-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAlu2jLMACgkQiiy9cAdy
T1GLMQwAiUaUTtR0MN2ws+IHNnwFX5YnWFa1Cr/6Tgz9WBo5TrrvQcBGhTIUQok2
7w2+I0rXPO7P7Tq2odWn66BT1/l0o2U10aB4OHYlS7zqfCAp6GuwKGtATivRqjsg
ENn2mmBRuTmz+XtGmlVklmQpHjn4+MTR2GSLA57oo1fqX5YBeSxcq2UEciCGttRQ
nAvn923NrPSbGRvL/eDDWGXas8gMATXnrNlN8st2AsxnoFC6CrzUuRM0s/IFgp6r
Orh0jIlovlT2Q6LdND7n7xXnEVoyUTETG89IjRVwcBJ9LtXrJXpuWo7/sOr11cMy
sGeUkILNlmkIdLtIlUaZcGaclq/yfeKdMxziBT8tWP6wXIH4LrGCzvZ9jDtrzygU
EWL2nLsqMJNh0+wsYSZM/m9VFC1ReeB1AgIC2EHu/xzqWoTeL40i2OhKi/732FEX
H+FlTZUoorhFoI96AMJMrqXjXyqZUZSQ1b5iJ7/jq888Vdey+m7HiMUtxv0+5yzC
+lQksh8X
=4PHD
-----END PGP SIGNATURE-----
Merge tag '4.19-rc6-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6
Steve writes:
"SMB3 fixes
four small SMB3 fixes: one for stable, the others to address a more
recent regression"
* tag '4.19-rc6-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
smb3: fix lease break problem introduced by compounding
cifs: only wake the thread for the very last PDU in a compound
cifs: add a warning if we try to to dequeue a deleted mid
smb2: fix missing files in root share directory listing
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJbtphfAAoJEAx081l5xIa+OwYP/1dmnns1njRhGP7DAL4+/5GH
U/LXZtHRhWKMdQOPyCyzZ0xBTPGG1utrTEphdGbYoHIM3yhpWXMmazQlfwmM2S0+
6F5ca0M5f4YKo8up/a8Tn215J5gf8LpoyzhSXaau9kbb2yfusmgB6ZRZOltGgW04
CKnERuvUDwfaHlNBADfcRGK1BzPVNBESzDJ4DhdYtmVSNlMjJ1bqvjjqqIUcNfP3
ifcbOcm6G+efSqSM9s55XbQml5pgeBKLvS2N27tIZp/2Y1HaIbBeWGGxJLcQpzDP
h1lEMmQl7Z81iVqAxFnHSzwEQ5YrxMKWOX9108MlYjDOYa6K3Q81tzOjMr8z3pGv
9Lfq1YCd6rwQ9H7UCwOuO9yvVGqgmEpT6kxVZaiEVFBwAgh7RsYSMwsD4npjKwHK
VYbuSXPN+BBcObqJTlZz3zOqTngtImUGX1xaqHgOTSCksBLtToBAL2KkvJeNrctr
4zTzsS9Rkce5hSMTzkh6mm0yzh74V9SnwAzhbS+UEEtPufE9u1BpOHeRYMeI95PV
cQnTj9zY5KcfeZjPURtOO2lCBzHDpTDSl+wIIXAJSwsX/FdksA/2B22vOqJbn4Zd
70M673sOg0FxE5wyCSNSiBs0Iq9oz5/cGDKzRJ1u4mh/KbQJ3y8nGQJamA4TafCM
rRZwcKXRHkPa+D6eSiw5
=slnZ
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-2018-10-05' of git://anongit.freedesktop.org/drm/drm
Dave writes:
"amdgpu and two core fixes
Two fixes for amdgpu:
one corrects a use of process->mm
one fix for display code race condition that can result in a crash
Two core fixes:
One for a use-after-free in the leasing code
One for a cma/fbdev crash."
* tag 'drm-fixes-2018-10-05' of git://anongit.freedesktop.org/drm/drm:
drm/amdkfd: Fix incorrect use of process->mm
drm/amd/display: Signal hw_done() after waiting for flip_done()
drm/cma-helper: Fix crash in fbdev error path
drm: fix use-after-free read in drm_mode_create_lease_ioctl()
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQSQHSd0lITzzeNWNm3h3BK/laaZPAUCW7YOCQAKCRDh3BK/laaZ
PAmGAQC1/3+mkfHXqyDx+zv4f7A348ZULW26EWFWwMwlEljWowD+PlRFBgUu5v5c
194mCApZU7hl6o0u07aijjz6m81e6QE=
=dM89
-----END PGP SIGNATURE-----
Merge tag 'ovl-fixes-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs
Miklos writes:
"overlayfs fixes for 4.19-rc7
This update fixes a couple of regressions in the stacked file update
added in this cycle, as well as some older bugs uncovered by
syzkaller.
There's also one trivial naming change that touches other parts of
the fs subsystem."
* tag 'ovl-fixes-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
ovl: fix format of setxattr debug
ovl: fix access beyond unterminated strings
ovl: make symbol 'ovl_aops' static
vfs: swap names of {do,vfs}_clone_file_range()
ovl: fix freeze protection bypass in ovl_clone_file_range()
ovl: fix freeze protection bypass in ovl_write_iter()
ovl: fix memory leak on unlink of indexed file
Russell writes:
"A couple of small ARM fixes from Stefan and Thomas:
- Adding the io_pgetevents syscall
- Fixing a bounds check in pci_ioremap_io()"
* 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm:
ARM: 8799/1: mm: fix pci_ioremap_io() offset check
ARM: 8787/1: wire up io_pgetevents syscall
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJbtZxeAAoJEAx081l5xIa+1KEQAJmSBltsNgJR+wnttTNVdfmI
COnkhFC6bzBcVWzpf978xAHHRdBb/2FpPtG6w6KHeREV2FXZD/LVJm8MDjibivBg
8CANk1H6vJ40PdYRBBL6fjrVi/8ydoD7PAT5fWTFH5lbF2jJqH1T5AMatHE29nPa
wpKZUk4mp6QhABIAsl85W8kw5UjXMdIiC75Qujvd6q5H7gj4Zkd3QdNnCtmnk00x
N44x1hc8DxVNZyGBbPQhfhjzNy/X5+8xtHGznKTRVngYpjX+LslHOZQELhpEa88P
c4AaI3jz+f6RFc6zekkW76aWQ0EVKIuedWUzmRFLqvsaLndMXIPfRqNnyj1CEoSN
bN645tNJuHM5QYCTThJWuZsb+nXdV0tblCD8R4W/DHQkzWNt23hE9TqPAiz8Bw0A
8li9bLYfDjuhOBsFhkZRKYvuNCiuTF44sw8D4QfWHCAj9k6v+tRReRktuqX7rVT0
VActmPNSOkZUO4Y2imT8WrvvdG/BG0vzbSTk0auJm/RvBMS0FUUxQyUl02cy9Fv4
kjRY6Ge9nLk8Y3TqMDfMB57oOQ/p7op5TmlsvKV6VcmREfMO7mvYim6EXUjmAtad
kxUbjjPGIEE1A+aUIyofyMQuMEs9qxdb/GnxHsUu9rRhRxwluxjkAPEQeJ1jFtjc
bmc78U3C9k90MJzOdpOR
=gF5o
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-2018-10-04' of git://anongit.freedesktop.org/drm/drm
Dave writes:
"drm exynos, tda9950 and intel fixes
3 i915 fixes:
compressed error handling zlib fix
compiler warning cleanup
and a minor code cleanup
2 tda9950:
Two fixes for the HDMI CEC
1 exynos:
A fix required for IOMMU interaction."
* tag 'drm-fixes-2018-10-04' of git://anongit.freedesktop.org/drm/drm:
drm/i915: Handle incomplete Z_FINISH for compressed error states
drm/i915: Avoid compiler warning for maybe unused gu_misc_iir
drm/i915: Do not redefine the has_csr parameter.
drm/exynos: Use selected dma_dev default iommu domain instead of a fake one
drm/i2c: tda9950: set MAX_RETRIES for errors only
drm/i2c: tda9950: fix timeout counter check
Accumlated regression and bug fixes for 4.19-rc6, including:
o make iomap correctly mark dirty pages for sub-page block sizes
o fix regression in handling extent-to-btree format conversion errors
o fix torn log wrap detection for new logs
o various corrupt inode detection fixes
o various delalloc state fixes
o cleanup all the missed transaction cancel cases missed from changes merged
in 4.19-rc1
o fix lockdep false positive on transaction allocation
o fix locking and reference counting on buffer log items
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJbtVyHAAoJEK3oKUf0dfodc8YP/1hT+TdXZDBVPo9kXQwmrnra
8P1J8IEuGj851PwYQobUhifdDh4eQ+PpcYEIfqTSGhtjTg7cqyQOvTo4uUKHLn50
8mFXQb6JrAFYnjGjorOCde+lpoQrtj3oKASscs7RaL/W1RNffY74UGdiE0yOJnJs
9IC7TpJT4ZzAgYBgC61whfYWmszLmRuKlVZWgXrM8hkMqliHdfrXeZk7MXTeiflz
Q5+9eVnCCgTtC0TWgVAkFMvlZs7UtNMWIIn6zt+HQLB7Vms6q4ArpIT+fF45njwG
94tyTcFT0AcIJ8OIi5i85fOXcDGjTFFf554Yf80PlWGlk3SbXPHFQao/ItDA4S1Z
eCl2eurUOXlNXKuyzWoV5KjOBiiBicbOwl6eX0K996cGehhEdFOvBihvAGjJy5rm
c4plTTy6bhYKZWr3JLuaPDlNWDMr/P/aUkiq9tFXyaMmVKNeyxd6UKzIokl5uUfi
Ycik4Ik8zRgpFEUx5Clvb2W5qH9pqpR0WcFhrcj0mDnJa10TpBWesA0g2F+hM0Jc
0mSuGxfQeJk7tuVcvsBpPNzgVEPKabvnYbOlGK7HvCSOPRkg0Fhmj+iJK721ccVl
Ltiz0Y485eAGLKn9kOWKr47A5GAAFpuK29OrD2a8XizHPZ3Sr2CG5X1jI0gtMb8n
BiBAxO6dojRQATDuTI6w
=5ylA
-----END PGP SIGNATURE-----
Merge tag 'xfs-fixes-for-4.19-rc6' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
Dave writes:
"XFS fixes for 4.19-rc6
Accumlated regression and bug fixes for 4.19-rc6, including:
o make iomap correctly mark dirty pages for sub-page block sizes
o fix regression in handling extent-to-btree format conversion errors
o fix torn log wrap detection for new logs
o various corrupt inode detection fixes
o various delalloc state fixes
o cleanup all the missed transaction cancel cases missed from changes merged
in 4.19-rc1
o fix lockdep false positive on transaction allocation
o fix locking and reference counting on buffer log items"
* tag 'xfs-fixes-for-4.19-rc6' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
xfs: fix error handling in xfs_bmap_extents_to_btree
iomap: set page dirty after partial delalloc on mkwrite
xfs: remove invalid log recovery first/last cycle check
xfs: validate inode di_forkoff
xfs: skip delalloc COW blocks in xfs_reflink_end_cow
xfs: don't treat unknown di_flags2 as corruption in scrub
xfs: remove duplicated include from alloc.c
xfs: don't bring in extents in xfs_bmap_punch_delalloc_range
xfs: fix transaction leak in xfs_reflink_allocate_cow()
xfs: avoid lockdep false positives in xfs_trans_alloc
xfs: refactor xfs_buf_log_item reference count handling
xfs: clean up xfs_trans_brelse()
xfs: don't unlock invalidated buf on aborted tx commit
xfs: remove last of unnecessary xfs_defer_cancel() callers
xfs: don't crash the vfs on a garbage inline symlink
This tag contains a single patch that managed to get lost in the
shuffle, which explains why it's so late. This single line has been
floating around in various patch sets for months, and fixes our DMA32
region.
-----BEGIN PGP SIGNATURE-----
iQJHBAABCAAxFiEEAM520YNJYN/OiG3470yhUCzLq0EFAluzzHITHHBhbG1lckBk
YWJiZWx0LmNvbQAKCRDvTKFQLMurQSrQD/4rizKPzKVMVUEMV0fWM9rSJ2mr130W
O8JGz1l8PtlPum6Fjhy3UHbLlZ/36D23vdf2qv10Zlwj5WquUH2J3dWL4wSh5yTY
NsM/Ehg03glLY15Nf6L3QSA2Jw+0vEqj/WAaGASdZvEfc7zwlP62jqDWGUMjUdR8
w9aG3AED4d9gnOxaPgUwDFHP0VdsBWLr546QOhefScMk9FUlKCjENn7IPVHzBqRc
7V0ILlENbUOrCd/zQIptjXYiEb59YNLsXUEFyqjWU2Ey+PwUiHFBduUexB1+cQC1
z87E7ZWQ5HM2P9Xp1E4fw0kAxmni2XjeAnNJjfjK/nFv98bPbwyasP3N8eldk98R
O6FAcLdqNP4xjeOpmF821JkM6eTNXefxh63dRCtUjrh1qTnYMnrERikz/C/LRLWu
6vWBrUiJYpNsl6HRmCLwZXp6IG1VulD1OkSoAQK6HlJUzD0Gc7pwwXuCKSvpziDd
JCN3ZHelSgrHaGseSTkn8icJTP2mP6MCzSDfSBcngwj4nMFBrCJir7eb3dGUW57k
sKbp/cYmbGIfcoz+vNBlxOSbl1IJRND0cc1HNIwANJXbllfair78CLqd2DiHZwMJ
HW5l3Pi9KkQwet7sMQoqOTcmkdyaq5/m51wFT1pRrwqQjy5oipiYPhIqw+N06zXL
tDrkUlaYA+aE3A==
=QoXG
-----END PGP SIGNATURE-----
Merge tag 'riscv-for-linus-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux
Palmer writes:
"A Single RISC-V Fix for 4.19-rc7
This tag contains a single patch that managed to get lost in the
shuffle, which explains why it's so late. This single line has been
floating around in various patch sets for months, and fixes our DMA32
region."
* tag 'riscv-for-linus-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux:
RISCV: Fix end PFN for low memory
This mm_struct pointer should never be dereferenced. If running in
a user thread, just use current->mm. If running in a kernel worker
use get_task_mm to get a safe reference to the mm_struct.
Reviewed-by: Oded Gabbay <oded.gabbay@gmail.com>
Acked-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
In amdgpu_dm_commit_tail(), wait until flip_done() is signaled before
we signal hw_done().
[Why]
This is to temporarily address a paging error that occurs when a
nonblocking commit contends with another commit, particularly in a
mirrored display configuration where at least 2 CRTCs are updated.
The error occurs in drm_atomic_helper_wait_for_flip_done(), when we
attempt to access the contents of new_crtc_state->commit.
Here's the sequence for a mirrored 2 display setup (irrelevant steps
left out for clarity):
**THREAD 1** | **THREAD 2**
|
Initialize atomic state for flip |
|
Queue worker |
...
| Do work for flip
|
| Signal hw_done() on CRTC 1
| Signal hw_done() on CRTC 2
|
| Wait for flip_done() on CRTC 1
<---- **PREEMPTED BY THREAD 1**
Initialize atomic state for cursor |
update (1) |
|
Do cursor update work on both CRTCs |
|
Clear atomic state (2) |
**DONE** |
...
|
| Wait for flip_done() on CRTC 2
| *ERROR*
|
The issue starts with (1). When the atomic state is initialized, the
current CRTC states are duplicated to be the new_crtc_states, and
referenced to be the old_crtc_states. (The new_crtc_states are to be
filled with update data.)
Some things to note:
* Due to the mirrored configuration, the cursor updates on both CRTCs.
* At this point, the pflip IRQ has already been handled, and flip_done
signaled on all CRTCs. The cursor commit can therefore continue.
* The old_crtc_states used by the cursor update are the **same states**
as the new_crtc_states used by the flip worker.
At (2), the old_crtc_state is freed (*), and the cursor commit
completes. We then context switch back to the flip worker, where we
attempt to access the new_crtc_state->commit object. This is
problematic, as this state has already been freed.
(*) Technically, 'state->crtcs[i].state' is freed, which was made to
reference old_crtc_state in drm_atomic_helper_swap_state()
[How]
By moving hw_done() after wait_for_flip_done(), we're guaranteed that
the new_crtc_state (from the flip worker's perspective) still exists.
This is because any other commit will be blocked, waiting for the
hw_done() signal.
Note that both the i915 and imx drivers have this sequence flipped
already, masking this problem.
Signed-off-by: Shirish S <shirish.s@amd.com>
Signed-off-by: Leo Li <sunpeng.li@amd.com>
Reviewed-by: Harry Wentland <harry.wentland@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Format has a typo: it was meant to be "%.*s", not "%*s". But at some point
callers grew nonprintable values as well, so use "%*pE" instead with a
maximized length.
Reported-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes: 3a1e819b4e80 ("ovl: store file handle of lower inode on copy up")
Cc: <stable@vger.kernel.org> # v4.12
, plus a compilation warning fix and a tiny code clean up.
-----BEGIN PGP SIGNATURE-----
iQEcBAABAgAGBQJbtSZlAAoJEPpiX2QO6xPKolQH/iFFZ359UuEzjj+mB7i5seYL
L3c3iT4m7ZIIjcI6Y1kne/EQ7ipRAzpvDBSx8/3GD+4GqgJczeTbHrUqTqFkPwPo
sReoEUwEgMOMdy0suydMwx71iw5PRJ0BUp4YiB38Dx8IG7BGLyYP46jP7wCpkGxs
j9h2Y3M2sUPwqcQBbdLU66cRgWxrPBKkypdv77Sziel4j+8y5gCjtPKAO92KurgJ
uNdHREn0Dx/X0iDUVPpsIPHnBQZWjbf3c/v8Hn+zdzlElfJhpQDdeuFeSG2w9sVr
3nRhnl9ZHj5m7V7nWDTzeCk1+QHBLHLOQfSK+MoKGFnI1jznF9yfWjZHKDile4Y=
=4FHj
-----END PGP SIGNATURE-----
Merge tag 'drm-intel-fixes-2018-10-03' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
There's one fix for our zlib incomlete Z_FINISH on our error state handling,
plus a compilation warning fix and a tiny code clean up.
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Rodrigo Vivi <rodrigo.vivi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20181003202840.GA23560@intel.com
David writes:
"Networking fixes:
1) Prefix length validation in xfrm layer, from Steffen Klassert.
2) TX status reporting fix in mac80211, from Andrei Otcheretianski.
3) Fix hangs due to TX_DROP in mac80211, from Bob Copeland.
4) Fix DMA error regression in b43, from Larry Finger.
5) Add input validation to xenvif_set_hash_mapping(), from Jan Beulich.
6) SMMU unmapping fix in hns driver, from Yunsheng Lin.
7) Bluetooh crash in unpairing on SMP, from Matias Karhumaa.
8) WoL handling fixes in the phy layer, from Heiner Kallweit.
9) Fix deadlock in bonding, from Mahesh Bandewar.
10) Fill ttl inherit infor in vxlan driver, from Hangbin Liu.
11) Fix TX timeouts during netpoll, from Michael Chan.
12) RXRPC layer fixes from David Howells.
13) Another batch of ndo_poll_controller() removals to deal with
excessive resource consumption during load. From Eric Dumazet.
14) Fix a specific TIPC failure secnario, from LUU Duc Canh.
15) Really disable clocks in r8169 during suspend so that low
power states can actually be reached.
16) Fix SYN backlog lockdep issue in tcp and dccp, from Eric Dumazet.
17) Fix RCU locking in netpoll SKB send, which shows up in bonding,
from Dave Jones.
18) Fix TX stalls in r8169, from Heiner Kallweit.
19) Fix locksup in nfp due to control message storms, from Jakub
Kicinski.
20) Various rmnet bug fixes from Subash Abhinov Kasiviswanathan and
Sean Tranchetti.
21) Fix use after free in ip_cmsg_recv_dstaddr(), from Eric Dumazet."
* gitolite.kernel.org:/pub/scm/linux/kernel/git/davem/net: (122 commits)
ixgbe: check return value of napi_complete_done()
sctp: fix fall-through annotation
r8169: always autoneg on resume
ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()
net: qualcomm: rmnet: Fix incorrect allocation flag in receive path
net: qualcomm: rmnet: Fix incorrect allocation flag in transmit
net: qualcomm: rmnet: Skip processing loopback packets
net: systemport: Fix wake-up interrupt race during resume
rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096
bonding: fix warning message
inet: make sure to grab rcu_read_lock before using ireq->ireq_opt
nfp: avoid soft lockups under control message storm
declance: Fix continuation with the adapter identification message
net: fec: fix rare tx timeout
r8169: fix network stalls due to missing bit TXCFG_AUTO_FIFO
tun: napi flags belong to tfile
tun: initialize napi_mutex unconditionally
tun: remove unused parameters
bond: take rcu lock in netpoll_send_skb_on_dev
rtnetlink: Fail dump if target netnsid is invalid
...
The NIC driver should only enable interrupts when napi_complete_done()
returns true. This patch adds the check for ixgbe.
Cc: stable@vger.kernel.org # 4.10+
Suggested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Song Liu <songliubraving@fb.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This fixes update for 4.19-rc7 consists one fix to rseq test to prevent
it from seg-faulting when compiled with -fpie.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEPZKym/RZuOCGeA/kCwJExA0NQxwFAlu00osACgkQCwJExA0N
Qxx9kxAAlpBmezLtggexIXXTJiiiKV0VHiqUtQhgsEcPdNO28G9FDTWErh+4QBc5
oEgveIKYgpVy5hfPgw2SK1qzdwowlA0dHcgQYiOPs6GBEhh8nDCQjMj9KMfpV7dT
9FxCCZS+d6YLmVELxHlCAe0e2Am5KShk2IiEweBqIhQbJCEXwl3/MwAm3Az3/S8u
ZNqAt8TuU5HMrF4FkmzDIluDpNXcfQbw4xVPxBcR+ddvIiAYhc+o+NV935ecRzmX
lY7i8tmmCcHVv1jluIhcjo2CsY+GDS3dn3xXGTpkjd5s0aSXuM9NmtuGaF7jJ5X9
37vZGR3GyZI/x8ATP2N2/YIL8mF0eiMH2Mdq2Twuj+fYXWbjfUPmxxuJKpGMvtLV
0NlyPBTKxn5zDmdSu8YZlBcQBAiBHJFMt/mdwalt+xLlQKTaYFzM3flM6QTKGO85
sdBsfncbZa05T53EMuhS177LKe7PMLZByUFWd2FNMeyUHKI4INobB4ILsjbgCJiu
010dF5aVsSWNN8tt2+amQ8nzmosB3muycW9SI6f93WqC3u88NlwgTeS3tOmUEQaA
UpEPbioAstYnOujHY+gEapRVA5g+HQs/sW3LU0c5+szjWLbWPLZmoiAuztiWFatS
MWBmF/q8j9mnkYpyrtT/tep84sC8hcZnuyEnM9ta+vvWzcPTozQ=
=Gew9
-----END PGP SIGNATURE-----
Merge tag 'linux-kselftest-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
Shuah writes:
"kselftest fixes for 4.19-rc7
This fixes update for 4.19-rc7 consists one fix to rseq test to
prevent it from seg-faulting when compiled with -fpie."
* tag 'linux-kselftest-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
rseq/selftests: fix parametrized test with -fpie
Replace "fallthru" with a proper "fall through" annotation.
This fix is part of the ongoing efforts to enabling
-Wimplicit-fallthrough
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The final call to zlib_deflate(Z_FINISH) may require more output
space to be allocated and so needs to re-invoked. Failure to do so in
the current code leads to incomplete zlib streams (albeit intact due to
the use of Z_SYNC_FLUSH) resulting in the occasional short object
capture.
v2: Check against overrunning our pre-allocated page array
v3: Drop Z_SYNC_FLUSH entirely
Testcase: igt/i915-error-capture.js
Fixes: 0a97015d45ee ("drm/i915: Compress GPU objects in error state")
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Cc: <stable@vger.kernel.org> # v4.10+
Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20181003082422.23214-1-chris@chris-wilson.co.uk
(cherry picked from commit 83bc0f5b432f60394466deef16fc753e27371d0b)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Jiri writes:
"HID fixes:
- hantick touchpad fix from Anisse Astier
- device ID addition for Ice Lake mobile from Srinivas Pandruvada
- touchscreen resume fix for certain i2c-hid driven devices from Hans
de Goede"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
HID: intel-ish-hid: Enable Ice Lake mobile
HID: i2c-hid: Remove RESEND_REPORT_DESCR quirk and its handling
HID: i2c-hid: disable runtime PM operations on hantick touchpad
Al writes:
"xattrs regression fix from Andreas; sat in -next for quite a while."
* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
sysfs: Do not return POSIX ACL xattrs via listxattr
The event subscriptions are added to the subscribed event list while
holding a spinlock, but that lock is subsequently released while still
accessing the subscription object. This makes it possible to unsubscribe
the event --- and freeing the subscription object's memory --- while
the subscription object is simultaneously accessed.
Prevent this by adding a mutex to serialise the event subscription and
unsubscription. This also gives a guarantee to the callback ops that the
add op has returned before the del op is called.
This change also results in making the elems field less special:
subscriptions are only added to the event list once they are fully
initialised.
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Reviewed-by: Hans Verkuil <hans.verkuil@cisco.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Cc: stable@vger.kernel.org # for 4.14 and up
Fixes: c3b5b0241f62 ("V4L/DVB: V4L: Events: Add backend")
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
- This patch makes it to reuse default IOMMU domain instead of
allocating a fake IOMMU domain, and allows some design changes
for enhancement of IOMMU framework[1] without breaking Exynos DRM.
[1] https://www.spinics.net/lists/arm-kernel/msg676098.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJbsYFzAAoJEFc4NIkMQxK4lxsP/1EbVvEq0BhjYLo6CcGA099B
jFv9PPgcCKw8e0lSZ2Hxs+OsNF8lXD8ylxwzmXOSKPo9EtMGtHs+0dMTJfeZvmqZ
NSM4WkJmqjAFl4fsTZzRzaWbM0++F/AelO6V6wX9jaNb7rOr9AKtA7lDKyFuqlKq
4m36fvyxOm5V0uUgV6yphtSBE02tnjCc+fwlZCDzQ/vsneS163FJTSWZ+JZ1ES34
pSUMaPyIgM09I7wBCzNMYKIqfzkygzpu0DHJsG6HCW86ypDCtOkOMM44Abr1mmfo
d5l9SrreHom17ghBflRJsdsGd7um8nRKqbvgQ2wyd1pCl62RqPK0y5bvXW2UkuQK
CdB4lZP1JeuKjeFTy16R5I0JMTZQMdLVd2eeQZRfm7gKxb4RI5TxO9ddCDVnwQXy
p37ee/wz8Rbq8+5oeXGy0IYXXl0lrAPdTXSTOz/w0T0iNvZkg6XCWcheVvsqowj/
aPy4wpPg/TXRB9294JUNFQYMZmPs7IrzwSLNxKh9LaTxy+TIznhl2AYUXsMfpuz1
vjzyRaBiBC48K7W+z5eelHitgfbXO26AfA3M4PmwZdrvGcvjTxyun9l95rY0cN3/
2LA4nfdbhWDH0FAnInec5K1U63y1oypIHnZjm1nfAh+T4oacSCpGinEXtEYJF6mF
YGdRK5F7oZ8msZwa6AkV
=S0+P
-----END PGP SIGNATURE-----
Merge tag 'exynos-drm-fixes-for-v4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos into drm-fixes
Use default iommu domain instead of fake one
- This patch makes it to reuse default IOMMU domain instead of
allocating a fake IOMMU domain, and allows some design changes
for enhancement of IOMMU framework[1] without breaking Exynos DRM.
[1] https://www.spinics.net/lists/arm-kernel/msg676098.html
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Inki Dae <inki.dae@samsung.com>
Link: https://patchwork.freedesktop.org/patch/msgid/1538360696-23579-1-git-send-email-inki.dae@samsung.com
This affects at least versions 25 and 33, so assume all cards are broken
and just renegotiate by default.
Fixes: 10bc6a6042c9 ("r8169: fix autoneg issue on resume with RTL8168E")
Signed-off-by: Alex Xu (Hello71) <alex_y_xu@yahoo.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
Caching ip_hdr(skb) before a call to pskb_may_pull() is buggy,
do not do it.
Fixes: 2efd4fca703a ("ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-----BEGIN PGP SIGNATURE-----
iQEcBAABAgAGBQJbsmA5AAoJEEg/ir3gV/o+Bg0IAM4qUD878349YufTxlNI3usz
pPyRYLFfh+f3oTjGWxZ4SlAzMsCVnGDWMKFBj33qnJen1YcMxD2DriTIStQfOHkE
EpErxxMa70YFY2VyvD6Gt/Xfw9Q4ZGrp9j4tNnXVBMVT+EDhui/OpHFlpgoLtpLk
A8pxPRkbQNdql4OWOLwVpFJoleB0mJp4+ed+z743z4ectBfY0Iqx6Yyk1TRUzLfB
o/cUV02M33Fi8XjjZ59crPrIc4r0iUcPDcd5+8i2WtOkfbFod9s1Dg4GMNbGpcFn
RPJX9A+XilMPCJNM8YhwcS2JxX8Y2XwUjBDbspx0RHX3HZY22SjuN2i5p1GZnLo=
=pu43
-----END PGP SIGNATURE-----
Merge tag 'mlx5-fixes-2018-10-01' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux
Saeed Mahameed says:
====================
Mellanox, mlx5 fixes 2018-10-01
This pull request includes some fixes to mlx5 driver,
Please pull and let me know if there's any problem.
For -stable v4.11:
"6e0a4a23c59a ('net/mlx5: E-Switch, Fix out of bound access when setting vport rate')"
For -stable v4.18:
"98d6627c372a ('net/mlx5e: Set vlan masks for all offloaded TC rules')"
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Subash Abhinov Kasiviswanathan says:
====================
net: qualcomm: rmnet: Updates 2018-10-02
This series is a set of small fixes for rmnet driver
Patch 1 is a fix for a scenario reported by syzkaller
Patch 2 & 3 are fixes for incorrect allocation flags
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
The incoming skb needs to be reallocated in case the headroom
is not sufficient to adjust the ethernet header. This allocation
needs to be atomic otherwise it results in this splat
[<600601bb>] ___might_sleep+0x185/0x1a3
[<603f6314>] ? _raw_spin_unlock_irqrestore+0x0/0x27
[<60069bb0>] ? __wake_up_common_lock+0x95/0xd1
[<600602b0>] __might_sleep+0xd7/0xe2
[<60065598>] ? enqueue_task_fair+0x112/0x209
[<600eea13>] __kmalloc_track_caller+0x5d/0x124
[<600ee9b6>] ? __kmalloc_track_caller+0x0/0x124
[<602696d5>] __kmalloc_reserve.isra.34+0x30/0x7e
[<603f629b>] ? _raw_spin_lock_irqsave+0x0/0x3d
[<6026b744>] pskb_expand_head+0xbf/0x310
[<6025ca6a>] rmnet_rx_handler+0x7e/0x16b
[<6025c9ec>] ? rmnet_rx_handler+0x0/0x16b
[<6027ad0c>] __netif_receive_skb_core+0x301/0x96f
[<60033c17>] ? set_signals+0x0/0x40
[<6027bbcb>] __netif_receive_skb+0x24/0x8e
Fixes: 74692caf1b0b ("net: qualcomm: rmnet: Process packets over ethernet")
Signed-off-by: Sean Tranchetti <stranche@codeaurora.org>
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
The incoming skb needs to be reallocated in case the headroom
is not sufficient to add the MAP header. This allocation needs to
be atomic otherwise it results in the following splat
[32805.801456] BUG: sleeping function called from invalid context
[32805.841141] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
[32805.904773] task: ffffffd7c5f62280 task.stack: ffffff80464a8000
[32805.910851] pc : ___might_sleep+0x180/0x188
[32805.915143] lr : ___might_sleep+0x180/0x188
[32806.131520] Call trace:
[32806.134041] ___might_sleep+0x180/0x188
[32806.137980] __might_sleep+0x50/0x84
[32806.141653] __kmalloc_track_caller+0x80/0x3bc
[32806.146215] __kmalloc_reserve+0x3c/0x88
[32806.150241] pskb_expand_head+0x74/0x288
[32806.154269] rmnet_egress_handler+0xb0/0x1d8
[32806.162239] rmnet_vnd_start_xmit+0xc8/0x13c
[32806.166627] dev_hard_start_xmit+0x148/0x280
[32806.181181] sch_direct_xmit+0xa4/0x198
[32806.185125] __qdisc_run+0x1f8/0x310
[32806.188803] net_tx_action+0x23c/0x26c
[32806.192655] __do_softirq+0x220/0x408
[32806.196420] do_softirq+0x4c/0x70
Fixes: ceed73a2cf4a ("drivers: net: ethernet: qualcomm: rmnet: Initial implementation")
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
RMNET RX handler was processing invalid packets that were
originally sent on the real device and were looped back via
dev_loopback_xmit(). This was detected using syzkaller.
Fixes: ceed73a2cf4a ("drivers: net: ethernet: qualcomm: rmnet: Initial implementation")
Signed-off-by: Sean Tranchetti <stranche@codeaurora.org>
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
The AON_PM_L2 is normally used to trigger and identify the source of a
wake-up event. Since the RX_SYS clock is no longer turned off, we also
have an interrupt being sent to the SYSTEMPORT INTRL_2_0 controller, and
that interrupt remains active up until the magic packet detector is
disabled which happens much later during the driver resumption.
The race happens if we have a CPU that is entering the SYSTEMPORT
INTRL2_0 handler during resume, and another CPU has managed to clear the
wake-up interrupt during bcm_sysport_resume_from_wol(). In that case, we
have the first CPU stuck in the interrupt handler with an interrupt
cause that has been cleared under its feet, and so we keep returning
IRQ_NONE and we never make any progress.
This was not a problem before because we would always turn off the
RX_SYS clock during WoL, so the SYSTEMPORT INTRL2_0 would also be turned
off as well, thus not latching the interrupt.
The fix is to make sure we do not enable either the MPD or
BRCM_TAG_MATCH interrupts since those are redundant with what the
AON_PM_L2 interrupt controller already processes and they would cause
such a race to occur.
Fixes: bb9051a2b230 ("net: systemport: Add support for WAKE_FILTER")
Fixes: 83e82f4c706b ("net: systemport: add Wake-on-LAN support")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fixes problem (discovered by Aurelien) introduced by recent commit:
commit b24df3e30cbf48255db866720fb71f14bf9d2f39
("cifs: update receive_encrypted_standard to handle compounded responses")
which broke the ability to respond to some lease breaks
(lease breaks being ignored is a problem since can block
server response for duration of the lease break timeout).
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
For compounded PDUs we whould only wake the waiting thread for the
very last PDU of the compound.
We do this so that we are guaranteed that the demultiplex_thread will
not process or access any of those MIDs any more once the send/recv
thread starts processing.
Else there is a race where at the end of the send/recv processing we
will try to delete all the mids of the compound. If the multiplex
thread still has other mids to process at this point for this compound
this can lead to an oops.
Needed to fix recent commit:
commit 730928c8f4be88e9d6a027a16b1e8fa9c59fc077
("cifs: update smb2_queryfs() to use compounding")
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
First, and also hopefully the last, set of fixes for 4.19. All small
but still important fixes
mt76x0
* fix a bug when a virtual interface is removed multiple times
b43
* fix DMA error related regression with proprietary firmware
iwlwifi
* fix an oops which was a regression in v4.19-rc1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJbsgclAAoJEG4XJFUm622bAJ0H/A53eluDpiA6cT2tbThQn/jC
+t9DH6EMR4WpYaBEFZtfbZxgrow2bdbllrfrcq22U8Z9BTg875MunJAureEG8Rkn
mBowkuu/RESOO00JXTuqvGcTP+1oaaETEdyABzQFI3uCDyEF9vGCJwNODtyQ5Rch
JYFVDJhWYm1K84jTCDX1x9izEKxf1PaQobh8JqZnvNG0QOIDpT6y/T5RGhUL9nTr
aRuGDa9ap4RFocq1t0eVqx/NliXOHuEbO58E6rMm9DiSujmf1Wa/tndNXGxGWk/N
X8KCz619Syr3v/lF6gXWwmsHt5TBh+peKajUsVY9wJUYkBFTOzVjy0ucYCr67yA=
=HZJ3
-----END PGP SIGNATURE-----
Merge tag 'wireless-drivers-for-davem-2018-10-01' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers
Kalle Valo says:
====================
wireless-drivers fixes for 4.19
First, and also hopefully the last, set of fixes for 4.19. All small
but still important fixes
mt76x0
* fix a bug when a virtual interface is removed multiple times
b43
* fix DMA error related regression with proprietary firmware
iwlwifi
* fix an oops which was a regression in v4.19-rc1
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
cifs_delete_mid() is called once we are finished handling a mid and we
expect no more work done on this mid.
Needed to fix recent commit:
commit 730928c8f4be88e9d6a027a16b1e8fa9c59fc077
("cifs: update smb2_queryfs() to use compounding")
Add a warning if someone tries to dequeue a mid that has already been
flagged to be deleted.
Also change list_del() to list_del_init() so that if we have similar bugs
resurface in the future we will not oops.
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
When mounting a Windows share that is the root of a drive (eg. C$)
the server does not return . and .. directory entries. This results in
the smb2 code path erroneously skipping the 2 first entries.
Pseudo-code of the readdir() code path:
cifs_readdir(struct file, struct dir_context)
initiate_cifs_search <-- if no reponse cached yet
server->ops->query_dir_first
dir_emit_dots
dir_emit <-- adds "." and ".." if we're at pos=0
find_cifs_entry
initiate_cifs_search <-- if pos < start of current response
(restart search)
server->ops->query_dir_next <-- if pos > end of current response
(fetch next search res)
for(...) <-- loops over cur response entries
starting at pos
cifs_filldir <-- skip . and .., emit entry
cifs_fill_dirent
dir_emit
pos++
A) dir_emit_dots() always adds . & ..
and sets the current dir pos to 2 (0 and 1 are done).
Therefore we always want the index_to_find to be 2 regardless of if
the response has . and ..
B) smb1 code initializes index_of_last_entry with a +2 offset
in cifssmb.c CIFSFindFirst():
psrch_inf->index_of_last_entry = 2 /* skip . and .. */ +
psrch_inf->entries_in_buffer;
Later in find_cifs_entry() we want to find the next dir entry at pos=2
as a result of (A)
first_entry_in_buffer = cfile->srch_inf.index_of_last_entry -
cfile->srch_inf.entries_in_buffer;
This var is the dir pos that the first entry in the buffer will
have therefore it must be 2 in the first call.
If we don't offset index_of_last_entry by 2 (like in (B)),
first_entry_in_buffer=0 but we were instructed to get pos=2 so this
code in find_cifs_entry() skips the 2 first which is ok for non-root
shares, as it skips . and .. from the response but is not ok for root
shares where the 2 first are actual files
pos_in_buf = index_to_find - first_entry_in_buffer;
// pos_in_buf=2
// we skip 2 first response entries :(
for (i = 0; (i < (pos_in_buf)) && (cur_ent != NULL); i++) {
/* go entry by entry figuring out which is first */
cur_ent = nxt_dir_entry(cur_ent, end_of_smb,
cfile->srch_inf.info_level);
}
C) cifs_filldir() skips . and .. so we can safely ignore them for now.
Sample program:
int main(int argc, char **argv)
{
const char *path = argc >= 2 ? argv[1] : ".";
DIR *dh;
struct dirent *de;
printf("listing path <%s>\n", path);
dh = opendir(path);
if (!dh) {
printf("opendir error %d\n", errno);
return 1;
}
while (1) {
de = readdir(dh);
if (!de) {
if (errno) {
printf("readdir error %d\n", errno);
return 1;
}
printf("end of listing\n");
break;
}
printf("off=%lu <%s>\n", de->d_off, de->d_name);
}
return 0;
}
Before the fix with SMB1 on root shares:
<.> off=1
<..> off=2
<$Recycle.Bin> off=3
<bootmgr> off=4
and on non-root shares:
<.> off=1
<..> off=4 <-- after adding .., the offsets jumps to +2 because
<2536> off=5 we skipped . and .. from response buffer (C)
<411> off=6 but still incremented pos
<file> off=7
<fsx> off=8
Therefore the fix for smb2 is to mimic smb1 behaviour and offset the
index_of_last_entry by 2.
Test results comparing smb1 and smb2 before/after the fix on root
share, non-root shares and on large directories (ie. multi-response
dir listing):
PRE FIX
=======
pre-1-root VS pre-2-root:
ERR pre-2-root is missing [bootmgr, $Recycle.Bin]
pre-1-nonroot VS pre-2-nonroot:
OK~ same files, same order, different offsets
pre-1-nonroot-large VS pre-2-nonroot-large:
OK~ same files, same order, different offsets
POST FIX
========
post-1-root VS post-2-root:
OK same files, same order, same offsets
post-1-nonroot VS post-2-nonroot:
OK same files, same order, same offsets
post-1-nonroot-large VS post-2-nonroot-large:
OK same files, same order, same offsets
REGRESSION?
===========
pre-1-root VS post-1-root:
OK same files, same order, same offsets
pre-1-nonroot VS post-1-nonroot:
OK same files, same order, same offsets
BugLink: https://bugzilla.samba.org/show_bug.cgi?id=13107
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Paulo Alcantara <palcantara@suse.deR>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
CC: Stable <stable@vger.kernel.org>
We have an impressive number of syzkaller bugs that are linked
to the fact that syzbot was able to create a networking device
with millions of TX (or RX) queues.
Let's limit the number of RX/TX queues to 4096, this really should
cover all known cases.
A separate patch will add various cond_resched() in the loops
handling sysfs entries at device creation and dismantle.
Tested:
lpaa6:~# ip link add gre-4097 numtxqueues 4097 numrxqueues 4097 type ip6gretap
RTNETLINK answers: Invalid argument
lpaa6:~# time ip link add gre-4096 numtxqueues 4096 numrxqueues 4096 type ip6gretap
real 0m0.180s
user 0m0.000s
sys 0m0.107s
Fixes: 76ff5cc91935 ("rtnl: allow to specify number of rx and tx queues on device creation")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
RX queue config for bonding master could be different from its slave
device(s). With the commit 6a9e461f6fe4 ("bonding: pass link-local
packets to bonding master also."), the packet is reinjected into stack
with skb->dev as bonding master. This potentially triggers the
message:
"bondX received packet on queue Y, but number of RX queues is Z"
whenever the queue that packet is received on is higher than the
numrxqueues on bonding master (Y > Z).
Fixes: 6a9e461f6fe4 ("bonding: pass link-local packets to bonding master also.")
Reported-by: John Sperbeck <jsperbeck@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Mahesh Bandewar <maheshb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Timer handlers do not imply rcu_read_lock(), so my recent fix
triggered a LOCKDEP warning when SYNACK is retransmit.
Lets add rcu_read_lock()/rcu_read_unlock() pairs around ireq->ireq_opt
usages instead of guessing what is done by callers, since it is
not worth the pain.
Get rid of ireq_opt_deref() helper since it hides the logic
without real benefit, since it is now a standard rcu_dereference().
Fixes: 1ad98e9d1bdf ("tcp/dccp: fix lockdep issue when SYN is backlogged")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Use memblock_end_of_DRAM which provides correct last low memory
PFN. Without that, DMA32 region becomes empty resulting in zero
pages being allocated for DMA32.
This patch is based on earlier patch from palmer which never
merged into 4.19. I just edited the commit text to make more
sense.
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
When FW floods the driver with control messages try to exit the cmsg
processing loop every now and then to avoid soft lockups. Cmsg
processing is generally very lightweight so 512 seems like a reasonable
budget, which should not be exceeded under normal conditions.
Fixes: 77ece8d5f196 ("nfp: add control vNIC datapath")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Tested-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fix a commit 4bcc595ccd80 ("printk: reinstate KERN_CONT for printing
continuation lines") regression with the `declance' driver, which caused
the adapter identification message to be split between two lines, e.g.:
declance.c: v0.011 by Linux MIPS DECstation task force
tc6: PMAD-AA
, addr = 08:00:2b:1b:2a:6a, irq = 14
tc6: registered as eth0.
Address that properly, by printing identification with a single call,
making the messages now look like:
declance.c: v0.011 by Linux MIPS DECstation task force
tc6: PMAD-AA, addr = 08:00:2b:1b:2a:6a, irq = 14
tc6: registered as eth0.
Signed-off-by: Maciej W. Rozycki <macro@linux-mips.org>
Fixes: 4bcc595ccd80 ("printk: reinstate KERN_CONT for printing continuation lines")
Signed-off-by: David S. Miller <davem@davemloft.net>
During certain heavy network loads TX could time out
with TX ring dump.
TX is sometimes never restarted after reaching
"tx_stop_threshold" because function "fec_enet_tx_queue"
only tests the first queue.
In addition the TX timeout callback function failed to
recover because it also operated only on the first queue.
Signed-off-by: Rickard x Andersson <rickaran@axis.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
- Fixup conversion of debounce time to/from ms/us
MMC host:
- sdhi: Fixup whitelisting for Gen3 types
-----BEGIN PGP SIGNATURE-----
iQJLBAABCgA1FiEEugLDXPmKSktSkQsV/iaEJXNYjCkFAluzG3YXHHVsZi5oYW5z
c29uQGxpbmFyby5vcmcACgkQ/iaEJXNYjCmUIA//aO8Itm9cnbQQPtcO09Wca1Ht
JlgRc3ZP0Tackpe8d3eH9MzQ5pRJ9lBTMUR0cqEF/HHpjqktPLA66IkalsceEq+E
eMXLOqGUzKLqEJGKslggKJzSRuqFxtNNATPPqNkaOXZ/UK7cGgSsWHnavgUWnEd4
h+hcGSu4R4J/ftrNPlc0TB8tCzo/ER7Xs3JNV/GzP5FNpMs+LzjSN1Vcp/9CJKkK
wZmmVSnLH0oY5U/VM1EUSMjc8p2pe7K2j9OENt3aFpMXsW5HTeHcwmMxbWUFGVAs
iuGzk6CBhVujWPrujcWf+7IzlTHgkDAaH1WB5YJJ32r6xpgiHxiP7HuGtHsvDpml
S5rCV3gHRhxI6BIyaldZ94bRzqcDQ1hoCidKOdEGRfFjtnvIvFAajERz2HkF8KiX
I6ErmnFrrLA3EQTDd0DueldaZ+R2OD/h43awlj67834LofE8l6zj1vCOSqXcnWqk
03Qm2I5xrkicfncWLi6vxcpiWLIil2CLP7porovOuzuY0aZp3adRNwykQqI7E0oo
Fz5Vch2iiQgkwzIMFqUciiXuKDOXKZO6qGQLczARhgzU2YhlcN0y8aGC5ecXWTqn
4JS4grJstR1Hp9ri6RYj20FXMqtwESePyLhg5b7C0Ru8aWVfLDFNVlOg+tdzv4Ti
QnHF/N5ymxkAxztC1MU=
=AYff
-----END PGP SIGNATURE-----
Merge tag 'mmc-v4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc
Ulf writes:
"MMC core:
- Fixup conversion of debounce time to/from ms/us
MMC host:
- sdhi: Fixup whitelisting for Gen3 types"
* tag 'mmc-v4.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
mmc: slot-gpio: Fix debounce time to use miliseconds again
mmc: core: Fix debounce time to use microseconds
mmc: sdhi: sys_dmac: check for all Gen3 types when whitelisting
fd_install() moves the reference given to it into the file descriptor table
of the current process. If the current process is multithreaded, then
immediately after fd_install(), another thread can close() the file
descriptor and cause the file's resources to be cleaned up.
Since the reference to "lessee" is held by the file, we must not access
"lessee" after the fd_install() call.
As far as I can tell, to reach this codepath, the caller must have an open
file descriptor to a DRI device in master mode. I'm not sure what the
requirements for that are.
Signed-off-by: Jann Horn <jannh@google.com>
Fixes: 62884cd386b8 ("drm: Add four ioctls for managing drm mode object leases [v7]")
Cc: stable@vger.kernel.org
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20181001153117.216923-1-jannh@google.com
