1. 27 Aug, 2019 10 commits
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-5.3-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs · 9e8312f5
      Linus Torvalds authored
      Pull NFS client bugfixes from Trond Myklebust:
       "Highlights include:
      
        Stable fixes:
      
         - Fix a page lock leak in nfs_pageio_resend()
      
         - Ensure O_DIRECT reports an error if the bytes read/written is 0
      
         - Don't handle errors if the bind/connect succeeded
      
         - Revert "NFSv4/flexfiles: Abort I/O early if the layout segment was
           invalidat ed"
      
        Bugfixes:
      
         - Don't refresh attributes with mounted-on-file information
      
         - Fix return values for nfs4_file_open() and nfs_finish_open()
      
         - Fix pnfs layoutstats reporting of I/O errors
      
         - Don't use soft RPC calls for pNFS/flexfiles I/O, and don't abort
           for soft I/O errors when the user specifies a hard mount.
      
         - Various fixes to the error handling in sunrpc
      
         - Don't report writepage()/writepages() errors twice"
      
      * tag 'nfs-for-5.3-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
        NFS: remove set but not used variable 'mapping'
        NFSv2: Fix write regression
        NFSv2: Fix eof handling
        NFS: Fix writepage(s) error handling to not report errors twice
        NFS: Fix spurious EIO read errors
        pNFS/flexfiles: Don't time out requests on hard mounts
        SUNRPC: Handle connection breakages correctly in call_status()
        Revert "NFSv4/flexfiles: Abort I/O early if the layout segment was invalidated"
        SUNRPC: Handle EADDRINUSE and ENOBUFS correctly
        pNFS/flexfiles: Turn off soft RPC calls
        SUNRPC: Don't handle errors if the bind/connect succeeded
        NFS: On fatal writeback errors, we need to call nfs_inode_remove_request()
        NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
        NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0
        NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend()
        NFSv4: Fix return value in nfs_finish_open()
        NFSv4: Fix return values for nfs4_file_open()
        NFS: Don't refresh attributes with mounted-on-file information
      9e8312f5
    • Linus Torvalds's avatar
      Merge tag 'arc-5.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc · 6525771f
      Linus Torvalds authored
      Pull ARC updates from Vineet Gupta:
      
       - support for Edge Triggered IRQs in ARC IDU intc
      
       - other fixes here and there
      
      * tag 'arc-5.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
        arc: prefer __section from compiler_attributes.h
        dt-bindings: IDU-intc: Add support for edge-triggered interrupts
        dt-bindings: IDU-intc: Clean up documentation
        ARCv2: IDU-intc: Add support for edge-triggered interrupts
        ARC: unwind: Mark expected switch fall-throughs
        ARC: [plat-hsdk]: allow to switch between AXI DMAC port configurations
        ARC: fix typo in setup_dma_ops log message
        ARCv2: entry: early return from exception need not clear U & DE bits
      6525771f
    • Linus Torvalds's avatar
      Merge tag 'mfd-fixes-5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd · 8d645408
      Linus Torvalds authored
      Pull MFD fix from Lee Jones:
       "Identify potentially unused functions in rk808 driver when !PM"
      
      * tag 'mfd-fixes-5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd:
        mfd: rk808: Make PM function declaration static
        mfd: rk808: Mark pm functions __maybe_unused
      8d645408
    • Linus Torvalds's avatar
      Merge tag 'sound-5.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 0004654f
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "A collection of small fixes as usual:
      
         - More coverage of USB-audio descriptor sanity checks
      
         - A fix for mute LED regression on Conexant HD-audio codecs
      
         - A few device-specific fixes and quirks for USB-audio and HD-audio
      
         - A fix for (die-hard remaining) possible race in sequencer core
      
         - FireWire oxfw regression fix that was introduced in 5.3-rc1"
      
      * tag 'sound-5.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
        ALSA: oxfw: fix to handle correct stream for PCM playback
        ALSA: seq: Fix potential concurrent access to the deleted pool
        ALSA: usb-audio: Check mixer unit bitmap yet more strictly
        ALSA: line6: Fix memory leak at line6_init_pcm() error path
        ALSA: usb-audio: Fix invalid NULL check in snd_emuusb_set_samplerate()
        ALSA: hda/ca0132 - Add new SBZ quirk
        ALSA: usb-audio: Add implicit fb quirk for Behringer UFX1604
        ALSA: hda - Fixes inverted Conexant GPIO mic mute led
      0004654f
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 452a0444
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Use 32-bit index for tails calls in s390 bpf JIT, from Ilya
          Leoshkevich.
      
       2) Fix missed EPOLLOUT events in TCP, from Eric Dumazet. Same fix for
          SMC from Jason Baron.
      
       3) ipv6_mc_may_pull() should return 0 for malformed packets, not
          -EINVAL. From Stefano Brivio.
      
       4) Don't forget to unpin umem xdp pages in error path of
          xdp_umem_reg(). From Ivan Khoronzhuk.
      
       5) Fix sta object leak in mac80211, from Johannes Berg.
      
       6) Fix regression by not configuring PHYLINK on CPU port of bcm_sf2
          switches. From Florian Fainelli.
      
       7) Revert DMA sync removal from r8169 which was causing regressions on
          some MIPS Loongson platforms. From Heiner Kallweit.
      
       8) Use after free in flow dissector, from Jakub Sitnicki.
      
       9) Fix NULL derefs of net devices during ICMP processing across
          collect_md tunnels, from Hangbin Liu.
      
      10) proto_register() memory leaks, from Zhang Lin.
      
      11) Set NLM_F_MULTI flag in multipart netlink messages consistently,
          from John Fastabend.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (66 commits)
        r8152: Set memory to all 0xFFs on failed reg reads
        openvswitch: Fix conntrack cache with timeout
        ipv4: mpls: fix mpls_xmit for iptunnel
        nexthop: Fix nexthop_num_path for blackhole nexthops
        net: rds: add service level support in rds-info
        net: route dump netlink NLM_F_MULTI flag missing
        s390/qeth: reject oversized SNMP requests
        sock: fix potential memory leak in proto_register()
        MAINTAINERS: Add phylink keyword to SFF/SFP/SFP+ MODULE SUPPORT
        xfrm/xfrm_policy: fix dst dev null pointer dereference in collect_md mode
        ipv4/icmp: fix rt dst dev null pointer dereference
        openvswitch: Fix log message in ovs conntrack
        bpf: allow narrow loads of some sk_reuseport_md fields with offset > 0
        bpf: fix use after free in prog symbol exposure
        bpf: fix precision tracking in presence of bpf2bpf calls
        flow_dissector: Fix potential use-after-free on BPF_PROG_DETACH
        Revert "r8169: remove not needed call to dma_sync_single_for_device"
        ipv6: propagate ipv6_add_dev's error returns out of ipv6_find_idev
        net/ncsi: Fix the payload copying for the request coming from Netlink
        qed: Add cleanup in qed_slowpath_start()
        ...
      452a0444
    • YueHaibing's avatar
      NFS: remove set but not used variable 'mapping' · 99300a85
      YueHaibing authored
      Fixes gcc '-Wunused-but-set-variable' warning:
      
      fs/nfs/write.c: In function nfs_page_async_flush:
      fs/nfs/write.c:609:24: warning: variable mapping set but not used [-Wunused-but-set-variable]
      
      It is not use since commit aefb623c422e ("NFS: Fix
      writepage(s) error handling to not report errors twice")
      Reported-by: default avatarHulk Robot <hulkci@huawei.com>
      Signed-off-by: default avatarYueHaibing <yuehaibing@huawei.com>
      Signed-off-by: default avatarTrond Myklebust <trond.myklebust@hammerspace.com>
      99300a85
    • Trond Myklebust's avatar
      NFSv2: Fix write regression · d33d4beb
      Trond Myklebust authored
      Ensure we update the write result count on success, since the
      RPC call itself does not do so.
      Reported-by: default avatarJan Stancek <jstancek@redhat.com>
      Reported-by: default avatarNaresh Kamboju <naresh.kamboju@linaro.org>
      Signed-off-by: default avatarTrond Myklebust <trond.myklebust@hammerspace.com>
      Tested-by: default avatarJan Stancek <jstancek@redhat.com>
      d33d4beb
    • Trond Myklebust's avatar
      NFSv2: Fix eof handling · 71affe9b
      Trond Myklebust authored
      If we received a reply from the server with a zero length read and
      no error, then that implies we are at eof.
      Signed-off-by: default avatarTrond Myklebust <trond.myklebust@hammerspace.com>
      71affe9b
    • Lee Jones's avatar
      mfd: rk808: Make PM function declaration static · 4d82fa67
      Lee Jones authored
      Avoids:
        ../drivers/mfd/rk808.c:771:1: warning: symbol 'rk8xx_pm_ops' \
          was not declared. Should it be static?
      
      Fixes: 5752bc43 ("mfd: rk808: Mark pm functions __maybe_unused")
      Reviewed-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarLee Jones <lee.jones@linaro.org>
      4d82fa67
    • Arnd Bergmann's avatar
      mfd: rk808: Mark pm functions __maybe_unused · 5752bc43
      Arnd Bergmann authored
      The newly added suspend/resume functions are only used if CONFIG_PM
      is enabled:
      
      drivers/mfd/rk808.c:752:12: error: 'rk8xx_resume' defined but not used [-Werror=unused-function]
      drivers/mfd/rk808.c:732:12: error: 'rk8xx_suspend' defined but not used [-Werror=unused-function]
      
      Mark them as __maybe_unused so the compiler can silently drop them
      when they are not needed.
      
      Fixes: 586c1b41 ("mfd: rk808: Add RK817 and RK809 support")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarLee Jones <lee.jones@linaro.org>
      5752bc43
  2. 26 Aug, 2019 14 commits
  3. 25 Aug, 2019 16 commits
    • Yi-Hung Wei's avatar
      openvswitch: Fix conntrack cache with timeout · 71778951
      Yi-Hung Wei authored
      This patch addresses a conntrack cache issue with timeout policy.
      Currently, we do not check if the timeout extension is set properly in the
      cached conntrack entry.  Thus, after packet recirculate from conntrack
      action, the timeout policy is not applied properly.  This patch fixes the
      aforementioned issue.
      
      Fixes: 06bd2bdf ("openvswitch: Add timeout support to ct action")
      Reported-by: default avatarkbuild test robot <lkp@intel.com>
      Signed-off-by: default avatarYi-Hung Wei <yihung.wei@gmail.com>
      Acked-by: default avatarPravin B Shelar <pshelar@ovn.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      71778951
    • Alexey Kodanev's avatar
      ipv4: mpls: fix mpls_xmit for iptunnel · 803f3e22
      Alexey Kodanev authored
      When using mpls over gre/gre6 setup, rt->rt_gw4 address is not set, the
      same for rt->rt_gw_family.  Therefore, when rt->rt_gw_family is checked
      in mpls_xmit(), neigh_xmit() call is skipped. As a result, such setup
      doesn't work anymore.
      
      This issue was found with LTP mpls03 tests.
      
      Fixes: 1550c171 ("ipv4: Prepare rtable for IPv6 gateway")
      Signed-off-by: default avatarAlexey Kodanev <alexey.kodanev@oracle.com>
      Reviewed-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      803f3e22
    • David Ahern's avatar
      nexthop: Fix nexthop_num_path for blackhole nexthops · 9b5f6841
      David Ahern authored
      Donald reported this sequence:
        ip next add id 1 blackhole
        ip next add id 2 blackhole
        ip ro add 1.1.1.1/32 nhid 1
        ip ro add 1.1.1.2/32 nhid 2
      
      would cause a crash. Backtrace is:
      
      [  151.302790] general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI
      [  151.304043] CPU: 1 PID: 277 Comm: ip Not tainted 5.3.0-rc5+ #37
      [  151.305078] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.1-1 04/01/2014
      [  151.306526] RIP: 0010:fib_add_nexthop+0x8b/0x2aa
      [  151.307343] Code: 35 f7 81 48 8d 14 01 c7 02 f1 f1 f1 f1 c7 42 04 01 f4 f4 f4 48 89 f2 48 c1 ea 03 65 48 8b 0c 25 28 00 00 00 48 89 4d d0 31 c9 <80> 3c 02 00 74 08 48 89 f7 e8 1a e8 53 ff be 08 00 00 00 4c 89 e7
      [  151.310549] RSP: 0018:ffff888116c27340 EFLAGS: 00010246
      [  151.311469] RAX: dffffc0000000000 RBX: ffff8881154ece00 RCX: 0000000000000000
      [  151.312713] RDX: 0000000000000004 RSI: 0000000000000020 RDI: ffff888115649b40
      [  151.313968] RBP: ffff888116c273d8 R08: ffffed10221e3757 R09: ffff888110f1bab8
      [  151.315212] R10: 0000000000000001 R11: ffff888110f1bab3 R12: ffff888115649b40
      [  151.316456] R13: 0000000000000020 R14: ffff888116c273b0 R15: ffff888115649b40
      [  151.317707] FS:  00007f60b4d8d800(0000) GS:ffff88811ac00000(0000) knlGS:0000000000000000
      [  151.319113] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  151.320119] CR2: 0000555671ffdc00 CR3: 00000001136ba005 CR4: 0000000000020ee0
      [  151.321367] Call Trace:
      [  151.321820]  ? fib_nexthop_info+0x635/0x635
      [  151.322572]  fib_dump_info+0xaa4/0xde0
      [  151.323247]  ? fib_create_info+0x2431/0x2431
      [  151.324008]  ? napi_alloc_frag+0x2a/0x2a
      [  151.324711]  rtmsg_fib+0x2c4/0x3be
      [  151.325339]  fib_table_insert+0xe2f/0xeee
      ...
      
      fib_dump_info incorrectly has nhs = 0 for blackhole nexthops, so it
      believes the nexthop object is a multipath group (nhs != 1) and ends
      up down the nexthop_mpath_fill_node() path which is wrong for a
      blackhole.
      
      The blackhole check in nexthop_num_path is leftover from early days
      of the blackhole implementation which did not initialize the device.
      In the end the design was simpler (fewer special case checks) to set
      the device to loopback in nh_info, so the check in nexthop_num_path
      should have been removed.
      
      Fixes: 430a0491 ("nexthop: Add support for nexthop groups")
      Reported-by: default avatarDonald Sharp <sharpd@cumulusnetworks.com>
      Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9b5f6841
    • Linus Torvalds's avatar
      Linux 5.3-rc6 · a55aa89a
      Linus Torvalds authored
      a55aa89a
    • Linus Torvalds's avatar
      Merge tag 'auxdisplay-for-linus-v5.3-rc7' of git://github.com/ojeda/linux · c749088f
      Linus Torvalds authored
      Pull auxdisplay cleanup from Miguel Ojeda:
       "Make ht16k33_fb_fix and ht16k33_fb_var constant (Nishka Dasgupta)"
      
      * tag 'auxdisplay-for-linus-v5.3-rc7' of git://github.com/ojeda/linux:
        auxdisplay: ht16k33: Make ht16k33_fb_fix and ht16k33_fb_var constant
      c749088f
    • Linus Torvalds's avatar
      Merge tag 'for-linus-5.3-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml · 32ae83ff
      Linus Torvalds authored
      Pull UML fix from Richard Weinberger:
       "Fix time travel mode"
      
      * tag 'for-linus-5.3-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml:
        um: fix time travel mode
      32ae83ff
    • Linus Torvalds's avatar
      Merge tag 'for-linus-5.3-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs · 94a76d9b
      Linus Torvalds authored
      Pull UBIFS and JFFS2 fixes from Richard Weinberger:
       "UBIFS:
         - Don't block too long in writeback_inodes_sb()
         - Fix for a possible overrun of the log head
         - Fix double unlock in orphan_delete()
      
        JFFS2:
         - Remove C++ style from UAPI header and unbreak picky toolchains"
      
      * tag 'for-linus-5.3-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs:
        ubifs: Limit the number of pages in shrink_liability
        ubifs: Correctly initialize c->min_log_bytes
        ubifs: Fix double unlock around orphan_delete()
        jffs2: Remove C++ style comments from uapi header
      94a76d9b
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 146c3d32
      Linus Torvalds authored
      Pull x86 fixes from Thomas Gleixner:
       "A few fixes for x86:
      
         - Fix a boot regression caused by the recent bootparam sanitizing
           change, which escaped the attention of all people who reviewed that
           code.
      
         - Address a boot problem on machines with broken E820 tables caused
           by an underflow which ended up placing the trampoline start at
           physical address 0.
      
         - Handle machines which do not advertise a legacy timer of any form,
           but need calibration of the local APIC timer gracefully by making
           the calibration routine independent from the tick interrupt. Marked
           for stable as well as there seems to be quite some new laptops
           rolled out which expose this.
      
         - Clear the RDRAND CPUID bit on AMD family 15h and 16h CPUs which are
           affected by broken firmware which does not initialize RDRAND
           correctly after resume. Add a command line parameter to override
           this for machine which either do not use suspend/resume or have a
           fixed BIOS. Unfortunately there is no way to detect this on boot,
           so the only safe decision is to turn it off by default.
      
         - Prevent RFLAGS from being clobbers in CALL_NOSPEC on 32bit which
           caused fast KVM instruction emulation to break.
      
         - Explain the Intel CPU model naming convention so that the repeating
           discussions come to an end"
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386
        x86/boot: Fix boot regression caused by bootparam sanitizing
        x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h
        x86/boot/compressed/64: Fix boot on machines with broken E820 table
        x86/apic: Handle missing global clockevent gracefully
        x86/cpu: Explain Intel model naming convention
      146c3d32
    • Linus Torvalds's avatar
      Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 5a13fc3d
      Linus Torvalds authored
      Pull timekeeping fix from Thomas Gleixner:
       "A single fix for a regression caused by the generic VDSO
        implementation where a math overflow causes CLOCK_BOOTTIME to become a
        random number generator"
      
      * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        timekeeping/vsyscall: Prevent math overflow in BOOTTIME update
      5a13fc3d
    • Linus Torvalds's avatar
      Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 8a04c2ee
      Linus Torvalds authored
      Pull scheduler fix from Thomas Gleixner:
       "Handle the worker management in situations where a task is scheduled
        out on a PI lock contention correctly and schedule a new worker if
        possible"
      
      * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/core: Schedule new worker even if PI-blocked
      8a04c2ee
    • Linus Torvalds's avatar
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 05bbb936
      Linus Torvalds authored
      Pull perf fixes from Thomas Gleixner:
       "Two small fixes for kprobes and perf:
      
         - Prevent a deadlock in kprobe_optimizer() causes by reverse lock
           ordering
      
         - Fix a comment typo"
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        kprobes: Fix potential deadlock in kprobe_optimizer()
        perf/x86: Fix typo in comment
      05bbb936
    • Linus Torvalds's avatar
      Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 44c471e4
      Linus Torvalds authored
      Pull irq fix from Thomas Gleixner:
       "A single fix for a imbalanced kobject operation in the irq decriptor
        code which was unearthed by the new warnings in the kobject code"
      
      * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        genirq: Properly pair kobject_del() with kobject_add()
      44c471e4
    • Linus Torvalds's avatar
      Merge branch 'akpm' (patches from Andrew) · f47edb59
      Linus Torvalds authored
      Mergr misc fixes from Andrew Morton:
       "11 fixes"
      
      Mostly VM fixes, one psi polling fix, and one parisc build fix.
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        mm/kasan: fix false positive invalid-free reports with CONFIG_KASAN_SW_TAGS=y
        mm/zsmalloc.c: fix race condition in zs_destroy_pool
        mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely
        mm, page_owner: handle THP splits correctly
        userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx
        psi: get poll_work to run when calling poll syscall next time
        mm: memcontrol: flush percpu vmevents before releasing memcg
        mm: memcontrol: flush percpu vmstats before releasing memcg
        parisc: fix compilation errrors
        mm, page_alloc: move_freepages should not examine struct page of reserved memory
        mm/z3fold.c: fix race between migration and destruction
      f47edb59
    • Takashi Iwai's avatar
      ALSA: seq: Fix potential concurrent access to the deleted pool · 75545304
      Takashi Iwai authored
      The input pool of a client might be deleted via the resize ioctl, the
      the access to it should be covered by the proper locks.  Currently the
      only missing place is the call in snd_seq_ioctl_get_client_pool(), and
      this patch papers over it.
      
      Reported-by: syzbot+4a75454b9ca2777f35c7@syzkaller.appspotmail.com
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      75545304
    • Linus Torvalds's avatar
      Merge tag 'dma-mapping-5.3-5' of git://git.infradead.org/users/hch/dma-mapping · e67095fd
      Linus Torvalds authored
      Pull dma-mapping fixes from Christoph Hellwig:
       "Two fixes for regressions in this merge window:
      
         - select the Kconfig symbols for the noncoherent dma arch helpers on
           arm if swiotlb is selected, not just for LPAE to not break then Xen
           build, that uses swiotlb indirectly through swiotlb-xen
      
         - fix the page allocator fallback in dma_alloc_contiguous if the CMA
           allocation fails"
      
      * tag 'dma-mapping-5.3-5' of git://git.infradead.org/users/hch/dma-mapping:
        dma-direct: fix zone selection after an unaddressable CMA allocation
        arm: select the dma-noncoherent symbols for all swiotlb builds
      e67095fd
    • Andrey Ryabinin's avatar
      mm/kasan: fix false positive invalid-free reports with CONFIG_KASAN_SW_TAGS=y · 00fb24a4
      Andrey Ryabinin authored
      The code like this:
      
      	ptr = kmalloc(size, GFP_KERNEL);
      	page = virt_to_page(ptr);
      	offset = offset_in_page(ptr);
      	kfree(page_address(page) + offset);
      
      may produce false-positive invalid-free reports on the kernel with
      CONFIG_KASAN_SW_TAGS=y.
      
      In the example above we lose the original tag assigned to 'ptr', so
      kfree() gets the pointer with 0xFF tag.  In kfree() we check that 0xFF
      tag is different from the tag in shadow hence print false report.
      
      Instead of just comparing tags, do the following:
      
      1) Check that shadow doesn't contain KASAN_TAG_INVALID.  Otherwise it's
         double-free and it doesn't matter what tag the pointer have.
      
      2) If pointer tag is different from 0xFF, make sure that tag in the
         shadow is the same as in the pointer.
      
      Link: http://lkml.kernel.org/r/20190819172540.19581-1-aryabinin@virtuozzo.com
      Fixes: 7f94ffbc ("kasan: add hooks implementation for tag-based mode")
      Signed-off-by: default avatarAndrey Ryabinin <aryabinin@virtuozzo.com>
      Reported-by: default avatarWalter Wu <walter-zh.wu@mediatek.com>
      Reported-by: default avatarMark Rutland <mark.rutland@arm.com>
      Reviewed-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      00fb24a4