summaryrefslogtreecommitdiffstats
path: root/net/sched/sch_fifo.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2018-05-21cxgb4: copy the length of cpl_tx_pkt_core to fw_wrGanesh Goudar1-15/+14
immdlen field of FW_ETH_TX_PKT_WR is filled in a wrong way, we must copy the length of all the cpls encapsulated in fw work request. In the xmit path we missed adding the length of CPL_TX_PKT_CORE but we added the length of WR_HDR and it worked because WR_HDR and CPL_TX_PKT_CORE are of same length. Add the length of cpl_tx_pkt_core not WR_HDR's. This also fixes the lso cpl errors for udp tunnels Fixes: d0a1299c6bf7 ("cxgb4: add support for vxlan segmentation offload") Signed-off-by: Ganesh Goudar <ganeshgr@chelsio.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-21net: ethernet: Sort Kconfig sourcing alphabeticallyFlorian Fainelli1-8/+8
A number of entries were not alphabetically sorted, remedy that. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-21net: phy: phylink: Don't release NULL GPIOFlorian Fainelli1-1/+1
If CONFIG_GPIOLIB is disabled, gpiod_put() becomes a stub that produces a warning, this helped identify that we could be attempting to release a NULL pl->link_gpio GPIO descriptor, so guard against that. Fixes: daab3349ad1a ("net: phy: phylink: Release link GPIO") Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-21mv88e6xxx: Fix uninitialized variable warning.David S. Miller1-1/+1
In mv88e6xxx_probe(), ("np" or "pdata") might be an invariant but GCC can't see that, therefore: drivers/net/dsa/mv88e6xxx/chip.c: In function ‘mv88e6xxx_probe’: drivers/net/dsa/mv88e6xxx/chip.c:4420:13: warning: ‘compat_info’ may be used uninitialized in this function [-Wmaybe-uninitialized] chip->info = compat_info; Actually, it should have warned on the "if (!compat_info)" test, but whatever. Explicitly initialize to NULL in the variable declaration to deal with this. Fixes: 877b7cb0b6f2 ("net: dsa: mv88e6xxx: Add minimal platform_data support") Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-21net: dsa: b53: Extend platform data to include DSA portsFlorian Fainelli1-0/+4
The b53 driver already defines and internally uses platform data to let the glue drivers specify parameters such as the chip id. What we were missing was a way to tell the core DSA layer about the ports and their type. Place a dsa_chip_data structure at the beginning of b53_platform_data for dsa_register_switch() to access it. This does not require modifications to b53_common.c which will pass platform_data trough. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-21net: dsa: mv88e6xxx: Add support for EEPROM via platform dataAndrew Lunn3-5/+9
Add the size of the EEPROM to the platform data, so it can also be instantiated by a platform device. Signed-off-by: Andrew Lunn <andrew@lunn.ch> Reviewed-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-21net: dsa: mv88e6xxx: Add minimal platform_data supportAndrew Lunn3-7/+67
Not all the world uses device tree. Some parts of the world still use platform devices and platform data. Add basic support for probing a Marvell switch via platform data. Signed-off-by: Andrew Lunn <andrew@lunn.ch> Reviewed-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-21net: dsa: mv88e6xxx: Remove OF check for IRQ domainAndrew Lunn1-3/+0
An IRQ domain will work without an OF node. It is not possible to reference interrupts via a phandle, but C code can still use irq_find_mapping() to get an interrupt from the domain. Signed-off-by: Andrew Lunn <andrew@lunn.ch> Reviewed-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-21sh_eth: fix typo in comment to BCULR writeSergei Shtylyov1-1/+2
Simon has noticed a typo in the comment accompaining the BCULR write -- fix it and move the comment before the write (following the style of the other comments), while at it... Reported-by: Simon Horman <horms@verge.net.au> Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-21sh_eth: fix comment grammar in 'struct sh_eth_cpu_data'Sergei Shtylyov1-11/+11
All the verbs in the comments to the 'struct sh_eth_cpu_data' declaration should be in a 3rd person singular, to match the nouns. Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-21sh_eth: fix typo in EESR.TRO bit nameSergei Shtylyov2-7/+7
The correct name of the EESR bit 8 is TRO (transmit retry over), not RTO. Note that EESIPR bit 8, TROIP remained correct... Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-21net: hns3: Fix for CMDQ and Misc. interrupt init order problemYunsheng Lin1-8/+8
When vf module is loading, the cmd queue initialization should happen before misc interrupt initialization, otherwise the misc interrupt handle will cause using uninitialized cmd queue problem. There is also the same issue when vf module is unloading. This patch fixes it by adjusting the location of some function. Fixes: e2cb1dec9779 ("net: hns3: Add HNS3 VF HCL(Hardware Compatibility Layer) Support") Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com> Signed-off-by: Peng Li <lipeng321@huawei.com> Signed-off-by: Salil Mehta <salil.mehta@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-21net: hns3: Fixes kernel panic issue during rmmod hns3 driverXi Wang1-2/+2
If CONFIG_ARM_SMMU_V3 is enabled, arm64's dma_ops will replace arm64_swiotlb_dma_ops with iommu_dma_ops. When releasing contiguous dma memory, the new ops will call the vunmap function which cannot be run in interrupt context. Currently, spin_lock_bh is called before vunmap is executed. This disables BH and causes the interrupt context to be detected to generate a kernel panic like below: [ 2831.573400] kernel BUG at mm/vmalloc.c:1621! [ 2831.577659] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ... [ 2831.699907] Process rmmod (pid: 1893, stack limit = 0x0000000055103ee2) [ 2831.706507] Call trace: [ 2831.708941] vunmap+0x48/0x50 [ 2831.711897] dma_common_free_remap+0x78/0x88 [ 2831.716155] __iommu_free_attrs+0xa8/0x1c0 [ 2831.720255] hclge_free_cmd_desc+0xc8/0x118 [hclge] [ 2831.725128] hclge_destroy_cmd_queue+0x34/0x68 [hclge] [ 2831.730261] hclge_uninit_ae_dev+0x90/0x100 [hclge] [ 2831.735127] hnae3_unregister_ae_dev+0xb0/0x868 [hnae3] [ 2831.740345] hns3_remove+0x3c/0x90 [hns3] [ 2831.744344] pci_device_remove+0x48/0x108 [ 2831.748342] device_release_driver_internal+0x164/0x200 [ 2831.753553] driver_detach+0x4c/0x88 [ 2831.757116] bus_remove_driver+0x60/0xc0 [ 2831.761026] driver_unregister+0x34/0x60 [ 2831.764935] pci_unregister_driver+0x30/0xb0 [ 2831.769197] hns3_exit_module+0x10/0x978 [hns3] [ 2831.773715] SyS_delete_module+0x1f8/0x248 [ 2831.777799] el0_svc_naked+0x30/0x34 This patch fixes it by using spin_lock instead of spin_lock_bh. Fixes: 68c0a5c70614 ("net: hns3: Add HNS3 IMP(Integrated Mgmt Proc) Cmd Interface Support") Signed-off-by: Xi Wang <wangxi11@huawei.com> Signed-off-by: Peng Li <lipeng321@huawei.com> Signed-off-by: Salil Mehta <salil.mehta@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-21net: hns3: Fix for netdev not running problem after calling net_stop and ↵Fuyun Liang1-0/+3
net_open The link status update function is called by timer every second. But net_stop and net_open may be called with very short intervals. The link status update function can not detect the link state has changed. It causes the netdev not running problem. This patch fixes it by updating the link state in ae_stop function. Fixes: 46a3df9f9718 ("net: hns3: Add HNS3 Acceleration Engine & Compatibility Layer Support") Signed-off-by: Fuyun Liang <liangfuyun1@huawei.com> Signed-off-by: Peng Li <lipeng321@huawei.com> Signed-off-by: Salil Mehta <salil.mehta@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-21net: hns3: Use enums instead of magic number in hclge_is_special_opcodeHuazhong Tan1-1/+5
This patch does bit of a clean-up by using already defined enums for certain values in function hclge_is_special_opcode(). Below enums from have been used as replacements for magic values: enum hclge_opcode_type{ <snip> HCLGE_OPC_STATS_64_BIT = 0x0030, HCLGE_OPC_STATS_32_BIT = 0x0031, HCLGE_OPC_STATS_MAC = 0x0032, <snip> }; Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by: Peng Li <lipeng321@huawei.com> Signed-off-by: Salil Mehta <salil.mehta@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-21net: hns3: Fix for hns3 module is loaded multiple times problemXi Wang6-2/+8
If the hns3 driver has been built into kernel and then loaded with the same driver which built as KLM, it may trigger an error like below: [ 20.009555] hns3: Hisilicon Ethernet Network Driver for Hip08 Family - version [ 20.016789] hns3: Copyright (c) 2017 Huawei Corporation. [ 20.022100] Error: Driver 'hns3' is already registered, aborting... [ 23.517397] Unable to handle kernel NULL pointer dereference at virtual address 00000000 ... [ 23.691583] Process insmod (pid: 1982, stack limit = 0x00000000cd5f21cb) [ 23.698270] Call trace: [ 23.700705] __list_del_entry_valid+0x2c/0xd8 [ 23.705049] hnae3_unregister_client+0x68/0xa8 [ 23.709487] hns3_init_module+0x98/0x1000 [hns3] [ 23.714093] do_one_initcall+0x5c/0x170 [ 23.717918] do_init_module+0x64/0x1f4 [ 23.721654] load_module+0x1d14/0x24b0 [ 23.725390] SyS_init_module+0x158/0x208 [ 23.729300] el0_svc_naked+0x30/0x34 This patch fixes it by adding module version info. Fixes: 38caee9d3ee8 ("net: hns3: Add support of the HNAE3 framework") Signed-off-by: Xi Wang <wangxi11@huawei.com> Signed-off-by: Salil Mehta <salil.mehta@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-21net: hns3: Fix the missing client list node initializationXi Wang1-0/+2
This patch fixes the missing initialization of the client list node in the hnae3_register_client() function. Fixes: 76ad4f0ee747 ("net: hns3: Add support of HNS3 Ethernet Driver for hip08 SoC") Signed-off-by: Xi Wang <wangxi11@huawei.com> Signed-off-by: Peng Li <lipeng321@huawei.com> Signed-off-by: Salil Mehta <salil.mehta@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-21net: hns3: cleanup of return values in hclge_init_client_instance()Jian Shen1-8/+6
Removes the goto and directly returns in case of errors as part of the cleanup. Signed-off-by: Jian Shen <shenjian15@huawei.com> Signed-off-by: Peng Li <lipeng321@huawei.com> Signed-off-by: Salil Mehta <salil.mehta@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-21net: hns3: Fixes API to fetch ethernet header length with kernel defaultPeng Li1-102/+2
During the RX leg driver needs to fetch the ethernet header length from the RX'ed Buffer Descriptor. Currently, proprietary version hns3_nic_get_headlen is being used to fetch the header length which uses l234info present in the Buffer Descriptor which might not be valid for the first Buffer Descriptor if the packet is spanning across multiple descriptors. Kernel default eth_get_headlen API does the job correctly. Fixes: 76ad4f0ee747 ("net: hns3: Add support of HNS3 Ethernet Driver for hip08 SoC") Signed-off-by: Peng Li <lipeng321@huawei.com> Reviewed-by: Yisen Zhuang <yisen.zhuang@huawei.com> Signed-off-by: Salil Mehta <salil.mehta@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-21net: hns3: Fixes error reported by Kbuild and internal reviewSalil Mehta1-1/+3
This patch fixes the error reported by Intel's kbuild and fixes a return value in one of the legs, caught during review of the original patch sent by kbuild. Fixes: fdb793670a00 ("net: hns3: Add support of .sriov_configure in HNS3 driver") Signed-off-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Salil Mehta <salil.mehta@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-21r8169: fix network error on resume from suspendHeiner Kallweit1-19/+20
This commit removed calls to rtl_set_rx_mode(). This is ok for the standard path if the link is brought up, however it breaks system resume from suspend. Link comes up but no network traffic. Meanwhile common code from rtl_hw_start_8169/8101/8168() was moved to rtl_hw_start(), therefore re-add the call to rtl_set_rx_mode() there. Due to adding this call we have to move definition of rtl_hw_start() after definition of rtl_set_rx_mode(). Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com> Fixes: 82d3ff6dd199 ("r8169: remove calls to rtl_set_rx_mode") Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-21erspan: set bso bit based on mirrored packet's lenWilliam Tu1-0/+28
Before the patch, the erspan BSO bit (Bad/Short/Oversized) is not handled. BSO has 4 possible values: 00 --> Good frame with no error, or unknown integrity 11 --> Payload is a Bad Frame with CRC or Alignment Error 01 --> Payload is a Short Frame 10 --> Payload is an Oversized Frame Based the short/oversized definitions in RFC1757, the patch sets the bso bit based on the mirrored packet's size. Reported-by: Xiaoyan Jin <xiaoyanj@vmware.com> Signed-off-by: William Tu <u9012063@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-21Linux 4.17-rc6v4.17-rc6Linus Torvalds1-1/+1
2018-05-21Revert "ixgbe: release lock for the duration of ixgbe_suspend_close()"Jeff Kirsher1-8/+1
This reverts commit 6710f970d9979d8f03f6e292bb729b2ee1526d0e. Gotta love when developers have offline discussions, thinking everyone is reading their responses/dialog. The change had the potential for a number of race conditions on shutdown, which is why we are reverting the change. Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-21net: qcom/emac: Allocate buffers from local nodeHemanth Puranik1-2/+4
Currently we use non-NUMA aware allocation for TPD and RRD buffers, this patch modifies to use NUMA friendly allocation. Signed-off-by: Hemanth Puranik <hpuranik@codeaurora.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-20net: ip6_gre: fix tunnel metadata device sharing.William Tu1-22/+79
Currently ip6gre and ip6erspan share single metadata mode device, using 'collect_md_tun'. Thus, when doing: ip link add dev ip6gre11 type ip6gretap external ip link add dev ip6erspan12 type ip6erspan external RTNETLINK answers: File exists simply fails due to the 2nd tries to create the same collect_md_tun. The patch fixes it by adding a separate collect md tunnel device for the ip6erspan, 'collect_md_tun_erspan'. As a result, a couple of places need to refactor/split up in order to distinguish ip6gre and ip6erspan. First, move the collect_md check at ip6gre_tunnel_{unlink,link} and create separate function {ip6gre,ip6ersapn}_tunnel_{link_md,unlink_md}. Then before link/unlink, make sure the link_md/unlink_md is called. Finally, a separate ndo_uninit is created for ip6erspan. Tested it using the samples/bpf/test_tunnel_bpf.sh. Fixes: ef7baf5e083c ("ip6_gre: add ip6 erspan collect_md mode") Signed-off-by: William Tu <u9012063@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-20sh_eth: add R8A77980 supportSergei Shtylyov2-0/+45
Finally, add support for the DT probing of the R-Car V3H (AKA R8A77980) -- it's the only R-Car gen3 SoC having the GEther controller -- others have only EtherAVB... Based on the original (and large) patch by Vladimir Barinov. Signed-off-by: Vladimir Barinov <vladimir.barinov@cogentembedded.com> Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com> Reviewed-by: Simon Horman <horms+renesas@verge.net.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-20sh_eth: add EDMR.NBST supportSergei Shtylyov2-0/+6
The R-Car V3H (AKA R8A77980) GEther controller adds the DMA burst mode bit (NBST) in EDMR and the manual tells to always set it before doing any DMA. Based on the original (and large) patch by Vladimir Barinov. Signed-off-by: Vladimir Barinov <vladimir.barinov@cogentembedded.com> Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com> Reviewed-by: Simon Horman <horms+renesas@verge.net.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-20sh_eth: add RGMII supportSergei Shtylyov1-0/+3
The R-Car V3H (AKA R8A77980) GEther controller adds support for the RGMII PHY interface mode as a new value for the RMII_MII register. Based on the original (and large) patch by Vladimir Barinov. Signed-off-by: Vladimir Barinov <vladimir.barinov@cogentembedded.com> Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-20net: mvpp2: Add missing VLAN tag detectionMaxime Chevallier1-0/+3
Marvell PPv2 Header Parser sets some bits in the 'result_info' field in each lookup iteration, to identify different packet attributes such as DSA / VLAN tag, protocol infos, etc. This is used in further classification stages in the controller. It's the DSA tag detection entry that is in charge of detecting when there is a single VLAN tag. This commits adds the missing update of the result_info in this case. Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-19mlxsw: use devlink helper to generate physical port nameJiri Pirko4-20/+19
Since devlink knows the info needed to generate the physical port name in a generic way for all devlink users, use the helper to do the job. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-19dsa: set devlink port attrs for dsa portsJiri Pirko1-0/+24
Set the attrs and allow to expose port flavour to user via devlink. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-19devlink: introduce a helper to generate physical port namesJiri Pirko2-0/+42
Each driver implements physical port name generation by itself. However as devlink has all needed info, it can easily do the job for all its users. So implement this helper in devlink. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-19devlink: extend attrs_set for setting port flavoursJiri Pirko5-4/+24
Devlink ports can have specific flavour according to the purpose of use. This patch extend attrs_set so the driver can say which flavour port has. Initial flavours are: physical, cpu, dsa User can query this to see right away what is the purpose of each port. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-19devlink: introduce devlink_port_attrs_setJiri Pirko8-25/+64
Change existing setter for split port information into more generic attrs setter. Alongside with that, allow to set port number and subport number for split ports. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-19ARM: fix kill( ,SIGFPE) breakageRussell King2-14/+1
Commit 7771c6645700 ("signal/arm: Document conflicts with SI_USER and SIGFPE") broke the siginfo structure for userspace triggered signals, causing the strace testsuite to regress. Fix this by eliminating the FPE_FIXME definition (which is at the root of the breakage) and use FPE_FLTINV instead for the case where the hardware appears to be reporting nonsense. Fixes: 7771c6645700 ("signal/arm: Document conflicts with SI_USER and SIGFPE") Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
2018-05-19mmap: relax file size limit for regular filesLinus Torvalds1-1/+1
Commit be83bbf80682 ("mmap: introduce sane default mmap limits") was introduced to catch problems in various ad-hoc character device drivers doing mmap and getting the size limits wrong. In the process, it used "known good" limits for the normal cases of mapping regular files and block device drivers. It turns out that the "s_maxbytes" limit was less "known good" than I thought. In particular, /proc doesn't set it, but exposes one regular file to mmap: /proc/vmcore. As a result, that file got limited to the default MAX_INT s_maxbytes value. This went unnoticed for a while, because apparently the only thing that needs it is the s390 kernel zfcpdump, but there might be other tools that use this too. Vasily suggested just changing s_maxbytes for all of /proc, which isn't wrong, but makes me nervous at this stage. So instead, just make the new mmap limit always be MAX_LFS_FILESIZE for regular files, which won't affect anything else. It wasn't the regular file case I was worried about. I'd really prefer for maxsize to have been per-inode, but that is not how things are today. Fixes: be83bbf80682 ("mmap: introduce sane default mmap limits") Reported-by: Vasily Gorbik <gor@linux.ibm.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-05-19x86/MCE/AMD: Cache SMCA MISC block addressesBorislav Petkov1-15/+14
... into a global, two-dimensional array and service subsequent reads from that cache to avoid rdmsr_on_cpu() calls during CPU hotplug (IPIs with IRQs disabled). In addition, this fixes a KASAN slab-out-of-bounds read due to wrong usage of the bank->blocks pointer. Fixes: 27bd59502702 ("x86/mce/AMD: Get address from already initialized block") Reported-by: Johannes Hirte <johannes.hirte@datenkhaos.de> Tested-by: Johannes Hirte <johannes.hirte@datenkhaos.de> Signed-off-by: Borislav Petkov <bp@suse.de> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: Yazen Ghannam <yazen.ghannam@amd.com> Link: http://lkml.kernel.org/r/20180414004230.GA2033@probook
2018-05-19ARM: 8772/1: kprobes: Prohibit kprobes on get_user functionsMasami Hiramatsu2-0/+20
Since do_undefinstr() uses get_user to get the undefined instruction, it can be called before kprobes processes recursive check. This can cause an infinit recursive exception. Prohibit probing on get_user functions. Fixes: 24ba613c9d6c ("ARM kprobes: core code") Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org> Cc: stable@vger.kernel.org Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
2018-05-19ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstrMasami Hiramatsu1-1/+4
Prohibit kprobes on do_undefinstr because kprobes on arm is implemented by undefined instruction. This means if we probe do_undefinstr(), it can cause infinit recursive exception. Fixes: 24ba613c9d6c ("ARM kprobes: core code") Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org> Cc: stable@vger.kernel.org Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
2018-05-19ARM: 8770/1: kprobes: Prohibit probing on optimized_callbackMasami Hiramatsu1-0/+1
Prohibit probing on optimized_callback() because it is called from kprobes itself. If we put a kprobes on it, that will cause a recursive call loop. Mark it NOKPROBE_SYMBOL. Fixes: 0dc016dbd820 ("ARM: kprobes: enable OPTPROBES for ARM 32") Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org> Cc: stable@vger.kernel.org Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
2018-05-19ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabedMasami Hiramatsu1-1/+2
Since get_kprobe_ctlblk() uses smp_processor_id() to access per-cpu variable, it hits smp_processor_id sanity check as below. [ 7.006928] BUG: using smp_processor_id() in preemptible [00000000] code: swapper/0/1 [ 7.007859] caller is debug_smp_processor_id+0x20/0x24 [ 7.008438] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.16.0-rc1-00192-g4eb17253e4b5 #1 [ 7.008890] Hardware name: Generic DT based system [ 7.009917] [<c0313f0c>] (unwind_backtrace) from [<c030e6d8>] (show_stack+0x20/0x24) [ 7.010473] [<c030e6d8>] (show_stack) from [<c0c64694>] (dump_stack+0x84/0x98) [ 7.010990] [<c0c64694>] (dump_stack) from [<c071ca5c>] (check_preemption_disabled+0x138/0x13c) [ 7.011592] [<c071ca5c>] (check_preemption_disabled) from [<c071ca80>] (debug_smp_processor_id+0x20/0x24) [ 7.012214] [<c071ca80>] (debug_smp_processor_id) from [<c03335e0>] (optimized_callback+0x2c/0xe4) [ 7.013077] [<c03335e0>] (optimized_callback) from [<bf0021b0>] (0xbf0021b0) To fix this issue, call get_kprobe_ctlblk() right after irq-disabled since that disables preemption. Fixes: 0dc016dbd820 ("ARM: kprobes: enable OPTPROBES for ARM 32") Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org> Cc: stable@vger.kernel.org Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
2018-05-19ARM: replace unnecessary perl with sed and the shell $(( )) operatorRussell King1-5/+3
You can build a kernel in a cross compiling environment that doesn't have perl in the $PATH. Commit 429f7a062e3b broke that for 32 bit ARM. Fix it. As reported by Stephen Rothwell, it appears that the symbols can be either part of the BSS section or absolute symbols depending on the binutils version. When they're an absolute symbol, the $(( )) operator errors out and the build fails. Fix this as well. Fixes: 429f7a062e3b ("ARM: decompressor: fix BSS size calculation") Reported-by: Rob Landley <rob@landley.net> Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Acked-by: Rob Landley <rob@landley.net> Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
2018-05-19ARM: kexec: record parent context registers for non-crash CPUsRussell King1-1/+1
How we got to machine_crash_nonpanic_core() (iow, from an IPI, etc) is not interesting for debugging a crash. The more interesting context is the parent context prior to the IPI being received. Record the parent context register state rather than the register state in machine_crash_nonpanic_core(), which is more relevant to the failing condition. Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
2018-05-19ARM: kexec: fix kdump register saving on panic()Russell King1-12/+22
When a panic() occurs, the kexec code uses smp_send_stop() to stop the other CPUs, but this results in the CPU register state not being saved, and gdb is unable to inspect the state of other CPUs. Commit 0ee59413c967 ("x86/panic: replace smp_send_stop() with kdump friendly version in panic path") addressed the issue on x86, but ignored other architectures. Address the issue on ARM by splitting out the crash stop implementation to crash_smp_send_stop() and adding the necessary protection. Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
2018-05-19ARM: 8758/1: decompressor: restore r1 and r2 just before jumping to the kernelŁukasz Stelmach1-2/+2
The hypervisor setup before __enter_kernel destroys the value sotred in r1. The value needs to be restored just before the jump. Fixes: 6b52f7bdb888 ("ARM: hyp-stub: Use r1 for the soft-restart address") Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com> Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
2018-05-19ARM: 8753/1: decompressor: add a missing parameter to the addruart macroŁukasz Stelmach1-8/+8
In commit 639da5ee374b ("ARM: add an extra temp register to the low level debugging addruart macro") an additional temporary register was added to the addruart macro, but the decompressor code wasn't updated. Fixes: 639da5ee374b ("ARM: add an extra temp register to the low level debugging addruart macro") Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com> Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
2018-05-19x86/mm: Drop TS_COMPAT on 64-bit exec() syscallDmitry Safonov1-0/+1
The x86 mmap() code selects the mmap base for an allocation depending on the bitness of the syscall. For 64bit sycalls it select mm->mmap_base and for 32bit mm->mmap_compat_base. exec() calls mmap() which in turn uses in_compat_syscall() to check whether the mapping is for a 32bit or a 64bit task. The decision is made on the following criteria: ia32 child->thread.status & TS_COMPAT x32 child->pt_regs.orig_ax & __X32_SYSCALL_BIT ia64 !ia32 && !x32 __set_personality_x32() was dropping TS_COMPAT flag, but set_personality_64bit() has kept compat syscall flag making in_compat_syscall() return true during the first exec() syscall. Which in result has user-visible effects, mentioned by Alexey: 1) It breaks ASAN $ gcc -fsanitize=address wrap.c -o wrap-asan $ ./wrap32 ./wrap-asan true ==1217==Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly. ABORTING. ==1217==ASan shadow was supposed to be located in the [0x00007fff7000-0x10007fff7fff] range. ==1217==Process memory map follows: 0x000000400000-0x000000401000 /home/izbyshev/test/gcc/asan-exec-from-32bit/wrap-asan 0x000000600000-0x000000601000 /home/izbyshev/test/gcc/asan-exec-from-32bit/wrap-asan 0x000000601000-0x000000602000 /home/izbyshev/test/gcc/asan-exec-from-32bit/wrap-asan 0x0000f7dbd000-0x0000f7de2000 /lib64/ld-2.27.so 0x0000f7fe2000-0x0000f7fe3000 /lib64/ld-2.27.so 0x0000f7fe3000-0x0000f7fe4000 /lib64/ld-2.27.so 0x0000f7fe4000-0x0000f7fe5000 0x7fed9abff000-0x7fed9af54000 0x7fed9af54000-0x7fed9af6b000 /lib64/libgcc_s.so.1 [snip] 2) It doesn't seem to be great for security if an attacker always knows that ld.so is going to be mapped into the first 4GB in this case (the same thing happens for PIEs as well). The testcase: $ cat wrap.c int main(int argc, char *argv[]) { execvp(argv[1], &argv[1]); return 127; } $ gcc wrap.c -o wrap $ LD_SHOW_AUXV=1 ./wrap ./wrap true |& grep AT_BASE AT_BASE: 0x7f63b8309000 AT_BASE: 0x7faec143c000 AT_BASE: 0x7fbdb25fa000 $ gcc -m32 wrap.c -o wrap32 $ LD_SHOW_AUXV=1 ./wrap32 ./wrap true |& grep AT_BASE AT_BASE: 0xf7eff000 AT_BASE: 0xf7cee000 AT_BASE: 0x7f8b9774e000 Fixes: 1b028f784e8c ("x86/mm: Introduce mmap_compat_base() for 32-bit mmap()") Fixes: ada26481dfe6 ("x86/mm: Make in_compat_syscall() work during exec") Reported-by: Alexey Izbyshev <izbyshev@ispras.ru> Bisected-by: Alexander Monakov <amonakov@ispras.ru> Investigated-by: Andy Lutomirski <luto@kernel.org> Signed-off-by: Dmitry Safonov <dima@arista.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Cyrill Gorcunov <gorcunov@openvz.org> Cc: Borislav Petkov <bp@suse.de> Cc: Alexander Monakov <amonakov@ispras.ru> Cc: Dmitry Safonov <0x7f454c46@gmail.com> Cc: stable@vger.kernel.org Cc: linux-mm@kvack.org Cc: Andy Lutomirski <luto@kernel.org> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Cyrill Gorcunov <gorcunov@openvz.org> Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com> Link: https://lkml.kernel.org/r/20180517233510.24996-1-dima@arista.com
2018-05-19objtool: Detect RIP-relative switch table references, part 2Josh Poimboeuf1-25/+12
With the following commit: fd35c88b7417 ("objtool: Support GCC 8 switch tables") I added a "can't find switch jump table" warning, to stop covering up silent failures if add_switch_table() can't find anything. That warning found yet another bug in the objtool switch table detection logic. For cases 1 and 2 (as described in the comments of find_switch_table()), the find_symbol_containing() check doesn't adjust the offset for RIP-relative switch jumps. Incidentally, this bug was already fixed for case 3 with: 6f5ec2993b1f ("objtool: Detect RIP-relative switch table references") However, that commit missed the fix for cases 1 and 2. The different cases are now starting to look more and more alike. So fix the bug by consolidating them into a single case, by checking the original dynamic jump instruction in the case 3 loop. This also simplifies the code and makes it more robust against future switch table detection issues -- of which I'm sure there will be many... Switch table detection has been the most fragile area of objtool, by far. I long for the day when we'll have a GCC plugin for annotating switch tables. Linus asked me to delay such a plugin due to the flakiness of the plugin infrastructure in older versions of GCC, so this rickety code is what we're stuck with for now. At least the code is now a little simpler than it was. Reported-by: kbuild test robot <lkp@intel.com> Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Link: http://lkml.kernel.org/r/f400541613d45689086329432f3095119ffbc328.1526674218.git.jpoimboe@redhat.com Signed-off-by: Ingo Molnar <mingo@kernel.org>
2018-05-19efi/libstub/arm64: Handle randomized TEXT_OFFSETMark Rutland1-0/+10
When CONFIG_RANDOMIZE_TEXT_OFFSET=y, TEXT_OFFSET is an arbitrary multiple of PAGE_SIZE in the interval [0, 2MB). The EFI stub does not account for the potential misalignment of TEXT_OFFSET relative to EFI_KIMG_ALIGN, and produces a randomized physical offset which is always a round multiple of EFI_KIMG_ALIGN. This may result in statically allocated objects whose alignment exceeds PAGE_SIZE to appear misaligned in memory. This has been observed to result in spurious stack overflow reports and failure to make use of the IRQ stacks, and theoretically could result in a number of other issues. We can OR in the low bits of TEXT_OFFSET to ensure that we have the necessary offset (and hence preserve the misalignment of TEXT_OFFSET relative to EFI_KIMG_ALIGN), so let's do that. Reported-by: Kim Phillips <kim.phillips@arm.com> Tested-by: Kim Phillips <kim.phillips@arm.com> [ardb: clarify comment and commit log, drop unneeded parens] Signed-off-by: Mark Rutland <mark.rutland@arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-efi@vger.kernel.org Fixes: 6f26b3671184c36d ("arm64: kaslr: increase randomization granularity") Link: http://lkml.kernel.org/r/20180518140841.9731-2-ard.biesheuvel@linaro.org Signed-off-by: Ingo Molnar <mingo@kernel.org>