The sub-programs prog->aux->poke_tab[] is populated in jit_subprogs() and
then used when emitting 'BPF_JMP|BPF_TAIL_CALL' insn->code from the
individual JITs. The poke_tab[] to use is stored in the insn->imm by
the code adding it to that array slot. The JIT then uses imm to find the
right entry for an individual instruction. In the x86 bpf_jit_comp.c
this is done by calling emit_bpf_tail_call_direct with the poke_tab[]
of the imm value.
However, we observed the below null-ptr-deref when mixing tail call
programs with subprog programs. For this to happen we just need to
mix bpf-2-bpf calls and tailcalls with some extra calls or instructions
that would be patched later by one of the fixup routines. So whats
happening?
Before the fixup_call_args() -- where the jit op is done -- various
code patching is done by do_misc_fixups(). This may increase the
insn count, for example when we patch map_lookup_up using map_gen_lookup
hook. This does two things. First, it means the instruction index,
insn_idx field, of a tail call instruction will move by a 'delta'.
In verifier code,
struct bpf_jit_poke_descriptor desc = {
.reason = BPF_POKE_REASON_TAIL_CALL,
.tail_call.map = BPF_MAP_PTR(aux->map_ptr_state),
.tail_call.key = bpf_map_key_immediate(aux),
.insn_idx = i + delta,
};
Then subprog start values subprog_info[i].start will be updated
with the delta and any poke descriptor index will also be updated
with the delta in adjust_poke_desc(). If we look at the adjust
subprog starts though we see its only adjusted when the delta
occurs before the new instructions,
/* NOTE: fake 'exit' subprog should be updated as well. */
for (i = 0; i <= env->subprog_cnt; i++) {
if (env->subprog_info[i].start <= off)
continue;
Earlier subprograms are not changed because their start values
are not moved. But, adjust_poke_desc() does the offset + delta
indiscriminately. The result is poke descriptors are potentially
corrupted.
Then in jit_subprogs() we only populate the poke_tab[]
when the above insn_idx is less than the next subprogram start. From
above we corrupted our insn_idx so we might incorrectly assume a
poke descriptor is not used in a subprogram omitting it from the
subprogram. And finally when the jit runs it does the deref of poke_tab
when emitting the instruction and crashes with below. Because earlier
step omitted the poke descriptor.
The fix is straight forward with above context. Simply move same logic
from adjust_subprog_starts() into adjust_poke_descs() and only adjust
insn_idx when needed.
[ 82.396354] bpf_testmod: version magic '5.12.0-rc2alu+ SMP preempt mod_unload ' should be '5.12.0+ SMP preempt mod_unload '
[ 82.623001] loop10: detected capacity change from 0 to 8
[ 88.487424] ==================================================================
[ 88.487438] BUG: KASAN: null-ptr-deref in do_jit+0x184a/0x3290
[ 88.487455] Write of size 8 at addr 0000000000000008 by task test_progs/5295
[ 88.487471] CPU: 7 PID: 5295 Comm: test_progs Tainted: G I 5.12.0+ #386
[ 88.487483] Hardware name: Dell Inc. Precision 5820 Tower/002KVM, BIOS 1.9.2 01/24/2019
[ 88.487490] Call Trace:
[ 88.487498] dump_stack+0x93/0xc2
[ 88.487515] kasan_report.cold+0x5f/0xd8
[ 88.487530] ? do_jit+0x184a/0x3290
[ 88.487542] do_jit+0x184a/0x3290
...
[ 88.487709] bpf_int_jit_compile+0x248/0x810
...
[ 88.487765] bpf_check+0x3718/0x5140
...
[ 88.487920] bpf_prog_load+0xa22/0xf10
Fixes: a748c6975d ("bpf: propagate poke descriptors to subprograms")
Reported-by: Jussi Maki <joamaki@gmail.com>
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Reviewed-by: Daniel Borkmann <daniel@iogearbox.net>
Mat Martineau says:
====================
mptcp: Connection-time 'C' flag and two fixes
Here are six more patches from the MPTCP tree.
Most of them add support for the 'C' flag in the MPTCP connection-time
option headers. This flag affects how the initial address and port are
treated by each peer. Normally one peer may send MP_JOIN requests to the
remote address and port that were used when initiating the MPTCP
connection. The 'C' bit indicates that MP_JOINs should only be sent to
remote addresses that have been advertised with ADD_ADDR.
The other two patches are unrelated improvements.
Patches 1-4: Add the 'C' flag feature, a sysctl to optionally enable it,
and a selftest.
Patch 5: Adjust rp_filter settings in a selftest.
Patch 6: Improve rbuf cleanup for MPTCP sockets.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
The current cleanup rbuf tries a bit too hard to avoid acquiring
the subflow socket lock. We may end-up delaying the needed ack,
or skip acking a blocked subflow.
Address the above extending the conditions used to trigger the cleanup
to reflect more closely what TCP does and invoking tcp_cleanup_rbuf()
on all the active subflows.
Note that we can't replicate the exact tests implemented in
tcp_cleanup_rbuf(), as MPTCP lacks some of the required info - e.g.
ping-pong mode.
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
To turn rp_filter off we should:
echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
and
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
before NIC created.
Co-developed-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Yonglong Li <liyonglong@chinatelecom.cn>
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch added a new argument '-d' for mptcp_join.sh script, to invoke
the testcases for the MP_CAPABLE 'C' flag.
Acked-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Geliang Tang <geliangtang@gmail.com>
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch added a new flag named deny_join_id0 in struct
mptcp_options_received. Set it when MP_CAPABLE with the flag
MPTCP_CAP_DENYJOIN_ID0 is received.
Also add a new flag remote_deny_join_id0 in struct mptcp_pm_data. When the
flag deny_join_id0 is set, set this remote_deny_join_id0 flag.
In mptcp_pm_create_subflow_or_signal_addr, if the remote_deny_join_id0 flag
is set, and the remote address id is zero, stop this connection.
Suggested-by: Florian Westphal <fw@strlen.de>
Acked-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Geliang Tang <geliangtang@gmail.com>
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch defined a new flag MPTCP_CAP_DENY_JOIN_ID0 for the third bit,
labeled "C" of the MP_CAPABLE option.
Add a new flag allow_join_id0 in struct mptcp_out_options. If this flag is
set, send out the MP_CAPABLE option with the flag MPTCP_CAP_DENY_JOIN_ID0.
Acked-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Geliang Tang <geliangtang@gmail.com>
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch added a new sysctl, named allow_join_initial_addr_port, to
control whether allow peers to send join requests to the IP address and
port number used by the initial subflow.
Suggested-by: Florian Westphal <fw@strlen.de>
Acked-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Geliang Tang <geliangtang@gmail.com>
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
AM64 has 9 instances of EPWM modules. And each instance has a clk to
Timer-Base sub-module that can be controlled by Control module. Update
the driver with all the 9 instance of clocks associated to
ti,am64-epwm-tbclk.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Link: https://lore.kernel.org/r/20210528045743.16537-3-lokeshvutla@ti.com
Reviewed-by: Tero Kristo <kristo@kernel.org>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
No need for a separate flag now that DCN3.1 is not in bring up.
Fold into DRM_AMD_DC_DCN like previous DCN IPs.
Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Function radeon_fence_driver_init always returns success,
the function type maybe coule be changed to void.
This patch first delete the check of the return
value of the function call radeon_fence_driver_init, then,
optimise the function declaration and function to void type.
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Bernard Zhao <bernard@vivo.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
- Introduce CMD for EDID CEA block parsing
- Add SCR5 definition for reporting eDP power sequencer status
Signed-off-by: Anthony Koo <Anthony.Koo@amd.com>
Acked-by: Bindu Ramamurthy <bindu.r@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
[Why & How]
Increase width of some variables to avoid comparing integers of
different widths
Signed-off-by: Josip Pavic <Josip.Pavic@amd.com>
Reviewed-by: Aric Cyr <Aric.Cyr@amd.com>
Acked-by: Bindu Ramamurthy <bindu.r@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Here are changes for the 5.14-rc1 merge window consisting of interconnect
driver updates.
Driver changes:
- New driver for SC7280 platforms.
Signed-off-by: Georgi Djakov <djakov@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJg0c/OAAoJEIDQzArG2BZjNckP/jN5l3aYw/mbmffC1CUGa+nb
OOzHoUdX8m9J5zC7ecjBBxsBnRPLY84CjzziM+RVab15N+QmQEW5tp4KiUfgJqIs
bfmun8g+FxbSS71rCuykTH1/dbBGVixDFXVkquWNiBQwE+RRMGF0dOYs4BeXGf8B
sqORnNrHSGjuXzg5CCVTJ6d45O46lFZHx2/4bxR1FbcrQqrhRiRkrlM6FlI/coyR
+9cfZOd8+lDSC6j/S9XkDT75fHHvdpXNH/7wlZnyOlOHpE2CoEduu0OySrAEO9J9
l1iEK9apgm+6hoC1xngbR84mYVLjlSaeih/fQJ5/0yrgbxWA6zyunEnUOuPDPOhZ
2Ghgxwf8+TwhRI1PGO6rLxpQ7xldz36U6pJOPU91cJJjl71Ix8KtfbfpY5Phbj6R
zM/TGLBuNEHN8+wSIyh766mnv6gLzfYbexyjIc3PoZgx8EytZOBPVcEfWlJxnDni
k/EPPa/aUiytGCVl0WwDrMhJlITMpGaZfSxuTLyAblECcRxxk8gvMsFcEFk8HW8y
WnonClC39kPK7+9CVzkPq1CMvetdbmCWsIiwvZohah5MDpg+ao8ZGe6uk8yZnOSQ
3GME8Gv0OhUI1u9T9VNuRC4xrGmokKYcgOPsqgVKJMkmoyeh6oA1jE0w9IxhJkbZ
AJgbpRg0hMvMFK+C+Wy8
=ihE7
-----END PGP SIGNATURE-----
Merge tag 'icc-5.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/djakov/icc into char-misc-next
Georgi writes:
interconnect changes for 5.14
Here are changes for the 5.14-rc1 merge window consisting of interconnect
driver updates.
Driver changes:
- New driver for SC7280 platforms.
Signed-off-by: Georgi Djakov <djakov@kernel.org>
* tag 'icc-5.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/djakov/icc:
interconnect: qcom: Add SC7280 interconnect provider driver
dt-bindings: interconnect: Add Qualcomm SC7280 DT bindings
* Use determine_rate() for the pll ops instead of round_rate()
* Restrict gp0/1 and audio plls range on g12a/sm1
* Improve axg-audio controller error on deferral
* Add NNA clocks on g12a
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE9OFZrhjz9W1fG7cb5vwPHDfy2oUFAmDBGeIACgkQ5vwPHDfy
2oVCURAAoeOtE20qJbw3Npjnar5Je73aN5v4EVW2ky8FOhxQk4kZ58sucQvgF5Co
1d6tiFSm49LtyDsYEEa9ewXwKomc/NyUSM00REgcNMsxGRTaGq74/LO7KWbXlobX
aIFDe66DLFL453e1wzSPauSHl8MK4NL+WBh4uB4FgG2dveY+B7I7iic7uWojXBwl
WN6xAUBe8wQKuvv0wpkdnRcLhU0kw1dtA8uV5CnMlcrDft2I3zzOzzKNUAGNSSy3
kry3amveSF9TZp9AcT2oV5Fp6qMu3gHvCSJOvCbr7EUjl+pFgEaWm/OeiseqpA8c
dhFUyIY66m5/3L06An3DZtjcEuWbsFhj9l5gDSd7qmw3ALof08e+JXRDr/tvj9zo
j9rwpm7hFpxjZYbcBeJmlU2KGAb+m4WR8j12LFyXVOMRSjxTM3lETJxWP3KoHMId
X8vY2K+BpIADfTw7g9Zt2o4WJago+aKyTU0RLZiqQHWWUK/i9ZhjOyKxVcfho7Uz
kQduNWn+UkF3QuCQEKkqooRNo8z4Cki9LxtSx07QQiQYZXrTqGMVbgfcLSOjSi+W
vZNK8Ka8ZwAty4+H1Hwd5CdiwDvAbRw0ZO7/vkLe/Z7TEL+QTWYOXNt0yo+wZMkl
hqbdyxgmfonAT7iozjyzOA8vShyM8a6O0Wet1fsTWJbR4x29voQ=
=AEVb
-----END PGP SIGNATURE-----
Merge tag 'clk-meson-v5.14-1' of https://github.com/BayLibre/clk-meson into clk-amlogic
Pull Amlogic clk driver updates from Jerome Brunet:
- Use determine_rate() for the pll ops instead of round_rate()
- Restrict gp0/1 and audio plls range on g12a/sm1
- Improve axg-audio controller error on deferral
- Add NNA clocks on g12a
* tag 'clk-meson-v5.14-1' of https://github.com/BayLibre/clk-meson:
clk: meson: g12a: Add missing NNA source clocks for g12b
clk: meson: axg-audio: improve deferral handling
clk: meson: g12a: fix gp0 and hifi ranges
clk: meson: pll: switch to determine_rate for the PLL ops
For configuration items with a size of 16, scarlett2_usb_get_config()
was filling *buf with little-endian data. Update it to convert to CPU
endian. This function is not currently used so affects nothing yet;
will be used by the upcoming talkback feature.
Signed-off-by: Geoffrey D. Bennett <g@b4.vu>
Link: https://lore.kernel.org/r/cbc8b6eedd859dd27086ab4126d724a86dd50bcb.1624379707.git.g@b4.vu
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The 18i8 and 18i20 Gen 3 support "speaker switching". Add a Speaker
Switch control which can be set to Off/Main/Alt.
When speaker switching is enabled or disabled, the interface may
change the state of the Analog Outputs 3 and 4 routing and the global
mute button, so use a flag private->speaker_switching_switched to note
that those should be checked when the next "monitor other"
notification is received.
Signed-off-by: Geoffrey D. Bennett <g@b4.vu>
Link: https://lore.kernel.org/r/874193a534cd0aeb6f2e108ae761cadd2dc25ad2.1624379707.git.g@b4.vu
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Enabling/disabling speaker switching will update the mux
configuration. To prepare for this, add a private->mux_updated flag
and update the scarlett2_mux_src_enum_ctl_get() callback to check it.
Signed-off-by: Geoffrey D. Bennett <g@b4.vu>
Link: https://lore.kernel.org/r/5ce3bb9fe4006b550d18c783c5ff640fe0bfbfcb.1624379707.git.g@b4.vu
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Save the struct snd_kcontrol pointers for the sw_hw and mux controls.
This is in preparation for speaker switching support which needs to be
able to update those controls.
Signed-off-by: Geoffrey D. Bennett <g@b4.vu>
Link: https://lore.kernel.org/r/269d89181bf29dbea80ba6f8cfff84fb23b77f86.1624379707.git.g@b4.vu
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Split part of scarlett2_sw_hw_enum_ctl_put() out into
scarlett2_sw_hw_change() so that the code which actually makes the
change is available in its own function. This will be used by the
speaker switching support which needs to set the SW/HW switch to HW
when speaker switching is enabled.
Signed-off-by: Geoffrey D. Bennett <g@b4.vu>
Link: https://lore.kernel.org/r/f2cf91841ba067b490e7709bc4b14f4532b4ddd5.1624379707.git.g@b4.vu
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The Solo and 2i2 devices don't have a mixer but they do have a "direct
monitor" switch. Add support for getting and setting the state of this
switch.
Co-developed-by: Vladimir Sadovnikov <sadko4u@gmail.com>
Signed-off-by: Vladimir Sadovnikov <sadko4u@gmail.com>
Signed-off-by: Geoffrey D. Bennett <g@b4.vu>
Link: https://lore.kernel.org/r/61d23dc4feb3b046d870ad7203e66ff2bd1d278c.1624379707.git.g@b4.vu
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Some inputs on Gen 3 models support software-selectable phantom power.
Add support for getting and setting the state of those switches and
the "Phantom Power Persistence" switch.
Co-developed-by: Vladimir Sadovnikov <sadko4u@gmail.com>
Signed-off-by: Vladimir Sadovnikov <sadko4u@gmail.com>
Signed-off-by: Geoffrey D. Bennett <g@b4.vu>
Link: https://lore.kernel.org/r/5837ce8a8c686560fc8f40b4204dd2a10721869b.1624379707.git.g@b4.vu
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Some inputs on Gen 3 models have an "air" feature which can be enabled
from the driver or (model-dependent) from the front panel. Add support
for getting and setting the state of those switches.
Signed-off-by: Geoffrey D. Bennett <g@b4.vu>
Link: https://lore.kernel.org/r/44d448a4150b9c068754759c9fdd2bfe21484487.1624379707.git.g@b4.vu
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Add initial support for the Focusrite Scarlett Solo and 2i2 devices:
- They have no mixer
- They don't support reporting sync status or levels
- The configuration space is laid out differently to the other models
- There is no level (line/inst) switch on input 1 of the Solo
Co-developed-by: Vladimir Sadovnikov <sadko4u@gmail.com>
Signed-off-by: Vladimir Sadovnikov <sadko4u@gmail.com>
Signed-off-by: Geoffrey D. Bennett <g@b4.vu>
Link: https://lore.kernel.org/r/190b90f6f1f8f8d4dfb5f0a7761ff8ae5c40fdde.1624379707.git.g@b4.vu
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Move scarlett2_usb_get() and scarlett2_usb_get_config() above the
functions relating to updating the configuration so that
scarlett2_usb_set_config() can call scarlett2_usb_get() in a
subsequent patch.
Signed-off-by: Geoffrey D. Bennett <g@b4.vu>
Link: https://lore.kernel.org/r/1549f8e44548be679119f0b1462f888f4a03812d.1624379707.git.g@b4.vu
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Some models allow the level and pad settings to be controlled from the
front-panel of the device. For these, the device will send an
"input-other" notification to prompt the driver to re-read the status
of those settings.
Signed-off-by: Geoffrey D. Bennett <g@b4.vu>
Link: https://lore.kernel.org/r/06289a7697455e96b7dbdfd2d384d4b20f8df6e0.1624379707.git.g@b4.vu
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The current way of the scarlett2 mixer code managing the
usb_mixer_elem_info object is wrong in two ways: it passes its
internal index to the head.id field, and the val_type field is
uninitialized. This ended up with the wrong execution at the resume
because a bogus unit id is passed wrongly. Also, in the later code
extensions, we'll have more mixer elements, and passing the index will
overflow the unit id size (of 256).
This patch corrects those issues. It introduces a new value type,
USB_MIXER_BESPOKEN, which indicates a non-standard mixer element, and
use this type for all scarlett2 mixer elements, as well as
initializing the fixed unit id 0 for avoiding the overflow.
Tested-by: Geoffrey D. Bennett <g@b4.vu>
Signed-off-by: Geoffrey D. Bennett <g@b4.vu>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/49721219f45b7e175e729b0d9d9c142fd8f4342a.1624379707.git.g@b4.vu
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The scarlett2_ports struct contains both generic (hardware IDs and
descriptions) and model-specific (port count) data. Remove the generic
data from the scarlett2_device_info struct so it is not repeated for
every model.
Signed-off-by: Geoffrey D. Bennett <g@b4.vu>
Link: https://lore.kernel.org/r/7a9e57e4e55a482390c692a9e60731d72b664a15.1624294591.git.g@b4.vu
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Some Gen 3 devices do not put all of the mux entries for the same port
types together in order in the "set mux" message data. To prepare for
this, replace the struct scarlett2_ports num[] array and the
assignment_order[] array with mux_assignment[], a list of port types
and ranges that is defined in the struct scarlett2_device_info.
Signed-off-by: Geoffrey D. Bennett <g@b4.vu>
Link: https://lore.kernel.org/r/08e8d784d78262cb57496d28ef1ad7b6213a90ab.1624294591.git.g@b4.vu
Signed-off-by: Takashi Iwai <tiwai@suse.de>
For each analogue output, in addition to the output volume (gain)
control, the hardware also has a mute control. Add ALSA mute controls
for each analogue output.
If the device has the line_out_hw_vol feature, then the mute control
is disabled along with the output volume control when the switch is
set to HW.
Signed-off-by: Geoffrey D. Bennett <g@b4.vu>
Link: https://lore.kernel.org/r/6fad82174b44633e46cfd96332a038de74d544f2.1624294591.git.g@b4.vu
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Add the USB device ID to the scarlett2_device_info struct so that the
switch statement which finds the appropriate struct can be replaced
with a loop that looks through an array of pointers to those structs.
Suggested-by: Vladimir Sadovnikov <sadko4u@gmail.com>
Signed-off-by: Geoffrey D. Bennett <g@b4.vu>
Link: https://lore.kernel.org/r/474c408c29fb280a611e47e49e59ca2fb9810d27.1624294591.git.g@b4.vu
Signed-off-by: Takashi Iwai <tiwai@suse.de>
