1. 09 May, 2021 8 commits
    • Linus Torvalds's avatar
      Merge tag 'drm-next-2021-05-10' of git://anongit.freedesktop.org/drm/drm · efc58a96
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Bit later than usual, I queued them all up on Friday then promptly
        forgot to write the pull request email. This is mainly amdgpu fixes,
        with some radeon/msm/fbdev and one i915 gvt fix thrown in.
      
        amdgpu:
         - MPO hang workaround
         - Fix for concurrent VM flushes on vega/navi
         - dcefclk is not adjustable on navi1x and newer
         - MST HPD debugfs fix
         - Suspend/resumes fixes
         - Register VGA clients late in case driver fails to load
         - Fix GEM leak in user framebuffer create
         - Add support for polaris12 with 32 bit memory interface
         - Fix duplicate cursor issue when using overlay
         - Fix corruption with tiled surfaces on VCN3
         - Add BO size and stride check to fix BO size verification
      
        radeon:
         - Fix off-by-one in power state parsing
         - Fix possible memory leak in power state parsing
      
        msm:
         - NULL ptr dereference fix
      
        fbdev:
         - procfs disabled warning fix
      
        i915:
         - gvt: Fix a possible division by zero in vgpu display rate
           calculation"
      
      * tag 'drm-next-2021-05-10' of git://anongit.freedesktop.org/drm/drm:
        drm/amdgpu: Use device specific BO size & stride check.
        drm/amdgpu: Init GFX10_ADDR_CONFIG for VCN v3 in DPG mode.
        drm/amd/pm: initialize variable
        drm/radeon: Avoid power table parsing memory leaks
        drm/radeon: Fix off-by-one power_state index heap overwrite
        drm/amd/display: Fix two cursor duplication when using overlay
        drm/amdgpu: add new MC firmware for Polaris12 32bit ASIC
        fbmem: Mark proc_fb_seq_ops as __maybe_unused
        drm/msm/dpu: Delete bonkers code
        drm/i915/gvt: Prevent divided by zero when calculating refresh rate
        amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create
        drm/amdgpu: Register VGA clients after init can no longer fail
        drm/amdgpu: Handling of amdgpu_device_resume return value for graceful teardown
        drm/amdgpu: fix r initial values
        drm/amd/display: fix wrong statement in mst hpd debugfs
        amdgpu/pm: set pp_dpm_dcefclk to readonly on NAVI10 and newer gpus
        amdgpu/pm: Prevent force of DCEFCLK on NAVI10 and SIENNA_CICHLID
        drm/amdgpu: fix concurrent VM flushes on Vega/Navi v2
        drm/amd/display: Reject non-zero src_y and src_x for video planes
      efc58a96
    • Linus Torvalds's avatar
      Merge tag 'block-5.13-2021-05-09' of git://git.kernel.dk/linux-block · 506c3079
      Linus Torvalds authored
      Pull block fix from Jens Axboe:
       "Turns out the bio max size change still has issues, so let's get it
        reverted for 5.13-rc1. We'll shake out the issues there and defer it
        to 5.14 instead"
      
      * tag 'block-5.13-2021-05-09' of git://git.kernel.dk/linux-block:
        Revert "bio: limit bio max size"
      506c3079
    • Linus Torvalds's avatar
      Merge tag '5.13-rc-smb3-part3' of git://git.samba.org/sfrench/cifs-2.6 · 0a55a1fb
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "Three small SMB3 chmultichannel related changesets (also for stable)
        from the SMB3 test event this week.
      
        The other fixes are still in review/testing"
      
      * tag '5.13-rc-smb3-part3' of git://git.samba.org/sfrench/cifs-2.6:
        smb3: if max_channels set to more than one channel request multichannel
        smb3: do not attempt multichannel to server which does not support it
        smb3: when mounting with multichannel include it in requested capabilities
      0a55a1fb
    • Linus Torvalds's avatar
      Merge tag 'sched-urgent-2021-05-09' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 9819f682
      Linus Torvalds authored
      Pull scheduler fixes from Thomas Gleixner:
       "A set of scheduler updates:
      
         - Prevent PSI state corruption when schedule() races with cgroup
           move.
      
           A recent commit combined two PSI callbacks to reduce the number of
           cgroup tree updates, but missed that schedule() can drop rq::lock
           for load balancing, which opens the race window for
           cgroup_move_task() which then observes half updated state.
      
           The fix is to solely use task::ps_flags instead of looking at the
           potentially mismatching scheduler state
      
         - Prevent an out-of-bounds access in uclamp caused bu a rounding
           division which can lead to an off-by-one error exceeding the
           buckets array size.
      
         - Prevent unfairness caused by missing load decay when a task is
           attached to a cfs runqueue.
      
           The old load of the task was attached to the runqueue and never
           removed. Fix it by enforcing the load update through the hierarchy
           for unthrottled run queue instances.
      
         - A documentation fix fot the 'sched_verbose' command line option"
      
      * tag 'sched-urgent-2021-05-09' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/fair: Fix unfairness caused by missing load decay
        sched: Fix out-of-bound access in uclamp
        psi: Fix psi state corruption when schedule() races with cgroup move
        sched,doc: sched_debug_verbose cmdline should be sched_verbose
      9819f682
    • Linus Torvalds's avatar
      Merge tag 'locking-urgent-2021-05-09' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 732a27a0
      Linus Torvalds authored
      Pull locking fixes from Thomas Gleixner:
       "A set of locking related fixes and updates:
      
         - Two fixes for the futex syscall related to the timeout handling.
      
           FUTEX_LOCK_PI does not support the FUTEX_CLOCK_REALTIME bit and
           because it's not set the time namespace adjustment for clock
           MONOTONIC is applied wrongly.
      
           FUTEX_WAIT cannot support the FUTEX_CLOCK_REALTIME bit because its
           always a relative timeout.
      
         - Cleanups in the futex syscall entry points which became obvious
           when the two timeout handling bugs were fixed.
      
         - Cleanup of queued_write_lock_slowpath() as suggested by Linus
      
         - Fixup of the smp_call_function_single_async() prototype"
      
      * tag 'locking-urgent-2021-05-09' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        futex: Make syscall entry points less convoluted
        futex: Get rid of the val2 conditional dance
        futex: Do not apply time namespace adjustment on FUTEX_LOCK_PI
        Revert 337f1304 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op")
        locking/qrwlock: Cleanup queued_write_lock_slowpath()
        smp: Fix smp_call_function_single_async prototype
      732a27a0
    • Linus Torvalds's avatar
      Merge tag 'perf_urgent_for_v5.13_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 85bbba1c
      Linus Torvalds authored
      Pull x86 perf fix from Borislav Petkov:
       "Handle power-gating of AMD IOMMU perf counters properly when they are
        used"
      
      * tag 'perf_urgent_for_v5.13_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/events/amd/iommu: Fix invalid Perf result due to IOMMU PMC power-gating
      85bbba1c
    • Linus Torvalds's avatar
      Merge tag 'x86_urgent_for_v5.13_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · dd3e4012
      Linus Torvalds authored
      Pull x86 fixes from Borislav Petkov:
       "A bunch of things accumulated for x86 in the last two weeks:
      
         - Fix guest vtime accounting so that ticks happening while the guest
           is running can also be accounted to it. Along with a consolidation
           to the guest-specific context tracking helpers.
      
         - Provide for the host NMI handler running after a VMX VMEXIT to be
           able to run on the kernel stack correctly.
      
         - Initialize MSR_TSC_AUX when RDPID is supported and not RDTSCP (virt
           relevant - real hw supports both)
      
         - A code generation improvement to TASK_SIZE_MAX through the use of
           alternatives
      
         - The usual misc and related cleanups and improvements"
      
      * tag 'x86_urgent_for_v5.13_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        KVM: x86: Consolidate guest enter/exit logic to common helpers
        context_tracking: KVM: Move guest enter/exit wrappers to KVM's domain
        context_tracking: Consolidate guest enter/exit wrappers
        sched/vtime: Move guest enter/exit vtime accounting to vtime.h
        sched/vtime: Move vtime accounting external declarations above inlines
        KVM: x86: Defer vtime accounting 'til after IRQ handling
        context_tracking: Move guest exit vtime accounting to separate helpers
        context_tracking: Move guest exit context tracking to separate helpers
        KVM/VMX: Invoke NMI non-IST entry instead of IST entry
        x86/cpu: Remove write_tsc() and write_rdtscp_aux() wrappers
        x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported
        x86/resctrl: Fix init const confusion
        x86: Delete UD0, UD1 traces
        x86/smpboot: Remove duplicate includes
        x86/cpu: Use alternative to generate the TASK_SIZE_MAX constant
      dd3e4012
    • Jens Axboe's avatar
      Revert "bio: limit bio max size" · 35c820e7
      Jens Axboe authored
      This reverts commit cd2c7545.
      
      Alex reports that the commit causes corruption with LUKS on ext4. Revert
      it for now so that this can be investigated properly.
      
      Link: https://lore.kernel.org/linux-block/1620493841.bxdq8r5haw.none@localhost/Reported-by: default avatarAlex Xu (Hello71) <alex_y_xu@yahoo.ca>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      35c820e7
  2. 08 May, 2021 11 commits
    • Linus Torvalds's avatar
      Merge tag 'riscv-for-linus-5.13-mw1' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · b7415964
      Linus Torvalds authored
      Pull RISC-V fixes from Palmer Dabbelt:
      
       - A fix to avoid over-allocating the kernel's mapping on !MMU systems,
         which could lead to up to 2MiB of lost memory
      
       - The SiFive address extension errata only manifest on rv64, they are
         now disabled on rv32 where they are unnecessary
      
       - A pair of late-landing cleanups
      
      * tag 'riscv-for-linus-5.13-mw1' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
        riscv: remove unused handle_exception symbol
        riscv: Consistify protect_kernel_linear_mapping_text_rodata() use
        riscv: enable SiFive errata CIP-453 and CIP-1200 Kconfig only if CONFIG_64BIT=y
        riscv: Only extend kernel reservation if mapped read-only
      b7415964
    • Linus Torvalds's avatar
      drm/i915/display: fix compiler warning about array overrun · fec4d427
      Linus Torvalds authored
      intel_dp_check_mst_status() uses a 14-byte array to read the DPRX Event
      Status Indicator data, but then passes that buffer at offset 10 off as
      an argument to drm_dp_channel_eq_ok().
      
      End result: there are only 4 bytes remaining of the buffer, yet
      drm_dp_channel_eq_ok() wants a 6-byte buffer.  gcc-11 correctly warns
      about this case:
      
        drivers/gpu/drm/i915/display/intel_dp.c: In function ‘intel_dp_check_mst_status’:
        drivers/gpu/drm/i915/display/intel_dp.c:3491:22: warning: ‘drm_dp_channel_eq_ok’ reading 6 bytes from a region of size 4 [-Wstringop-overread]
         3491 |                     !drm_dp_channel_eq_ok(&esi[10], intel_dp->lane_count)) {
              |                      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        drivers/gpu/drm/i915/display/intel_dp.c:3491:22: note: referencing argument 1 of type ‘const u8 *’ {aka ‘const unsigned char *’}
        In file included from drivers/gpu/drm/i915/display/intel_dp.c:38:
        include/drm/drm_dp_helper.h:1466:6: note: in a call to function ‘drm_dp_channel_eq_ok’
         1466 | bool drm_dp_channel_eq_ok(const u8 link_status[DP_LINK_STATUS_SIZE],
              |      ^~~~~~~~~~~~~~~~~~~~
             6:14 elapsed
      
      This commit just extends the original array by 2 zero-initialized bytes,
      avoiding the warning.
      
      There may be some underlying bug in here that caused this confusion, but
      this is at least no worse than the existing situation that could use
      random data off the stack.
      
      Cc: Jani Nikula <jani.nikula@intel.com>
      Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
      Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
      Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
      Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
      Cc: Dave Airlie <airlied@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      fec4d427
    • Linus Torvalds's avatar
      Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 07db0563
      Linus Torvalds authored
      Pull more SCSI updates from James Bottomley:
       "This is a set of minor fixes in various drivers (qla2xxx, ufs,
        scsi_debug, lpfc) one doc fix and a fairly large update to the fnic
        driver to remove the open coded iteration functions in favour of the
        scsi provided ones"
      
      * tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: fnic: Use scsi_host_busy_iter() to traverse commands
        scsi: fnic: Kill 'exclude_id' argument to fnic_cleanup_io()
        scsi: scsi_debug: Fix cmd_per_lun, set to max_queue
        scsi: ufs: core: Narrow down fast path in system suspend path
        scsi: ufs: core: Cancel rpm_dev_flush_recheck_work during system suspend
        scsi: ufs: core: Do not put UFS power into LPM if link is broken
        scsi: qla2xxx: Prevent PRLI in target mode
        scsi: qla2xxx: Add marginal path handling support
        scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not found
        scsi: ufs: core: Fix a typo in ufs-sysfs.c
        scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command
        scsi: lpfc: Fix DMA virtual address ptr assignment in bsg
        scsi: lpfc: Fix illegal memory access on Abort IOCBs
        scsi: blk-mq: Fix build warning when making htmldocs
      07db0563
    • Linus Torvalds's avatar
      Merge tag 'kbuild-v5.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild · 0f979d81
      Linus Torvalds authored
      Pull more Kbuild updates from Masahiro Yamada:
      
       - Convert sh and sparc to use generic shell scripts to generate the
         syscall headers
      
       - refactor .gitignore files
      
       - Update kernel/config_data.gz only when the content of the .config
         is really changed, which avoids the unneeded re-link of vmlinux
      
       - move "remove stale files" workarounds to scripts/remove-stale-files
      
       - suppress unused-but-set-variable warnings by default for Clang
         as well
      
       - fix locale setting LANG=C to LC_ALL=C
      
       - improve 'make distclean'
      
       - always keep intermediate objects from scripts/link-vmlinux.sh
      
       - move IF_ENABLED out of <linux/kconfig.h> to make it self-contained
      
       - misc cleanups
      
      * tag 'kbuild-v5.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: (25 commits)
        linux/kconfig.h: replace IF_ENABLED() with PTR_IF() in <linux/kernel.h>
        kbuild: Don't remove link-vmlinux temporary files on exit/signal
        kbuild: remove the unneeded comments for external module builds
        kbuild: make distclean remove tag files in sub-directories
        kbuild: make distclean work against $(objtree) instead of $(srctree)
        kbuild: refactor modname-multi by using suffix-search
        kbuild: refactor fdtoverlay rule
        kbuild: parameterize the .o part of suffix-search
        arch: use cross_compiling to check whether it is a cross build or not
        kbuild: remove ARCH=sh64 support from top Makefile
        .gitignore: prefix local generated files with a slash
        kbuild: replace LANG=C with LC_ALL=C
        Makefile: Move -Wno-unused-but-set-variable out of GCC only block
        kbuild: add a script to remove stale generated files
        kbuild: update config_data.gz only when the content of .config is changed
        .gitignore: ignore only top-level modules.builtin
        .gitignore: move tags and TAGS close to other tag files
        kernel/.gitgnore: remove stale timeconst.h and hz.bc
        usr/include: refactor .gitignore
        genksyms: fix stale comment
        ...
      0f979d81
    • Steve French's avatar
      smb3: if max_channels set to more than one channel request multichannel · c1f8a398
      Steve French authored
      Mounting with "multichannel" is obviously implied if user requested
      more than one channel on mount (ie mount parm max_channels>1).
      Currently both have to be specified. Fix that so that if max_channels
      is greater than 1 on mount, enable multichannel rather than silently
      falling back to non-multichannel.
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      Reviewed-By: default avatarTom Talpey <tom@talpey.com>
      Cc: <stable@vger.kernel.org> # v5.11+
      Reviewed-by: default avatarShyam Prasad N <sprasad@microsoft.com>
      c1f8a398
    • Steve French's avatar
      smb3: do not attempt multichannel to server which does not support it · 9c2dc11d
      Steve French authored
      We were ignoring CAP_MULTI_CHANNEL in the server response - if the
      server doesn't support multichannel we should not be attempting it.
      
      See MS-SMB2 section 3.2.5.2
      Reviewed-by: default avatarShyam Prasad N <sprasad@microsoft.com>
      Reviewed-By: default avatarTom Talpey <tom@talpey.com>
      Cc: <stable@vger.kernel.org> # v5.8+
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      9c2dc11d
    • Linus Torvalds's avatar
      Merge tag 'powerpc-5.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · ab159ac5
      Linus Torvalds authored
      Pull powerpc updates and fixes from Michael Ellerman:
       "A bit of a mixture of things, tying up some loose ends.
      
        There's the removal of the nvlink code, which dependend on a commit in
        the vfio tree. Then the enablement of huge vmalloc which was in next
        for a few weeks but got dropped due to conflicts. And there's also a
        few fixes.
      
        Summary:
      
         - Remove the nvlink support now that it's only user has been removed.
      
         - Enable huge vmalloc mappings for Radix MMU (P9).
      
         - Fix KVM conversion to gfn-based MMU notifier callbacks.
      
         - Fix a kexec/kdump crash with hot plugged CPUs.
      
         - Fix boot failure on 32-bit with CONFIG_STACKPROTECTOR.
      
         - Restore alphabetic order of the selects under CONFIG_PPC.
      
        Thanks to: Christophe Leroy, Christoph Hellwig, Nicholas Piggin,
        Sandipan Das, and Sourabh Jain"
      
      * tag 'powerpc-5.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        KVM: PPC: Book3S HV: Fix conversion to gfn-based MMU notifier callbacks
        powerpc/kconfig: Restore alphabetic order of the selects under CONFIG_PPC
        powerpc/32: Fix boot failure with CONFIG_STACKPROTECTOR
        powerpc/powernv/memtrace: Fix dcache flushing
        powerpc/kexec_file: Use current CPU info while setting up FDT
        powerpc/64s/radix: Enable huge vmalloc mappings
        powerpc/powernv: remove the nvlink support
      ab159ac5
    • Steve French's avatar
      smb3: when mounting with multichannel include it in requested capabilities · 679971e7
      Steve French authored
      In the SMB3/SMB3.1.1 negotiate protocol request, we are supposed to
      advertise CAP_MULTICHANNEL capability when establishing multiple
      channels has been requested by the user doing the mount. See MS-SMB2
      sections 2.2.3 and 3.2.5.2
      
      Without setting it there is some risk that multichannel could fail
      if the server interpreted the field strictly.
      Reviewed-By: default avatarTom Talpey <tom@talpey.com>
      Reviewed-by: default avatarShyam Prasad N <sprasad@microsoft.com>
      Cc: <stable@vger.kernel.org> # v5.8+
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      679971e7
    • Linus Torvalds's avatar
      Merge tag 'net-5.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · fc858a52
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Networking fixes for 5.13-rc1, including fixes from bpf, can and
        netfilter trees. Self-contained fixes, nothing risky.
      
        Current release - new code bugs:
      
         - dsa: ksz: fix a few bugs found by static-checker in the new driver
      
         - stmmac: fix frame preemption handshake not triggering after
           interface restart
      
        Previous releases - regressions:
      
         - make nla_strcmp handle more then one trailing null character
      
         - fix stack OOB reads while fragmenting IPv4 packets in openvswitch
           and net/sched
      
         - sctp: do asoc update earlier in sctp_sf_do_dupcook_a
      
         - sctp: delay auto_asconf init until binding the first addr
      
         - stmmac: clear receive all(RA) bit when promiscuous mode is off
      
         - can: mcp251x: fix resume from sleep before interface was brought up
      
        Previous releases - always broken:
      
         - bpf: fix leakage of uninitialized bpf stack under speculation
      
         - bpf: fix masking negation logic upon negative dst register
      
         - netfilter: don't assume that skb_header_pointer() will never fail
      
         - only allow init netns to set default tcp cong to a restricted algo
      
         - xsk: fix xp_aligned_validate_desc() when len == chunk_size to avoid
           false positive errors
      
         - ethtool: fix missing NLM_F_MULTI flag when dumping
      
         - can: m_can: m_can_tx_work_queue(): fix tx_skb race condition
      
         - sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b
      
         - bridge: fix NULL-deref caused by a races between assigning
           rx_handler_data and setting the IFF_BRIDGE_PORT bit
      
        Latecomer:
      
         - seg6: add counters support for SRv6 Behaviors"
      
      * tag 'net-5.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (73 commits)
        atm: firestream: Use fallthrough pseudo-keyword
        net: stmmac: Do not enable RX FIFO overflow interrupts
        mptcp: fix splat when closing unaccepted socket
        i40e: Remove LLDP frame filters
        i40e: Fix PHY type identifiers for 2.5G and 5G adapters
        i40e: fix the restart auto-negotiation after FEC modified
        i40e: Fix use-after-free in i40e_client_subtask()
        i40e: fix broken XDP support
        netfilter: nftables: avoid potential overflows on 32bit arches
        netfilter: nftables: avoid overflows in nft_hash_buckets()
        tcp: Specify cmsgbuf is user pointer for receive zerocopy.
        mlxsw: spectrum_mr: Update egress RIF list before route's action
        net: ipa: fix inter-EE IRQ register definitions
        can: m_can: m_can_tx_work_queue(): fix tx_skb race condition
        can: mcp251x: fix resume from sleep before interface was brought up
        can: mcp251xfd: mcp251xfd_probe(): add missing can_rx_offload_del() in error path
        can: mcp251xfd: mcp251xfd_probe(): fix an error pointer dereference in probe
        netfilter: nftables: Fix a memleak from userdata error path in new objects
        netfilter: remove BUG_ON() after skb_header_pointer()
        netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check
        ...
      fc858a52
    • Masahiro Yamada's avatar
      linux/kconfig.h: replace IF_ENABLED() with PTR_IF() in <linux/kernel.h> · 0ab1438b
      Masahiro Yamada authored
      <linux/kconfig.h> is included from all the kernel-space source files,
      including C, assembly, linker scripts. It is intended to contain a
      minimal set of macros to evaluate CONFIG options.
      
      IF_ENABLED() is an intruder here because (x ? y : z) is C code, which
      should not be included from assembly files or linker scripts.
      
      Also, <linux/kconfig.h> is no longer self-contained because NULL is
      defined in <linux/stddef.h>.
      
      Move IF_ENABLED() out to <linux/kernel.h> as PTR_IF(). PTF_IF()
      takes the general boolean expression instead of a CONFIG option
      so that it fits better in <linux/kernel.h>.
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      Reviewed-by: default avatarKees Cook <keescook@chromium.org>
      0ab1438b
    • Michael Ellerman's avatar
      Merge branch 'master' into next · f96271ce
      Michael Ellerman authored
      Merge master back into next, this allows us to resolve some conflicts in
      arch/powerpc/Kconfig, and also re-sort the symbols under config PPC so
      that they are in alphabetical order again.
      f96271ce
  3. 07 May, 2021 21 commits
    • Jakub Kicinski's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · 55bc1af3
      Jakub Kicinski authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      1) Add SECMARK revision 1 to fix incorrect layout that prevents
         from remove rule with this target, from Phil Sutter.
      
      2) Fix pernet exit path spat in arptables, from Florian Westphal.
      
      3) Missing rcu_read_unlock() for unknown nfnetlink callbacks,
         reported by syzbot, from Eric Dumazet.
      
      4) Missing check for skb_header_pointer() NULL pointer in
         nfnetlink_osf.
      
      5) Remove BUG_ON() after skb_header_pointer() from packet path
         in several conntrack helper and the TCP tracker.
      
      6) Fix memleak in the new object error path of userdata.
      
      7) Avoid overflows in nft_hash_buckets(), reported by syzbot,
         also from Eric.
      
      8) Avoid overflows in 32bit arches, from Eric.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf:
        netfilter: nftables: avoid potential overflows on 32bit arches
        netfilter: nftables: avoid overflows in nft_hash_buckets()
        netfilter: nftables: Fix a memleak from userdata error path in new objects
        netfilter: remove BUG_ON() after skb_header_pointer()
        netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check
        netfilter: nfnetlink: add a missing rcu_read_unlock()
        netfilter: arptables: use pernet ops struct during unregister
        netfilter: xt_SECMARK: add new revision to fix structure layout
      ====================
      
      Link: https://lore.kernel.org/r/20210507174739.1850-1-pablo@netfilter.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      55bc1af3
    • Jakub Kicinski's avatar
      Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue · e4d4a272
      Jakub Kicinski authored
      Nguyen, Anthony L says:
      
      ====================
      Intel Wired LAN Driver Updates 2021-05-07
      
      This series contains updates to i40e driver only.
      
      Magnus fixes XDP by adding and correcting checks that were caused by a
      previous commit which introduced a new variable but did not account for
      it in all paths.
      
      Yunjian Wang adds a return in an error path to prevent reading a freed
      pointer.
      
      Jaroslaw forces link reset when changing FEC so that changes take
      affect.
      
      Mateusz fixes PHY types for 2.5G and 5G as there is a differentiation on
      PHY identifiers based on operation.
      
      Arkadiusz removes filtering of LLDP frames for software DCB as this is
      preventing them from being properly transmitted.
      
      * '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue:
        i40e: Remove LLDP frame filters
        i40e: Fix PHY type identifiers for 2.5G and 5G adapters
        i40e: fix the restart auto-negotiation after FEC modified
        i40e: Fix use-after-free in i40e_client_subtask()
        i40e: fix broken XDP support
      ====================
      
      Link: https://lore.kernel.org/r/20210507164151.2878147-1-anthony.l.nguyen@intel.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      e4d4a272
    • Wei Ming Chen's avatar
    • Yannick Vignon's avatar
      net: stmmac: Do not enable RX FIFO overflow interrupts · 8a7cb245
      Yannick Vignon authored
      The RX FIFO overflows when the system is not able to process all received
      packets and they start accumulating (first in the DMA queue in memory,
      then in the FIFO). An interrupt is then raised for each overflowing packet
      and handled in stmmac_interrupt(). This is counter-productive, since it
      brings the system (or more likely, one CPU core) to its knees to process
      the FIFO overflow interrupts.
      
      stmmac_interrupt() handles overflow interrupts by writing the rx tail ptr
      into the corresponding hardware register (according to the MAC spec, this
      has the effect of restarting the MAC DMA). However, without freeing any rx
      descriptors, the DMA stops right away, and another overflow interrupt is
      raised as the FIFO overflows again. Since the DMA is already restarted at
      the end of stmmac_rx_refill() after freeing descriptors, disabling FIFO
      overflow interrupts and the corresponding handling code has no side effect,
      and eliminates the interrupt storm when the RX FIFO overflows.
      Signed-off-by: default avatarYannick Vignon <yannick.vignon@nxp.com>
      Link: https://lore.kernel.org/r/20210506143312.20784-1-yannick.vignon@oss.nxp.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      8a7cb245
    • Paolo Abeni's avatar
      mptcp: fix splat when closing unaccepted socket · 578c18ef
      Paolo Abeni authored
      If userspace exits before calling accept() on a listener that had at least
      one new connection ready, we get:
      
         Attempt to release TCP socket in state 8
      
      This happens because the mptcp socket gets cloned when the TCP connection
      is ready, but the socket is never exposed to userspace.
      
      The client additionally sends a DATA_FIN, which brings connection into
      CLOSE_WAIT state.  This in turn prevents the orphan+state reset fixup
      in mptcp_sock_destruct() from doing its job.
      
      Fixes: 3721b9b6 ("mptcp: Track received DATA_FIN sequence number and add related helpers")
      Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/185Tested-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: default avatarMat Martineau <mathew.j.martineau@linux.intel.com>
      Link: https://lore.kernel.org/r/20210507001638.225468-1-mathew.j.martineau@linux.intel.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      578c18ef
    • Linus Torvalds's avatar
      Merge tag 'tag-chrome-platform-for-v5.13' of... · dd860052
      Linus Torvalds authored
      Merge tag 'tag-chrome-platform-for-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux
      
      Pull chrome platform updates from Benson Leung:
       "cros_ec_typec:
      
         - Changes around DP mode check, hard reset, tracking port change.
      
        cros_ec misc:
      
         - wilco_ec: Convert stream-like files from nonseekable to stream open
      
         - cros_usbpd_notify: Listen to EC_HSOT_EVENT_USB_MUX host event
      
         - fix format warning in cros_ec_typec"
      
      * tag 'tag-chrome-platform-for-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux:
        platform/chrome: cros_ec_lpc: Use DEFINE_MUTEX() for mutex lock
        platform/chrome: cros_usbpd_notify: Listen to EC_HOST_EVENT_USB_MUX host event
        platform/chrome: cros_ec_typec: Add DP mode check
        platform/chrome: cros_ec_typec: Handle hard reset
        platform/chrome: cros_ec: Add Type C hard reset
        platform/chrome: cros_ec_typec: Track port role
        platform/chrome: cros_ec_typec: fix clang -Wformat warning
        platform/chrome: cros_ec_typec: Check for device within remove function
        platform/chrome: wilco_ec: convert stream-like files from nonseekable_open -> stream_open
      dd860052
    • Linus Torvalds's avatar
      Merge tag 'i3c/for-5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/i3c/linux · 1ad77a05
      Linus Torvalds authored
      Pull i3cupdates from Alexandre Belloni:
       "Fix i3c_master_register error path"
      
      * tag 'i3c/for-5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/i3c/linux:
        Revert "i3c master: fix missing destroy_workqueue() on error in i3c_master_register"
        dt-bindings: i3c: Fix silvaco,i3c-master-v1 compatible string
        i3c: master: svc: remove redundant assignment to cmd->read_len
      1ad77a05
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 51595e3b
      Linus Torvalds authored
      Pull more arm64 updates from Catalin Marinas:
       "A mix of fixes and clean-ups that turned up too late for the first
        pull request:
      
         - Restore terminal stack frame records. Their previous removal caused
           traces which cross secondary_start_kernel to terminate one entry
           too late, with a spurious "0" entry.
      
         - Fix boot warning with pseudo-NMI due to the way we manipulate the
           PMR register.
      
         - ACPI fixes: avoid corruption of interrupt mappings on watchdog
           probe failure (GTDT), prevent unregistering of GIC SGIs.
      
         - Force SPARSEMEM_VMEMMAP as the only memory model, it saves with
           having to test all the other combinations.
      
         - Documentation fixes and updates: tagged address ABI exceptions on
           brk/mmap/mremap(), event stream frequency, update booting
           requirements on the configuration of traps"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: kernel: Update the stale comment
        arm64: Fix the documented event stream frequency
        arm64: entry: always set GIC_PRIO_PSR_I_SET during entry
        arm64: Explicitly document boot requirements for SVE
        arm64: Explicitly require that FPSIMD instructions do not trap
        arm64: Relax booting requirements for configuration of traps
        arm64: cpufeatures: use min and max
        arm64: stacktrace: restore terminal records
        arm64/vdso: Discard .note.gnu.property sections in vDSO
        arm64: doc: Add brk/mmap/mremap() to the Tagged Address ABI Exceptions
        psci: Remove unneeded semicolon
        ACPI: irq: Prevent unregistering of GIC SGIs
        ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure
        arm64: Show three registers per line
        arm64: remove HAVE_DEBUG_BUGVERBOSE
        arm64: alternative: simplify passing alt_region
        arm64: Force SPARSEMEM_VMEMMAP as the only memory management model
        arm64: vdso32: drop -no-integrated-as flag
      51595e3b
    • Linus Torvalds's avatar
      Merge tag 'sound-fix-5.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 2059c40a
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "Just a few device-specific HD-audio and USB-audio fixes"
      
      * tag 'sound-fix-5.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
        ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP
        ALSA: hda/realtek: Add fixup for HP OMEN laptop
        ALSA: hda/realtek: Fix speaker amp on HP Envy AiO 32
        ALSA: hda/realtek: Fix silent headphone output on ASUS UX430UA
        ALSA: usb-audio: Add dB range mapping for Sennheiser Communications Headset PC 8
        ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable
      2059c40a
    • Linus Torvalds's avatar
      Merge tag 'block-5.13-2021-05-07' of git://git.kernel.dk/linux-block · bd313968
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - dasd spelling fixes (Bhaskar)
      
       - Limit bio max size on multi-page bvecs to the hardware limit, to
         avoid overly large bio's (and hence latencies). Originally queued for
         the merge window, but needed a fix and was dropped from the initial
         pull (Changheun)
      
       - NVMe pull request (Christoph):
            - reset the bdev to ns head when failover (Daniel Wagner)
            - remove unsupported command noise (Keith Busch)
            - misc passthrough improvements (Kanchan Joshi)
            - fix controller ioctl through ns_head (Minwoo Im)
            - fix controller timeouts during reset (Tao Chiu)
      
       - rnbd fixes/cleanups (Gioh, Md, Dima)
      
       - Fix iov_iter re-expansion (yangerkun)
      
      * tag 'block-5.13-2021-05-07' of git://git.kernel.dk/linux-block:
        block: reexpand iov_iter after read/write
        nvmet: remove unsupported command noise
        nvme-multipath: reset bdev to ns head when failover
        nvme-pci: fix controller reset hang when racing with nvme_timeout
        nvme: move the fabrics queue ready check routines to core
        nvme: avoid memset for passthrough requests
        nvme: add nvme_get_ns helper
        nvme: fix controller ioctl through ns_head
        bio: limit bio max size
        RDMA/rtrs: fix uninitialized symbol 'cnt'
        s390: dasd: Mundane spelling fixes
        block/rnbd: Remove all likely and unlikely
        block/rnbd-clt: Check the return value of the function rtrs_clt_query
        block/rnbd: Fix style issues
        block/rnbd-clt: Change queue_depth type in rnbd_clt_session to size_t
      bd313968
    • Linus Torvalds's avatar
      Merge tag 'io_uring-5.13-2021-05-07' of git://git.kernel.dk/linux-block · 28b4afeb
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
       "Mostly fixes for merge window merged code. In detail:
      
         - Error case memory leak fixes (Colin, Zqiang)
      
         - Add the tools/io_uring/ to the list of maintained files (Lukas)
      
         - Set of fixes for the modified buffer registration API (Pavel)
      
         - Sanitize io thread setup on x86 (Stefan)
      
         - Ensure we truncate transfer count for registered buffers (Thadeu)"
      
      * tag 'io_uring-5.13-2021-05-07' of git://git.kernel.dk/linux-block:
        x86/process: setup io_threads more like normal user space threads
        MAINTAINERS: add io_uring tool to IO_URING
        io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers
        io_uring: Fix memory leak in io_sqe_buffers_register()
        io_uring: Fix premature return from loop and memory leak
        io_uring: fix unchecked error in switch_start()
        io_uring: allow empty slots for reg buffers
        io_uring: add more build check for uapi
        io_uring: dont overlap internal and user req flags
        io_uring: fix drain with rsrc CQEs
      28b4afeb
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-5.13-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs · a647034f
      Linus Torvalds authored
      Pull NFS client updates from Trond Myklebust:
       "Highlights include:
      
        Stable fixes:
      
         - Add validation of the UDP retrans parameter to prevent shift
           out-of-bounds
      
         - Don't discard pNFS layout segments that are marked for return
      
        Bugfixes:
      
         - Fix a NULL dereference crash in xprt_complete_bc_request() when the
           NFSv4.1 server misbehaves.
      
         - Fix the handling of NFS READDIR cookie verifiers
      
         - Sundry fixes to ensure attribute revalidation works correctly when
           the server does not return post-op attributes.
      
         - nfs4_bitmask_adjust() must not change the server global bitmasks
      
         - Fix major timeout handling in the RPC code.
      
         - NFSv4.2 fallocate() fixes.
      
         - Fix the NFSv4.2 SEEK_HOLE/SEEK_DATA end-of-file handling
      
         - Copy offload attribute revalidation fixes
      
         - Fix an incorrect filehandle size check in the pNFS flexfiles driver
      
         - Fix several RDMA transport setup/teardown races
      
         - Fix several RDMA queue wrapping issues
      
         - Fix a misplaced memory read barrier in sunrpc's call_decode()
      
        Features:
      
         - Micro optimisation of the TCP transmission queue using TCP_CORK
      
         - statx() performance improvements by further splitting up the
           tracking of invalid cached file metadata.
      
         - Support the NFSv4.2 'change_attr_type' attribute and use it to
           optimise handling of change attribute updates"
      
      * tag 'nfs-for-5.13-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: (85 commits)
        xprtrdma: Fix a NULL dereference in frwr_unmap_sync()
        sunrpc: Fix misplaced barrier in call_decode
        NFSv4.2: Remove ifdef CONFIG_NFSD from NFSv4.2 client SSC code.
        xprtrdma: Move fr_mr field to struct rpcrdma_mr
        xprtrdma: Move the Work Request union to struct rpcrdma_mr
        xprtrdma: Move fr_linv_done field to struct rpcrdma_mr
        xprtrdma: Move cqe to struct rpcrdma_mr
        xprtrdma: Move fr_cid to struct rpcrdma_mr
        xprtrdma: Remove the RPC/RDMA QP event handler
        xprtrdma: Don't display r_xprt memory addresses in tracepoints
        xprtrdma: Add an rpcrdma_mr_completion_class
        xprtrdma: Add tracepoints showing FastReg WRs and remote invalidation
        xprtrdma: Avoid Send Queue wrapping
        xprtrdma: Do not wake RPC consumer on a failed LocalInv
        xprtrdma: Do not recycle MR after FastReg/LocalInv flushes
        xprtrdma: Clarify use of barrier in frwr_wc_localinv_done()
        xprtrdma: Rename frwr_release_mr()
        xprtrdma: rpcrdma_mr_pop() already does list_del_init()
        xprtrdma: Delete rpcrdma_recv_buffer_put()
        xprtrdma: Fix cwnd update ordering
        ...
      a647034f
    • Linus Torvalds's avatar
      Merge tag '9p-for-5.13-rc1' of git://github.com/martinetd/linux · e22e9832
      Linus Torvalds authored
      Pull 9p updates from Dominique Martinet:
       "An error handling fix and constification"
      
      * tag '9p-for-5.13-rc1' of git://github.com/martinetd/linux:
        fs: 9p: fix v9fs_file_open writeback fid error check
        9p: Constify static struct v9fs_attr_group
      e22e9832
    • Arkadiusz Kubalewski's avatar
      i40e: Remove LLDP frame filters · 8085a36d
      Arkadiusz Kubalewski authored
      Remove filters from being setup in case of software DCB and allow the
      LLDP frames to be properly transmitted to the wire.
      
      It is not possible to transmit the LLDP frame out of the port, if they
      are filtered by control VSI. This prohibits software LLDP agent
      properly communicate its DCB capabilities to the neighbors.
      
      Fixes: 4b208eaa ("i40e: Add init and default config of software based DCB")
      Signed-off-by: default avatarArkadiusz Kubalewski <arkadiusz.kubalewski@intel.com>
      Tested-by: default avatarImam Hassan Reza Biswas <imam.hassan.reza.biswas@intel.com>
      Signed-off-by: default avatarTony Nguyen <anthony.l.nguyen@intel.com>
      8085a36d
    • Mateusz Palczewski's avatar
      i40e: Fix PHY type identifiers for 2.5G and 5G adapters · 15395ec4
      Mateusz Palczewski authored
      Unlike other supported adapters, 2.5G and 5G use different
      PHY type identifiers for reading/writing PHY settings
      and for reading link status. This commit introduces
      separate PHY identifiers for these two operation types.
      
      Fixes: 2e45d3f4 ("i40e: Add support for X710 B/P & SFP+ cards")
      Signed-off-by: default avatarDawid Lukwinski <dawid.lukwinski@intel.com>
      Signed-off-by: default avatarMateusz Palczewski <mateusz.palczewski@intel.com>
      Reviewed-by: default avatarAleksandr Loktionov <aleksandr.loktionov@intel.com>
      Tested-by: default avatarDave Switzer <david.switzer@intel.com>
      Signed-off-by: default avatarTony Nguyen <anthony.l.nguyen@intel.com>
      15395ec4
    • Jaroslaw Gawin's avatar
      i40e: fix the restart auto-negotiation after FEC modified · 61343e6d
      Jaroslaw Gawin authored
      When FEC mode was changed the link didn't know it because
      the link was not reset and new parameters were not negotiated.
      Set a flag 'I40E_AQ_PHY_ENABLE_ATOMIC_LINK' in 'abilities'
      to restart the link and make it run with the new settings.
      
      Fixes: 1d963401 ("i40e: Add support FEC configuration for Fortville 25G")
      Signed-off-by: default avatarJaroslaw Gawin <jaroslawx.gawin@intel.com>
      Signed-off-by: default avatarMateusz Palczewski <mateusz.palczewski@intel.com>
      Tested-by: default avatarDave Switzer <david.switzer@intel.com>
      Signed-off-by: default avatarTony Nguyen <anthony.l.nguyen@intel.com>
      61343e6d
    • Yunjian Wang's avatar
      i40e: Fix use-after-free in i40e_client_subtask() · 38318f23
      Yunjian Wang authored
      Currently the call to i40e_client_del_instance frees the object
      pf->cinst, however pf->cinst->lan_info is being accessed after
      the free. Fix this by adding the missing return.
      
      Addresses-Coverity: ("Read from pointer after free")
      Fixes: 7b0b1a6d ("i40e: Disable iWARP VSI PETCP_ENA flag on netdev down events")
      Signed-off-by: default avatarYunjian Wang <wangyunjian@huawei.com>
      Signed-off-by: default avatarTony Nguyen <anthony.l.nguyen@intel.com>
      38318f23
    • Magnus Karlsson's avatar
      i40e: fix broken XDP support · ae4393df
      Magnus Karlsson authored
      Commit 12738ac4 ("i40e: Fix sparse errors in i40e_txrx.c") broke
      XDP support in the i40e driver. That commit was fixing a sparse error
      in the code by introducing a new variable xdp_res instead of
      overloading this into the skb pointer. The problem is that the code
      later uses the skb pointer in if statements and these where not
      extended to also test for the new xdp_res variable. Fix this by adding
      the correct tests for xdp_res in these places.
      
      The skb pointer was used to store the result of the XDP program by
      overloading the results in the error pointer
      ERR_PTR(-result). Therefore, the allocation failure test that used to
      only test for !skb now need to be extended to also consider !xdp_res.
      
      i40e_cleanup_headers() had a check that based on the skb value being
      an error pointer, i.e. a result from the XDP program != XDP_PASS, and
      if so start to process a new packet immediately, instead of populating
      skb fields and sending the skb to the stack. This check is not needed
      anymore, since we have added an explicit test for xdp_res being set
      and if so just do continue to pick the next packet from the NIC.
      
      Fixes: 12738ac4 ("i40e: Fix sparse errors in i40e_txrx.c")
      Acked-by: default avatarJesper Dangaard Brouer <brouer@redhat.com>
      Tested-by: default avatarJesper Dangaard Brouer <brouer@redhat.com>
      Reported-by: default avatarJesper Dangaard Brouer <brouer@redhat.com>
      Reviewed-by: default avatarMaciej Fijalkowski <maciej.fijalkowski@intel.com>
      Signed-off-by: default avatarMagnus Karlsson <magnus.karlsson@intel.com>
      Signed-off-by: default avatarTony Nguyen <anthony.l.nguyen@intel.com>
      ae4393df
    • Eric Dumazet's avatar
      netfilter: nftables: avoid potential overflows on 32bit arches · 6c8774a9
      Eric Dumazet authored
      User space could ask for very large hash tables, we need to make sure
      our size computations wont overflow.
      
      nf_tables_newset() needs to double check the u64 size
      will fit into size_t field.
      
      Fixes: 0ed6389c ("netfilter: nf_tables: rename set implementations")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      6c8774a9
    • Eric Dumazet's avatar
      netfilter: nftables: avoid overflows in nft_hash_buckets() · a54754ec
      Eric Dumazet authored
      Number of buckets being stored in 32bit variables, we have to
      ensure that no overflows occur in nft_hash_buckets()
      
      syzbot injected a size == 0x40000000 and reported:
      
      UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13
      shift exponent 64 is too large for 64-bit type 'long unsigned int'
      CPU: 1 PID: 29539 Comm: syz-executor.4 Not tainted 5.12.0-rc7-syzkaller #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      Call Trace:
       __dump_stack lib/dump_stack.c:79 [inline]
       dump_stack+0x141/0x1d7 lib/dump_stack.c:120
       ubsan_epilogue+0xb/0x5a lib/ubsan.c:148
       __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:327
       __roundup_pow_of_two include/linux/log2.h:57 [inline]
       nft_hash_buckets net/netfilter/nft_set_hash.c:411 [inline]
       nft_hash_estimate.cold+0x19/0x1e net/netfilter/nft_set_hash.c:652
       nft_select_set_ops net/netfilter/nf_tables_api.c:3586 [inline]
       nf_tables_newset+0xe62/0x3110 net/netfilter/nf_tables_api.c:4322
       nfnetlink_rcv_batch+0xa09/0x24b0 net/netfilter/nfnetlink.c:488
       nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:612 [inline]
       nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:630
       netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
       netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338
       netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927
       sock_sendmsg_nosec net/socket.c:654 [inline]
       sock_sendmsg+0xcf/0x120 net/socket.c:674
       ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350
       ___sys_sendmsg+0xf3/0x170 net/socket.c:2404
       __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433
       do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
      
      Fixes: 0ed6389c ("netfilter: nf_tables: rename set implementations")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      a54754ec
    • Linus Torvalds's avatar
      Merge branch 'akpm' (patches from Andrew) · a48b0872
      Linus Torvalds authored
      Merge yet more updates from Andrew Morton:
       "This is everything else from -mm for this merge window.
      
        90 patches.
      
        Subsystems affected by this patch series: mm (cleanups and slub),
        alpha, procfs, sysctl, misc, core-kernel, bitmap, lib, compat,
        checkpatch, epoll, isofs, nilfs2, hpfs, exit, fork, kexec, gcov,
        panic, delayacct, gdb, resource, selftests, async, initramfs, ipc,
        drivers/char, and spelling"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>: (90 commits)
        mm: fix typos in comments
        mm: fix typos in comments
        treewide: remove editor modelines and cruft
        ipc/sem.c: spelling fix
        fs: fat: fix spelling typo of values
        kernel/sys.c: fix typo
        kernel/up.c: fix typo
        kernel/user_namespace.c: fix typos
        kernel/umh.c: fix some spelling mistakes
        include/linux/pgtable.h: few spelling fixes
        mm/slab.c: fix spelling mistake "disired" -> "desired"
        scripts/spelling.txt: add "overflw"
        scripts/spelling.txt: Add "diabled" typo
        scripts/spelling.txt: add "overlfow"
        arm: print alloc free paths for address in registers
        mm/vmalloc: remove vwrite()
        mm: remove xlate_dev_kmem_ptr()
        drivers/char: remove /dev/kmem for good
        mm: fix some typos and code style problems
        ipc/sem.c: mundane typo fixes
        ...
      a48b0872