1. 16 Jul, 2020 9 commits
  2. 15 Jul, 2020 7 commits
  3. 14 Jul, 2020 1 commit
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · e9919e11
      Linus Torvalds authored
      Pull input fixes from Dmitry Torokhov:
       "A few quirks for the Elan touchpad driver, another Thinkpad is being
        switched over from PS/2 to native RMI4 interface, and we gave a brand
        new SW_MACHINE_COVER switch definition"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
        Input: elan_i2c - add more hardware ID for Lenovo laptops
        Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list
        Revert "Input: elants_i2c - report resolution information for touch major"
        Input: elan_i2c - only increment wakeup count on touch
        Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen
        ARM: dts: n900: remove mmc1 card detect gpio
        Input: add `SW_MACHINE_COVER`
      e9919e11
  4. 13 Jul, 2020 2 commits
    • Linus Torvalds's avatar
      Merge tag 'iommu-fixes-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu · 0dc589da
      Linus Torvalds authored
      Pull iommu fixes from Joerg Roedel:
      
       - Fix a use-after-free of the device iommu-group. Found in the arm-smmu
         driver, but the fix is in generic code.
      
       - Fix for the new Allwinner IOMMU driver to use the atomic
         readl_timeout() variant in IO/TLB flushing code.
      
       - A couple of cleanups to fix various compile warnings.
      
      * tag 'iommu-fixes-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
        iommu/arm-smmu: Mark qcom_smmu_client_of_match as possibly unused
        iommu: Fix use-after-free in iommu_release_device
        iommu/amd: Make amd_iommu_apply_ivrs_quirks() static inline
        iommu: SUN50I_IOMMU should depend on HAS_DMA
        iommu/sun50i: Remove unused variable
        iommu/sun50i: Change the readl timeout to the atomic variant
      0dc589da
    • Linus Torvalds's avatar
      mm: document warning in move_normal_pmd() and make it warn only once · f81fdd0c
      Linus Torvalds authored
      Naresh Kamboju reported that the LTP tests can cause warnings on i386
      going back all the way to v5.0, and bisected it to commit 2c91bd4a
      ("mm: speed up mremap by 20x on large regions").
      
      The warning in move_normal_pmd() is actually mostly correct, but we have
      a very unusual special case at process creation time, when we may move
      the stack down with an overlapping mode (kind of like a "memmove()"
      except using the page tables).
      
      And when you have just the right condition of "move a large initial
      stack by the right alignment in the end, but with the early part of the
      move being only page-aligned", we'll be in a situation where we're
      trying to move a normal PMD entry on top of an already existing - but
      now empty - PMD entry.
      
      The warning is still worth having, in case it ever triggers other cases,
      and perhaps as a reminder that we could do the stack move case more
      efficiently (although it's clearly rare enough that it probably doesn't
      matter).
      
      But make it do WARN_ON_ONCE(), so that you can't flood the logs with it.
      
      And add a *big* comment above it to explain and remind us what's going
      on, because it took some figuring out to see how this could trigger.
      Kudos to Joel Fernandes for debugging this.
      Reported-by: default avatarNaresh Kamboju <naresh.kamboju@linaro.org>
      Debugged-and-acked-by: default avatarJoel Fernandes <joel@joelfernandes.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Kirill A. Shutemov <kirill@shutemov.name>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      f81fdd0c
  5. 12 Jul, 2020 8 commits
  6. 11 Jul, 2020 9 commits
  7. 10 Jul, 2020 4 commits
    • Nathan Chancellor's avatar
      mips: Remove compiler check in unroll macro · 9321f1aa
      Nathan Chancellor authored
      CONFIG_CC_IS_GCC is undefined when Clang is used, which breaks the build
      (see our Travis link below).
      
      Clang 8 was chosen as a minimum version for this check because there
      were some improvements around __builtin_constant_p in that release. In
      reality, MIPS was not even buildable until clang 9 so that check was not
      technically necessary. Just remove all compiler checks and just assume
      that we have a working compiler.
      
      Fixes: d4e60453 ("Restore gcc check in mips asm/unroll.h")
      Link: https://travis-ci.com/github/ClangBuiltLinux/continuous-integration/jobs/359642821Signed-off-by: default avatarNathan Chancellor <natechancellor@gmail.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9321f1aa
    • David S. Miller's avatar
      Merge branch 'mlxsw-Various-fixes' · 1195c7ce
      David S. Miller authored
      Ido Schimmel says:
      
      ====================
      mlxsw: Various fixes
      
      Fix two issues found by syzkaller.
      
      Patch #1 removes inappropriate usage of WARN_ON() following memory
      allocation failure. Constantly triggered when syzkaller injects faults.
      
      Patch #2 fixes a use-after-free that can be triggered by 'devlink dev
      info' following a failed devlink reload.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1195c7ce
    • Ido Schimmel's avatar
      mlxsw: pci: Fix use-after-free in case of failed devlink reload · c4317b11
      Ido Schimmel authored
      In case devlink reload failed, it is possible to trigger a
      use-after-free when querying the kernel for device info via 'devlink dev
      info' [1].
      
      This happens because as part of the reload error path the PCI command
      interface is de-initialized and its mailboxes are freed. When the
      devlink '->info_get()' callback is invoked the device is queried via the
      command interface and the freed mailboxes are accessed.
      
      Fix this by initializing the command interface once during probe and not
      during every reload.
      
      This is consistent with the other bus used by mlxsw (i.e., 'mlxsw_i2c')
      and also allows user space to query the running firmware version (for
      example) from the device after a failed reload.
      
      [1]
      BUG: KASAN: use-after-free in memcpy include/linux/string.h:406 [inline]
      BUG: KASAN: use-after-free in mlxsw_pci_cmd_exec+0x177/0xa60 drivers/net/ethernet/mellanox/mlxsw/pci.c:1675
      Write of size 4096 at addr ffff88810ae32000 by task syz-executor.1/2355
      
      CPU: 1 PID: 2355 Comm: syz-executor.1 Not tainted 5.8.0-rc2+ #29
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014
      Call Trace:
       __dump_stack lib/dump_stack.c:77 [inline]
       dump_stack+0xf6/0x16e lib/dump_stack.c:118
       print_address_description.constprop.0+0x1c/0x250 mm/kasan/report.c:383
       __kasan_report mm/kasan/report.c:513 [inline]
       kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530
       check_memory_region_inline mm/kasan/generic.c:186 [inline]
       check_memory_region+0x14e/0x1b0 mm/kasan/generic.c:192
       memcpy+0x39/0x60 mm/kasan/common.c:106
       memcpy include/linux/string.h:406 [inline]
       mlxsw_pci_cmd_exec+0x177/0xa60 drivers/net/ethernet/mellanox/mlxsw/pci.c:1675
       mlxsw_cmd_exec+0x249/0x550 drivers/net/ethernet/mellanox/mlxsw/core.c:2335
       mlxsw_cmd_access_reg drivers/net/ethernet/mellanox/mlxsw/cmd.h:859 [inline]
       mlxsw_core_reg_access_cmd drivers/net/ethernet/mellanox/mlxsw/core.c:1938 [inline]
       mlxsw_core_reg_access+0x2f6/0x540 drivers/net/ethernet/mellanox/mlxsw/core.c:1985
       mlxsw_reg_query drivers/net/ethernet/mellanox/mlxsw/core.c:2000 [inline]
       mlxsw_devlink_info_get+0x17f/0x6e0 drivers/net/ethernet/mellanox/mlxsw/core.c:1090
       devlink_nl_info_fill.constprop.0+0x13c/0x2d0 net/core/devlink.c:4588
       devlink_nl_cmd_info_get_dumpit+0x246/0x460 net/core/devlink.c:4648
       genl_lock_dumpit+0x85/0xc0 net/netlink/genetlink.c:575
       netlink_dump+0x515/0xe50 net/netlink/af_netlink.c:2245
       __netlink_dump_start+0x53d/0x830 net/netlink/af_netlink.c:2353
       genl_family_rcv_msg_dumpit.isra.0+0x296/0x300 net/netlink/genetlink.c:638
       genl_family_rcv_msg net/netlink/genetlink.c:733 [inline]
       genl_rcv_msg+0x78d/0x9d0 net/netlink/genetlink.c:753
       netlink_rcv_skb+0x152/0x440 net/netlink/af_netlink.c:2469
       genl_rcv+0x24/0x40 net/netlink/genetlink.c:764
       netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
       netlink_unicast+0x53a/0x750 net/netlink/af_netlink.c:1329
       netlink_sendmsg+0x850/0xd90 net/netlink/af_netlink.c:1918
       sock_sendmsg_nosec net/socket.c:652 [inline]
       sock_sendmsg+0x150/0x190 net/socket.c:672
       ____sys_sendmsg+0x6d8/0x840 net/socket.c:2363
       ___sys_sendmsg+0xff/0x170 net/socket.c:2417
       __sys_sendmsg+0xe5/0x1b0 net/socket.c:2450
       do_syscall_64+0x56/0xa0 arch/x86/entry/common.c:359
       entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      Fixes: a9c8336f ("mlxsw: core: Add support for devlink info command")
      Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Reviewed-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c4317b11
    • Ido Schimmel's avatar
      mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() · d9d54202
      Ido Schimmel authored
      We should not trigger a warning when a memory allocation fails. Remove
      the WARN_ON().
      
      The warning is constantly triggered by syzkaller when it is injecting
      faults:
      
      [ 2230.758664] FAULT_INJECTION: forcing a failure.
      [ 2230.758664] name failslab, interval 1, probability 0, space 0, times 0
      [ 2230.762329] CPU: 3 PID: 1407 Comm: syz-executor.0 Not tainted 5.8.0-rc2+ #28
      ...
      [ 2230.898175] WARNING: CPU: 3 PID: 1407 at drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c:6265 mlxsw_sp_router_fib_event+0xfad/0x13e0
      [ 2230.898179] Kernel panic - not syncing: panic_on_warn set ...
      [ 2230.898183] CPU: 3 PID: 1407 Comm: syz-executor.0 Not tainted 5.8.0-rc2+ #28
      [ 2230.898190] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014
      
      Fixes: 3057224e ("mlxsw: spectrum_router: Implement FIB offload in deferred work")
      Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Reviewed-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d9d54202