* 'linux-4.19.y-cip' of https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip:
CIP: Bump version suffix to -cip120 after merge from cip/linux-4.19.y-st tree
Update localversion-st, tree is up-to-date with 5.4.292.
net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy
jfs: add index corruption check to DT_GETPAGE()
jfs: fix slab-out-of-bounds read in ea_get()
tracing: Fix use-after-free in print_graph_function_flags during tracer switching
mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
arcnet: Add NULL check in com20020pci_probe()
ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
vsock: avoid timeout during connect() if the socket is closing
net_sched: skbprio: Remove overly strict queue assertions
netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
ntb: intel: Fix using link status DB's
ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
spufs: fix a leak in spufs_create_context()
spufs: fix a leak on spufs_new_file() failure
hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
sched/deadline: Use online cpus for validating runtime
affs: don't write overlarge OFS data block size fields
affs: generate OFS sequence numbers starting at 1
wifi: iwlwifi: fw: allocate chained SG tables for dump
sched/smt: Always inline sched_smt_active()
ring-buffer: Fix bytes_dropped calculation issue
objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
fs/procfs: fix the comment above proc_pid_wchan()
perf python: Check if there is space to copy all the event
perf python: Decrement the refcount of just created event on failure
perf python: Fixup description of sample.id event member
ocfs2: validate l_tree_depth to avoid out-of-bounds access
perf units: Fix insufficient array space
iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio
coresight: catu: Fix number of pages while using 64k pages
isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment
mfd: sm501: Switch to BIT() to mitigate integer overflows
RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
power: supply: max77693: Fix wrong conversion of charge input threshold value
x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
IB/mad: Check available slots before posting receive WRs
clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
lib: 842: Improve error handling in sw842_compress()
clk: amlogic: gxbb: drop incorrect flag on 32k clock
fbdev: sm501fb: Add some geometry checks.
mdacon: rework dependency list
fbdev: au1100fb: Move a variable assignment behind a null pointer check
PCI/portdrv: Only disable pciehp interrupts early when needed
ALSA: hda/realtek: Always honor no_shutup_pins
perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()
thermal: int340x: Add NULL check for adev
EDAC/ie31200: Fix the error path order of ie31200_init()
EDAC/ie31200: Fix the DIMM size mask for several SoCs
x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct()
cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
net: usb: usbnet: restore usb%d name exception for local mac addresses
net: usb: qmi_wwan: add Telit Cinterion FE990B composition
net: usb: qmi_wwan: add Telit Cinterion FN990B composition
tty: serial: 8250: Add some more device IDs
netfilter: socket: Lookup orig tuple for IPv6 SNAT
ARM: 9351/1: fault: Add "cut here" line for prefetch aborts
ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed()
atm: Fix NULL pointer dereference
ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names
drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()
batman-adv: Ignore own maximum aggregation size during RX
ARM: shmobile: smp: Enforce shmobile_smp_* alignment
mmc: atmel-mci: Add missing clk_disable_unprepare()
net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES
net: atm: fix use after free in lec_send()
Bluetooth: Fix error code in chan_alloc_skb_cb()
RDMA/hns: Fix wrong value of max_sge_rd
RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path
xfrm_output: Force software GSO only in tunnel mode
i2c: sis630: Fix an error handling path in sis630_probe()
i2c: ali15x3: Fix an error handling path in ali15x3_probe()
i2c: ali1535: Fix an error handling path in ali1535_probe()
ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe()
drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data()
qlcnic: fix memory leak issues in qlcnic_sriov_common.c
drm/amd/display: Assign normalized_pix_clk when color depth = 14
x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes
USB: serial: option: match on interface class for Telit FN990B
USB: serial: option: fix Telit Cinterion FE990A name
USB: serial: option: add Telit Cinterion FE990B compositions
USB: serial: ftdi_sio: add support for Altera USB Blaster 3
block: fix 'kmem_cache of name 'bio-108' already exists'
drm/nouveau: Do not override forced connector status
x86/irq: Define trace events conditionally
nvme: only allow entering LIVE from CONNECTING state
sctp: Fix undefined behavior in left shift operation
nvmet-rdma: recheck queue state is LIVE in state lock in recv done
s390/cio: Fix CHPID "configure" attribute caching
HID: ignore non-functional sensor in HP 5MP Camera
iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()
powercap: call put_device() on an error path in powercap_register_control_type()
nvme-fc: go straight to connecting state when initializing
net_sched: Prevent creation of classes with TC_H_ROOT
ipvs: prevent integer overflow in do_ip_vs_get_ctl()
netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree()
Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio()
drivers/hv: Replace binary semaphore with mutex
netpoll: hold rcu read lock in __netpoll_send_skb()
netpoll: netpoll_send_skb() returns transmit status
netpoll: move netpoll_send_skb() out of line
netpoll: remove dev argument from netpoll_send_skb_on_dev()
netpoll: Fix use correct return type for ndo_start_xmit()
pinctrl: bcm281xx: Fix incorrect regmap max_registers value
sctp: sysctl: auth_enable: avoid using current->nsproxy
sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
Revert "sctp: sysctl: auth_enable: avoid using current->nsproxy"
Revert "sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy"
sched/isolation: Prevent boot crash when the boot CPU is nohz_full
CIP: Bump version suffix to -cip119 after merge from cip/linux-4.19.y-st tree
watchdog: renesas_wdt: support handover from bootloader
Update localversion-st, tree is up-to-date with 5.4.291.
gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().
gtp: Destroy device along with udp socket's netns dismantle.
net: gso: fix ownership in __udp_gso_segment
vlan: fix memory leak in vlan_newlink()
batman-adv: Drop unmanaged ELP metric worker
tee: optee: Fix supplicant wait loop
pps: Fix a use-after-free
net: rose: lock the socket in rose_bind()
btrfs: fix use-after-free when attempting to join an aborted transaction
media: lmedm04: Handle errors for lme2510_int_read
wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
eeprom: digsy_mtc: Make GPIO lookup table match the device
slimbus: messaging: Free transaction ID in delayed interrupt scenario
intel_th: pci: Add Panther Lake-P/U support
intel_th: pci: Add Panther Lake-H support
intel_th: pci: Add Arrow Lake support
Squashfs: check the inode number is not the invalid value of zero
xhci: pci: Fix indentation in the PCI device ID definitions
usb: gadget: Check bmAttributes only if configuration is valid
usb: gadget: Fix setting self-powered state on suspend
usb: gadget: Set self-powered based on MaxPower and bmAttributes
usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality
usb: typec: ucsi: increase timeout for PPM reset operations
usb: atm: cxacru: fix a flaw in existing endpoint checks
usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader
usb: renesas_usbhs: Use devm_usb_get_phy()
Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection"
net: ipv6: fix missing dst ref drop in ila lwtunnel
net: ipv6: fix dst ref loop in ila lwtunnel
net-timestamp: support TCP GSO case for a few missing flags
vlan: enforce underlying device type
ppp: Fix KMSAN uninit-value warning with bpf
be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink
hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe()
llc: do not use skb_get() before dev_queue_xmit()
hwmon: (ad7314) Validate leading zero bits and return error
hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table
hwmon: (pmbus) Initialise page count in pmbus_identify()
caif_virtio: fix wrong pointer check in cfv_probe()
HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()
mm/page_alloc: fix uninitialized variable
rapidio: fix an API misues when rio_add_net() fails
rapidio: add check for rio_add_net() in rio_scan_alloc_net()
wifi: nl80211: reject cooked mode if it is set along with other flags
wifi: cfg80211: regulatory: improve invalid hints checking
x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63
x86/cpu: Validate CPUID leaf 0x2 EDX output
x86/cacheinfo: Validate CPUID leaf 0x2 EDX output
platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e
drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M
ALSA: hda/realtek: update ALC222 depop optimize
ALSA: hda: intel: Add Dell ALC3271 to power_save denylist
HID: appleir: Fix potential NULL dereference at raw event handle
Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'"
drm/amdgpu: disable BAR resize on Dell G5 SE
drm/amdgpu: Check extended configuration space register when system uses large bar
drm/amdgpu: skip BAR resizing if the bios already did it
acct: perform last write from workqueue
kernel/acct.c: use dedicated helper to access rlimit values
kernel/acct.c: use #elif instead of #end and #elif
pfifo_tail_enqueue: Drop new packet when sch->limit == 0
sched/core: Prevent rescheduling when interrupts are disabled
phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk
usbnet: gl620a: fix endpoint checking in genelink_bind()
perf/core: Fix low freq setting via IOC_PERIOD
ftrace: Avoid potential division by zero in function_stat_show()
x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems
ipvs: Always clear ipvs_property flag in skb_scrub_packet()
ASoC: es8328: fix route from DAC to output
net: cadence: macb: Synchronize stats calculations
sunrpc: suppress warnings for unused procfs functions
batman-adv: Ignore neighbor throughput metrics in error case
acct: block access to kernel internal filesystems
ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED
nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()
power: supply: da9150-fg: fix potential overflow
geneve: Suppress list corruption splat in geneve_destroy_tunnels().
geneve: Fix use-after-free in geneve_find_dev().
powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC
ALSA: hda/realtek - Add type for ALC287
powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline
powerpc/64s/mm: Move __real_pte stubs into hash-4k.h
USB: gadget: f_midi: f_midi_complete to call queue_work
usb/gadget: f_midi: Replace tasklet with work
usb/gadget: f_midi: convert tasklets to use new tasklet_setup() API
usb: dwc3: Fix timeout issue during controller enter/exit from halt state
mm: update mark_victim tracepoints fields
crypto: testmgr - some more fixes to RSA test vectors
crypto: testmgr - populate RSA CRT parameters in RSA test vectors
crypto: testmgr - fix version number of RSA tests
crypto: testmgr - Fix wrong test case of RSA
crypto: testmgr - fix wrong key length for pkcs1pad
driver core: bus: Fix double free in driver API bus_register()
scsi: storvsc: Set correct data length for sending SCSI command without payload
vlan: move dev_put into vlan_dev_uninit
vlan: introduce vlan_dev_free_egress_priority
Revert "btrfs: avoid monopolizing a core when activating a swap file"
parport_pc: add support for ASIX AX99100
can: ems_pci: move ASIX AX99100 ids to pci_ids.h
nilfs2: protect access to buffers with no active references
nilfs2: do not force clear folio if buffer is referenced
nilfs2: do not output warnings when clearing dirty buffers
alpha: replace hardcoded stack offsets with autogenerated ones
ndisc: extend RCU protection in ndisc_send_skb()
openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
arp: use RCU protection in arp_xmit()
neighbour: use RCU protection in __neigh_notify()
neighbour: delete redundant judgment statements
ndisc: use RCU protection in ndisc_alloc_skb()
ipv6: use RCU protection in ip6_default_advmss()
ipv4: use RCU protection in inet_select_addr()
ipv4: use RCU protection in rt_is_expired()
net: add dev_net_rcu() helper
net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu()
partitions: mac: fix handling of bogus partition table
gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock
alpha: align stack for page fault and user unaligned trap handlers
alpha: make stack 16-byte aligned (most cases)
can: c_can: fix unbalanced runtime PM disable in error path
USB: serial: option: drop MeiG Smart defines
USB: serial: option: fix Telit Cinterion FN990A name
USB: serial: option: add Telit Cinterion FN990B compositions
USB: serial: option: add MeiG Smart SLM828
usb: cdc-acm: Fix handling of oversized fragments
usb: cdc-acm: Check control transfer buffer size before access
USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk
USB: hub: Ignore non-compliant devices with too many configs or interfaces
usb: gadget: f_midi: fix MIDI Streaming descriptor lengths
USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone
USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist
USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI
usb: dwc2: gadget: remove of_node reference upon udc_stop
usb: gadget: udc: renesas_usb3: Fix compiler warning
usb: roles: set switch registered flag early on
batman-adv: fix panic during interface removal
ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V
orangefs: fix a oob in orangefs_debug_write
Grab mm lock before grabbing pt lock
vfio/pci: Enable iowrite64 and ioread64 for vfio pci
media: cxd2841er: fix 64-bit division on gcc-9
xen: remove a confusing comment on auto-translated guest I/O
gpio: bcm-kona: Add missing newline to dev_err format string
gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0
arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array
team: better TEAM_OPTION_TYPE_STRING validation
vrf: use RCU protection in l3mdev_l3_out()
ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu()
HID: multitouch: Add NULL check in mt_input_configured
ocfs2: check dir i_size in ocfs2_find_entry
MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static
ptp: Ensure info->enable callback is always set
mtd: onenand: Fix uninitialized retlen in do_otp_read()
NFC: nci: Add bounds checking in nci_hci_create_pipe()
nilfs2: fix possible int overflows in nilfs_fiemap()
ocfs2: handle a symlink read error correctly
ocfs2: fix incorrect CPU endianness conversion causing mount failure
nvmem: core: improve range check for nvmem_cell_write()
crypto: qce - fix goto jump in error path
media: uvcvideo: Remove redundant NULL assignment
media: uvcvideo: Fix event flags in uvc_ctrl_send_events
media: ov5640: fix get_light_freq on auto
soc: qcom: smem_state: fix missing of_node_put in error path
powerpc/pseries/eeh: Fix get PE state translation
serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use
serial: sh-sci: Drop __initdata macro for port_cfg
usb: gadget: f_tcm: Don't prepare BOT write request twice
usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint
usb: gadget: f_tcm: Decrement command ref count on cleanup
usb: gadget: f_tcm: Translate error to sense
wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()
HID: hid-sensor-hub: don't use stale platform-data on remove
of: reserved-memory: Fix using wrong number of cells to get property 'alignment'
of: Fix of_find_node_opts_by_path() handling of alias+path+options
of: Correct child specifier used as input of the 2nd nexus node
clk: qcom: clk-alpha-pll: fix alpha mode configuration
Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc
KVM: s390: vsie: fix some corner-cases when grabbing vsie pages
KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma
binfmt_flat: Fix integer overflow bug on 32 bit systems
m68k: vga: Fix I/O defines
s390/futex: Fix FUTEX_OP_ANDN implementation
leds: lp8860: Write full EEPROM, not only half of it
cpufreq: s3c64xx: Fix compilation warning
tun: revert fix group permission check
netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()
udp: gso: do not drop small packets when PMTU reduces
tg3: Disable tg3 PCIe AER on system reboot
firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry
nvme: handle connectivity loss in nvme_set_queue_count
usb: xhci: Fix NULL pointer dereference on certain command aborts
usb: xhci: Add timeout argument in address_device USB HCD callback
media: uvcvideo: Remove dangling pointers
media: uvcvideo: Only save async fh if success
nilfs2: handle errors that nilfs_prepare_chunk() may return
nilfs2: eliminate staggered calls to kunmap in nilfs_rename
nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link
x86/mm: Don't disable PCID when INVLPG has been fixed by microcode
HID: Wacom: Add PCI Wacom device support
mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id
wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()
mmc: core: Respect quirk_max_rate for non-UHS SDIO card
tun: fix group permission check
printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
sched: Don't try to catch up excess steal time.
btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling
btrfs: output the reason for open_ctree() failure
usb: gadget: f_tcm: Don't free command immediately
media: uvcvideo: Fix double free in error path
usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE
drivers/card_reader/rtsx_usb: Restore interrupt based detection
ktest.pl: Check kernelrelease return in get_version
NFSD: Reset cb_seq_status after NFS4ERR_DELAY
hexagon: Fix unbalanced spinlock in die()
hexagon: fix using plain integer as NULL pointer warning in cmpxchg
genksyms: fix memory leak when the same symbol is read from *.symref file
genksyms: fix memory leak when the same symbol is added from source
net: sh_eth: Fix missing rtnl lock in suspend/resume path
vsock: Allow retrying on connect() failure
net: davicom: fix UAF in dm9000_drv_remove
net: rose: fix timer races against user threads
PM: hibernate: Add error handling for syscore_suspend()
net: fec: implement TSO descriptor cleanup
ubifs: skip dumping tnc tree when zroot is null
dmaengine: ti: edma: fix OF node reference leaks in edma_driver
module: Extend the preempt disabled section in dereference_symbol_descriptor().
ocfs2: mark dquot as inactive if failed to start trans while releasing dquot
scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
media: camif-core: Add check for clk_enable()
media: mipi-csis: Add check for clk_enable()
PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
media: rc: iguanair: handle timeouts
fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
ARM: dts: mediatek: mt7623: fix IR nodename
arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
rdma/cxgb4: Prevent potential integer overflow on 32bit
RDMA/mlx4: Avoid false error about access to uninitialized gids array
perf report: Fix misleading help message about --demangle
perf top: Don't complain about lack of vmlinux when not resolving some kernel samples
padata: fix sysfs store callback check
ktest.pl: Remove unused declarations in run_bisect_test function
net: sched: Disallow replacing of child qdisc from one parent to another
net/mlxfw: Drop hard coded max FW flash image size
selftests: harness: fix printing of mismatch values in __EXPECT()
selftests/harness: Display signed values correctly
wifi: wlcore: fix unbalanced pm_runtime calls
regulator: of: Implement the unwind path of of_regulator_match()
team: prevent adding a device which is already a team device lower
cpupower: fix TSC MHz calculation
wifi: rtlwifi: pci: wait for firmware loading before releasing memory
wifi: rtlwifi: fix memory leaks and invalid access at probe error path
wifi: rtlwifi: remove unused dualmac control leftovers
rtlwifi: replace usage of found with dedicated list iterator variable
wifi: rtlwifi: usb: fix workqueue leak when probe fails
wifi: rtlwifi: do not complete firmware loading needlessly
drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
drm/etnaviv: Fix page property being used for non writecombine buffers
afs: Fix directory format encoding struct
overflow: Allow mixed type arguments
overflow: Correct check_shl_overflow() comment
overflow: Add __must_check attribute to check_*() helpers
udf: Fix use of check_add_overflow() with mixed type arguments
Change-Id: Ia7c26633509cfe8ec59d7dd0d6efd602629c87f4
Signed-off-by: bengris32 <bengris32@protonmail.ch>
[ Upstream commit 9ff6e943bce67d125781fe4780a5d6f072dc44c0 ]
padata_sysfs_store() was copied from padata_sysfs_show() but this check
was not adapted. Today there is no attribute which can fail this
check, but if there is one it may as well be correct.
Fixes: 5e017dc3f8 ("padata: Added sysfs primitives to padata subsystem")
Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Ulrich Hecht <uli@kernel.org>
Changes in 4.19.300
locking/ww_mutex/test: Fix potential workqueue corruption
perf/core: Bail out early if the request AUX area is out of bound
clocksource/drivers/timer-imx-gpt: Fix potential memory leak
clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware
x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size
wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
wifi: ath9k: fix clang-specific fortify warnings
wifi: ath10k: fix clang-specific fortify warning
net: annotate data-races around sk->sk_tx_queue_mapping
net: annotate data-races around sk->sk_dst_pending_confirm
Bluetooth: Fix double free in hci_conn_cleanup
platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e
drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga
drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
selftests/efivarfs: create-read: fix a resource leak
crypto: pcrypt - Fix hungtask for PADATA_RESET
RDMA/hfi1: Use FIELD_GET() to extract Link Width
fs/jfs: Add check for negative db_l2nbperpage
fs/jfs: Add validity check for db_maxag and db_agpref
jfs: fix array-index-out-of-bounds in dbFindLeaf
jfs: fix array-index-out-of-bounds in diAlloc
ARM: 9320/1: fix stack depot IRQ stack filter
ALSA: hda: Fix possible null-ptr-deref when assigning a stream
atm: iphase: Do PCI error checks on own line
scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W
tty: vcc: Add check for kstrdup() in vcc_probe()
usb: gadget: f_ncm: Always set current gadget in ncm_bind()
i2c: sun6i-p2wi: Prevent potential division by zero
media: gspca: cpia1: shift-out-of-bounds in set_flicker
media: vivid: avoid integer overflow
gfs2: ignore negated quota changes
drm/amd/display: Avoid NULL dereference of timing generator
pwm: Fix double shift bug
NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO
ipvlan: add ipvlan_route_v6_outbound() helper
tty: Fix uninit-value access in ppp_sync_receive()
tipc: Fix kernel-infoleak due to uninitialized TLV value
ppp: limit MRU to 64K
xen/events: fix delayed eoi list handling
ptp: annotate data-race around q->head and q->tail
net: ethernet: cortina: Fix max RX frame define
net: ethernet: cortina: Handle large frames
net: ethernet: cortina: Fix MTU max setting
macvlan: Don't propagate promisc change to lower dev in passthru
cifs: spnego: add ';' in HOST_KEY_LEN
media: venus: hfi: add checks to perform sanity on queue pointers
randstruct: Fix gcc-plugin performance mode to stay in group
KVM: x86: Ignore MSR_AMD64_TW_CFG access
audit: don't take task_lock() in audit_exe_compare() code path
audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare()
hvc/xen: fix error path in xen_hvc_init() to always register frontend driver
PCI/sysfs: Protect driver's D3cold preference from user space
mmc: meson-gx: Remove setting of CMD_CFG_ERROR
genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware
PCI: keystone: Don't discard .remove() callback
PCI: keystone: Don't discard .probe() callback
parisc/pdc: Add width field to struct pdc_model
clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks
mmc: vub300: fix an error code
PM: hibernate: Use __get_safe_page() rather than touching the list
PM: hibernate: Clean up sync_read handling in snapshot_write_next()
jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev
quota: explicitly forbid quota files from being encrypted
mcb: fix error handling for different scenarios when parsing
dmaengine: stm32-mdma: correct desc prep when channel running
parisc: Prevent booting 64-bit kernels on PA1.x machines
parisc/pgtable: Do not drop upper 5 address bits of physical address
ALSA: info: Fix potential deadlock at disconnection
ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC
tty: serial: meson: if no alias specified use an available id
serial: meson: remove redundant initialization of variable id
tty: serial: meson: retrieve port FIFO size from DT
serial: meson: Use platform_get_irq() to get the interrupt
tty: serial: meson: fix hard LOCKUP on crtscts mode
net: dsa: lan9303: consequently nested-lock physical MDIO
i2c: i801: fix potential race in i801_block_transaction_byte_by_byte
media: lirc: drop trailing space from scancode transmit
media: sharp: fix sharp encoding
media: venus: hfi_parser: Add check to keep the number of codecs within range
media: venus: hfi: fix the check to handle session buffer requirement
media: venus: hfi: add checks to handle capabilities from firmware
Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E"
ext4: apply umask if ACL support is disabled
ext4: correct offset of gdb backup in non meta_bg group to update_backups
ext4: correct return value of ext4_convert_meta_bg
ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks
drm/amdgpu: fix error handling in amdgpu_bo_list_get()
scsi: virtio_scsi: limit number of hw queues by nr_cpu_ids
iomap: Set all uptodate bits for an Uptodate page
net: sched: fix race condition in qdisc_graft()
Linux 4.19.300
Change-Id: I21f68d5f5dc85afe62bbc6e9a7aac12faee56621
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 8f4f68e788c3a7a696546291258bfa5fdb215523 ]
We found a hungtask bug in test_aead_vec_cfg as follows:
INFO: task cryptomgr_test:391009 blocked for more than 120 seconds.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Call trace:
__switch_to+0x98/0xe0
__schedule+0x6c4/0xf40
schedule+0xd8/0x1b4
schedule_timeout+0x474/0x560
wait_for_common+0x368/0x4e0
wait_for_completion+0x20/0x30
wait_for_completion+0x20/0x30
test_aead_vec_cfg+0xab4/0xd50
test_aead+0x144/0x1f0
alg_test_aead+0xd8/0x1e0
alg_test+0x634/0x890
cryptomgr_test+0x40/0x70
kthread+0x1e0/0x220
ret_from_fork+0x10/0x18
Kernel panic - not syncing: hung_task: blocked tasks
For padata_do_parallel, when the return err is 0 or -EBUSY, it will call
wait_for_completion(&wait->completion) in test_aead_vec_cfg. In normal
case, aead_request_complete() will be called in pcrypt_aead_serial and the
return err is 0 for padata_do_parallel. But, when pinst->flags is
PADATA_RESET, the return err is -EBUSY for padata_do_parallel, and it
won't call aead_request_complete(). Therefore, test_aead_vec_cfg will
hung at wait_for_completion(&wait->completion), which will cause
hungtask.
The problem comes as following:
(padata_do_parallel) |
rcu_read_lock_bh(); |
err = -EINVAL; | (padata_replace)
| pinst->flags |= PADATA_RESET;
err = -EBUSY |
if (pinst->flags & PADATA_RESET) |
rcu_read_unlock_bh() |
return err
In order to resolve the problem, we replace the return err -EBUSY with
-EAGAIN, which means parallel_data is changing, and the caller should call
it again.
v3:
remove retry and just change the return err.
v2:
introduce padata_try_do_parallel() in pcrypt_aead_encrypt and
pcrypt_aead_decrypt to solve the hungtask.
Signed-off-by: Lu Jialin <lujialin4@huawei.com>
Signed-off-by: Guo Zihua <guozihua@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This reverts commit 2b1207801c which is
commit 6bd87eec23cbc9ed222bed0f5b5b02bf300e9a8d upstream.
It breaks the Android kernel abi and is not needed in this branch at
this point in time.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Idf0bfa987ca8fa7932e390ddc7ad4c8c020f40b2
This reverts commit d6c434ae9d which is
commit 93175d935d upstream.
It breaks the Android kernel abi and is not needed in this branch at
this point in time.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I53f15ad34f2124aa7a4e06dafcdb828666a91278
commit 3c2214b6027ff37945799de717c417212e1a8c54 upstream.
Removing the pcrypt module triggers this:
general protection fault, probably for non-canonical
address 0xdead000000000122
CPU: 5 PID: 264 Comm: modprobe Not tainted 5.6.0+ #2
Hardware name: QEMU Standard PC
RIP: 0010:__cpuhp_state_remove_instance+0xcc/0x120
Call Trace:
padata_sysfs_release+0x74/0xce
kobject_put+0x81/0xd0
padata_free+0x12/0x20
pcrypt_exit+0x43/0x8ee [pcrypt]
padata instances wrongly use the same hlist node for the online and dead
states, so __padata_free()'s second cpuhp remove call chokes on the node
that the first poisoned.
cpuhp multi-instance callbacks only walk forward in cpuhp_step->list and
the same node is linked in both the online and dead lists, so the list
corruption that results from padata_alloc() adding the node to a second
list without removing it from the first doesn't cause problems as long
as no instances are freed.
Avoid the issue by giving each state its own node.
Fixes: 894c9ef9780c ("padata: validate cpumask without removed CPU during offline")
Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: stable@vger.kernel.org # v5.4+
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 894c9ef9780c5cf2f143415e867ee39a33ecb75d upstream.
Configuring an instance's parallel mask without any online CPUs...
echo 2 > /sys/kernel/pcrypt/pencrypt/parallel_cpumask
echo 0 > /sys/devices/system/cpu/cpu1/online
...makes tcrypt mode=215 crash like this:
divide error: 0000 [#1] SMP PTI
CPU: 4 PID: 283 Comm: modprobe Not tainted 5.4.0-rc8-padata-doc-v2+ #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20191013_105130-anatol 04/01/2014
RIP: 0010:padata_do_parallel+0x114/0x300
Call Trace:
pcrypt_aead_encrypt+0xc0/0xd0 [pcrypt]
crypto_aead_encrypt+0x1f/0x30
do_mult_aead_op+0x4e/0xdf [tcrypt]
test_mb_aead_speed.constprop.0.cold+0x226/0x564 [tcrypt]
do_test+0x28c2/0x4d49 [tcrypt]
tcrypt_mod_init+0x55/0x1000 [tcrypt]
...
cpumask_weight() in padata_cpu_hash() returns 0 because the mask has no
CPUs. The problem is __padata_remove_cpu() checks for valid masks too
early and so doesn't mark the instance PADATA_INVALID as expected, which
would have made padata_do_parallel() return error before doing the
division.
Fix by introducing a second padata CPU hotplug state before
CPUHP_BRINGUP_CPU so that __padata_remove_cpu() sees the online mask
without @cpu. No need for the second argument to padata_replace() since
@cpu is now already missing from the online mask.
Fixes: 33e5445068 ("padata: Handle empty padata cpumasks")
Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Cc: Eric Biggers <ebiggers@kernel.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit ec9c7d19336ee98ecba8de80128aa405c45feebb ]
Exercising CPU hotplug on a 5.2 kernel with recent padata fixes from
cryptodev-2.6.git in an 8-CPU kvm guest...
# modprobe tcrypt alg="pcrypt(rfc4106(gcm(aes)))" type=3
# echo 0 > /sys/devices/system/cpu/cpu1/online
# echo c > /sys/kernel/pcrypt/pencrypt/parallel_cpumask
# modprobe tcrypt mode=215
...caused the following crash:
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] SMP PTI
CPU: 2 PID: 134 Comm: kworker/2:2 Not tainted 5.2.0-padata-base+ #7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-<snip>
Workqueue: pencrypt padata_parallel_worker
RIP: 0010:padata_reorder+0xcb/0x180
...
Call Trace:
padata_do_serial+0x57/0x60
pcrypt_aead_enc+0x3a/0x50 [pcrypt]
padata_parallel_worker+0x9b/0xe0
process_one_work+0x1b5/0x3f0
worker_thread+0x4a/0x3c0
...
In padata_alloc_pd, pd->cpu is set using the user-supplied cpumask
instead of the effective cpumask, and in this case cpumask_first picked
an offline CPU.
The offline CPU's reorder->list.next is NULL in padata_reorder because
the list wasn't initialized in padata_init_pqueues, which only operates
on CPUs in the effective mask.
Fix by using the effective mask in padata_alloc_pd.
Fixes: 6fc4dbcf0276 ("padata: Replace delayed timer with immediate workqueue in padata_reorder")
Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 6fc4dbcf0276279d488c5fbbfabe94734134f4fa ]
The function padata_reorder will use a timer when it cannot progress
while completed jobs are outstanding (pd->reorder_objects > 0). This
is suboptimal as if we do end up using the timer then it would have
introduced a gratuitous delay of one second.
In fact we can easily distinguish between whether completed jobs
are outstanding and whether we can make progress. All we have to
do is look at the next pqueue list.
This patch does that by replacing pd->processed with pd->cpu so
that the next pqueue is more accessible.
A work queue is used instead of the original try_again to avoid
hogging the CPU.
Note that we don't bother removing the work queue in
padata_flush_queues because the whole premise is broken. You
cannot flush async crypto requests so it makes no sense to even
try. A subsequent patch will fix it by replacing it with a ref
counting scheme.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
[dj: - adjust context
- corrected setup_timer -> timer_setup to delete hunk
- skip padata_flush_queues() hunk, function already removed
in 4.19]
Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 38228e8848cd7dd86ccb90406af32de0cad24be3 upstream.
lockdep complains when padata's paths to update cpumasks via CPU hotplug
and sysfs are both taken:
# echo 0 > /sys/devices/system/cpu/cpu1/online
# echo ff > /sys/kernel/pcrypt/pencrypt/parallel_cpumask
======================================================
WARNING: possible circular locking dependency detected
5.4.0-rc8-padata-cpuhp-v3+ #1 Not tainted
------------------------------------------------------
bash/205 is trying to acquire lock:
ffffffff8286bcd0 (cpu_hotplug_lock.rw_sem){++++}, at: padata_set_cpumask+0x2b/0x120
but task is already holding lock:
ffff8880001abfa0 (&pinst->lock){+.+.}, at: padata_set_cpumask+0x26/0x120
which lock already depends on the new lock.
padata doesn't take cpu_hotplug_lock and pinst->lock in a consistent
order. Which should be first? CPU hotplug calls into padata with
cpu_hotplug_lock already held, so it should have priority.
Fixes: 6751fb3c0e ("padata: Use get_online_cpus/put_online_cpus")
Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Cc: Eric Biggers <ebiggers@kernel.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The 4.19 backport dc34710a7a ("padata: Remove broken queue flushing")
removed padata_alloc_pd()'s assignment to pd->pinst, resulting in:
Unable to handle kernel NULL pointer dereference ...
...
pc : padata_reorder+0x144/0x2e0
...
Call trace:
padata_reorder+0x144/0x2e0
padata_do_serial+0xc8/0x128
pcrypt_aead_enc+0x60/0x70 [pcrypt]
padata_parallel_worker+0xd8/0x138
process_one_work+0x1bc/0x4b8
worker_thread+0x164/0x580
kthread+0x134/0x138
ret_from_fork+0x10/0x18
This happened because the backport was based on an enhancement that
moved this assignment but isn't in 4.19:
bfde23ce200e ("padata: unbind parallel jobs from specific CPUs")
Simply restore the assignment to fix the crash.
Fixes: dc34710a7a ("padata: Remove broken queue flushing")
Reported-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Sasha Levin <sashal@kernel.org>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: linux-kernel@vger.kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 07928d9bfc81640bab36f5190e8725894d93b659 ]
The function padata_flush_queues is fundamentally broken because
it cannot force padata users to complete the request that is
underway. IOW padata has to passively wait for the completion
of any outstanding work.
As it stands flushing is used in two places. Its use in padata_stop
is simply unnecessary because nothing depends on the queues to
be flushed afterwards.
The other use in padata_replace is more substantial as we depend
on it to free the old pd structure. This patch instead uses the
pd->refcnt to dynamically free the pd structure once all requests
are complete.
Fixes: 2b73b07ab8 ("padata: Flush the padata queues actively")
Cc: <stable@vger.kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit cf144f81a99d1a3928f90b0936accfd3f45c9a0a upstream.
Testing padata with the tcrypt module on a 5.2 kernel...
# modprobe tcrypt alg="pcrypt(rfc4106(gcm(aes)))" type=3
# modprobe tcrypt mode=211 sec=1
...produces this splat:
INFO: task modprobe:10075 blocked for more than 120 seconds.
Not tainted 5.2.0-base+ #16
modprobe D 0 10075 10064 0x80004080
Call Trace:
? __schedule+0x4dd/0x610
? ring_buffer_unlock_commit+0x23/0x100
schedule+0x6c/0x90
schedule_timeout+0x3b/0x320
? trace_buffer_unlock_commit_regs+0x4f/0x1f0
wait_for_common+0x160/0x1a0
? wake_up_q+0x80/0x80
{ crypto_wait_req } # entries in braces added by hand
{ do_one_aead_op }
{ test_aead_jiffies }
test_aead_speed.constprop.17+0x681/0xf30 [tcrypt]
do_test+0x4053/0x6a2b [tcrypt]
? 0xffffffffa00f4000
tcrypt_mod_init+0x50/0x1000 [tcrypt]
...
The second modprobe command never finishes because in padata_reorder,
CPU0's load of reorder_objects is executed before the unlocking store in
spin_unlock_bh(pd->lock), causing CPU0 to miss CPU1's increment:
CPU0 CPU1
padata_reorder padata_do_serial
LOAD reorder_objects // 0
INC reorder_objects // 1
padata_reorder
TRYLOCK pd->lock // failed
UNLOCK pd->lock
CPU0 deletes the timer before returning from padata_reorder and since no
other job is submitted to padata, modprobe waits indefinitely.
Add a pair of full barriers to guarantee proper ordering:
CPU0 CPU1
padata_reorder padata_do_serial
UNLOCK pd->lock
smp_mb()
LOAD reorder_objects
INC reorder_objects
smp_mb__after_atomic()
padata_reorder
TRYLOCK pd->lock
smp_mb__after_atomic is needed so the read part of the trylock operation
comes after the INC, as Andrea points out. Thanks also to Andrea for
help with writing a litmus test.
Fixes: 16295bec63 ("padata: Generic parallelization/serialization interface")
Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Cc: <stable@vger.kernel.org>
Cc: Andrea Parri <andrea.parri@amarulasolutions.com>
Cc: Boqun Feng <boqun.feng@gmail.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Paul E. McKenney <paulmck@linux.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: linux-arch@vger.kernel.org
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
If the algorithm we're parallelizing is asynchronous we might change
CPUs between padata_do_parallel() and padata_do_serial(). However, we
don't expect this to happen as we need to enqueue the padata object into
the per-cpu reorder queue we took it from, i.e. the same-cpu's parallel
queue.
Ensure we're not switching CPUs for a given padata object by tracking
the CPU within the padata object. If the serial callback gets called on
the wrong CPU, defer invoking padata_reorder() via a kernel worker on
the CPU we're expected to run on.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The reorder timer function runs on the CPU where the timer interrupt was
handled which is not necessarily one of the CPUs of the 'pcpu' CPU mask
set.
Ensure the padata_reorder() callback runs on the correct CPU, which is
one in the 'pcpu' CPU mask set and, preferrably, the next expected one.
Do so by comparing the current CPU with the expected target CPU. If they
match, call padata_reorder() right away. If they differ, schedule a work
item on the target CPU that does the padata_reorder() call for us.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The parallel queue per-cpu data structure gets initialized only for CPUs
in the 'pcpu' CPU mask set. This is not sufficient as the reorder timer
may run on a different CPU and might wrongly decide it's the target CPU
for the next reorder item as per-cpu memory gets memset(0) and we might
be waiting for the first CPU in cpumask.pcpu, i.e. cpu_index 0.
Make the '__this_cpu_read(pd->pqueue->cpu_index) == next_queue->cpu_index'
compare in padata_get_next() fail in this case by initializing the
cpu_index member of all per-cpu parallel queues. Use -1 for unused ones.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The author meant to free the variable that was just allocated, instead
of the one that failed to be allocated, but made a simple typo. This
patch rectifies that.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Under extremely heavy uses of padata, crashes occur, and with list
debugging turned on, this happens instead:
[87487.298728] WARNING: CPU: 1 PID: 882 at lib/list_debug.c:33
__list_add+0xae/0x130
[87487.301868] list_add corruption. prev->next should be next
(ffffb17abfc043d0), but was ffff8dba70872c80. (prev=ffff8dba70872b00).
[87487.339011] [<ffffffff9a53d075>] dump_stack+0x68/0xa3
[87487.342198] [<ffffffff99e119a1>] ? console_unlock+0x281/0x6d0
[87487.345364] [<ffffffff99d6b91f>] __warn+0xff/0x140
[87487.348513] [<ffffffff99d6b9aa>] warn_slowpath_fmt+0x4a/0x50
[87487.351659] [<ffffffff9a58b5de>] __list_add+0xae/0x130
[87487.354772] [<ffffffff9add5094>] ? _raw_spin_lock+0x64/0x70
[87487.357915] [<ffffffff99eefd66>] padata_reorder+0x1e6/0x420
[87487.361084] [<ffffffff99ef0055>] padata_do_serial+0xa5/0x120
padata_reorder calls list_add_tail with the list to which its adding
locked, which seems correct:
spin_lock(&squeue->serial.lock);
list_add_tail(&padata->list, &squeue->serial.list);
spin_unlock(&squeue->serial.lock);
This therefore leaves only place where such inconsistency could occur:
if padata->list is added at the same time on two different threads.
This pdata pointer comes from the function call to
padata_get_next(pd), which has in it the following block:
next_queue = per_cpu_ptr(pd->pqueue, cpu);
padata = NULL;
reorder = &next_queue->reorder;
if (!list_empty(&reorder->list)) {
padata = list_entry(reorder->list.next,
struct padata_priv, list);
spin_lock(&reorder->lock);
list_del_init(&padata->list);
atomic_dec(&pd->reorder_objects);
spin_unlock(&reorder->lock);
pd->processed++;
goto out;
}
out:
return padata;
I strongly suspect that the problem here is that two threads can race
on reorder list. Even though the deletion is locked, call to
list_entry is not locked, which means it's feasible that two threads
pick up the same padata object and subsequently call list_add_tail on
them at the same time. The fix is thus be hoist that lock outside of
that block.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Remove the unused but set variable pinst in padata_parallel_worker to
fix the following warning when building with 'W=1':
kernel/padata.c: In function ‘padata_parallel_worker’:
kernel/padata.c:68:26: warning: variable ‘pinst’ set but not used [-Wunused-but-set-variable]
Also remove the now unused variable pd which is only used to set pinst.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
A recent cleanup removed some exported functions that were not used
anywhere, which in turn exposed the fact that some other functions in
the same file are only used in some configurations.
We now get a warning about them when CONFIG_HOTPLUG_CPU is disabled:
kernel/padata.c:670:12: error: '__padata_remove_cpu' defined but not used [-Werror=unused-function]
static int __padata_remove_cpu(struct padata_instance *pinst, int cpu)
^~~~~~~~~~~~~~~~~~~
kernel/padata.c:650:12: error: '__padata_add_cpu' defined but not used [-Werror=unused-function]
static int __padata_add_cpu(struct padata_instance *pinst, int cpu)
This rearranges the code so the __padata_remove_cpu/__padata_add_cpu
functions are within the #ifdef that protects the code that calls them.
[akpm@linux-foundation.org: coding-style fixes]
Fixes: 4ba6d78c671e ("kernel/padata.c: removed unused code")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Cc: Richard Cochran <rcochran@linutronix.de>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
By accident I stumbled across code that has never been used. This
driver has EXPORT_SYMBOL functions, and the only user of the code is
pcrypt.c, but this only uses a subset of the exported symbols.
According to 'git log -G', the functions, padata_set_cpumasks,
padata_add_cpu, and padata_remove_cpu have never been used since they
were first introduced. This patch removes the unused code.
On one 64 bit build, with CRYPTO_PCRYPT built in, the text is more than
4k smaller.
kbuild_hp> size $KBUILD_OUTPUT/vmlinux
text data bss dec hex filename
10566658 4678360 1122304 16367322 f9beda vmlinux
10561984 4678360 1122304 16362648 f9ac98 vmlinux
On another config, 32 bit, the saving is about 0.5k bytes.
kbuild_hp-x86> size $KBUILD_OUTPUT/vmlinux
6012005 2409513 2785280 11206798 ab008e vmlinux
6011491 2409513 2785280 11206284 aafe8c vmlinux
Signed-off-by: Richard Cochran <rcochran@linutronix.de>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
printk and friends can now format bitmaps using '%*pb[l]'. cpumask
and nodemask also provide cpumask_pr_args() and nodemask_pr_args()
respectively which can be used to generate the two printf arguments
necessary to format the specified cpu/nodemask.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
A kernel with enabled lockdep complains about the wrong usage of
rcu_dereference() under a rcu_read_lock_bh() protected region.
===============================
[ INFO: suspicious RCU usage. ]
3.13.0-rc1+ #126 Not tainted
-------------------------------
linux/kernel/padata.c:115 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 1, debug_locks = 1
1 lock held by cryptomgr_test/153:
#0: (rcu_read_lock_bh){.+....}, at: [<ffffffff8115c235>] padata_do_parallel+0x5/0x270
Fix that by using rcu_dereference_bh() instead.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Using a spinlock to atomically increase a counter sounds wrong -- we've
atomic_t for this!
Also move 'seq_nr' to a different cache line than 'lock' to reduce cache
line trashing. This has the nice side effect of decreasing the size of
struct parallel_data from 192 to 128 bytes for a x86-64 build, e.g.
occupying only two instead of three cache lines.
Those changes results in a 5% performance increase on an IPsec test run
using pcrypt.
Btw. the seq_lock spinlock was never explicitly initialized -- one more
reason to get rid of it.
Signed-off-by: Mathias Krause <mathias.krause@secunet.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
padata_cpu_callback() takes pinst->lock, to avoid taking
an uninitialized lock, register the notifier after it's
initialization.
Signed-off-by: Richard Weinberger <richard@nod.at>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Share code between CPU_ONLINE and CPU_DOWN_FAILED, same to
CPU_DOWN_PREPARE and CPU_UP_CANCELED.
It will fix 2 bugs:
"not check the return value of __padata_remove_cpu() and __padata_add_cpu()".
"need add 'break' between CPU_UP_CANCELED and CPU_DOWN_FAILED".
Signed-off-by: Chen Gang <gang.chen@asianux.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
We don't remove the cpu that went offline from our cpumasks
on cpu hotplug. This got lost somewhere along the line, so
restore it. This fixes a hang of the padata instance on cpu
hotplug.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
We use the active cpumask to determine the superset of cpus
to use for parallelization. However, the active cpumask is
for internal usage of the scheduler and therefore not the
appropriate cpumask for these purposes. So use the online
cpumask instead.
Reported-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
When padata_do_parallel() is called from multiple cpus for the same
padata instance, we can get object reordering on sequence number wrap
because testing for sequence number wrap and reseting the sequence
number must happen atomically but is implemented with two atomic
operations. This patch fixes this by converting the sequence number
from atomic_t to an unsigned int and protect the access with a
spin_lock. As a side effect, we get rid of the sequence number wrap
handling because the seqence number wraps back to null now without
the need to do anything.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
When a padata object is queued to the serialization queue, another
cpu might process and free the padata object. So don't dereference
it after queueing to the serialization queue.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The changed files were only including linux/module.h for the
EXPORT_SYMBOL infrastructure, and nothing else. Revector them
onto the isolated export header for faster compile times.
Nothing to see here but a whole lot of instances of:
-#include <linux/module.h>
+#include <linux/export.h>
This commit is only changing the kernel dir; next targets
will probably be mm, fs, the arch dirs, etc.
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (39 commits)
random: Reorder struct entropy_store to remove padding on 64bits
padata: update API documentation
padata: Remove padata_get_cpumask
crypto: pcrypt - Update pcrypt cpumask according to the padata cpumask notifier
crypto: pcrypt - Rename pcrypt_instance
padata: Pass the padata cpumasks to the cpumask_change_notifier chain
padata: Rearrange set_cpumask functions
padata: Rename padata_alloc functions
crypto: pcrypt - Dont calulate a callback cpu on empty callback cpumask
padata: Check for valid cpumasks
padata: Allocate cpumask dependend recources in any case
padata: Fix cpu index counting
crypto: geode_aes - Convert pci_table entries to PCI_VDEVICE (if PCI_ANY_ID is used)
pcrypt: Added sysfs interface to pcrypt
padata: Added sysfs primitives to padata subsystem
padata: Make two separate cpumasks
padata: update documentation
padata: simplify serialization mechanism
padata: make padata_do_parallel to return zero on success
padata: Handle empty padata cpumasks
...
A function that copies the padata cpumasks to a user buffer
is a bit error prone. The cpumask can change any time so we
can't be sure to have the right cpumask when using this function.
A user who is interested in the padata cpumasks should register
to the padata cpumask notifier chain instead. Users of
padata_get_cpumask are already updated, so we can remove it.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
We pass a pointer to the new padata cpumasks to the cpumask_change_notifier
chain. So users can access the cpumasks without the need of an extra
padata_get_cpumask function.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
padata_set_cpumask needs to be protected by a lock. We make
__padata_set_cpumasks unlocked and static. So this function
can be used by the exported and locked padata_set_cpumask and
padata_set_cpumasks functions.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
We rename padata_alloc to padata_alloc_possible because this
function allocates a padata_instance and uses the cpu_possible
mask for parallel and serial workers. Also we rename __padata_alloc
to padata_alloc to avoid to export underlined functions. Underlined
functions are considered to be private to padata. Users are updated
accordingly.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Now that we allow to change the cpumasks from userspace, we have
to check for valid cpumasks in padata_do_parallel. This patch adds
the necessary check. This fixes a division by zero crash if the
parallel cpumask contains no active cpu.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The cpumask separation work assumes the cpumask dependend recources
present regardless of valid or invalid cpumasks. With this patch
we allocate the cpumask dependend recources in any case. This fixes
two NULL pointer dereference crashes in padata_replace and in
padata_get_cpumask.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The counting of the cpu index got lost with a recent commit.
This patch restores it. This fixes a hang of the parallel worker
threads on cpu hotplug.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
