The BIT() macro definition is not available for the UAPI headers
(moreover, it can be defined differently in the user space); replace
its usage with the _BITUL() macro that is defined in <linux/const.h>.
commit e03327122e2c ("pci_endpoint_test: Add 2 ioctl commands")
uses module parameter 'irqtype' in pci_endpoint_test_set_irq()
to check if IRQ vectors of a particular type (MSI or MSI-X or
LEGACY) is already allocated. However with multi-function devices,
'irqtype' will not correctly reflect the IRQ type of the PCI device.
Fix it here by adding 'irqtype' for each PCI device to show the
IRQ type of a particular PCI device.
Fixes: e03327122e2c ("pci_endpoint_test: Add 2 ioctl commands") Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com> Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com> Cc: stable@vger.kernel.org # v4.19+ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Kamal Mostafa <kamal@canonical.com> Signed-off-by: Kelsey Skunberg <kelsey.skunberg@canonical.com>
Adding more than 10 pci-endpoint-test devices results in
"kobject_add_internal failed for pci-endpoint-test.1 with -EEXIST, don't
try to register things with the same name in the same directory". This
is because commit 2c156ac71c6b ("misc: Add host side PCI driver for PCI
test function device") limited the length of the "name" to 20 characters.
Change the length of the name to 24 in order to support upto 10000
pci-endpoint-test devices.
Fixes: 2c156ac71c6b ("misc: Add host side PCI driver for PCI test function device") Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com> Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com> Cc: stable@vger.kernel.org # v4.14+ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Kamal Mostafa <kamal@canonical.com> Signed-off-by: Kelsey Skunberg <kelsey.skunberg@canonical.com>
With commit 216b44000ada ("brcmfmac: Fix use after free in
brcmf_sdio_readframes()") applied, we see locking timeouts in
brcmf_sdio_watchdog_thread().
brcmfmac: brcmf_escan_timeout: timer expired
INFO: task brcmf_wdog/mmc1:621 blocked for more than 120 seconds.
Not tainted 4.19.94-07984-g24ff99a0f713 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
brcmf_wdog/mmc1 D 0 621 2 0x00000000 last_sleep: 2440793077. last_runnable: 2440766827
[<c0aa1e60>] (__schedule) from [<c0aa2100>] (schedule+0x98/0xc4)
[<c0aa2100>] (schedule) from [<c0853830>] (__mmc_claim_host+0x154/0x274)
[<c0853830>] (__mmc_claim_host) from [<bf10c5b8>] (brcmf_sdio_watchdog_thread+0x1b0/0x1f8 [brcmfmac])
[<bf10c5b8>] (brcmf_sdio_watchdog_thread [brcmfmac]) from [<c02570b8>] (kthread+0x178/0x180)
In addition to restarting or exiting the loop, it is also necessary to
abort the command and to release the host.
Fixes: 216b44000ada ("brcmfmac: Fix use after free in brcmf_sdio_readframes()") Cc: Dan Carpenter <dan.carpenter@oracle.com> Cc: Matthias Kaehlcke <mka@chromium.org> Cc: Brian Norris <briannorris@chromium.org> Cc: Douglas Anderson <dianders@chromium.org> Signed-off-by: Guenter Roeck <linux@roeck-us.net> Reviewed-by: Douglas Anderson <dianders@chromium.org> Acked-by: franky.lin@broadcom.com Acked-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Kamal Mostafa <kamal@canonical.com> Signed-off-by: Kelsey Skunberg <kelsey.skunberg@canonical.com>
kernel/padata.c: warning: 'err' may be used uninitialized in this
function [-Wuninitialized]: => 539:2
Warning is seen only with older compilers on certain archs. The
runtime effect is potentially returning garbage down the stack when
padata's cpumasks are modified before any pcrypt requests have run.
Simplest fix is to initialize err to the success value.
Coverity pointed out that xas_sibling() was shifting xa_offset without
promoting it to an unsigned long first, so the shift could cause an
overflow and we'd get the wrong answer. The fix is obvious, and the
new test-case provokes UBSAN to report an error:
runtime error: shift exponent 60 is too large for 32-bit type 'int'
We have an off-by-1 issue in the TCP seq comparison.
The last sequence number that belongs to the TCP packet's payload
is not "start_seq + len", but one byte before it.
Fix it so the 'ends_before' is evaluated properly.
This fixes a bug that results in error completions in the
kTLS HW offload flows.
Some Chromebook BIOS' do not export an ACPI LPIT, which is how
Linux finds the residency counter for CPU and SYSTEM low power states,
that is exports in /sys/devices/system/cpu/cpuidle/*residency_us
When these sysfs attributes are missing, check the debugfs attrubte
from the pmc_core driver, which accesses the same counter value.
Signed-off-by: Len Brown <len.brown@intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Kamal Mostafa <kamal@canonical.com> Signed-off-by: Kelsey Skunberg <kelsey.skunberg@canonical.com>
Signed-off-by: James Zhu <James.Zhu@amd.com> Reviewed-by: Leo Liu <leo.liu@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Kamal Mostafa <kamal@canonical.com> Signed-off-by: Kelsey Skunberg <kelsey.skunberg@canonical.com>
Even though INITRAMFS_SOURCE kconfig option isn't set in most of
defconfigs it is used (set) extensively by various build systems.
Commit f26661e12765 ("initramfs: make initramfs compression choice
non-optional") has changed default compression mode. Previously we
compress initramfs using available compression algorithm. Now
we don't use any compression at all by default.
It significantly increases the image size in case of build system
chooses embedded initramfs. Initially I faced with this issue while
using buildroot.
As of today it's not possible to set preferred compression mode
in target defconfig as this option depends on INITRAMFS_SOURCE
being set. Modification of all build systems either doesn't look
like good option.
Let's instead rewrite initramfs compression mode choices list
the way that "INITRAMFS_COMPRESSION_NONE" will be the last option
in the list. In that case it will be chosen only if all other
options (which implements any compression) are not available.
Shutdown of firmware framebuffer has a bunch of problems. Because
of this the framebuffer region might still be reserved even after
drm_fb_helper_remove_conflicting_pci_framebuffers() returned.
Don't consider pci_request_region() failure for the framebuffer
region as fatal error to workaround this issue.
Reported-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Sam Ravnborg <sam@ravnborg.org> Link: http://patchwork.freedesktop.org/patch/msgid/20200313084152.2734-1-kraxel@redhat.com Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Kamal Mostafa <kamal@canonical.com> Signed-off-by: Kelsey Skunberg <kelsey.skunberg@canonical.com>
This fixes a problem found on the MacBookPro 2017 Retina panel:
The panel reports 10 bpc color depth in its EDID, and the
firmware chooses link settings at boot which support enough
bandwidth for 10 bpc (324000 kbit/sec aka LINK_RATE_RBR2
aka 0xc), but the DP_MAX_LINK_RATE dpcd register only reports
2.7 Gbps (multiplier value 0xa) as possible, in direct
contradiction of what the firmware successfully set up.
This restricts the panel to 8 bpc, not providing the full
color depth of the panel on Linux <= 5.5. Additionally, commit
'4a8ca46bae8a ("drm/amd/display: Default max bpc to 16 for eDP")'
introduced into Linux 5.6-rc1 will unclamp panel depth to
its full 10 bpc, thereby requiring a eDP bandwidth for all
modes that exceeds the bandwidth available and causes all modes
to fail validation -> No modes for the laptop panel -> failure
to set any mode -> Panel goes dark.
This patch adds a quirk specific to the MBP 2017 15" Retina
panel to override reported max link rate to the correct maximum
of 0xc = LINK_RATE_RBR2 to fix the darkness and reduced display
precision.
Please apply for Linux 5.6+ to avoid regressing Apple MBP panel
support.
Signed-off-by: Mario Kleiner <mario.kleiner.de@gmail.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Kamal Mostafa <kamal@canonical.com> Signed-off-by: Kelsey Skunberg <kelsey.skunberg@canonical.com>
When a compiler supports multiple architectures, some compiler features
can be dependent on the target architecture.
This is typical for Clang, which supports multiple LLVM backends.
Even for GCC, we need to take care of biarch compiler cases.
It is not a problem when we evaluate cc-option in Makefiles because
cc-option is tested against the flag in question + $(KBUILD_CFLAGS).
The cc-option in Kconfig, on the other hand, does not accumulate
tested flags. Due to this simplification, it could potentially test
cc-option against a different target.
At first, Kconfig always evaluated cc-option against the host
architecture.
Since commit e8de12fb7cde ("kbuild: Check for unknown options with
cc-option usage in Kconfig and clang"), in case of cross-compiling
with Clang, the target triple is correctly passed to Kconfig.
The case with biarch GCC (and native build with Clang) is still not
handled properly. We need to pass some flags to specify the target
machine bit.
Due to the design, all the macros in Kconfig are expanded in the
parse stage, where we do not know the target bit size yet.
For example, arch/x86/Kconfig allows a user to toggle CONFIG_64BIT.
If a compiler flag -foo depends on the machine bit, it must be tested
twice, one with -m32 and the other with -m64.
However, -m32/-m64 are not always recognized. So, this commits adds
m64-flag and m32-flag macros. They expand to -m32, -m64, respectively
if supported. Or, they expand to an empty string if unsupported.
This is clumsy, but there is no elegant way to handle this in the
current static macro expansion.
There was discussion for static functions vs dynamic functions.
The consensus was to go as far as possible with the static functions.
(https://lkml.org/lkml/2018/3/2/22)
The timeout of identify cmd, which is invoked as part of admin queue
creation, can result in freeing of async event data both in
nvme_rdma_timeout handler and error handling path of
nvme_rdma_configure_admin queue thus causing NULL pointer reference.
Call Trace:
? nvme_rdma_setup_ctrl+0x223/0x800 [nvme_rdma]
nvme_rdma_create_ctrl+0x2ba/0x3f7 [nvme_rdma]
nvmf_dev_write+0xa54/0xcc6 [nvme_fabrics]
__vfs_write+0x1b/0x40
vfs_write+0xb2/0x1b0
ksys_write+0x61/0xd0
__x64_sys_write+0x1a/0x20
do_syscall_64+0x60/0x1e0
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Reviewed-by: Roland Dreier <roland@purestorage.com> Reviewed-by: Max Gurtovoy <maxg@mellanox.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Prabhath Sajeepa <psajeepa@purestorage.com> Signed-off-by: Keith Busch <kbusch@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Kamal Mostafa <kamal@canonical.com> Signed-off-by: Kelsey Skunberg <kelsey.skunberg@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1874124
PEAK-System's CAN FD interfaces based on an IP core provide a timestamp
for each CAN and STATUS message received. This patch transfers these
received timestamps (clocked in microseconds) to hardware timestamps
(clocked in nanoseconds) in the corresponding skbs raised to the network
layer.
Signed-off-by: Stephane Grosjean <s.grosjean@peak-system.com> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
(cherry picked from commit 2b1a4547c122dcb9999e1a876236b44408c7d01c) Signed-off-by: Sultan Alsawaf <sultan.alsawaf@canonical.com> Acked-by: Khalid Elmously <khalid.elmously@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Kelsey Skunberg <kelsey.skunberg@canonical.com>
Andrea Righi [Fri, 10 Apr 2020 10:41:34 +0000 (12:41 +0200)]
UBUNTU: SAUCE: kselftest/runner: allow to properly deliver signals to tests
BugLink: https://bugs.launchpad.net/bugs/1872047
While running seccomp_bpf, kill_after_ptrace() gets stuck if we run it
via /usr/bin/timeout (that is the default), until the timeout expires.
This is because /usr/bin/timeout is preventing to properly deliver
signals to ptrace'd children (SIGSYS in this case).
This problem can be easily reproduced by running:
$ sudo make TARGETS=seccomp kselftest
...
# [ RUN ] TRACE_syscall.skip_a#
not ok 1 selftests: seccomp: seccomp_bpf # TIMEOUT
The test is hanging at this point until the timeout expires and then it
reports the timeout error.
Prevent this problem by passing --foreground to /usr/bin/timeout,
allowing to properly deliver signals to children processes.
Signed-off-by: Andrea Righi <andrea.righi@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Signed-off-by: Kelsey Skunberg <kelsey.skunberg@canonical.com>
Alberto Milone [Wed, 29 Apr 2020 13:12:00 +0000 (15:12 +0200)]
UBUNTU: [Packaging] NVIDIA -- add signed modules for the 435 NVIDIA driver
BugLink: https://bugs.launchpad.net/bugs/1875888
Add signed modules for the 435 NVIDIA driver in Focal, so that upgrades from
Bionic or from Eoan to Focal continue providing signed modules when using the
435 driver.
Signed-off-by: Alberto Milone <alberto.milone@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Andy Whitcroft [Mon, 27 Apr 2020 20:29:58 +0000 (21:29 +0100)]
UBUNTU: temporarily drop Built-Using data
BugLink: https://bugs.launchpad.net/bugs/1875601
We are now triggering a new Launchpad consistency check. Drop the
Built-Using data until we can honour this.
Signed-off-by: Andy Whitcroft <apw@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
A page table upgrade in a kernel section that uses secondary address
mode will mess up the kernel instructions as follows:
Consider the following scenario: two threads are sharing memory.
On CPU1 thread 1 does e.g. strnlen_user(). That gets to
old_fs = enable_sacf_uaccess();
len = strnlen_user_srst(src, size);
and
" la %2,0(%1)\n"
" la %3,0(%0,%1)\n"
" slgr %0,%0\n"
" sacf 256\n"
"0: srst %3,%2\n"
in strnlen_user_srst(). At that point we are in secondary space mode,
control register 1 points to kernel page table and instruction fetching
happens via c1, rather than usual c13. Interrupts are not disabled, for
obvious reasons.
On CPU2 thread 2 does MAP_FIXED mmap(), forcing the upgrade of page table
from 3-level to e.g. 4-level one. We'd allocated new top-level table,
set it up and now we hit this:
notify = 1;
spin_unlock_bh(&mm->page_table_lock);
}
if (notify)
on_each_cpu(__crst_table_upgrade, mm, 0);
OK, we need to actually change over to use of new page table and we
need that to happen in all threads that are currently running. Which
happens to include the thread 1. IPI is delivered and we have
static void __crst_table_upgrade(void *arg)
{
struct mm_struct *mm = arg;
if (current->active_mm == mm)
set_user_asce(mm);
__tlb_flush_local();
}
run on CPU1. That does
static inline void set_user_asce(struct mm_struct *mm)
{
S390_lowcore.user_asce = mm->context.asce;
OK, user page table address updated...
__ctl_load(S390_lowcore.user_asce, 1, 1);
... and control register 1 set to it.
clear_cpu_flag(CIF_ASCE_PRIMARY);
}
IPI is run in home space mode, so it's fine - insns are fetched
using c13, which always points to kernel page table. But as soon
as we return from the interrupt, previous PSW is restored, putting
CPU1 back into secondary space mode, at which point we no longer
get the kernel instructions from the kernel mapping.
The fix is to only fixup the control registers that are currently in use
for user processes during the page table update. We must also disable
interrupts in enable_sacf_uaccess to synchronize the cr and
thread.mm_segment updates against the on_each-cpu.
Fixes: 0aaba41b58bc ("s390: remove all code using the access register mode") Cc: stable@vger.kernel.org # 4.15+ Reported-by: Al Viro <viro@zeniv.linux.org.uk> Reviewed-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
References: CVE-2020-11884 Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
CVE-2020-11884 Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Andrea Righi [Mon, 20 Apr 2020 14:19:03 +0000 (16:19 +0200)]
UBUNTU: SAUCE: drm/i915: prevent direct writeback from the shrinker
BugLink: https://bugs.launchpad.net/bugs/1861359
The i915 shrinker can make the system unresponsive and kill interactive
performance by swapping out dirty objects to reclaim more memory.
Avoid the lags by preventing to swap out dirty objects from any task
(except kswapd).
This is not required in 5.5+, because it is properly fixed by commit 2850748ef876 ("drm/i915: Pull i915_vma_pin under the vm->mutex")
However, backporting this commit to 5.4 is not trivial and the
regression potential is high. A simple change like this can be a
reasonable compromise to prevent the problem and avoid the risk of
introducing other bugs.
Fixes: 2d6692e642e7 ("drm/i915: Start writeback from the shrinker") Signed-off-by: Sultan Alsawaf <sultan.alsawaf@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com> Acked-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Kamal Mostafa <kamal@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Paolo Pisati [Fri, 17 Apr 2020 11:29:46 +0000 (13:29 +0200)]
UBUNTU: [Config] lowlatency: turn off RT_GROUP_SCHED
BugLink: https://bugs.launchpad.net/bugs/1873315 Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Kamal Mostafa <kamal@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
After the referenced fix it turned out that one particular RTL8168
chip version (RTL8105e) does not work on 5.4 because no dedicated PHY
driver exists. Adding this PHY driver was done for fixing a different
issue for versions from 5.5 already. I re-send the same change for 5.4
because the commit message differs.
Fixes: 2e8c339b4946 ("r8169: fix PHY driver check on platforms w/o module softdeps") Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 3fcd53b1d859799686a08785afb8990566c31cfa
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git) Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com> Acked-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Signed-off-by: Jon Derrick <jonathan.derrick@intel.com> Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
(cherry picked from commit ec11e5c213cc20cac5e8310728b06793448b9f6d) Signed-off-by: You-Sheng Yang <vicamo.yang@canonical.com> Acked-by: Anthony Wong <anthony.wong@canonical.com> Acked-by: Po-Hsu Lin <po-hsu.lin@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Jon Derrick [Thu, 16 Apr 2020 08:56:58 +0000 (16:56 +0800)]
PCI: vmd: Add bus 224-255 restriction decode
BugLink: https://bugs.launchpad.net/bugs/1855954
VMD bus restrictions are required when IO fabric is multiplexed such
that VMD cannot use the entire bus range. This patch adds another bus
restriction decode bit that can be set by firmware to restrict the VMD
bus range to between 224-255.
Signed-off-by: Jon Derrick <jonathan.derrick@intel.com> Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
(cherry picked from commit 08bcdd22ecdb01dd60d9284a55f8220a8a40150e) Signed-off-by: You-Sheng Yang <vicamo.yang@canonical.com> Acked-by: Anthony Wong <anthony.wong@canonical.com> Acked-by: Po-Hsu Lin <po-hsu.lin@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Jian-Hong Pan [Tue, 14 Apr 2020 10:06:19 +0000 (18:06 +0800)]
ahci: Add Intel Comet Lake PCH RAID PCI ID
BugLink: https://bugs.launchpad.net/bugs/1871812
Intel Comet Lake should use the default LPM policy for mobile chipsets.
So, add the PCI ID to the driver list of supported devices.
Signed-off-by: Jian-Hong Pan <jian-hong@endlessm.com> Signed-off-by: Jens Axboe <axboe@kernel.dk>
(cherry picked from commit 7667e63c8af90e287f9e2d070599024cbabe63f5) Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com> Acked-by: Po-Hsu Lin <po-hsu.lin@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
UBUNTU: SAUCE: selftests/seccomp: allow clock_nanosleep instead of nanosleep
glibc 2.31 calls clock_nanosleep when its nanosleep function is used. So
the restart_syscall fails after that. In order to deal with it, we trace
clock_nanosleep and nanosleep. Then we check for either.
This works just fine on systems with both glibc 2.30 and glibc 2.31,
whereas it failed before on a system with glibc 2.31.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
UBUNTU: [Config] CONTEXT_TRACKING_FORCE policy should be unset
BugLink: https://bugs.launchpad.net/bugs/1349028
Though that option depends on others we don't set and, thus, is not
currently prompted, we would rather have it annotated and enforced to
avoid regressing it. Enabling this option has the possible consequence
of regressing some userspace code.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1047527
We don't really want to enable USB_OTG. Enabling USB_OTG_FSM is not a
problem per se. As it used to select USB_OTG instead of depending on it, it
was required to be annotated. That is not the case anymore, as it no longer
selects the problematic option.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
The config option itself was removed in a previous local commit. Remove the
corresponding annotations, considering there is an alternative interface
now.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Mateusz Nosek [Tue, 3 Mar 2020 18:30:23 +0000 (19:30 +0100)]
UBUNTU: SAUCE: security/apparmor/label.c: Clean code by removing redundant instructions
Previously 'label->proxy->label' value checking
and conditional reassigning were done twice in the same function.
The second one is redundant and can be removed.
Xiyu Yang [Sun, 5 Apr 2020 05:11:55 +0000 (13:11 +0800)]
UBUNTU: SAUCE: apparmor: fix potential label refcnt leak in aa_change_profile
aa_change_profile() invokes aa_get_current_label(), which returns
a reference of the current task's label.
According to the comment of aa_get_current_label(), the returned
reference must be put with aa_put_label().
However, when the original object pointed by "label" becomes
unreachable because aa_change_profile() returns or a new object
is assigned to "label", reference count increased by
aa_get_current_label() is not decreased, causing a refcnt leak.
Fix this by calling aa_put_label() before aa_change_profile() return
and dropping unnecessary aa_get_current_label().
Fixes: 9fcf78cca198 ("apparmor: update domain transitions that are subsets of confinement at nnp") Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn> Signed-off-by: Xin Tan <tanxin.ctf@gmail.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
John Johansen [Tue, 31 Mar 2020 06:37:54 +0000 (23:37 -0700)]
UBUNTU: SAUCE: apparmor: ensure that dfa state tables have entries
Currently it is possible to specify a state machine table with 0 length,
this is not valid as optional tables are specified by not defining
the table as present. Further this allows by-passing the base tables
range check against the next/check tables.
Fixes: d901d6a298dc ("apparmor: dfa split verification of table headers") Reported-by: Mike Salvatore <mike.salvatore@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
commit 1180b4c757aa ("apparmor: fix dangling symlinks to policy
rawdata after replacement") reworked how the rawdata symlink is
handled but failedto remove aafs_create_symlink which was reduced to a
useles stub.
Fixes: 1180b4c757aa ("apparmor: fix dangling symlinks to policy rawdata after replacement") Reported-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
John Johansen [Fri, 31 May 2019 13:54:54 +0000 (06:54 -0700)]
apparmor: increase left match history buffer size
There have been cases reported where a history buffer size of 8 was
not enough to resolve conflict overlaps. Increase the buffer to and
get rid of the size element which is currently just storing the
constant WB_HISTORY_SIZE.
Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit 136db994852a9b405ac1074de0e7a1c4c840b8ee) Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
slcan: Don't transmit uninitialized stack data in padding
CVE-2020-11494
struct can_frame contains some padding which is not explicitly zeroed in
slc_bump. This uninitialized data will then be transmitted if the stack
initialization hardening feature is not enabled (CONFIG_INIT_STACK_ALL).
This commit just zeroes the whole struct including the padding.
Signed-off-by: Richard Palethorpe <rpalethorpe@suse.com> Fixes: a1044e36e457 ("can: add slcan driver for serial/USB-serial CAN adapters") Reviewed-by: Kees Cook <keescook@chromium.org> Cc: linux-can@vger.kernel.org Cc: netdev@vger.kernel.org Cc: security@kernel.org Cc: wg@grandegger.com Cc: mkl@pengutronix.de Cc: davem@davemloft.net Acked-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit b9258a2cece4ec1f020715fe3554bc2e360f6264) Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Acked-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Sultan Alsawaf [Tue, 7 Apr 2020 22:27:40 +0000 (15:27 -0700)]
UBUNTU: SAUCE: drm/i915: Synchronize active and retire callbacks
Active and retire callbacks can run simultaneously, causing panics and
mayhem. The most notable case is with the intel_context_pin/unpin race
that causes ring and page table corruption. In 5.4, this race is more
noticeable because intel_ring_unpin() sets ring->vaddr to NULL and
causes a clean NULL-pointer-dereference panic, but in newer kernels this
race goes unnoticed.
Here is an example of a crash caused by this race on 5.4:
BUG: unable to handle page fault for address: 0000000000003448
RIP: 0010:gen8_emit_flush_render+0x163/0x190
Call Trace:
execlists_request_alloc+0x25/0x40
__i915_request_create+0x1f4/0x2c0
i915_request_create+0x71/0xc0
i915_gem_do_execbuffer+0xb98/0x1a80
? preempt_count_add+0x68/0xa0
? _raw_spin_lock+0x13/0x30
? _raw_spin_unlock+0x16/0x30
i915_gem_execbuffer2_ioctl+0x1de/0x3c0
? i915_gem_busy_ioctl+0x7f/0x1d0
? i915_gem_execbuffer_ioctl+0x2d0/0x2d0
drm_ioctl_kernel+0xb2/0x100
drm_ioctl+0x209/0x360
? i915_gem_execbuffer_ioctl+0x2d0/0x2d0
ksys_ioctl+0x87/0xc0
__x64_sys_ioctl+0x16/0x20
do_syscall_64+0x4e/0x150
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Protect the active and retire callbacks with their own lock to prevent
them from running at the same time as one another.
Fixes: 12c255b5dad1 ("drm/i915: Provide an i915_active.acquire callback") Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com> Signed-off-by: Sultan Alsawaf <sultan.alsawaf@canonical.com> Cc: <stable@vger.kernel.org> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Sultan Alsawaf [Tue, 7 Apr 2020 22:27:39 +0000 (15:27 -0700)]
UBUNTU: SAUCE: drm/i915: Fix ref->mutex deadlock in i915_active_wait()
The following deadlock exists in i915_active_wait() due to a double lock
on ref->mutex (call chain listed in order from top to bottom):
i915_active_wait();
mutex_lock_interruptible(&ref->mutex); <-- ref->mutex first acquired
i915_active_request_retire();
node_retire();
active_retire();
mutex_lock_nested(&ref->mutex, SINGLE_DEPTH_NESTING); <-- DEADLOCK
Fix the deadlock by skipping the second ref->mutex lock when
active_retire() is called through i915_active_request_retire().
Note that this bug only affects 5.4 and has since been fixed in 5.5.
Normally, a backport of the fix from 5.5 would be in order, but the
patch set that fixes this deadlock involves massive changes that are
neither feasible nor desirable for backporting [1][2][3]. Therefore,
this small patch was made to address the deadlock specifically for 5.4.
[1] 274cbf20fd10 ("drm/i915: Push the i915_active.retire into a worker")
[2] 093b92287363 ("drm/i915: Split i915_active.mutex into an irq-safe spinlock for the rbtree")
[3] 750bde2fd4ff ("drm/i915: Serialise with remote retirement")
Fixes: 12c255b5dad1 ("drm/i915: Provide an i915_active.acquire callback") Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com> Signed-off-by: Sultan Alsawaf <sultan.alsawaf@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Cc: <stable@vger.kernel.org> # 5.4.x Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
UBUNTU: SAUCE: drm/amdgpu: Remove missing firmware files from modinfo
A number of amdgpu firmware files referenced by the driver are
not in linux-firmware. This causes warnings to be printed during
initramfs generation on systems which use this driver. Remove the
MODULE_FIRMWARE statements for these files until such time as the
files are available.
Lang Cheng [Thu, 12 Mar 2020 09:50:24 +0000 (17:50 +0800)]
RDMA/hns: Check if depth of qp is 0 before configure
BugLink: https://launchpad.net/bugs/1864950
Depth of qp shouldn't be allowed to be set to zero, after ensuring that,
subsequent process can be simplified. And when qp is changed from reset to
reset, the capability of minimum qp depth was used to identify hardware of
hip06, it should be changed into a more readable form.
Xi Wang [Mon, 24 Feb 2020 06:37:38 +0000 (14:37 +0800)]
RDMA/hns: Optimize qp doorbell allocation flow
BugLink: https://launchpad.net/bugs/1864950
Encapsulate the kernel qp doorbell allocation related code into 2
functions: alloc_qp_db() and free_qp_db().
Xi Wang [Mon, 24 Feb 2020 06:37:37 +0000 (14:37 +0800)]
RDMA/hns: Optimize kernel qp wrid allocation flow
BugLink: https://launchpad.net/bugs/1864950
Encapsulate the kernel qp wrid allocation related code into 2 functions:
alloc_kernel_wrid() and free_kernel_wrid().
Xi Wang [Mon, 24 Feb 2020 06:37:35 +0000 (14:37 +0800)]
RDMA/hns: Optimize qp buffer allocation flow
BugLink: https://launchpad.net/bugs/1864950
Encapsulate qp buffer allocation related code into 3 functions:
alloc_qp_buf(), map_wqe_buf() and free_qp_buf().
Xi Wang [Mon, 24 Feb 2020 06:37:33 +0000 (14:37 +0800)]
RDMA/hns: Optimize qp context create and destroy flow
BugLink: https://launchpad.net/bugs/1864950
Rename the qp context related functions and adjusts the code location to
distinguish between the qp context and the entire qp.
Xi Wang [Mon, 24 Feb 2020 06:37:32 +0000 (14:37 +0800)]
RDMA/hns: Optimize qp destroy flow
BugLink: https://launchpad.net/bugs/1864950
Wrap the duplicate code in hip08 and hip06 qp destruction process as
hns_roce_qp_destroy() to simply the qp destroy flow.
Yixian Liu [Sat, 22 Feb 2020 10:25:58 +0000 (18:25 +0800)]
RDMA/hns: Stop doorbell update while qp state error
BugLink: https://launchpad.net/bugs/1864950
There are two paths to update qp producer index into hardware now, one
path is doorbell in post verbs (send and recv), the another is mailbox in
modify qp verb which is called by flush process. This will lead the
hardware to be broken to correctly generate flush cqe. With stopping
doorbell update and holding qp spinlock in modify qp during flush process,
the problem can be solved.
Yixian Liu [Sat, 22 Feb 2020 10:25:57 +0000 (18:25 +0800)]
RDMA/hns: Use flush framework for the case in aeq
BugLink: https://launchpad.net/bugs/1864950
As now we already have flush framework, using it instead of current flush
process for qp error in asynchronized interrupt (aeq).
Yixian Liu [Thu, 6 Feb 2020 09:56:45 +0000 (17:56 +0800)]
RDMA/hns: Delayed flush cqe process with workqueue
BugLink: https://launchpad.net/bugs/1864950
HiP08 RoCE hardware lacks ability(a known hardware problem) to flush
outstanding WQEs if QP state gets into errored mode for some reason. To
overcome this hardware problem and as a workaround, when QP is detected to
be in errored state during various legs like post send, post receive
etc[1], flush needs to be performed from the driver.
The earlier patch[1] sent to solve the hardware limitation explained in
the cover-letter had a bug in the software flushing leg. It acquired mutex
while modifying QP state to errored state and while conveying it to the
hardware using the mailbox. This caused leg to sleep while holding
spin-lock and caused crash.
Suggested Solution: we have proposed to defer the flushing of the QP in
the Errored state using the workqueue to get around with the limitation of
our hardware.
This patch specifically adds the calls to the flush handler from where
parts of the code like post_send/post_recv etc. when the QP state gets
into the errored mode.
Yixian Liu [Thu, 6 Feb 2020 09:56:44 +0000 (17:56 +0800)]
RDMA/hns: Add the workqueue framework for flush cqe handler
BugLink: https://launchpad.net/bugs/1864950
HiP08 RoCE hardware lacks ability(a known hardware problem) to flush
outstanding WQEs if QP state gets into errored mode for some reason. To
overcome this hardware problem and as a workaround, when QP is detected to
be in errored state during various legs like post send, post receive etc
[1], flush needs to be performed from the driver.
The earlier patch[1] sent to solve the hardware limitation explained in
the cover-letter had a bug in the software flushing leg. It acquired mutex
while modifying QP state to errored state and while conveying it to the
hardware using the mailbox. This caused leg to sleep while holding
spin-lock and caused crash.
Suggested Solution:
we have proposed to defer the flushing of the QP in the Errored state
using the workqueue to get around with the limitation of our hardware.
This patch adds the framework of the workqueue and the flush handler
function.
Xi Wang [Sun, 26 Jan 2020 14:58:35 +0000 (22:58 +0800)]
RDMA/hns: Optimize eqe buffer allocation flow
BugLink: https://launchpad.net/bugs/1864950
The eqe has a private multi-hop addressing implementation, but there is
already a set of interfaces in the hns driver that can achieve this.
So, simplify the eqe buffer allocation process by using the mtr interface
and remove large amount of repeated logic.
Yufeng Mo [Sat, 7 Mar 2020 03:42:50 +0000 (11:42 +0800)]
net: hns3: delete unnecessary logs after kzalloc fails
BugLink: https://launchpad.net/bugs/1867586
Since kernel already has logs after kzalloc fails,
it's unnecessary to print duplicate logs. So this
patch deletes these logs.
Signed-off-by: Yufeng Mo <moyufeng@huawei.com> Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit fbdc4d79fcc2e226a36c9b8e2f1cdd80ca549094) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 8de91e92070b5a083e4705cd4684c1802f7f730e) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Yufeng Mo [Sat, 7 Mar 2020 03:42:48 +0000 (11:42 +0800)]
net: hns3: print out command code when dump fails in debugfs
BugLink: https://launchpad.net/bugs/1867586
This patch adds a local variable to save the command code in
some dump cases which need to modify the command code, then
the failing command code can be print out for debugging.
Signed-off-by: Yufeng Mo <moyufeng@huawei.com> Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 77ba415d192011b5ef9e9979638772b42b5d4107) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Huazhong Tan [Sat, 7 Mar 2020 03:42:47 +0000 (11:42 +0800)]
net: hns3: print out status register when VF receives unknown source interrupt
BugLink: https://launchpad.net/bugs/1867586
When received an unknown vector 0 interrupt, there is not a
helpful information for user to realize that now. So this patch
prints out the value of the status register for this case, and
uses dev_info() instead of dev_dbg() in hclge_check_event_cause().
Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit e45afb396e233b972aee187c7adb058859c5ac53) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Yonglong Liu [Sat, 7 Mar 2020 03:42:46 +0000 (11:42 +0800)]
net: hns3: add a check before PF inform VF to reset
BugLink: https://launchpad.net/bugs/1867586
When setting VF's MAC from PF, if the VF driver not loaded, the
firmware will return error to PF.
So PF should check whether VF is alive before sending message to
VF when setting VF's MAC.
Signed-off-by: Yonglong Liu <liuyonglong@huawei.com> Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 9091367037d3e6db590d9f8cd9a163336665ef27) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Guojia Liao [Sat, 7 Mar 2020 03:42:45 +0000 (11:42 +0800)]
net: hns3: delete some reduandant code
BugLink: https://launchpad.net/bugs/1867586
In hclge_add_mc_addr_common() and hclge_rm_mc_addr_common(),
variable req had been set as "0" by memset(), so it's unnecessary
to set .entry_type field as "0" with hnae3_set_bit() again.
Signed-off-by: Guojia Liao <liaoguojia@huawei.com> Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 01c45c521a5aa2e3a077b27d090f05a20012dd65) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Yufeng Mo [Sat, 7 Mar 2020 03:42:44 +0000 (11:42 +0800)]
net: hns3: remove an unnecessary resetting check in hclge_handle_hw_ras_error()
BugLink: https://launchpad.net/bugs/1867586
In hclge_handle_hw_ras_error(), it is unnecessary to check
HCLGE_STATE_RST_HANDLING flag, because the reset priority
has been ensured by the process itself.
Signed-off-by: Yufeng Mo <moyufeng@huawei.com> Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 89a85559302f473d2c7f22c774b31f979a0e62dc) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
BugLink: https://launchpad.net/bugs/1867586
The name of macro HCLGE_MAX_NCL_CONFIG_LENGTH is inaccurate,
this patch renames it to HCLGE_NCL_CONFIG_LENGTH_IN_EACH_CMD.
Signed-off-by: Yufeng Mo <moyufeng@huawei.com> Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 4960cabff63e09066a8d02b0375b654d41ce174f) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Guojia Liao [Sat, 7 Mar 2020 03:42:42 +0000 (11:42 +0800)]
net: hns3: fix some mixed type assignment
BugLink: https://launchpad.net/bugs/1867586
This patch cleans up some incorrect type in assignment reported by sparse
and compiler.
The warning as below:
- warning : restricted __le16 degrades to integer
- warning : cast from restricted __le32
- warning : cast from restricted __be32
- warning : cast from restricted __be16
and "mixed operation".
Signed-off-by: Guojia Liao <liaoguojia@huawei.com> Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 72fa490480ce5cd6a1b8ec741b369a470f93d61d) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Yonglong Liu [Wed, 19 Feb 2020 01:23:33 +0000 (09:23 +0800)]
net: hns3: add missing help info for QS shaper in debugfs
BugLink: https://launchpad.net/bugs/1867586
HNS3 driver can dump QS shaper configs via debugfs, but missing
help info in debugfs for this operation.
Signed-off-by: Yonglong Liu <liuyonglong@huawei.com> Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 89ec9485282a3470217628fbabf34c789b475763) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Yufeng Mo [Wed, 19 Feb 2020 01:23:32 +0000 (09:23 +0800)]
net: hns3: add support for dump MAC ID and loopback status in debugfs
BugLink: https://launchpad.net/bugs/1867586
The MAC ID and loopback status information are obtained from
the hardware, which will be helpful for debugging. This patch
adds support for these two items in debugfs.
Signed-off-by: Yufeng Mo <moyufeng@huawei.com> Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit ded45d406ca736b3c23e7d099318465620fcd0f1) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>