- Jun 30, 2021
-
-
Yang Yingliang authored
This reverts commit 9c4ec8f5. Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Yang Yingliang authored
This reverts commit d4fcfb2e. Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Yonglong Liu authored
driver inclusion category: bugfix bugzilla: NA CVE: NA ----------------------------- This patch is used to update driver version to 1.9.40.24. Signed-off-by:
Yonglong Liu <liuyonglong@huawei.com> Reviewed-by:
li yongxin <liyongxin1@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Yonglong Liu authored
driver inclusion category: bugfix bugzilla: NA CVE: NA ---------------------------- Signed-off-by:
Yonglong Liu <liuyonglong@huawei.com> Reviewed-by:
li yongxin <liyongxin1@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Colin Ian King authored
mainline inclusion from mainline-v5.13-rc1 commit d0494135f94c7ab5a9cf7a9094fbb233275c7ba6 category: bugfix bugzilla: NA CVE: NA ---------------------------- The reset_prepare and reset_done calls have a null pointer check on ae_dev however ae_dev is being dereferenced via the call to ns3_is_phys_func with the ae->pdev argument. Fix this by performing a null pointer check on ae_dev and hence short-circuiting the dereference to ae_dev on the call to ns3_is_phys_func. Addresses-Coverity: ("Dereference before null check") Fixes: 715c58e94f0d ("net: hns3: add suspend and resume pm_ops") Signed-off-by:
Colin Ian King <colin.king@canonical.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
Yonglong Liu <liuyonglong@huawei.com> Reviewed-by:
li yongxin <liyongxin1@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Huazhong Tan authored
mainline inclusion from mainline-v5.2-rc1 commit 146e92c1 category: feature bugzilla: NA CVE: NA ---------------------------- Since the hardware does not handle mailboxes and the hardware reset include TQP reset, so it is unnecessary to reset TQP in the hclgevf_ae_stop() while doing VF reset. Also it is unnecessary to reset the remaining TQP when one reset fails. Signed-off-by:
Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by:
Peng Li <lipeng321@huawei.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
Yonglong Liu <liuyonglong@huawei.com> Reviewed-by:
li yongxin <liyongxin1@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Yonglong Liu authored
driver inclusion category: cleanup bugzilla: NA CVE: NA ---------------------------- Signed-off-by:
Yonglong Liu <liuyonglong@huawei.com> Reviewed-by:
li yongxin <liyongxin1@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Yunsheng Lin authored
mainline inclusion from mainline-v5.13-rc1 commit 97b9e5c131f16e2e487139ba596f9e6df927ae87 category: feature bugzilla: NA CVE: NA ---------------------------- skb_put_padto() may fails because of memory failure, sw_err_cnt is already used to log memory failure in hns3_skb_linearize(), so use it to log the memory failure for skb_put_padto() too. Signed-off-by:
Yunsheng Lin <linyunsheng@huawei.com> Signed-off-by:
Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
Yonglong Liu <liuyonglong@huawei.com> Reviewed-by:
li yongxin <liyongxin1@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Yunsheng Lin authored
mainline inclusion from mainline-v5.13-rc1 commit 811c0830eb4ca8811ed80fe40378f622b9844835 category: feature bugzilla: NA CVE: NA ---------------------------- The actual size on wire for tso skb should be (gso_segs - 1) * hdr + skb->len instead of skb->len, which can be seen by user using 'ethtool -S ethX' cmd, and 'Byte Queue Limit' also use the send size stat to do the queue limiting, so add send_bytes in the desc_cb to record the actual send size for a skb. And send_bytes is only for tx desc_cb and page_offset is only for rx desc, so reuse the same space for both of them. Signed-off-by:
Yunsheng Lin <linyunsheng@huawei.com> Signed-off-by:
Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
Yonglong Liu <liuyonglong@huawei.com> Reviewed-by:
li yongxin <liyongxin1@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Yunsheng Lin authored
mainline inclusion from mainline-v5.13-rc1 commit d5d5e0193ee8f88efbbc7f1471087255657bc19a category: feature bugzilla: NA CVE: NA ---------------------------- Currently hns3 driver only handle the xmit skb with one level of fraglist skb, add handling for multi level by calling hns3_tx_bd_num() recursively when calculating bd num and calling hns3_fill_skb_to_desc() recursively when filling tx desc. When the skb has a fraglist level of 24, the skb is simply dropped and stats.max_recursion_level is added to record the error. Move the stat handling from hns3_nic_net_xmit() to hns3_nic_maybe_stop_tx() in order to handle different error stat and add the 'max_recursion_level' and 'hw_limitation' stat. Note that the max recursive level as 24 is chose according to below: commit 48a1df65 ("skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow"). And that we are not able to find a testcase to verify the recursive fraglist case, so Fixes tag is not provided. Reported-by:
Barry Song <song.bao.hua@hisilicon.com> Signed-off-by:
Yunsheng Lin <linyunsheng@huawei.com> Signed-off-by:
Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
Yonglong Liu <liuyonglong@huawei.com> Reviewed-by:
li yongxin <liyongxin1@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Yunsheng Lin authored
mainline inclusion from mainline-v5.10-rc1 commit 619ae331 category: feature bugzilla: NA CVE: NA ---------------------------- Use napi_consume_skb() to batch consuming skb when cleaning tx desc in NAPI polling. Signed-off-by:
Yunsheng Lin <linyunsheng@huawei.com> Signed-off-by:
Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
Yonglong Liu <liuyonglong@huawei.com> Reviewed-by:
li yongxin <liyongxin1@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Yunsheng Lin authored
mainline inclusion from mainline-v5.10-rc1 commit 48ee56fd category: feature bugzilla: NA CVE: NA ---------------------------- writel() can be used to order I/O vs memory by default when writing portable drivers. Use writel() to replace wmb() + writel_relaxed(), and writel() is dma_wmb() + writel_relaxed() for ARM64, so there is an optimization here because dma_wmb() is a lighter barrier than wmb(). Signed-off-by:
Yunsheng Lin <linyunsheng@huawei.com> Signed-off-by:
Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
Yonglong Liu <liuyonglong@huawei.com> Reviewed-by:
li yongxin <liyongxin1@huawei.com> Reviewed-by:
li yongxin <liyongxin1@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Yunsheng Lin authored
mainline inclusion from mainline-v5.10-rc1 commit 8c30e194 category: feature bugzilla: NA CVE: NA ---------------------------- Currently HNS3_RING_RX_RING_FBDNUM_REG register is read to determine how many rx desc can be cleaned. To avoid the register read operation in the critical data path, use the valid bit in the rx desc to determine if a specific rx desc can be cleaned. The hns3 driver clear valid bit in the rx desc before notifying the rx desc to the hw, and hw will only set the valid bit of the rx desc after corresponding buffer is filled with packet data and other field in the rx desc is set accordingly. Add hns3_rx_ring_move_fw() function to clear the valid bit in the rx desc before moving rx ring's next_to_clean forward to avoid double cleaning a rx desc, also add a dma_rmb() barrier in hns3_handle_rx_bd() to make sure valid bit is set before reading other field in the rx desc. Signed-off-by:
Yunsheng Lin <linyunsheng@huawei.com> Signed-off-by:
Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
Yonglong Liu <liuyonglong@huawei.com> Reviewed-by:
li yongxin <liyongxin1@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Yunsheng Lin authored
mainline inclusion from mainline-v5.10-rc1 commit 20d06ca2 category: feature bugzilla: NA CVE: NA ---------------------------- Currently HNS3_RING_TX_RING_HEAD_REG register is read to determine how many tx desc can be cleaned. To avoid the register read operation in the critical data path, use the valid bit in the tx desc to determine if a specific tx desc can be cleaned. The hns3 driver sets valid bit in the tx desc before ringing a doorbell to the hw, and hw will only clear the valid bit of the tx desc after corresponding packet is sent out to the wire. And because next_to_use for tx ring is a changing variable when the driver is filling the tx desc, so reuse the pull_len for rx ring to record the tx desc that has notified to the hw, so that hns3_nic_reclaim_desc() can decide how many tx desc's valid bit need checking when reclaiming tx desc. And io_err_cnt stat is also removed for it is not used anymore. Signed-off-by:
Yunsheng Lin <linyunsheng@huawei.com> Signed-off-by:
Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
Yonglong Liu <liuyonglong@huawei.com> Reviewed-by:
li yongxin <liyongxin1@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Yunsheng Lin authored
mainline inclusion from mainline-v5.10-rc1 commit f6061a05 category: feature bugzilla: NA CVE: NA ---------------------------- Use netdev_xmit_more() to defer the tx doorbell operation when the skb is passed to the driver continuously. By doing this we can improve the overall xmit performance by avoid some doorbell operations. Also, the tx_err_cnt stat is not used, so rename it to tx_more stat. Signed-off-by:
Yunsheng Lin <linyunsheng@huawei.com> Signed-off-by:
Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
Yonglong Liu <liuyonglong@huawei.com> Reviewed-by:
li yongxin <liyongxin1@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Yunsheng Lin authored
mainline inclusion from mainline-v5.10-rc1 commit aeda9bf8 category: feature bugzilla: NA CVE: NA ---------------------------- Batch the page reference count updates instead of doing them one at a time. By doing this we can improve the overall receive performance by avoid some atomic increment operations when the rx page is reused. Signed-off-by:
Yunsheng Lin <linyunsheng@huawei.com> Signed-off-by:
Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
Yonglong Liu <liuyonglong@huawei.com> Reviewed-by:
li yongxin <liyongxin1@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Barry Song authored
mainline inclusion from mainline-v5.9-rc1 commit c2a2e127 category: feature bugzilla: NA CVE: NA ---------------------------- Right now they are empty functions for our SoC since hardware can keep cache coherent, but it is still good to align with streaming DMA APIs as device drivers should not make an assumption of SoC. Reviewed-by:
Yunsheng Lin <linyunsheng@huawei.com> Signed-off-by:
Barry Song <song.bao.hua@hisilicon.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
Yonglong Liu <liuyonglong@huawei.com> Reviewed-by:
li yongxin <liyongxin1@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Barry Song authored
mainline inclusion from mainline-v5.9-rc1 commit 4d2cad32 category: feature bugzilla: NA CVE: NA ---------------------------- This is for improving the readability. Signed-off-by:
Barry Song <song.bao.hua@hisilicon.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
Yonglong Liu <liuyonglong@huawei.com> Reviewed-by:
li yongxin <liyongxin1@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Barry Song authored
mainline inclusion from mainline-v5.9-rc1 commit cb0e3e61 category: feature bugzilla: NA CVE: NA ---------------------------- Move the type of buffer address from unsigned char to void Signed-off-by:
Barry Song <song.bao.hua@hisilicon.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
Yonglong Liu <liuyonglong@huawei.com> Reviewed-by:
li yongxin <liyongxin1@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Barry Song authored
mainline inclusion from mainline-v5.9-rc1 commit 674a1357 category: feature bugzilla: NA CVE: NA ---------------------------- since we are using device-managed function, it is unnecessary to free in probe. Signed-off-by:
Barry Song <song.bao.hua@hisilicon.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
Yonglong Liu <liuyonglong@huawei.com> Reviewed-by:
li yongxin <liyongxin1@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Jiaran Zhang authored
mainline inclusion from mainline-v5.12-rc8 commit 715c58e94f0d78907bfccde12c2ca5236502c53e category: feature bugzilla: NA CVE: NA ---------------------------- To implement the system suspend/resume functions, the NIC driver needs to support: 1. When the system enters the suspend mode, the driver needs to implement the suspend callback function of the NIC device. The driver needs to mute the device, stop all RX/TX activities of the device, and unmap the interrupt. 2. When the system enters the resume mode, the driver needs to implement the resume callback function of the NIC device and restore the device to the state before suspension. When the system enters the suspend and resume mode, the NIC driver actually executes the PF function reset process. When the PFs are suspending/resuming, VFs also enter the suspend/resume state because the PFs trigger the VFs to reset, therefore no operation is required when the VF pci_driver is suspending or resuming. Signed-off-by:
Jiaran Zhang <zhangjiaran@huawei.com> Signed-off-by:
Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
Yonglong Liu <liuyonglong@huawei.com> Reviewed-by:
li yongxin <liyongxin1@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Yonglong Liu authored
driver inclusion category: feature bugzilla: NA CVE: NA ---------------------------- This reverts commit 6c1eadb888e9e9c6593294c1e99038229ac55bb2. HNS3 driver use pm_ops to implement the suspend/resume function, so revert the old implementation. Signed-off-by:
Yonglong Liu <liuyonglong@huawei.com> Reviewed-by:
li yongxin <liyongxin1@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Jiaran Zhang authored
mainline inclusion from mainline-v5.12-rc8 commit bb1890d5f97425766a865d75f99fd556d5dc6893 category: feature bugzilla: NA CVE: NA ---------------------------- The flr_prepare/flr_done functions are not only used in the FLR scenario, but also used in the suspend/resume. Change the function names to prepare_for_reset/rebuild_for_reset, change the flr_prepare/flr_done to reset_prepare/reset_done in hnae3_ae_ops. Signed-off-by:
Jiaran Zhang <zhangjiaran@huawei.com> Signed-off-by:
Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
Yonglong Liu <liuyonglong@huawei.com> Reviewed-by:
li yongxin <liyongxin1@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Jiaran Zhang authored
driver inclusion category: feature bugzilla: NA CVE: NA ---------------------------- The reset interface multiplexed by flr/resume will be renamed reset_done, so the current reset_done interface is renamed reset_end. Signed-off-by:
Jiaran Zhang <zhangjiaran@huawei.com> Signed-off-by:
Yonglong Liu <liuyonglong@huawei.com> Reviewed-by:
li yongxin <liyongxin1@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Jian Shen authored
driver inclusion category: bugfix bugzilla: NA CVE: NA ---------------------------- Currently, when host set VF untrusted, the driver will disable the promisc mode of VF. It may be conflicted when the VF requests the host to set promisc mode. So fix it by change promisc mode for VF asynchronously. With this change, the promisc mode of VF can be restored when the VF being trusted again. Fixes: 5c1f0ff21058 ("net: hns3: add support for setting VF trust") Signed-off-by:
Jian Shen <shenjian15@huawei.com> Signed-off-by:
Yonglong Liu <liuyonglong@huawei.com> Reviewed-by:
li yongxin <liyongxin1@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Yang Yingliang authored
hulk inclusion category: other bugzilla: NA CVE: NA --------------------------- It's from https://gitee.com/src-openeuler/kernel/blob/openEuler-20.03-LTS-SP2/kabi_whitelist_x86_64 Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com> Reviewed-by:
Xie XiuQi <xiexiuqi@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Yang Yingliang authored
hulk inclusion category: other bugzilla: NA CVE: NA --------------------------- It's from https://gitee.com/src-openeuler/kernel/blob/openEuler-20.03-LTS-SP2/kabi_whitelist_aarch64 Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com> Reviewed-by:
Xie XiuQi <xiexiuqi@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Mike Kravetz authored
stable inclusion from linux-4.19.193 commit a92212ef6326c8dc09003c7af4e1ba7da0b77e44 -------------------------------- commit 55254636 upstream. A new clang diagnostic (-Wsizeof-array-div) warns about the calculation to determine the number of u32's in an array of unsigned longs. Suppress warning by adding parentheses. While looking at the above issue, noticed that the 'address' parameter to hugetlb_fault_mutex_hash is no longer used. So, remove it from the definition and all callers. No functional change. Link: http://lkml.kernel.org/r/20190919011847.18400-1-mike.kravetz@oracle.com Signed-off-by:
Mike Kravetz <mike.kravetz@oracle.com> Reported-by:
Nathan Chancellor <natechancellor@gmail.com> Reviewed-by:
Nathan Chancellor <natechancellor@gmail.com> Reviewed-by:
Davidlohr Bueso <dbueso@suse.de> Reviewed-by:
Andrew Morton <akpm@linux-foundation.org> Cc: Nick Desaulniers <ndesaulniers@google.com> Cc: Ilie Halip <ilie.halip@gmail.com> Cc: David Bolvansky <david.bolvansky@gmail.com> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Francesco Ruggeri authored
stable inclusion from linux-4.19.193 commit ea9ef822d541859b65696b62647ccc4ab43c1129 -------------------------------- [ Upstream commit e29f011e8fc04b2cdc742a2b9bbfa1b62518381a ] Commit dbd1759e ("ipv6: on reassembly, record frag_max_size") filled the frag_max_size field in IP6CB in the input path. The field should also be filled in case of atomic fragments. Fixes: dbd1759e ('ipv6: on reassembly, record frag_max_size') Signed-off-by:
Francesco Ruggeri <fruggeri@arista.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
Sasha Levin <sashal@kernel.org> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Dan Carpenter authored
stable inclusion from linux-4.19.193 commit 94e2701600ecc5505d4727d580c83b66ecc80ec7 -------------------------------- [ Upstream commit 8c7e7b8486cda21269d393245883c5e4737d5ee7 ] If sas_notify_lldd_dev_found() fails then this code calls: sas_unregister_dev(port, dev); which removes "dev", our list iterator, from the list. This could lead to an endless loop. We need to use list_for_each_entry_safe(). Link: https://lore.kernel.org/r/YKUeq6gwfGcvvhty@mwanda Fixes: 303694ee ("[SCSI] libsas: suspend / resume support") Reviewed-by:
John Garry <john.garry@huawei.com> Signed-off-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by:
Sasha Levin <sashal@kernel.org> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Steve French authored
stable inclusion from linux-4.19.193 commit 66988dc4dc62adf9d86e8f1e844fc747bbee28b7 -------------------------------- [ Upstream commit c0d46717b95735b0eacfddbcca9df37a49de9c7a ] See MS-SMB2 3.2.4.1.4, file ids in compounded requests should be set to 0xFFFFFFFFFFFFFFFF (we were treating it as u32 not u64 and setting it incorrectly). Signed-off-by:
Steve French <stfrench@microsoft.com> Reported-by:
Stefan Metzmacher <metze@samba.org> Reviewed-by:
Shyam Prasad N <sprasad@microsoft.com> Signed-off-by:
Sasha Levin <sashal@kernel.org> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Zhang Xiaoxu authored
stable inclusion from linux-4.19.193 commit 1cfca6c32c2a6c41370010fcc4067e2d8dcfa02b -------------------------------- commit e67afa7ee4a59584d7253e45d7f63b9528819a13 upstream. Since commit bdcc2cd1 ("NFSv4.2: handle NFS-specific llseek errors"), nfs42_proc_llseek would return -EOPNOTSUPP rather than -ENOTSUPP when SEEK_DATA on NFSv4.0/v4.1. This will lead xfstests generic/285 not run on NFSv4.0/v4.1 when set the CONFIG_NFS_V4_2, rather than run failed. Fixes: bdcc2cd1 ("NFSv4.2: handle NFS-specific llseek errors") Cc: <stable.vger.kernel.org> # 4.2 Signed-off-by:
Zhang Xiaoxu <zhangxiaoxu5@huawei.com> Signed-off-by:
Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Trond Myklebust authored
stable inclusion from linux-4.19.193 commit 40f139a6d50c232c0d1fd1c5e65a845c62db0ede -------------------------------- commit 0d0ea309357dea0d85a82815f02157eb7fcda39f upstream. The value of mirror->pg_bytes_written should only be updated after a successful attempt to flush out the requests on the list. Fixes: a7d42ddb ("nfs: add mirroring support to pgio layer") Signed-off-by:
Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Dan Carpenter authored
stable inclusion from linux-4.19.193 commit 945ebef997227ca8c20bad7f8a8358c8ee57a84a -------------------------------- commit 769b01ea68b6c49dc3cde6adf7e53927dacbd3a8 upstream. The "sizeof(struct nfs_fh)" is two bytes too large and could lead to memory corruption. It should be NFS_MAXFHSIZE because that's the size of the ->data[] buffer. I reversed the size of the arguments to put the variable on the left. Fixes: 16b374ca ("NFSv4.1: pnfs: filelayout: add driver's LAYOUTGET and GETDEVICEINFO infrastructure") Signed-off-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Mikulas Patocka authored
stable inclusion from linux-4.19.193 commit 3fe7be3c1d77af7038ebb3d4972b00ebea5f8183 -------------------------------- commit 7e768532b2396bcb7fbf6f82384b85c0f1d2f197 upstream. If an origin target has no snapshots, o->split_boundary is set to 0. This causes BUG_ON(sectors <= 0) in block/bio.c:bio_split(). Fix this by initializing chunk_size, and in turn split_boundary, to rounddown_pow_of_two(UINT_MAX) -- the largest power of two that fits into "unsigned" type. Signed-off-by:
Mikulas Patocka <mpatocka@redhat.com> Cc: stable@vger.kernel.org Signed-off-by:
Mike Snitzer <snitzer@redhat.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Kees Cook authored
stable inclusion from linux-4.19.193 commit 582a9b9813ecc89a3b5944ea412f383d02904c50 -------------------------------- commit bfb819ea20ce8bbeeba17e1a6418bf8bda91fc28 upstream. Fix another "confused deputy" weakness[1]. Writes to /proc/$pid/attr/ files need to check the opener credentials, since these fds do not transition state across execve(). Without this, it is possible to trick another process (which may have different credentials) to write to its own /proc/$pid/attr/ files, leading to unexpected and possibly exploitable behaviors. [1] https://www.kernel.org/doc/html/latest/security/credentials.html?highlight=confused#open-file-credentials Fixes: 1da177e4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org Signed-off-by:
Kees Cook <keescook@chromium.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Rolf Eike Beer authored
stable inclusion from linux-4.19.193 commit 2ec5e9bb6b0560c90d315559c28a99723c80b996 -------------------------------- commit 0ee74d5a48635c848c20f152d0d488bf84641304 upstream. iommu_device_sysfs_add() is called before, so is has to be cleaned on subsequent errors. Fixes: 39ab9555 ("iommu: Add sysfs bindings for struct iommu_device") Cc: stable@vger.kernel.org # 4.11.x Signed-off-by:
Rolf Eike Beer <eb@emlix.com> Acked-by:
Lu Baolu <baolu.lu@linux.intel.com> Link: https://lore.kernel.org/r/17411490.HIIP88n32C@mobilepool36.emlix.com Link: https://lore.kernel.org/r/20210525070802.361755-2-baolu.lu@linux.intel.com Signed-off-by:
Joerg Roedel <jroedel@suse.de> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Anna Schumaker authored
stable inclusion from linux-4.19.193 commit 39785761feadf261bc5101372b0b0bbaf6a94494 -------------------------------- commit a421d218603ffa822a0b8045055c03eae394a7eb upstream. Commit de144ff4234f changes _pnfs_return_layout() to call pnfs_mark_matching_lsegs_return() passing NULL as the struct pnfs_layout_range argument. Unfortunately, pnfs_mark_matching_lsegs_return() doesn't check if we have a value here before dereferencing it, causing an oops. I'm able to hit this crash consistently when running connectathon basic tests on NFS v4.1/v4.2 against Ontap. Fixes: de144ff4234f ("NFSv4: Don't discard segments marked for return in _pnfs_return_layout()") Cc: stable@vger.kernel.org Signed-off-by:
Anna Schumaker <Anna.Schumaker@Netapp.com> Signed-off-by:
Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Aurelien Aptel authored
stable inclusion from linux-4.19.193 commit d094067852cd1eefbcdc3c110c69265b6ce8c981 -------------------------------- commit 6d2fcfe6b517fe7cbf2687adfb0a16cdcd5d9243 upstream. SMB3.0 doesn't have encryption negotiate context but simply uses the SMB2_GLOBAL_CAP_ENCRYPTION flag. When that flag is present in the neg response cifs.ko uses AES-128-CCM which is the only cipher available in this context. cipher_type was set to the server cipher only when parsing encryption negotiate context (SMB3.1.1). For SMB3.0 it was set to 0. This means cipher_type value can be 0 or 1 for AES-128-CCM. Fix this by checking for SMB3.0 and encryption capability and setting cipher_type appropriately. Signed-off-by:
Aurelien Aptel <aaptel@suse.com> Cc: <stable@vger.kernel.org> Signed-off-by:
Steve French <stfrench@microsoft.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Tetsuo Handa authored
stable inclusion from linux-4.19.192 commit 17d6c58c5fc522561daa4d3fb270edba933ac0a6 -------------------------------- commit ffb324e6f874121f7dce5bdae5e05d02baae7269 upstream. syzbot is reporting OOB write at vga16fb_imageblit() [1], for resize_screen() from ioctl(VT_RESIZE) returns 0 without checking whether requested rows/columns fit the amount of memory reserved for the graphical screen if current mode is KD_GRAPHICS. ---------- #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <sys/ioctl.h> #include <linux/kd.h> #include <linux/vt.h> int main(int argc, char *argv[]) { const int fd = open("/dev/char/4:1", O_RDWR); struct vt_sizes vt = { 0x4100, 2 }; ioctl(fd, KDSETMODE, KD_GRAPHICS); ioctl(fd, VT_RESIZE, &vt); ioctl(fd, KDSETMODE, KD_TEXT); return 0; } ---------- Allow framebuffer drivers to return -EINVAL, by moving vc->vc_mode != KD_GRAPHICS check from resize_screen() to fbcon_resize(). Link: https://syzkaller.appspot.com/bug?extid=1f29e126cf461c4de3b3 [1] Reported-by:
syzbot <syzbot+1f29e126cf461c4de3b3@syzkaller.appspotmail.com> Suggested-by:
Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by:
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Tested-by:
syzbot <syzbot+1f29e126cf461c4de3b3@syzkaller.appspotmail.com> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-