87] HID: alps: Fix an error handling path in alps_input_configured()
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (50 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 51/87] vhost: Check docket sk_family instead of call getname Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 53/87] HID: hiddev: Fix race in in hiddev_disconnect() Greg Kroah-Hartman
                   ` (38 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Jiri Kosina

From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>

commit 8d2e77b39b8fecb794e19cd006a12f90b14dd077 upstream.

They are issues:
   - if 'input_allocate_device()' fails and return NULL, there is no need
     to free anything and 'input_free_device()' call is a no-op. It can
     be axed.
   - 'ret' is known to be 0 at this point, so we must set it to a
     meaningful value before returning

Fixes: 2562756dde55 ("HID: add Alps I2C HID Touchpad-Stick support")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/hid/hid-alps.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/hid/hid-alps.c
+++ b/drivers/hid/hid-alps.c
@@ -734,7 +734,7 @@ static int alps_input_configured(struct
 	if (data->has_sp) {
 		input2 = input_allocate_device();
 		if (!input2) {
-			input_free_device(input2);
+			ret = -ENOMEM;
 			goto exit;
 		}
 



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 53/87] HID: hiddev: Fix race in in hiddev_disconnect()
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (51 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 52/87] HID: alps: Fix an error handling path in alps_input_configured() Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 54/87] MIPS: VPE: Fix a double free and a memory leak in release_vpe() Greg Kroah-Hartman
                   ` (37 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, syzbot+784ccb935f9900cc7c9e,
	Alan Stern, Dan Carpenter, Jiri Kosina

From: dan.carpenter@oracle.com <dan.carpenter@oracle.com>

commit 5c02c447eaeda29d3da121a2e17b97ccaf579b51 upstream.

Syzbot reports that "hiddev" is used after it's free in hiddev_disconnect().
The hiddev_disconnect() function sets "hiddev->exist = 0;" so
hiddev_release() can free it as soon as we drop the "existancelock"
lock.  This patch moves the mutex_unlock(&hiddev->existancelock) until
after we have finished using it.

Reported-by: syzbot+784ccb935f9900cc7c9e@syzkaller.appspotmail.com
Fixes: 7f77897ef2b6 ("HID: hiddev: fix potential use-after-free")
Suggested-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/hid/usbhid/hiddev.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/hid/usbhid/hiddev.c
+++ b/drivers/hid/usbhid/hiddev.c
@@ -954,9 +954,9 @@ void hiddev_disconnect(struct hid_device
 	hiddev->exist = 0;
 
 	if (hiddev->open) {
-		mutex_unlock(&hiddev->existancelock);
 		hid_hw_close(hiddev->hid);
 		wake_up_interruptible(&hiddev->wait);
+		mutex_unlock(&hiddev->existancelock);
 	} else {
 		mutex_unlock(&hiddev->existancelock);
 		kfree(hiddev);



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 54/87] MIPS: VPE: Fix a double free and a memory leak in release_vpe()
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (52 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 53/87] HID: hiddev: Fix race in in hiddev_disconnect() Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 55/87] i2c: altera: Fix potential integer overflow Greg Kroah-Hartman
                   ` (36 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Paul Burton,
	ralf, linux-mips, kernel-janitors

From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>

commit bef8e2dfceed6daeb6ca3e8d33f9c9d43b926580 upstream.

Pointer on the memory allocated by 'alloc_progmem()' is stored in
'v->load_addr'. So this is this memory that should be freed by
'release_progmem()'.

'release_progmem()' is only a call to 'kfree()'.

With the current code, there is both a double free and a memory leak.
Fix it by passing the correct pointer to 'release_progmem()'.

Fixes: e01402b115ccc ("More AP / SP bits for the 34K, the Malta bits and things. Still wants")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Paul Burton <paulburton@kernel.org>
Cc: ralf@linux-mips.org
Cc: linux-mips@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: kernel-janitors@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/mips/kernel/vpe.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/mips/kernel/vpe.c
+++ b/arch/mips/kernel/vpe.c
@@ -134,7 +134,7 @@ void release_vpe(struct vpe *v)
 {
 	list_del(&v->list);
 	if (v->load_addr)
-		release_progmem(v);
+		release_progmem(v->load_addr);
 	kfree(v);
 }
 



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 55/87] i2c: altera: Fix potential integer overflow
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (53 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 54/87] MIPS: VPE: Fix a double free and a memory leak in release_vpe() Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 56/87] i2c: jz4780: silence log flood on txabrt Greg Kroah-Hartman
                   ` (35 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, David Laight, Gustavo A. R. Silva,
	Thor Thayer, Wolfram Sang

From: Gustavo A. R. Silva <gustavo@embeddedor.com>

commit 54498e8070e19e74498a72c7331348143e7e1f8c upstream.

Factor out 100 from the equation and do 32-bit arithmetic (3 * clk_mhz / 10)
instead of 64-bit.

Notice that clk_mhz is MHz, so the multiplication will never wrap 32 bits
and there is no need for div_u64().

Addresses-Coverity: 1458369 ("Unintentional integer overflow")
Fixes: 0560ad576268 ("i2c: altera: Add Altera I2C Controller driver")
Suggested-by: David Laight <David.Laight@ACULAB.COM>
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Reviewed-by: Thor Thayer <thor.thayer@linux.intel.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/i2c/busses/i2c-altera.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/i2c/busses/i2c-altera.c
+++ b/drivers/i2c/busses/i2c-altera.c
@@ -182,7 +182,7 @@ static void altr_i2c_init(struct altr_i2
 	/* SCL Low Time */
 	writel(t_low, idev->base + ALTR_I2C_SCL_LOW);
 	/* SDA Hold Time, 300ns */
-	writel(div_u64(300 * clk_mhz, 1000), idev->base + ALTR_I2C_SDA_HOLD);
+	writel(3 * clk_mhz / 10, idev->base + ALTR_I2C_SDA_HOLD);
 
 	/* Mask all master interrupt bits */
 	altr_i2c_int_enable(idev, ALTR_I2C_ALL_IRQ, false);



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 56/87] i2c: jz4780: silence log flood on txabrt
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (54 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 55/87] i2c: altera: Fix potential integer overflow Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 57/87] drm/i915/gvt: Fix orphan vgpu dmabuf_objs lifetime Greg Kroah-Hartman
                   ` (34 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, H. Nikolaus Schaller, Wolfram Sang

From: Wolfram Sang <wsa@the-dreams.de>

commit 9e661cedcc0a072d91a32cb88e0515ea26e35711 upstream.

The printout for txabrt is way too talkative and is highly annoying with
scanning programs like 'i2cdetect'. Reduce it to the minimum, the rest
can be gained by I2C core debugging and datasheet information. Also,
make it a debug printout, it won't help the regular user.

Fixes: ba92222ed63a ("i2c: jz4780: Add i2c bus controller driver for Ingenic JZ4780")
Reported-by: H. Nikolaus Schaller <hns@goldelico.com>
Tested-by: H. Nikolaus Schaller <hns@goldelico.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/i2c/busses/i2c-jz4780.c |   36 ++----------------------------------
 1 file changed, 2 insertions(+), 34 deletions(-)

--- a/drivers/i2c/busses/i2c-jz4780.c
+++ b/drivers/i2c/busses/i2c-jz4780.c
@@ -82,25 +82,6 @@
 #define JZ4780_I2C_STA_TFNF		BIT(1)
 #define JZ4780_I2C_STA_ACT		BIT(0)
 
-static const char * const jz4780_i2c_abrt_src[] = {
-	"ABRT_7B_ADDR_NOACK",
-	"ABRT_10ADDR1_NOACK",
-	"ABRT_10ADDR2_NOACK",
-	"ABRT_XDATA_NOACK",
-	"ABRT_GCALL_NOACK",
-	"ABRT_GCALL_READ",
-	"ABRT_HS_ACKD",
-	"SBYTE_ACKDET",
-	"ABRT_HS_NORSTRT",
-	"SBYTE_NORSTRT",
-	"ABRT_10B_RD_NORSTRT",
-	"ABRT_MASTER_DIS",
-	"ARB_LOST",
-	"SLVFLUSH_TXFIFO",
-	"SLV_ARBLOST",
-	"SLVRD_INTX",
-};
-
 #define JZ4780_I2C_INTST_IGC		BIT(11)
 #define JZ4780_I2C_INTST_ISTT		BIT(10)
 #define JZ4780_I2C_INTST_ISTP		BIT(9)
@@ -538,21 +519,8 @@ done:
 
 static void jz4780_i2c_txabrt(struct jz4780_i2c *i2c, int src)
 {
-	int i;
-
-	dev_err(&i2c->adap.dev, "txabrt: 0x%08x\n", src);
-	dev_err(&i2c->adap.dev, "device addr=%x\n",
-		jz4780_i2c_readw(i2c, JZ4780_I2C_TAR));
-	dev_err(&i2c->adap.dev, "send cmd count:%d  %d\n",
-		i2c->cmd, i2c->cmd_buf[i2c->cmd]);
-	dev_err(&i2c->adap.dev, "receive data count:%d  %d\n",
-		i2c->cmd, i2c->data_buf[i2c->cmd]);
-
-	for (i = 0; i < 16; i++) {
-		if (src & BIT(i))
-			dev_dbg(&i2c->adap.dev, "I2C TXABRT[%d]=%s\n",
-				i, jz4780_i2c_abrt_src[i]);
-	}
+	dev_dbg(&i2c->adap.dev, "txabrt: 0x%08x, cmd: %d, send: %d, recv: %d\n",
+		src, i2c->cmd, i2c->cmd_buf[i2c->cmd], i2c->data_buf[i2c->cmd]);
 }
 
 static inline int jz4780_i2c_xfer_read(struct jz4780_i2c *i2c,



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 57/87] drm/i915/gvt: Fix orphan vgpu dmabuf_objs lifetime
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (55 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 56/87] i2c: jz4780: silence log flood on txabrt Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 58/87] drm/i915/gvt: Separate display reset from ALL_ENGINES reset Greg Kroah-Hartman
                   ` (33 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tina Zhang, Zhenyu Wang

From: Tina Zhang <tina.zhang@intel.com>

commit b549c252b1292aea959cd9b83537fcb9384a6112 upstream.

Deleting dmabuf item's list head after releasing its container can lead
to KASAN-reported issue:

  BUG: KASAN: use-after-free in __list_del_entry_valid+0x15/0xf0
  Read of size 8 at addr ffff88818a4598a8 by task kworker/u8:3/13119

So fix this issue by puting deleting dmabuf_objs ahead of releasing its
container.

Fixes: dfb6ae4e14bd6 ("drm/i915/gvt: Handle orphan dmabuf_objs")
Signed-off-by: Tina Zhang <tina.zhang@intel.com>
Reviewed-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20200225053527.8336-2-tina.zhang@intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/i915/gvt/dmabuf.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/gpu/drm/i915/gvt/dmabuf.c
+++ b/drivers/gpu/drm/i915/gvt/dmabuf.c
@@ -95,12 +95,12 @@ static void dmabuf_gem_object_free(struc
 			dmabuf_obj = container_of(pos,
 					struct intel_vgpu_dmabuf_obj, list);
 			if (dmabuf_obj == obj) {
+				list_del(pos);
 				intel_gvt_hypervisor_put_vfio_device(vgpu);
 				idr_remove(&vgpu->object_idr,
 					   dmabuf_obj->dmabuf_id);
 				kfree(dmabuf_obj->info);
 				kfree(dmabuf_obj);
-				list_del(pos);
 				break;
 			}
 		}



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 58/87] drm/i915/gvt: Separate display reset from ALL_ENGINES reset
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (56 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 57/87] drm/i915/gvt: Fix orphan vgpu dmabuf_objs lifetime Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 59/87] hv_netvsc: Fix unwanted wakeup in netvsc_attach() Greg Kroah-Hartman
                   ` (32 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tina Zhang, Zhenyu Wang

From: Tina Zhang <tina.zhang@intel.com>

commit 3eb55e6f753a379e293395de8d5f3be28351a7f8 upstream.

ALL_ENGINES reset doesn't clobber display with the current gvt-g
supported platforms. Thus ALL_ENGINES reset shouldn't reset the
display engine registers emulated by gvt-g.

This fixes guest warning like

[ 14.622026] [drm] Initialized i915 1.6.0 20200114 for 0000:00:03.0 on minor 0
[ 14.967917] fbcon: i915drmfb (fb0) is primary device
[ 25.100188] [drm:drm_atomic_helper_wait_for_dependencies [drm_kms_helper]] E RROR [CRTC:51:pipe A] flip_done timed out
[ 25.100860] -----------[ cut here ]-----------
[ 25.100861] pll on state mismatch (expected 0, found 1)
[ 25.101024] WARNING: CPU: 1 PID: 30 at drivers/gpu/drm/i915/display/intel_dis play.c:14382 verify_single_dpll_state.isra.115+0x28f/0x320 [i915]
[ 25.101025] Modules linked in: intel_rapl_msr intel_rapl_common kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel i915 aesni_intel cr ypto_simd cryptd glue_helper cec rc_core video drm_kms_helper joydev drm input_l eds i2c_algo_bit serio_raw fb_sys_fops syscopyarea sysfillrect sysimgblt mac_hid qemu_fw_cfg sch_fq_codel parport_pc ppdev lp parport ip_tables x_tables autofs4 e1000 psmouse i2c_piix4 pata_acpi floppy
[ 25.101052] CPU: 1 PID: 30 Comm: kworker/u4:1 Not tainted 5.5.0+ #1
[ 25.101053] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1 .12.1-0-ga5cab58 04/01/2014
[ 25.101055] Workqueue: events_unbound async_run_entry_fn
[ 25.101092] RIP: 0010:verify_single_dpll_state.isra.115+0x28f/0x320 [i915]
[ 25.101093] Code: e0 d9 ff e9 a3 fe ff ff 80 3d e9 c2 11 00 00 44 89 f6 48 c7 c7 c0 9d 88 c0 75 3b e8 eb df d9 ff e9 c7 fe ff ff e8 d1 e0 ae c4 <0f> 0b e9 7a fe ff ff 80 3d c0 c2 11 00 00 8d 71 41 89 c2 48 c7 c7
[ 25.101093] RSP: 0018:ffffb1de80107878 EFLAGS: 00010286
[ 25.101094] RAX: 0000000000000000 RBX: ffffb1de80107884 RCX: 0000000000000007
[ 25.101095] RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff94fdfdd19740
[ 25.101095] RBP: ffffb1de80107938 R08: 0000000d6bfdc7b4 R09: 000000000000002b
[ 25.101096] R10: ffff94fdf82dc000 R11: 0000000000000225 R12: 00000000000001f8
[ 25.101096] R13: ffff94fdb3ca6a90 R14: ffff94fdb3ca0000 R15: 0000000000000000
[ 25.101097] FS: 0000000000000000(0000) GS:ffff94fdfdd00000(0000) knlGS:00000 00000000000
[ 25.101098] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 25.101098] CR2: 00007fbc3e2be9c8 CR3: 000000003339a003 CR4: 0000000000360ee0
[ 25.101101] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 25.101101] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 25.101102] Call Trace:
[ 25.101139] intel_atomic_commit_tail+0xde4/0x1520 [i915]
[ 25.101141] ? flush_workqueue_prep_pwqs+0xfa/0x130
[ 25.101142] ? flush_workqueue+0x198/0x3c0
[ 25.101174] intel_atomic_commit+0x2ad/0x320 [i915]
[ 25.101209] drm_atomic_commit+0x4a/0x50 [drm]
[ 25.101220] drm_client_modeset_commit_atomic+0x1c4/0x200 [drm]
[ 25.101231] drm_client_modeset_commit_force+0x47/0x170 [drm]
[ 25.101250] drm_fb_helper_restore_fbdev_mode_unlocked+0x4e/0xa0 [drm_kms_hel per]
[ 25.101255] drm_fb_helper_set_par+0x2d/0x60 [drm_kms_helper]
[ 25.101287] intel_fbdev_set_par+0x1a/0x40 [i915]
[ 25.101289] ? con_is_visible+0x2e/0x60
[ 25.101290] fbcon_init+0x378/0x600
[ 25.101292] visual_init+0xd5/0x130
[ 25.101296] do_bind_con_driver+0x217/0x430
[ 25.101297] do_take_over_console+0x7d/0x1b0
[ 25.101298] do_fbcon_takeover+0x5c/0xb0
[ 25.101299] fbcon_fb_registered+0x199/0x1a0
[ 25.101301] register_framebuffer+0x22c/0x330
[ 25.101306] __drm_fb_helper_initial_config_and_unlock+0x31a/0x520 [drm_kms_h elper]
[ 25.101311] drm_fb_helper_initial_config+0x35/0x40 [drm_kms_helper]
[ 25.101341] intel_fbdev_initial_config+0x18/0x30 [i915]
[ 25.101342] async_run_entry_fn+0x3c/0x150
[ 25.101343] process_one_work+0x1fd/0x3f0
[ 25.101344] worker_thread+0x34/0x410
[ 25.101346] kthread+0x121/0x140
[ 25.101346] ? process_one_work+0x3f0/0x3f0
[ 25.101347] ? kthread_park+0x90/0x90
[ 25.101350] ret_from_fork+0x35/0x40
[ 25.101351] --[ end trace b5b47d44cd998ba1 ]--

Fixes: 6294b61ba769 ("drm/i915/gvt: add missing display part reset for vGPU reset")
Signed-off-by: Tina Zhang <tina.zhang@intel.com>
Reviewed-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20200221023234.28635-1-tina.zhang@intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/i915/gvt/vgpu.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/gpu/drm/i915/gvt/vgpu.c
+++ b/drivers/gpu/drm/i915/gvt/vgpu.c
@@ -556,9 +556,9 @@ void intel_gvt_reset_vgpu_locked(struct
 
 		intel_vgpu_reset_mmio(vgpu, dmlr);
 		populate_pvinfo_page(vgpu);
-		intel_vgpu_reset_display(vgpu);
 
 		if (dmlr) {
+			intel_vgpu_reset_display(vgpu);
 			intel_vgpu_reset_cfg_space(vgpu);
 			/* only reset the failsafe mode when dmlr reset */
 			vgpu->failsafe = false;



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 59/87] hv_netvsc: Fix unwanted wakeup in netvsc_attach()
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (57 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 58/87] drm/i915/gvt: Separate display reset from ALL_ENGINES reset Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 60/87] usb: charger: assign specific number for enum value Greg Kroah-Hartman
                   ` (31 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Haiyang Zhang, David S. Miller

From: Haiyang Zhang <haiyangz@microsoft.com>

commit f6f13c125e05603f68f5bf31f045b95e6d493598 upstream.

When netvsc_attach() is called by operations like changing MTU, etc.,
an extra wakeup may happen while netvsc_attach() calling
rndis_filter_device_add() which sends rndis messages when queue is
stopped in netvsc_detach(). The completion message will wake up queue 0.

We can reproduce the issue by changing MTU etc., then the wake_queue
counter from "ethtool -S" will increase beyond stop_queue counter:
     stop_queue: 0
     wake_queue: 1
The issue causes queue wake up, and counter increment, no other ill
effects in current code. So we didn't see any network problem for now.

To fix this, initialize tx_disable to true, and set it to false when
the NIC is ready to be attached or registered.

Fixes: 7b2ee50c0cd5 ("hv_netvsc: common detach logic")
Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/hyperv/netvsc.c     |    2 +-
 drivers/net/hyperv/netvsc_drv.c |    3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

--- a/drivers/net/hyperv/netvsc.c
+++ b/drivers/net/hyperv/netvsc.c
@@ -110,7 +110,7 @@ static struct netvsc_device *alloc_net_d
 
 	init_waitqueue_head(&net_device->wait_drain);
 	net_device->destroy = false;
-	net_device->tx_disable = false;
+	net_device->tx_disable = true;
 
 	net_device->max_pkt = RNDIS_MAX_PKT_DEFAULT;
 	net_device->pkt_align = RNDIS_PKT_ALIGN_DEFAULT;
--- a/drivers/net/hyperv/netvsc_drv.c
+++ b/drivers/net/hyperv/netvsc_drv.c
@@ -984,6 +984,7 @@ static int netvsc_attach(struct net_devi
 	}
 
 	/* In any case device is now ready */
+	nvdev->tx_disable = false;
 	netif_device_attach(ndev);
 
 	/* Note: enable and attach happen when sub-channels setup */
@@ -2336,6 +2337,8 @@ static int netvsc_probe(struct hv_device
 	else
 		net->max_mtu = ETH_DATA_LEN;
 
+	nvdev->tx_disable = false;
+
 	ret = register_netdevice(net);
 	if (ret != 0) {
 		pr_err("Unable to register netdev.\n");



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 60/87] usb: charger: assign specific number for enum value
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (58 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 59/87] hv_netvsc: Fix unwanted wakeup in netvsc_attach() Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-04 17:27   ` Pavel Machek
  2020-03-03 17:43 ` [PATCH 4.19 61/87] s390/qeth: vnicc Fix EOPNOTSUPP precedence Greg Kroah-Hartman
                   ` (30 subsequent siblings)
  90 siblings, 1 reply; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Peter Chen, Sasha Levin

From: Peter Chen <peter.chen@nxp.com>

commit ca4b43c14cd88d28cfc6467d2fa075aad6818f1d upstream.

To work properly on every architectures and compilers, the enum value
needs to be specific numbers.

Suggested-by: Greg KH <gregkh@linuxfoundation.org>
Signed-off-by: Peter Chen <peter.chen@nxp.com>
Link: https://lore.kernel.org/r/1580537624-10179-1-git-send-email-peter.chen@nxp.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 include/uapi/linux/usb/charger.h |   16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

--- a/include/uapi/linux/usb/charger.h
+++ b/include/uapi/linux/usb/charger.h
@@ -14,18 +14,18 @@
  * ACA (Accessory Charger Adapters)
  */
 enum usb_charger_type {
-	UNKNOWN_TYPE,
-	SDP_TYPE,
-	DCP_TYPE,
-	CDP_TYPE,
-	ACA_TYPE,
+	UNKNOWN_TYPE = 0,
+	SDP_TYPE = 1,
+	DCP_TYPE = 2,
+	CDP_TYPE = 3,
+	ACA_TYPE = 4,
 };
 
 /* USB charger state */
 enum usb_charger_state {
-	USB_CHARGER_DEFAULT,
-	USB_CHARGER_PRESENT,
-	USB_CHARGER_ABSENT,
+	USB_CHARGER_DEFAULT = 0,
+	USB_CHARGER_PRESENT = 1,
+	USB_CHARGER_ABSENT = 2,
 };
 
 #endif /* _UAPI__LINUX_USB_CHARGER_H */



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 61/87] s390/qeth: vnicc Fix EOPNOTSUPP precedence
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (59 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 60/87] usb: charger: assign specific number for enum value Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 62/87] net: netlink: cap max groups which will be considered in netlink_bind() Greg Kroah-Hartman
                   ` (29 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Alexandra Winter, Julian Wiedmann,
	David S. Miller

From: Alexandra Winter <wintera@linux.ibm.com>

commit 6f3846f0955308b6d1b219419da42b8de2c08845 upstream.

When getting or setting VNICC parameters, the error code EOPNOTSUPP
should have precedence over EBUSY.

EBUSY is used because vnicc feature and bridgeport feature are mutually
exclusive, which is a temporary condition.
Whereas EOPNOTSUPP indicates that the HW does not support all or parts of
the vnicc feature.
This issue causes the vnicc sysfs params to show 'blocked by bridgeport'
for HW that does not support VNICC at all.

Fixes: caa1f0b10d18 ("s390/qeth: add VNICC enable/disable support")
Signed-off-by: Alexandra Winter <wintera@linux.ibm.com>
Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/s390/net/qeth_l2_main.c |   29 +++++++++++++----------------
 1 file changed, 13 insertions(+), 16 deletions(-)

--- a/drivers/s390/net/qeth_l2_main.c
+++ b/drivers/s390/net/qeth_l2_main.c
@@ -2148,15 +2148,14 @@ int qeth_l2_vnicc_set_state(struct qeth_
 
 	QETH_CARD_TEXT(card, 2, "vniccsch");
 
-	/* do not change anything if BridgePort is enabled */
-	if (qeth_bridgeport_is_in_use(card))
-		return -EBUSY;
-
 	/* check if characteristic and enable/disable are supported */
 	if (!(card->options.vnicc.sup_chars & vnicc) ||
 	    !(card->options.vnicc.set_char_sup & vnicc))
 		return -EOPNOTSUPP;
 
+	if (qeth_bridgeport_is_in_use(card))
+		return -EBUSY;
+
 	/* set enable/disable command and store wanted characteristic */
 	if (state) {
 		cmd = IPA_VNICC_ENABLE;
@@ -2202,14 +2201,13 @@ int qeth_l2_vnicc_get_state(struct qeth_
 
 	QETH_CARD_TEXT(card, 2, "vniccgch");
 
-	/* do not get anything if BridgePort is enabled */
-	if (qeth_bridgeport_is_in_use(card))
-		return -EBUSY;
-
 	/* check if characteristic is supported */
 	if (!(card->options.vnicc.sup_chars & vnicc))
 		return -EOPNOTSUPP;
 
+	if (qeth_bridgeport_is_in_use(card))
+		return -EBUSY;
+
 	/* if card is ready, query current VNICC state */
 	if (qeth_card_hw_is_reachable(card))
 		rc = qeth_l2_vnicc_query_chars(card);
@@ -2227,15 +2225,14 @@ int qeth_l2_vnicc_set_timeout(struct qet
 
 	QETH_CARD_TEXT(card, 2, "vniccsto");
 
-	/* do not change anything if BridgePort is enabled */
-	if (qeth_bridgeport_is_in_use(card))
-		return -EBUSY;
-
 	/* check if characteristic and set_timeout are supported */
 	if (!(card->options.vnicc.sup_chars & QETH_VNICC_LEARNING) ||
 	    !(card->options.vnicc.getset_timeout_sup & QETH_VNICC_LEARNING))
 		return -EOPNOTSUPP;
 
+	if (qeth_bridgeport_is_in_use(card))
+		return -EBUSY;
+
 	/* do we need to do anything? */
 	if (card->options.vnicc.learning_timeout == timeout)
 		return rc;
@@ -2264,14 +2261,14 @@ int qeth_l2_vnicc_get_timeout(struct qet
 
 	QETH_CARD_TEXT(card, 2, "vniccgto");
 
-	/* do not get anything if BridgePort is enabled */
-	if (qeth_bridgeport_is_in_use(card))
-		return -EBUSY;
-
 	/* check if characteristic and get_timeout are supported */
 	if (!(card->options.vnicc.sup_chars & QETH_VNICC_LEARNING) ||
 	    !(card->options.vnicc.getset_timeout_sup & QETH_VNICC_LEARNING))
 		return -EOPNOTSUPP;
+
+	if (qeth_bridgeport_is_in_use(card))
+		return -EBUSY;
+
 	/* if card is ready, get timeout. Otherwise, just return stored value */
 	*timeout = card->options.vnicc.learning_timeout;
 	if (qeth_card_hw_is_reachable(card))



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 62/87] net: netlink: cap max groups which will be considered in netlink_bind()
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (60 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 61/87] s390/qeth: vnicc Fix EOPNOTSUPP precedence Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 63/87] net: atlantic: fix use after free kasan warn Greg Kroah-Hartman
                   ` (28 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christophe Leroy, Richard Guy Briggs,
	Erhard F.,
	Nikolay Aleksandrov, David S. Miller

From: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>

commit 3a20773beeeeadec41477a5ba872175b778ff752 upstream.

Since nl_groups is a u32 we can't bind more groups via ->bind
(netlink_bind) call, but netlink has supported more groups via
setsockopt() for a long time and thus nlk->ngroups could be over 32.
Recently I added support for per-vlan notifications and increased the
groups to 33 for NETLINK_ROUTE which exposed an old bug in the
netlink_bind() code causing out-of-bounds access on archs where unsigned
long is 32 bits via test_bit() on a local variable. Fix this by capping the
maximum groups in netlink_bind() to BITS_PER_TYPE(u32), effectively
capping them at 32 which is the minimum of allocated groups and the
maximum groups which can be bound via netlink_bind().

CC: Christophe Leroy <christophe.leroy@c-s.fr>
CC: Richard Guy Briggs <rgb@redhat.com>
Fixes: 4f520900522f ("netlink: have netlink per-protocol bind function return an error code.")
Reported-by: Erhard F. <erhard_f@mailbox.org>
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/netlink/af_netlink.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1029,7 +1029,8 @@ static int netlink_bind(struct socket *s
 	if (nlk->netlink_bind && groups) {
 		int group;
 
-		for (group = 0; group < nlk->ngroups; group++) {
+		/* nl_groups is a u32, so cap the maximum groups we can bind */
+		for (group = 0; group < BITS_PER_TYPE(u32); group++) {
 			if (!test_bit(group, &groups))
 				continue;
 			err = nlk->netlink_bind(net, group + 1);
@@ -1048,7 +1049,7 @@ static int netlink_bind(struct socket *s
 			netlink_insert(sk, nladdr->nl_pid) :
 			netlink_autobind(sock);
 		if (err) {
-			netlink_undo_bind(nlk->ngroups, groups, sk);
+			netlink_undo_bind(BITS_PER_TYPE(u32), groups, sk);
 			goto unlock;
 		}
 	}



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 63/87] net: atlantic: fix use after free kasan warn
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (61 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 62/87] net: netlink: cap max groups which will be considered in netlink_bind() Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 64/87] net: atlantic: fix potential error handling Greg Kroah-Hartman
                   ` (27 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christophe Vu-Brugier, Igor Russkikh,
	Pavel Belous, Dmitry Bogdanov, David S. Miller

From: Pavel Belous <pbelous@marvell.com>

commit a4980919ad6a7be548d499bc5338015e1a9191c6 upstream.

skb->len is used to calculate statistics after xmit invocation.

Under a stress load it may happen that skb will be xmited,
rx interrupt will come and skb will be freed, all before xmit function
is even returned.

Eventually, skb->len will access unallocated area.

Moving stats calculation into tx_clean routine.

Fixes: 018423e90bee ("net: ethernet: aquantia: Add ring support code")
Reported-by: Christophe Vu-Brugier <cvubrugier@fastmail.fm>
Signed-off-by: Igor Russkikh <irusskikh@marvell.com>
Signed-off-by: Pavel Belous <pbelous@marvell.com>
Signed-off-by: Dmitry Bogdanov <dbogdanov@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/ethernet/aquantia/atlantic/aq_nic.c  |    4 ----
 drivers/net/ethernet/aquantia/atlantic/aq_ring.c |    7 +++++--
 2 files changed, 5 insertions(+), 6 deletions(-)

--- a/drivers/net/ethernet/aquantia/atlantic/aq_nic.c
+++ b/drivers/net/ethernet/aquantia/atlantic/aq_nic.c
@@ -530,10 +530,6 @@ int aq_nic_xmit(struct aq_nic_s *self, s
 	if (likely(frags)) {
 		err = self->aq_hw_ops->hw_ring_tx_xmit(self->aq_hw,
 						       ring, frags);
-		if (err >= 0) {
-			++ring->stats.tx.packets;
-			ring->stats.tx.bytes += skb->len;
-		}
 	} else {
 		err = NETDEV_TX_BUSY;
 	}
--- a/drivers/net/ethernet/aquantia/atlantic/aq_ring.c
+++ b/drivers/net/ethernet/aquantia/atlantic/aq_ring.c
@@ -162,9 +162,12 @@ bool aq_ring_tx_clean(struct aq_ring_s *
 			}
 		}
 
-		if (unlikely(buff->is_eop))
-			dev_kfree_skb_any(buff->skb);
+		if (unlikely(buff->is_eop)) {
+			++self->stats.rx.packets;
+			self->stats.tx.bytes += buff->skb->len;
 
+			dev_kfree_skb_any(buff->skb);
+		}
 		buff->pa = 0U;
 		buff->eop_index = 0xffffU;
 		self->sw_head = aq_ring_next_dx(self, self->sw_head);



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 64/87] net: atlantic: fix potential error handling
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (62 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 63/87] net: atlantic: fix use after free kasan warn Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 65/87] net/smc: no peer ID in CLC decline for SMCD Greg Kroah-Hartman
                   ` (26 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Pavel Belous, Igor Russkikh,
	Dmitry Bogdanov, David S. Miller

From: Pavel Belous <pbelous@marvell.com>

commit 380ec5b9af7f0d57dbf6ac067fd9f33cff2fef71 upstream.

Code inspection found that in case of mapping error we do return current
'ret' value. But beside error, it is used to count number of descriptors
allocated for the packet. In that case map_skb function could return '1'.

Changing it to return zero (number of mapped descriptors for skb)

Fixes: 018423e90bee ("net: ethernet: aquantia: Add ring support code")
Signed-off-by: Pavel Belous <pbelous@marvell.com>
Signed-off-by: Igor Russkikh <irusskikh@marvell.com>
Signed-off-by: Dmitry Bogdanov <dbogdanov@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/ethernet/aquantia/atlantic/aq_nic.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/drivers/net/ethernet/aquantia/atlantic/aq_nic.c
+++ b/drivers/net/ethernet/aquantia/atlantic/aq_nic.c
@@ -399,8 +399,10 @@ static unsigned int aq_nic_map_skb(struc
 				     dx_buff->len,
 				     DMA_TO_DEVICE);
 
-	if (unlikely(dma_mapping_error(aq_nic_get_dev(self), dx_buff->pa)))
+	if (unlikely(dma_mapping_error(aq_nic_get_dev(self), dx_buff->pa))) {
+		ret = 0;
 		goto exit;
+	}
 
 	first = dx_buff;
 	dx_buff->len_pkt = skb->len;



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 65/87] net/smc: no peer ID in CLC decline for SMCD
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (63 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 64/87] net: atlantic: fix potential error handling Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 66/87] net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE Greg Kroah-Hartman
                   ` (25 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ursula Braun, Karsten Graul, David S. Miller

From: Ursula Braun <ubraun@linux.ibm.com>

commit 369537c97024dca99303a8d4d6ab38b4f54d3909 upstream.

Just SMCR requires a CLC Peer ID, but not SMCD. The field should be
zero for SMCD.

Fixes: c758dfddc1b5 ("net/smc: add SMC-D support in CLC messages")
Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
Signed-off-by: Karsten Graul <kgraul@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/smc/smc_clc.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/net/smc/smc_clc.c
+++ b/net/smc/smc_clc.c
@@ -364,7 +364,9 @@ int smc_clc_send_decline(struct smc_sock
 	dclc.hdr.length = htons(sizeof(struct smc_clc_msg_decline));
 	dclc.hdr.version = SMC_CLC_V1;
 	dclc.hdr.flag = (peer_diag_info == SMC_CLC_DECL_SYNCERR) ? 1 : 0;
-	memcpy(dclc.id_for_peer, local_systemid, sizeof(local_systemid));
+	if (smc->conn.lgr && !smc->conn.lgr->is_smcd)
+		memcpy(dclc.id_for_peer, local_systemid,
+		       sizeof(local_systemid));
 	dclc.peer_diagnosis = htonl(peer_diag_info);
 	memcpy(dclc.trl.eyecatcher, SMC_EYECATCHER, sizeof(SMC_EYECATCHER));
 



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 66/87] net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (64 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 65/87] net/smc: no peer ID in CLC decline for SMCD Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 67/87] namei: only return -ECHILD from follow_dotdot_rcu() Greg Kroah-Hartman
                   ` (24 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sameeh Jubran, Saeed Bshara,
	Arthur Kiyanovski, David S. Miller

From: Arthur Kiyanovski <akiyano@amazon.com>

commit 470793a78ce344bd53d31e0c2d537f71ba957547 upstream.

As the name suggests ETH_RSS_HASH_NO_CHANGE is received upon changing
the key or indirection table using ethtool while keeping the same hash
function.

Also add a function for retrieving the current hash function from
the ena-com layer.

Fixes: 1738cd3ed342 ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)")
Signed-off-by: Sameeh Jubran <sameehj@amazon.com>
Signed-off-by: Saeed Bshara <saeedb@amazon.com>
Signed-off-by: Arthur Kiyanovski <akiyano@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/ethernet/amazon/ena/ena_com.c     |    5 +++++
 drivers/net/ethernet/amazon/ena/ena_com.h     |    8 ++++++++
 drivers/net/ethernet/amazon/ena/ena_ethtool.c |    3 +++
 3 files changed, 16 insertions(+)

--- a/drivers/net/ethernet/amazon/ena/ena_com.c
+++ b/drivers/net/ethernet/amazon/ena/ena_com.c
@@ -860,6 +860,11 @@ static void ena_com_hash_key_fill_defaul
 	hash_key->keys_num = sizeof(hash_key->key) / sizeof(u32);
 }
 
+int ena_com_get_current_hash_function(struct ena_com_dev *ena_dev)
+{
+	return ena_dev->rss.hash_func;
+}
+
 static int ena_com_hash_key_allocate(struct ena_com_dev *ena_dev)
 {
 	struct ena_rss *rss = &ena_dev->rss;
--- a/drivers/net/ethernet/amazon/ena/ena_com.h
+++ b/drivers/net/ethernet/amazon/ena/ena_com.h
@@ -632,6 +632,14 @@ int ena_com_rss_init(struct ena_com_dev
  */
 void ena_com_rss_destroy(struct ena_com_dev *ena_dev);
 
+/* ena_com_get_current_hash_function - Get RSS hash function
+ * @ena_dev: ENA communication layer struct
+ *
+ * Return the current hash function.
+ * @return: 0 or one of the ena_admin_hash_functions values.
+ */
+int ena_com_get_current_hash_function(struct ena_com_dev *ena_dev);
+
 /* ena_com_fill_hash_function - Fill RSS hash function
  * @ena_dev: ENA communication layer struct
  * @func: The hash function (Toeplitz or crc)
--- a/drivers/net/ethernet/amazon/ena/ena_ethtool.c
+++ b/drivers/net/ethernet/amazon/ena/ena_ethtool.c
@@ -749,6 +749,9 @@ static int ena_set_rxfh(struct net_devic
 	}
 
 	switch (hfunc) {
+	case ETH_RSS_HASH_NO_CHANGE:
+		func = ena_com_get_current_hash_function(ena_dev);
+		break;
 	case ETH_RSS_HASH_TOP:
 		func = ENA_ADMIN_TOEPLITZ;
 		break;



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 67/87] namei: only return -ECHILD from follow_dotdot_rcu()
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (65 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 66/87] net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:43 ` [PATCH 4.19 68/87] mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame() Greg Kroah-Hartman
                   ` (23 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Eric W. Biederman, Al Viro, Aleksa Sarai

From: Aleksa Sarai <cyphar@cyphar.com>

commit 2b98149c2377bff12be5dd3ce02ae0506e2dd613 upstream.

It's over-zealous to return hard errors under RCU-walk here, given that
a REF-walk will be triggered for all other cases handling ".." under
RCU.

The original purpose of this check was to ensure that if a rename occurs
such that a directory is moved outside of the bind-mount which the
resolution started in, it would be detected and blocked to avoid being
able to mess with paths outside of the bind-mount. However, triggering a
new REF-walk is just as effective a solution.

Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Fixes: 397d425dc26d ("vfs: Test for and handle paths that are unreachable from their mnt_root")
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/namei.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1368,7 +1368,7 @@ static int follow_dotdot_rcu(struct name
 			nd->path.dentry = parent;
 			nd->seq = seq;
 			if (unlikely(!path_connected(&nd->path)))
-				return -ENOENT;
+				return -ECHILD;
 			break;
 		} else {
 			struct mount *mnt = real_mount(nd->path.mnt);



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 68/87] mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame()
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (66 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 67/87] namei: only return -ECHILD from follow_dotdot_rcu() Greg Kroah-Hartman
@ 2020-03-03 17:43 ` Greg Kroah-Hartman
  2020-03-03 17:44 ` [PATCH 4.19 69/87] mwifiex: delete unused mwifiex_get_intf_num() Greg Kroah-Hartman
                   ` (22 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:43 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Brian Norris, Kalle Valo

From: Brian Norris <briannorris@chromium.org>

commit 70e5b8f445fd27fde0c5583460e82539a7242424 upstream.

Before commit 1e58252e334d ("mwifiex: Fix heap overflow in
mmwifiex_process_tdls_action_frame()"),
mwifiex_process_tdls_action_frame() already had too many magic numbers.
But this commit just added a ton more, in the name of checking for
buffer overflows. That seems like a really bad idea.

Let's make these magic numbers a little less magic, by
(a) factoring out 'pos[1]' as 'ie_len'
(b) using 'sizeof' on the appropriate source or destination fields where
    possible, instead of bare numbers
(c) dropping redundant checks, per below.

Regarding redundant checks: the beginning of the loop has this:

                if (pos + 2 + pos[1] > end)
                        break;

but then individual 'case's include stuff like this:

 			if (pos > end - 3)
 				return;
 			if (pos[1] != 1)
				return;

Note that the second 'return' (validating the length, pos[1]) combined
with the above condition (ensuring 'pos + 2 + length' doesn't exceed
'end'), makes the first 'return' (whose 'if' can be reworded as 'pos >
end - pos[1] - 2') redundant. Rather than unwind the magic numbers
there, just drop those conditions.

Fixes: 1e58252e334d ("mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame()")
Signed-off-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/wireless/marvell/mwifiex/tdls.c |   75 ++++++++++------------------
 1 file changed, 28 insertions(+), 47 deletions(-)

--- a/drivers/net/wireless/marvell/mwifiex/tdls.c
+++ b/drivers/net/wireless/marvell/mwifiex/tdls.c
@@ -897,7 +897,7 @@ void mwifiex_process_tdls_action_frame(s
 	u8 *peer, *pos, *end;
 	u8 i, action, basic;
 	u16 cap = 0;
-	int ie_len = 0;
+	int ies_len = 0;
 
 	if (len < (sizeof(struct ethhdr) + 3))
 		return;
@@ -919,7 +919,7 @@ void mwifiex_process_tdls_action_frame(s
 		pos = buf + sizeof(struct ethhdr) + 4;
 		/* payload 1+ category 1 + action 1 + dialog 1 */
 		cap = get_unaligned_le16(pos);
-		ie_len = len - sizeof(struct ethhdr) - TDLS_REQ_FIX_LEN;
+		ies_len = len - sizeof(struct ethhdr) - TDLS_REQ_FIX_LEN;
 		pos += 2;
 		break;
 
@@ -929,7 +929,7 @@ void mwifiex_process_tdls_action_frame(s
 		/* payload 1+ category 1 + action 1 + dialog 1 + status code 2*/
 		pos = buf + sizeof(struct ethhdr) + 6;
 		cap = get_unaligned_le16(pos);
-		ie_len = len - sizeof(struct ethhdr) - TDLS_RESP_FIX_LEN;
+		ies_len = len - sizeof(struct ethhdr) - TDLS_RESP_FIX_LEN;
 		pos += 2;
 		break;
 
@@ -937,7 +937,7 @@ void mwifiex_process_tdls_action_frame(s
 		if (len < (sizeof(struct ethhdr) + TDLS_CONFIRM_FIX_LEN))
 			return;
 		pos = buf + sizeof(struct ethhdr) + TDLS_CONFIRM_FIX_LEN;
-		ie_len = len - sizeof(struct ethhdr) - TDLS_CONFIRM_FIX_LEN;
+		ies_len = len - sizeof(struct ethhdr) - TDLS_CONFIRM_FIX_LEN;
 		break;
 	default:
 		mwifiex_dbg(priv->adapter, ERROR, "Unknown TDLS frame type.\n");
@@ -950,33 +950,33 @@ void mwifiex_process_tdls_action_frame(s
 
 	sta_ptr->tdls_cap.capab = cpu_to_le16(cap);
 
-	for (end = pos + ie_len; pos + 1 < end; pos += 2 + pos[1]) {
-		if (pos + 2 + pos[1] > end)
+	for (end = pos + ies_len; pos + 1 < end; pos += 2 + pos[1]) {
+		u8 ie_len = pos[1];
+
+		if (pos + 2 + ie_len > end)
 			break;
 
 		switch (*pos) {
 		case WLAN_EID_SUPP_RATES:
-			if (pos[1] > 32)
+			if (ie_len > sizeof(sta_ptr->tdls_cap.rates))
 				return;
-			sta_ptr->tdls_cap.rates_len = pos[1];
-			for (i = 0; i < pos[1]; i++)
+			sta_ptr->tdls_cap.rates_len = ie_len;
+			for (i = 0; i < ie_len; i++)
 				sta_ptr->tdls_cap.rates[i] = pos[i + 2];
 			break;
 
 		case WLAN_EID_EXT_SUPP_RATES:
-			if (pos[1] > 32)
+			if (ie_len > sizeof(sta_ptr->tdls_cap.rates))
 				return;
 			basic = sta_ptr->tdls_cap.rates_len;
-			if (pos[1] > 32 - basic)
+			if (ie_len > sizeof(sta_ptr->tdls_cap.rates) - basic)
 				return;
-			for (i = 0; i < pos[1]; i++)
+			for (i = 0; i < ie_len; i++)
 				sta_ptr->tdls_cap.rates[basic + i] = pos[i + 2];
-			sta_ptr->tdls_cap.rates_len += pos[1];
+			sta_ptr->tdls_cap.rates_len += ie_len;
 			break;
 		case WLAN_EID_HT_CAPABILITY:
-			if (pos > end - sizeof(struct ieee80211_ht_cap) - 2)
-				return;
-			if (pos[1] != sizeof(struct ieee80211_ht_cap))
+			if (ie_len != sizeof(struct ieee80211_ht_cap))
 				return;
 			/* copy the ie's value into ht_capb*/
 			memcpy((u8 *)&sta_ptr->tdls_cap.ht_capb, pos + 2,
@@ -984,59 +984,45 @@ void mwifiex_process_tdls_action_frame(s
 			sta_ptr->is_11n_enabled = 1;
 			break;
 		case WLAN_EID_HT_OPERATION:
-			if (pos > end -
-			    sizeof(struct ieee80211_ht_operation) - 2)
-				return;
-			if (pos[1] != sizeof(struct ieee80211_ht_operation))
+			if (ie_len != sizeof(struct ieee80211_ht_operation))
 				return;
 			/* copy the ie's value into ht_oper*/
 			memcpy(&sta_ptr->tdls_cap.ht_oper, pos + 2,
 			       sizeof(struct ieee80211_ht_operation));
 			break;
 		case WLAN_EID_BSS_COEX_2040:
-			if (pos > end - 3)
-				return;
-			if (pos[1] != 1)
+			if (ie_len != sizeof(pos[2]))
 				return;
 			sta_ptr->tdls_cap.coex_2040 = pos[2];
 			break;
 		case WLAN_EID_EXT_CAPABILITY:
-			if (pos > end - sizeof(struct ieee_types_header))
-				return;
-			if (pos[1] < sizeof(struct ieee_types_header))
+			if (ie_len < sizeof(struct ieee_types_header))
 				return;
-			if (pos[1] > 8)
+			if (ie_len > 8)
 				return;
 			memcpy((u8 *)&sta_ptr->tdls_cap.extcap, pos,
 			       sizeof(struct ieee_types_header) +
-			       min_t(u8, pos[1], 8));
+			       min_t(u8, ie_len, 8));
 			break;
 		case WLAN_EID_RSN:
-			if (pos > end - sizeof(struct ieee_types_header))
+			if (ie_len < sizeof(struct ieee_types_header))
 				return;
-			if (pos[1] < sizeof(struct ieee_types_header))
-				return;
-			if (pos[1] > IEEE_MAX_IE_SIZE -
+			if (ie_len > IEEE_MAX_IE_SIZE -
 			    sizeof(struct ieee_types_header))
 				return;
 			memcpy((u8 *)&sta_ptr->tdls_cap.rsn_ie, pos,
 			       sizeof(struct ieee_types_header) +
-			       min_t(u8, pos[1], IEEE_MAX_IE_SIZE -
+			       min_t(u8, ie_len, IEEE_MAX_IE_SIZE -
 				     sizeof(struct ieee_types_header)));
 			break;
 		case WLAN_EID_QOS_CAPA:
-			if (pos > end - 3)
-				return;
-			if (pos[1] != 1)
+			if (ie_len != sizeof(pos[2]))
 				return;
 			sta_ptr->tdls_cap.qos_info = pos[2];
 			break;
 		case WLAN_EID_VHT_OPERATION:
 			if (priv->adapter->is_hw_11ac_capable) {
-				if (pos > end -
-				    sizeof(struct ieee80211_vht_operation) - 2)
-					return;
-				if (pos[1] !=
+				if (ie_len !=
 				    sizeof(struct ieee80211_vht_operation))
 					return;
 				/* copy the ie's value into vhtoper*/
@@ -1046,10 +1032,7 @@ void mwifiex_process_tdls_action_frame(s
 			break;
 		case WLAN_EID_VHT_CAPABILITY:
 			if (priv->adapter->is_hw_11ac_capable) {
-				if (pos > end -
-				    sizeof(struct ieee80211_vht_cap) - 2)
-					return;
-				if (pos[1] != sizeof(struct ieee80211_vht_cap))
+				if (ie_len != sizeof(struct ieee80211_vht_cap))
 					return;
 				/* copy the ie's value into vhtcap*/
 				memcpy((u8 *)&sta_ptr->tdls_cap.vhtcap, pos + 2,
@@ -1059,9 +1042,7 @@ void mwifiex_process_tdls_action_frame(s
 			break;
 		case WLAN_EID_AID:
 			if (priv->adapter->is_hw_11ac_capable) {
-				if (pos > end - 4)
-					return;
-				if (pos[1] != 2)
+				if (ie_len != sizeof(u16))
 					return;
 				sta_ptr->tdls_cap.aid =
 					get_unaligned_le16((pos + 2));



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 69/87] mwifiex: delete unused mwifiex_get_intf_num()
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (67 preceding siblings ...)
  2020-03-03 17:43 ` [PATCH 4.19 68/87] mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame() Greg Kroah-Hartman
@ 2020-03-03 17:44 ` Greg Kroah-Hartman
  2020-03-03 17:44 ` [PATCH 4.19 70/87] KVM: SVM: Override default MMIO mask if memory encryption is enabled Greg Kroah-Hartman
                   ` (21 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:44 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Brian Norris, Kalle Valo

From: Brian Norris <briannorris@chromium.org>

commit 1c9f329b084b7b8ea6d60d91a202e884cdcf6aae upstream.

Commit 7afb94da3cd8 ("mwifiex: update set_mac_address logic") fixed the
only user of this function, partly because the author seems to have
noticed that, as written, it's on the borderline between highly
misleading and buggy.

Anyway, no sense in keeping dead code around: let's drop it.

Fixes: 7afb94da3cd8 ("mwifiex: update set_mac_address logic")
Signed-off-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/wireless/marvell/mwifiex/main.h |   13 -------------
 1 file changed, 13 deletions(-)

--- a/drivers/net/wireless/marvell/mwifiex/main.h
+++ b/drivers/net/wireless/marvell/mwifiex/main.h
@@ -1294,19 +1294,6 @@ mwifiex_copy_rates(u8 *dest, u32 pos, u8
 	return pos;
 }
 
-/* This function return interface number with the same bss_type.
- */
-static inline u8
-mwifiex_get_intf_num(struct mwifiex_adapter *adapter, u8 bss_type)
-{
-	u8 i, num = 0;
-
-	for (i = 0; i < adapter->priv_num; i++)
-		if (adapter->priv[i] && adapter->priv[i]->bss_type == bss_type)
-			num++;
-	return num;
-}
-
 /*
  * This function returns the correct private structure pointer based
  * upon the BSS type and BSS number.



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 70/87] KVM: SVM: Override default MMIO mask if memory encryption is enabled
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (68 preceding siblings ...)
  2020-03-03 17:44 ` [PATCH 4.19 69/87] mwifiex: delete unused mwifiex_get_intf_num() Greg Kroah-Hartman
@ 2020-03-03 17:44 ` Greg Kroah-Hartman
  2020-03-03 17:44 ` [PATCH 4.19 71/87] KVM: Check for a bad hva before dropping into the ghc slow path Greg Kroah-Hartman
                   ` (20 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:44 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sean Christopherson, Tom Lendacky,
	Paolo Bonzini

From: Tom Lendacky <thomas.lendacky@amd.com>

commit 52918ed5fcf05d97d257f4131e19479da18f5d16 upstream.

The KVM MMIO support uses bit 51 as the reserved bit to cause nested page
faults when a guest performs MMIO. The AMD memory encryption support uses
a CPUID function to define the encryption bit position. Given this, it is
possible that these bits can conflict.

Use svm_hardware_setup() to override the MMIO mask if memory encryption
support is enabled. Various checks are performed to ensure that the mask
is properly defined and rsvd_bits() is used to generate the new mask (as
was done prior to the change that necessitated this patch).

Fixes: 28a1f3ac1d0c ("kvm: x86: Set highest physical address bits in non-present/reserved SPTEs")
Suggested-by: Sean Christopherson <sean.j.christopherson@intel.com>
Reviewed-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/kvm/svm.c |   43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)

--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -1298,6 +1298,47 @@ static void shrink_ple_window(struct kvm
 				    control->pause_filter_count, old);
 }
 
+/*
+ * The default MMIO mask is a single bit (excluding the present bit),
+ * which could conflict with the memory encryption bit. Check for
+ * memory encryption support and override the default MMIO mask if
+ * memory encryption is enabled.
+ */
+static __init void svm_adjust_mmio_mask(void)
+{
+	unsigned int enc_bit, mask_bit;
+	u64 msr, mask;
+
+	/* If there is no memory encryption support, use existing mask */
+	if (cpuid_eax(0x80000000) < 0x8000001f)
+		return;
+
+	/* If memory encryption is not enabled, use existing mask */
+	rdmsrl(MSR_K8_SYSCFG, msr);
+	if (!(msr & MSR_K8_SYSCFG_MEM_ENCRYPT))
+		return;
+
+	enc_bit = cpuid_ebx(0x8000001f) & 0x3f;
+	mask_bit = boot_cpu_data.x86_phys_bits;
+
+	/* Increment the mask bit if it is the same as the encryption bit */
+	if (enc_bit == mask_bit)
+		mask_bit++;
+
+	/*
+	 * If the mask bit location is below 52, then some bits above the
+	 * physical addressing limit will always be reserved, so use the
+	 * rsvd_bits() function to generate the mask. This mask, along with
+	 * the present bit, will be used to generate a page fault with
+	 * PFER.RSV = 1.
+	 *
+	 * If the mask bit location is 52 (or above), then clear the mask.
+	 */
+	mask = (mask_bit < 52) ? rsvd_bits(mask_bit, 51) | PT_PRESENT_MASK : 0;
+
+	kvm_mmu_set_mmio_spte_mask(mask, PT_WRITABLE_MASK | PT_USER_MASK);
+}
+
 static __init int svm_hardware_setup(void)
 {
 	int cpu;
@@ -1352,6 +1393,8 @@ static __init int svm_hardware_setup(voi
 		}
 	}
 
+	svm_adjust_mmio_mask();
+
 	for_each_possible_cpu(cpu) {
 		r = svm_cpu_init(cpu);
 		if (r)



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 71/87] KVM: Check for a bad hva before dropping into the ghc slow path
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (69 preceding siblings ...)
  2020-03-03 17:44 ` [PATCH 4.19 70/87] KVM: SVM: Override default MMIO mask if memory encryption is enabled Greg Kroah-Hartman
@ 2020-03-03 17:44 ` Greg Kroah-Hartman
  2020-03-03 17:44 ` [PATCH 4.19 72/87] sched/fair: Optimize update_blocked_averages() Greg Kroah-Hartman
                   ` (19 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:44 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jim Mattson, Andrew Honig,
	Sean Christopherson, Paolo Bonzini

From: Sean Christopherson <sean.j.christopherson@intel.com>

commit fcfbc617547fc6d9552cb6c1c563b6a90ee98085 upstream.

When reading/writing using the guest/host cache, check for a bad hva
before checking for a NULL memslot, which triggers the slow path for
handing cross-page accesses.  Because the memslot is nullified on error
by __kvm_gfn_to_hva_cache_init(), if the bad hva is encountered after
crossing into a new page, then the kvm_{read,write}_guest() slow path
could potentially write/access the first chunk prior to detecting the
bad hva.

Arguably, performing a partial access is semantically correct from an
architectural perspective, but that behavior is certainly not intended.
In the original implementation, memslot was not explicitly nullified
and therefore the partial access behavior varied based on whether the
memslot itself was null, or if the hva was simply bad.  The current
behavior was introduced as a seemingly unintentional side effect in
commit f1b9dd5eb86c ("kvm: Disallow wraparound in
kvm_gfn_to_hva_cache_init"), which justified the change with "since some
callers don't check the return code from this function, it sit seems
prudent to clear ghc->memslot in the event of an error".

Regardless of intent, the partial access is dependent on _not_ checking
the result of the cache initialization, which is arguably a bug in its
own right, at best simply weird.

Fixes: 8f964525a121 ("KVM: Allow cross page reads and writes from cached translations.")
Cc: Jim Mattson <jmattson@google.com>
Cc: Andrew Honig <ahonig@google.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 virt/kvm/kvm_main.c |   12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -2024,12 +2024,12 @@ int kvm_write_guest_offset_cached(struct
 	if (slots->generation != ghc->generation)
 		__kvm_gfn_to_hva_cache_init(slots, ghc, ghc->gpa, ghc->len);
 
-	if (unlikely(!ghc->memslot))
-		return kvm_write_guest(kvm, gpa, data, len);
-
 	if (kvm_is_error_hva(ghc->hva))
 		return -EFAULT;
 
+	if (unlikely(!ghc->memslot))
+		return kvm_write_guest(kvm, gpa, data, len);
+
 	r = __copy_to_user((void __user *)ghc->hva + offset, data, len);
 	if (r)
 		return -EFAULT;
@@ -2057,12 +2057,12 @@ int kvm_read_guest_cached(struct kvm *kv
 	if (slots->generation != ghc->generation)
 		__kvm_gfn_to_hva_cache_init(slots, ghc, ghc->gpa, ghc->len);
 
-	if (unlikely(!ghc->memslot))
-		return kvm_read_guest(kvm, ghc->gpa, data, len);
-
 	if (kvm_is_error_hva(ghc->hva))
 		return -EFAULT;
 
+	if (unlikely(!ghc->memslot))
+		return kvm_read_guest(kvm, ghc->gpa, data, len);
+
 	r = __copy_from_user(data, (void __user *)ghc->hva, len);
 	if (r)
 		return -EFAULT;



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 72/87] sched/fair: Optimize update_blocked_averages()
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (70 preceding siblings ...)
  2020-03-03 17:44 ` [PATCH 4.19 71/87] KVM: Check for a bad hva before dropping into the ghc slow path Greg Kroah-Hartman
@ 2020-03-03 17:44 ` Greg Kroah-Hartman
  2020-03-03 17:44 ` [PATCH 4.19 73/87] sched/fair: Fix O(nr_cgroups) in the load balancing path Greg Kroah-Hartman
                   ` (18 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:44 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Vincent Guittot,
	Peter Zijlstra (Intel),
	Linus Torvalds, Thomas Gleixner, sargun, tj, xiexiuqi,
	xiezhipeng1, Ingo Molnar, Vishnu Rangayyan

From: Vincent Guittot <vincent.guittot@linaro.org>

commit 31bc6aeaab1d1de8959b67edbed5c7a4b3cdbe7c upstream.

Removing a cfs_rq from rq->leaf_cfs_rq_list can break the parent/child
ordering of the list when it will be added back. In order to remove an
empty and fully decayed cfs_rq, we must remove its children too, so they
will be added back in the right order next time.

With a normal decay of PELT, a parent will be empty and fully decayed
if all children are empty and fully decayed too. In such a case, we just
have to ensure that the whole branch will be added when a new task is
enqueued. This is default behavior since :

  commit f6783319737f ("sched/fair: Fix insertion in rq->leaf_cfs_rq_list")

In case of throttling, the PELT of throttled cfs_rq will not be updated
whereas the parent will. This breaks the assumption made above unless we
remove the children of a cfs_rq that is throttled. Then, they will be
added back when unthrottled and a sched_entity will be enqueued.

As throttled cfs_rq are now removed from the list, we can remove the
associated test in update_blocked_averages().

Signed-off-by: Vincent Guittot <vincent.guittot@linaro.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: sargun@sargun.me
Cc: tj@kernel.org
Cc: xiexiuqi@huawei.com
Cc: xiezhipeng1@huawei.com
Link: https://lkml.kernel.org/r/1549469662-13614-2-git-send-email-vincent.guittot@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: Vishnu Rangayyan <vishnu.rangayyan@apple.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 kernel/sched/fair.c |   26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -353,6 +353,18 @@ static inline bool list_add_leaf_cfs_rq(
 static inline void list_del_leaf_cfs_rq(struct cfs_rq *cfs_rq)
 {
 	if (cfs_rq->on_list) {
+		struct rq *rq = rq_of(cfs_rq);
+
+		/*
+		 * With cfs_rq being unthrottled/throttled during an enqueue,
+		 * it can happen the tmp_alone_branch points the a leaf that
+		 * we finally want to del. In this case, tmp_alone_branch moves
+		 * to the prev element but it will point to rq->leaf_cfs_rq_list
+		 * at the end of the enqueue.
+		 */
+		if (rq->tmp_alone_branch == &cfs_rq->leaf_cfs_rq_list)
+			rq->tmp_alone_branch = cfs_rq->leaf_cfs_rq_list.prev;
+
 		list_del_rcu(&cfs_rq->leaf_cfs_rq_list);
 		cfs_rq->on_list = 0;
 	}
@@ -4441,6 +4453,10 @@ static int tg_unthrottle_up(struct task_
 		/* adjust cfs_rq_clock_task() */
 		cfs_rq->throttled_clock_task_time += rq_clock_task(rq) -
 					     cfs_rq->throttled_clock_task;
+
+		/* Add cfs_rq with already running entity in the list */
+		if (cfs_rq->nr_running >= 1)
+			list_add_leaf_cfs_rq(cfs_rq);
 	}
 
 	return 0;
@@ -4452,8 +4468,10 @@ static int tg_throttle_down(struct task_
 	struct cfs_rq *cfs_rq = tg->cfs_rq[cpu_of(rq)];
 
 	/* group is entering throttled state, stop time */
-	if (!cfs_rq->throttle_count)
+	if (!cfs_rq->throttle_count) {
 		cfs_rq->throttled_clock_task = rq_clock_task(rq);
+		list_del_leaf_cfs_rq(cfs_rq);
+	}
 	cfs_rq->throttle_count++;
 
 	return 0;
@@ -4556,6 +4574,8 @@ void unthrottle_cfs_rq(struct cfs_rq *cf
 			break;
 	}
 
+	assert_list_leaf_cfs_rq(rq);
+
 	if (!se)
 		add_nr_running(rq, task_delta);
 
@@ -7459,10 +7479,6 @@ static void update_blocked_averages(int
 	for_each_leaf_cfs_rq(rq, cfs_rq) {
 		struct sched_entity *se;
 
-		/* throttled entities do not contribute to load */
-		if (throttled_hierarchy(cfs_rq))
-			continue;
-
 		if (update_cfs_rq_load_avg(cfs_rq_clock_task(cfs_rq), cfs_rq))
 			update_tg_load_avg(cfs_rq, 0);
 



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 73/87] sched/fair: Fix O(nr_cgroups) in the load balancing path
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (71 preceding siblings ...)
  2020-03-03 17:44 ` [PATCH 4.19 72/87] sched/fair: Optimize update_blocked_averages() Greg Kroah-Hartman
@ 2020-03-03 17:44 ` Greg Kroah-Hartman
  2020-03-03 17:44 ` [PATCH 4.19 74/87] perf stat: Use perf_evsel__is_clocki() for clock events Greg Kroah-Hartman
                   ` (17 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:44 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Vincent Guittot,
	Peter Zijlstra (Intel),
	Linus Torvalds, Thomas Gleixner, sargun, tj, xiexiuqi,
	xiezhipeng1, Ingo Molnar, Vishnu Rangayyan

From: Vincent Guittot <vincent.guittot@linaro.org>

commit 039ae8bcf7a5f4476f4487e6bf816885fb3fb617 upstream.

This re-applies the commit reverted here:

  commit c40f7d74c741 ("sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c")

I.e. now that cfs_rq can be safely removed/added in the list, we can re-apply:

 commit a9e7f6544b9c ("sched/fair: Fix O(nr_cgroups) in load balance path")

Signed-off-by: Vincent Guittot <vincent.guittot@linaro.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: sargun@sargun.me
Cc: tj@kernel.org
Cc: xiexiuqi@huawei.com
Cc: xiezhipeng1@huawei.com
Link: https://lkml.kernel.org/r/1549469662-13614-3-git-send-email-vincent.guittot@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: Vishnu Rangayyan <vishnu.rangayyan@apple.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 kernel/sched/fair.c |   43 ++++++++++++++++++++++++++++++++++---------
 1 file changed, 34 insertions(+), 9 deletions(-)

--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -375,9 +375,10 @@ static inline void assert_list_leaf_cfs_
 	SCHED_WARN_ON(rq->tmp_alone_branch != &rq->leaf_cfs_rq_list);
 }
 
-/* Iterate through all cfs_rq's on a runqueue in bottom-up order */
-#define for_each_leaf_cfs_rq(rq, cfs_rq) \
-	list_for_each_entry_rcu(cfs_rq, &rq->leaf_cfs_rq_list, leaf_cfs_rq_list)
+/* Iterate thr' all leaf cfs_rq's on a runqueue */
+#define for_each_leaf_cfs_rq_safe(rq, cfs_rq, pos)			\
+	list_for_each_entry_safe(cfs_rq, pos, &rq->leaf_cfs_rq_list,	\
+				 leaf_cfs_rq_list)
 
 /* Do the two (enqueued) entities belong to the same group ? */
 static inline struct cfs_rq *
@@ -474,8 +475,8 @@ static inline void assert_list_leaf_cfs_
 {
 }
 
-#define for_each_leaf_cfs_rq(rq, cfs_rq)	\
-		for (cfs_rq = &rq->cfs; cfs_rq; cfs_rq = NULL)
+#define for_each_leaf_cfs_rq_safe(rq, cfs_rq, pos)	\
+		for (cfs_rq = &rq->cfs, pos = NULL; cfs_rq; cfs_rq = pos)
 
 static inline struct sched_entity *parent_entity(struct sched_entity *se)
 {
@@ -7461,10 +7462,27 @@ static inline bool others_have_blocked(s
 
 #ifdef CONFIG_FAIR_GROUP_SCHED
 
+static inline bool cfs_rq_is_decayed(struct cfs_rq *cfs_rq)
+{
+	if (cfs_rq->load.weight)
+		return false;
+
+	if (cfs_rq->avg.load_sum)
+		return false;
+
+	if (cfs_rq->avg.util_sum)
+		return false;
+
+	if (cfs_rq->avg.runnable_load_sum)
+		return false;
+
+	return true;
+}
+
 static void update_blocked_averages(int cpu)
 {
 	struct rq *rq = cpu_rq(cpu);
-	struct cfs_rq *cfs_rq;
+	struct cfs_rq *cfs_rq, *pos;
 	const struct sched_class *curr_class;
 	struct rq_flags rf;
 	bool done = true;
@@ -7476,7 +7494,7 @@ static void update_blocked_averages(int
 	 * Iterates the task_group tree in a bottom up fashion, see
 	 * list_add_leaf_cfs_rq() for details.
 	 */
-	for_each_leaf_cfs_rq(rq, cfs_rq) {
+	for_each_leaf_cfs_rq_safe(rq, cfs_rq, pos) {
 		struct sched_entity *se;
 
 		if (update_cfs_rq_load_avg(cfs_rq_clock_task(cfs_rq), cfs_rq))
@@ -7487,6 +7505,13 @@ static void update_blocked_averages(int
 		if (se && !skip_blocked_update(se))
 			update_load_avg(cfs_rq_of(se), se, 0);
 
+		/*
+		 * There can be a lot of idle CPU cgroups.  Don't let fully
+		 * decayed cfs_rqs linger on the list.
+		 */
+		if (cfs_rq_is_decayed(cfs_rq))
+			list_del_leaf_cfs_rq(cfs_rq);
+
 		/* Don't need periodic decay once load/util_avg are null */
 		if (cfs_rq_has_blocked(cfs_rq))
 			done = false;
@@ -10272,10 +10297,10 @@ const struct sched_class fair_sched_clas
 #ifdef CONFIG_SCHED_DEBUG
 void print_cfs_stats(struct seq_file *m, int cpu)
 {
-	struct cfs_rq *cfs_rq;
+	struct cfs_rq *cfs_rq, *pos;
 
 	rcu_read_lock();
-	for_each_leaf_cfs_rq(cpu_rq(cpu), cfs_rq)
+	for_each_leaf_cfs_rq_safe(cpu_rq(cpu), cfs_rq, pos)
 		print_cfs_rq(m, cpu, cfs_rq);
 	rcu_read_unlock();
 }



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 74/87] perf stat: Use perf_evsel__is_clocki() for clock events
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (72 preceding siblings ...)
  2020-03-03 17:44 ` [PATCH 4.19 73/87] sched/fair: Fix O(nr_cgroups) in the load balancing path Greg Kroah-Hartman
@ 2020-03-03 17:44 ` Greg Kroah-Hartman
  2020-03-03 17:44 ` [PATCH 4.19 75/87] perf stat: Fix shadow stats " Greg Kroah-Hartman
                   ` (16 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:44 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ravi Bangoria, Jiri Olsa,
	Alexander Shishkin, Anton Blanchard, Jin Yao, Namhyung Kim,
	Thomas Richter, yuzhoujian, Arnaldo Carvalho de Melo,
	Tommi Rantala

From: Ravi Bangoria <ravi.bangoria@linux.ibm.com>

commit eb08d006054e7e374592068919e32579988602d4 upstream.

We already have function to check if a given event is either
SW_CPU_CLOCK or SW_TASK_CLOCK. Utilize it.

Signed-off-by: Ravi Bangoria <ravi.bangoria@linux.ibm.com>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Anton Blanchard <anton@samba.org>
Cc: Jin Yao <yao.jin@linux.intel.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Thomas Richter <tmricht@linux.vnet.ibm.com>
Cc: yuzhoujian@didichuxing.com
Link: http://lkml.kernel.org/r/20181115095533.16930-1-ravi.bangoria@linux.ibm.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Tommi Rantala <tommi.t.rantala@nokia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 tools/perf/util/stat-shadow.c |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

--- a/tools/perf/util/stat-shadow.c
+++ b/tools/perf/util/stat-shadow.c
@@ -212,8 +212,7 @@ void perf_stat__update_shadow_stats(stru
 
 	count *= counter->scale;
 
-	if (perf_evsel__match(counter, SOFTWARE, SW_TASK_CLOCK) ||
-	    perf_evsel__match(counter, SOFTWARE, SW_CPU_CLOCK))
+	if (perf_evsel__is_clock(counter))
 		update_runtime_stat(st, STAT_NSECS, 0, cpu, count);
 	else if (perf_evsel__match(counter, HARDWARE, HW_CPU_CYCLES))
 		update_runtime_stat(st, STAT_CYCLES, ctx, cpu, count);



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 75/87] perf stat: Fix shadow stats for clock events
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (73 preceding siblings ...)
  2020-03-03 17:44 ` [PATCH 4.19 74/87] perf stat: Use perf_evsel__is_clocki() for clock events Greg Kroah-Hartman
@ 2020-03-03 17:44 ` Greg Kroah-Hartman
  2020-03-03 17:44 ` [PATCH 4.19 76/87] drivers: net: xgene: Fix the order of the arguments of alloc_etherdev_mqs() Greg Kroah-Hartman
                   ` (15 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:44 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jiri Olsa, Anton Blanchard,
	Ravi Bangoria, Jiri Olsa, Alexander Shishkin, Jin Yao,
	Namhyung Kim, Thomas Richter, yuzhoujian,
	Arnaldo Carvalho de Melo, Tommi Rantala

From: Ravi Bangoria <ravi.bangoria@linux.ibm.com>

commit 57ddf09173c1e7d0511ead8924675c7198e56545 upstream.

Commit 0aa802a79469 ("perf stat: Get rid of extra clock display
function") introduced scale and unit for clock events. Thus,
perf_stat__update_shadow_stats() now saves scaled values of clock events
in msecs, instead of original nsecs. But while calculating values of
shadow stats we still consider clock event values in nsecs. This results
in a wrong shadow stat values. Ex,

  # ./perf stat -e task-clock,cycles ls
    <SNIP>
              2.60 msec task-clock:u    #    0.877 CPUs utilized
         2,430,564      cycles:u        # 1215282.000 GHz

Fix this by saving original nsec values for clock events in
perf_stat__update_shadow_stats(). After patch:

  # ./perf stat -e task-clock,cycles ls
    <SNIP>
              3.14 msec task-clock:u    #    0.839 CPUs utilized
         3,094,528      cycles:u        #    0.985 GHz

Suggested-by: Jiri Olsa <jolsa@redhat.com>
Reported-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Ravi Bangoria <ravi.bangoria@linux.ibm.com>
Reviewed-by: Jiri Olsa <jolsa@kernel.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jin Yao <yao.jin@linux.intel.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Thomas Richter <tmricht@linux.vnet.ibm.com>
Cc: yuzhoujian@didichuxing.com
Fixes: 0aa802a79469 ("perf stat: Get rid of extra clock display function")
Link: http://lkml.kernel.org/r/20181116042843.24067-1-ravi.bangoria@linux.ibm.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Tommi Rantala <tommi.t.rantala@nokia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 tools/perf/util/stat-shadow.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/tools/perf/util/stat-shadow.c
+++ b/tools/perf/util/stat-shadow.c
@@ -209,11 +209,12 @@ void perf_stat__update_shadow_stats(stru
 				    int cpu, struct runtime_stat *st)
 {
 	int ctx = evsel_context(counter);
+	u64 count_ns = count;
 
 	count *= counter->scale;
 
 	if (perf_evsel__is_clock(counter))
-		update_runtime_stat(st, STAT_NSECS, 0, cpu, count);
+		update_runtime_stat(st, STAT_NSECS, 0, cpu, count_ns);
 	else if (perf_evsel__match(counter, HARDWARE, HW_CPU_CYCLES))
 		update_runtime_stat(st, STAT_CYCLES, ctx, cpu, count);
 	else if (perf_stat_evsel__is(counter, CYCLES_IN_TX))



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 76/87] drivers: net: xgene: Fix the order of the arguments of alloc_etherdev_mqs()
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (74 preceding siblings ...)
  2020-03-03 17:44 ` [PATCH 4.19 75/87] perf stat: Fix shadow stats " Greg Kroah-Hartman
@ 2020-03-03 17:44 ` Greg Kroah-Hartman
  2020-03-03 17:44 ` [PATCH 4.19 77/87] kprobes: Set unoptimized flag after unoptimizing code Greg Kroah-Hartman
                   ` (14 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:44 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, David S. Miller

From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>

commit 5a44c71ccda60a50073c5d7fe3f694cdfa3ab0c2 upstream.

'alloc_etherdev_mqs()' expects first 'tx', then 'rx'. The semantic here
looks reversed.

Reorder the arguments passed to 'alloc_etherdev_mqs()' in order to keep
the correct semantic.

In fact, this is a no-op because both XGENE_NUM_[RT]X_RING are 8.

Fixes: 107dec2749fe ("drivers: net: xgene: Add support for multiple queues")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/ethernet/apm/xgene/xgene_enet_main.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/net/ethernet/apm/xgene/xgene_enet_main.c
+++ b/drivers/net/ethernet/apm/xgene/xgene_enet_main.c
@@ -2034,7 +2034,7 @@ static int xgene_enet_probe(struct platf
 	int ret;
 
 	ndev = alloc_etherdev_mqs(sizeof(struct xgene_enet_pdata),
-				  XGENE_NUM_RX_RING, XGENE_NUM_TX_RING);
+				  XGENE_NUM_TX_RING, XGENE_NUM_RX_RING);
 	if (!ndev)
 		return -ENOMEM;
 



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 77/87] kprobes: Set unoptimized flag after unoptimizing code
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (75 preceding siblings ...)
  2020-03-03 17:44 ` [PATCH 4.19 76/87] drivers: net: xgene: Fix the order of the arguments of alloc_etherdev_mqs() Greg Kroah-Hartman
@ 2020-03-03 17:44 ` Greg Kroah-Hartman
  2020-03-03 17:44 ` [PATCH 4.19 78/87] pwm: omap-dmtimer: put_device() after of_find_device_by_node() Greg Kroah-Hartman
                   ` (13 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:44 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Alexei Starovoitov, Masami Hiramatsu,
	Andy Lutomirski, Borislav Petkov, Linus Torvalds, Peter Zijlstra,
	Steven Rostedt, Thomas Gleixner, bristot, Ingo Molnar

From: Masami Hiramatsu <mhiramat@kernel.org>

commit f66c0447cca1281116224d474cdb37d6a18e4b5b upstream.

Set the unoptimized flag after confirming the code is completely
unoptimized. Without this fix, when a kprobe hits the intermediate
modified instruction (the first byte is replaced by an INT3, but
later bytes can still be a jump address operand) while unoptimizing,
it can return to the middle byte of the modified code, which causes
an invalid instruction exception in the kernel.

Usually, this is a rare case, but if we put a probe on the function
call while text patching, it always causes a kernel panic as below:

 # echo p text_poke+5 > kprobe_events
 # echo 1 > events/kprobes/enable
 # echo 0 > events/kprobes/enable

invalid opcode: 0000 [#1] PREEMPT SMP PTI
 RIP: 0010:text_poke+0x9/0x50
 Call Trace:
  arch_unoptimize_kprobe+0x22/0x28
  arch_unoptimize_kprobes+0x39/0x87
  kprobe_optimizer+0x6e/0x290
  process_one_work+0x2a0/0x610
  worker_thread+0x28/0x3d0
  ? process_one_work+0x610/0x610
  kthread+0x10d/0x130
  ? kthread_park+0x80/0x80
  ret_from_fork+0x3a/0x50

text_poke() is used for patching the code in optprobes.

This can happen even if we blacklist text_poke() and other functions,
because there is a small time window during which we show the intermediate
code to other CPUs.

 [ mingo: Edited the changelog. ]

Tested-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: bristot@redhat.com
Fixes: 6274de4984a6 ("kprobes: Support delayed unoptimizing")
Link: https://lkml.kernel.org/r/157483422375.25881.13508326028469515760.stgit@devnote2
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 kernel/kprobes.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -523,6 +523,8 @@ static void do_unoptimize_kprobes(void)
 	arch_unoptimize_kprobes(&unoptimizing_list, &freeing_list);
 	/* Loop free_list for disarming */
 	list_for_each_entry_safe(op, tmp, &freeing_list, list) {
+		/* Switching from detour code to origin */
+		op->kp.flags &= ~KPROBE_FLAG_OPTIMIZED;
 		/* Disarm probes if marked disabled */
 		if (kprobe_disabled(&op->kp))
 			arch_disarm_kprobe(&op->kp);
@@ -662,6 +664,7 @@ static void force_unoptimize_kprobe(stru
 {
 	lockdep_assert_cpus_held();
 	arch_unoptimize_kprobe(op);
+	op->kp.flags &= ~KPROBE_FLAG_OPTIMIZED;
 	if (kprobe_disabled(&op->kp))
 		arch_disarm_kprobe(&op->kp);
 }
@@ -689,7 +692,6 @@ static void unoptimize_kprobe(struct kpr
 		return;
 	}
 
-	op->kp.flags &= ~KPROBE_FLAG_OPTIMIZED;
 	if (!list_empty(&op->list)) {
 		/* Dequeue from the optimization queue */
 		list_del_init(&op->list);



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 78/87] pwm: omap-dmtimer: put_device() after of_find_device_by_node()
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (76 preceding siblings ...)
  2020-03-03 17:44 ` [PATCH 4.19 77/87] kprobes: Set unoptimized flag after unoptimizing code Greg Kroah-Hartman
@ 2020-03-03 17:44 ` Greg Kroah-Hartman
  2020-03-03 17:44 ` [PATCH 4.19 79/87] perf hists browser: Restore ESC as "Zoom out" of DSO/thread/etc Greg Kroah-Hartman
                   ` (12 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:44 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Markus Elfring,
	Uwe Kleine-König, Thierry Reding

From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>

commit c7cb3a1dd53f63c64fb2b567d0be130b92a44d91 upstream.

This was found by coccicheck:

	drivers/pwm/pwm-omap-dmtimer.c:304:2-8: ERROR: missing put_device;
	call of_find_device_by_node on line 255, but without a corresponding
	object release within this function.

Reported-by: Markus Elfring <elfring@users.sourceforge.net>
Fixes: 6604c6556db9 ("pwm: Add PWM driver for OMAP using dual-mode timers")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Thierry Reding <thierry.reding@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/pwm/pwm-omap-dmtimer.c |   21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

--- a/drivers/pwm/pwm-omap-dmtimer.c
+++ b/drivers/pwm/pwm-omap-dmtimer.c
@@ -259,7 +259,7 @@ static int pwm_omap_dmtimer_probe(struct
 	if (!timer_pdev) {
 		dev_err(&pdev->dev, "Unable to find Timer pdev\n");
 		ret = -ENODEV;
-		goto put;
+		goto err_find_timer_pdev;
 	}
 
 	timer_pdata = dev_get_platdata(&timer_pdev->dev);
@@ -267,7 +267,7 @@ static int pwm_omap_dmtimer_probe(struct
 		dev_dbg(&pdev->dev,
 			 "dmtimer pdata structure NULL, deferring probe\n");
 		ret = -EPROBE_DEFER;
-		goto put;
+		goto err_platdata;
 	}
 
 	pdata = timer_pdata->timer_ops;
@@ -286,19 +286,19 @@ static int pwm_omap_dmtimer_probe(struct
 	    !pdata->write_counter) {
 		dev_err(&pdev->dev, "Incomplete dmtimer pdata structure\n");
 		ret = -EINVAL;
-		goto put;
+		goto err_platdata;
 	}
 
 	if (!of_get_property(timer, "ti,timer-pwm", NULL)) {
 		dev_err(&pdev->dev, "Missing ti,timer-pwm capability\n");
 		ret = -ENODEV;
-		goto put;
+		goto err_timer_property;
 	}
 
 	dm_timer = pdata->request_by_node(timer);
 	if (!dm_timer) {
 		ret = -EPROBE_DEFER;
-		goto put;
+		goto err_request_timer;
 	}
 
 	omap = devm_kzalloc(&pdev->dev, sizeof(*omap), GFP_KERNEL);
@@ -355,7 +355,14 @@ err_pwmchip_add:
 err_alloc_omap:
 
 	pdata->free(dm_timer);
-put:
+err_request_timer:
+
+err_timer_property:
+err_platdata:
+
+	put_device(&timer_pdev->dev);
+err_find_timer_pdev:
+
 	of_node_put(timer);
 
 	return ret;
@@ -375,6 +382,8 @@ static int pwm_omap_dmtimer_remove(struc
 
 	omap->pdata->free(omap->dm_timer);
 
+	put_device(&omap->dm_timer_pdev->dev);
+
 	mutex_destroy(&omap->mutex);
 
 	return 0;



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 79/87] perf hists browser: Restore ESC as "Zoom out" of DSO/thread/etc
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (77 preceding siblings ...)
  2020-03-03 17:44 ` [PATCH 4.19 78/87] pwm: omap-dmtimer: put_device() after of_find_device_by_node() Greg Kroah-Hartman
@ 2020-03-03 17:44 ` Greg Kroah-Hartman
  2020-03-03 17:44 ` [PATCH 4.19 80/87] KVM: x86: Remove spurious kvm_mmu_unload() from vcpu destruction path Greg Kroah-Hartman
                   ` (11 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:44 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jiri Olsa, Adrian Hunter,
	Namhyung Kim, Arnaldo Carvalho de Melo

From: Arnaldo Carvalho de Melo <acme@redhat.com>

commit 3f7774033e6820d25beee5cf7aefa11d4968b951 upstream.

We need to set actions->ms.map since 599a2f38a989 ("perf hists browser:
Check sort keys before hot key actions"), as in that patch we bail out
if map is NULL.

Reviewed-by: Jiri Olsa <jolsa@kernel.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Fixes: 599a2f38a989 ("perf hists browser: Check sort keys before hot key actions")
Link: https://lkml.kernel.org/n/tip-wp1ssoewy6zihwwexqpohv0j@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 tools/perf/ui/browsers/hists.c |    1 +
 1 file changed, 1 insertion(+)

--- a/tools/perf/ui/browsers/hists.c
+++ b/tools/perf/ui/browsers/hists.c
@@ -2931,6 +2931,7 @@ static int perf_evsel__hists_browse(stru
 
 				continue;
 			}
+			actions->ms.map = map;
 			top = pstack__peek(browser->pstack);
 			if (top == &browser->hists->dso_filter) {
 				/*



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 80/87] KVM: x86: Remove spurious kvm_mmu_unload() from vcpu destruction path
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (78 preceding siblings ...)
  2020-03-03 17:44 ` [PATCH 4.19 79/87] perf hists browser: Restore ESC as "Zoom out" of DSO/thread/etc Greg Kroah-Hartman
@ 2020-03-03 17:44 ` Greg Kroah-Hartman
  2020-03-03 17:44 ` [PATCH 4.19 81/87] KVM: x86: Remove spurious clearing of async #PF MSR Greg Kroah-Hartman
                   ` (10 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:44 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sean Christopherson, Paolo Bonzini

From: Sean Christopherson <sean.j.christopherson@intel.com>

commit 9d979c7e6ff43ca3200ffcb74f57415fd633a2da upstream.

x86 does not load its MMU until KVM_RUN, which cannot be invoked until
after vCPU creation succeeds.  Given that kvm_arch_vcpu_destroy() is
called if and only if vCPU creation fails, it is impossible for the MMU
to be loaded.

Note, the bogus kvm_mmu_unload() call was added during an unrelated
refactoring of vCPU allocation, i.e. was presumably added as an
opportunstic "fix" for a perceived leak.

Fixes: fb3f0f51d92d1 ("KVM: Dynamically allocate vcpus")
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/kvm/x86.c |    4 ----
 1 file changed, 4 deletions(-)

--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -8695,10 +8695,6 @@ void kvm_arch_vcpu_destroy(struct kvm_vc
 {
 	vcpu->arch.apf.msr_val = 0;
 
-	vcpu_load(vcpu);
-	kvm_mmu_unload(vcpu);
-	vcpu_put(vcpu);
-
 	kvm_arch_vcpu_free(vcpu);
 }
 



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 81/87] KVM: x86: Remove spurious clearing of async #PF MSR
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (79 preceding siblings ...)
  2020-03-03 17:44 ` [PATCH 4.19 80/87] KVM: x86: Remove spurious kvm_mmu_unload() from vcpu destruction path Greg Kroah-Hartman
@ 2020-03-03 17:44 ` Greg Kroah-Hartman
  2020-03-03 17:44 ` [PATCH 4.19 82/87] thermal: brcmstb_thermal: Do not use DT coefficients Greg Kroah-Hartman
                   ` (9 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:44 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sean Christopherson, Paolo Bonzini

From: Sean Christopherson <sean.j.christopherson@intel.com>

commit 208050dac5ef4de5cb83ffcafa78499c94d0b5ad upstream.

Remove a bogus clearing of apf.msr_val from kvm_arch_vcpu_destroy().

apf.msr_val is only set to a non-zero value by kvm_pv_enable_async_pf(),
which is only reachable by kvm_set_msr_common(), i.e. by writing
MSR_KVM_ASYNC_PF_EN.  KVM does not autonomously write said MSR, i.e.
can only be written via KVM_SET_MSRS or KVM_RUN.  Since KVM_SET_MSRS and
KVM_RUN are vcpu ioctls, they require a valid vcpu file descriptor.
kvm_arch_vcpu_destroy() is only called if KVM_CREATE_VCPU fails, and KVM
declares KVM_CREATE_VCPU successful once the vcpu fd is installed and
thus visible to userspace.  Ergo, apf.msr_val cannot be non-zero when
kvm_arch_vcpu_destroy() is called.

Fixes: 344d9588a9df0 ("KVM: Add PV MSR to enable asynchronous page faults delivery.")
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/kvm/x86.c |    2 --
 1 file changed, 2 deletions(-)

--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -8693,8 +8693,6 @@ void kvm_arch_vcpu_postcreate(struct kvm
 
 void kvm_arch_vcpu_destroy(struct kvm_vcpu *vcpu)
 {
-	vcpu->arch.apf.msr_val = 0;
-
 	kvm_arch_vcpu_free(vcpu);
 }
 



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 82/87] thermal: brcmstb_thermal: Do not use DT coefficients
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (80 preceding siblings ...)
  2020-03-03 17:44 ` [PATCH 4.19 81/87] KVM: x86: Remove spurious clearing of async #PF MSR Greg Kroah-Hartman
@ 2020-03-03 17:44 ` Greg Kroah-Hartman
  2020-03-03 17:44 ` [PATCH 4.19 83/87] netfilter: nft_tunnel: no need to call htons() when dumping ports Greg Kroah-Hartman
                   ` (8 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:44 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Florian Fainelli, Amit Kucheria,
	Daniel Lezcano

From: Florian Fainelli <f.fainelli@gmail.com>

commit e1ff6fc22f19e2af8adbad618526b80067911d40 upstream.

At the time the brcmstb_thermal driver and its binding were merged, the
DT binding did not make the coefficients properties a mandatory one,
therefore all users of the brcmstb_thermal driver out there have a non
functional implementation with zero coefficients. Even if these
properties were provided, the formula used for computation is incorrect.

The coefficients are entirely process specific (right now, only 28nm is
supported) and not board or SoC specific, it is therefore appropriate to
hard code them in the driver given the compatibility string we are
probed with which has to be updated whenever a new process is
introduced.

We remove the existing coefficients definition since subsequent patches
are going to add support for a new process and will introduce new
coefficients as well.

Fixes: 9e03cf1b2dd5 ("thermal: add brcmstb AVS TMON driver")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Reviewed-by: Amit Kucheria <amit.kucheria@linaro.org>
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Link: https://lore.kernel.org/r/20200114190607.29339-2-f.fainelli@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/thermal/broadcom/brcmstb_thermal.c |   31 ++++++++---------------------
 1 file changed, 9 insertions(+), 22 deletions(-)

--- a/drivers/thermal/broadcom/brcmstb_thermal.c
+++ b/drivers/thermal/broadcom/brcmstb_thermal.c
@@ -58,7 +58,7 @@
 #define AVS_TMON_TP_TEST_ENABLE		0x20
 
 /* Default coefficients */
-#define AVS_TMON_TEMP_SLOPE		-487
+#define AVS_TMON_TEMP_SLOPE		487
 #define AVS_TMON_TEMP_OFFSET		410040
 
 /* HW related temperature constants */
@@ -117,23 +117,12 @@ struct brcmstb_thermal_priv {
 	struct thermal_zone_device *thermal;
 };
 
-static void avs_tmon_get_coeffs(struct thermal_zone_device *tz, int *slope,
-				int *offset)
-{
-	*slope = thermal_zone_get_slope(tz);
-	*offset = thermal_zone_get_offset(tz);
-}
-
 /* Convert a HW code to a temperature reading (millidegree celsius) */
 static inline int avs_tmon_code_to_temp(struct thermal_zone_device *tz,
 					u32 code)
 {
-	const int val = code & AVS_TMON_TEMP_MASK;
-	int slope, offset;
-
-	avs_tmon_get_coeffs(tz, &slope, &offset);
-
-	return slope * val + offset;
+	return (AVS_TMON_TEMP_OFFSET -
+		(int)((code & AVS_TMON_TEMP_MAX) * AVS_TMON_TEMP_SLOPE));
 }
 
 /*
@@ -145,20 +134,18 @@ static inline int avs_tmon_code_to_temp(
 static inline u32 avs_tmon_temp_to_code(struct thermal_zone_device *tz,
 					int temp, bool low)
 {
-	int slope, offset;
-
 	if (temp < AVS_TMON_TEMP_MIN)
-		return AVS_TMON_TEMP_MAX; /* Maximum code value */
-
-	avs_tmon_get_coeffs(tz, &slope, &offset);
+		return AVS_TMON_TEMP_MAX;	/* Maximum code value */
 
-	if (temp >= offset)
+	if (temp >= AVS_TMON_TEMP_OFFSET)
 		return 0;	/* Minimum code value */
 
 	if (low)
-		return (u32)(DIV_ROUND_UP(offset - temp, abs(slope)));
+		return (u32)(DIV_ROUND_UP(AVS_TMON_TEMP_OFFSET - temp,
+					  AVS_TMON_TEMP_SLOPE));
 	else
-		return (u32)((offset - temp) / abs(slope));
+		return (u32)((AVS_TMON_TEMP_OFFSET - temp) /
+			      AVS_TMON_TEMP_SLOPE);
 }
 
 static int brcmstb_get_temp(void *data, int *temp)



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 83/87] netfilter: nft_tunnel: no need to call htons() when dumping ports
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (81 preceding siblings ...)
  2020-03-03 17:44 ` [PATCH 4.19 82/87] thermal: brcmstb_thermal: Do not use DT coefficients Greg Kroah-Hartman
@ 2020-03-03 17:44 ` Greg Kroah-Hartman
  2020-03-03 17:44 ` [PATCH 4.19 84/87] netfilter: nf_flowtable: fix documentation Greg Kroah-Hartman
                   ` (7 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:44 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Xin Long, Simon Horman, Pablo Neira Ayuso

From: Xin Long <lucien.xin@gmail.com>

commit cf3e204a1ca5442190018a317d9ec181b4639bd6 upstream.

info->key.tp_src and tp_dst are __be16, when using nla_put_be16()
to dump them, htons() is not needed, so remove it in this patch.

Fixes: af308b94a2a4 ("netfilter: nf_tables: add tunnel support")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/netfilter/nft_tunnel.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/net/netfilter/nft_tunnel.c
+++ b/net/netfilter/nft_tunnel.c
@@ -467,8 +467,8 @@ static int nft_tunnel_opts_dump(struct s
 static int nft_tunnel_ports_dump(struct sk_buff *skb,
 				 struct ip_tunnel_info *info)
 {
-	if (nla_put_be16(skb, NFTA_TUNNEL_KEY_SPORT, htons(info->key.tp_src)) < 0 ||
-	    nla_put_be16(skb, NFTA_TUNNEL_KEY_DPORT, htons(info->key.tp_dst)) < 0)
+	if (nla_put_be16(skb, NFTA_TUNNEL_KEY_SPORT, info->key.tp_src) < 0 ||
+	    nla_put_be16(skb, NFTA_TUNNEL_KEY_DPORT, info->key.tp_dst) < 0)
 		return -1;
 
 	return 0;



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 84/87] netfilter: nf_flowtable: fix documentation
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (82 preceding siblings ...)
  2020-03-03 17:44 ` [PATCH 4.19 83/87] netfilter: nft_tunnel: no need to call htons() when dumping ports Greg Kroah-Hartman
@ 2020-03-03 17:44 ` Greg Kroah-Hartman
  2020-03-03 17:44 ` [PATCH 4.19 85/87] padata: always acquire cpu_hotplug_lock before pinst->lock Greg Kroah-Hartman
                   ` (6 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:44 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Matteo Croce, Pablo Neira Ayuso

From: Matteo Croce <mcroce@redhat.com>

commit 78e06cf430934fc3768c342cbebdd1013dcd6fa7 upstream.

In the flowtable documentation there is a missing semicolon, the command
as is would give this error:

    nftables.conf:5:27-33: Error: syntax error, unexpected devices, expecting newline or semicolon
                    hook ingress priority 0 devices = { br0, pppoe-data };
                                            ^^^^^^^
    nftables.conf:4:12-13: Error: invalid hook (null)
            flowtable ft {
                      ^^

Fixes: 19b351f16fd9 ("netfilter: add flowtable documentation")
Signed-off-by: Matteo Croce <mcroce@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 Documentation/networking/nf_flowtable.txt |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/Documentation/networking/nf_flowtable.txt
+++ b/Documentation/networking/nf_flowtable.txt
@@ -76,7 +76,7 @@ flowtable and add one rule to your forwa
 
         table inet x {
 		flowtable f {
-			hook ingress priority 0 devices = { eth0, eth1 };
+			hook ingress priority 0; devices = { eth0, eth1 };
 		}
                 chain y {
                         type filter hook forward priority 0; policy accept;



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 85/87] padata: always acquire cpu_hotplug_lock before pinst->lock
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (83 preceding siblings ...)
  2020-03-03 17:44 ` [PATCH 4.19 84/87] netfilter: nf_flowtable: fix documentation Greg Kroah-Hartman
@ 2020-03-03 17:44 ` Greg Kroah-Hartman
  2020-03-03 17:44 ` [PATCH 4.19 86/87] mm/huge_memory.c: use head to check huge zero page Greg Kroah-Hartman
                   ` (5 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:44 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Daniel Jordan, Eric Biggers,
	Herbert Xu, Steffen Klassert, linux-crypto

From: Daniel Jordan <daniel.m.jordan@oracle.com>

commit 38228e8848cd7dd86ccb90406af32de0cad24be3 upstream.

lockdep complains when padata's paths to update cpumasks via CPU hotplug
and sysfs are both taken:

  # echo 0 > /sys/devices/system/cpu/cpu1/online
  # echo ff > /sys/kernel/pcrypt/pencrypt/parallel_cpumask

  ======================================================
  WARNING: possible circular locking dependency detected
  5.4.0-rc8-padata-cpuhp-v3+ #1 Not tainted
  ------------------------------------------------------
  bash/205 is trying to acquire lock:
  ffffffff8286bcd0 (cpu_hotplug_lock.rw_sem){++++}, at: padata_set_cpumask+0x2b/0x120

  but task is already holding lock:
  ffff8880001abfa0 (&pinst->lock){+.+.}, at: padata_set_cpumask+0x26/0x120

  which lock already depends on the new lock.

padata doesn't take cpu_hotplug_lock and pinst->lock in a consistent
order.  Which should be first?  CPU hotplug calls into padata with
cpu_hotplug_lock already held, so it should have priority.

Fixes: 6751fb3c0e0c ("padata: Use get_online_cpus/put_online_cpus")
Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Cc: Eric Biggers <ebiggers@kernel.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 kernel/padata.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/kernel/padata.c
+++ b/kernel/padata.c
@@ -671,8 +671,8 @@ int padata_set_cpumask(struct padata_ins
 	struct cpumask *serial_mask, *parallel_mask;
 	int err = -EINVAL;
 
-	mutex_lock(&pinst->lock);
 	get_online_cpus();
+	mutex_lock(&pinst->lock);
 
 	switch (cpumask_type) {
 	case PADATA_CPU_PARALLEL:
@@ -690,8 +690,8 @@ int padata_set_cpumask(struct padata_ins
 	err =  __padata_set_cpumasks(pinst, parallel_mask, serial_mask);
 
 out:
-	put_online_cpus();
 	mutex_unlock(&pinst->lock);
+	put_online_cpus();
 
 	return err;
 }



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 86/87] mm/huge_memory.c: use head to check huge zero page
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (84 preceding siblings ...)
  2020-03-03 17:44 ` [PATCH 4.19 85/87] padata: always acquire cpu_hotplug_lock before pinst->lock Greg Kroah-Hartman
@ 2020-03-03 17:44 ` Greg Kroah-Hartman
  2020-03-03 17:44 ` [PATCH 4.19 87/87] mm, thp: fix defrag setting if newline is not used Greg Kroah-Hartman
                   ` (4 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:44 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Wei Yang, Kirill A. Shutemov,
	Andrew Morton, Linus Torvalds

From: Wei Yang <richardw.yang@linux.intel.com>

commit cb829624867b5ab10bc6a7036d183b1b82bfe9f8 upstream.

The page could be a tail page, if this is the case, this BUG_ON will
never be triggered.

Link: http://lkml.kernel.org/r/20200110032610.26499-1-richardw.yang@linux.intel.com
Fixes: e9b61f19858a ("thp: reintroduce split_huge_page()")

Signed-off-by: Wei Yang <richardw.yang@linux.intel.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 mm/huge_memory.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -2661,7 +2661,7 @@ int split_huge_page_to_list(struct page
 	unsigned long flags;
 	pgoff_t end;
 
-	VM_BUG_ON_PAGE(is_huge_zero_page(page), page);
+	VM_BUG_ON_PAGE(is_huge_zero_page(head), head);
 	VM_BUG_ON_PAGE(!PageLocked(page), page);
 	VM_BUG_ON_PAGE(!PageCompound(page), page);
 



^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH 4.19 87/87] mm, thp: fix defrag setting if newline is not used
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (85 preceding siblings ...)
  2020-03-03 17:44 ` [PATCH 4.19 86/87] mm/huge_memory.c: use head to check huge zero page Greg Kroah-Hartman
@ 2020-03-03 17:44 ` Greg Kroah-Hartman
  2020-03-03 22:10 ` [PATCH 4.19 00/87] 4.19.108-stable review Jon Hunter
                   ` (3 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-03 17:44 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, David Rientjes, Andrew Morton,
	Vlastimil Babka, Mel Gorman, Linus Torvalds

From: David Rientjes <rientjes@google.com>

commit f42f25526502d851d0e3ca1e46297da8aafce8a7 upstream.

If thp defrag setting "defer" is used and a newline is *not* used when
writing to the sysfs file, this is interpreted as the "defer+madvise"
option.

This is because we do prefix matching and if five characters are written
without a newline, the current code ends up comparing to the first five
bytes of the "defer+madvise" option and using that instead.

Use the more appropriate sysfs_streq() that handles the trailing newline
for us.  Since this doubles as a nice cleanup, do it in enabled_store()
as well.

The current implementation relies on prefix matching: the number of
bytes compared is either the number of bytes written or the length of
the option being compared.  With a newline, "defer\n" does not match
"defer+"madvise"; without a newline, however, "defer" is considered to
match "defer+madvise" (prefix matching is only comparing the first five
bytes).  End result is that writing "defer" is broken unless it has an
additional trailing character.

This means that writing "madv" in the past would match and set
"madvise".  With strict checking, that no longer is the case but it is
unlikely anybody is currently doing this.

Link: http://lkml.kernel.org/r/alpine.DEB.2.21.2001171411020.56385@chino.kir.corp.google.com
Fixes: 21440d7eb904 ("mm, thp: add new defer+madvise defrag option")
Signed-off-by: David Rientjes <rientjes@google.com>
Suggested-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Mel Gorman <mgorman@techsingularity.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 mm/huge_memory.c |   24 ++++++++----------------
 1 file changed, 8 insertions(+), 16 deletions(-)

--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -173,16 +173,13 @@ static ssize_t enabled_store(struct kobj
 {
 	ssize_t ret = count;
 
-	if (!memcmp("always", buf,
-		    min(sizeof("always")-1, count))) {
+	if (sysfs_streq(buf, "always")) {
 		clear_bit(TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG, &transparent_hugepage_flags);
 		set_bit(TRANSPARENT_HUGEPAGE_FLAG, &transparent_hugepage_flags);
-	} else if (!memcmp("madvise", buf,
-			   min(sizeof("madvise")-1, count))) {
+	} else if (sysfs_streq(buf, "madvise")) {
 		clear_bit(TRANSPARENT_HUGEPAGE_FLAG, &transparent_hugepage_flags);
 		set_bit(TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG, &transparent_hugepage_flags);
-	} else if (!memcmp("never", buf,
-			   min(sizeof("never")-1, count))) {
+	} else if (sysfs_streq(buf, "never")) {
 		clear_bit(TRANSPARENT_HUGEPAGE_FLAG, &transparent_hugepage_flags);
 		clear_bit(TRANSPARENT_HUGEPAGE_REQ_MADV_FLAG, &transparent_hugepage_flags);
 	} else
@@ -246,32 +243,27 @@ static ssize_t defrag_store(struct kobje
 			    struct kobj_attribute *attr,
 			    const char *buf, size_t count)
 {
-	if (!memcmp("always", buf,
-		    min(sizeof("always")-1, count))) {
+	if (sysfs_streq(buf, "always")) {
 		clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_FLAG, &transparent_hugepage_flags);
 		clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_OR_MADV_FLAG, &transparent_hugepage_flags);
 		clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_REQ_MADV_FLAG, &transparent_hugepage_flags);
 		set_bit(TRANSPARENT_HUGEPAGE_DEFRAG_DIRECT_FLAG, &transparent_hugepage_flags);
-	} else if (!memcmp("defer+madvise", buf,
-		    min(sizeof("defer+madvise")-1, count))) {
+	} else if (sysfs_streq(buf, "defer+madvise")) {
 		clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_DIRECT_FLAG, &transparent_hugepage_flags);
 		clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_FLAG, &transparent_hugepage_flags);
 		clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_REQ_MADV_FLAG, &transparent_hugepage_flags);
 		set_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_OR_MADV_FLAG, &transparent_hugepage_flags);
-	} else if (!memcmp("defer", buf,
-		    min(sizeof("defer")-1, count))) {
+	} else if (sysfs_streq(buf, "defer")) {
 		clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_DIRECT_FLAG, &transparent_hugepage_flags);
 		clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_OR_MADV_FLAG, &transparent_hugepage_flags);
 		clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_REQ_MADV_FLAG, &transparent_hugepage_flags);
 		set_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_FLAG, &transparent_hugepage_flags);
-	} else if (!memcmp("madvise", buf,
-			   min(sizeof("madvise")-1, count))) {
+	} else if (sysfs_streq(buf, "madvise")) {
 		clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_DIRECT_FLAG, &transparent_hugepage_flags);
 		clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_FLAG, &transparent_hugepage_flags);
 		clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_OR_MADV_FLAG, &transparent_hugepage_flags);
 		set_bit(TRANSPARENT_HUGEPAGE_DEFRAG_REQ_MADV_FLAG, &transparent_hugepage_flags);
-	} else if (!memcmp("never", buf,
-			   min(sizeof("never")-1, count))) {
+	} else if (sysfs_streq(buf, "never")) {
 		clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_DIRECT_FLAG, &transparent_hugepage_flags);
 		clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_FLAG, &transparent_hugepage_flags);
 		clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_OR_MADV_FLAG, &transparent_hugepage_flags);



^ permalink raw reply	[flat|nested] 102+ messages in thread

* Re: [PATCH 4.19 00/87] 4.19.108-stable review
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (86 preceding siblings ...)
  2020-03-03 17:44 ` [PATCH 4.19 87/87] mm, thp: fix defrag setting if newline is not used Greg Kroah-Hartman
@ 2020-03-03 22:10 ` Jon Hunter
  2020-03-03 23:18 ` shuah
                   ` (2 subsequent siblings)
  90 siblings, 0 replies; 102+ messages in thread
From: Jon Hunter @ 2020-03-03 22:10 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: torvalds, akpm, linux, shuah, patches, ben.hutchings,
	lkft-triage, stable, linux-tegra


On 03/03/2020 17:42, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.108 release.
> There are 87 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Thu, 05 Mar 2020 17:43:27 +0000.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.108-rc1.gz
> or in the git tree and branch at:
> 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h

All tests passing for Tegra ...

Test results for stable-v4.19:
    11 builds:	11 pass, 0 fail
    22 boots:	22 pass, 0 fail
    32 tests:	32 pass, 0 fail

Linux version:	4.19.108-rc1-g619f84afab6a
Boards tested:	tegra124-jetson-tk1, tegra186-p2771-0000,
                tegra194-p2972-0000, tegra20-ventana,
                tegra210-p2371-2180, tegra30-cardhu-a04

Cheers
Jon

-- 
nvpublic

^ permalink raw reply	[flat|nested] 102+ messages in thread

* Re: [PATCH 4.19 00/87] 4.19.108-stable review
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (87 preceding siblings ...)
  2020-03-03 22:10 ` [PATCH 4.19 00/87] 4.19.108-stable review Jon Hunter
@ 2020-03-03 23:18 ` shuah
  2020-03-04  7:09 ` Naresh Kamboju
  2020-03-04 16:52 ` Guenter Roeck
  90 siblings, 0 replies; 102+ messages in thread
From: shuah @ 2020-03-03 23:18 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: torvalds, akpm, linux, patches, ben.hutchings, lkft-triage,
	stable, shuah

On 3/3/20 10:42 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.108 release.
> There are 87 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Thu, 05 Mar 2020 17:43:27 +0000.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.108-rc1.gz
> or in the git tree and branch at:
> 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h
> 

Compiled and booted on my test system. No dmesg regressions.

thanks,
-- Shuah


^ permalink raw reply	[flat|nested] 102+ messages in thread

* Re: [PATCH 4.19 00/87] 4.19.108-stable review
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (88 preceding siblings ...)
  2020-03-03 23:18 ` shuah
@ 2020-03-04  7:09 ` Naresh Kamboju
  2020-03-04 16:52 ` Guenter Roeck
  90 siblings, 0 replies; 102+ messages in thread
From: Naresh Kamboju @ 2020-03-04  7:09 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: open list, Linus Torvalds, Andrew Morton, Guenter Roeck,
	Shuah Khan, patches, Ben Hutchings, lkft-triage, linux- stable

On Tue, 3 Mar 2020 at 23:30, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 4.19.108 release.
> There are 87 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 05 Mar 2020 17:43:27 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
>         https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.108-rc1.gz
> or in the git tree and branch at:
>         git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h

Results from Linaro’s test farm.
Regressions detected on x86_64 and i386.

Test failure output:
CVE-2017-5715: VULN (IBRS+IBPB or retpoline+IBPB+RSB filling, is
needed to mitigate the vulnerability)

Test description:
CVE-2017-5715 branch target injection (Spectre Variant 2)

Impact: Kernel
Mitigation 1: new opcode via microcode update that should be used by
up to date compilers to protect the BTB (by flushing indirect branch
predictors)
Mitigation 2: introducing "retpoline" into compilers, and recompile
software/OS with it
Performance impact of the mitigation: high for mitigation 1, medium
for mitigation 2, depending on your CPU

ref:
https://github.com/speed47/spectre-meltdown-checker
https://qa-reports.linaro.org/lkft/linux-stable-rc-4.19-oe/build/v4.19.107-88-g619f84afab6a/testrun/1265077/log
https://qa-reports.linaro.org/lkft/linux-stable-rc-4.19-oe/tests/spectre-meltdown-checker-test/CVE-2017-5715

Summary
------------------------------------------------------------------------

kernel: 4.19.108-rc1
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-4.19.y
git commit: 619f84afab6af6b99d65c2e2c76cf7b899fca40e
git describe: v4.19.107-88-g619f84afab6a
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-4.19-oe/build/v4.19.107-88-g619f84afab6a

Regressions (compared to build v4.19.107)
------------------------------------------------------------------------

i386:
  spectre-meltdown-checker-test:
    * CVE-2017-5715

x86:
  spectre-meltdown-checker-test:
    * CVE-2017-5715

No fixes (compared to build v4.19.107)

Ran 21202 total tests in the following environments and test suites.

Environments
--------------
- dragonboard-410c - arm64
- hi6220-hikey - arm64
- i386
- juno-r2 - arm64
- nxp-ls2088
- qemu_arm
- qemu_arm64
- qemu_i386
- qemu_x86_64
- x15 - arm
- x86_64

Test Suites
-----------
* build
* install-android-platform-tools-r2600
* kselftest
* linux-log-parser
* perf
* libhugetlbfs
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-containers-tests
* ltp-cpuhotplug-tests
* ltp-cve-tests
* ltp-dio-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* ltp-nptl-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-syscalls-tests
* network-basic-tests
* spectre-meltdown-checker-test
* v4l2-compliance
* kvm-unit-tests
* ltp-crypto-tests
* ltp-cap_bounds-64k-page_size-tests
* ltp-cap_bounds-kasan-tests
* ltp-commands-64k-page_size-tests
* ltp-commands-kasan-tests
* ltp-containers-64k-page_size-tests
* ltp-containers-kasan-tests
* ltp-cpuhotplug-64k-page_size-tests
* ltp-cpuhotplug-kasan-tests
* ltp-crypto-64k-page_size-tests
* ltp-crypto-kasan-tests
* ltp-cve-64k-page_size-tests
* ltp-cve-kasan-tests
* ltp-dio-64k-page_size-tests
* ltp-dio-kasan-tests
* ltp-fcntl-locktests-64k-page_size-tests
* ltp-fcntl-locktests-kasan-tests
* ltp-filecaps-64k-page_size-tests
* ltp-filecaps-kasan-tests
* ltp-fs-64k-page_size-tests
* ltp-fs-kasan-tests
* ltp-fs_bind-64k-page_size-tests
* ltp-fs_bind-kasan-tests
* ltp-fs_perms_simple-64k-page_size-tests
* ltp-fs_perms_simple-kasan-tests
* ltp-fsx-64k-page_size-tests
* ltp-fsx-kasan-tests
* ltp-hugetlb-64k-page_size-tests
* ltp-hugetlb-kasan-tests
* ltp-io-64k-page_size-tests
* ltp-io-kasan-tests
* ltp-ipc-64k-page_size-tests
* ltp-ipc-kasan-tests
* ltp-math-64k-page_size-tests
* ltp-math-kasan-tests
* ltp-mm-64k-page_size-tests
* ltp-nptl-64k-page_size-tests
* ltp-nptl-kasan-tests
* ltp-pty-64k-page_size-tests
* ltp-pty-kasan-tests
* ltp-sched-64k-page_size-tests
* ltp-sched-kasan-tests
* ltp-securebits-64k-page_size-tests
* ltp-securebits-kasan-tests
* ltp-syscalls-64k-page_size-tests
* ltp-syscalls-compat-tests
* ltp-syscalls-kasan-tests
* ltp-open-posix-tests
* ssuite
* kselftest-vsyscall-mode-native
* kselftest-vsyscall-mode-none
* ltp-mm-kasan-tests

-- 
Linaro LKFT
https://lkft.linaro.org

^ permalink raw reply	[flat|nested] 102+ messages in thread

* Re: [PATCH 4.19 04/87] drm/msm: Set dma maximum segment size for mdss
  2020-03-03 17:42 ` [PATCH 4.19 04/87] drm/msm: Set dma maximum segment size for mdss Greg Kroah-Hartman
@ 2020-03-04 15:13   ` Pavel Machek
  2020-03-04 17:18     ` Greg Kroah-Hartman
  0 siblings, 1 reply; 102+ messages in thread
From: Pavel Machek @ 2020-03-04 15:13 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, stable, Stephen Boyd, Sai Prakash Ranjan,
	Rob Clark, Sean Paul, Douglas Anderson, Sasha Levin

[-- Attachment #1: Type: text/plain, Size: 1106 bytes --]

Hi!

> Turning on CONFIG_DMA_API_DEBUG_SG results in the following error:
> 
> [   12.078665] msm ae00000.mdss: DMA-API: mapping sg segment longer than device claims to support [len=3526656] [max=65536]
> [   12.089870] WARNING: CPU: 6 PID: 334 at
> /mnt/host/source/src/third_party/kernel/v4.19/kernel/dma/debug.c:1301
> debug_dma_map_sg+0x1dc/0x318

This one leaks resources in the (very improbable) case of error; it
needs to goto cleanup instead of simply returning.

> +++ b/drivers/gpu/drm/msm/msm_drv.c
> @@ -492,6 +492,14 @@ static int msm_drm_init(struct device *dev, struct drm_driver *drv)
>  	if (ret)
>  		goto err_msm_uninit;
>  
> +	if (!dev->dma_parms) {
> +		dev->dma_parms = devm_kzalloc(dev, sizeof(*dev->dma_parms),
> +					      GFP_KERNEL);
> +		if (!dev->dma_parms)
> +			return -ENOMEM;
> +	}
> +	dma_set_max_seg_size(dev, DMA_BIT_MASK(32));
> +
>  	msm_gem_shrinker_init(ddev);
>  

Best regards,
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

^ permalink raw reply	[flat|nested] 102+ messages in thread

* Re: [PATCH 4.19 05/87] sched/core: Dont skip remote tick for idle CPUs
  2020-03-03 17:42 ` [PATCH 4.19 05/87] sched/core: Dont skip remote tick for idle CPUs Greg Kroah-Hartman
@ 2020-03-04 15:15   ` Pavel Machek
  2020-03-04 17:17     ` Greg Kroah-Hartman
  0 siblings, 1 reply; 102+ messages in thread
From: Pavel Machek @ 2020-03-04 15:15 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, stable, Scott Wood, Peter Zijlstra (Intel),
	Ingo Molnar, Sasha Levin

[-- Attachment #1: Type: text/plain, Size: 842 bytes --]

Hi!

> [ Upstream commit 488603b815a7514c7009e6fc339d74ed4a30f343 ]
> 
> This will be used in the next patch to get a loadavg update from
> nohz cpus.  The delta check is skipped because idle_sched_class
> doesn't update se.exec_start.

I don't see the next patch queued for 4.19-stable. AFAICT this does
not fix anything without the subsequent patch?

Best regards,
								Pavel
								
> Signed-off-by: Scott Wood <swood@redhat.com>
> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
> Signed-off-by: Ingo Molnar <mingo@kernel.org>
> Link: https://lkml.kernel.org/r/1578736419-14628-2-git-send-email-swood@redhat.com
> Signed-off-by: Sasha Levin <sashal@kernel.org>

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

^ permalink raw reply	[flat|nested] 102+ messages in thread

* Re: [PATCH 4.19 00/87] 4.19.108-stable review
  2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
                   ` (89 preceding siblings ...)
  2020-03-04  7:09 ` Naresh Kamboju
@ 2020-03-04 16:52 ` Guenter Roeck
  90 siblings, 0 replies; 102+ messages in thread
From: Guenter Roeck @ 2020-03-04 16:52 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, torvalds, akpm, shuah, patches, ben.hutchings,
	lkft-triage, stable

On Tue, Mar 03, 2020 at 06:42:51PM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.108 release.
> There are 87 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Thu, 05 Mar 2020 17:43:27 +0000.
> Anything received after that time might be too late.
> 

Build results:
	total: 156 pass: 156 fail: 0
Qemu test results:
	total: 414 pass: 414 fail: 0

Guenetr

^ permalink raw reply	[flat|nested] 102+ messages in thread

* Re: [PATCH 4.19 05/87] sched/core: Dont skip remote tick for idle CPUs
  2020-03-04 15:15   ` Pavel Machek
@ 2020-03-04 17:17     ` Greg Kroah-Hartman
  0 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-04 17:17 UTC (permalink / raw)
  To: Pavel Machek
  Cc: linux-kernel, stable, Scott Wood, Peter Zijlstra (Intel),
	Ingo Molnar, Sasha Levin

On Wed, Mar 04, 2020 at 04:15:59PM +0100, Pavel Machek wrote:
> Hi!
> 
> > [ Upstream commit 488603b815a7514c7009e6fc339d74ed4a30f343 ]
> > 
> > This will be used in the next patch to get a loadavg update from
> > nohz cpus.  The delta check is skipped because idle_sched_class
> > doesn't update se.exec_start.
> 
> I don't see the next patch queued for 4.19-stable. AFAICT this does
> not fix anything without the subsequent patch?

Ah, good catch, that patch only made it into 5.4.y and 5.5.y, I'll drop
this from the 4.19 queue, thanks.

greg k-h

^ permalink raw reply	[flat|nested] 102+ messages in thread

* Re: [PATCH 4.19 04/87] drm/msm: Set dma maximum segment size for mdss
  2020-03-04 15:13   ` Pavel Machek
@ 2020-03-04 17:18     ` Greg Kroah-Hartman
  2020-03-09 10:14       ` [PATCH] drm/msm: fix leaks if initialization fails Pavel Machek
  0 siblings, 1 reply; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-04 17:18 UTC (permalink / raw)
  To: Pavel Machek
  Cc: linux-kernel, stable, Stephen Boyd, Sai Prakash Ranjan,
	Rob Clark, Sean Paul, Douglas Anderson, Sasha Levin

On Wed, Mar 04, 2020 at 04:13:16PM +0100, Pavel Machek wrote:
> Hi!
> 
> > Turning on CONFIG_DMA_API_DEBUG_SG results in the following error:
> > 
> > [   12.078665] msm ae00000.mdss: DMA-API: mapping sg segment longer than device claims to support [len=3526656] [max=65536]
> > [   12.089870] WARNING: CPU: 6 PID: 334 at
> > /mnt/host/source/src/third_party/kernel/v4.19/kernel/dma/debug.c:1301
> > debug_dma_map_sg+0x1dc/0x318
> 
> This one leaks resources in the (very improbable) case of error; it
> needs to goto cleanup instead of simply returning.
> 
> > +++ b/drivers/gpu/drm/msm/msm_drv.c
> > @@ -492,6 +492,14 @@ static int msm_drm_init(struct device *dev, struct drm_driver *drv)
> >  	if (ret)
> >  		goto err_msm_uninit;
> >  
> > +	if (!dev->dma_parms) {
> > +		dev->dma_parms = devm_kzalloc(dev, sizeof(*dev->dma_parms),
> > +					      GFP_KERNEL);
> > +		if (!dev->dma_parms)
> > +			return -ENOMEM;
> > +	}
> > +	dma_set_max_seg_size(dev, DMA_BIT_MASK(32));
> > +
> >  	msm_gem_shrinker_init(ddev);
> >  

Can you submit a patch to fix it?

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 102+ messages in thread

* Re: [PATCH 4.19 60/87] usb: charger: assign specific number for enum value
  2020-03-03 17:43 ` [PATCH 4.19 60/87] usb: charger: assign specific number for enum value Greg Kroah-Hartman
@ 2020-03-04 17:27   ` Pavel Machek
  2020-03-04 17:39     ` Greg Kroah-Hartman
  0 siblings, 1 reply; 102+ messages in thread
From: Pavel Machek @ 2020-03-04 17:27 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: linux-kernel, stable, Peter Chen, Sasha Levin

[-- Attachment #1: Type: text/plain, Size: 1906 bytes --]

On Tue 2020-03-03 18:43:51, Greg Kroah-Hartman wrote:
> From: Peter Chen <peter.chen@nxp.com>
> 
> commit ca4b43c14cd88d28cfc6467d2fa075aad6818f1d upstream.
> 
> To work properly on every architectures and compilers, the enum value
> needs to be specific numbers.

All compilers are expected to handle this in the same way, as this is
in C standard. This patch is not neccessary, and should not be in mainline,
either.

http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1124.pdf

6.7.2.2 Enumeration specifiers
Syntax
...
3 The identifiers in an enumerator list are declared as constants that have type int and
may appear wherever such are permitted.107) An enumerator with = defines its
enumeration constant as the value of the constant expression. If the first enumerator has
no =, the value of its enumeration constant is 0. Each subsequent enumerator with no =
defines its enumeration constant as the value of the constant expression obtained by
adding 1 to the value of the previous enumeration constant. (The use of enumerators with
= may produce enumeration constants with values that duplicate other values in the same
enumeration.) The enumerators of an enumeration are also known as its members.

Best regards,
								Pavel

>  enum usb_charger_type {
> -	UNKNOWN_TYPE,
> -	SDP_TYPE,
> -	DCP_TYPE,
> -	CDP_TYPE,
> -	ACA_TYPE,
> +	UNKNOWN_TYPE = 0,
> +	SDP_TYPE = 1,
> +	DCP_TYPE = 2,
> +	CDP_TYPE = 3,
> +	ACA_TYPE = 4,
>  };
>  
>  /* USB charger state */
>  enum usb_charger_state {
> -	USB_CHARGER_DEFAULT,
> -	USB_CHARGER_PRESENT,
> -	USB_CHARGER_ABSENT,
> +	USB_CHARGER_DEFAULT = 0,
> +	USB_CHARGER_PRESENT = 1,
> +	USB_CHARGER_ABSENT = 2,
>  };
>  
>  #endif /* _UAPI__LINUX_USB_CHARGER_H */
> 

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

^ permalink raw reply	[flat|nested] 102+ messages in thread

* Re: [PATCH 4.19 60/87] usb: charger: assign specific number for enum value
  2020-03-04 17:27   ` Pavel Machek
@ 2020-03-04 17:39     ` Greg Kroah-Hartman
  0 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-04 17:39 UTC (permalink / raw)
  To: Pavel Machek; +Cc: linux-kernel, stable, Peter Chen, Sasha Levin

On Wed, Mar 04, 2020 at 06:27:36PM +0100, Pavel Machek wrote:
> On Tue 2020-03-03 18:43:51, Greg Kroah-Hartman wrote:
> > From: Peter Chen <peter.chen@nxp.com>
> > 
> > commit ca4b43c14cd88d28cfc6467d2fa075aad6818f1d upstream.
> > 
> > To work properly on every architectures and compilers, the enum value
> > needs to be specific numbers.
> 
> All compilers are expected to handle this in the same way, as this is
> in C standard. This patch is not neccessary, and should not be in mainline,
> either.
> 
> http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1124.pdf
> 
> 6.7.2.2 Enumeration specifiers
> Syntax
> ...
> 3 The identifiers in an enumerator list are declared as constants that have type int and
> may appear wherever such are permitted.107) An enumerator with = defines its
> enumeration constant as the value of the constant expression. If the first enumerator has
> no =, the value of its enumeration constant is 0. Each subsequent enumerator with no =
> defines its enumeration constant as the value of the constant expression obtained by
> adding 1 to the value of the previous enumeration constant. (The use of enumerators with
> = may produce enumeration constants with values that duplicate other values in the same
> enumeration.) The enumerators of an enumeration are also known as its members.
> 
> Best regards,
> 								Pavel
> 
> >  enum usb_charger_type {
> > -	UNKNOWN_TYPE,
> > -	SDP_TYPE,
> > -	DCP_TYPE,
> > -	CDP_TYPE,
> > -	ACA_TYPE,
> > +	UNKNOWN_TYPE = 0,
> > +	SDP_TYPE = 1,
> > +	DCP_TYPE = 2,
> > +	CDP_TYPE = 3,
> > +	ACA_TYPE = 4,
> >  };

It specified that we need to do this by the in-kernel documentation
about how to write a solid api (which I can't find at the moment to
point you at, sorry...)  Also, you pointed at a draft C standard, is
that really implemented by older compilers?

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 102+ messages in thread

* Re: [PATCH 4.19 12/87] arm/ftrace: Fix BE text poking
  2020-03-03 17:43 ` [PATCH 4.19 12/87] arm/ftrace: Fix BE text poking Greg Kroah-Hartman
@ 2020-03-05 13:49   ` Pavel Machek
  2020-03-05 14:53     ` Greg Kroah-Hartman
  0 siblings, 1 reply; 102+ messages in thread
From: Pavel Machek @ 2020-03-05 13:49 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, stable, Dmitry Osipenko, Peter Zijlstra (Intel),
	Ingo Molnar, Sasha Levin

[-- Attachment #1: Type: text/plain, Size: 1928 bytes --]

Hi!

> From: Peter Zijlstra <peterz@infradead.org>
> 
> [ Upstream commit be993e44badc448add6a18d6f12b20615692c4c3 ]
> 
> The __patch_text() function already applies __opcode_to_mem_*(), so
> when __opcode_to_mem_*() is not the identity (BE*), it is applied
> twice, wrecking the instruction.
> 
> Fixes: 42e51f187f86 ("arm/ftrace: Use __patch_text()")

I don't see 42e51f187f86 anywhere. Mainline contains

commit 5a735583b764750726621b0396d03e4782911b77
Author: Peter Zijlstra <peterz@infradead.org>
Date:   Tue Oct 15 21:07:35 2019 +0200

    arm/ftrace: Use __patch_text()

But that one is not present in 4.19, so perhaps we should not need
this?

Best regards,
								Pavel

> Reported-by: Dmitry Osipenko <digetx@gmail.com>
> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
> Signed-off-by: Ingo Molnar <mingo@kernel.org>
> Tested-by: Dmitry Osipenko <digetx@gmail.com>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
> ---
>  arch/arm/kernel/ftrace.c | 7 ++-----
>  1 file changed, 2 insertions(+), 5 deletions(-)
> 
> diff --git a/arch/arm/kernel/ftrace.c b/arch/arm/kernel/ftrace.c
> index ee673c09aa6c0..dd0215fb6fe23 100644
> --- a/arch/arm/kernel/ftrace.c
> +++ b/arch/arm/kernel/ftrace.c
> @@ -106,13 +106,10 @@ static int ftrace_modify_code(unsigned long pc, unsigned long old,
>  {
>  	unsigned long replaced;
>  
> -	if (IS_ENABLED(CONFIG_THUMB2_KERNEL)) {
> +	if (IS_ENABLED(CONFIG_THUMB2_KERNEL))
>  		old = __opcode_to_mem_thumb32(old);
> -		new = __opcode_to_mem_thumb32(new);
> -	} else {
> +	else
>  		old = __opcode_to_mem_arm(old);
> -		new = __opcode_to_mem_arm(new);
> -	}
>  
>  	if (validate) {
>  		if (probe_kernel_read(&replaced, (void *)pc, MCOUNT_INSN_SIZE))
> -- 
> 2.20.1
> 
> 

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

^ permalink raw reply	[flat|nested] 102+ messages in thread

* Re: [PATCH 4.19 12/87] arm/ftrace: Fix BE text poking
  2020-03-05 13:49   ` Pavel Machek
@ 2020-03-05 14:53     ` Greg Kroah-Hartman
  0 siblings, 0 replies; 102+ messages in thread
From: Greg Kroah-Hartman @ 2020-03-05 14:53 UTC (permalink / raw)
  To: Pavel Machek
  Cc: linux-kernel, stable, Dmitry Osipenko, Peter Zijlstra (Intel),
	Ingo Molnar, Sasha Levin

On Thu, Mar 05, 2020 at 02:49:57PM +0100, Pavel Machek wrote:
> Hi!
> 
> > From: Peter Zijlstra <peterz@infradead.org>
> > 
> > [ Upstream commit be993e44badc448add6a18d6f12b20615692c4c3 ]
> > 
> > The __patch_text() function already applies __opcode_to_mem_*(), so
> > when __opcode_to_mem_*() is not the identity (BE*), it is applied
> > twice, wrecking the instruction.
> > 
> > Fixes: 42e51f187f86 ("arm/ftrace: Use __patch_text()")
> 
> I don't see 42e51f187f86 anywhere. Mainline contains
> 
> commit 5a735583b764750726621b0396d03e4782911b77
> Author: Peter Zijlstra <peterz@infradead.org>
> Date:   Tue Oct 15 21:07:35 2019 +0200
> 
>     arm/ftrace: Use __patch_text()
> 
> But that one is not present in 4.19, so perhaps we should not need
> this?

Good catch, I'll go drop this from everywhere.

I think Sasha has now fixed up his scripts to handle things when the
Fixes: tag does not point to a valid one.

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 102+ messages in thread

* [PATCH] drm/msm: fix leaks if initialization fails
  2020-03-04 17:18     ` Greg Kroah-Hartman
@ 2020-03-09 10:14       ` Pavel Machek
  2020-03-10 21:03         ` Doug Anderson
  0 siblings, 1 reply; 102+ messages in thread
From: Pavel Machek @ 2020-03-09 10:14 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: Pavel Machek, linux-kernel, stable, Stephen Boyd,
	Sai Prakash Ranjan, Rob Clark, Sean Paul, Douglas Anderson,
	Sasha Levin

[-- Attachment #1: Type: text/plain, Size: 943 bytes --]

We should free resources in unlikely case of allocation failure.
    
Signed-off-by: Pavel Machek <pavel@denx.de>

---

> Can you submit a patch to fix it?

Here it is.

Best regards,
								Pavel


diff --git a/drivers/gpu/drm/msm/msm_drv.c b/drivers/gpu/drm/msm/msm_drv.c
index 83a0000eecb3..f5c1495cc4b9 100644
--- a/drivers/gpu/drm/msm/msm_drv.c
+++ b/drivers/gpu/drm/msm/msm_drv.c
@@ -444,8 +444,10 @@ static int msm_drm_init(struct device *dev, struct drm_driver *drv)
 	if (!dev->dma_parms) {
 		dev->dma_parms = devm_kzalloc(dev, sizeof(*dev->dma_parms),
 					      GFP_KERNEL);
-		if (!dev->dma_parms)
-			return -ENOMEM;
+		if (!dev->dma_parms) {
+			ret = -ENOMEM;
+			goto err_msm_uninit;
+		}
 	}
 	dma_set_max_seg_size(dev, DMA_BIT_MASK(32));
 


-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

^ permalink raw reply	[flat|nested] 102+ messages in thread

* Re: [PATCH] drm/msm: fix leaks if initialization fails
  2020-03-09 10:14       ` [PATCH] drm/msm: fix leaks if initialization fails Pavel Machek
@ 2020-03-10 21:03         ` Doug Anderson
  0 siblings, 0 replies; 102+ messages in thread
From: Doug Anderson @ 2020-03-10 21:03 UTC (permalink / raw)
  To: Pavel Machek, Rob Clark, Sean Paul
  Cc: Greg Kroah-Hartman, LKML, # 4.0+,
	Stephen Boyd, Sai Prakash Ranjan, Sasha Levin

Hi,

On Mon, Mar 9, 2020 at 3:14 AM Pavel Machek <pavel@denx.de> wrote:
>
> We should free resources in unlikely case of allocation failure.
>
> Signed-off-by: Pavel Machek <pavel@denx.de>
>
> ---
>
> > Can you submit a patch to fix it?
>
> Here it is.
>
> Best regards,
>                                                                 Pavel
>
>
> diff --git a/drivers/gpu/drm/msm/msm_drv.c b/drivers/gpu/drm/msm/msm_drv.c
> index 83a0000eecb3..f5c1495cc4b9 100644
> --- a/drivers/gpu/drm/msm/msm_drv.c
> +++ b/drivers/gpu/drm/msm/msm_drv.c
> @@ -444,8 +444,10 @@ static int msm_drm_init(struct device *dev, struct drm_driver *drv)
>         if (!dev->dma_parms) {
>                 dev->dma_parms = devm_kzalloc(dev, sizeof(*dev->dma_parms),
>                                               GFP_KERNEL);
> -               if (!dev->dma_parms)
> -                       return -ENOMEM;
> +               if (!dev->dma_parms) {
> +                       ret = -ENOMEM;
> +                       goto err_msm_uninit;
> +               }
>         }
>         dma_set_max_seg_size(dev, DMA_BIT_MASK(32));

Looks good.  Error cases both above and below your "goto" both already
go to err_msm_uninit(), so it makes sense it would also be the
appropriate place for you to go to.  ...and no extra cleanup was
needed for dma_parms allocation since it was devm.  Thus:

Fixes: db735fc4036b ("drm/msm: Set dma maximum segment size for mdss")
Reviewed-by: Douglas Anderson <dianders@chromium.org>

Thanks for noticing and fixing!

-Doug

^ permalink raw reply	[flat|nested] 102+ messages in thread

end of thread, other threads:[~2020-03-10 21:04 UTC | newest]

Thread overview: 102+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-03 17:42 [PATCH 4.19 00/87] 4.19.108-stable review Greg Kroah-Hartman
2020-03-03 17:42 ` [PATCH 4.19 01/87] irqchip/gic-v3-its: Fix misuse of GENMASK macro Greg Kroah-Hartman
2020-03-03 17:42 ` [PATCH 4.19 02/87] iwlwifi: pcie: fix rb_allocator workqueue allocation Greg Kroah-Hartman
2020-03-03 17:42 ` [PATCH 4.19 03/87] ipmi:ssif: Handle a possible NULL pointer reference Greg Kroah-Hartman
2020-03-03 17:42 ` [PATCH 4.19 04/87] drm/msm: Set dma maximum segment size for mdss Greg Kroah-Hartman
2020-03-04 15:13   ` Pavel Machek
2020-03-04 17:18     ` Greg Kroah-Hartman
2020-03-09 10:14       ` [PATCH] drm/msm: fix leaks if initialization fails Pavel Machek
2020-03-10 21:03         ` Doug Anderson
2020-03-03 17:42 ` [PATCH 4.19 05/87] sched/core: Dont skip remote tick for idle CPUs Greg Kroah-Hartman
2020-03-04 15:15   ` Pavel Machek
2020-03-04 17:17     ` Greg Kroah-Hartman
2020-03-03 17:42 ` [PATCH 4.19 06/87] dax: pass NOWAIT flag to iomap_apply Greg Kroah-Hartman
2020-03-03 17:42 ` [PATCH 4.19 07/87] mac80211: consider more elements in parsing CRC Greg Kroah-Hartman
2020-03-03 17:42 ` [PATCH 4.19 08/87] cfg80211: check wiphy driver existence for drvinfo report Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 09/87] s390/zcrypt: fix card and queue total counter wrap Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 10/87] qmi_wwan: re-add DW5821e pre-production variant Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 11/87] qmi_wwan: unconditionally reject 2 ep interfaces Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 12/87] arm/ftrace: Fix BE text poking Greg Kroah-Hartman
2020-03-05 13:49   ` Pavel Machek
2020-03-05 14:53     ` Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 13/87] ARM: dts: sti: fixup sound frame-inversion for stihxxx-b2120.dtsi Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 14/87] soc/tegra: fuse: Fix build with Tegra194 configuration Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 15/87] net: ena: fix potential crash when rxfh key is NULL Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 16/87] net: ena: fix uses of round_jiffies() Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 17/87] net: ena: add missing ethtool TX timestamping indication Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 18/87] net: ena: fix incorrect default RSS key Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 19/87] net: ena: rss: fix failure to get indirection table Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 20/87] net: ena: rss: store hash function as values and not bits Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 21/87] net: ena: fix incorrectly saving queue numbers when setting RSS indirection table Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 22/87] net: ena: ethtool: use correct value for crc32 hash Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 23/87] net: ena: ena-com.c: prevent NULL pointer dereference Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 24/87] cifs: Fix mode output in debugging statements Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 25/87] bcache: ignore pending signals when creating gc and allocator thread Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 26/87] cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 27/87] sysrq: Restore original console_loglevel when sysrq disabled Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 28/87] sysrq: Remove duplicated sysrq message Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 29/87] net: fib_rules: Correctly set table field when table number exceeds 8 bits Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 30/87] net: mscc: fix in frame extraction Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 31/87] net: phy: restore mdio regs in the iproc mdio driver Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 32/87] net: sched: correct flower port blocking Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 33/87] nfc: pn544: Fix occasional HW initialization failure Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 34/87] sctp: move the format error check out of __sctp_sf_do_9_1_abort Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 35/87] ipv6: Fix route replacement with dev-only route Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 36/87] ipv6: Fix nlmsg_flags when splitting a multipath route Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 37/87] qede: Fix race between rdma destroy workqueue and link change event Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 38/87] net/tls: Fix to avoid gettig invalid tls record Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 39/87] ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 40/87] audit: fix error handling in audit_data_to_entry() Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 41/87] ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 42/87] ACPI: watchdog: Fix gas->access_width usage Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 43/87] KVM: VMX: check descriptor table exits on instruction emulation Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 44/87] HID: ite: Only bind to keyboard USB interface on Acer SW5-012 keyboard dock Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 45/87] HID: core: fix off-by-one memset in hid_report_raw_event() Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 46/87] HID: core: increase HID report buffer size to 8KiB Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 47/87] macintosh: therm_windtunnel: fix regression when instantiating devices Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 48/87] tracing: Disable trace_printk() on post poned tests Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 49/87] Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs" Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 50/87] amdgpu/gmc_v9: save/restore sdpif regs during S3 Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 51/87] vhost: Check docket sk_family instead of call getname Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 52/87] HID: alps: Fix an error handling path in alps_input_configured() Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 53/87] HID: hiddev: Fix race in in hiddev_disconnect() Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 54/87] MIPS: VPE: Fix a double free and a memory leak in release_vpe() Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 55/87] i2c: altera: Fix potential integer overflow Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 56/87] i2c: jz4780: silence log flood on txabrt Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 57/87] drm/i915/gvt: Fix orphan vgpu dmabuf_objs lifetime Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 58/87] drm/i915/gvt: Separate display reset from ALL_ENGINES reset Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 59/87] hv_netvsc: Fix unwanted wakeup in netvsc_attach() Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 60/87] usb: charger: assign specific number for enum value Greg Kroah-Hartman
2020-03-04 17:27   ` Pavel Machek
2020-03-04 17:39     ` Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 61/87] s390/qeth: vnicc Fix EOPNOTSUPP precedence Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 62/87] net: netlink: cap max groups which will be considered in netlink_bind() Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 63/87] net: atlantic: fix use after free kasan warn Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 64/87] net: atlantic: fix potential error handling Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 65/87] net/smc: no peer ID in CLC decline for SMCD Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 66/87] net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 67/87] namei: only return -ECHILD from follow_dotdot_rcu() Greg Kroah-Hartman
2020-03-03 17:43 ` [PATCH 4.19 68/87] mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame() Greg Kroah-Hartman
2020-03-03 17:44 ` [PATCH 4.19 69/87] mwifiex: delete unused mwifiex_get_intf_num() Greg Kroah-Hartman
2020-03-03 17:44 ` [PATCH 4.19 70/87] KVM: SVM: Override default MMIO mask if memory encryption is enabled Greg Kroah-Hartman
2020-03-03 17:44 ` [PATCH 4.19 71/87] KVM: Check for a bad hva before dropping into the ghc slow path Greg Kroah-Hartman
2020-03-03 17:44 ` [PATCH 4.19 72/87] sched/fair: Optimize update_blocked_averages() Greg Kroah-Hartman
2020-03-03 17:44 ` [PATCH 4.19 73/87] sched/fair: Fix O(nr_cgroups) in the load balancing path Greg Kroah-Hartman
2020-03-03 17:44 ` [PATCH 4.19 74/87] perf stat: Use perf_evsel__is_clocki() for clock events Greg Kroah-Hartman
2020-03-03 17:44 ` [PATCH 4.19 75/87] perf stat: Fix shadow stats " Greg Kroah-Hartman
2020-03-03 17:44 ` [PATCH 4.19 76/87] drivers: net: xgene: Fix the order of the arguments of alloc_etherdev_mqs() Greg Kroah-Hartman
2020-03-03 17:44 ` [PATCH 4.19 77/87] kprobes: Set unoptimized flag after unoptimizing code Greg Kroah-Hartman
2020-03-03 17:44 ` [PATCH 4.19 78/87] pwm: omap-dmtimer: put_device() after of_find_device_by_node() Greg Kroah-Hartman
2020-03-03 17:44 ` [PATCH 4.19 79/87] perf hists browser: Restore ESC as "Zoom out" of DSO/thread/etc Greg Kroah-Hartman
2020-03-03 17:44 ` [PATCH 4.19 80/87] KVM: x86: Remove spurious kvm_mmu_unload() from vcpu destruction path Greg Kroah-Hartman
2020-03-03 17:44 ` [PATCH 4.19 81/87] KVM: x86: Remove spurious clearing of async #PF MSR Greg Kroah-Hartman
2020-03-03 17:44 ` [PATCH 4.19 82/87] thermal: brcmstb_thermal: Do not use DT coefficients Greg Kroah-Hartman
2020-03-03 17:44 ` [PATCH 4.19 83/87] netfilter: nft_tunnel: no need to call htons() when dumping ports Greg Kroah-Hartman
2020-03-03 17:44 ` [PATCH 4.19 84/87] netfilter: nf_flowtable: fix documentation Greg Kroah-Hartman
2020-03-03 17:44 ` [PATCH 4.19 85/87] padata: always acquire cpu_hotplug_lock before pinst->lock Greg Kroah-Hartman
2020-03-03 17:44 ` [PATCH 4.19 86/87] mm/huge_memory.c: use head to check huge zero page Greg Kroah-Hartman
2020-03-03 17:44 ` [PATCH 4.19 87/87] mm, thp: fix defrag setting if newline is not used Greg Kroah-Hartman
2020-03-03 22:10 ` [PATCH 4.19 00/87] 4.19.108-stable review Jon Hunter
2020-03-03 23:18 ` shuah
2020-03-04  7:09 ` Naresh Kamboju
2020-03-04 16:52 ` Guenter Roeck

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).