1. 23 Sep, 2019 3 commits
  2. 21 Sep, 2019 3 commits
  3. 17 Sep, 2019 12 commits
    • Colin Ian King's avatar
      ath10k: fix spelling mistake "eanble" -> "enable" · 09764659
      Colin Ian King authored
      There is a spelling mistake in a ath10k_warn warning message. Fix it.
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      09764659
    • Miaoqing Pan's avatar
      ath10k: fix latency issue for QCA988x · 1340cc63
      Miaoqing Pan authored
      Bad latency is found on QCA988x, the issue was introduced by
      commit 4504f0e5 ("ath10k: sdio: workaround firmware UART
      pin configuration bug"). If uart_pin_workaround is false, this
      change will set uart pin even if uart_print is false.
      
      Tested HW: QCA9880
      Tested FW: 10.2.4-1.0-00037
      
      Fixes: 4504f0e5 ("ath10k: sdio: workaround firmware UART pin configuration bug")
      Signed-off-by: default avatarMiaoqing Pan <miaoqing@codeaurora.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      1340cc63
    • Wenwen Wang's avatar
      ath10k: add cleanup in ath10k_sta_state() · 334f5b61
      Wenwen Wang authored
      If 'sta->tdls' is false, no cleanup is executed, leading to memory/resource
      leaks, e.g., 'arsta->tx_stats'. To fix this issue, perform cleanup before
      go to the 'exit' label.
      Signed-off-by: default avatarWenwen Wang <wenwen@cs.uga.edu>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      334f5b61
    • Govind Singh's avatar
      ath10k: revalidate the msa region coming from firmware · c4130599
      Govind Singh authored
      driver sends QMI_WLFW_MSA_INFO_REQ_V01 QMI request to firmware
      and in response expects range of addresses and size to be mapped.
      Add condition to check whether addresses in response falls
      under valid range otherwise return failure.
      
      Testing: Tested on WCN3990 HW
      Tested FW: WLAN.HL.3.1-01040-QCAHLSWMTPLZ-1
      Signed-off-by: default avatarGovind Singh <govinds@codeaurora.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      c4130599
    • Tomislav Požega's avatar
      ath10k: use ath10k_pci_soc_ functions for all warm_reset instances · 9c44bf4c
      Tomislav Požega authored
      Use ath10k_pci_soc_read32 / ath10k_pci_soc_write32 functions for
      the rest of warm_reset functions. Until now these have been used
      only for ath10k_pci_warm_reset_si0, but since they already exist
      it makes sense to simplify code a bit.
      Runtime tested with QCA9862.
      Signed-off-by: default avatarTomislav Požega <pozega.tomislav@gmail.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      9c44bf4c
    • Vasyl Gomonovych's avatar
      ath10k: Use ARRAY_SIZE · 7921ae09
      Vasyl Gomonovych authored
      fix coccinelle warning, use ARRAY_SIZE
      Signed-off-by: default avatarVasyl Gomonovych <gomonovych@gmail.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      7921ae09
    • Sven Eckelmann's avatar
      ath10k: avoid leaving .bss_info_changed prematurely · 0227ff36
      Sven Eckelmann authored
      ath10k_bss_info_changed() handles various events from the upper layers. It
      parses the changed bitfield and then configures the driver/firmware
      accordingly. Each detected event is handled in a separate scope which is
      independent of each other - but in the same function.
      
      The commit f279294e ("ath10k: add support for configuring management
      packet rate") changed this behavior by returning from this function
      prematurely when some precondition was not fulfilled. All new event
      handlers added after the BSS_CHANGED_BASIC_RATES event handler would then
      also be skipped.
      Signed-off-by: default avatarSven Eckelmann <seckelmann@datto.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      0227ff36
    • Bjorn Andersson's avatar
      ath10k: Use standard bulk clock API in snoc · f93bcf0c
      Bjorn Andersson authored
      No frequency is currently specified for the single clock defined in the
      snoc driver, so the clock wrappers reimplements the standard bulk API
      provided by the clock framework. Change to this.
      
      The single clock defined is marked as optional so this version of the
      get API is used, but might need to be reconsidered in the future.
      Signed-off-by: default avatarBjorn Andersson <bjorn.andersson@linaro.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      f93bcf0c
    • Bjorn Andersson's avatar
      ath10k: Use standard regulator bulk API in snoc · c56c7f24
      Bjorn Andersson authored
      The regulator_get_optional() exists for cases where the driver needs do
      behave differently depending on some regulator supply being present or
      not, as we don't use this we can use the standard regulator_get() and
      rely on its handling of unspecified regulators.
      
      While the driver currently doesn't specify any loads the regulator
      framework was updated last year to only account for load of enabled
      regulators, so should the need appear it's better to apply load numbers
      during initialization that dynamically.
      
      With this the regulator wrappers have been reduced the become identical
      to the standard bulk API provided by the regulator framework, so use
      these instead of rolling our own.
      Signed-off-by: default avatarBjorn Andersson <bjorn.andersson@linaro.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      c56c7f24
    • Bjorn Andersson's avatar
      ath10k: snoc: skip regulator operations · b003e7f1
      Bjorn Andersson authored
      The regulator operations is trying to set a voltage to a fixed value, by
      giving some wiggle room. But some board designs specifies regulator
      voltages outside this limited range. One such example is the Lenovo Yoga
      C630, with vdd-3.3-ch0 in particular specified at 3.1V.
      
      But consumers with fixed voltage requirements should just rely on the
      board configuration to provide the power at the required level, so this
      code should be removed.
      Signed-off-by: default avatarBjorn Andersson <bjorn.andersson@linaro.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      b003e7f1
    • Bjorn Andersson's avatar
      ath10k: Fix HOST capability QMI incompatibility · 7165ef89
      Bjorn Andersson authored
      The introduction of 768ec4c0 ("ath10k: update HOST capability QMI
      message") served the purpose of supporting the new and extended HOST
      capability QMI message.
      
      But while the new message adds a slew of optional members it changes the
      data type of the "daemon_support" member, which means that older
      versions of the firmware will fail to decode the incoming request
      message.
      
      There is no way to detect this breakage from Linux and there's no way to
      recover from sending the wrong message (i.e. we can't just try one
      format and then fallback to the other), so a quirk is introduced in
      DeviceTree to indicate to the driver that the firmware requires the 8bit
      version of this message.
      
      Cc: stable@vger.kernel.org
      Fixes: 768ec4c0 ("ath10k: update HOST capability qmi message")
      Signed-off-by: default avatarBjorn Andersson <bjorn.andersson@linaro.org>
      Acked-by: default avatarRob Herring <robh@kernel.org>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      7165ef89
    • Hauke Mehrtens's avatar
      ath10k: Check if station exists before forwarding tx airtime report · b10f3267
      Hauke Mehrtens authored
      It looks like the FW on QCA9984 already reports the tx airtimes before
      the station is added to the peer entry. The peer entry is created in
      ath10k_peer_map_event() just with the vdev_id and the ethaddr, but
      not with a station entry, this is added later in ath10k_peer_create() in
      callbacks from mac80211.
      
      When there is no sta added to the peer entry, this function fails
      because it calls ieee80211_sta_register_airtime() with NULL.
      
      This was reported in OpenWrt some time ago:
      https://bugs.openwrt.org/index.php?do=details&task_id=2414
      
      This commit should fix this crash:
      [   75.991714] Unable to handle kernel paging request at virtual address fffff9e8
      [   75.991756] pgd = c0204000
      [   75.997955] [fffff9e8] *pgd=5fdfd861, *pte=00000000, *ppte=00000000
      [   76.000537] Internal error: Oops: 37 [#1] SMP ARM
      [   76.006686] Modules linked in: pppoe ppp_async ath10k_pci ath10k_core ath pptp pppox ppp_mppe ppp_generic mac80211 iptable_nat ipt_REJECT ipt_MASQUERADE cfg80211 xt_time xt_tcpudp xt_tcpmss xt_statistic xt_state xt_recent xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_helper xt_esp xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_HL xt_FLOWOFFLOAD xt_DSCP xt_CT xt_CLASSIFY usbserial slhc nf_reject_ipv4 nf_nat_redirect nf_nat_masquerade_ipv4 nf_conntrack_ipv4 nf_nat_ipv4 nf_log_ipv4 nf_flow_table_hw nf_flow_table nf_defrag_ipv4 nf_conntrack_rtcache nf_conntrack_netlink iptable_raw iptable_mangle iptable_filter ipt_ah ipt_ECN ip_tables crc_ccitt compat chaoskey fuse sch_cake sch_tbf sch_ingress sch_htb sch_hfsc em_u32 cls_u32
      [   76.059974]  cls_tcindex cls_route cls_matchall cls_fw cls_flow cls_basic act_skbedit act_mirred ledtrig_usbport xt_set ip_set_list_set ip_set_hash_netportnet ip_set_hash_netport ip_set_hash_netnet ip_set_hash_netiface ip_set_hash_net ip_set_hash_mac ip_set_hash_ipportnet ip_set_hash_ipportip ip_set_hash_ipport ip_set_hash_ipmark ip_set_hash_ip ip_set_bitmap_port ip_set_bitmap_ipmac ip_set_bitmap_ip ip_set nfnetlink ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6t_NPT ip6t_MASQUERADE nf_nat_masquerade_ipv6 nf_nat nf_conntrack nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables ip6t_REJECT x_tables nf_reject_ipv6 msdos ip_gre gre ifb sit tunnel4 ip_tunnel tun vfat fat hfsplus cifs nls_utf8 nls_iso8859_15 nls_iso8859_1 nls_cp850 nls_cp437 nls_cp1250 sha1_generic md5 md4
      [   76.130634]  usb_storage leds_gpio xhci_plat_hcd xhci_pci xhci_hcd dwc3 dwc3_of_simple ohci_platform ohci_hcd phy_qcom_dwc3 ahci ehci_platform sd_mod ahci_platform libahci_platform libahci libata scsi_mod ehci_hcd gpio_button_hotplug ext4 mbcache jbd2 exfat crc32c_generic
      [   76.154772] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.14.132 #0
      [   76.177001] Hardware name: Generic DT based system
      [   76.182990] task: c0b06d80 task.stack: c0b00000
      [   76.187832] PC is at ieee80211_sta_register_airtime+0x24/0x148 [mac80211]
      [   76.192211] LR is at ath10k_htt_t2h_msg_handler+0x678/0x10f4 [ath10k_core]
      [   76.199052] pc : [<bf75bfac>]    lr : [<bf83e8b0>]    psr: a0000113
      [   76.205820] sp : c0b01d54  ip : 00000002  fp : bf869c0c
      [   76.211981] r10: 0000003c  r9 : dbdca138  r8 : 00060002
      [   76.217192] r7 : 00000000  r6 : dabe1150  r5 : 00000000  r4 : dbdc95c0
      [   76.222401] r3 : 00000000  r2 : 00060002  r1 : 00000000  r0 : 00000000
      [   76.229003] Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
      [   76.235509] Control: 10c5787d  Table: 5c94006a  DAC: 00000051
      [   76.242716] Process swapper/0 (pid: 0, stack limit = 0xc0b00210)
      [   76.248446] Stack: (0xc0b01d54 to 0xc0b02000)
      [   76.254532] 1d40:                                              dbdc95c0 00000000 dabe1150
      [   76.258808] 1d60: 00000001 dabe1150 dbdca138 0000003c bf869c0c bf83e8b0 00000002 c0314b10
      [   76.266969] 1d80: dbdc9c70 00000001 00000001 dabe114c 00010000 00000000 dbdcd724 bf88f3d8
      [   76.275126] 1da0: c0310d28 db393c00 dbdc95c0 00000000 c0b01dd0 c07fb4c4 dbdcd724 00000001
      [   76.283286] 1dc0: 00000022 bf88b09c db393c00 00000022 c0b01dd0 c0b01dd0 00000000 dbdcc5c0
      [   76.291445] 1de0: bf88f04c dbdcd654 dbdcd71c dbdc95c0 00000014 dbdcd724 dbdcc5c0 00000005
      [   76.299605] 1e00: 0004b400 bf85c360 00000000 bf87101c c0b01e24 00000006 00000000 dbdc95c0
      [   76.307764] 1e20: 00000001 00000040 0000012c c0b01e80 1cf51000 bf85c448 dbdcd440 dbdc95c0
      [   76.315925] 1e40: dbdca440 ffffa880 00000040 bf88cb68 dbdcd440 00000001 00000040 ffffa880
      [   76.324084] 1e60: c0b02d00 c06d72e0 dd990080 c0a3f080 c0b255dc c0b047e4 c090afac c090e80c
      [   76.332244] 1e80: c0b01e80 c0b01e80 c0b01e88 c0b01e88 dd4cc200 00000000 00000003 c0b0208c
      [   76.340405] 1ea0: c0b02080 40000003 ffffe000 00000100 c0b02080 c03015c8 00000000 00000001
      [   76.348564] 1ec0: dd408000 c0a38210 c0b2c7c0 0000000a ffffa880 c0b02d00 c07fb764 00200102
      [   76.356723] 1ee0: dd4cc268 c0a3e414 00000000 00000000 00000001 dd408000 de803000 00000000
      [   76.364883] 1f00: 00000000 c03247cc c0a3e414 c0368f1c c0b03f60 c0b153cc de80200c de802000
      [   76.373042] 1f20: c0b01f48 c0301488 c0308630 60000013 ffffffff c0b01f7c 00000000 c0b00000
      [   76.381204] 1f40: 00000000 c030c08c 00000001 00000000 00000000 c0315180 ffffe000 c0b03cc0
      [   76.389363] 1f60: c0b03c70 00000000 00000000 c0a2da28 00000000 00000000 c0b01f90 c0b01f98
      [   76.397522] 1f80: c030862c c0308630 60000013 ffffffff 00000051 00000000 ffffe000 c035dd18
      [   76.405681] 1fa0: 000000bf c0b03c40 00000000 c0b2c000 dddfce80 c035e060 c0b2c040 c0a00cf4
      [   76.413842] 1fc0: ffffffff ffffffff 00000000 c0a0067c c0a2da28 00000000 00000000 c0b2c1d4
      [   76.422001] 1fe0: c0b03c5c c0a2da24 c0b07ee0 4220406a 512f04d0 4220807c 00000000 00000000
      [   76.430335] [<bf75bfac>] (ieee80211_sta_register_airtime [mac80211]) from [<00000002>] (0x2)
      [   76.438314] Code: e1cd81f0 e1a08002 e1cda1f8 e58de020 (e5102618)
      [   76.446965] ---[ end trace 227a38ade964d642 ]---
      
      Fixes: bb31b7cb ("ath10k: report tx airtime provided by fw")
      Signed-off-by: default avatarHauke Mehrtens <hauke@hauke-m.de>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      b10f3267
  4. 15 Sep, 2019 1 commit
  5. 14 Sep, 2019 13 commits
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 1609d760
      Linus Torvalds authored
      Pull kvm fixes from Paolo Bonzini:
       "The main change here is a revert of reverts. We recently simplified
        some code that was thought unnecessary; however, since then KVM has
        grown quite a few cond_resched()s and for that reason the simplified
        code is prone to livelocks---one CPUs tries to empty a list of guest
        page tables while the others keep adding to them. This adds back the
        generation-based zapping of guest page tables, which was not
        unnecessary after all.
      
        On top of this, there is a fix for a kernel memory leak and a couple
        of s390 fixlets as well"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: x86/mmu: Reintroduce fast invalidate/zap for flushing memslot
        KVM: x86: work around leak of uninitialized stack contents
        KVM: nVMX: handle page fault in vmread
        KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
        KVM: s390: kvm_s390_vm_start_migration: check dirty_bitmap before using it as target for memset()
      1609d760
    • Linus Torvalds's avatar
      Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost · 1f9c632c
      Linus Torvalds authored
      Pull virtio fix from Michael Tsirkin:
       "A last minute revert
      
        The 32-bit build got broken by the latest defence in depth patch.
        Revert and we'll try again in the next cycle"
      
      * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
        Revert "vhost: block speculation of translated descriptors"
      1f9c632c
    • Linus Torvalds's avatar
      Merge tag 'riscv/for-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · b03c036e
      Linus Torvalds authored
      Pull RISC-V fix from Paul Walmsley:
       "Last week, Palmer and I learned that there was an error in the RISC-V
        kernel image header format that could make it less compatible with the
        ARM64 kernel image header format. I had missed this error during my
        original reviews of the patch.
      
        The kernel image header format is an interface that impacts
        bootloaders, QEMU, and other user tools. Those packages must be
        updated to align with whatever is merged in the kernel. We would like
        to avoid proliferating these image formats by keeping the RISC-V
        header as close as possible to the existing ARM64 header. Since the
        arch/riscv patch that adds support for the image header was merged
        with our v5.3-rc1 pull request as commit 0f327f2a ("RISC-V: Add
        an Image header that boot loader can parse."), we think it wise to try
        to fix this error before v5.3 is released.
      
        The fix itself should be backwards-compatible with any project that
        has already merged support for premature versions of this interface.
        It primarily involves ensuring that the RISC-V image header has
        something useful in the same field as the ARM64 image header"
      
      * tag 'riscv/for-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
        riscv: modify the Image header to improve compatibility with the ARM64 header
      b03c036e
    • Michael S. Tsirkin's avatar
      Revert "vhost: block speculation of translated descriptors" · 0d4a3f2a
      Michael S. Tsirkin authored
      This reverts commit a89db445.
      
      I was hasty to include this patch, and it breaks the build on 32 bit.
      Defence in depth is good but let's do it properly.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      0d4a3f2a
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 36024fcf
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Don't corrupt xfrm_interface parms before validation, from Nicolas
          Dichtel.
      
       2) Revert use of usb-wakeup in btusb, from Mario Limonciello.
      
       3) Block ipv6 packets in bridge netfilter if ipv6 is disabled, from
          Leonardo Bras.
      
       4) IPS_OFFLOAD not honored in ctnetlink, from Pablo Neira Ayuso.
      
       5) Missing ULP check in sock_map, from John Fastabend.
      
       6) Fix receive statistic handling in forcedeth, from Zhu Yanjun.
      
       7) Fix length of SKB allocated in 6pack driver, from Christophe
          JAILLET.
      
       8) ip6_route_info_create() returns an error pointer, not NULL. From
          Maciej Żenczykowski.
      
       9) Only add RDS sock to the hashes after rs_transport is set, from
          Ka-Cheong Poon.
      
      10) Don't double clean TX descriptors in ixgbe, from Ilya Maximets.
      
      11) Presence of transmit IPSEC offload in an SKB is not tested for
          correctly in ixgbe and ixgbevf. From Steffen Klassert and Jeff
          Kirsher.
      
      12) Need rcu_barrier() when register_netdevice() takes one of the
          notifier based failure paths, from Subash Abhinov Kasiviswanathan.
      
      13) Fix leak in sctp_do_bind(), from Mao Wenan.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (72 commits)
        cdc_ether: fix rndis support for Mediatek based smartphones
        sctp: destroy bucket if failed to bind addr
        sctp: remove redundant assignment when call sctp_get_port_local
        sctp: change return type of sctp_get_port_local
        ixgbevf: Fix secpath usage for IPsec Tx offload
        sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
        ixgbe: Fix secpath usage for IPsec TX offload.
        net: qrtr: fix memort leak in qrtr_tun_write_iter
        net: Fix null de-reference of device refcount
        ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
        tun: fix use-after-free when register netdev failed
        tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
        ixgbe: fix double clean of Tx descriptors with xdp
        ixgbe: Prevent u8 wrapping of ITR value to something less than 10us
        mlx4: fix spelling mistake "veify" -> "verify"
        net: hns3: fix spelling mistake "undeflow" -> "underflow"
        net: lmc: fix spelling mistake "runnin" -> "running"
        NFC: st95hf: fix spelling mistake "receieve" -> "receive"
        net/rds: An rds_sock is added too early to the hash table
        mac80211: Do not send Layer 2 Update frame before authorization
        ...
      36024fcf
    • Linus Torvalds's avatar
      Merge tag 'mmc-v5.3-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc · 1c4c5e25
      Linus Torvalds authored
      Pull MMC fixes from Ulf Hansson:
      
       - tmio: Fixup runtime PM management during probe and remove
      
       - sdhci-pci-o2micro: Fix eMMC initialization for an AMD SoC
      
       - bcm2835: Prevent lockups when terminating work
      
      * tag 'mmc-v5.3-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
        mmc: tmio: Fixup runtime PM management during remove
        mmc: tmio: Fixup runtime PM management during probe
        Revert "mmc: tmio: move runtime PM enablement to the driver implementations"
        Revert "mmc: sdhci: Remove unneeded quirk2 flag of O2 SD host controller"
        Revert "mmc: bcm2835: Terminate timeout work synchronously"
      1c4c5e25
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2019-09-13' of git://anongit.freedesktop.org/drm/drm · 592b8d87
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "From the maintainer summit, just some last minute fixes for final:
      
        lima:
         - fix gem_wait ioctl
      
        core:
         - constify modes list
      
        i915:
         - DP MST high color depth regression
         - GPU hangs on vulkan compute workloads"
      
      * tag 'drm-fixes-2019-09-13' of git://anongit.freedesktop.org/drm/drm:
        drm/lima: fix lima_gem_wait() return value
        drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+
        drm/i915: Limit MST to <= 8bpc once again
        drm/modes: Make the whitelist more const
      592b8d87
    • David S. Miller's avatar
      Merge tag 'wireless-drivers-next-for-davem-2019-09-14' of... · a3d3c74d
      David S. Miller authored
      Merge tag 'wireless-drivers-next-for-davem-2019-09-14' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next
      
      Kalle Valo says:
      
      ====================
      wireless-drivers-next patches for 5.4
      
      Last set of patches for 5.4. wil6210 and rtw88 being most active this
      time, but ath9k also having a new module to load devices without
      EEPROM.
      
      Major changes:
      
      wil6210
      
      * add support for Enhanced Directional Multi-Gigabit (EDMG) channels 9-11
      
      * add debugfs file to show PCM ring content
      
      * report boottime_ns in scan results
      
      ath9k
      
      * add a separate loader for AR92XX (and older) pci(e) without eeprom
      
      brcmfmac
      
      * use the same wiphy after PCIe reset to not confuse the user space
      
      rtw88
      
      * enable interrupt migration
      
      * enable AMSDU in AMPDU aggregation
      
      * report RX power for each antenna
      
      * enable to DPK and IQK calibration methods to improve performance
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a3d3c74d
    • Paolo Bonzini's avatar
      Merge tag 'kvm-s390-master-5.3-1' of... · a9c20bb0
      Paolo Bonzini authored
      Merge tag 'kvm-s390-master-5.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into kvm-master
      
      KVM: s390: Fixes for 5.3
      
      - prevent a user triggerable oops in the migration code
      - do not leak kernel stack content
      a9c20bb0
    • Sean Christopherson's avatar
      KVM: x86/mmu: Reintroduce fast invalidate/zap for flushing memslot · 002c5f73
      Sean Christopherson authored
      James Harvey reported a livelock that was introduced by commit
      d012a06a ("Revert "KVM: x86/mmu: Zap only the relevant pages when
      removing a memslot"").
      
      The livelock occurs because kvm_mmu_zap_all() as it exists today will
      voluntarily reschedule and drop KVM's mmu_lock, which allows other vCPUs
      to add shadow pages.  With enough vCPUs, kvm_mmu_zap_all() can get stuck
      in an infinite loop as it can never zap all pages before observing lock
      contention or the need to reschedule.  The equivalent of kvm_mmu_zap_all()
      that was in use at the time of the reverted commit (4e103134, "KVM:
      x86/mmu: Zap only the relevant pages when removing a memslot") employed
      a fast invalidate mechanism and was not susceptible to the above livelock.
      
      There are three ways to fix the livelock:
      
      - Reverting the revert (commit d012a06a) is not a viable option as
        the revert is needed to fix a regression that occurs when the guest has
        one or more assigned devices.  It's unlikely we'll root cause the device
        assignment regression soon enough to fix the regression timely.
      
      - Remove the conditional reschedule from kvm_mmu_zap_all().  However, although
        removing the reschedule would be a smaller code change, it's less safe
        in the sense that the resulting kvm_mmu_zap_all() hasn't been used in
        the wild for flushing memslots since the fast invalidate mechanism was
        introduced by commit 6ca18b69 ("KVM: x86: use the fast way to
        invalidate all pages"), back in 2013.
      
      - Reintroduce the fast invalidate mechanism and use it when zapping shadow
        pages in response to a memslot being deleted/moved, which is what this
        patch does.
      
      For all intents and purposes, this is a revert of commit ea145aac
      ("Revert "KVM: MMU: fast invalidate all pages"") and a partial revert of
      commit 7390de1e ("Revert "KVM: x86: use the fast way to invalidate
      all pages""), i.e. restores the behavior of commit 5304b8d3 ("KVM:
      MMU: fast invalidate all pages") and commit 6ca18b69 ("KVM: x86:
      use the fast way to invalidate all pages") respectively.
      
      Fixes: d012a06a ("Revert "KVM: x86/mmu: Zap only the relevant pages when removing a memslot"")
      Reported-by: default avatarJames Harvey <jamespharvey20@gmail.com>
      Cc: Alex Willamson <alex.williamson@redhat.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarSean Christopherson <sean.j.christopherson@intel.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      002c5f73
    • Fuqian Huang's avatar
      KVM: x86: work around leak of uninitialized stack contents · 541ab2ae
      Fuqian Huang authored
      Emulation of VMPTRST can incorrectly inject a page fault
      when passed an operand that points to an MMIO address.
      The page fault will use uninitialized kernel stack memory
      as the CR2 and error code.
      
      The right behavior would be to abort the VM with a KVM_EXIT_INTERNAL_ERROR
      exit to userspace; however, it is not an easy fix, so for now just ensure
      that the error code and CR2 are zero.
      Signed-off-by: default avatarFuqian Huang <huangfq.daxian@gmail.com>
      Cc: stable@vger.kernel.org
      [add comment]
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      541ab2ae
    • Paolo Bonzini's avatar
      KVM: nVMX: handle page fault in vmread · f7eea636
      Paolo Bonzini authored
      The implementation of vmread to memory is still incomplete, as it
      lacks the ability to do vmread to I/O memory just like vmptrst.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      f7eea636
    • Paul Walmsley's avatar
      riscv: modify the Image header to improve compatibility with the ARM64 header · 474efecb
      Paul Walmsley authored
      Part of the intention during the definition of the RISC-V kernel image
      header was to lay the groundwork for a future merge with the ARM64
      image header.  One error during my original review was not noticing
      that the RISC-V header's "magic" field was at a different size and
      position than the ARM64's "magic" field.  If the existing ARM64 Image
      header parsing code were to attempt to parse an existing RISC-V kernel
      image header format, it would see a magic number 0.  This is
      undesirable, since it's our intention to align as closely as possible
      with the ARM64 header format.  Another problem was that the original
      "res3" field was not being initialized correctly to zero.
      
      Address these issues by creating a 32-bit "magic2" field in the RISC-V
      header which matches the ARM64 "magic" field.  RISC-V binaries will
      store "RSC\x05" in this field.  The intention is that the use of the
      existing 64-bit "magic" field in the RISC-V header will be deprecated
      over time.  Increment the minor version number of the file format to
      indicate this change, and update the documentation accordingly.  Fix
      the assembler directives in head.S to ensure that reserved fields are
      properly zero-initialized.
      Signed-off-by: default avatarPaul Walmsley <paul.walmsley@sifive.com>
      Reported-by: default avatarPalmer Dabbelt <palmer@sifive.com>
      Reviewed-by: default avatarPalmer Dabbelt <palmer@sifive.com>
      Cc: Atish Patra <atish.patra@wdc.com>
      Cc: Karsten Merker <merker@debian.org>
      Link: https://lore.kernel.org/linux-riscv/194c2f10c9806720623430dbf0cc59a965e50448.camel@wdc.com/T/#u
      Link: https://lore.kernel.org/linux-riscv/mhng-755b14c4-8f35-4079-a7ff-e421fd1b02bc@palmer-si-x1e/T/#t
      474efecb
  6. 13 Sep, 2019 8 commits
    • David S. Miller's avatar
      Merge branch 'devlink-move-reload-fail-indication-to-devlink-core-and-expose-to-user' · 1ba569fc
      David S. Miller authored
      Jiri Pirko says:
      
      ====================
      net: devlink: move reload fail indication to devlink core and expose to user
      
      First two patches are dependencies of the last one. That moves devlink
      reload failure indication to the devlink code, so the drivers do not
      have to track it themselves. Currently it is only mlxsw, but I will send
      a follow-up patchset that introduces this in netdevsim too.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1ba569fc
    • Jiri Pirko's avatar
      net: devlink: move reload fail indication to devlink core and expose to user · 2670ac26
      Jiri Pirko authored
      Currently the fact that devlink reload failed is stored in drivers.
      Move this flag into devlink core. Also, expose it to the user.
      Signed-off-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2670ac26
    • Jiri Pirko's avatar
      net: devlink: split reload op into two · 97691069
      Jiri Pirko authored
      In order to properly implement failure indication during reload,
      split the reload op into two ops, one for down phase and one for
      up phase.
      Signed-off-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      97691069
    • Jiri Pirko's avatar
      mlx4: Split restart_one into two functions · 35c7ff34
      Jiri Pirko authored
      Split the function restart_one into two functions and separate teardown
      and buildup.
      Signed-off-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      35c7ff34
    • Bjørn Mork's avatar
      cdc_ether: fix rndis support for Mediatek based smartphones · 4d7ffcf3
      Bjørn Mork authored
      A Mediatek based smartphone owner reports problems with USB
      tethering in Linux.  The verbose USB listing shows a rndis_host
      interface pair (e0/01/03 + 10/00/00), but the driver fails to
      bind with
      
      [  355.960428] usb 1-4: bad CDC descriptors
      
      The problem is a failsafe test intended to filter out ACM serial
      functions using the same 02/02/ff class/subclass/protocol as RNDIS.
      The serial functions are recognized by their non-zero bmCapabilities.
      
      No RNDIS function with non-zero bmCapabilities were known at the time
      this failsafe was added. But it turns out that some Wireless class
      RNDIS functions are using the bmCapabilities field. These functions
      are uniquely identified as RNDIS by their class/subclass/protocol, so
      the failing test can safely be disabled.  The same applies to the two
      types of Misc class RNDIS functions.
      
      Applying the failsafe to Communication class functions only retains
      the original functionality, and fixes the problem for the Mediatek based
      smartphone.
      
      Tow examples of CDC functional descriptors with non-zero bmCapabilities
      from Wireless class RNDIS functions are:
      
      0e8d:000a  Mediatek Crosscall Spider X5 3G Phone
      
            CDC Header:
              bcdCDC               1.10
            CDC ACM:
              bmCapabilities       0x0f
                connection notifications
                sends break
                line coding and serial state
                get/set/clear comm features
            CDC Union:
              bMasterInterface        0
              bSlaveInterface         1
            CDC Call Management:
              bmCapabilities       0x03
                call management
                use DataInterface
              bDataInterface          1
      
      and
      
      19d2:1023  ZTE K4201-z
      
            CDC Header:
              bcdCDC               1.10
            CDC ACM:
              bmCapabilities       0x02
                line coding and serial state
            CDC Call Management:
              bmCapabilities       0x03
                call management
                use DataInterface
              bDataInterface          1
            CDC Union:
              bMasterInterface        0
              bSlaveInterface         1
      
      The Mediatek example is believed to apply to most smartphones with
      Mediatek firmware.  The ZTE example is most likely also part of a larger
      family of devices/firmwares.
      Suggested-by: default avatarLars Melin <larsm17@gmail.com>
      Signed-off-by: default avatarBjørn Mork <bjorn@mork.no>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4d7ffcf3
    • David S. Miller's avatar
      Merge branch 'sctp_do_bind-leak' · ae3b06ed
      David S. Miller authored
      Mao Wenan says:
      
      ====================
      fix memory leak for sctp_do_bind
      
      First two patches are to do cleanup, remove redundant assignment,
      and change return type of sctp_get_port_local.
      Third patch is to fix memory leak for sctp_do_bind if failed
      to bind address.
      
      v2: add one patch to change return type of sctp_get_port_local.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ae3b06ed
    • Mao Wenan's avatar
      sctp: destroy bucket if failed to bind addr · 29b99f54
      Mao Wenan authored
      There is one memory leak bug report:
      BUG: memory leak
      unreferenced object 0xffff8881dc4c5ec0 (size 40):
        comm "syz-executor.0", pid 5673, jiffies 4298198457 (age 27.578s)
        hex dump (first 32 bytes):
          02 00 00 00 81 88 ff ff 00 00 00 00 00 00 00 00  ................
          f8 63 3d c1 81 88 ff ff 00 00 00 00 00 00 00 00  .c=.............
        backtrace:
          [<0000000072006339>] sctp_get_port_local+0x2a1/0xa00 [sctp]
          [<00000000c7b379ec>] sctp_do_bind+0x176/0x2c0 [sctp]
          [<000000005be274a2>] sctp_bind+0x5a/0x80 [sctp]
          [<00000000b66b4044>] inet6_bind+0x59/0xd0 [ipv6]
          [<00000000c68c7f42>] __sys_bind+0x120/0x1f0 net/socket.c:1647
          [<000000004513635b>] __do_sys_bind net/socket.c:1658 [inline]
          [<000000004513635b>] __se_sys_bind net/socket.c:1656 [inline]
          [<000000004513635b>] __x64_sys_bind+0x3e/0x50 net/socket.c:1656
          [<0000000061f2501e>] do_syscall_64+0x72/0x2e0 arch/x86/entry/common.c:296
          [<0000000003d1e05e>] entry_SYSCALL_64_after_hwframe+0x49/0xbe
      
      This is because in sctp_do_bind, if sctp_get_port_local is to
      create hash bucket successfully, and sctp_add_bind_addr failed
      to bind address, e.g return -ENOMEM, so memory leak found, it
      needs to destroy allocated bucket.
      Reported-by: default avatarHulk Robot <hulkci@huawei.com>
      Signed-off-by: default avatarMao Wenan <maowenan@huawei.com>
      Acked-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      Acked-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      29b99f54
    • Mao Wenan's avatar
      sctp: remove redundant assignment when call sctp_get_port_local · e0e4b8de
      Mao Wenan authored
      There are more parentheses in if clause when call sctp_get_port_local
      in sctp_do_bind, and redundant assignment to 'ret'. This patch is to
      do cleanup.
      Signed-off-by: default avatarMao Wenan <maowenan@huawei.com>
      Acked-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      Acked-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e0e4b8de