- Oct 29, 2020
-
-
Pu Wen authored
commit ac78bd72 upstream. The machine check architecture for Hygon Dhyana CPU is similar to the AMD family 17h one. Add vendor checking for Hygon Dhyana to share the code path of AMD family 17h. Signed-off-by:
Pu Wen <puwen@hygon.cn> Signed-off-by:
Borislav Petkov <bp@suse.de> Reviewed-by:
Borislav Petkov <bp@suse.de> Cc: tglx@linutronix.de Cc: mingo@redhat.com Cc: hpa@zytor.com Cc: tony.luck@intel.com Cc: thomas.lendacky@amd.com Cc: linux-edac@vger.kernel.org Link: https://lkml.kernel.org/r/87d8a4f16bdea0bfe0c0cf2e4a8d2c2a99b1055c.1537533369.git.puwen@hygon.cn Reviewed-by:
Hanjun Guo <guohanjun@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Pu Wen authored
commit 1a576b23 upstream. The Hygon Dhyana CPU has the same speculative execution as AMD family 17h, so share AMD spectre mitigation code with Hygon Dhyana. Also Hygon Dhyana is not affected by meltdown, so add exception for it. [ puwen: Convert Hygon Meltdown mitigation machinery to fit new code. ] Signed-off-by:
Pu Wen <puwen@hygon.cn> Signed-off-by:
Borislav Petkov <bp@suse.de> Cc: tglx@linutronix.de Cc: mingo@redhat.com Cc: hpa@zytor.com Cc: x86@kernel.org Cc: thomas.lendacky@amd.com Link: https://lkml.kernel.org/r/0861d39c8a103fc0deca15bafbc85d403666d9ef.1537533369.git.puwen@hygon.cn Reviewed-by:
Hanjun Guo <guohanjun@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Pu Wen authored
commit da33dfef upstream. Add Hygon Dhyana support to the APIC subsystem. When running in 32 bit mode, bigsmp should be enabled if there are more than 8 cores online. Signed-off-by:
Pu Wen <puwen@hygon.cn> Signed-off-by:
Borislav Petkov <bp@suse.de> Reviewed-by:
Borislav Petkov <bp@suse.de> Cc: tglx@linutronix.de Cc: mingo@redhat.com Cc: hpa@zytor.com Cc: x86@kernel.org Cc: thomas.lendacky@amd.com Link: https://lkml.kernel.org/r/7a557265a8c7c9e842fe60f9d8e064458801aef3.1537533369.git.puwen@hygon.cn Reviewed-by:
Hanjun Guo <guohanjun@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Pu Wen authored
commit c6babb58 upstream. Hygon's PCI vendor ID is 0x1d94, and there are PCI devices 0x1450/0x1463/0x1464 for the host bridge on the Hygon Dhyana platform. Add Hygon Dhyana support to the PCI and northbridge subsystems by using the code path of AMD family 17h. [ bp: Massage commit message, sort local vars into reverse xmas tree order and move the amd_northbridges.num check up. ] Signed-off-by:
Pu Wen <puwen@hygon.cn> Signed-off-by:
Borislav Petkov <bp@suse.de> Acked-by: Bjorn Helgaas <bhelgaas@google.com> # pci_ids.h Cc: tglx@linutronix.de Cc: mingo@redhat.com Cc: hpa@zytor.com Cc: x86@kernel.org Cc: thomas.lendacky@amd.com Cc: helgaas@kernel.org Cc: linux-pci@vger.kernel.org Link: https://lkml.kernel.org/r/5f8877bd413f2ea0833378dd5454df0720e1c0df.1537885177.git.puwen@hygon.cn Reviewed-by:
Hanjun Guo <guohanjun@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Pu Wen authored
commit b7a5cb4f upstream. Exit early in functions which are meant to run on AMD only but which get run on different vendor (VMs, etc). [ bp: rewrite commit message. ] Signed-off-by:
Pu Wen <puwen@hygon.cn> Signed-off-by:
Borislav Petkov <bp@suse.de> Cc: bhelgaas@google.com Cc: tglx@linutronix.de Cc: mingo@redhat.com Cc: hpa@zytor.com Cc: x86@kernel.org Cc: thomas.lendacky@amd.com Cc: helgaas@kernel.org Link: https://lkml.kernel.org/r/487d8078708baedaf63eb00a82251e228b58f1c2.1537885177.git.puwen@hygon.cn Reviewed-by:
Hanjun Guo <guohanjun@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Pu Wen authored
commit c3fecca4 upstream. The ideal_nops for Hygon Dhyana CPU should be p6_nops. Signed-off-by:
Pu Wen <puwen@hygon.cn> Signed-off-by:
Borislav Petkov <bp@suse.de> Reviewed-by:
Borislav Petkov <bp@suse.de> Cc: tglx@linutronix.de Cc: mingo@redhat.com Cc: hpa@zytor.com Cc: x86@kernel.org Cc: thomas.lendacky@amd.com Link: https://lkml.kernel.org/r/79e76c3173716984fe5fdd4a8e2c798bf4193205.1537533369.git.puwen@hygon.cn Reviewed-by:
Hanjun Guo <guohanjun@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Pu Wen authored
commit 6d0ef316 upstream. The PMU architecture for the Hygon Dhyana CPU is similar to the AMD Family 17h one. To support it, call amd_pmu_init() to share the AMD PMU initialization flow, and change the PMU name to "HYGON". The Hygon Dhyana CPU supports both legacy and extension PMC MSRs (perf counter registers and event selection registers), so add Hygon Dhyana support in the similar way as AMD does. Signed-off-by:
Pu Wen <puwen@hygon.cn> Signed-off-by:
Borislav Petkov <bp@suse.de> Reviewed-by:
Borislav Petkov <bp@suse.de> Cc: tglx@linutronix.de Cc: mingo@redhat.com Cc: hpa@zytor.com Cc: x86@kernel.org Cc: thomas.lendacky@amd.com Link: https://lkml.kernel.org/r/9d93ed54a975f33ef7247e0967960f4ce5d3d990.1537533369.git.puwen@hygon.cn Reviewed-by:
Hanjun Guo <guohanjun@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Pu Wen authored
commit 0b13bec7 upstream. The Hygon Dhyana CPU uses no delay in smp_quirk_init_udelay(), and does HLT on idle just like AMD does. Signed-off-by:
Pu Wen <puwen@hygon.cn> Signed-off-by:
Borislav Petkov <bp@suse.de> Reviewed-by:
Borislav Petkov <bp@suse.de> Cc: bp@alien8.de Cc: tglx@linutronix.de Cc: mingo@redhat.com Cc: hpa@zytor.com Cc: x86@kernel.org Cc: thomas.lendacky@amd.com Link: https://lkml.kernel.org/r/87000fa82e273f5967c908448414228faf61e077.1537533369.git.puwen@hygon.cn Reviewed-by:
Hanjun Guo <guohanjun@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Pu Wen authored
commit 39dc6f15 upstream. The Hygon Dhyana CPU has a special MSR way to force WB for memory >4GB, and support TOP_MEM2. Therefore, it is necessary to add Hygon Dhyana support in amd_special_default_mtrr(). The number of variable MTRRs for Hygon is 2 as AMD's. Signed-off-by:
Pu Wen <puwen@hygon.cn> Signed-off-by:
Borislav Petkov <bp@suse.de> Reviewed-by:
Borislav Petkov <bp@suse.de> Cc: tglx@linutronix.de Cc: mingo@redhat.com Cc: hpa@zytor.com Cc: x86@kernel.org Cc: thomas.lendacky@amd.com Link: https://lkml.kernel.org/r/8246f81648d014601de3812ade40e85d9c50d9b3.1537533369.git.puwen@hygon.cn Reviewed-by:
Hanjun Guo <guohanjun@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Pu Wen authored
commit d4f7423e upstream. The Hygon Dhyana CPU has a topology extensions bit in CPUID. With this bit, the kernel can get the cache information. So add support in cpuid4_cache_lookup_regs() to get the correct cache size. The Hygon Dhyana CPU also discovers num_cache_leaves via CPUID leaf 0x8000001d, so add support to it in find_num_cache_leaves(). Also add cacheinfo_hygon_init_llc_id() and init_hygon_cacheinfo() functions to initialize Dhyana cache info. Setup cache cpumap in the same way as AMD does. Signed-off-by:
Pu Wen <puwen@hygon.cn> Signed-off-by:
Borislav Petkov <bp@suse.de> Reviewed-by:
Borislav Petkov <bp@suse.de> Cc: bp@alien8.de Cc: tglx@linutronix.de Cc: mingo@redhat.com Cc: hpa@zytor.com Cc: x86@kernel.org Cc: thomas.lendacky@amd.com Link: https://lkml.kernel.org/r/2a686b2ac0e2f5a1f2f5f101124d9dd44f949731.1537533369.git.puwen@hygon.cn Reviewed-by:
Hanjun Guo <guohanjun@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Pu Wen authored
commit c9661c1e upstream. Add x86 architecture support for a new processor: Hygon Dhyana Family 18h. Carve out initialization code needed by Dhyana into a separate compilation unit. To identify Hygon Dhyana CPU, add a new vendor type X86_VENDOR_HYGON. Since Dhyana uses AMD functionality to a large degree, select CPU_SUP_AMD which provides that functionality. [ bp: drop explicit license statement as it has an SPDX tag already. ] Signed-off-by:
Pu Wen <puwen@hygon.cn> Reviewed-by:
Borislav Petkov <bp@suse.de> Signed-off-by:
Borislav Petkov <bp@suse.de> Cc: tglx@linutronix.de Cc: mingo@redhat.com Cc: hpa@zytor.com Cc: x86@kernel.org Cc: thomas.lendacky@amd.com Link: https://lkml.kernel.org/r/1a882065223bacbde5726f3beaa70cebd8dcd814.1537533369.git.puwen@hygon.cn Reviewed-by:
Hanjun Guo <guohanjun@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
陈佳骏 authored
euleros inclusion category: feature bugzilla: NA CVE: NA This patch export cpu time related items to vcpu_stat. Contain: steal, st_max, utime, stime, gtime The definitions of these items are: steal: cpu time VCPU waits for PCPU while it is servicing another VCPU st_max: max scheduling delay utime: cpu time in userspace stime: cpu time in sys gtime: cpu time in guest Through these items, user can get many cpu usage info of vcpu, such as: CPU Usage of Guest = gtime_delta / delta_cputime CPU Usage of Hyp = (utime_delta - gtime_delta + stime_delta) / delta_cputime CPU Usage of Steal = steal_delta / delta_cputime Max Scheduling Delay = st_max Signed-off-by:
liangpeng <liangpeng10@huawei.com> Signed-off-by:
chenjiajun <chenjiajun8@huawei.com> Reviewed-by:
zhanghailiang <zhang.zhanghailiang@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
陈佳骏 authored
euleros inclusion category: feature bugzilla: NA CVE: NA This patch export remaining aarch64 exit items to vcpu_stat via debugfs. The items include: fp_asimd_exit_stat, irq_exit_stat, sys64_exit_stat, mabt_exit_stat, fail_entry_exit_stat, internal_error_exit_stat, unknown_ec_exit_stat, cp15_32_exit_stat, cp15_64_exit_stat, cp14_mr_exit_stat, cp14_ls_exit_stat, cp14_64_exit_stat, smc_exit_stat, sve_exit_stat, debug_exit_stat Signed-off-by:
Biaoxiang Ye <yebiaoxiang@huawei.com> Signed-off-by:
Zengruan Ye <yezengruan@huawei.com> Signed-off-by:
chenjiajun <chenjiajun8@huawei.com> Reviewed-by:
zhanghailiang <zhang.zhanghailiang@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
陈佳骏 authored
euleros inclusion category: feature bugzilla: NA CVE: NA This patch create debugfs entry for vcpu stat. The entry path is /sys/kernel/debug/kvm/vcpu_stat. And vcpu_stat contains partial kvm exits items of vcpu, include: pid, hvc_exit_stat, wfe_exit_stat, wfi_exit_stat, mmio_exit_user, mmio_exit_kernel, exits Currently, The maximum vcpu limit is 1024. From this vcpu_stat, user can get the number of these kvm exits items over a period of time, which is helpful to monitor the virtual machine. Signed-off-by:
Zenghui Yu <yuzenghui@huawei.com> Signed-off-by:
chenjiajun <chenjiajun8@huawei.com> Reviewed-by:
zhanghailiang <zhang.zhanghailiang@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Peng Liang authored
hulk inclusion category: bugfix bugzilla: NA CVE: NA linux/kvm.h should be self-contained so uint64_t should be replaced with __u64. Signed-off-by:
Peng Liang <liangpeng10@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Peng Liang authored
hulk inclusion category: feature bugzilla: NA CVE: NA Add KVM_CAP_ARM_CPU_FEATURE extension for userpace to check whether KVM supports to set CPU features in AArch64. Signed-off-by:
zhanghailiang <zhang.zhanghailiang@huawei.com> Signed-off-by:
Peng Liang <liangpeng10@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Peng Liang authored
hulk inclusion category: feature bugzilla: NA CVE: NA It's time to make ID registers configurable. When userspace (but not guest) want to set the values of ID registers, save the value in kvm_arch_vcpu so that guest can read the modified values. Signed-off-by:
zhanghailiang <zhang.zhanghailiang@huawei.com> Signed-off-by:
Peng Liang <liangpeng10@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Peng Liang authored
hulk inclusion category: feature bugzilla: NA CVE: NA To emulate the ID registers, we need a place to storage the values of the ID regsiters. Maybe putting in kvm_arch_vcpu is a good idea. This commit has no functional changes but only code refactor. When initializing a vcpu, get the values of the ID registers from arm64_ftr_regs and storage them in kvm_arch_vcpu. And we just read the value from kvm_arch_vcpu when getting/setting the value of the ID regs. Signed-off-by:
zhanghailiang <zhang.zhanghailiang@huawei.com> Signed-off-by:
Peng Liang <liangpeng10@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Peng Liang authored
hulk inclusion category: feature bugzilla: NA CVE: NA If we want to emulate ID registers, we need to initialize ID registers firstly. This commit is to add a helper function to traverse arm64_ftr_regs so that we can initialize ID registers from arm64_ftr_regs. Signed-off-by:
zhanghailiang <zhang.zhanghailiang@huawei.com> Signed-off-by:
Peng Liang <liangpeng10@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
- Oct 27, 2020
-
-
Juergen Gross authored
mainline inclusion from mainline-v5.10 commit e99502f7 category: bugfix bugzilla: NA CVE: CVE-2020-27673 -------------------------------- In case rogue guests are sending events at high frequency it might happen that xen_evtchn_do_upcall() won't stop processing events in dom0. As this is done in irq handling a crash might be the result. In order to avoid that, delay further inter-domain events after some time in xen_evtchn_do_upcall() by forcing eoi processing into a worker on the same cpu, thus inhibiting new events coming in. The time after which eoi processing is to be delayed is configurable via a new module parameter "event_loop_timeout" which specifies the maximum event loop time in jiffies (default: 2, the value was chosen after some tests showing that a value of 2 was the lowest with an only slight drop of dom0 network throughput while multiple guests performed an event storm). How long eoi processing ...
-
Juergen Gross authored
mainline inclusion from mainline-v5.10 commit 7beb290c category: bugfix bugzilla: NA CVE: CVE-2020-27673 Prepare for fixing CVE-2020-27673 -------------------------------- Today only fifo event channels have a cpu hotplug callback. In order to prepare for more percpu (de)init work move that callback into events_base.c and add percpu_init() and percpu_deinit() hooks to struct evtchn_ops. This is part of XSA-332. Cc: stable@vger.kernel.org Signed-off-by:
Juergen Gross <jgross@suse.com> Reviewed-by:
Jan Beulich <jbeulich@suse.com> Reviewed-by:
Wei Liu <wl@xen.org> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com> Reviewed-by:
Jason Yan <yanaijie@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Juergen Gross authored
mainline inclusion from mainline-v5.10 commit c44b849c category: bugfix bugzilla: NA CVE: NA -------------------------------- Instead of disabling the irq when an event is received and enabling it again when handled by the user process use the lateeoi model. This is part of XSA-332. Cc: stable@vger.kernel.org Reported-by:
Julien Grall <julien@xen.org> Signed-off-by:
Juergen Gross <jgross@suse.com> Tested-by:
Stefano Stabellini <sstabellini@kernel.org> Reviewed-by:
Stefano Stabellini <sstabellini@kernel.org> Reviewed-by:
Jan Beulich <jbeulich@suse.com> Reviewed-by:
Wei Liu <wl@xen.org> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com> Reviewed-by:
Jason Yan <yanaijie@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Juergen Gross authored
mainline inclusion from mainline-v5.10 commit 54c9de89 category: bugfix bugzilla: NA CVE: CVE-2020-27673 Prepare for fixing CVE-2020-27673 -------------------------------- In order to avoid tight event channel related IRQ loops add a new framework of "late EOI" handling: the IRQ the event channel is bound to will be masked until the event has been handled and the related driver is capable to handle another event. The driver is responsible for unmasking the event channel via the new function xen_irq_lateeoi(). This is similar to binding an event channel to a threaded IRQ, but without having to structure the driver accordingly. In order to support a future special handling in case a rogue guest is sending lots of unsolicited events, add a flag to xen_irq_lateeoi() which can be set by the caller to indicate the event was a spurious one. This is part of XSA-332. Cc: stable@vger.kernel.org Reported-by:
Julien Grall <julien@xen.org> Signed-off-by:
Juergen Gross <jgross@suse.com> Reviewed-by:
Jan Beulich <jbeulich@suse.com> Reviewed-by:
Stefano Stabellini <sstabellini@kernel.org> Reviewed-by:
Wei Liu <wl@xen.org> Conflicts: drivers/xen/events/events_base.c include/xen/events.h [yyl: replace evtchn_port_t with usigned int] Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com> Reviewed-by:
Jason Yan <yanaijie@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Juergen Gross authored
mainline inclusion from mainline-v5.10 commit 073d0552 category: bugfix bugzilla: NA CVE: CVE-2020-27675 -------------------------------- Today it can happen that an event channel is being removed from the system while the event handling loop is active. This can lead to a race resulting in crashes or WARN() splats when trying to access the irq_info structure related to the event channel. Fix this problem by using a rwlock taken as reader in the event handling loop and as writer when deallocating the irq_info structure. As the observed problem was a NULL dereference in evtchn_from_irq() make this function more robust against races by testing the irq_info pointer to be not NULL before dereferencing it. And finally make all accesses to evtchn_to_irq[row][col] atomic ones in order to avoid seeing partial updates of an array element in irq handling. Note that irq handling can be entered only for event channels which have been valid before, so any not populated row isn't a problem in this regard, as rows are only ever added and never removed. This is XSA-331. Cc: stable@vger.kernel.org Reported-by:
Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Reported-by:
Jinoh Kang <luke1337@theori.io> Signed-off-by:
Juergen Gross <jgross@suse.com> Reviewed-by:
Stefano Stabellini <sstabellini@kernel.org> Reviewed-by:
Wei Liu <wl@xen.org> Conflicts: drivers/xen/events/events_base.c [yyl: adjust context] Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com> Reviewed-by:
Jason Yan <yanaijie@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
- Oct 26, 2020
-
-
Chiqijun authored
driver inclusion category: bugfix bugzilla: 4472 ----------------------------------------------------------------------- update hinic version to 2.3.2.16 Signed-off-by:
Chiqijun <chiqijun@huawei.com> Reviewed-by:
Wangxiaoyun <cloud.wangxiaoyun@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Chiqijun authored
driver inclusion category: bugfix bugzilla: 4472 ----------------------------------------------------------------------- When only hot activation of ucode, mgmt channel can still be used normally, otherwise it is not allowed to send commands to mgmt until the hot activation is completed. Signed-off-by:
Chiqijun <chiqijun@huawei.com> Reviewed-by:
Wangxiaoyun <cloud.wangxiaoyun@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Chiqijun authored
driver inclusion category: bugfix bugzilla: 4472 ----------------------------------------------------------------------- During the loopback test, it cannot be guaranteed that the protocol stack will completely stop sending packets, which causes the loopback test packets and protocol stack packets to be sent at the same time, causing the loopback test to fail. This patch corrects it. Signed-off-by:
Chiqijun <chiqijun@huawei.com> Reviewed-by:
Wangxiaoyun <cloud.wangxiaoyun@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Chiqijun authored
driver inclusion category: bugfix bugzilla: 4472 ----------------------------------------------------------------------- Hardware rx csum offload is a chip-level configuration, and VF is not allowed to turn it off. The force packet drop configuration is at the port level, VF can only configure the corresponding port. Signed-off-by:
Chiqijun <chiqijun@huawei.com> Reviewed-by:
Wangxiaoyun <cloud.wangxiaoyun@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Chiqijun authored
driver inclusion category: bugfix bugzilla: 4472 ----------------------------------------------------------------------- The driver initializes the MAC address of all VFs to 00:00:00:00:00:00, but when we attempts to restore the MAC address back to 00:00:00:00:00:00 after it was modified using "ip link", driver responds with "Invalid argument". Some users need to roll back the MAC configuration without destroying the VF, so the driver should allows users to use "ip link" with 00:00:00:00:00:00 to revert the MAC to the origin state. Signed-off-by:
Chiqijun <chiqijun@huawei.com> Reviewed-by:
Wangxiaoyun <cloud.wangxiaoyun@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Chiqijun authored
driver inclusion category: bugfix bugzilla: 4472 ----------------------------------------------------------------------- When using the ip link command to configure the MAC for the VF in the PF, the status 4 will be returned when the MAC is set on the VF; when the PF driver receives the status 4 returned by the firmwre, the MAC setting failed and an error should be reported. Signed-off-by:
Chiqijun <chiqijun@huawei.com> Reviewed-by:
Wangxiaoyun <cloud.wangxiaoyun@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
- Oct 19, 2020
-
-
Luiz Augusto von Dentz authored
mainline inclusion from mainline-v5.10 commit b560a208 category: bugfix bugzilla: NA CVE: NA -------------------------------- This checks if BT_HS is enabled relecting it on MGMT_SETTING_HS instead of always reporting it as supported. Signed-off-by:
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by:
Marcel Holtmann <marcel@holtmann.org> Conflicts: net/bluetooth/mgmt.c [yyl: adjust context] Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com> Reviewed-by:
Jason Yan <yanaijie@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Luiz Augusto von Dentz authored
mainline inclusion from mainline-v5.10 commit b176dd0e category: bugfix bugzilla: NA CVE: NA -------------------------------- Bluetooth High Speed requires hardware support which is very uncommon nowadays since HS has not pickup interest by the industry. Signed-off-by:
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by:
Marcel Holtmann <marcel@holtmann.org> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com> Reviewed-by:
Jason Yan <yanaijie@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Luiz Augusto von Dentz authored
mainline inclusion from mainline-v5.10 commit f1942564 category: bugfix bugzilla: NA CVE: CVE-2020-12351 -------------------------------- Only sockets will have the chan->data set to an actual sk, channels like A2MP would have its own data which would likely cause a crash when calling sk_filter, in order to fix this a new callback has been introduced so channels can implement their own filtering if necessary. Signed-off-by:
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by:
Marcel Holtmann <marcel@holtmann.org> Conflicts: net/bluetooth/l2cap_sock.c [yyl: adjust context] Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com> Reviewed-by:
Jason Yan <yanaijie@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Luiz Augusto von Dentz authored
mainline inclusion from mainline-v5.10 commit eddb7732 category: bugfix bugzilla: NA CVE: CVE-2020-12352 -------------------------------- This fixes various places where a stack variable is used uninitialized. Signed-off-by:
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by:
Marcel Holtmann <marcel@holtmann.org> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com> Reviewed-by:
Jason Yan <yanaijie@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
- Oct 16, 2020
-
-
Jiri Olsa authored
mainline inclusion from mainline-v5.10 commit f91072ed category: bugfix bugzilla: NA CVE: CVE-2020-14351 -------------------------------- There's a possible race in perf_mmap_close() when checking ring buffer's mmap_count refcount value. The problem is that the mmap_count check is not atomic because we call atomic_dec() and atomic_read() separately. perf_mmap_close: ... atomic_dec(&rb->mmap_count); ... if (atomic_read(&rb->mmap_count)) goto out_put; <ring buffer detach> free_uid out_put: ring_buffer_put(rb); /* could be last */ The race can happen when we have two (or more) events sharing same ring buffer and they go through atomic_dec() and then they both see 0 as refcount value later in atomic_read(). Then both will go on and execute code which is meant to be run just once. The code that detaches ring buffer is probably fine to be executed more than once, but the problem is in calling ...
-
Mark Gray authored
stable inclusion from linux-4.19.148 commit c797110d97c48054d1491251fd713900ff51615c CVE: CVE-2020-25645 -------------------------------- [ Upstream commit 34beb215 ] This patch adds transport ports information for route lookup so that IPsec can select Geneve tunnel traffic to do encryption. This is needed for OVS/OVN IPsec with encrypted Geneve tunnels. This can be tested by configuring a host-host VPN using an IKE daemon and specifying port numbers. For example, for an Openswan-type configuration, the following parameters should be configured on both hosts and IPsec set up as-per normal: $ cat /etc/ipsec.conf conn in ... left=$IP1 right=$IP2 ... leftprotoport=udp/6081 rightprotoport=udp ... conn out ... left=$IP1 right=$IP2 ... leftprotoport=udp rightprotoport=udp/6081 ... The tunnel can then be setup using "ip" on both hosts (but changing the relevant IP addresses): $ ip link add tun type geneve id 1000 remote $IP2 $ ip addr add 192.168.0.1/24 dev tun $ ip link set tun up This can then be tested by pinging from $IP1: $ ping 192.168.0.2 Without this patch the traffic is unencrypted on the wire. Fixes: 2d07dc79 ("geneve: add initial netdev driver for GENEVE tunnels") Signed-off-by:
Qiuyu Xiao <qiuyu.xiao.qyx@gmail.com> Signed-off-by:
Mark Gray <mark.d.gray@redhat.com> Reviewed-by:
Greg Rose <gvrose8192@gmail.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com> Reviewed-by:
Jason Yan <yanaijie@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
- Oct 15, 2020
-
-
Luo Meng authored
hulk inclusion category: bugfix bugzilla: 39268 CVE: NA ------------------------------------------------- Since the code of commit c03b42efb1c4 ("ext4: Fold ext4_data_block_valid_rcu() into the caller") when check valid the inode blocks, we set the last error block before final determination the block is invalid, which confuses with linux master. The block should be invalid only when the block is belong to the system zone. The system zone was initialized when mount, and the entry->ino just should be 0 or journal_ino, and it never changed in his lifetime. Only when check the inode with ino=0/journal_ino will cause set the wrong last error block. But the ino=0/journal_ino never call ext4_inode_block_valid, so it never case any problem. In order to keep the same logic with linux master and dispel the confuse, add explicit judgment for invalid block before set the last error block. Fixes: c03b42efb1c4 ("ext4: Fold ext4_data_block_valid_rcu() i...
-
Max Reitz authored
mainline inclusion from mainline-v5.4-rc3 commit e093c4be category: bugfix bugzilla: NA CVE: NA --------------------------- To ensure that all blocks touched by the range [offset, offset + count) are allocated, we need to calculate the block count from the difference of the range end (rounded up) and the range start (rounded down). Before this patch, we just round up the byte count, which may lead to unaligned ranges not being fully allocated: $ touch test_file $ block_size=$(stat -fc '%S' test_file) $ fallocate -o $((block_size / 2)) -l $block_size test_file $ xfs_bmap test_file test_file: 0: [0..7]: 1396264..1396271 1: [8..15]: hole There should not be a hole there. Instead, the first two blocks should be fully allocated. With this patch applied, the result is something like this: $ touch test_file $ block_size=$(stat -fc '%S' test_file) $ fallocate -o $((block_size / 2)) -l $block_size test_file $ xfs_bmap test_file test_file: 0: [0..15]: 11024..11039 Signed-off-by:
Max Reitz <mreitz@redhat.com> Reviewed-by:
Carlos Maiolino <cmaiolino@redhat.com> Reviewed-by:
Christoph Hellwig <hch@lst.de> Reviewed-by:
Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by:
Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com> Reviewed-by:
zhangyi (F) <yi.zhang@huawei.com> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-
Yang Xu authored
stable inclusion from linux-4.19.116 commit 14b96359440421c4d84033933a2a5de73de1510d -------------------------------- commit 2e356101 upstream. Currently, when we add a new user key, the calltrace as below: add_key() key_create_or_update() key_alloc() __key_instantiate_and_link generic_key_instantiate key_payload_reserve ...... Since commit a08bf91c ("KEYS: allow reaching the keys quotas exactly"), we can reach max bytes/keys in key_alloc, but we forget to remove this limit when we reserver space for payload in key_payload_reserve. So we can only reach max keys but not max bytes when having delta between plen and type->def_datalen. Remove this limit when instantiating the key, so we can keep consistent with key_alloc. Also, fix the similar problem in keyctl_chown_key(). Fixes: 0b77f5bf ("keys: make the keyring quotas controllable through /proc/sys") Fixes: a08bf91c ("KEYS: allow re...
-
Lukas Wunner authored
stable inclusion from linux-4.19.148 commit 8b4846ac1af4b0c99817aee7304e9f5dd6ffcb56 -------------------------------- commit e0a851fe upstream. If the call to uart_add_one_port() in serial8250_register_8250_port() fails, a half-initialized entry in the serial_8250ports[] array is left behind. A subsequent reprobe of the same serial port causes that entry to be reused. Because uart->port.dev is set, uart_remove_one_port() is called for the half-initialized entry and bails out with an error message: bcm2835-aux-uart 3f215040.serial: Removing wrong port: (null) != (ptrval) The same happens on failure of mctrl_gpio_init() since commit 4a96895f ("tty/serial/8250: use mctrl_gpio helpers"). Fix by zeroing the uart->port.dev pointer in the probe error path. The bug was introduced in v2.6.10 by historical commit befff6f5bf5f ("[SERIAL] Add new port registration/unregistration functions."): https://git.kernel.org/tglx/history/c/befff6f5bf5f The commit added an unconditional call to uart_remove_one_port() in serial8250_register_port(). In v3.7, commit 835d844d ("8250_pnp: do pnp probe before legacy probe") made that call conditional on uart->port.dev which allows me to fix the issue by zeroing that pointer in the error path. Thus, the present commit will fix the problem as far back as v3.7 whereas still older versions need to also cherry-pick 835d844d. Fixes: 835d844d ("8250_pnp: do pnp probe before legacy probe") Signed-off-by:
Lukas Wunner <lukas@wunner.de> Cc: stable@vger.kernel.org # v2.6.10 Cc: stable@vger.kernel.org # v2.6.10: 835d844d: 8250_pnp: do pnp probe before legacy Reviewed-by:
Andy Shevchenko <andriy.shevchenko@linux.intel.com> Link: https://lore.kernel.org/r/b4a072013ee1a1d13ee06b4325afb19bda57ca1b.1589285873.git.lukas@wunner.de [iwamatsu: Backported to 4.14, 4.19: adjust context] Signed-off-by:
Nobuhiro Iwamatsu (CIP) <nobuhiro1.iwamatsu@toshiba.co.jp> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by:
Yang Yingliang <yangyingliang@huawei.com>
-