02 Nov, 2016
3 commits
-
Pull gcc plugin fixes from Kees Cook:
- make sure required exports from gcc plugins are visible to gcc
- switch latent_entropy to unsigned long to avoid stack frame bloat* tag 'gcc-plugins-v4.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
latent_entropy: Fix wrong gcc code generation with 64 bit variables
gcc-plugins: Export symbols needed by gcc -
Pull virtio updates from Michael Tsirkin:
"Tests, fixes and cleanups.Just minor tweaks, there's nothing major in this cycle"
* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
virtio_ring: mark vring_dma_dev inline
virtio/vhost: add Jason to list of maintainers
virtio_blk: Delete an unnecessary initialisation in init_vq()
virtio_blk: Use kmalloc_array() in init_vq()
virtio: remove config.c
virtio: console: Unlock vqs while freeing buffers
ringtest: poll for new buffers once before updating event index
ringtest: commonize implementation of poll_avail/poll_used
ringtest: use link-time optimization
virtio: update balloon size in balloon "probe"
virtio_ring: Make interrupt suppression spec compliant
virtio_pci: Limit DMA mask to 44 bits for legacy virtio devices -
Pull VFIO fix from Alex Williamson:
"SET_IRQS ioctl parameter sanitization (Vlad Tsyrklevich)"* tag 'vfio-v4.9-rc4' of git://github.com/awilliam/linux-vfio:
vfio/pci: Fix integer overflows, bitmask check
01 Nov, 2016
6 commits
-
Pull spi fixes from Mark Brown: "A few small fixes for SPI, one core fix
that only applies in cases where we're handling DT overlays and a
couple of driver specific fixes:- Fix handling of error cases when instantiating DT overlays so we
don't end up just ignoring devices that encountered an error during
instantiation.- Avoid reading uninitialized data when handing spurious interrupts
in the espi driver.- A driver specific fix for the dspi driver to fix a bad interaction
with u-boot"* tag 'spi-fix-v4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
spi: dspi: clear SPI_SR before enable interrupt
spi: fsl-espi: avoid processing uninitalized data on error
spi: mark device nodes only in case of successful instantiation -
The stack frame size could grow too large when the plugin used long long
on 32-bit architectures when the given function had too many basic blocks.The gcc warning was:
drivers/pci/hotplug/ibmphp_ebda.c: In function 'ibmphp_access_ebda':
drivers/pci/hotplug/ibmphp_ebda.c:409:1: warning: the frame size of 1108 bytes is larger than 1024 bytes [-Wframe-larger-than=]This switches latent_entropy from u64 to unsigned long.
Thanks to PaX Team and Emese Revfy for the patch.
Signed-off-by: Kees Cook
-
This explicitly exports symbols that gcc expects from plugins.
Based on code from Emese Revfy.
Signed-off-by: Kees Cook
-
…git/broonie/regulator
Pull regulator fix from Mark Brown:
"Fix ramp_delay warnings for v4.9A new warning was introduced for missing information about the time
that regulators take to power on in v4.9. This is in theory a real
issue but for most practical regulators the communication overhead of
talking to the device is greater than the ramp time so a lot of
drivers don't set it and the warning is far too noisy without
identifying practical issues.Just remove the warning for now"
* tag 'regulator-fix-v4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
regulator: core: silence warning: "VDD1: ramp_delay not set" -
Pull regmap fixes from Mark Brown:
"A couple of small build fixes here, nothing major.The missing include is triggered in some configurations and the
renaming of ret is defensive for the benefit of some drivers people
are in the process of mainlining"* tag 'regmap-fix-v4.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap:
regmap: Rename ret variable in regmap_read_poll_timeout
regmap: include from include/linux/regmap.h -
Pull TPM fix from James Morris.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
tpm: remove invalid min length check from tpm_do_selftest()
31 Oct, 2016
15 commits
-
Removal of this check was not properly amended to the original commit.
Cc: stable@vger.kernel.org
Fixes: 0c541332231e ("tpm: use tpm_pcr_read_dev() in tpm_do_selftest()")
Signed-off-by: Jarkko Sakkinen
Signed-off-by: James Morris -
Pull ARM fixes from Russell King:
"A fix for a regression on ARMv4T CPUs, and wiring up the new pkey
syscalls for ARM"* 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm:
ARM: wire up new pkey syscalls
ARM: fix oops when using older ARMv4T CPUs -
Pull sparc fixes from David Miller:
"Several sparc64 bug fixes here:1) Make the user copy routines on sparc64 return a properly accurate
residual length when an exception occurs.2) We can get enormous kernel TLB range flush requests from vmalloc
unmaps, so handle these more gracefully by doing full flushes
instead of going page-by-page.3) Cope properly with negative branch offsets in sparc jump-label
support, from James Clarke.4) Some old-style decl GCC warning fixups from Tobias Klauser"
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
sparc64: Handle extremely large kernel TLB range flushes more gracefully.
sparc64: Fix illegal relative branches in hypervisor patched TLB cross-call code.
sparc64: Fix instruction count in comment for __hypervisor_flush_tlb_pending.
sparc64: Handle extremely large kernel TSB range flushes sanely.
sparc: Handle negative offsets in arch_jump_label_transform
sparc64: Fix illegal relative branches in hypervisor patched TLB code.
sparc64: Delete now unused user copy fixup functions.
sparc64: Delete now unused user copy assembler helpers.
sparc64: Convert U3copy_{from,to}_user to accurate exception reporting.
sparc64: Convert NG2copy_{from,to}_user to accurate exception reporting.
sparc64: Convert NGcopy_{from,to}_user to accurate exception reporting.
sparc64: Convert NG4copy_{from,to}_user to accurate exception reporting.
sparc64: Convert U1copy_{from,to}_user to accurate exception reporting.
sparc64: Convert GENcopy_{from,to}_user to accurate exception reporting.
sparc64: Convert copy_in_user to accurate exception reporting.
sparc64: Prepare to move to more saner user copy exception handling.
sparc64: Delete __ret_efault.
sparc32: Fix old style declaration GCC warnings
sparc64: Fix old style declaration GCC warnings
sparc64: Setup a scheduling domain for highest level cache. -
This inline function is unused on configurations
where dma_map/unmap are empty macros.Make the function inline to avoid gcc errors because
of an unused static function.Signed-off-by: Michael S. Tsirkin
-
Jason's been one of the mst active contributors
to virtio and vhost, it will help to formalize this
and list him as co-maintainer.Signed-off-by: Michael S. Tsirkin
-
The local variable "err" will be set to an appropriate value
by a following statement.
Thus omit the explicit initialisation at the beginning.Signed-off-by: Markus Elfring
Signed-off-by: Michael S. Tsirkin -
Multiplications for the size determination of memory allocations
indicated that array data structures should be processed.
Thus use the corresponding function "kmalloc_array".This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring
Signed-off-by: Michael S. Tsirkin -
Remove unused file config.c
Signed-off-by: Juergen Gross
Signed-off-by: Michael S. Tsirkin -
Commit c6017e793b93 ("virtio: console: add locks around buffer removal
in port unplug path") added locking around the freeing of buffers in the
vq. However, when free_buf() is called with can_sleep = true and rproc
is enabled, it calls dma_free_coherent() directly, requiring interrupts
to be enabled. Currently a WARNING is triggered due to the spin locking
around free_buf, with a call stack like this:WARNING: CPU: 3 PID: 121 at ./include/linux/dma-mapping.h:433
free_buf+0x1a8/0x288
Call Trace:
[] show_stack+0x74/0xc0
[] dump_stack+0xd0/0x110
[] __warn+0xfc/0x130
[] warn_slowpath_null+0x2c/0x3c
[] free_buf+0x1a8/0x288
[] remove_port_data+0x50/0xac
[] unplug_port+0xb4/0x1bc
[] virtcons_remove+0xb0/0xfc
[] virtio_dev_remove+0x58/0xc0
[] __device_release_driver+0xac/0x134
[] device_release_driver+0x38/0x50
[] bus_remove_device+0xfc/0x130
[] device_del+0x17c/0x21c
[] device_unregister+0x24/0x38
[] unregister_virtio_device+0x28/0x44Fix this by restructuring the loops to allow the locks to only be taken
where it is necessary to protect the vqs, and release it while the
buffer is being freed.Fixes: c6017e793b93 ("virtio: console: add locks around buffer removal in port unplug path")
Cc: stable@vger.kernel.org
Signed-off-by: Matt Redfearn
Signed-off-by: Michael S. Tsirkin -
Updating the event index has a memory barrier and causes more work
on the other side to actually signal the event. It is unnecessary
if a new buffer has already appeared on the ring, so poll once before
doing the update.The effect of this on the 0.9 ring implementation is pretty much
invisible, but on the new-style ring it provides a consistent 3%
performance improvement.Signed-off-by: Paolo Bonzini
Signed-off-by: Michael S. Tsirkin -
Provide new primitives used_empty/avail_empty and
build poll_avail/poll_used on top of it.Signed-off-by: Paolo Bonzini
Signed-off-by: Michael S. Tsirkin -
By using -flto and -fwhole-program, all functions from the ring implementation
can be treated as static and possibly inlined. Force this to happen through
the GCC flatten attribute.Signed-off-by: Paolo Bonzini
Signed-off-by: Michael S. Tsirkin -
The following commit 'fad7b7b27b6a (virtio_balloon: Use a workqueue
instead of "vballoon" kthread)' has added a regression. Original code with
kthread starts the thread inside probe and checks the necessity to update
balloon inside the thread immediately.Nowadays the code behaves differently. Work is queued only on the first
command from the host after the negotiation. Thus there is a window
especially at the guest startup or the module reloading when the balloon
size is not updated until the notification from the host.This patch adds balloon size check at the end of the probe to match
original behaviour.Signed-off-by: Konstantin Neumoin
Signed-off-by: Denis V. Lunev
Signed-off-by: Michael S. Tsirkin -
According to the spec, if the VIRTIO_RING_F_EVENT_IDX feature bit is
negotiated the driver MUST set flags to 0. Not dirtying the available
ring in virtqueue_disable_cb also has a minor positive performance
impact, improving L1 dcache load missed by ~0.5% in vring_bench.Writes to the used event field (vring_used_event) are still unconditional.
Cc: Michael S. Tsirkin
Cc: # f277ec4 virtio_ring: shadow available
Cc:
Signed-off-by: Ladi Prosek
Signed-off-by: Michael S. Tsirkin -
Legacy virtio defines the virtqueue base using a 32-bit PFN field, with
a read-only register indicating a fixed page size of 4k.This can cause problems for DMA allocators that allocate top down from
the DMA mask, which is set to 64 bits. In this case, the addresses are
silently truncated to 44-bit, leading to IOMMU faults, failure to read
from the queue or data corruption.This patch restricts the coherent DMA mask for legacy PCI virtio devices
to 44 bits, which matches the specification.Cc: stable@vger.kernel.org
Cc: Andy Lutomirski
Cc: Michael S. Tsirkin
Cc: Benjamin Serebrin
Signed-off-by: Will Deacon
Signed-off-by: Michael S. Tsirkin
30 Oct, 2016
16 commits
-
Pull networking fixes from David Miller:
"Lots of fixes, mostly drivers as is usually the case.1) Don't treat zero DMA address as invalid in vmxnet3, from Alexey
Khoroshilov.2) Fix element timeouts in netfilter's nft_dynset, from Anders K.
Pedersen.3) Don't put aead_req crypto struct on the stack in mac80211, from
Ard Biesheuvel.4) Several uninitialized variable warning fixes from Arnd Bergmann.
5) Fix memory leak in cxgb4, from Colin Ian King.
6) Fix bpf handling of VLAN header push/pop, from Daniel Borkmann.
7) Several VRF semantic fixes from David Ahern.
8) Set skb->protocol properly in ip6_tnl_xmit(), from Eli Cooper.
9) Socket needs to be locked in udp_disconnect(), from Eric Dumazet.
10) Div-by-zero on 32-bit fix in mlx4 driver, from Eugenia Emantayev.
11) Fix stale link state during failover in NCSCI driver, from Gavin
Shan.12) Fix netdev lower adjacency list traversal, from Ido Schimmel.
13) Propvide proper handle when emitting notifications of filter
deletes, from Jamal Hadi Salim.14) Memory leaks and big-endian issues in rtl8xxxu, from Jes Sorensen.
15) Fix DESYNC_FACTOR handling in ipv6, from Jiri Bohac.
16) Several routing offload fixes in mlxsw driver, from Jiri Pirko.
17) Fix broadcast sync problem in TIPC, from Jon Paul Maloy.
18) Validate chunk len before using it in SCTP, from Marcelo Ricardo
Leitner.19) Revert a netns locking change that causes regressions, from Paul
Moore.20) Add recursion limit to GRO handling, from Sabrina Dubroca.
21) GFP_KERNEL in irq context fix in ibmvnic, from Thomas Falcon.
22) Avoid accessing stale vxlan/geneve socket in data path, from
Pravin Shelar"* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (189 commits)
geneve: avoid using stale geneve socket.
vxlan: avoid using stale vxlan socket.
qede: Fix out-of-bound fastpath memory access
net: phy: dp83848: add dp83822 PHY support
enic: fix rq disable
tipc: fix broadcast link synchronization problem
ibmvnic: Fix missing brackets in init_sub_crq_irqs
ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context
Revert "ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context"
arch/powerpc: Update parameters for csum_tcpudp_magic & csum_tcpudp_nofold
net/mlx4_en: Save slave ethtool stats command
net/mlx4_en: Fix potential deadlock in port statistics flow
net/mlx4: Fix firmware command timeout during interrupt test
net/mlx4_core: Do not access comm channel if it has not yet been initialized
net/mlx4_en: Fix panic during reboot
net/mlx4_en: Process all completions in RX rings after port goes up
net/mlx4_en: Resolve dividing by zero in 32-bit system
net/mlx4_core: Change the default value of enable_qos
net/mlx4_core: Avoid setting ports to auto when only one port type is supported
net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW spec
... -
This patch is similar to earlier vxlan patch.
Geneve device close operation frees geneve socket. This
operation can race with geneve-xmit function which
dereferences geneve socket. Following patch uses RCU
mechanism to avoid this situation.Signed-off-by: Pravin B Shelar
Acked-by: John W. Linville
Signed-off-by: David S. Miller -
When vxlan device is closed vxlan socket is freed. This
operation can race with vxlan-xmit function which
dereferences vxlan socket. Following patch uses RCU
mechanism to avoid this situation.Signed-off-by: Pravin B Shelar
Signed-off-by: David S. Miller -
Driver allocates a shadow array for transmitted SKBs with X entries;
That means valid indices are {0,...,X - 1}. [X == 8191]
Problem is the driver also uses X as a mask for a
producer/consumer in order to choose the right entry in the
array which allows access to entry X which is out of bounds.To fix this, simply allocate X + 1 entries in the shadow array.
Signed-off-by: Yuval Mintz
Signed-off-by: David S. Miller -
This PHY has a compatible register set with DP83848x so
add support for it.Acked-by: Andrew F. Davis
Signed-off-by: Roger Quadros
Signed-off-by: David S. Miller -
When MTU is changed from 9000 to 1500 while there is burst of inbound 9000
bytes packets, adaptor sometimes delivers 9000 bytes packets to 1500 bytes
buffers. This causes memory corruption and sometimes crash.This is because of a race condition in adaptor between "RQ disable"
clearing descriptor mini-cache and mini-cache valid bit being set by
completion of descriptor fetch. This can result in stale RQ desc being
cached and used when packets arrive. In this case, the stale descriptor
have old MTU value.Solution is to write RQ->disable twice. The first write will stop any
further desc fetches, allowing the second disable to clear the mini-cache
valid bit without danger of a race.Also, the check for rq->running becoming 0 after writing rq->enable to 0
is not done properly. When incoming packets are flooding the interface,
rq->running will pulse high for each dropped packet. Since the driver was
waiting for 10us between each poll, it is possible to see rq->running = 1
1000 times in a row, even though it is not actually stuck running.
This results in false failure of vnic_rq_disable(). Fix is to try more
than 1000 time without delay between polls to ensure we do not miss when
running goes low.In old adaptors rq->enable needs to be re-written to 0 when posted_index
is reset in vnic_rq_clean() in order to keep rq->prefetch_index in sync.Signed-off-by: Govindarajulu Varadarajan
Signed-off-by: David S. Miller -
In commit 2d18ac4ba745 ("tipc: extend broadcast link initialization
criteria") we tried to fix a problem with the initial synchronization
of broadcast link acknowledge values. Unfortunately that solution is
not sufficient to solve the issue.We have seen it happen that LINK_PROTOCOL/STATE packets with a valid
non-zero unicast acknowledge number may bypass BCAST_PROTOCOL
initialization, NAME_DISTRIBUTOR and other STATE packets with invalid
broadcast acknowledge numbers, leading to premature opening of the
broadcast link. When the bypassed packets finally arrive, they are
inadvertently accepted, and the already correctly initialized
acknowledge number in the broadcast receive link is overwritten by
the invalid (zero) value of the said packets. After this the broadcast
link goes stale.We now fix this by marking the packets where we know the acknowledge
value is or may be invalid, and then ignoring the acks from those.To this purpose, we claim an unused bit in the header to indicate that
the value is invalid. We set the bit to 1 in the initial BCAST_PROTOCOL
synchronization packet and all initial ("bulk") NAME_DISTRIBUTOR
packets, plus those LINK_PROTOCOL packets sent out before the broadcast
links are fully synchronized.This minor protocol update is fully backwards compatible.
Reported-by: John Thompson
Tested-by: John Thompson
Signed-off-by: Jon Maloy
Signed-off-by: David S. Miller -
Signed-off-by: Thomas Falcon
Signed-off-by: David S. Miller -
Schedule these XPORT event tasks in the shared workqueue
so that IRQs are not freed in an interrupt context when
sub-CRQs are released.Signed-off-by: Thomas Falcon
Signed-off-by: David S. Miller -
This reverts commit 8d7533e5aaad1c94386a8101a36b0617987966b7.
It introduced kbuild failures, new version coming.
Signed-off-by: David S. Miller
-
Jeff Kirsher says:
====================
Intel Wired LAN Driver Updates 2016-10-27This series contains fixes to ixgbe and i40e.
Emil fixes a NULL pointer dereference when a macvlan interface is brought
up while the PF is still down.David root caused the original panic that was fixed by commit id
(a036244c068612 "i40e: Fix kernel panic on enable/disable LLDP") and the
fix was not quite correct, so removed the get_default_tc() and replaced
it with a #define since there is only one TC supported as a default.Guilherme Piccoli fixes an issue where if we modprobe the driver module
without enough MSI-X interrupts, then unload the module and reload it
again, the kernel would crash. So if we fail to allocate enough MSI-X
interrupts, we should disable them since they were previously enabled.Huaibin Wang found that the order of the arguments for
ndo_dflt_bridge_getlink() were in the correct order, so fix the order.
====================Signed-off-by: David S. Miller
-
Commit 01cfbad "ipv4: Update parameters for csum_tcpudp_magic to their
original types" changed parameters for csum_tcpudp_magic and
csum_tcpudp_nofold for many platforms but not for PowerPC.Fixes: 01cfbad "ipv4: Update parameters for csum_tcpudp_magic to their original types"
Cc: Alexander Duyck
Signed-off-by: Ivan Vecera
Acked-by: Alexander Duyck
Signed-off-by: David S. Miller -
Pull x86 bugfix from Thomas Gleixner:
"A single bugfix for the recent changes related to registering the boot
cpu when this has not happened before prefill_possible_map().The main problem with this change got fixed already, but we missed the
case where the local APIC is not yet mapped, when prefill_possible_map()
is invoked, so the registration of the boot cpu which has the APIC bit
set in CPUID will explode.I should have seen that issue earlier, but all I can do now is feeling
embarassed"* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/smpboot: Init apic mapping before usage -
Tariq Toukan says:
====================
mlx4 misc fixes for 4.9This patchset contains several bug fixes from the team to the
mlx4 Eth and Core drivers.Series generated against net commit:
ecc515d7238f 'sctp: fix the panic caused by route update'
====================Signed-off-by: David S. Miller
-
Following the previous patch, as an optimization, the slave will
not even bother sending the DUMP_ETH_STATS command over the
comm channel.Signed-off-by: Tariq Toukan
Signed-off-by: David S. Miller
