If we know that we have an encrypted link (based on having had
a key configured for TX in the past) then drop all data frames
in the key selection handler if there's no key anymore.
This fixes an issue with mac80211 internal TXQs - there we can
buffer frames for an encrypted link, but then if the key is no
longer there when they're dequeued, the frames are sent without
encryption. This happens if a station is disconnected while the
frames are still on the TXQ.
Detecting that a link should be encrypted based on a first key
having been configured for TX is fine as there are no use cases
for a connection going from with encryption to no encryption.
With extended key IDs, however, there is a case of having a key
configured for only decryption, so we can't just trigger this
behaviour on a key being configured.
Cc: stable@vger.kernel.org
Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20200326150855.6865c7f28a14.I9fb1d911b064262d33e33dfba730cdeef83926ca@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
kbuild-test reported an error:
config: mips-randconfig-a001-20200321 ...
>> drivers/tty/serial/sprd_serial.c:1175: undefined reference
to `clk_set_parent'
Because some mips Kconfig selects HAVE_CLK but not COMMON_CLK and no
clk_set_parent implemented, so the error was exposed. So adding
dependence on COMMON_CLK can fix this issue.
Fixes: 7ba87cfec7 ("tty: serial: make SERIAL_SPRD not depend on ARCH_SPRD")
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Chunyan Zhang <chunyan.zhang@unisoc.com>
Link: https://lore.kernel.org/r/20200325081427.20312-1-zhang.lyra@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Qualcomm ARM64 DT updates for v5.7
This brings initial support for the SM8250 and IPQ6018 platforms.
SDM845 gets audio, PCIe and IP-accelerator support, and the interconnect
providers are refactored. The Lenovo Yoga C630 has audio enabled and the
DB845c has PCIe, analog audio and low-speed interfaces enabled. The
SDM845 MTP has its display enabled and firmware location updated to
match linux-firmware.
SC7180 gains CPU topology and power properties. Interconnect providers,
eMMC, SD-card, multimedia clocks, display, Bluetooth, Venus are added.
Critical trip points are added as well as various fixes.
For MSM8916 FastRPC support is added, ETM power management and reserved
memory for Samsung A2015 are corrected.
MSM8996 switches to generic QMP phy driver for its UFS support. MSM8998
temporarily disables part of Coresight to boot without
clk_ignore_unused. CEQ for eMMC on QCS404 is enabled.
Fixes throughout the platforms to fix binding compliance, correct
compatibles for SDHCI nodes and add gpio-ranges.
* tag 'qcom-arm64-for-5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/qcom/linux: (56 commits)
arm64: dts: qcom: sdm845-mtp: Relocate remoteproc firmware
arm64: dts: sdm845: add IPA information
arm64: dts: qcom: db845c: add analog audio support
arm64: dts: qcom: sdm845: add pinctrl nodes for quat i2s
arm64: dts: qcom: c630: Enable audio support
arm64: dts: qcom: sdm845: add apr nodes
arm64: dts: qcom: sdm845: add slimbus nodes
arm64: dts: qcom: sc7180: Update reg names for SDHC
arm64: dts: qcom: qcs404: Enable CQE support for eMMC
arm64: dts: msm8916: Add fastrpc node
arm64: dts: qcom: sm8250: Add sm8250 dts file
arm64: dts: qcom: msm8998-mtp: Disable funnel 4 and 5
arm64: dts: qcom: db845c: add Low speed expansion i2c and spi nodes
arm64: dts: qcom: apq8016-sbc: Remove wrong regulator supply
arm64: dts: qcom: sc7180: Added critical trip point Thermal-zones node
arm64: dts: qcom: msm8998: Fix cpu compatible
arm64: dts: qcom: sc7180: Add OSM L3 interconnect provider
arm64: dts: qcom: sdm845: Add OSM L3 interconnect provider
arm64: dts: sc7180: Add interconnect provider DT nodes
arm64: dts: qcom: msm8996: Use generic QMP driver for UFS
...
Link: https://lore.kernel.org/r/20200318043823.GA470201@yoga
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
There is one one corner case at dma_fence_signal_locked
which will raise the NULL pointer problem just like below.
->dma_fence_signal
->dma_fence_signal_locked
->test_and_set_bit
here trigger dma_fence_release happen due to the zero of fence refcount.
->dma_fence_put
->dma_fence_release
->drm_sched_fence_release_scheduled
->call_rcu
here make the union fled “cb_list” at finished fence
to NULL because struct rcu_head contains two pointer
which is same as struct list_head cb_list
Therefore, to hold the reference of finished fence at drm_sched_process_job
to prevent the null pointer during finished fence dma_fence_signal
[ 732.912867] BUG: kernel NULL pointer dereference, address: 0000000000000008
[ 732.914815] #PF: supervisor write access in kernel mode
[ 732.915731] #PF: error_code(0x0002) - not-present page
[ 732.916621] PGD 0 P4D 0
[ 732.917072] Oops: 0002 [#1] SMP PTI
[ 732.917682] CPU: 7 PID: 0 Comm: swapper/7 Tainted: G OE 5.4.0-rc7 #1
[ 732.918980] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014
[ 732.920906] RIP: 0010:dma_fence_signal_locked+0x3e/0x100
[ 732.938569] Call Trace:
[ 732.939003] <IRQ>
[ 732.939364] dma_fence_signal+0x29/0x50
[ 732.940036] drm_sched_fence_finished+0x12/0x20 [gpu_sched]
[ 732.940996] drm_sched_process_job+0x34/0xa0 [gpu_sched]
[ 732.941910] dma_fence_signal_locked+0x85/0x100
[ 732.942692] dma_fence_signal+0x29/0x50
[ 732.943457] amdgpu_fence_process+0x99/0x120 [amdgpu]
[ 732.944393] sdma_v4_0_process_trap_irq+0x81/0xa0 [amdgpu]
v2: hold the finished fence at drm_sched_process_job instead of
amdgpu_fence_process
v3: resume the blank line
Signed-off-by: Yintian Tao <yttao@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Drop remaining legacy platform data for cpsw and edma
With a non-critical clock fix for dm814x ethernet, we can update ti81xx
for cpsw ethernet and edma to probe them with ti-sysc interconnect
target module driver and device tree data. And we can drop the related
remaining platform data for cpsw and edma.
* tag 'omap-for-v5.7/ti-sysc-drop-pdata-ti81xx-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
ARM: OMAP2+: Drop legacy platform data for ti81xx edma
ARM: dts: Configure interconnect target module for ti816x edma
ARM: dts: Configure interconnect target module for dm814x tptc3
ARM: dts: Configure interconnect target module for dm814x tptc2
ARM: dts: Configure interconnect target module for dm814x tptc1
ARM: dts: Configure interconnect target module for dm814x tptc0
ARM: dts: Configure interconnect target module for dm814x tpcc
ARM: OMAP2+: Drop legacy platform data for dm814x cpsw
ARM: dts: Configure interconnect target module for dm814x cpsw
clk: ti: Fix dm814x clkctrl for ethernet
Link: https://lore.kernel.org/r/pull-1584575307-189595@atomide.com
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Drop legacy platform data for omaps for v5.7
This series of changes continues dropping legacy platform data for
omaps by updating devices to probe with ti-sysc interconnect target
module driver:
- Update omap4, omap5, am437x, and dra7 display subsystem (DSS)
to probe with device tree data only
- Update am335x, am437x and dra7 to probe EDMA to probe with
device tree data only
- Drop legacy platform data for am335x and am437x PRUSS as the
current code just keeps the devices in reset
- Drop legacy platform data for omap4 DSP and IPU as the current
code just keeps the devices in reset
- Configure am437x and dra7 PRU-ICSS to probe with device tree
data
For the dropped omap4 DSP and IPU platform data, there will be patches
coming later on to configure the accelerators using the omap remoteproc
bindings so hopefully folks can actually use these devices eventually.
* tag 'omap-for-v5.7/ti-sysc-drop-pdata-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap: (56 commits)
ARM: OMAP2+: Drop legacy platform data for dra7 edma
ARM: OMAP2+: Drop legacy platform data for am3 and am4 edma
ARM: dts: Configure interconnect target module for dra7 tptc1
ARM: dts: Configure interconnect target module for dra7 tptc0
ARM: dts: Configure interconnect target module for dra7 tpcc
ARM: dts: Configure interconnect target module for am4 tptc2
ARM: dts: Configure interconnect target module for am4 tptc1
ARM: dts: Configure interconnect target module for am4 tptc0
ARM: dts: Configure interconnect target module for am4 tpcc
ARM: dts: Configure interconnect target module for am3 tptc2
ARM: dts: Configure interconnect target module for am3 tptc1
ARM: dts: Configure interconnect target module for am3 tptc0
ARM: dts: Configure interconnect target module for am3 tpcc
ARM: dts: dra7: Add PRU-ICSS interconnect target-module nodes
ARM: dts: AM4372: Add the PRU-ICSS interconnect target-module node
ARM: dts: AM33xx-l4: Update PRUSS interconnect target-module node
ARM: OMAP2+: Drop legacy platform data for am437x DSS
ARM: OMAP2+: Drop legacy platform data for dra7 DSS
ARM: OMAP2+: Drop legacy platform data for omap5 DSS
ARM: OMAP2+: Drop legacy platform data for omap4 dss
...
Link: https://lore.kernel.org/r/pull-1583858385-416921@atomide.com
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
A while back Paul pointed out I'd been maintaining the tree more or
less solo for over five years, so perhaps it's time to update the
MAINTAINERS entry.
Ben & Paul still wrote most of the code, so keep them as Reviewers so
they still get Cc'ed on things. But if you're wondering why your patch
hasn't been merged that's my fault.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200224233146.23734-1-mpe@ellerman.id.au
In AIO case, the request is freed up if ep_queue fails.
However, io_data->req still has the reference to this freed
request. In the case of this failure if there is aio_cancel
call on this io_data it will lead to an invalid dequeue
operation and a potential use after free issue.
Fix this by setting the io_data->req to NULL when the request
is freed as part of queue failure.
Fixes: 2e4c7553cd ("usb: gadget: f_fs: add aio support")
Signed-off-by: Sriharsha Allenki <sallenki@codeaurora.org>
CC: stable <stable@vger.kernel.org>
Reviewed-by: Peter Chen <peter.chen@nxp.com>
Link: https://lore.kernel.org/r/20200326115620.12571-1-sallenki@codeaurora.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The $(CC) passed to arch_errno_names.sh may include a series of parameters
along with gcc itself. To avoid overwriting the following parameters of
arch_errno_names.sh and break the build like below, we just pick up the
first word of the $(CC).
find: unknown predicate `-m64/arch'
x86_64-wrs-linux-gcc: warning: '-x c' after last input file has no effect
x86_64-wrs-linux-gcc: error: unrecognized command line option '-m64/include/uapi/asm-generic/errno.h'
x86_64-wrs-linux-gcc: fatal error: no input files
Signed-off-by: He Zhe <zhe.he@windriver.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lore.kernel.org/lkml/1581618066-187262-2-git-send-email-zhe.he@windriver.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Like __xfrm_transport/mode_tunnel_prep(), this patch is to add
__xfrm_mode_beet_prep() to fix the transport_header for gso
segments, and reset skb mac_len, and pull skb data to the
proto inside esp.
This patch also fixes a panic, reported by ltp:
# modprobe esp4_offload
# runltp -f net_stress.ipsec_tcp
[ 2452.780511] kernel BUG at net/core/skbuff.c:109!
[ 2452.799851] Call Trace:
[ 2452.800298] <IRQ>
[ 2452.800705] skb_push.cold.98+0x14/0x20
[ 2452.801396] esp_xmit+0x17b/0x270 [esp4_offload]
[ 2452.802799] validate_xmit_xfrm+0x22f/0x2e0
[ 2452.804285] __dev_queue_xmit+0x589/0x910
[ 2452.806264] __neigh_update+0x3d7/0xa50
[ 2452.806958] arp_process+0x259/0x810
[ 2452.807589] arp_rcv+0x18a/0x1c
It was caused by the skb going to esp_xmit with a wrong transport
header.
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Similar to xfrm6_tunnel/transport_gso_segment(), _gso_segment()
is added to do gso_segment for esp6 beet mode. Before calling
inet6_offloads[proto]->callbacks.gso_segment, it needs to do:
- Get the upper proto from ph header to get its gso_segment
when xo->proto is IPPROTO_BEETPH.
- Add SKB_GSO_TCPV6 to gso_type if x->sel.family != AF_INET6
and the proto == IPPROTO_TCP, so that the current tcp ipv6
packet can be segmented.
- Calculate a right value for skb->transport_header and move
skb->data to the transport header position.
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Similar to xfrm4_tunnel/transport_gso_segment(), _gso_segment()
is added to do gso_segment for esp4 beet mode. Before calling
inet_offloads[proto]->callbacks.gso_segment, it needs to do:
- Get the upper proto from ph header to get its gso_segment
when xo->proto is IPPROTO_BEETPH.
- Add SKB_GSO_TCPV4 to gso_type if x->sel.family == AF_INET6
and the proto == IPPROTO_TCP, so that the current tcp ipv4
packet can be segmented.
- Calculate a right value for skb->transport_header and move
skb->data to the transport header position.
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
The reason debuggers add an ASCII dump to other types of memory dumps
is to give the user visual reference points in the case that ASCII
strings are adjacent to other structures or element. For example,
when examining the task_struct structure one can look for the comm[]
string and use it to locate other important elements.
ASCII strings do not have endianess, they exist in memory in the same
order regardless of CPU endianess. ASCII strings are, by definition,
human readable and so should be presented in a human readable format.
For these reasons, the supplemental ASCII dump does not re-order
the strings from memory to match the endianess of the corresponding
16, 32, or 64 bit words. That would make the ASCII dump much less
useful.
Signed-off-by: Douglas Miller <dougmill@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1488205694-13337-1-git-send-email-dougmill@linux.vnet.ibm.com
The error path for sanitize operations that completes with -ETIMEDOUT, is
tightly coupled with the internal request handling code of the core. More
precisely, mmc_wait_for_req_done() checks for specific sanitize errors.
This is not only inefficient as it affects all types of requests, but also
hackish.
Therefore, let's improve the behaviour by moving the error path out of the
mmc core. To do that, retuning needs to be held while running the sanitize
operation.
Moreover, to avoid exporting unnecessary symbols to the mmc block module,
let's move the code into the mmc_ops.c file. While updating the actual
code, let's also take the opportunity to clean up some of the mess around
it.
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Link: https://lore.kernel.org/r/20200316152152.15122-1-ulf.hansson@linaro.org
As does XMON, the debugfs file /sys/kernel/debug/powerpc/xive exposes
the XIVE internal state of the machine CPUs and interrupts. Available
on the PowerNV and sPAPR platforms.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
[mpe: Make the debugfs file 0400]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200306150143.5551-5-clg@kaod.org
When a CPU is brought up, an IPI number is allocated and recorded
under the XIVE CPU structure. Invalid IPI numbers are tracked with
interrupt number 0x0.
On the PowerNV platform, the interrupt number space starts at 0x10 and
this works fine. However, on the sPAPR platform, it is possible to
allocate the interrupt number 0x0 and this raises an issue when CPU 0
is unplugged. The XIVE spapr driver tracks allocated interrupt numbers
in a bitmask and it is not correctly updated when interrupt number 0x0
is freed. It stays allocated and it is then impossible to reallocate.
Fix by using the XIVE_BAD_IRQ value instead of zero on both platforms.
Reported-by: David Gibson <david@gibson.dropbear.id.au>
Fixes: eac1e731b5 ("powerpc/xive: guest exploitation of the XIVE interrupt controller")
Cc: stable@vger.kernel.org # v4.14+
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200306150143.5551-2-clg@kaod.org
Patch was rebased on top of for-next. Thanks for your patience!
Blaž
I'm resubmitting this patch with review feedback addressed:
https://patchwork.kernel.org/patch/10584079/
The patch was previously not resubmitted because it required a change
that was reverted in the ACPICA. That has since been corrected:
9159c09a2a
We've been using this patch for a while and user reports confirm that it
works:
https://github.com/linux-surface/linux-surface
Previous description follows.
>8------------------------------------------------------8<
The MSHW0011 device is a chip that replaces the battery firmware
by using ACPI operation regions on the Surface 3.
It is unclear whether or not the chip will be reused somewhere else
(under Windows, the chip is called "Surface Platform Power Driver"
and the driver is provided by Microsoft).
The values have been obtained by reverse engineering, and are subject to
errors. Looks like it works on overall pretty well.
I couldn't manage to get the IRQ correctly triggered, so I am using a
good old polling thread to check for changes. This is something
to be fixed in a later version.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=106231
Signed-off-by: Blaž Hrastnik <blaz@mxxn.io>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Stephen Just <stephenjust@gmail.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
