1. 17 Sep, 2021 1 commit
    • Johan Hovold's avatar
      net: hso: fix muxed tty registration · e8f69b16
      Johan Hovold authored
      If resource allocation and registration fail for a muxed tty device
      (e.g. if there are no more minor numbers) the driver should not try to
      deregister the never-registered (or already-deregistered) tty.
      
      Fix up the error handling to avoid dereferencing a NULL pointer when
      attempting to remove the character device.
      
      Fixes: 72dc1c09 ("HSO: add option hso driver")
      Cc: stable@vger.kernel.org	# 2.6.27
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e8f69b16
  2. 16 Sep, 2021 16 commits
    • Linus Torvalds's avatar
      Merge tag 'net-5.15-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · fc0c0548
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Including fixes from bpf.
      
        Current release - regressions:
      
         - vhost_net: fix OoB on sendmsg() failure
      
         - mlx5: bridge, fix uninitialized variable usage
      
         - bnxt_en: fix error recovery regression
      
        Current release - new code bugs:
      
         - bpf, mm: fix lockdep warning triggered by stack_map_get_build_id_offset()
      
        Previous releases - regressions:
      
         - r6040: restore MDIO clock frequency after MAC reset
      
         - tcp: fix tp->undo_retrans accounting in tcp_sacktag_one()
      
         - dsa: flush switchdev workqueue before tearing down CPU/DSA ports
      
        Previous releases - always broken:
      
         - ptp: dp83640: don't define PAGE0, avoid compiler warning
      
         - igc: fix tunnel segmentation offloads
      
         - phylink: update SFP selected interface on advertising changes
      
         - stmmac: fix system hang caused by eee_ctrl_timer during suspend/resume
      
         - mlx5e: fix mutual exclusion between CQE compression and HW TS
      
        Misc:
      
         - bpf, cgroups: fix cgroup v2 fallback on v1/v2 mixed mode
      
         - sfc: fallback for lack of xdp tx queues
      
         - hns3: add option to turn off page pool feature"
      
      * tag 'net-5.15-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (67 commits)
        mlxbf_gige: clear valid_polarity upon open
        igc: fix tunnel offloading
        net/{mlx5|nfp|bnxt}: Remove unnecessary RTNL lock assert
        net: wan: wanxl: define CROSS_COMPILE_M68K
        selftests: nci: replace unsigned int with int
        net: dsa: flush switchdev workqueue before tearing down CPU/DSA ports
        Revert "net: phy: Uniform PHY driver access"
        net: dsa: destroy the phylink instance on any error in dsa_slave_phy_setup
        ptp: dp83640: don't define PAGE0
        bnx2x: Fix enabling network interfaces without VFs
        Revert "Revert "ipv4: fix memory leaks in ip_cmsg_send() callers""
        tcp: fix tp->undo_retrans accounting in tcp_sacktag_one()
        net-caif: avoid user-triggerable WARN_ON(1)
        bpf, selftests: Add test case for mixed cgroup v1/v2
        bpf, selftests: Add cgroup v1 net_cls classid helpers
        bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode
        bpf: Add oversize check before call kvcalloc()
        net: hns3: fix the timing issue of VF clearing interrupt sources
        net: hns3: fix the exception when query imp info
        net: hns3: disable mac in flr process
        ...
      fc0c0548
    • Guenter Roeck's avatar
      net: 6pack: Fix tx timeout and slot time · 3c0d2a46
      Guenter Roeck authored
      tx timeout and slot time are currently specified in units of HZ.  On
      Alpha, HZ is defined as 1024.  When building alpha:allmodconfig, this
      results in the following error message.
      
        drivers/net/hamradio/6pack.c: In function 'sixpack_open':
        drivers/net/hamradio/6pack.c:71:41: error:
        	unsigned conversion from 'int' to 'unsigned char'
        	changes value from '256' to '0'
      
      In the 6PACK protocol, tx timeout is specified in units of 10 ms and
      transmitted over the wire:
      
          https://www.linux-ax25.org/wiki/6PACK
      
      Defining a value dependent on HZ doesn't really make sense, and
      presumably comes from the (very historical) situation where HZ was
      originally 100.
      
      Note that the SIXP_SLOTTIME use explicitly is about 10ms granularity:
      
              mod_timer(&sp->tx_t, jiffies + ((when + 1) * HZ) / 100);
      
      and the SIXP_TXDELAY walue is sent as a byte over the wire.
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      3c0d2a46
    • Arnd Bergmann's avatar
      drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume __maybe_unused · 040b8907
      Arnd Bergmann authored
      With the new static annotation, the compiler warns when the functions
      are actually unused:
      
         drivers/gpu/drm/rockchip/cdn-dp-core.c:1123:12: error: 'cdn_dp_resume' defined but not used [-Werror=unused-function]
          1123 | static int cdn_dp_resume(struct device *dev)
               |            ^~~~~~~~~~~~~
      
      Mark them __maybe_unused to suppress that warning as well.
      
      [ Not so 'new' static annotations any more, and I removed the part of
        the patch that added __maybe_unused to cdn_dp_suspend(), because it's
        used by the shutdown/remove code.
      
        So only the resume function ends up possibly unused if CONFIG_PM isn't
        set     - Linus ]
      
      Fixes: 7c49abb4 ("drm/rockchip: cdn-dp-core: Make cdn_dp_core_suspend/resume static")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Reviewed-by: default avatarEnric Balletbo i Serra <enric.balletbo@collabora.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      040b8907
    • Guenter Roeck's avatar
      cpufreq: vexpress: Drop unused variable · b60cee5b
      Guenter Roeck authored
      arm:allmodconfig fails to build with the following error.
      
        drivers/cpufreq/vexpress-spc-cpufreq.c:454:13: error:
      					unused variable 'cur_cluster'
      
      Remove the unused variable.
      
      Fixes: bb8c26d9 ("cpufreq: vexpress: Set CPUFREQ_IS_COOLING_DEV flag")
      Cc: Viresh Kumar <viresh.kumar@linaro.org>
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Reviewed-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b60cee5b
    • Guenter Roeck's avatar
      alpha: Declare virt_to_phys and virt_to_bus parameter as pointer to volatile · 35a3f4ef
      Guenter Roeck authored
      Some drivers pass a pointer to volatile data to virt_to_bus() and
      virt_to_phys(), and that works fine.  One exception is alpha.  This
      results in a number of compile errors such as
      
        drivers/net/wan/lmc/lmc_main.c: In function 'lmc_softreset':
        drivers/net/wan/lmc/lmc_main.c:1782:50: error:
      	passing argument 1 of 'virt_to_bus' discards 'volatile'
      	qualifier from pointer target type
      
        drivers/atm/ambassador.c: In function 'do_loader_command':
        drivers/atm/ambassador.c:1747:58: error:
      	passing argument 1 of 'virt_to_bus' discards 'volatile'
      	qualifier from pointer target type
      
      Declare the parameter of virt_to_phys and virt_to_bus as pointer to
      volatile to fix the problem.
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Acked-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      35a3f4ef
    • Linus Torvalds's avatar
      3com 3c515: make it compile on 64-bit architectures · db71f8fb
      Linus Torvalds authored
      This driver isn't enabled most places because of the ISA config
      dependency, but alpha still has it.  And I think the 'Jensen' actually
      did have an ISA slot.
      
      However, it doesn't build cleanly, because the "Vortex bus master" code
      just casts the skb->data pointer to 'int':
      
              outl((int) (skb->data), ioaddr + Wn7_MasterAddr);
      
      which is all kinds of broken.  Even on a good old traditional PC/AT it
      would be broken because the high bits will be random kernel address
      bits, but presumably the hardware ignores those bits.  I mean, it's ISA.
      We're talking 16MB dma limits. The "good old days".
      
      Make the build happy with this kind of craziness by using the proper
      isa_virt_to_bus() handling that the full bus master code uses anyway
      (the Vortex bus mastering is a limited special case).
      
      Who knows, this might even work.
      Reported-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      db71f8fb
    • Linus Torvalds's avatar
      Merge tag 'for-5.15/parisc-4' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux · 5fe983d3
      Linus Torvalds authored
      Pull parisc fix from Helge Deller:
       "Fix a build warning when using the PAGE0 pointer"
      
      * tag 'for-5.15/parisc-4' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
        parisc: Use absolute_pointer() to define PAGE0
      5fe983d3
    • Linus Torvalds's avatar
      Merge tag 'm68k-for-v5.15-tag2' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k · 077a6ccf
      Linus Torvalds authored
      Pull m68k fixes from Geert Uytterhoeven:
      
       - Warning fixes to mitigate CONFIG_WERROR=y
      
      * tag 'm68k-for-v5.15-tag2' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k:
        m68k: mvme: Remove overdue #warnings in RTC handling
        m68k: Double cast io functions to unsigned long
      077a6ccf
    • David Thompson's avatar
      mlxbf_gige: clear valid_polarity upon open · ee8a9600
      David Thompson authored
      The network interface managed by the mlxbf_gige driver can
      get into a problem state where traffic does not flow.
      In this state, the interface will be up and enabled, but
      will stop processing received packets.  This problem state
      will happen if three specific conditions occur:
          1) driver has received more than (N * RxRingSize) packets but
             less than (N+1 * RxRingSize) packets, where N is an odd number
             Note: the command "ethtool -g <interface>" will display the
             current receive ring size, which currently defaults to 128
          2) the driver's interface was disabled via "ifconfig oob_net0 down"
             during the window described in #1.
          3) the driver's interface is re-enabled via "ifconfig oob_net0 up"
      
      This patch ensures that the driver's "valid_polarity" field is
      cleared during the open() method so that it always matches the
      receive polarity used by hardware.  Without this fix, the driver
      needs to be unloaded and reloaded to correct this problem state.
      
      Fixes: f92e1869 ("Add Mellanox BlueField Gigabit Ethernet driver")
      Reviewed-by: default avatarAsmaa Mnebhi <asmaa@nvidia.com>
      Signed-off-by: default avatarDavid Thompson <davthompson@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ee8a9600
    • Paolo Abeni's avatar
      igc: fix tunnel offloading · 40ee363c
      Paolo Abeni authored
      Checking tunnel offloading, it turns out that offloading doesn't work
      as expected.  The following script allows to reproduce the issue.
      Call it as `testscript DEVICE LOCALIP REMOTEIP NETMASK'
      
      === SNIP ===
      if [ $# -ne 4 ]
      then
        echo "Usage $0 DEVICE LOCALIP REMOTEIP NETMASK"
        exit 1
      fi
      DEVICE="$1"
      LOCAL_ADDRESS="$2"
      REMOTE_ADDRESS="$3"
      NWMASK="$4"
      echo "Driver: $(ethtool -i ${DEVICE} | awk '/^driver:/{print $2}') "
      ethtool -k "${DEVICE}" | grep tx-udp
      echo
      echo "Set up NIC and tunnel..."
      ip addr add "${LOCAL_ADDRESS}/${NWMASK}" dev "${DEVICE}"
      ip link set "${DEVICE}" up
      sleep 2
      ip link add vxlan1 type vxlan id 42 \
      		   remote "${REMOTE_ADDRESS}" \
      		   local "${LOCAL_ADDRESS}" \
      		   dstport 0 \
      		   dev "${DEVICE}"
      ip addr add fc00::1/64 dev vxlan1
      ip link set vxlan1 up
      sleep 2
      rm -f vxlan.pcap
      echo "Running tcpdump and iperf3..."
      ( nohup tcpdump -i any -w vxlan.pcap >/dev/null 2>&1 ) &
      sleep 2
      iperf3 -c fc00::2 >/dev/null
      pkill tcpdump
      echo
      echo -n "Max. Paket Size: "
      tcpdump -r vxlan.pcap -nnle 2>/dev/null \
      | grep "${LOCAL_ADDRESS}.*> ${REMOTE_ADDRESS}.*OTV" \
      | awk '{print $8}' | awk -F ':' '{print $1}' \
      | sort -n | tail -1
      echo
      ip link del vxlan1
      ip addr del ${LOCAL_ADDRESS}/${NWMASK} dev "${DEVICE}"
      === SNAP ===
      
      The expected outcome is
      
        Max. Paket Size: 64904
      
      This is what you see on igb, the code igc has been taken from.
      However, on igc the output is
      
        Max. Paket Size: 1516
      
      so the GSO aggregate packets are segmented by the kernel before calling
      igc_xmit_frame.  Inside the subsequent call to igc_tso, the check for
      skb_is_gso(skb) fails and the function returns prematurely.
      
      It turns out that this occurs because the feature flags aren't set
      entirely correctly in igc_probe.  In contrast to the original code
      from igb_probe, igc_probe neglects to set the flags required to allow
      tunnel offloading.
      
      Setting the same flags as igb fixes the issue on igc.
      
      Fixes: 34428dff ("igc: Add GSO partial support")
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Tested-by: default avatarCorinna Vinschen <vinschen@redhat.com>
      Acked-by: default avatarSasha Neftin <sasha.neftin@intel.com>
      Tested-by: default avatarNechama Kraus <nechamax.kraus@linux.intel.com>
      Signed-off-by: default avatarTony Nguyen <anthony.l.nguyen@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      40ee363c
    • Eli Cohen's avatar
      net/{mlx5|nfp|bnxt}: Remove unnecessary RTNL lock assert · 7c3a0a01
      Eli Cohen authored
      Remove the assert from the callback priv lookup function since it does
      not require RTNL lock and is already protected by flow_indr_block_lock.
      
      This will avoid warnings from being emitted to dmesg if the driver
      registers its callback after an ingress qdisc was created for a
      netdevice.
      
      The warnings started after the following patch was merged:
      commit 74fc4f82 ("net: Fix offloading indirect devices dependency on qdisc order creation")
      Signed-off-by: default avatarEli Cohen <elic@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7c3a0a01
    • Adam Borowski's avatar
      net: wan: wanxl: define CROSS_COMPILE_M68K · 84fb7dfc
      Adam Borowski authored
      It was used but never set.  The hardcoded value from before the dawn of
      time was non-standard; the usual name for cross-tools is $TRIPLET-$TOOL
      Signed-off-by: default avatarAdam Borowski <kilobyte@angband.pl>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      84fb7dfc
    • Xiang wangx's avatar
      selftests: nci: replace unsigned int with int · 98dc68f8
      Xiang wangx authored
      Should not use comparison of unsigned expressions < 0.
      Signed-off-by: default avatarXiang wangx <wangxiang@cdjrlc.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      98dc68f8
    • Helge Deller's avatar
      parisc: Use absolute_pointer() to define PAGE0 · 90cc7bed
      Helge Deller authored
      Use absolute_pointer() wrapper for PAGE0 to avoid this compiler warning:
      
        arch/parisc/kernel/setup.c: In function 'start_parisc':
        error: '__builtin_memcmp_eq' specified bound 8 exceeds source size 0
      Signed-off-by: default avatarHelge Deller <deller@gmx.de>
      Co-Developed-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Suggested-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      90cc7bed
    • Linus Torvalds's avatar
      Merge tag 'hyperv-fixes-signed-20210915' of... · ff1ffd71
      Linus Torvalds authored
      Merge tag 'hyperv-fixes-signed-20210915' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux
      
      Pull hyperv fixes from Wei Liu:
      
       - Fix kernel crash caused by uio driver (Vitaly Kuznetsov)
      
       - Remove on-stack cpumask from HV APIC code (Wei Liu)
      
      * tag 'hyperv-fixes-signed-20210915' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux:
        x86/hyperv: remove on-stack cpumask from hv_send_ipi_mask_allbutself
        asm-generic/hyperv: provide cpumask_to_vpset_noself
        Drivers: hv: vmbus: Fix kernel crash upon unbinding a device from uio_hv_generic driver
      ff1ffd71
    • Linus Torvalds's avatar
      Merge tag 'rtc-5.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux · 453fa43c
      Linus Torvalds authored
      Pull RTC fix from Alexandre Belloni:
       "Fix a locking issue in the cmos rtc driver"
      
      * tag 'rtc-5.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux:
        rtc: cmos: Disable irq around direct invocation of cmos_interrupt()
      453fa43c
  3. 15 Sep, 2021 13 commits
    • Vladimir Oltean's avatar
      net: dsa: flush switchdev workqueue before tearing down CPU/DSA ports · a57d8c21
      Vladimir Oltean authored
      Sometimes when unbinding the mv88e6xxx driver on Turris MOX, these error
      messages appear:
      
      mv88e6085 d0032004.mdio-mii:12: port 1 failed to delete be:79:b4:9e:9e:96 vid 1 from fdb: -2
      mv88e6085 d0032004.mdio-mii:12: port 1 failed to delete be:79:b4:9e:9e:96 vid 0 from fdb: -2
      mv88e6085 d0032004.mdio-mii:12: port 1 failed to delete d8:58:d7:00:ca:6d vid 100 from fdb: -2
      mv88e6085 d0032004.mdio-mii:12: port 1 failed to delete d8:58:d7:00:ca:6d vid 1 from fdb: -2
      mv88e6085 d0032004.mdio-mii:12: port 1 failed to delete d8:58:d7:00:ca:6d vid 0 from fdb: -2
      
      (and similarly for other ports)
      
      What happens is that DSA has a policy "even if there are bugs, let's at
      least not leak memory" and dsa_port_teardown() clears the dp->fdbs and
      dp->mdbs lists, which are supposed to be empty.
      
      But deleting that cleanup code, the warnings go away.
      
      => the FDB and MDB lists (used for refcounting on shared ports, aka CPU
      and DSA ports) will eventually be empty, but are not empty by the time
      we tear down those ports. Aka we are deleting them too soon.
      
      The addresses that DSA complains about are host-trapped addresses: the
      local addresses of the ports, and the MAC address of the bridge device.
      
      The problem is that offloading those entries happens from a deferred
      work item scheduled by the SWITCHDEV_FDB_DEL_TO_DEVICE handler, and this
      races with the teardown of the CPU and DSA ports where the refcounting
      is kept.
      
      In fact, not only it races, but fundamentally speaking, if we iterate
      through the port list linearly, we might end up tearing down the shared
      ports even before we delete a DSA user port which has a bridge upper.
      
      So as it turns out, we need to first tear down the user ports (and the
      unused ones, for no better place of doing that), then the shared ports
      (the CPU and DSA ports). In between, we need to ensure that all work
      items scheduled by our switchdev handlers (which only run for user
      ports, hence the reason why we tear them down first) have finished.
      
      Fixes: 161ca59d ("net: dsa: reference count the MDB entries at the cross-chip notifier level")
      Signed-off-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Reviewed-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Link: https://lore.kernel.org/r/20210914134726.2305133-1-vladimir.oltean@nxp.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      a57d8c21
    • Vladimir Oltean's avatar
      Revert "net: phy: Uniform PHY driver access" · 301de697
      Vladimir Oltean authored
      This reverts commit 3ac8eed6, which did
      more than it said on the box, and not only it replaced to_phy_driver
      with phydev->drv, but it also removed the "!drv" check, without actually
      explaining why that is fine.
      
      That patch in fact breaks suspend/resume on any system which has PHY
      devices with no drivers bound.
      
      The stack trace is:
      
      Unable to handle kernel NULL pointer dereference at virtual address 00000000000000e8
      pc : mdio_bus_phy_suspend+0xd8/0xec
      lr : dpm_run_callback+0x38/0x90
      Call trace:
       mdio_bus_phy_suspend+0xd8/0xec
       dpm_run_callback+0x38/0x90
       __device_suspend+0x108/0x3cc
       dpm_suspend+0x140/0x210
       dpm_suspend_start+0x7c/0xa0
       suspend_devices_and_enter+0x13c/0x540
       pm_suspend+0x2a4/0x330
      
      Examples why that assumption is not fine:
      
      - There is an MDIO bus with a PHY device that doesn't have a specific
        PHY driver loaded, because mdiobus_register() automatically creates a
        PHY device for it but there is no specific PHY driver in the system.
        Normally under those circumstances, the generic PHY driver will be
        bound lazily to it (at phy_attach_direct time). But some Ethernet
        drivers attach to their PHY at .ndo_open time. Until then it, the
        to-be-driven-by-genphy PHY device will not have a driver. The blamed
        patch amounts to saying "you need to open all net devices before the
        system can suspend, to avoid the NULL pointer dereference".
      
      - There is any raw MDIO device which has 'plausible' values in the PHY
        ID registers 2 and 3, which is located on an MDIO bus whose driver
        does not set bus->phy_mask = ~0 (which prevents auto-scanning of PHY
        devices). An example could be a MAC's internal MDIO bus with PCS
        devices on it, for serial links such as SGMII. PHY devices will get
        created for those PCSes too, due to that MDIO bus auto-scanning, and
        although those PHY devices are not used, they do not bother anybody
        either. PCS devices are usually managed in Linux as raw MDIO devices.
        Nonetheless, they do not have a PHY driver, nor does anybody attempt
        to connect to them (because they are not a PHY), and therefore this
        patch breaks that.
      
      The goal itself of the patch is questionable, so I am going for a
      straight revert. to_phy_driver does not seem to have a need to be
      replaced by phydev->drv, in fact that might even trigger code paths
      which were not given too deep of a thought.
      
      For instance:
      
      phy_probe populates phydev->drv at the beginning, but does not clean it
      up on any error (including EPROBE_DEFER). So if the phydev driver
      requests probe deferral, phydev->drv will remain populated despite there
      being no driver bound.
      
      If a system suspend starts in between the initial probe deferral request
      and the subsequent probe retry, we will be calling the phydev->drv->suspend
      method, but _before_ any phydev->drv->probe call has succeeded.
      
      That is to say, if the phydev->drv is allocating any driver-private data
      structure in ->probe, it pretty much expects that data structure to be
      available in ->suspend. But it may not. That is a pretty insane
      environment to present to PHY drivers.
      
      In the code structure before the blamed patch, mdio_bus_phy_may_suspend
      would just say "no, don't suspend" to any PHY device which does not have
      a driver pointer _in_the_device_structure_ (not the phydev->drv). That
      would essentially ensure that ->suspend will never get called for a
      device that has not yet successfully completed probe. This is the code
      structure the patch is returning to, via the revert.
      
      Fixes: 3ac8eed6 ("net: phy: Uniform PHY driver access")
      Signed-off-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Acked-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Link: https://lore.kernel.org/r/20210914140515.2311548-1-vladimir.oltean@nxp.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      301de697
    • Vladimir Oltean's avatar
      net: dsa: destroy the phylink instance on any error in dsa_slave_phy_setup · 6a52e733
      Vladimir Oltean authored
      DSA supports connecting to a phy-handle, and has a fallback to a non-OF
      based method of connecting to an internal PHY on the switch's own MDIO
      bus, if no phy-handle and no fixed-link nodes were present.
      
      The -ENODEV error code from the first attempt (phylink_of_phy_connect)
      is what triggers the second attempt (phylink_connect_phy).
      
      However, when the first attempt returns a different error code than
      -ENODEV, this results in an unbalance of calls to phylink_create and
      phylink_destroy by the time we exit the function. The phylink instance
      has leaked.
      
      There are many other error codes that can be returned by
      phylink_of_phy_connect. For example, phylink_validate returns -EINVAL.
      So this is a practical issue too.
      
      Fixes: aab9c406 ("net: dsa: Plug in PHYLINK support")
      Signed-off-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Reviewed-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Reviewed-by: default avatarRussell King (Oracle) <rmk+kernel@armlinux.org.uk>
      Link: https://lore.kernel.org/r/20210914134331.2303380-1-vladimir.oltean@nxp.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      6a52e733
    • Linus Torvalds's avatar
      qnx4: avoid stringop-overread errors · b7213ffa
      Linus Torvalds authored
      The qnx4 directory entries are 64-byte blocks that have different
      contents depending on the a status byte that is in the last byte of the
      block.
      
      In particular, a directory entry can be either a "link info" entry with
      a 48-byte name and pointers to the real inode information, or an "inode
      entry" with a smaller 16-byte name and the full inode information.
      
      But the code was written to always just treat the directory name as if
      it was part of that "inode entry", and just extend the name to the
      longer case if the status byte said it was a link entry.
      
      That work just fine and gives the right results, but now that gcc is
      tracking data structure accesses much more, the code can trigger a
      compiler error about using up to 48 bytes (the long name) in a structure
      that only has that shorter name in it:
      
         fs/qnx4/dir.c: In function ‘qnx4_readdir’:
         fs/qnx4/dir.c:51:32: error: ‘strnlen’ specified bound 48 exceeds source size 16 [-Werror=stringop-overread]
            51 |                         size = strnlen(de->di_fname, size);
               |                                ^~~~~~~~~~~~~~~~~~~~~~~~~~~
         In file included from fs/qnx4/qnx4.h:3,
                          from fs/qnx4/dir.c:16:
         include/uapi/linux/qnx4_fs.h:45:25: note: source object declared here
            45 |         char            di_fname[QNX4_SHORT_NAME_MAX];
               |                         ^~~~~~~~
      
      which is because the source code doesn't really make this whole "one of
      two different types" explicit.
      
      Fix this by introducing a very explicit union of the two types, and
      basically explaining to the compiler what is really going on.
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b7213ffa
    • Linus Torvalds's avatar
      sparc: avoid stringop-overread errors · fc7c028d
      Linus Torvalds authored
      The sparc mdesc code does pointer games with 'struct mdesc_hdr', but
      didn't describe to the compiler how that header is then followed by the
      data that the header describes.
      
      As a result, gcc is now unhappy since it does stricter pointer range
      tracking, and doesn't understand about how these things work.  This
      results in various errors like:
      
          arch/sparc/kernel/mdesc.c: In function ‘mdesc_node_by_name’:
          arch/sparc/kernel/mdesc.c:647:22: error: ‘strcmp’ reading 1 or more bytes from a region of size 0 [-Werror=stringop-overread]
            647 |                 if (!strcmp(names + ep[ret].name_offset, name))
                |                      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      which are easily avoided by just describing 'struct mdesc_hdr' better,
      and making the node_block() helper function look into that unsized
      data[] that follows the header.
      
      This makes the sparc64 build happy again at least for my cross-compiler
      version (gcc version 11.2.1).
      
      Link: https://lore.kernel.org/lkml/CAHk-=wi4NW3NC0xWykkw=6LnjQD6D_rtRtxY9g8gQAJXtQMi8A@mail.gmail.com/
      Cc: Guenter Roeck <linux@roeck-us.net>
      Cc: David S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      fc7c028d
    • Linus Torvalds's avatar
      Merge branch 'absolute-pointer' (patches from Guenter) · d6efd3f1
      Linus Torvalds authored
      Merge absolute_pointer macro series from Guenter Roeck:
       "Kernel test builds currently fail for several architectures with error
        messages such as the following.
      
        drivers/net/ethernet/i825xx/82596.c: In function 'i82596_probe':
        arch/m68k/include/asm/string.h:72:25: error:
              '__builtin_memcpy' reading 6 bytes from a region of size 0
                      [-Werror=stringop-overread]
      
        Such warnings may be reported by gcc 11.x for string and memory
        operations on fixed addresses if gcc's builtin functions are used for
        those operations.
      
        This series introduces absolute_pointer() to fix the problem.
        absolute_pointer() disassociates a pointer from its originating symbol
        type and context, and thus prevents gcc from making assumptions about
        pointers passed to memory operations"
      
      * emailed patches from Guenter Roeck <linux@roeck-us.net>:
        alpha: Use absolute_pointer to define COMMAND_LINE
        alpha: Move setup.h out of uapi
        net: i825xx: Use absolute_pointer for memcpy from fixed memory location
        compiler.h: Introduce absolute_pointer macro
      d6efd3f1
    • Guenter Roeck's avatar
      alpha: Use absolute_pointer to define COMMAND_LINE · ebdc20d7
      Guenter Roeck authored
      alpha:allmodconfig fails to build with the following error
      when using gcc 11.x.
      
        arch/alpha/kernel/setup.c: In function 'setup_arch':
        arch/alpha/kernel/setup.c:493:13: error:
      	'strcmp' reading 1 or more bytes from a region of size 0
      
      Avoid the problem by declaring COMMAND_LINE as absolute_pointer().
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ebdc20d7
    • Guenter Roeck's avatar
      alpha: Move setup.h out of uapi · 3cb8b153
      Guenter Roeck authored
      Most of the contents of setup.h have no value for userspace
      applications.  The file was probably moved to uapi accidentally.
      
      Keep the file in uapi to define the alpha-specific COMMAND_LINE_SIZE.
      Move all other defines to arch/alpha/include/asm/setup.h.
      Suggested-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      3cb8b153
    • Guenter Roeck's avatar
      net: i825xx: Use absolute_pointer for memcpy from fixed memory location · dff2d131
      Guenter Roeck authored
      gcc 11.x reports the following compiler warning/error.
      
        drivers/net/ethernet/i825xx/82596.c: In function 'i82596_probe':
        arch/m68k/include/asm/string.h:72:25: error:
      	'__builtin_memcpy' reading 6 bytes from a region of size 0 [-Werror=stringop-overread]
      
      Use absolute_pointer() to work around the problem.
      
      Cc: Geert Uytterhoeven <geert@linux-m68k.org>
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Reviewed-by: default avatarGeert Uytterhoeven <geert@linux-m68k.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      dff2d131
    • Guenter Roeck's avatar
      compiler.h: Introduce absolute_pointer macro · f6b5f1a5
      Guenter Roeck authored
      absolute_pointer() disassociates a pointer from its originating symbol
      type and context. Use it to prevent compiler warnings/errors such as
      
        drivers/net/ethernet/i825xx/82596.c: In function 'i82596_probe':
        arch/m68k/include/asm/string.h:72:25: error:
      	'__builtin_memcpy' reading 6 bytes from a region of size 0 [-Werror=stringop-overread]
      
      Such warnings may be reported by gcc 11.x for string and memory
      operations on fixed addresses.
      Suggested-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Reviewed-by: default avatarGeert Uytterhoeven <geert@linux-m68k.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      f6b5f1a5
    • Masami Hiramatsu's avatar
      tools/bootconfig: Define memblock_free_ptr() to fix build error · 80be5998
      Masami Hiramatsu authored
      The lib/bootconfig.c file is shared with the 'bootconfig' tooling, and
      as a result, the changes incommit 77e02cf5 ("memblock: introduce
      saner 'memblock_free_ptr()' interface") need to also be reflected in the
      tooling header file.
      
      So define the new memblock_free_ptr() wrapper, and remove unused __pa()
      and memblock_free().
      
      Fixes: 77e02cf5 ("memblock: introduce saner 'memblock_free_ptr()' interface")
      Signed-off-by: default avatarMasami Hiramatsu <mhiramat@kernel.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      80be5998
    • Randy Dunlap's avatar
      ptp: dp83640: don't define PAGE0 · 7366c23f
      Randy Dunlap authored
      Building dp83640.c on arch/parisc/ produces a build warning for
      PAGE0 being redefined. Since the macro is not used in the dp83640
      driver, just make it a comment for documentation purposes.
      
      In file included from ../drivers/net/phy/dp83640.c:23:
      ../drivers/net/phy/dp83640_reg.h:8: warning: "PAGE0" redefined
          8 | #define PAGE0                     0x0000
                       from ../drivers/net/phy/dp83640.c:11:
      ../arch/parisc/include/asm/page.h:187: note: this is the location of the previous definition
        187 | #define PAGE0   ((struct zeropage *)__PAGE_OFFSET)
      
      Fixes: cb646e2b ("ptp: Added a clock driver for the National Semiconductor PHYTER.")
      Signed-off-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Reported-by: default avatarGeert Uytterhoeven <geert@linux-m68k.org>
      Cc: Richard Cochran <richard.cochran@omicron.at>
      Cc: John Stultz <john.stultz@linaro.org>
      Cc: Heiner Kallweit <hkallweit1@gmail.com>
      Cc: Russell King <linux@armlinux.org.uk>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Link: https://lore.kernel.org/r/20210913220605.19682-1-rdunlap@infradead.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      7366c23f
    • Adrian Bunk's avatar
      bnx2x: Fix enabling network interfaces without VFs · 52ce14c1
      Adrian Bunk authored
      This function is called to enable SR-IOV when available,
      not enabling interfaces without VFs was a regression.
      
      Fixes: 65161c35 ("bnx2x: Fix missing error code in bnx2x_iov_init_one()")
      Signed-off-by: default avatarAdrian Bunk <bunk@kernel.org>
      Reported-by: default avatarYunQiang Su <wzssyqa@gmail.com>
      Tested-by: default avatarYunQiang Su <wzssyqa@gmail.com>
      Cc: stable@vger.kernel.org
      Acked-by: default avatarShai Malin <smalin@marvell.com>
      Link: https://lore.kernel.org/r/20210912190523.27991-1-bunk@kernel.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      52ce14c1
  4. 14 Sep, 2021 9 commits
    • Huang Rui's avatar
      drm/ttm: fix type mismatch error on sparc64 · 3ca706c1
      Huang Rui authored
      On sparc64, __fls() returns an "int", but the drm TTM code expected it
      to be "unsigned long" as on x86.  As a result, on sparc (and arc, and
      m68k) you get build errors because 'min()' checks that the types match.
      
      As suggested by Linus, it can use min_t instead of min to force the type
      to be "unsigned int".
      Suggested-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarHuang Rui <ray.huang@amd.com>
      Reviewed-by: default avatarChristian König <christian.koenig@amd.com>
      Cc: Alex Deucher <alexdeucher@gmail.com>
      Cc: David Airlie <airlied@linux.ie>
      Cc: Daniel Vetter <daniel@ffwll.ch>
      Cc: Guenter Roeck <linux@roeck-us.net>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      3ca706c1
    • Linus Torvalds's avatar
      memblock: introduce saner 'memblock_free_ptr()' interface · 77e02cf5
      Linus Torvalds authored
      The boot-time allocation interface for memblock is a mess, with
      'memblock_alloc()' returning a virtual pointer, but then you are
      supposed to free it with 'memblock_free()' that takes a _physical_
      address.
      
      Not only is that all kinds of strange and illogical, but it actually
      causes bugs, when people then use it like a normal allocation function,
      and it fails spectacularly on a NULL pointer:
      
         https://lore.kernel.org/all/20210912140820.GD25450@xsang-OptiPlex-9020/
      
      or just random memory corruption if the debug checks don't catch it:
      
         https://lore.kernel.org/all/61ab2d0c-3313-aaab-514c-e15b7aa054a0@suse.cz/
      
      I really don't want to apply patches that treat the symptoms, when the
      fundamental cause is this horribly confusing interface.
      
      I started out looking at just automating a sane replacement sequence,
      but because of this mix or virtual and physical addresses, and because
      people have used the "__pa()" macro that can take either a regular
      kernel pointer, or just the raw "unsigned long" address, it's all quite
      messy.
      
      So this just introduces a new saner interface for freeing a virtual
      address that was allocated using 'memblock_alloc()', and that was kept
      as a regular kernel pointer.  And then it converts a couple of users
      that are obvious and easy to test, including the 'xbc_nodes' case in
      lib/bootconfig.c that caused problems.
      Reported-by: default avatarkernel test robot <oliver.sang@intel.com>
      Fixes: 40caa127 ("init: bootconfig: Remove all bootconfig data when the init memory is removed")
      Cc: Steven Rostedt <rostedt@goodmis.org>
      Cc: Mike Rapoport <rppt@kernel.org>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      77e02cf5
    • Vasily Averin's avatar
      ipc: remove memcg accounting for sops objects in do_semtimedop() · 6a4746ba
      Vasily Averin authored
      Linus proposes to revert an accounting for sops objects in
      do_semtimedop() because it's really just a temporary buffer
      for a single semtimedop() system call.
      
      This object can consume up to 2 pages, syscall is sleeping
      one, size and duration can be controlled by user, and this
      allocation can be repeated by many thread at the same time.
      
      However Shakeel Butt pointed that there are much more popular
      objects with the same life time and similar memory
      consumption, the accounting of which was decided to be
      rejected for performance reasons.
      
      Considering at least 2 pages for task_struct and 2 pages for
      the kernel stack, a back of the envelope calculation gives a
      footprint amplification of <1.5 so this temporal buffer can be
      safely ignored.
      
      The factor would IMO be interesting if it was >> 2 (from the
      PoV of excessive (ab)use, fine-grained accounting seems to be
      currently unfeasible due to performance impact).
      
      Link: https://lore.kernel.org/lkml/90e254df-0dfe-f080-011e-b7c53ee7fd20@virtuozzo.com/
      Fixes: 18319498 ("memcg: enable accounting of ipc resources")
      Signed-off-by: default avatarVasily Averin <vvs@virtuozzo.com>
      Acked-by: default avatarMichal Hocko <mhocko@suse.com>
      Reviewed-by: default avatarMichal Koutný <mkoutny@suse.com>
      Acked-by: default avatarShakeel Butt <shakeelb@google.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      6a4746ba
    • Michael Ellerman's avatar
      powerpc/boot: Fix build failure since GCC 4.9 removal · 1619b69e
      Michael Ellerman authored
      Stephen reported that the build was broken since commit
      6d2ef226 ("compiler_attributes.h: drop __has_attribute() support for
      gcc4"), with errors such as:
      
        include/linux/compiler_attributes.h:296:5: warning: "__has_attribute" is not defined, evaluates to 0 [-Wundef]
          296 | #if __has_attribute(__warning__)
              |     ^~~~~~~~~~~~~~~
        make[2]: *** [arch/powerpc/boot/Makefile:225: arch/powerpc/boot/crt0.o] Error 1
      
      But we expect __has_attribute() to always be defined now that we've
      stopped using GCC 4.
      
      Linus debugged it to the point of reading the GCC sources, and noticing
      that the problem is that __has_attribute() is not defined when
      preprocessing assembly files, which is what we're doing here.
      
      Our assembly files don't include, or need, compiler_attributes.h, but
      they are getting it unconditionally from the -include in BOOT_CFLAGS,
      which is then added in its entirety to BOOT_AFLAGS.
      
      That -include was added in commit 77433830 ("powerpc: boot: include
      compiler_attributes.h") so that we'd have "fallthrough" and other
      attributes defined for the C files in arch/powerpc/boot. But it's not
      needed for assembly files.
      
      The minimal fix is to move the addition to BOOT_CFLAGS of -include
      compiler_attributes.h until after we've copied BOOT_CFLAGS into
      BOOT_AFLAGS. That avoids including compiler_attributes.h for asm files,
      but makes no other change to BOOT_CFLAGS or BOOT_AFLAGS.
      Reported-by: default avatarStephen Rothwell <sfr@canb.auug.org.au>
      Debugged-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Tested-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1619b69e
    • Eric Dumazet's avatar
      Revert "Revert "ipv4: fix memory leaks in ip_cmsg_send() callers"" · d198b277
      Eric Dumazet authored
      This reverts commit d7807a9a.
      
      As mentioned in https://lkml.org/lkml/2021/9/13/1819
      5 years old commit 91948309 ("ipv4: fix memory leaks in ip_cmsg_send() callers")
      was a correct fix.
      
        ip_cmsg_send() can loop over multiple cmsghdr()
      
        If IP_RETOPTS has been successful, but following cmsghdr generates an error,
        we do not free ipc.ok
      
        If IP_RETOPTS is not successful, we have freed the allocated temporary space,
        not the one currently in ipc.opt.
      
      Sure, code could be refactored, but let's not bring back old bugs.
      
      Fixes: d7807a9a ("Revert "ipv4: fix memory leaks in ip_cmsg_send() callers"")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Yajun Deng <yajun.deng@linux.dev>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d198b277
    • zhenggy's avatar
      tcp: fix tp->undo_retrans accounting in tcp_sacktag_one() · 4f884f39
      zhenggy authored
      Commit 10d3be56 ("tcp-tso: do not split TSO packets at retransmit
      time") may directly retrans a multiple segments TSO/GSO packet without
      split, Since this commit, we can no longer assume that a retransmitted
      packet is a single segment.
      
      This patch fixes the tp->undo_retrans accounting in tcp_sacktag_one()
      that use the actual segments(pcount) of the retransmitted packet.
      
      Before that commit (10d3be56), the assumption underlying the
      tp->undo_retrans-- seems correct.
      
      Fixes: 10d3be56 ("tcp-tso: do not split TSO packets at retransmit time")
      Signed-off-by: default avatarzhenggy <zhenggy@chinatelecom.cn>
      Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
      Acked-by: default avatarYuchung Cheng <ycheng@google.com>
      Acked-by: default avatarNeal Cardwell <ncardwell@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4f884f39
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · 2865ba82
      David S. Miller authored
      Daniel Borkmann says:
      
      ====================
      pull-request: bpf 2021-09-14
      
      The following pull-request contains BPF updates for your *net* tree.
      
      We've added 7 non-merge commits during the last 13 day(s) which contain
      a total of 18 files changed, 334 insertions(+), 193 deletions(-).
      
      The main changes are:
      
      1) Fix mmap_lock lockdep splat in BPF stack map's build_id lookup, from Yonghong Song.
      
      2) Fix BPF cgroup v2 program bypass upon net_cls/prio activation, from Daniel Borkmann.
      
      3) Fix kvcalloc() BTF line info splat on oversized allocation attempts, from Bixuan Cui.
      
      4) Fix BPF selftest build of task_pt_regs test for arm64/s390, from Jean-Philippe Brucker.
      
      5) Fix BPF's disasm.{c,h} to dual-license so that it is aligned with bpftool given the former
         is a build dependency for the latter, from Daniel Borkmann with ACKs from contributors.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2865ba82
    • Eric Dumazet's avatar
      net-caif: avoid user-triggerable WARN_ON(1) · 550ac9c1
      Eric Dumazet authored
      syszbot triggers this warning, which looks something
      we can easily prevent.
      
      If we initialize priv->list_field in chnl_net_init(),
      then always use list_del_init(), we can remove robust_list_del()
      completely.
      
      WARNING: CPU: 0 PID: 3233 at net/caif/chnl_net.c:67 robust_list_del net/caif/chnl_net.c:67 [inline]
      WARNING: CPU: 0 PID: 3233 at net/caif/chnl_net.c:67 chnl_net_uninit+0xc9/0x2e0 net/caif/chnl_net.c:375
      Modules linked in:
      CPU: 0 PID: 3233 Comm: syz-executor.3 Not tainted 5.14.0-syzkaller #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      RIP: 0010:robust_list_del net/caif/chnl_net.c:67 [inline]
      RIP: 0010:chnl_net_uninit+0xc9/0x2e0 net/caif/chnl_net.c:375
      Code: 89 eb e8 3a a3 ba f8 48 89 d8 48 c1 e8 03 42 80 3c 28 00 0f 85 bf 01 00 00 48 81 fb 00 14 4e 8d 48 8b 2b 75 d0 e8 17 a3 ba f8 <0f> 0b 5b 5d 41 5c 41 5d e9 0a a3 ba f8 4c 89 e3 e8 02 a3 ba f8 4c
      RSP: 0018:ffffc90009067248 EFLAGS: 00010202
      RAX: 0000000000008780 RBX: ffffffff8d4e1400 RCX: ffffc9000fd34000
      RDX: 0000000000040000 RSI: ffffffff88bb6e49 RDI: 0000000000000003
      RBP: ffff88802cd9ee08 R08: 0000000000000000 R09: ffffffff8d0e6647
      R10: ffffffff88bb6dc2 R11: 0000000000000000 R12: ffff88803791ae08
      R13: dffffc0000000000 R14: 00000000e600ffce R15: ffff888073ed3480
      FS:  00007fed10fa0700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000001b2c322000 CR3: 00000000164a6000 CR4: 00000000001506e0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       register_netdevice+0xadf/0x1500 net/core/dev.c:10347
       ipcaif_newlink+0x4c/0x260 net/caif/chnl_net.c:468
       __rtnl_newlink+0x106d/0x1750 net/core/rtnetlink.c:3458
       rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3506
       rtnetlink_rcv_msg+0x413/0xb80 net/core/rtnetlink.c:5572
       netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2504
       netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline]
       netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1340
       netlink_sendmsg+0x86d/0xdb0 net/netlink/af_netlink.c:1929
       sock_sendmsg_nosec net/socket.c:704 [inline]
       sock_sendmsg+0xcf/0x120 net/socket.c:724
       __sys_sendto+0x21c/0x320 net/socket.c:2036
       __do_sys_sendto net/socket.c:2048 [inline]
       __se_sys_sendto net/socket.c:2044 [inline]
       __x64_sys_sendto+0xdd/0x1b0 net/socket.c:2044
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x44/0xae
      
      Fixes: cc36a070 ("net-caif: add CAIF netdevice")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      550ac9c1
    • Chris Wilson's avatar
      rtc: cmos: Disable irq around direct invocation of cmos_interrupt() · 13be2efc
      Chris Wilson authored
      As previously noted in commit 66e4f4a9 ("rtc: cmos: Use
      spin_lock_irqsave() in cmos_interrupt()"):
      
      <4>[  254.192378] WARNING: inconsistent lock state
      <4>[  254.192384] 5.12.0-rc1-CI-CI_DRM_9834+ #1 Not tainted
      <4>[  254.192396] --------------------------------
      <4>[  254.192400] inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage.
      <4>[  254.192409] rtcwake/5309 [HC0[0]:SC0[0]:HE1:SE1] takes:
      <4>[  254.192429] ffffffff8263c5f8 (rtc_lock){?...}-{2:2}, at: cmos_interrupt+0x18/0x100
      <4>[  254.192481] {IN-HARDIRQ-W} state was registered at:
      <4>[  254.192488]   lock_acquire+0xd1/0x3d0
      <4>[  254.192504]   _raw_spin_lock+0x2a/0x40
      <4>[  254.192519]   cmos_interrupt+0x18/0x100
      <4>[  254.192536]   rtc_handler+0x1f/0xc0
      <4>[  254.192553]   acpi_ev_fixed_event_detect+0x109/0x13c
      <4>[  254.192574]   acpi_ev_sci_xrupt_handler+0xb/0x28
      <4>[  254.192596]   acpi_irq+0x13/0x30
      <4>[  254.192620]   __handle_irq_event_percpu+0x43/0x2c0
      <4>[  254.192641]   handle_irq_event_percpu+0x2b/0x70
      <4>[  254.192661]   handle_irq_event+0x2f/0x50
      <4>[  254.192680]   handle_fasteoi_irq+0x9e/0x150
      <4>[  254.192693]   __common_interrupt+0x76/0x140
      <4>[  254.192715]   common_interrupt+0x96/0xc0
      <4>[  254.192732]   asm_common_interrupt+0x1e/0x40
      <4>[  254.192750]   _raw_spin_unlock_irqrestore+0x38/0x60
      <4>[  254.192767]   resume_irqs+0xba/0xf0
      <4>[  254.192786]   dpm_resume_noirq+0x245/0x3d0
      <4>[  254.192811]   suspend_devices_and_enter+0x230/0xaa0
      <4>[  254.192835]   pm_suspend.cold.8+0x301/0x34a
      <4>[  254.192859]   state_store+0x7b/0xe0
      <4>[  254.192879]   kernfs_fop_write_iter+0x11d/0x1c0
      <4>[  254.192899]   new_sync_write+0x11d/0x1b0
      <4>[  254.192916]   vfs_write+0x265/0x390
      <4>[  254.192933]   ksys_write+0x5a/0xd0
      <4>[  254.192949]   do_syscall_64+0x33/0x80
      <4>[  254.192965]   entry_SYSCALL_64_after_hwframe+0x44/0xae
      <4>[  254.192986] irq event stamp: 43775
      <4>[  254.192994] hardirqs last  enabled at (43775): [<ffffffff81c00c42>] asm_sysvec_apic_timer_interrupt+0x12/0x20
      <4>[  254.193023] hardirqs last disabled at (43774): [<ffffffff81aa691a>] sysvec_apic_timer_interrupt+0xa/0xb0
      <4>[  254.193049] softirqs last  enabled at (42548): [<ffffffff81e00342>] __do_softirq+0x342/0x48e
      <4>[  254.193074] softirqs last disabled at (42543): [<ffffffff810b45fd>] irq_exit_rcu+0xad/0xd0
      <4>[  254.193101]
                        other info that might help us debug this:
      <4>[  254.193107]  Possible unsafe locking scenario:
      
      <4>[  254.193112]        CPU0
      <4>[  254.193117]        ----
      <4>[  254.193121]   lock(rtc_lock);
      <4>[  254.193137]   <Interrupt>
      <4>[  254.193142]     lock(rtc_lock);
      <4>[  254.193156]
                         *** DEADLOCK ***
      
      <4>[  254.193161] 6 locks held by rtcwake/5309:
      <4>[  254.193174]  #0: ffff888104861430 (sb_writers#5){.+.+}-{0:0}, at: ksys_write+0x5a/0xd0
      <4>[  254.193232]  #1: ffff88810f823288 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0xe7/0x1c0
      <4>[  254.193282]  #2: ffff888100cef3c0 (kn->active#285
      <7>[  254.192706] i915 0000:00:02.0: [drm:intel_modeset_setup_hw_state [i915]] [CRTC:51:pipe A] hw state readout: disabled
      <4>[  254.193307] ){.+.+}-{0:0}, at: kernfs_fop_write_iter+0xf0/0x1c0
      <4>[  254.193333]  #3: ffffffff82649fa8 (system_transition_mutex){+.+.}-{3:3}, at: pm_suspend.cold.8+0xce/0x34a
      <4>[  254.193387]  #4: ffffffff827a2108 (acpi_scan_lock){+.+.}-{3:3}, at: acpi_suspend_begin+0x47/0x70
      <4>[  254.193433]  #5: ffff8881019ea178 (&dev->mutex){....}-{3:3}, at: device_resume+0x68/0x1e0
      <4>[  254.193485]
                        stack backtrace:
      <4>[  254.193492] CPU: 1 PID: 5309 Comm: rtcwake Not tainted 5.12.0-rc1-CI-CI_DRM_9834+ #1
      <4>[  254.193514] Hardware name: Google Soraka/Soraka, BIOS MrChromebox-4.10 08/25/2019
      <4>[  254.193524] Call Trace:
      <4>[  254.193536]  dump_stack+0x7f/0xad
      <4>[  254.193567]  mark_lock.part.47+0x8ca/0xce0
      <4>[  254.193604]  __lock_acquire+0x39b/0x2590
      <4>[  254.193626]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
      <4>[  254.193660]  lock_acquire+0xd1/0x3d0
      <4>[  254.193677]  ? cmos_interrupt+0x18/0x100
      <4>[  254.193716]  _raw_spin_lock+0x2a/0x40
      <4>[  254.193735]  ? cmos_interrupt+0x18/0x100
      <4>[  254.193758]  cmos_interrupt+0x18/0x100
      <4>[  254.193785]  cmos_resume+0x2ac/0x2d0
      <4>[  254.193813]  ? acpi_pm_set_device_wakeup+0x1f/0x110
      <4>[  254.193842]  ? pnp_bus_suspend+0x10/0x10
      <4>[  254.193864]  pnp_bus_resume+0x5e/0x90
      <4>[  254.193885]  dpm_run_callback+0x5f/0x240
      <4>[  254.193914]  device_resume+0xb2/0x1e0
      <4>[  254.193942]  ? pm_dev_err+0x25/0x25
      <4>[  254.193974]  dpm_resume+0xea/0x3f0
      <4>[  254.194005]  dpm_resume_end+0x8/0x10
      <4>[  254.194030]  suspend_devices_and_enter+0x29b/0xaa0
      <4>[  254.194066]  pm_suspend.cold.8+0x301/0x34a
      <4>[  254.194094]  state_store+0x7b/0xe0
      <4>[  254.194124]  kernfs_fop_write_iter+0x11d/0x1c0
      <4>[  254.194151]  new_sync_write+0x11d/0x1b0
      <4>[  254.194183]  vfs_write+0x265/0x390
      <4>[  254.194207]  ksys_write+0x5a/0xd0
      <4>[  254.194232]  do_syscall_64+0x33/0x80
      <4>[  254.194251]  entry_SYSCALL_64_after_hwframe+0x44/0xae
      <4>[  254.194274] RIP: 0033:0x7f07d79691e7
      <4>[  254.194293] Code: 64 89 02 48 c7 c0 ff ff ff ff eb bb 0f 1f 80 00 00 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24
      <4>[  254.194312] RSP: 002b:00007ffd9cc2c768 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
      <4>[  254.194337] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f07d79691e7
      <4>[  254.194352] RDX: 0000000000000004 RSI: 0000556ebfc63590 RDI: 000000000000000b
      <4>[  254.194366] RBP: 0000556ebfc63590 R08: 0000000000000000 R09: 0000000000000004
      <4>[  254.194379] R10: 0000556ebf0ec2a6 R11: 0000000000000246 R12: 0000000000000004
      
      which breaks S3-resume on fi-kbl-soraka presumably as that's slow enough
      to trigger the alarm during the suspend.
      
      Fixes: 6950d046 ("rtc: cmos: Replace spin_lock_irqsave with spin_lock in hard IRQ")
      References: 66e4f4a9 ("rtc: cmos: Use spin_lock_irqsave() in cmos_interrupt()"):
      Signed-off-by: default avatarChris Wilson <chris@chris-wilson.co.uk>
      Cc: Xiaofei Tan <tanxiaofei@huawei.com>
      Cc: Alexandre Belloni <alexandre.belloni@bootlin.com>
      Cc: Alessandro Zummo <a.zummo@towertech.it>
      Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
      Reviewed-by: default avatarVille Syrjälä <ville.syrjala@linux.intel.com>
      Signed-off-by: default avatarAlexandre Belloni <alexandre.belloni@bootlin.com>
      Link: https://lore.kernel.org/r/20210305122140.28774-1-chris@chris-wilson.co.uk
      13be2efc
  5. 13 Sep, 2021 1 commit
    • Daniel Borkmann's avatar
      bpf, selftests: Add test case for mixed cgroup v1/v2 · 43d2b88c
      Daniel Borkmann authored
      Minimal selftest which implements a small BPF policy program to the
      connect(2) hook which rejects TCP connection requests to port 60123
      with EPERM. This is being attached to a non-root cgroup v2 path. The
      test asserts that this works under cgroup v2-only and under a mixed
      cgroup v1/v2 environment where net_classid is set in the former case.
      
      Before fix:
      
        # ./test_progs -t cgroup_v1v2
        test_cgroup_v1v2:PASS:server_fd 0 nsec
        test_cgroup_v1v2:PASS:client_fd 0 nsec
        test_cgroup_v1v2:PASS:cgroup_fd 0 nsec
        test_cgroup_v1v2:PASS:server_fd 0 nsec
        run_test:PASS:skel_open 0 nsec
        run_test:PASS:prog_attach 0 nsec
        test_cgroup_v1v2:PASS:cgroup-v2-only 0 nsec
        run_test:PASS:skel_open 0 nsec
        run_test:PASS:prog_attach 0 nsec
        run_test:PASS:join_classid 0 nsec
        (network_helpers.c:219: errno: None) Unexpected success to connect to server
        test_cgroup_v1v2:FAIL:cgroup-v1v2 unexpected error: -1 (errno 0)
        #27 cgroup_v1v2:FAIL
        Summary: 0/0 PASSED, 0 SKIPPED, 1 FAILED
      
      After fix:
      
        # ./test_progs -t cgroup_v1v2
        #27 cgroup_v1v2:OK
        Summary: 1/0 PASSED, 0 SKIPPED, 0 FAILED
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Acked-by: default avatarAndrii Nakryiko <andrii@kernel.org>
      Link: https://lore.kernel.org/bpf/20210913230759.2313-3-daniel@iogearbox.net
      43d2b88c