Add touchscreen info for the Trekstor Yourbook C11B. It seems to
use the same touchscreen as the Primebook C11, so we only add a new DMI
match.
Cc: Otmar Meier <otmarjun.meier@nexgo.de>
Reported-and-tested-by: Otmar Meier <otmarjun.meier@nexgo.de>
Signed-off-by: Bernhard Übelacker <bernhardu@mailbox.org>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
For hardware blocked wireless switch we check two bits. Introduce
HPWMI_POWER_FW_OR_HW enum to increase readability and for easier
maintenance.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
First of all, unsigned long can overflow u32 value on 64-bit machine.
Second, simple_strtoul() doesn't check for overflow in the input.
Convert simple_strtoul() to kstrtou32() to eliminate above issues.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Refactor postcode_store() to follow standard patterns of error handling.
While at it, switch to use kstrtobool().
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Using space in module alias makes it harder to parse modules.alias.
Replace it by a star(*).
Reviewed-by: Peter Kästle <peter@piie.net>
Signed-off-by: Chih-Wei Huang <cwhuang@linux.org.tw>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Fix timeout issue on some Ice Lake servers, where mail box command is
timing out before the response,
Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
VNIC protocol version is reported in big-endian format, but it
is not byteswapped before logging. Fix that, and remove version
comparison as only one protocol version exists at this time.
Signed-off-by: Thomas Falcon <tlfalcon@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
st21nfca_tm_send_atr_res() misses to call kfree_skb() in an error path.
Add the missed function call to fix it.
Fixes: 1892bf844e ("NFC: st21nfca: Adding P2P support to st21nfca in Initiator & Target mode")
Signed-off-by: Chuhong Yuan <hslester96@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
In commit 19e16d220f ("neigh: support smaller retrans_time settting")
we add more accurate control for ARP and NS. But for ARP I forgot to
update the latest guard in neigh_timer_handler(), then the next
retransmit would be reset to jiffies + HZ/2 if we set the retrans_time
less than 500ms. Fix it by setting the time_before() check to HZ/100.
IPv6 does not have this issue.
Reported-by: Jianwen Ji <jiji@redhat.com>
Fixes: 19e16d220f ("neigh: support smaller retrans_time settting")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEGhZs6bAKwk/OTgTpSD+KveBX+j4FAl7Ra5oACgkQSD+KveBX
+j6TVQgAr/LLADIfJJxxMWEU9hjEdBx1H0ojxkh/OZRqwkkKsffmeeQm2Ovei1aY
VRhyj6kr2UGYu970dtDzEVTZePdk+Hgapl3v6cIXM4IMPKGsUkYrhcaopyub1vRV
g/3uClIbVmgtxX7NBSJL1e6KGvrGQJ9OFEaNw8gHrN5+ba4qW9PIhMnoybQ0S2r4
eE39I4ZDWU6SAWqbVNTmiwpycPb6mtTRu3zfeX04+4hprQTPpyJ5rKtvKABLVRoY
upkOSPCxUVIzspci/FlfXNzXb08MelVl2o7LUzklQVIiQpnsnY+hBg+y8qTMQ4TA
ErFI/P2vl+UwOwqKV7RwB78q3l9A4w==
=hk6W
-----END PGP SIGNATURE-----
Merge tag 'mlx5-fixes-2020-05-28' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux
Saeed Mahameed says:
====================
mlx5 fixes 2020-05-28
This series introduces some fixes to mlx5 driver.
v1->v2:
- Fix bad sha1, Jakub.
- Added one more patch by Pablo.
net/mlx5e: replace EINVAL in mlx5e_flower_parse_meta()
Nothing major, the only patch worth mentioning is the suspend/resume crash
fix by adding the missing pci device handlers, the fix is very straight
forward and as Dexuan already expressed, the patch is important for Azure
users to avoid crash on VM hibernation, patch is marked for -stable v4.6
below.
Conflict note:
('net/mlx5e: Fix MLX5_TC_CT dependencies') has a trivial one line conflict
with current net-next, which can be resolved by simply using the line from
net-next.
Please pull and let me know if there is any problem.
For -stable v4.6
('net/mlx5: Fix crash upon suspend/resume')
For -stable v5.6
('net/mlx5e: replace EINVAL in mlx5e_flower_parse_meta()')
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
This time there is one fix for the error path in the mediatek cmdq driver
(used by their video driver) and a couple of devicetree fixes, mostly
for 32-bit ARM, and fairly harmless:
- On OMAP2 there were a few regressions in the ethernet drivers,
one of them leading to an external abort trap
- One Raspberry Pi version had a misconfigured LED
- Interrupts on Broadcom NSP were slightly misconfigured
- One i.MX6q board had issues with graphics mode setting
- On mmp3 there are some minor fixes that were submitted for
v5.8 with a cc:stable tag, so I ended up picking them up
here as well
- The Mediatek Video Codec needs to run at a higher frequency
than configured originally
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAl7Rin0ACgkQmmx57+YA
GNlD7A//ehGZi+AinBWiCupunm26EekqJE2hp8gZMCYAil5jm3Djk4oib6xHFSIB
+z6H0gXfi/cqeMNkch3aPW0Rhqm6JhvOpkVmBEzwXSj1W9TQz6Xvhy58Aa3E1h/A
2FyoC4pm9hKOlamaEUkaOLblMhLRla1fpgewmB6qGPNWZx6gNX45cxawqn9t4M7/
tjDa9s+Df8YxeS08thK6PVwZ3zdVQLFfhuZR0/tCpBgikYSuK+e9W9R7IealPPs5
iPTBeFpJVbtapaEaXHyjlyUn+0TdiEq5nrFwv6vMc08kIrZl9Ej9DSel0pq+mEDT
b/v5J3FBgcq20kTBfeU2fYw5Sr6bZ7Ojm0ZMnFou60CPX7R18FDbgl8+ISOK8wmV
1m+0V+tNYg7Mxu0IXBTHuZ98oMH3YeFmmYUOUIp5wmxHH/wsAePUxroRQXDZHtBA
XEAN4qOztNtNrz1+iKwe03tls50baF0oey0N6AqH+yH6DvBbbIRYZxgAvErdh8YU
67hbKnhYpK7gsGeCJ/f056TKUizsX923pU6e5XapdG9bNXLm5lgC2dSA2iPJjws/
ppcbQjQTef1j2MPs97Al0Q3wbPTiq4dM0na1B//iyBZOAQf3niZPaUdbPngbNCra
FZmVhdKkhI7EAIBAS+9haK/v6RKrMJytJd6z6o4GTRL0CElahdw=
=E8Pg
-----END PGP SIGNATURE-----
Merge tag 'armsoc-fixes-v5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
Pull ARM SoC fixes from Arnd Bergmann:
"This time there is one fix for the error path in the mediatek cmdq
driver (used by their video driver) and a couple of devicetree fixes,
mostly for 32-bit ARM, and fairly harmless:
- On OMAP2 there were a few regressions in the ethernet drivers, one
of them leading to an external abort trap
- One Raspberry Pi version had a misconfigured LED
- Interrupts on Broadcom NSP were slightly misconfigured
- One i.MX6q board had issues with graphics mode setting
- On mmp3 there are some minor fixes that were submitted for v5.8
with a cc:stable tag, so I ended up picking them up here as well
- The Mediatek Video Codec needs to run at a higher frequency than
configured originally"
* tag 'armsoc-fixes-v5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
ARM: dts: mmp3: Drop usb-nop-xceiv from HSIC phy
ARM: dts: mmp3-dell-ariel: Fix the SPI devices
ARM: dts: mmp3: Use the MMP3 compatible string for /clocks
ARM: dts: bcm: HR2: Fix PPI interrupt types
ARM: dts: bcm2835-rpi-zero-w: Fix led polarity
ARM: dts/imx6q-bx50v3: Set display interface clock parents
soc: mediatek: cmdq: return send msg error code
arm64: dts: mt8173: fix vcodec-enc clock
ARM: dts: Fix wrong mdio clock for dm814x
ARM: dts: am437x: fix networking on boards with ksz9031 phy
ARM: dts: am57xx: fix networking on boards with ksz9031 phy
Alexei Starovoitov says:
====================
pull-request: bpf 2020-05-29
The following pull-request contains BPF updates for your *net* tree.
We've added 6 non-merge commits during the last 7 day(s) which contain
a total of 4 files changed, 55 insertions(+), 34 deletions(-).
The main changes are:
1) minor verifier fix for fmod_ret progs, from Alexei.
2) af_xdp overflow check, from Bjorn.
3) minor verifier fix for 32bit assignment, from John.
4) powerpc has non-overlapping addr space, from Petr.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
ColdFire is a big-endian cpu with a big-endian dspi hw module,
so, it uses native access, but memcpy breaks the endianness.
So, if i understand properly, by native copy we would mean
be(cpu)->be(dspi) or le(cpu)->le(dspi) accesses, so my fix
shouldn't break anything, but i couldn't test it on LS family,
so every test is really appreciated.
Fixes: 53fadb4d90 ("spi: spi-fsl-dspi: Simplify bytes_per_word gymnastics")
Signed-off-by: Angelo Dureghello <angelo.dureghello@timesys.com>
Tested-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Link: https://lore.kernel.org/r/20200529195756.184677-1-angelo.dureghello@timesys.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Now let's rename __wbt_update_limits to wbt_update_limits after the
previous one is deleted.
Signed-off-by: Guoqing Jiang <guoqing.jiang@cloud.ionos.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
No one call this function after commit 2af2783f2e ("rq-qos: get rid of
redundant wbt_update_limits()"), so remove it.
Signed-off-by: Guoqing Jiang <guoqing.jiang@cloud.ionos.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
After blk_throtl_drain is removed, there is no caller of tg_drain_bios,
so remove it as well.
Signed-off-by: Guoqing Jiang <guoqing.jiang@cloud.ionos.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
After the commit 5addeae1be ("blk-cgroup: remove blkcg_drain_queue"),
there is no caller of blk_throtl_drain, so let's remove it.
Signed-off-by: Guoqing Jiang <guoqing.jiang@cloud.ionos.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
-----BEGIN PGP SIGNATURE-----
iQFHBAABCAAxFiEEydHwtzie9C7TfviiSn/eOAIR84sFAl7RKm4THGlkcnlvbW92
QGdtYWlsLmNvbQAKCRBKf944AhHzi6BJB/4pz7N1K3sqs3OXHsHHnMnpTmxV5lU3
4pXDivwESypxJKBDZ96qgSNMGgL9XpxChfA/LCYVy92LvIbjr9vrUh9386Q2arqw
nRe4kTiN7Y8HkLb47GmqzCQdxgGVC35OZJZQzdM5y9rVEH9nbEUHWhsvCHYUR8Cb
Ndm7hT6QzLRTQzlUhu0lPfLc84R0Hl5aFJNkA7enbXL7s9yfTYRf9+zcl+8VOI09
X01OOxsOVNoQUzhTn2Y+SDFLr5N7CNtW7UN17S6sCiiA0XgodxeWmnxl2aaVMG+z
VbsXQPr9ma4gYaD7BjzqaPEQqpgoTrmNqPkrzSzZbFHRc+GC3S5PiLwU
=TOVq
-----END PGP SIGNATURE-----
Merge tag 'ceph-for-5.7-rc8' of git://github.com/ceph/ceph-client
Pull ceph fixes from Ilya Dryomov:
"Cache tiering and cap handling fixups, both marked for stable"
* tag 'ceph-for-5.7-rc8' of git://github.com/ceph/ceph-client:
ceph: flush release queue when handling caps for unknown inode
libceph: ignore pool overlay and cache logic on redirects
waiting for completion on cpu_running.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE5RElWfyWxS+3PLO2a9axLQDIXvEFAl7RNTMACgkQa9axLQDI
XvFU+A//Q805+HR9CHmy9PvIVNgyfWmB5IReXY9LVC0q9Enk6izOoI0CYDI/3X19
v7ASxnXfzx4TGUjra1uvEwKkBeODifZbgOfmwa6XQjr9R5gAF8gVWomswx3wqoUB
qf1bA6VJUjlOKmEs1EASY8TXd15EoYA30Xw0E9UHGflWfVwMRoDCYrl7XCR32qGM
xVR3AhkxvVrsDM2aaV4tT7sG2+ypfoV+j/AX6HaTmEjL8bKTweu8oQkeLXNGSV7c
LHD07vM/RGUbHN6sgSZBPU7zzGCVyr0UqtPKZXaBg5hLkbYHiY9E4xUH2Z3+MosC
MSGvqi3V/kSkkeDYfURhOo6Li4q8dvRW7fLcy3rFA/ZJVK25KJkm6D+nyOMkQJhJ
IEHz1iavthdsVCL2qVVHKvE1J1S/kc7bQ5ebfcyHpU5TFokDzrux1j+Qvy2v7cgd
EPRba7yTx+LxDDAuozataHoTjbgz3RRC20ficMnvZnSk9BcFxiKRF5KkkM/C+Hf9
br1c4O3LqI1kCVBoqe8GXjfQheEKom60gUjqbR28PP1vSIjoea0zhP3bXSX5/lzV
uv4u0KlIS1wN5qMaLeZD7bo+9mCrwOi/uu3lZDiderlkQdSqhjzBR7kvR9y1WhBy
SMqkCIc99dALJRDZrlUA3ImC2dF+nI+jWhuHFQbdxcNhpuK1BGo=
=468t
-----END PGP SIGNATURE-----
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fix from Catalin Marinas:
"Ensure __cpu_up() returns an error if cpu_online() is false after
waiting for completion on cpu_running"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64/kernel: Fix return value when cpu_online() fails in __cpu_up()
Pull parisc fix from Helge Deller:
"Fix a kernel panic at boot time for some HP-PARISC machines"
* 'parisc-5.7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
parisc: Fix kernel panic in mem_init()
Including:
- Two compile test fixes for issues introduced during the
5.7-rc1 merge window.
- A fix for a reference count leak in an error path of
iommu_group_alloc().
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEr9jSbILcajRFYWYyK/BELZcBGuMFAl7RWq0ACgkQK/BELZcB
GuOOtQ//cue8YWh3c3wpiSYLSqFETqojpNh8qCG1XZLjbqR67Ysfio0JWO0CvG68
X/KLJ0fXQoHj6ifVLo693ylQsRiAYC6wABzltT5MLmEpgy9r3lIR4WJd6F8zjGYm
wy6am2QulKR05+JtEZag7gIhQqtfc6UoLnceEJpfb+eqzIMma0V3l11vWBWbeaEH
pARisxqLkooi8nosrScSjLnL8pzMYbekKKoEiB+U9wcDM/bOJThdRNnmYePXef+O
oR+qGbIKyOpvBuLGcfvvRHn/p+GPizzHZW6O8VYBbG3s6fLr7jtB2Y0yUtD1rbwZ
1PbxmVfMqxHM45I8bJLx2R7cOWtZN767e5jplk8sSdurg0CtQluh90Zt9w+u+MkG
SVXCBUTBoUqbnKDed4VMfB7TcBIpBOp4XEt20E410EayQrhp10Pcs75ZA7ydFjFd
Z3H7fVjTmxvBn1VNK/oTSOOHgNTG3V5c184zqjmxUnO+SB0z96Po4t2b3jlU4H84
H/uHBoqTpH2CN3U/dCbxc0LyWkZUB6aRCtxdTwuc3tqCY3oHefU2GurEEDt24F5Z
a1NZi6ezmP2Qilu10bYFcUq84S/ZkOy05dh7rAq5kh3KWTSc608vNx16vJAL1RyM
9lF+GKm1q9gLa7JXgO43XgISnbMLeIo4PwqSNEMOkDRMj9R/Lm4=
=JtbT
-----END PGP SIGNATURE-----
Merge tag 'iommu-fixes-v5.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu
Pull iommu fixes from Joerg Roedel:
- Two build fixes for issues introduced during the merge window
- A fix for a reference count leak in an error path of
iommu_group_alloc()
* tag 'iommu-fixes-v5.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
iommu: Fix reference count leak in iommu_group_alloc.
x86: Hide the archdata.iommu field behind generic IOMMU_API
ia64: Hide the archdata.iommu field behind generic IOMMU_API
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAl7RbAcQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgpjytD/9ptRsnVCTj2H7dFFcGzMaN6OUBGJqSpCHm
5XnZEcdhKPCHl8iDxlPBKT++X8CQd0vW6fBHO1UAfZvbDsyRR3/oGJ6kO9k/4e9d
UpG1N3lpebnvbonoXamriUs94J+r5FQ45wRRbO6eARMzpcg1Cf1EjGSz/7WAeYgV
zW/wv9cDPwCK2sS/fAeLW7kQNkn65nxUehyNdwlYjv1FuYDrQG2etEgVMFb2VLSz
QkYd5ftZHjNNLUCi/XTaO+j0zAcVRFPo2RZXkyk1iuYzcVc7E/FtMoQp1Bx5plbA
0GKldQkoG6KOCh1D5WRX5vPVDmAR9Xs/XF8yDo/WohqpVppMVWj4cyvqe2ae/OhQ
5xlz2JWhFRdUxUmADMHibeQMmmd6QNHvuzjR9HUnAzKW0FPJLEzETcWGRDTDfsN1
XRT3QbvcZ0Ks8ewVhTXJrolkR9oAtzb/P1z0Xq4QHbqSUMBC2qaJWYVvjM5ZUC2U
53YDXWa+SAb/G/loJVmr8qPcGfQtjWPOBc5/kz+PifjgmzR8eTgOEGvQFhsjJHCw
HSM9X41boathhJt1nt/YLYkCA1zgvXjb/F+tTDsu4aau1Skhxd1foDQML5+oGlKA
eS2hF4V3pyZ0r3X17Y7ykiKpBAHx5cqksFd44lfl4772WiQIM/rrEHgOFhMjh6Bi
mG4Sl6vOvA==
=GfOk
-----END PGP SIGNATURE-----
Merge tag 'block-5.7-2020-05-29' of git://git.kernel.dk/linux-block
Pull block fixes from Jens Axboe:
"Two small fixes:
- Revert a block change that mixed up the return values for non-mq
devices
- NVMe poll race fix"
* tag 'block-5.7-2020-05-29' of git://git.kernel.dk/linux-block:
Revert "block: end bio with BLK_STS_AGAIN in case of non-mq devs and REQ_NOWAIT"
nvme-pci: avoid race between nvme_reap_pending_cqes() and nvme_poll()
A few bug fixes:
- Incorrect error unwind in qib and pvrdma
- User triggerable NULL pointer crash in mlx5 with ODP prefetch
- syzkaller RCU race in uverbs
- Rare double free crash in ipoib
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEfB7FMLh+8QxL+6i3OG33FX4gmxoFAl7RDU8ACgkQOG33FX4g
mxrhnQ/8DLbe0xnNpEoHjllcb2CfEIQQQoHgoXZU6NF0EaXwXiM4G2SwVVP4cftN
7oSGcvrp0YnBrGHp10unu3UX0IUpaw867jNyNC6QKj5RPinHR6IUjJYC4PugAtoc
RQbyb5Y6Y0PEIhn15vhCOTEwvRDgu9GlXEe6ks0W5143rDF0L96Pr8BJC34HRGUp
sx+aAkNCT9guuWUNBn5u3XDsboo+XjbeyDwywe9dzCmLKatWEd+y2XdPORGu4OvQ
+7jtYTj/nGe4wWB3q5uIrFbD2eml8TcGStLKtF4hcijVk2L09xKyIL9dKHWuqc/0
0tzD2iYvIh31BEIloucC2UXAY2gBSp8t03yDxruuAtDWXsxoS5ic/4Lo2H/mKIoy
AYIcFJSMr05ujukl6jAHALAUBKLCsYY4Emwk14V970r6ltQNhnC9eps3E4/vbwRf
SrhlaVFaMUfHdClNwc5mVloo/XJ6AbkTMFJLHUmcxYBXLT/42/0iNfctW03sFZ+K
0lq0oGbAA52DHy6kUZ122n0b4B8no/W7CP6cvSiQGgAszUcLG9q+o+U/9VPZmBtG
nfXzMv6QMHxASKCbetqDJ8WqI6LgzYkWJxOVe7DvpeqHLAFxqNYBh3y6by2lm4Dh
gfJt1CMH4qFtXbjP1HfMV9RFVj74PJgQZfI/ILmh9kPLeXKVy5s=
=uF5R
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
Pull rdma fixes from Jason Gunthorpe:
"Nothing profound here, just a last set of long standing bug fixes:
- Incorrect error unwind in qib and pvrdma
- User triggerable NULL pointer crash in mlx5 with ODP prefetch
- syzkaller RCU race in uverbs
- Rare double free crash in ipoib"
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode
RDMA/core: Fix double destruction of uobject
RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe()
RDMA/mlx5: Fix NULL pointer dereference in destroy_prefetch_work
IB/qib: Call kobject_put() when kobject_init_and_add() fails
Added a verifier test for assigning 32bit reg states to
64bit where 32bit reg holds a constant value of 0.
Without previous kernel verifier.c fix, the test in
this patch will fail.
Signed-off-by: Yonghong Song <yhs@fb.com>
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/159077335867.6014.2075350327073125374.stgit@john-Precision-5820-Tower
After previous fix for zero extension test_verifier tests #65 and #66 now
fail. Before the fix we can see the alu32 mov op at insn 10
10: R0_w=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R1_w=invP(id=0,
smin_value=4294967168,smax_value=4294967423,
umin_value=4294967168,umax_value=4294967423,
var_off=(0x0; 0x1ffffffff),
s32_min_value=-2147483648,s32_max_value=2147483647,
u32_min_value=0,u32_max_value=-1)
R10=fp0 fp-8_w=mmmmmmmm
10: (bc) w1 = w1
11: R0_w=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R1_w=invP(id=0,
smin_value=0,smax_value=2147483647,
umin_value=0,umax_value=4294967295,
var_off=(0x0; 0xffffffff),
s32_min_value=-2147483648,s32_max_value=2147483647,
u32_min_value=0,u32_max_value=-1)
R10=fp0 fp-8_w=mmmmmmmm
After the fix at insn 10 because we have 's32_min_value < 0' the following
step 11 now has 'smax_value=U32_MAX' where before we pulled the s32_max_value
bound into the smax_value as seen above in 11 with smax_value=2147483647.
10: R0_w=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R1_w=inv(id=0,
smin_value=4294967168,smax_value=4294967423,
umin_value=4294967168,umax_value=4294967423,
var_off=(0x0; 0x1ffffffff),
s32_min_value=-2147483648, s32_max_value=2147483647,
u32_min_value=0,u32_max_value=-1)
R10=fp0 fp-8_w=mmmmmmmm
10: (bc) w1 = w1
11: R0_w=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R1_w=inv(id=0,
smin_value=0,smax_value=4294967295,
umin_value=0,umax_value=4294967295,
var_off=(0x0; 0xffffffff),
s32_min_value=-2147483648, s32_max_value=2147483647,
u32_min_value=0, u32_max_value=-1)
R10=fp0 fp-8_w=mmmmmmmm
The fall out of this is by the time we get to the failing instruction at
step 14 where previously we had the following:
14: R0_w=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R1_w=inv(id=0,
smin_value=72057594021150720,smax_value=72057594029539328,
umin_value=72057594021150720,umax_value=72057594029539328,
var_off=(0xffffffff000000; 0xffffff),
s32_min_value=-16777216,s32_max_value=-1,
u32_min_value=-16777216,u32_max_value=-1)
R10=fp0 fp-8_w=mmmmmmmm
14: (0f) r0 += r1
We now have,
14: R0_w=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R1_w=inv(id=0,
smin_value=0,smax_value=72057594037927935,
umin_value=0,umax_value=72057594037927935,
var_off=(0x0; 0xffffffffffffff),
s32_min_value=-2147483648,s32_max_value=2147483647,
u32_min_value=0,u32_max_value=-1)
R10=fp0 fp-8_w=mmmmmmmm
14: (0f) r0 += r1
In the original step 14 'smin_value=72057594021150720' this trips the logic
in the verifier function check_reg_sane_offset(),
if (smin >= BPF_MAX_VAR_OFF || smin <= -BPF_MAX_VAR_OFF) {
verbose(env, "value %lld makes %s pointer be out of bounds\n",
smin, reg_type_str[type]);
return false;
}
Specifically, the 'smin <= -BPF_MAX_VAR_OFF' check. But with the fix
at step 14 we have bounds 'smin_value=0' so the above check is not tripped
because BPF_MAX_VAR_OFF=1<<29.
We have a smin_value=0 here because at step 10 the smaller smin_value=0 means
the subtractions at steps 11 and 12 bring the smin_value negative.
11: (17) r1 -= 2147483584
12: (17) r1 -= 2147483584
13: (77) r1 >>= 8
Then the shift clears the top bit and smin_value is set to 0. Note we still
have the smax_value in the fixed code so any reads will fail. An alternative
would be to have reg_sane_check() do both smin and smax value tests.
To fix the test we can omit the 'r1 >>=8' at line 13. This will change the
err string, but keeps the intention of the test as suggseted by the title,
"check after truncation of boundary-crossing range". If the verifier logic
changes a different value is likely to be thrown in the error or the error
will no longer be thrown forcing this test to be examined. With this change
we see the new state at step 13.
13: R0_w=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R1_w=invP(id=0,
smin_value=-4294967168,smax_value=127,
umin_value=0,umax_value=18446744073709551615,
s32_min_value=-2147483648,s32_max_value=2147483647,
u32_min_value=0,u32_max_value=-1)
R10=fp0 fp-8_w=mmmmmmmm
Giving the expected out of bounds error, "value -4294967168 makes map_value
pointer be out of bounds" However, for unpriv case we see a different error
now because of the mixed signed bounds pointer arithmatic. This seems OK so
I've only added the unpriv_errstr for this. Another optino may have been to
do addition on r1 instead of subtraction but I favor the approach above
slightly.
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/159077333942.6014.14004320043595756079.stgit@john-Precision-5820-Tower
With the latest trunk llvm (llvm 11), I hit a verifier issue for
test_prog subtest test_verif_scale1.
The following simplified example illustrate the issue:
w9 = 0 /* R9_w=inv0 */
r8 = *(u32 *)(r1 + 80) /* __sk_buff->data_end */
r7 = *(u32 *)(r1 + 76) /* __sk_buff->data */
......
w2 = w9 /* R2_w=inv0 */
r6 = r7 /* R6_w=pkt(id=0,off=0,r=0,imm=0) */
r6 += r2 /* R6_w=inv(id=0) */
r3 = r6 /* R3_w=inv(id=0) */
r3 += 14 /* R3_w=inv(id=0) */
if r3 > r8 goto end
r5 = *(u32 *)(r6 + 0) /* R6_w=inv(id=0) */
<== error here: R6 invalid mem access 'inv'
...
end:
In real test_verif_scale1 code, "w9 = 0" and "w2 = w9" are in
different basic blocks.
In the above, after "r6 += r2", r6 becomes a scalar, which eventually
caused the memory access error. The correct register state should be
a pkt pointer.
The inprecise register state starts at "w2 = w9".
The 32bit register w9 is 0, in __reg_assign_32_into_64(),
the 64bit reg->smax_value is assigned to be U32_MAX.
The 64bit reg->smin_value is 0 and the 64bit register
itself remains constant based on reg->var_off.
In adjust_ptr_min_max_vals(), the verifier checks for a known constant,
smin_val must be equal to smax_val. Since they are not equal,
the verifier decides r6 is a unknown scalar, which caused later failure.
The llvm10 does not have this issue as it generates different code:
w9 = 0 /* R9_w=inv0 */
r8 = *(u32 *)(r1 + 80) /* __sk_buff->data_end */
r7 = *(u32 *)(r1 + 76) /* __sk_buff->data */
......
r6 = r7 /* R6_w=pkt(id=0,off=0,r=0,imm=0) */
r6 += r9 /* R6_w=pkt(id=0,off=0,r=0,imm=0) */
r3 = r6 /* R3_w=pkt(id=0,off=0,r=0,imm=0) */
r3 += 14 /* R3_w=pkt(id=0,off=14,r=0,imm=0) */
if r3 > r8 goto end
...
To fix the above issue, we can include zero in the test condition for
assigning the s32_max_value and s32_min_value to their 64-bit equivalents
smax_value and smin_value.
Further, fix the condition to avoid doing zero extension bounds checks
when s32_min_value <= 0. This could allow for the case where bounds
32-bit bounds (-1,1) get incorrectly translated to (0,1) 64-bit bounds.
When in-fact the -1 min value needs to force U32_MAX bound.
Fixes: 3f50f132d8 ("bpf: Verifier, do explicit ALU32 bounds tracking")
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/159077331983.6014.5758956193749002737.stgit@john-Precision-5820-Tower
Only a few last-minute small fixes: the change in ALSA core hwdep is
about the undefined behavior of bit shift, which is almost harmless
but still worth to pick up quickly. The rest are all device-specific
fixes for HD-audio and USB-audio, and safe to apply at the late
stage.
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAl7PcrgOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE8uMRAA1LDDgWLNFSZHMfbN3usHHZryFXfCxUPXtEyi
/EdNWvLcMmvYb/DftgQLfKk3u3NccNVczD0vCf9by15SgiAKi2++kF9rpA6UdlhC
MW6xvhsHeEIcIvRyr8q4eddR1UvqDVW+mxlx8f8MtGQKFv6vQmIwWp7MScl9WT4W
wDy7Tu/lHdYMjlWLEiDExSUIZPOCO7bVb09x1SEjsSZHrcuDuHeKJdhzaAbidmub
GpsejaxZGY7F558mxfeCSh0fA32AF12LNzQKZwjHO+Ct0au7OIr9YmCtB9DtkriW
/cUFDhn73Mzf9UgLUakmmFzh0LziTyWFMp8FK5GZALjW4DgtewOS/NHdqO2O345d
/Yw0hOW58Mww/XYBYCKqgBLTos9QZZSQ4/J63t4FiGu4W0z6LYL7HWgbTAhk9GoE
sRqmVhVF7XW4Apg/lQ5VKFLvwGvS3Htluv1C25TZqjEUdonwdHxTlhatHmeyDLCV
pC/LxSwzM49iExPcg0XB+J6Kx+y6iBqofhpd1vgt4N4qd/jDH+jb5e/+U/X+VLCU
iObQIQQAudwoRrQrRrn3sf47qvkNRYiG+iuSvHmcAqGZdHU64zubPZPXvNwI3hyR
f/fSJzEsVED52YhUlglRtR5g5IrGeAt2+yvgGi7rsxptA5TIy7rG07lwegSltgOO
TgF82eE=
=9XXp
-----END PGP SIGNATURE-----
Merge tag 'sound-5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"Only a few last-minute small fixes: the change in ALSA core hwdep is
about the undefined behavior of bit shift, which is almost harmless
but still worth to pick up quickly.
The rest are all device-specific fixes for HD-audio and USB-audio, and
safe to apply at the late stage"
* tag 'sound-5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda/realtek - Add new codec supported for ALC287
ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio
ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC
ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround
ALSA: hwdep: fix a left shifting 1 by 31 UB bug
to fix a randconfig build error and an incorrect parent mapping.
-----BEGIN PGP SIGNATURE-----
iQJFBAABCAAvFiEE9L57QeeUxqYDyoaDrQKIl8bklSUFAl7QhZIRHHNib3lkQGtl
cm5lbC5vcmcACgkQrQKIl8bklSXVjhAAoKSQPZpFHSILwQ/t3rt0ES8ECLa18rkv
CQasUyqJ/TNAE72rlSAKqSHlf+cJE9+Ty/Q/vL4jIrsbZT+zVmswy8prB3xHW3IB
k37795icJvpt7y6l3o7yrvkhCCmSyMurnn51cN9JU85PiPdqjpVBaP/khzWl+BVR
b/KgNinBqwnzjpdaV9y5KPtgkjFPBwVljqUFvrV6WST0TBm6Rc9sq0N7YkjFyS/8
74DVSTPcGGfX/Tj1Y2QmNXu5xaImwhuAVilcKSTIZ+aTGL5pJWZJoeurYyz4ceM+
TXez/xcI2GJNfc9nMRUk1iDe7XvfLUG2LENuCZ9z13JLQwrjBhX8sDnXCnrXWGku
nMKxgRHcspX2fpapkBW6JiI+xteHLpDqua25qCoZh/7zHYBwTgbMZsNNMJq0DJjH
KpuXMq1FAeoxZhjYk8c+pYb+o7ptIfazpaS6o+XHJS899mBKe9Zjw8OblNjXrgxH
AgJF+NfJKiam85G7/S19TUhEw3yLS4RkxJb5OfpDLDPfCMr5UwiX074u0kG1wjjN
fp3EVy8WKnKnWxPwjYMWolKqV8F1Gl6YkoVno5ztulkG9FaW+dYVX2JC+CpsGc50
NqdsOmo+Yhq1P3r3nnfN4SHV+CabbJKIZY3V5UsZben7ETri8mRiJ1rpzY6JJ6x9
QTW4PjMew2w=
=ARoX
-----END PGP SIGNATURE-----
Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux
Pull clk fixes from Stephen Boyd:
"Two fixes for the new SM8150 and SM8250 Qualcomm clk drivers to fix a
randconfig build error and an incorrect parent mapping"
* tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
clk: qcom: gcc: Fix parent for gpll0_out_even
clk: qcom: sm8250 gcc depends on QCOM_GDSC
now that can be done conveniently - all non-trivial cases have
_HAVE_ARCH_COPY_AND_CSUM_FROM_USER defined, so the fallback in
net/checksum.h is used only for dummy (copy_from_user, then
csum_partial) implementation. Allowing us to get rid of all
dummy instances, both of csum_and_copy_from_user() and
csum_partial_copy_from_user().
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Note that csum_partial_copy_from_user() is in assembler here,
so I'm leaving it alone and just providing the wrapper for
it. When/if we go for switching arm to user_access_{begin,end}()
(doing domain switches in those), somebody well need to look
into that one.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
sparc64 already is equivalent to that (trivial access_ok());
add it into sparc32 csum_partial_copy_from_user() and we can
rename both to csum_and_copy_fromUser() and be done with that.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Already has the right semantics. Incidentally. failing copy_from_user()
zeroes the tail of destination - no need to repeat that manually
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
It's already doing the right thing - it does access_ok() and the wrapper
in net/checksum.h is pointless here. Just rename it and be done with that...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Just inline the call and use memcpy() instead of __copy_from_user() and
note that the tail is precisely ia64 csum_partial().
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
... rather than messing with the wrapper. As a side effect,
32bit variant gets access_ok() into it and can be switched to
user_access_begin()/user_access_end()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
We already have stac/clac pair around the calls of csum_partial_copy_generic().
Stretch that area back, so that it covers the preceding loop (and convert
the loop body from __{get,put}_user() to unsafe_{get,put}_user()).
That brings the beginning of the areas to the earlier access_ok(),
which allows to convert them into user_access_{begin,end}() ones.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
The drivers reports EINVAL to userspace through netlink on invalid meta
match. This is confusing since EINVAL is usually reserved for malformed
netlink messages. Replace it by more meaningful codes.
Fixes: 6d65bc64e2 ("net/mlx5e: Add mlx5e_flower_parse_meta support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Change MLX5_TC_CT config dependencies to include MLX5_ESWITCH instead of
MLX5_CORE_EN && NET_SWITCHDEV, which are already required by MLX5_ESWITCH.
Without this change mlx5 fails to compile if user disables MLX5_ESWITCH
without also manually disabling MLX5_TC_CT.
Fixes: 4c3844d9e9 ("net/mlx5e: CT: Introduce connection tracking")
Signed-off-by: Vlad Buslov <vladbu@mellanox.com>
Reviewed-by: Roi Dayan <roid@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
