* [PATCH 5.10 000/390] 5.10.150-rc1 review
@ 2022-10-24 11:26 Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 001/390] ALSA: oss: Fix potential deadlock at unregistration Greg Kroah-Hartman
` (395 more replies)
0 siblings, 396 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw
This is the start of the stable review cycle for the 5.10.150 release.
There are 390 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 26 Oct 2022 11:29:24 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.150-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 5.10.150-rc1
Martin Liska <mliska@suse.cz>
gcov: support GCC 12.1 and newer compilers
Chao Yu <chao@kernel.org>
f2fs: fix wrong condition to trigger background checkpoint correctly
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
thermal: intel_powerclamp: Use first online CPU as control_cpu
Eric Dumazet <edumazet@google.com>
inet: fully convert sk->sk_rx_dst to RCU rules
Jerry Lee 李修賢 <jerrylee@qnap.com>
ext4: continue to expand file system when the target size doesn't reach
Shuah Khan <skhan@linuxfoundation.org>
Revert "drm/amdgpu: use dirty framebuffer helper"
Shuah Khan <skhan@linuxfoundation.org>
Revert "drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega"
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
net/ieee802154: don't warn zero-sized raw_sendmsg()
Alexander Aring <aahringo@redhat.com>
Revert "net/ieee802154: reject zero-sized raw_sendmsg()"
Alexander Aring <aahringo@redhat.com>
net: ieee802154: return -EINVAL for unknown addr type
Liu Shixin <liushixin2@huawei.com>
mm: hugetlb: fix UAF in hugetlb_handle_userfault
Pavel Begunkov <asml.silence@gmail.com>
io_uring/af_unix: defer registered files gc to io_uring release
Pavel Begunkov <asml.silence@gmail.com>
io_uring: correct pinned_vm accounting
Sergey Shtylyov <s.shtylyov@omp.ru>
arm64: topology: fix possible overflow in amu_fie_setup()
Adrian Hunter <adrian.hunter@intel.com>
perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc
Maxime Ripard <maxime@cerno.tech>
clk: bcm2835: Make peripheral PLLC critical
Dongliang Mu <mudongliangabcd@gmail.com>
usb: idmouse: fix an uninit-value in idmouse_open
Varun Prakash <varun@chelsio.com>
nvmet-tcp: add bounds check on Transfer Tag
Keith Busch <kbusch@kernel.org>
nvme: copy firmware_rev on each init
Xiaoke Wang <xkernel.wang@foxmail.com>
staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv()
sunghwan jung <onenowy@gmail.com>
Revert "usb: storage: Add quirk for Samsung Fit flash"
Robin Guo <guoweibin@inspur.com>
usb: musb: Fix musb_gadget.c rxstate overflow bug
Jianglei Nie <niejianglei2021@163.com>
usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()
Logan Gunthorpe <logang@deltatee.com>
md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d
Hyunwoo Kim <imv4bel@gmail.com>
HID: roccat: Fix use-after-free in roccat_read()
Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
soundwire: intel: fix error handling on dai registration issues
Richard Fitzgerald <rf@opensource.cirrus.com>
soundwire: cadence: Don't overwrite msg->buf during write commands
Coly Li <colyli@suse.de>
bcache: fix set_at_max_writeback_rate() for multiple attached devices
Serge Semin <Sergey.Semin@baikalelectronics.ru>
ata: libahci_platform: Sanity check the DT child nodes number
Yu Kuai <yukuai3@huawei.com>
blk-throttle: prevent overflow while calculating wait time
Nam Cao <namcaov@gmail.com>
staging: vt6655: fix potential memory leak
Wei Yongjun <weiyongjun1@huawei.com>
power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type()
Shigeru Yoshida <syoshida@redhat.com>
nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
Letu Ren <fantasquex@gmail.com>
scsi: 3w-9xxx: Avoid disabling device if failing to enable it
Justin Chen <justinpopo6@gmail.com>
usb: host: xhci-plat: suspend/resume clks for brcm
Justin Chen <justinpopo6@gmail.com>
usb: host: xhci-plat: suspend and resume clocks
Quanyang Wang <quanyang.wang@windriver.com>
clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate
Zheyu Ma <zheyuma97@gmail.com>
media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
Ian Nam <young.kwan.nam@xilinx.com>
clk: zynqmp: Fix stack-out-of-bounds in strncpy`
Qu Wenruo <wqu@suse.com>
btrfs: scrub: try to fix super block errors
Sebastian Krzyszkowiak <sebastian.krzyszkowiak@puri.sm>
arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply
Mark Brown <broonie@kernel.org>
kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT
Alexander Stein <alexander.stein@ew.tq-group.com>
ARM: dts: imx6sx: add missing properties for sram
Alexander Stein <alexander.stein@ew.tq-group.com>
ARM: dts: imx6sll: add missing properties for sram
Alexander Stein <alexander.stein@ew.tq-group.com>
ARM: dts: imx6sl: add missing properties for sram
Alexander Stein <alexander.stein@ew.tq-group.com>
ARM: dts: imx6qp: add missing properties for sram
Alexander Stein <alexander.stein@ew.tq-group.com>
ARM: dts: imx6dl: add missing properties for sram
Alexander Stein <alexander.stein@ew.tq-group.com>
ARM: dts: imx6q: add missing properties for sram
Haibo Chen <haibo.chen@nxp.com>
ARM: dts: imx7d-sdb: config the max pressure for tsc2046
Aric Cyr <aric.cyr@amd.com>
drm/amd/display: Remove interface for periodic interrupt 1
Khaled Almahallawy <khaled.almahallawy@intel.com>
drm/dp: Don't rewrite link config when setting phy test pattern
Richard Acayan <mailingradian@gmail.com>
mmc: sdhci-msm: add compatible string check for sdm670
Adrián Larumbe <adrian.larumbe@collabora.com>
drm/meson: explicitly remove aggregate driver at module unload time
hongao <hongao@uniontech.com>
drm/amdgpu: fix initial connector audio value
Jairaj Arava <jairaj.arava@intel.com>
ASoC: SOF: pci: Change DMI match info to support all Chrome platforms
Hans de Goede <hdegoede@redhat.com>
platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading
Jameson Thies <jthies@google.com>
platform/chrome: cros_ec: Notify the PM of wake events during resume
Maya Matuszczyk <maccraft123mc@gmail.com>
drm: panel-orientation-quirks: Add quirk for Anbernic Win600
Mateusz Kwiatkowski <kfyatek+publicgit@gmail.com>
drm/vc4: vec: Fix timings for VEC modes
Lucas Stach <l.stach@pengutronix.de>
drm: bridge: dw_hdmi: only trigger hotplug event on link change
Vivek Kasireddy <vivek.kasireddy@intel.com>
udmabuf: Set ubuf->sg = NULL if the creation of sg table fails
David Gow <davidgow@google.com>
drm/amd/display: fix overflow on MIN_I64 definition
Zeng Jingxiang <linuszeng@tencent.com>
gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init()
Javier Martinez Canillas <javierm@redhat.com>
drm: Prevent drm_copy_field() to attempt copying a NULL pointer
Javier Martinez Canillas <javierm@redhat.com>
drm: Use size_t type for len variable in drm_copy_field()
Jianglei Nie <niejianglei2021@163.com>
drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc()
Andrew Gaul <gaul@gaul.org>
r8152: Rate limit overflow messages
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: L2CAP: Fix user-after-free
Liu Jian <liujian56@huawei.com>
net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory
Daniel Golle <daniel@makrotopia.org>
wifi: rt2x00: correctly set BBP register 86 for MT7620
Daniel Golle <daniel@makrotopia.org>
wifi: rt2x00: set SoC wmac clock register
Daniel Golle <daniel@makrotopia.org>
wifi: rt2x00: set VGC gain for both chains of MT7620
Daniel Golle <daniel@makrotopia.org>
wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620
Daniel Golle <daniel@makrotopia.org>
wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620
Ziyang Xuan <william.xuanziyang@huawei.com>
can: bcm: check the result of can_send() in bcm_can_tx()
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create()
Patrick Rudolph <patrick.rudolph@9elements.com>
regulator: core: Prevent integer underflow
Alexander Coffin <alex.coffin@matician.com>
wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()
Khalid Masum <khalid.masum.92@gmail.com>
xfrm: Update ipcomp_scratches with NULL when freed
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
Eric Dumazet <edumazet@google.com>
tcp: annotate data-race around tcp_md5sig_pool_populated
Mike Pattrick <mkp@redhat.com>
openvswitch: Fix overreporting of drops in dropwatch
Mike Pattrick <mkp@redhat.com>
openvswitch: Fix double reporting of drops in dropwatch
Quentin Monnet <quentin@isovalent.com>
bpftool: Clear errno after libcap's checks
Wright Feng <wright.feng@cypress.com>
wifi: brcmfmac: fix invalid address access when enabling SCAN log level
Dai Ngo <dai.ngo@oracle.com>
NFSD: fix use-after-free on source server when doing inter-server copy
Anna Schumaker <Anna.Schumaker@Netapp.com>
NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data
Kees Cook <keescook@chromium.org>
x86/entry: Work around Clang __bdos() bug
Kees Cook <keescook@chromium.org>
ARM: decompressor: Include .data.rel.ro.local
Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash
Chao Qin <chao.qin@intel.com>
powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue
Kees Cook <keescook@chromium.org>
MIPS: BCM47XX: Cast memcmp() of function to (void *)
Arvid Norlander <lkml@vorpal.se>
ACPI: video: Add Toshiba Satellite/Portege Z830 quirk
Zqiang <qiang1.zhang@intel.com>
rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE()
Michal Hocko <mhocko@suse.com>
rcu: Back off upon fill_page_cache_func() allocation failure
Stefan Berger <stefanb@linux.ibm.com>
selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle
Chao Yu <chao@kernel.org>
f2fs: fix to account FS_CP_DATA_IO correctly
Chao Yu <chao@kernel.org>
f2fs: fix to avoid REQ_TIME and CP_TIME collision
Zhang Qilong <zhangqilong3@huawei.com>
f2fs: fix race condition on setting FI_NO_EXTENT flag
Shuai Xue <xueshuai@linux.alibaba.com>
ACPI: APEI: do not add task_work to kernel thread to avoid memory leak
Vincent Knecht <vincent.knecht@mailoo.org>
thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id
Dan Carpenter <dan.carpenter@oracle.com>
crypto: cavium - prevent integer overflow loading firmware
Dan Carpenter <dan.carpenter@oracle.com>
crypto: marvell/octeontx - prevent integer overflows
Janis Schoetterl-Glausch <scgl@linux.ibm.com>
kbuild: rpm-pkg: fix breakage when V=1 is used
Masahiro Yamada <masahiroy@kernel.org>
kbuild: remove the target in signal traps when interrupted
Yipeng Zou <zouyipeng@huawei.com>
tracing: kprobe: Make gen test module work in arm and riscv
Yipeng Zou <zouyipeng@huawei.com>
tracing: kprobe: Fix kprobe event gen test module on exit
Robin Murphy <robin.murphy@arm.com>
iommu/iova: Fix module config properly
Damian Muszynski <damian.muszynski@intel.com>
crypto: qat - fix DMA transfer direction
Giovanni Cabiddu <giovanni.cabiddu@intel.com>
crypto: qat - use pre-allocated buffers in datapath
Hui Tang <tanghui20@huawei.com>
crypto: qat - fix use of 'dma_map_single'
Peter Harliman Liem <pliem@maxlinear.com>
crypto: inside-secure - Change swab to swab32
Koba Ko <koba.ko@canonical.com>
crypto: ccp - Release dma channels before dmaengine unrgister
Ignat Korchagin <ignat@cloudflare.com>
crypto: akcipher - default implementation for setting a private key
Dan Carpenter <dan.carpenter@oracle.com>
iommu/omap: Fix buffer overflow in debugfs
Waiman Long <longman@redhat.com>
cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset
Kshitiz Varshney <kshitiz.varshney@nxp.com>
hwrng: imx-rngc - Moving IRQ handler registering after imx_rngc_irq_mask_clear()
Ye Weihua <yeweihua4@huawei.com>
crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr
Zhengchao Shao <shaozhengchao@huawei.com>
crypto: sahara - don't sleep when in softirq
Pali Rohár <pali@kernel.org>
powerpc: Fix SPE Power ISA properties for e500v1 platforms
Nicholas Piggin <npiggin@gmail.com>
powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5
Vitaly Kuznetsov <vkuznets@redhat.com>
x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition
Zheng Yongjun <zhengyongjun3@huawei.com>
powerpc/powernv: add missing of_node_put() in opal_export_attrs()
Liang He <windhl@126.com>
powerpc/pci_dn: Add missing of_node_put()
Liang He <windhl@126.com>
powerpc/sysdev/fsl_msi: Add missing of_node_put()
Nathan Chancellor <nathan@kernel.org>
powerpc/math_emu/efp: Include module.h
Jack Wang <jinpu.wang@ionos.com>
mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg
Joel Stanley <joel@jms.id.au>
clk: ast2600: BCLK comes from EPLL
Miaoqian Lin <linmq006@gmail.com>
clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe
Stefan Wahren <stefan.wahren@i2se.com>
clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration
Serge Semin <Sergey.Semin@baikalelectronics.ru>
clk: baikal-t1: Add SATA internal ref clock buffer
Serge Semin <Sergey.Semin@baikalelectronics.ru>
clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent
Serge Semin <Sergey.Semin@baikalelectronics.ru>
clk: baikal-t1: Fix invalid xGMAC PTP clock divider
Serge Semin <Sergey.Semin@baikalelectronics.ru>
clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD
David Collins <collinsd@codeaurora.org>
spmi: pmic-arb: correct duplicate APID to PPID mapping logic
Dave Jiang <dave.jiang@intel.com>
dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup()
Chen-Yu Tsai <wenst@chromium.org>
clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent
Jiasheng Jiang <jiasheng@iscas.ac.cn>
mfd: sm501: Add check for platform_driver_register()
Dan Carpenter <dan.carpenter@oracle.com>
mfd: fsl-imx25: Fix check for platform_get_irq() errors
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init()
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
mfd: lp8788: Fix an error handling path in lp8788_probe()
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq()
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe()
Jiasheng Jiang <jiasheng@iscas.ac.cn>
fsi: core: Check error number after calling ida_simple_get
Robert Marko <robimarko@gmail.com>
clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical
Mike Christie <michael.christie@oracle.com>
scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()
Duoming Zhou <duoming@zju.edu.cn>
scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
Pali Rohár <pali@kernel.org>
serial: 8250: Fix restoring termios speed after suspend
Guilherme G. Piccoli <gpiccoli@igalia.com>
firmware: google: Test spinlock on panic path to avoid lockups
Nam Cao <namcaov@gmail.com>
staging: vt6655: fix some erroneous memory clean-up loops
Dongliang Mu <mudongliangabcd@gmail.com>
phy: qualcomm: call clk_disable_unprepare in the error handling
Sherry Sun <sherry.sun@nxp.com>
tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: 8250: Toggle IER bits on only after irq has been set up
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
serial: 8250: Add an empty line and remove some useless {}
Dan Carpenter <dan.carpenter@oracle.com>
drivers: serial: jsm: fix some leaks in probe
Albert Briscoe <albertsbriscoe@gmail.com>
usb: gadget: function: fix dangling pnp_string in f_printer.c
Mario Limonciello <mario.limonciello@amd.com>
xhci: Don't show warning for reinit on known broken suspend
Daisuke Matsuda <matsuda-daisuke@fujitsu.com>
IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers
Mark Zhang <markzhang@nvidia.com>
RDMA/cm: Use SLID in the work completion as the DLID in responder side
Logan Gunthorpe <logang@deltatee.com>
md/raid5: Ensure stripe_fill happens on non-read IO with journal
Saurabh Sengar <ssengar@linux.microsoft.com>
md: Replace snprintf with scnprintf
Dan Carpenter <dan.carpenter@oracle.com>
mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct()
Niklas Cassel <niklas.cassel@wdc.com>
ata: fix ata_id_has_dipm()
Niklas Cassel <niklas.cassel@wdc.com>
ata: fix ata_id_has_ncq_autosense()
Niklas Cassel <niklas.cassel@wdc.com>
ata: fix ata_id_has_devslp()
Niklas Cassel <niklas.cassel@wdc.com>
ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting()
Bernard Metzler <bmt@zurich.ibm.com>
RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall.
Pali Rohár <pali@kernel.org>
mtd: rawnand: fsl_elbc: Fix none ECC mode
William Dean <williamsukatube@gmail.com>
mtd: devices: docg3: check the return value of devm_ioremap() in the probe
Jim Cromie <jim.cromie@gmail.com>
dyndbg: drop EXPORTed dynamic_debug_exec_queries
Jim Cromie <jim.cromie@gmail.com>
dyndbg: let query-modname override actual module name
Jim Cromie <jim.cromie@gmail.com>
dyndbg: fix module.dyndbg handling
Jim Cromie <jim.cromie@gmail.com>
dyndbg: fix static_branch manipulation
Jie Hai <haijie1@huawei.com>
dmaengine: hisilicon: Add multi-thread support for a DMA channel
Jie Hai <haijie1@huawei.com>
dmaengine: hisilicon: Fix CQ head update
Jie Hai <haijie1@huawei.com>
dmaengine: hisilicon: Disable channels when unregister hisi_dma
Dan Carpenter <dan.carpenter@oracle.com>
fpga: prevent integer overflow in dfl_feature_ioctl_set_irq()
Hangyu Hua <hbh25y@gmail.com>
misc: ocxl: fix possible refcount leak in afu_ioctl()
Zhu Yanjun <yanjun.zhu@linux.dev>
RDMA/rxe: Fix the error caused by qp->sk
Zhu Yanjun <yanjun.zhu@linux.dev>
RDMA/rxe: Fix "kernel NULL pointer dereference" error
Miaoqian Lin <linmq006@gmail.com>
media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init
Xu Qiang <xuqiang36@huawei.com>
media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start()
Shubhrajyoti Datta <shubhrajyoti.datta@xilinx.com>
tty: xilinx_uartps: Fix the ignore_status
Liang He <windhl@126.com>
media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop
Jack Wang <jinpu.wang@ionos.com>
HSI: omap_ssi_port: Fix dma_map_sg error check
Miaoqian Lin <linmq006@gmail.com>
HSI: omap_ssi: Fix refcount leak in ssi_probe
Miaoqian Lin <linmq006@gmail.com>
clk: tegra20: Fix refcount leak in tegra20_clock_init
Miaoqian Lin <linmq006@gmail.com>
clk: tegra: Fix refcount leak in tegra114_clock_init
Miaoqian Lin <linmq006@gmail.com>
clk: tegra: Fix refcount leak in tegra210_clock_init
Liang He <windhl@126.com>
clk: sprd: Hold reference returned by of_get_parent()
Liang He <windhl@126.com>
clk: berlin: Add of_node_put() for of_get_parent()
Liang He <windhl@126.com>
clk: qoriq: Hold reference returned by of_get_parent()
Liang He <windhl@126.com>
clk: oxnas: Hold reference returned by of_get_parent()
Liang He <windhl@126.com>
clk: meson: Hold reference returned by of_get_parent()
Thinh Nguyen <Thinh.Nguyen@synopsys.com>
usb: common: debug: Check non-standard control requests
Chunfeng Yun <chunfeng.yun@mediatek.com>
usb: common: move function's kerneldoc next to its definition
Chunfeng Yun <chunfeng.yun@mediatek.com>
usb: common: add function to get interval expressed in us unit
Thinh Nguyen <Thinh.Nguyen@synopsys.com>
usb: common: Parse for USB SSP genXxY
Thinh Nguyen <Thinh.Nguyen@synopsys.com>
usb: ch9: Add USB 3.2 SSP attributes
Jonathan Cameron <Jonathan.Cameron@huawei.com>
iio: ABI: Fix wrong format of differential capacitance channel ABI.
Nuno Sá <nuno.sa@analog.com>
iio: inkern: only release the device node when done with it
Claudiu Beznea <claudiu.beznea@microchip.com>
iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume
Claudiu Beznea <claudiu.beznea@microchip.com>
iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq
Claudiu Beznea <claudiu.beznea@microchip.com>
iio: adc: at91-sama5d2_adc: check return status for pressure and touch
Claudiu Beznea <claudiu.beznea@microchip.com>
iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX
Dmitry Torokhov <dmitry.torokhov@gmail.com>
ARM: dts: exynos: fix polarity of VBUS GPIO of Origen
Mark Rutland <mark.rutland@arm.com>
arm64: ftrace: fix module PLTs with mcount
Geert Uytterhoeven <geert+renesas@glider.be>
ARM: Drop CMDLINE_* dependency on ATAGS
Dmitry Torokhov <dmitry.torokhov@gmail.com>
ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family
Dmitry Osipenko <digetx@gmail.com>
soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA
Randy Dunlap <rdunlap@infradead.org>
ia64: export memory_add_physaddr_to_nid to fix cxl build error
Michael Walle <michael@walle.cc>
ARM: dts: kirkwood: lsxl: remove first ethernet port
Michael Walle <michael@walle.cc>
ARM: dts: kirkwood: lsxl: fix serial line
Marek Behún <kabel@kernel.org>
ARM: dts: turris-omnia: Fix mpp26 pin name and comment
Liang He <windhl@126.com>
soc: qcom: smem_state: Add refcounting for the 'state->of_node'
Liang He <windhl@126.com>
soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()
Liang He <windhl@126.com>
memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings()
Liang He <windhl@126.com>
memory: of: Fix refcount leak bug in of_get_ddr_timings()
Liang He <windhl@126.com>
memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe()
Takashi Iwai <tiwai@suse.de>
ALSA: hda/hdmi: Don't skip notification handling during PM operation
Zhang Qilong <zhangqilong3@huawei.com>
ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe
Zhang Qilong <zhangqilong3@huawei.com>
ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe
Zhang Qilong <zhangqilong3@huawei.com>
ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe
Zhang Qilong <zhangqilong3@huawei.com>
ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe()
Andreas Pape <apape@de.adit-jv.com>
ALSA: dmaengine: increment buffer pointer atomically
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
ASoC: da7219: Fix an error handling path in da7219_register_dai_clks()
Kuogee Hsieh <quic_khsieh@quicinc.com>
drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa()
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx
Liang He <windhl@126.com>
ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
mmc: au1xmmc: Fix an error handling path in au1xmmc_probe()
Liang He <windhl@126.com>
drm/omap: dss: Fix refcount leak bugs
Takashi Iwai <tiwai@suse.de>
ALSA: hda: beep: Simplify keep-power-at-enable behavior
Jiasheng Jiang <jiasheng@iscas.ac.cn>
ASoC: rsnd: Add check for rsnd_mod_power_on
Zheyu Ma <zheyuma97@gmail.com>
drm/bridge: megachips: Fix a null pointer dereference bug
Randy Dunlap <rdunlap@infradead.org>
drm: fix drm_mipi_dbi build errors
Hans de Goede <hdegoede@redhat.com>
platform/x86: msi-laptop: Fix resource cleanup
Hans de Goede <hdegoede@redhat.com>
platform/x86: msi-laptop: Fix old-ec check for backlight registering
Martin Povišer <povik+lin@cutebit.org>
ASoC: tas2764: Fix mute/unmute
Martin Povišer <povik+lin@cutebit.org>
ASoC: tas2764: Drop conflicting set_bias_level power setting
Martin Povišer <povik+lin@cutebit.org>
ASoC: tas2764: Allow mono streams
Dan Carpenter <dan.carpenter@oracle.com>
platform/chrome: fix memory corruption in ioctl
Rustam Subkhankulov <subkhankulov@ispras.ru>
platform/chrome: fix double-free in chromeos_laptop_prepare()
Liang He <windhl@126.com>
drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node()
Simon Ser <contact@emersion.fr>
drm/dp_mst: fix drm_dp_dpcd_read return value checks
Chen-Yu Tsai <wenst@chromium.org>
drm/bridge: parade-ps8640: Fix regulator supply order
Maxime Ripard <maxime@cerno.tech>
drm/mipi-dsi: Detach devices when removing the host
Dan Carpenter <dan.carpenter@oracle.com>
drm/bridge: Avoid uninitialized variable warning
Alvin Šipraga <alsi@bang-olufsen.dk>
drm: bridge: adv7511: fix CEC power down control register offset
Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
net: mvpp2: fix mvpp2 debugfs leak
Eric Dumazet <edumazet@google.com>
once: add DO_ONCE_SLOW() for sleepable contexts
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
net/ieee802154: reject zero-sized raw_sendmsg()
Jianglei Nie <niejianglei2021@163.com>
bnx2x: fix potential memory leak in bnx2x_tpa_stop()
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks()
Marek Szyprowski <m.szyprowski@samsung.com>
spi: Ensure that sg_table won't be used after being freed
Neal Cardwell <ncardwell@google.com>
tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited
Xin Long <lucien.xin@gmail.com>
sctp: handle the error returned from sctp_auth_asoc_init_active_key
Duoming Zhou <duoming@zju.edu.cn>
mISDN: fix use-after-free bugs in l1oip timer handlers
Junichi Uekawa <uekawa@chromium.org>
vhost/vsock: Use kvmalloc/kvfree for larger packets.
Bitterblue Smith <rtl8821cerfe2@gmail.com>
wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM
Vincent Whitchurch <vincent.whitchurch@axis.com>
spi: s3c64xx: Fix large transfers with DMA
Phil Sutter <phil@nwl.cc>
netfilter: nft_fib: Fix for rpath check with VRF devices
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: hci_core: Fix not handling link timeouts propertly
Asmaa Mnebhi <asmaa@nvidia.com>
i2c: mlxbf: support lock mechanism
Zhang Qilong <zhangqilong3@huawei.com>
spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe
Zhang Qilong <zhangqilong3@huawei.com>
spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe
Luciano Leão <lucianorsleao@gmail.com>
x86/cpu: Include the header of init_ia32_feat_ctl()'s prototype
Kees Cook <keescook@chromium.org>
x86/microcode/AMD: Track patch allocation size explicitly
Jesus Fernandez Manzano <jesus.manzano@galgus.net>
wifi: ath11k: fix number of VHT beamformee spatial streams
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure
Lee Jones <lee@kernel.org>
bpf: Ensure correct locking around vulnerable function find_vpid()
Zheng Yongjun <zhengyongjun3@huawei.com>
net: fs_enet: Fix wrong check in do_pd_setup
Bitterblue Smith <rtl8821cerfe2@gmail.com>
wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask
Bitterblue Smith <rtl8821cerfe2@gmail.com>
wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration
Lorenz Bauer <oss@lmb.io>
bpf: btf: fix truncated last_member_type_id in btf_struct_resolve
Neil Armstrong <narmstrong@baylibre.com>
spi: meson-spicc: do not rely on busy flag in pow2 clk ops
Bitterblue Smith <rtl8821cerfe2@gmail.com>
wifi: rtl8xxxu: Fix skb misuse in TX queue selection
Xu Qiang <xuqiang36@huawei.com>
spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime()
Xu Qiang <xuqiang36@huawei.com>
spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume()
Ian Rogers <irogers@google.com>
selftests/xsk: Avoid use-after-free on ctx
Dan Carpenter <dan.carpenter@oracle.com>
wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
Sean Wang <sean.wang@mediatek.com>
Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend
Arnd Bergmann <arnd@arndb.de>
Bluetooth: btusb: fix excessive stack usage
Mark Chen <Mark-YW.Chen@mediatek.com>
Bluetooth: btusb: Fine-tune mt7663 mechanism.
Kohei Tarumizu <tarumizu.kohei@fujitsu.com>
x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
spi: mt7621: Fix an error message in mt7621_spi_probe()
Lam Thai <lamthai@arista.com>
bpftool: Fix a wrong type cast in btf_dumper_int
Hari Chandrakanthan <quic_haric@quicinc.com>
wifi: mac80211: allow bw change during channel switch in mesh
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
leds: lm3601x: Don't use mutex after it was destroyed
Wen Gong <quic_wgong@quicinc.com>
wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
nfsd: Fix a memory leak in an error handling path
Sami Tolvanen <samitolvanen@google.com>
objtool: Preserve special st_shndx indexes in elf_update_symbol
Wang Kefeng <wangkefeng.wang@huawei.com>
ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE
Wang Kefeng <wangkefeng.wang@huawei.com>
ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd()
Lin Yujun <linyujun809@huawei.com>
MIPS: SGI-IP27: Fix platform-device leak in bridge_platform_create()
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
MIPS: SGI-IP27: Free some unused memory
Kees Cook <keescook@chromium.org>
sh: machvec: Use char[] for section boundaries
Ondrej Mosnacek <omosnace@redhat.com>
userfaultfd: open userfaultfds with O_RDONLY
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
selinux: use "grep -E" instead of "egrep"
Steve French <stfrench@microsoft.com>
smb3: must initialize two ACL struct fields to zero
Ville Syrjälä <ville.syrjala@linux.intel.com>
drm/i915: Fix watermark calculations for gen12+ MC CCS modifier
Ville Syrjälä <ville.syrjala@linux.intel.com>
drm/i915: Fix watermark calculations for gen12+ RC CCS modifier
Jianglei Nie <niejianglei2021@163.com>
drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table()
Lyude Paul <lyude@redhat.com>
drm/nouveau/kms/nv140-: Disable interlacing
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
staging: greybus: audio_helper: remove unused and wrong debugfs usage
Sean Christopherson <seanjc@google.com>
KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS
Sean Christopherson <seanjc@google.com>
KVM: nVMX: Unconditionally purge queued/injected events on nested "exit"
Michal Luczaj <mhal@rbox.co>
KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility
Dmitry Osipenko <dmitry.osipenko@collabora.com>
media: cedrus: Set the platform driver data earlier
Ard Biesheuvel <ardb@kernel.org>
efi: libstub: drop pointless get_memory_map() call
Mario Limonciello <mario.limonciello@amd.com>
thunderbolt: Explicitly enable lane adapter hotplug events at startup
Waiman Long <longman@redhat.com>
tracing: Disable interrupt or preemption before acquiring arch_spinlock_t
Steven Rostedt (Google) <rostedt@goodmis.org>
ring-buffer: Fix race between reset page and reading page
Steven Rostedt (Google) <rostedt@goodmis.org>
ring-buffer: Add ring_buffer_wake_waiters()
Steven Rostedt (Google) <rostedt@goodmis.org>
ring-buffer: Check pending waiters when doing wake ups as well
Steven Rostedt (Google) <rostedt@goodmis.org>
ring-buffer: Have the shortest_full queue be the shortest not longest
Steven Rostedt (Google) <rostedt@goodmis.org>
ring-buffer: Allow splice to read previous partially read pages
Zheng Yejian <zhengyejian1@huawei.com>
ftrace: Properly unset FTRACE_HASH_FL_MOD
Rik van Riel <riel@surriel.com>
livepatch: fix race between fork and KLP transition
Ye Bin <yebin10@huawei.com>
ext4: update 'state->fc_regions_size' after successful memory allocation
Ye Bin <yebin10@huawei.com>
ext4: fix potential memory leak in ext4_fc_record_regions()
Ye Bin <yebin10@huawei.com>
ext4: fix potential memory leak in ext4_fc_record_modified_inode()
Ye Bin <yebin10@huawei.com>
ext4: fix miss release buffer head in ext4_fc_write_inode
Jinke Han <hanjinke.666@bytedance.com>
ext4: place buffer head allocation before handle start
Zhang Yi <yi.zhang@huawei.com>
ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate
Lukas Czerner <lczerner@redhat.com>
ext4: don't increase iversion counter for ea_inodes
Jan Kara <jack@suse.cz>
ext4: fix check for block being out of directory size
Lalith Rajendran <lalithkraj@google.com>
ext4: make ext4_lazyinit_thread freezable
Baokun Li <libaokun1@huawei.com>
ext4: fix null-ptr-deref in ext4_write_info
Jan Kara <jack@suse.cz>
ext4: avoid crash when inline data creation follows DIO write
Ye Bin <yebin10@huawei.com>
jbd2: add miss release buffer head in fc_do_one_pass()
Ye Bin <yebin10@huawei.com>
jbd2: fix potential use-after-free in jbd2_fc_wait_bufs
Ye Bin <yebin10@huawei.com>
jbd2: fix potential buffer head reference count leak
Andrew Perepechko <anserper@ya.ru>
jbd2: wake up journal waiters in FIFO order, not LIFO
Kees Cook <keescook@chromium.org>
hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zero
Kees Cook <keescook@chromium.org>
hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO
Kees Cook <keescook@chromium.org>
hardening: Clarify Kconfig text for auto-var-init
Chao Yu <chao@kernel.org>
f2fs: fix to do sanity check on summary info
Chao Yu <chao@kernel.org>
f2fs: fix to do sanity check on destination blkaddr during recovery
Jaegeuk Kim <jaegeuk@kernel.org>
f2fs: increase the limit for reserve_root
Filipe Manana <fdmanana@suse.com>
btrfs: fix race between quota enable and quota rescan ioctl
Hyunwoo Kim <imv4bel@gmail.com>
fbdev: smscufx: Fix use-after-free in ufx_ops_open()
Saurav Kashyap <skashyap@marvell.com>
scsi: qedf: Populate sysfs attributes for vport
Pali Rohár <pali@kernel.org>
powerpc/boot: Explicitly disable usage of SPE instructions
Zhang Rui <rui.zhang@intel.com>
powercap: intel_rapl: Use standard Energy Unit for SPR Dram RAPL domain
Maciej W. Rozycki <macro@orcam.me.uk>
serial: 8250: Let drivers request full 16550A feature probing
Maciej W. Rozycki <macro@orcam.me.uk>
PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
Carlos Llamas <cmllamas@google.com>
mm/mmap: undo ->mmap() when arch_validate_flags() fails
Jeffle Xu <jefflexu@linux.alibaba.com>
block: fix inflight statistics of part0
Takashi Iwai <tiwai@suse.de>
drm/udl: Restore display mode on resume
Dmitry Osipenko <dmitry.osipenko@collabora.com>
drm/virtio: Check whether transferred 2D BO is shmem
Rishabh Bhatnagar <risbhat@amazon.com>
nvme-pci: set min_align_mask before calculating max_hw_sectors
Huacai Chen <chenhuacai@loongson.cn>
UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
Fangrui Song <maskray@google.com>
riscv: Pass -mno-relax only on lld < 15.0.0
Andrew Bresticker <abrestic@rivosinc.com>
riscv: Make VM_WRITE imply VM_READ
Andrew Bresticker <abrestic@rivosinc.com>
riscv: Allow PROT_WRITE-only mmap()
Helge Deller <deller@gmx.de>
parisc: fbdev/stifb: Align graphics memory size to 4MB
Maciej W. Rozycki <macro@orcam.me.uk>
RISC-V: Make port I/O string accessors actually work
Linus Walleij <linus.walleij@linaro.org>
regulator: qcom_rpm: Fix circular deferral regression
Liang He <windhl@126.com>
hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
ASoC: wcd934x: fix order of Slimbus unprepare/disable
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
ASoC: wcd9335: fix order of Slimbus unprepare/disable
Patryk Duda <pdk@semihalf.com>
platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure
Zhihao Cheng <chengzhihao1@huawei.com>
quota: Check next/prev free block number after reading from quota file
Andri Yngvason <andri@yngvason.is>
HID: multitouch: Add memory barriers
Alexander Aring <aahringo@redhat.com>
fs: dlm: handle -EBUSY first in lock arg validation
Alexander Aring <aahringo@redhat.com>
fs: dlm: fix race between test_bit() and queue_work()
Wenchao Chen <wenchao.chen@unisoc.com>
mmc: sdhci-sprd: Fix minimum clock limit
Anssi Hannula <anssi.hannula@bitwise.fi>
can: kvaser_usb_leaf: Fix CAN state after restart
Anssi Hannula <anssi.hannula@bitwise.fi>
can: kvaser_usb_leaf: Fix TX queue out of sync after restart
Anssi Hannula <anssi.hannula@bitwise.fi>
can: kvaser_usb_leaf: Fix overread with an invalid command
Anssi Hannula <anssi.hannula@bitwise.fi>
can: kvaser_usb: Fix use of uninitialized completion
Jean-Francois Le Fillatre <jflf_kernel@gmx.com>
usb: add quirks for Lenovo OneLink+ Dock
Eddie James <eajames@linux.ibm.com>
iio: pressure: dps310: Reset chip after timeout
Eddie James <eajames@linux.ibm.com>
iio: pressure: dps310: Refactor startup procedure
Nuno Sá <nuno.sa@analog.com>
iio: adc: ad7923: fix channel readings for some variants
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
iio: ltc2497: Fix reading conversion results
Michael Hennerich <michael.hennerich@analog.com>
iio: dac: ad5593r: Fix i2c read protocol requirements
Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message
Ronnie Sahlberg <lsahlber@redhat.com>
cifs: destage dirty pages before re-reading them for cache=none
Tudor Ambarus <tudor.ambarus@microchip.com>
mtd: rawnand: atmel: Unmap streaming DMA mappings
Saranya Gopal <saranya.gopal@intel.com>
ALSA: hda/realtek: Add Intel Reference SSID to support headset keys
Luke D. Jones <luke@ljones.dev>
ALSA: hda/realtek: Add quirk for ASUS GV601R laptop
Luke D. Jones <luke@ljones.dev>
ALSA: hda/realtek: Correct pin configs for ASUS G533Z
Callum Osmotherly <callum.osmotherly@gmail.com>
ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530
Takashi Iwai <tiwai@suse.de>
ALSA: usb-audio: Fix NULL dererence at error path
Takashi Iwai <tiwai@suse.de>
ALSA: usb-audio: Fix potential memory leaks
Takashi Iwai <tiwai@suse.de>
ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free()
Takashi Iwai <tiwai@suse.de>
ALSA: oss: Fix potential deadlock at unregistration
-------------
Diffstat:
Documentation/ABI/testing/sysfs-bus-iio | 2 +-
Makefile | 10 +-
arch/arm/Kconfig | 1 -
arch/arm/boot/compressed/vmlinux.lds.S | 2 +
arch/arm/boot/dts/armada-385-turris-omnia.dts | 4 +-
arch/arm/boot/dts/exynos4412-midas.dtsi | 2 +-
arch/arm/boot/dts/exynos4412-origen.dts | 2 +-
arch/arm/boot/dts/imx6dl.dtsi | 3 +
arch/arm/boot/dts/imx6q.dtsi | 3 +
arch/arm/boot/dts/imx6qp.dtsi | 6 +
arch/arm/boot/dts/imx6sl.dtsi | 3 +
arch/arm/boot/dts/imx6sll.dtsi | 3 +
arch/arm/boot/dts/imx6sx.dtsi | 6 +
arch/arm/boot/dts/imx7d-sdb.dts | 7 +-
arch/arm/boot/dts/kirkwood-lsxl.dtsi | 16 +-
arch/arm/mm/dump.c | 2 +-
arch/arm/mm/mmu.c | 4 +
arch/arm64/boot/dts/freescale/imx8mq-librem5.dtsi | 1 +
arch/arm64/kernel/ftrace.c | 17 +-
arch/arm64/kernel/topology.c | 2 +-
arch/ia64/mm/numa.c | 1 +
arch/mips/bcm47xx/prom.c | 4 +-
arch/mips/sgi-ip27/ip27-xtalk.c | 74 ++++--
arch/powerpc/Makefile | 2 +-
arch/powerpc/boot/Makefile | 1 +
arch/powerpc/boot/dts/fsl/e500v1_power_isa.dtsi | 51 ++++
arch/powerpc/boot/dts/fsl/mpc8540ads.dts | 2 +-
arch/powerpc/boot/dts/fsl/mpc8541cds.dts | 2 +-
arch/powerpc/boot/dts/fsl/mpc8555cds.dts | 2 +-
arch/powerpc/boot/dts/fsl/mpc8560ads.dts | 2 +-
arch/powerpc/kernel/pci_dn.c | 1 +
arch/powerpc/math-emu/math_efp.c | 1 +
arch/powerpc/platforms/powernv/opal.c | 1 +
arch/powerpc/sysdev/fsl_msi.c | 2 +
arch/riscv/Makefile | 2 +
arch/riscv/include/asm/io.h | 16 +-
arch/riscv/kernel/sys_riscv.c | 3 -
arch/riscv/mm/fault.c | 3 +-
arch/sh/include/asm/sections.h | 2 +-
arch/sh/kernel/machvec.c | 10 +-
arch/um/kernel/um_arch.c | 2 +-
arch/x86/include/asm/hyperv-tlfs.h | 4 +-
arch/x86/include/asm/microcode.h | 1 +
arch/x86/kernel/cpu/feat_ctl.c | 2 +-
arch/x86/kernel/cpu/microcode/amd.c | 3 +-
arch/x86/kernel/cpu/resctrl/pseudo_lock.c | 12 +-
arch/x86/kvm/emulate.c | 2 +-
arch/x86/kvm/vmx/nested.c | 30 ++-
arch/x86/kvm/vmx/vmx.c | 12 +-
arch/x86/xen/enlighten_pv.c | 3 +-
block/blk-mq.c | 3 +-
block/blk-throttle.c | 8 +-
crypto/akcipher.c | 8 +
drivers/acpi/acpi_video.c | 16 ++
drivers/acpi/apei/ghes.c | 2 +-
drivers/ata/libahci_platform.c | 14 +-
drivers/block/nbd.c | 6 +-
drivers/bluetooth/btusb.c | 47 +++-
drivers/bluetooth/hci_ldisc.c | 7 +-
drivers/bluetooth/hci_serdev.c | 10 +-
drivers/char/hw_random/imx-rngc.c | 14 +-
drivers/clk/baikal-t1/ccu-div.c | 65 +++++
drivers/clk/baikal-t1/ccu-div.h | 10 +
drivers/clk/baikal-t1/clk-ccu-div.c | 26 +-
drivers/clk/bcm/clk-bcm2835.c | 8 +-
drivers/clk/berlin/bg2.c | 5 +-
drivers/clk/berlin/bg2q.c | 6 +-
drivers/clk/clk-ast2600.c | 2 +-
drivers/clk/clk-oxnas.c | 6 +-
drivers/clk/clk-qoriq.c | 10 +-
drivers/clk/clk-versaclock5.c | 2 +-
drivers/clk/mediatek/clk-mt8183-mfgcfg.c | 6 +-
drivers/clk/meson/meson-aoclk.c | 5 +-
drivers/clk/meson/meson-eeclk.c | 5 +-
drivers/clk/meson/meson8b.c | 5 +-
drivers/clk/qcom/apss-ipq6018.c | 2 +-
drivers/clk/sprd/common.c | 9 +-
drivers/clk/tegra/clk-tegra114.c | 1 +
drivers/clk/tegra/clk-tegra20.c | 1 +
drivers/clk/tegra/clk-tegra210.c | 1 +
drivers/clk/ti/clk-dra7-atl.c | 9 +-
drivers/clk/zynqmp/clkc.c | 7 +
drivers/clk/zynqmp/pll.c | 31 ++-
drivers/crypto/cavium/cpt/cptpf_main.c | 6 +-
drivers/crypto/ccp/ccp-dmaengine.c | 6 +-
drivers/crypto/hisilicon/zip/zip_crypto.c | 4 +-
drivers/crypto/inside-secure/safexcel_hash.c | 8 +-
drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c | 18 +-
drivers/crypto/qat/qat_common/qat_algs.c | 109 +++++----
drivers/crypto/qat/qat_common/qat_crypto.h | 24 ++
drivers/crypto/sahara.c | 18 +-
drivers/dma-buf/udmabuf.c | 9 +-
drivers/dma/hisi_dma.c | 28 +--
drivers/dma/ioat/dma.c | 6 +-
drivers/firmware/efi/libstub/fdt.c | 8 -
drivers/firmware/google/gsmi.c | 9 +
drivers/fpga/dfl.c | 2 +-
drivers/fsi/fsi-core.c | 3 +
drivers/gpu/drm/Kconfig | 1 +
drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 7 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 2 -
drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 5 -
drivers/gpu/drm/amd/amdgpu/soc15.c | 25 ++
drivers/gpu/drm/amd/display/dc/calcs/bw_fixed.c | 6 +-
drivers/gpu/drm/amd/display/dc/core/dc.c | 16 +-
drivers/gpu/drm/amd/display/dc/dc_stream.h | 6 +-
.../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 35 +--
.../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h | 3 +-
drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h | 8 +-
drivers/gpu/drm/bridge/adv7511/adv7511.h | 5 +-
drivers/gpu/drm/bridge/adv7511/adv7511_cec.c | 4 +-
drivers/gpu/drm/bridge/lontium-lt9611.c | 3 +-
.../drm/bridge/megachips-stdpxxxx-ge-b850v3-fw.c | 4 +-
drivers/gpu/drm/bridge/parade-ps8640.c | 4 +-
drivers/gpu/drm/bridge/synopsys/dw-hdmi.c | 13 +-
drivers/gpu/drm/drm_bridge.c | 4 +-
drivers/gpu/drm/drm_dp_helper.c | 9 -
drivers/gpu/drm/drm_dp_mst_topology.c | 6 +-
drivers/gpu/drm/drm_ioctl.c | 8 +-
drivers/gpu/drm/drm_mipi_dsi.c | 1 +
drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 +
drivers/gpu/drm/i915/intel_pm.c | 8 +-
drivers/gpu/drm/meson/meson_drv.c | 8 +
drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 12 +-
drivers/gpu/drm/msm/disp/dpu1/dpu_vbif.c | 29 +--
drivers/gpu/drm/msm/dp/dp_catalog.c | 2 +-
drivers/gpu/drm/nouveau/nouveau_bo.c | 4 +-
drivers/gpu/drm/nouveau/nouveau_connector.c | 3 +-
drivers/gpu/drm/nouveau/nouveau_prime.c | 1 -
drivers/gpu/drm/omapdrm/dss/dss.c | 3 +
drivers/gpu/drm/pl111/pl111_versatile.c | 1 +
drivers/gpu/drm/udl/udl_modeset.c | 3 -
drivers/gpu/drm/vc4/vc4_vec.c | 4 +-
drivers/gpu/drm/virtio/virtgpu_vq.c | 2 +-
drivers/hid/hid-multitouch.c | 8 +-
drivers/hid/hid-roccat.c | 4 +
drivers/hsi/controllers/omap_ssi_core.c | 1 +
drivers/hsi/controllers/omap_ssi_port.c | 8 +-
drivers/hwmon/gsc-hwmon.c | 1 +
drivers/i2c/busses/i2c-mlxbf.c | 44 +++-
drivers/iio/adc/ad7923.c | 4 +-
drivers/iio/adc/at91-sama5d2_adc.c | 28 ++-
drivers/iio/adc/ltc2497.c | 13 +
drivers/iio/dac/ad5593r.c | 46 ++--
drivers/iio/inkern.c | 6 +-
drivers/iio/pressure/dps310.c | 262 +++++++++++++--------
drivers/infiniband/core/cm.c | 14 +-
drivers/infiniband/core/uverbs_cmd.c | 5 +-
drivers/infiniband/core/verbs.c | 2 +
drivers/infiniband/hw/hns/hns_roce_mr.c | 1 -
drivers/infiniband/hw/mlx4/mr.c | 1 -
drivers/infiniband/sw/rxe/rxe_qp.c | 10 +-
drivers/infiniband/sw/siw/siw_qp_rx.c | 27 ++-
drivers/iommu/omap-iommu-debug.c | 6 +-
drivers/isdn/mISDN/l1oip.h | 1 +
drivers/isdn/mISDN/l1oip_core.c | 13 +-
drivers/leds/leds-lm3601x.c | 2 -
drivers/mailbox/bcm-flexrm-mailbox.c | 8 +-
drivers/md/bcache/writeback.c | 73 ++++--
drivers/md/raid0.c | 2 +-
drivers/md/raid5.c | 14 +-
drivers/media/pci/cx88/cx88-vbi.c | 9 +-
drivers/media/pci/cx88/cx88-video.c | 43 ++--
drivers/media/platform/exynos4-is/fimc-is.c | 1 +
drivers/media/platform/xilinx/xilinx-vipp.c | 9 +-
drivers/memory/of_memory.c | 2 +
drivers/memory/pl353-smc.c | 1 +
drivers/mfd/fsl-imx25-tsadc.c | 34 ++-
drivers/mfd/intel_soc_pmic_core.c | 1 +
drivers/mfd/lp8788-irq.c | 3 +
drivers/mfd/lp8788.c | 12 +-
drivers/mfd/sm501.c | 7 +-
drivers/misc/ocxl/file.c | 2 +
drivers/mmc/host/au1xmmc.c | 3 +-
drivers/mmc/host/sdhci-msm.c | 1 +
drivers/mmc/host/sdhci-sprd.c | 2 +-
drivers/mmc/host/wmt-sdmmc.c | 5 +-
drivers/mtd/devices/docg3.c | 7 +-
drivers/mtd/nand/raw/atmel/nand-controller.c | 1 +
drivers/mtd/nand/raw/fsl_elbc_nand.c | 28 ++-
drivers/mtd/nand/raw/meson_nand.c | 4 +-
drivers/net/can/usb/kvaser_usb/kvaser_usb.h | 2 +
drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 3 +-
drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c | 2 +-
drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 79 +++++++
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 1 +
drivers/net/ethernet/freescale/fs_enet/mac-fec.c | 2 +-
drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 1 +
drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c | 10 +-
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 13 +-
drivers/net/usb/r8152.c | 4 +-
drivers/net/wireless/ath/ath10k/mac.c | 54 +++--
drivers/net/wireless/ath/ath11k/mac.c | 25 +-
drivers/net/wireless/ath/ath9k/htc_hst.c | 43 ++--
.../wireless/broadcom/brcm80211/brcmfmac/core.c | 3 +-
.../net/wireless/broadcom/brcm80211/brcmfmac/pno.c | 12 +-
drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 34 ++-
.../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 75 +++++-
drivers/nvme/host/core.c | 3 +-
drivers/nvme/host/pci.c | 3 +-
drivers/nvme/target/tcp.c | 11 +-
drivers/pci/setup-res.c | 11 +
drivers/phy/qualcomm/phy-qcom-usb-hsic.c | 6 +-
drivers/platform/chrome/chromeos_laptop.c | 24 +-
drivers/platform/chrome/cros_ec.c | 8 +-
drivers/platform/chrome/cros_ec_chardev.c | 3 +
drivers/platform/chrome/cros_ec_proto.c | 32 +++
drivers/platform/x86/msi-laptop.c | 14 +-
drivers/power/supply/adp5061.c | 6 +-
drivers/powercap/intel_rapl_common.c | 4 +-
drivers/regulator/core.c | 2 +-
drivers/regulator/qcom_rpm-regulator.c | 24 +-
drivers/scsi/3w-9xxx.c | 2 +-
drivers/scsi/iscsi_tcp.c | 73 ++++--
drivers/scsi/iscsi_tcp.h | 2 +
drivers/scsi/libsas/sas_expander.c | 2 +-
drivers/scsi/qedf/qedf_main.c | 21 ++
drivers/soc/qcom/smem_state.c | 3 +-
drivers/soc/qcom/smsm.c | 20 +-
drivers/soc/tegra/Kconfig | 1 -
drivers/soundwire/cadence_master.c | 9 +-
drivers/soundwire/intel.c | 1 -
drivers/spi/spi-dw-bt1.c | 4 +-
drivers/spi/spi-meson-spicc.c | 6 +-
drivers/spi/spi-mt7621.c | 8 +-
drivers/spi/spi-omap-100k.c | 1 +
drivers/spi/spi-qup.c | 21 +-
drivers/spi/spi-s3c64xx.c | 9 +
drivers/spi/spi.c | 2 +
drivers/spmi/spmi-pmic-arb.c | 13 +-
drivers/staging/greybus/audio_helper.c | 11 -
drivers/staging/media/meson/vdec/vdec_hevc.c | 6 +-
drivers/staging/media/sunxi/cedrus/cedrus.c | 4 +-
drivers/staging/rtl8723bs/core/rtw_cmd.c | 16 +-
drivers/staging/vt6655/device_main.c | 8 +-
drivers/thermal/intel/intel_powerclamp.c | 4 +-
drivers/thermal/qcom/tsens-v0_1.c | 2 +-
drivers/thunderbolt/switch.c | 24 ++
drivers/thunderbolt/tb.h | 1 +
drivers/thunderbolt/tb_regs.h | 1 +
drivers/thunderbolt/usb4.c | 20 ++
drivers/tty/serial/8250/8250_core.c | 19 +-
drivers/tty/serial/8250/8250_port.c | 18 +-
drivers/tty/serial/fsl_lpuart.c | 2 +
drivers/tty/serial/jsm/jsm_driver.c | 3 +-
drivers/tty/serial/xilinx_uartps.c | 2 +
drivers/usb/common/common.c | 102 +++++++-
drivers/usb/common/debug.c | 78 ++++--
drivers/usb/core/devices.c | 21 +-
drivers/usb/core/endpoint.c | 35 +--
drivers/usb/core/quirks.c | 4 +
drivers/usb/gadget/function/f_printer.c | 12 +-
drivers/usb/host/xhci-mem.c | 7 +-
drivers/usb/host/xhci-plat.c | 18 +-
drivers/usb/host/xhci.c | 3 +-
drivers/usb/host/xhci.h | 1 +
drivers/usb/misc/idmouse.c | 8 +-
drivers/usb/musb/musb_gadget.c | 3 +
drivers/usb/storage/unusual_devs.h | 6 -
drivers/vhost/vsock.c | 2 +-
drivers/video/fbdev/smscufx.c | 14 +-
drivers/video/fbdev/stifb.c | 2 +-
fs/btrfs/qgroup.c | 15 ++
fs/btrfs/scrub.c | 36 +++
fs/cifs/file.c | 9 +
fs/cifs/smb2pdu.c | 7 +-
fs/dlm/ast.c | 6 +-
fs/dlm/lock.c | 16 +-
fs/ext4/fast_commit.c | 40 ++--
fs/ext4/file.c | 6 +
fs/ext4/inode.c | 14 +-
fs/ext4/namei.c | 2 +-
fs/ext4/resize.c | 2 +-
fs/ext4/super.c | 19 +-
fs/f2fs/checkpoint.c | 23 +-
fs/f2fs/data.c | 4 +-
fs/f2fs/extent_cache.c | 3 +-
fs/f2fs/f2fs.h | 27 ++-
fs/f2fs/gc.c | 10 +-
fs/f2fs/recovery.c | 23 +-
fs/f2fs/segment.c | 47 ++--
fs/f2fs/super.c | 4 +-
fs/io_uring.c | 8 +-
fs/jbd2/commit.c | 2 +-
fs/jbd2/journal.c | 10 +-
fs/jbd2/recovery.c | 1 +
fs/jbd2/transaction.c | 6 +-
fs/nfsd/nfs4recover.c | 4 +-
fs/nfsd/nfs4state.c | 5 +
fs/nfsd/nfs4xdr.c | 2 +-
fs/quota/quota_tree.c | 38 +++
fs/userfaultfd.c | 4 +-
include/linux/ata.h | 39 +--
include/linux/dynamic_debug.h | 11 +-
include/linux/iova.h | 2 +-
include/linux/once.h | 28 +++
include/linux/ring_buffer.h | 2 +-
include/linux/serial_8250.h | 1 +
include/linux/serial_core.h | 3 +-
include/linux/skbuff.h | 2 +
include/linux/tcp.h | 2 +-
include/linux/usb/ch9.h | 62 +----
include/net/ieee802154_netdev.h | 12 +-
include/net/sock.h | 2 +-
include/net/tcp.h | 5 +-
include/uapi/linux/usb/ch9.h | 13 +
kernel/bpf/btf.c | 2 +-
kernel/bpf/syscall.c | 2 +
kernel/cgroup/cpuset.c | 18 +-
kernel/gcov/gcc_4_7.c | 18 +-
kernel/livepatch/transition.c | 18 +-
kernel/rcu/tasks.h | 2 +-
kernel/rcu/tree.c | 17 +-
kernel/trace/ftrace.c | 8 +-
kernel/trace/kprobe_event_gen_test.c | 49 +++-
kernel/trace/ring_buffer.c | 87 ++++++-
kernel/trace/trace.c | 23 ++
lib/dynamic_debug.c | 45 +---
lib/once.c | 30 +++
mm/hugetlb.c | 29 +--
mm/mmap.c | 5 +-
net/bluetooth/hci_core.c | 34 ++-
net/bluetooth/hci_sysfs.c | 3 +
net/bluetooth/l2cap_core.c | 17 +-
net/can/bcm.c | 7 +-
net/core/stream.c | 3 +-
net/ieee802154/socket.c | 4 +
net/ipv4/af_inet.c | 2 +-
net/ipv4/inet_hashtables.c | 4 +-
net/ipv4/netfilter/nft_fib_ipv4.c | 3 +
net/ipv4/tcp.c | 19 +-
net/ipv4/tcp_input.c | 2 +-
net/ipv4/tcp_ipv4.c | 11 +-
net/ipv4/tcp_output.c | 19 +-
net/ipv4/udp.c | 6 +-
net/ipv6/netfilter/nft_fib_ipv6.c | 6 +-
net/ipv6/tcp_ipv6.c | 11 +-
net/ipv6/udp.c | 4 +-
net/mac80211/cfg.c | 3 -
net/openvswitch/datapath.c | 18 +-
net/rds/tcp.c | 2 +-
net/sctp/auth.c | 18 +-
net/unix/garbage.c | 20 ++
net/vmw_vsock/virtio_transport_common.c | 2 +-
net/xfrm/xfrm_ipcomp.c | 1 +
scripts/Kbuild.include | 23 +-
scripts/package/mkspec | 4 +-
scripts/selinux/install_policy.sh | 2 +-
security/Kconfig.hardening | 63 +++--
sound/core/pcm_dmaengine.c | 8 +-
sound/core/rawmidi.c | 2 -
sound/core/sound_oss.c | 13 +-
sound/pci/hda/hda_beep.c | 15 +-
sound/pci/hda/hda_beep.h | 1 +
sound/pci/hda/patch_hdmi.c | 6 -
sound/pci/hda/patch_realtek.c | 11 +-
sound/pci/hda/patch_sigmatel.c | 25 +-
sound/soc/codecs/da7219.c | 5 +-
sound/soc/codecs/mt6660.c | 8 +-
sound/soc/codecs/tas2764.c | 78 ++----
sound/soc/codecs/wcd9335.c | 2 +-
sound/soc/codecs/wcd934x.c | 2 +-
sound/soc/codecs/wm5102.c | 6 +-
sound/soc/codecs/wm5110.c | 6 +-
sound/soc/codecs/wm8997.c | 6 +-
sound/soc/fsl/eukrea-tlv320.c | 8 +-
sound/soc/sh/rcar/ctu.c | 6 +-
sound/soc/sh/rcar/dvc.c | 6 +-
sound/soc/sh/rcar/mix.c | 6 +-
sound/soc/sh/rcar/src.c | 5 +-
sound/soc/sh/rcar/ssi.c | 4 +-
sound/soc/sof/sof-pci-dev.c | 2 +-
sound/usb/endpoint.c | 6 +-
tools/bpf/bpftool/btf_dumper.c | 2 +-
tools/bpf/bpftool/main.c | 10 +
tools/lib/bpf/xsk.c | 6 +-
tools/objtool/elf.c | 7 +-
tools/perf/util/intel-pt.c | 9 +-
.../selftests/arm64/signal/testcases/testcases.c | 2 +-
tools/testing/selftests/tpm2/tpm2.py | 4 +
380 files changed, 3236 insertions(+), 1455 deletions(-)
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 001/390] ALSA: oss: Fix potential deadlock at unregistration
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
@ 2022-10-24 11:26 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 002/390] ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() Greg Kroah-Hartman
` (394 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai
From: Takashi Iwai <tiwai@suse.de>
commit 97d917879d7f92df09c3f21fd54609a8bcd654b2 upstream.
We took sound_oss_mutex around the calls of unregister_sound_special()
at unregistering OSS devices. This may, however, lead to a deadlock,
because we manage the card release via the card's device object, and
the release may happen at unregister_sound_special() call -- which
will take sound_oss_mutex again in turn.
Although the deadlock might be fixed by relaxing the rawmidi mutex in
the previous commit, it's safer to move unregister_sound_special()
calls themselves out of the sound_oss_mutex, too. The call is
race-safe as the function has a spinlock protection by itself.
Link: https://lore.kernel.org/r/CAB7eexJP7w1B0mVgDF0dQ+gWor7UdkiwPczmL7pn91xx8xpzOA@mail.gmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20221011070147.7611-2-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/core/sound_oss.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
--- a/sound/core/sound_oss.c
+++ b/sound/core/sound_oss.c
@@ -162,7 +162,6 @@ int snd_unregister_oss_device(int type,
mutex_unlock(&sound_oss_mutex);
return -ENOENT;
}
- unregister_sound_special(minor);
switch (SNDRV_MINOR_OSS_DEVICE(minor)) {
case SNDRV_MINOR_OSS_PCM:
track2 = SNDRV_MINOR_OSS(cidx, SNDRV_MINOR_OSS_AUDIO);
@@ -174,12 +173,18 @@ int snd_unregister_oss_device(int type,
track2 = SNDRV_MINOR_OSS(cidx, SNDRV_MINOR_OSS_DMMIDI1);
break;
}
- if (track2 >= 0) {
- unregister_sound_special(track2);
+ if (track2 >= 0)
snd_oss_minors[track2] = NULL;
- }
snd_oss_minors[minor] = NULL;
mutex_unlock(&sound_oss_mutex);
+
+ /* call unregister_sound_special() outside sound_oss_mutex;
+ * otherwise may deadlock, as it can trigger the release of a card
+ */
+ unregister_sound_special(minor);
+ if (track2 >= 0)
+ unregister_sound_special(track2);
+
kfree(mptr);
return 0;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 002/390] ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 001/390] ALSA: oss: Fix potential deadlock at unregistration Greg Kroah-Hartman
@ 2022-10-24 11:26 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 003/390] ALSA: usb-audio: Fix potential memory leaks Greg Kroah-Hartman
` (393 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai
From: Takashi Iwai <tiwai@suse.de>
commit a70aef7982b012e86dfd39fbb235e76a21ae778a upstream.
The register_mutex taken around the dev_unregister callback call in
snd_rawmidi_free() may potentially lead to a mutex deadlock, when OSS
emulation and a hot unplug are involved.
Since the mutex doesn't protect the actual race (as the registration
itself is already protected by another means), let's drop it.
Link: https://lore.kernel.org/r/CAB7eexJP7w1B0mVgDF0dQ+gWor7UdkiwPczmL7pn91xx8xpzOA@mail.gmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20221011070147.7611-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/core/rawmidi.c | 2 --
1 file changed, 2 deletions(-)
--- a/sound/core/rawmidi.c
+++ b/sound/core/rawmidi.c
@@ -1736,10 +1736,8 @@ static int snd_rawmidi_free(struct snd_r
snd_info_free_entry(rmidi->proc_entry);
rmidi->proc_entry = NULL;
- mutex_lock(®ister_mutex);
if (rmidi->ops && rmidi->ops->dev_unregister)
rmidi->ops->dev_unregister(rmidi);
- mutex_unlock(®ister_mutex);
snd_rawmidi_free_substreams(&rmidi->streams[SNDRV_RAWMIDI_STREAM_INPUT]);
snd_rawmidi_free_substreams(&rmidi->streams[SNDRV_RAWMIDI_STREAM_OUTPUT]);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 003/390] ALSA: usb-audio: Fix potential memory leaks
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 001/390] ALSA: oss: Fix potential deadlock at unregistration Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 002/390] ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() Greg Kroah-Hartman
@ 2022-10-24 11:26 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 004/390] ALSA: usb-audio: Fix NULL dererence at error path Greg Kroah-Hartman
` (392 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai
From: Takashi Iwai <tiwai@suse.de>
commit 6382da0828995af87aa8b8bef28cc61aceb4aff3 upstream.
When the driver hits -ENOMEM at allocating a URB or a buffer, it
aborts and goes to the error path that releases the all previously
allocated resources. However, when -ENOMEM hits at the middle of the
sync EP URB allocation loop, the partially allocated URBs might be
left without released, because ep->nurbs is still zero at that point.
Fix it by setting ep->nurbs at first, so that the error handler loops
over the full URB list.
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220930100151.19461-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/endpoint.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/sound/usb/endpoint.c
+++ b/sound/usb/endpoint.c
@@ -998,6 +998,7 @@ static int sync_ep_set_params(struct snd
if (!ep->syncbuf)
return -ENOMEM;
+ ep->nurbs = SYNC_URBS;
for (i = 0; i < SYNC_URBS; i++) {
struct snd_urb_ctx *u = &ep->urb[i];
u->index = i;
@@ -1017,8 +1018,6 @@ static int sync_ep_set_params(struct snd
u->urb->complete = snd_complete_urb;
}
- ep->nurbs = SYNC_URBS;
-
return 0;
out_of_memory:
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 004/390] ALSA: usb-audio: Fix NULL dererence at error path
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2022-10-24 11:26 ` [PATCH 5.10 003/390] ALSA: usb-audio: Fix potential memory leaks Greg Kroah-Hartman
@ 2022-10-24 11:26 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 005/390] ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 Greg Kroah-Hartman
` (391 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Sabri N. Ferreiro, Takashi Iwai
From: Takashi Iwai <tiwai@suse.de>
commit 568be8aaf8a535f79c4db76cabe17b035aa2584d upstream.
At an error path to release URB buffers and contexts, the driver might
hit a NULL dererence for u->urb pointer, when u->buffer_size has been
already set but the actual URB allocation failed.
Fix it by adding the NULL check of urb. Also, make sure that
buffer_size is cleared after the error path or the close.
Cc: <stable@vger.kernel.org>
Reported-by: Sabri N. Ferreiro <snferreiro1@gmail.com>
Link: https://lore.kernel.org/r/CAKG+3NRjTey+fFfUEGwuxL-pi_=T4cUskYG9OzpzHytF+tzYng@mail.gmail.com
Link: https://lore.kernel.org/r/20220930100129.19445-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/endpoint.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/sound/usb/endpoint.c
+++ b/sound/usb/endpoint.c
@@ -73,12 +73,13 @@ static inline unsigned get_usb_high_spee
*/
static void release_urb_ctx(struct snd_urb_ctx *u)
{
- if (u->buffer_size)
+ if (u->urb && u->buffer_size)
usb_free_coherent(u->ep->chip->dev, u->buffer_size,
u->urb->transfer_buffer,
u->urb->transfer_dma);
usb_free_urb(u->urb);
u->urb = NULL;
+ u->buffer_size = 0;
}
static const char *usb_error_string(int err)
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 005/390] ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2022-10-24 11:26 ` [PATCH 5.10 004/390] ALSA: usb-audio: Fix NULL dererence at error path Greg Kroah-Hartman
@ 2022-10-24 11:26 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 006/390] ALSA: hda/realtek: Correct pin configs for ASUS G533Z Greg Kroah-Hartman
` (390 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Callum Osmotherly, Takashi Iwai
From: Callum Osmotherly <callum.osmotherly@gmail.com>
commit 417b9c51f59734d852e47252476fadc293ad994a upstream.
After some feedback from users with Dell Precision 5530 machines, this
patch reverts the previous change to add ALC289_FIXUP_DUAL_SPK.
While it improved the speaker output quality, it caused the headphone
jack to have an audible "pop" sound when power saving was toggled.
Fixes: 1885ff13d4c4 ("ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop")
Signed-off-by: Callum Osmotherly <callum.osmotherly@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/Yz0uyN1zwZhnyRD6@piranha
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 1 -
1 file changed, 1 deletion(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -8774,7 +8774,6 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x1028, 0x0871, "Dell Precision 3630", ALC255_FIXUP_DELL_HEADSET_MIC),
SND_PCI_QUIRK(0x1028, 0x0872, "Dell Precision 3630", ALC255_FIXUP_DELL_HEADSET_MIC),
SND_PCI_QUIRK(0x1028, 0x0873, "Dell Precision 3930", ALC255_FIXUP_DUMMY_LINEOUT_VERB),
- SND_PCI_QUIRK(0x1028, 0x087d, "Dell Precision 5530", ALC289_FIXUP_DUAL_SPK),
SND_PCI_QUIRK(0x1028, 0x08ad, "Dell WYSE AIO", ALC225_FIXUP_DELL_WYSE_AIO_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1028, 0x08ae, "Dell WYSE NB", ALC225_FIXUP_DELL1_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1028, 0x0935, "Dell", ALC274_FIXUP_DELL_AIO_LINEOUT_VERB),
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 006/390] ALSA: hda/realtek: Correct pin configs for ASUS G533Z
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2022-10-24 11:26 ` [PATCH 5.10 005/390] ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 Greg Kroah-Hartman
@ 2022-10-24 11:26 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 007/390] ALSA: hda/realtek: Add quirk for ASUS GV601R laptop Greg Kroah-Hartman
` (389 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Luke D. Jones, Takashi Iwai
From: Luke D. Jones <luke@ljones.dev>
commit 66ba7c88507344dee68ad1acbdb630473ab36114 upstream.
The initial fix for ASUS G533Z was based on faulty information. This
fixes the pincfg to values that have been verified with no existing
module options or other hacks enabled.
Enables headphone jack, and 5.1 surround.
[ corrected the indent level by tiwai ]
Fixes: bc2c23549ccd ("ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack")
Signed-off-by: Luke D. Jones <luke@ljones.dev>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20221010065702.35190-1-luke@ljones.dev
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -8164,11 +8164,13 @@ static const struct hda_fixup alc269_fix
[ALC285_FIXUP_ASUS_G533Z_PINS] = {
.type = HDA_FIXUP_PINS,
.v.pins = (const struct hda_pintbl[]) {
- { 0x14, 0x90170120 },
+ { 0x14, 0x90170152 }, /* Speaker Surround Playback Switch */
+ { 0x19, 0x03a19020 }, /* Mic Boost Volume */
+ { 0x1a, 0x03a11c30 }, /* Mic Boost Volume */
+ { 0x1e, 0x90170151 }, /* Rear jack, IN OUT EAPD Detect */
+ { 0x21, 0x03211420 },
{ }
},
- .chained = true,
- .chain_id = ALC294_FIXUP_ASUS_G513_PINS,
},
[ALC294_FIXUP_ASUS_COEF_1B] = {
.type = HDA_FIXUP_VERBS,
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 007/390] ALSA: hda/realtek: Add quirk for ASUS GV601R laptop
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2022-10-24 11:26 ` [PATCH 5.10 006/390] ALSA: hda/realtek: Correct pin configs for ASUS G533Z Greg Kroah-Hartman
@ 2022-10-24 11:26 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 008/390] ALSA: hda/realtek: Add Intel Reference SSID to support headset keys Greg Kroah-Hartman
` (388 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Luke D. Jones, Takashi Iwai
From: Luke D. Jones <luke@ljones.dev>
commit 2ea8e1297801f7b0220ebf6ae61a5b74ca83981e upstream.
The ASUS ROG X16 (GV601R) series laptop has the same node-to-DAC pairs
as early models and the G14, this includes bass speakers which are by
default mapped incorrectly to the 0x06 node.
Add a quirk to use the same DAC pairs as the G14.
Signed-off-by: Luke D. Jones <luke@ljones.dev>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20221010070347.36883-1-luke@ljones.dev
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -8964,6 +8964,7 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x1043, 0x1e8e, "ASUS Zephyrus G15", ALC289_FIXUP_ASUS_GA401),
SND_PCI_QUIRK(0x1043, 0x1c52, "ASUS Zephyrus G15 2022", ALC289_FIXUP_ASUS_GA401),
SND_PCI_QUIRK(0x1043, 0x1f11, "ASUS Zephyrus G14", ALC289_FIXUP_ASUS_GA401),
+ SND_PCI_QUIRK(0x1043, 0x1f92, "ASUS ROG Flow X16", ALC289_FIXUP_ASUS_GA401),
SND_PCI_QUIRK(0x1043, 0x3030, "ASUS ZN270IE", ALC256_FIXUP_ASUS_AIO_GPIO2),
SND_PCI_QUIRK(0x1043, 0x831a, "ASUS P901", ALC269_FIXUP_STEREO_DMIC),
SND_PCI_QUIRK(0x1043, 0x834a, "ASUS S101", ALC269_FIXUP_STEREO_DMIC),
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 008/390] ALSA: hda/realtek: Add Intel Reference SSID to support headset keys
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2022-10-24 11:26 ` [PATCH 5.10 007/390] ALSA: hda/realtek: Add quirk for ASUS GV601R laptop Greg Kroah-Hartman
@ 2022-10-24 11:26 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 009/390] mtd: rawnand: atmel: Unmap streaming DMA mappings Greg Kroah-Hartman
` (387 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Saranya Gopal, Ninad Naik, Takashi Iwai
From: Saranya Gopal <saranya.gopal@intel.com>
commit 4f2e56a59b9947b3e698d3cabcb858765c12b1e8 upstream.
This patch fixes the issue with 3.5mm headset keys
on RPL-P platform.
[ Rearranged the entry in SSID order by tiwai ]
Signed-off-by: Saranya Gopal <saranya.gopal@intel.com>
Signed-off-by: Ninad Naik <ninad.naik@intel.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20221011044916.2278867-1-saranya.gopal@intel.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -8986,6 +8986,7 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x10ec, 0x10f2, "Intel Reference board", ALC700_FIXUP_INTEL_REFERENCE),
SND_PCI_QUIRK(0x10ec, 0x118c, "Medion EE4254 MD62100", ALC256_FIXUP_MEDION_HEADSET_NO_PRESENCE),
SND_PCI_QUIRK(0x10ec, 0x1230, "Intel Reference board", ALC295_FIXUP_CHROME_BOOK),
+ SND_PCI_QUIRK(0x10ec, 0x124c, "Intel Reference board", ALC295_FIXUP_CHROME_BOOK),
SND_PCI_QUIRK(0x10ec, 0x1252, "Intel Reference board", ALC295_FIXUP_CHROME_BOOK),
SND_PCI_QUIRK(0x10ec, 0x1254, "Intel Reference board", ALC295_FIXUP_CHROME_BOOK),
SND_PCI_QUIRK(0x10f7, 0x8338, "Panasonic CF-SZ6", ALC269_FIXUP_HEADSET_MODE),
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 009/390] mtd: rawnand: atmel: Unmap streaming DMA mappings
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2022-10-24 11:26 ` [PATCH 5.10 008/390] ALSA: hda/realtek: Add Intel Reference SSID to support headset keys Greg Kroah-Hartman
@ 2022-10-24 11:26 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 010/390] cifs: destage dirty pages before re-reading them for cache=none Greg Kroah-Hartman
` (386 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tudor Ambarus, Alexander Dahl,
Peter Rosin, Boris Brezillon, Miquel Raynal
From: Tudor Ambarus <tudor.ambarus@microchip.com>
commit 1161703c9bd664da5e3b2eb1a3bb40c210e026ea upstream.
Every dma_map_single() call should have its dma_unmap_single() counterpart,
because the DMA address space is a shared resource and one could render the
machine unusable by consuming all DMA addresses.
Link: https://lore.kernel.org/lkml/13c6c9a2-6db5-c3bf-349b-4c127ad3496a@axentia.se/
Cc: stable@vger.kernel.org
Fixes: f88fc122cc34 ("mtd: nand: Cleanup/rework the atmel_nand driver")
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Acked-by: Alexander Dahl <ada@thorsis.com>
Reported-by: Peter Rosin <peda@axentia.se>
Tested-by: Alexander Dahl <ada@thorsis.com>
Reviewed-by: Boris Brezillon <boris.brezillon@collabora.com>
Tested-by: Peter Rosin <peda@axentia.se>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220728074014.145406-1-tudor.ambarus@microchip.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/raw/atmel/nand-controller.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/mtd/nand/raw/atmel/nand-controller.c
+++ b/drivers/mtd/nand/raw/atmel/nand-controller.c
@@ -405,6 +405,7 @@ static int atmel_nand_dma_transfer(struc
dma_async_issue_pending(nc->dmac);
wait_for_completion(&finished);
+ dma_unmap_single(nc->dev, buf_dma, len, dir);
return 0;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 010/390] cifs: destage dirty pages before re-reading them for cache=none
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2022-10-24 11:26 ` [PATCH 5.10 009/390] mtd: rawnand: atmel: Unmap streaming DMA mappings Greg Kroah-Hartman
@ 2022-10-24 11:26 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 011/390] cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message Greg Kroah-Hartman
` (385 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paulo Alcantara (SUSE),
Enzo Matsumiya, Ronnie Sahlberg, Steve French
From: Ronnie Sahlberg <lsahlber@redhat.com>
commit bb44c31cdcac107344dd2fcc3bd0504a53575c51 upstream.
This is the opposite case of kernel bugzilla 216301.
If we mmap a file using cache=none and then proceed to update the mmapped
area these updates are not reflected in a later pread() of that part of the
file.
To fix this we must first destage any dirty pages in the range before
we allow the pread() to proceed.
Cc: stable@vger.kernel.org
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Reviewed-by: Enzo Matsumiya <ematsumiya@suse.de>
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/file.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -3936,6 +3936,15 @@ static ssize_t __cifs_readv(
len = ctx->len;
}
+ if (direct) {
+ rc = filemap_write_and_wait_range(file->f_inode->i_mapping,
+ offset, offset + len - 1);
+ if (rc) {
+ kref_put(&ctx->refcount, cifs_aio_ctx_release);
+ return -EAGAIN;
+ }
+ }
+
/* grab a lock here due to read response handlers can access ctx */
mutex_lock(&ctx->aio_mutex);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 011/390] cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2022-10-24 11:26 ` [PATCH 5.10 010/390] cifs: destage dirty pages before re-reading them for cache=none Greg Kroah-Hartman
@ 2022-10-24 11:26 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 012/390] iio: dac: ad5593r: Fix i2c read protocol requirements Greg Kroah-Hartman
` (384 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Xiaoxu, Paulo Alcantara (SUSE),
Tom Talpey, Steve French
From: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
commit e98ecc6e94f4e6d21c06660b0f336df02836694f upstream.
Commit d5c7076b772a ("smb3: add smb3.1.1 to default dialect list")
extend the dialects from 3 to 4, but forget to decrease the extended
length when specific the dialect, then the message length is larger
than expected.
This maybe leak some info through network because not initialize the
message body.
After apply this patch, the VALIDATE_NEGOTIATE_INFO message length is
reduced from 28 bytes to 26 bytes.
Fixes: d5c7076b772a ("smb3: add smb3.1.1 to default dialect list")
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Cc: <stable@vger.kernel.org>
Acked-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Reviewed-by: Tom Talpey <tom@talpey.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/smb2pdu.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -1075,9 +1075,9 @@ int smb3_validate_negotiate(const unsign
pneg_inbuf->Dialects[0] =
cpu_to_le16(server->vals->protocol_id);
pneg_inbuf->DialectCount = cpu_to_le16(1);
- /* structure is big enough for 3 dialects, sending only 1 */
+ /* structure is big enough for 4 dialects, sending only 1 */
inbuflen = sizeof(*pneg_inbuf) -
- sizeof(pneg_inbuf->Dialects[0]) * 2;
+ sizeof(pneg_inbuf->Dialects[0]) * 3;
}
rc = SMB2_ioctl(xid, tcon, NO_FILE_ID, NO_FILE_ID,
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 012/390] iio: dac: ad5593r: Fix i2c read protocol requirements
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2022-10-24 11:26 ` [PATCH 5.10 011/390] cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message Greg Kroah-Hartman
@ 2022-10-24 11:26 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 013/390] iio: ltc2497: Fix reading conversion results Greg Kroah-Hartman
` (383 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Hennerich, Nuno Sá,
Stable, Jonathan Cameron
From: Michael Hennerich <michael.hennerich@analog.com>
commit 558a25f903b4af6361b7fbeea08a6446a0745653 upstream.
For reliable operation across the full range of supported
interface rates, the AD5593R needs a STOP condition between
address write, and data read (like show in the datasheet Figure 40)
so in turn i2c_smbus_read_word_swapped cannot be used.
While at it, a simple helper was added to make the code simpler.
Fixes: 56ca9db862bf ("iio: dac: Add support for the AD5592R/AD5593R ADCs/DACs")
Signed-off-by: Michael Hennerich <michael.hennerich@analog.com>
Signed-off-by: Nuno Sá <nuno.sa@analog.com>
Cc: <Stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220913073413.140475-2-nuno.sa@analog.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/dac/ad5593r.c | 46 +++++++++++++++++++++++++++-------------------
1 file changed, 27 insertions(+), 19 deletions(-)
--- a/drivers/iio/dac/ad5593r.c
+++ b/drivers/iio/dac/ad5593r.c
@@ -13,6 +13,8 @@
#include <linux/module.h>
#include <linux/mod_devicetable.h>
+#include <asm/unaligned.h>
+
#define AD5593R_MODE_CONF (0 << 4)
#define AD5593R_MODE_DAC_WRITE (1 << 4)
#define AD5593R_MODE_ADC_READBACK (4 << 4)
@@ -20,6 +22,24 @@
#define AD5593R_MODE_GPIO_READBACK (6 << 4)
#define AD5593R_MODE_REG_READBACK (7 << 4)
+static int ad5593r_read_word(struct i2c_client *i2c, u8 reg, u16 *value)
+{
+ int ret;
+ u8 buf[2];
+
+ ret = i2c_smbus_write_byte(i2c, reg);
+ if (ret < 0)
+ return ret;
+
+ ret = i2c_master_recv(i2c, buf, sizeof(buf));
+ if (ret < 0)
+ return ret;
+
+ *value = get_unaligned_be16(buf);
+
+ return 0;
+}
+
static int ad5593r_write_dac(struct ad5592r_state *st, unsigned chan, u16 value)
{
struct i2c_client *i2c = to_i2c_client(st->dev);
@@ -38,13 +58,7 @@ static int ad5593r_read_adc(struct ad559
if (val < 0)
return (int) val;
- val = i2c_smbus_read_word_swapped(i2c, AD5593R_MODE_ADC_READBACK);
- if (val < 0)
- return (int) val;
-
- *value = (u16) val;
-
- return 0;
+ return ad5593r_read_word(i2c, AD5593R_MODE_ADC_READBACK, value);
}
static int ad5593r_reg_write(struct ad5592r_state *st, u8 reg, u16 value)
@@ -58,25 +72,19 @@ static int ad5593r_reg_write(struct ad55
static int ad5593r_reg_read(struct ad5592r_state *st, u8 reg, u16 *value)
{
struct i2c_client *i2c = to_i2c_client(st->dev);
- s32 val;
-
- val = i2c_smbus_read_word_swapped(i2c, AD5593R_MODE_REG_READBACK | reg);
- if (val < 0)
- return (int) val;
- *value = (u16) val;
-
- return 0;
+ return ad5593r_read_word(i2c, AD5593R_MODE_REG_READBACK | reg, value);
}
static int ad5593r_gpio_read(struct ad5592r_state *st, u8 *value)
{
struct i2c_client *i2c = to_i2c_client(st->dev);
- s32 val;
+ u16 val;
+ int ret;
- val = i2c_smbus_read_word_swapped(i2c, AD5593R_MODE_GPIO_READBACK);
- if (val < 0)
- return (int) val;
+ ret = ad5593r_read_word(i2c, AD5593R_MODE_GPIO_READBACK, &val);
+ if (ret)
+ return ret;
*value = (u8) val;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 013/390] iio: ltc2497: Fix reading conversion results
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2022-10-24 11:26 ` [PATCH 5.10 012/390] iio: dac: ad5593r: Fix i2c read protocol requirements Greg Kroah-Hartman
@ 2022-10-24 11:26 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 014/390] iio: adc: ad7923: fix channel readings for some variants Greg Kroah-Hartman
` (382 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Meng Li, Uwe Kleine-König,
Denys Zagorui, Stable, Jonathan Cameron
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
commit 7f4f1096d5921f5d90547596f9ce80e0b924f887 upstream.
After the result of the previous conversion is read the chip
automatically starts a new conversion and doesn't accept new i2c
transfers until this conversion is completed which makes the function
return failure.
So add an early return iff the programming of the new address isn't
needed. Note this will not fix the problem in general, but all cases
that are currently used. Once this changes we get the failure back, but
this can be addressed when the need arises.
Fixes: 69548b7c2c4f ("iio: adc: ltc2497: split protocol independent part in a separate module ")
Reported-by: Meng Li <Meng.Li@windriver.com>
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Tested-by: Denys Zagorui <dzagorui@cisco.com>
Cc: <Stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220815091647.1523532-1-dzagorui@cisco.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/adc/ltc2497.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- a/drivers/iio/adc/ltc2497.c
+++ b/drivers/iio/adc/ltc2497.c
@@ -41,6 +41,19 @@ static int ltc2497_result_and_measure(st
}
*val = (be32_to_cpu(st->buf) >> 14) - (1 << 17);
+
+ /*
+ * The part started a new conversion at the end of the above i2c
+ * transfer, so if the address didn't change since the last call
+ * everything is fine and we can return early.
+ * If not (which should only happen when some sort of bulk
+ * conversion is implemented) we have to program the new
+ * address. Note that this probably fails as the conversion that
+ * was triggered above is like not complete yet and the two
+ * operations have to be done in a single transfer.
+ */
+ if (ddata->addr_prev == address)
+ return 0;
}
ret = i2c_smbus_write_byte(st->client,
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 014/390] iio: adc: ad7923: fix channel readings for some variants
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2022-10-24 11:26 ` [PATCH 5.10 013/390] iio: ltc2497: Fix reading conversion results Greg Kroah-Hartman
@ 2022-10-24 11:26 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 015/390] iio: pressure: dps310: Refactor startup procedure Greg Kroah-Hartman
` (381 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nuno Sá, Stable, Jonathan Cameron
From: Nuno Sá <nuno.sa@analog.com>
commit f4f43f01cff2f29779343ade755191afd2581c77 upstream.
Some of the supported devices have 4 or 2 LSB trailing bits that should
not be taken into account. Hence we need to shift these bits out which
fits perfectly on the scan type shift property. This change fixes both
raw and buffered reads.
Fixes: f2f7a449707e ("iio:adc:ad7923: Add support for the ad7904/ad7914/ad7924")
Fixes: 851644a60d20 ("iio: adc: ad7923: Add support for the ad7908/ad7918/ad7928")
Signed-off-by: Nuno Sá <nuno.sa@analog.com>
Link: https://lore.kernel.org/r/20220912081223.173584-2-nuno.sa@analog.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/adc/ad7923.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/iio/adc/ad7923.c
+++ b/drivers/iio/adc/ad7923.c
@@ -93,6 +93,7 @@ enum ad7923_id {
.sign = 'u', \
.realbits = (bits), \
.storagebits = 16, \
+ .shift = 12 - (bits), \
.endianness = IIO_BE, \
}, \
}
@@ -274,7 +275,8 @@ static int ad7923_read_raw(struct iio_de
return ret;
if (chan->address == EXTRACT(ret, 12, 4))
- *val = EXTRACT(ret, 0, 12);
+ *val = EXTRACT(ret, chan->scan_type.shift,
+ chan->scan_type.realbits);
else
return -EIO;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 015/390] iio: pressure: dps310: Refactor startup procedure
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2022-10-24 11:26 ` [PATCH 5.10 014/390] iio: adc: ad7923: fix channel readings for some variants Greg Kroah-Hartman
@ 2022-10-24 11:26 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 016/390] iio: pressure: dps310: Reset chip after timeout Greg Kroah-Hartman
` (380 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eddie James, Joel Stanley,
Andy Shevchenko, Jonathan Cameron
From: Eddie James <eajames@linux.ibm.com>
commit c2329717bdd3fa62f8a2f3d8d85ad0bee4556bd7 upstream.
Move the startup procedure into a function, and correct a missing
check on the return code for writing the PRS_CFG register.
Cc: <stable@vger.kernel.org>
Signed-off-by: Eddie James <eajames@linux.ibm.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Link: https://lore.kernel.org/r/20220915195719.136812-2-eajames@linux.ibm.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/pressure/dps310.c | 188 ++++++++++++++++++++++--------------------
1 file changed, 99 insertions(+), 89 deletions(-)
--- a/drivers/iio/pressure/dps310.c
+++ b/drivers/iio/pressure/dps310.c
@@ -159,6 +159,102 @@ static int dps310_get_coefs(struct dps31
return 0;
}
+/*
+ * Some versions of the chip will read temperatures in the ~60C range when
+ * it's actually ~20C. This is the manufacturer recommended workaround
+ * to correct the issue. The registers used below are undocumented.
+ */
+static int dps310_temp_workaround(struct dps310_data *data)
+{
+ int rc;
+ int reg;
+
+ rc = regmap_read(data->regmap, 0x32, ®);
+ if (rc)
+ return rc;
+
+ /*
+ * If bit 1 is set then the device is okay, and the workaround does not
+ * need to be applied
+ */
+ if (reg & BIT(1))
+ return 0;
+
+ rc = regmap_write(data->regmap, 0x0e, 0xA5);
+ if (rc)
+ return rc;
+
+ rc = regmap_write(data->regmap, 0x0f, 0x96);
+ if (rc)
+ return rc;
+
+ rc = regmap_write(data->regmap, 0x62, 0x02);
+ if (rc)
+ return rc;
+
+ rc = regmap_write(data->regmap, 0x0e, 0x00);
+ if (rc)
+ return rc;
+
+ return regmap_write(data->regmap, 0x0f, 0x00);
+}
+
+static int dps310_startup(struct dps310_data *data)
+{
+ int rc;
+ int ready;
+
+ /*
+ * Set up pressure sensor in single sample, one measurement per second
+ * mode
+ */
+ rc = regmap_write(data->regmap, DPS310_PRS_CFG, 0);
+ if (rc)
+ return rc;
+
+ /*
+ * Set up external (MEMS) temperature sensor in single sample, one
+ * measurement per second mode
+ */
+ rc = regmap_write(data->regmap, DPS310_TMP_CFG, DPS310_TMP_EXT);
+ if (rc)
+ return rc;
+
+ /* Temp and pressure shifts are disabled when PRC <= 8 */
+ rc = regmap_write_bits(data->regmap, DPS310_CFG_REG,
+ DPS310_PRS_SHIFT_EN | DPS310_TMP_SHIFT_EN, 0);
+ if (rc)
+ return rc;
+
+ /* MEAS_CFG doesn't update correctly unless first written with 0 */
+ rc = regmap_write_bits(data->regmap, DPS310_MEAS_CFG,
+ DPS310_MEAS_CTRL_BITS, 0);
+ if (rc)
+ return rc;
+
+ /* Turn on temperature and pressure measurement in the background */
+ rc = regmap_write_bits(data->regmap, DPS310_MEAS_CFG,
+ DPS310_MEAS_CTRL_BITS, DPS310_PRS_EN |
+ DPS310_TEMP_EN | DPS310_BACKGROUND);
+ if (rc)
+ return rc;
+
+ /*
+ * Calibration coefficients required for reporting temperature.
+ * They are available 40ms after the device has started
+ */
+ rc = regmap_read_poll_timeout(data->regmap, DPS310_MEAS_CFG, ready,
+ ready & DPS310_COEF_RDY, 10000, 40000);
+ if (rc)
+ return rc;
+
+ rc = dps310_get_coefs(data);
+ if (rc)
+ return rc;
+
+ return dps310_temp_workaround(data);
+}
+
static int dps310_get_pres_precision(struct dps310_data *data)
{
int rc;
@@ -677,52 +773,12 @@ static const struct iio_info dps310_info
.write_raw = dps310_write_raw,
};
-/*
- * Some verions of chip will read temperatures in the ~60C range when
- * its actually ~20C. This is the manufacturer recommended workaround
- * to correct the issue. The registers used below are undocumented.
- */
-static int dps310_temp_workaround(struct dps310_data *data)
-{
- int rc;
- int reg;
-
- rc = regmap_read(data->regmap, 0x32, ®);
- if (rc < 0)
- return rc;
-
- /*
- * If bit 1 is set then the device is okay, and the workaround does not
- * need to be applied
- */
- if (reg & BIT(1))
- return 0;
-
- rc = regmap_write(data->regmap, 0x0e, 0xA5);
- if (rc < 0)
- return rc;
-
- rc = regmap_write(data->regmap, 0x0f, 0x96);
- if (rc < 0)
- return rc;
-
- rc = regmap_write(data->regmap, 0x62, 0x02);
- if (rc < 0)
- return rc;
-
- rc = regmap_write(data->regmap, 0x0e, 0x00);
- if (rc < 0)
- return rc;
-
- return regmap_write(data->regmap, 0x0f, 0x00);
-}
-
static int dps310_probe(struct i2c_client *client,
const struct i2c_device_id *id)
{
struct dps310_data *data;
struct iio_dev *iio;
- int rc, ready;
+ int rc;
iio = devm_iio_device_alloc(&client->dev, sizeof(*data));
if (!iio)
@@ -747,54 +803,8 @@ static int dps310_probe(struct i2c_clien
if (rc)
return rc;
- /*
- * Set up pressure sensor in single sample, one measurement per second
- * mode
- */
- rc = regmap_write(data->regmap, DPS310_PRS_CFG, 0);
-
- /*
- * Set up external (MEMS) temperature sensor in single sample, one
- * measurement per second mode
- */
- rc = regmap_write(data->regmap, DPS310_TMP_CFG, DPS310_TMP_EXT);
- if (rc < 0)
- return rc;
-
- /* Temp and pressure shifts are disabled when PRC <= 8 */
- rc = regmap_write_bits(data->regmap, DPS310_CFG_REG,
- DPS310_PRS_SHIFT_EN | DPS310_TMP_SHIFT_EN, 0);
- if (rc < 0)
- return rc;
-
- /* MEAS_CFG doesn't update correctly unless first written with 0 */
- rc = regmap_write_bits(data->regmap, DPS310_MEAS_CFG,
- DPS310_MEAS_CTRL_BITS, 0);
- if (rc < 0)
- return rc;
-
- /* Turn on temperature and pressure measurement in the background */
- rc = regmap_write_bits(data->regmap, DPS310_MEAS_CFG,
- DPS310_MEAS_CTRL_BITS, DPS310_PRS_EN |
- DPS310_TEMP_EN | DPS310_BACKGROUND);
- if (rc < 0)
- return rc;
-
- /*
- * Calibration coefficients required for reporting temperature.
- * They are available 40ms after the device has started
- */
- rc = regmap_read_poll_timeout(data->regmap, DPS310_MEAS_CFG, ready,
- ready & DPS310_COEF_RDY, 10000, 40000);
- if (rc < 0)
- return rc;
-
- rc = dps310_get_coefs(data);
- if (rc < 0)
- return rc;
-
- rc = dps310_temp_workaround(data);
- if (rc < 0)
+ rc = dps310_startup(data);
+ if (rc)
return rc;
rc = devm_iio_device_register(&client->dev, iio);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 016/390] iio: pressure: dps310: Reset chip after timeout
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2022-10-24 11:26 ` [PATCH 5.10 015/390] iio: pressure: dps310: Refactor startup procedure Greg Kroah-Hartman
@ 2022-10-24 11:26 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 017/390] usb: add quirks for Lenovo OneLink+ Dock Greg Kroah-Hartman
` (379 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eddie James, Andy Shevchenko,
Jonathan Cameron
From: Eddie James <eajames@linux.ibm.com>
commit 7b4ab4abcea4c0c10b25187bf2569e5a07e9a20c upstream.
The DPS310 chip has been observed to get "stuck" such that pressure
and temperature measurements are never indicated as "ready" in the
MEAS_CFG register. The only solution is to reset the device and try
again. In order to avoid continual failures, use a boolean flag to
only try the reset after timeout once if errors persist.
Fixes: ba6ec48e76bc ("iio: Add driver for Infineon DPS310")
Cc: <stable@vger.kernel.org>
Signed-off-by: Eddie James <eajames@linux.ibm.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Link: https://lore.kernel.org/r/20220915195719.136812-3-eajames@linux.ibm.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/pressure/dps310.c | 74 ++++++++++++++++++++++++++++++++++++------
1 file changed, 64 insertions(+), 10 deletions(-)
--- a/drivers/iio/pressure/dps310.c
+++ b/drivers/iio/pressure/dps310.c
@@ -89,6 +89,7 @@ struct dps310_data {
s32 c00, c10, c20, c30, c01, c11, c21;
s32 pressure_raw;
s32 temp_raw;
+ bool timeout_recovery_failed;
};
static const struct iio_chan_spec dps310_channels[] = {
@@ -393,11 +394,69 @@ static int dps310_get_temp_k(struct dps3
return scale_factors[ilog2(rc)];
}
+static int dps310_reset_wait(struct dps310_data *data)
+{
+ int rc;
+
+ rc = regmap_write(data->regmap, DPS310_RESET, DPS310_RESET_MAGIC);
+ if (rc)
+ return rc;
+
+ /* Wait for device chip access: 2.5ms in specification */
+ usleep_range(2500, 12000);
+ return 0;
+}
+
+static int dps310_reset_reinit(struct dps310_data *data)
+{
+ int rc;
+
+ rc = dps310_reset_wait(data);
+ if (rc)
+ return rc;
+
+ return dps310_startup(data);
+}
+
+static int dps310_ready_status(struct dps310_data *data, int ready_bit, int timeout)
+{
+ int sleep = DPS310_POLL_SLEEP_US(timeout);
+ int ready;
+
+ return regmap_read_poll_timeout(data->regmap, DPS310_MEAS_CFG, ready, ready & ready_bit,
+ sleep, timeout);
+}
+
+static int dps310_ready(struct dps310_data *data, int ready_bit, int timeout)
+{
+ int rc;
+
+ rc = dps310_ready_status(data, ready_bit, timeout);
+ if (rc) {
+ if (rc == -ETIMEDOUT && !data->timeout_recovery_failed) {
+ /* Reset and reinitialize the chip. */
+ if (dps310_reset_reinit(data)) {
+ data->timeout_recovery_failed = true;
+ } else {
+ /* Try again to get sensor ready status. */
+ if (dps310_ready_status(data, ready_bit, timeout))
+ data->timeout_recovery_failed = true;
+ else
+ return 0;
+ }
+ }
+
+ return rc;
+ }
+
+ data->timeout_recovery_failed = false;
+ return 0;
+}
+
static int dps310_read_pres_raw(struct dps310_data *data)
{
int rc;
int rate;
- int ready;
int timeout;
s32 raw;
u8 val[3];
@@ -409,9 +468,7 @@ static int dps310_read_pres_raw(struct d
timeout = DPS310_POLL_TIMEOUT_US(rate);
/* Poll for sensor readiness; base the timeout upon the sample rate. */
- rc = regmap_read_poll_timeout(data->regmap, DPS310_MEAS_CFG, ready,
- ready & DPS310_PRS_RDY,
- DPS310_POLL_SLEEP_US(timeout), timeout);
+ rc = dps310_ready(data, DPS310_PRS_RDY, timeout);
if (rc)
goto done;
@@ -448,7 +505,6 @@ static int dps310_read_temp_raw(struct d
{
int rc;
int rate;
- int ready;
int timeout;
if (mutex_lock_interruptible(&data->lock))
@@ -458,10 +514,8 @@ static int dps310_read_temp_raw(struct d
timeout = DPS310_POLL_TIMEOUT_US(rate);
/* Poll for sensor readiness; base the timeout upon the sample rate. */
- rc = regmap_read_poll_timeout(data->regmap, DPS310_MEAS_CFG, ready,
- ready & DPS310_TMP_RDY,
- DPS310_POLL_SLEEP_US(timeout), timeout);
- if (rc < 0)
+ rc = dps310_ready(data, DPS310_TMP_RDY, timeout);
+ if (rc)
goto done;
rc = dps310_read_temp_ready(data);
@@ -756,7 +810,7 @@ static void dps310_reset(void *action_da
{
struct dps310_data *data = action_data;
- regmap_write(data->regmap, DPS310_RESET, DPS310_RESET_MAGIC);
+ dps310_reset_wait(data);
}
static const struct regmap_config dps310_regmap_config = {
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 017/390] usb: add quirks for Lenovo OneLink+ Dock
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2022-10-24 11:26 ` [PATCH 5.10 016/390] iio: pressure: dps310: Reset chip after timeout Greg Kroah-Hartman
@ 2022-10-24 11:26 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 018/390] can: kvaser_usb: Fix use of uninitialized completion Greg Kroah-Hartman
` (378 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jean-Francois Le Fillatre, stable
From: Jean-Francois Le Fillatre <jflf_kernel@gmx.com>
commit 37d49519b41405b08748392c6a7f193d9f77ecd2 upstream.
The Lenovo OneLink+ Dock contains two VL812 USB3.0 controllers:
17ef:1018 upstream
17ef:1019 downstream
These hubs suffer from two separate problems:
1) After the host system was suspended and woken up, the hubs appear to
be in a random state. Some downstream ports (both internal to the
built-in audio and network controllers, and external to USB sockets)
may no longer be functional. The exact list of disabled ports (if
any) changes from wakeup to wakeup. Ports remain in that state until
the dock is power-cycled, or until the laptop is rebooted.
Wakeup sources connected to the hubs (keyboard, WoL on the integrated
gigabit controller) will wake the system up from suspend, but they
may no longer work after wakeup (and in that case will no longer work
as wakeup source in a subsequent suspend-wakeup cycle).
This issue appears in the logs with messages such as:
usb 1-6.1-port4: cannot disable (err = -71)
usb 1-6-port2: cannot disable (err = -71)
usb 1-6.1: clear tt 1 (80c0) error -71
usb 1-6-port4: cannot disable (err = -71)
usb 1-6.4: PM: dpm_run_callback(): usb_dev_resume+0x0/0x10 [usbcore] returns -71
usb 1-6.4: PM: failed to resume async: error -71
usb 1-7: reset full-speed USB device number 5 using xhci_hcd
usb 1-6.1-port1: cannot reset (err = -71)
usb 1-6.1-port1: cannot reset (err = -71)
usb 1-6.1-port1: cannot reset (err = -71)
usb 1-6.1-port1: cannot reset (err = -71)
usb 1-6.1-port1: cannot reset (err = -71)
usb 1-6.1-port1: Cannot enable. Maybe the USB cable is bad?
usb 1-6.1-port1: cannot disable (err = -71)
usb 1-6.1-port1: cannot reset (err = -71)
usb 1-6.1-port1: cannot reset (err = -71)
usb 1-6.1-port1: cannot reset (err = -71)
usb 1-6.1-port1: cannot reset (err = -71)
usb 1-6.1-port1: cannot reset (err = -71)
usb 1-6.1-port1: Cannot enable. Maybe the USB cable is bad?
usb 1-6.1-port1: cannot disable (err = -71)
2) Some USB devices cannot be enumerated properly. So far I have only
seen the issue with USB 3.0 devices. The same devices work without
problem directly connected to the host system, to other systems or to
other hubs (even when those hubs are connected to the OneLink+ dock).
One very reliable reproducer is this USB 3.0 HDD enclosure:
152d:9561 JMicron Technology Corp. / JMicron USA Technology Corp. Mobius
I have seen it happen sporadically with other USB 3.0 enclosures,
with controllers from different manufacturers, all self-powered.
Typical messages in the logs:
xhci_hcd 0000:00:14.0: Timeout while waiting for setup device command
xhci_hcd 0000:00:14.0: Timeout while waiting for setup device command
usb 2-1.4: device not accepting address 6, error -62
xhci_hcd 0000:00:14.0: Timeout while waiting for setup device command
xhci_hcd 0000:00:14.0: Timeout while waiting for setup device command
usb 2-1.4: device not accepting address 7, error -62
usb 2-1-port4: attempt power cycle
xhci_hcd 0000:00:14.0: Timeout while waiting for setup device command
xhci_hcd 0000:00:14.0: Timeout while waiting for setup device command
usb 2-1.4: device not accepting address 8, error -62
xhci_hcd 0000:00:14.0: Timeout while waiting for setup device command
xhci_hcd 0000:00:14.0: Timeout while waiting for setup device command
usb 2-1.4: device not accepting address 9, error -62
usb 2-1-port4: unable to enumerate USB device
Through trial and error, I found that the USB_QUIRK_RESET_RESUME solved
the second issue. Further testing then uncovered the first issue. Test
results are summarized in this table:
=======================================================================================
Settings USB2 hotplug USB3 hotplug State after waking up
---------------------------------------------------------------------------------------
power/control=auto works fails broken
usbcore.autosuspend=-1 works works broken
OR power/control=on
power/control=auto works (1) works (1) works
and USB_QUIRK_RESET_RESUME
power/control=on works works works
and USB_QUIRK_RESET_RESUME
HUB_QUIRK_DISABLE_AUTOSUSPEND works works works
and USB_QUIRK_RESET_RESUME
=======================================================================================
In those results, the power/control settings are applied to both hubs,
both on the USB2 and USB3 side, before each test.
>From those results, USB_QUIRK_RESET_RESUME is required to reset the hubs
properly after a suspend-wakeup cycle, and the hubs must not autosuspend
to work around the USB3 issue.
A secondary effect of USB_QUIRK_RESET_RESUME is to prevent the hubs'
upstream links from suspending (the downstream ports can still suspend).
This secondary effect is used in results (1). It is enough to solve the
USB3 problem.
Setting USB_QUIRK_RESET_RESUME on those hubs is the smallest patch that
solves both issues.
Prior to creating this patch, I have used the USB_QUIRK_RESET_RESUME via
the kernel command line for over a year without noticing any side
effect.
Thanks to Oliver Neukum @Suse for explanations of the operations of
USB_QUIRK_RESET_RESUME, and requesting more testing.
Signed-off-by: Jean-Francois Le Fillatre <jflf_kernel@gmx.com>
Cc: stable <stable@kernel.org>
Link: https://lore.kernel.org/r/20220927073407.5672-1-jflf_kernel@gmx.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/quirks.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/usb/core/quirks.c
+++ b/drivers/usb/core/quirks.c
@@ -438,6 +438,10 @@ static const struct usb_device_id usb_qu
{ USB_DEVICE(0x1532, 0x0116), .driver_info =
USB_QUIRK_LINEAR_UFRAME_INTR_BINTERVAL },
+ /* Lenovo ThinkPad OneLink+ Dock twin hub controllers (VIA Labs VL812) */
+ { USB_DEVICE(0x17ef, 0x1018), .driver_info = USB_QUIRK_RESET_RESUME },
+ { USB_DEVICE(0x17ef, 0x1019), .driver_info = USB_QUIRK_RESET_RESUME },
+
/* Lenovo USB-C to Ethernet Adapter RTL8153-04 */
{ USB_DEVICE(0x17ef, 0x720c), .driver_info = USB_QUIRK_NO_LPM },
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 018/390] can: kvaser_usb: Fix use of uninitialized completion
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2022-10-24 11:26 ` [PATCH 5.10 017/390] usb: add quirks for Lenovo OneLink+ Dock Greg Kroah-Hartman
@ 2022-10-24 11:26 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 019/390] can: kvaser_usb_leaf: Fix overread with an invalid command Greg Kroah-Hartman
` (377 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jimmy Assarsson, Anssi Hannula,
Marc Kleine-Budde
From: Anssi Hannula <anssi.hannula@bitwise.fi>
commit cd7f30e174d09a02ca2afa5ef093fb0f0352e0d8 upstream.
flush_comp is initialized when CMD_FLUSH_QUEUE is sent to the device and
completed when the device sends CMD_FLUSH_QUEUE_RESP.
This causes completion of uninitialized completion if the device sends
CMD_FLUSH_QUEUE_RESP before CMD_FLUSH_QUEUE is ever sent (e.g. as a
response to a flush by a previously bound driver, or a misbehaving
device).
Fix that by initializing flush_comp in kvaser_usb_init_one() like the
other completions.
This issue is only triggerable after RX URBs have been set up, i.e. the
interface has been opened at least once.
Cc: stable@vger.kernel.org
Fixes: aec5fb2268b7 ("can: kvaser_usb: Add support for Kvaser USB hydra family")
Tested-by: Jimmy Assarsson <extja@kvaser.com>
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Jimmy Assarsson <extja@kvaser.com>
Link: https://lore.kernel.org/all/20221010150829.199676-3-extja@kvaser.com
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 +
drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c
@@ -690,6 +690,7 @@ static int kvaser_usb_init_one(struct kv
init_usb_anchor(&priv->tx_submitted);
init_completion(&priv->start_comp);
init_completion(&priv->stop_comp);
+ init_completion(&priv->flush_comp);
priv->can.ctrlmode_supported = 0;
priv->dev = dev;
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c
@@ -1886,7 +1886,7 @@ static int kvaser_usb_hydra_flush_queue(
{
int err;
- init_completion(&priv->flush_comp);
+ reinit_completion(&priv->flush_comp);
err = kvaser_usb_hydra_send_simple_cmd(priv->dev, CMD_FLUSH_QUEUE,
priv->channel);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 019/390] can: kvaser_usb_leaf: Fix overread with an invalid command
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2022-10-24 11:26 ` [PATCH 5.10 018/390] can: kvaser_usb: Fix use of uninitialized completion Greg Kroah-Hartman
@ 2022-10-24 11:26 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 020/390] can: kvaser_usb_leaf: Fix TX queue out of sync after restart Greg Kroah-Hartman
` (376 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jimmy Assarsson, Anssi Hannula,
Marc Kleine-Budde
From: Anssi Hannula <anssi.hannula@bitwise.fi>
commit 1499ecaea9d2ba68d5e18d80573b4561a8dc4ee7 upstream.
For command events read from the device,
kvaser_usb_leaf_read_bulk_callback() verifies that cmd->len does not
exceed the size of the received data, but the actual kvaser_cmd handlers
will happily read any kvaser_cmd fields without checking for cmd->len.
This can cause an overread if the last cmd in the buffer is shorter than
expected for the command type (with cmd->len showing the actual short
size).
Maximum overread seems to be 22 bytes (CMD_LEAF_LOG_MESSAGE), some of
which are delivered to userspace as-is.
Fix that by verifying the length of command before handling it.
This issue can only occur after RX URBs have been set up, i.e. the
interface has been opened at least once.
Cc: stable@vger.kernel.org
Fixes: 080f40a6fa28 ("can: kvaser_usb: Add support for Kvaser CAN/USB devices")
Tested-by: Jimmy Assarsson <extja@kvaser.com>
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Jimmy Assarsson <extja@kvaser.com>
Link: https://lore.kernel.org/all/20221010150829.199676-2-extja@kvaser.com
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 75 +++++++++++++++++++++++
1 file changed, 75 insertions(+)
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
@@ -309,6 +309,38 @@ struct kvaser_cmd {
} u;
} __packed;
+#define CMD_SIZE_ANY 0xff
+#define kvaser_fsize(field) sizeof_field(struct kvaser_cmd, field)
+
+static const u8 kvaser_usb_leaf_cmd_sizes_leaf[] = {
+ [CMD_START_CHIP_REPLY] = kvaser_fsize(u.simple),
+ [CMD_STOP_CHIP_REPLY] = kvaser_fsize(u.simple),
+ [CMD_GET_CARD_INFO_REPLY] = kvaser_fsize(u.cardinfo),
+ [CMD_TX_ACKNOWLEDGE] = kvaser_fsize(u.tx_acknowledge_header),
+ [CMD_GET_SOFTWARE_INFO_REPLY] = kvaser_fsize(u.leaf.softinfo),
+ [CMD_RX_STD_MESSAGE] = kvaser_fsize(u.leaf.rx_can),
+ [CMD_RX_EXT_MESSAGE] = kvaser_fsize(u.leaf.rx_can),
+ [CMD_LEAF_LOG_MESSAGE] = kvaser_fsize(u.leaf.log_message),
+ [CMD_CHIP_STATE_EVENT] = kvaser_fsize(u.leaf.chip_state_event),
+ [CMD_CAN_ERROR_EVENT] = kvaser_fsize(u.leaf.error_event),
+ /* ignored events: */
+ [CMD_FLUSH_QUEUE_REPLY] = CMD_SIZE_ANY,
+};
+
+static const u8 kvaser_usb_leaf_cmd_sizes_usbcan[] = {
+ [CMD_START_CHIP_REPLY] = kvaser_fsize(u.simple),
+ [CMD_STOP_CHIP_REPLY] = kvaser_fsize(u.simple),
+ [CMD_GET_CARD_INFO_REPLY] = kvaser_fsize(u.cardinfo),
+ [CMD_TX_ACKNOWLEDGE] = kvaser_fsize(u.tx_acknowledge_header),
+ [CMD_GET_SOFTWARE_INFO_REPLY] = kvaser_fsize(u.usbcan.softinfo),
+ [CMD_RX_STD_MESSAGE] = kvaser_fsize(u.usbcan.rx_can),
+ [CMD_RX_EXT_MESSAGE] = kvaser_fsize(u.usbcan.rx_can),
+ [CMD_CHIP_STATE_EVENT] = kvaser_fsize(u.usbcan.chip_state_event),
+ [CMD_CAN_ERROR_EVENT] = kvaser_fsize(u.usbcan.error_event),
+ /* ignored events: */
+ [CMD_USBCAN_CLOCK_OVERFLOW_EVENT] = CMD_SIZE_ANY,
+};
+
/* Summary of a kvaser error event, for a unified Leaf/Usbcan error
* handling. Some discrepancies between the two families exist:
*
@@ -396,6 +428,43 @@ static const struct kvaser_usb_dev_cfg k
.bittiming_const = &kvaser_usb_flexc_bittiming_const,
};
+static int kvaser_usb_leaf_verify_size(const struct kvaser_usb *dev,
+ const struct kvaser_cmd *cmd)
+{
+ /* buffer size >= cmd->len ensured by caller */
+ u8 min_size = 0;
+
+ switch (dev->driver_info->family) {
+ case KVASER_LEAF:
+ if (cmd->id < ARRAY_SIZE(kvaser_usb_leaf_cmd_sizes_leaf))
+ min_size = kvaser_usb_leaf_cmd_sizes_leaf[cmd->id];
+ break;
+ case KVASER_USBCAN:
+ if (cmd->id < ARRAY_SIZE(kvaser_usb_leaf_cmd_sizes_usbcan))
+ min_size = kvaser_usb_leaf_cmd_sizes_usbcan[cmd->id];
+ break;
+ }
+
+ if (min_size == CMD_SIZE_ANY)
+ return 0;
+
+ if (min_size) {
+ min_size += CMD_HEADER_LEN;
+ if (cmd->len >= min_size)
+ return 0;
+
+ dev_err_ratelimited(&dev->intf->dev,
+ "Received command %u too short (size %u, needed %u)",
+ cmd->id, cmd->len, min_size);
+ return -EIO;
+ }
+
+ dev_warn_ratelimited(&dev->intf->dev,
+ "Unhandled command (%d, size %d)\n",
+ cmd->id, cmd->len);
+ return -EINVAL;
+}
+
static void *
kvaser_usb_leaf_frame_to_cmd(const struct kvaser_usb_net_priv *priv,
const struct sk_buff *skb, int *frame_len,
@@ -503,6 +572,9 @@ static int kvaser_usb_leaf_wait_cmd(cons
end:
kfree(buf);
+ if (err == 0)
+ err = kvaser_usb_leaf_verify_size(dev, cmd);
+
return err;
}
@@ -1137,6 +1209,9 @@ static void kvaser_usb_leaf_stop_chip_re
static void kvaser_usb_leaf_handle_command(const struct kvaser_usb *dev,
const struct kvaser_cmd *cmd)
{
+ if (kvaser_usb_leaf_verify_size(dev, cmd) < 0)
+ return;
+
switch (cmd->id) {
case CMD_START_CHIP_REPLY:
kvaser_usb_leaf_start_chip_reply(dev, cmd);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 020/390] can: kvaser_usb_leaf: Fix TX queue out of sync after restart
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2022-10-24 11:26 ` [PATCH 5.10 019/390] can: kvaser_usb_leaf: Fix overread with an invalid command Greg Kroah-Hartman
@ 2022-10-24 11:26 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 021/390] can: kvaser_usb_leaf: Fix CAN state " Greg Kroah-Hartman
` (375 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jimmy Assarsson, Anssi Hannula,
Marc Kleine-Budde
From: Anssi Hannula <anssi.hannula@bitwise.fi>
commit 455561fb618fde40558776b5b8435f9420f335db upstream.
The TX queue seems to be implicitly flushed by the hardware during
bus-off or bus-off recovery, but the driver does not reset the TX
bookkeeping.
Despite not resetting TX bookkeeping the driver still re-enables TX
queue unconditionally, leading to "cannot find free context" /
NETDEV_TX_BUSY errors if the TX queue was full at bus-off time.
Fix that by resetting TX bookkeeping on CAN restart.
Tested with 0bfd:0124 Kvaser Mini PCI Express 2xHS FW 4.18.778.
Cc: stable@vger.kernel.org
Fixes: 080f40a6fa28 ("can: kvaser_usb: Add support for Kvaser CAN/USB devices")
Tested-by: Jimmy Assarsson <extja@kvaser.com>
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Jimmy Assarsson <extja@kvaser.com>
Link: https://lore.kernel.org/all/20221010150829.199676-4-extja@kvaser.com
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/can/usb/kvaser_usb/kvaser_usb.h | 2 ++
drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 2 +-
drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 2 ++
3 files changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb.h
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb.h
@@ -178,6 +178,8 @@ struct kvaser_usb_dev_cfg {
extern const struct kvaser_usb_dev_ops kvaser_usb_hydra_dev_ops;
extern const struct kvaser_usb_dev_ops kvaser_usb_leaf_dev_ops;
+void kvaser_usb_unlink_tx_urbs(struct kvaser_usb_net_priv *priv);
+
int kvaser_usb_recv_cmd(const struct kvaser_usb *dev, void *cmd, int len,
int *actual_len);
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c
@@ -453,7 +453,7 @@ static void kvaser_usb_reset_tx_urb_cont
/* This method might sleep. Do not call it in the atomic context
* of URB completions.
*/
-static void kvaser_usb_unlink_tx_urbs(struct kvaser_usb_net_priv *priv)
+void kvaser_usb_unlink_tx_urbs(struct kvaser_usb_net_priv *priv)
{
usb_kill_anchored_urbs(&priv->tx_submitted);
kvaser_usb_reset_tx_urb_contexts(priv);
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
@@ -1430,6 +1430,8 @@ static int kvaser_usb_leaf_set_mode(stru
switch (mode) {
case CAN_MODE_START:
+ kvaser_usb_unlink_tx_urbs(priv);
+
err = kvaser_usb_leaf_simple_cmd_async(priv, CMD_START_CHIP);
if (err)
return err;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 021/390] can: kvaser_usb_leaf: Fix CAN state after restart
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2022-10-24 11:26 ` [PATCH 5.10 020/390] can: kvaser_usb_leaf: Fix TX queue out of sync after restart Greg Kroah-Hartman
@ 2022-10-24 11:26 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 022/390] mmc: sdhci-sprd: Fix minimum clock limit Greg Kroah-Hartman
` (374 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jimmy Assarsson, Anssi Hannula,
Marc Kleine-Budde
From: Anssi Hannula <anssi.hannula@bitwise.fi>
commit 0be1a655fe68c8e6dcadbcbddb69cf2fb29881f5 upstream.
can_restart() expects CMD_START_CHIP to set the error state to
ERROR_ACTIVE as it calls netif_carrier_on() immediately afterwards.
Otherwise the user may immediately trigger restart again and hit a
BUG_ON() in can_restart().
Fix kvaser_usb_leaf set_mode(CMD_START_CHIP) to set the expected state.
Cc: stable@vger.kernel.org
Fixes: 080f40a6fa28 ("can: kvaser_usb: Add support for Kvaser CAN/USB devices")
Tested-by: Jimmy Assarsson <extja@kvaser.com>
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Jimmy Assarsson <extja@kvaser.com>
Link: https://lore.kernel.org/all/20221010150829.199676-5-extja@kvaser.com
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
@@ -1435,6 +1435,8 @@ static int kvaser_usb_leaf_set_mode(stru
err = kvaser_usb_leaf_simple_cmd_async(priv, CMD_START_CHIP);
if (err)
return err;
+
+ priv->can.state = CAN_STATE_ERROR_ACTIVE;
break;
default:
return -EOPNOTSUPP;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 022/390] mmc: sdhci-sprd: Fix minimum clock limit
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2022-10-24 11:26 ` [PATCH 5.10 021/390] can: kvaser_usb_leaf: Fix CAN state " Greg Kroah-Hartman
@ 2022-10-24 11:26 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 023/390] fs: dlm: fix race between test_bit() and queue_work() Greg Kroah-Hartman
` (373 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wenchao Chen, Adrian Hunter, Ulf Hansson
From: Wenchao Chen <wenchao.chen@unisoc.com>
commit 6e141772e6465f937458b35ddcfd0a981b6f5280 upstream.
The Spreadtrum controller supports 100KHz minimal clock rate, which means
that the current value 400KHz is wrong.
Unfortunately this has also lead to fail to initialize some cards, which
are allowed to require 100KHz to work. So, let's fix the problem by
changing the minimal supported clock rate to 100KHz.
Signed-off-by: Wenchao Chen <wenchao.chen@unisoc.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Fixes: fb8bd90f83c4 ("mmc: sdhci-sprd: Add Spreadtrum's initial host controller")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20221011104935.10980-1-wenchao.chen666@gmail.com
[Ulf: Clarified to commit-message]
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/sdhci-sprd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/mmc/host/sdhci-sprd.c
+++ b/drivers/mmc/host/sdhci-sprd.c
@@ -296,7 +296,7 @@ static unsigned int sdhci_sprd_get_max_c
static unsigned int sdhci_sprd_get_min_clock(struct sdhci_host *host)
{
- return 400000;
+ return 100000;
}
static void sdhci_sprd_set_uhs_signaling(struct sdhci_host *host,
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 023/390] fs: dlm: fix race between test_bit() and queue_work()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2022-10-24 11:26 ` [PATCH 5.10 022/390] mmc: sdhci-sprd: Fix minimum clock limit Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 024/390] fs: dlm: handle -EBUSY first in lock arg validation Greg Kroah-Hartman
` (372 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexander Aring, David Teigland
From: Alexander Aring <aahringo@redhat.com>
commit eef6ec9bf390e836a6c4029f3620fe49528aa1fe upstream.
This patch fixes a race by using ls_cb_mutex around the bit
operations and conditional code blocks for LSFL_CB_DELAY.
The function dlm_callback_stop() expects to stop all callbacks and
flush all currently queued onces. The set_bit() is not enough because
there can still be queue_work() after the workqueue was flushed.
To avoid queue_work() after set_bit(), surround both by ls_cb_mutex.
Cc: stable@vger.kernel.org
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/dlm/ast.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/fs/dlm/ast.c
+++ b/fs/dlm/ast.c
@@ -198,13 +198,13 @@ void dlm_add_cb(struct dlm_lkb *lkb, uin
if (!prev_seq) {
kref_get(&lkb->lkb_ref);
+ mutex_lock(&ls->ls_cb_mutex);
if (test_bit(LSFL_CB_DELAY, &ls->ls_flags)) {
- mutex_lock(&ls->ls_cb_mutex);
list_add(&lkb->lkb_cb_list, &ls->ls_cb_delay);
- mutex_unlock(&ls->ls_cb_mutex);
} else {
queue_work(ls->ls_callback_wq, &lkb->lkb_cb_work);
}
+ mutex_unlock(&ls->ls_cb_mutex);
}
out:
mutex_unlock(&lkb->lkb_cb_mutex);
@@ -284,7 +284,9 @@ void dlm_callback_stop(struct dlm_ls *ls
void dlm_callback_suspend(struct dlm_ls *ls)
{
+ mutex_lock(&ls->ls_cb_mutex);
set_bit(LSFL_CB_DELAY, &ls->ls_flags);
+ mutex_unlock(&ls->ls_cb_mutex);
if (ls->ls_callback_wq)
flush_workqueue(ls->ls_callback_wq);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 024/390] fs: dlm: handle -EBUSY first in lock arg validation
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 023/390] fs: dlm: fix race between test_bit() and queue_work() Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 025/390] HID: multitouch: Add memory barriers Greg Kroah-Hartman
` (371 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexander Aring, David Teigland
From: Alexander Aring <aahringo@redhat.com>
commit 44637ca41d551d409a481117b07fa209b330fca9 upstream.
During lock arg validation, first check for -EBUSY cases, then for
-EINVAL cases. The -EINVAL checks look at lkb state variables
which are not stable when an lkb is busy and would cause an
-EBUSY result, e.g. lkb->lkb_grmode.
Cc: stable@vger.kernel.org
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/dlm/lock.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
--- a/fs/dlm/lock.c
+++ b/fs/dlm/lock.c
@@ -2888,24 +2888,24 @@ static int set_unlock_args(uint32_t flag
static int validate_lock_args(struct dlm_ls *ls, struct dlm_lkb *lkb,
struct dlm_args *args)
{
- int rv = -EINVAL;
+ int rv = -EBUSY;
if (args->flags & DLM_LKF_CONVERT) {
- if (lkb->lkb_flags & DLM_IFL_MSTCPY)
+ if (lkb->lkb_status != DLM_LKSTS_GRANTED)
goto out;
- if (args->flags & DLM_LKF_QUECVT &&
- !__quecvt_compat_matrix[lkb->lkb_grmode+1][args->mode+1])
+ if (lkb->lkb_wait_type)
goto out;
- rv = -EBUSY;
- if (lkb->lkb_status != DLM_LKSTS_GRANTED)
+ if (is_overlap(lkb))
goto out;
- if (lkb->lkb_wait_type)
+ rv = -EINVAL;
+ if (lkb->lkb_flags & DLM_IFL_MSTCPY)
goto out;
- if (is_overlap(lkb))
+ if (args->flags & DLM_LKF_QUECVT &&
+ !__quecvt_compat_matrix[lkb->lkb_grmode+1][args->mode+1])
goto out;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 025/390] HID: multitouch: Add memory barriers
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 024/390] fs: dlm: handle -EBUSY first in lock arg validation Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 026/390] quota: Check next/prev free block number after reading from quota file Greg Kroah-Hartman
` (370 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andri Yngvason, Benjamin Tissoires
From: Andri Yngvason <andri@yngvason.is>
commit be6e2b5734a425941fcdcdbd2a9337be498ce2cf upstream.
This fixes broken atomic checks which cause a race between the
release-timer and processing of hid input.
I noticed that contacts were sometimes sticking, even with the "sticky
fingers" quirk enabled. This fixes that problem.
Cc: stable@vger.kernel.org
Fixes: 9609827458c3 ("HID: multitouch: optimize the sticky fingers timer")
Signed-off-by: Andri Yngvason <andri@yngvason.is>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Link: https://lore.kernel.org/r/20220907150159.2285460-1-andri@yngvason.is
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/hid-multitouch.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/hid/hid-multitouch.c
+++ b/drivers/hid/hid-multitouch.c
@@ -1155,7 +1155,7 @@ static void mt_touch_report(struct hid_d
int contact_count = -1;
/* sticky fingers release in progress, abort */
- if (test_and_set_bit(MT_IO_FLAGS_RUNNING, &td->mt_io_flags))
+ if (test_and_set_bit_lock(MT_IO_FLAGS_RUNNING, &td->mt_io_flags))
return;
scantime = *app->scantime;
@@ -1236,7 +1236,7 @@ static void mt_touch_report(struct hid_d
del_timer(&td->release_timer);
}
- clear_bit(MT_IO_FLAGS_RUNNING, &td->mt_io_flags);
+ clear_bit_unlock(MT_IO_FLAGS_RUNNING, &td->mt_io_flags);
}
static int mt_touch_input_configured(struct hid_device *hdev,
@@ -1671,11 +1671,11 @@ static void mt_expired_timeout(struct ti
* An input report came in just before we release the sticky fingers,
* it will take care of the sticky fingers.
*/
- if (test_and_set_bit(MT_IO_FLAGS_RUNNING, &td->mt_io_flags))
+ if (test_and_set_bit_lock(MT_IO_FLAGS_RUNNING, &td->mt_io_flags))
return;
if (test_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags))
mt_release_contacts(hdev);
- clear_bit(MT_IO_FLAGS_RUNNING, &td->mt_io_flags);
+ clear_bit_unlock(MT_IO_FLAGS_RUNNING, &td->mt_io_flags);
}
static int mt_probe(struct hid_device *hdev, const struct hid_device_id *id)
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 026/390] quota: Check next/prev free block number after reading from quota file
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 025/390] HID: multitouch: Add memory barriers Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 027/390] platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure Greg Kroah-Hartman
` (369 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Zhihao Cheng, Jan Kara
From: Zhihao Cheng <chengzhihao1@huawei.com>
commit 6c8ea8b8cd4722efd419f91ca46a2dc81b7d89a3 upstream.
Following process:
Init: v2_read_file_info: <3> dqi_free_blk 0 dqi_free_entry 5 dqi_blks 6
Step 1. chown bin f_a -> dquot_acquire -> v2_write_dquot:
qtree_write_dquot
do_insert_tree
find_free_dqentry
get_free_dqblk
write_blk(info->dqi_blocks) // info->dqi_blocks = 6, failure. The
content in physical block (corresponding to blk 6) is random.
Step 2. chown root f_a -> dquot_transfer -> dqput_all -> dqput ->
ext4_release_dquot -> v2_release_dquot -> qtree_delete_dquot:
dquot_release
remove_tree
free_dqentry
put_free_dqblk(6)
info->dqi_free_blk = blk // info->dqi_free_blk = 6
Step 3. drop cache (buffer head for block 6 is released)
Step 4. chown bin f_b -> dquot_acquire -> commit_dqblk -> v2_write_dquot:
qtree_write_dquot
do_insert_tree
find_free_dqentry
get_free_dqblk
dh = (struct qt_disk_dqdbheader *)buf
blk = info->dqi_free_blk // 6
ret = read_blk(info, blk, buf) // The content of buf is random
info->dqi_free_blk = le32_to_cpu(dh->dqdh_next_free) // random blk
Step 5. chown bin f_c -> notify_change -> ext4_setattr -> dquot_transfer:
dquot = dqget -> acquire_dquot -> ext4_acquire_dquot -> dquot_acquire ->
commit_dqblk -> v2_write_dquot -> dq_insert_tree:
do_insert_tree
find_free_dqentry
get_free_dqblk
blk = info->dqi_free_blk // If blk < 0 and blk is not an error
code, it will be returned as dquot
transfer_to[USRQUOTA] = dquot // A random negative value
__dquot_transfer(transfer_to)
dquot_add_inodes(transfer_to[cnt])
spin_lock(&dquot->dq_dqb_lock) // page fault
, which will lead to kernel page fault:
Quota error (device sda): qtree_write_dquot: Error -8000 occurred
while creating quota
BUG: unable to handle page fault for address: ffffffffffffe120
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
Oops: 0002 [#1] PREEMPT SMP
CPU: 0 PID: 5974 Comm: chown Not tainted 6.0.0-rc1-00004
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
RIP: 0010:_raw_spin_lock+0x3a/0x90
Call Trace:
dquot_add_inodes+0x28/0x270
__dquot_transfer+0x377/0x840
dquot_transfer+0xde/0x540
ext4_setattr+0x405/0x14d0
notify_change+0x68e/0x9f0
chown_common+0x300/0x430
__x64_sys_fchownat+0x29/0x40
In order to avoid accessing invalid quota memory address, this patch adds
block number checking of next/prev free block read from quota file.
Fetch a reproducer in [Link].
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216372
Fixes: 1da177e4c3f4152 ("Linux-2.6.12-rc2")
CC: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220923134555.2623931-2-chengzhihao1@huawei.com
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/quota/quota_tree.c | 38 ++++++++++++++++++++++++++++++++++++++
1 file changed, 38 insertions(+)
--- a/fs/quota/quota_tree.c
+++ b/fs/quota/quota_tree.c
@@ -80,6 +80,35 @@ static ssize_t write_blk(struct qtree_me
return ret;
}
+static inline int do_check_range(struct super_block *sb, const char *val_name,
+ uint val, uint min_val, uint max_val)
+{
+ if (val < min_val || val > max_val) {
+ quota_error(sb, "Getting %s %u out of range %u-%u",
+ val_name, val, min_val, max_val);
+ return -EUCLEAN;
+ }
+
+ return 0;
+}
+
+static int check_dquot_block_header(struct qtree_mem_dqinfo *info,
+ struct qt_disk_dqdbheader *dh)
+{
+ int err = 0;
+
+ err = do_check_range(info->dqi_sb, "dqdh_next_free",
+ le32_to_cpu(dh->dqdh_next_free), 0,
+ info->dqi_blocks - 1);
+ if (err)
+ return err;
+ err = do_check_range(info->dqi_sb, "dqdh_prev_free",
+ le32_to_cpu(dh->dqdh_prev_free), 0,
+ info->dqi_blocks - 1);
+
+ return err;
+}
+
/* Remove empty block from list and return it */
static int get_free_dqblk(struct qtree_mem_dqinfo *info)
{
@@ -94,6 +123,9 @@ static int get_free_dqblk(struct qtree_m
ret = read_blk(info, blk, buf);
if (ret < 0)
goto out_buf;
+ ret = check_dquot_block_header(info, dh);
+ if (ret)
+ goto out_buf;
info->dqi_free_blk = le32_to_cpu(dh->dqdh_next_free);
}
else {
@@ -241,6 +273,9 @@ static uint find_free_dqentry(struct qtr
*err = read_blk(info, blk, buf);
if (*err < 0)
goto out_buf;
+ *err = check_dquot_block_header(info, dh);
+ if (*err)
+ goto out_buf;
} else {
blk = get_free_dqblk(info);
if ((int)blk < 0) {
@@ -433,6 +468,9 @@ static int free_dqentry(struct qtree_mem
goto out_buf;
}
dh = (struct qt_disk_dqdbheader *)buf;
+ ret = check_dquot_block_header(info, dh);
+ if (ret)
+ goto out_buf;
le16_add_cpu(&dh->dqdh_entries, -1);
if (!le16_to_cpu(dh->dqdh_entries)) { /* Block got free? */
ret = remove_free_dqentry(info, buf, blk);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 027/390] platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 026/390] quota: Check next/prev free block number after reading from quota file Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 028/390] ASoC: wcd9335: fix order of Slimbus unprepare/disable Greg Kroah-Hartman
` (368 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guenter Roeck, Patryk Duda, Tzung-Bi Shih
From: Patryk Duda <pdk@semihalf.com>
commit f74c7557ed0d321947e8bb4e9d47c1013f8b2227 upstream.
Some EC based devices (e.g. Fingerpint MCU) can jump to RO part of the
firmware (intentionally or due to device reboot). The RO part doesn't
change during the device lifecycle, so it won't support newer version
of EC_CMD_GET_NEXT_EVENT command.
Function cros_ec_query_all() is responsible for finding maximum
supported MKBP event version. It's usually called when the device is
running RW part of the firmware, so the command version can be
potentially higher than version supported by the RO.
The problem was fixed by updating maximum supported version when the
device returns EC_RES_INVALID_VERSION (mapped to -ENOPROTOOPT). That way
the kernel will use highest common version supported by RO and RW.
Fixes: 3300fdd630d4 ("platform/chrome: cros_ec: handle MKBP more events flag")
Cc: <stable@vger.kernel.org> # 5.10+
Reviewed-by: Guenter Roeck <groeck@chromium.org>
Signed-off-by: Patryk Duda <pdk@semihalf.com>
Signed-off-by: Tzung-Bi Shih <tzungbi@kernel.org>
Link: https://lore.kernel.org/r/20220802154128.21175-1-pdk@semihalf.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/platform/chrome/cros_ec_proto.c | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
--- a/drivers/platform/chrome/cros_ec_proto.c
+++ b/drivers/platform/chrome/cros_ec_proto.c
@@ -748,6 +748,7 @@ int cros_ec_get_next_event(struct cros_e
u8 event_type;
u32 host_event;
int ret;
+ u32 ver_mask;
/*
* Default value for wake_event.
@@ -769,6 +770,37 @@ int cros_ec_get_next_event(struct cros_e
return get_keyboard_state_event(ec_dev);
ret = get_next_event(ec_dev);
+ /*
+ * -ENOPROTOOPT is returned when EC returns EC_RES_INVALID_VERSION.
+ * This can occur when EC based device (e.g. Fingerprint MCU) jumps to
+ * the RO image which doesn't support newer version of the command. In
+ * this case we will attempt to update maximum supported version of the
+ * EC_CMD_GET_NEXT_EVENT.
+ */
+ if (ret == -ENOPROTOOPT) {
+ dev_dbg(ec_dev->dev,
+ "GET_NEXT_EVENT returned invalid version error.\n");
+ ret = cros_ec_get_host_command_version_mask(ec_dev,
+ EC_CMD_GET_NEXT_EVENT,
+ &ver_mask);
+ if (ret < 0 || ver_mask == 0)
+ /*
+ * Do not change the MKBP supported version if we can't
+ * obtain supported version correctly. Please note that
+ * calling EC_CMD_GET_NEXT_EVENT returned
+ * EC_RES_INVALID_VERSION which means that the command
+ * is present.
+ */
+ return -ENOPROTOOPT;
+
+ ec_dev->mkbp_event_supported = fls(ver_mask);
+ dev_dbg(ec_dev->dev, "MKBP support version changed to %u\n",
+ ec_dev->mkbp_event_supported - 1);
+
+ /* Try to get next event with new MKBP support version set. */
+ ret = get_next_event(ec_dev);
+ }
+
if (ret <= 0)
return ret;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 028/390] ASoC: wcd9335: fix order of Slimbus unprepare/disable
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 027/390] platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 029/390] ASoC: wcd934x: " Greg Kroah-Hartman
` (367 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski,
Srinivas Kandagatla, Mark Brown
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
commit ea8ef003aa53ad23e7705c5cab1c4e664faa6c79 upstream.
Slimbus streams are first prepared and then enabled, so the cleanup path
should reverse it. The unprepare sets stream->num_ports to 0 and frees
the stream->ports. Calling disable after unprepare was not really
effective (channels was not deactivated) and could lead to further
issues due to making transfers on unprepared stream.
Fixes: 20aedafdf492 ("ASoC: wcd9335: add support to wcd9335 codec")
Cc: <stable@vger.kernel.org>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20220921145354.1683791-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/codecs/wcd9335.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/soc/codecs/wcd9335.c
+++ b/sound/soc/codecs/wcd9335.c
@@ -1971,8 +1971,8 @@ static int wcd9335_trigger(struct snd_pc
case SNDRV_PCM_TRIGGER_STOP:
case SNDRV_PCM_TRIGGER_SUSPEND:
case SNDRV_PCM_TRIGGER_PAUSE_PUSH:
- slim_stream_unprepare(dai_data->sruntime);
slim_stream_disable(dai_data->sruntime);
+ slim_stream_unprepare(dai_data->sruntime);
break;
default:
break;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 029/390] ASoC: wcd934x: fix order of Slimbus unprepare/disable
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 028/390] ASoC: wcd9335: fix order of Slimbus unprepare/disable Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 030/390] hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API Greg Kroah-Hartman
` (366 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski,
Srinivas Kandagatla, Mark Brown
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
commit e96bca7eaa5747633ec638b065630ff83728982a upstream.
Slimbus streams are first prepared and then enabled, so the cleanup path
should reverse it. The unprepare sets stream->num_ports to 0 and frees
the stream->ports. Calling disable after unprepare was not really
effective (channels was not deactivated) and could lead to further
issues due to making transfers on unprepared stream.
Fixes: a61f3b4f476e ("ASoC: wcd934x: add support to wcd9340/wcd9341 codec")
Cc: <stable@vger.kernel.org>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20220921145354.1683791-2-krzysztof.kozlowski@linaro.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/codecs/wcd934x.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/soc/codecs/wcd934x.c
+++ b/sound/soc/codecs/wcd934x.c
@@ -1829,8 +1829,8 @@ static int wcd934x_trigger(struct snd_pc
case SNDRV_PCM_TRIGGER_STOP:
case SNDRV_PCM_TRIGGER_SUSPEND:
case SNDRV_PCM_TRIGGER_PAUSE_PUSH:
- slim_stream_unprepare(dai_data->sruntime);
slim_stream_disable(dai_data->sruntime);
+ slim_stream_unprepare(dai_data->sruntime);
break;
default:
break;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 030/390] hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 029/390] ASoC: wcd934x: " Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 031/390] regulator: qcom_rpm: Fix circular deferral regression Greg Kroah-Hartman
` (365 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Mengda Chen, Guenter Roeck
From: Liang He <windhl@126.com>
commit 7f62cf781e6567d59c8935dc8c6068ce2bb904b7 upstream.
In gsc_hwmon_get_devtree_pdata(), we should call of_node_get() before
the of_find_compatible_node() which will automatically call
of_node_put() for the 'from' argument.
Fixes: 3bce5377ef66 ("hwmon: Add Gateworks System Controller support")
Signed-off-by: Liang He <windhl@126.com>
Co-developed-by: Mengda Chen <chenmengda2009@163.com>
Signed-off-by: Mengda Chen <chenmengda2009@163.com>
Link: https://lore.kernel.org/r/20220916154708.3084515-1-chenmengda2009@163.com
Cc: stable@vger.kernel.org
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hwmon/gsc-hwmon.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/hwmon/gsc-hwmon.c
+++ b/drivers/hwmon/gsc-hwmon.c
@@ -267,6 +267,7 @@ gsc_hwmon_get_devtree_pdata(struct devic
pdata->nchannels = nchannels;
/* fan controller base address */
+ of_node_get(dev->parent->of_node);
fan = of_find_compatible_node(dev->parent->of_node, NULL, "gw,gsc-fan");
if (fan && of_property_read_u32(fan, "reg", &pdata->fan_base)) {
dev_err(dev, "fan node without base\n");
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 031/390] regulator: qcom_rpm: Fix circular deferral regression
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 030/390] hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 032/390] RISC-V: Make port I/O string accessors actually work Greg Kroah-Hartman
` (364 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Gross, Bjorn Andersson,
Konrad Dybcio, linux-arm-msm, Linus Walleij, Mark Brown
From: Linus Walleij <linus.walleij@linaro.org>
commit 8478ed5844588703a1a4c96a004b1525fbdbdd5e upstream.
On recent kernels, the PM8058 L16 (or any other PM8058 LDO-regulator)
does not come up if they are supplied by an SMPS-regulator. This
is not very strange since the regulators are registered in a long
array and the L-regulators are registered before the S-regulators,
and if an L-regulator defers, it will never get around to registering
the S-regulator that it needs.
See arch/arm/boot/dts/qcom-apq8060-dragonboard.dts:
pm8058-regulators {
(...)
vdd_l13_l16-supply = <&pm8058_s4>;
(...)
Ooops.
Fix this by moving the PM8058 S-regulators first in the array.
Do the same for the PM8901 S-regulators (though this is currently
not causing any problems with out device trees) so that the pattern
of registration order is the same on all PMnnnn chips.
Fixes: 087a1b5cdd55 ("regulator: qcom: Rework to single platform device")
Cc: stable@vger.kernel.org
Cc: Andy Gross <agross@kernel.org>
Cc: Bjorn Andersson <andersson@kernel.org>
Cc: Konrad Dybcio <konrad.dybcio@somainline.org>
Cc: linux-arm-msm@vger.kernel.org
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20220909112529.239143-1-linus.walleij@linaro.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/regulator/qcom_rpm-regulator.c | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
--- a/drivers/regulator/qcom_rpm-regulator.c
+++ b/drivers/regulator/qcom_rpm-regulator.c
@@ -802,6 +802,12 @@ static const struct rpm_regulator_data r
};
static const struct rpm_regulator_data rpm_pm8058_regulators[] = {
+ { "s0", QCOM_RPM_PM8058_SMPS0, &pm8058_smps, "vdd_s0" },
+ { "s1", QCOM_RPM_PM8058_SMPS1, &pm8058_smps, "vdd_s1" },
+ { "s2", QCOM_RPM_PM8058_SMPS2, &pm8058_smps, "vdd_s2" },
+ { "s3", QCOM_RPM_PM8058_SMPS3, &pm8058_smps, "vdd_s3" },
+ { "s4", QCOM_RPM_PM8058_SMPS4, &pm8058_smps, "vdd_s4" },
+
{ "l0", QCOM_RPM_PM8058_LDO0, &pm8058_nldo, "vdd_l0_l1_lvs" },
{ "l1", QCOM_RPM_PM8058_LDO1, &pm8058_nldo, "vdd_l0_l1_lvs" },
{ "l2", QCOM_RPM_PM8058_LDO2, &pm8058_pldo, "vdd_l2_l11_l12" },
@@ -829,12 +835,6 @@ static const struct rpm_regulator_data r
{ "l24", QCOM_RPM_PM8058_LDO24, &pm8058_nldo, "vdd_l23_l24_l25" },
{ "l25", QCOM_RPM_PM8058_LDO25, &pm8058_nldo, "vdd_l23_l24_l25" },
- { "s0", QCOM_RPM_PM8058_SMPS0, &pm8058_smps, "vdd_s0" },
- { "s1", QCOM_RPM_PM8058_SMPS1, &pm8058_smps, "vdd_s1" },
- { "s2", QCOM_RPM_PM8058_SMPS2, &pm8058_smps, "vdd_s2" },
- { "s3", QCOM_RPM_PM8058_SMPS3, &pm8058_smps, "vdd_s3" },
- { "s4", QCOM_RPM_PM8058_SMPS4, &pm8058_smps, "vdd_s4" },
-
{ "lvs0", QCOM_RPM_PM8058_LVS0, &pm8058_switch, "vdd_l0_l1_lvs" },
{ "lvs1", QCOM_RPM_PM8058_LVS1, &pm8058_switch, "vdd_l0_l1_lvs" },
@@ -843,6 +843,12 @@ static const struct rpm_regulator_data r
};
static const struct rpm_regulator_data rpm_pm8901_regulators[] = {
+ { "s0", QCOM_RPM_PM8901_SMPS0, &pm8901_ftsmps, "vdd_s0" },
+ { "s1", QCOM_RPM_PM8901_SMPS1, &pm8901_ftsmps, "vdd_s1" },
+ { "s2", QCOM_RPM_PM8901_SMPS2, &pm8901_ftsmps, "vdd_s2" },
+ { "s3", QCOM_RPM_PM8901_SMPS3, &pm8901_ftsmps, "vdd_s3" },
+ { "s4", QCOM_RPM_PM8901_SMPS4, &pm8901_ftsmps, "vdd_s4" },
+
{ "l0", QCOM_RPM_PM8901_LDO0, &pm8901_nldo, "vdd_l0" },
{ "l1", QCOM_RPM_PM8901_LDO1, &pm8901_pldo, "vdd_l1" },
{ "l2", QCOM_RPM_PM8901_LDO2, &pm8901_pldo, "vdd_l2" },
@@ -851,12 +857,6 @@ static const struct rpm_regulator_data r
{ "l5", QCOM_RPM_PM8901_LDO5, &pm8901_pldo, "vdd_l5" },
{ "l6", QCOM_RPM_PM8901_LDO6, &pm8901_pldo, "vdd_l6" },
- { "s0", QCOM_RPM_PM8901_SMPS0, &pm8901_ftsmps, "vdd_s0" },
- { "s1", QCOM_RPM_PM8901_SMPS1, &pm8901_ftsmps, "vdd_s1" },
- { "s2", QCOM_RPM_PM8901_SMPS2, &pm8901_ftsmps, "vdd_s2" },
- { "s3", QCOM_RPM_PM8901_SMPS3, &pm8901_ftsmps, "vdd_s3" },
- { "s4", QCOM_RPM_PM8901_SMPS4, &pm8901_ftsmps, "vdd_s4" },
-
{ "lvs0", QCOM_RPM_PM8901_LVS0, &pm8901_switch, "lvs0_in" },
{ "lvs1", QCOM_RPM_PM8901_LVS1, &pm8901_switch, "lvs1_in" },
{ "lvs2", QCOM_RPM_PM8901_LVS2, &pm8901_switch, "lvs2_in" },
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 032/390] RISC-V: Make port I/O string accessors actually work
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 031/390] regulator: qcom_rpm: Fix circular deferral regression Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 033/390] parisc: fbdev/stifb: Align graphics memory size to 4MB Greg Kroah-Hartman
` (363 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maciej W. Rozycki, Arnd Bergmann,
Palmer Dabbelt
From: Maciej W. Rozycki <macro@orcam.me.uk>
commit 9cc205e3c17d5716da7ebb7fa0c985555e95d009 upstream.
Fix port I/O string accessors such as `insb', `outsb', etc. which use
the physical PCI port I/O address rather than the corresponding memory
mapping to get at the requested location, which in turn breaks at least
accesses made by our parport driver to a PCIe parallel port such as:
PCI parallel port detected: 1415:c118, I/O at 0x1000(0x1008), IRQ 20
parport0: PC-style at 0x1000 (0x1008), irq 20, using FIFO [PCSPP,TRISTATE,COMPAT,EPP,ECP]
causing a memory access fault:
Unable to handle kernel access to user memory without uaccess routines at virtual address 0000000000001008
Oops [#1]
Modules linked in:
CPU: 1 PID: 350 Comm: cat Not tainted 6.0.0-rc2-00283-g10d4879f9ef0-dirty #23
Hardware name: SiFive HiFive Unmatched A00 (DT)
epc : parport_pc_fifo_write_block_pio+0x266/0x416
ra : parport_pc_fifo_write_block_pio+0xb4/0x416
epc : ffffffff80542c3e ra : ffffffff80542a8c sp : ffffffd88899fc60
gp : ffffffff80fa2700 tp : ffffffd882b1e900 t0 : ffffffd883d0b000
t1 : ffffffffff000002 t2 : 4646393043330a38 s0 : ffffffd88899fcf0
s1 : 0000000000001000 a0 : 0000000000000010 a1 : 0000000000000000
a2 : ffffffd883d0a010 a3 : 0000000000000023 a4 : 00000000ffff8fbb
a5 : ffffffd883d0a001 a6 : 0000000100000000 a7 : ffffffc800000000
s2 : ffffffffff000002 s3 : ffffffff80d28880 s4 : ffffffff80fa1f50
s5 : 0000000000001008 s6 : 0000000000000008 s7 : ffffffd883d0a000
s8 : 0004000000000000 s9 : ffffffff80dc1d80 s10: ffffffd8807e4000
s11: 0000000000000000 t3 : 00000000000000ff t4 : 393044410a303930
t5 : 0000000000001000 t6 : 0000000000040000
status: 0000000200000120 badaddr: 0000000000001008 cause: 000000000000000f
[<ffffffff80543212>] parport_pc_compat_write_block_pio+0xfe/0x200
[<ffffffff8053bbc0>] parport_write+0x46/0xf8
[<ffffffff8050530e>] lp_write+0x158/0x2d2
[<ffffffff80185716>] vfs_write+0x8e/0x2c2
[<ffffffff80185a74>] ksys_write+0x52/0xc2
[<ffffffff80185af2>] sys_write+0xe/0x16
[<ffffffff80003770>] ret_from_syscall+0x0/0x2
---[ end trace 0000000000000000 ]---
For simplicity address the problem by adding PCI_IOBASE to the physical
address requested in the respective wrapper macros only, observing that
the raw accessors such as `__insb', `__outsb', etc. are not supposed to
be used other than by said macros. Remove the cast to `long' that is no
longer needed on `addr' now that it is used as an offset from PCI_IOBASE
and add parentheses around `addr' needed for predictable evaluation in
macro expansion. No need to make said adjustments in separate changes
given that current code is gravely broken and does not ever work.
Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk>
Fixes: fab957c11efe2 ("RISC-V: Atomic and Locking Code")
Cc: stable@vger.kernel.org # v4.15+
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/alpine.DEB.2.21.2209220223080.29493@angie.orcam.me.uk
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/riscv/include/asm/io.h | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
--- a/arch/riscv/include/asm/io.h
+++ b/arch/riscv/include/asm/io.h
@@ -114,9 +114,9 @@ __io_reads_ins(reads, u32, l, __io_br(),
__io_reads_ins(ins, u8, b, __io_pbr(), __io_par(addr))
__io_reads_ins(ins, u16, w, __io_pbr(), __io_par(addr))
__io_reads_ins(ins, u32, l, __io_pbr(), __io_par(addr))
-#define insb(addr, buffer, count) __insb((void __iomem *)(long)addr, buffer, count)
-#define insw(addr, buffer, count) __insw((void __iomem *)(long)addr, buffer, count)
-#define insl(addr, buffer, count) __insl((void __iomem *)(long)addr, buffer, count)
+#define insb(addr, buffer, count) __insb(PCI_IOBASE + (addr), buffer, count)
+#define insw(addr, buffer, count) __insw(PCI_IOBASE + (addr), buffer, count)
+#define insl(addr, buffer, count) __insl(PCI_IOBASE + (addr), buffer, count)
__io_writes_outs(writes, u8, b, __io_bw(), __io_aw())
__io_writes_outs(writes, u16, w, __io_bw(), __io_aw())
@@ -128,22 +128,22 @@ __io_writes_outs(writes, u32, l, __io_bw
__io_writes_outs(outs, u8, b, __io_pbw(), __io_paw())
__io_writes_outs(outs, u16, w, __io_pbw(), __io_paw())
__io_writes_outs(outs, u32, l, __io_pbw(), __io_paw())
-#define outsb(addr, buffer, count) __outsb((void __iomem *)(long)addr, buffer, count)
-#define outsw(addr, buffer, count) __outsw((void __iomem *)(long)addr, buffer, count)
-#define outsl(addr, buffer, count) __outsl((void __iomem *)(long)addr, buffer, count)
+#define outsb(addr, buffer, count) __outsb(PCI_IOBASE + (addr), buffer, count)
+#define outsw(addr, buffer, count) __outsw(PCI_IOBASE + (addr), buffer, count)
+#define outsl(addr, buffer, count) __outsl(PCI_IOBASE + (addr), buffer, count)
#ifdef CONFIG_64BIT
__io_reads_ins(reads, u64, q, __io_br(), __io_ar(addr))
#define readsq(addr, buffer, count) __readsq(addr, buffer, count)
__io_reads_ins(ins, u64, q, __io_pbr(), __io_par(addr))
-#define insq(addr, buffer, count) __insq((void __iomem *)addr, buffer, count)
+#define insq(addr, buffer, count) __insq(PCI_IOBASE + (addr), buffer, count)
__io_writes_outs(writes, u64, q, __io_bw(), __io_aw())
#define writesq(addr, buffer, count) __writesq(addr, buffer, count)
__io_writes_outs(outs, u64, q, __io_pbr(), __io_paw())
-#define outsq(addr, buffer, count) __outsq((void __iomem *)addr, buffer, count)
+#define outsq(addr, buffer, count) __outsq(PCI_IOBASE + (addr), buffer, count)
#endif
#include <asm-generic/io.h>
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 033/390] parisc: fbdev/stifb: Align graphics memory size to 4MB
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 032/390] RISC-V: Make port I/O string accessors actually work Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 034/390] riscv: Allow PROT_WRITE-only mmap() Greg Kroah-Hartman
` (362 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Helge Deller
From: Helge Deller <deller@gmx.de>
commit aca7c13d3bee81a968337a5515411409ae9d095d upstream.
Independend of the current graphics resolution, adjust the reported
graphics card memory size to the next 4MB boundary.
This fixes the fbtest program which expects a naturally aligned size.
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/fbdev/stifb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/video/fbdev/stifb.c
+++ b/drivers/video/fbdev/stifb.c
@@ -1257,7 +1257,7 @@ static int __init stifb_init_fb(struct s
/* limit fbsize to max visible screen size */
if (fix->smem_len > yres*fix->line_length)
- fix->smem_len = yres*fix->line_length;
+ fix->smem_len = ALIGN(yres*fix->line_length, 4*1024*1024);
fix->accel = FB_ACCEL_NONE;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 034/390] riscv: Allow PROT_WRITE-only mmap()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 033/390] parisc: fbdev/stifb: Align graphics memory size to 4MB Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 035/390] riscv: Make VM_WRITE imply VM_READ Greg Kroah-Hartman
` (361 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Atish Patra, Andrew Bresticker,
Palmer Dabbelt
From: Andrew Bresticker <abrestic@rivosinc.com>
commit 9e2e6042a7ec6504fe8e366717afa2f40cf16488 upstream.
Commit 2139619bcad7 ("riscv: mmap with PROT_WRITE but no PROT_READ is
invalid") made mmap() return EINVAL if PROT_WRITE was set wihtout
PROT_READ with the justification that a write-only PTE is considered a
reserved PTE permission bit pattern in the privileged spec. This check
is unnecessary since we let VM_WRITE imply VM_READ on RISC-V, and it is
inconsistent with other architectures that don't support write-only PTEs,
creating a potential software portability issue. Just remove the check
altogether and let PROT_WRITE imply PROT_READ as is the case on other
architectures.
Note that this also allows PROT_WRITE|PROT_EXEC mappings which were
disallowed prior to the aforementioned commit; PROT_READ is implied in
such mappings as well.
Fixes: 2139619bcad7 ("riscv: mmap with PROT_WRITE but no PROT_READ is invalid")
Reviewed-by: Atish Patra <atishp@rivosinc.com>
Signed-off-by: Andrew Bresticker <abrestic@rivosinc.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220915193702.2201018-3-abrestic@rivosinc.com/
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/riscv/kernel/sys_riscv.c | 3 ---
1 file changed, 3 deletions(-)
--- a/arch/riscv/kernel/sys_riscv.c
+++ b/arch/riscv/kernel/sys_riscv.c
@@ -18,9 +18,6 @@ static long riscv_sys_mmap(unsigned long
if (unlikely(offset & (~PAGE_MASK >> page_shift_offset)))
return -EINVAL;
- if (unlikely((prot & PROT_WRITE) && !(prot & PROT_READ)))
- return -EINVAL;
-
return ksys_mmap_pgoff(addr, len, prot, flags, fd,
offset >> (PAGE_SHIFT - page_shift_offset));
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 035/390] riscv: Make VM_WRITE imply VM_READ
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 034/390] riscv: Allow PROT_WRITE-only mmap() Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 036/390] riscv: Pass -mno-relax only on lld < 15.0.0 Greg Kroah-Hartman
` (360 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Atish Patra, Andrew Bresticker,
Palmer Dabbelt
From: Andrew Bresticker <abrestic@rivosinc.com>
commit 7ab72c597356be1e7f0f3d856e54ce78527f43c8 upstream.
RISC-V does not presently have write-only mappings as that PTE bit pattern
is considered reserved in the privileged spec, so allow handling of read
faults in VMAs that have VM_WRITE without VM_READ in order to be consistent
with other architectures that have similar limitations.
Fixes: 2139619bcad7 ("riscv: mmap with PROT_WRITE but no PROT_READ is invalid")
Reviewed-by: Atish Patra <atishp@rivosinc.com>
Signed-off-by: Andrew Bresticker <abrestic@rivosinc.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220915193702.2201018-2-abrestic@rivosinc.com/
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/riscv/mm/fault.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/arch/riscv/mm/fault.c
+++ b/arch/riscv/mm/fault.c
@@ -167,7 +167,8 @@ static inline bool access_error(unsigned
}
break;
case EXC_LOAD_PAGE_FAULT:
- if (!(vma->vm_flags & VM_READ)) {
+ /* Write implies read */
+ if (!(vma->vm_flags & (VM_READ | VM_WRITE))) {
return true;
}
break;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 036/390] riscv: Pass -mno-relax only on lld < 15.0.0
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 035/390] riscv: Make VM_WRITE imply VM_READ Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 037/390] UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Greg Kroah-Hartman
` (359 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fangrui Song, Nick Desaulniers,
Nathan Chancellor, Conor Dooley, Palmer Dabbelt
From: Fangrui Song <maskray@google.com>
commit 3cebf80e9a0d3adcb174053be32c88a640b3344b upstream.
lld since llvm:6611d58f5bbc ("[ELF] Relax R_RISCV_ALIGN"), which will be
included in the 15.0.0 release, has implemented some RISC-V linker
relaxation. -mno-relax is no longer needed in
KBUILD_CFLAGS/KBUILD_AFLAGS to suppress R_RISCV_ALIGN which older lld
can not handle:
ld.lld: error: capability.c:(.fixup+0x0): relocation R_RISCV_ALIGN
requires unimplemented linker relaxation; recompile with -mno-relax
but the .o is already compiled with -mno-relax
Signed-off-by: Fangrui Song <maskray@google.com>
Link: https://lore.kernel.org/r/20220710071117.446112-1-maskray@google.com/
Link: https://lore.kernel.org/r/20220918092933.19943-1-palmer@rivosinc.com
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Tested-by: Nick Desaulniers <ndesaulniers@google.com>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Tested-by: Conor Dooley <conor.dooley@microchip.com>
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/riscv/Makefile | 2 ++
1 file changed, 2 insertions(+)
--- a/arch/riscv/Makefile
+++ b/arch/riscv/Makefile
@@ -37,6 +37,7 @@ else
endif
ifeq ($(CONFIG_LD_IS_LLD),y)
+ifeq ($(shell test $(CONFIG_LLD_VERSION) -lt 150000; echo $$?),0)
KBUILD_CFLAGS += -mno-relax
KBUILD_AFLAGS += -mno-relax
ifneq ($(LLVM_IAS),1)
@@ -44,6 +45,7 @@ ifneq ($(LLVM_IAS),1)
KBUILD_AFLAGS += -Wa,-mno-relax
endif
endif
+endif
# ISA string setting
riscv-march-$(CONFIG_ARCH_RV32I) := rv32ima
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 037/390] UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 036/390] riscv: Pass -mno-relax only on lld < 15.0.0 Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 038/390] nvme-pci: set min_align_mask before calculating max_hw_sectors Greg Kroah-Hartman
` (358 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Huacai Chen, Richard Weinberger
From: Huacai Chen <chenhuacai@loongson.cn>
commit 16c546e148fa6d14a019431436a6f7b4087dbccd upstream.
When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected,
cpu_max_bits_warn() generates a runtime warning similar as below while
we show /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit)
instead of NR_CPUS to iterate CPUs.
[ 3.052463] ------------[ cut here ]------------
[ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0
[ 3.070072] Modules linked in: efivarfs autofs4
[ 3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052
[ 3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000
[ 3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430
[ 3.118774] 90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff
[ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890
[ 3.138056] 0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa
[ 3.147711] ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000
[ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000
[ 3.167012] 0000000000000009 000000000000006c 0000000000000000 0000000000000000
[ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286
[ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c
[ 3.195868] ...
[ 3.199917] Call Trace:
[ 3.203941] [<90000000002086d8>] show_stack+0x38/0x14c
[ 3.210666] [<9000000000cf846c>] dump_stack_lvl+0x60/0x88
[ 3.217625] [<900000000023d268>] __warn+0xd0/0x100
[ 3.223958] [<9000000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc
[ 3.231150] [<9000000000210220>] show_cpuinfo+0x5e8/0x5f0
[ 3.238080] [<90000000004f578c>] seq_read_iter+0x354/0x4b4
[ 3.245098] [<90000000004c2e90>] new_sync_read+0x17c/0x1c4
[ 3.252114] [<90000000004c5174>] vfs_read+0x138/0x1d0
[ 3.258694] [<90000000004c55f8>] ksys_read+0x70/0x100
[ 3.265265] [<9000000000cfde9c>] do_syscall+0x7c/0x94
[ 3.271820] [<9000000000202fe4>] handle_syscall+0xc4/0x160
[ 3.281824] ---[ end trace 8b484262b4b8c24c ]---
Cc: stable@vger.kernel.org
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/um/kernel/um_arch.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/um/kernel/um_arch.c
+++ b/arch/um/kernel/um_arch.c
@@ -77,7 +77,7 @@ static int show_cpuinfo(struct seq_file
static void *c_start(struct seq_file *m, loff_t *pos)
{
- return *pos < NR_CPUS ? cpu_data + *pos : NULL;
+ return *pos < nr_cpu_ids ? cpu_data + *pos : NULL;
}
static void *c_next(struct seq_file *m, void *v, loff_t *pos)
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 038/390] nvme-pci: set min_align_mask before calculating max_hw_sectors
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 037/390] UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 039/390] drm/virtio: Check whether transferred 2D BO is shmem Greg Kroah-Hartman
` (357 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rishabh Bhatnagar, Christoph Hellwig
From: Rishabh Bhatnagar <risbhat@amazon.com>
commit 61ce339f19fabbc3e51237148a7ef6f2270e44fa upstream.
If swiotlb is force enabled dma_max_mapping_size ends up calling
swiotlb_max_mapping_size which takes into account the min align mask for
the device. Set the min align mask for nvme driver before calling
dma_max_mapping_size while calculating max hw sectors.
Signed-off-by: Rishabh Bhatnagar <risbhat@amazon.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvme/host/pci.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -2624,6 +2624,8 @@ static void nvme_reset_work(struct work_
if (result)
goto out_unlock;
+ dma_set_min_align_mask(dev->dev, NVME_CTRL_PAGE_SIZE - 1);
+
/*
* Limit the max command size to prevent iod->sg allocations going
* over a single page.
@@ -2636,7 +2638,6 @@ static void nvme_reset_work(struct work_
* Don't limit the IOMMU merged segment size.
*/
dma_set_max_seg_size(dev->dev, 0xffffffff);
- dma_set_min_align_mask(dev->dev, NVME_CTRL_PAGE_SIZE - 1);
mutex_unlock(&dev->shutdown_lock);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 039/390] drm/virtio: Check whether transferred 2D BO is shmem
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 038/390] nvme-pci: set min_align_mask before calculating max_hw_sectors Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 040/390] drm/udl: Restore display mode on resume Greg Kroah-Hartman
` (356 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Emil Velikov, Dmitry Osipenko, Gerd Hoffmann
From: Dmitry Osipenko <dmitry.osipenko@collabora.com>
commit e473216b42aa1fd9fc6b94b608b42c210c655908 upstream.
Transferred 2D BO always must be a shmem BO. Add check for that to prevent
NULL dereference if userspace passes a VRAM BO.
Cc: stable@vger.kernel.org
Reviewed-by: Emil Velikov <emil.l.velikov@gmail.com>
Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20220630200726.1884320-3-dmitry.osipenko@collabora.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/virtio/virtgpu_vq.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/virtio/virtgpu_vq.c
+++ b/drivers/gpu/drm/virtio/virtgpu_vq.c
@@ -601,7 +601,7 @@ void virtio_gpu_cmd_transfer_to_host_2d(
bool use_dma_api = !virtio_has_dma_quirk(vgdev->vdev);
struct virtio_gpu_object_shmem *shmem = to_virtio_gpu_shmem(bo);
- if (use_dma_api)
+ if (virtio_gpu_is_shmem(bo) && use_dma_api)
dma_sync_sgtable_for_device(vgdev->vdev->dev.parent,
shmem->pages, DMA_TO_DEVICE);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 040/390] drm/udl: Restore display mode on resume
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 039/390] drm/virtio: Check whether transferred 2D BO is shmem Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 041/390] block: fix inflight statistics of part0 Greg Kroah-Hartman
` (355 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Vetter, Takashi Iwai,
Thomas Zimmermann
From: Takashi Iwai <tiwai@suse.de>
commit 6d6e732835db92e66c28dbcf258a7e3d3c71420d upstream.
Restore the display mode whne resuming from suspend. Currently, the
display remains dark.
On resume, the CRTC's mode does not change, but the 'active' flag
changes to 'true'. Taking this into account when considering a mode
switch restores the display mode.
The bug is reproducable by using Gnome with udl and observing the
adapter's suspend/resume behavior.
Actually, the whole check added in udl_simple_display_pipe_enable()
about the crtc_state->mode_changed was bogus. We should drop the
whole check and always apply the mode change in this function.
[ tiwai -- Drop the mode_changed check entirely instead, per Daniel's
suggestion ]
Fixes: 997d33c35618 ("drm/udl: Inline DPMS code into CRTC enable and disable functions")
Cc: <stable@vger.kernel.org>
Suggested-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20220908095115.23396-2-tiwai@suse.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/udl/udl_modeset.c | 3 ---
1 file changed, 3 deletions(-)
--- a/drivers/gpu/drm/udl/udl_modeset.c
+++ b/drivers/gpu/drm/udl/udl_modeset.c
@@ -400,9 +400,6 @@ udl_simple_display_pipe_enable(struct dr
udl_handle_damage(fb, 0, 0, fb->width, fb->height);
- if (!crtc_state->mode_changed)
- return;
-
/* enable display */
udl_crtc_write_mode_to_hw(crtc);
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 041/390] block: fix inflight statistics of part0
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 040/390] drm/udl: Restore display mode on resume Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 042/390] mm/mmap: undo ->mmap() when arch_validate_flags() fails Greg Kroah-Hartman
` (354 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jeffle Xu, Christoph Hellwig,
Jens Axboe, Khazhismel Kumykov
From: Jeffle Xu <jefflexu@linux.alibaba.com>
commit b0d97557ebfc9d5ba5f2939339a9fdd267abafeb upstream.
The inflight of partition 0 doesn't include inflight IOs to all
sub-partitions, since currently mq calculates inflight of specific
partition by simply camparing the value of the partition pointer.
Thus the following case is possible:
$ cat /sys/block/vda/inflight
0 0
$ cat /sys/block/vda/vda1/inflight
0 128
While single queue device (on a previous version, e.g. v3.10) has no
this issue:
$cat /sys/block/sda/sda3/inflight
0 33
$cat /sys/block/sda/inflight
0 33
Partition 0 should be specially handled since it represents the whole
disk. This issue is introduced since commit bf0ddaba65dd ("blk-mq: fix
sysfs inflight counter").
Besides, this patch can also fix the inflight statistics of part 0 in
/proc/diskstats. Before this patch, the inflight statistics of part 0
doesn't include that of sub partitions. (I have marked the 'inflight'
field with asterisk.)
$cat /proc/diskstats
259 0 nvme0n1 45974469 0 367814768 6445794 1 0 1 0 *0* 111062 6445794 0 0 0 0 0 0
259 2 nvme0n1p1 45974058 0 367797952 6445727 0 0 0 0 *33* 111001 6445727 0 0 0 0 0 0
This is introduced since commit f299b7c7a9de ("blk-mq: provide internal
in-flight variant").
Fixes: bf0ddaba65dd ("blk-mq: fix sysfs inflight counter")
Fixes: f299b7c7a9de ("blk-mq: provide internal in-flight variant")
Signed-off-by: Jeffle Xu <jefflexu@linux.alibaba.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
[axboe: adapt for 5.11 partition change]
Signed-off-by: Jens Axboe <axboe@kernel.dk>
[khazhy: adapt for 5.10 partition]
Signed-off-by: Khazhismel Kumykov <khazhy@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-mq.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -105,7 +105,8 @@ static bool blk_mq_check_inflight(struct
{
struct mq_inflight *mi = priv;
- if (rq->part == mi->part && blk_mq_rq_state(rq) == MQ_RQ_IN_FLIGHT)
+ if ((!mi->part->partno || rq->part == mi->part) &&
+ blk_mq_rq_state(rq) == MQ_RQ_IN_FLIGHT)
mi->inflight[rq_data_dir(rq)]++;
return true;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 042/390] mm/mmap: undo ->mmap() when arch_validate_flags() fails
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 041/390] block: fix inflight statistics of part0 Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 043/390] PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge Greg Kroah-Hartman
` (353 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Carlos Llamas, Catalin Marinas,
Andrii Nakryiko, Liam Howlett, Christian Brauner (Microsoft),
Michal Hocko, Suren Baghdasaryan, Andrew Morton
From: Carlos Llamas <cmllamas@google.com>
commit deb0f6562884b5b4beb883d73e66a7d3a1b96d99 upstream.
Commit c462ac288f2c ("mm: Introduce arch_validate_flags()") added a late
check in mmap_region() to let architectures validate vm_flags. The check
needs to happen after calling ->mmap() as the flags can potentially be
modified during this callback.
If arch_validate_flags() check fails we unmap and free the vma. However,
the error path fails to undo the ->mmap() call that previously succeeded
and depending on the specific ->mmap() implementation this translates to
reference increments, memory allocations and other operations what will
not be cleaned up.
There are several places (mainly device drivers) where this is an issue.
However, one specific example is bpf_map_mmap() which keeps count of the
mappings in map->writecnt. The count is incremented on ->mmap() and then
decremented on vm_ops->close(). When arch_validate_flags() fails this
count is off since bpf_map_mmap_close() is never called.
One can reproduce this issue in arm64 devices with MTE support. Here the
vm_flags are checked to only allow VM_MTE if VM_MTE_ALLOWED has been set
previously. From userspace then is enough to pass the PROT_MTE flag to
mmap() syscall to trigger the arch_validate_flags() failure.
The following program reproduces this issue:
#include <stdio.h>
#include <unistd.h>
#include <linux/unistd.h>
#include <linux/bpf.h>
#include <sys/mman.h>
int main(void)
{
union bpf_attr attr = {
.map_type = BPF_MAP_TYPE_ARRAY,
.key_size = sizeof(int),
.value_size = sizeof(long long),
.max_entries = 256,
.map_flags = BPF_F_MMAPABLE,
};
int fd;
fd = syscall(__NR_bpf, BPF_MAP_CREATE, &attr, sizeof(attr));
mmap(NULL, 4096, PROT_WRITE | PROT_MTE, MAP_SHARED, fd, 0);
return 0;
}
By manually adding some log statements to the vm_ops callbacks we can
confirm that when passing PROT_MTE to mmap() the map->writecnt is off upon
->release():
With PROT_MTE flag:
root@debian:~# ./bpf-test
[ 111.263874] bpf_map_write_active_inc: map=9 writecnt=1
[ 111.288763] bpf_map_release: map=9 writecnt=1
Without PROT_MTE flag:
root@debian:~# ./bpf-test
[ 157.816912] bpf_map_write_active_inc: map=10 writecnt=1
[ 157.830442] bpf_map_write_active_dec: map=10 writecnt=0
[ 157.832396] bpf_map_release: map=10 writecnt=0
This patch fixes the above issue by calling vm_ops->close() when the
arch_validate_flags() check fails, after this we can proceed to unmap and
free the vma on the error path.
Link: https://lkml.kernel.org/r/20220930003844.1210987-1-cmllamas@google.com
Fixes: c462ac288f2c ("mm: Introduce arch_validate_flags()")
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Reviewed-by: Liam Howlett <liam.howlett@oracle.com>
Cc: Christian Brauner (Microsoft) <brauner@kernel.org>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Suren Baghdasaryan <surenb@google.com>
Cc: <stable@vger.kernel.org> [5.10+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/mmap.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -1856,7 +1856,7 @@ unsigned long mmap_region(struct file *f
if (!arch_validate_flags(vma->vm_flags)) {
error = -EINVAL;
if (file)
- goto unmap_and_free_vma;
+ goto close_and_free_vma;
else
goto free_vma;
}
@@ -1900,6 +1900,9 @@ out:
return addr;
+close_and_free_vma:
+ if (vma->vm_ops && vma->vm_ops->close)
+ vma->vm_ops->close(vma);
unmap_and_free_vma:
vma->vm_file = NULL;
fput(file);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 043/390] PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 042/390] mm/mmap: undo ->mmap() when arch_validate_flags() fails Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 044/390] serial: 8250: Let drivers request full 16550A feature probing Greg Kroah-Hartman
` (352 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Maciej W. Rozycki, Bjorn Helgaas
From: Maciej W. Rozycki <macro@orcam.me.uk>
commit 0e32818397426a688f598f35d3bc762eca6d7592 upstream.
When pci_assign_resource() is unable to assign resources to a BAR, it uses
pci_revert_fw_address() to fall back to a firmware assignment (if any).
Previously pci_revert_fw_address() assumed all addresses could reach the
device, but this is not true if the device is below a bridge that only
forwards addresses within its windows.
This problem was observed on a Tyan Tomcat IV S1564D system where the BIOS
did not assign valid addresses to several bridges and USB devices:
pci 0000:00:11.0: PCI-to-PCIe bridge to [bus 01-ff]
pci 0000:00:11.0: bridge window [io 0xe000-0xefff]
pci 0000:01:00.0: PCIe Upstream Port to [bus 02-ff]
pci 0000:01:00.0: bridge window [io 0x0000-0x0fff] # unreachable
pci 0000:02:02.0: PCIe Downstream Port to [bus 05-ff]
pci 0000:02:02.0: bridge window [io 0x0000-0x0fff] # unreachable
pci 0000:05:00.0: PCIe-to-PCI bridge to [bus 06-ff]
pci 0000:05:00.0: bridge window [io 0x0000-0x0fff] # unreachable
pci 0000:06:08.0: USB UHCI 1.1
pci 0000:06:08.0: BAR 4: [io 0xfce0-0xfcff] # unreachable
pci 0000:06:08.1: USB UHCI 1.1
pci 0000:06:08.1: BAR 4: [io 0xfce0-0xfcff] # unreachable
pci 0000:06:08.0: can't claim BAR 4 [io 0xfce0-0xfcff]: no compatible bridge window
pci 0000:06:08.1: can't claim BAR 4 [io 0xfce0-0xfcff]: no compatible bridge window
During the first pass of assigning unassigned resources, there was not
enough I/O space available, so we couldn't assign the 06:08.0 BAR and
reverted to the firmware assignment (still unreachable). Reverting the
06:08.1 assignment failed because it conflicted with 06:08.0:
pci 0000:00:11.0: bridge window [io 0xe000-0xefff]
pci 0000:01:00.0: no space for bridge window [io size 0x2000]
pci 0000:02:02.0: no space for bridge window [io size 0x1000]
pci 0000:05:00.0: no space for bridge window [io size 0x1000]
pci 0000:06:08.0: BAR 4: no space for [io size 0x0020]
pci 0000:06:08.0: BAR 4: trying firmware assignment [io 0xfce0-0xfcff]
pci 0000:06:08.1: BAR 4: no space for [io size 0x0020]
pci 0000:06:08.1: BAR 4: trying firmware assignment [io 0xfce0-0xfcff]
pci 0000:06:08.1: BAR 4: [io 0xfce0-0xfcff] conflicts with 0000:06:08.0 [io 0xfce0-0xfcff]
A subsequent pass assigned valid bridge windows and a valid 06:08.1 BAR,
but left the 06:08.0 BAR alone, so the UHCI device was still unusable:
pci 0000:00:11.0: bridge window [io 0xe000-0xefff] released
pci 0000:00:11.0: bridge window [io 0x1000-0x2fff] # reassigned
pci 0000:01:00.0: bridge window [io 0x1000-0x2fff] # reassigned
pci 0000:02:02.0: bridge window [io 0x2000-0x2fff] # reassigned
pci 0000:05:00.0: bridge window [io 0x2000-0x2fff] # reassigned
pci 0000:06:08.0: BAR 4: assigned [io 0xfce0-0xfcff] # left alone
pci 0000:06:08.1: BAR 4: assigned [io 0x2000-0x201f]
...
uhci_hcd 0000:06:08.0: host system error, PCI problems?
uhci_hcd 0000:06:08.0: host controller process error, something bad happened!
uhci_hcd 0000:06:08.0: host controller halted, very bad!
uhci_hcd 0000:06:08.0: HCRESET not completed yet!
uhci_hcd 0000:06:08.0: HC died; cleaning up
If the address assigned by firmware is not reachable because it's not
within upstream bridge windows, fail instead of assigning the unusable
address from firmware.
[bhelgaas: commit log, use pci_upstream_bridge()]
Link: https://bugzilla.kernel.org/show_bug.cgi?id=16263
Link: https://lore.kernel.org/r/alpine.DEB.2.21.2203012338460.46819@angie.orcam.me.uk
Link: https://lore.kernel.org/r/alpine.DEB.2.21.2209211921250.29493@angie.orcam.me.uk
Fixes: 58c84eda0756 ("PCI: fall back to original BIOS BAR addresses")
Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org # v2.6.35+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/setup-res.c | 11 +++++++++++
1 file changed, 11 insertions(+)
--- a/drivers/pci/setup-res.c
+++ b/drivers/pci/setup-res.c
@@ -210,6 +210,17 @@ static int pci_revert_fw_address(struct
root = pci_find_parent_resource(dev, res);
if (!root) {
+ /*
+ * If dev is behind a bridge, accesses will only reach it
+ * if res is inside the relevant bridge window.
+ */
+ if (pci_upstream_bridge(dev))
+ return -ENXIO;
+
+ /*
+ * On the root bus, assume the host bridge will forward
+ * everything.
+ */
if (res->flags & IORESOURCE_IO)
root = &ioport_resource;
else
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 044/390] serial: 8250: Let drivers request full 16550A feature probing
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 043/390] PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 17:27 ` Pavel Machek
2022-10-24 11:27 ` [PATCH 5.10 045/390] powercap: intel_rapl: Use standard Energy Unit for SPR Dram RAPL domain Greg Kroah-Hartman
` (351 subsequent siblings)
395 siblings, 1 reply; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anders Blomdell, Maciej W. Rozycki
From: Maciej W. Rozycki <macro@orcam.me.uk>
commit 9906890c89e4dbd900ed87ad3040080339a7f411 upstream.
A SERIAL_8250_16550A_VARIANTS configuration option has been recently
defined that lets one request the 8250 driver not to probe for 16550A
device features so as to reduce the driver's device startup time in
virtual machines.
Some actual hardware devices require these features to have been fully
determined however for their driver to work correctly, so define a flag
to let drivers request full 16550A feature probing on a device-by-device
basis if required regardless of the SERIAL_8250_16550A_VARIANTS option
setting chosen.
Fixes: dc56ecb81a0a ("serial: 8250: Support disabling mdelay-filled probes of 16550A variants")
Cc: stable@vger.kernel.org # v5.6+
Reported-by: Anders Blomdell <anders.blomdell@control.lth.se>
Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk>
Link: https://lore.kernel.org/r/alpine.DEB.2.21.2209202357520.41633@angie.orcam.me.uk
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/8250/8250_port.c | 3 ++-
include/linux/serial_core.h | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/tty/serial/8250/8250_port.c
+++ b/drivers/tty/serial/8250/8250_port.c
@@ -1021,7 +1021,8 @@ static void autoconfig_16550a(struct uar
up->port.type = PORT_16550A;
up->capabilities |= UART_CAP_FIFO;
- if (!IS_ENABLED(CONFIG_SERIAL_8250_16550A_VARIANTS))
+ if (!IS_ENABLED(CONFIG_SERIAL_8250_16550A_VARIANTS) &&
+ !(up->port.flags & UPF_FULL_PROBE))
return;
/*
--- a/include/linux/serial_core.h
+++ b/include/linux/serial_core.h
@@ -100,7 +100,7 @@ struct uart_icount {
__u32 buf_overrun;
};
-typedef unsigned int __bitwise upf_t;
+typedef u64 __bitwise upf_t;
typedef unsigned int __bitwise upstat_t;
struct uart_port {
@@ -207,6 +207,7 @@ struct uart_port {
#define UPF_FIXED_PORT ((__force upf_t) (1 << 29))
#define UPF_DEAD ((__force upf_t) (1 << 30))
#define UPF_IOREMAP ((__force upf_t) (1 << 31))
+#define UPF_FULL_PROBE ((__force upf_t) (1ULL << 32))
#define __UPF_CHANGE_MASK 0x17fff
#define UPF_CHANGE_MASK ((__force upf_t) __UPF_CHANGE_MASK)
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 045/390] powercap: intel_rapl: Use standard Energy Unit for SPR Dram RAPL domain
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 044/390] serial: 8250: Let drivers request full 16550A feature probing Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 046/390] powerpc/boot: Explicitly disable usage of SPE instructions Greg Kroah-Hartman
` (350 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Rui, Wang Wendy, Rafael J. Wysocki
From: Zhang Rui <rui.zhang@intel.com>
commit 4c081324df5608b73428662ca54d5221ea03a6bd upstream.
Intel Xeon servers used to use a fixed energy resolution (15.3uj) for
Dram RAPL domain. But on SPR, Dram RAPL domain follows the standard
energy resolution as described in MSR_RAPL_POWER_UNIT.
Remove the SPR dram_domain_energy_unit quirk.
Fixes: 2d798d9f5967 ("powercap: intel_rapl: add support for Sapphire Rapids")
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Tested-by: Wang Wendy <wendy.wang@intel.com>
Cc: 5.9+ <stable@vger.kernel.org> # 5.9+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/powercap/intel_rapl_common.c | 1 -
1 file changed, 1 deletion(-)
--- a/drivers/powercap/intel_rapl_common.c
+++ b/drivers/powercap/intel_rapl_common.c
@@ -979,7 +979,6 @@ static const struct rapl_defaults rapl_d
.check_unit = rapl_check_unit_core,
.set_floor_freq = set_floor_freq_default,
.compute_time_window = rapl_compute_time_window_core,
- .dram_domain_energy_unit = 15300,
.psys_domain_energy_unit = 1000000000,
};
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 046/390] powerpc/boot: Explicitly disable usage of SPE instructions
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 045/390] powercap: intel_rapl: Use standard Energy Unit for SPR Dram RAPL domain Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 047/390] scsi: qedf: Populate sysfs attributes for vport Greg Kroah-Hartman
` (349 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Michael Ellerman
From: Pali Rohár <pali@kernel.org>
commit 110a58b9f91c66f743c01a2c217243d94c899c23 upstream.
uImage boot wrapper should not use SPE instructions, like kernel itself.
Boot wrapper has already disabled Altivec and VSX instructions but not SPE.
Options -mno-spe and -mspe=no already set when compilation of kernel, but
not when compiling uImage wrapper yet. Fix it.
Cc: stable@vger.kernel.org
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220827134454.17365-1-pali@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/boot/Makefile | 1 +
1 file changed, 1 insertion(+)
--- a/arch/powerpc/boot/Makefile
+++ b/arch/powerpc/boot/Makefile
@@ -30,6 +30,7 @@ endif
BOOTCFLAGS := -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \
-fno-strict-aliasing -O2 -msoft-float -mno-altivec -mno-vsx \
+ $(call cc-option,-mno-spe) $(call cc-option,-mspe=no) \
-pipe -fomit-frame-pointer -fno-builtin -fPIC -nostdinc \
$(LINUXINCLUDE)
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 047/390] scsi: qedf: Populate sysfs attributes for vport
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 046/390] powerpc/boot: Explicitly disable usage of SPE instructions Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 048/390] fbdev: smscufx: Fix use-after-free in ufx_ops_open() Greg Kroah-Hartman
` (348 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guangwu Zhang, John Meneghini,
Saurav Kashyap, Nilesh Javali, Martin K. Petersen
From: Saurav Kashyap <skashyap@marvell.com>
commit 592642e6b11e620e4b43189f8072752429fc8dc3 upstream.
Few vport parameters were displayed by systool as 'Unknown' or 'NULL'.
Copy speed, supported_speed, frame_size and update port_type for NPIV port.
Link: https://lore.kernel.org/r/20220919134434.3513-1-njavali@marvell.com
Cc: stable@vger.kernel.org
Tested-by: Guangwu Zhang <guazhang@redhat.com>
Reviewed-by: John Meneghini <jmeneghi@redhat.com>
Signed-off-by: Saurav Kashyap <skashyap@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qedf/qedf_main.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
--- a/drivers/scsi/qedf/qedf_main.c
+++ b/drivers/scsi/qedf/qedf_main.c
@@ -1917,6 +1917,27 @@ static int qedf_vport_create(struct fc_v
fc_vport_setlink(vn_port);
}
+ /* Set symbolic node name */
+ if (base_qedf->pdev->device == QL45xxx)
+ snprintf(fc_host_symbolic_name(vn_port->host), 256,
+ "Marvell FastLinQ 45xxx FCoE v%s", QEDF_VERSION);
+
+ if (base_qedf->pdev->device == QL41xxx)
+ snprintf(fc_host_symbolic_name(vn_port->host), 256,
+ "Marvell FastLinQ 41xxx FCoE v%s", QEDF_VERSION);
+
+ /* Set supported speed */
+ fc_host_supported_speeds(vn_port->host) = n_port->link_supported_speeds;
+
+ /* Set speed */
+ vn_port->link_speed = n_port->link_speed;
+
+ /* Set port type */
+ fc_host_port_type(vn_port->host) = FC_PORTTYPE_NPIV;
+
+ /* Set maxframe size */
+ fc_host_maxframe_size(vn_port->host) = n_port->mfs;
+
QEDF_INFO(&(base_qedf->dbg_ctx), QEDF_LOG_NPIV, "vn_port=%p.\n",
vn_port);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 048/390] fbdev: smscufx: Fix use-after-free in ufx_ops_open()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 047/390] scsi: qedf: Populate sysfs attributes for vport Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 049/390] btrfs: fix race between quota enable and quota rescan ioctl Greg Kroah-Hartman
` (347 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hyunwoo Kim, Helge Deller
From: Hyunwoo Kim <imv4bel@gmail.com>
commit 5610bcfe8693c02e2e4c8b31427f1bdbdecc839c upstream.
A race condition may occur if the user physically removes the
USB device while calling open() for this device node.
This is a race condition between the ufx_ops_open() function and
the ufx_usb_disconnect() function, which may eventually result in UAF.
So, add a mutex to the ufx_ops_open() and ufx_usb_disconnect() functions
to avoid race contidion of krefs.
Signed-off-by: Hyunwoo Kim <imv4bel@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/fbdev/smscufx.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
--- a/drivers/video/fbdev/smscufx.c
+++ b/drivers/video/fbdev/smscufx.c
@@ -137,6 +137,8 @@ static int ufx_submit_urb(struct ufx_dat
static int ufx_alloc_urb_list(struct ufx_data *dev, int count, size_t size);
static void ufx_free_urb_list(struct ufx_data *dev);
+static DEFINE_MUTEX(disconnect_mutex);
+
/* reads a control register */
static int ufx_reg_read(struct ufx_data *dev, u32 index, u32 *data)
{
@@ -1070,9 +1072,13 @@ static int ufx_ops_open(struct fb_info *
if (user == 0 && !console)
return -EBUSY;
+ mutex_lock(&disconnect_mutex);
+
/* If the USB device is gone, we don't accept new opens */
- if (dev->virtualized)
+ if (dev->virtualized) {
+ mutex_unlock(&disconnect_mutex);
return -ENODEV;
+ }
dev->fb_count++;
@@ -1096,6 +1102,8 @@ static int ufx_ops_open(struct fb_info *
pr_debug("open /dev/fb%d user=%d fb_info=%p count=%d",
info->node, user, info, dev->fb_count);
+ mutex_unlock(&disconnect_mutex);
+
return 0;
}
@@ -1740,6 +1748,8 @@ static void ufx_usb_disconnect(struct us
{
struct ufx_data *dev;
+ mutex_lock(&disconnect_mutex);
+
dev = usb_get_intfdata(interface);
pr_debug("USB disconnect starting\n");
@@ -1760,6 +1770,8 @@ static void ufx_usb_disconnect(struct us
kref_put(&dev->kref, ufx_free);
/* consider ufx_data freed */
+
+ mutex_unlock(&disconnect_mutex);
}
static struct usb_driver ufx_driver = {
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 049/390] btrfs: fix race between quota enable and quota rescan ioctl
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 048/390] fbdev: smscufx: Fix use-after-free in ufx_ops_open() Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 050/390] f2fs: increase the limit for reserve_root Greg Kroah-Hartman
` (346 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ye Bin, Qu Wenruo, Filipe Manana,
David Sterba
From: Filipe Manana <fdmanana@suse.com>
commit 331cd9461412e103d07595a10289de90004ac890 upstream.
When enabling quotas, at btrfs_quota_enable(), after committing the
transaction, we change fs_info->quota_root to point to the quota root we
created and set BTRFS_FS_QUOTA_ENABLED at fs_info->flags. Then we try
to start the qgroup rescan worker, first by initializing it with a call
to qgroup_rescan_init() - however if that fails we end up freeing the
quota root but we leave fs_info->quota_root still pointing to it, this
can later result in a use-after-free somewhere else.
We have previously set the flags BTRFS_FS_QUOTA_ENABLED and
BTRFS_QGROUP_STATUS_FLAG_ON, so we can only fail with -EINPROGRESS at
btrfs_quota_enable(), which is possible if someone already called the
quota rescan ioctl, and therefore started the rescan worker.
So fix this by ignoring an -EINPROGRESS and asserting we can't get any
other error.
Reported-by: Ye Bin <yebin10@huawei.com>
Link: https://lore.kernel.org/linux-btrfs/20220823015931.421355-1-yebin10@huawei.com/
CC: stable@vger.kernel.org # 4.19+
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/qgroup.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
--- a/fs/btrfs/qgroup.c
+++ b/fs/btrfs/qgroup.c
@@ -1158,6 +1158,21 @@ out_add_root:
fs_info->qgroup_rescan_running = true;
btrfs_queue_work(fs_info->qgroup_rescan_workers,
&fs_info->qgroup_rescan_work);
+ } else {
+ /*
+ * We have set both BTRFS_FS_QUOTA_ENABLED and
+ * BTRFS_QGROUP_STATUS_FLAG_ON, so we can only fail with
+ * -EINPROGRESS. That can happen because someone started the
+ * rescan worker by calling quota rescan ioctl before we
+ * attempted to initialize the rescan worker. Failure due to
+ * quotas disabled in the meanwhile is not possible, because
+ * we are holding a write lock on fs_info->subvol_sem, which
+ * is also acquired when disabling quotas.
+ * Ignore such error, and any other error would need to undo
+ * everything we did in the transaction we just committed.
+ */
+ ASSERT(ret == -EINPROGRESS);
+ ret = 0;
}
out_free_path:
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 050/390] f2fs: increase the limit for reserve_root
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 049/390] btrfs: fix race between quota enable and quota rescan ioctl Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 051/390] f2fs: fix to do sanity check on destination blkaddr during recovery Greg Kroah-Hartman
` (345 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aran Dalton, Chao Yu, Jaegeuk Kim
From: Jaegeuk Kim <jaegeuk@kernel.org>
commit da35fe96d12d15779f3cb74929b7ed03941cf983 upstream.
This patch increases the threshold that limits the reserved root space from 0.2%
to 12.5% by using simple shift operation.
Typically Android sets 128MB, but if the storage capacity is 32GB, 0.2% which is
around 64MB becomes too small. Let's relax it.
Cc: stable@vger.kernel.org
Reported-by: Aran Dalton <arda@allwinnertech.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/super.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -267,10 +267,10 @@ static int f2fs_sb_read_encoding(const s
static inline void limit_reserve_root(struct f2fs_sb_info *sbi)
{
- block_t limit = min((sbi->user_block_count << 1) / 1000,
+ block_t limit = min((sbi->user_block_count >> 3),
sbi->user_block_count - sbi->reserved_blocks);
- /* limit is 0.2% */
+ /* limit is 12.5% */
if (test_opt(sbi, RESERVE_ROOT) &&
F2FS_OPTION(sbi).root_reserved_blocks > limit) {
F2FS_OPTION(sbi).root_reserved_blocks = limit;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 051/390] f2fs: fix to do sanity check on destination blkaddr during recovery
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 050/390] f2fs: increase the limit for reserve_root Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 052/390] f2fs: fix to do sanity check on summary info Greg Kroah-Hartman
` (344 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wenqing Liu, Chao Yu, Jaegeuk Kim
From: Chao Yu <chao@kernel.org>
commit 0ef4ca04a3f9223ff8bc440041c524b2123e09a3 upstream.
As Wenqing Liu reported in bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=216456
loop5: detected capacity change from 0 to 131072
F2FS-fs (loop5): recover_inode: ino = 6, name = hln, inline = 1
F2FS-fs (loop5): recover_data: ino = 6 (i_size: recover) err = 0
F2FS-fs (loop5): recover_inode: ino = 6, name = hln, inline = 1
F2FS-fs (loop5): recover_data: ino = 6 (i_size: recover) err = 0
F2FS-fs (loop5): recover_inode: ino = 6, name = hln, inline = 1
F2FS-fs (loop5): recover_data: ino = 6 (i_size: recover) err = 0
F2FS-fs (loop5): Bitmap was wrongly set, blk:5634
------------[ cut here ]------------
WARNING: CPU: 3 PID: 1013 at fs/f2fs/segment.c:2198
RIP: 0010:update_sit_entry+0xa55/0x10b0 [f2fs]
Call Trace:
<TASK>
f2fs_do_replace_block+0xa98/0x1890 [f2fs]
f2fs_replace_block+0xeb/0x180 [f2fs]
recover_data+0x1a69/0x6ae0 [f2fs]
f2fs_recover_fsync_data+0x120d/0x1fc0 [f2fs]
f2fs_fill_super+0x4665/0x61e0 [f2fs]
mount_bdev+0x2cf/0x3b0
legacy_get_tree+0xed/0x1d0
vfs_get_tree+0x81/0x2b0
path_mount+0x47e/0x19d0
do_mount+0xce/0xf0
__x64_sys_mount+0x12c/0x1a0
do_syscall_64+0x38/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
If we enable CONFIG_F2FS_CHECK_FS config, it will trigger a kernel panic
instead of warning.
The root cause is: in fuzzed image, SIT table is inconsistent with inode
mapping table, result in triggering such warning during SIT table update.
This patch introduces a new flag DATA_GENERIC_ENHANCE_UPDATE, w/ this
flag, data block recovery flow can check destination blkaddr's validation
in SIT table, and skip f2fs_replace_block() to avoid inconsistent status.
Cc: stable@vger.kernel.org
Reported-by: Wenqing Liu <wenqingliu0120@gmail.com>
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/checkpoint.c | 10 +++++++++-
fs/f2fs/f2fs.h | 4 ++++
fs/f2fs/recovery.c | 8 ++++++++
3 files changed, 21 insertions(+), 1 deletion(-)
--- a/fs/f2fs/checkpoint.c
+++ b/fs/f2fs/checkpoint.c
@@ -136,7 +136,7 @@ static bool __is_bitmap_valid(struct f2f
unsigned int segno, offset;
bool exist;
- if (type != DATA_GENERIC_ENHANCE && type != DATA_GENERIC_ENHANCE_READ)
+ if (type == DATA_GENERIC)
return true;
segno = GET_SEGNO(sbi, blkaddr);
@@ -144,6 +144,13 @@ static bool __is_bitmap_valid(struct f2f
se = get_seg_entry(sbi, segno);
exist = f2fs_test_bit(offset, se->cur_valid_map);
+ if (exist && type == DATA_GENERIC_ENHANCE_UPDATE) {
+ f2fs_err(sbi, "Inconsistent error blkaddr:%u, sit bitmap:%d",
+ blkaddr, exist);
+ set_sbi_flag(sbi, SBI_NEED_FSCK);
+ return exist;
+ }
+
if (!exist && type == DATA_GENERIC_ENHANCE) {
f2fs_err(sbi, "Inconsistent error blkaddr:%u, sit bitmap:%d",
blkaddr, exist);
@@ -181,6 +188,7 @@ bool f2fs_is_valid_blkaddr(struct f2fs_s
case DATA_GENERIC:
case DATA_GENERIC_ENHANCE:
case DATA_GENERIC_ENHANCE_READ:
+ case DATA_GENERIC_ENHANCE_UPDATE:
if (unlikely(blkaddr >= MAX_BLKADDR(sbi) ||
blkaddr < MAIN_BLKADDR(sbi))) {
f2fs_warn(sbi, "access invalid blkaddr:%u",
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -235,6 +235,10 @@ enum {
* condition of read on truncated area
* by extent_cache
*/
+ DATA_GENERIC_ENHANCE_UPDATE, /*
+ * strong check on range and segment
+ * bitmap for update case
+ */
META_GENERIC,
};
--- a/fs/f2fs/recovery.c
+++ b/fs/f2fs/recovery.c
@@ -661,6 +661,14 @@ retry_prev:
goto err;
}
+ if (f2fs_is_valid_blkaddr(sbi, dest,
+ DATA_GENERIC_ENHANCE_UPDATE)) {
+ f2fs_err(sbi, "Inconsistent dest blkaddr:%u, ino:%lu, ofs:%u",
+ dest, inode->i_ino, dn.ofs_in_node);
+ err = -EFSCORRUPTED;
+ goto err;
+ }
+
/* write dummy data page */
f2fs_replace_block(sbi, &dn, src, dest,
ni.version, false, false);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 052/390] f2fs: fix to do sanity check on summary info
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 051/390] f2fs: fix to do sanity check on destination blkaddr during recovery Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 17:30 ` Pavel Machek
2022-10-24 11:27 ` [PATCH 5.10 053/390] hardening: Clarify Kconfig text for auto-var-init Greg Kroah-Hartman
` (343 subsequent siblings)
395 siblings, 1 reply; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wenqing Liu, Chao Yu, Jaegeuk Kim
From: Chao Yu <chao@kernel.org>
commit c6ad7fd16657ebd34a87a97d9588195aae87597d upstream.
As Wenqing Liu reported in bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=216456
BUG: KASAN: use-after-free in recover_data+0x63ae/0x6ae0 [f2fs]
Read of size 4 at addr ffff8881464dcd80 by task mount/1013
CPU: 3 PID: 1013 Comm: mount Tainted: G W 6.0.0-rc4 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014
Call Trace:
dump_stack_lvl+0x45/0x5e
print_report.cold+0xf3/0x68d
kasan_report+0xa8/0x130
recover_data+0x63ae/0x6ae0 [f2fs]
f2fs_recover_fsync_data+0x120d/0x1fc0 [f2fs]
f2fs_fill_super+0x4665/0x61e0 [f2fs]
mount_bdev+0x2cf/0x3b0
legacy_get_tree+0xed/0x1d0
vfs_get_tree+0x81/0x2b0
path_mount+0x47e/0x19d0
do_mount+0xce/0xf0
__x64_sys_mount+0x12c/0x1a0
do_syscall_64+0x38/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
The root cause is: in fuzzed image, SSA table is corrupted: ofs_in_node
is larger than ADDRS_PER_PAGE(), result in out-of-range access on 4k-size
page.
- recover_data
- do_recover_data
- check_index_in_prev_nodes
- f2fs_data_blkaddr
This patch adds sanity check on summary info in recovery and GC flow
in where the flows rely on them.
After patch:
[ 29.310883] F2FS-fs (loop0): Inconsistent ofs_in_node:65286 in summary, ino:0, nid:6, max:1018
Cc: stable@vger.kernel.org
Reported-by: Wenqing Liu <wenqingliu0120@gmail.com>
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/gc.c | 10 +++++++++-
fs/f2fs/recovery.c | 15 ++++++++++++---
2 files changed, 21 insertions(+), 4 deletions(-)
--- a/fs/f2fs/gc.c
+++ b/fs/f2fs/gc.c
@@ -977,7 +977,7 @@ static bool is_alive(struct f2fs_sb_info
{
struct page *node_page;
nid_t nid;
- unsigned int ofs_in_node;
+ unsigned int ofs_in_node, max_addrs;
block_t source_blkaddr;
nid = le32_to_cpu(sum->nid);
@@ -1003,6 +1003,14 @@ static bool is_alive(struct f2fs_sb_info
return false;
}
+ max_addrs = IS_INODE(node_page) ? DEF_ADDRS_PER_INODE :
+ DEF_ADDRS_PER_BLOCK;
+ if (ofs_in_node >= max_addrs) {
+ f2fs_err(sbi, "Inconsistent ofs_in_node:%u in summary, ino:%u, nid:%u, max:%u",
+ ofs_in_node, dni->ino, dni->nid, max_addrs);
+ return false;
+ }
+
*nofs = ofs_of_node(node_page);
source_blkaddr = data_blkaddr(NULL, node_page, ofs_in_node);
f2fs_put_page(node_page, 1);
--- a/fs/f2fs/recovery.c
+++ b/fs/f2fs/recovery.c
@@ -437,7 +437,7 @@ static int check_index_in_prev_nodes(str
struct dnode_of_data tdn = *dn;
nid_t ino, nid;
struct inode *inode;
- unsigned int offset;
+ unsigned int offset, ofs_in_node, max_addrs;
block_t bidx;
int i;
@@ -463,15 +463,24 @@ static int check_index_in_prev_nodes(str
got_it:
/* Use the locked dnode page and inode */
nid = le32_to_cpu(sum.nid);
+ ofs_in_node = le16_to_cpu(sum.ofs_in_node);
+
+ max_addrs = ADDRS_PER_PAGE(dn->node_page, dn->inode);
+ if (ofs_in_node >= max_addrs) {
+ f2fs_err(sbi, "Inconsistent ofs_in_node:%u in summary, ino:%lu, nid:%u, max:%u",
+ ofs_in_node, dn->inode->i_ino, nid, max_addrs);
+ return -EFSCORRUPTED;
+ }
+
if (dn->inode->i_ino == nid) {
tdn.nid = nid;
if (!dn->inode_page_locked)
lock_page(dn->inode_page);
tdn.node_page = dn->inode_page;
- tdn.ofs_in_node = le16_to_cpu(sum.ofs_in_node);
+ tdn.ofs_in_node = ofs_in_node;
goto truncate_out;
} else if (dn->nid == nid) {
- tdn.ofs_in_node = le16_to_cpu(sum.ofs_in_node);
+ tdn.ofs_in_node = ofs_in_node;
goto truncate_out;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 053/390] hardening: Clarify Kconfig text for auto-var-init
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 052/390] f2fs: fix to do sanity check on summary info Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 054/390] hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO Greg Kroah-Hartman
` (342 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, glider, Nathan Chancellor,
Nick Desaulniers, linux-security-module, clang-built-linux,
Kees Cook, Gustavo A. R. Silva
From: Kees Cook <keescook@chromium.org>
commit dcb7c0b9461c2a30f6616262736daac6f01ecb09 upstream.
Clarify the details around the automatic variable initialization modes
available. Specifically this details the values used for pattern init
and expands on the rationale for zero init safety. Additionally makes
zero init the default when available.
Cc: glider@google.com
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: linux-security-module@vger.kernel.org
Cc: clang-built-linux@googlegroups.com
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/Kconfig.hardening | 52 +++++++++++++++++++++++++++------------------
1 file changed, 32 insertions(+), 20 deletions(-)
--- a/security/Kconfig.hardening
+++ b/security/Kconfig.hardening
@@ -29,6 +29,7 @@ choice
prompt "Initialize kernel stack variables at function entry"
default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS
default INIT_STACK_ALL_PATTERN if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT_PATTERN
+ default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_PATTERN
default INIT_STACK_NONE
help
This option enables initialization of stack variables at
@@ -39,11 +40,11 @@ choice
syscalls.
This chooses the level of coverage over classes of potentially
- uninitialized variables. The selected class will be
+ uninitialized variables. The selected class of variable will be
initialized before use in a function.
config INIT_STACK_NONE
- bool "no automatic initialization (weakest)"
+ bool "no automatic stack variable initialization (weakest)"
help
Disable automatic stack variable initialization.
This leaves the kernel vulnerable to the standard
@@ -80,7 +81,7 @@ choice
and is disallowed.
config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
- bool "zero-init anything passed by reference (very strong)"
+ bool "zero-init everything passed by reference (very strong)"
depends on GCC_PLUGINS
depends on !(KASAN && KASAN_STACK=1)
select GCC_PLUGIN_STRUCTLEAK
@@ -91,33 +92,44 @@ choice
of uninitialized stack variable exploits and information
exposures.
+ As a side-effect, this keeps a lot of variables on the
+ stack that can otherwise be optimized out, so combining
+ this with CONFIG_KASAN_STACK can lead to a stack overflow
+ and is disallowed.
+
config INIT_STACK_ALL_PATTERN
- bool "0xAA-init everything on the stack (strongest)"
+ bool "pattern-init everything (strongest)"
depends on CC_HAS_AUTO_VAR_INIT_PATTERN
help
- Initializes everything on the stack with a 0xAA
- pattern. This is intended to eliminate all classes
- of uninitialized stack variable exploits and information
- exposures, even variables that were warned to have been
- left uninitialized.
+ Initializes everything on the stack (including padding)
+ with a specific debug value. This is intended to eliminate
+ all classes of uninitialized stack variable exploits and
+ information exposures, even variables that were warned about
+ having been left uninitialized.
Pattern initialization is known to provoke many existing bugs
related to uninitialized locals, e.g. pointers receive
- non-NULL values, buffer sizes and indices are very big.
+ non-NULL values, buffer sizes and indices are very big. The
+ pattern is situation-specific; Clang on 64-bit uses 0xAA
+ repeating for all types and padding except float and double
+ which use 0xFF repeating (-NaN). Clang on 32-bit uses 0xFF
+ repeating for all types and padding.
config INIT_STACK_ALL_ZERO
- bool "zero-init everything on the stack (strongest and safest)"
+ bool "zero-init everything (strongest and safest)"
depends on CC_HAS_AUTO_VAR_INIT_ZERO
help
- Initializes everything on the stack with a zero
- value. This is intended to eliminate all classes
- of uninitialized stack variable exploits and information
- exposures, even variables that were warned to have been
- left uninitialized.
-
- Zero initialization provides safe defaults for strings,
- pointers, indices and sizes, and is therefore
- more suitable as a security mitigation measure.
+ Initializes everything on the stack (including padding)
+ with a zero value. This is intended to eliminate all
+ classes of uninitialized stack variable exploits and
+ information exposures, even variables that were warned
+ about having been left uninitialized.
+
+ Zero initialization provides safe defaults for strings
+ (immediately NUL-terminated), pointers (NULL), indices
+ (index 0), and sizes (0 length), so it is therefore more
+ suitable as a production security mitigation than pattern
+ initialization.
endchoice
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 054/390] hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 053/390] hardening: Clarify Kconfig text for auto-var-init Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 055/390] hardening: Remove Clangs enable flag for -ftrivial-auto-var-init=zero Greg Kroah-Hartman
` (341 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Masahiro Yamada, llvm, Will Deacon,
Nick Desaulniers, Nathan Chancellor, Kees Cook
From: Kees Cook <keescook@chromium.org>
commit f02003c860d921171be4a27e2893766eb3bc6871 upstream.
Currently under Clang, CC_HAS_AUTO_VAR_INIT_ZERO requires an extra
-enable flag compared to CC_HAS_AUTO_VAR_INIT_PATTERN. GCC 12[1] will
not, and will happily ignore the Clang-specific flag. However, its
presence on the command-line is both cumbersome and confusing. Due to
GCC's tolerant behavior, though, we can continue to use a single Kconfig
cc-option test for the feature on both compilers, but then drop the
Clang-specific option in the Makefile.
In other words, this patch does not change anything other than making the
compiler command line shorter once GCC supports -ftrivial-auto-var-init=zero.
[1] https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=a25e0b5e6ac8a77a71c229e0a7b744603365b0e9
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: llvm@lists.linux.dev
Fixes: dcb7c0b9461c ("hardening: Clarify Kconfig text for auto-var-init")
Suggested-by: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/lkml/20210914102837.6172-1-will@kernel.org/
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Makefile | 6 +++---
security/Kconfig.hardening | 5 ++++-
2 files changed, 7 insertions(+), 4 deletions(-)
--- a/Makefile
+++ b/Makefile
@@ -816,12 +816,12 @@ endif
# Initialize all stack variables with a zero value.
ifdef CONFIG_INIT_STACK_ALL_ZERO
-# Future support for zero initialization is still being debated, see
-# https://bugs.llvm.org/show_bug.cgi?id=45497. These flags are subject to being
-# renamed or dropped.
KBUILD_CFLAGS += -ftrivial-auto-var-init=zero
+ifdef CONFIG_CC_IS_CLANG
+# https://bugs.llvm.org/show_bug.cgi?id=45497
KBUILD_CFLAGS += -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
endif
+endif
DEBUG_CFLAGS :=
--- a/security/Kconfig.hardening
+++ b/security/Kconfig.hardening
@@ -23,13 +23,16 @@ config CC_HAS_AUTO_VAR_INIT_PATTERN
def_bool $(cc-option,-ftrivial-auto-var-init=pattern)
config CC_HAS_AUTO_VAR_INIT_ZERO
+ # GCC ignores the -enable flag, so we can test for the feature with
+ # a single invocation using the flag, but drop it as appropriate in
+ # the Makefile, depending on the presence of Clang.
def_bool $(cc-option,-ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang)
choice
prompt "Initialize kernel stack variables at function entry"
default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS
default INIT_STACK_ALL_PATTERN if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT_PATTERN
- default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_PATTERN
+ default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_ZERO
default INIT_STACK_NONE
help
This option enables initialization of stack variables at
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 055/390] hardening: Remove Clangs enable flag for -ftrivial-auto-var-init=zero
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 054/390] hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 056/390] jbd2: wake up journal waiters in FIFO order, not LIFO Greg Kroah-Hartman
` (340 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nathan Chancellor, Masahiro Yamada,
Nick Desaulniers, linux-kbuild, llvm, Kees Cook
From: Kees Cook <keescook@chromium.org>
commit 607e57c6c62c00965ae276902c166834ce73014a upstream.
Now that Clang's -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
option is no longer required, remove it from the command line. Clang 16
and later will warn when it is used, which will cause Kconfig to think
it can't use -ftrivial-auto-var-init=zero at all. Check for whether it
is required and only use it when so.
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: linux-kbuild@vger.kernel.org
Cc: llvm@lists.linux.dev
Cc: stable@vger.kernel.org
Fixes: f02003c860d9 ("hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO")
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Makefile | 4 ++--
security/Kconfig.hardening | 14 ++++++++++----
2 files changed, 12 insertions(+), 6 deletions(-)
--- a/Makefile
+++ b/Makefile
@@ -817,8 +817,8 @@ endif
# Initialize all stack variables with a zero value.
ifdef CONFIG_INIT_STACK_ALL_ZERO
KBUILD_CFLAGS += -ftrivial-auto-var-init=zero
-ifdef CONFIG_CC_IS_CLANG
-# https://bugs.llvm.org/show_bug.cgi?id=45497
+ifdef CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO_ENABLER
+# https://github.com/llvm/llvm-project/issues/44842
KBUILD_CFLAGS += -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
endif
endif
--- a/security/Kconfig.hardening
+++ b/security/Kconfig.hardening
@@ -22,11 +22,17 @@ menu "Memory initialization"
config CC_HAS_AUTO_VAR_INIT_PATTERN
def_bool $(cc-option,-ftrivial-auto-var-init=pattern)
-config CC_HAS_AUTO_VAR_INIT_ZERO
- # GCC ignores the -enable flag, so we can test for the feature with
- # a single invocation using the flag, but drop it as appropriate in
- # the Makefile, depending on the presence of Clang.
+config CC_HAS_AUTO_VAR_INIT_ZERO_BARE
+ def_bool $(cc-option,-ftrivial-auto-var-init=zero)
+
+config CC_HAS_AUTO_VAR_INIT_ZERO_ENABLER
+ # Clang 16 and later warn about using the -enable flag, but it
+ # is required before then.
def_bool $(cc-option,-ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang)
+ depends on !CC_HAS_AUTO_VAR_INIT_ZERO_BARE
+
+config CC_HAS_AUTO_VAR_INIT_ZERO
+ def_bool CC_HAS_AUTO_VAR_INIT_ZERO_BARE || CC_HAS_AUTO_VAR_INIT_ZERO_ENABLER
choice
prompt "Initialize kernel stack variables at function entry"
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 056/390] jbd2: wake up journal waiters in FIFO order, not LIFO
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 055/390] hardening: Remove Clangs enable flag for -ftrivial-auto-var-init=zero Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 057/390] jbd2: fix potential buffer head reference count leak Greg Kroah-Hartman
` (339 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Alexey Lyashkov,
Ritesh Harjani (IBM),
Theodore Tso
From: Andrew Perepechko <anserper@ya.ru>
commit 34fc8768ec6089565d6d73bad26724083cecf7bd upstream.
LIFO wakeup order is unfair and sometimes leads to a journal
user not being able to get a journal handle for hundreds of
transactions in a row.
FIFO wakeup can make things more fair.
Cc: stable@kernel.org
Signed-off-by: Alexey Lyashkov <alexey.lyashkov@gmail.com>
Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Link: https://lore.kernel.org/r/20220907165959.1137482-1-alexey.lyashkov@gmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/jbd2/commit.c | 2 +-
fs/jbd2/transaction.c | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
--- a/fs/jbd2/commit.c
+++ b/fs/jbd2/commit.c
@@ -581,7 +581,7 @@ void jbd2_journal_commit_transaction(jou
journal->j_running_transaction = NULL;
start_time = ktime_get();
commit_transaction->t_log_start = journal->j_head;
- wake_up(&journal->j_wait_transaction_locked);
+ wake_up_all(&journal->j_wait_transaction_locked);
write_unlock(&journal->j_state_lock);
jbd_debug(3, "JBD2: commit phase 2a\n");
--- a/fs/jbd2/transaction.c
+++ b/fs/jbd2/transaction.c
@@ -173,7 +173,7 @@ static void wait_transaction_locked(jour
int need_to_start;
tid_t tid = journal->j_running_transaction->t_tid;
- prepare_to_wait(&journal->j_wait_transaction_locked, &wait,
+ prepare_to_wait_exclusive(&journal->j_wait_transaction_locked, &wait,
TASK_UNINTERRUPTIBLE);
need_to_start = !tid_geq(journal->j_commit_request, tid);
read_unlock(&journal->j_state_lock);
@@ -199,7 +199,7 @@ static void wait_transaction_switching(j
read_unlock(&journal->j_state_lock);
return;
}
- prepare_to_wait(&journal->j_wait_transaction_locked, &wait,
+ prepare_to_wait_exclusive(&journal->j_wait_transaction_locked, &wait,
TASK_UNINTERRUPTIBLE);
read_unlock(&journal->j_state_lock);
/*
@@ -894,7 +894,7 @@ void jbd2_journal_unlock_updates (journa
write_lock(&journal->j_state_lock);
--journal->j_barrier_count;
write_unlock(&journal->j_state_lock);
- wake_up(&journal->j_wait_transaction_locked);
+ wake_up_all(&journal->j_wait_transaction_locked);
}
static void warn_dirty_buffer(struct buffer_head *bh)
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 057/390] jbd2: fix potential buffer head reference count leak
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 056/390] jbd2: wake up journal waiters in FIFO order, not LIFO Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 058/390] jbd2: fix potential use-after-free in jbd2_fc_wait_bufs Greg Kroah-Hartman
` (338 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Ye Bin, Jan Kara, Theodore Tso
From: Ye Bin <yebin10@huawei.com>
commit e0d5fc7a6d80ac2406c7dfc6bb625201d0250a8a upstream.
As in 'jbd2_fc_wait_bufs' if buffer isn't uptodate, will return -EIO without
update 'journal->j_fc_off'. But 'jbd2_fc_release_bufs' will release buffer head
from ‘j_fc_off - 1’ if 'bh' is NULL will terminal release which will lead to
buffer head buffer head reference count leak.
To solve above issue, update 'journal->j_fc_off' before return -EIO.
Cc: stable@kernel.org
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220914100812.1414768-2-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/jbd2/journal.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/fs/jbd2/journal.c
+++ b/fs/jbd2/journal.c
@@ -926,8 +926,14 @@ int jbd2_fc_wait_bufs(journal_t *journal
wait_on_buffer(bh);
put_bh(bh);
journal->j_fc_wbuf[i] = NULL;
- if (unlikely(!buffer_uptodate(bh)))
+ /*
+ * Update j_fc_off so jbd2_fc_release_bufs can release remain
+ * buffer head.
+ */
+ if (unlikely(!buffer_uptodate(bh))) {
+ journal->j_fc_off = i;
return -EIO;
+ }
}
return 0;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 058/390] jbd2: fix potential use-after-free in jbd2_fc_wait_bufs
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 057/390] jbd2: fix potential buffer head reference count leak Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 059/390] jbd2: add miss release buffer head in fc_do_one_pass() Greg Kroah-Hartman
` (337 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Ye Bin, Jan Kara, Theodore Tso
From: Ye Bin <yebin10@huawei.com>
commit 243d1a5d505d0b0460c9af0ad56ed4a56ef0bebd upstream.
In 'jbd2_fc_wait_bufs' use 'bh' after put buffer head reference count
which may lead to use-after-free.
So judge buffer if uptodate before put buffer head reference count.
Cc: stable@kernel.org
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220914100812.1414768-3-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/jbd2/journal.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/fs/jbd2/journal.c
+++ b/fs/jbd2/journal.c
@@ -924,16 +924,16 @@ int jbd2_fc_wait_bufs(journal_t *journal
for (i = j_fc_off - 1; i >= j_fc_off - num_blks; i--) {
bh = journal->j_fc_wbuf[i];
wait_on_buffer(bh);
- put_bh(bh);
- journal->j_fc_wbuf[i] = NULL;
/*
* Update j_fc_off so jbd2_fc_release_bufs can release remain
* buffer head.
*/
if (unlikely(!buffer_uptodate(bh))) {
- journal->j_fc_off = i;
+ journal->j_fc_off = i + 1;
return -EIO;
}
+ put_bh(bh);
+ journal->j_fc_wbuf[i] = NULL;
}
return 0;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 059/390] jbd2: add miss release buffer head in fc_do_one_pass()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 058/390] jbd2: fix potential use-after-free in jbd2_fc_wait_bufs Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 060/390] ext4: avoid crash when inline data creation follows DIO write Greg Kroah-Hartman
` (336 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Ye Bin, Jan Kara, Theodore Tso
From: Ye Bin <yebin10@huawei.com>
commit dfff66f30f66b9524b661f311bbed8ff3d2ca49f upstream.
In fc_do_one_pass() miss release buffer head after use which will lead
to reference count leak.
Cc: stable@kernel.org
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220917093805.1782845-1-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/jbd2/recovery.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/jbd2/recovery.c
+++ b/fs/jbd2/recovery.c
@@ -256,6 +256,7 @@ static int fc_do_one_pass(journal_t *jou
err = journal->j_fc_replay_callback(journal, bh, pass,
next_fc_block - journal->j_fc_first,
expected_commit_id);
+ brelse(bh);
next_fc_block++;
if (err < 0 || err == JBD2_FC_REPLAY_STOP)
break;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 060/390] ext4: avoid crash when inline data creation follows DIO write
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 059/390] jbd2: add miss release buffer head in fc_do_one_pass() Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 061/390] ext4: fix null-ptr-deref in ext4_write_info Greg Kroah-Hartman
` (335 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Tadeusz Struk,
syzbot+bd13648a53ed6933ca49, Jan Kara, Lukas Czerner,
Theodore Tso
From: Jan Kara <jack@suse.cz>
commit 4bb26f2885ac6930984ee451b952c5a6042f2c0e upstream.
When inode is created and written to using direct IO, there is nothing
to clear the EXT4_STATE_MAY_INLINE_DATA flag. Thus when inode gets
truncated later to say 1 byte and written using normal write, we will
try to store the data as inline data. This confuses the code later
because the inode now has both normal block and inline data allocated
and the confusion manifests for example as:
kernel BUG at fs/ext4/inode.c:2721!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 359 Comm: repro Not tainted 5.19.0-rc8-00001-g31ba1e3b8305-dirty #15
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.fc36 04/01/2014
RIP: 0010:ext4_writepages+0x363d/0x3660
RSP: 0018:ffffc90000ccf260 EFLAGS: 00010293
RAX: ffffffff81e1abcd RBX: 0000008000000000 RCX: ffff88810842a180
RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000
RBP: ffffc90000ccf650 R08: ffffffff81e17d58 R09: ffffed10222c680b
R10: dfffe910222c680c R11: 1ffff110222c680a R12: ffff888111634128
R13: ffffc90000ccf880 R14: 0000008410000000 R15: 0000000000000001
FS: 00007f72635d2640(0000) GS:ffff88811b000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000565243379180 CR3: 000000010aa74000 CR4: 0000000000150eb0
Call Trace:
<TASK>
do_writepages+0x397/0x640
filemap_fdatawrite_wbc+0x151/0x1b0
file_write_and_wait_range+0x1c9/0x2b0
ext4_sync_file+0x19e/0xa00
vfs_fsync_range+0x17b/0x190
ext4_buffered_write_iter+0x488/0x530
ext4_file_write_iter+0x449/0x1b90
vfs_write+0xbcd/0xf40
ksys_write+0x198/0x2c0
__x64_sys_write+0x7b/0x90
do_syscall_64+0x3d/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
</TASK>
Fix the problem by clearing EXT4_STATE_MAY_INLINE_DATA when we are doing
direct IO write to a file.
Cc: stable@kernel.org
Reported-by: Tadeusz Struk <tadeusz.struk@linaro.org>
Reported-by: syzbot+bd13648a53ed6933ca49@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?id=a1e89d09bbbcbd5c4cb45db230ee28c822953984
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Tested-by: Tadeusz Struk<tadeusz.struk@linaro.org>
Link: https://lore.kernel.org/r/20220727155753.13969-1-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/file.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -529,6 +529,12 @@ static ssize_t ext4_dio_write_iter(struc
ret = -EAGAIN;
goto out;
}
+ /*
+ * Make sure inline data cannot be created anymore since we are going
+ * to allocate blocks for DIO. We know the inode does not have any
+ * inline data now because ext4_dio_supported() checked for that.
+ */
+ ext4_clear_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA);
offset = iocb->ki_pos;
count = ret;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 061/390] ext4: fix null-ptr-deref in ext4_write_info
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 060/390] ext4: avoid crash when inline data creation follows DIO write Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 062/390] ext4: make ext4_lazyinit_thread freezable Greg Kroah-Hartman
` (334 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Baokun Li, Jan Kara, Theodore Tso
From: Baokun Li <libaokun1@huawei.com>
commit f9c1f248607d5546075d3f731e7607d5571f2b60 upstream.
I caught a null-ptr-deref bug as follows:
==================================================================
KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]
CPU: 1 PID: 1589 Comm: umount Not tainted 5.10.0-02219-dirty #339
RIP: 0010:ext4_write_info+0x53/0x1b0
[...]
Call Trace:
dquot_writeback_dquots+0x341/0x9a0
ext4_sync_fs+0x19e/0x800
__sync_filesystem+0x83/0x100
sync_filesystem+0x89/0xf0
generic_shutdown_super+0x79/0x3e0
kill_block_super+0xa1/0x110
deactivate_locked_super+0xac/0x130
deactivate_super+0xb6/0xd0
cleanup_mnt+0x289/0x400
__cleanup_mnt+0x16/0x20
task_work_run+0x11c/0x1c0
exit_to_user_mode_prepare+0x203/0x210
syscall_exit_to_user_mode+0x5b/0x3a0
do_syscall_64+0x59/0x70
entry_SYSCALL_64_after_hwframe+0x44/0xa9
==================================================================
Above issue may happen as follows:
-------------------------------------
exit_to_user_mode_prepare
task_work_run
__cleanup_mnt
cleanup_mnt
deactivate_super
deactivate_locked_super
kill_block_super
generic_shutdown_super
shrink_dcache_for_umount
dentry = sb->s_root
sb->s_root = NULL <--- Here set NULL
sync_filesystem
__sync_filesystem
sb->s_op->sync_fs > ext4_sync_fs
dquot_writeback_dquots
sb->dq_op->write_info > ext4_write_info
ext4_journal_start(d_inode(sb->s_root), EXT4_HT_QUOTA, 2)
d_inode(sb->s_root)
s_root->d_inode <--- Null pointer dereference
To solve this problem, we use ext4_journal_start_sb directly
to avoid s_root being used.
Cc: stable@kernel.org
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220805123947.565152-1-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/super.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -6273,7 +6273,7 @@ static int ext4_write_info(struct super_
handle_t *handle;
/* Data block + inode block */
- handle = ext4_journal_start(d_inode(sb->s_root), EXT4_HT_QUOTA, 2);
+ handle = ext4_journal_start_sb(sb, EXT4_HT_QUOTA, 2);
if (IS_ERR(handle))
return PTR_ERR(handle);
ret = dquot_commit_info(sb, type);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 062/390] ext4: make ext4_lazyinit_thread freezable
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 061/390] ext4: fix null-ptr-deref in ext4_write_info Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 063/390] ext4: fix check for block being out of directory size Greg Kroah-Hartman
` (333 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Lalith Rajendran, Theodore Tso
From: Lalith Rajendran <lalithkraj@google.com>
commit 3b575495ab8dbb4dbe85b4ac7f991693c3668ff5 upstream.
ext4_lazyinit_thread is not set freezable. Hence when the thread calls
try_to_freeze it doesn't freeze during suspend and continues to send
requests to the storage during suspend, resulting in suspend failures.
Cc: stable@kernel.org
Signed-off-by: Lalith Rajendran <lalithkraj@google.com>
Link: https://lore.kernel.org/r/20220818214049.1519544-1-lalithkraj@google.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/super.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -3550,6 +3550,7 @@ static int ext4_lazyinit_thread(void *ar
unsigned long next_wakeup, cur;
BUG_ON(NULL == eli);
+ set_freezable();
cont_thread:
while (true) {
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 063/390] ext4: fix check for block being out of directory size
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 062/390] ext4: make ext4_lazyinit_thread freezable Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 064/390] ext4: dont increase iversion counter for ea_inodes Greg Kroah-Hartman
` (332 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jan Kara, Lukas Czerner, Theodore Tso
From: Jan Kara <jack@suse.cz>
commit 61a1d87a324ad5e3ed27c6699dfc93218fcf3201 upstream.
The check in __ext4_read_dirblock() for block being outside of directory
size was wrong because it compared block number against directory size
in bytes. Fix it.
Fixes: 65f8ea4cd57d ("ext4: check if directory block is within i_size")
CVE: CVE-2022-1184
CC: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Link: https://lore.kernel.org/r/20220822114832.1482-1-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/namei.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -125,7 +125,7 @@ static struct buffer_head *__ext4_read_d
struct ext4_dir_entry *dirent;
int is_dx_block = 0;
- if (block >= inode->i_size) {
+ if (block >= inode->i_size >> inode->i_blkbits) {
ext4_error_inode(inode, func, line, block,
"Attempting to read directory block (%u) that is past i_size (%llu)",
block, inode->i_size);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 064/390] ext4: dont increase iversion counter for ea_inodes
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 063/390] ext4: fix check for block being out of directory size Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 065/390] ext4: ext4_read_bh_lock() should submit IO if the buffer isnt uptodate Greg Kroah-Hartman
` (331 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Lukas Czerner, Jan Kara,
Jeff Layton, Christian Brauner (Microsoft),
Theodore Tso
From: Lukas Czerner <lczerner@redhat.com>
commit 50f094a5580e6297bf10a807d16f0ee23fa576cf upstream.
ea_inodes are using i_version for storing part of the reference count so
we really need to leave it alone.
The problem can be reproduced by xfstest ext4/026 when iversion is
enabled. Fix it by not calling inode_inc_iversion() for EXT4_EA_INODE_FL
inodes in ext4_mark_iloc_dirty().
Cc: stable@kernel.org
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Link: https://lore.kernel.org/r/20220824160349.39664-1-lczerner@redhat.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/inode.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -5769,7 +5769,12 @@ int ext4_mark_iloc_dirty(handle_t *handl
}
ext4_fc_track_inode(handle, inode);
- if (IS_I_VERSION(inode))
+ /*
+ * ea_inodes are using i_version for storing reference count, don't
+ * mess with it
+ */
+ if (IS_I_VERSION(inode) &&
+ !(EXT4_I(inode)->i_flags & EXT4_EA_INODE_FL))
inode_inc_iversion(inode);
/* the do_update_inode consumes one bh->b_count */
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 065/390] ext4: ext4_read_bh_lock() should submit IO if the buffer isnt uptodate
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 064/390] ext4: dont increase iversion counter for ea_inodes Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 066/390] ext4: place buffer head allocation before handle start Greg Kroah-Hartman
` (330 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Zhang Yi, Jan Kara, Theodore Tso
From: Zhang Yi <yi.zhang@huawei.com>
commit 0b73284c564d3ae4feef4bc920292f004acf4980 upstream.
Recently we notice that ext4 filesystem would occasionally fail to read
metadata from disk and report error message, but the disk and block
layer looks fine. After analyse, we lockon commit 88dbcbb3a484
("blkdev: avoid migration stalls for blkdev pages"). It provide a
migration method for the bdev, we could move page that has buffers
without extra users now, but it lock the buffers on the page, which
breaks the fragile metadata read operation on ext4 filesystem,
ext4_read_bh_lock() was copied from ll_rw_block(), it depends on the
assumption of that locked buffer means it is under IO. So it just
trylock the buffer and skip submit IO if it lock failed, after
wait_on_buffer() we conclude IO error because the buffer is not
uptodate.
This issue could be easily reproduced by add some delay just after
buffer_migrate_lock_buffers() in __buffer_migrate_folio() and do
fsstress on ext4 filesystem.
EXT4-fs error (device pmem1): __ext4_find_entry:1658: inode #73193:
comm fsstress: reading directory lblock 0
EXT4-fs error (device pmem1): __ext4_find_entry:1658: inode #75334:
comm fsstress: reading directory lblock 0
Fix it by removing the trylock logic in ext4_read_bh_lock(), just lock
the buffer and submit IO if it's not uptodate, and also leave over
readahead helper.
Cc: stable@kernel.org
Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220831074629.3755110-1-yi.zhang@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/super.c | 16 +++++-----------
1 file changed, 5 insertions(+), 11 deletions(-)
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -188,19 +188,12 @@ int ext4_read_bh(struct buffer_head *bh,
int ext4_read_bh_lock(struct buffer_head *bh, int op_flags, bool wait)
{
- if (trylock_buffer(bh)) {
- if (wait)
- return ext4_read_bh(bh, op_flags, NULL);
+ lock_buffer(bh);
+ if (!wait) {
ext4_read_bh_nowait(bh, op_flags, NULL);
return 0;
}
- if (wait) {
- wait_on_buffer(bh);
- if (buffer_uptodate(bh))
- return 0;
- return -EIO;
- }
- return 0;
+ return ext4_read_bh(bh, op_flags, NULL);
}
/*
@@ -247,7 +240,8 @@ void ext4_sb_breadahead_unmovable(struct
struct buffer_head *bh = sb_getblk_gfp(sb, block, 0);
if (likely(bh)) {
- ext4_read_bh_lock(bh, REQ_RAHEAD, false);
+ if (trylock_buffer(bh))
+ ext4_read_bh_nowait(bh, REQ_RAHEAD, NULL);
brelse(bh);
}
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 066/390] ext4: place buffer head allocation before handle start
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 065/390] ext4: ext4_read_bh_lock() should submit IO if the buffer isnt uptodate Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 067/390] ext4: fix miss release buffer head in ext4_fc_write_inode Greg Kroah-Hartman
` (329 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, stable, Jinke Han, Theodore Tso
From: Jinke Han <hanjinke.666@bytedance.com>
commit d1052d236eddf6aa851434db1897b942e8db9921 upstream.
In our product environment, we encounter some jbd hung waiting handles to
stop while several writters were doing memory reclaim for buffer head
allocation in delay alloc write path. Ext4 do buffer head allocation with
holding transaction handle which may be blocked too long if the reclaim
works not so smooth. According to our bcc trace, the reclaim time in
buffer head allocation can reach 258s and the jbd transaction commit also
take almost the same time meanwhile. Except for these extreme cases,
we often see several seconds delays for cgroup memory reclaim on our
servers. This is more likely to happen considering docker environment.
One thing to note, the allocation of buffer heads is as often as page
allocation or more often when blocksize less than page size. Just like
page cache allocation, we should also place the buffer head allocation
before startting the handle.
Cc: stable@kernel.org
Signed-off-by: Jinke Han <hanjinke.666@bytedance.com>
Link: https://lore.kernel.org/r/20220903012429.22555-1-hanjinke.666@bytedance.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/inode.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -1175,6 +1175,13 @@ retry_grab:
page = grab_cache_page_write_begin(mapping, index, flags);
if (!page)
return -ENOMEM;
+ /*
+ * The same as page allocation, we prealloc buffer heads before
+ * starting the handle.
+ */
+ if (!page_has_buffers(page))
+ create_empty_buffers(page, inode->i_sb->s_blocksize, 0);
+
unlock_page(page);
retry_journal:
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 067/390] ext4: fix miss release buffer head in ext4_fc_write_inode
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 066/390] ext4: place buffer head allocation before handle start Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 068/390] ext4: fix potential memory leak in ext4_fc_record_modified_inode() Greg Kroah-Hartman
` (328 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Ye Bin, Jan Kara, Theodore Tso
From: Ye Bin <yebin10@huawei.com>
commit ccbf8eeb39f2ff00b54726a2b20b35d788c4ecb5 upstream.
In 'ext4_fc_write_inode' function first call 'ext4_get_inode_loc' get 'iloc',
after use it miss release 'iloc.bh'.
So just release 'iloc.bh' before 'ext4_fc_write_inode' return.
Cc: stable@kernel.org
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220914100859.1415196-1-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/fast_commit.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
--- a/fs/ext4/fast_commit.c
+++ b/fs/ext4/fast_commit.c
@@ -766,22 +766,25 @@ static int ext4_fc_write_inode(struct in
tl.fc_tag = cpu_to_le16(EXT4_FC_TAG_INODE);
tl.fc_len = cpu_to_le16(inode_len + sizeof(fc_inode.fc_ino));
+ ret = -ECANCELED;
dst = ext4_fc_reserve_space(inode->i_sb,
sizeof(tl) + inode_len + sizeof(fc_inode.fc_ino), crc);
if (!dst)
- return -ECANCELED;
+ goto err;
if (!ext4_fc_memcpy(inode->i_sb, dst, &tl, sizeof(tl), crc))
- return -ECANCELED;
+ goto err;
dst += sizeof(tl);
if (!ext4_fc_memcpy(inode->i_sb, dst, &fc_inode, sizeof(fc_inode), crc))
- return -ECANCELED;
+ goto err;
dst += sizeof(fc_inode);
if (!ext4_fc_memcpy(inode->i_sb, dst, (u8 *)ext4_raw_inode(&iloc),
inode_len, crc))
- return -ECANCELED;
-
- return 0;
+ goto err;
+ ret = 0;
+err:
+ brelse(iloc.bh);
+ return ret;
}
/*
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 068/390] ext4: fix potential memory leak in ext4_fc_record_modified_inode()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 067/390] ext4: fix miss release buffer head in ext4_fc_write_inode Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 069/390] ext4: fix potential memory leak in ext4_fc_record_regions() Greg Kroah-Hartman
` (327 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Ye Bin, Jan Kara, Theodore Tso
From: Ye Bin <yebin10@huawei.com>
commit 9305721a309fa1bd7c194e0d4a2335bf3b29dca4 upstream.
As krealloc may return NULL, in this case 'state->fc_modified_inodes'
may not be freed by krealloc, but 'state->fc_modified_inodes' already
set NULL. Then will lead to 'state->fc_modified_inodes' memory leak.
Cc: stable@kernel.org
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220921064040.3693255-2-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/fast_commit.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/fs/ext4/fast_commit.c
+++ b/fs/ext4/fast_commit.c
@@ -1391,13 +1391,15 @@ static int ext4_fc_record_modified_inode
if (state->fc_modified_inodes[i] == ino)
return 0;
if (state->fc_modified_inodes_used == state->fc_modified_inodes_size) {
- state->fc_modified_inodes = krealloc(
- state->fc_modified_inodes,
+ int *fc_modified_inodes;
+
+ fc_modified_inodes = krealloc(state->fc_modified_inodes,
sizeof(int) * (state->fc_modified_inodes_size +
EXT4_FC_REPLAY_REALLOC_INCREMENT),
GFP_KERNEL);
- if (!state->fc_modified_inodes)
+ if (!fc_modified_inodes)
return -ENOMEM;
+ state->fc_modified_inodes = fc_modified_inodes;
state->fc_modified_inodes_size +=
EXT4_FC_REPLAY_REALLOC_INCREMENT;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 069/390] ext4: fix potential memory leak in ext4_fc_record_regions()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 068/390] ext4: fix potential memory leak in ext4_fc_record_modified_inode() Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 070/390] ext4: update state->fc_regions_size after successful memory allocation Greg Kroah-Hartman
` (326 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Ye Bin, Jan Kara, Theodore Tso
From: Ye Bin <yebin10@huawei.com>
commit 7069d105c1f15c442b68af43f7fde784f3126739 upstream.
As krealloc may return NULL, in this case 'state->fc_regions' may not be
freed by krealloc, but 'state->fc_regions' already set NULL. Then will
lead to 'state->fc_regions' memory leak.
Cc: stable@kernel.org
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220921064040.3693255-3-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/fast_commit.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
--- a/fs/ext4/fast_commit.c
+++ b/fs/ext4/fast_commit.c
@@ -1584,15 +1584,17 @@ int ext4_fc_record_regions(struct super_
if (replay && state->fc_regions_used != state->fc_regions_valid)
state->fc_regions_used = state->fc_regions_valid;
if (state->fc_regions_used == state->fc_regions_size) {
+ struct ext4_fc_alloc_region *fc_regions;
+
state->fc_regions_size +=
EXT4_FC_REPLAY_REALLOC_INCREMENT;
- state->fc_regions = krealloc(
- state->fc_regions,
- state->fc_regions_size *
- sizeof(struct ext4_fc_alloc_region),
- GFP_KERNEL);
- if (!state->fc_regions)
+ fc_regions = krealloc(state->fc_regions,
+ state->fc_regions_size *
+ sizeof(struct ext4_fc_alloc_region),
+ GFP_KERNEL);
+ if (!fc_regions)
return -ENOMEM;
+ state->fc_regions = fc_regions;
}
region = &state->fc_regions[state->fc_regions_used++];
region->ino = ino;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 070/390] ext4: update state->fc_regions_size after successful memory allocation
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 069/390] ext4: fix potential memory leak in ext4_fc_record_regions() Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 071/390] livepatch: fix race between fork and KLP transition Greg Kroah-Hartman
` (325 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Ye Bin, Jan Kara, Theodore Tso
From: Ye Bin <yebin10@huawei.com>
commit 27cd49780381c6ccbf248798e5e8fd076200ffba upstream.
To avoid to 'state->fc_regions_size' mismatch with 'state->fc_regions'
when fail to reallocate 'fc_reqions',only update 'state->fc_regions_size'
after 'state->fc_regions' is allocated successfully.
Cc: stable@kernel.org
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220921064040.3693255-4-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/fast_commit.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
--- a/fs/ext4/fast_commit.c
+++ b/fs/ext4/fast_commit.c
@@ -1586,14 +1586,15 @@ int ext4_fc_record_regions(struct super_
if (state->fc_regions_used == state->fc_regions_size) {
struct ext4_fc_alloc_region *fc_regions;
- state->fc_regions_size +=
- EXT4_FC_REPLAY_REALLOC_INCREMENT;
fc_regions = krealloc(state->fc_regions,
- state->fc_regions_size *
- sizeof(struct ext4_fc_alloc_region),
+ sizeof(struct ext4_fc_alloc_region) *
+ (state->fc_regions_size +
+ EXT4_FC_REPLAY_REALLOC_INCREMENT),
GFP_KERNEL);
if (!fc_regions)
return -ENOMEM;
+ state->fc_regions_size +=
+ EXT4_FC_REPLAY_REALLOC_INCREMENT;
state->fc_regions = fc_regions;
}
region = &state->fc_regions[state->fc_regions_used++];
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 071/390] livepatch: fix race between fork and KLP transition
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 070/390] ext4: update state->fc_regions_size after successful memory allocation Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 072/390] ftrace: Properly unset FTRACE_HASH_FL_MOD Greg Kroah-Hartman
` (324 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rik van Riel, Breno Leitao,
Petr Mladek, Josh Poimboeuf, stable
From: Rik van Riel <riel@surriel.com>
commit 747f7a2901174c9afa805dddfb7b24db6f65e985 upstream.
The KLP transition code depends on the TIF_PATCH_PENDING and
the task->patch_state to stay in sync. On a normal (forward)
transition, TIF_PATCH_PENDING will be set on every task in
the system, while on a reverse transition (after a failed
forward one) first TIF_PATCH_PENDING will be cleared from
every task, followed by it being set on tasks that need to
be transitioned back to the original code.
However, the fork code copies over the TIF_PATCH_PENDING flag
from the parent to the child early on, in dup_task_struct and
setup_thread_stack. Much later, klp_copy_process will set
child->patch_state to match that of the parent.
However, the parent's patch_state may have been changed by KLP loading
or unloading since it was initially copied over into the child.
This results in the KLP code occasionally hitting this warning in
klp_complete_transition:
for_each_process_thread(g, task) {
WARN_ON_ONCE(test_tsk_thread_flag(task, TIF_PATCH_PENDING));
task->patch_state = KLP_UNDEFINED;
}
Set, or clear, the TIF_PATCH_PENDING flag in the child task
depending on whether or not it is needed at the time
klp_copy_process is called, at a point in copy_process where the
tasklist_lock is held exclusively, preventing races with the KLP
code.
The KLP code does have a few places where the state is changed
without the tasklist_lock held, but those should not cause
problems because klp_update_patch_state(current) cannot be
called while the current task is in the middle of fork,
klp_check_and_switch_task() which is called under the pi_lock,
which prevents rescheduling, and manipulation of the patch
state of idle tasks, which do not fork.
This should prevent this warning from triggering again in the
future, and close the race for both normal and reverse transitions.
Signed-off-by: Rik van Riel <riel@surriel.com>
Reported-by: Breno Leitao <leitao@debian.org>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
Fixes: d83a7cb375ee ("livepatch: change to a per-task consistency model")
Cc: stable@kernel.org
Signed-off-by: Petr Mladek <pmladek@suse.com>
Link: https://lore.kernel.org/r/20220808150019.03d6a67b@imladris.surriel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/livepatch/transition.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
--- a/kernel/livepatch/transition.c
+++ b/kernel/livepatch/transition.c
@@ -611,9 +611,23 @@ void klp_reverse_transition(void)
/* Called from copy_process() during fork */
void klp_copy_process(struct task_struct *child)
{
- child->patch_state = current->patch_state;
- /* TIF_PATCH_PENDING gets copied in setup_thread_stack() */
+ /*
+ * The parent process may have gone through a KLP transition since
+ * the thread flag was copied in setup_thread_stack earlier. Bring
+ * the task flag up to date with the parent here.
+ *
+ * The operation is serialized against all klp_*_transition()
+ * operations by the tasklist_lock. The only exception is
+ * klp_update_patch_state(current), but we cannot race with
+ * that because we are current.
+ */
+ if (test_tsk_thread_flag(current, TIF_PATCH_PENDING))
+ set_tsk_thread_flag(child, TIF_PATCH_PENDING);
+ else
+ clear_tsk_thread_flag(child, TIF_PATCH_PENDING);
+
+ child->patch_state = current->patch_state;
}
/*
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 072/390] ftrace: Properly unset FTRACE_HASH_FL_MOD
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 071/390] livepatch: fix race between fork and KLP transition Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 073/390] ring-buffer: Allow splice to read previous partially read pages Greg Kroah-Hartman
` (323 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, mingo, Zheng Yejian, Steven Rostedt (Google)
From: Zheng Yejian <zhengyejian1@huawei.com>
commit 0ce0638edf5ec83343302b884fa208179580700a upstream.
When executing following commands like what document said, but the log
"#### all functions enabled ####" was not shown as expect:
1. Set a 'mod' filter:
$ echo 'write*:mod:ext3' > /sys/kernel/tracing/set_ftrace_filter
2. Invert above filter:
$ echo '!write*:mod:ext3' >> /sys/kernel/tracing/set_ftrace_filter
3. Read the file:
$ cat /sys/kernel/tracing/set_ftrace_filter
By some debugging, I found that flag FTRACE_HASH_FL_MOD was not unset
after inversion like above step 2 and then result of ftrace_hash_empty()
is incorrect.
Link: https://lkml.kernel.org/r/20220926152008.2239274-1-zhengyejian1@huawei.com
Cc: <mingo@redhat.com>
Cc: stable@vger.kernel.org
Fixes: 8c08f0d5c6fb ("ftrace: Have cached module filters be an active filter")
Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/ftrace.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -5662,8 +5662,12 @@ int ftrace_regex_release(struct inode *i
if (filter_hash) {
orig_hash = &iter->ops->func_hash->filter_hash;
- if (iter->tr && !list_empty(&iter->tr->mod_trace))
- iter->hash->flags |= FTRACE_HASH_FL_MOD;
+ if (iter->tr) {
+ if (list_empty(&iter->tr->mod_trace))
+ iter->hash->flags &= ~FTRACE_HASH_FL_MOD;
+ else
+ iter->hash->flags |= FTRACE_HASH_FL_MOD;
+ }
} else
orig_hash = &iter->ops->func_hash->notrace_hash;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 073/390] ring-buffer: Allow splice to read previous partially read pages
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 072/390] ftrace: Properly unset FTRACE_HASH_FL_MOD Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 074/390] ring-buffer: Have the shortest_full queue be the shortest not longest Greg Kroah-Hartman
` (322 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Steven Rostedt (Google)
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit fa8f4a89736b654125fb254b0db753ac68a5fced upstream.
If a page is partially read, and then the splice system call is run
against the ring buffer, it will always fail to read, no matter how much
is in the ring buffer. That's because the code path for a partial read of
the page does will fail if the "full" flag is set.
The splice system call wants full pages, so if the read of the ring buffer
is not yet full, it should return zero, and the splice will block. But if
a previous read was done, where the beginning has been consumed, it should
still be given to the splice caller if the rest of the page has been
written to.
This caused the splice command to never consume data in this scenario, and
let the ring buffer just fill up and lose events.
Link: https://lkml.kernel.org/r/20220927144317.46be6b80@gandalf.local.home
Cc: stable@vger.kernel.org
Fixes: 8789a9e7df6bf ("ring-buffer: read page interface")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/ring_buffer.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -5341,7 +5341,15 @@ int ring_buffer_read_page(struct trace_b
unsigned int pos = 0;
unsigned int size;
- if (full)
+ /*
+ * If a full page is expected, this can still be returned
+ * if there's been a previous partial read and the
+ * rest of the page can be read and the commit page is off
+ * the reader page.
+ */
+ if (full &&
+ (!read || (len < (commit - read)) ||
+ cpu_buffer->reader_page == cpu_buffer->commit_page))
goto out_unlock;
if (len > (commit - read))
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 074/390] ring-buffer: Have the shortest_full queue be the shortest not longest
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 073/390] ring-buffer: Allow splice to read previous partially read pages Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 075/390] ring-buffer: Check pending waiters when doing wake ups as well Greg Kroah-Hartman
` (321 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ingo Molnar, Andrew Morton,
Steven Rostedt (Google)
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit 3b19d614b61b93a131f463817e08219c9ce1fee3 upstream.
The logic to know when the shortest waiters on the ring buffer should be
woken up or not has uses a less than instead of a greater than compare,
which causes the shortest_full to actually be the longest.
Link: https://lkml.kernel.org/r/20220927231823.718039222@goodmis.org
Cc: stable@vger.kernel.org
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Fixes: 2c2b0a78b3739 ("ring-buffer: Add percentage of ring buffer full to wake up reader")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/ring_buffer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -888,7 +888,7 @@ int ring_buffer_wait(struct trace_buffer
nr_pages = cpu_buffer->nr_pages;
dirty = ring_buffer_nr_dirty_pages(buffer, cpu);
if (!cpu_buffer->shortest_full ||
- cpu_buffer->shortest_full < full)
+ cpu_buffer->shortest_full > full)
cpu_buffer->shortest_full = full;
raw_spin_unlock_irqrestore(&cpu_buffer->reader_lock, flags);
if (!pagebusy &&
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 075/390] ring-buffer: Check pending waiters when doing wake ups as well
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 074/390] ring-buffer: Have the shortest_full queue be the shortest not longest Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 076/390] ring-buffer: Add ring_buffer_wake_waiters() Greg Kroah-Hartman
` (320 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ingo Molnar, Andrew Morton,
Steven Rostedt (Google)
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit ec0bbc5ec5664dcee344f79373852117dc672c86 upstream.
The wake up waiters only checks the "wakeup_full" variable and not the
"full_waiters_pending". The full_waiters_pending is set when a waiter is
added to the wait queue. The wakeup_full is only set when an event is
triggered, and it clears the full_waiters_pending to avoid multiple calls
to irq_work_queue().
The irq_work callback really needs to check both wakeup_full as well as
full_waiters_pending such that this code can be used to wake up waiters
when a file is closed that represents the ring buffer and the waiters need
to be woken up.
Link: https://lkml.kernel.org/r/20220927231824.209460321@goodmis.org
Cc: stable@vger.kernel.org
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Fixes: 15693458c4bc0 ("tracing/ring-buffer: Move poll wake ups into ring buffer code")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/ring_buffer.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -794,8 +794,9 @@ static void rb_wake_up_waiters(struct ir
struct rb_irq_work *rbwork = container_of(work, struct rb_irq_work, work);
wake_up_all(&rbwork->waiters);
- if (rbwork->wakeup_full) {
+ if (rbwork->full_waiters_pending || rbwork->wakeup_full) {
rbwork->wakeup_full = false;
+ rbwork->full_waiters_pending = false;
wake_up_all(&rbwork->full_waiters);
}
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 076/390] ring-buffer: Add ring_buffer_wake_waiters()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 075/390] ring-buffer: Check pending waiters when doing wake ups as well Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 077/390] ring-buffer: Fix race between reset page and reading page Greg Kroah-Hartman
` (319 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ingo Molnar, Andrew Morton,
Steven Rostedt (Google)
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit 7e9fbbb1b776d8d7969551565bc246f74ec53b27 upstream.
On closing of a file that represents a ring buffer or flushing the file,
there may be waiters on the ring buffer that needs to be woken up and exit
the ring_buffer_wait() function.
Add ring_buffer_wake_waiters() to wake up the waiters on the ring buffer
and allow them to exit the wait loop.
Link: https://lkml.kernel.org/r/20220928133938.28dc2c27@gandalf.local.home
Cc: stable@vger.kernel.org
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Fixes: 15693458c4bc0 ("tracing/ring-buffer: Move poll wake ups into ring buffer code")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/ring_buffer.h | 2 +-
kernel/trace/ring_buffer.c | 39 +++++++++++++++++++++++++++++++++++++++
2 files changed, 40 insertions(+), 1 deletion(-)
--- a/include/linux/ring_buffer.h
+++ b/include/linux/ring_buffer.h
@@ -100,7 +100,7 @@ __ring_buffer_alloc(unsigned long size,
int ring_buffer_wait(struct trace_buffer *buffer, int cpu, int full);
__poll_t ring_buffer_poll_wait(struct trace_buffer *buffer, int cpu,
struct file *filp, poll_table *poll_table);
-
+void ring_buffer_wake_waiters(struct trace_buffer *buffer, int cpu);
#define RING_BUFFER_ALL_CPUS -1
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -414,6 +414,7 @@ struct rb_irq_work {
struct irq_work work;
wait_queue_head_t waiters;
wait_queue_head_t full_waiters;
+ long wait_index;
bool waiters_pending;
bool full_waiters_pending;
bool wakeup_full;
@@ -802,6 +803,37 @@ static void rb_wake_up_waiters(struct ir
}
/**
+ * ring_buffer_wake_waiters - wake up any waiters on this ring buffer
+ * @buffer: The ring buffer to wake waiters on
+ *
+ * In the case of a file that represents a ring buffer is closing,
+ * it is prudent to wake up any waiters that are on this.
+ */
+void ring_buffer_wake_waiters(struct trace_buffer *buffer, int cpu)
+{
+ struct ring_buffer_per_cpu *cpu_buffer;
+ struct rb_irq_work *rbwork;
+
+ if (cpu == RING_BUFFER_ALL_CPUS) {
+
+ /* Wake up individual ones too. One level recursion */
+ for_each_buffer_cpu(buffer, cpu)
+ ring_buffer_wake_waiters(buffer, cpu);
+
+ rbwork = &buffer->irq_work;
+ } else {
+ cpu_buffer = buffer->buffers[cpu];
+ rbwork = &cpu_buffer->irq_work;
+ }
+
+ rbwork->wait_index++;
+ /* make sure the waiters see the new index */
+ smp_wmb();
+
+ rb_wake_up_waiters(&rbwork->work);
+}
+
+/**
* ring_buffer_wait - wait for input to the ring buffer
* @buffer: buffer to wait on
* @cpu: the cpu buffer to wait on
@@ -816,6 +848,7 @@ int ring_buffer_wait(struct trace_buffer
struct ring_buffer_per_cpu *cpu_buffer;
DEFINE_WAIT(wait);
struct rb_irq_work *work;
+ long wait_index;
int ret = 0;
/*
@@ -834,6 +867,7 @@ int ring_buffer_wait(struct trace_buffer
work = &cpu_buffer->irq_work;
}
+ wait_index = READ_ONCE(work->wait_index);
while (true) {
if (full)
@@ -898,6 +932,11 @@ int ring_buffer_wait(struct trace_buffer
}
schedule();
+
+ /* Make sure to see the new wait index */
+ smp_rmb();
+ if (wait_index != work->wait_index)
+ break;
}
if (full)
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 077/390] ring-buffer: Fix race between reset page and reading page
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 076/390] ring-buffer: Add ring_buffer_wake_waiters() Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 078/390] tracing: Disable interrupt or preemption before acquiring arch_spinlock_t Greg Kroah-Hartman
` (318 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ingo Molnar, Andrew Morton, Jiazi.Li,
Steven Rostedt (Google)
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit a0fcaaed0c46cf9399d3a2d6e0c87ddb3df0e044 upstream.
The ring buffer is broken up into sub buffers (currently of page size).
Each sub buffer has a pointer to its "tail" (the last event written to the
sub buffer). When a new event is requested, the tail is locally
incremented to cover the size of the new event. This is done in a way that
there is no need for locking.
If the tail goes past the end of the sub buffer, the process of moving to
the next sub buffer takes place. After setting the current sub buffer to
the next one, the previous one that had the tail go passed the end of the
sub buffer needs to be reset back to the original tail location (before
the new event was requested) and the rest of the sub buffer needs to be
"padded".
The race happens when a reader takes control of the sub buffer. As readers
do a "swap" of sub buffers from the ring buffer to get exclusive access to
the sub buffer, it replaces the "head" sub buffer with an empty sub buffer
that goes back into the writable portion of the ring buffer. This swap can
happen as soon as the writer moves to the next sub buffer and before it
updates the last sub buffer with padding.
Because the sub buffer can be released to the reader while the writer is
still updating the padding, it is possible for the reader to see the event
that goes past the end of the sub buffer. This can cause obvious issues.
To fix this, add a few memory barriers so that the reader definitely sees
the updates to the sub buffer, and also waits until the writer has put
back the "tail" of the sub buffer back to the last event that was written
on it.
To be paranoid, it will only spin for 1 second, otherwise it will
warn and shutdown the ring buffer code. 1 second should be enough as
the writer does have preemption disabled. If the writer doesn't move
within 1 second (with preemption disabled) something is horribly
wrong. No interrupt should last 1 second!
Link: https://lore.kernel.org/all/20220830120854.7545-1-jiazi.li@transsion.com/
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216369
Link: https://lkml.kernel.org/r/20220929104909.0650a36c@gandalf.local.home
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: stable@vger.kernel.org
Fixes: c7b0930857e22 ("ring-buffer: prevent adding write in discarded area")
Reported-by: Jiazi.Li <jiazi.li@transsion.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/ring_buffer.c | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -2531,6 +2531,9 @@ rb_reset_tail(struct ring_buffer_per_cpu
/* Mark the rest of the page with padding */
rb_event_set_padding(event);
+ /* Make sure the padding is visible before the write update */
+ smp_wmb();
+
/* Set the write back to the previous setting */
local_sub(length, &tail_page->write);
return;
@@ -2542,6 +2545,9 @@ rb_reset_tail(struct ring_buffer_per_cpu
/* time delta must be non zero */
event->time_delta = 1;
+ /* Make sure the padding is visible before the tail_page->write update */
+ smp_wmb();
+
/* Set write to end of buffer */
length = (tail + length) - BUF_PAGE_SIZE;
local_sub(length, &tail_page->write);
@@ -4356,6 +4362,33 @@ rb_get_reader_page(struct ring_buffer_pe
arch_spin_unlock(&cpu_buffer->lock);
local_irq_restore(flags);
+ /*
+ * The writer has preempt disable, wait for it. But not forever
+ * Although, 1 second is pretty much "forever"
+ */
+#define USECS_WAIT 1000000
+ for (nr_loops = 0; nr_loops < USECS_WAIT; nr_loops++) {
+ /* If the write is past the end of page, a writer is still updating it */
+ if (likely(!reader || rb_page_write(reader) <= BUF_PAGE_SIZE))
+ break;
+
+ udelay(1);
+
+ /* Get the latest version of the reader write value */
+ smp_rmb();
+ }
+
+ /* The writer is not moving forward? Something is wrong */
+ if (RB_WARN_ON(cpu_buffer, nr_loops == USECS_WAIT))
+ reader = NULL;
+
+ /*
+ * Make sure we see any padding after the write update
+ * (see rb_reset_tail())
+ */
+ smp_rmb();
+
+
return reader;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 078/390] tracing: Disable interrupt or preemption before acquiring arch_spinlock_t
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 077/390] ring-buffer: Fix race between reset page and reading page Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 079/390] thunderbolt: Explicitly enable lane adapter hotplug events at startup Greg Kroah-Hartman
` (317 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Zijlstra, Ingo Molnar,
Will Deacon, Boqun Feng, Steven Rostedt, Waiman Long
From: Waiman Long <longman@redhat.com>
commit c0a581d7126c0bbc96163276f585fd7b4e4d8d0e upstream.
It was found that some tracing functions in kernel/trace/trace.c acquire
an arch_spinlock_t with preemption and irqs enabled. An example is the
tracing_saved_cmdlines_size_read() function which intermittently causes
a "BUG: using smp_processor_id() in preemptible" warning when the LTP
read_all_proc test is run.
That can be problematic in case preemption happens after acquiring the
lock. Add the necessary preemption or interrupt disabling code in the
appropriate places before acquiring an arch_spinlock_t.
The convention here is to disable preemption for trace_cmdline_lock and
interupt for max_lock.
Link: https://lkml.kernel.org/r/20220922145622.1744826-1-longman@redhat.com
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Will Deacon <will@kernel.org>
Cc: Boqun Feng <boqun.feng@gmail.com>
Cc: stable@vger.kernel.org
Fixes: a35873a0993b ("tracing: Add conditional snapshot")
Fixes: 939c7a4f04fc ("tracing: Introduce saved_cmdlines_size file")
Suggested-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace.c | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -1197,12 +1197,14 @@ void *tracing_cond_snapshot_data(struct
{
void *cond_data = NULL;
+ local_irq_disable();
arch_spin_lock(&tr->max_lock);
if (tr->cond_snapshot)
cond_data = tr->cond_snapshot->cond_data;
arch_spin_unlock(&tr->max_lock);
+ local_irq_enable();
return cond_data;
}
@@ -1338,9 +1340,11 @@ int tracing_snapshot_cond_enable(struct
goto fail_unlock;
}
+ local_irq_disable();
arch_spin_lock(&tr->max_lock);
tr->cond_snapshot = cond_snapshot;
arch_spin_unlock(&tr->max_lock);
+ local_irq_enable();
mutex_unlock(&trace_types_lock);
@@ -1367,6 +1371,7 @@ int tracing_snapshot_cond_disable(struct
{
int ret = 0;
+ local_irq_disable();
arch_spin_lock(&tr->max_lock);
if (!tr->cond_snapshot)
@@ -1377,6 +1382,7 @@ int tracing_snapshot_cond_disable(struct
}
arch_spin_unlock(&tr->max_lock);
+ local_irq_enable();
return ret;
}
@@ -2198,6 +2204,11 @@ static size_t tgid_map_max;
#define SAVED_CMDLINES_DEFAULT 128
#define NO_CMDLINE_MAP UINT_MAX
+/*
+ * Preemption must be disabled before acquiring trace_cmdline_lock.
+ * The various trace_arrays' max_lock must be acquired in a context
+ * where interrupt is disabled.
+ */
static arch_spinlock_t trace_cmdline_lock = __ARCH_SPIN_LOCK_UNLOCKED;
struct saved_cmdlines_buffer {
unsigned map_pid_to_cmdline[PID_MAX_DEFAULT+1];
@@ -2410,7 +2421,11 @@ static int trace_save_cmdline(struct tas
* the lock, but we also don't want to spin
* nor do we want to disable interrupts,
* so if we miss here, then better luck next time.
+ *
+ * This is called within the scheduler and wake up, so interrupts
+ * had better been disabled and run queue lock been held.
*/
+ lockdep_assert_preemption_disabled();
if (!arch_spin_trylock(&trace_cmdline_lock))
return 0;
@@ -5470,9 +5485,11 @@ tracing_saved_cmdlines_size_read(struct
char buf[64];
int r;
+ preempt_disable();
arch_spin_lock(&trace_cmdline_lock);
r = scnprintf(buf, sizeof(buf), "%u\n", savedcmd->cmdline_num);
arch_spin_unlock(&trace_cmdline_lock);
+ preempt_enable();
return simple_read_from_buffer(ubuf, cnt, ppos, buf, r);
}
@@ -5497,10 +5514,12 @@ static int tracing_resize_saved_cmdlines
return -ENOMEM;
}
+ preempt_disable();
arch_spin_lock(&trace_cmdline_lock);
savedcmd_temp = savedcmd;
savedcmd = s;
arch_spin_unlock(&trace_cmdline_lock);
+ preempt_enable();
free_saved_cmdlines_buffer(savedcmd_temp);
return 0;
@@ -5953,10 +5972,12 @@ int tracing_set_tracer(struct trace_arra
#ifdef CONFIG_TRACER_SNAPSHOT
if (t->use_max_tr) {
+ local_irq_disable();
arch_spin_lock(&tr->max_lock);
if (tr->cond_snapshot)
ret = -EBUSY;
arch_spin_unlock(&tr->max_lock);
+ local_irq_enable();
if (ret)
goto out;
}
@@ -7030,10 +7051,12 @@ tracing_snapshot_write(struct file *filp
goto out;
}
+ local_irq_disable();
arch_spin_lock(&tr->max_lock);
if (tr->cond_snapshot)
ret = -EBUSY;
arch_spin_unlock(&tr->max_lock);
+ local_irq_enable();
if (ret)
goto out;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 079/390] thunderbolt: Explicitly enable lane adapter hotplug events at startup
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 078/390] tracing: Disable interrupt or preemption before acquiring arch_spinlock_t Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 080/390] efi: libstub: drop pointless get_memory_map() call Greg Kroah-Hartman
` (316 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mario Limonciello, Mika Westerberg
From: Mario Limonciello <mario.limonciello@amd.com>
commit 5d2569cb4a65c373896ec0217febdf88739ed295 upstream.
Software that has run before the USB4 CM in Linux runs may have disabled
hotplug events for a given lane adapter.
Other CMs such as that one distributed with Windows 11 will enable hotplug
events. Do the same thing in the Linux CM which fixes hotplug events on
"AMD Pink Sardine".
Cc: stable@vger.kernel.org
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/thunderbolt/switch.c | 24 ++++++++++++++++++++++++
drivers/thunderbolt/tb.h | 1 +
drivers/thunderbolt/tb_regs.h | 1 +
drivers/thunderbolt/usb4.c | 20 ++++++++++++++++++++
4 files changed, 46 insertions(+)
--- a/drivers/thunderbolt/switch.c
+++ b/drivers/thunderbolt/switch.c
@@ -2413,6 +2413,26 @@ void tb_switch_unconfigure_link(struct t
tb_lc_unconfigure_port(down);
}
+static int tb_switch_port_hotplug_enable(struct tb_switch *sw)
+{
+ struct tb_port *port;
+
+ if (tb_switch_is_icm(sw))
+ return 0;
+
+ tb_switch_for_each_port(sw, port) {
+ int res;
+
+ if (!port->cap_usb4)
+ continue;
+
+ res = usb4_port_hotplug_enable(port);
+ if (res)
+ return res;
+ }
+ return 0;
+}
+
/**
* tb_switch_add() - Add a switch to the domain
* @sw: Switch to add
@@ -2480,6 +2500,10 @@ int tb_switch_add(struct tb_switch *sw)
return ret;
}
+ ret = tb_switch_port_hotplug_enable(sw);
+ if (ret)
+ return ret;
+
ret = device_add(&sw->dev);
if (ret) {
dev_err(&sw->dev, "failed to add device: %d\n", ret);
--- a/drivers/thunderbolt/tb.h
+++ b/drivers/thunderbolt/tb.h
@@ -979,6 +979,7 @@ struct tb_port *usb4_switch_map_usb3_dow
const struct tb_port *port);
int usb4_port_unlock(struct tb_port *port);
+int usb4_port_hotplug_enable(struct tb_port *port);
int usb4_port_configure(struct tb_port *port);
void usb4_port_unconfigure(struct tb_port *port);
int usb4_port_configure_xdomain(struct tb_port *port);
--- a/drivers/thunderbolt/tb_regs.h
+++ b/drivers/thunderbolt/tb_regs.h
@@ -285,6 +285,7 @@ struct tb_regs_port_header {
#define ADP_CS_5 0x05
#define ADP_CS_5_LCA_MASK GENMASK(28, 22)
#define ADP_CS_5_LCA_SHIFT 22
+#define ADP_CS_5_DHP BIT(31)
/* TMU adapter registers */
#define TMU_ADP_CS_3 0x03
--- a/drivers/thunderbolt/usb4.c
+++ b/drivers/thunderbolt/usb4.c
@@ -854,6 +854,26 @@ int usb4_port_unlock(struct tb_port *por
return tb_port_write(port, &val, TB_CFG_PORT, ADP_CS_4, 1);
}
+/**
+ * usb4_port_hotplug_enable() - Enables hotplug for a port
+ * @port: USB4 port to operate on
+ *
+ * Enables hot plug events on a given port. This is only intended
+ * to be used on lane, DP-IN, and DP-OUT adapters.
+ */
+int usb4_port_hotplug_enable(struct tb_port *port)
+{
+ int ret;
+ u32 val;
+
+ ret = tb_port_read(port, &val, TB_CFG_PORT, ADP_CS_5, 1);
+ if (ret)
+ return ret;
+
+ val &= ~ADP_CS_5_DHP;
+ return tb_port_write(port, &val, TB_CFG_PORT, ADP_CS_5, 1);
+}
+
static int usb4_port_set_configured(struct tb_port *port, bool configured)
{
int ret;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 080/390] efi: libstub: drop pointless get_memory_map() call
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 079/390] thunderbolt: Explicitly enable lane adapter hotplug events at startup Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 17:35 ` Pavel Machek
2022-10-24 11:27 ` [PATCH 5.10 081/390] media: cedrus: Set the platform driver data earlier Greg Kroah-Hartman
` (315 subsequent siblings)
395 siblings, 1 reply; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ard Biesheuvel
From: Ard Biesheuvel <ardb@kernel.org>
commit d80ca810f096ff66f451e7a3ed2f0cd9ef1ff519 upstream.
Currently, the non-x86 stub code calls get_memory_map() redundantly,
given that the data it returns is never used anywhere. So drop the call.
Cc: <stable@vger.kernel.org> # v4.14+
Fixes: 24d7c494ce46 ("efi/arm-stub: Round up FDT allocation to mapping size")
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/firmware/efi/libstub/fdt.c | 8 --------
1 file changed, 8 deletions(-)
--- a/drivers/firmware/efi/libstub/fdt.c
+++ b/drivers/firmware/efi/libstub/fdt.c
@@ -281,14 +281,6 @@ efi_status_t allocate_new_fdt_and_exit_b
goto fail;
}
- /*
- * Now that we have done our final memory allocation (and free)
- * we can get the memory map key needed for exit_boot_services().
- */
- status = efi_get_memory_map(&map);
- if (status != EFI_SUCCESS)
- goto fail_free_new_fdt;
-
status = update_fdt((void *)fdt_addr, fdt_size,
(void *)*new_fdt_addr, MAX_FDT_SIZE, cmdline_ptr,
initrd_addr, initrd_size);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 081/390] media: cedrus: Set the platform driver data earlier
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 080/390] efi: libstub: drop pointless get_memory_map() call Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 082/390] KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility Greg Kroah-Hartman
` (314 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Osipenko, Nicolas Dufresne,
Samuel Holland, Paul Kocialkowski, Hans Verkuil,
Mauro Carvalho Chehab
From: Dmitry Osipenko <dmitry.osipenko@collabora.com>
commit 708938f8495147fe2e77a9a3e1015d8e6899323e upstream.
The cedrus_hw_resume() crashes with NULL deference on driver probe if
runtime PM is disabled because it uses platform data that hasn't been
set up yet. Fix this by setting the platform data earlier during probe.
Cc: stable@vger.kernel.org
Fixes: 50e761516f2b (media: platform: Add Cedrus VPU decoder driver)
Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Reviewed-by: Samuel Holland <samuel@sholland.org>
Acked-by: Paul Kocialkowski <paul.kocialkowski@bootlin.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/media/sunxi/cedrus/cedrus.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/staging/media/sunxi/cedrus/cedrus.c
+++ b/drivers/staging/media/sunxi/cedrus/cedrus.c
@@ -399,6 +399,8 @@ static int cedrus_probe(struct platform_
if (!dev)
return -ENOMEM;
+ platform_set_drvdata(pdev, dev);
+
dev->vfd = cedrus_video_device;
dev->dev = &pdev->dev;
dev->pdev = pdev;
@@ -469,8 +471,6 @@ static int cedrus_probe(struct platform_
goto err_m2m_mc;
}
- platform_set_drvdata(pdev, dev);
-
return 0;
err_m2m_mc:
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 082/390] KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 081/390] media: cedrus: Set the platform driver data earlier Greg Kroah-Hartman
@ 2022-10-24 11:27 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 083/390] KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" Greg Kroah-Hartman
` (313 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michal Luczaj, Sean Christopherson
From: Michal Luczaj <mhal@rbox.co>
commit 6aa5c47c351b22c21205c87977c84809cd015fcf upstream.
The emulator checks the wrong variable while setting the CPU
interruptibility state, the target segment is embedded in the instruction
opcode, not the ModR/M register. Fix the condition.
Signed-off-by: Michal Luczaj <mhal@rbox.co>
Fixes: a5457e7bcf9a ("KVM: emulate: POP SS triggers a MOV SS shadow too")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/all/20220821215900.1419215-1-mhal@rbox.co
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/emulate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -2039,7 +2039,7 @@ static int em_pop_sreg(struct x86_emulat
if (rc != X86EMUL_CONTINUE)
return rc;
- if (ctxt->modrm_reg == VCPU_SREG_SS)
+ if (seg == VCPU_SREG_SS)
ctxt->interruptibility = KVM_X86_SHADOW_INT_MOV_SS;
if (ctxt->op_bytes > 2)
rsp_increment(ctxt, ctxt->op_bytes - 2);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 083/390] KVM: nVMX: Unconditionally purge queued/injected events on nested "exit"
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2022-10-24 11:27 ` [PATCH 5.10 082/390] KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 084/390] KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS Greg Kroah-Hartman
` (312 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sean Christopherson, Jim Mattson,
Maxim Levitsky, Paolo Bonzini
From: Sean Christopherson <seanjc@google.com>
commit d953540430c5af57f5de97ea9e36253908204027 upstream.
Drop pending exceptions and events queued for re-injection when leaving
nested guest mode, even if the "exit" is due to VM-Fail, SMI, or forced
by host userspace. Failure to purge events could result in an event
belonging to L2 being injected into L1.
This _should_ never happen for VM-Fail as all events should be blocked by
nested_run_pending, but it's possible if KVM, not the L1 hypervisor, is
the source of VM-Fail when running vmcs02.
SMI is a nop (barring unknown bugs) as recognition of SMI and thus entry
to SMM is blocked by pending exceptions and re-injected events.
Forced exit is definitely buggy, but has likely gone unnoticed because
userspace probably follows the forced exit with KVM_SET_VCPU_EVENTS (or
some other ioctl() that purges the queue).
Fixes: 4f350c6dbcb9 ("kvm: nVMX: Handle deferred early VMLAUNCH/VMRESUME failure properly")
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Link: https://lore.kernel.org/r/20220830231614.3580124-2-seanjc@google.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/vmx/nested.c | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -4183,14 +4183,6 @@ static void prepare_vmcs12(struct kvm_vc
nested_vmx_abort(vcpu,
VMX_ABORT_SAVE_GUEST_MSR_FAIL);
}
-
- /*
- * Drop what we picked up for L2 via vmx_complete_interrupts. It is
- * preserved above and would only end up incorrectly in L1.
- */
- vcpu->arch.nmi_injected = false;
- kvm_clear_exception_queue(vcpu);
- kvm_clear_interrupt_queue(vcpu);
}
/*
@@ -4530,6 +4522,17 @@ void nested_vmx_vmexit(struct kvm_vcpu *
WARN_ON_ONCE(nested_early_check);
}
+ /*
+ * Drop events/exceptions that were queued for re-injection to L2
+ * (picked up via vmx_complete_interrupts()), as well as exceptions
+ * that were pending for L2. Note, this must NOT be hoisted above
+ * prepare_vmcs12(), events/exceptions queued for re-injection need to
+ * be captured in vmcs12 (see vmcs12_save_pending_event()).
+ */
+ vcpu->arch.nmi_injected = false;
+ kvm_clear_exception_queue(vcpu);
+ kvm_clear_interrupt_queue(vcpu);
+
vmx_switch_vmcs(vcpu, &vmx->vmcs01);
/* Update any VMCS fields that might have changed while L2 ran */
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 084/390] KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 083/390] KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 085/390] staging: greybus: audio_helper: remove unused and wrong debugfs usage Greg Kroah-Hartman
` (311 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sean Christopherson, Jim Mattson,
Maxim Levitsky, Paolo Bonzini
From: Sean Christopherson <seanjc@google.com>
commit eba9799b5a6efe2993cf92529608e4aa8163d73b upstream.
Deliberately truncate the exception error code when shoving it into the
VMCS (VM-Entry field for vmcs01 and vmcs02, VM-Exit field for vmcs12).
Intel CPUs are incapable of handling 32-bit error codes and will never
generate an error code with bits 31:16, but userspace can provide an
arbitrary error code via KVM_SET_VCPU_EVENTS. Failure to drop the bits
on exception injection results in failed VM-Entry, as VMX disallows
setting bits 31:16. Setting the bits on VM-Exit would at best confuse
L1, and at worse induce a nested VM-Entry failure, e.g. if L1 decided to
reinject the exception back into L2.
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Link: https://lore.kernel.org/r/20220830231614.3580124-3-seanjc@google.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/vmx/nested.c | 11 ++++++++++-
arch/x86/kvm/vmx/vmx.c | 12 +++++++++++-
2 files changed, 21 insertions(+), 2 deletions(-)
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -3776,7 +3776,16 @@ static void nested_vmx_inject_exception_
u32 intr_info = nr | INTR_INFO_VALID_MASK;
if (vcpu->arch.exception.has_error_code) {
- vmcs12->vm_exit_intr_error_code = vcpu->arch.exception.error_code;
+ /*
+ * Intel CPUs do not generate error codes with bits 31:16 set,
+ * and more importantly VMX disallows setting bits 31:16 in the
+ * injected error code for VM-Entry. Drop the bits to mimic
+ * hardware and avoid inducing failure on nested VM-Entry if L1
+ * chooses to inject the exception back to L2. AMD CPUs _do_
+ * generate "full" 32-bit error codes, so KVM allows userspace
+ * to inject exception error codes with bits 31:16 set.
+ */
+ vmcs12->vm_exit_intr_error_code = (u16)vcpu->arch.exception.error_code;
intr_info |= INTR_INFO_DELIVER_CODE_MASK;
}
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -1737,7 +1737,17 @@ static void vmx_queue_exception(struct k
kvm_deliver_exception_payload(vcpu);
if (has_error_code) {
- vmcs_write32(VM_ENTRY_EXCEPTION_ERROR_CODE, error_code);
+ /*
+ * Despite the error code being architecturally defined as 32
+ * bits, and the VMCS field being 32 bits, Intel CPUs and thus
+ * VMX don't actually supporting setting bits 31:16. Hardware
+ * will (should) never provide a bogus error code, but AMD CPUs
+ * do generate error codes with bits 31:16 set, and so KVM's
+ * ABI lets userspace shove in arbitrary 32-bit values. Drop
+ * the upper bits to avoid VM-Fail, losing information that
+ * does't really exist is preferable to killing the VM.
+ */
+ vmcs_write32(VM_ENTRY_EXCEPTION_ERROR_CODE, (u16)error_code);
intr_info |= INTR_INFO_DELIVER_CODE_MASK;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 085/390] staging: greybus: audio_helper: remove unused and wrong debugfs usage
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 084/390] KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 086/390] drm/nouveau/kms/nv140-: Disable interlacing Greg Kroah-Hartman
` (310 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johan Hovold, Alex Elder, stable
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit d517cdeb904ddc0cbebcc959d43596426cac40b0 upstream.
In the greybus audio_helper code, the debugfs file for the dapm has the
potential to be removed and memory will be leaked. There is also the
very real potential for this code to remove ALL debugfs entries from the
system, and it seems like this is what will really happen if this code
ever runs. This all is very wrong as the greybus audio driver did not
create this debugfs file, the sound core did and controls the lifespan
of it.
So remove all of the debugfs logic from the audio_helper code as there's
no way it could be correct. If this really is needed, it can come back
with a fixup for the incorrect usage of the debugfs_lookup() call which
is what caused this to be noticed at all.
Cc: Johan Hovold <johan@kernel.org>
Cc: Alex Elder <elder@kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: stable <stable@kernel.org>
Link: https://lore.kernel.org/r/20220902143715.320500-1-gregkh@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/greybus/audio_helper.c | 11 -----------
1 file changed, 11 deletions(-)
--- a/drivers/staging/greybus/audio_helper.c
+++ b/drivers/staging/greybus/audio_helper.c
@@ -3,7 +3,6 @@
* Greybus Audio Sound SoC helper APIs
*/
-#include <linux/debugfs.h>
#include <sound/core.h>
#include <sound/soc.h>
#include <sound/soc-dapm.h>
@@ -116,10 +115,6 @@ int gbaudio_dapm_free_controls(struct sn
{
int i;
struct snd_soc_dapm_widget *w, *next_w;
-#ifdef CONFIG_DEBUG_FS
- struct dentry *parent = dapm->debugfs_dapm;
- struct dentry *debugfs_w = NULL;
-#endif
mutex_lock(&dapm->card->dapm_mutex);
for (i = 0; i < num; i++) {
@@ -139,12 +134,6 @@ int gbaudio_dapm_free_controls(struct sn
continue;
}
widget++;
-#ifdef CONFIG_DEBUG_FS
- if (!parent)
- debugfs_w = debugfs_lookup(w->name, parent);
- debugfs_remove(debugfs_w);
- debugfs_w = NULL;
-#endif
gbaudio_dapm_free_widget(w);
}
mutex_unlock(&dapm->card->dapm_mutex);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 086/390] drm/nouveau/kms/nv140-: Disable interlacing
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 085/390] staging: greybus: audio_helper: remove unused and wrong debugfs usage Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 087/390] drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() Greg Kroah-Hartman
` (309 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lyude Paul, Karol Herbst
From: Lyude Paul <lyude@redhat.com>
commit 8ba9249396bef37cb68be9e8dee7847f1737db9d upstream.
As it turns out: while Nvidia does actually have interlacing knobs on their
GPU still pretty much no current GPUs since Volta actually support it.
Trying interlacing on these GPUs will result in NVDisplay being quite
unhappy like so:
nouveau 0000:1f:00.0: disp: chid 0 stat 00004802 reason 4 [INVALID_ARG] mthd 2008 data 00000001 code 00080000
nouveau 0000:1f:00.0: disp: chid 0 stat 10005080 reason 5 [INVALID_STATE] mthd 0200 data 00000001 code 00000001
So let's fix this by following the same behavior Nvidia's driver does and
disable interlacing entirely.
Signed-off-by: Lyude Paul <lyude@redhat.com>
Cc: stable@vger.kernel.org
Reviewed-by: Karol Herbst <kherbst@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220816180436.156310-1-lyude@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/nouveau/nouveau_connector.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/nouveau/nouveau_connector.c
+++ b/drivers/gpu/drm/nouveau/nouveau_connector.c
@@ -500,7 +500,8 @@ nouveau_connector_set_encoder(struct drm
connector->interlace_allowed =
nv_encoder->caps.dp_interlace;
else
- connector->interlace_allowed = true;
+ connector->interlace_allowed =
+ drm->client.device.info.family < NV_DEVICE_INFO_V0_VOLTA;
connector->doublescan_allowed = true;
} else
if (nv_encoder->dcb->type == DCB_OUTPUT_LVDS ||
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 087/390] drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 086/390] drm/nouveau/kms/nv140-: Disable interlacing Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 088/390] drm/i915: Fix watermark calculations for gen12+ RC CCS modifier Greg Kroah-Hartman
` (308 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jianglei Nie, Lyude Paul, Thierry Reding
From: Jianglei Nie <niejianglei2021@163.com>
commit 540dfd188ea2940582841c1c220bd035a7db0e51 upstream.
nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code
back to the caller. On failures, ttm will call nouveau_bo_del_ttm() and
free the memory.Thus, when nouveau_bo_init() returns an error, the gem
object has already been released. Then the call to nouveau_bo_ref() will
use the freed "nvbo->bo" and lead to a use-after-free bug.
We should delete the call to nouveau_bo_ref() to avoid the use-after-free.
Signed-off-by: Jianglei Nie <niejianglei2021@163.com>
Reviewed-by: Lyude Paul <lyude@redhat.com>
Signed-off-by: Lyude Paul <lyude@redhat.com>
Fixes: 019cbd4a4feb ("drm/nouveau: Initialize GEM object before TTM object")
Cc: Thierry Reding <treding@nvidia.com>
Cc: <stable@vger.kernel.org> # v5.4+
Link: https://patchwork.freedesktop.org/patch/msgid/20220705132546.2247677-1-niejianglei2021@163.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/nouveau/nouveau_prime.c | 1 -
1 file changed, 1 deletion(-)
--- a/drivers/gpu/drm/nouveau/nouveau_prime.c
+++ b/drivers/gpu/drm/nouveau/nouveau_prime.c
@@ -89,7 +89,6 @@ struct drm_gem_object *nouveau_gem_prime
ret = nouveau_bo_init(nvbo, size, align, NOUVEAU_GEM_DOMAIN_GART,
sg, robj);
if (ret) {
- nouveau_bo_ref(NULL, &nvbo);
obj = ERR_PTR(ret);
goto unlock;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 088/390] drm/i915: Fix watermark calculations for gen12+ RC CCS modifier
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 087/390] drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 089/390] drm/i915: Fix watermark calculations for gen12+ MC " Greg Kroah-Hartman
` (307 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Juha-Pekka Heikkila,
Ville Syrjälä,
Tvrtko Ursulin
From: Ville Syrjälä <ville.syrjala@linux.intel.com>
commit c56453a00f19ccddee302f5f9fe96b80e0b47fd3 upstream.
Take the gen12+ RC CCS modifier into account when calculating the
watermarks. Othwerwise we'll calculate the watermarks thinking this
Y-tiled modifier is linear.
The rc_surface part is actually a nop since that is not used
for any glk+ platform.
v2: Split RC CCS vs. MC CCS to separate patches
Cc: stable@vger.kernel.org
Fixes: b3e57bccd68a ("drm/i915/tgl: Gen-12 render decompression")
Reviewed-by: Juha-Pekka Heikkila <juhapekka.heikkila@gmail.com>
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221003111544.8007-2-ville.syrjala@linux.intel.com
(cherry picked from commit a89a96a586114f67598c6391c75678b4dba5c2da)
Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/intel_pm.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/i915/intel_pm.c
+++ b/drivers/gpu/drm/i915/intel_pm.c
@@ -5145,10 +5145,12 @@ skl_compute_wm_params(const struct intel
wp->y_tiled = modifier == I915_FORMAT_MOD_Y_TILED ||
modifier == I915_FORMAT_MOD_Yf_TILED ||
modifier == I915_FORMAT_MOD_Y_TILED_CCS ||
- modifier == I915_FORMAT_MOD_Yf_TILED_CCS;
+ modifier == I915_FORMAT_MOD_Yf_TILED_CCS ||
+ modifier == I915_FORMAT_MOD_Y_TILED_GEN12_RC_CCS;
wp->x_tiled = modifier == I915_FORMAT_MOD_X_TILED;
wp->rc_surface = modifier == I915_FORMAT_MOD_Y_TILED_CCS ||
- modifier == I915_FORMAT_MOD_Yf_TILED_CCS;
+ modifier == I915_FORMAT_MOD_Yf_TILED_CCS ||
+ modifier == I915_FORMAT_MOD_Y_TILED_GEN12_RC_CCS;
wp->is_planar = intel_format_info_is_yuv_semiplanar(format, modifier);
wp->width = width;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 089/390] drm/i915: Fix watermark calculations for gen12+ MC CCS modifier
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 088/390] drm/i915: Fix watermark calculations for gen12+ RC CCS modifier Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 090/390] smb3: must initialize two ACL struct fields to zero Greg Kroah-Hartman
` (306 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Juha-Pekka Heikkila,
Ville Syrjälä,
Tvrtko Ursulin
From: Ville Syrjälä <ville.syrjala@linux.intel.com>
commit 484b2b9281000274ef7c5cb0a9ebc5da6f5c281c upstream.
Take the gen12+ MC CCS modifier into account when calculating the
watermarks. Othwerwise we'll calculate the watermarks thinking this
Y-tiled modifier is linear.
The rc_surface part is actually a nop since that is not used
for any glk+ platform.
v2: Split RC CCS vs. MC CCS to separate patches
Cc: stable@vger.kernel.org
Fixes: 2dfbf9d2873a ("drm/i915/tgl: Gen-12 display can decompress surfaces compressed by the media engine")
Reviewed-by: Juha-Pekka Heikkila <juhapekka.heikkila@gmail.com>
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221003111544.8007-3-ville.syrjala@linux.intel.com
(cherry picked from commit 91c9651425fe955b1387f3637607dda005f3f710)
Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/intel_pm.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/i915/intel_pm.c
+++ b/drivers/gpu/drm/i915/intel_pm.c
@@ -5146,11 +5146,13 @@ skl_compute_wm_params(const struct intel
modifier == I915_FORMAT_MOD_Yf_TILED ||
modifier == I915_FORMAT_MOD_Y_TILED_CCS ||
modifier == I915_FORMAT_MOD_Yf_TILED_CCS ||
- modifier == I915_FORMAT_MOD_Y_TILED_GEN12_RC_CCS;
+ modifier == I915_FORMAT_MOD_Y_TILED_GEN12_RC_CCS ||
+ modifier == I915_FORMAT_MOD_Y_TILED_GEN12_MC_CCS;
wp->x_tiled = modifier == I915_FORMAT_MOD_X_TILED;
wp->rc_surface = modifier == I915_FORMAT_MOD_Y_TILED_CCS ||
modifier == I915_FORMAT_MOD_Yf_TILED_CCS ||
- modifier == I915_FORMAT_MOD_Y_TILED_GEN12_RC_CCS;
+ modifier == I915_FORMAT_MOD_Y_TILED_GEN12_RC_CCS ||
+ modifier == I915_FORMAT_MOD_Y_TILED_GEN12_MC_CCS;
wp->is_planar = intel_format_info_is_yuv_semiplanar(format, modifier);
wp->width = width;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 090/390] smb3: must initialize two ACL struct fields to zero
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 089/390] drm/i915: Fix watermark calculations for gen12+ MC " Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 091/390] selinux: use "grep -E" instead of "egrep" Greg Kroah-Hartman
` (305 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paulo Alcantara (SUSE), Steve French
From: Steve French <stfrench@microsoft.com>
commit f09bd695af3b8ab46fc24e5d6954a24104c38387 upstream.
Coverity spotted that we were not initalizing Stbz1 and Stbz2 to
zero in create_sd_buf.
Addresses-Coverity: 1513848 ("Uninitialized scalar variable")
Cc: <stable@vger.kernel.org>
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/smb2pdu.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -2294,7 +2294,7 @@ create_sd_buf(umode_t mode, bool set_own
unsigned int acelen, acl_size, ace_count;
unsigned int owner_offset = 0;
unsigned int group_offset = 0;
- struct smb3_acl acl;
+ struct smb3_acl acl = {};
*len = roundup(sizeof(struct crt_sd_ctxt) + (sizeof(struct cifs_ace) * 4), 8);
@@ -2367,6 +2367,7 @@ create_sd_buf(umode_t mode, bool set_own
acl.AclRevision = ACL_REVISION; /* See 2.4.4.1 of MS-DTYP */
acl.AclSize = cpu_to_le16(acl_size);
acl.AceCount = cpu_to_le16(ace_count);
+ /* acl.Sbz1 and Sbz2 MBZ so are not set here, but initialized above */
memcpy(aclptr, &acl, sizeof(struct smb3_acl));
buf->ccontext.DataLength = cpu_to_le32(ptr - (__u8 *)&buf->sd);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 091/390] selinux: use "grep -E" instead of "egrep"
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 090/390] smb3: must initialize two ACL struct fields to zero Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 092/390] userfaultfd: open userfaultfds with O_RDONLY Greg Kroah-Hartman
` (304 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paul Moore, Stephen Smalley,
Eric Paris, selinux
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit c969bb8dbaf2f3628927eae73e7c579a74cf1b6e upstream.
The latest version of grep claims that egrep is now obsolete so the build
now contains warnings that look like:
egrep: warning: egrep is obsolescent; using grep -E
fix this by using "grep -E" instead.
Cc: Paul Moore <paul@paul-moore.com>
Cc: Stephen Smalley <stephen.smalley.work@gmail.com>
Cc: Eric Paris <eparis@parisplace.org>
Cc: selinux@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[PM: tweak to remove vdso reference, cleanup subj line]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
scripts/selinux/install_policy.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/scripts/selinux/install_policy.sh
+++ b/scripts/selinux/install_policy.sh
@@ -78,7 +78,7 @@ cd /etc/selinux/dummy/contexts/files
$SF -F file_contexts /
mounts=`cat /proc/$$/mounts | \
- egrep "ext[234]|jfs|xfs|reiserfs|jffs2|gfs2|btrfs|f2fs|ocfs2" | \
+ grep -E "ext[234]|jfs|xfs|reiserfs|jffs2|gfs2|btrfs|f2fs|ocfs2" | \
awk '{ print $2 '}`
$SF -F file_contexts $mounts
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 092/390] userfaultfd: open userfaultfds with O_RDONLY
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 091/390] selinux: use "grep -E" instead of "egrep" Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 093/390] sh: machvec: Use char[] for section boundaries Greg Kroah-Hartman
` (303 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Robert OCallahan, Ondrej Mosnacek,
Peter Xu, Christian Brauner (Microsoft),
Paul Moore, Sasha Levin
From: Ondrej Mosnacek <omosnace@redhat.com>
[ Upstream commit abec3d015fdfb7c63105c7e1c956188bf381aa55 ]
Since userfaultfd doesn't implement a write operation, it is more
appropriate to open it read-only.
When userfaultfds are opened read-write like it is now, and such fd is
passed from one process to another, SELinux will check both read and
write permissions for the target process, even though it can't actually
do any write operation on the fd later.
Inspired by the following bug report, which has hit the SELinux scenario
described above:
https://bugzilla.redhat.com/show_bug.cgi?id=1974559
Reported-by: Robert O'Callahan <roc@ocallahan.org>
Fixes: 86039bd3b4e6 ("userfaultfd: add new syscall to provide memory externalization")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Acked-by: Peter Xu <peterx@redhat.com>
Acked-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/userfaultfd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index aef0da5d6f63..a3074a9d71a6 100644
--- a/fs/userfaultfd.c
+++ b/fs/userfaultfd.c
@@ -974,7 +974,7 @@ static int resolve_userfault_fork(struct userfaultfd_ctx *ctx,
int fd;
fd = anon_inode_getfd("[userfaultfd]", &userfaultfd_fops, new,
- O_RDWR | (new->flags & UFFD_SHARED_FCNTL_FLAGS));
+ O_RDONLY | (new->flags & UFFD_SHARED_FCNTL_FLAGS));
if (fd < 0)
return fd;
@@ -1987,7 +1987,7 @@ SYSCALL_DEFINE1(userfaultfd, int, flags)
mmgrab(ctx->mm);
fd = anon_inode_getfd("[userfaultfd]", &userfaultfd_fops, ctx,
- O_RDWR | (flags & UFFD_SHARED_FCNTL_FLAGS));
+ O_RDONLY | (flags & UFFD_SHARED_FCNTL_FLAGS));
if (fd < 0) {
mmdrop(ctx->mm);
kmem_cache_free(userfaultfd_ctx_cachep, ctx);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 093/390] sh: machvec: Use char[] for section boundaries
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 092/390] userfaultfd: open userfaultfds with O_RDONLY Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 094/390] MIPS: SGI-IP27: Free some unused memory Greg Kroah-Hartman
` (302 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yoshinori Sato, Rich Felker,
linux-sh, Geert Uytterhoeven, Geert Uytterhoeven,
Gustavo A. R. Silva, Kees Cook, Sasha Levin
From: Kees Cook <keescook@chromium.org>
[ Upstream commit c5783af354688b24abd359f7086c282ec74de993 ]
As done for other sections, define the extern as a character array,
which relaxes many of the compiler-time object size checks, which would
otherwise assume it's a single long. Solves the following build error:
arch/sh/kernel/machvec.c: error: array subscript 'struct sh_machine_vector[0]' is partly outside array bounds of 'long int[1]' [-Werror=array-bounds]: => 105:33
Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
Cc: Rich Felker <dalias@libc.org>
Cc: linux-sh@vger.kernel.org
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Link: https://lore.kernel.org/lkml/alpine.DEB.2.22.394.2209050944290.964530@ramsan.of.borg/
Fixes: 9655ad03af2d ("sh: Fixup machvec support.")
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Acked-by: Rich Felker <dalias@libc.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/sh/include/asm/sections.h | 2 +-
arch/sh/kernel/machvec.c | 10 +++++-----
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/arch/sh/include/asm/sections.h b/arch/sh/include/asm/sections.h
index 8edb824049b9..0cb0ca149ac3 100644
--- a/arch/sh/include/asm/sections.h
+++ b/arch/sh/include/asm/sections.h
@@ -4,7 +4,7 @@
#include <asm-generic/sections.h>
-extern long __machvec_start, __machvec_end;
+extern char __machvec_start[], __machvec_end[];
extern char __uncached_start, __uncached_end;
extern char __start_eh_frame[], __stop_eh_frame[];
diff --git a/arch/sh/kernel/machvec.c b/arch/sh/kernel/machvec.c
index d606679a211e..57efaf5b82ae 100644
--- a/arch/sh/kernel/machvec.c
+++ b/arch/sh/kernel/machvec.c
@@ -20,8 +20,8 @@
#define MV_NAME_SIZE 32
#define for_each_mv(mv) \
- for ((mv) = (struct sh_machine_vector *)&__machvec_start; \
- (mv) && (unsigned long)(mv) < (unsigned long)&__machvec_end; \
+ for ((mv) = (struct sh_machine_vector *)__machvec_start; \
+ (mv) && (unsigned long)(mv) < (unsigned long)__machvec_end; \
(mv)++)
static struct sh_machine_vector * __init get_mv_byname(const char *name)
@@ -87,8 +87,8 @@ void __init sh_mv_setup(void)
if (!machvec_selected) {
unsigned long machvec_size;
- machvec_size = ((unsigned long)&__machvec_end -
- (unsigned long)&__machvec_start);
+ machvec_size = ((unsigned long)__machvec_end -
+ (unsigned long)__machvec_start);
/*
* Sanity check for machvec section alignment. Ensure
@@ -102,7 +102,7 @@ void __init sh_mv_setup(void)
* vector (usually the only one) from .machvec.init.
*/
if (machvec_size >= sizeof(struct sh_machine_vector))
- sh_mv = *(struct sh_machine_vector *)&__machvec_start;
+ sh_mv = *(struct sh_machine_vector *)__machvec_start;
}
pr_notice("Booting machvec: %s\n", get_system_type());
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 094/390] MIPS: SGI-IP27: Free some unused memory
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 093/390] sh: machvec: Use char[] for section boundaries Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 095/390] MIPS: SGI-IP27: Fix platform-device leak in bridge_platform_create() Greg Kroah-Hartman
` (301 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET,
Thomas Bogendoerfer, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 33d7085682b4aa212ebfadbc21da81dfefaaac16 ]
platform_device_add_data() duplicates the memory it is passed. So we can
free some memory to save a few bytes that would remain unused otherwise.
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Stable-dep-of: 11bec9cba4de ("MIPS: SGI-IP27: Fix platform-device leak in bridge_platform_create()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/sgi-ip27/ip27-xtalk.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/mips/sgi-ip27/ip27-xtalk.c b/arch/mips/sgi-ip27/ip27-xtalk.c
index 000ede156bdc..e762886d1dda 100644
--- a/arch/mips/sgi-ip27/ip27-xtalk.c
+++ b/arch/mips/sgi-ip27/ip27-xtalk.c
@@ -53,6 +53,8 @@ static void bridge_platform_create(nasid_t nasid, int widget, int masterwid)
}
platform_device_add_resources(pdev, &w1_res, 1);
platform_device_add_data(pdev, wd, sizeof(*wd));
+ /* platform_device_add_data() duplicates the data */
+ kfree(wd);
platform_device_add(pdev);
bd = kzalloc(sizeof(*bd), GFP_KERNEL);
@@ -83,6 +85,8 @@ static void bridge_platform_create(nasid_t nasid, int widget, int masterwid)
bd->io_offset = offset;
platform_device_add_data(pdev, bd, sizeof(*bd));
+ /* platform_device_add_data() duplicates the data */
+ kfree(bd);
platform_device_add(pdev);
pr_info("xtalk:n%d/%x bridge widget\n", nasid, widget);
return;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 095/390] MIPS: SGI-IP27: Fix platform-device leak in bridge_platform_create()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 094/390] MIPS: SGI-IP27: Free some unused memory Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 096/390] ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd() Greg Kroah-Hartman
` (300 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lin Yujun, Thomas Bogendoerfer, Sasha Levin
From: Lin Yujun <linyujun809@huawei.com>
[ Upstream commit 11bec9cba4de06b3c0e9e4041453c2caaa1cbec1 ]
In error case in bridge_platform_create after calling
platform_device_add()/platform_device_add_data()/
platform_device_add_resources(), release the failed
'pdev' or it will be leak, call platform_device_put()
to fix this problem.
Besides, 'pdev' is divided into 'pdev_wd' and 'pdev_bd',
use platform_device_unregister() to release sgi_w1
resources when xtalk-bridge registration fails.
Fixes: 5dc76a96e95a ("MIPS: PCI: use information from 1-wire PROM for IOC3 detection")
Signed-off-by: Lin Yujun <linyujun809@huawei.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/sgi-ip27/ip27-xtalk.c | 70 +++++++++++++++++++++++----------
1 file changed, 50 insertions(+), 20 deletions(-)
diff --git a/arch/mips/sgi-ip27/ip27-xtalk.c b/arch/mips/sgi-ip27/ip27-xtalk.c
index e762886d1dda..5143d1cf8984 100644
--- a/arch/mips/sgi-ip27/ip27-xtalk.c
+++ b/arch/mips/sgi-ip27/ip27-xtalk.c
@@ -27,15 +27,18 @@ static void bridge_platform_create(nasid_t nasid, int widget, int masterwid)
{
struct xtalk_bridge_platform_data *bd;
struct sgi_w1_platform_data *wd;
- struct platform_device *pdev;
+ struct platform_device *pdev_wd;
+ struct platform_device *pdev_bd;
struct resource w1_res;
unsigned long offset;
offset = NODE_OFFSET(nasid);
wd = kzalloc(sizeof(*wd), GFP_KERNEL);
- if (!wd)
- goto no_mem;
+ if (!wd) {
+ pr_warn("xtalk:n%d/%x bridge create out of memory\n", nasid, widget);
+ return;
+ }
snprintf(wd->dev_id, sizeof(wd->dev_id), "bridge-%012lx",
offset + (widget << SWIN_SIZE_BITS));
@@ -46,24 +49,35 @@ static void bridge_platform_create(nasid_t nasid, int widget, int masterwid)
w1_res.end = w1_res.start + 3;
w1_res.flags = IORESOURCE_MEM;
- pdev = platform_device_alloc("sgi_w1", PLATFORM_DEVID_AUTO);
- if (!pdev) {
- kfree(wd);
- goto no_mem;
+ pdev_wd = platform_device_alloc("sgi_w1", PLATFORM_DEVID_AUTO);
+ if (!pdev_wd) {
+ pr_warn("xtalk:n%d/%x bridge create out of memory\n", nasid, widget);
+ goto err_kfree_wd;
+ }
+ if (platform_device_add_resources(pdev_wd, &w1_res, 1)) {
+ pr_warn("xtalk:n%d/%x bridge failed to add platform resources.\n", nasid, widget);
+ goto err_put_pdev_wd;
+ }
+ if (platform_device_add_data(pdev_wd, wd, sizeof(*wd))) {
+ pr_warn("xtalk:n%d/%x bridge failed to add platform data.\n", nasid, widget);
+ goto err_put_pdev_wd;
+ }
+ if (platform_device_add(pdev_wd)) {
+ pr_warn("xtalk:n%d/%x bridge failed to add platform device.\n", nasid, widget);
+ goto err_put_pdev_wd;
}
- platform_device_add_resources(pdev, &w1_res, 1);
- platform_device_add_data(pdev, wd, sizeof(*wd));
/* platform_device_add_data() duplicates the data */
kfree(wd);
- platform_device_add(pdev);
bd = kzalloc(sizeof(*bd), GFP_KERNEL);
- if (!bd)
- goto no_mem;
- pdev = platform_device_alloc("xtalk-bridge", PLATFORM_DEVID_AUTO);
- if (!pdev) {
- kfree(bd);
- goto no_mem;
+ if (!bd) {
+ pr_warn("xtalk:n%d/%x bridge create out of memory\n", nasid, widget);
+ goto err_unregister_pdev_wd;
+ }
+ pdev_bd = platform_device_alloc("xtalk-bridge", PLATFORM_DEVID_AUTO);
+ if (!pdev_bd) {
+ pr_warn("xtalk:n%d/%x bridge create out of memory\n", nasid, widget);
+ goto err_kfree_bd;
}
@@ -84,15 +98,31 @@ static void bridge_platform_create(nasid_t nasid, int widget, int masterwid)
bd->io.flags = IORESOURCE_IO;
bd->io_offset = offset;
- platform_device_add_data(pdev, bd, sizeof(*bd));
+ if (platform_device_add_data(pdev_bd, bd, sizeof(*bd))) {
+ pr_warn("xtalk:n%d/%x bridge failed to add platform data.\n", nasid, widget);
+ goto err_put_pdev_bd;
+ }
+ if (platform_device_add(pdev_bd)) {
+ pr_warn("xtalk:n%d/%x bridge failed to add platform device.\n", nasid, widget);
+ goto err_put_pdev_bd;
+ }
/* platform_device_add_data() duplicates the data */
kfree(bd);
- platform_device_add(pdev);
pr_info("xtalk:n%d/%x bridge widget\n", nasid, widget);
return;
-no_mem:
- pr_warn("xtalk:n%d/%x bridge create out of memory\n", nasid, widget);
+err_put_pdev_bd:
+ platform_device_put(pdev_bd);
+err_kfree_bd:
+ kfree(bd);
+err_unregister_pdev_wd:
+ platform_device_unregister(pdev_wd);
+ return;
+err_put_pdev_wd:
+ platform_device_put(pdev_wd);
+err_kfree_wd:
+ kfree(wd);
+ return;
}
static int probe_one_port(nasid_t nasid, int widget, int masterwid)
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 096/390] ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 095/390] MIPS: SGI-IP27: Fix platform-device leak in bridge_platform_create() Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 097/390] ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE Greg Kroah-Hartman
` (299 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kefeng Wang, Russell King (Oracle),
Sasha Levin
From: Wang Kefeng <wangkefeng.wang@huawei.com>
[ Upstream commit 2ccd19b3ffac07cc7e75a2bd1ed779728bb67197 ]
After ARM supports p4d page tables, the pg_level for note_page()
in walk_pmd() should be 4, not 3, fix it.
Fixes: 84e6ffb2c49c ("arm: add support for folded p4d page tables")
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mm/dump.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/mm/dump.c b/arch/arm/mm/dump.c
index c18d23a5e5f1..9b9023a92d46 100644
--- a/arch/arm/mm/dump.c
+++ b/arch/arm/mm/dump.c
@@ -342,7 +342,7 @@ static void walk_pmd(struct pg_state *st, pud_t *pud, unsigned long start)
addr = start + i * PMD_SIZE;
domain = get_domain_name(pmd);
if (pmd_none(*pmd) || pmd_large(*pmd) || !pmd_present(*pmd))
- note_page(st, addr, 3, pmd_val(*pmd), domain);
+ note_page(st, addr, 4, pmd_val(*pmd), domain);
else
walk_pte(st, pmd, addr, domain);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 097/390] ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 096/390] ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd() Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 098/390] objtool: Preserve special st_shndx indexes in elf_update_symbol Greg Kroah-Hartman
` (298 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kefeng Wang, Russell King (Oracle),
Sasha Levin
From: Wang Kefeng <wangkefeng.wang@huawei.com>
[ Upstream commit 14ca1a4690750bb54e1049e49f3140ef48958a6e ]
MT_MEMORY_RO is introduced by commit 598f0a99fa8a ("ARM: 9210/1:
Mark the FDT_FIXED sections as shareable"), which is a readonly
memory type for FDT area, but there are some different between
ARM_LPAE and non-ARM_LPAE, we need to setup PMD_SECT_AP2 and
L_PMD_SECT_RDONLY for MT_MEMORY_RO when ARM_LAPE enabled.
non-ARM_LPAE 0xff800000-0xffa00000 2M PGD KERNEL ro NX SHD
ARM_LPAE 0xff800000-0xffc00000 4M PMD RW NX SHD
ARM_LPAE+fix 0xff800000-0xffc00000 4M PMD ro NX SHD
Fixes: 598f0a99fa8a ("ARM: 9210/1: Mark the FDT_FIXED sections as shareable")
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mm/mmu.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c
index 86f213f1b44b..0d0c3bf23914 100644
--- a/arch/arm/mm/mmu.c
+++ b/arch/arm/mm/mmu.c
@@ -300,7 +300,11 @@ static struct mem_type mem_types[] __ro_after_init = {
.prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY |
L_PTE_XN | L_PTE_RDONLY,
.prot_l1 = PMD_TYPE_TABLE,
+#ifdef CONFIG_ARM_LPAE
+ .prot_sect = PMD_TYPE_SECT | L_PMD_SECT_RDONLY | PMD_SECT_AP2,
+#else
.prot_sect = PMD_TYPE_SECT,
+#endif
.domain = DOMAIN_KERNEL,
},
[MT_ROM] = {
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 098/390] objtool: Preserve special st_shndx indexes in elf_update_symbol
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 097/390] ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 099/390] nfsd: Fix a memory leak in an error handling path Greg Kroah-Hartman
` (297 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sami Tolvanen, Peter Zijlstra (Intel),
Kees Cook, Sasha Levin
From: Sami Tolvanen <samitolvanen@google.com>
[ Upstream commit 5141d3a06b2da1731ac82091298b766a1f95d3d8 ]
elf_update_symbol fails to preserve the special st_shndx values
between [SHN_LORESERVE, SHN_HIRESERVE], which results in it
converting SHN_ABS entries into SHN_UNDEF, for example. Explicitly
check for the special indexes and ensure these symbols are not
marked undefined.
Fixes: ead165fa1042 ("objtool: Fix symbol creation")
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220908215504.3686827-17-samitolvanen@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/objtool/elf.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/tools/objtool/elf.c b/tools/objtool/elf.c
index 5aa3b4e76479..a2ea3931e01d 100644
--- a/tools/objtool/elf.c
+++ b/tools/objtool/elf.c
@@ -578,6 +578,11 @@ static int elf_update_symbol(struct elf *elf, struct section *symtab,
Elf64_Xword entsize = symtab->sh.sh_entsize;
int max_idx, idx = sym->idx;
Elf_Scn *s, *t = NULL;
+ bool is_special_shndx = sym->sym.st_shndx >= SHN_LORESERVE &&
+ sym->sym.st_shndx != SHN_XINDEX;
+
+ if (is_special_shndx)
+ shndx = sym->sym.st_shndx;
s = elf_getscn(elf->elf, symtab->idx);
if (!s) {
@@ -663,7 +668,7 @@ static int elf_update_symbol(struct elf *elf, struct section *symtab,
}
/* setup extended section index magic and write the symbol */
- if (shndx >= SHN_UNDEF && shndx < SHN_LORESERVE) {
+ if ((shndx >= SHN_UNDEF && shndx < SHN_LORESERVE) || is_special_shndx) {
sym->sym.st_shndx = shndx;
if (!shndx_data)
shndx = 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 099/390] nfsd: Fix a memory leak in an error handling path
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 098/390] objtool: Preserve special st_shndx indexes in elf_update_symbol Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 100/390] wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() Greg Kroah-Hartman
` (296 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Jeff Layton,
Chuck Lever, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit fd1ef88049de09bc70d60b549992524cfc0e66ff ]
If this memdup_user() call fails, the memory allocated in a previous call
a few lines above should be freed. Otherwise it leaks.
Fixes: 6ee95d1c8991 ("nfsd: add support for upcall version 2")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfsd/nfs4recover.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index f9b730c43192..83c4e6883953 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -815,8 +815,10 @@ __cld_pipe_inprogress_downcall(const struct cld_msg_v2 __user *cmsg,
princhash.data = memdup_user(
&ci->cc_princhash.cp_data,
princhashlen);
- if (IS_ERR_OR_NULL(princhash.data))
+ if (IS_ERR_OR_NULL(princhash.data)) {
+ kfree(name.data);
return -EFAULT;
+ }
princhash.len = princhashlen;
} else
princhash.len = 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 100/390] wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 099/390] nfsd: Fix a memory leak in an error handling path Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 101/390] leds: lm3601x: Dont use mutex after it was destroyed Greg Kroah-Hartman
` (295 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Gong, Kalle Valo, Sasha Levin
From: Wen Gong <quic_wgong@quicinc.com>
[ Upstream commit f020d9570a04df0762a2ac5c50cf1d8c511c9164 ]
When peer delete failed in a disconnect operation, use-after-free
detected by KFENCE in below log. It is because for each vdev_id and
address, it has only one struct ath10k_peer, it is allocated in
ath10k_peer_map_event(). When connected to an AP, it has more than
one HTT_T2H_MSG_TYPE_PEER_MAP reported from firmware, then the
array peer_map of struct ath10k will be set muti-elements to the
same ath10k_peer in ath10k_peer_map_event(). When peer delete failed
in ath10k_sta_state(), the ath10k_peer will be free for the 1st peer
id in array peer_map of struct ath10k, and then use-after-free happened
for the 2nd peer id because they map to the same ath10k_peer.
And clean up all peers in array peer_map for the ath10k_peer, then
user-after-free disappeared
peer map event log:
[ 306.911021] wlan0: authenticate with b0:2a:43:e6:75:0e
[ 306.957187] ath10k_pci 0000:01:00.0: mac vdev 0 peer create b0:2a:43:e6:75:0e (new sta) sta 1 / 32 peer 1 / 33
[ 306.957395] ath10k_pci 0000:01:00.0: htt peer map vdev 0 peer b0:2a:43:e6:75:0e id 246
[ 306.957404] ath10k_pci 0000:01:00.0: htt peer map vdev 0 peer b0:2a:43:e6:75:0e id 198
[ 306.986924] ath10k_pci 0000:01:00.0: htt peer map vdev 0 peer b0:2a:43:e6:75:0e id 166
peer unmap event log:
[ 435.715691] wlan0: deauthenticating from b0:2a:43:e6:75:0e by local choice (Reason: 3=DEAUTH_LEAVING)
[ 435.716802] ath10k_pci 0000:01:00.0: mac vdev 0 peer delete b0:2a:43:e6:75:0e sta ffff990e0e9c2b50 (sta gone)
[ 435.717177] ath10k_pci 0000:01:00.0: htt peer unmap vdev 0 peer b0:2a:43:e6:75:0e id 246
[ 435.717186] ath10k_pci 0000:01:00.0: htt peer unmap vdev 0 peer b0:2a:43:e6:75:0e id 198
[ 435.717193] ath10k_pci 0000:01:00.0: htt peer unmap vdev 0 peer b0:2a:43:e6:75:0e id 166
use-after-free log:
[21705.888627] wlan0: deauthenticating from d0:76:8f:82:be:75 by local choice (Reason: 3=DEAUTH_LEAVING)
[21713.799910] ath10k_pci 0000:01:00.0: failed to delete peer d0:76:8f:82:be:75 for vdev 0: -110
[21713.799925] ath10k_pci 0000:01:00.0: found sta peer d0:76:8f:82:be:75 (ptr 0000000000000000 id 102) entry on vdev 0 after it was supposedly removed
[21713.799968] ==================================================================
[21713.799991] BUG: KFENCE: use-after-free read in ath10k_sta_state+0x265/0xb8a [ath10k_core]
[21713.799991]
[21713.799997] Use-after-free read at 0x00000000abe1c75e (in kfence-#69):
[21713.800010] ath10k_sta_state+0x265/0xb8a [ath10k_core]
[21713.800041] drv_sta_state+0x115/0x677 [mac80211]
[21713.800059] __sta_info_destroy_part2+0xb1/0x133 [mac80211]
[21713.800076] __sta_info_flush+0x11d/0x162 [mac80211]
[21713.800093] ieee80211_set_disassoc+0x12d/0x2f4 [mac80211]
[21713.800110] ieee80211_mgd_deauth+0x26c/0x29b [mac80211]
[21713.800137] cfg80211_mlme_deauth+0x13f/0x1bb [cfg80211]
[21713.800153] nl80211_deauthenticate+0xf8/0x121 [cfg80211]
[21713.800161] genl_rcv_msg+0x38e/0x3be
[21713.800166] netlink_rcv_skb+0x89/0xf7
[21713.800171] genl_rcv+0x28/0x36
[21713.800176] netlink_unicast+0x179/0x24b
[21713.800181] netlink_sendmsg+0x3a0/0x40e
[21713.800187] sock_sendmsg+0x72/0x76
[21713.800192] ____sys_sendmsg+0x16d/0x1e3
[21713.800196] ___sys_sendmsg+0x95/0xd1
[21713.800200] __sys_sendmsg+0x85/0xbf
[21713.800205] do_syscall_64+0x43/0x55
[21713.800210] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[21713.800213]
[21713.800219] kfence-#69: 0x000000009149b0d5-0x000000004c0697fb, size=1064, cache=kmalloc-2k
[21713.800219]
[21713.800224] allocated by task 13 on cpu 0 at 21705.501373s:
[21713.800241] ath10k_peer_map_event+0x7e/0x154 [ath10k_core]
[21713.800254] ath10k_htt_t2h_msg_handler+0x586/0x1039 [ath10k_core]
[21713.800265] ath10k_htt_htc_t2h_msg_handler+0x12/0x28 [ath10k_core]
[21713.800277] ath10k_htc_rx_completion_handler+0x14c/0x1b5 [ath10k_core]
[21713.800283] ath10k_pci_process_rx_cb+0x195/0x1df [ath10k_pci]
[21713.800294] ath10k_ce_per_engine_service+0x55/0x74 [ath10k_core]
[21713.800305] ath10k_ce_per_engine_service_any+0x76/0x84 [ath10k_core]
[21713.800310] ath10k_pci_napi_poll+0x49/0x144 [ath10k_pci]
[21713.800316] net_rx_action+0xdc/0x361
[21713.800320] __do_softirq+0x163/0x29a
[21713.800325] asm_call_irq_on_stack+0x12/0x20
[21713.800331] do_softirq_own_stack+0x3c/0x48
[21713.800337] __irq_exit_rcu+0x9b/0x9d
[21713.800342] common_interrupt+0xc9/0x14d
[21713.800346] asm_common_interrupt+0x1e/0x40
[21713.800351] ksoftirqd_should_run+0x5/0x16
[21713.800357] smpboot_thread_fn+0x148/0x211
[21713.800362] kthread+0x150/0x15f
[21713.800367] ret_from_fork+0x22/0x30
[21713.800370]
[21713.800374] freed by task 708 on cpu 1 at 21713.799953s:
[21713.800498] ath10k_sta_state+0x2c6/0xb8a [ath10k_core]
[21713.800515] drv_sta_state+0x115/0x677 [mac80211]
[21713.800532] __sta_info_destroy_part2+0xb1/0x133 [mac80211]
[21713.800548] __sta_info_flush+0x11d/0x162 [mac80211]
[21713.800565] ieee80211_set_disassoc+0x12d/0x2f4 [mac80211]
[21713.800581] ieee80211_mgd_deauth+0x26c/0x29b [mac80211]
[21713.800598] cfg80211_mlme_deauth+0x13f/0x1bb [cfg80211]
[21713.800614] nl80211_deauthenticate+0xf8/0x121 [cfg80211]
[21713.800619] genl_rcv_msg+0x38e/0x3be
[21713.800623] netlink_rcv_skb+0x89/0xf7
[21713.800628] genl_rcv+0x28/0x36
[21713.800632] netlink_unicast+0x179/0x24b
[21713.800637] netlink_sendmsg+0x3a0/0x40e
[21713.800642] sock_sendmsg+0x72/0x76
[21713.800646] ____sys_sendmsg+0x16d/0x1e3
[21713.800651] ___sys_sendmsg+0x95/0xd1
[21713.800655] __sys_sendmsg+0x85/0xbf
[21713.800659] do_syscall_64+0x43/0x55
[21713.800663] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00288-QCARMSWPZ-1
Fixes: d0eeafad1189 ("ath10k: Clean up peer when sta goes away.")
Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220801141930.16794-1-quic_wgong@quicinc.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath10k/mac.c | 54 ++++++++++++++-------------
1 file changed, 29 insertions(+), 25 deletions(-)
diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c
index b61cd275fbda..15f02bf23e9b 100644
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
@@ -853,11 +853,36 @@ static int ath10k_peer_delete(struct ath10k *ar, u32 vdev_id, const u8 *addr)
return 0;
}
+static void ath10k_peer_map_cleanup(struct ath10k *ar, struct ath10k_peer *peer)
+{
+ int peer_id, i;
+
+ lockdep_assert_held(&ar->conf_mutex);
+
+ for_each_set_bit(peer_id, peer->peer_ids,
+ ATH10K_MAX_NUM_PEER_IDS) {
+ ar->peer_map[peer_id] = NULL;
+ }
+
+ /* Double check that peer is properly un-referenced from
+ * the peer_map
+ */
+ for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
+ if (ar->peer_map[i] == peer) {
+ ath10k_warn(ar, "removing stale peer_map entry for %pM (ptr %pK idx %d)\n",
+ peer->addr, peer, i);
+ ar->peer_map[i] = NULL;
+ }
+ }
+
+ list_del(&peer->list);
+ kfree(peer);
+ ar->num_peers--;
+}
+
static void ath10k_peer_cleanup(struct ath10k *ar, u32 vdev_id)
{
struct ath10k_peer *peer, *tmp;
- int peer_id;
- int i;
lockdep_assert_held(&ar->conf_mutex);
@@ -869,25 +894,7 @@ static void ath10k_peer_cleanup(struct ath10k *ar, u32 vdev_id)
ath10k_warn(ar, "removing stale peer %pM from vdev_id %d\n",
peer->addr, vdev_id);
- for_each_set_bit(peer_id, peer->peer_ids,
- ATH10K_MAX_NUM_PEER_IDS) {
- ar->peer_map[peer_id] = NULL;
- }
-
- /* Double check that peer is properly un-referenced from
- * the peer_map
- */
- for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
- if (ar->peer_map[i] == peer) {
- ath10k_warn(ar, "removing stale peer_map entry for %pM (ptr %pK idx %d)\n",
- peer->addr, peer, i);
- ar->peer_map[i] = NULL;
- }
- }
-
- list_del(&peer->list);
- kfree(peer);
- ar->num_peers--;
+ ath10k_peer_map_cleanup(ar, peer);
}
spin_unlock_bh(&ar->data_lock);
}
@@ -7470,10 +7477,7 @@ static int ath10k_sta_state(struct ieee80211_hw *hw,
/* Clean up the peer object as well since we
* must have failed to do this above.
*/
- list_del(&peer->list);
- ar->peer_map[i] = NULL;
- kfree(peer);
- ar->num_peers--;
+ ath10k_peer_map_cleanup(ar, peer);
}
}
spin_unlock_bh(&ar->data_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 101/390] leds: lm3601x: Dont use mutex after it was destroyed
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 100/390] wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 102/390] wifi: mac80211: allow bw change during channel switch in mesh Greg Kroah-Hartman
` (294 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Machek, Uwe Kleine-König,
Wolfram Sang, Sasha Levin
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
[ Upstream commit 32f7eed0c763a9b89f6b357ec54b48398fc7b99e ]
The mutex might still be in use until the devm cleanup callback
devm_led_classdev_flash_release() is called. This only happens some time
after lm3601x_remove() completed.
Fixes: e63a744871a3 ("leds: lm3601x: Convert class registration to device managed")
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/leds/leds-lm3601x.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/leds/leds-lm3601x.c b/drivers/leds/leds-lm3601x.c
index d0e1d4814042..3d1272748201 100644
--- a/drivers/leds/leds-lm3601x.c
+++ b/drivers/leds/leds-lm3601x.c
@@ -444,8 +444,6 @@ static int lm3601x_remove(struct i2c_client *client)
{
struct lm3601x_led *led = i2c_get_clientdata(client);
- mutex_destroy(&led->lock);
-
return regmap_update_bits(led->regmap, LM3601X_ENABLE_REG,
LM3601X_ENABLE_MASK,
LM3601X_MODE_STANDBY);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 102/390] wifi: mac80211: allow bw change during channel switch in mesh
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 101/390] leds: lm3601x: Dont use mutex after it was destroyed Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 103/390] bpftool: Fix a wrong type cast in btf_dumper_int Greg Kroah-Hartman
` (293 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hari Chandrakanthan, Johannes Berg,
Sasha Levin
From: Hari Chandrakanthan <quic_haric@quicinc.com>
[ Upstream commit 6b75f133fe05c36c52d691ff21545d5757fff721 ]
>From 'IEEE Std 802.11-2020 section 11.8.8.4.1':
The mesh channel switch may be triggered by the need to avoid
interference to a detected radar signal, or to reassign mesh STA
channels to ensure the MBSS connectivity.
A 20/40 MHz MBSS may be changed to a 20 MHz MBSS and a 20 MHz
MBSS may be changed to a 20/40 MHz MBSS.
Since the standard allows the change of bandwidth during
the channel switch in mesh, remove the bandwidth check present in
ieee80211_set_csa_beacon.
Fixes: c6da674aff94 ("{nl,cfg,mac}80211: enable the triggering of CSA frame in mesh")
Signed-off-by: Hari Chandrakanthan <quic_haric@quicinc.com>
Link: https://lore.kernel.org/r/1658903549-21218-1-git-send-email-quic_haric@quicinc.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/cfg.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 8010967a6874..c6a7f1c99abc 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -3357,9 +3357,6 @@ static int ieee80211_set_csa_beacon(struct ieee80211_sub_if_data *sdata,
case NL80211_IFTYPE_MESH_POINT: {
struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
- if (params->chandef.width != sdata->vif.bss_conf.chandef.width)
- return -EINVAL;
-
/* changes into another band are not supported */
if (sdata->vif.bss_conf.chandef.chan->band !=
params->chandef.chan->band)
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 103/390] bpftool: Fix a wrong type cast in btf_dumper_int
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 102/390] wifi: mac80211: allow bw change during channel switch in mesh Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 104/390] spi: mt7621: Fix an error message in mt7621_spi_probe() Greg Kroah-Hartman
` (292 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lam Thai, Andrii Nakryiko,
Quentin Monnet, John Fastabend, Sasha Levin
From: Lam Thai <lamthai@arista.com>
[ Upstream commit 7184aef9c0f7a81db8fd18d183ee42481d89bf35 ]
When `data` points to a boolean value, casting it to `int *` is problematic
and could lead to a wrong value being passed to `jsonw_bool`. Change the
cast to `bool *` instead.
Fixes: b12d6ec09730 ("bpf: btf: add btf print functionality")
Signed-off-by: Lam Thai <lamthai@arista.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Reviewed-by: Quentin Monnet <quentin@isovalent.com>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/bpf/20220824225859.9038-1-lamthai@arista.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/bpf/bpftool/btf_dumper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/bpf/bpftool/btf_dumper.c b/tools/bpf/bpftool/btf_dumper.c
index 0e9310727281..13be48763199 100644
--- a/tools/bpf/bpftool/btf_dumper.c
+++ b/tools/bpf/bpftool/btf_dumper.c
@@ -416,7 +416,7 @@ static int btf_dumper_int(const struct btf_type *t, __u8 bit_offset,
*(char *)data);
break;
case BTF_INT_BOOL:
- jsonw_bool(jw, *(int *)data);
+ jsonw_bool(jw, *(bool *)data);
break;
default:
/* shouldn't happen */
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 104/390] spi: mt7621: Fix an error message in mt7621_spi_probe()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 103/390] bpftool: Fix a wrong type cast in btf_dumper_int Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 105/390] x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register Greg Kroah-Hartman
` (291 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Matthias Brugger,
Mark Brown, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 2b2bf6b7faa9010fae10dc7de76627a3fdb525b3 ]
'status' is known to be 0 at this point. The expected error code is
PTR_ERR(clk).
Switch to dev_err_probe() in order to display the expected error code (in a
human readable way).
This also filters -EPROBE_DEFER cases, should it happen.
Fixes: 1ab7f2a43558 ("staging: mt7621-spi: add mt7621 support")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
Link: https://lore.kernel.org/r/928f3fb507d53ba0774df27cea0bbba4b055993b.1661599671.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-mt7621.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/drivers/spi/spi-mt7621.c b/drivers/spi/spi-mt7621.c
index b4b9b7309b5e..351b0ef52bbc 100644
--- a/drivers/spi/spi-mt7621.c
+++ b/drivers/spi/spi-mt7621.c
@@ -340,11 +340,9 @@ static int mt7621_spi_probe(struct platform_device *pdev)
return PTR_ERR(base);
clk = devm_clk_get(&pdev->dev, NULL);
- if (IS_ERR(clk)) {
- dev_err(&pdev->dev, "unable to get SYS clock, err=%d\n",
- status);
- return PTR_ERR(clk);
- }
+ if (IS_ERR(clk))
+ return dev_err_probe(&pdev->dev, PTR_ERR(clk),
+ "unable to get SYS clock\n");
status = clk_prepare_enable(clk);
if (status)
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 105/390] x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 104/390] spi: mt7621: Fix an error message in mt7621_spi_probe() Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 106/390] Bluetooth: btusb: Fine-tune mt7663 mechanism Greg Kroah-Hartman
` (290 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kohei Tarumizu, Dave Hansen,
Reinette Chatre, Sasha Levin
From: Kohei Tarumizu <tarumizu.kohei@fujitsu.com>
[ Upstream commit 499c8bb4693d1c8d8f3d6dd38e5bdde3ff5bd906 ]
The current pseudo_lock.c code overwrites the value of the
MSR_MISC_FEATURE_CONTROL to 0 even if the original value is not 0.
Therefore, modify it to save and restore the original values.
Fixes: 018961ae5579 ("x86/intel_rdt: Pseudo-lock region creation/removal core")
Fixes: 443810fe6160 ("x86/intel_rdt: Create debugfs files for pseudo-locking testing")
Fixes: 8a2fc0e1bc0c ("x86/intel_rdt: More precise L2 hit/miss measurements")
Signed-off-by: Kohei Tarumizu <tarumizu.kohei@fujitsu.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Acked-by: Reinette Chatre <reinette.chatre@intel.com>
Link: https://lkml.kernel.org/r/eb660f3c2010b79a792c573c02d01e8e841206ad.1661358182.git.reinette.chatre@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/resctrl/pseudo_lock.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kernel/cpu/resctrl/pseudo_lock.c b/arch/x86/kernel/cpu/resctrl/pseudo_lock.c
index 0daf2f1cf7a8..465dce141bfc 100644
--- a/arch/x86/kernel/cpu/resctrl/pseudo_lock.c
+++ b/arch/x86/kernel/cpu/resctrl/pseudo_lock.c
@@ -416,6 +416,7 @@ static int pseudo_lock_fn(void *_rdtgrp)
struct pseudo_lock_region *plr = rdtgrp->plr;
u32 rmid_p, closid_p;
unsigned long i;
+ u64 saved_msr;
#ifdef CONFIG_KASAN
/*
* The registers used for local register variables are also used
@@ -459,6 +460,7 @@ static int pseudo_lock_fn(void *_rdtgrp)
* the buffer and evict pseudo-locked memory read earlier from the
* cache.
*/
+ saved_msr = __rdmsr(MSR_MISC_FEATURE_CONTROL);
__wrmsr(MSR_MISC_FEATURE_CONTROL, prefetch_disable_bits, 0x0);
closid_p = this_cpu_read(pqr_state.cur_closid);
rmid_p = this_cpu_read(pqr_state.cur_rmid);
@@ -510,7 +512,7 @@ static int pseudo_lock_fn(void *_rdtgrp)
__wrmsr(IA32_PQR_ASSOC, rmid_p, closid_p);
/* Re-enable the hardware prefetcher(s) */
- wrmsr(MSR_MISC_FEATURE_CONTROL, 0x0, 0x0);
+ wrmsrl(MSR_MISC_FEATURE_CONTROL, saved_msr);
local_irq_enable();
plr->thread_done = 1;
@@ -867,6 +869,7 @@ bool rdtgroup_pseudo_locked_in_hierarchy(struct rdt_domain *d)
static int measure_cycles_lat_fn(void *_plr)
{
struct pseudo_lock_region *plr = _plr;
+ u32 saved_low, saved_high;
unsigned long i;
u64 start, end;
void *mem_r;
@@ -875,6 +878,7 @@ static int measure_cycles_lat_fn(void *_plr)
/*
* Disable hardware prefetchers.
*/
+ rdmsr(MSR_MISC_FEATURE_CONTROL, saved_low, saved_high);
wrmsr(MSR_MISC_FEATURE_CONTROL, prefetch_disable_bits, 0x0);
mem_r = READ_ONCE(plr->kmem);
/*
@@ -891,7 +895,7 @@ static int measure_cycles_lat_fn(void *_plr)
end = rdtsc_ordered();
trace_pseudo_lock_mem_latency((u32)(end - start));
}
- wrmsr(MSR_MISC_FEATURE_CONTROL, 0x0, 0x0);
+ wrmsr(MSR_MISC_FEATURE_CONTROL, saved_low, saved_high);
local_irq_enable();
plr->thread_done = 1;
wake_up_interruptible(&plr->lock_thread_wq);
@@ -936,6 +940,7 @@ static int measure_residency_fn(struct perf_event_attr *miss_attr,
u64 hits_before = 0, hits_after = 0, miss_before = 0, miss_after = 0;
struct perf_event *miss_event, *hit_event;
int hit_pmcnum, miss_pmcnum;
+ u32 saved_low, saved_high;
unsigned int line_size;
unsigned int size;
unsigned long i;
@@ -969,6 +974,7 @@ static int measure_residency_fn(struct perf_event_attr *miss_attr,
/*
* Disable hardware prefetchers.
*/
+ rdmsr(MSR_MISC_FEATURE_CONTROL, saved_low, saved_high);
wrmsr(MSR_MISC_FEATURE_CONTROL, prefetch_disable_bits, 0x0);
/* Initialize rest of local variables */
@@ -1027,7 +1033,7 @@ static int measure_residency_fn(struct perf_event_attr *miss_attr,
*/
rmb();
/* Re-enable hardware prefetchers */
- wrmsr(MSR_MISC_FEATURE_CONTROL, 0x0, 0x0);
+ wrmsr(MSR_MISC_FEATURE_CONTROL, saved_low, saved_high);
local_irq_enable();
out_hit:
perf_event_release_kernel(hit_event);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 106/390] Bluetooth: btusb: Fine-tune mt7663 mechanism.
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 105/390] x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 107/390] Bluetooth: btusb: fix excessive stack usage Greg Kroah-Hartman
` (289 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Chen, Marcel Holtmann, Sasha Levin
From: Mark Chen <Mark-YW.Chen@mediatek.com>
[ Upstream commit 48c13301e6baba5fd0960b412af519c0baa98011 ]
Fine-tune read register for mt7663/mt7921.
For mediatek chip spcific wmt protocol, we add more delay to send EP0
In-Token.
Signed-off-by: Mark Chen <Mark-YW.Chen@mediatek.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Stable-dep-of: fd3f106677ba ("Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/btusb.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index a699e6166aef..eb6e33d168d8 100644
--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -2816,6 +2816,7 @@ enum {
enum {
BTMTK_WMT_INVALID,
BTMTK_WMT_PATCH_UNDONE,
+ BTMTK_WMT_PATCH_PROGRESS,
BTMTK_WMT_PATCH_DONE,
BTMTK_WMT_ON_UNDONE,
BTMTK_WMT_ON_DONE,
@@ -2831,7 +2832,7 @@ struct btmtk_wmt_hdr {
struct btmtk_hci_wmt_cmd {
struct btmtk_wmt_hdr hdr;
- u8 data[256];
+ u8 data[1000];
} __packed;
struct btmtk_hci_wmt_evt {
@@ -2934,7 +2935,7 @@ static void btusb_mtk_wmt_recv(struct urb *urb)
* to generate the event. Otherwise, the WMT event cannot return from
* the device successfully.
*/
- udelay(100);
+ udelay(500);
usb_anchor_urb(urb, &data->ctrl_anchor);
err = usb_submit_urb(urb, GFP_ATOMIC);
@@ -3238,9 +3239,9 @@ static int btusb_mtk_reg_read(struct btusb_data *data, u32 reg, u32 *val)
return err;
}
-static int btusb_mtk_id_get(struct btusb_data *data, u32 *id)
+static int btusb_mtk_id_get(struct btusb_data *data, u32 reg, u32 *id)
{
- return btusb_mtk_reg_read(data, 0x80000008, id);
+ return btusb_mtk_reg_read(data, reg, id);
}
static int btusb_mtk_setup(struct hci_dev *hdev)
@@ -3258,7 +3259,7 @@ static int btusb_mtk_setup(struct hci_dev *hdev)
calltime = ktime_get();
- err = btusb_mtk_id_get(data, &dev_id);
+ err = btusb_mtk_id_get(data, 0x80000008, &dev_id);
if (err < 0) {
bt_dev_err(hdev, "Failed to get device id (%d)", err);
return err;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 107/390] Bluetooth: btusb: fix excessive stack usage
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 106/390] Bluetooth: btusb: Fine-tune mt7663 mechanism Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 108/390] Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend Greg Kroah-Hartman
` (288 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Marcel Holtmann, Sasha Levin
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 10888140f09c3472146dc206accd0cfa051d0ed4 ]
Enlarging the size of 'struct btmtk_hci_wmt_cmd' makes it no longer
fit on the kernel stack, as seen from this compiler warning:
drivers/bluetooth/btusb.c:3365:12: error: stack frame size of 1036 bytes in function 'btusb_mtk_hci_wmt_sync' [-Werror,-Wframe-larger-than=]
Change the function to dynamically allocate the buffer instead.
As there are other sleeping functions called from the same location,
using GFP_KERNEL should be fine here, and the runtime overhead should
not matter as this is rarely called.
Unfortunately, I could not figure out why the message size is
increased in the previous patch. Using dynamic allocation means
any size is possible now, but there is still a range check that
limits the total size (including the five-byte header) to 255
bytes, so whatever was intended there is now undone.
Fixes: 48c13301e6ba ("Bluetooth: btusb: Fine-tune mt7663 mechanism.")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Stable-dep-of: fd3f106677ba ("Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/btusb.c | 24 +++++++++++++++---------
1 file changed, 15 insertions(+), 9 deletions(-)
diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index eb6e33d168d8..80a3d5019950 100644
--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -2832,7 +2832,7 @@ struct btmtk_wmt_hdr {
struct btmtk_hci_wmt_cmd {
struct btmtk_wmt_hdr hdr;
- u8 data[1000];
+ u8 data[];
} __packed;
struct btmtk_hci_wmt_evt {
@@ -3011,7 +3011,7 @@ static int btusb_mtk_hci_wmt_sync(struct hci_dev *hdev,
struct btmtk_hci_wmt_evt_funcc *wmt_evt_funcc;
u32 hlen, status = BTMTK_WMT_INVALID;
struct btmtk_hci_wmt_evt *wmt_evt;
- struct btmtk_hci_wmt_cmd wc;
+ struct btmtk_hci_wmt_cmd *wc;
struct btmtk_wmt_hdr *hdr;
int err;
@@ -3020,20 +3020,24 @@ static int btusb_mtk_hci_wmt_sync(struct hci_dev *hdev,
if (hlen > 255)
return -EINVAL;
- hdr = (struct btmtk_wmt_hdr *)&wc;
+ wc = kzalloc(hlen, GFP_KERNEL);
+ if (!wc)
+ return -ENOMEM;
+
+ hdr = &wc->hdr;
hdr->dir = 1;
hdr->op = wmt_params->op;
hdr->dlen = cpu_to_le16(wmt_params->dlen + 1);
hdr->flag = wmt_params->flag;
- memcpy(wc.data, wmt_params->data, wmt_params->dlen);
+ memcpy(wc->data, wmt_params->data, wmt_params->dlen);
set_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
- err = __hci_cmd_send(hdev, 0xfc6f, hlen, &wc);
+ err = __hci_cmd_send(hdev, 0xfc6f, hlen, wc);
if (err < 0) {
clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
- return err;
+ goto err_free_wc;
}
/* Submit control IN URB on demand to process the WMT event */
@@ -3055,13 +3059,14 @@ static int btusb_mtk_hci_wmt_sync(struct hci_dev *hdev,
if (err == -EINTR) {
bt_dev_err(hdev, "Execution of wmt command interrupted");
clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
- return err;
+ goto err_free_wc;
}
if (err) {
bt_dev_err(hdev, "Execution of wmt command timed out");
clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
- return -ETIMEDOUT;
+ err = -ETIMEDOUT;
+ goto err_free_wc;
}
/* Parse and handle the return WMT event */
@@ -3097,7 +3102,8 @@ static int btusb_mtk_hci_wmt_sync(struct hci_dev *hdev,
err_free_skb:
kfree_skb(data->evt_skb);
data->evt_skb = NULL;
-
+err_free_wc:
+ kfree(wc);
return err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 108/390] Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 107/390] Bluetooth: btusb: fix excessive stack usage Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 109/390] wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() Greg Kroah-Hartman
` (287 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jing Cai, Sean Wang,
Luiz Augusto von Dentz, Sasha Levin
From: Sean Wang <sean.wang@mediatek.com>
[ Upstream commit fd3f106677bac70437dc12e76c827294ed495a44 ]
WMT cmd/event doesn't follow up the generic HCI cmd/event handling, it
needs constantly polling control pipe until the host received the WMT
event, thus, we should require to specifically acquire PM counter on the
USB to prevent the interface from entering auto suspended while WMT
cmd/event in progress.
Fixes: a1c49c434e15 ("Bluetooth: btusb: Add protocol support for MediaTek MT7668U USB devices")
Co-developed-by: Jing Cai <jing.cai@mediatek.com>
Signed-off-by: Jing Cai <jing.cai@mediatek.com>
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/btusb.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index 80a3d5019950..6efd981979bd 100644
--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -3033,15 +3033,29 @@ static int btusb_mtk_hci_wmt_sync(struct hci_dev *hdev,
set_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
+ /* WMT cmd/event doesn't follow up the generic HCI cmd/event handling,
+ * it needs constantly polling control pipe until the host received the
+ * WMT event, thus, we should require to specifically acquire PM counter
+ * on the USB to prevent the interface from entering auto suspended
+ * while WMT cmd/event in progress.
+ */
+ err = usb_autopm_get_interface(data->intf);
+ if (err < 0)
+ goto err_free_wc;
+
err = __hci_cmd_send(hdev, 0xfc6f, hlen, wc);
if (err < 0) {
clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
+ usb_autopm_put_interface(data->intf);
goto err_free_wc;
}
/* Submit control IN URB on demand to process the WMT event */
err = btusb_mtk_submit_wmt_recv_urb(hdev);
+
+ usb_autopm_put_interface(data->intf);
+
if (err < 0)
return err;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 109/390] wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 108/390] Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 110/390] selftests/xsk: Avoid use-after-free on ctx Greg Kroah-Hartman
` (286 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Jes Sorensen,
Kalle Valo, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 620d5eaeb9059636864bda83ca1c68c20ede34a5 ]
There some bounds checking to ensure that "map_addr" is not out of
bounds before the start of the loop. But the checking needs to be
done as we iterate through the loop because "map_addr" gets larger as
we iterate.
Fixes: 26f1fad29ad9 ("New driver: rtl8xxxu (mac80211)")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Jes Sorensen <Jes.Sorensen@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/Yv8eGLdBslLAk3Ct@kili
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
index 0d374a294840..9f646964055d 100644
--- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
+++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
@@ -1874,13 +1874,6 @@ static int rtl8xxxu_read_efuse(struct rtl8xxxu_priv *priv)
/* We have 8 bits to indicate validity */
map_addr = offset * 8;
- if (map_addr >= EFUSE_MAP_LEN) {
- dev_warn(dev, "%s: Illegal map_addr (%04x), "
- "efuse corrupt!\n",
- __func__, map_addr);
- ret = -EINVAL;
- goto exit;
- }
for (i = 0; i < EFUSE_MAX_WORD_UNIT; i++) {
/* Check word enable condition in the section */
if (word_mask & BIT(i)) {
@@ -1891,6 +1884,13 @@ static int rtl8xxxu_read_efuse(struct rtl8xxxu_priv *priv)
ret = rtl8xxxu_read_efuse8(priv, efuse_addr++, &val8);
if (ret)
goto exit;
+ if (map_addr >= EFUSE_MAP_LEN - 1) {
+ dev_warn(dev, "%s: Illegal map_addr (%04x), "
+ "efuse corrupt!\n",
+ __func__, map_addr);
+ ret = -EINVAL;
+ goto exit;
+ }
priv->efuse_wifi.raw[map_addr++] = val8;
ret = rtl8xxxu_read_efuse8(priv, efuse_addr++, &val8);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 110/390] selftests/xsk: Avoid use-after-free on ctx
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 109/390] wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 111/390] spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() Greg Kroah-Hartman
` (285 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ian Rogers, Daniel Borkmann,
Magnus Karlsson, Sasha Levin
From: Ian Rogers <irogers@google.com>
[ Upstream commit af515a5587b8f45f19e11657746e0c89411b0380 ]
The put lowers the reference count to 0 and frees ctx, reading it
afterwards is invalid. Move the put after the uses and determine the
last use by the reference count being 1.
Fixes: 39e940d4abfa ("selftests/xsk: Destroy BPF resources only when ctx refcount drops to 0")
Signed-off-by: Ian Rogers <irogers@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Magnus Karlsson <magnus.karlsson@intel.com>
Link: https://lore.kernel.org/bpf/20220901202645.1463552-1-irogers@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/bpf/xsk.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/tools/lib/bpf/xsk.c b/tools/lib/bpf/xsk.c
index e8745f646371..fa1f8faf7dfe 100644
--- a/tools/lib/bpf/xsk.c
+++ b/tools/lib/bpf/xsk.c
@@ -930,13 +930,13 @@ void xsk_socket__delete(struct xsk_socket *xsk)
ctx = xsk->ctx;
umem = ctx->umem;
- xsk_put_ctx(ctx, true);
-
- if (!ctx->refcount) {
+ if (ctx->refcount == 1) {
xsk_delete_bpf_maps(xsk);
close(ctx->prog_fd);
}
+ xsk_put_ctx(ctx, true);
+
err = xsk_get_mmap_offsets(xsk->fd, &off);
if (!err) {
if (xsk->rx) {
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 111/390] spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 110/390] selftests/xsk: Avoid use-after-free on ctx Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 112/390] spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() Greg Kroah-Hartman
` (284 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xu Qiang, Mark Brown, Sasha Levin
From: Xu Qiang <xuqiang36@huawei.com>
[ Upstream commit 70034320fdc597b8f58b4a43bb547f17c4c5557a ]
Add the missing clk_disable_unprepare() before return
from spi_qup_resume() in the error handling case.
Fixes: 64ff247a978f (“spi: Add Qualcomm QUP SPI controller support”)
Signed-off-by: Xu Qiang <xuqiang36@huawei.com>
Link: https://lore.kernel.org/r/20220825065324.68446-1-xuqiang36@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-qup.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/drivers/spi/spi-qup.c b/drivers/spi/spi-qup.c
index d39dec6d1c91..668d79922fac 100644
--- a/drivers/spi/spi-qup.c
+++ b/drivers/spi/spi-qup.c
@@ -1246,14 +1246,25 @@ static int spi_qup_resume(struct device *device)
return ret;
ret = clk_prepare_enable(controller->cclk);
- if (ret)
+ if (ret) {
+ clk_disable_unprepare(controller->iclk);
return ret;
+ }
ret = spi_qup_set_state(controller, QUP_STATE_RESET);
if (ret)
- return ret;
+ goto disable_clk;
+
+ ret = spi_master_resume(master);
+ if (ret)
+ goto disable_clk;
- return spi_master_resume(master);
+ return 0;
+
+disable_clk:
+ clk_disable_unprepare(controller->cclk);
+ clk_disable_unprepare(controller->iclk);
+ return ret;
}
#endif /* CONFIG_PM_SLEEP */
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 112/390] spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 111/390] spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 113/390] wifi: rtl8xxxu: Fix skb misuse in TX queue selection Greg Kroah-Hartman
` (283 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xu Qiang, Mark Brown, Sasha Levin
From: Xu Qiang <xuqiang36@huawei.com>
[ Upstream commit 494a22765ce479c9f8ad181c5d24cffda9f534bb ]
Add the missing clk_disable_unprepare() before return
from spi_qup_pm_resume_runtime() in the error handling case.
Fixes: dae1a7700b34 (“spi: qup: Handle clocks in pm_runtime suspend and resume”)
Signed-off-by: Xu Qiang <xuqiang36@huawei.com>
Link: https://lore.kernel.org/r/20220825065324.68446-2-xuqiang36@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-qup.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/spi/spi-qup.c b/drivers/spi/spi-qup.c
index 668d79922fac..f3877eeb3da6 100644
--- a/drivers/spi/spi-qup.c
+++ b/drivers/spi/spi-qup.c
@@ -1199,8 +1199,10 @@ static int spi_qup_pm_resume_runtime(struct device *device)
return ret;
ret = clk_prepare_enable(controller->cclk);
- if (ret)
+ if (ret) {
+ clk_disable_unprepare(controller->iclk);
return ret;
+ }
/* Disable clocks auto gaiting */
config = readl_relaxed(controller->base + QUP_CONFIG);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 113/390] wifi: rtl8xxxu: Fix skb misuse in TX queue selection
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 112/390] spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 114/390] spi: meson-spicc: do not rely on busy flag in pow2 clk ops Greg Kroah-Hartman
` (282 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bitterblue Smith, Kalle Valo, Sasha Levin
From: Bitterblue Smith <rtl8821cerfe2@gmail.com>
[ Upstream commit edd5747aa12ed61a5ecbfa58d3908623fddbf1e8 ]
rtl8xxxu_queue_select() selects the wrong TX queues because it's
reading memory from the wrong address. It expects to find ieee80211_hdr
at skb->data, but that's not the case after skb_push(). Move the call
to rtl8xxxu_queue_select() before the call to skb_push().
Fixes: 26f1fad29ad9 ("New driver: rtl8xxxu (mac80211)")
Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/7fa4819a-4f20-b2af-b7a6-8ee01ac49295@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
index 9f646964055d..e8b4544b5b15 100644
--- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
+++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
@@ -4984,6 +4984,8 @@ static void rtl8xxxu_tx(struct ieee80211_hw *hw,
if (control && control->sta)
sta = control->sta;
+ queue = rtl8xxxu_queue_select(hw, skb);
+
tx_desc = skb_push(skb, tx_desc_size);
memset(tx_desc, 0, tx_desc_size);
@@ -4996,7 +4998,6 @@ static void rtl8xxxu_tx(struct ieee80211_hw *hw,
is_broadcast_ether_addr(ieee80211_get_DA(hdr)))
tx_desc->txdw0 |= TXDESC_BROADMULTICAST;
- queue = rtl8xxxu_queue_select(hw, skb);
tx_desc->txdw1 = cpu_to_le32(queue << TXDESC_QUEUE_SHIFT);
if (tx_info->control.hw_key) {
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 114/390] spi: meson-spicc: do not rely on busy flag in pow2 clk ops
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 113/390] wifi: rtl8xxxu: Fix skb misuse in TX queue selection Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 115/390] bpf: btf: fix truncated last_member_type_id in btf_struct_resolve Greg Kroah-Hartman
` (281 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Markus Schneider-Pargmann,
Neil Armstrong, Mark Brown, Sasha Levin
From: Neil Armstrong <narmstrong@baylibre.com>
[ Upstream commit 36acf80fc0c4b5ebe6fa010b524d442ee7f08fd3 ]
Since [1], controller's busy flag isn't set anymore when the
__spi_transfer_message_noqueue() is used instead of the
__spi_pump_transfer_message() logic for spi_sync transfers.
Since the pow2 clock ops were limited to only be available when a
transfer is ongoing (between prepare_transfer_hardware and
unprepare_transfer_hardware callbacks), the only way to track this
down is to check for the controller cur_msg.
[1] ae7d2346dc89 ("spi: Don't use the message queue if possible in spi_sync")
Fixes: 09992025dacd ("spi: meson-spicc: add local pow2 clock ops to preserve rate between messages")
Fixes: ae7d2346dc89 ("spi: Don't use the message queue if possible in spi_sync")
Reported-by: Markus Schneider-Pargmann <msp@baylibre.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Tested-by: Markus Schneider-Pargmann <msp@baylibre.com>
Link: https://lore.kernel.org/r/20220908121803.919943-1-narmstrong@baylibre.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-meson-spicc.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/spi/spi-meson-spicc.c b/drivers/spi/spi-meson-spicc.c
index e4cb52e1fe26..6974a1c947aa 100644
--- a/drivers/spi/spi-meson-spicc.c
+++ b/drivers/spi/spi-meson-spicc.c
@@ -537,7 +537,7 @@ static unsigned long meson_spicc_pow2_recalc_rate(struct clk_hw *hw,
struct clk_divider *divider = to_clk_divider(hw);
struct meson_spicc_device *spicc = pow2_clk_to_spicc(divider);
- if (!spicc->master->cur_msg || !spicc->master->busy)
+ if (!spicc->master->cur_msg)
return 0;
return clk_divider_ops.recalc_rate(hw, parent_rate);
@@ -549,7 +549,7 @@ static int meson_spicc_pow2_determine_rate(struct clk_hw *hw,
struct clk_divider *divider = to_clk_divider(hw);
struct meson_spicc_device *spicc = pow2_clk_to_spicc(divider);
- if (!spicc->master->cur_msg || !spicc->master->busy)
+ if (!spicc->master->cur_msg)
return -EINVAL;
return clk_divider_ops.determine_rate(hw, req);
@@ -561,7 +561,7 @@ static int meson_spicc_pow2_set_rate(struct clk_hw *hw, unsigned long rate,
struct clk_divider *divider = to_clk_divider(hw);
struct meson_spicc_device *spicc = pow2_clk_to_spicc(divider);
- if (!spicc->master->cur_msg || !spicc->master->busy)
+ if (!spicc->master->cur_msg)
return -EINVAL;
return clk_divider_ops.set_rate(hw, rate, parent_rate);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 115/390] bpf: btf: fix truncated last_member_type_id in btf_struct_resolve
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 114/390] spi: meson-spicc: do not rely on busy flag in pow2 clk ops Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 116/390] wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration Greg Kroah-Hartman
` (280 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stanislav Fomichev, Lorenz Bauer,
Alexei Starovoitov, Sasha Levin
From: Lorenz Bauer <oss@lmb.io>
[ Upstream commit a37a32583e282d8d815e22add29bc1e91e19951a ]
When trying to finish resolving a struct member, btf_struct_resolve
saves the member type id in a u16 temporary variable. This truncates
the 32 bit type id value if it exceeds UINT16_MAX.
As a result, structs that have members with type ids > UINT16_MAX and
which need resolution will fail with a message like this:
[67414] STRUCT ff_device size=120 vlen=12
effect_owners type_id=67434 bits_offset=960 Member exceeds struct_size
Fix this by changing the type of last_member_type_id to u32.
Fixes: a0791f0df7d2 ("bpf: fix BTF limits")
Reviewed-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: Lorenz Bauer <oss@lmb.io>
Link: https://lore.kernel.org/r/20220910110120.339242-1-oss@lmb.io
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/btf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index dc497eaf2266..9232938e3f96 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -2913,7 +2913,7 @@ static int btf_struct_resolve(struct btf_verifier_env *env,
if (v->next_member) {
const struct btf_type *last_member_type;
const struct btf_member *last_member;
- u16 last_member_type_id;
+ u32 last_member_type_id;
last_member = btf_type_member(v->t) + v->next_member - 1;
last_member_type_id = last_member->type;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 116/390] wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 115/390] bpf: btf: fix truncated last_member_type_id in btf_struct_resolve Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 117/390] wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask Greg Kroah-Hartman
` (279 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bitterblue Smith, Kalle Valo, Sasha Levin
From: Bitterblue Smith <rtl8821cerfe2@gmail.com>
[ Upstream commit e963a19c64ac0d2f8785d36a27391abd91ac77aa ]
Found by comparing with the vendor driver. Currently this affects
only the RTL8192EU, which is the only gen2 chip with 2 TX paths
supported by this driver. It's unclear what kind of effect the
mistake had in practice, since I don't have any RTL8192EU devices
to test it.
Fixes: e1547c535ede ("rtl8xxxu: First stab at adding IQK calibration for 8723bu parts")
Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/30a59f3a-cfa9-8379-7af0-78a8f4c77cfd@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
index e8b4544b5b15..8668b03bd8c7 100644
--- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
+++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
@@ -2925,12 +2925,12 @@ bool rtl8xxxu_gen2_simularity_compare(struct rtl8xxxu_priv *priv,
}
if (!(simubitmap & 0x30) && priv->tx_paths > 1) {
- /* path B RX OK */
+ /* path B TX OK */
for (i = 4; i < 6; i++)
result[3][i] = result[c1][i];
}
- if (!(simubitmap & 0x30) && priv->tx_paths > 1) {
+ if (!(simubitmap & 0xc0) && priv->tx_paths > 1) {
/* path B RX OK */
for (i = 6; i < 8; i++)
result[3][i] = result[c1][i];
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 117/390] wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 116/390] wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 118/390] net: fs_enet: Fix wrong check in do_pd_setup Greg Kroah-Hartman
` (278 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bitterblue Smith, Kalle Valo, Sasha Levin
From: Bitterblue Smith <rtl8821cerfe2@gmail.com>
[ Upstream commit d5350756c03cdf18696295c6b11d7acc4dbf825c ]
It looks like a leftover from copying rtl8xxxu_update_rate_mask,
which is used with the gen1 chips.
It wasn't causing any problems for my RTL8188FU test device, but it's
clearly a mistake, so remove it.
Fixes: f653e69009c6 ("rtl8xxxu: Implement basic 8723b specific update_rate_mask() function")
Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/d5544fe8-9798-28f1-54bd-6839a1974b10@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
index 8668b03bd8c7..7818a7ea0498 100644
--- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
+++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
@@ -4338,15 +4338,14 @@ void rtl8xxxu_gen2_update_rate_mask(struct rtl8xxxu_priv *priv,
h2c.b_macid_cfg.ramask2 = (ramask >> 16) & 0xff;
h2c.b_macid_cfg.ramask3 = (ramask >> 24) & 0xff;
- h2c.ramask.arg = 0x80;
h2c.b_macid_cfg.data1 = rateid;
if (sgi)
h2c.b_macid_cfg.data1 |= BIT(7);
h2c.b_macid_cfg.data2 = bw;
- dev_dbg(&priv->udev->dev, "%s: rate mask %08x, arg %02x, size %zi\n",
- __func__, ramask, h2c.ramask.arg, sizeof(h2c.b_macid_cfg));
+ dev_dbg(&priv->udev->dev, "%s: rate mask %08x, rateid %02x, sgi %d, size %zi\n",
+ __func__, ramask, rateid, sgi, sizeof(h2c.b_macid_cfg));
rtl8xxxu_gen2_h2c_cmd(priv, &h2c, sizeof(h2c.b_macid_cfg));
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 118/390] net: fs_enet: Fix wrong check in do_pd_setup
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 117/390] wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 119/390] bpf: Ensure correct locking around vulnerable function find_vpid() Greg Kroah-Hartman
` (277 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheng Yongjun, Christophe Leroy,
David S. Miller, Sasha Levin
From: Zheng Yongjun <zhengyongjun3@huawei.com>
[ Upstream commit ec3f06b542a960806a81345042e4eee3f8c5dec4 ]
Should check of_iomap return value 'fep->fec.fecp' instead of 'fep->fcc.fccp'
Fixes: 976de6a8c304 ("fs_enet: Be an of_platform device when CONFIG_PPC_CPM_NEW_BINDING is set.")
Signed-off-by: Zheng Yongjun <zhengyongjun3@huawei.com>
Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/freescale/fs_enet/mac-fec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/freescale/fs_enet/mac-fec.c b/drivers/net/ethernet/freescale/fs_enet/mac-fec.c
index 99fe2c210d0f..61f4b6e50d29 100644
--- a/drivers/net/ethernet/freescale/fs_enet/mac-fec.c
+++ b/drivers/net/ethernet/freescale/fs_enet/mac-fec.c
@@ -98,7 +98,7 @@ static int do_pd_setup(struct fs_enet_private *fep)
return -EINVAL;
fep->fec.fecp = of_iomap(ofdev->dev.of_node, 0);
- if (!fep->fcc.fccp)
+ if (!fep->fec.fecp)
return -EINVAL;
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 119/390] bpf: Ensure correct locking around vulnerable function find_vpid()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 118/390] net: fs_enet: Fix wrong check in do_pd_setup Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 120/390] Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure Greg Kroah-Hartman
` (276 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lee Jones, Daniel Borkmann,
Yonghong Song, Sasha Levin
From: Lee Jones <lee@kernel.org>
[ Upstream commit 83c10cc362d91c0d8d25e60779ee52fdbbf3894d ]
The documentation for find_vpid() clearly states:
"Must be called with the tasklist_lock or rcu_read_lock() held."
Presently we do neither for find_vpid() instance in bpf_task_fd_query().
Add proper rcu_read_lock/unlock() to fix the issue.
Fixes: 41bdc4b40ed6f ("bpf: introduce bpf subcommand BPF_TASK_FD_QUERY")
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20220912133855.1218900-1-lee@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/syscall.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 419dbc3d060e..aaad2dce2be6 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -3915,7 +3915,9 @@ static int bpf_task_fd_query(const union bpf_attr *attr,
if (attr->task_fd_query.flags != 0)
return -EINVAL;
+ rcu_read_lock();
task = get_pid_task(find_vpid(pid), PIDTYPE_PID);
+ rcu_read_unlock();
if (!task)
return -ENOENT;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 120/390] Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 119/390] bpf: Ensure correct locking around vulnerable function find_vpid() Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 121/390] wifi: ath11k: fix number of VHT beamformee spatial streams Greg Kroah-Hartman
` (275 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot, Tetsuo Handa,
Luiz Augusto von Dentz, Sasha Levin
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
[ Upstream commit 3124d320c22f3f4388d9ac5c8f37eaad0cefd6b1 ]
syzbot is reporting NULL pointer dereference at hci_uart_tty_close() [1],
for rcu_sync_enter() is called without rcu_sync_init() due to
hci_uart_tty_open() ignoring percpu_init_rwsem() failure.
While we are at it, fix that hci_uart_register_device() ignores
percpu_init_rwsem() failure and hci_uart_unregister_device() does not
call percpu_free_rwsem().
Link: https://syzkaller.appspot.com/bug?extid=576dfca25381fb6fbc5f [1]
Reported-by: syzbot <syzbot+576dfca25381fb6fbc5f@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Fixes: 67d2f8781b9f00d1 ("Bluetooth: hci_ldisc: Allow sleeping while proto locks are held.")
Fixes: d73e172816652772 ("Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/hci_ldisc.c | 7 +++++--
drivers/bluetooth/hci_serdev.c | 10 +++++++---
2 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c
index 637c5b8c2aa1..726d5c83c550 100644
--- a/drivers/bluetooth/hci_ldisc.c
+++ b/drivers/bluetooth/hci_ldisc.c
@@ -490,6 +490,11 @@ static int hci_uart_tty_open(struct tty_struct *tty)
BT_ERR("Can't allocate control structure");
return -ENFILE;
}
+ if (percpu_init_rwsem(&hu->proto_lock)) {
+ BT_ERR("Can't allocate semaphore structure");
+ kfree(hu);
+ return -ENOMEM;
+ }
tty->disc_data = hu;
hu->tty = tty;
@@ -502,8 +507,6 @@ static int hci_uart_tty_open(struct tty_struct *tty)
INIT_WORK(&hu->init_ready, hci_uart_init_work);
INIT_WORK(&hu->write_work, hci_uart_write_work);
- percpu_init_rwsem(&hu->proto_lock);
-
/* Flush any pending characters in the driver */
tty_driver_flush_buffer(tty);
diff --git a/drivers/bluetooth/hci_serdev.c b/drivers/bluetooth/hci_serdev.c
index e9a44ab3812d..f2e2e553d4de 100644
--- a/drivers/bluetooth/hci_serdev.c
+++ b/drivers/bluetooth/hci_serdev.c
@@ -301,11 +301,12 @@ int hci_uart_register_device(struct hci_uart *hu,
serdev_device_set_client_ops(hu->serdev, &hci_serdev_client_ops);
+ if (percpu_init_rwsem(&hu->proto_lock))
+ return -ENOMEM;
+
err = serdev_device_open(hu->serdev);
if (err)
- return err;
-
- percpu_init_rwsem(&hu->proto_lock);
+ goto err_rwsem;
err = p->open(hu);
if (err)
@@ -375,6 +376,8 @@ int hci_uart_register_device(struct hci_uart *hu,
p->close(hu);
err_open:
serdev_device_close(hu->serdev);
+err_rwsem:
+ percpu_free_rwsem(&hu->proto_lock);
return err;
}
EXPORT_SYMBOL_GPL(hci_uart_register_device);
@@ -396,5 +399,6 @@ void hci_uart_unregister_device(struct hci_uart *hu)
clear_bit(HCI_UART_PROTO_READY, &hu->flags);
serdev_device_close(hu->serdev);
}
+ percpu_free_rwsem(&hu->proto_lock);
}
EXPORT_SYMBOL_GPL(hci_uart_unregister_device);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 121/390] wifi: ath11k: fix number of VHT beamformee spatial streams
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 120/390] Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 122/390] x86/microcode/AMD: Track patch allocation size explicitly Greg Kroah-Hartman
` (274 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jesus Fernandez Manzano, Kalle Valo,
Sasha Levin
From: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
[ Upstream commit 55b5ee3357d7bb98ee578cf9b84a652e7a1bc199 ]
The number of spatial streams used when acting as a beamformee in VHT
mode are reported by the firmware as 7 (8 sts - 1) both in IPQ6018 and
IPQ8074 which respectively have 2 and 4 sts each. So the firmware should
report 1 (2 - 1) and 3 (4 - 1).
Fix this by checking that the number of VHT beamformee sts reported by
the firmware is not greater than the number of receiving antennas - 1.
The fix is based on the same approach used in this same function for
sanitizing the number of sounding dimensions reported by the firmware.
Without this change, acting as a beamformee in VHT mode is not working
properly.
Tested-on: IPQ6018 hw1.0 AHB WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1
Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1
Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices")
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220616173947.21901-1-jesus.manzano@galgus.net
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/mac.c | 25 ++++++++++++++++++++-----
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c
index 44282aec069d..67faf62999de 100644
--- a/drivers/net/wireless/ath/ath11k/mac.c
+++ b/drivers/net/wireless/ath/ath11k/mac.c
@@ -3419,6 +3419,8 @@ static int ath11k_mac_set_txbf_conf(struct ath11k_vif *arvif)
if (vht_cap & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)) {
nsts = vht_cap & IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
nsts >>= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
+ if (nsts > (ar->num_rx_chains - 1))
+ nsts = ar->num_rx_chains - 1;
value |= SM(nsts, WMI_TXBF_STS_CAP_OFFSET);
}
@@ -3459,7 +3461,7 @@ static int ath11k_mac_set_txbf_conf(struct ath11k_vif *arvif)
static void ath11k_set_vht_txbf_cap(struct ath11k *ar, u32 *vht_cap)
{
bool subfer, subfee;
- int sound_dim = 0;
+ int sound_dim = 0, nsts = 0;
subfer = !!(*vht_cap & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE));
subfee = !!(*vht_cap & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE));
@@ -3469,6 +3471,11 @@ static void ath11k_set_vht_txbf_cap(struct ath11k *ar, u32 *vht_cap)
subfer = false;
}
+ if (ar->num_rx_chains < 2) {
+ *vht_cap &= ~(IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE);
+ subfee = false;
+ }
+
/* If SU Beaformer is not set, then disable MU Beamformer Capability */
if (!subfer)
*vht_cap &= ~(IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE);
@@ -3481,7 +3488,9 @@ static void ath11k_set_vht_txbf_cap(struct ath11k *ar, u32 *vht_cap)
sound_dim >>= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
*vht_cap &= ~IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
- /* TODO: Need to check invalid STS and Sound_dim values set by FW? */
+ nsts = (*vht_cap & IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK);
+ nsts >>= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
+ *vht_cap &= ~IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
/* Enable Sounding Dimension Field only if SU BF is enabled */
if (subfer) {
@@ -3493,9 +3502,15 @@ static void ath11k_set_vht_txbf_cap(struct ath11k *ar, u32 *vht_cap)
*vht_cap |= sound_dim;
}
- /* Use the STS advertised by FW unless SU Beamformee is not supported*/
- if (!subfee)
- *vht_cap &= ~(IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK);
+ /* Enable Beamformee STS Field only if SU BF is enabled */
+ if (subfee) {
+ if (nsts > (ar->num_rx_chains - 1))
+ nsts = ar->num_rx_chains - 1;
+
+ nsts <<= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
+ nsts &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
+ *vht_cap |= nsts;
+ }
}
static struct ieee80211_sta_vht_cap
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 122/390] x86/microcode/AMD: Track patch allocation size explicitly
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 121/390] wifi: ath11k: fix number of VHT beamformee spatial streams Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 123/390] x86/cpu: Include the header of init_ia32_feat_ctl()s prototype Greg Kroah-Hartman
` (273 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Micay, Kees Cook,
Borislav Petkov, Sasha Levin
From: Kees Cook <keescook@chromium.org>
[ Upstream commit 712f210a457d9c32414df246a72781550bc23ef6 ]
In preparation for reducing the use of ksize(), record the actual
allocation size for later memcpy(). This avoids copying extra
(uninitialized!) bytes into the patch buffer when the requested
allocation size isn't exactly the size of a kmalloc bucket.
Additionally, fix potential future issues where runtime bounds checking
will notice that the buffer was allocated to a smaller value than
returned by ksize().
Fixes: 757885e94a22 ("x86, microcode, amd: Early microcode patch loading support for AMD")
Suggested-by: Daniel Micay <danielmicay@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/lkml/CA+DvKQ+bp7Y7gmaVhacjv9uF6Ar-o4tet872h4Q8RPYPJjcJQA@mail.gmail.com/
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/microcode.h | 1 +
arch/x86/kernel/cpu/microcode/amd.c | 3 ++-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/microcode.h b/arch/x86/include/asm/microcode.h
index 91a06cef50c1..f73327397b89 100644
--- a/arch/x86/include/asm/microcode.h
+++ b/arch/x86/include/asm/microcode.h
@@ -9,6 +9,7 @@
struct ucode_patch {
struct list_head plist;
void *data; /* Intel uses only this one */
+ unsigned int size;
u32 patch_id;
u16 equiv_cpu;
};
diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c
index 3f6b137ef4e6..c87936441339 100644
--- a/arch/x86/kernel/cpu/microcode/amd.c
+++ b/arch/x86/kernel/cpu/microcode/amd.c
@@ -783,6 +783,7 @@ static int verify_and_add_patch(u8 family, u8 *fw, unsigned int leftover,
kfree(patch);
return -EINVAL;
}
+ patch->size = *patch_size;
mc_hdr = (struct microcode_header_amd *)(fw + SECTION_HDR_SIZE);
proc_id = mc_hdr->processor_rev_id;
@@ -864,7 +865,7 @@ load_microcode_amd(bool save, u8 family, const u8 *data, size_t size)
return ret;
memset(amd_ucode_patch, 0, PATCH_MAX_SIZE);
- memcpy(amd_ucode_patch, p->data, min_t(u32, ksize(p->data), PATCH_MAX_SIZE));
+ memcpy(amd_ucode_patch, p->data, min_t(u32, p->size, PATCH_MAX_SIZE));
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 123/390] x86/cpu: Include the header of init_ia32_feat_ctl()s prototype
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 122/390] x86/microcode/AMD: Track patch allocation size explicitly Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 124/390] spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe Greg Kroah-Hartman
` (272 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Luciano Leão, Borislav Petkov,
Nícolas F . R . A . Prado, Sasha Levin
From: Luciano Leão <lucianorsleao@gmail.com>
[ Upstream commit 30ea703a38ef76ca119673cd8bdd05c6e068e2ac ]
Include the header containing the prototype of init_ia32_feat_ctl(),
solving the following warning:
$ make W=1 arch/x86/kernel/cpu/feat_ctl.o
arch/x86/kernel/cpu/feat_ctl.c:112:6: warning: no previous prototype for ‘init_ia32_feat_ctl’ [-Wmissing-prototypes]
112 | void init_ia32_feat_ctl(struct cpuinfo_x86 *c)
This warning appeared after commit
5d5103595e9e5 ("x86/cpu: Reinitialize IA32_FEAT_CTL MSR on BSP during wakeup")
had moved the function init_ia32_feat_ctl()'s prototype from
arch/x86/kernel/cpu/cpu.h to arch/x86/include/asm/cpu.h.
Note that, before the commit mentioned above, the header include "cpu.h"
(arch/x86/kernel/cpu/cpu.h) was added by commit
0e79ad863df43 ("x86/cpu: Fix a -Wmissing-prototypes warning for init_ia32_feat_ctl()")
solely to fix init_ia32_feat_ctl()'s missing prototype. So, the header
include "cpu.h" is no longer necessary.
[ bp: Massage commit message. ]
Fixes: 5d5103595e9e5 ("x86/cpu: Reinitialize IA32_FEAT_CTL MSR on BSP during wakeup")
Signed-off-by: Luciano Leão <lucianorsleao@gmail.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Nícolas F. R. A. Prado <n@nfraprado.net>
Link: https://lore.kernel.org/r/20220922200053.1357470-1-lucianorsleao@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/feat_ctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/feat_ctl.c b/arch/x86/kernel/cpu/feat_ctl.c
index 29a3bedabd06..d7541851288e 100644
--- a/arch/x86/kernel/cpu/feat_ctl.c
+++ b/arch/x86/kernel/cpu/feat_ctl.c
@@ -1,11 +1,11 @@
// SPDX-License-Identifier: GPL-2.0
#include <linux/tboot.h>
+#include <asm/cpu.h>
#include <asm/cpufeature.h>
#include <asm/msr-index.h>
#include <asm/processor.h>
#include <asm/vmx.h>
-#include "cpu.h"
#undef pr_fmt
#define pr_fmt(fmt) "x86/cpu: " fmt
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 124/390] spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 123/390] x86/cpu: Include the header of init_ia32_feat_ctl()s prototype Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 125/390] spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe Greg Kroah-Hartman
` (271 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Qilong, Mark Brown, Sasha Levin
From: Zhang Qilong <zhangqilong3@huawei.com>
[ Upstream commit 618d815fc93477b1675878f3c04ff32657cc18b4 ]
The pm_runtime_enable will increase power disable depth. Thus
a pairing decrement is needed on the error handling path to
keep it balanced according to context.
Fixes:abf00907538e2 ("spi: dw: Add Baikal-T1 SPI Controller glue driver")
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Link: https://lore.kernel.org/r/20220924121310.78331-3-zhangqilong3@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-dw-bt1.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/spi/spi-dw-bt1.c b/drivers/spi/spi-dw-bt1.c
index bc9d5eab3c58..8f6a1af14456 100644
--- a/drivers/spi/spi-dw-bt1.c
+++ b/drivers/spi/spi-dw-bt1.c
@@ -293,8 +293,10 @@ static int dw_spi_bt1_probe(struct platform_device *pdev)
pm_runtime_enable(&pdev->dev);
ret = dw_spi_add_host(&pdev->dev, dws);
- if (ret)
+ if (ret) {
+ pm_runtime_disable(&pdev->dev);
goto err_disable_clk;
+ }
platform_set_drvdata(pdev, dwsbt1);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 125/390] spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 124/390] spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 126/390] i2c: mlxbf: support lock mechanism Greg Kroah-Hartman
` (270 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Qilong, Mark Brown, Sasha Levin
From: Zhang Qilong <zhangqilong3@huawei.com>
[ Upstream commit 29f65f2171c85a9633daa380df14009a365f42f2 ]
The pm_runtime_enable will increase power disable depth. Thus
a pairing decrement is needed on the error handling path to
keep it balanced according to context.
Fixes:db91841b58f9a ("spi/omap100k: Convert to runtime PM")
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Link: https://lore.kernel.org/r/20220924121310.78331-4-zhangqilong3@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-omap-100k.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/spi/spi-omap-100k.c b/drivers/spi/spi-omap-100k.c
index 0d0cd061d356..7c992d1f4abd 100644
--- a/drivers/spi/spi-omap-100k.c
+++ b/drivers/spi/spi-omap-100k.c
@@ -414,6 +414,7 @@ static int omap1_spi100k_probe(struct platform_device *pdev)
return status;
err_fck:
+ pm_runtime_disable(&pdev->dev);
clk_disable_unprepare(spi100k->fck);
err_ick:
clk_disable_unprepare(spi100k->ick);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 126/390] i2c: mlxbf: support lock mechanism
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 125/390] spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 127/390] Bluetooth: hci_core: Fix not handling link timeouts propertly Greg Kroah-Hartman
` (269 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Khalil Blaiech, Asmaa Mnebhi,
Wolfram Sang, Sasha Levin
From: Asmaa Mnebhi <asmaa@nvidia.com>
[ Upstream commit 86067ccfa1424a26491542d6f6d7546d40b61a10 ]
Linux is not the only entity using the BlueField I2C busses so
support a lock mechanism provided by hardware to avoid issues
when multiple entities are trying to access the same bus.
The lock is acquired whenever written explicitely or the lock
register is read. So make sure it is always released at the end
of a successful or failed transaction.
Fixes: b5b5b32081cd206b (i2c: mlxbf: I2C SMBus driver for Mellanox BlueField SoC)
Reviewed-by: Khalil Blaiech <kblaiech@nvidia.com>
Signed-off-by: Asmaa Mnebhi <asmaa@nvidia.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-mlxbf.c | 44 ++++++++++++++++++++++++++++++----
1 file changed, 39 insertions(+), 5 deletions(-)
diff --git a/drivers/i2c/busses/i2c-mlxbf.c b/drivers/i2c/busses/i2c-mlxbf.c
index bea82a787b4f..90c488a60693 100644
--- a/drivers/i2c/busses/i2c-mlxbf.c
+++ b/drivers/i2c/busses/i2c-mlxbf.c
@@ -312,6 +312,7 @@ static u64 mlxbf_i2c_corepll_frequency;
* exact.
*/
#define MLXBF_I2C_SMBUS_TIMEOUT (300 * 1000) /* 300ms */
+#define MLXBF_I2C_SMBUS_LOCK_POLL_TIMEOUT (300 * 1000) /* 300ms */
/* Encapsulates timing parameters. */
struct mlxbf_i2c_timings {
@@ -520,6 +521,25 @@ static bool mlxbf_smbus_master_wait_for_idle(struct mlxbf_i2c_priv *priv)
return false;
}
+/*
+ * wait for the lock to be released before acquiring it.
+ */
+static bool mlxbf_i2c_smbus_master_lock(struct mlxbf_i2c_priv *priv)
+{
+ if (mlxbf_smbus_poll(priv->smbus->io, MLXBF_I2C_SMBUS_MASTER_GW,
+ MLXBF_I2C_MASTER_LOCK_BIT, true,
+ MLXBF_I2C_SMBUS_LOCK_POLL_TIMEOUT))
+ return true;
+
+ return false;
+}
+
+static void mlxbf_i2c_smbus_master_unlock(struct mlxbf_i2c_priv *priv)
+{
+ /* Clear the gw to clear the lock */
+ writel(0, priv->smbus->io + MLXBF_I2C_SMBUS_MASTER_GW);
+}
+
static bool mlxbf_i2c_smbus_transaction_success(u32 master_status,
u32 cause_status)
{
@@ -711,10 +731,19 @@ mlxbf_i2c_smbus_start_transaction(struct mlxbf_i2c_priv *priv,
slave = request->slave & GENMASK(6, 0);
addr = slave << 1;
- /* First of all, check whether the HW is idle. */
- if (WARN_ON(!mlxbf_smbus_master_wait_for_idle(priv)))
+ /*
+ * Try to acquire the smbus gw lock before any reads of the GW register since
+ * a read sets the lock.
+ */
+ if (WARN_ON(!mlxbf_i2c_smbus_master_lock(priv)))
return -EBUSY;
+ /* Check whether the HW is idle */
+ if (WARN_ON(!mlxbf_smbus_master_wait_for_idle(priv))) {
+ ret = -EBUSY;
+ goto out_unlock;
+ }
+
/* Set first byte. */
data_desc[data_idx++] = addr;
@@ -738,8 +767,10 @@ mlxbf_i2c_smbus_start_transaction(struct mlxbf_i2c_priv *priv,
write_en = 1;
write_len += operation->length;
if (data_idx + operation->length >
- MLXBF_I2C_MASTER_DATA_DESC_SIZE)
- return -ENOBUFS;
+ MLXBF_I2C_MASTER_DATA_DESC_SIZE) {
+ ret = -ENOBUFS;
+ goto out_unlock;
+ }
memcpy(data_desc + data_idx,
operation->buffer, operation->length);
data_idx += operation->length;
@@ -771,7 +802,7 @@ mlxbf_i2c_smbus_start_transaction(struct mlxbf_i2c_priv *priv,
ret = mlxbf_i2c_smbus_enable(priv, slave, write_len, block_en,
pec_en, 0);
if (ret)
- return ret;
+ goto out_unlock;
}
if (read_en) {
@@ -798,6 +829,9 @@ mlxbf_i2c_smbus_start_transaction(struct mlxbf_i2c_priv *priv,
priv->smbus->io + MLXBF_I2C_SMBUS_MASTER_FSM);
}
+out_unlock:
+ mlxbf_i2c_smbus_master_unlock(priv);
+
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 127/390] Bluetooth: hci_core: Fix not handling link timeouts propertly
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (125 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 126/390] i2c: mlxbf: support lock mechanism Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 128/390] netfilter: nft_fib: Fix for rpath check with VRF devices Greg Kroah-Hartman
` (268 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Luiz Augusto von Dentz,
David Beinder, Sasha Levin
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
[ Upstream commit 116523c8fac05d1d26f748fee7919a4ec5df67ea ]
Change that introduced the use of __check_timeout did not account for
link types properly, it always assumes ACL_LINK is used thus causing
hdev->acl_last_tx to be used even in case of LE_LINK and then again
uses ACL_LINK with hci_link_tx_to.
To fix this __check_timeout now takes the link type as parameter and
then procedure to use the right last_tx based on the link type and pass
it to hci_link_tx_to.
Fixes: 1b1d29e51499 ("Bluetooth: Make use of __check_timeout on hci_sched_le")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Tested-by: David Beinder <david@beinder.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/hci_core.c | 34 +++++++++++++++++++++++-----------
1 file changed, 23 insertions(+), 11 deletions(-)
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 2cb0cf035476..866eb22432de 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -4482,15 +4482,27 @@ static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
}
-static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
+static void __check_timeout(struct hci_dev *hdev, unsigned int cnt, u8 type)
{
- if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
- /* ACL tx timeout must be longer than maximum
- * link supervision timeout (40.9 seconds) */
- if (!cnt && time_after(jiffies, hdev->acl_last_tx +
- HCI_ACL_TX_TIMEOUT))
- hci_link_tx_to(hdev, ACL_LINK);
+ unsigned long last_tx;
+
+ if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
+ return;
+
+ switch (type) {
+ case LE_LINK:
+ last_tx = hdev->le_last_tx;
+ break;
+ default:
+ last_tx = hdev->acl_last_tx;
+ break;
}
+
+ /* tx timeout must be longer than maximum link supervision timeout
+ * (40.9 seconds)
+ */
+ if (!cnt && time_after(jiffies, last_tx + HCI_ACL_TX_TIMEOUT))
+ hci_link_tx_to(hdev, type);
}
/* Schedule SCO */
@@ -4548,7 +4560,7 @@ static void hci_sched_acl_pkt(struct hci_dev *hdev)
struct sk_buff *skb;
int quote;
- __check_timeout(hdev, cnt);
+ __check_timeout(hdev, cnt, ACL_LINK);
while (hdev->acl_cnt &&
(chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
@@ -4591,8 +4603,6 @@ static void hci_sched_acl_blk(struct hci_dev *hdev)
int quote;
u8 type;
- __check_timeout(hdev, cnt);
-
BT_DBG("%s", hdev->name);
if (hdev->dev_type == HCI_AMP)
@@ -4600,6 +4610,8 @@ static void hci_sched_acl_blk(struct hci_dev *hdev)
else
type = ACL_LINK;
+ __check_timeout(hdev, cnt, type);
+
while (hdev->block_cnt > 0 &&
(chan = hci_chan_sent(hdev, type, "e))) {
u32 priority = (skb_peek(&chan->data_q))->priority;
@@ -4673,7 +4685,7 @@ static void hci_sched_le(struct hci_dev *hdev)
cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
- __check_timeout(hdev, cnt);
+ __check_timeout(hdev, cnt, LE_LINK);
tmp = cnt;
while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 128/390] netfilter: nft_fib: Fix for rpath check with VRF devices
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 127/390] Bluetooth: hci_core: Fix not handling link timeouts propertly Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 129/390] spi: s3c64xx: Fix large transfers with DMA Greg Kroah-Hartman
` (267 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Phil Sutter, Florian Westphal, Sasha Levin
From: Phil Sutter <phil@nwl.cc>
[ Upstream commit 2a8a7c0eaa8747c16aa4a48d573aa920d5c00a5c ]
Analogous to commit b575b24b8eee3 ("netfilter: Fix rpfilter
dropping vrf packets by mistake") but for nftables fib expression:
Add special treatment of VRF devices so that typical reverse path
filtering via 'fib saddr . iif oif' expression works as expected.
Fixes: f6d0cbcf09c50 ("netfilter: nf_tables: add fib expression")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/netfilter/nft_fib_ipv4.c | 3 +++
net/ipv6/netfilter/nft_fib_ipv6.c | 6 +++++-
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/netfilter/nft_fib_ipv4.c b/net/ipv4/netfilter/nft_fib_ipv4.c
index 03df986217b7..9e6f0f1275e2 100644
--- a/net/ipv4/netfilter/nft_fib_ipv4.c
+++ b/net/ipv4/netfilter/nft_fib_ipv4.c
@@ -83,6 +83,9 @@ void nft_fib4_eval(const struct nft_expr *expr, struct nft_regs *regs,
else
oif = NULL;
+ if (priv->flags & NFTA_FIB_F_IIF)
+ fl4.flowi4_oif = l3mdev_master_ifindex_rcu(oif);
+
if (nft_hook(pkt) == NF_INET_PRE_ROUTING &&
nft_fib_is_loopback(pkt->skb, nft_in(pkt))) {
nft_fib_store_result(dest, priv, nft_in(pkt));
diff --git a/net/ipv6/netfilter/nft_fib_ipv6.c b/net/ipv6/netfilter/nft_fib_ipv6.c
index 92f3235fa287..602743f6dcee 100644
--- a/net/ipv6/netfilter/nft_fib_ipv6.c
+++ b/net/ipv6/netfilter/nft_fib_ipv6.c
@@ -37,6 +37,9 @@ static int nft_fib6_flowi_init(struct flowi6 *fl6, const struct nft_fib *priv,
if (ipv6_addr_type(&fl6->daddr) & IPV6_ADDR_LINKLOCAL) {
lookup_flags |= RT6_LOOKUP_F_IFACE;
fl6->flowi6_oif = get_ifindex(dev ? dev : pkt->skb->dev);
+ } else if ((priv->flags & NFTA_FIB_F_IIF) &&
+ (netif_is_l3_master(dev) || netif_is_l3_slave(dev))) {
+ fl6->flowi6_oif = dev->ifindex;
}
if (ipv6_addr_type(&fl6->saddr) & IPV6_ADDR_UNICAST)
@@ -193,7 +196,8 @@ void nft_fib6_eval(const struct nft_expr *expr, struct nft_regs *regs,
if (rt->rt6i_flags & (RTF_REJECT | RTF_ANYCAST | RTF_LOCAL))
goto put_rt_err;
- if (oif && oif != rt->rt6i_idev->dev)
+ if (oif && oif != rt->rt6i_idev->dev &&
+ l3mdev_master_ifindex_rcu(rt->rt6i_idev->dev) != oif->ifindex)
goto put_rt_err;
nft_fib_store_result(dest, priv, rt->rt6i_idev->dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 129/390] spi: s3c64xx: Fix large transfers with DMA
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 128/390] netfilter: nft_fib: Fix for rpath check with VRF devices Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 130/390] wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM Greg Kroah-Hartman
` (266 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vincent Whitchurch, Mark Brown, Sasha Levin
From: Vincent Whitchurch <vincent.whitchurch@axis.com>
[ Upstream commit 1224e29572f655facfcd850cf0f0a4784f36a903 ]
The COUNT_VALUE in the PACKET_CNT register is 16-bit so the maximum
value is 65535. Asking the driver to transfer a larger size currently
leads to the DMA transfer timing out. Implement ->max_transfer_size()
and have the core split the transfer as needed.
Fixes: 230d42d422e7 ("spi: Add s3c64xx SPI Controller driver")
Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
Link: https://lore.kernel.org/r/20220927112117.77599-5-vincent.whitchurch@axis.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-s3c64xx.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/spi/spi-s3c64xx.c b/drivers/spi/spi-s3c64xx.c
index dfa7c91e13aa..d435df1b715b 100644
--- a/drivers/spi/spi-s3c64xx.c
+++ b/drivers/spi/spi-s3c64xx.c
@@ -84,6 +84,7 @@
#define S3C64XX_SPI_ST_TX_FIFORDY (1<<0)
#define S3C64XX_SPI_PACKET_CNT_EN (1<<16)
+#define S3C64XX_SPI_PACKET_CNT_MASK GENMASK(15, 0)
#define S3C64XX_SPI_PND_TX_UNDERRUN_CLR (1<<4)
#define S3C64XX_SPI_PND_TX_OVERRUN_CLR (1<<3)
@@ -660,6 +661,13 @@ static int s3c64xx_spi_prepare_message(struct spi_master *master,
return 0;
}
+static size_t s3c64xx_spi_max_transfer_size(struct spi_device *spi)
+{
+ struct spi_controller *ctlr = spi->controller;
+
+ return ctlr->can_dma ? S3C64XX_SPI_PACKET_CNT_MASK : SIZE_MAX;
+}
+
static int s3c64xx_spi_transfer_one(struct spi_master *master,
struct spi_device *spi,
struct spi_transfer *xfer)
@@ -1135,6 +1143,7 @@ static int s3c64xx_spi_probe(struct platform_device *pdev)
master->prepare_transfer_hardware = s3c64xx_spi_prepare_transfer;
master->prepare_message = s3c64xx_spi_prepare_message;
master->transfer_one = s3c64xx_spi_transfer_one;
+ master->max_transfer_size = s3c64xx_spi_max_transfer_size;
master->num_chipselect = sci->num_cs;
master->dma_alignment = 8;
master->bits_per_word_mask = SPI_BPW_MASK(32) | SPI_BPW_MASK(16) |
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 130/390] wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 129/390] spi: s3c64xx: Fix large transfers with DMA Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 131/390] vhost/vsock: Use kvmalloc/kvfree for larger packets Greg Kroah-Hartman
` (265 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bitterblue Smith, Jes Sorensen,
Kalle Valo, Sasha Levin
From: Bitterblue Smith <rtl8821cerfe2@gmail.com>
[ Upstream commit 5574d3290449916397f3092dcd2bac92415498e1 ]
ieee80211_tx_queue_params.aifs is not supposed to be written directly
to the REG_EDCA_*_PARAM registers. Instead process it like the vendor
drivers do. It's kinda hacky but it works.
This change boosts the download speed and makes it more stable.
Tested with RTL8188FU but all the other supported chips should also
benefit.
Fixes: 26f1fad29ad9 ("New driver: rtl8xxxu (mac80211)")
Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
Acked-by: Jes Sorensen <jes@trained-monkey.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/038cc03f-3567-77ba-a7bd-c4930e3b2fad@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 49 +++++++++++++++++++
1 file changed, 49 insertions(+)
diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
index 7818a7ea0498..e34cd6fed7e8 100644
--- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
+++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
@@ -4507,6 +4507,53 @@ rtl8xxxu_wireless_mode(struct ieee80211_hw *hw, struct ieee80211_sta *sta)
return network_type;
}
+static void rtl8xxxu_set_aifs(struct rtl8xxxu_priv *priv, u8 slot_time)
+{
+ u32 reg_edca_param[IEEE80211_NUM_ACS] = {
+ [IEEE80211_AC_VO] = REG_EDCA_VO_PARAM,
+ [IEEE80211_AC_VI] = REG_EDCA_VI_PARAM,
+ [IEEE80211_AC_BE] = REG_EDCA_BE_PARAM,
+ [IEEE80211_AC_BK] = REG_EDCA_BK_PARAM,
+ };
+ u32 val32;
+ u16 wireless_mode = 0;
+ u8 aifs, aifsn, sifs;
+ int i;
+
+ if (priv->vif) {
+ struct ieee80211_sta *sta;
+
+ rcu_read_lock();
+ sta = ieee80211_find_sta(priv->vif, priv->vif->bss_conf.bssid);
+ if (sta)
+ wireless_mode = rtl8xxxu_wireless_mode(priv->hw, sta);
+ rcu_read_unlock();
+ }
+
+ if (priv->hw->conf.chandef.chan->band == NL80211_BAND_5GHZ ||
+ (wireless_mode & WIRELESS_MODE_N_24G))
+ sifs = 16;
+ else
+ sifs = 10;
+
+ for (i = 0; i < IEEE80211_NUM_ACS; i++) {
+ val32 = rtl8xxxu_read32(priv, reg_edca_param[i]);
+
+ /* It was set in conf_tx. */
+ aifsn = val32 & 0xff;
+
+ /* aifsn not set yet or already fixed */
+ if (aifsn < 2 || aifsn > 15)
+ continue;
+
+ aifs = aifsn * slot_time + sifs;
+
+ val32 &= ~0xff;
+ val32 |= aifs;
+ rtl8xxxu_write32(priv, reg_edca_param[i], val32);
+ }
+}
+
static void
rtl8xxxu_bss_info_changed(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
struct ieee80211_bss_conf *bss_conf, u32 changed)
@@ -4592,6 +4639,8 @@ rtl8xxxu_bss_info_changed(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
else
val8 = 20;
rtl8xxxu_write8(priv, REG_SLOT, val8);
+
+ rtl8xxxu_set_aifs(priv, val8);
}
if (changed & BSS_CHANGED_BSSID) {
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 131/390] vhost/vsock: Use kvmalloc/kvfree for larger packets.
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 130/390] wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 132/390] mISDN: fix use-after-free bugs in l1oip timer handlers Greg Kroah-Hartman
` (264 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Junichi Uekawa, Stefano Garzarella,
Michael S. Tsirkin, Jakub Kicinski, Sasha Levin
From: Junichi Uekawa <uekawa@chromium.org>
[ Upstream commit 0e3f72931fc47bb81686020cc643cde5d9cd0bb8 ]
When copying a large file over sftp over vsock, data size is usually 32kB,
and kmalloc seems to fail to try to allocate 32 32kB regions.
vhost-5837: page allocation failure: order:4, mode:0x24040c0
Call Trace:
[<ffffffffb6a0df64>] dump_stack+0x97/0xdb
[<ffffffffb68d6aed>] warn_alloc_failed+0x10f/0x138
[<ffffffffb68d868a>] ? __alloc_pages_direct_compact+0x38/0xc8
[<ffffffffb664619f>] __alloc_pages_nodemask+0x84c/0x90d
[<ffffffffb6646e56>] alloc_kmem_pages+0x17/0x19
[<ffffffffb6653a26>] kmalloc_order_trace+0x2b/0xdb
[<ffffffffb66682f3>] __kmalloc+0x177/0x1f7
[<ffffffffb66e0d94>] ? copy_from_iter+0x8d/0x31d
[<ffffffffc0689ab7>] vhost_vsock_handle_tx_kick+0x1fa/0x301 [vhost_vsock]
[<ffffffffc06828d9>] vhost_worker+0xf7/0x157 [vhost]
[<ffffffffb683ddce>] kthread+0xfd/0x105
[<ffffffffc06827e2>] ? vhost_dev_set_owner+0x22e/0x22e [vhost]
[<ffffffffb683dcd1>] ? flush_kthread_worker+0xf3/0xf3
[<ffffffffb6eb332e>] ret_from_fork+0x4e/0x80
[<ffffffffb683dcd1>] ? flush_kthread_worker+0xf3/0xf3
Work around by doing kvmalloc instead.
Fixes: 433fc58e6bf2 ("VSOCK: Introduce vhost_vsock.ko")
Signed-off-by: Junichi Uekawa <uekawa@chromium.org>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Link: https://lore.kernel.org/r/20220928064538.667678-1-uekawa@chromium.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vhost/vsock.c | 2 +-
net/vmw_vsock/virtio_transport_common.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c
index 5d2d6ce7ff41..b0153617fe0e 100644
--- a/drivers/vhost/vsock.c
+++ b/drivers/vhost/vsock.c
@@ -359,7 +359,7 @@ vhost_vsock_alloc_pkt(struct vhost_virtqueue *vq,
return NULL;
}
- pkt->buf = kmalloc(pkt->len, GFP_KERNEL);
+ pkt->buf = kvmalloc(pkt->len, GFP_KERNEL);
if (!pkt->buf) {
kfree(pkt);
return NULL;
diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c
index d6d3a05c008a..c9ee9259af48 100644
--- a/net/vmw_vsock/virtio_transport_common.c
+++ b/net/vmw_vsock/virtio_transport_common.c
@@ -1196,7 +1196,7 @@ EXPORT_SYMBOL_GPL(virtio_transport_recv_pkt);
void virtio_transport_free_pkt(struct virtio_vsock_pkt *pkt)
{
- kfree(pkt->buf);
+ kvfree(pkt->buf);
kfree(pkt);
}
EXPORT_SYMBOL_GPL(virtio_transport_free_pkt);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 132/390] mISDN: fix use-after-free bugs in l1oip timer handlers
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (130 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 131/390] vhost/vsock: Use kvmalloc/kvfree for larger packets Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 133/390] sctp: handle the error returned from sctp_auth_asoc_init_active_key Greg Kroah-Hartman
` (263 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Duoming Zhou, Leon Romanovsky,
David S. Miller, Sasha Levin
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit 2568a7e0832ee30b0a351016d03062ab4e0e0a3f ]
The l1oip_cleanup() traverses the l1oip_ilist and calls
release_card() to cleanup module and stack. However,
release_card() calls del_timer() to delete the timers
such as keep_tl and timeout_tl. If the timer handler is
running, the del_timer() will not stop it and result in
UAF bugs. One of the processes is shown below:
(cleanup routine) | (timer handler)
release_card() | l1oip_timeout()
... |
del_timer() | ...
... |
kfree(hc) //FREE |
| hc->timeout_on = 0 //USE
Fix by calling del_timer_sync() in release_card(), which
makes sure the timer handlers have finished before the
resources, such as l1oip and so on, have been deallocated.
What's more, the hc->workq and hc->socket_thread can kick
those timers right back in. We add a bool flag to show
if card is released. Then, check this flag in hc->workq
and hc->socket_thread.
Fixes: 3712b42d4b1b ("Add layer1 over IP support")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/isdn/mISDN/l1oip.h | 1 +
drivers/isdn/mISDN/l1oip_core.c | 13 +++++++------
2 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/drivers/isdn/mISDN/l1oip.h b/drivers/isdn/mISDN/l1oip.h
index 7ea10db20e3a..48133d022812 100644
--- a/drivers/isdn/mISDN/l1oip.h
+++ b/drivers/isdn/mISDN/l1oip.h
@@ -59,6 +59,7 @@ struct l1oip {
int bundle; /* bundle channels in one frm */
int codec; /* codec to use for transmis. */
int limit; /* limit number of bchannels */
+ bool shutdown; /* if card is released */
/* timer */
struct timer_list keep_tl;
diff --git a/drivers/isdn/mISDN/l1oip_core.c b/drivers/isdn/mISDN/l1oip_core.c
index b57dcb834594..aec4f2a69c3b 100644
--- a/drivers/isdn/mISDN/l1oip_core.c
+++ b/drivers/isdn/mISDN/l1oip_core.c
@@ -275,7 +275,7 @@ l1oip_socket_send(struct l1oip *hc, u8 localcodec, u8 channel, u32 chanmask,
p = frame;
/* restart timer */
- if (time_before(hc->keep_tl.expires, jiffies + 5 * HZ))
+ if (time_before(hc->keep_tl.expires, jiffies + 5 * HZ) && !hc->shutdown)
mod_timer(&hc->keep_tl, jiffies + L1OIP_KEEPALIVE * HZ);
else
hc->keep_tl.expires = jiffies + L1OIP_KEEPALIVE * HZ;
@@ -601,7 +601,9 @@ l1oip_socket_parse(struct l1oip *hc, struct sockaddr_in *sin, u8 *buf, int len)
goto multiframe;
/* restart timer */
- if (time_before(hc->timeout_tl.expires, jiffies + 5 * HZ) || !hc->timeout_on) {
+ if ((time_before(hc->timeout_tl.expires, jiffies + 5 * HZ) ||
+ !hc->timeout_on) &&
+ !hc->shutdown) {
hc->timeout_on = 1;
mod_timer(&hc->timeout_tl, jiffies + L1OIP_TIMEOUT * HZ);
} else /* only adjust timer */
@@ -1232,11 +1234,10 @@ release_card(struct l1oip *hc)
{
int ch;
- if (timer_pending(&hc->keep_tl))
- del_timer(&hc->keep_tl);
+ hc->shutdown = true;
- if (timer_pending(&hc->timeout_tl))
- del_timer(&hc->timeout_tl);
+ del_timer_sync(&hc->keep_tl);
+ del_timer_sync(&hc->timeout_tl);
cancel_work_sync(&hc->workq);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 133/390] sctp: handle the error returned from sctp_auth_asoc_init_active_key
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 132/390] mISDN: fix use-after-free bugs in l1oip timer handlers Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 134/390] tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited Greg Kroah-Hartman
` (262 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+a236dd8e9622ed8954a3,
Xin Long, David S. Miller, Sasha Levin
From: Xin Long <lucien.xin@gmail.com>
[ Upstream commit 022152aaebe116a25c39818a07e175a8cd3c1e11 ]
When it returns an error from sctp_auth_asoc_init_active_key(), the
active_key is actually not updated. The old sh_key will be freeed
while it's still used as active key in asoc. Then an use-after-free
will be triggered when sending patckets, as found by syzbot:
sctp_auth_shkey_hold+0x22/0xa0 net/sctp/auth.c:112
sctp_set_owner_w net/sctp/socket.c:132 [inline]
sctp_sendmsg_to_asoc+0xbd5/0x1a20 net/sctp/socket.c:1863
sctp_sendmsg+0x1053/0x1d50 net/sctp/socket.c:2025
inet_sendmsg+0x99/0xe0 net/ipv4/af_inet.c:819
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:734
This patch is to fix it by not replacing the sh_key when it returns
errors from sctp_auth_asoc_init_active_key() in sctp_auth_set_key().
For sctp_auth_set_active_key(), old active_key_id will be set back
to asoc->active_key_id when the same thing happens.
Fixes: 58acd1009226 ("sctp: update active_key for asoc when old key is being replaced")
Reported-by: syzbot+a236dd8e9622ed8954a3@syzkaller.appspotmail.com
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sctp/auth.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/net/sctp/auth.c b/net/sctp/auth.c
index db6b7373d16c..34964145514e 100644
--- a/net/sctp/auth.c
+++ b/net/sctp/auth.c
@@ -863,12 +863,17 @@ int sctp_auth_set_key(struct sctp_endpoint *ep,
}
list_del_init(&shkey->key_list);
- sctp_auth_shkey_release(shkey);
list_add(&cur_key->key_list, sh_keys);
- if (asoc && asoc->active_key_id == auth_key->sca_keynumber)
- sctp_auth_asoc_init_active_key(asoc, GFP_KERNEL);
+ if (asoc && asoc->active_key_id == auth_key->sca_keynumber &&
+ sctp_auth_asoc_init_active_key(asoc, GFP_KERNEL)) {
+ list_del_init(&cur_key->key_list);
+ sctp_auth_shkey_release(cur_key);
+ list_add(&shkey->key_list, sh_keys);
+ return -ENOMEM;
+ }
+ sctp_auth_shkey_release(shkey);
return 0;
}
@@ -902,8 +907,13 @@ int sctp_auth_set_active_key(struct sctp_endpoint *ep,
return -EINVAL;
if (asoc) {
+ __u16 active_key_id = asoc->active_key_id;
+
asoc->active_key_id = key_id;
- sctp_auth_asoc_init_active_key(asoc, GFP_KERNEL);
+ if (sctp_auth_asoc_init_active_key(asoc, GFP_KERNEL)) {
+ asoc->active_key_id = active_key_id;
+ return -ENOMEM;
+ }
} else
ep->active_key_id = key_id;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 134/390] tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 133/390] sctp: handle the error returned from sctp_auth_asoc_init_active_key Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 135/390] spi: Ensure that sg_table wont be used after being freed Greg Kroah-Hartman
` (261 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Neal Cardwell, Kevin(Yudong) Yang,
Yuchung Cheng, Eric Dumazet, David S. Miller, Sasha Levin
From: Neal Cardwell <ncardwell@google.com>
[ Upstream commit f4ce91ce12a7c6ead19b128ffa8cff6e3ded2a14 ]
This commit fixes a bug in the tracking of max_packets_out and
is_cwnd_limited. This bug can cause the connection to fail to remember
that is_cwnd_limited is true, causing the connection to fail to grow
cwnd when it should, causing throughput to be lower than it should be.
The following event sequence is an example that triggers the bug:
(a) The connection is cwnd_limited, but packets_out is not at its
peak due to TSO deferral deciding not to send another skb yet.
In such cases the connection can advance max_packets_seq and set
tp->is_cwnd_limited to true and max_packets_out to a small
number.
(b) Then later in the round trip the connection is pacing-limited (not
cwnd-limited), and packets_out is larger. In such cases the
connection would raise max_packets_out to a bigger number but
(unexpectedly) flip tp->is_cwnd_limited from true to false.
This commit fixes that bug.
One straightforward fix would be to separately track (a) the next
window after max_packets_out reaches a maximum, and (b) the next
window after tp->is_cwnd_limited is set to true. But this would
require consuming an extra u32 sequence number.
Instead, to save space we track only the most important
information. Specifically, we track the strongest available signal of
the degree to which the cwnd is fully utilized:
(1) If the connection is cwnd-limited then we remember that fact for
the current window.
(2) If the connection not cwnd-limited then we track the maximum
number of outstanding packets in the current window.
In particular, note that the new logic cannot trigger the buggy
(a)/(b) sequence above because with the new logic a condition where
tp->packets_out > tp->max_packets_out can only trigger an update of
tp->is_cwnd_limited if tp->is_cwnd_limited is false.
This first showed up in a testing of a BBRv2 dev branch, but this
buggy behavior highlighted a general issue with the
tcp_cwnd_validate() logic that can cause cwnd to fail to increase at
the proper rate for any TCP congestion control, including Reno or
CUBIC.
Fixes: ca8a22634381 ("tcp: make cwnd-limited checks measurement-based, and gentler")
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Kevin(Yudong) Yang <yyd@google.com>
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/tcp.h | 2 +-
include/net/tcp.h | 5 ++++-
net/ipv4/tcp.c | 2 ++
net/ipv4/tcp_output.c | 19 ++++++++++++-------
4 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/include/linux/tcp.h b/include/linux/tcp.h
index 2f87377e9af7..6e3340379d85 100644
--- a/include/linux/tcp.h
+++ b/include/linux/tcp.h
@@ -265,7 +265,7 @@ struct tcp_sock {
u32 packets_out; /* Packets which are "in flight" */
u32 retrans_out; /* Retransmitted packets out */
u32 max_packets_out; /* max packets_out in last window */
- u32 max_packets_seq; /* right edge of max_packets_out flight */
+ u32 cwnd_usage_seq; /* right edge of cwnd usage tracking flight */
u16 urg_data; /* Saved octet of OOB data and control flags */
u8 ecn_flags; /* ECN status bits. */
diff --git a/include/net/tcp.h b/include/net/tcp.h
index 8129ce9a0771..bf4af27f5620 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -1271,11 +1271,14 @@ static inline bool tcp_is_cwnd_limited(const struct sock *sk)
{
const struct tcp_sock *tp = tcp_sk(sk);
+ if (tp->is_cwnd_limited)
+ return true;
+
/* If in slow start, ensure cwnd grows to twice what was ACKed. */
if (tcp_in_slow_start(tp))
return tp->snd_cwnd < 2 * tp->max_packets_out;
- return tp->is_cwnd_limited;
+ return false;
}
/* BBR congestion control needs pacing.
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index bfeb05f62b94..24328ad00278 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -2796,6 +2796,8 @@ int tcp_disconnect(struct sock *sk, int flags)
tp->snd_ssthresh = TCP_INFINITE_SSTHRESH;
tp->snd_cwnd = TCP_INIT_CWND;
tp->snd_cwnd_cnt = 0;
+ tp->is_cwnd_limited = 0;
+ tp->max_packets_out = 0;
tp->window_clamp = 0;
tp->delivered = 0;
tp->delivered_ce = 0;
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 48fce999dc61..eefd032bc6db 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -1876,15 +1876,20 @@ static void tcp_cwnd_validate(struct sock *sk, bool is_cwnd_limited)
const struct tcp_congestion_ops *ca_ops = inet_csk(sk)->icsk_ca_ops;
struct tcp_sock *tp = tcp_sk(sk);
- /* Track the maximum number of outstanding packets in each
- * window, and remember whether we were cwnd-limited then.
+ /* Track the strongest available signal of the degree to which the cwnd
+ * is fully utilized. If cwnd-limited then remember that fact for the
+ * current window. If not cwnd-limited then track the maximum number of
+ * outstanding packets in the current window. (If cwnd-limited then we
+ * chose to not update tp->max_packets_out to avoid an extra else
+ * clause with no functional impact.)
*/
- if (!before(tp->snd_una, tp->max_packets_seq) ||
- tp->packets_out > tp->max_packets_out ||
- is_cwnd_limited) {
- tp->max_packets_out = tp->packets_out;
- tp->max_packets_seq = tp->snd_nxt;
+ if (!before(tp->snd_una, tp->cwnd_usage_seq) ||
+ is_cwnd_limited ||
+ (!tp->is_cwnd_limited &&
+ tp->packets_out > tp->max_packets_out)) {
tp->is_cwnd_limited = is_cwnd_limited;
+ tp->max_packets_out = tp->packets_out;
+ tp->cwnd_usage_seq = tp->snd_nxt;
}
if (tcp_is_cwnd_limited(sk)) {
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 135/390] spi: Ensure that sg_table wont be used after being freed
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 134/390] tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 136/390] net: rds: dont hold sock lock when cancelling work from rds_tcp_reset_callbacks() Greg Kroah-Hartman
` (260 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Szyprowski, Mark Brown, Sasha Levin
From: Marek Szyprowski <m.szyprowski@samsung.com>
[ Upstream commit 8e9204cddcc3fea9affcfa411715ba4f66e97587 ]
SPI code checks for non-zero sgt->orig_nents to determine if the buffer
has been DMA-mapped. Ensure that sg_table is really zeroed after free to
avoid potential NULL pointer dereference if the given SPI xfer object is
reused again without being DMA-mapped.
Fixes: 0c17ba73c08f ("spi: Fix cache corruption due to DMA/PIO overlap")
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Link: https://lore.kernel.org/r/20220930113408.19720-1-m.szyprowski@samsung.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
index 6ea7b286c80c..857a1399850c 100644
--- a/drivers/spi/spi.c
+++ b/drivers/spi/spi.c
@@ -946,6 +946,8 @@ void spi_unmap_buf(struct spi_controller *ctlr, struct device *dev,
if (sgt->orig_nents) {
dma_unmap_sg(dev, sgt->sgl, sgt->orig_nents, dir);
sg_free_table(sgt);
+ sgt->orig_nents = 0;
+ sgt->nents = 0;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 136/390] net: rds: dont hold sock lock when cancelling work from rds_tcp_reset_callbacks()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 135/390] spi: Ensure that sg_table wont be used after being freed Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 137/390] bnx2x: fix potential memory leak in bnx2x_tpa_stop() Greg Kroah-Hartman
` (259 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot, Hillf Danton, Tetsuo Handa,
David S. Miller, Sasha Levin
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
[ Upstream commit a91b750fd6629354460282bbf5146c01b05c4859 ]
syzbot is reporting lockdep warning at rds_tcp_reset_callbacks() [1], for
commit ac3615e7f3cffe2a ("RDS: TCP: Reduce code duplication in
rds_tcp_reset_callbacks()") added cancel_delayed_work_sync() into a section
protected by lock_sock() without realizing that rds_send_xmit() might call
lock_sock().
We don't need to protect cancel_delayed_work_sync() using lock_sock(), for
even if rds_{send,recv}_worker() re-queued this work while __flush_work()
from cancel_delayed_work_sync() was waiting for this work to complete,
retried rds_{send,recv}_worker() is no-op due to the absence of RDS_CONN_UP
bit.
Link: https://syzkaller.appspot.com/bug?extid=78c55c7bc6f66e53dce2 [1]
Reported-by: syzbot <syzbot+78c55c7bc6f66e53dce2@syzkaller.appspotmail.com>
Co-developed-by: Hillf Danton <hdanton@sina.com>
Signed-off-by: Hillf Danton <hdanton@sina.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Tested-by: syzbot <syzbot+78c55c7bc6f66e53dce2@syzkaller.appspotmail.com>
Fixes: ac3615e7f3cffe2a ("RDS: TCP: Reduce code duplication in rds_tcp_reset_callbacks()")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/rds/tcp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/rds/tcp.c b/net/rds/tcp.c
index 5327d130c4b5..b560d06e6d96 100644
--- a/net/rds/tcp.c
+++ b/net/rds/tcp.c
@@ -166,10 +166,10 @@ void rds_tcp_reset_callbacks(struct socket *sock,
*/
atomic_set(&cp->cp_state, RDS_CONN_RESETTING);
wait_event(cp->cp_waitq, !test_bit(RDS_IN_XMIT, &cp->cp_flags));
- lock_sock(osock->sk);
/* reset receive side state for rds_tcp_data_recv() for osock */
cancel_delayed_work_sync(&cp->cp_send_w);
cancel_delayed_work_sync(&cp->cp_recv_w);
+ lock_sock(osock->sk);
if (tc->t_tinc) {
rds_inc_put(&tc->t_tinc->ti_inc);
tc->t_tinc = NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 137/390] bnx2x: fix potential memory leak in bnx2x_tpa_stop()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 136/390] net: rds: dont hold sock lock when cancelling work from rds_tcp_reset_callbacks() Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 138/390] net/ieee802154: reject zero-sized raw_sendmsg() Greg Kroah-Hartman
` (258 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jianglei Nie, David S. Miller, Sasha Levin
From: Jianglei Nie <niejianglei2021@163.com>
[ Upstream commit b43f9acbb8942b05252be83ac25a81cec70cc192 ]
bnx2x_tpa_stop() allocates a memory chunk from new_data with
bnx2x_frag_alloc(). The new_data should be freed when gets some error.
But when "pad + len > fp->rx_buf_size" is true, bnx2x_tpa_stop() returns
without releasing the new_data, which will lead to a memory leak.
We should free the new_data with bnx2x_frag_free() when "pad + len >
fp->rx_buf_size" is true.
Fixes: 07b0f00964def8af9321cfd6c4a7e84f6362f728 ("bnx2x: fix possible panic under memory stress")
Signed-off-by: Jianglei Nie <niejianglei2021@163.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
index 198e041d8410..4f669e7c7558 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
@@ -788,6 +788,7 @@ static void bnx2x_tpa_stop(struct bnx2x *bp, struct bnx2x_fastpath *fp,
BNX2X_ERR("skb_put is about to fail... pad %d len %d rx_buf_size %d\n",
pad, len, fp->rx_buf_size);
bnx2x_panic();
+ bnx2x_frag_free(fp, new_data);
return;
}
#endif
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 138/390] net/ieee802154: reject zero-sized raw_sendmsg()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 137/390] bnx2x: fix potential memory leak in bnx2x_tpa_stop() Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 139/390] once: add DO_ONCE_SLOW() for sleepable contexts Greg Kroah-Hartman
` (257 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot, Tetsuo Handa,
David S. Miller, Sasha Levin
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
[ Upstream commit 3a4d061c699bd3eedc80dc97a4b2a2e1af83c6f5 ]
syzbot is hitting skb_assert_len() warning at raw_sendmsg() for ieee802154
socket. What commit dc633700f00f726e ("net/af_packet: check len when
min_header_len equals to 0") does also applies to ieee802154 socket.
Link: https://syzkaller.appspot.com/bug?extid=5ea725c25d06fb9114c4
Reported-by: syzbot <syzbot+5ea725c25d06fb9114c4@syzkaller.appspotmail.com>
Fixes: fd1894224407c484 ("bpf: Don't redirect packets with invalid pkt_len")
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ieee802154/socket.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/ieee802154/socket.c b/net/ieee802154/socket.c
index 7edec210780a..d4c162d63634 100644
--- a/net/ieee802154/socket.c
+++ b/net/ieee802154/socket.c
@@ -252,6 +252,9 @@ static int raw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
return -EOPNOTSUPP;
}
+ if (!size)
+ return -EINVAL;
+
lock_sock(sk);
if (!sk->sk_bound_dev_if)
dev = dev_getfirstbyhwtype(sock_net(sk), ARPHRD_IEEE802154);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 139/390] once: add DO_ONCE_SLOW() for sleepable contexts
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 138/390] net/ieee802154: reject zero-sized raw_sendmsg() Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 140/390] net: mvpp2: fix mvpp2 debugfs leak Greg Kroah-Hartman
` (256 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe Leroy, Eric Dumazet,
Willy Tarreau, David S. Miller, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 62c07983bef9d3e78e71189441e1a470f0d1e653 ]
Christophe Leroy reported a ~80ms latency spike
happening at first TCP connect() time.
This is because __inet_hash_connect() uses get_random_once()
to populate a perturbation table which became quite big
after commit 4c2c8f03a5ab ("tcp: increase source port perturb table to 2^16")
get_random_once() uses DO_ONCE(), which block hard irqs for the duration
of the operation.
This patch adds DO_ONCE_SLOW() which uses a mutex instead of a spinlock
for operations where we prefer to stay in process context.
Then __inet_hash_connect() can use get_random_slow_once()
to populate its perturbation table.
Fixes: 4c2c8f03a5ab ("tcp: increase source port perturb table to 2^16")
Fixes: 190cc82489f4 ("tcp: change source port randomizarion at connect() time")
Reported-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Link: https://lore.kernel.org/netdev/CANn89iLAEYBaoYajy0Y9UmGFff5GPxDUoG-ErVB2jDdRNQ5Tug@mail.gmail.com/T/#t
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Willy Tarreau <w@1wt.eu>
Tested-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/once.h | 28 ++++++++++++++++++++++++++++
lib/once.c | 30 ++++++++++++++++++++++++++++++
net/ipv4/inet_hashtables.c | 4 ++--
3 files changed, 60 insertions(+), 2 deletions(-)
diff --git a/include/linux/once.h b/include/linux/once.h
index ae6f4eb41cbe..bb58e1c3aa03 100644
--- a/include/linux/once.h
+++ b/include/linux/once.h
@@ -5,10 +5,18 @@
#include <linux/types.h>
#include <linux/jump_label.h>
+/* Helpers used from arbitrary contexts.
+ * Hard irqs are blocked, be cautious.
+ */
bool __do_once_start(bool *done, unsigned long *flags);
void __do_once_done(bool *done, struct static_key_true *once_key,
unsigned long *flags, struct module *mod);
+/* Variant for process contexts only. */
+bool __do_once_slow_start(bool *done);
+void __do_once_slow_done(bool *done, struct static_key_true *once_key,
+ struct module *mod);
+
/* Call a function exactly once. The idea of DO_ONCE() is to perform
* a function call such as initialization of random seeds, etc, only
* once, where DO_ONCE() can live in the fast-path. After @func has
@@ -52,9 +60,29 @@ void __do_once_done(bool *done, struct static_key_true *once_key,
___ret; \
})
+/* Variant of DO_ONCE() for process/sleepable contexts. */
+#define DO_ONCE_SLOW(func, ...) \
+ ({ \
+ bool ___ret = false; \
+ static bool __section(".data.once") ___done = false; \
+ static DEFINE_STATIC_KEY_TRUE(___once_key); \
+ if (static_branch_unlikely(&___once_key)) { \
+ ___ret = __do_once_slow_start(&___done); \
+ if (unlikely(___ret)) { \
+ func(__VA_ARGS__); \
+ __do_once_slow_done(&___done, &___once_key, \
+ THIS_MODULE); \
+ } \
+ } \
+ ___ret; \
+ })
+
#define get_random_once(buf, nbytes) \
DO_ONCE(get_random_bytes, (buf), (nbytes))
#define get_random_once_wait(buf, nbytes) \
DO_ONCE(get_random_bytes_wait, (buf), (nbytes)) \
+#define get_random_slow_once(buf, nbytes) \
+ DO_ONCE_SLOW(get_random_bytes, (buf), (nbytes))
+
#endif /* _LINUX_ONCE_H */
diff --git a/lib/once.c b/lib/once.c
index 59149bf3bfb4..351f66aad310 100644
--- a/lib/once.c
+++ b/lib/once.c
@@ -66,3 +66,33 @@ void __do_once_done(bool *done, struct static_key_true *once_key,
once_disable_jump(once_key, mod);
}
EXPORT_SYMBOL(__do_once_done);
+
+static DEFINE_MUTEX(once_mutex);
+
+bool __do_once_slow_start(bool *done)
+ __acquires(once_mutex)
+{
+ mutex_lock(&once_mutex);
+ if (*done) {
+ mutex_unlock(&once_mutex);
+ /* Keep sparse happy by restoring an even lock count on
+ * this mutex. In case we return here, we don't call into
+ * __do_once_done but return early in the DO_ONCE_SLOW() macro.
+ */
+ __acquire(once_mutex);
+ return false;
+ }
+
+ return true;
+}
+EXPORT_SYMBOL(__do_once_slow_start);
+
+void __do_once_slow_done(bool *done, struct static_key_true *once_key,
+ struct module *mod)
+ __releases(once_mutex)
+{
+ *done = true;
+ mutex_unlock(&once_mutex);
+ once_disable_jump(once_key, mod);
+}
+EXPORT_SYMBOL(__do_once_slow_done);
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index feb7f072f2b2..c0de655fffd7 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -771,8 +771,8 @@ int __inet_hash_connect(struct inet_timewait_death_row *death_row,
if (likely(remaining > 1))
remaining &= ~1U;
- net_get_random_once(table_perturb,
- INET_TABLE_PERTURB_SIZE * sizeof(*table_perturb));
+ get_random_slow_once(table_perturb,
+ INET_TABLE_PERTURB_SIZE * sizeof(*table_perturb));
index = port_offset & (INET_TABLE_PERTURB_SIZE - 1);
offset = READ_ONCE(table_perturb[index]) + (port_offset >> 32);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 140/390] net: mvpp2: fix mvpp2 debugfs leak
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 139/390] once: add DO_ONCE_SLOW() for sleepable contexts Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 141/390] drm: bridge: adv7511: fix CEC power down control register offset Greg Kroah-Hartman
` (255 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Russell King (Oracle),
Marcin Wojtas, Jakub Kicinski, Sasha Levin
From: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
[ Upstream commit 0152dfee235e87660f52a117fc9f70dc55956bb4 ]
When mvpp2 is unloaded, the driver specific debugfs directory is not
removed, which technically leads to a memory leak. However, this
directory is only created when the first device is probed, so the
hardware is present. Removing the module is only something a developer
would to when e.g. testing out changes, so the module would be
reloaded. So this memory leak is minor.
The original attempt in commit fe2c9c61f668 ("net: mvpp2: debugfs: fix
memory leak when using debugfs_lookup()") that was labelled as a memory
leak fix was not, it fixed a refcount leak, but in doing so created a
problem when the module is reloaded - the directory already exists, but
mvpp2_root is NULL, so we lose all debugfs entries. This fix has been
reverted.
This is the alternative fix, where we remove the offending directory
whenever the driver is unloaded.
Fixes: 21da57a23125 ("net: mvpp2: add a debugfs interface for the Header Parser")
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Marcin Wojtas <mw@semihalf.com>
Link: https://lore.kernel.org/r/E1ofOAB-00CzkG-UO@rmk-PC.armlinux.org.uk
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 1 +
drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c | 10 ++++++++--
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 13 ++++++++++++-
3 files changed, 21 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/marvell/mvpp2/mvpp2.h b/drivers/net/ethernet/marvell/mvpp2/mvpp2.h
index d825eb021b22..e999ac2de34e 100644
--- a/drivers/net/ethernet/marvell/mvpp2/mvpp2.h
+++ b/drivers/net/ethernet/marvell/mvpp2/mvpp2.h
@@ -1434,6 +1434,7 @@ u32 mvpp2_read(struct mvpp2 *priv, u32 offset);
void mvpp2_dbgfs_init(struct mvpp2 *priv, const char *name);
void mvpp2_dbgfs_cleanup(struct mvpp2 *priv);
+void mvpp2_dbgfs_exit(void);
#ifdef CONFIG_MVPP2_PTP
int mvpp22_tai_probe(struct device *dev, struct mvpp2 *priv);
diff --git a/drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c b/drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c
index 4a3baa7e0142..75e83ea2a926 100644
--- a/drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c
+++ b/drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c
@@ -691,6 +691,13 @@ static int mvpp2_dbgfs_port_init(struct dentry *parent,
return 0;
}
+static struct dentry *mvpp2_root;
+
+void mvpp2_dbgfs_exit(void)
+{
+ debugfs_remove(mvpp2_root);
+}
+
void mvpp2_dbgfs_cleanup(struct mvpp2 *priv)
{
debugfs_remove_recursive(priv->dbgfs_dir);
@@ -700,10 +707,9 @@ void mvpp2_dbgfs_cleanup(struct mvpp2 *priv)
void mvpp2_dbgfs_init(struct mvpp2 *priv, const char *name)
{
- struct dentry *mvpp2_dir, *mvpp2_root;
+ struct dentry *mvpp2_dir;
int ret, i;
- mvpp2_root = debugfs_lookup(MVPP2_DRIVER_NAME, NULL);
if (!mvpp2_root)
mvpp2_root = debugfs_create_dir(MVPP2_DRIVER_NAME, NULL);
diff --git a/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c b/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
index 542cd6f2c9bd..68c5ed8716c8 100644
--- a/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
+++ b/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
@@ -7155,7 +7155,18 @@ static struct platform_driver mvpp2_driver = {
},
};
-module_platform_driver(mvpp2_driver);
+static int __init mvpp2_driver_init(void)
+{
+ return platform_driver_register(&mvpp2_driver);
+}
+module_init(mvpp2_driver_init);
+
+static void __exit mvpp2_driver_exit(void)
+{
+ platform_driver_unregister(&mvpp2_driver);
+ mvpp2_dbgfs_exit();
+}
+module_exit(mvpp2_driver_exit);
MODULE_DESCRIPTION("Marvell PPv2 Ethernet Driver - www.marvell.com");
MODULE_AUTHOR("Marcin Wojtas <mw@semihalf.com>");
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 141/390] drm: bridge: adv7511: fix CEC power down control register offset
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 140/390] net: mvpp2: fix mvpp2 debugfs leak Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 142/390] drm/bridge: Avoid uninitialized variable warning Greg Kroah-Hartman
` (254 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alvin Šipraga, Robert Foss, Sasha Levin
From: Alvin Šipraga <alsi@bang-olufsen.dk>
[ Upstream commit 1d22b6033ea113a4c3850dfa2c0770885c81aec8 ]
The ADV7511_REG_CEC_CTRL = 0xE2 register is part of the main register
map - not the CEC register map. As such, we shouldn't apply an offset to
the register address. Doing so will cause us to address a bogus register
for chips with a CEC register map offset (e.g. ADV7533).
Fixes: 3b1b975003e4 ("drm: adv7511/33: add HDMI CEC support")
Signed-off-by: Alvin Šipraga <alsi@bang-olufsen.dk>
Reviewed-by: Robert Foss <robert.foss@linaro.org>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220612144854.2223873-2-alvin@pqrs.dk
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/adv7511/adv7511.h | 5 +----
drivers/gpu/drm/bridge/adv7511/adv7511_cec.c | 4 ++--
2 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/bridge/adv7511/adv7511.h b/drivers/gpu/drm/bridge/adv7511/adv7511.h
index a0f6ee15c248..711061bf3eb7 100644
--- a/drivers/gpu/drm/bridge/adv7511/adv7511.h
+++ b/drivers/gpu/drm/bridge/adv7511/adv7511.h
@@ -386,10 +386,7 @@ void adv7511_cec_irq_process(struct adv7511 *adv7511, unsigned int irq1);
#else
static inline int adv7511_cec_init(struct device *dev, struct adv7511 *adv7511)
{
- unsigned int offset = adv7511->type == ADV7533 ?
- ADV7533_REG_CEC_OFFSET : 0;
-
- regmap_write(adv7511->regmap, ADV7511_REG_CEC_CTRL + offset,
+ regmap_write(adv7511->regmap, ADV7511_REG_CEC_CTRL,
ADV7511_CEC_CTRL_POWER_DOWN);
return 0;
}
diff --git a/drivers/gpu/drm/bridge/adv7511/adv7511_cec.c b/drivers/gpu/drm/bridge/adv7511/adv7511_cec.c
index a20a45c0b353..ddd1305b82b2 100644
--- a/drivers/gpu/drm/bridge/adv7511/adv7511_cec.c
+++ b/drivers/gpu/drm/bridge/adv7511/adv7511_cec.c
@@ -316,7 +316,7 @@ int adv7511_cec_init(struct device *dev, struct adv7511 *adv7511)
goto err_cec_alloc;
}
- regmap_write(adv7511->regmap, ADV7511_REG_CEC_CTRL + offset, 0);
+ regmap_write(adv7511->regmap, ADV7511_REG_CEC_CTRL, 0);
/* cec soft reset */
regmap_write(adv7511->regmap_cec,
ADV7511_REG_CEC_SOFT_RESET + offset, 0x01);
@@ -343,7 +343,7 @@ int adv7511_cec_init(struct device *dev, struct adv7511 *adv7511)
dev_info(dev, "Initializing CEC failed with error %d, disabling CEC\n",
ret);
err_cec_parse_dt:
- regmap_write(adv7511->regmap, ADV7511_REG_CEC_CTRL + offset,
+ regmap_write(adv7511->regmap, ADV7511_REG_CEC_CTRL,
ADV7511_CEC_CTRL_POWER_DOWN);
return ret == -EPROBE_DEFER ? ret : 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 142/390] drm/bridge: Avoid uninitialized variable warning
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 141/390] drm: bridge: adv7511: fix CEC power down control register offset Greg Kroah-Hartman
@ 2022-10-24 11:28 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 143/390] drm/mipi-dsi: Detach devices when removing the host Greg Kroah-Hartman
` (253 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Maxime Ripard, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 7d1202738efda60155d98b370b3c70d336be0eea ]
This code works, but technically it uses "num_in_bus_fmts" before it
has been initialized so it leads to static checker warnings and probably
KMEMsan warnings at run time. Initialize the variable to zero to
silence the warning.
Fixes: f32df58acc68 ("drm/bridge: Add the necessary bits to support bus format negotiation")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Link: https://patchwork.freedesktop.org/patch/msgid/YrrIs3hoGcPVmXc5@kili
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_bridge.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/drm_bridge.c b/drivers/gpu/drm/drm_bridge.c
index 044acd07c153..d799ec14fd7f 100644
--- a/drivers/gpu/drm/drm_bridge.c
+++ b/drivers/gpu/drm/drm_bridge.c
@@ -753,8 +753,8 @@ static int select_bus_fmt_recursive(struct drm_bridge *first_bridge,
struct drm_connector_state *conn_state,
u32 out_bus_fmt)
{
+ unsigned int i, num_in_bus_fmts = 0;
struct drm_bridge_state *cur_state;
- unsigned int num_in_bus_fmts, i;
struct drm_bridge *prev_bridge;
u32 *in_bus_fmts;
int ret;
@@ -875,7 +875,7 @@ drm_atomic_bridge_chain_select_bus_fmts(struct drm_bridge *bridge,
struct drm_connector *conn = conn_state->connector;
struct drm_encoder *encoder = bridge->encoder;
struct drm_bridge_state *last_bridge_state;
- unsigned int i, num_out_bus_fmts;
+ unsigned int i, num_out_bus_fmts = 0;
struct drm_bridge *last_bridge;
u32 *out_bus_fmts;
int ret = 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 143/390] drm/mipi-dsi: Detach devices when removing the host
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2022-10-24 11:28 ` [PATCH 5.10 142/390] drm/bridge: Avoid uninitialized variable warning Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 144/390] drm/bridge: parade-ps8640: Fix regulator supply order Greg Kroah-Hartman
` (252 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Zimmermann, Maxime Ripard,
Sasha Levin
From: Maxime Ripard <maxime@cerno.tech>
[ Upstream commit 668a8f17b5290d04ef7343636a5588a0692731a1 ]
Whenever the MIPI-DSI host is unregistered, the code of
mipi_dsi_host_unregister() loops over every device currently found on that
bus and will unregister it.
However, it doesn't detach it from the bus first, which leads to all kind
of resource leaks if the host wants to perform some clean up whenever a
device is detached.
Fixes: 068a00233969 ("drm: Add MIPI DSI bus support")
Acked-by: Thomas Zimmermann <tzimmermann@suse.de>
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Link: https://lore.kernel.org/r/20220711173939.1132294-2-maxime@cerno.tech
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_mipi_dsi.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/drm_mipi_dsi.c b/drivers/gpu/drm/drm_mipi_dsi.c
index 5dd475e82995..2c43d54766f3 100644
--- a/drivers/gpu/drm/drm_mipi_dsi.c
+++ b/drivers/gpu/drm/drm_mipi_dsi.c
@@ -300,6 +300,7 @@ static int mipi_dsi_remove_device_fn(struct device *dev, void *priv)
{
struct mipi_dsi_device *dsi = to_mipi_dsi_device(dev);
+ mipi_dsi_detach(dsi);
mipi_dsi_device_unregister(dsi);
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 144/390] drm/bridge: parade-ps8640: Fix regulator supply order
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 143/390] drm/mipi-dsi: Detach devices when removing the host Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 145/390] drm/dp_mst: fix drm_dp_dpcd_read return value checks Greg Kroah-Hartman
` (251 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chen-Yu Tsai, Neil Armstrong,
Robert Foss, Sasha Levin
From: Chen-Yu Tsai <wenst@chromium.org>
[ Upstream commit fc94224c2e0ae8d83ac511a3ef4962178505469d ]
The datasheet says that VDD12 must be enabled and at full voltage before
VDD33 is enabled.
Reorder the bulk regulator supply names so that VDD12 is enabled before
VDD33. Any enable ramp delays should be handled by setting proper
constraints on the regulators.
Fixes: bc1aee7fc8f0 ("drm/bridge: Add I2C based driver for ps8640 bridge")
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Reviewed-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220721092258.3397461-1-wenst@chromium.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/bridge/parade-ps8640.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/bridge/parade-ps8640.c
+++ b/drivers/gpu/drm/bridge/parade-ps8640.c
@@ -333,8 +333,8 @@ static int ps8640_probe(struct i2c_clien
if (IS_ERR(ps_bridge->panel_bridge))
return PTR_ERR(ps_bridge->panel_bridge);
- ps_bridge->supplies[0].supply = "vdd33";
- ps_bridge->supplies[1].supply = "vdd12";
+ ps_bridge->supplies[0].supply = "vdd12";
+ ps_bridge->supplies[1].supply = "vdd33";
ret = devm_regulator_bulk_get(dev, ARRAY_SIZE(ps_bridge->supplies),
ps_bridge->supplies);
if (ret)
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 145/390] drm/dp_mst: fix drm_dp_dpcd_read return value checks
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 144/390] drm/bridge: parade-ps8640: Fix regulator supply order Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 146/390] drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() Greg Kroah-Hartman
` (250 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Simon Ser, Lyude Paul,
Benjamin Gaignard, Jani Nikula, Sasha Levin
From: Simon Ser <contact@emersion.fr>
[ Upstream commit 2ac6cdd581f48c8f68747156fde5868486a44985 ]
drm_dp_dpcd_read returns the number of bytes read. The previous code
would print garbage on DPCD error, and would exit with on error on
success.
Signed-off-by: Simon Ser <contact@emersion.fr>
Fixes: cb897542c6d2 ("drm/dp_mst: Fix W=1 warnings")
Cc: Lyude Paul <lyude@redhat.com>
Cc: Benjamin Gaignard <benjamin.gaignard@st.com>
Reviewed-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/473500/
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_dp_mst_topology.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/drm_dp_mst_topology.c b/drivers/gpu/drm/drm_dp_mst_topology.c
index ab423b0413ee..4272cd3622f8 100644
--- a/drivers/gpu/drm/drm_dp_mst_topology.c
+++ b/drivers/gpu/drm/drm_dp_mst_topology.c
@@ -4856,14 +4856,14 @@ void drm_dp_mst_dump_topology(struct seq_file *m,
seq_printf(m, "dpcd: %*ph\n", DP_RECEIVER_CAP_SIZE, buf);
ret = drm_dp_dpcd_read(mgr->aux, DP_FAUX_CAP, buf, 2);
- if (ret) {
+ if (ret != 2) {
seq_printf(m, "faux/mst read failed\n");
goto out;
}
seq_printf(m, "faux/mst: %*ph\n", 2, buf);
ret = drm_dp_dpcd_read(mgr->aux, DP_MSTM_CTRL, buf, 1);
- if (ret) {
+ if (ret != 1) {
seq_printf(m, "mst ctrl read failed\n");
goto out;
}
@@ -4871,7 +4871,7 @@ void drm_dp_mst_dump_topology(struct seq_file *m,
/* dump the standard OUI branch header */
ret = drm_dp_dpcd_read(mgr->aux, DP_BRANCH_OUI, buf, DP_BRANCH_OUI_HEADER_SIZE);
- if (ret) {
+ if (ret != DP_BRANCH_OUI_HEADER_SIZE) {
seq_printf(m, "branch oui read failed\n");
goto out;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 146/390] drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 145/390] drm/dp_mst: fix drm_dp_dpcd_read return value checks Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 147/390] platform/chrome: fix double-free in chromeos_laptop_prepare() Greg Kroah-Hartman
` (249 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Rob Herring, Daniel Vetter,
Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit e0686dc6f2252e009c455fe99e2ce9d62a60eb47 ]
The reference 'child' in the iteration of for_each_available_child_of_node()
is only escaped out into a local variable which is only used to check
its value. So we still need to the of_node_put() when breaking of the
for_each_available_child_of_node() which will automatically increase
and decrease the refcount.
Fixes: ca454bd42dc2 ("drm/pl111: Support the Versatile Express")
Signed-off-by: Liang He <windhl@126.com>
Reviewed-by: Rob Herring <robh@kernel.org>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20220711131550.361350-1-windhl@126.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/pl111/pl111_versatile.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/pl111/pl111_versatile.c b/drivers/gpu/drm/pl111/pl111_versatile.c
index bdd883f4f0da..963a5d5e6987 100644
--- a/drivers/gpu/drm/pl111/pl111_versatile.c
+++ b/drivers/gpu/drm/pl111/pl111_versatile.c
@@ -402,6 +402,7 @@ static int pl111_vexpress_clcd_init(struct device *dev, struct device_node *np,
if (of_device_is_compatible(child, "arm,pl111")) {
has_coretile_clcd = true;
ct_clcd = child;
+ of_node_put(child);
break;
}
if (of_device_is_compatible(child, "arm,hdlcd")) {
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 147/390] platform/chrome: fix double-free in chromeos_laptop_prepare()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 146/390] drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 148/390] platform/chrome: fix memory corruption in ioctl Greg Kroah-Hartman
` (248 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rustam Subkhankulov, Dmitry Torokhov,
Tzung-Bi Shih, Sasha Levin
From: Rustam Subkhankulov <subkhankulov@ispras.ru>
[ Upstream commit 6ad4194d6a1e1d11b285989cd648ef695b4a93c0 ]
If chromeos_laptop_prepare_i2c_peripherals() fails after allocating memory
for 'cros_laptop->i2c_peripherals', this memory is freed at 'err_out' label
and nonzero value is returned. Then chromeos_laptop_destroy() is called,
resulting in double-free error.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Rustam Subkhankulov <subkhankulov@ispras.ru>
Fixes: 5020cd29d8bf ("platform/chrome: chromeos_laptop - supply properties for ACPI devices")
Reviewed-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Tzung-Bi Shih <tzungbi@kernel.org>
Link: https://lore.kernel.org/r/20220813220843.2373004-1-subkhankulov@ispras.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/chrome/chromeos_laptop.c | 24 ++++++++++++-----------
1 file changed, 13 insertions(+), 11 deletions(-)
diff --git a/drivers/platform/chrome/chromeos_laptop.c b/drivers/platform/chrome/chromeos_laptop.c
index 472a03daa869..109c191d35cf 100644
--- a/drivers/platform/chrome/chromeos_laptop.c
+++ b/drivers/platform/chrome/chromeos_laptop.c
@@ -718,6 +718,7 @@ static int __init
chromeos_laptop_prepare_i2c_peripherals(struct chromeos_laptop *cros_laptop,
const struct chromeos_laptop *src)
{
+ struct i2c_peripheral *i2c_peripherals;
struct i2c_peripheral *i2c_dev;
struct i2c_board_info *info;
int i;
@@ -726,17 +727,15 @@ chromeos_laptop_prepare_i2c_peripherals(struct chromeos_laptop *cros_laptop,
if (!src->num_i2c_peripherals)
return 0;
- cros_laptop->i2c_peripherals = kmemdup(src->i2c_peripherals,
- src->num_i2c_peripherals *
- sizeof(*src->i2c_peripherals),
- GFP_KERNEL);
- if (!cros_laptop->i2c_peripherals)
+ i2c_peripherals = kmemdup(src->i2c_peripherals,
+ src->num_i2c_peripherals *
+ sizeof(*src->i2c_peripherals),
+ GFP_KERNEL);
+ if (!i2c_peripherals)
return -ENOMEM;
- cros_laptop->num_i2c_peripherals = src->num_i2c_peripherals;
-
- for (i = 0; i < cros_laptop->num_i2c_peripherals; i++) {
- i2c_dev = &cros_laptop->i2c_peripherals[i];
+ for (i = 0; i < src->num_i2c_peripherals; i++) {
+ i2c_dev = &i2c_peripherals[i];
info = &i2c_dev->board_info;
error = chromeos_laptop_setup_irq(i2c_dev);
@@ -754,16 +753,19 @@ chromeos_laptop_prepare_i2c_peripherals(struct chromeos_laptop *cros_laptop,
}
}
+ cros_laptop->i2c_peripherals = i2c_peripherals;
+ cros_laptop->num_i2c_peripherals = src->num_i2c_peripherals;
+
return 0;
err_out:
while (--i >= 0) {
- i2c_dev = &cros_laptop->i2c_peripherals[i];
+ i2c_dev = &i2c_peripherals[i];
info = &i2c_dev->board_info;
if (info->properties)
property_entries_free(info->properties);
}
- kfree(cros_laptop->i2c_peripherals);
+ kfree(i2c_peripherals);
return error;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 148/390] platform/chrome: fix memory corruption in ioctl
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 147/390] platform/chrome: fix double-free in chromeos_laptop_prepare() Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 149/390] ASoC: tas2764: Allow mono streams Greg Kroah-Hartman
` (247 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Guenter Roeck,
Tzung-Bi Shih, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 8a07b45fd3c2dda24fad43639be5335a4595196a ]
If "s_mem.bytes" is larger than the buffer size it leads to memory
corruption.
Fixes: eda2e30c6684 ("mfd / platform: cros_ec: Miscellaneous character device to talk with the EC")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Guenter Roeck <groeck@chromium.org>
Signed-off-by: Tzung-Bi Shih <tzungbi@kernel.org>
Link: https://lore.kernel.org/r/Yv8dpCFZJdbUT5ye@kili
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/chrome/cros_ec_chardev.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/platform/chrome/cros_ec_chardev.c b/drivers/platform/chrome/cros_ec_chardev.c
index fd33de546aee..0de7c255254e 100644
--- a/drivers/platform/chrome/cros_ec_chardev.c
+++ b/drivers/platform/chrome/cros_ec_chardev.c
@@ -327,6 +327,9 @@ static long cros_ec_chardev_ioctl_readmem(struct cros_ec_dev *ec,
if (copy_from_user(&s_mem, arg, sizeof(s_mem)))
return -EFAULT;
+ if (s_mem.bytes > sizeof(s_mem.buffer))
+ return -EINVAL;
+
num = ec_dev->cmd_readmem(ec_dev, s_mem.offset, s_mem.bytes,
s_mem.buffer);
if (num <= 0)
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 149/390] ASoC: tas2764: Allow mono streams
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 148/390] platform/chrome: fix memory corruption in ioctl Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 150/390] ASoC: tas2764: Drop conflicting set_bias_level power setting Greg Kroah-Hartman
` (246 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Povišer, Mark Brown, Sasha Levin
From: Martin Povišer <povik+lin@cutebit.org>
[ Upstream commit 23204d928a27146d13e11c9383632775345ecca8 ]
The part is a mono speaker amp, but it can do downmix and switch between
left and right channel, so the right channel range is 1 to 2.
(This mirrors commit bf54d97a835d ("ASoC: tas2770: Allow mono streams")
which was a fix to the tas2770 driver.)
Fixes: 827ed8a0fa50 ("ASoC: tas2764: Add the driver for the TAS2764")
Signed-off-by: Martin Povišer <povik+lin@cutebit.org>
Link: https://lore.kernel.org/r/20220825140241.53963-2-povik+lin@cutebit.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/tas2764.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/codecs/tas2764.c b/sound/soc/codecs/tas2764.c
index 37588804a6b5..bde92f080459 100644
--- a/sound/soc/codecs/tas2764.c
+++ b/sound/soc/codecs/tas2764.c
@@ -485,7 +485,7 @@ static struct snd_soc_dai_driver tas2764_dai_driver[] = {
.id = 0,
.playback = {
.stream_name = "ASI1 Playback",
- .channels_min = 2,
+ .channels_min = 1,
.channels_max = 2,
.rates = TAS2764_RATES,
.formats = TAS2764_FORMATS,
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 150/390] ASoC: tas2764: Drop conflicting set_bias_level power setting
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 149/390] ASoC: tas2764: Allow mono streams Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 151/390] ASoC: tas2764: Fix mute/unmute Greg Kroah-Hartman
` (245 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Povišer, Mark Brown, Sasha Levin
From: Martin Povišer <povik+lin@cutebit.org>
[ Upstream commit 09273f38832406db19a8907a934687cc10660a6b ]
The driver is setting the PWR_CTRL field in both the set_bias_level
callback and on DAPM events of the DAC widget (and also in the
mute_stream method). Drop the set_bias_level callback altogether as the
power setting it does is in conflict with the other code paths.
(This mirrors commit c8a6ae3fe1c8 ("ASoC: tas2770: Drop conflicting
set_bias_level power setting") which was a fix to the tas2770 driver.)
Fixes: 827ed8a0fa50 ("ASoC: tas2764: Add the driver for the TAS2764")
Signed-off-by: Martin Povišer <povik+lin@cutebit.org>
Link: https://lore.kernel.org/r/20220825140241.53963-3-povik+lin@cutebit.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/tas2764.c | 33 ---------------------------------
1 file changed, 33 deletions(-)
diff --git a/sound/soc/codecs/tas2764.c b/sound/soc/codecs/tas2764.c
index bde92f080459..6b6e30b072f2 100644
--- a/sound/soc/codecs/tas2764.c
+++ b/sound/soc/codecs/tas2764.c
@@ -50,38 +50,6 @@ static void tas2764_reset(struct tas2764_priv *tas2764)
usleep_range(1000, 2000);
}
-static int tas2764_set_bias_level(struct snd_soc_component *component,
- enum snd_soc_bias_level level)
-{
- struct tas2764_priv *tas2764 = snd_soc_component_get_drvdata(component);
-
- switch (level) {
- case SND_SOC_BIAS_ON:
- snd_soc_component_update_bits(component, TAS2764_PWR_CTRL,
- TAS2764_PWR_CTRL_MASK,
- TAS2764_PWR_CTRL_ACTIVE);
- break;
- case SND_SOC_BIAS_STANDBY:
- case SND_SOC_BIAS_PREPARE:
- snd_soc_component_update_bits(component, TAS2764_PWR_CTRL,
- TAS2764_PWR_CTRL_MASK,
- TAS2764_PWR_CTRL_MUTE);
- break;
- case SND_SOC_BIAS_OFF:
- snd_soc_component_update_bits(component, TAS2764_PWR_CTRL,
- TAS2764_PWR_CTRL_MASK,
- TAS2764_PWR_CTRL_SHUTDOWN);
- break;
-
- default:
- dev_err(tas2764->dev,
- "wrong power level setting %d\n", level);
- return -EINVAL;
- }
-
- return 0;
-}
-
#ifdef CONFIG_PM
static int tas2764_codec_suspend(struct snd_soc_component *component)
{
@@ -549,7 +517,6 @@ static const struct snd_soc_component_driver soc_component_driver_tas2764 = {
.probe = tas2764_codec_probe,
.suspend = tas2764_codec_suspend,
.resume = tas2764_codec_resume,
- .set_bias_level = tas2764_set_bias_level,
.controls = tas2764_snd_controls,
.num_controls = ARRAY_SIZE(tas2764_snd_controls),
.dapm_widgets = tas2764_dapm_widgets,
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 151/390] ASoC: tas2764: Fix mute/unmute
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 150/390] ASoC: tas2764: Drop conflicting set_bias_level power setting Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 152/390] platform/x86: msi-laptop: Fix old-ec check for backlight registering Greg Kroah-Hartman
` (244 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Povišer, Mark Brown, Sasha Levin
From: Martin Povišer <povik+lin@cutebit.org>
[ Upstream commit f5ad67f13623548e5aff847f89700c178aaf2a98 ]
Because the PWR_CTRL field is modeled as the power state of the DAC
widget, and at the same time it is used to implement mute/unmute, we
need some additional book-keeping to have the right end result no matter
the sequence of calls. Without this fix, one permanently mutes an
ongoing stream by toggling the associated speaker pin control.
(This mirrors commit 1e5907bcb3a3 ("ASoC: tas2770: Fix handling of
mute/unmute") which was a fix to the tas2770 driver.)
Fixes: 827ed8a0fa50 ("ASoC: tas2764: Add the driver for the TAS2764")
Signed-off-by: Martin Povišer <povik+lin@cutebit.org>
Link: https://lore.kernel.org/r/20220825140241.53963-4-povik+lin@cutebit.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/tas2764.c | 57 +++++++++++++++++++++-----------------
1 file changed, 32 insertions(+), 25 deletions(-)
diff --git a/sound/soc/codecs/tas2764.c b/sound/soc/codecs/tas2764.c
index 6b6e30b072f2..8b262e7f5275 100644
--- a/sound/soc/codecs/tas2764.c
+++ b/sound/soc/codecs/tas2764.c
@@ -34,6 +34,9 @@ struct tas2764_priv {
int v_sense_slot;
int i_sense_slot;
+
+ bool dac_powered;
+ bool unmuted;
};
static void tas2764_reset(struct tas2764_priv *tas2764)
@@ -50,6 +53,26 @@ static void tas2764_reset(struct tas2764_priv *tas2764)
usleep_range(1000, 2000);
}
+static int tas2764_update_pwr_ctrl(struct tas2764_priv *tas2764)
+{
+ struct snd_soc_component *component = tas2764->component;
+ unsigned int val;
+ int ret;
+
+ if (tas2764->dac_powered)
+ val = tas2764->unmuted ?
+ TAS2764_PWR_CTRL_ACTIVE : TAS2764_PWR_CTRL_MUTE;
+ else
+ val = TAS2764_PWR_CTRL_SHUTDOWN;
+
+ ret = snd_soc_component_update_bits(component, TAS2764_PWR_CTRL,
+ TAS2764_PWR_CTRL_MASK, val);
+ if (ret < 0)
+ return ret;
+
+ return 0;
+}
+
#ifdef CONFIG_PM
static int tas2764_codec_suspend(struct snd_soc_component *component)
{
@@ -82,9 +105,7 @@ static int tas2764_codec_resume(struct snd_soc_component *component)
usleep_range(1000, 2000);
}
- ret = snd_soc_component_update_bits(component, TAS2764_PWR_CTRL,
- TAS2764_PWR_CTRL_MASK,
- TAS2764_PWR_CTRL_ACTIVE);
+ ret = tas2764_update_pwr_ctrl(tas2764);
if (ret < 0)
return ret;
@@ -118,14 +139,12 @@ static int tas2764_dac_event(struct snd_soc_dapm_widget *w,
switch (event) {
case SND_SOC_DAPM_POST_PMU:
- ret = snd_soc_component_update_bits(component, TAS2764_PWR_CTRL,
- TAS2764_PWR_CTRL_MASK,
- TAS2764_PWR_CTRL_MUTE);
+ tas2764->dac_powered = true;
+ ret = tas2764_update_pwr_ctrl(tas2764);
break;
case SND_SOC_DAPM_PRE_PMD:
- ret = snd_soc_component_update_bits(component, TAS2764_PWR_CTRL,
- TAS2764_PWR_CTRL_MASK,
- TAS2764_PWR_CTRL_SHUTDOWN);
+ tas2764->dac_powered = false;
+ ret = tas2764_update_pwr_ctrl(tas2764);
break;
default:
dev_err(tas2764->dev, "Unsupported event\n");
@@ -170,17 +189,11 @@ static const struct snd_soc_dapm_route tas2764_audio_map[] = {
static int tas2764_mute(struct snd_soc_dai *dai, int mute, int direction)
{
- struct snd_soc_component *component = dai->component;
- int ret;
-
- ret = snd_soc_component_update_bits(component, TAS2764_PWR_CTRL,
- TAS2764_PWR_CTRL_MASK,
- mute ? TAS2764_PWR_CTRL_MUTE : 0);
+ struct tas2764_priv *tas2764 =
+ snd_soc_component_get_drvdata(dai->component);
- if (ret < 0)
- return ret;
-
- return 0;
+ tas2764->unmuted = !mute;
+ return tas2764_update_pwr_ctrl(tas2764);
}
static int tas2764_set_bitwidth(struct tas2764_priv *tas2764, int bitwidth)
@@ -494,12 +507,6 @@ static int tas2764_codec_probe(struct snd_soc_component *component)
if (ret < 0)
return ret;
- ret = snd_soc_component_update_bits(component, TAS2764_PWR_CTRL,
- TAS2764_PWR_CTRL_MASK,
- TAS2764_PWR_CTRL_MUTE);
- if (ret < 0)
- return ret;
-
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 152/390] platform/x86: msi-laptop: Fix old-ec check for backlight registering
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 151/390] ASoC: tas2764: Fix mute/unmute Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 153/390] platform/x86: msi-laptop: Fix resource cleanup Greg Kroah-Hartman
` (243 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hans de Goede, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 83ac7a1c2ed5f17caa07cbbc84bad3c05dc3bf22 ]
Commit 2cc6c717799f ("msi-laptop: Port to new backlight interface
selection API") replaced this check:
if (!quirks->old_ec_model || acpi_video_backlight_support())
pr_info("Brightness ignored, ...");
else
do_register();
With:
if (quirks->old_ec_model ||
acpi_video_get_backlight_type() == acpi_backlight_vendor)
do_register();
But since the do_register() part was part of the else branch, the entire
condition should be inverted. So not only the 2 statements on either
side of the || should be inverted, but the || itself should be replaced
with a &&.
In practice this has likely not been an issue because the new-ec models
(old_ec_model==false) likely all support ACPI video backlight control,
making acpi_video_get_backlight_type() return acpi_backlight_video
turning the second part of the || also false when old_ec_model == false.
Fixes: 2cc6c717799f ("msi-laptop: Port to new backlight interface selection API")
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20220825141336.208597-1-hdegoede@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/msi-laptop.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/platform/x86/msi-laptop.c b/drivers/platform/x86/msi-laptop.c
index 24ffc8e2d2d1..0960205ee49f 100644
--- a/drivers/platform/x86/msi-laptop.c
+++ b/drivers/platform/x86/msi-laptop.c
@@ -1048,8 +1048,7 @@ static int __init msi_init(void)
return -EINVAL;
/* Register backlight stuff */
-
- if (quirks->old_ec_model ||
+ if (quirks->old_ec_model &&
acpi_video_get_backlight_type() == acpi_backlight_vendor) {
struct backlight_properties props;
memset(&props, 0, sizeof(struct backlight_properties));
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 153/390] platform/x86: msi-laptop: Fix resource cleanup
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 152/390] platform/x86: msi-laptop: Fix old-ec check for backlight registering Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` Greg Kroah-Hartman
` (242 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hans de Goede, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 5523632aa10f906dfe2eb714ee748590dc7fc6b1 ]
Fix the input-device not getting free-ed on probe-errors and
fix the msi_touchpad_dwork not getting cancelled on neither
probe-errors nor on remove.
Fixes: 143a4c0284dc ("msi-laptop: send out touchpad on/off key")
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20220825141336.208597-3-hdegoede@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/msi-laptop.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/platform/x86/msi-laptop.c b/drivers/platform/x86/msi-laptop.c
index 0960205ee49f..3e935303b143 100644
--- a/drivers/platform/x86/msi-laptop.c
+++ b/drivers/platform/x86/msi-laptop.c
@@ -1116,6 +1116,8 @@ static int __init msi_init(void)
fail_create_group:
if (quirks->load_scm_model) {
i8042_remove_filter(msi_laptop_i8042_filter);
+ cancel_delayed_work_sync(&msi_touchpad_dwork);
+ input_unregister_device(msi_laptop_input_dev);
cancel_delayed_work_sync(&msi_rfkill_dwork);
cancel_work_sync(&msi_rfkill_work);
rfkill_cleanup();
@@ -1136,6 +1138,7 @@ static void __exit msi_cleanup(void)
{
if (quirks->load_scm_model) {
i8042_remove_filter(msi_laptop_i8042_filter);
+ cancel_delayed_work_sync(&msi_touchpad_dwork);
input_unregister_device(msi_laptop_input_dev);
cancel_delayed_work_sync(&msi_rfkill_dwork);
cancel_work_sync(&msi_rfkill_work);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 154/390] drm: fix drm_mipi_dbi build errors
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 002/390] ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() Greg Kroah-Hartman
` (394 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Sasha Levin, kernel test robot, Sam Ravnborg, David Airlie,
Greg Kroah-Hartman, Randy Dunlap, stable, Noralf Trønnes,
Thierry Reding, dri-devel, Thomas Zimmermann, Dillon Min
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit eb7de496451bd969e203f02f66585131228ba4ae ]
drm_mipi_dbi needs lots of DRM_KMS_HELPER support, so select
that Kconfig symbol like it is done is most other uses, and
the way that it was before MIPS_DBI was moved from tinydrm
to its core location.
Fixes these build errors:
ld: drivers/gpu/drm/drm_mipi_dbi.o: in function `mipi_dbi_buf_copy':
drivers/gpu/drm/drm_mipi_dbi.c:205: undefined reference to `drm_gem_fb_get_obj'
ld: drivers/gpu/drm/drm_mipi_dbi.c:211: undefined reference to `drm_gem_fb_begin_cpu_access'
ld: drivers/gpu/drm/drm_mipi_dbi.c:215: undefined reference to `drm_gem_fb_vmap'
ld: drivers/gpu/drm/drm_mipi_dbi.c:222: undefined reference to `drm_fb_swab'
ld: drivers/gpu/drm/drm_mipi_dbi.c:224: undefined reference to `drm_fb_memcpy'
ld: drivers/gpu/drm/drm_mipi_dbi.c:227: undefined reference to `drm_fb_xrgb8888_to_rgb565'
ld: drivers/gpu/drm/drm_mipi_dbi.c:235: undefined reference to `drm_gem_fb_vunmap'
ld: drivers/gpu/drm/drm_mipi_dbi.c:237: undefined reference to `drm_gem_fb_end_cpu_access'
ld: drivers/gpu/drm/drm_mipi_dbi.o: in function `mipi_dbi_dev_init_with_formats':
ld: drivers/gpu/drm/drm_mipi_dbi.o:/X64/../drivers/gpu/drm/drm_mipi_dbi.c:469: undefined reference to `drm_gem_fb_create_with_dirty'
Fixes: 174102f4de23 ("drm/tinydrm: Move mipi-dbi")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: kernel test robot <lkp@intel.com>
Cc: Dillon Min <dillon.minfei@gmail.com>
Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: Noralf Trønnes <noralf@tronnes.org>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Cc: Thierry Reding <thierry.reding@gmail.com>
Cc: dri-devel@lists.freedesktop.org
Cc: David Airlie <airlied@linux.ie>
Cc: Daniel Vetter <daniel@ffwll.ch>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220823004243.11596-1-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/Kconfig b/drivers/gpu/drm/Kconfig
index ca868271f4c4..4e9b3a95fa7c 100644
--- a/drivers/gpu/drm/Kconfig
+++ b/drivers/gpu/drm/Kconfig
@@ -30,6 +30,7 @@ menuconfig DRM
config DRM_MIPI_DBI
tristate
depends on DRM
+ select DRM_KMS_HELPER
config DRM_MIPI_DSI
bool
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 154/390] drm: fix drm_mipi_dbi build errors
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
0 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, kernel test robot,
Dillon Min, Linus Walleij, Sam Ravnborg, Noralf Trønnes,
Thomas Zimmermann, Thierry Reding, dri-devel, David Airlie,
Daniel Vetter, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit eb7de496451bd969e203f02f66585131228ba4ae ]
drm_mipi_dbi needs lots of DRM_KMS_HELPER support, so select
that Kconfig symbol like it is done is most other uses, and
the way that it was before MIPS_DBI was moved from tinydrm
to its core location.
Fixes these build errors:
ld: drivers/gpu/drm/drm_mipi_dbi.o: in function `mipi_dbi_buf_copy':
drivers/gpu/drm/drm_mipi_dbi.c:205: undefined reference to `drm_gem_fb_get_obj'
ld: drivers/gpu/drm/drm_mipi_dbi.c:211: undefined reference to `drm_gem_fb_begin_cpu_access'
ld: drivers/gpu/drm/drm_mipi_dbi.c:215: undefined reference to `drm_gem_fb_vmap'
ld: drivers/gpu/drm/drm_mipi_dbi.c:222: undefined reference to `drm_fb_swab'
ld: drivers/gpu/drm/drm_mipi_dbi.c:224: undefined reference to `drm_fb_memcpy'
ld: drivers/gpu/drm/drm_mipi_dbi.c:227: undefined reference to `drm_fb_xrgb8888_to_rgb565'
ld: drivers/gpu/drm/drm_mipi_dbi.c:235: undefined reference to `drm_gem_fb_vunmap'
ld: drivers/gpu/drm/drm_mipi_dbi.c:237: undefined reference to `drm_gem_fb_end_cpu_access'
ld: drivers/gpu/drm/drm_mipi_dbi.o: in function `mipi_dbi_dev_init_with_formats':
ld: drivers/gpu/drm/drm_mipi_dbi.o:/X64/../drivers/gpu/drm/drm_mipi_dbi.c:469: undefined reference to `drm_gem_fb_create_with_dirty'
Fixes: 174102f4de23 ("drm/tinydrm: Move mipi-dbi")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: kernel test robot <lkp@intel.com>
Cc: Dillon Min <dillon.minfei@gmail.com>
Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: Noralf Trønnes <noralf@tronnes.org>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Cc: Thierry Reding <thierry.reding@gmail.com>
Cc: dri-devel@lists.freedesktop.org
Cc: David Airlie <airlied@linux.ie>
Cc: Daniel Vetter <daniel@ffwll.ch>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220823004243.11596-1-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/Kconfig b/drivers/gpu/drm/Kconfig
index ca868271f4c4..4e9b3a95fa7c 100644
--- a/drivers/gpu/drm/Kconfig
+++ b/drivers/gpu/drm/Kconfig
@@ -30,6 +30,7 @@ menuconfig DRM
config DRM_MIPI_DBI
tristate
depends on DRM
+ select DRM_KMS_HELPER
config DRM_MIPI_DSI
bool
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 155/390] drm/bridge: megachips: Fix a null pointer dereference bug
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2022-10-24 11:29 ` Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 156/390] ASoC: rsnd: Add check for rsnd_mod_power_on Greg Kroah-Hartman
` (240 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Robert Foss, Sasha Levin
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit 1ff673333d46d2c1b053ebd0c1c7c7c79e36943e ]
When removing the module we will get the following warning:
[ 31.911505] i2c-core: driver [stdp2690-ge-b850v3-fw] unregistered
[ 31.912484] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI
[ 31.913338] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
[ 31.915280] RIP: 0010:drm_bridge_remove+0x97/0x130
[ 31.921825] Call Trace:
[ 31.922533] stdp4028_ge_b850v3_fw_remove+0x34/0x60 [megachips_stdpxxxx_ge_b850v3_fw]
[ 31.923139] i2c_device_remove+0x181/0x1f0
The two bridges (stdp2690, stdp4028) do not probe at the same time, so
the driver does not call ge_b850v3_resgiter() when probing, causing the
driver to try to remove the object that has not been initialized.
Fix this by checking whether both the bridges are probed.
Fixes: 11632d4aa2b3 ("drm/bridge: megachips: Ensure both bridges are probed before registration")
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220830073450.1897020-1-zheyuma97@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/megachips-stdpxxxx-ge-b850v3-fw.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/bridge/megachips-stdpxxxx-ge-b850v3-fw.c b/drivers/gpu/drm/bridge/megachips-stdpxxxx-ge-b850v3-fw.c
index cce98bf2a4e7..72248a565579 100644
--- a/drivers/gpu/drm/bridge/megachips-stdpxxxx-ge-b850v3-fw.c
+++ b/drivers/gpu/drm/bridge/megachips-stdpxxxx-ge-b850v3-fw.c
@@ -296,7 +296,9 @@ static void ge_b850v3_lvds_remove(void)
* This check is to avoid both the drivers
* removing the bridge in their remove() function
*/
- if (!ge_b850v3_lvds_ptr)
+ if (!ge_b850v3_lvds_ptr ||
+ !ge_b850v3_lvds_ptr->stdp2690_i2c ||
+ !ge_b850v3_lvds_ptr->stdp4028_i2c)
goto out;
drm_bridge_remove(&ge_b850v3_lvds_ptr->bridge);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 156/390] ASoC: rsnd: Add check for rsnd_mod_power_on
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 155/390] drm/bridge: megachips: Fix a null pointer dereference bug Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 157/390] ALSA: hda: beep: Simplify keep-power-at-enable behavior Greg Kroah-Hartman
` (239 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Kuninori Morimoto,
Mark Brown, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 376be51caf8871419bbcbb755e1e615d30dc3153 ]
As rsnd_mod_power_on() can return negative numbers,
it should be better to check the return value and
deal with the exception.
Fixes: e7d850dd10f4 ("ASoC: rsnd: use mod base common method on SSI-parent")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Acked-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Link: https://lore.kernel.org/r/20220902013030.3691266-1-jiasheng@iscas.ac.cn
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/sh/rcar/ctu.c | 6 +++++-
sound/soc/sh/rcar/dvc.c | 6 +++++-
sound/soc/sh/rcar/mix.c | 6 +++++-
sound/soc/sh/rcar/src.c | 5 ++++-
sound/soc/sh/rcar/ssi.c | 4 +++-
5 files changed, 22 insertions(+), 5 deletions(-)
diff --git a/sound/soc/sh/rcar/ctu.c b/sound/soc/sh/rcar/ctu.c
index 7647b3d4c0ba..25a8cfc27433 100644
--- a/sound/soc/sh/rcar/ctu.c
+++ b/sound/soc/sh/rcar/ctu.c
@@ -171,7 +171,11 @@ static int rsnd_ctu_init(struct rsnd_mod *mod,
struct rsnd_dai_stream *io,
struct rsnd_priv *priv)
{
- rsnd_mod_power_on(mod);
+ int ret;
+
+ ret = rsnd_mod_power_on(mod);
+ if (ret < 0)
+ return ret;
rsnd_ctu_activation(mod);
diff --git a/sound/soc/sh/rcar/dvc.c b/sound/soc/sh/rcar/dvc.c
index 8d91c0eb0880..53b2ad01222b 100644
--- a/sound/soc/sh/rcar/dvc.c
+++ b/sound/soc/sh/rcar/dvc.c
@@ -186,7 +186,11 @@ static int rsnd_dvc_init(struct rsnd_mod *mod,
struct rsnd_dai_stream *io,
struct rsnd_priv *priv)
{
- rsnd_mod_power_on(mod);
+ int ret;
+
+ ret = rsnd_mod_power_on(mod);
+ if (ret < 0)
+ return ret;
rsnd_dvc_activation(mod);
diff --git a/sound/soc/sh/rcar/mix.c b/sound/soc/sh/rcar/mix.c
index a3e0370f5704..c6fe2595c373 100644
--- a/sound/soc/sh/rcar/mix.c
+++ b/sound/soc/sh/rcar/mix.c
@@ -146,7 +146,11 @@ static int rsnd_mix_init(struct rsnd_mod *mod,
struct rsnd_dai_stream *io,
struct rsnd_priv *priv)
{
- rsnd_mod_power_on(mod);
+ int ret;
+
+ ret = rsnd_mod_power_on(mod);
+ if (ret < 0)
+ return ret;
rsnd_mix_activation(mod);
diff --git a/sound/soc/sh/rcar/src.c b/sound/soc/sh/rcar/src.c
index 585ffba0244b..fd52e26a3808 100644
--- a/sound/soc/sh/rcar/src.c
+++ b/sound/soc/sh/rcar/src.c
@@ -454,11 +454,14 @@ static int rsnd_src_init(struct rsnd_mod *mod,
struct rsnd_priv *priv)
{
struct rsnd_src *src = rsnd_mod_to_src(mod);
+ int ret;
/* reset sync convert_rate */
src->sync.val = 0;
- rsnd_mod_power_on(mod);
+ ret = rsnd_mod_power_on(mod);
+ if (ret < 0)
+ return ret;
rsnd_src_activation(mod);
diff --git a/sound/soc/sh/rcar/ssi.c b/sound/soc/sh/rcar/ssi.c
index 042207c11651..2ead44779d46 100644
--- a/sound/soc/sh/rcar/ssi.c
+++ b/sound/soc/sh/rcar/ssi.c
@@ -518,7 +518,9 @@ static int rsnd_ssi_init(struct rsnd_mod *mod,
ssi->usrcnt++;
- rsnd_mod_power_on(mod);
+ ret = rsnd_mod_power_on(mod);
+ if (ret < 0)
+ return ret;
rsnd_ssi_config_init(mod, io);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 157/390] ALSA: hda: beep: Simplify keep-power-at-enable behavior
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 156/390] ASoC: rsnd: Add check for rsnd_mod_power_on Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 158/390] drm/omap: dss: Fix refcount leak bugs Greg Kroah-Hartman
` (238 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Sasha Levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 4c8d695cb9bc5f6fd298a586602947b2fc099a64 ]
The recent fix for IDT codecs to keep the power up while the beep is
enabled can be better integrated into the beep helper code.
This patch cleans up the code with refactoring.
Fixes: 414d38ba8710 ("ALSA: hda/sigmatel: Keep power up while beep is enabled")
Link: https://lore.kernel.org/r/20220906092306.26183-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/hda_beep.c | 15 +++++++++++++--
sound/pci/hda/hda_beep.h | 1 +
sound/pci/hda/patch_sigmatel.c | 25 ++-----------------------
3 files changed, 16 insertions(+), 25 deletions(-)
diff --git a/sound/pci/hda/hda_beep.c b/sound/pci/hda/hda_beep.c
index 53a2b89f8983..e63621bcb214 100644
--- a/sound/pci/hda/hda_beep.c
+++ b/sound/pci/hda/hda_beep.c
@@ -118,6 +118,12 @@ static int snd_hda_beep_event(struct input_dev *dev, unsigned int type,
return 0;
}
+static void turn_on_beep(struct hda_beep *beep)
+{
+ if (beep->keep_power_at_enable)
+ snd_hda_power_up_pm(beep->codec);
+}
+
static void turn_off_beep(struct hda_beep *beep)
{
cancel_work_sync(&beep->beep_work);
@@ -125,6 +131,8 @@ static void turn_off_beep(struct hda_beep *beep)
/* turn off beep */
generate_tone(beep, 0);
}
+ if (beep->keep_power_at_enable)
+ snd_hda_power_down_pm(beep->codec);
}
/**
@@ -140,7 +148,9 @@ int snd_hda_enable_beep_device(struct hda_codec *codec, int enable)
enable = !!enable;
if (beep->enabled != enable) {
beep->enabled = enable;
- if (!enable)
+ if (enable)
+ turn_on_beep(beep);
+ else
turn_off_beep(beep);
return 1;
}
@@ -167,7 +177,8 @@ static int beep_dev_disconnect(struct snd_device *device)
input_unregister_device(beep->dev);
else
input_free_device(beep->dev);
- turn_off_beep(beep);
+ if (beep->enabled)
+ turn_off_beep(beep);
return 0;
}
diff --git a/sound/pci/hda/hda_beep.h b/sound/pci/hda/hda_beep.h
index a25358a4807a..db76e3ddba65 100644
--- a/sound/pci/hda/hda_beep.h
+++ b/sound/pci/hda/hda_beep.h
@@ -25,6 +25,7 @@ struct hda_beep {
unsigned int enabled:1;
unsigned int linear_tone:1; /* linear tone for IDT/STAC codec */
unsigned int playing:1;
+ unsigned int keep_power_at_enable:1; /* set by driver */
struct work_struct beep_work; /* scheduled task for beep event */
struct mutex mutex;
void (*power_hook)(struct hda_beep *beep, bool on);
diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c
index b848e435b93f..6fc0c4e77cd1 100644
--- a/sound/pci/hda/patch_sigmatel.c
+++ b/sound/pci/hda/patch_sigmatel.c
@@ -4308,6 +4308,8 @@ static int stac_parse_auto_config(struct hda_codec *codec)
if (codec->beep) {
/* IDT/STAC codecs have linear beep tone parameter */
codec->beep->linear_tone = spec->linear_tone_beep;
+ /* keep power up while beep is enabled */
+ codec->beep->keep_power_at_enable = 1;
/* if no beep switch is available, make its own one */
caps = query_amp_caps(codec, nid, HDA_OUTPUT);
if (!(caps & AC_AMPCAP_MUTE)) {
@@ -4448,28 +4450,6 @@ static int stac_suspend(struct hda_codec *codec)
stac_shutup(codec);
return 0;
}
-
-static int stac_check_power_status(struct hda_codec *codec, hda_nid_t nid)
-{
-#ifdef CONFIG_SND_HDA_INPUT_BEEP
- struct sigmatel_spec *spec = codec->spec;
-#endif
- int ret = snd_hda_gen_check_power_status(codec, nid);
-
-#ifdef CONFIG_SND_HDA_INPUT_BEEP
- if (nid == spec->gen.beep_nid && codec->beep) {
- if (codec->beep->enabled != spec->beep_power_on) {
- spec->beep_power_on = codec->beep->enabled;
- if (spec->beep_power_on)
- snd_hda_power_up_pm(codec);
- else
- snd_hda_power_down_pm(codec);
- }
- ret |= spec->beep_power_on;
- }
-#endif
- return ret;
-}
#else
#define stac_suspend NULL
#endif /* CONFIG_PM */
@@ -4482,7 +4462,6 @@ static const struct hda_codec_ops stac_patch_ops = {
.unsol_event = snd_hda_jack_unsol_event,
#ifdef CONFIG_PM
.suspend = stac_suspend,
- .check_power_status = stac_check_power_status,
#endif
.reboot_notify = stac_shutup,
};
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 158/390] drm/omap: dss: Fix refcount leak bugs
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 157/390] ALSA: hda: beep: Simplify keep-power-at-enable behavior Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 159/390] mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() Greg Kroah-Hartman
` (237 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Tomi Valkeinen, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 8b42057e62120813ebe9274f508fa785b7cab33a ]
In dss_init_ports() and __dss_uninit_ports(), we should call
of_node_put() for the reference returned by of_graph_get_port_by_id()
in fail path or when it is not used anymore.
Fixes: 09bffa6e5192 ("drm: omap: use common OF graph helpers")
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220722144348.1306569-1-windhl@126.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/omapdrm/dss/dss.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/omapdrm/dss/dss.c b/drivers/gpu/drm/omapdrm/dss/dss.c
index 6ccbc29c4ce4..d5b3123ed081 100644
--- a/drivers/gpu/drm/omapdrm/dss/dss.c
+++ b/drivers/gpu/drm/omapdrm/dss/dss.c
@@ -1173,6 +1173,7 @@ static void __dss_uninit_ports(struct dss_device *dss, unsigned int num_ports)
default:
break;
}
+ of_node_put(port);
}
}
@@ -1205,11 +1206,13 @@ static int dss_init_ports(struct dss_device *dss)
default:
break;
}
+ of_node_put(port);
}
return 0;
error:
+ of_node_put(port);
__dss_uninit_ports(dss, i);
return r;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 159/390] mmc: au1xmmc: Fix an error handling path in au1xmmc_probe()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 158/390] drm/omap: dss: Fix refcount leak bugs Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 160/390] ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API Greg Kroah-Hartman
` (236 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Ulf Hansson, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 5cbedf52608cc3cbc1c2a9a861fb671620427a20 ]
If clk_prepare_enable() fails, there is no point in calling
clk_disable_unprepare() in the error handling path.
Move the out_clk label at the right place.
Fixes: b6507596dfd6 ("MIPS: Alchemy: au1xmmc: use clk framework")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Link: https://lore.kernel.org/r/21d99886d07fa7fcbec74992657dabad98c935c4.1661412818.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/au1xmmc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/au1xmmc.c b/drivers/mmc/host/au1xmmc.c
index bd00515fbaba..56a3bf51d446 100644
--- a/drivers/mmc/host/au1xmmc.c
+++ b/drivers/mmc/host/au1xmmc.c
@@ -1097,8 +1097,9 @@ static int au1xmmc_probe(struct platform_device *pdev)
if (host->platdata && host->platdata->cd_setup &&
!(mmc->caps & MMC_CAP_NEEDS_POLL))
host->platdata->cd_setup(mmc, 0);
-out_clk:
+
clk_disable_unprepare(host->clk);
+out_clk:
clk_put(host->clk);
out_irq:
free_irq(host->irq, host);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 160/390] ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 159/390] mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 161/390] drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx Greg Kroah-Hartman
` (235 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Mark Brown, Sasha Levin,
Kelin Wang
From: Liang He <windhl@126.com>
[ Upstream commit bfb735a3ceff0bab6473bac275da96f9b2a06dec ]
In eukrea_tlv320_probe(), we need to hold the reference returned
from of_find_compatible_node() which has increased the refcount
and then call of_node_put() with it when done.
Fixes: 66f232908de2 ("ASoC: eukrea-tlv320: Add DT support.")
Co-authored-by: Kelin Wang <wangkelin2023@163.com>
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220914134354.3995587-1-windhl@126.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/fsl/eukrea-tlv320.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/sound/soc/fsl/eukrea-tlv320.c b/sound/soc/fsl/eukrea-tlv320.c
index e13271ea84de..29cf9234984d 100644
--- a/sound/soc/fsl/eukrea-tlv320.c
+++ b/sound/soc/fsl/eukrea-tlv320.c
@@ -86,7 +86,7 @@ static int eukrea_tlv320_probe(struct platform_device *pdev)
int ret;
int int_port = 0, ext_port;
struct device_node *np = pdev->dev.of_node;
- struct device_node *ssi_np = NULL, *codec_np = NULL;
+ struct device_node *ssi_np = NULL, *codec_np = NULL, *tmp_np = NULL;
eukrea_tlv320.dev = &pdev->dev;
if (np) {
@@ -143,7 +143,7 @@ static int eukrea_tlv320_probe(struct platform_device *pdev)
}
if (machine_is_eukrea_cpuimx27() ||
- of_find_compatible_node(NULL, NULL, "fsl,imx21-audmux")) {
+ (tmp_np = of_find_compatible_node(NULL, NULL, "fsl,imx21-audmux"))) {
imx_audmux_v1_configure_port(MX27_AUDMUX_HPCR1_SSI0,
IMX_AUDMUX_V1_PCR_SYN |
IMX_AUDMUX_V1_PCR_TFSDIR |
@@ -158,10 +158,11 @@ static int eukrea_tlv320_probe(struct platform_device *pdev)
IMX_AUDMUX_V1_PCR_SYN |
IMX_AUDMUX_V1_PCR_RXDSEL(MX27_AUDMUX_HPCR1_SSI0)
);
+ of_node_put(tmp_np);
} else if (machine_is_eukrea_cpuimx25sd() ||
machine_is_eukrea_cpuimx35sd() ||
machine_is_eukrea_cpuimx51sd() ||
- of_find_compatible_node(NULL, NULL, "fsl,imx31-audmux")) {
+ (tmp_np = of_find_compatible_node(NULL, NULL, "fsl,imx31-audmux"))) {
if (!np)
ext_port = machine_is_eukrea_cpuimx25sd() ?
4 : 3;
@@ -178,6 +179,7 @@ static int eukrea_tlv320_probe(struct platform_device *pdev)
IMX_AUDMUX_V2_PTCR_SYN,
IMX_AUDMUX_V2_PDCR_RXDSEL(int_port)
);
+ of_node_put(tmp_np);
} else {
if (np) {
/* The eukrea,asoc-tlv320 driver was explicitly
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 161/390] drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 160/390] ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 162/390] drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() Greg Kroah-Hartman
` (234 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Baryshkov, Abhinav Kumar,
Rob Clark, Sasha Levin
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit 7538f80ae0d98bf51eb89eee5344aec219902d42 ]
Remove loops over hw_vbif. Instead always VBIF's idx as an index in the
array. This fixes an error in dpu_kms_hw_init(), where we fill
dpu_kms->hw_vbif[i], but check for an error pointer at
dpu_kms->hw_vbif[vbif_idx].
Fixes: 25fdd5933e4c ("drm/msm: Add SDM845 DPU support")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Patchwork: https://patchwork.freedesktop.org/patch/489569/
Link: https://lore.kernel.org/r/20220615125703.24647-1-dmitry.baryshkov@linaro.org
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 12 ++++------
drivers/gpu/drm/msm/disp/dpu1/dpu_vbif.c | 29 +++++++++++-------------
2 files changed, 18 insertions(+), 23 deletions(-)
diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
index 7503f093f3b6..b7841f7fc10a 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
@@ -675,12 +675,10 @@ static void _dpu_kms_hw_destroy(struct dpu_kms *dpu_kms)
_dpu_kms_mmu_destroy(dpu_kms);
if (dpu_kms->catalog) {
- for (i = 0; i < dpu_kms->catalog->vbif_count; i++) {
- u32 vbif_idx = dpu_kms->catalog->vbif[i].id;
-
- if ((vbif_idx < VBIF_MAX) && dpu_kms->hw_vbif[vbif_idx]) {
- dpu_hw_vbif_destroy(dpu_kms->hw_vbif[vbif_idx]);
- dpu_kms->hw_vbif[vbif_idx] = NULL;
+ for (i = 0; i < ARRAY_SIZE(dpu_kms->hw_vbif); i++) {
+ if (dpu_kms->hw_vbif[i]) {
+ dpu_hw_vbif_destroy(dpu_kms->hw_vbif[i]);
+ dpu_kms->hw_vbif[i] = NULL;
}
}
}
@@ -987,7 +985,7 @@ static int dpu_kms_hw_init(struct msm_kms *kms)
for (i = 0; i < dpu_kms->catalog->vbif_count; i++) {
u32 vbif_idx = dpu_kms->catalog->vbif[i].id;
- dpu_kms->hw_vbif[i] = dpu_hw_vbif_init(vbif_idx,
+ dpu_kms->hw_vbif[vbif_idx] = dpu_hw_vbif_init(vbif_idx,
dpu_kms->vbif[vbif_idx], dpu_kms->catalog);
if (IS_ERR_OR_NULL(dpu_kms->hw_vbif[vbif_idx])) {
rc = PTR_ERR(dpu_kms->hw_vbif[vbif_idx]);
diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_vbif.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_vbif.c
index 5e8c3f3e6625..fc86d34aec80 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_vbif.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_vbif.c
@@ -11,6 +11,14 @@
#include "dpu_hw_vbif.h"
#include "dpu_trace.h"
+static struct dpu_hw_vbif *dpu_get_vbif(struct dpu_kms *dpu_kms, enum dpu_vbif vbif_idx)
+{
+ if (vbif_idx < ARRAY_SIZE(dpu_kms->hw_vbif))
+ return dpu_kms->hw_vbif[vbif_idx];
+
+ return NULL;
+}
+
/**
* _dpu_vbif_wait_for_xin_halt - wait for the xin to halt
* @vbif: Pointer to hardware vbif driver
@@ -148,20 +156,15 @@ static u32 _dpu_vbif_get_ot_limit(struct dpu_hw_vbif *vbif,
void dpu_vbif_set_ot_limit(struct dpu_kms *dpu_kms,
struct dpu_vbif_set_ot_params *params)
{
- struct dpu_hw_vbif *vbif = NULL;
+ struct dpu_hw_vbif *vbif;
struct dpu_hw_mdp *mdp;
bool forced_on = false;
u32 ot_lim;
- int ret, i;
+ int ret;
mdp = dpu_kms->hw_mdp;
- for (i = 0; i < ARRAY_SIZE(dpu_kms->hw_vbif); i++) {
- if (dpu_kms->hw_vbif[i] &&
- dpu_kms->hw_vbif[i]->idx == params->vbif_idx)
- vbif = dpu_kms->hw_vbif[i];
- }
-
+ vbif = dpu_get_vbif(dpu_kms, params->vbif_idx);
if (!vbif || !mdp) {
DPU_DEBUG("invalid arguments vbif %d mdp %d\n",
vbif != NULL, mdp != NULL);
@@ -204,7 +207,7 @@ void dpu_vbif_set_ot_limit(struct dpu_kms *dpu_kms,
void dpu_vbif_set_qos_remap(struct dpu_kms *dpu_kms,
struct dpu_vbif_set_qos_params *params)
{
- struct dpu_hw_vbif *vbif = NULL;
+ struct dpu_hw_vbif *vbif;
struct dpu_hw_mdp *mdp;
bool forced_on = false;
const struct dpu_vbif_qos_tbl *qos_tbl;
@@ -216,13 +219,7 @@ void dpu_vbif_set_qos_remap(struct dpu_kms *dpu_kms,
}
mdp = dpu_kms->hw_mdp;
- for (i = 0; i < ARRAY_SIZE(dpu_kms->hw_vbif); i++) {
- if (dpu_kms->hw_vbif[i] &&
- dpu_kms->hw_vbif[i]->idx == params->vbif_idx) {
- vbif = dpu_kms->hw_vbif[i];
- break;
- }
- }
+ vbif = dpu_get_vbif(dpu_kms, params->vbif_idx);
if (!vbif || !vbif->cap) {
DPU_ERROR("invalid vbif %d\n", params->vbif_idx);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 162/390] drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 161/390] drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 163/390] ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() Greg Kroah-Hartman
` (233 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kuogee Hsieh, Stephen Boyd,
Abhinav Kumar, Dmitry Baryshkov, Rob Clark, Sasha Levin
From: Kuogee Hsieh <quic_khsieh@quicinc.com>
[ Upstream commit aa0bff10af1c4b92e6b56e3e1b7f81c660d3ba78 ]
At current implementation there is an extra 0 at 1.62G link rate which
cause no correct pixel_div selected for 1.62G link rate to calculate
mvid and nvid. This patch delete the extra 0 to have mvid and nvid be
calculated correctly.
Changes in v2:
-- fix Fixes tag's text
Changes in v3:
-- fix misspelling of "Reviewed-by"
Fixes: 937f941ca06f ("drm/msm/dp: Use qmp phy for DP PLL and PHY")
Signed-off-by: Kuogee Hsieh <quic_khsieh@quicinc.com>
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Patchwork: https://patchwork.freedesktop.org/patch/499328/
Link: https://lore.kernel.org/r/1661372150-3764-1-git-send-email-quic_khsieh@quicinc.com
[DB: rewrapped commit message]
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/dp/dp_catalog.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/msm/dp/dp_catalog.c b/drivers/gpu/drm/msm/dp/dp_catalog.c
index 2da6982efdbf..613348b022fe 100644
--- a/drivers/gpu/drm/msm/dp/dp_catalog.c
+++ b/drivers/gpu/drm/msm/dp/dp_catalog.c
@@ -416,7 +416,7 @@ void dp_catalog_ctrl_config_msa(struct dp_catalog *dp_catalog,
if (rate == link_rate_hbr3)
pixel_div = 6;
- else if (rate == 1620000 || rate == 270000)
+ else if (rate == 162000 || rate == 270000)
pixel_div = 2;
else if (rate == link_rate_hbr2)
pixel_div = 4;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 163/390] ASoC: da7219: Fix an error handling path in da7219_register_dai_clks()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (161 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 162/390] drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 164/390] ALSA: dmaengine: increment buffer pointer atomically Greg Kroah-Hartman
` (232 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Christophe JAILLET,
Mark Brown, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit abb4e4349afe7eecdb0499582f1c777031e3a7c8 ]
If clk_hw_register() fails, the corresponding clk should not be
unregistered.
To handle errors from loops, clean up partial iterations before doing the
goto. So add a clk_hw_unregister().
Then use a while (--i >= 0) loop in the unwind section.
Fixes: 78013a1cf297 ("ASoC: da7219: Fix clock handling around codec level probe")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/e4acceab57a0d9e477a8d5890a45c5309e553e7c.1663875789.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/da7219.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/sound/soc/codecs/da7219.c b/sound/soc/codecs/da7219.c
index 5f8c96dea094..f9e58d6509a8 100644
--- a/sound/soc/codecs/da7219.c
+++ b/sound/soc/codecs/da7219.c
@@ -2194,6 +2194,7 @@ static int da7219_register_dai_clks(struct snd_soc_component *component)
dai_clk_lookup = clkdev_hw_create(dai_clk_hw, init.name,
"%s", dev_name(dev));
if (!dai_clk_lookup) {
+ clk_hw_unregister(dai_clk_hw);
ret = -ENOMEM;
goto err;
} else {
@@ -2215,12 +2216,12 @@ static int da7219_register_dai_clks(struct snd_soc_component *component)
return 0;
err:
- do {
+ while (--i >= 0) {
if (da7219->dai_clks_lookup[i])
clkdev_drop(da7219->dai_clks_lookup[i]);
clk_hw_unregister(&da7219->dai_clks_hw[i]);
- } while (i-- > 0);
+ }
if (np)
kfree(da7219->clk_hw_data);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 164/390] ALSA: dmaengine: increment buffer pointer atomically
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (162 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 163/390] ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 165/390] mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() Greg Kroah-Hartman
` (231 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andreas Pape, Eugeniu Rosca,
Takashi Iwai, Sasha Levin
From: Andreas Pape <apape@de.adit-jv.com>
[ Upstream commit d1c442019594692c64a70a86ad88eb5b6db92216 ]
Setting pointer and afterwards checking for wraparound leads
to the possibility of returning the inconsistent pointer position.
This patch increments buffer pointer atomically to avoid this issue.
Fixes: e7f73a1613567a ("ASoC: Add dmaengine PCM helper functions")
Signed-off-by: Andreas Pape <apape@de.adit-jv.com>
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Link: https://lore.kernel.org/r/1664211493-11789-1-git-send-email-erosca@de.adit-jv.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/core/pcm_dmaengine.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/sound/core/pcm_dmaengine.c b/sound/core/pcm_dmaengine.c
index 4d0e8fe535a1..be58505889a3 100644
--- a/sound/core/pcm_dmaengine.c
+++ b/sound/core/pcm_dmaengine.c
@@ -130,12 +130,14 @@ EXPORT_SYMBOL_GPL(snd_dmaengine_pcm_set_config_from_dai_data);
static void dmaengine_pcm_dma_complete(void *arg)
{
+ unsigned int new_pos;
struct snd_pcm_substream *substream = arg;
struct dmaengine_pcm_runtime_data *prtd = substream_to_prtd(substream);
- prtd->pos += snd_pcm_lib_period_bytes(substream);
- if (prtd->pos >= snd_pcm_lib_buffer_bytes(substream))
- prtd->pos = 0;
+ new_pos = prtd->pos + snd_pcm_lib_period_bytes(substream);
+ if (new_pos >= snd_pcm_lib_buffer_bytes(substream))
+ new_pos = 0;
+ prtd->pos = new_pos;
snd_pcm_period_elapsed(substream);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 165/390] mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (163 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 164/390] ALSA: dmaengine: increment buffer pointer atomically Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 166/390] ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe Greg Kroah-Hartman
` (230 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Dan Carpenter,
Ulf Hansson, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit cb58188ad90a61784a56a64f5107faaf2ad323e7 ]
A dma_free_coherent() call is missing in the error handling path of the
probe, as already done in the remove function.
Fixes: 3a96dff0f828 ("mmc: SD/MMC Host Controller for Wondermedia WM8505/WM8650")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/53fc6ffa5d1c428fefeae7d313cf4a669c3a1e98.1663873255.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/wmt-sdmmc.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/wmt-sdmmc.c b/drivers/mmc/host/wmt-sdmmc.c
index cf10949fb0ac..8df722ec57ed 100644
--- a/drivers/mmc/host/wmt-sdmmc.c
+++ b/drivers/mmc/host/wmt-sdmmc.c
@@ -849,7 +849,7 @@ static int wmt_mci_probe(struct platform_device *pdev)
if (IS_ERR(priv->clk_sdmmc)) {
dev_err(&pdev->dev, "Error getting clock\n");
ret = PTR_ERR(priv->clk_sdmmc);
- goto fail5;
+ goto fail5_and_a_half;
}
ret = clk_prepare_enable(priv->clk_sdmmc);
@@ -866,6 +866,9 @@ static int wmt_mci_probe(struct platform_device *pdev)
return 0;
fail6:
clk_put(priv->clk_sdmmc);
+fail5_and_a_half:
+ dma_free_coherent(&pdev->dev, mmc->max_blk_count * 16,
+ priv->dma_desc_buffer, priv->dma_desc_device_addr);
fail5:
free_irq(dma_irq, priv);
fail4:
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 166/390] ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (164 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 165/390] mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 167/390] ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe Greg Kroah-Hartman
` (229 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Qilong, Mark Brown, Sasha Levin
From: Zhang Qilong <zhangqilong3@huawei.com>
[ Upstream commit 41a736ac20602f64773e80f0f5b32cde1830a44a ]
The pm_runtime_enable will increase power disable depth. Thus
a pairing decrement is needed on the error handling path to
keep it balanced according to context. We fix it by moving
pm_runtime_enable to the endding of wm8997_probe
Fixes:40843aea5a9bd ("ASoC: wm8997: Initial CODEC driver")
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Link: https://lore.kernel.org/r/20220928160116.125020-2-zhangqilong3@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/wm8997.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sound/soc/codecs/wm8997.c b/sound/soc/codecs/wm8997.c
index 229f2986cd96..07378714b013 100644
--- a/sound/soc/codecs/wm8997.c
+++ b/sound/soc/codecs/wm8997.c
@@ -1156,9 +1156,6 @@ static int wm8997_probe(struct platform_device *pdev)
regmap_update_bits(arizona->regmap, wm8997_digital_vu[i],
WM8997_DIG_VU, WM8997_DIG_VU);
- pm_runtime_enable(&pdev->dev);
- pm_runtime_idle(&pdev->dev);
-
arizona_init_common(arizona);
ret = arizona_init_vol_limit(arizona);
@@ -1177,6 +1174,9 @@ static int wm8997_probe(struct platform_device *pdev)
goto err_spk_irqs;
}
+ pm_runtime_enable(&pdev->dev);
+ pm_runtime_idle(&pdev->dev);
+
return ret;
err_spk_irqs:
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 167/390] ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (165 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 166/390] ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 168/390] ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe Greg Kroah-Hartman
` (228 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Qilong, Mark Brown, Sasha Levin
From: Zhang Qilong <zhangqilong3@huawei.com>
[ Upstream commit 86b46bf1feb83898d89a2b4a8d08d21e9ea277a7 ]
The pm_runtime_enable will increase power disable depth. Thus
a pairing decrement is needed on the error handling path to
keep it balanced according to context. We fix it by moving
pm_runtime_enable to the endding of wm5110_probe.
Fixes:5c6af635fd772 ("ASoC: wm5110: Add audio CODEC driver")
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Link: https://lore.kernel.org/r/20220928160116.125020-3-zhangqilong3@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/wm5110.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sound/soc/codecs/wm5110.c b/sound/soc/codecs/wm5110.c
index d0cef982215d..c158f8b1e8e4 100644
--- a/sound/soc/codecs/wm5110.c
+++ b/sound/soc/codecs/wm5110.c
@@ -2452,9 +2452,6 @@ static int wm5110_probe(struct platform_device *pdev)
regmap_update_bits(arizona->regmap, wm5110_digital_vu[i],
WM5110_DIG_VU, WM5110_DIG_VU);
- pm_runtime_enable(&pdev->dev);
- pm_runtime_idle(&pdev->dev);
-
ret = arizona_request_irq(arizona, ARIZONA_IRQ_DSP_IRQ1,
"ADSP2 Compressed IRQ", wm5110_adsp2_irq,
wm5110);
@@ -2487,6 +2484,9 @@ static int wm5110_probe(struct platform_device *pdev)
goto err_spk_irqs;
}
+ pm_runtime_enable(&pdev->dev);
+ pm_runtime_idle(&pdev->dev);
+
return ret;
err_spk_irqs:
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 168/390] ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (166 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 167/390] ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 169/390] ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe Greg Kroah-Hartman
` (227 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Qilong, Mark Brown, Sasha Levin
From: Zhang Qilong <zhangqilong3@huawei.com>
[ Upstream commit fcbb60820cd3008bb44334a0395e5e57ccb77329 ]
The pm_runtime_enable will increase power disable depth. Thus
a pairing decrement is needed on the error handling path to
keep it balanced according to context. We fix it by moving
pm_runtime_enable to the endding of wm5102_probe.
Fixes:93e8791dd34ca ("ASoC: wm5102: Initial driver")
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Link: https://lore.kernel.org/r/20220928160116.125020-4-zhangqilong3@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/wm5102.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sound/soc/codecs/wm5102.c b/sound/soc/codecs/wm5102.c
index 2ed3fa67027d..b7f5e5391fdb 100644
--- a/sound/soc/codecs/wm5102.c
+++ b/sound/soc/codecs/wm5102.c
@@ -2083,9 +2083,6 @@ static int wm5102_probe(struct platform_device *pdev)
regmap_update_bits(arizona->regmap, wm5102_digital_vu[i],
WM5102_DIG_VU, WM5102_DIG_VU);
- pm_runtime_enable(&pdev->dev);
- pm_runtime_idle(&pdev->dev);
-
ret = arizona_request_irq(arizona, ARIZONA_IRQ_DSP_IRQ1,
"ADSP2 Compressed IRQ", wm5102_adsp2_irq,
wm5102);
@@ -2118,6 +2115,9 @@ static int wm5102_probe(struct platform_device *pdev)
goto err_spk_irqs;
}
+ pm_runtime_enable(&pdev->dev);
+ pm_runtime_idle(&pdev->dev);
+
return ret;
err_spk_irqs:
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 169/390] ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (167 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 168/390] ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 170/390] ALSA: hda/hdmi: Dont skip notification handling during PM operation Greg Kroah-Hartman
` (226 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Qilong, Mark Brown, Sasha Levin
From: Zhang Qilong <zhangqilong3@huawei.com>
[ Upstream commit b73f11e895e140537e7f8c7251211ccd3ce0782b ]
The pm_runtime_enable will increase power disable depth. Thus
a pairing decrement is needed on the error handling path to
keep it balanced according to context. We fix it by moving
pm_runtime_enable to the endding of mt6660_i2c_probe.
Fixes:f289e55c6eeb4 ("ASoC: Add MediaTek MT6660 Speaker Amp Driver")
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Link: https://lore.kernel.org/r/20220928160116.125020-5-zhangqilong3@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/mt6660.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/sound/soc/codecs/mt6660.c b/sound/soc/codecs/mt6660.c
index d1797003c83d..e18a58868273 100644
--- a/sound/soc/codecs/mt6660.c
+++ b/sound/soc/codecs/mt6660.c
@@ -504,13 +504,17 @@ static int mt6660_i2c_probe(struct i2c_client *client,
dev_err(chip->dev, "read chip revision fail\n");
goto probe_fail;
}
- pm_runtime_set_active(chip->dev);
- pm_runtime_enable(chip->dev);
ret = devm_snd_soc_register_component(chip->dev,
&mt6660_component_driver,
&mt6660_codec_dai, 1);
+ if (!ret) {
+ pm_runtime_set_active(chip->dev);
+ pm_runtime_enable(chip->dev);
+ }
+
return ret;
+
probe_fail:
_mt6660_chip_power_on(chip, 0);
mutex_destroy(&chip->io_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 170/390] ALSA: hda/hdmi: Dont skip notification handling during PM operation
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (168 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 169/390] ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 171/390] memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() Greg Kroah-Hartman
` (225 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brent Lu, Takashi Iwai, Sasha Levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 5226c7b9784eee215e3914f440b3c2e1764f67a8 ]
The HDMI driver skips the notification handling from the graphics
driver when the codec driver is being in the PM operation. This
behavior was introduced by the commit eb399d3c99d8 ("ALSA: hda - Skip
ELD notification during PM process"). This skip may cause a problem,
as we may miss the ELD update when the connection/disconnection
happens right at the runtime-PM operation of the audio codec.
Although this workaround was valid at that time, it's no longer true;
the fix was required just because the ELD update procedure needed to
wake up the audio codec, which had lead to a runtime-resume during a
runtime-suspend. Meanwhile, the ELD update procedure doesn't need a
codec wake up any longer since the commit 788d441a164c ("ALSA: hda -
Use component ops for i915 HDMI/DP audio jack handling"); i.e. there
is no much reason for skipping the notification.
Let's drop those checks for addressing the missing notification.
Fixes: 788d441a164c ("ALSA: hda - Use component ops for i915 HDMI/DP audio jack handling")
Reported-by: Brent Lu <brent.lu@intel.com>
Link: https://lore.kernel.org/r/20220927135807.4097052-1-brent.lu@intel.com
Link: https://lore.kernel.org/r/20221001074809.7461-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_hdmi.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c
index c3fcf478037f..b1c57c65f6cd 100644
--- a/sound/pci/hda/patch_hdmi.c
+++ b/sound/pci/hda/patch_hdmi.c
@@ -2684,9 +2684,6 @@ static void generic_acomp_pin_eld_notify(void *audio_ptr, int port, int dev_id)
*/
if (codec->core.dev.power.power_state.event == PM_EVENT_SUSPEND)
return;
- /* ditto during suspend/resume process itself */
- if (snd_hdac_is_in_pm(&codec->core))
- return;
check_presence_and_report(codec, pin_nid, dev_id);
}
@@ -2870,9 +2867,6 @@ static void intel_pin_eld_notify(void *audio_ptr, int port, int pipe)
*/
if (codec->core.dev.power.power_state.event == PM_EVENT_SUSPEND)
return;
- /* ditto during suspend/resume process itself */
- if (snd_hdac_is_in_pm(&codec->core))
- return;
snd_hdac_i915_set_bclk(&codec->bus->core);
check_presence_and_report(codec, pin_nid, dev_id);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 171/390] memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (169 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 170/390] ALSA: hda/hdmi: Dont skip notification handling during PM operation Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 172/390] memory: of: Fix refcount leak bug in of_get_ddr_timings() Greg Kroah-Hartman
` (224 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Krzysztof Kozlowski, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 61b3c876c1cbdb1efd1f52a1f348580e6e14efb6 ]
The break of for_each_available_child_of_node() needs a
corresponding of_node_put() when the reference 'child' is not
used anymore. Here we do not need to call of_node_put() in
fail path as '!match' means no break.
While the of_platform_device_create() will created a new
reference by 'child' but it has considered the refcounting.
Fixes: fee10bd22678 ("memory: pl353: Add driver for arm pl353 static memory controller")
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220716031324.447680-1-windhl@126.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/memory/pl353-smc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/memory/pl353-smc.c b/drivers/memory/pl353-smc.c
index b0b251bb207f..1a6964f1ba6a 100644
--- a/drivers/memory/pl353-smc.c
+++ b/drivers/memory/pl353-smc.c
@@ -416,6 +416,7 @@ static int pl353_smc_probe(struct amba_device *adev, const struct amba_id *id)
if (init)
init(adev, child);
of_platform_device_create(child, NULL, &adev->dev);
+ of_node_put(child);
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 172/390] memory: of: Fix refcount leak bug in of_get_ddr_timings()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (170 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 171/390] memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 173/390] memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() Greg Kroah-Hartman
` (223 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Krzysztof Kozlowski, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 05215fb32010d4afb68fbdbb4d237df6e2d4567b ]
We should add the of_node_put() when breaking out of
for_each_child_of_node() as it will automatically increase
and decrease the refcount.
Fixes: e6b42eb6a66c ("memory: emif: add device tree support to emif driver")
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220719085640.1210583-1-windhl@126.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/memory/of_memory.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/memory/of_memory.c b/drivers/memory/of_memory.c
index d9f5437d3bce..d0a80aefdea8 100644
--- a/drivers/memory/of_memory.c
+++ b/drivers/memory/of_memory.c
@@ -134,6 +134,7 @@ const struct lpddr2_timings *of_get_ddr_timings(struct device_node *np_ddr,
for_each_child_of_node(np_ddr, np_tim) {
if (of_device_is_compatible(np_tim, tim_compat)) {
if (of_do_get_timings(np_tim, &timings[i])) {
+ of_node_put(np_tim);
devm_kfree(dev, timings);
goto default_timings;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 173/390] memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (171 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 172/390] memory: of: Fix refcount leak bug in of_get_ddr_timings() Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 174/390] soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() Greg Kroah-Hartman
` (222 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Krzysztof Kozlowski, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 48af14fb0eaa63d9aa68f59fb0b205ec55a95636 ]
We should add the of_node_put() when breaking out of
for_each_child_of_node() as it will automatically increase
and decrease the refcount.
Fixes: 976897dd96db ("memory: Extend of_memory with LPDDR3 support")
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220719085640.1210583-2-windhl@126.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/memory/of_memory.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/memory/of_memory.c b/drivers/memory/of_memory.c
index d0a80aefdea8..1791614f324b 100644
--- a/drivers/memory/of_memory.c
+++ b/drivers/memory/of_memory.c
@@ -283,6 +283,7 @@ const struct lpddr3_timings
if (of_device_is_compatible(np_tim, tim_compat)) {
if (of_lpddr3_do_get_timings(np_tim, &timings[i])) {
devm_kfree(dev, timings);
+ of_node_put(np_tim);
goto default_timings;
}
i++;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 174/390] soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (172 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 173/390] memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 175/390] soc: qcom: smem_state: Add refcounting for the state->of_node Greg Kroah-Hartman
` (221 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Bjorn Andersson, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit af8f6f39b8afd772fda4f8e61823ef8c021bf382 ]
There are two refcount leak bugs in qcom_smsm_probe():
(1) The 'local_node' is escaped out from for_each_child_of_node() as
the break of iteration, we should call of_node_put() for it in error
path or when it is not used anymore.
(2) The 'node' is escaped out from for_each_available_child_of_node()
as the 'goto', we should call of_node_put() for it in goto target.
Fixes: c97c4090ff72 ("soc: qcom: smsm: Add driver for Qualcomm SMSM")
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220721135217.1301039-1-windhl@126.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/qcom/smsm.c | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/drivers/soc/qcom/smsm.c b/drivers/soc/qcom/smsm.c
index 6564f15c5319..acba67dfbc85 100644
--- a/drivers/soc/qcom/smsm.c
+++ b/drivers/soc/qcom/smsm.c
@@ -511,7 +511,7 @@ static int qcom_smsm_probe(struct platform_device *pdev)
for (id = 0; id < smsm->num_hosts; id++) {
ret = smsm_parse_ipc(smsm, id);
if (ret < 0)
- return ret;
+ goto out_put;
}
/* Acquire the main SMSM state vector */
@@ -519,13 +519,14 @@ static int qcom_smsm_probe(struct platform_device *pdev)
smsm->num_entries * sizeof(u32));
if (ret < 0 && ret != -EEXIST) {
dev_err(&pdev->dev, "unable to allocate shared state entry\n");
- return ret;
+ goto out_put;
}
states = qcom_smem_get(QCOM_SMEM_HOST_ANY, SMEM_SMSM_SHARED_STATE, NULL);
if (IS_ERR(states)) {
dev_err(&pdev->dev, "Unable to acquire shared state entry\n");
- return PTR_ERR(states);
+ ret = PTR_ERR(states);
+ goto out_put;
}
/* Acquire the list of interrupt mask vectors */
@@ -533,13 +534,14 @@ static int qcom_smsm_probe(struct platform_device *pdev)
ret = qcom_smem_alloc(QCOM_SMEM_HOST_ANY, SMEM_SMSM_CPU_INTR_MASK, size);
if (ret < 0 && ret != -EEXIST) {
dev_err(&pdev->dev, "unable to allocate smsm interrupt mask\n");
- return ret;
+ goto out_put;
}
intr_mask = qcom_smem_get(QCOM_SMEM_HOST_ANY, SMEM_SMSM_CPU_INTR_MASK, NULL);
if (IS_ERR(intr_mask)) {
dev_err(&pdev->dev, "unable to acquire shared memory interrupt mask\n");
- return PTR_ERR(intr_mask);
+ ret = PTR_ERR(intr_mask);
+ goto out_put;
}
/* Setup the reference to the local state bits */
@@ -550,7 +552,8 @@ static int qcom_smsm_probe(struct platform_device *pdev)
smsm->state = qcom_smem_state_register(local_node, &smsm_state_ops, smsm);
if (IS_ERR(smsm->state)) {
dev_err(smsm->dev, "failed to register qcom_smem_state\n");
- return PTR_ERR(smsm->state);
+ ret = PTR_ERR(smsm->state);
+ goto out_put;
}
/* Register handlers for remote processor entries of interest. */
@@ -580,16 +583,19 @@ static int qcom_smsm_probe(struct platform_device *pdev)
}
platform_set_drvdata(pdev, smsm);
+ of_node_put(local_node);
return 0;
unwind_interfaces:
+ of_node_put(node);
for (id = 0; id < smsm->num_entries; id++)
if (smsm->entries[id].domain)
irq_domain_remove(smsm->entries[id].domain);
qcom_smem_state_unregister(smsm->state);
-
+out_put:
+ of_node_put(local_node);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 175/390] soc: qcom: smem_state: Add refcounting for the state->of_node
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (173 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 174/390] soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 176/390] ARM: dts: turris-omnia: Fix mpp26 pin name and comment Greg Kroah-Hartman
` (220 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Bjorn Andersson, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 90681f53b9381c23ff7762a3b13826d620c272de ]
In qcom_smem_state_register() and qcom_smem_state_release(), we
should better use of_node_get() and of_node_put() for the reference
creation and destruction of 'device_node'.
Fixes: 9460ae2ff308 ("soc: qcom: Introduce common SMEM state machine code")
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220721135217.1301039-2-windhl@126.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/qcom/smem_state.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/soc/qcom/smem_state.c b/drivers/soc/qcom/smem_state.c
index d2b558438deb..41e929407196 100644
--- a/drivers/soc/qcom/smem_state.c
+++ b/drivers/soc/qcom/smem_state.c
@@ -136,6 +136,7 @@ static void qcom_smem_state_release(struct kref *ref)
struct qcom_smem_state *state = container_of(ref, struct qcom_smem_state, refcount);
list_del(&state->list);
+ of_node_put(state->of_node);
kfree(state);
}
@@ -169,7 +170,7 @@ struct qcom_smem_state *qcom_smem_state_register(struct device_node *of_node,
kref_init(&state->refcount);
- state->of_node = of_node;
+ state->of_node = of_node_get(of_node);
state->ops = *ops;
state->priv = priv;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 176/390] ARM: dts: turris-omnia: Fix mpp26 pin name and comment
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (174 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 175/390] soc: qcom: smem_state: Add refcounting for the state->of_node Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 177/390] ARM: dts: kirkwood: lsxl: fix serial line Greg Kroah-Hartman
` (219 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Behún, Gregory CLEMENT,
Sasha Levin
From: Marek Behún <kabel@kernel.org>
[ Upstream commit 49e93898f0dc177e645c22d0664813567fd9ec00 ]
There is a bug in Turris Omnia's schematics, whereupon the MPP[26] pin,
which is routed to CN11 pin header, is documented as SPI CS1, but
MPP[26] pin does not support this function. Instead it controls chip
select 2 if in "spi0" mode.
Fix the name of the pin node in pinctrl node and fix the comment in SPI
node.
Fixes: 26ca8b52d6e1 ("ARM: dts: add support for Turris Omnia")
Signed-off-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/armada-385-turris-omnia.dts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/boot/dts/armada-385-turris-omnia.dts b/arch/arm/boot/dts/armada-385-turris-omnia.dts
index fde4c302f08e..92e08486ec81 100644
--- a/arch/arm/boot/dts/armada-385-turris-omnia.dts
+++ b/arch/arm/boot/dts/armada-385-turris-omnia.dts
@@ -307,7 +307,7 @@
marvell,function = "spi0";
};
- spi0cs1_pins: spi0cs1-pins {
+ spi0cs2_pins: spi0cs2-pins {
marvell,pins = "mpp26";
marvell,function = "spi0";
};
@@ -342,7 +342,7 @@
};
};
- /* MISO, MOSI, SCLK and CS1 are routed to pin header CN11 */
+ /* MISO, MOSI, SCLK and CS2 are routed to pin header CN11 */
};
&uart0 {
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 177/390] ARM: dts: kirkwood: lsxl: fix serial line
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (175 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 176/390] ARM: dts: turris-omnia: Fix mpp26 pin name and comment Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 178/390] ARM: dts: kirkwood: lsxl: remove first ethernet port Greg Kroah-Hartman
` (218 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Walle, Andrew Lunn,
Gregory CLEMENT, Sasha Levin
From: Michael Walle <michael@walle.cc>
[ Upstream commit 04eabc6ac10fda9424606d9a7ab6ab9a5d95350a ]
Commit 327e15428977 ("ARM: dts: kirkwood: consolidate common pinctrl
settings") unknowingly broke the serial output on this board. Before
this commit, the pinmux was still configured by the bootloader and the
kernel didn't reconfigured it again. This was an oversight by the
initial board support where the pinmux for the serial line was never
configured by the kernel. But with this commit, the serial line will be
reconfigured to the wrong pins. This is especially confusing, because
the output still works, but the input doesn't. Presumingly, the input is
reconfigured to MPP10, but the output is connected to both MPP11 and
MPP5.
Override the pinmux in the board device tree.
Fixes: 327e15428977 ("ARM: dts: kirkwood: consolidate common pinctrl settings")
Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/kirkwood-lsxl.dtsi | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/arch/arm/boot/dts/kirkwood-lsxl.dtsi b/arch/arm/boot/dts/kirkwood-lsxl.dtsi
index 7b151acb9984..321a40a98ed2 100644
--- a/arch/arm/boot/dts/kirkwood-lsxl.dtsi
+++ b/arch/arm/boot/dts/kirkwood-lsxl.dtsi
@@ -10,6 +10,11 @@
ocp@f1000000 {
pinctrl: pin-controller@10000 {
+ /* Non-default UART pins */
+ pmx_uart0: pmx-uart0 {
+ marvell,pins = "mpp4", "mpp5";
+ };
+
pmx_power_hdd: pmx-power-hdd {
marvell,pins = "mpp10";
marvell,function = "gpo";
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 178/390] ARM: dts: kirkwood: lsxl: remove first ethernet port
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (176 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 177/390] ARM: dts: kirkwood: lsxl: fix serial line Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` Greg Kroah-Hartman
` (217 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Walle, Andrew Lunn,
Gregory CLEMENT, Sasha Levin
From: Michael Walle <michael@walle.cc>
[ Upstream commit 2d528eda7c96ce5c70f895854ecd5684bd5d80b9 ]
Both the Linkstation LS-CHLv2 and the LS-XHL have only one ethernet
port. This has always been wrong, i.e. the board code used to set up
both ports, but the driver will play nice and return -ENODEV if the
assiciated PHY is not found. Nevertheless, it is wrong. Remove it.
Fixes: 876e23333511 ("ARM: kirkwood: add gigabit ethernet and mvmdio device tree nodes")
Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/kirkwood-lsxl.dtsi | 11 -----------
1 file changed, 11 deletions(-)
diff --git a/arch/arm/boot/dts/kirkwood-lsxl.dtsi b/arch/arm/boot/dts/kirkwood-lsxl.dtsi
index 321a40a98ed2..88b70ba1c8fe 100644
--- a/arch/arm/boot/dts/kirkwood-lsxl.dtsi
+++ b/arch/arm/boot/dts/kirkwood-lsxl.dtsi
@@ -218,22 +218,11 @@
&mdio {
status = "okay";
- ethphy0: ethernet-phy@0 {
- reg = <0>;
- };
-
ethphy1: ethernet-phy@8 {
reg = <8>;
};
};
-ð0 {
- status = "okay";
- ethernet0-port@0 {
- phy-handle = <ðphy0>;
- };
-};
-
ð1 {
status = "okay";
ethernet1-port@0 {
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 179/390] ia64: export memory_add_physaddr_to_nid to fix cxl build error
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 002/390] ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() Greg Kroah-Hartman
` (394 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Randy Dunlap,
Dan Williams, Ben Widawsky, Jonathan Cameron, linux-ia64,
Arnd Bergmann, Keith Mannthey, Andrew Morton, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 97c318bfbe84efded246e80428054f300042f110 ]
cxl_pmem.ko uses memory_add_physaddr_to_nid() but ia64 does not export it,
so this causes a build error:
ERROR: modpost: "memory_add_physaddr_to_nid" [drivers/cxl/cxl_pmem.ko] undefined!
Fix this by exporting that function.
Fixes: 8c2676a5870a ("hot-add-mem x86_64: memory_add_physaddr_to_nid node fixup")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Ben Widawsky <bwidawsk@kernel.org>
Cc: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Cc: linux-ia64@vger.kernel.org
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Keith Mannthey <kmannth@us.ibm.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/ia64/mm/numa.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/ia64/mm/numa.c b/arch/ia64/mm/numa.c
index f34964271101..6cd002e8163d 100644
--- a/arch/ia64/mm/numa.c
+++ b/arch/ia64/mm/numa.c
@@ -106,5 +106,6 @@ int memory_add_physaddr_to_nid(u64 addr)
return 0;
return nid;
}
+EXPORT_SYMBOL(memory_add_physaddr_to_nid);
#endif
#endif
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 179/390] ia64: export memory_add_physaddr_to_nid to fix cxl build error
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
0 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Randy Dunlap,
Dan Williams, Ben Widawsky, Jonathan Cameron, linux-ia64,
Arnd Bergmann, Keith Mannthey, Andrew Morton, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 97c318bfbe84efded246e80428054f300042f110 ]
cxl_pmem.ko uses memory_add_physaddr_to_nid() but ia64 does not export it,
so this causes a build error:
ERROR: modpost: "memory_add_physaddr_to_nid" [drivers/cxl/cxl_pmem.ko] undefined!
Fix this by exporting that function.
Fixes: 8c2676a5870a ("hot-add-mem x86_64: memory_add_physaddr_to_nid node fixup")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Ben Widawsky <bwidawsk@kernel.org>
Cc: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Cc: linux-ia64@vger.kernel.org
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Keith Mannthey <kmannth@us.ibm.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/ia64/mm/numa.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/ia64/mm/numa.c b/arch/ia64/mm/numa.c
index f34964271101..6cd002e8163d 100644
--- a/arch/ia64/mm/numa.c
+++ b/arch/ia64/mm/numa.c
@@ -106,5 +106,6 @@ int memory_add_physaddr_to_nid(u64 addr)
return 0;
return nid;
}
+EXPORT_SYMBOL(memory_add_physaddr_to_nid);
#endif
#endif
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 180/390] soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (178 preceding siblings ...)
2022-10-24 11:29 ` Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 181/390] ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family Greg Kroah-Hartman
` (215 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Necip Fazil Yildiran,
Dmitry Osipenko, Sasha Levin
From: Dmitry Osipenko <digetx@gmail.com>
[ Upstream commit 2254182807fc09ba9dec9a42ef239e373796f1b2 ]
The DMA subsystem could be entirely disabled in Kconfig and then the
TEGRA20_APB_DMA option isn't available too. Hence kernel configuration
fails if DMADEVICES Kconfig option is disabled due to the unsatisfiable
dependency.
The FUSE driver isn't a critical driver and currently it only provides
NVMEM interface to userspace which isn't known to be widely used, and
thus, it's fine if FUSE driver fails to load.
Let's remove the erroneous Kconfig dependency and let the FUSE driver to
fail the probing if DMA is unavailable.
Fixes: 19d41e5e9c68 ("soc/tegra: fuse: Add APB DMA dependency for Tegra20")
Reported-by: Necip Fazil Yildiran <fazilyildiran@gmail.com>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=209301
Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/tegra/Kconfig | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/soc/tegra/Kconfig b/drivers/soc/tegra/Kconfig
index 976dee036470..676807c5a215 100644
--- a/drivers/soc/tegra/Kconfig
+++ b/drivers/soc/tegra/Kconfig
@@ -136,7 +136,6 @@ config SOC_TEGRA_FUSE
def_bool y
depends on ARCH_TEGRA
select SOC_BUS
- select TEGRA20_APB_DMA if ARCH_TEGRA_2x_SOC
config SOC_TEGRA_FLOWCTRL
bool
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 181/390] ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (179 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 180/390] soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 182/390] ARM: Drop CMDLINE_* dependency on ATAGS Greg Kroah-Hartman
` (214 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Torokhov, Krzysztof Kozlowski,
Linus Walleij, Arnd Bergmann, Sasha Levin
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
[ Upstream commit 3ba2d4bb9592bf7a6a3fe3dbe711ecfc3d004bab ]
According to s5k6a3 driver code, the reset line for the chip appears to
be active low. This also matches the typical polarity of reset lines in
general. Let's fix it up as having correct polarity in DTS is important
when the driver will be switched over to gpiod API.
Fixes: b4fec64758ab ("ARM: dts: Add camera device nodes for Exynos4412 TRATS2 board")
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20220913164104.203957-1-dmitry.torokhov@gmail.com
Link: https://lore.kernel.org/r/20220926104354.118578-2-krzysztof.kozlowski@linaro.org'
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/exynos4412-midas.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/exynos4412-midas.dtsi b/arch/arm/boot/dts/exynos4412-midas.dtsi
index 06450066b178..255a13666edc 100644
--- a/arch/arm/boot/dts/exynos4412-midas.dtsi
+++ b/arch/arm/boot/dts/exynos4412-midas.dtsi
@@ -588,7 +588,7 @@
clocks = <&camera 1>;
clock-names = "extclk";
samsung,camclk-out = <1>;
- gpios = <&gpm1 6 GPIO_ACTIVE_HIGH>;
+ gpios = <&gpm1 6 GPIO_ACTIVE_LOW>;
port {
is_s5k6a3_ep: endpoint {
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 182/390] ARM: Drop CMDLINE_* dependency on ATAGS
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (180 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 181/390] ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 183/390] arm64: ftrace: fix module PLTs with mcount Greg Kroah-Hartman
` (213 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Geert Uytterhoeven, Ard Biesheuvel,
Arnd Bergmann, Sasha Levin
From: Geert Uytterhoeven <geert+renesas@glider.be>
[ Upstream commit 136f4b1ec7c962ee37a787e095fd37b058d72bd3 ]
On arm32, the configuration options to specify the kernel command line
type depend on ATAGS. However, the actual CMDLINE cofiguration option
does not depend on ATAGS, and the code that handles this is not specific
to ATAGS (see drivers/of/fdt.c:early_init_dt_scan_chosen()).
Hence users who desire to override the kernel command line on arm32 must
enable support for ATAGS, even on a pure-DT system. Other architectures
(arm64, loongarch, microblaze, nios2, powerpc, and riscv) do not impose
such a restriction.
Hence drop the dependency on ATAGS.
Fixes: bd51e2f595580fb6 ("ARM: 7506/1: allow for ATAGS to be configured out when DT support is selected")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/Kconfig | 1 -
1 file changed, 1 deletion(-)
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index b587ecc6f949..985ab0b091a6 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -1791,7 +1791,6 @@ config CMDLINE
choice
prompt "Kernel command line type" if CMDLINE != ""
default CMDLINE_FROM_BOOTLOADER
- depends on ATAGS
config CMDLINE_FROM_BOOTLOADER
bool "Use bootloader kernel arguments if available"
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 183/390] arm64: ftrace: fix module PLTs with mcount
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (181 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 182/390] ARM: Drop CMDLINE_* dependency on ATAGS Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 184/390] ARM: dts: exynos: fix polarity of VBUS GPIO of Origen Greg Kroah-Hartman
` (212 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Rutland, Li Huafei,
Ard Biesheuvel, Will Deacon, Catalin Marinas, Sasha Levin
From: Mark Rutland <mark.rutland@arm.com>
[ Upstream commit 8cfb08575c6d4585f1ce0deeb189e5c824776b04 ]
Li Huafei reports that mcount-based ftrace with module PLTs was broken
by commit:
a6253579977e4c6f ("arm64: ftrace: consistently handle PLTs.")
When a module PLTs are used and a module is loaded sufficiently far away
from the kernel, we'll create PLTs for any branches which are
out-of-range. These are separate from the special ftrace trampoline
PLTs, which the module PLT code doesn't directly manipulate.
When mcount is in use this is a problem, as each mcount callsite in a
module will be initialized to point to a module PLT, but since commit
a6253579977e4c6f ftrace_make_nop() will assume that the callsite has
been initialized to point to the special ftrace trampoline PLT, and
ftrace_find_callable_addr() rejects other cases.
This means that when ftrace tries to initialize a callsite via
ftrace_make_nop(), the call to ftrace_find_callable_addr() will find
that the `_mcount` stub is out-of-range and is not handled by the ftrace
PLT, resulting in a splat:
| ftrace_test: loading out-of-tree module taints kernel.
| ftrace: no module PLT for _mcount
| ------------[ ftrace bug ]------------
| ftrace failed to modify
| [<ffff800029180014>] 0xffff800029180014
| actual: 44:00:00:94
| Initializing ftrace call sites
| ftrace record flags: 2000000
| (0)
| expected tramp: ffff80000802eb3c
| ------------[ cut here ]------------
| WARNING: CPU: 3 PID: 157 at kernel/trace/ftrace.c:2120 ftrace_bug+0x94/0x270
| Modules linked in:
| CPU: 3 PID: 157 Comm: insmod Tainted: G O 6.0.0-rc6-00151-gcd722513a189-dirty #22
| Hardware name: linux,dummy-virt (DT)
| pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
| pc : ftrace_bug+0x94/0x270
| lr : ftrace_bug+0x21c/0x270
| sp : ffff80000b2bbaf0
| x29: ffff80000b2bbaf0 x28: 0000000000000000 x27: ffff0000c4d38000
| x26: 0000000000000001 x25: ffff800009d7e000 x24: ffff0000c4d86e00
| x23: 0000000002000000 x22: ffff80000a62b000 x21: ffff8000098ebea8
| x20: ffff0000c4d38000 x19: ffff80000aa24158 x18: ffffffffffffffff
| x17: 0000000000000000 x16: 0a0d2d2d2d2d2d2d x15: ffff800009aa9118
| x14: 0000000000000000 x13: 6333626532303830 x12: 3030303866666666
| x11: 203a706d61727420 x10: 6465746365707865 x9 : 3362653230383030
| x8 : c0000000ffffefff x7 : 0000000000017fe8 x6 : 000000000000bff4
| x5 : 0000000000057fa8 x4 : 0000000000000000 x3 : 0000000000000001
| x2 : ad2cb14bb5438900 x1 : 0000000000000000 x0 : 0000000000000022
| Call trace:
| ftrace_bug+0x94/0x270
| ftrace_process_locs+0x308/0x430
| ftrace_module_init+0x44/0x60
| load_module+0x15b4/0x1ce8
| __do_sys_init_module+0x1ec/0x238
| __arm64_sys_init_module+0x24/0x30
| invoke_syscall+0x54/0x118
| el0_svc_common.constprop.4+0x84/0x100
| do_el0_svc+0x3c/0xd0
| el0_svc+0x1c/0x50
| el0t_64_sync_handler+0x90/0xb8
| el0t_64_sync+0x15c/0x160
| ---[ end trace 0000000000000000 ]---
| ---------test_init-----------
Fix this by reverting to the old behaviour of ignoring the old
instruction when initialising an mcount callsite in a module, which was
the behaviour prior to commit a6253579977e4c6f.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Fixes: a6253579977e ("arm64: ftrace: consistently handle PLTs.")
Reported-by: Li Huafei <lihuafei1@huawei.com>
Link: https://lore.kernel.org/linux-arm-kernel/20220929094134.99512-1-lihuafei1@huawei.com
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20220929134525.798593-1-mark.rutland@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/kernel/ftrace.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/ftrace.c b/arch/arm64/kernel/ftrace.c
index 3724bab278b2..402a24f845b9 100644
--- a/arch/arm64/kernel/ftrace.c
+++ b/arch/arm64/kernel/ftrace.c
@@ -216,11 +216,26 @@ int ftrace_make_nop(struct module *mod, struct dyn_ftrace *rec,
unsigned long pc = rec->ip;
u32 old = 0, new;
+ new = aarch64_insn_gen_nop();
+
+ /*
+ * When using mcount, callsites in modules may have been initalized to
+ * call an arbitrary module PLT (which redirects to the _mcount stub)
+ * rather than the ftrace PLT we'll use at runtime (which redirects to
+ * the ftrace trampoline). We can ignore the old PLT when initializing
+ * the callsite.
+ *
+ * Note: 'mod' is only set at module load time.
+ */
+ if (!IS_ENABLED(CONFIG_DYNAMIC_FTRACE_WITH_REGS) &&
+ IS_ENABLED(CONFIG_ARM64_MODULE_PLTS) && mod) {
+ return aarch64_insn_patch_text_nosync((void *)pc, new);
+ }
+
if (!ftrace_find_callable_addr(rec, mod, &addr))
return -EINVAL;
old = aarch64_insn_gen_branch_imm(pc, addr, AARCH64_INSN_BRANCH_LINK);
- new = aarch64_insn_gen_nop();
return ftrace_modify_code(pc, old, new, true);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 184/390] ARM: dts: exynos: fix polarity of VBUS GPIO of Origen
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (182 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 183/390] arm64: ftrace: fix module PLTs with mcount Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 185/390] iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX Greg Kroah-Hartman
` (211 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Torokhov, Krzysztof Kozlowski,
Sasha Levin
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
[ Upstream commit a08137bd1e0a7ce951dce9ce4a83e39d379b6e1b ]
EHCI Oxynos (drivers/usb/host/ehci-exynos.c) drives VBUS GPIO high when
trying to power up the bus, therefore the GPIO in DTS must be marked as
"active high". This will be important when EHCI driver is converted to
gpiod API that respects declared polarities.
Fixes: 4e8991def565 ("ARM: dts: exynos: Enable AX88760 USB hub on Origen board")
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Link: https://lore.kernel.org/r/20220927220504.3744878-1-dmitry.torokhov@gmail.com
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/exynos4412-origen.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/exynos4412-origen.dts b/arch/arm/boot/dts/exynos4412-origen.dts
index c2e793b69e7d..e2d76ea4404e 100644
--- a/arch/arm/boot/dts/exynos4412-origen.dts
+++ b/arch/arm/boot/dts/exynos4412-origen.dts
@@ -95,7 +95,7 @@
};
&ehci {
- samsung,vbus-gpio = <&gpx3 5 1>;
+ samsung,vbus-gpio = <&gpx3 5 GPIO_ACTIVE_HIGH>;
status = "okay";
phys = <&exynos_usbphy 2>, <&exynos_usbphy 3>;
phy-names = "hsic0", "hsic1";
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 185/390] iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (183 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 184/390] ARM: dts: exynos: fix polarity of VBUS GPIO of Origen Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 186/390] iio: adc: at91-sama5d2_adc: check return status for pressure and touch Greg Kroah-Hartman
` (210 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Claudiu Beznea, Jonathan Cameron,
Sasha Levin
From: Claudiu Beznea <claudiu.beznea@microchip.com>
[ Upstream commit bb73d5d9164c57c4bb916739a98e5cd8e0a5ed8c ]
All ADC HW versions handled by this driver (SAMA5D2, SAM9X60, SAMA7G5)
have MR.TRACKTIM on 4 bits. Fix AT91_SAMA5D2_MR_TRACKTIM_MAX to reflect
this.
Fixes: 27e177190891 ("iio:adc:at91_adc8xx: introduce new atmel adc driver")
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Link: https://lore.kernel.org/r/20220803102855.2191070-2-claudiu.beznea@microchip.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/adc/at91-sama5d2_adc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/iio/adc/at91-sama5d2_adc.c b/drivers/iio/adc/at91-sama5d2_adc.c
index 4ede7e766765..230e4111517e 100644
--- a/drivers/iio/adc/at91-sama5d2_adc.c
+++ b/drivers/iio/adc/at91-sama5d2_adc.c
@@ -74,7 +74,7 @@
#define AT91_SAMA5D2_MR_ANACH BIT(23)
/* Tracking Time */
#define AT91_SAMA5D2_MR_TRACKTIM(v) ((v) << 24)
-#define AT91_SAMA5D2_MR_TRACKTIM_MAX 0xff
+#define AT91_SAMA5D2_MR_TRACKTIM_MAX 0xf
/* Transfer Time */
#define AT91_SAMA5D2_MR_TRANSFER(v) ((v) << 28)
#define AT91_SAMA5D2_MR_TRANSFER_MAX 0x3
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 186/390] iio: adc: at91-sama5d2_adc: check return status for pressure and touch
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (184 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 185/390] iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 187/390] iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq Greg Kroah-Hartman
` (209 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Claudiu Beznea, Jonathan Cameron,
Sasha Levin
From: Claudiu Beznea <claudiu.beznea@microchip.com>
[ Upstream commit d84ace944a3b24529798dbae1340dea098473155 ]
Check return status of at91_adc_read_position() and
at91_adc_read_pressure() in at91_adc_read_info_raw().
Fixes: 6794e23fa3fe ("iio: adc: at91-sama5d2_adc: add support for oversampling resolution")
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Link: https://lore.kernel.org/r/20220803102855.2191070-3-claudiu.beznea@microchip.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/adc/at91-sama5d2_adc.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/iio/adc/at91-sama5d2_adc.c b/drivers/iio/adc/at91-sama5d2_adc.c
index 230e4111517e..fe41689c5da6 100644
--- a/drivers/iio/adc/at91-sama5d2_adc.c
+++ b/drivers/iio/adc/at91-sama5d2_adc.c
@@ -1355,8 +1355,10 @@ static int at91_adc_read_info_raw(struct iio_dev *indio_dev,
*val = tmp_val;
mutex_unlock(&st->lock);
iio_device_release_direct_mode(indio_dev);
+ if (ret > 0)
+ ret = at91_adc_adjust_val_osr(st, val);
- return at91_adc_adjust_val_osr(st, val);
+ return ret;
}
if (chan->type == IIO_PRESSURE) {
ret = iio_device_claim_direct_mode(indio_dev);
@@ -1369,8 +1371,10 @@ static int at91_adc_read_info_raw(struct iio_dev *indio_dev,
*val = tmp_val;
mutex_unlock(&st->lock);
iio_device_release_direct_mode(indio_dev);
+ if (ret > 0)
+ ret = at91_adc_adjust_val_osr(st, val);
- return at91_adc_adjust_val_osr(st, val);
+ return ret;
}
/* in this case we have a voltage channel */
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 187/390] iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (185 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 186/390] iio: adc: at91-sama5d2_adc: check return status for pressure and touch Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 188/390] iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume Greg Kroah-Hartman
` (208 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Claudiu Beznea, Jonathan Cameron,
Sasha Levin
From: Claudiu Beznea <claudiu.beznea@microchip.com>
[ Upstream commit 9780a23ed5a0a0a63683e078f576719a98d4fb70 ]
.read_raw()/.write_raw() could be called asynchronously from user space
or other in kernel drivers. Without locking on st->lock these could be
called asynchronously while there is a conversion in progress. Read will
be harmless but changing registers while conversion is in progress may
lead to inconsistent results. Thus, to avoid this lock st->lock.
Fixes: 27e177190891 ("iio:adc:at91_adc8xx: introduce new atmel adc driver")
Fixes: 6794e23fa3fe ("iio: adc: at91-sama5d2_adc: add support for oversampling resolution")
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Link: https://lore.kernel.org/r/20220803102855.2191070-4-claudiu.beznea@microchip.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/adc/at91-sama5d2_adc.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/iio/adc/at91-sama5d2_adc.c b/drivers/iio/adc/at91-sama5d2_adc.c
index fe41689c5da6..ef6dc85024c1 100644
--- a/drivers/iio/adc/at91-sama5d2_adc.c
+++ b/drivers/iio/adc/at91-sama5d2_adc.c
@@ -1353,10 +1353,10 @@ static int at91_adc_read_info_raw(struct iio_dev *indio_dev,
ret = at91_adc_read_position(st, chan->channel,
&tmp_val);
*val = tmp_val;
- mutex_unlock(&st->lock);
- iio_device_release_direct_mode(indio_dev);
if (ret > 0)
ret = at91_adc_adjust_val_osr(st, val);
+ mutex_unlock(&st->lock);
+ iio_device_release_direct_mode(indio_dev);
return ret;
}
@@ -1369,10 +1369,10 @@ static int at91_adc_read_info_raw(struct iio_dev *indio_dev,
ret = at91_adc_read_pressure(st, chan->channel,
&tmp_val);
*val = tmp_val;
- mutex_unlock(&st->lock);
- iio_device_release_direct_mode(indio_dev);
if (ret > 0)
ret = at91_adc_adjust_val_osr(st, val);
+ mutex_unlock(&st->lock);
+ iio_device_release_direct_mode(indio_dev);
return ret;
}
@@ -1465,16 +1465,20 @@ static int at91_adc_write_raw(struct iio_dev *indio_dev,
/* if no change, optimize out */
if (val == st->oversampling_ratio)
return 0;
+ mutex_lock(&st->lock);
st->oversampling_ratio = val;
/* update ratio */
at91_adc_config_emr(st);
+ mutex_unlock(&st->lock);
return 0;
case IIO_CHAN_INFO_SAMP_FREQ:
if (val < st->soc_info.min_sample_rate ||
val > st->soc_info.max_sample_rate)
return -EINVAL;
+ mutex_lock(&st->lock);
at91_adc_setup_samp_freq(indio_dev, val);
+ mutex_unlock(&st->lock);
return 0;
default:
return -EINVAL;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 188/390] iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (186 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 187/390] iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 189/390] iio: inkern: only release the device node when done with it Greg Kroah-Hartman
` (207 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Claudiu Beznea, Jonathan Cameron,
Sasha Levin
From: Claudiu Beznea <claudiu.beznea@microchip.com>
[ Upstream commit 808175e21d9b7f866eda742e8970f27b78afe5db ]
In case triggered buffers are enabled while system is suspended they will
not work anymore after resume. For this call at91_adc_buffer_postdisable()
on suspend and at91_adc_buffer_prepare() on resume. On tests it has been
seen that at91_adc_buffer_postdisable() call is not necessary but it has
been kept because it also does the book keeping for DMA. On resume path
there is no need to call at91_adc_configure_touch() as it is embedded in
at91_adc_buffer_prepare().
Fixes: 073c662017f2f ("iio: adc: at91-sama5d2_adc: add support for DMA")
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Link: https://lore.kernel.org/r/20220803102855.2191070-5-claudiu.beznea@microchip.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/adc/at91-sama5d2_adc.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/iio/adc/at91-sama5d2_adc.c b/drivers/iio/adc/at91-sama5d2_adc.c
index ef6dc85024c1..250b78ee1625 100644
--- a/drivers/iio/adc/at91-sama5d2_adc.c
+++ b/drivers/iio/adc/at91-sama5d2_adc.c
@@ -1907,6 +1907,9 @@ static __maybe_unused int at91_adc_suspend(struct device *dev)
struct iio_dev *indio_dev = dev_get_drvdata(dev);
struct at91_adc_state *st = iio_priv(indio_dev);
+ if (iio_buffer_enabled(indio_dev))
+ at91_adc_buffer_postdisable(indio_dev);
+
/*
* Do a sofware reset of the ADC before we go to suspend.
* this will ensure that all pins are free from being muxed by the ADC
@@ -1950,14 +1953,11 @@ static __maybe_unused int at91_adc_resume(struct device *dev)
if (!iio_buffer_enabled(indio_dev))
return 0;
- /* check if we are enabling triggered buffer or the touchscreen */
- if (at91_adc_current_chan_is_touch(indio_dev))
- return at91_adc_configure_touch(st, true);
- else
- return at91_adc_configure_trigger(st->trig, true);
+ ret = at91_adc_buffer_prepare(indio_dev);
+ if (ret)
+ goto vref_disable_resume;
- /* not needed but more explicit */
- return 0;
+ return at91_adc_configure_trigger(st->trig, true);
vref_disable_resume:
regulator_disable(st->vref);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 189/390] iio: inkern: only release the device node when done with it
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (187 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 188/390] iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 190/390] iio: ABI: Fix wrong format of differential capacitance channel ABI Greg Kroah-Hartman
` (206 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nuno Sá, Jonathan Cameron, Sasha Levin
From: Nuno Sá <nuno.sa@analog.com>
[ Upstream commit 79c3e84874c7d14f04ad58313b64955a0d2e9437 ]
'of_node_put()' can potentially release the memory pointed to by
'iiospec.np' which would leave us with an invalid pointer (and we would
still pass it in 'of_xlate()'). Note that it is not guaranteed for the
of_node lifespan to be attached to the device (to which is attached)
lifespan so that there is (even though very unlikely) the possibility
for the node to be freed while the device is still around. Thus, as there
are indeed some of_xlate users which do access the node, a race is indeed
possible.
As such, we can only release the node after we are done with it.
Fixes: 17d82b47a215d ("iio: Add OF support")
Signed-off-by: Nuno Sá <nuno.sa@analog.com>
Link: https://lore.kernel.org/r/20220715122903.332535-2-nuno.sa@analog.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/inkern.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/iio/inkern.c b/drivers/iio/inkern.c
index 8c3faa797284..c32b2577dd99 100644
--- a/drivers/iio/inkern.c
+++ b/drivers/iio/inkern.c
@@ -136,9 +136,10 @@ static int __of_iio_channel_get(struct iio_channel *channel,
idev = bus_find_device(&iio_bus_type, NULL, iiospec.np,
iio_dev_node_match);
- of_node_put(iiospec.np);
- if (idev == NULL)
+ if (idev == NULL) {
+ of_node_put(iiospec.np);
return -EPROBE_DEFER;
+ }
indio_dev = dev_to_iio_dev(idev);
channel->indio_dev = indio_dev;
@@ -146,6 +147,7 @@ static int __of_iio_channel_get(struct iio_channel *channel,
index = indio_dev->info->of_xlate(indio_dev, &iiospec);
else
index = __of_iio_simple_xlate(indio_dev, &iiospec);
+ of_node_put(iiospec.np);
if (index < 0)
goto err_put;
channel->channel = &indio_dev->channels[index];
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 190/390] iio: ABI: Fix wrong format of differential capacitance channel ABI.
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (188 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 189/390] iio: inkern: only release the device node when done with it Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 191/390] usb: ch9: Add USB 3.2 SSP attributes Greg Kroah-Hartman
` (205 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonathan Cameron, Andy Shevchenko,
Sasha Levin
From: Jonathan Cameron <Jonathan.Cameron@huawei.com>
[ Upstream commit 1efc41035f1841acf0af2bab153158e27ce94f10 ]
in_ only occurs once in these attributes.
Fixes: 0baf29d658c7 ("staging:iio:documentation Add abi docs for capacitance adcs.")
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Link: https://lore.kernel.org/r/20220626122938.582107-3-jic23@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Documentation/ABI/testing/sysfs-bus-iio | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Documentation/ABI/testing/sysfs-bus-iio b/Documentation/ABI/testing/sysfs-bus-iio
index df42bed09f25..53f07fc41b96 100644
--- a/Documentation/ABI/testing/sysfs-bus-iio
+++ b/Documentation/ABI/testing/sysfs-bus-iio
@@ -142,7 +142,7 @@ Description:
Raw capacitance measurement from channel Y. Units after
application of scale and offset are nanofarads.
-What: /sys/.../iio:deviceX/in_capacitanceY-in_capacitanceZ_raw
+What: /sys/.../iio:deviceX/in_capacitanceY-capacitanceZ_raw
KernelVersion: 3.2
Contact: linux-iio@vger.kernel.org
Description:
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 191/390] usb: ch9: Add USB 3.2 SSP attributes
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (189 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 190/390] iio: ABI: Fix wrong format of differential capacitance channel ABI Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 192/390] usb: common: Parse for USB SSP genXxY Greg Kroah-Hartman
` (204 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Thinh Nguyen, Sasha Levin
From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
[ Upstream commit f2fc9ff28d1c9bef7760516feadd38164044caae ]
In preparation for USB 3.2 dual-lane support, add sublink speed
attribute macros and enum usb_ssp_rate. A USB device that operates in
SuperSpeed Plus may operate at different speed and lane count. These
additional macros and enum values help specifying that.
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/ae9293ebd63a29f2a2035054753534d9eb123d74.1610592135.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: b6155eaf6b05 ("usb: common: debug: Check non-standard control requests")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/usb/ch9.h | 9 +++++++++
include/uapi/linux/usb/ch9.h | 13 +++++++++++++
2 files changed, 22 insertions(+)
diff --git a/include/linux/usb/ch9.h b/include/linux/usb/ch9.h
index 604c6c514a50..86c50907634e 100644
--- a/include/linux/usb/ch9.h
+++ b/include/linux/usb/ch9.h
@@ -36,6 +36,15 @@
#include <linux/device.h>
#include <uapi/linux/usb/ch9.h>
+/* USB 3.2 SuperSpeed Plus phy signaling rate generation and lane count */
+
+enum usb_ssp_rate {
+ USB_SSP_GEN_UNKNOWN = 0,
+ USB_SSP_GEN_2x1,
+ USB_SSP_GEN_1x2,
+ USB_SSP_GEN_2x2,
+};
+
/**
* usb_ep_type_string() - Returns human readable-name of the endpoint type.
* @ep_type: The endpoint type to return human-readable name for. If it's not
diff --git a/include/uapi/linux/usb/ch9.h b/include/uapi/linux/usb/ch9.h
index 0f865ae4ba89..17ce56198c9a 100644
--- a/include/uapi/linux/usb/ch9.h
+++ b/include/uapi/linux/usb/ch9.h
@@ -968,9 +968,22 @@ struct usb_ssp_cap_descriptor {
__le32 bmSublinkSpeedAttr[1]; /* list of sublink speed attrib entries */
#define USB_SSP_SUBLINK_SPEED_SSID (0xf) /* sublink speed ID */
#define USB_SSP_SUBLINK_SPEED_LSE (0x3 << 4) /* Lanespeed exponent */
+#define USB_SSP_SUBLINK_SPEED_LSE_BPS 0
+#define USB_SSP_SUBLINK_SPEED_LSE_KBPS 1
+#define USB_SSP_SUBLINK_SPEED_LSE_MBPS 2
+#define USB_SSP_SUBLINK_SPEED_LSE_GBPS 3
+
#define USB_SSP_SUBLINK_SPEED_ST (0x3 << 6) /* Sublink type */
+#define USB_SSP_SUBLINK_SPEED_ST_SYM_RX 0
+#define USB_SSP_SUBLINK_SPEED_ST_ASYM_RX 1
+#define USB_SSP_SUBLINK_SPEED_ST_SYM_TX 2
+#define USB_SSP_SUBLINK_SPEED_ST_ASYM_TX 3
+
#define USB_SSP_SUBLINK_SPEED_RSVD (0x3f << 8) /* Reserved */
#define USB_SSP_SUBLINK_SPEED_LP (0x3 << 14) /* Link protocol */
+#define USB_SSP_SUBLINK_SPEED_LP_SS 0
+#define USB_SSP_SUBLINK_SPEED_LP_SSP 1
+
#define USB_SSP_SUBLINK_SPEED_LSM (0xff << 16) /* Lanespeed mantissa */
} __attribute__((packed));
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 192/390] usb: common: Parse for USB SSP genXxY
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (190 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 191/390] usb: ch9: Add USB 3.2 SSP attributes Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 193/390] usb: common: add function to get interval expressed in us unit Greg Kroah-Hartman
` (203 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Thinh Nguyen, Sasha Levin
From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
[ Upstream commit 52c2d15703c3a900d5f78cd599b823db40d5100b ]
The USB "maximum-speed" property can now take the SSP signaling rate
generation and lane count with these new strings:
"super-speed-plus-gen2x2"
"super-speed-plus-gen2x1"
"super-speed-plus-gen1x2"
Introduce usb_get_maximum_ssp_rate() to parse for the corresponding
usb_ssp_rate enum. The original usb_get_maximum_speed() will return
USB_SPEED_SUPER_PLUS if it matches one of these new strings.
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/f8ed896313d8cd8e2d2b540fc82db92b3ddf8a47.1611106162.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: b6155eaf6b05 ("usb: common: debug: Check non-standard control requests")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/common/common.c | 26 +++++++++++++++++++++++++-
include/linux/usb/ch9.h | 11 +++++++++++
2 files changed, 36 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/common/common.c b/drivers/usb/common/common.c
index 1433260d99b4..fc21cf2d36f6 100644
--- a/drivers/usb/common/common.c
+++ b/drivers/usb/common/common.c
@@ -69,6 +69,13 @@ static const char *const speed_names[] = {
[USB_SPEED_SUPER_PLUS] = "super-speed-plus",
};
+static const char *const ssp_rate[] = {
+ [USB_SSP_GEN_UNKNOWN] = "UNKNOWN",
+ [USB_SSP_GEN_2x1] = "super-speed-plus-gen2x1",
+ [USB_SSP_GEN_1x2] = "super-speed-plus-gen1x2",
+ [USB_SSP_GEN_2x2] = "super-speed-plus-gen2x2",
+};
+
const char *usb_speed_string(enum usb_device_speed speed)
{
if (speed < 0 || speed >= ARRAY_SIZE(speed_names))
@@ -86,12 +93,29 @@ enum usb_device_speed usb_get_maximum_speed(struct device *dev)
if (ret < 0)
return USB_SPEED_UNKNOWN;
- ret = match_string(speed_names, ARRAY_SIZE(speed_names), maximum_speed);
+ ret = match_string(ssp_rate, ARRAY_SIZE(ssp_rate), maximum_speed);
+ if (ret > 0)
+ return USB_SPEED_SUPER_PLUS;
+ ret = match_string(speed_names, ARRAY_SIZE(speed_names), maximum_speed);
return (ret < 0) ? USB_SPEED_UNKNOWN : ret;
}
EXPORT_SYMBOL_GPL(usb_get_maximum_speed);
+enum usb_ssp_rate usb_get_maximum_ssp_rate(struct device *dev)
+{
+ const char *maximum_speed;
+ int ret;
+
+ ret = device_property_read_string(dev, "maximum-speed", &maximum_speed);
+ if (ret < 0)
+ return USB_SSP_GEN_UNKNOWN;
+
+ ret = match_string(ssp_rate, ARRAY_SIZE(ssp_rate), maximum_speed);
+ return (ret < 0) ? USB_SSP_GEN_UNKNOWN : ret;
+}
+EXPORT_SYMBOL_GPL(usb_get_maximum_ssp_rate);
+
const char *usb_state_string(enum usb_device_state state)
{
static const char *const names[] = {
diff --git a/include/linux/usb/ch9.h b/include/linux/usb/ch9.h
index 86c50907634e..abdd310c77f0 100644
--- a/include/linux/usb/ch9.h
+++ b/include/linux/usb/ch9.h
@@ -71,6 +71,17 @@ extern const char *usb_speed_string(enum usb_device_speed speed);
*/
extern enum usb_device_speed usb_get_maximum_speed(struct device *dev);
+/**
+ * usb_get_maximum_ssp_rate - Get the signaling rate generation and lane count
+ * of a SuperSpeed Plus capable device.
+ * @dev: Pointer to the given USB controller device
+ *
+ * If the string from "maximum-speed" property is super-speed-plus-genXxY where
+ * 'X' is the generation number and 'Y' is the number of lanes, then this
+ * function returns the corresponding enum usb_ssp_rate.
+ */
+extern enum usb_ssp_rate usb_get_maximum_ssp_rate(struct device *dev);
+
/**
* usb_state_string - Returns human readable name for the state.
* @state: The state to return a human-readable name for. If it's not
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 193/390] usb: common: add function to get interval expressed in us unit
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (191 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 192/390] usb: common: Parse for USB SSP genXxY Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 194/390] usb: common: move functions kerneldoc next to its definition Greg Kroah-Hartman
` (202 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Chunfeng Yun, Sasha Levin
From: Chunfeng Yun <chunfeng.yun@mediatek.com>
[ Upstream commit fb95c7cf5600b7b74412f27dfb39a1e13fd8a90d ]
Add a new function to convert bInterval into the time expressed
in 1us unit.
Signed-off-by: Chunfeng Yun <chunfeng.yun@mediatek.com>
Link: https://lore.kernel.org/r/25c8a09b055f716c1e5bf11fea72c3418f844482.1615170625.git.chunfeng.yun@mediatek.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: b6155eaf6b05 ("usb: common: debug: Check non-standard control requests")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/common/common.c | 41 +++++++++++++++++++++++++++++++++++++
drivers/usb/core/devices.c | 21 ++++---------------
drivers/usb/core/endpoint.c | 35 ++++---------------------------
include/linux/usb/ch9.h | 3 +++
4 files changed, 52 insertions(+), 48 deletions(-)
diff --git a/drivers/usb/common/common.c b/drivers/usb/common/common.c
index fc21cf2d36f6..675e8a4e683a 100644
--- a/drivers/usb/common/common.c
+++ b/drivers/usb/common/common.c
@@ -165,6 +165,47 @@ enum usb_dr_mode usb_get_dr_mode(struct device *dev)
}
EXPORT_SYMBOL_GPL(usb_get_dr_mode);
+/**
+ * usb_decode_interval - Decode bInterval into the time expressed in 1us unit
+ * @epd: The descriptor of the endpoint
+ * @speed: The speed that the endpoint works as
+ *
+ * Function returns the interval expressed in 1us unit for servicing
+ * endpoint for data transfers.
+ */
+unsigned int usb_decode_interval(const struct usb_endpoint_descriptor *epd,
+ enum usb_device_speed speed)
+{
+ unsigned int interval = 0;
+
+ switch (usb_endpoint_type(epd)) {
+ case USB_ENDPOINT_XFER_CONTROL:
+ /* uframes per NAK */
+ if (speed == USB_SPEED_HIGH)
+ interval = epd->bInterval;
+ break;
+ case USB_ENDPOINT_XFER_ISOC:
+ interval = 1 << (epd->bInterval - 1);
+ break;
+ case USB_ENDPOINT_XFER_BULK:
+ /* uframes per NAK */
+ if (speed == USB_SPEED_HIGH && usb_endpoint_dir_out(epd))
+ interval = epd->bInterval;
+ break;
+ case USB_ENDPOINT_XFER_INT:
+ if (speed >= USB_SPEED_HIGH)
+ interval = 1 << (epd->bInterval - 1);
+ else
+ interval = epd->bInterval;
+ break;
+ }
+
+ interval *= (speed >= USB_SPEED_HIGH) ? 125 : 1000;
+
+ return interval;
+}
+EXPORT_SYMBOL_GPL(usb_decode_interval);
+
#ifdef CONFIG_OF
/**
* of_usb_get_dr_mode_by_phy - Get dual role mode for the controller device
diff --git a/drivers/usb/core/devices.c b/drivers/usb/core/devices.c
index 1ef2de6e375a..d8b0041de612 100644
--- a/drivers/usb/core/devices.c
+++ b/drivers/usb/core/devices.c
@@ -157,38 +157,25 @@ static char *usb_dump_endpoint_descriptor(int speed, char *start, char *end,
switch (usb_endpoint_type(desc)) {
case USB_ENDPOINT_XFER_CONTROL:
type = "Ctrl";
- if (speed == USB_SPEED_HIGH) /* uframes per NAK */
- interval = desc->bInterval;
- else
- interval = 0;
dir = 'B'; /* ctrl is bidirectional */
break;
case USB_ENDPOINT_XFER_ISOC:
type = "Isoc";
- interval = 1 << (desc->bInterval - 1);
break;
case USB_ENDPOINT_XFER_BULK:
type = "Bulk";
- if (speed == USB_SPEED_HIGH && dir == 'O') /* uframes per NAK */
- interval = desc->bInterval;
- else
- interval = 0;
break;
case USB_ENDPOINT_XFER_INT:
type = "Int.";
- if (speed == USB_SPEED_HIGH || speed >= USB_SPEED_SUPER)
- interval = 1 << (desc->bInterval - 1);
- else
- interval = desc->bInterval;
break;
default: /* "can't happen" */
return start;
}
- interval *= (speed == USB_SPEED_HIGH ||
- speed >= USB_SPEED_SUPER) ? 125 : 1000;
- if (interval % 1000)
+
+ interval = usb_decode_interval(desc, speed);
+ if (interval % 1000) {
unit = 'u';
- else {
+ } else {
unit = 'm';
interval /= 1000;
}
diff --git a/drivers/usb/core/endpoint.c b/drivers/usb/core/endpoint.c
index 1c2c04079676..fc3341f2bb61 100644
--- a/drivers/usb/core/endpoint.c
+++ b/drivers/usb/core/endpoint.c
@@ -84,40 +84,13 @@ static ssize_t interval_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
struct ep_device *ep = to_ep_device(dev);
+ unsigned int interval;
char unit;
- unsigned interval = 0;
- unsigned in;
- in = (ep->desc->bEndpointAddress & USB_DIR_IN);
-
- switch (usb_endpoint_type(ep->desc)) {
- case USB_ENDPOINT_XFER_CONTROL:
- if (ep->udev->speed == USB_SPEED_HIGH)
- /* uframes per NAK */
- interval = ep->desc->bInterval;
- break;
-
- case USB_ENDPOINT_XFER_ISOC:
- interval = 1 << (ep->desc->bInterval - 1);
- break;
-
- case USB_ENDPOINT_XFER_BULK:
- if (ep->udev->speed == USB_SPEED_HIGH && !in)
- /* uframes per NAK */
- interval = ep->desc->bInterval;
- break;
-
- case USB_ENDPOINT_XFER_INT:
- if (ep->udev->speed == USB_SPEED_HIGH)
- interval = 1 << (ep->desc->bInterval - 1);
- else
- interval = ep->desc->bInterval;
- break;
- }
- interval *= (ep->udev->speed == USB_SPEED_HIGH) ? 125 : 1000;
- if (interval % 1000)
+ interval = usb_decode_interval(ep->desc, ep->udev->speed);
+ if (interval % 1000) {
unit = 'u';
- else {
+ } else {
unit = 'm';
interval /= 1000;
}
diff --git a/include/linux/usb/ch9.h b/include/linux/usb/ch9.h
index abdd310c77f0..74debc824645 100644
--- a/include/linux/usb/ch9.h
+++ b/include/linux/usb/ch9.h
@@ -90,6 +90,9 @@ extern enum usb_ssp_rate usb_get_maximum_ssp_rate(struct device *dev);
*/
extern const char *usb_state_string(enum usb_device_state state);
+unsigned int usb_decode_interval(const struct usb_endpoint_descriptor *epd,
+ enum usb_device_speed speed);
+
#ifdef CONFIG_TRACING
/**
* usb_decode_ctrl - Returns human readable representation of control request.
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 194/390] usb: common: move functions kerneldoc next to its definition
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (192 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 193/390] usb: common: add function to get interval expressed in us unit Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 195/390] usb: common: debug: Check non-standard control requests Greg Kroah-Hartman
` (201 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alan Stern, Chunfeng Yun, Sasha Levin
From: Chunfeng Yun <chunfeng.yun@mediatek.com>
[ Upstream commit 365038f24b3e9d2b7c9e499f03f432040e28a35c ]
Following a general rule, add the kerneldoc for a function next
to it's definition, but not next to its declaration in a header
file.
Suggested-by: Alan Stern <stern@rowland.harvard.edu>
Suggested-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Chunfeng Yun <chunfeng.yun@mediatek.com>
Link: https://lore.kernel.org/r/c4d2e010ae2bf67cdfa0b55e6d1deb9339d9d3dc.1615170625.git.chunfeng.yun@mediatek.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: b6155eaf6b05 ("usb: common: debug: Check non-standard control requests")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/common/common.c | 35 +++++++++++++++++++++
drivers/usb/common/debug.c | 22 +++++++++++--
include/linux/usb/ch9.h | 61 -------------------------------------
3 files changed, 55 insertions(+), 63 deletions(-)
diff --git a/drivers/usb/common/common.c b/drivers/usb/common/common.c
index 675e8a4e683a..347fb3d3894a 100644
--- a/drivers/usb/common/common.c
+++ b/drivers/usb/common/common.c
@@ -25,6 +25,12 @@ static const char *const ep_type_names[] = {
[USB_ENDPOINT_XFER_INT] = "intr",
};
+/**
+ * usb_ep_type_string() - Returns human readable-name of the endpoint type.
+ * @ep_type: The endpoint type to return human-readable name for. If it's not
+ * any of the types: USB_ENDPOINT_XFER_{CONTROL, ISOC, BULK, INT},
+ * usually got by usb_endpoint_type(), the string 'unknown' will be returned.
+ */
const char *usb_ep_type_string(int ep_type)
{
if (ep_type < 0 || ep_type >= ARRAY_SIZE(ep_type_names))
@@ -76,6 +82,12 @@ static const char *const ssp_rate[] = {
[USB_SSP_GEN_2x2] = "super-speed-plus-gen2x2",
};
+/**
+ * usb_speed_string() - Returns human readable-name of the speed.
+ * @speed: The speed to return human-readable name for. If it's not
+ * any of the speeds defined in usb_device_speed enum, string for
+ * USB_SPEED_UNKNOWN will be returned.
+ */
const char *usb_speed_string(enum usb_device_speed speed)
{
if (speed < 0 || speed >= ARRAY_SIZE(speed_names))
@@ -84,6 +96,14 @@ const char *usb_speed_string(enum usb_device_speed speed)
}
EXPORT_SYMBOL_GPL(usb_speed_string);
+/**
+ * usb_get_maximum_speed - Get maximum requested speed for a given USB
+ * controller.
+ * @dev: Pointer to the given USB controller device
+ *
+ * The function gets the maximum speed string from property "maximum-speed",
+ * and returns the corresponding enum usb_device_speed.
+ */
enum usb_device_speed usb_get_maximum_speed(struct device *dev)
{
const char *maximum_speed;
@@ -102,6 +122,15 @@ enum usb_device_speed usb_get_maximum_speed(struct device *dev)
}
EXPORT_SYMBOL_GPL(usb_get_maximum_speed);
+/**
+ * usb_get_maximum_ssp_rate - Get the signaling rate generation and lane count
+ * of a SuperSpeed Plus capable device.
+ * @dev: Pointer to the given USB controller device
+ *
+ * If the string from "maximum-speed" property is super-speed-plus-genXxY where
+ * 'X' is the generation number and 'Y' is the number of lanes, then this
+ * function returns the corresponding enum usb_ssp_rate.
+ */
enum usb_ssp_rate usb_get_maximum_ssp_rate(struct device *dev)
{
const char *maximum_speed;
@@ -116,6 +145,12 @@ enum usb_ssp_rate usb_get_maximum_ssp_rate(struct device *dev)
}
EXPORT_SYMBOL_GPL(usb_get_maximum_ssp_rate);
+/**
+ * usb_state_string - Returns human readable name for the state.
+ * @state: The state to return a human-readable name for. If it's not
+ * any of the states devices in usb_device_state_string enum,
+ * the string UNKNOWN will be returned.
+ */
const char *usb_state_string(enum usb_device_state state)
{
static const char *const names[] = {
diff --git a/drivers/usb/common/debug.c b/drivers/usb/common/debug.c
index ba849c7bc5c7..a76a086b9c54 100644
--- a/drivers/usb/common/debug.c
+++ b/drivers/usb/common/debug.c
@@ -207,8 +207,26 @@ static void usb_decode_set_isoch_delay(__u8 wValue, char *str, size_t size)
snprintf(str, size, "Set Isochronous Delay(Delay = %d ns)", wValue);
}
-/*
- * usb_decode_ctrl - returns a string representation of ctrl request
+/**
+ * usb_decode_ctrl - Returns human readable representation of control request.
+ * @str: buffer to return a human-readable representation of control request.
+ * This buffer should have about 200 bytes.
+ * @size: size of str buffer.
+ * @bRequestType: matches the USB bmRequestType field
+ * @bRequest: matches the USB bRequest field
+ * @wValue: matches the USB wValue field (CPU byte order)
+ * @wIndex: matches the USB wIndex field (CPU byte order)
+ * @wLength: matches the USB wLength field (CPU byte order)
+ *
+ * Function returns decoded, formatted and human-readable description of
+ * control request packet.
+ *
+ * The usage scenario for this is for tracepoints, so function as a return
+ * use the same value as in parameters. This approach allows to use this
+ * function in TP_printk
+ *
+ * Important: wValue, wIndex, wLength parameters before invoking this function
+ * should be processed by le16_to_cpu macro.
*/
const char *usb_decode_ctrl(char *str, size_t size, __u8 bRequestType,
__u8 bRequest, __u16 wValue, __u16 wIndex,
diff --git a/include/linux/usb/ch9.h b/include/linux/usb/ch9.h
index 74debc824645..1cffa34740b0 100644
--- a/include/linux/usb/ch9.h
+++ b/include/linux/usb/ch9.h
@@ -45,76 +45,15 @@ enum usb_ssp_rate {
USB_SSP_GEN_2x2,
};
-/**
- * usb_ep_type_string() - Returns human readable-name of the endpoint type.
- * @ep_type: The endpoint type to return human-readable name for. If it's not
- * any of the types: USB_ENDPOINT_XFER_{CONTROL, ISOC, BULK, INT},
- * usually got by usb_endpoint_type(), the string 'unknown' will be returned.
- */
extern const char *usb_ep_type_string(int ep_type);
-
-/**
- * usb_speed_string() - Returns human readable-name of the speed.
- * @speed: The speed to return human-readable name for. If it's not
- * any of the speeds defined in usb_device_speed enum, string for
- * USB_SPEED_UNKNOWN will be returned.
- */
extern const char *usb_speed_string(enum usb_device_speed speed);
-
-/**
- * usb_get_maximum_speed - Get maximum requested speed for a given USB
- * controller.
- * @dev: Pointer to the given USB controller device
- *
- * The function gets the maximum speed string from property "maximum-speed",
- * and returns the corresponding enum usb_device_speed.
- */
extern enum usb_device_speed usb_get_maximum_speed(struct device *dev);
-
-/**
- * usb_get_maximum_ssp_rate - Get the signaling rate generation and lane count
- * of a SuperSpeed Plus capable device.
- * @dev: Pointer to the given USB controller device
- *
- * If the string from "maximum-speed" property is super-speed-plus-genXxY where
- * 'X' is the generation number and 'Y' is the number of lanes, then this
- * function returns the corresponding enum usb_ssp_rate.
- */
extern enum usb_ssp_rate usb_get_maximum_ssp_rate(struct device *dev);
-
-/**
- * usb_state_string - Returns human readable name for the state.
- * @state: The state to return a human-readable name for. If it's not
- * any of the states devices in usb_device_state_string enum,
- * the string UNKNOWN will be returned.
- */
extern const char *usb_state_string(enum usb_device_state state);
-
unsigned int usb_decode_interval(const struct usb_endpoint_descriptor *epd,
enum usb_device_speed speed);
#ifdef CONFIG_TRACING
-/**
- * usb_decode_ctrl - Returns human readable representation of control request.
- * @str: buffer to return a human-readable representation of control request.
- * This buffer should have about 200 bytes.
- * @size: size of str buffer.
- * @bRequestType: matches the USB bmRequestType field
- * @bRequest: matches the USB bRequest field
- * @wValue: matches the USB wValue field (CPU byte order)
- * @wIndex: matches the USB wIndex field (CPU byte order)
- * @wLength: matches the USB wLength field (CPU byte order)
- *
- * Function returns decoded, formatted and human-readable description of
- * control request packet.
- *
- * The usage scenario for this is for tracepoints, so function as a return
- * use the same value as in parameters. This approach allows to use this
- * function in TP_printk
- *
- * Important: wValue, wIndex, wLength parameters before invoking this function
- * should be processed by le16_to_cpu macro.
- */
extern const char *usb_decode_ctrl(char *str, size_t size, __u8 bRequestType,
__u8 bRequest, __u16 wValue, __u16 wIndex,
__u16 wLength);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 195/390] usb: common: debug: Check non-standard control requests
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (193 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 194/390] usb: common: move functions kerneldoc next to its definition Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 196/390] clk: meson: Hold reference returned by of_get_parent() Greg Kroah-Hartman
` (200 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Thinh Nguyen, Sasha Levin
From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
[ Upstream commit b6155eaf6b05e558218b44b88a6cad03f15a586c ]
Previously usb_decode_ctrl() only decodes standard control requests, but
it was used for non-standard requests also. If it's non-standard or
unknown standard bRequest, print the Setup data values.
Fixes: af32423a2d86 ("usb: dwc3: trace: decode ctrl request")
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/8d6a30f2f2f953eff833a5bc5aac640a4cc2fc9f.1658971571.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/common/debug.c | 96 +++++++++++++++++++++++++-------------
1 file changed, 64 insertions(+), 32 deletions(-)
diff --git a/drivers/usb/common/debug.c b/drivers/usb/common/debug.c
index a76a086b9c54..f0c0e8db7038 100644
--- a/drivers/usb/common/debug.c
+++ b/drivers/usb/common/debug.c
@@ -207,30 +207,28 @@ static void usb_decode_set_isoch_delay(__u8 wValue, char *str, size_t size)
snprintf(str, size, "Set Isochronous Delay(Delay = %d ns)", wValue);
}
-/**
- * usb_decode_ctrl - Returns human readable representation of control request.
- * @str: buffer to return a human-readable representation of control request.
- * This buffer should have about 200 bytes.
- * @size: size of str buffer.
- * @bRequestType: matches the USB bmRequestType field
- * @bRequest: matches the USB bRequest field
- * @wValue: matches the USB wValue field (CPU byte order)
- * @wIndex: matches the USB wIndex field (CPU byte order)
- * @wLength: matches the USB wLength field (CPU byte order)
- *
- * Function returns decoded, formatted and human-readable description of
- * control request packet.
- *
- * The usage scenario for this is for tracepoints, so function as a return
- * use the same value as in parameters. This approach allows to use this
- * function in TP_printk
- *
- * Important: wValue, wIndex, wLength parameters before invoking this function
- * should be processed by le16_to_cpu macro.
- */
-const char *usb_decode_ctrl(char *str, size_t size, __u8 bRequestType,
- __u8 bRequest, __u16 wValue, __u16 wIndex,
- __u16 wLength)
+static void usb_decode_ctrl_generic(char *str, size_t size, __u8 bRequestType,
+ __u8 bRequest, __u16 wValue, __u16 wIndex,
+ __u16 wLength)
+{
+ u8 recip = bRequestType & USB_RECIP_MASK;
+ u8 type = bRequestType & USB_TYPE_MASK;
+
+ snprintf(str, size,
+ "Type=%s Recipient=%s Dir=%s bRequest=%u wValue=%u wIndex=%u wLength=%u",
+ (type == USB_TYPE_STANDARD) ? "Standard" :
+ (type == USB_TYPE_VENDOR) ? "Vendor" :
+ (type == USB_TYPE_CLASS) ? "Class" : "Unknown",
+ (recip == USB_RECIP_DEVICE) ? "Device" :
+ (recip == USB_RECIP_INTERFACE) ? "Interface" :
+ (recip == USB_RECIP_ENDPOINT) ? "Endpoint" : "Unknown",
+ (bRequestType & USB_DIR_IN) ? "IN" : "OUT",
+ bRequest, wValue, wIndex, wLength);
+}
+
+static void usb_decode_ctrl_standard(char *str, size_t size, __u8 bRequestType,
+ __u8 bRequest, __u16 wValue, __u16 wIndex,
+ __u16 wLength)
{
switch (bRequest) {
case USB_REQ_GET_STATUS:
@@ -271,14 +269,48 @@ const char *usb_decode_ctrl(char *str, size_t size, __u8 bRequestType,
usb_decode_set_isoch_delay(wValue, str, size);
break;
default:
- snprintf(str, size, "%02x %02x %02x %02x %02x %02x %02x %02x",
- bRequestType, bRequest,
- (u8)(cpu_to_le16(wValue) & 0xff),
- (u8)(cpu_to_le16(wValue) >> 8),
- (u8)(cpu_to_le16(wIndex) & 0xff),
- (u8)(cpu_to_le16(wIndex) >> 8),
- (u8)(cpu_to_le16(wLength) & 0xff),
- (u8)(cpu_to_le16(wLength) >> 8));
+ usb_decode_ctrl_generic(str, size, bRequestType, bRequest,
+ wValue, wIndex, wLength);
+ break;
+ }
+}
+
+/**
+ * usb_decode_ctrl - Returns human readable representation of control request.
+ * @str: buffer to return a human-readable representation of control request.
+ * This buffer should have about 200 bytes.
+ * @size: size of str buffer.
+ * @bRequestType: matches the USB bmRequestType field
+ * @bRequest: matches the USB bRequest field
+ * @wValue: matches the USB wValue field (CPU byte order)
+ * @wIndex: matches the USB wIndex field (CPU byte order)
+ * @wLength: matches the USB wLength field (CPU byte order)
+ *
+ * Function returns decoded, formatted and human-readable description of
+ * control request packet.
+ *
+ * The usage scenario for this is for tracepoints, so function as a return
+ * use the same value as in parameters. This approach allows to use this
+ * function in TP_printk
+ *
+ * Important: wValue, wIndex, wLength parameters before invoking this function
+ * should be processed by le16_to_cpu macro.
+ */
+const char *usb_decode_ctrl(char *str, size_t size, __u8 bRequestType,
+ __u8 bRequest, __u16 wValue, __u16 wIndex,
+ __u16 wLength)
+{
+ switch (bRequestType & USB_TYPE_MASK) {
+ case USB_TYPE_STANDARD:
+ usb_decode_ctrl_standard(str, size, bRequestType, bRequest,
+ wValue, wIndex, wLength);
+ break;
+ case USB_TYPE_VENDOR:
+ case USB_TYPE_CLASS:
+ default:
+ usb_decode_ctrl_generic(str, size, bRequestType, bRequest,
+ wValue, wIndex, wLength);
+ break;
}
return str;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 196/390] clk: meson: Hold reference returned by of_get_parent()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (194 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 195/390] usb: common: debug: Check non-standard control requests Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 197/390] clk: oxnas: " Greg Kroah-Hartman
` (199 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Neil Armstrong,
Martin Blumenstingl, Stephen Boyd, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 89ab396d712f7c91fe94f55cff23460426f5fc81 ]
We should hold the reference returned by of_get_parent() and use it
to call of_node_put() for refcount balance.
Fixes: 88e2da81241e ("clk: meson: aoclk: refactor common code into dedicated file")
Fixes: 6682bd4d443f ("clk: meson: factorise meson64 peripheral clock controller drivers")
Fixes: bb6eddd1d28c ("clk: meson: meson8b: use the HHI syscon if available")
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220628141038.168383-1-windhl@126.com
Reviewed-by: Neil Armstrong <narmstrong@baylibre.com>
Reviewed-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/meson/meson-aoclk.c | 5 ++++-
drivers/clk/meson/meson-eeclk.c | 5 ++++-
drivers/clk/meson/meson8b.c | 5 ++++-
3 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/drivers/clk/meson/meson-aoclk.c b/drivers/clk/meson/meson-aoclk.c
index 3a6d84cd6601..67d8a0d30221 100644
--- a/drivers/clk/meson/meson-aoclk.c
+++ b/drivers/clk/meson/meson-aoclk.c
@@ -36,6 +36,7 @@ int meson_aoclkc_probe(struct platform_device *pdev)
struct meson_aoclk_reset_controller *rstc;
struct meson_aoclk_data *data;
struct device *dev = &pdev->dev;
+ struct device_node *np;
struct regmap *regmap;
int ret, clkid;
@@ -47,7 +48,9 @@ int meson_aoclkc_probe(struct platform_device *pdev)
if (!rstc)
return -ENOMEM;
- regmap = syscon_node_to_regmap(of_get_parent(dev->of_node));
+ np = of_get_parent(dev->of_node);
+ regmap = syscon_node_to_regmap(np);
+ of_node_put(np);
if (IS_ERR(regmap)) {
dev_err(dev, "failed to get regmap\n");
return PTR_ERR(regmap);
diff --git a/drivers/clk/meson/meson-eeclk.c b/drivers/clk/meson/meson-eeclk.c
index a7cb1e7aedc4..18ae38787268 100644
--- a/drivers/clk/meson/meson-eeclk.c
+++ b/drivers/clk/meson/meson-eeclk.c
@@ -17,6 +17,7 @@ int meson_eeclkc_probe(struct platform_device *pdev)
{
const struct meson_eeclkc_data *data;
struct device *dev = &pdev->dev;
+ struct device_node *np;
struct regmap *map;
int ret, i;
@@ -25,7 +26,9 @@ int meson_eeclkc_probe(struct platform_device *pdev)
return -EINVAL;
/* Get the hhi system controller node */
- map = syscon_node_to_regmap(of_get_parent(dev->of_node));
+ np = of_get_parent(dev->of_node);
+ map = syscon_node_to_regmap(np);
+ of_node_put(np);
if (IS_ERR(map)) {
dev_err(dev,
"failed to get HHI regmap\n");
diff --git a/drivers/clk/meson/meson8b.c b/drivers/clk/meson/meson8b.c
index 862f0756b50f..1da9d212f8b7 100644
--- a/drivers/clk/meson/meson8b.c
+++ b/drivers/clk/meson/meson8b.c
@@ -3735,13 +3735,16 @@ static void __init meson8b_clkc_init_common(struct device_node *np,
struct clk_hw_onecell_data *clk_hw_onecell_data)
{
struct meson8b_clk_reset *rstc;
+ struct device_node *parent_np;
const char *notifier_clk_name;
struct clk *notifier_clk;
void __iomem *clk_base;
struct regmap *map;
int i, ret;
- map = syscon_node_to_regmap(of_get_parent(np));
+ parent_np = of_get_parent(np);
+ map = syscon_node_to_regmap(parent_np);
+ of_node_put(parent_np);
if (IS_ERR(map)) {
pr_info("failed to get HHI regmap - Trying obsolete regs\n");
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 197/390] clk: oxnas: Hold reference returned by of_get_parent()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (195 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 196/390] clk: meson: Hold reference returned by of_get_parent() Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 198/390] clk: qoriq: " Greg Kroah-Hartman
` (198 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Stephen Boyd, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 1d6aa08c54cd0e005210ab8e3b1e92ede70f8a4f ]
In oxnas_stdclk_probe(), we need to hold the reference returned by
of_get_parent() and use it to call of_node_put() for refcount
balance.
Fixes: 0bbd72b4c64f ("clk: Add Oxford Semiconductor OXNAS Standard Clocks")
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220628143155.170550-1-windhl@126.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/clk-oxnas.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/clk-oxnas.c b/drivers/clk/clk-oxnas.c
index 78d5ea669fea..2fe36f579ac5 100644
--- a/drivers/clk/clk-oxnas.c
+++ b/drivers/clk/clk-oxnas.c
@@ -207,7 +207,7 @@ static const struct of_device_id oxnas_stdclk_dt_ids[] = {
static int oxnas_stdclk_probe(struct platform_device *pdev)
{
- struct device_node *np = pdev->dev.of_node;
+ struct device_node *np = pdev->dev.of_node, *parent_np;
const struct oxnas_stdclk_data *data;
const struct of_device_id *id;
struct regmap *regmap;
@@ -219,7 +219,9 @@ static int oxnas_stdclk_probe(struct platform_device *pdev)
return -ENODEV;
data = id->data;
- regmap = syscon_node_to_regmap(of_get_parent(np));
+ parent_np = of_get_parent(np);
+ regmap = syscon_node_to_regmap(parent_np);
+ of_node_put(parent_np);
if (IS_ERR(regmap)) {
dev_err(&pdev->dev, "failed to have parent regmap\n");
return PTR_ERR(regmap);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 198/390] clk: qoriq: Hold reference returned by of_get_parent()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (196 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 197/390] clk: oxnas: " Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 199/390] clk: berlin: Add of_node_put() for of_get_parent() Greg Kroah-Hartman
` (197 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Stephen Boyd, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit a8ea4273bc26256ce3cce83164f0f51c5bf6e127 ]
In legacy_init_clockgen(), we need to hold the reference returned
by of_get_parent() and use it to call of_node_put() for refcount
balance.
Beside, in create_sysclk(), we need to call of_node_put() on 'sysclk'
also for refcount balance.
Fixes: 0dfc86b3173f ("clk: qoriq: Move chip-specific knowledge into driver")
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220628143851.171299-1-windhl@126.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/clk-qoriq.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/clk-qoriq.c b/drivers/clk/clk-qoriq.c
index 46101c6a20f2..585b9ac11881 100644
--- a/drivers/clk/clk-qoriq.c
+++ b/drivers/clk/clk-qoriq.c
@@ -1038,8 +1038,13 @@ static void __init _clockgen_init(struct device_node *np, bool legacy);
*/
static void __init legacy_init_clockgen(struct device_node *np)
{
- if (!clockgen.node)
- _clockgen_init(of_get_parent(np), true);
+ if (!clockgen.node) {
+ struct device_node *parent_np;
+
+ parent_np = of_get_parent(np);
+ _clockgen_init(parent_np, true);
+ of_node_put(parent_np);
+ }
}
/* Legacy node */
@@ -1134,6 +1139,7 @@ static struct clk * __init create_sysclk(const char *name)
sysclk = of_get_child_by_name(clockgen.node, "sysclk");
if (sysclk) {
clk = sysclk_from_fixed(sysclk, name);
+ of_node_put(sysclk);
if (!IS_ERR(clk))
return clk;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 199/390] clk: berlin: Add of_node_put() for of_get_parent()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (197 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 198/390] clk: qoriq: " Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 200/390] clk: sprd: Hold reference returned by of_get_parent() Greg Kroah-Hartman
` (196 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Stephen Boyd, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 37c381b812dcbfde9c3f1f3d3e75fdfc1b40d5bc ]
In berlin2_clock_setup() and berlin2q_clock_setup(), we need to
call of_node_put() for the reference returned by of_get_parent()
which has increased the refcount. We should call *_put() in fail
path or when it is not used anymore.
Fixes: 26b3b6b959b2 ("clk: berlin: prepare simple-mfd conversion")
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220708084900.311684-1-windhl@126.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/berlin/bg2.c | 5 ++++-
drivers/clk/berlin/bg2q.c | 6 +++++-
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/berlin/bg2.c b/drivers/clk/berlin/bg2.c
index bccdfa00fd37..67a9edbba29c 100644
--- a/drivers/clk/berlin/bg2.c
+++ b/drivers/clk/berlin/bg2.c
@@ -500,12 +500,15 @@ static void __init berlin2_clock_setup(struct device_node *np)
int n, ret;
clk_data = kzalloc(struct_size(clk_data, hws, MAX_CLKS), GFP_KERNEL);
- if (!clk_data)
+ if (!clk_data) {
+ of_node_put(parent_np);
return;
+ }
clk_data->num = MAX_CLKS;
hws = clk_data->hws;
gbase = of_iomap(parent_np, 0);
+ of_node_put(parent_np);
if (!gbase)
return;
diff --git a/drivers/clk/berlin/bg2q.c b/drivers/clk/berlin/bg2q.c
index e9518d35f262..dd2784bb75b6 100644
--- a/drivers/clk/berlin/bg2q.c
+++ b/drivers/clk/berlin/bg2q.c
@@ -286,19 +286,23 @@ static void __init berlin2q_clock_setup(struct device_node *np)
int n, ret;
clk_data = kzalloc(struct_size(clk_data, hws, MAX_CLKS), GFP_KERNEL);
- if (!clk_data)
+ if (!clk_data) {
+ of_node_put(parent_np);
return;
+ }
clk_data->num = MAX_CLKS;
hws = clk_data->hws;
gbase = of_iomap(parent_np, 0);
if (!gbase) {
+ of_node_put(parent_np);
pr_err("%pOF: Unable to map global base\n", np);
return;
}
/* BG2Q CPU PLL is not part of global registers */
cpupll_base = of_iomap(parent_np, 1);
+ of_node_put(parent_np);
if (!cpupll_base) {
pr_err("%pOF: Unable to map cpupll base\n", np);
iounmap(gbase);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 200/390] clk: sprd: Hold reference returned by of_get_parent()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (198 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 199/390] clk: berlin: Add of_node_put() for of_get_parent() Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 201/390] clk: tegra: Fix refcount leak in tegra210_clock_init Greg Kroah-Hartman
` (195 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Orson Zhai, Stephen Boyd,
Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 91e6455bf715fb1558a0bf8f645ec1c131254a3c ]
We should hold the reference returned by of_get_parent() and use it
to call of_node_put() for refcount balance.
Fixes: f95e8c7923d1 ("clk: sprd: support to get regmap from parent node")
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220704004729.272481-1-windhl@126.com
Reviewed-by: Orson Zhai <orsonzhai@gmail.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/sprd/common.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/clk/sprd/common.c b/drivers/clk/sprd/common.c
index d620bbbcdfc8..ce81e4087a8f 100644
--- a/drivers/clk/sprd/common.c
+++ b/drivers/clk/sprd/common.c
@@ -41,7 +41,7 @@ int sprd_clk_regmap_init(struct platform_device *pdev,
{
void __iomem *base;
struct device *dev = &pdev->dev;
- struct device_node *node = dev->of_node;
+ struct device_node *node = dev->of_node, *np;
struct regmap *regmap;
if (of_find_property(node, "sprd,syscon", NULL)) {
@@ -50,9 +50,10 @@ int sprd_clk_regmap_init(struct platform_device *pdev,
pr_err("%s: failed to get syscon regmap\n", __func__);
return PTR_ERR(regmap);
}
- } else if (of_device_is_compatible(of_get_parent(dev->of_node),
- "syscon")) {
- regmap = device_node_to_regmap(of_get_parent(dev->of_node));
+ } else if (of_device_is_compatible(np = of_get_parent(node), "syscon") ||
+ (of_node_put(np), 0)) {
+ regmap = device_node_to_regmap(np);
+ of_node_put(np);
if (IS_ERR(regmap)) {
dev_err(dev, "failed to get regmap from its parent.\n");
return PTR_ERR(regmap);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 201/390] clk: tegra: Fix refcount leak in tegra210_clock_init
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (199 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 200/390] clk: sprd: Hold reference returned by of_get_parent() Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 202/390] clk: tegra: Fix refcount leak in tegra114_clock_init Greg Kroah-Hartman
` (194 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Stephen Boyd, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 56c78cb1f00a9dde8cd762131ce8f4c5eb046fbb ]
of_find_matching_node() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
Fixes: 6b301a059eb2 ("clk: tegra: Add support for Tegra210 clocks")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220523142608.65074-1-linmq006@gmail.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/tegra/clk-tegra210.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/clk/tegra/clk-tegra210.c b/drivers/clk/tegra/clk-tegra210.c
index 68cbb98af567..1a0016d07f88 100644
--- a/drivers/clk/tegra/clk-tegra210.c
+++ b/drivers/clk/tegra/clk-tegra210.c
@@ -3697,6 +3697,7 @@ static void __init tegra210_clock_init(struct device_node *np)
}
pmc_base = of_iomap(node, 0);
+ of_node_put(node);
if (!pmc_base) {
pr_err("Can't map pmc registers\n");
WARN_ON(1);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 202/390] clk: tegra: Fix refcount leak in tegra114_clock_init
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (200 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 201/390] clk: tegra: Fix refcount leak in tegra210_clock_init Greg Kroah-Hartman
@ 2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 203/390] clk: tegra20: Fix refcount leak in tegra20_clock_init Greg Kroah-Hartman
` (193 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Stephen Boyd, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit db16a80c76ea395766913082b1e3f939dde29b2c ]
of_find_matching_node() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
Fixes: 2cb5efefd6f7 ("clk: tegra: Implement clocks for Tegra114")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220523143834.7587-1-linmq006@gmail.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/tegra/clk-tegra114.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/clk/tegra/clk-tegra114.c b/drivers/clk/tegra/clk-tegra114.c
index bc9e47a4cb60..4e2b26e3e573 100644
--- a/drivers/clk/tegra/clk-tegra114.c
+++ b/drivers/clk/tegra/clk-tegra114.c
@@ -1317,6 +1317,7 @@ static void __init tegra114_clock_init(struct device_node *np)
}
pmc_base = of_iomap(node, 0);
+ of_node_put(node);
if (!pmc_base) {
pr_err("Can't map pmc registers\n");
WARN_ON(1);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 203/390] clk: tegra20: Fix refcount leak in tegra20_clock_init
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (201 preceding siblings ...)
2022-10-24 11:29 ` [PATCH 5.10 202/390] clk: tegra: Fix refcount leak in tegra114_clock_init Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 204/390] HSI: omap_ssi: Fix refcount leak in ssi_probe Greg Kroah-Hartman
` (192 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Stephen Boyd, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 4e343bafe03ff68a62f48f8235cf98f2c685468b ]
of_find_matching_node() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
Fixes: 37c26a906527 ("clk: tegra: add clock support for Tegra20")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220523152811.19692-1-linmq006@gmail.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/tegra/clk-tegra20.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/clk/tegra/clk-tegra20.c b/drivers/clk/tegra/clk-tegra20.c
index 3efc651b42e3..d60ee6e318a5 100644
--- a/drivers/clk/tegra/clk-tegra20.c
+++ b/drivers/clk/tegra/clk-tegra20.c
@@ -1128,6 +1128,7 @@ static void __init tegra20_clock_init(struct device_node *np)
}
pmc_base = of_iomap(node, 0);
+ of_node_put(node);
if (!pmc_base) {
pr_err("Can't map pmc registers\n");
BUG();
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 204/390] HSI: omap_ssi: Fix refcount leak in ssi_probe
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (202 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 203/390] clk: tegra20: Fix refcount leak in tegra20_clock_init Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 205/390] HSI: omap_ssi_port: Fix dma_map_sg error check Greg Kroah-Hartman
` (191 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Sebastian Reichel, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 9a2ea132df860177b33c9fd421b26c4e9a0a9396 ]
When returning or breaking early from a
for_each_available_child_of_node() loop, we need to explicitly call
of_node_put() on the child node to possibly release the node.
Fixes: b209e047bc74 ("HSI: Introduce OMAP SSI driver")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hsi/controllers/omap_ssi_core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/hsi/controllers/omap_ssi_core.c b/drivers/hsi/controllers/omap_ssi_core.c
index 44a3f5660c10..eb9820158318 100644
--- a/drivers/hsi/controllers/omap_ssi_core.c
+++ b/drivers/hsi/controllers/omap_ssi_core.c
@@ -524,6 +524,7 @@ static int ssi_probe(struct platform_device *pd)
if (!childpdev) {
err = -ENODEV;
dev_err(&pd->dev, "failed to create ssi controller port\n");
+ of_node_put(child);
goto out3;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 205/390] HSI: omap_ssi_port: Fix dma_map_sg error check
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (203 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 204/390] HSI: omap_ssi: Fix refcount leak in ssi_probe Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 206/390] media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop Greg Kroah-Hartman
` (190 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sebastian Reichel, Jack Wang,
Sebastian Reichel, Sasha Levin
From: Jack Wang <jinpu.wang@ionos.com>
[ Upstream commit 551e325bbd3fb8b5a686ac1e6cf76e5641461cf2 ]
dma_map_sg return 0 on error, in case of error return -EIO
to caller.
Cc: Sebastian Reichel <sre@kernel.org>
Cc: linux-kernel@vger.kernel.org (open list)
Fixes: b209e047bc74 ("HSI: Introduce OMAP SSI driver")
Signed-off-by: Jack Wang <jinpu.wang@ionos.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hsi/controllers/omap_ssi_port.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/hsi/controllers/omap_ssi_port.c b/drivers/hsi/controllers/omap_ssi_port.c
index a0cb5be246e1..b9495b720f1b 100644
--- a/drivers/hsi/controllers/omap_ssi_port.c
+++ b/drivers/hsi/controllers/omap_ssi_port.c
@@ -230,10 +230,10 @@ static int ssi_start_dma(struct hsi_msg *msg, int lch)
if (msg->ttype == HSI_MSG_READ) {
err = dma_map_sg(&ssi->device, msg->sgt.sgl, msg->sgt.nents,
DMA_FROM_DEVICE);
- if (err < 0) {
+ if (!err) {
dev_dbg(&ssi->device, "DMA map SG failed !\n");
pm_runtime_put_autosuspend(omap_port->pdev);
- return err;
+ return -EIO;
}
csdp = SSI_DST_BURST_4x32_BIT | SSI_DST_MEMORY_PORT |
SSI_SRC_SINGLE_ACCESS0 | SSI_SRC_PERIPHERAL_PORT |
@@ -247,10 +247,10 @@ static int ssi_start_dma(struct hsi_msg *msg, int lch)
} else {
err = dma_map_sg(&ssi->device, msg->sgt.sgl, msg->sgt.nents,
DMA_TO_DEVICE);
- if (err < 0) {
+ if (!err) {
dev_dbg(&ssi->device, "DMA map SG failed !\n");
pm_runtime_put_autosuspend(omap_port->pdev);
- return err;
+ return -EIO;
}
csdp = SSI_SRC_BURST_4x32_BIT | SSI_SRC_MEMORY_PORT |
SSI_DST_SINGLE_ACCESS0 | SSI_DST_PERIPHERAL_PORT |
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 206/390] media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (204 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 205/390] HSI: omap_ssi_port: Fix dma_map_sg error check Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 207/390] tty: xilinx_uartps: Fix the ignore_status Greg Kroah-Hartman
` (189 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 211f8304fa21aaedc2c247f0c9d6c7f1aaa61ad7 ]
In fimc_is_register_subdevs(), we need to call of_node_put() for
the reference 'i2c_bus' when breaking out of the
for_each_compatible_node() which has increased the refcount.
Fixes: 9a761e436843 ("[media] exynos4-is: Add Exynos4x12 FIMC-IS driver")
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/exynos4-is/fimc-is.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/media/platform/exynos4-is/fimc-is.c b/drivers/media/platform/exynos4-is/fimc-is.c
index dc2a144cd29b..b52d2203eac5 100644
--- a/drivers/media/platform/exynos4-is/fimc-is.c
+++ b/drivers/media/platform/exynos4-is/fimc-is.c
@@ -213,6 +213,7 @@ static int fimc_is_register_subdevs(struct fimc_is *is)
if (ret < 0 || index >= FIMC_IS_SENSORS_NUM) {
of_node_put(child);
+ of_node_put(i2c_bus);
return ret;
}
index++;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 207/390] tty: xilinx_uartps: Fix the ignore_status
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (205 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 206/390] media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 208/390] media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() Greg Kroah-Hartman
` (188 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Shubhrajyoti Datta, Sasha Levin
From: Shubhrajyoti Datta <shubhrajyoti.datta@xilinx.com>
[ Upstream commit b8a6c3b3d4654fba19881cc77da61eac29f57cae ]
Currently the ignore_status is not considered in the isr.
Add a check to add the ignore_status.
Fixes: 61ec9016988f ("tty/serial: add support for Xilinx PS UART")
Signed-off-by: Shubhrajyoti Datta <shubhrajyoti.datta@xilinx.com>
Link: https://lore.kernel.org/r/20220729114748.18332-5-shubhrajyoti.datta@xilinx.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/xilinx_uartps.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/tty/serial/xilinx_uartps.c b/drivers/tty/serial/xilinx_uartps.c
index b5a8afbc452b..f7dfa123907a 100644
--- a/drivers/tty/serial/xilinx_uartps.c
+++ b/drivers/tty/serial/xilinx_uartps.c
@@ -375,6 +375,8 @@ static irqreturn_t cdns_uart_isr(int irq, void *dev_id)
isrstatus &= ~CDNS_UART_IXR_TXEMPTY;
}
+ isrstatus &= port->read_status_mask;
+ isrstatus &= ~port->ignore_status_mask;
/*
* Skip RX processing if RX is disabled as RXEMPTY will never be set
* as read bytes will not be removed from the FIFO.
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 208/390] media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (206 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 207/390] tty: xilinx_uartps: Fix the ignore_status Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 209/390] media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init Greg Kroah-Hartman
` (187 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xu Qiang, Neil Armstrong,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Xu Qiang <xuqiang36@huawei.com>
[ Upstream commit 4029372233e13e281f8c387f279f9f064ced3810 ]
Add the missing clk_disable_unprepare() before return
from vdec_hevc_start() in the error handling case.
Fixes: 823a7300340e (“media: meson: vdec: add common HEVC decoder support”)
Signed-off-by: Xu Qiang <xuqiang36@huawei.com>
Reviewed-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/meson/vdec/vdec_hevc.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/media/meson/vdec/vdec_hevc.c b/drivers/staging/media/meson/vdec/vdec_hevc.c
index 9530e580e57a..afced435c907 100644
--- a/drivers/staging/media/meson/vdec/vdec_hevc.c
+++ b/drivers/staging/media/meson/vdec/vdec_hevc.c
@@ -167,8 +167,12 @@ static int vdec_hevc_start(struct amvdec_session *sess)
clk_set_rate(core->vdec_hevc_clk, 666666666);
ret = clk_prepare_enable(core->vdec_hevc_clk);
- if (ret)
+ if (ret) {
+ if (core->platform->revision == VDEC_REVISION_G12A ||
+ core->platform->revision == VDEC_REVISION_SM1)
+ clk_disable_unprepare(core->vdec_hevcf_clk);
return ret;
+ }
if (core->platform->revision == VDEC_REVISION_SM1)
regmap_update_bits(core->regmap_ao, AO_RTI_GEN_PWR_SLEEP0,
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 209/390] media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (207 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 208/390] media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 210/390] RDMA/rxe: Fix "kernel NULL pointer dereference" error Greg Kroah-Hartman
` (186 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Laurent Pinchart,
Mauro Carvalho Chehab, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 1c78f19c3a0ea312a8178a6bfd8934eb93e9b10a ]
of_get_child_by_name() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
Fixes: df3305156f98 ("[media] v4l: xilinx: Add Xilinx Video IP core")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/xilinx/xilinx-vipp.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/media/platform/xilinx/xilinx-vipp.c b/drivers/media/platform/xilinx/xilinx-vipp.c
index cc2856efea59..f2b0c490187c 100644
--- a/drivers/media/platform/xilinx/xilinx-vipp.c
+++ b/drivers/media/platform/xilinx/xilinx-vipp.c
@@ -472,7 +472,7 @@ static int xvip_graph_dma_init(struct xvip_composite_device *xdev)
{
struct device_node *ports;
struct device_node *port;
- int ret;
+ int ret = 0;
ports = of_get_child_by_name(xdev->dev->of_node, "ports");
if (ports == NULL) {
@@ -482,13 +482,14 @@ static int xvip_graph_dma_init(struct xvip_composite_device *xdev)
for_each_child_of_node(ports, port) {
ret = xvip_graph_dma_init_one(xdev, port);
- if (ret < 0) {
+ if (ret) {
of_node_put(port);
- return ret;
+ break;
}
}
- return 0;
+ of_node_put(ports);
+ return ret;
}
static void xvip_graph_cleanup(struct xvip_composite_device *xdev)
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 210/390] RDMA/rxe: Fix "kernel NULL pointer dereference" error
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (208 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 209/390] media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 211/390] RDMA/rxe: Fix the error caused by qp->sk Greg Kroah-Hartman
` (185 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+ab99dc4c6e961eed8b8e,
Zhu Yanjun, Li Zhijian, Bob Pearson, Leon Romanovsky,
Sasha Levin
From: Zhu Yanjun <yanjun.zhu@linux.dev>
[ Upstream commit a625ca30eff806395175ebad3ac1399014bdb280 ]
When rxe_queue_init in the function rxe_qp_init_req fails,
both qp->req.task.func and qp->req.task.arg are not initialized.
Because of creation of qp fails, the function rxe_create_qp will
call rxe_qp_do_cleanup to handle allocated resource.
Before calling __rxe_do_task, both qp->req.task.func and
qp->req.task.arg should be checked.
Fixes: 8700e3e7c485 ("Soft RoCE driver")
Link: https://lore.kernel.org/r/20220822011615.805603-2-yanjun.zhu@linux.dev
Reported-by: syzbot+ab99dc4c6e961eed8b8e@syzkaller.appspotmail.com
Signed-off-by: Zhu Yanjun <yanjun.zhu@linux.dev>
Reviewed-by: Li Zhijian <lizhijian@fujitsu.com>
Reviewed-by: Bob Pearson <rpearsonhpe@gmail.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/rxe/rxe_qp.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe/rxe_qp.c
index 2847ab4d9a5f..6acef6e923de 100644
--- a/drivers/infiniband/sw/rxe/rxe_qp.c
+++ b/drivers/infiniband/sw/rxe/rxe_qp.c
@@ -775,7 +775,9 @@ void rxe_qp_destroy(struct rxe_qp *qp)
rxe_cleanup_task(&qp->comp.task);
/* flush out any receive wr's or pending requests */
- __rxe_do_task(&qp->req.task);
+ if (qp->req.task.func)
+ __rxe_do_task(&qp->req.task);
+
if (qp->sq.queue) {
__rxe_do_task(&qp->comp.task);
__rxe_do_task(&qp->req.task);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 211/390] RDMA/rxe: Fix the error caused by qp->sk
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (209 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 210/390] RDMA/rxe: Fix "kernel NULL pointer dereference" error Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 212/390] misc: ocxl: fix possible refcount leak in afu_ioctl() Greg Kroah-Hartman
` (184 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhu Yanjun, Li Zhijian, Bob Pearson,
Leon Romanovsky, Sasha Levin
From: Zhu Yanjun <yanjun.zhu@linux.dev>
[ Upstream commit 548ce2e66725dcba4e27d1e8ac468d5dd17fd509 ]
When sock_create_kern in the function rxe_qp_init_req fails,
qp->sk is set to NULL.
Then the function rxe_create_qp will call rxe_qp_do_cleanup
to handle allocated resource.
Before handling qp->sk, this variable should be checked.
Fixes: 8700e3e7c485 ("Soft RoCE driver")
Link: https://lore.kernel.org/r/20220822011615.805603-3-yanjun.zhu@linux.dev
Signed-off-by: Zhu Yanjun <yanjun.zhu@linux.dev>
Reviewed-by: Li Zhijian <lizhijian@fujitsu.com>
Reviewed-by: Bob Pearson <rpearsonhpe@gmail.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/rxe/rxe_qp.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe/rxe_qp.c
index 6acef6e923de..2e4b008f0387 100644
--- a/drivers/infiniband/sw/rxe/rxe_qp.c
+++ b/drivers/infiniband/sw/rxe/rxe_qp.c
@@ -817,8 +817,10 @@ static void rxe_qp_do_cleanup(struct work_struct *work)
free_rd_atomic_resources(qp);
- kernel_sock_shutdown(qp->sk, SHUT_RDWR);
- sock_release(qp->sk);
+ if (qp->sk) {
+ kernel_sock_shutdown(qp->sk, SHUT_RDWR);
+ sock_release(qp->sk);
+ }
}
/* called when the last reference to the qp is dropped */
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 212/390] misc: ocxl: fix possible refcount leak in afu_ioctl()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (210 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 211/390] RDMA/rxe: Fix the error caused by qp->sk Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 213/390] fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() Greg Kroah-Hartman
` (183 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Frederic Barrat, Hangyu Hua, Sasha Levin
From: Hangyu Hua <hbh25y@gmail.com>
[ Upstream commit c3b69ba5114c860d730870c03ab4ee45276e5e35 ]
eventfd_ctx_put need to be called to put the refcount that gotten by
eventfd_ctx_fdget when ocxl_irq_set_handler fails.
Fixes: 060146614643 ("ocxl: move event_fd handling to frontend")
Acked-by: Frederic Barrat <fbarrat@linux.ibm.com>
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Link: https://lore.kernel.org/r/20220824082600.36159-1-hbh25y@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/ocxl/file.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/misc/ocxl/file.c b/drivers/misc/ocxl/file.c
index c742ab02ae18..e094809b54ff 100644
--- a/drivers/misc/ocxl/file.c
+++ b/drivers/misc/ocxl/file.c
@@ -259,6 +259,8 @@ static long afu_ioctl(struct file *file, unsigned int cmd,
if (IS_ERR(ev_ctx))
return PTR_ERR(ev_ctx);
rc = ocxl_irq_set_handler(ctx, irq_id, irq_handler, irq_free, ev_ctx);
+ if (rc)
+ eventfd_ctx_put(ev_ctx);
break;
case OCXL_IOCTL_GET_METADATA:
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 213/390] fpga: prevent integer overflow in dfl_feature_ioctl_set_irq()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (211 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 212/390] misc: ocxl: fix possible refcount leak in afu_ioctl() Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 214/390] dmaengine: hisilicon: Disable channels when unregister hisi_dma Greg Kroah-Hartman
` (182 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Xu Yilun, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 939bc5453b8cbdde9f1e5110ce8309aedb1b501a ]
The "hdr.count * sizeof(s32)" multiplication can overflow on 32 bit
systems leading to memory corruption. Use array_size() to fix that.
Fixes: 322b598be4d9 ("fpga: dfl: introduce interrupt trigger setting API")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Xu Yilun <yilun.xu@intel.com>
Link: https://lore.kernel.org/r/YxBAtYCM38dM7yzI@kili
Signed-off-by: Xu Yilun <yilun.xu@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/fpga/dfl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/fpga/dfl.c b/drivers/fpga/dfl.c
index b450870b75ed..eb8a6e329af9 100644
--- a/drivers/fpga/dfl.c
+++ b/drivers/fpga/dfl.c
@@ -1857,7 +1857,7 @@ long dfl_feature_ioctl_set_irq(struct platform_device *pdev,
return -EINVAL;
fds = memdup_user((void __user *)(arg + sizeof(hdr)),
- hdr.count * sizeof(s32));
+ array_size(hdr.count, sizeof(s32)));
if (IS_ERR(fds))
return PTR_ERR(fds);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 214/390] dmaengine: hisilicon: Disable channels when unregister hisi_dma
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (212 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 213/390] fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 215/390] dmaengine: hisilicon: Fix CQ head update Greg Kroah-Hartman
` (181 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jie Hai, Zhou Wang, Vinod Koul, Sasha Levin
From: Jie Hai <haijie1@huawei.com>
[ Upstream commit e3bdaa04ada31f46d0586df83a2789b8913053c5 ]
When hisi_dma is unloaded or unbinded, all of channels should be
disabled. This patch disables DMA channels when driver is unloaded
or unbinded.
Fixes: e9f08b65250d ("dmaengine: hisilicon: Add Kunpeng DMA engine support")
Signed-off-by: Jie Hai <haijie1@huawei.com>
Acked-by: Zhou Wang <wangzhou1@hisilicon.com>
Link: https://lore.kernel.org/r/20220830062251.52993-2-haijie1@huawei.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/hisi_dma.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/drivers/dma/hisi_dma.c b/drivers/dma/hisi_dma.c
index 3e83769615d1..7cedf91e86a9 100644
--- a/drivers/dma/hisi_dma.c
+++ b/drivers/dma/hisi_dma.c
@@ -185,7 +185,8 @@ static void hisi_dma_reset_qp_point(struct hisi_dma_dev *hdma_dev, u32 index)
hisi_dma_chan_write(hdma_dev->base, HISI_DMA_CQ_HEAD_PTR, index, 0);
}
-static void hisi_dma_reset_hw_chan(struct hisi_dma_chan *chan)
+static void hisi_dma_reset_or_disable_hw_chan(struct hisi_dma_chan *chan,
+ bool disable)
{
struct hisi_dma_dev *hdma_dev = chan->hdma_dev;
u32 index = chan->qp_num, tmp;
@@ -206,8 +207,11 @@ static void hisi_dma_reset_hw_chan(struct hisi_dma_chan *chan)
hisi_dma_do_reset(hdma_dev, index);
hisi_dma_reset_qp_point(hdma_dev, index);
hisi_dma_pause_dma(hdma_dev, index, false);
- hisi_dma_enable_dma(hdma_dev, index, true);
- hisi_dma_unmask_irq(hdma_dev, index);
+
+ if (!disable) {
+ hisi_dma_enable_dma(hdma_dev, index, true);
+ hisi_dma_unmask_irq(hdma_dev, index);
+ }
ret = readl_relaxed_poll_timeout(hdma_dev->base +
HISI_DMA_Q_FSM_STS + index * HISI_DMA_OFFSET, tmp,
@@ -223,7 +227,7 @@ static void hisi_dma_free_chan_resources(struct dma_chan *c)
struct hisi_dma_chan *chan = to_hisi_dma_chan(c);
struct hisi_dma_dev *hdma_dev = chan->hdma_dev;
- hisi_dma_reset_hw_chan(chan);
+ hisi_dma_reset_or_disable_hw_chan(chan, false);
vchan_free_chan_resources(&chan->vc);
memset(chan->sq, 0, sizeof(struct hisi_dma_sqe) * hdma_dev->chan_depth);
@@ -399,7 +403,7 @@ static void hisi_dma_enable_qp(struct hisi_dma_dev *hdma_dev, u32 qp_index)
static void hisi_dma_disable_qp(struct hisi_dma_dev *hdma_dev, u32 qp_index)
{
- hisi_dma_reset_hw_chan(&hdma_dev->chan[qp_index]);
+ hisi_dma_reset_or_disable_hw_chan(&hdma_dev->chan[qp_index], true);
}
static void hisi_dma_enable_qps(struct hisi_dma_dev *hdma_dev)
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 215/390] dmaengine: hisilicon: Fix CQ head update
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (213 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 214/390] dmaengine: hisilicon: Disable channels when unregister hisi_dma Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 216/390] dmaengine: hisilicon: Add multi-thread support for a DMA channel Greg Kroah-Hartman
` (180 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jie Hai, Zhou Wang, Vinod Koul, Sasha Levin
From: Jie Hai <haijie1@huawei.com>
[ Upstream commit 94477a79cf80e8ab55b68f14bc579a12ddea1e0b ]
After completion of data transfer of one or multiple descriptors,
the completion status and the current head pointer to submission
queue are written into the CQ and interrupt can be generated to
inform the software. In interrupt process CQ is read and cq_head
is updated.
hisi_dma_irq updates cq_head only when the completion status is
success. When an abnormal interrupt reports, cq_head will not update
which will cause subsequent interrupt processes read the error CQ
and never report the correct status.
This patch updates cq_head whenever CQ is accessed.
Fixes: e9f08b65250d ("dmaengine: hisilicon: Add Kunpeng DMA engine support")
Signed-off-by: Jie Hai <haijie1@huawei.com>
Acked-by: Zhou Wang <wangzhou1@hisilicon.com>
Link: https://lore.kernel.org/r/20220830062251.52993-3-haijie1@huawei.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/hisi_dma.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/drivers/dma/hisi_dma.c b/drivers/dma/hisi_dma.c
index 7cedf91e86a9..08ec90dd4c46 100644
--- a/drivers/dma/hisi_dma.c
+++ b/drivers/dma/hisi_dma.c
@@ -442,12 +442,10 @@ static irqreturn_t hisi_dma_irq(int irq, void *data)
desc = chan->desc;
cqe = chan->cq + chan->cq_head;
if (desc) {
+ chan->cq_head = (chan->cq_head + 1) % hdma_dev->chan_depth;
+ hisi_dma_chan_write(hdma_dev->base, HISI_DMA_CQ_HEAD_PTR,
+ chan->qp_num, chan->cq_head);
if (FIELD_GET(STATUS_MASK, cqe->w0) == STATUS_SUCC) {
- chan->cq_head = (chan->cq_head + 1) %
- hdma_dev->chan_depth;
- hisi_dma_chan_write(hdma_dev->base,
- HISI_DMA_CQ_HEAD_PTR, chan->qp_num,
- chan->cq_head);
vchan_cookie_complete(&desc->vd);
} else {
dev_err(&hdma_dev->pdev->dev, "task error!\n");
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 216/390] dmaengine: hisilicon: Add multi-thread support for a DMA channel
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (214 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 215/390] dmaengine: hisilicon: Fix CQ head update Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 217/390] dyndbg: fix static_branch manipulation Greg Kroah-Hartman
` (179 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jie Hai, Zhou Wang, Vinod Koul, Sasha Levin
From: Jie Hai <haijie1@huawei.com>
[ Upstream commit 2cbb95883c990d0002a77e13d3278913ab26ad79 ]
When we get a DMA channel and try to use it in multiple threads it
will cause oops and hanging the system.
% echo 100 > /sys/module/dmatest/parameters/threads_per_chan
% echo 100 > /sys/module/dmatest/parameters/iterations
% echo 1 > /sys/module/dmatest/parameters/run
[383493.327077] Unable to handle kernel paging request at virtual
address dead000000000108
[383493.335103] Mem abort info:
[383493.335103] ESR = 0x96000044
[383493.335105] EC = 0x25: DABT (current EL), IL = 32 bits
[383493.335107] SET = 0, FnV = 0
[383493.335108] EA = 0, S1PTW = 0
[383493.335109] FSC = 0x04: level 0 translation fault
[383493.335110] Data abort info:
[383493.335111] ISV = 0, ISS = 0x00000044
[383493.364739] CM = 0, WnR = 1
[383493.367793] [dead000000000108] address between user and kernel
address ranges
[383493.375021] Internal error: Oops: 96000044 [#1] PREEMPT SMP
[383493.437574] CPU: 63 PID: 27895 Comm: dma0chan0-copy2 Kdump:
loaded Tainted: GO 5.17.0-rc4+ #2
[383493.457851] pstate: 204000c9 (nzCv daIF +PAN -UAO -TCO -DIT
-SSBS BTYPE=--)
[383493.465331] pc : vchan_tx_submit+0x64/0xa0
[383493.469957] lr : vchan_tx_submit+0x34/0xa0
This occurs because the transmission timed out, and that's due
to data race. Each thread rewrite channels's descriptor as soon as
device_issue_pending is called. It leads to the situation that
the driver thinks that it uses the right descriptor in interrupt
handler while channels's descriptor has been changed by other
thread. The descriptor which in fact reported interrupt will not
be handled any more, as well as its tx->callback.
That's why timeout reports.
With current fixes channels' descriptor changes it's value only
when it has been used. A new descriptor is acquired from
vc->desc_issued queue that is already filled with descriptors
that are ready to be sent. Threads have no direct access to DMA
channel descriptor. In case of channel's descriptor is busy, try
to submit to HW again when a descriptor is completed. In this case,
vc->desc_issued may be empty when hisi_dma_start_transfer is called,
so delete error reporting on this. Now it is just possible to queue
a descriptor for further processing.
Fixes: e9f08b65250d ("dmaengine: hisilicon: Add Kunpeng DMA engine support")
Signed-off-by: Jie Hai <haijie1@huawei.com>
Acked-by: Zhou Wang <wangzhou1@hisilicon.com>
Link: https://lore.kernel.org/r/20220830062251.52993-4-haijie1@huawei.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/hisi_dma.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/dma/hisi_dma.c b/drivers/dma/hisi_dma.c
index 08ec90dd4c46..8f1651367310 100644
--- a/drivers/dma/hisi_dma.c
+++ b/drivers/dma/hisi_dma.c
@@ -276,7 +276,6 @@ static void hisi_dma_start_transfer(struct hisi_dma_chan *chan)
vd = vchan_next_desc(&chan->vc);
if (!vd) {
- dev_err(&hdma_dev->pdev->dev, "no issued task!\n");
chan->desc = NULL;
return;
}
@@ -308,7 +307,7 @@ static void hisi_dma_issue_pending(struct dma_chan *c)
spin_lock_irqsave(&chan->vc.lock, flags);
- if (vchan_issue_pending(&chan->vc))
+ if (vchan_issue_pending(&chan->vc) && !chan->desc)
hisi_dma_start_transfer(chan);
spin_unlock_irqrestore(&chan->vc.lock, flags);
@@ -447,11 +446,10 @@ static irqreturn_t hisi_dma_irq(int irq, void *data)
chan->qp_num, chan->cq_head);
if (FIELD_GET(STATUS_MASK, cqe->w0) == STATUS_SUCC) {
vchan_cookie_complete(&desc->vd);
+ hisi_dma_start_transfer(chan);
} else {
dev_err(&hdma_dev->pdev->dev, "task error!\n");
}
-
- chan->desc = NULL;
}
spin_unlock_irqrestore(&chan->vc.lock, flags);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 217/390] dyndbg: fix static_branch manipulation
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (215 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 216/390] dmaengine: hisilicon: Add multi-thread support for a DMA channel Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 218/390] dyndbg: fix module.dyndbg handling Greg Kroah-Hartman
` (178 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, vincent.whitchurch, Jason Baron,
Daniel Vetter, Jim Cromie, Sasha Levin
From: Jim Cromie <jim.cromie@gmail.com>
[ Upstream commit ee879be38bc87f8cedc79ae2742958db6533ca59 ]
In https://lore.kernel.org/lkml/20211209150910.GA23668@axis.com/
Vincent's patch commented on, and worked around, a bug toggling
static_branch's, when a 2nd PRINTK-ish flag was added. The bug
results in a premature static_branch_disable when the 1st of 2 flags
was disabled.
The cited commit computed newflags, but then in the JUMP_LABEL block,
failed to use that result, instead using just one of the terms in it.
Using newflags instead made the code work properly.
This is Vincents test-case, reduced. It needs the 2nd flag to
demonstrate the bug, but it's explanatory here.
pt_test() {
echo 5 > /sys/module/dynamic_debug/verbose
site="module tcp" # just one callsite
echo " $site =_ " > /proc/dynamic_debug/control # clear it
# A B ~A ~B
for flg in +T +p "-T #broke here" -p; do
echo " $site $flg " > /proc/dynamic_debug/control
done;
# A B ~B ~A
for flg in +T +p "-p #broke here" -T; do
echo " $site $flg " > /proc/dynamic_debug/control
done
}
pt_test
Fixes: 84da83a6ffc0 dyndbg: combine flags & mask into a struct, simplify with it
CC: vincent.whitchurch@axis.com
Acked-by: Jason Baron <jbaron@akamai.com>
Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Jim Cromie <jim.cromie@gmail.com>
Link: https://lore.kernel.org/r/20220904214134.408619-2-jim.cromie@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/dynamic_debug.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/dynamic_debug.c b/lib/dynamic_debug.c
index 921d0a654243..e67655d7b7cb 100644
--- a/lib/dynamic_debug.c
+++ b/lib/dynamic_debug.c
@@ -207,10 +207,11 @@ static int ddebug_change(const struct ddebug_query *query,
continue;
#ifdef CONFIG_JUMP_LABEL
if (dp->flags & _DPRINTK_FLAGS_PRINT) {
- if (!(modifiers->flags & _DPRINTK_FLAGS_PRINT))
+ if (!(newflags & _DPRINTK_FLAGS_PRINT))
static_branch_disable(&dp->key.dd_key_true);
- } else if (modifiers->flags & _DPRINTK_FLAGS_PRINT)
+ } else if (newflags & _DPRINTK_FLAGS_PRINT) {
static_branch_enable(&dp->key.dd_key_true);
+ }
#endif
dp->flags = newflags;
v2pr_info("changed %s:%d [%s]%s =%s\n",
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 218/390] dyndbg: fix module.dyndbg handling
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (216 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 217/390] dyndbg: fix static_branch manipulation Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 219/390] dyndbg: let query-modname override actual module name Greg Kroah-Hartman
` (177 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rasmus Villemoes, Jason Baron,
Daniel Vetter, Jim Cromie, Sasha Levin
From: Jim Cromie <jim.cromie@gmail.com>
[ Upstream commit 85d6b66d31c35158364058ee98fb69ab5bb6a6b1 ]
For CONFIG_DYNAMIC_DEBUG=N, the ddebug_dyndbg_module_param_cb()
stub-fn is too permissive:
bash-5.1# modprobe drm JUNKdyndbg
bash-5.1# modprobe drm dyndbgJUNK
[ 42.933220] dyndbg param is supported only in CONFIG_DYNAMIC_DEBUG builds
[ 42.937484] ACPI: bus type drm_connector registered
This caused no ill effects, because unknown parameters are either
ignored by default with an "unknown parameter" warning, or ignored
because dyndbg allows its no-effect use on non-dyndbg builds.
But since the code has an explicit feedback message, it should be
issued accurately. Fix with strcmp for exact param-name match.
Fixes: b48420c1d301 dynamic_debug: make dynamic-debug work for module initialization
Reported-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Acked-by: Jason Baron <jbaron@akamai.com>
Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Jim Cromie <jim.cromie@gmail.com>
Link: https://lore.kernel.org/r/20220904214134.408619-3-jim.cromie@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/dynamic_debug.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/dynamic_debug.h b/include/linux/dynamic_debug.h
index a57ee75342cf..b0b23679b2c2 100644
--- a/include/linux/dynamic_debug.h
+++ b/include/linux/dynamic_debug.h
@@ -196,7 +196,7 @@ static inline int ddebug_remove_module(const char *mod)
static inline int ddebug_dyndbg_module_param_cb(char *param, char *val,
const char *modname)
{
- if (strstr(param, "dyndbg")) {
+ if (!strcmp(param, "dyndbg")) {
/* avoid pr_warn(), which wants pr_fmt() fully defined */
printk(KERN_WARNING "dyndbg param is supported only in "
"CONFIG_DYNAMIC_DEBUG builds\n");
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 219/390] dyndbg: let query-modname override actual module name
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (217 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 218/390] dyndbg: fix module.dyndbg handling Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 220/390] dyndbg: drop EXPORTed dynamic_debug_exec_queries Greg Kroah-Hartman
` (176 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jason Baron, Daniel Vetter,
Jim Cromie, Sasha Levin
From: Jim Cromie <jim.cromie@gmail.com>
[ Upstream commit e75ef56f74965f426dd819a41336b640ffdd8fbc ]
dyndbg's control-parser: ddebug_parse_query(), requires that search
terms: module, func, file, lineno, are used only once in a query; a
thing cannot be named both foo and bar.
The cited commit added an overriding module modname, taken from the
module loader, which is authoritative. So it set query.module 1st,
which disallowed its use in the query-string.
But now, its useful to allow a module-load to enable classes across a
whole (or part of) a subsystem at once.
# enable (dynamic-debug in) drm only
modprobe drm dyndbg="class DRM_UT_CORE +p"
# get drm_helper too
modprobe drm dyndbg="class DRM_UT_CORE module drm* +p"
# get everything that knows DRM_UT_CORE
modprobe drm dyndbg="class DRM_UT_CORE module * +p"
# also for boot-args:
drm.dyndbg="class DRM_UT_CORE module * +p"
So convert the override into a default, by filling it only when/after
the query-string omitted the module.
NB: the query class FOO handling is forthcoming.
Fixes: 8e59b5cfb9a6 dynamic_debug: add modname arg to exec_query callchain
Acked-by: Jason Baron <jbaron@akamai.com>
Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Jim Cromie <jim.cromie@gmail.com>
Link: https://lore.kernel.org/r/20220904214134.408619-8-jim.cromie@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/dynamic_debug.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/lib/dynamic_debug.c b/lib/dynamic_debug.c
index e67655d7b7cb..02a1a6496375 100644
--- a/lib/dynamic_debug.c
+++ b/lib/dynamic_debug.c
@@ -380,10 +380,6 @@ static int ddebug_parse_query(char *words[], int nwords,
return -EINVAL;
}
- if (modname)
- /* support $modname.dyndbg=<multiple queries> */
- query->module = modname;
-
for (i = 0; i < nwords; i += 2) {
char *keyword = words[i];
char *arg = words[i+1];
@@ -424,6 +420,13 @@ static int ddebug_parse_query(char *words[], int nwords,
if (rc)
return rc;
}
+ if (!query->module && modname)
+ /*
+ * support $modname.dyndbg=<multiple queries>, when
+ * not given in the query itself
+ */
+ query->module = modname;
+
vpr_info_dq(query, "parsed");
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 220/390] dyndbg: drop EXPORTed dynamic_debug_exec_queries
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (218 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 219/390] dyndbg: let query-modname override actual module name Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 221/390] mtd: devices: docg3: check the return value of devm_ioremap() in the probe Greg Kroah-Hartman
` (175 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jason Baron, Daniel Vetter,
Jim Cromie, Sasha Levin
From: Jim Cromie <jim.cromie@gmail.com>
[ Upstream commit e26ef3af964acfea311403126acee8c56c89e26b ]
This exported fn is unused, and will not be needed. Lets dump it.
The export was added to let drm control pr_debugs, as part of using
them to avoid drm_debug_enabled overheads. But its better to just
implement the drm.debug bitmap interface, then its available for
everyone.
Fixes: a2d375eda771 ("dyndbg: refine export, rename to dynamic_debug_exec_queries()")
Fixes: 4c0d77828d4f ("dyndbg: export ddebug_exec_queries")
Acked-by: Jason Baron <jbaron@akamai.com>
Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Jim Cromie <jim.cromie@gmail.com>
Link: https://lore.kernel.org/r/20220904214134.408619-10-jim.cromie@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/dynamic_debug.h | 9 ---------
lib/dynamic_debug.c | 29 -----------------------------
2 files changed, 38 deletions(-)
diff --git a/include/linux/dynamic_debug.h b/include/linux/dynamic_debug.h
index b0b23679b2c2..c0c6ea9ea7e3 100644
--- a/include/linux/dynamic_debug.h
+++ b/include/linux/dynamic_debug.h
@@ -50,9 +50,6 @@ struct _ddebug {
#if defined(CONFIG_DYNAMIC_DEBUG_CORE)
-/* exported for module authors to exercise >control */
-int dynamic_debug_exec_queries(const char *query, const char *modname);
-
int ddebug_add_module(struct _ddebug *tab, unsigned int n,
const char *modname);
extern int ddebug_remove_module(const char *mod_name);
@@ -216,12 +213,6 @@ static inline int ddebug_dyndbg_module_param_cb(char *param, char *val,
rowsize, groupsize, buf, len, ascii); \
} while (0)
-static inline int dynamic_debug_exec_queries(const char *query, const char *modname)
-{
- pr_warn("kernel not built with CONFIG_DYNAMIC_DEBUG_CORE\n");
- return 0;
-}
-
#endif /* !CONFIG_DYNAMIC_DEBUG_CORE */
#endif
diff --git a/lib/dynamic_debug.c b/lib/dynamic_debug.c
index 02a1a6496375..10a50c03074e 100644
--- a/lib/dynamic_debug.c
+++ b/lib/dynamic_debug.c
@@ -552,35 +552,6 @@ static int ddebug_exec_queries(char *query, const char *modname)
return nfound;
}
-/**
- * dynamic_debug_exec_queries - select and change dynamic-debug prints
- * @query: query-string described in admin-guide/dynamic-debug-howto
- * @modname: string containing module name, usually &module.mod_name
- *
- * This uses the >/proc/dynamic_debug/control reader, allowing module
- * authors to modify their dynamic-debug callsites. The modname is
- * canonically struct module.mod_name, but can also be null or a
- * module-wildcard, for example: "drm*".
- */
-int dynamic_debug_exec_queries(const char *query, const char *modname)
-{
- int rc;
- char *qry; /* writable copy of query */
-
- if (!query) {
- pr_err("non-null query/command string expected\n");
- return -EINVAL;
- }
- qry = kstrndup(query, PAGE_SIZE, GFP_KERNEL);
- if (!qry)
- return -ENOMEM;
-
- rc = ddebug_exec_queries(qry, modname);
- kfree(qry);
- return rc;
-}
-EXPORT_SYMBOL_GPL(dynamic_debug_exec_queries);
-
#define PREFIX_SIZE 64
static int remaining(int wrote)
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 221/390] mtd: devices: docg3: check the return value of devm_ioremap() in the probe
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (219 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 220/390] dyndbg: drop EXPORTed dynamic_debug_exec_queries Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 222/390] mtd: rawnand: fsl_elbc: Fix none ECC mode Greg Kroah-Hartman
` (174 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hacash Robot, William Dean,
Miquel Raynal, Sasha Levin
From: William Dean <williamsukatube@gmail.com>
[ Upstream commit 26e784433e6c65735cd6d93a8db52531970d9a60 ]
The function devm_ioremap() in docg3_probe() can fail, so
its return value should be checked.
Fixes: 82402aeb8c81e ("mtd: docg3: Use devm_*() functions")
Reported-by: Hacash Robot <hacashRobot@santino.com>
Signed-off-by: William Dean <williamsukatube@gmail.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220722091644.2937953-1-williamsukatube@163.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/devices/docg3.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/mtd/devices/docg3.c b/drivers/mtd/devices/docg3.c
index a030792115bc..fa42473d04c1 100644
--- a/drivers/mtd/devices/docg3.c
+++ b/drivers/mtd/devices/docg3.c
@@ -1975,9 +1975,14 @@ static int __init docg3_probe(struct platform_device *pdev)
dev_err(dev, "No I/O memory resource defined\n");
return ret;
}
- base = devm_ioremap(dev, ress->start, DOC_IOSPACE_SIZE);
ret = -ENOMEM;
+ base = devm_ioremap(dev, ress->start, DOC_IOSPACE_SIZE);
+ if (!base) {
+ dev_err(dev, "devm_ioremap dev failed\n");
+ return ret;
+ }
+
cascade = devm_kcalloc(dev, DOC_MAX_NBFLOORS, sizeof(*cascade),
GFP_KERNEL);
if (!cascade)
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 222/390] mtd: rawnand: fsl_elbc: Fix none ECC mode
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (220 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 221/390] mtd: devices: docg3: check the return value of devm_ioremap() in the probe Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 223/390] RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall Greg Kroah-Hartman
` (173 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Marek Behún,
Miquel Raynal, Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit 049e43b9fd8fd2966940485da163d67e96ee3fea ]
Commit f6424c22aa36 ("mtd: rawnand: fsl_elbc: Make SW ECC work") added
support for specifying ECC mode via DTS and skipping autodetection.
But it broke explicit specification of HW ECC mode in DTS as correct
settings for HW ECC mode are applied only when NONE mode or nothing was
specified in DTS file.
Also it started aliasing NONE mode to be same as when ECC mode was not
specified and disallowed usage of ON_DIE mode.
Fix all these issues. Use autodetection of ECC mode only in case when mode
was really not specified in DTS file by checking that ecc value is invalid.
Set HW ECC settings either when HW ECC was specified in DTS or it was
autodetected. And do not fail when ON_DIE mode is set.
Fixes: f6424c22aa36 ("mtd: rawnand: fsl_elbc: Make SW ECC work")
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220707184328.3845-1-pali@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/nand/raw/fsl_elbc_nand.c | 28 ++++++++++++++++------------
1 file changed, 16 insertions(+), 12 deletions(-)
diff --git a/drivers/mtd/nand/raw/fsl_elbc_nand.c b/drivers/mtd/nand/raw/fsl_elbc_nand.c
index b2af7f81fdf8..c174b6dc3c6b 100644
--- a/drivers/mtd/nand/raw/fsl_elbc_nand.c
+++ b/drivers/mtd/nand/raw/fsl_elbc_nand.c
@@ -727,36 +727,40 @@ static int fsl_elbc_attach_chip(struct nand_chip *chip)
struct fsl_lbc_regs __iomem *lbc = ctrl->regs;
unsigned int al;
- switch (chip->ecc.engine_type) {
/*
* if ECC was not chosen in DT, decide whether to use HW or SW ECC from
* CS Base Register
*/
- case NAND_ECC_ENGINE_TYPE_NONE:
+ if (chip->ecc.engine_type == NAND_ECC_ENGINE_TYPE_INVALID) {
/* If CS Base Register selects full hardware ECC then use it */
if ((in_be32(&lbc->bank[priv->bank].br) & BR_DECC) ==
BR_DECC_CHK_GEN) {
- chip->ecc.read_page = fsl_elbc_read_page;
- chip->ecc.write_page = fsl_elbc_write_page;
- chip->ecc.write_subpage = fsl_elbc_write_subpage;
-
chip->ecc.engine_type = NAND_ECC_ENGINE_TYPE_ON_HOST;
- mtd_set_ooblayout(mtd, &fsl_elbc_ooblayout_ops);
- chip->ecc.size = 512;
- chip->ecc.bytes = 3;
- chip->ecc.strength = 1;
} else {
/* otherwise fall back to default software ECC */
chip->ecc.engine_type = NAND_ECC_ENGINE_TYPE_SOFT;
chip->ecc.algo = NAND_ECC_ALGO_HAMMING;
}
+ }
+
+ switch (chip->ecc.engine_type) {
+ /* if HW ECC was chosen, setup ecc and oob layout */
+ case NAND_ECC_ENGINE_TYPE_ON_HOST:
+ chip->ecc.read_page = fsl_elbc_read_page;
+ chip->ecc.write_page = fsl_elbc_write_page;
+ chip->ecc.write_subpage = fsl_elbc_write_subpage;
+ mtd_set_ooblayout(mtd, &fsl_elbc_ooblayout_ops);
+ chip->ecc.size = 512;
+ chip->ecc.bytes = 3;
+ chip->ecc.strength = 1;
break;
- /* if SW ECC was chosen in DT, we do not need to set anything here */
+ /* if none or SW ECC was chosen, we do not need to set anything here */
+ case NAND_ECC_ENGINE_TYPE_NONE:
case NAND_ECC_ENGINE_TYPE_SOFT:
+ case NAND_ECC_ENGINE_TYPE_ON_DIE:
break;
- /* should we also implement *_ECC_ENGINE_CONTROLLER to do as above? */
default:
return -EINVAL;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 223/390] RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall.
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (221 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 222/390] mtd: rawnand: fsl_elbc: Fix none ECC mode Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 224/390] ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() Greg Kroah-Hartman
` (172 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Olga Kornievskaia, Bernard Metzler,
Leon Romanovsky, Sasha Levin
From: Bernard Metzler <bmt@zurich.ibm.com>
[ Upstream commit 754209850df8367c954ac1de7671c7430b1f342c ]
For header and trailer/padding processing, siw did not consume new
skb data until minimum amount present to fill current header or trailer
structure, including potential payload padding. Not consuming any
data during upcall may cause a receive stall, since tcp_read_sock()
is not upcalling again if no new data arrive.
A NFSoRDMA client got stuck at RDMA Write reception of unaligned
payload, if the current skb did contain only the expected 3 padding
bytes, but not the 4 bytes CRC trailer. Expecting 4 more bytes already
arrived in another skb, and not consuming those 3 bytes in the current
upcall left the Write incomplete, waiting for the CRC forever.
Fixes: 8b6a361b8c48 ("rdma/siw: receive path")
Reported-by: Olga Kornievskaia <kolga@netapp.com>
Tested-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Bernard Metzler <bmt@zurich.ibm.com>
Link: https://lore.kernel.org/r/20220920081202.223629-1-bmt@zurich.ibm.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/siw/siw_qp_rx.c | 27 +++++++++++++++------------
1 file changed, 15 insertions(+), 12 deletions(-)
diff --git a/drivers/infiniband/sw/siw/siw_qp_rx.c b/drivers/infiniband/sw/siw/siw_qp_rx.c
index 875ea6f1b04a..fd721cc19682 100644
--- a/drivers/infiniband/sw/siw/siw_qp_rx.c
+++ b/drivers/infiniband/sw/siw/siw_qp_rx.c
@@ -961,27 +961,28 @@ int siw_proc_terminate(struct siw_qp *qp)
static int siw_get_trailer(struct siw_qp *qp, struct siw_rx_stream *srx)
{
struct sk_buff *skb = srx->skb;
+ int avail = min(srx->skb_new, srx->fpdu_part_rem);
u8 *tbuf = (u8 *)&srx->trailer.crc - srx->pad;
__wsum crc_in, crc_own = 0;
siw_dbg_qp(qp, "expected %d, available %d, pad %u\n",
srx->fpdu_part_rem, srx->skb_new, srx->pad);
- if (srx->skb_new < srx->fpdu_part_rem)
- return -EAGAIN;
-
- skb_copy_bits(skb, srx->skb_offset, tbuf, srx->fpdu_part_rem);
+ skb_copy_bits(skb, srx->skb_offset, tbuf, avail);
- if (srx->mpa_crc_hd && srx->pad)
- crypto_shash_update(srx->mpa_crc_hd, tbuf, srx->pad);
+ srx->skb_new -= avail;
+ srx->skb_offset += avail;
+ srx->skb_copied += avail;
+ srx->fpdu_part_rem -= avail;
- srx->skb_new -= srx->fpdu_part_rem;
- srx->skb_offset += srx->fpdu_part_rem;
- srx->skb_copied += srx->fpdu_part_rem;
+ if (srx->fpdu_part_rem)
+ return -EAGAIN;
if (!srx->mpa_crc_hd)
return 0;
+ if (srx->pad)
+ crypto_shash_update(srx->mpa_crc_hd, tbuf, srx->pad);
/*
* CRC32 is computed, transmitted and received directly in NBO,
* so there's never a reason to convert byte order.
@@ -1083,10 +1084,9 @@ static int siw_get_hdr(struct siw_rx_stream *srx)
* completely received.
*/
if (iwarp_pktinfo[opcode].hdr_len > sizeof(struct iwarp_ctrl_tagged)) {
- bytes = iwarp_pktinfo[opcode].hdr_len - MIN_DDP_HDR;
+ int hdrlen = iwarp_pktinfo[opcode].hdr_len;
- if (srx->skb_new < bytes)
- return -EAGAIN;
+ bytes = min_t(int, hdrlen - MIN_DDP_HDR, srx->skb_new);
skb_copy_bits(skb, srx->skb_offset,
(char *)c_hdr + srx->fpdu_part_rcvd, bytes);
@@ -1096,6 +1096,9 @@ static int siw_get_hdr(struct siw_rx_stream *srx)
srx->skb_new -= bytes;
srx->skb_offset += bytes;
srx->skb_copied += bytes;
+
+ if (srx->fpdu_part_rcvd < hdrlen)
+ return -EAGAIN;
}
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 224/390] ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (222 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 223/390] RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 225/390] ata: fix ata_id_has_devslp() Greg Kroah-Hartman
` (171 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Niklas Cassel, Damien Le Moal, Sasha Levin
From: Niklas Cassel <niklas.cassel@wdc.com>
[ Upstream commit 690aa8c3ae308bc696ec8b1b357b995193927083 ]
ACS-5 section
7.13.6.41 Words 85..87, 120: Commands and feature sets supported or enabled
states that:
If bit 15 of word 86 is set to one, bit 14 of word 119 is set to one,
and bit 15 of word 119 is cleared to zero, then word 119 is valid.
If bit 15 of word 86 is set to one, bit 14 of word 120 is set to one,
and bit 15 of word 120 is cleared to zero, then word 120 is valid.
(This text also exists in really old ACS standards, e.g. ACS-3.)
Currently, ata_id_sense_reporting_enabled() and
ata_id_has_sense_reporting() both check bit 15 of word 86,
but neither of them check that bit 14 of word 119 is set to one,
or that bit 15 of word 119 is cleared to zero.
Additionally, make ata_id_sense_reporting_enabled() return false
if !ata_id_has_sense_reporting(), similar to how e.g.
ata_id_flush_ext_enabled() returns false if !ata_id_has_flush_ext().
Fixes: e87fd28cf9a2 ("libata: Implement support for sense data reporting")
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/ata.h | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/include/linux/ata.h b/include/linux/ata.h
index 6e67aded28f8..734cc646ce35 100644
--- a/include/linux/ata.h
+++ b/include/linux/ata.h
@@ -770,16 +770,21 @@ static inline bool ata_id_has_read_log_dma_ext(const u16 *id)
static inline bool ata_id_has_sense_reporting(const u16 *id)
{
- if (!(id[ATA_ID_CFS_ENABLE_2] & (1 << 15)))
+ if (!(id[ATA_ID_CFS_ENABLE_2] & BIT(15)))
+ return false;
+ if ((id[ATA_ID_COMMAND_SET_3] & (BIT(15) | BIT(14))) != BIT(14))
return false;
- return id[ATA_ID_COMMAND_SET_3] & (1 << 6);
+ return id[ATA_ID_COMMAND_SET_3] & BIT(6);
}
static inline bool ata_id_sense_reporting_enabled(const u16 *id)
{
- if (!(id[ATA_ID_CFS_ENABLE_2] & (1 << 15)))
+ if (!ata_id_has_sense_reporting(id))
+ return false;
+ /* ata_id_has_sense_reporting() == true, word 86 must have bit 15 set */
+ if ((id[ATA_ID_COMMAND_SET_4] & (BIT(15) | BIT(14))) != BIT(14))
return false;
- return id[ATA_ID_COMMAND_SET_4] & (1 << 6);
+ return id[ATA_ID_COMMAND_SET_4] & BIT(6);
}
/**
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 225/390] ata: fix ata_id_has_devslp()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (223 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 224/390] ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 226/390] ata: fix ata_id_has_ncq_autosense() Greg Kroah-Hartman
` (170 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Niklas Cassel, Damien Le Moal, Sasha Levin
From: Niklas Cassel <niklas.cassel@wdc.com>
[ Upstream commit 9c6e09a434e1317e09b78b3b69cd384022ec9a03 ]
ACS-5 section
7.13.6.36 Word 78: Serial ATA features supported
states that:
If word 76 is not 0000h or FFFFh, word 78 reports the features supported
by the device. If this word is not supported, the word shall be cleared
to zero.
(This text also exists in really old ACS standards, e.g. ACS-3.)
Additionally, move the macro to the other ATA_ID_FEATURE_SUPP macros
(which already have this check), thus making it more likely that the
next ATA_ID_FEATURE_SUPP macro that is added will include this check.
Fixes: 65fe1f0f66a5 ("ahci: implement aggressive SATA device sleep support")
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/ata.h | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/include/linux/ata.h b/include/linux/ata.h
index 734cc646ce35..8b884cd3a232 100644
--- a/include/linux/ata.h
+++ b/include/linux/ata.h
@@ -565,6 +565,10 @@ struct ata_bmdma_prd {
((((id)[ATA_ID_SATA_CAPABILITY] != 0x0000) && \
((id)[ATA_ID_SATA_CAPABILITY] != 0xffff)) && \
((id)[ATA_ID_FEATURE_SUPP] & (1 << 2)))
+#define ata_id_has_devslp(id) \
+ ((((id)[ATA_ID_SATA_CAPABILITY] != 0x0000) && \
+ ((id)[ATA_ID_SATA_CAPABILITY] != 0xffff)) && \
+ ((id)[ATA_ID_FEATURE_SUPP] & (1 << 8)))
#define ata_id_iordy_disable(id) ((id)[ATA_ID_CAPABILITY] & (1 << 10))
#define ata_id_has_iordy(id) ((id)[ATA_ID_CAPABILITY] & (1 << 11))
#define ata_id_u32(id,n) \
@@ -577,7 +581,6 @@ struct ata_bmdma_prd {
#define ata_id_cdb_intr(id) (((id)[ATA_ID_CONFIG] & 0x60) == 0x20)
#define ata_id_has_da(id) ((id)[ATA_ID_SATA_CAPABILITY_2] & (1 << 4))
-#define ata_id_has_devslp(id) ((id)[ATA_ID_FEATURE_SUPP] & (1 << 8))
#define ata_id_has_ncq_autosense(id) \
((id)[ATA_ID_FEATURE_SUPP] & (1 << 7))
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 226/390] ata: fix ata_id_has_ncq_autosense()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (224 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 225/390] ata: fix ata_id_has_devslp() Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 227/390] ata: fix ata_id_has_dipm() Greg Kroah-Hartman
` (169 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Niklas Cassel, Damien Le Moal, Sasha Levin
From: Niklas Cassel <niklas.cassel@wdc.com>
[ Upstream commit a5fb6bf853148974dbde092ec1bde553bea5e49f ]
ACS-5 section
7.13.6.36 Word 78: Serial ATA features supported
states that:
If word 76 is not 0000h or FFFFh, word 78 reports the features supported
by the device. If this word is not supported, the word shall be cleared
to zero.
(This text also exists in really old ACS standards, e.g. ACS-3.)
Additionally, move the macro to the other ATA_ID_FEATURE_SUPP macros
(which already have this check), thus making it more likely that the
next ATA_ID_FEATURE_SUPP macro that is added will include this check.
Fixes: 5b01e4b9efa0 ("libata: Implement NCQ autosense")
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/ata.h | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/include/linux/ata.h b/include/linux/ata.h
index 8b884cd3a232..94f7872da983 100644
--- a/include/linux/ata.h
+++ b/include/linux/ata.h
@@ -569,6 +569,10 @@ struct ata_bmdma_prd {
((((id)[ATA_ID_SATA_CAPABILITY] != 0x0000) && \
((id)[ATA_ID_SATA_CAPABILITY] != 0xffff)) && \
((id)[ATA_ID_FEATURE_SUPP] & (1 << 8)))
+#define ata_id_has_ncq_autosense(id) \
+ ((((id)[ATA_ID_SATA_CAPABILITY] != 0x0000) && \
+ ((id)[ATA_ID_SATA_CAPABILITY] != 0xffff)) && \
+ ((id)[ATA_ID_FEATURE_SUPP] & (1 << 7)))
#define ata_id_iordy_disable(id) ((id)[ATA_ID_CAPABILITY] & (1 << 10))
#define ata_id_has_iordy(id) ((id)[ATA_ID_CAPABILITY] & (1 << 11))
#define ata_id_u32(id,n) \
@@ -581,8 +585,6 @@ struct ata_bmdma_prd {
#define ata_id_cdb_intr(id) (((id)[ATA_ID_CONFIG] & 0x60) == 0x20)
#define ata_id_has_da(id) ((id)[ATA_ID_SATA_CAPABILITY_2] & (1 << 4))
-#define ata_id_has_ncq_autosense(id) \
- ((id)[ATA_ID_FEATURE_SUPP] & (1 << 7))
static inline bool ata_id_has_hipm(const u16 *id)
{
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 227/390] ata: fix ata_id_has_dipm()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (225 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 226/390] ata: fix ata_id_has_ncq_autosense() Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 228/390] mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() Greg Kroah-Hartman
` (168 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Niklas Cassel, Damien Le Moal, Sasha Levin
From: Niklas Cassel <niklas.cassel@wdc.com>
[ Upstream commit 630624cb1b5826d753ac8e01a0e42de43d66dedf ]
ACS-5 section
7.13.6.36 Word 78: Serial ATA features supported
states that:
If word 76 is not 0000h or FFFFh, word 78 reports the features supported
by the device. If this word is not supported, the word shall be cleared
to zero.
(This text also exists in really old ACS standards, e.g. ACS-3.)
The problem with ata_id_has_dipm() is that the while it performs a
check against 0 and 0xffff, it performs the check against
ATA_ID_FEATURE_SUPP (word 78), the same word where the feature bit
is stored.
Fix this by performing the check against ATA_ID_SATA_CAPABILITY
(word 76), like required by the spec. The feature bit check itself
is of course still performed against ATA_ID_FEATURE_SUPP (word 78).
Additionally, move the macro to the other ATA_ID_FEATURE_SUPP macros
(which already have this check), thus making it more likely that the
next ATA_ID_FEATURE_SUPP macro that is added will include this check.
Fixes: ca77329fb713 ("[libata] Link power management infrastructure")
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/ata.h | 15 ++++-----------
1 file changed, 4 insertions(+), 11 deletions(-)
diff --git a/include/linux/ata.h b/include/linux/ata.h
index 94f7872da983..6d2d31b03b4d 100644
--- a/include/linux/ata.h
+++ b/include/linux/ata.h
@@ -573,6 +573,10 @@ struct ata_bmdma_prd {
((((id)[ATA_ID_SATA_CAPABILITY] != 0x0000) && \
((id)[ATA_ID_SATA_CAPABILITY] != 0xffff)) && \
((id)[ATA_ID_FEATURE_SUPP] & (1 << 7)))
+#define ata_id_has_dipm(id) \
+ ((((id)[ATA_ID_SATA_CAPABILITY] != 0x0000) && \
+ ((id)[ATA_ID_SATA_CAPABILITY] != 0xffff)) && \
+ ((id)[ATA_ID_FEATURE_SUPP] & (1 << 3)))
#define ata_id_iordy_disable(id) ((id)[ATA_ID_CAPABILITY] & (1 << 10))
#define ata_id_has_iordy(id) ((id)[ATA_ID_CAPABILITY] & (1 << 11))
#define ata_id_u32(id,n) \
@@ -596,17 +600,6 @@ static inline bool ata_id_has_hipm(const u16 *id)
return val & (1 << 9);
}
-static inline bool ata_id_has_dipm(const u16 *id)
-{
- u16 val = id[ATA_ID_FEATURE_SUPP];
-
- if (val == 0 || val == 0xffff)
- return false;
-
- return val & (1 << 3);
-}
-
-
static inline bool ata_id_has_fua(const u16 *id)
{
if ((id[ATA_ID_CFSSE] & 0xC000) != 0x4000)
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 228/390] mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (226 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 227/390] ata: fix ata_id_has_dipm() Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 229/390] md: Replace snprintf with scnprintf Greg Kroah-Hartman
` (167 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Liang Yang,
Miquel Raynal, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 3e4ad3212cf22687410b1e8f4e68feec50646113 ]
The meson_nfc_ecc_correct() function accidentally does a right shift
instead of a left shift so it only works for BIT(0). Also use
BIT_ULL() because "correct_bitmap" is a u64 and we want to avoid
shift wrapping bugs.
Fixes: 8fae856c5350 ("mtd: rawnand: meson: add support for Amlogic NAND flash controller")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Liang Yang <liang.yang@amlogic.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/YuI2zF1hP65+LE7r@kili
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/nand/raw/meson_nand.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/mtd/nand/raw/meson_nand.c b/drivers/mtd/nand/raw/meson_nand.c
index 327a2257ec26..38f490088d76 100644
--- a/drivers/mtd/nand/raw/meson_nand.c
+++ b/drivers/mtd/nand/raw/meson_nand.c
@@ -454,7 +454,7 @@ static int meson_nfc_ecc_correct(struct nand_chip *nand, u32 *bitflips,
if (ECC_ERR_CNT(*info) != ECC_UNCORRECTABLE) {
mtd->ecc_stats.corrected += ECC_ERR_CNT(*info);
*bitflips = max_t(u32, *bitflips, ECC_ERR_CNT(*info));
- *correct_bitmap |= 1 >> i;
+ *correct_bitmap |= BIT_ULL(i);
continue;
}
if ((nand->options & NAND_NEED_SCRAMBLING) &&
@@ -800,7 +800,7 @@ static int meson_nfc_read_page_hwecc(struct nand_chip *nand, u8 *buf,
u8 *data = buf + i * ecc->size;
u8 *oob = nand->oob_poi + i * (ecc->bytes + 2);
- if (correct_bitmap & (1 << i))
+ if (correct_bitmap & BIT_ULL(i))
continue;
ret = nand_check_erased_ecc_chunk(data, ecc->size,
oob, ecc->bytes + 2,
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 229/390] md: Replace snprintf with scnprintf
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (227 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 228/390] mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 230/390] md/raid5: Ensure stripe_fill happens on non-read IO with journal Greg Kroah-Hartman
` (166 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Kelley, Guoqing Jiang,
Saurabh Sengar, Song Liu, Sasha Levin
From: Saurabh Sengar <ssengar@linux.microsoft.com>
[ Upstream commit 1727fd5015d8f93474148f94e34cda5aa6ad4a43 ]
Current code produces a warning as shown below when total characters
in the constituent block device names plus the slashes exceeds 200.
snprintf() returns the number of characters generated from the given
input, which could cause the expression “200 – len” to wrap around
to a large positive number. Fix this by using scnprintf() instead,
which returns the actual number of characters written into the buffer.
[ 1513.267938] ------------[ cut here ]------------
[ 1513.267943] WARNING: CPU: 15 PID: 37247 at <snip>/lib/vsprintf.c:2509 vsnprintf+0x2c8/0x510
[ 1513.267944] Modules linked in: <snip>
[ 1513.267969] CPU: 15 PID: 37247 Comm: mdadm Not tainted 5.4.0-1085-azure #90~18.04.1-Ubuntu
[ 1513.267969] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022
[ 1513.267971] RIP: 0010:vsnprintf+0x2c8/0x510
<-snip->
[ 1513.267982] Call Trace:
[ 1513.267986] snprintf+0x45/0x70
[ 1513.267990] ? disk_name+0x71/0xa0
[ 1513.267993] dump_zones+0x114/0x240 [raid0]
[ 1513.267996] ? _cond_resched+0x19/0x40
[ 1513.267998] raid0_run+0x19e/0x270 [raid0]
[ 1513.268000] md_run+0x5e0/0xc50
[ 1513.268003] ? security_capable+0x3f/0x60
[ 1513.268005] do_md_run+0x19/0x110
[ 1513.268006] md_ioctl+0x195e/0x1f90
[ 1513.268007] blkdev_ioctl+0x91f/0x9f0
[ 1513.268010] block_ioctl+0x3d/0x50
[ 1513.268012] do_vfs_ioctl+0xa9/0x640
[ 1513.268014] ? __fput+0x162/0x260
[ 1513.268016] ksys_ioctl+0x75/0x80
[ 1513.268017] __x64_sys_ioctl+0x1a/0x20
[ 1513.268019] do_syscall_64+0x5e/0x200
[ 1513.268021] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Fixes: 766038846e875 ("md/raid0: replace printk() with pr_*()")
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Acked-by: Guoqing Jiang <guoqing.jiang@linux.dev>
Signed-off-by: Saurabh Sengar <ssengar@linux.microsoft.com>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/raid0.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/md/raid0.c
+++ b/drivers/md/raid0.c
@@ -48,7 +48,7 @@ static void dump_zones(struct mddev *mdd
int len = 0;
for (k = 0; k < conf->strip_zone[j].nb_dev; k++)
- len += snprintf(line+len, 200-len, "%s%s", k?"/":"",
+ len += scnprintf(line+len, 200-len, "%s%s", k?"/":"",
bdevname(conf->devlist[j*raid_disks
+ k]->bdev, b));
pr_debug("md: zone%d=[%s]\n", j, line);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 230/390] md/raid5: Ensure stripe_fill happens on non-read IO with journal
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (228 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 229/390] md: Replace snprintf with scnprintf Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 231/390] RDMA/cm: Use SLID in the work completion as the DLID in responder side Greg Kroah-Hartman
` (165 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Song Liu, Logan Gunthorpe, Sasha Levin
From: Logan Gunthorpe <logang@deltatee.com>
[ Upstream commit e2eed85bc75138a9eeb63863d20f8904ac42a577 ]
When doing degrade/recover tests using the journal a kernel BUG
is hit at drivers/md/raid5.c:4381 in handle_parity_checks5():
BUG_ON(!test_bit(R5_UPTODATE, &dev->flags));
This was found to occur because handle_stripe_fill() was skipped
for stripes in the journal due to a condition in that function.
Thus blocks were not fetched and R5_UPTODATE was not set when
the code reached handle_parity_checks5().
To fix this, don't skip handle_stripe_fill() unless the stripe is
for read.
Fixes: 07e83364845e ("md/r5cache: shift complex rmw from read path to write path")
Link: https://lore.kernel.org/linux-raid/e05c4239-41a9-d2f7-3cfa-4aa9d2cea8c1@deltatee.com/
Suggested-by: Song Liu <song@kernel.org>
Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid5.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -3936,7 +3936,7 @@ static void handle_stripe_fill(struct st
* back cache (prexor with orig_page, and then xor with
* page) in the read path
*/
- if (s->injournal && s->failed) {
+ if (s->to_read && s->injournal && s->failed) {
if (test_bit(STRIPE_R5C_CACHING, &sh->state))
r5c_make_stripe_write_out(sh);
goto out;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 231/390] RDMA/cm: Use SLID in the work completion as the DLID in responder side
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (229 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 230/390] md/raid5: Ensure stripe_fill happens on non-read IO with journal Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 232/390] IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers Greg Kroah-Hartman
` (164 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Zhang, Mark Bloch,
Leon Romanovsky, Sasha Levin
From: Mark Zhang <markzhang@nvidia.com>
[ Upstream commit b7d95040c13f61a4a6a859c5355faf583eff9658 ]
The responder should always use WC's SLID as the dlid, to follow the
IB SPEC section "13.5.4.2 COMMON RESPONSE ACTIONS":
A responder always takes the following actions in constructing a
response packet:
- The SLID of the received packet is used as the DLID in the response
packet.
Fixes: ac3a949fb2ff ("IB/CM: Set appropriate slid and dlid when handling CM request")
Signed-off-by: Mark Zhang <markzhang@nvidia.com>
Reviewed-by: Mark Bloch <mbloch@nvidia.com>
Link: https://lore.kernel.org/r/cd17c240231e059d2fc07c17dfe555d548b917eb.1662631201.git.leonro@nvidia.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/core/cm.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
--- a/drivers/infiniband/core/cm.c
+++ b/drivers/infiniband/core/cm.c
@@ -1643,14 +1643,13 @@ static void cm_path_set_rec_type(struct
static void cm_format_path_lid_from_req(struct cm_req_msg *req_msg,
struct sa_path_rec *primary_path,
- struct sa_path_rec *alt_path)
+ struct sa_path_rec *alt_path,
+ struct ib_wc *wc)
{
u32 lid;
if (primary_path->rec_type != SA_PATH_REC_TYPE_OPA) {
- sa_path_set_dlid(primary_path,
- IBA_GET(CM_REQ_PRIMARY_LOCAL_PORT_LID,
- req_msg));
+ sa_path_set_dlid(primary_path, wc->slid);
sa_path_set_slid(primary_path,
IBA_GET(CM_REQ_PRIMARY_REMOTE_PORT_LID,
req_msg));
@@ -1687,7 +1686,8 @@ static void cm_format_path_lid_from_req(
static void cm_format_paths_from_req(struct cm_req_msg *req_msg,
struct sa_path_rec *primary_path,
- struct sa_path_rec *alt_path)
+ struct sa_path_rec *alt_path,
+ struct ib_wc *wc)
{
primary_path->dgid =
*IBA_GET_MEM_PTR(CM_REQ_PRIMARY_LOCAL_PORT_GID, req_msg);
@@ -1745,7 +1745,7 @@ static void cm_format_paths_from_req(str
if (sa_path_is_roce(alt_path))
alt_path->roce.route_resolved = false;
}
- cm_format_path_lid_from_req(req_msg, primary_path, alt_path);
+ cm_format_path_lid_from_req(req_msg, primary_path, alt_path, wc);
}
static u16 cm_get_bth_pkey(struct cm_work *work)
@@ -2163,7 +2163,7 @@ static int cm_req_handler(struct cm_work
if (cm_req_has_alt_path(req_msg))
work->path[1].rec_type = work->path[0].rec_type;
cm_format_paths_from_req(req_msg, &work->path[0],
- &work->path[1]);
+ &work->path[1], work->mad_recv_wc->wc);
if (cm_id_priv->av.ah_attr.type == RDMA_AH_ATTR_TYPE_ROCE)
sa_path_set_dmac(&work->path[0],
cm_id_priv->av.ah_attr.roce.dmac);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 232/390] IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (230 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 231/390] RDMA/cm: Use SLID in the work completion as the DLID in responder side Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 233/390] xhci: Dont show warning for reinit on known broken suspend Greg Kroah-Hartman
` (163 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daisuke Matsuda, Leon Romanovsky,
Sasha Levin
From: Daisuke Matsuda <matsuda-daisuke@fujitsu.com>
[ Upstream commit 241f9a27e0fc0eaf23e3d52c8450f10648cd11f1 ]
Set 'iova' and 'length' on ib_mr in ib_uverbs and ib_core layers to let all
drivers have the members filled. Also, this commit removes redundancy in
the respective drivers.
Previously, commit 04c0a5fcfcf65 ("IB/uverbs: Set IOVA on IB MR in uverbs
layer") changed to set 'iova', but seems to have missed 'length' and the
ib_core layer at that time.
Fixes: 04c0a5fcfcf65 ("IB/uverbs: Set IOVA on IB MR in uverbs layer")
Signed-off-by: Daisuke Matsuda <matsuda-daisuke@fujitsu.com>
Link: https://lore.kernel.org/r/20220921080844.1616883-1-matsuda-daisuke@fujitsu.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/core/uverbs_cmd.c | 5 ++++-
drivers/infiniband/core/verbs.c | 2 ++
drivers/infiniband/hw/hns/hns_roce_mr.c | 1 -
drivers/infiniband/hw/mlx4/mr.c | 1 -
4 files changed, 6 insertions(+), 3 deletions(-)
--- a/drivers/infiniband/core/uverbs_cmd.c
+++ b/drivers/infiniband/core/uverbs_cmd.c
@@ -749,6 +749,7 @@ static int ib_uverbs_reg_mr(struct uverb
mr->uobject = uobj;
atomic_inc(&pd->usecnt);
mr->iova = cmd.hca_va;
+ mr->length = cmd.length;
rdma_restrack_new(&mr->res, RDMA_RESTRACK_MR);
rdma_restrack_set_name(&mr->res, NULL);
@@ -832,8 +833,10 @@ static int ib_uverbs_rereg_mr(struct uve
atomic_dec(&old_pd->usecnt);
}
- if (cmd.flags & IB_MR_REREG_TRANS)
+ if (cmd.flags & IB_MR_REREG_TRANS) {
mr->iova = cmd.hca_va;
+ mr->length = cmd.length;
+ }
memset(&resp, 0, sizeof(resp));
resp.lkey = mr->lkey;
--- a/drivers/infiniband/core/verbs.c
+++ b/drivers/infiniband/core/verbs.c
@@ -2082,6 +2082,8 @@ struct ib_mr *ib_reg_user_mr(struct ib_p
mr->pd = pd;
mr->dm = NULL;
atomic_inc(&pd->usecnt);
+ mr->iova = virt_addr;
+ mr->length = length;
rdma_restrack_new(&mr->res, RDMA_RESTRACK_MR);
rdma_restrack_parent_name(&mr->res, &pd->res);
--- a/drivers/infiniband/hw/hns/hns_roce_mr.c
+++ b/drivers/infiniband/hw/hns/hns_roce_mr.c
@@ -286,7 +286,6 @@ struct ib_mr *hns_roce_reg_user_mr(struc
goto err_alloc_pbl;
mr->ibmr.rkey = mr->ibmr.lkey = mr->key;
- mr->ibmr.length = length;
return &mr->ibmr;
--- a/drivers/infiniband/hw/mlx4/mr.c
+++ b/drivers/infiniband/hw/mlx4/mr.c
@@ -439,7 +439,6 @@ struct ib_mr *mlx4_ib_reg_user_mr(struct
goto err_mr;
mr->ibmr.rkey = mr->ibmr.lkey = mr->mmr.key;
- mr->ibmr.length = length;
mr->ibmr.page_size = 1U << shift;
return &mr->ibmr;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 233/390] xhci: Dont show warning for reinit on known broken suspend
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (231 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 232/390] IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 234/390] usb: gadget: function: fix dangling pnp_string in f_printer.c Greg Kroah-Hartman
` (162 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Artem S. Tashkinov,
Mario Limonciello, Mathias Nyman, Sasha Levin
From: Mario Limonciello <mario.limonciello@amd.com>
[ Upstream commit 484d6f7aa3283d082c87654b7fe7a7f725423dfb ]
commit 8b328f8002bc ("xhci: re-initialize the HC during resume if HCE was
set") introduced a new warning message when the host controller error
was set and re-initializing.
This is expected behavior on some designs which already set
`xhci->broken_suspend` so the new warning is alarming to some users.
Modify the code to only show the warning if this was a surprising behavior
to the XHCI driver.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216470
Fixes: 8b328f8002bc ("xhci: re-initialize the HC during resume if HCE was set")
Reported-by: Artem S. Tashkinov <aros@gmx.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20220921123450.671459-4-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/xhci.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
index 7b16b6b45af7..8918e6ae5c4b 100644
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -1163,7 +1163,8 @@ int xhci_resume(struct xhci_hcd *xhci, bool hibernated)
/* re-initialize the HC on Restore Error, or Host Controller Error */
if (temp & (STS_SRE | STS_HCE)) {
reinit_xhc = true;
- xhci_warn(xhci, "xHC error in resume, USBSTS 0x%x, Reinit\n", temp);
+ if (!xhci->broken_suspend)
+ xhci_warn(xhci, "xHC error in resume, USBSTS 0x%x, Reinit\n", temp);
}
if (reinit_xhc) {
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 234/390] usb: gadget: function: fix dangling pnp_string in f_printer.c
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (232 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 233/390] xhci: Dont show warning for reinit on known broken suspend Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 235/390] drivers: serial: jsm: fix some leaks in probe Greg Kroah-Hartman
` (161 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Albert Briscoe, Sasha Levin
From: Albert Briscoe <albertsbriscoe@gmail.com>
[ Upstream commit 24b7ba2f88e04800b54d462f376512e8c41b8a3c ]
When opts->pnp_string is changed with configfs, new memory is allocated for
the string. It does not, however, update dev->pnp_string, even though the
memory is freed. When rquesting the string, the host then gets old or
corrupted data rather than the new string. The ieee 1284 id string should
be allowed to change while the device is connected.
The bug was introduced in commit fdc01cc286be ("usb: gadget: printer:
Remove pnp_string static buffer"), which changed opts->pnp_string from a
char[] to a char*.
This patch changes dev->pnp_string from a char* to a char** pointing to
opts->pnp_string.
Fixes: fdc01cc286be ("usb: gadget: printer: Remove pnp_string static buffer")
Signed-off-by: Albert Briscoe <albertsbriscoe@gmail.com>
Link: https://lore.kernel.org/r/20220911223753.20417-1-albertsbriscoe@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/function/f_printer.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/usb/gadget/function/f_printer.c b/drivers/usb/gadget/function/f_printer.c
index 236ecc968998..c13bb29a160e 100644
--- a/drivers/usb/gadget/function/f_printer.c
+++ b/drivers/usb/gadget/function/f_printer.c
@@ -87,7 +87,7 @@ struct printer_dev {
u8 printer_cdev_open;
wait_queue_head_t wait;
unsigned q_len;
- char *pnp_string; /* We don't own memory! */
+ char **pnp_string; /* We don't own memory! */
struct usb_function function;
};
@@ -999,16 +999,16 @@ static int printer_func_setup(struct usb_function *f,
if ((wIndex>>8) != dev->interface)
break;
- if (!dev->pnp_string) {
+ if (!*dev->pnp_string) {
value = 0;
break;
}
- value = strlen(dev->pnp_string);
+ value = strlen(*dev->pnp_string);
buf[0] = (value >> 8) & 0xFF;
buf[1] = value & 0xFF;
- memcpy(buf + 2, dev->pnp_string, value);
+ memcpy(buf + 2, *dev->pnp_string, value);
DBG(dev, "1284 PNP String: %x %s\n", value,
- dev->pnp_string);
+ *dev->pnp_string);
break;
case GET_PORT_STATUS: /* Get Port Status */
@@ -1471,7 +1471,7 @@ static struct usb_function *gprinter_alloc(struct usb_function_instance *fi)
kref_init(&dev->kref);
++opts->refcnt;
dev->minor = opts->minor;
- dev->pnp_string = opts->pnp_string;
+ dev->pnp_string = &opts->pnp_string;
dev->q_len = opts->q_len;
mutex_unlock(&opts->lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 235/390] drivers: serial: jsm: fix some leaks in probe
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (233 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 234/390] usb: gadget: function: fix dangling pnp_string in f_printer.c Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 236/390] serial: 8250: Add an empty line and remove some useless {} Greg Kroah-Hartman
` (160 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 1d5859ef229e381f4db38dce8ed58e4bf862006b ]
This error path needs to unwind instead of just returning directly.
Fixes: 03a8482c17dd ("drivers: serial: jsm: Enable support for Digi Classic adapters")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/YyxFh1+lOeZ9WfKO@kili
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/jsm/jsm_driver.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/serial/jsm/jsm_driver.c b/drivers/tty/serial/jsm/jsm_driver.c
index cd30da0ef083..b5b61e598b53 100644
--- a/drivers/tty/serial/jsm/jsm_driver.c
+++ b/drivers/tty/serial/jsm/jsm_driver.c
@@ -212,7 +212,8 @@ static int jsm_probe_one(struct pci_dev *pdev, const struct pci_device_id *ent)
break;
default:
- return -ENXIO;
+ rc = -ENXIO;
+ goto out_kfree_brd;
}
rc = request_irq(brd->irq, brd->bd_ops->intr, IRQF_SHARED, "JSM", brd);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 236/390] serial: 8250: Add an empty line and remove some useless {}
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (234 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 235/390] drivers: serial: jsm: fix some leaks in probe Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 237/390] serial: 8250: Toggle IER bits on only after irq has been set up Greg Kroah-Hartman
` (159 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Christophe JAILLET,
Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 26f7591632d74f637f346f5d642d8ebe6b433fc9 ]
This fixes the following checkpatch.pl warnings:
WARNING: Missing a blank line after declarations
WARNING: braces {} are not necessary for any arm of this statement
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Link: https://lore.kernel.org/r/257ffd691b4a062ad017333c9430d69da6dbd29a.1619594713.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: 039d4926379b ("serial: 8250: Toggle IER bits on only after irq has been set up")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_core.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/tty/serial/8250/8250_core.c b/drivers/tty/serial/8250/8250_core.c
index 98ce484f1089..aae9d26ce4f4 100644
--- a/drivers/tty/serial/8250/8250_core.c
+++ b/drivers/tty/serial/8250/8250_core.c
@@ -332,9 +332,9 @@ static int univ8250_setup_irq(struct uart_8250_port *up)
* hardware interrupt, we use a timer-based system. The original
* driver used to do this with IRQ0.
*/
- if (!port->irq) {
+ if (!port->irq)
mod_timer(&up->timer, jiffies + uart_poll_timeout(port));
- } else
+ else
retval = serial_link_irq_chain(up);
return retval;
@@ -766,6 +766,7 @@ void serial8250_suspend_port(int line)
if (!console_suspend_enabled && uart_console(port) &&
port->type != PORT_8250) {
unsigned char canary = 0xa5;
+
serial_out(up, UART_SCR, canary);
if (serial_in(up, UART_SCR) == canary)
up->canary = canary;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 237/390] serial: 8250: Toggle IER bits on only after irq has been set up
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (235 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 236/390] serial: 8250: Add an empty line and remove some useless {} Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 238/390] tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown Greg Kroah-Hartman
` (158 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lennert Buytenhek, Andy Shevchenko,
Ilpo Järvinen, Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit 039d4926379b1d1c17b51cf21c500a5eed86899e ]
Invoking TIOCVHANGUP on 8250_mid port on Ice Lake-D and then reopening
the port triggers these faults during serial8250_do_startup():
DMAR: DRHD: handling fault status reg 3
DMAR: [DMA Write NO_PASID] Request device [00:1a.0] fault addr 0x0 [fault reason 0x05] PTE Write access is not set
If the IRQ hasn't been set up yet, the UART will have zeroes in its MSI
address/data registers. Disabling the IRQ at the interrupt controller
won't stop the UART from performing a DMA write to the address programmed
in its MSI address register (zero) when it wants to signal an interrupt.
The UARTs (in Ice Lake-D) implement PCI 2.1 style MSI without masking
capability, so there is no way to mask the interrupt at the source PCI
function level, except disabling the MSI capability entirely, but that
would cause it to fall back to INTx# assertion, and the PCI specification
prohibits disabling the MSI capability as a way to mask a function's
interrupt service request.
The MSI address register is zeroed by the hangup as the irq is freed.
The interrupt is signalled during serial8250_do_startup() performing a
THRE test that temporarily toggles THRI in IER. The THRE test currently
occurs before UART's irq (and MSI address) is properly set up.
Refactor serial8250_do_startup() such that irq is set up before the
THRE test. The current irq setup code is intermixed with the timer
setup code. As THRE test must be performed prior to the timer setup,
extract it into own function and call it only after the THRE test.
The ->setup_timer() needs to be part of the struct uart_8250_ops in
order to not create circular dependency between 8250 and 8250_base
modules.
Fixes: 40b36daad0ac ("[PATCH] 8250 UART backup timer")
Reported-by: Lennert Buytenhek <buytenh@arista.com>
Tested-by: Lennert Buytenhek <buytenh@arista.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20220922070005.2965-1-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_core.c | 16 +++++++++++-----
drivers/tty/serial/8250/8250_port.c | 8 +++++---
include/linux/serial_8250.h | 1 +
3 files changed, 17 insertions(+), 8 deletions(-)
diff --git a/drivers/tty/serial/8250/8250_core.c b/drivers/tty/serial/8250/8250_core.c
index aae9d26ce4f4..0a7e9491b4d1 100644
--- a/drivers/tty/serial/8250/8250_core.c
+++ b/drivers/tty/serial/8250/8250_core.c
@@ -310,10 +310,9 @@ static void serial8250_backup_timeout(struct timer_list *t)
jiffies + uart_poll_timeout(&up->port) + HZ / 5);
}
-static int univ8250_setup_irq(struct uart_8250_port *up)
+static void univ8250_setup_timer(struct uart_8250_port *up)
{
struct uart_port *port = &up->port;
- int retval = 0;
/*
* The above check will only give an accurate result the first time
@@ -334,10 +333,16 @@ static int univ8250_setup_irq(struct uart_8250_port *up)
*/
if (!port->irq)
mod_timer(&up->timer, jiffies + uart_poll_timeout(port));
- else
- retval = serial_link_irq_chain(up);
+}
- return retval;
+static int univ8250_setup_irq(struct uart_8250_port *up)
+{
+ struct uart_port *port = &up->port;
+
+ if (port->irq)
+ return serial_link_irq_chain(up);
+
+ return 0;
}
static void univ8250_release_irq(struct uart_8250_port *up)
@@ -393,6 +398,7 @@ static struct uart_ops univ8250_port_ops;
static const struct uart_8250_ops univ8250_driver_ops = {
.setup_irq = univ8250_setup_irq,
.release_irq = univ8250_release_irq,
+ .setup_timer = univ8250_setup_timer,
};
static struct uart_8250_port serial8250_ports[UART_NR];
diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c
index 6de188b121d7..4a0793e1ba61 100644
--- a/drivers/tty/serial/8250/8250_port.c
+++ b/drivers/tty/serial/8250/8250_port.c
@@ -2277,6 +2277,10 @@ int serial8250_do_startup(struct uart_port *port)
if (port->irq && (up->port.flags & UPF_SHARE_IRQ))
up->port.irqflags |= IRQF_SHARED;
+ retval = up->ops->setup_irq(up);
+ if (retval)
+ goto out;
+
if (port->irq && !(up->port.flags & UPF_NO_THRE_TEST)) {
unsigned char iir1;
@@ -2319,9 +2323,7 @@ int serial8250_do_startup(struct uart_port *port)
}
}
- retval = up->ops->setup_irq(up);
- if (retval)
- goto out;
+ up->ops->setup_timer(up);
/*
* Now, initialize the UART
diff --git a/include/linux/serial_8250.h b/include/linux/serial_8250.h
index 2b70f736b091..92f3b778d8c2 100644
--- a/include/linux/serial_8250.h
+++ b/include/linux/serial_8250.h
@@ -74,6 +74,7 @@ struct uart_8250_port;
struct uart_8250_ops {
int (*setup_irq)(struct uart_8250_port *);
void (*release_irq)(struct uart_8250_port *);
+ void (*setup_timer)(struct uart_8250_port *);
};
struct uart_8250_em485 {
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 238/390] tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (236 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 237/390] serial: 8250: Toggle IER bits on only after irq has been set up Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 239/390] phy: qualcomm: call clk_disable_unprepare in the error handling Greg Kroah-Hartman
` (157 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ilpo Järvinen, Thara Gopinath,
Sherry Sun, Sasha Levin
From: Sherry Sun <sherry.sun@nxp.com>
[ Upstream commit 316ae95c175a7d770d1bfe4c011192712f57aa4a ]
lpuart_dma_shutdown tears down lpuart dma, but lpuart_flush_buffer can
still occur which in turn tries to access dma apis if lpuart_dma_tx_use
flag is true. At this point since dma is torn down, these dma apis can
abort. Set lpuart_dma_tx_use and the corresponding rx flag
lpuart_dma_rx_use to false in lpuart_dma_shutdown so that dmas are not
accessed after they are relinquished.
Otherwise, when try to kill btattach, kernel may panic. This patch may
fix this issue.
root@imx8ulpevk:~# btattach -B /dev/ttyLP2 -S 115200
^C[ 90.182296] Internal error: synchronous external abort: 96000210 [#1] PREEMPT SMP
[ 90.189806] Modules linked in: moal(O) mlan(O)
[ 90.194258] CPU: 0 PID: 503 Comm: btattach Tainted: G O 5.15.32-06136-g34eecdf2f9e4 #37
[ 90.203554] Hardware name: NXP i.MX8ULP 9X9 EVK (DT)
[ 90.208513] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 90.215470] pc : fsl_edma3_disable_request+0x8/0x60
[ 90.220358] lr : fsl_edma3_terminate_all+0x34/0x20c
[ 90.225237] sp : ffff800013f0bac0
[ 90.228548] x29: ffff800013f0bac0 x28: 0000000000000001 x27: ffff000008404800
[ 90.235681] x26: ffff000008404960 x25: ffff000008404a08 x24: ffff000008404a00
[ 90.242813] x23: ffff000008404a60 x22: 0000000000000002 x21: 0000000000000000
[ 90.249946] x20: ffff800013f0baf8 x19: ffff00000559c800 x18: 0000000000000000
[ 90.257078] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
[ 90.264211] x14: 0000000000000003 x13: 0000000000000000 x12: 0000000000000040
[ 90.271344] x11: ffff00000600c248 x10: ffff800013f0bb10 x9 : ffff000057bcb090
[ 90.278477] x8 : fffffc0000241a08 x7 : ffff00000534ee00 x6 : ffff000008404804
[ 90.285609] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff0000055b3480
[ 90.292742] x2 : ffff8000135c0000 x1 : ffff00000534ee00 x0 : ffff00000559c800
[ 90.299876] Call trace:
[ 90.302321] fsl_edma3_disable_request+0x8/0x60
[ 90.306851] lpuart_flush_buffer+0x40/0x160
[ 90.311037] uart_flush_buffer+0x88/0x120
[ 90.315050] tty_driver_flush_buffer+0x20/0x30
[ 90.319496] hci_uart_flush+0x44/0x90
[ 90.323162] +0x34/0x12c
[ 90.327253] tty_ldisc_close+0x38/0x70
[ 90.331005] tty_ldisc_release+0xa8/0x190
[ 90.335018] tty_release_struct+0x24/0x8c
[ 90.339022] tty_release+0x3ec/0x4c0
[ 90.342593] __fput+0x70/0x234
[ 90.345652] ____fput+0x14/0x20
[ 90.348790] task_work_run+0x84/0x17c
[ 90.352455] do_exit+0x310/0x96c
[ 90.355688] do_group_exit+0x3c/0xa0
[ 90.359259] __arm64_sys_exit_group+0x1c/0x20
[ 90.363609] invoke_syscall+0x48/0x114
[ 90.367362] el0_svc_common.constprop.0+0xd4/0xfc
[ 90.372068] do_el0_svc+0x2c/0x94
[ 90.375379] el0_svc+0x28/0x80
[ 90.378438] el0t_64_sync_handler+0xa8/0x130
[ 90.382711] el0t_64_sync+0x1a0/0x1a4
[ 90.386376] Code: 17ffffda d503201f d503233f f9409802 (b9400041)
[ 90.392467] ---[ end trace 2f60524b4a43f1f6 ]---
[ 90.397073] note: btattach[503] exited with preempt_count 1
[ 90.402636] Fixing recursive fault but reboot is needed!
Fixes: 6250cc30c4c4 ("tty: serial: fsl_lpuart: Use scatter/gather DMA for Tx")
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Thara Gopinath <tgopinath@microsoft.com>
Signed-off-by: Sherry Sun <sherry.sun@nxp.com>
Link: https://lore.kernel.org/r/20220920111703.1532-1-sherry.sun@nxp.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/fsl_lpuart.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/tty/serial/fsl_lpuart.c b/drivers/tty/serial/fsl_lpuart.c
index a2c4eab0b470..269d1e3a025d 100644
--- a/drivers/tty/serial/fsl_lpuart.c
+++ b/drivers/tty/serial/fsl_lpuart.c
@@ -1725,6 +1725,7 @@ static void lpuart_dma_shutdown(struct lpuart_port *sport)
if (sport->lpuart_dma_rx_use) {
del_timer_sync(&sport->lpuart_timer);
lpuart_dma_rx_free(&sport->port);
+ sport->lpuart_dma_rx_use = false;
}
if (sport->lpuart_dma_tx_use) {
@@ -1733,6 +1734,7 @@ static void lpuart_dma_shutdown(struct lpuart_port *sport)
sport->dma_tx_in_progress = false;
dmaengine_terminate_all(sport->dma_tx_chan);
}
+ sport->lpuart_dma_tx_use = false;
}
if (sport->dma_tx_chan)
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 239/390] phy: qualcomm: call clk_disable_unprepare in the error handling
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (237 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 238/390] tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 240/390] staging: vt6655: fix some erroneous memory clean-up loops Greg Kroah-Hartman
` (156 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dongliang Mu, Neil Armstrong,
Vinod Koul, Sasha Levin
From: Dongliang Mu <mudongliangabcd@gmail.com>
[ Upstream commit c3966ced8eb8dc53b6c8d7f97d32cc8a2107d83e ]
Smatch reports the following error:
drivers/phy/qualcomm/phy-qcom-usb-hsic.c:82 qcom_usb_hsic_phy_power_on()
warn: 'uphy->cal_clk' from clk_prepare_enable() not released on lines:
58.
drivers/phy/qualcomm/phy-qcom-usb-hsic.c:82 qcom_usb_hsic_phy_power_on()
warn: 'uphy->cal_sleep_clk' from clk_prepare_enable() not released on
lines: 58.
drivers/phy/qualcomm/phy-qcom-usb-hsic.c:82 qcom_usb_hsic_phy_power_on()
warn: 'uphy->phy_clk' from clk_prepare_enable() not released on lines:
58.
Fix this by calling proper clk_disable_unprepare calls.
Fixes: 0b56e9a7e835 ("phy: Group vendor specific phy drivers")
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Link: https://lore.kernel.org/r/20220914051334.69282-1-dzm91@hust.edu.cn
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/qualcomm/phy-qcom-usb-hsic.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/phy/qualcomm/phy-qcom-usb-hsic.c b/drivers/phy/qualcomm/phy-qcom-usb-hsic.c
index 04d18d52f700..d4741c2dbbb5 100644
--- a/drivers/phy/qualcomm/phy-qcom-usb-hsic.c
+++ b/drivers/phy/qualcomm/phy-qcom-usb-hsic.c
@@ -54,8 +54,10 @@ static int qcom_usb_hsic_phy_power_on(struct phy *phy)
/* Configure pins for HSIC functionality */
pins_default = pinctrl_lookup_state(uphy->pctl, PINCTRL_STATE_DEFAULT);
- if (IS_ERR(pins_default))
- return PTR_ERR(pins_default);
+ if (IS_ERR(pins_default)) {
+ ret = PTR_ERR(pins_default);
+ goto err_ulpi;
+ }
ret = pinctrl_select_state(uphy->pctl, pins_default);
if (ret)
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 240/390] staging: vt6655: fix some erroneous memory clean-up loops
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (238 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 239/390] phy: qualcomm: call clk_disable_unprepare in the error handling Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 241/390] firmware: google: Test spinlock on panic path to avoid lockups Greg Kroah-Hartman
` (155 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Philipp Hortmann,
Nam Cao, Sasha Levin
From: Nam Cao <namcaov@gmail.com>
[ Upstream commit 2a2db520e3ca5aafba7c211abfd397666c9b5f9d ]
In some initialization functions of this driver, memory is allocated with
'i' acting as an index variable and increasing from 0. The commit in
"Fixes" introduces some clean-up codes in case of allocation failure,
which free memory in reverse order with 'i' decreasing to 0. However,
there are some problems:
- The case i=0 is left out. Thus memory is leaked.
- In case memory allocation fails right from the start, the memory
freeing loops will start with i=-1 and invalid memory locations will
be accessed.
One of these loops has been fixed in commit c8ff91535880 ("staging:
vt6655: fix potential memory leak"). Fix the remaining erroneous loops.
Link: https://lore.kernel.org/linux-staging/Yx9H1zSpxmNqx6Xc@kadam/
Fixes: 5341ee0adb17 ("staging: vt6655: check for memory allocation failures")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Tested-by: Philipp Hortmann <philipp.g.hortmann@gmail.com>
Signed-off-by: Nam Cao <namcaov@gmail.com>
Link: https://lore.kernel.org/r/20220912170429.29852-1-namcaov@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/vt6655/device_main.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/vt6655/device_main.c b/drivers/staging/vt6655/device_main.c
index 09ab6d6f2429..0dd70173a754 100644
--- a/drivers/staging/vt6655/device_main.c
+++ b/drivers/staging/vt6655/device_main.c
@@ -564,7 +564,7 @@ static int device_init_rd0_ring(struct vnt_private *priv)
kfree(desc->rd_info);
err_free_desc:
- while (--i) {
+ while (i--) {
desc = &priv->aRD0Ring[i];
device_free_rx_buf(priv, desc);
kfree(desc->rd_info);
@@ -610,7 +610,7 @@ static int device_init_rd1_ring(struct vnt_private *priv)
kfree(desc->rd_info);
err_free_desc:
- while (--i) {
+ while (i--) {
desc = &priv->aRD1Ring[i];
device_free_rx_buf(priv, desc);
kfree(desc->rd_info);
@@ -715,7 +715,7 @@ static int device_init_td1_ring(struct vnt_private *priv)
return 0;
err_free_desc:
- while (--i) {
+ while (i--) {
desc = &priv->apTD1Rings[i];
kfree(desc->td_info);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 241/390] firmware: google: Test spinlock on panic path to avoid lockups
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (239 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 240/390] staging: vt6655: fix some erroneous memory clean-up loops Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 242/390] serial: 8250: Fix restoring termios speed after suspend Greg Kroah-Hartman
` (154 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrew Morton, Ard Biesheuvel,
David Gow, Julius Werner, Petr Mladek, Evan Green,
Guilherme G. Piccoli, Sasha Levin
From: Guilherme G. Piccoli <gpiccoli@igalia.com>
[ Upstream commit 3e081438b8e639cc76ef1a5ce0c1bd8a154082c7 ]
Currently the gsmi driver registers a panic notifier as well as
reboot and die notifiers. The callbacks registered are called in
atomic and very limited context - for instance, panic disables
preemption and local IRQs, also all secondary CPUs (not executing
the panic path) are shutdown.
With that said, taking a spinlock in this scenario is a dangerous
invitation for lockup scenarios. So, fix that by checking if the
spinlock is free to acquire in the panic notifier callback - if not,
bail-out and avoid a potential hang.
Fixes: 74c5b31c6618 ("driver: Google EFI SMI")
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: David Gow <davidgow@google.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Julius Werner <jwerner@chromium.org>
Cc: Petr Mladek <pmladek@suse.com>
Reviewed-by: Evan Green <evgreen@chromium.org>
Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
Link: https://lore.kernel.org/r/20220909200755.189679-1-gpiccoli@igalia.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/google/gsmi.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/firmware/google/gsmi.c b/drivers/firmware/google/gsmi.c
index 7d9367b22010..c1cd5ca875ca 100644
--- a/drivers/firmware/google/gsmi.c
+++ b/drivers/firmware/google/gsmi.c
@@ -680,6 +680,15 @@ static struct notifier_block gsmi_die_notifier = {
static int gsmi_panic_callback(struct notifier_block *nb,
unsigned long reason, void *arg)
{
+
+ /*
+ * Panic callbacks are executed with all other CPUs stopped,
+ * so we must not attempt to spin waiting for gsmi_dev.lock
+ * to be released.
+ */
+ if (spin_is_locked(&gsmi_dev.lock))
+ return NOTIFY_DONE;
+
gsmi_shutdown_reason(GSMI_SHUTDOWN_PANIC);
return NOTIFY_DONE;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 242/390] serial: 8250: Fix restoring termios speed after suspend
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (240 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 241/390] firmware: google: Test spinlock on panic path to avoid lockups Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 243/390] scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() Greg Kroah-Hartman
` (153 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pali Rohár, Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit 379a33786d489ab81885ff0b3935cfeb36137fea ]
Since commit edc6afc54968 ("tty: switch to ktermios and new framework")
termios speed is no longer stored only in c_cflag member but also in new
additional c_ispeed and c_ospeed members. If BOTHER flag is set in c_cflag
then termios speed is stored only in these new members.
Since commit 027b57170bf8 ("serial: core: Fix initializing and restoring
termios speed") termios speed is available also in struct console.
So properly restore also c_ispeed and c_ospeed members after suspend to fix
restoring termios speed which is not represented by Bnnn constant.
Fixes: 4516d50aabed ("serial: 8250: Use canary to restart console after suspend")
Signed-off-by: Pali Rohár <pali@kernel.org>
Link: https://lore.kernel.org/r/20220924104324.4035-1-pali@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_port.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c
index 4a0793e1ba61..ecd2b3d252ec 100644
--- a/drivers/tty/serial/8250/8250_port.c
+++ b/drivers/tty/serial/8250/8250_port.c
@@ -3289,8 +3289,13 @@ static void serial8250_console_restore(struct uart_8250_port *up)
unsigned int baud, quot, frac = 0;
termios.c_cflag = port->cons->cflag;
- if (port->state->port.tty && termios.c_cflag == 0)
+ termios.c_ispeed = port->cons->ispeed;
+ termios.c_ospeed = port->cons->ospeed;
+ if (port->state->port.tty && termios.c_cflag == 0) {
termios.c_cflag = port->state->port.tty->termios.c_cflag;
+ termios.c_ispeed = port->state->port.tty->termios.c_ispeed;
+ termios.c_ospeed = port->state->port.tty->termios.c_ospeed;
+ }
baud = serial8250_get_baud_rate(port, &termios, NULL);
quot = serial8250_get_divisor(port, baud, &frac);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 243/390] scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (241 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 242/390] serial: 8250: Fix restoring termios speed after suspend Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 244/390] scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() Greg Kroah-Hartman
` (152 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jason Yan, Duoming Zhou,
Martin K. Petersen, Sasha Levin
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit 46ba53c30666717cb06c2b3c5d896301cd00d0c0 ]
When executing SMP task failed, the smp_execute_task_sg() calls del_timer()
to delete "slow_task->timer". However, if the timer handler
sas_task_internal_timedout() is running, the del_timer() in
smp_execute_task_sg() will not stop it and a UAF will happen. The process
is shown below:
(thread 1) | (thread 2)
smp_execute_task_sg() | sas_task_internal_timedout()
... |
del_timer() |
... | ...
sas_free_task(task) |
kfree(task->slow_task) //FREE|
| task->slow_task->... //USE
Fix by calling del_timer_sync() in smp_execute_task_sg(), which makes sure
the timer handler have finished before the "task->slow_task" is
deallocated.
Link: https://lore.kernel.org/r/20220920144213.10536-1-duoming@zju.edu.cn
Fixes: 2908d778ab3e ("[SCSI] aic94xx: new driver")
Reviewed-by: Jason Yan <yanaijie@huawei.com>
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/libsas/sas_expander.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/libsas/sas_expander.c b/drivers/scsi/libsas/sas_expander.c
index 8d6bcc19359f..51485d0251f2 100644
--- a/drivers/scsi/libsas/sas_expander.c
+++ b/drivers/scsi/libsas/sas_expander.c
@@ -85,7 +85,7 @@ static int smp_execute_task_sg(struct domain_device *dev,
res = i->dft->lldd_execute_task(task, GFP_KERNEL);
if (res) {
- del_timer(&task->slow_task->timer);
+ del_timer_sync(&task->slow_task->timer);
pr_notice("executing SMP task failed:%d\n", res);
break;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 244/390] scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (242 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 243/390] scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 245/390] clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical Greg Kroah-Hartman
` (151 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Christie, Martin K. Petersen,
Sasha Levin
From: Mike Christie <michael.christie@oracle.com>
[ Upstream commit 57569c37f0add1b6489e1a1563c71519daf732cf ]
Fix a NULL pointer crash that occurs when we are freeing the socket at the
same time we access it via sysfs.
The problem is that:
1. iscsi_sw_tcp_conn_get_param() and iscsi_sw_tcp_host_get_param() take
the frwd_lock and do sock_hold() then drop the frwd_lock. sock_hold()
does a get on the "struct sock".
2. iscsi_sw_tcp_release_conn() does sockfd_put() which does the last put
on the "struct socket" and that does __sock_release() which sets the
sock->ops to NULL.
3. iscsi_sw_tcp_conn_get_param() and iscsi_sw_tcp_host_get_param() then
call kernel_getpeername() which accesses the NULL sock->ops.
Above we do a get on the "struct sock", but we needed a get on the "struct
socket". Originally, we just held the frwd_lock the entire time but in
commit bcf3a2953d36 ("scsi: iscsi: iscsi_tcp: Avoid holding spinlock while
calling getpeername()") we switched to refcount based because the network
layer changed and started taking a mutex in that path, so we could no
longer hold the frwd_lock.
Instead of trying to maintain multiple refcounts, this just has us use a
mutex for accessing the socket in the interface code paths.
Link: https://lore.kernel.org/r/20220907221700.10302-1-michael.christie@oracle.com
Fixes: bcf3a2953d36 ("scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername()")
Signed-off-by: Mike Christie <michael.christie@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/iscsi_tcp.c | 73 ++++++++++++++++++++++++++++------------
drivers/scsi/iscsi_tcp.h | 2 ++
2 files changed, 54 insertions(+), 21 deletions(-)
diff --git a/drivers/scsi/iscsi_tcp.c b/drivers/scsi/iscsi_tcp.c
index df47557a02a3..6485c1aa9e74 100644
--- a/drivers/scsi/iscsi_tcp.c
+++ b/drivers/scsi/iscsi_tcp.c
@@ -558,6 +558,8 @@ iscsi_sw_tcp_conn_create(struct iscsi_cls_session *cls_session,
tcp_conn = conn->dd_data;
tcp_sw_conn = tcp_conn->dd_data;
+ mutex_init(&tcp_sw_conn->sock_lock);
+
tfm = crypto_alloc_ahash("crc32c", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(tfm))
goto free_conn;
@@ -592,11 +594,15 @@ iscsi_sw_tcp_conn_create(struct iscsi_cls_session *cls_session,
static void iscsi_sw_tcp_release_conn(struct iscsi_conn *conn)
{
- struct iscsi_session *session = conn->session;
struct iscsi_tcp_conn *tcp_conn = conn->dd_data;
struct iscsi_sw_tcp_conn *tcp_sw_conn = tcp_conn->dd_data;
struct socket *sock = tcp_sw_conn->sock;
+ /*
+ * The iscsi transport class will make sure we are not called in
+ * parallel with start, stop, bind and destroys. However, this can be
+ * called twice if userspace does a stop then a destroy.
+ */
if (!sock)
return;
@@ -604,9 +610,9 @@ static void iscsi_sw_tcp_release_conn(struct iscsi_conn *conn)
iscsi_sw_tcp_conn_restore_callbacks(conn);
sock_put(sock->sk);
- spin_lock_bh(&session->frwd_lock);
+ mutex_lock(&tcp_sw_conn->sock_lock);
tcp_sw_conn->sock = NULL;
- spin_unlock_bh(&session->frwd_lock);
+ mutex_unlock(&tcp_sw_conn->sock_lock);
sockfd_put(sock);
}
@@ -658,7 +664,6 @@ iscsi_sw_tcp_conn_bind(struct iscsi_cls_session *cls_session,
struct iscsi_cls_conn *cls_conn, uint64_t transport_eph,
int is_leading)
{
- struct iscsi_session *session = cls_session->dd_data;
struct iscsi_conn *conn = cls_conn->dd_data;
struct iscsi_tcp_conn *tcp_conn = conn->dd_data;
struct iscsi_sw_tcp_conn *tcp_sw_conn = tcp_conn->dd_data;
@@ -678,10 +683,10 @@ iscsi_sw_tcp_conn_bind(struct iscsi_cls_session *cls_session,
if (err)
goto free_socket;
- spin_lock_bh(&session->frwd_lock);
+ mutex_lock(&tcp_sw_conn->sock_lock);
/* bind iSCSI connection and socket */
tcp_sw_conn->sock = sock;
- spin_unlock_bh(&session->frwd_lock);
+ mutex_unlock(&tcp_sw_conn->sock_lock);
/* setup Socket parameters */
sk = sock->sk;
@@ -717,8 +722,15 @@ static int iscsi_sw_tcp_conn_set_param(struct iscsi_cls_conn *cls_conn,
break;
case ISCSI_PARAM_DATADGST_EN:
iscsi_set_param(cls_conn, param, buf, buflen);
+
+ mutex_lock(&tcp_sw_conn->sock_lock);
+ if (!tcp_sw_conn->sock) {
+ mutex_unlock(&tcp_sw_conn->sock_lock);
+ return -ENOTCONN;
+ }
tcp_sw_conn->sendpage = conn->datadgst_en ?
sock_no_sendpage : tcp_sw_conn->sock->ops->sendpage;
+ mutex_unlock(&tcp_sw_conn->sock_lock);
break;
case ISCSI_PARAM_MAX_R2T:
return iscsi_tcp_set_max_r2t(conn, buf);
@@ -733,8 +745,8 @@ static int iscsi_sw_tcp_conn_get_param(struct iscsi_cls_conn *cls_conn,
enum iscsi_param param, char *buf)
{
struct iscsi_conn *conn = cls_conn->dd_data;
- struct iscsi_tcp_conn *tcp_conn = conn->dd_data;
- struct iscsi_sw_tcp_conn *tcp_sw_conn = tcp_conn->dd_data;
+ struct iscsi_sw_tcp_conn *tcp_sw_conn;
+ struct iscsi_tcp_conn *tcp_conn;
struct sockaddr_in6 addr;
struct socket *sock;
int rc;
@@ -744,21 +756,36 @@ static int iscsi_sw_tcp_conn_get_param(struct iscsi_cls_conn *cls_conn,
case ISCSI_PARAM_CONN_ADDRESS:
case ISCSI_PARAM_LOCAL_PORT:
spin_lock_bh(&conn->session->frwd_lock);
- if (!tcp_sw_conn || !tcp_sw_conn->sock) {
+ if (!conn->session->leadconn) {
spin_unlock_bh(&conn->session->frwd_lock);
return -ENOTCONN;
}
- sock = tcp_sw_conn->sock;
- sock_hold(sock->sk);
+ /*
+ * The conn has been setup and bound, so just grab a ref
+ * incase a destroy runs while we are in the net layer.
+ */
+ iscsi_get_conn(conn->cls_conn);
spin_unlock_bh(&conn->session->frwd_lock);
+ tcp_conn = conn->dd_data;
+ tcp_sw_conn = tcp_conn->dd_data;
+
+ mutex_lock(&tcp_sw_conn->sock_lock);
+ sock = tcp_sw_conn->sock;
+ if (!sock) {
+ rc = -ENOTCONN;
+ goto sock_unlock;
+ }
+
if (param == ISCSI_PARAM_LOCAL_PORT)
rc = kernel_getsockname(sock,
(struct sockaddr *)&addr);
else
rc = kernel_getpeername(sock,
(struct sockaddr *)&addr);
- sock_put(sock->sk);
+sock_unlock:
+ mutex_unlock(&tcp_sw_conn->sock_lock);
+ iscsi_put_conn(conn->cls_conn);
if (rc < 0)
return rc;
@@ -796,17 +823,21 @@ static int iscsi_sw_tcp_host_get_param(struct Scsi_Host *shost,
}
tcp_conn = conn->dd_data;
tcp_sw_conn = tcp_conn->dd_data;
- sock = tcp_sw_conn->sock;
- if (!sock) {
- spin_unlock_bh(&session->frwd_lock);
- return -ENOTCONN;
- }
- sock_hold(sock->sk);
+ /*
+ * The conn has been setup and bound, so just grab a ref
+ * incase a destroy runs while we are in the net layer.
+ */
+ iscsi_get_conn(conn->cls_conn);
spin_unlock_bh(&session->frwd_lock);
- rc = kernel_getsockname(sock,
- (struct sockaddr *)&addr);
- sock_put(sock->sk);
+ mutex_lock(&tcp_sw_conn->sock_lock);
+ sock = tcp_sw_conn->sock;
+ if (!sock)
+ rc = -ENOTCONN;
+ else
+ rc = kernel_getsockname(sock, (struct sockaddr *)&addr);
+ mutex_unlock(&tcp_sw_conn->sock_lock);
+ iscsi_put_conn(conn->cls_conn);
if (rc < 0)
return rc;
diff --git a/drivers/scsi/iscsi_tcp.h b/drivers/scsi/iscsi_tcp.h
index 791453195099..1731956326e2 100644
--- a/drivers/scsi/iscsi_tcp.h
+++ b/drivers/scsi/iscsi_tcp.h
@@ -28,6 +28,8 @@ struct iscsi_sw_tcp_send {
struct iscsi_sw_tcp_conn {
struct socket *sock;
+ /* Taken when accessing the sock from the netlink/sysfs interface */
+ struct mutex sock_lock;
struct iscsi_sw_tcp_send out;
/* old values for socket callbacks */
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 245/390] clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (243 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 244/390] scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 246/390] fsi: core: Check error number after calling ida_simple_get Greg Kroah-Hartman
` (150 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Robert Marko, Dmitry Baryshkov,
Bjorn Andersson, Sasha Levin
From: Robert Marko <robimarko@gmail.com>
[ Upstream commit 86e78995c93ee182433f965babfccd48417d4dcf ]
While fixing up the driver I noticed that my IPQ8074 board was hanging
after CPUFreq switched the frequency during boot, WDT would eventually
reset it.
So mark apcs_alias0_core_clk as critical since its the clock feeding the
CPU cluster and must never be disabled.
Fixes: 5e77b4ef1b19 ("clk: qcom: Add ipq6018 apss clock controller")
Signed-off-by: Robert Marko <robimarko@gmail.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220818220628.339366-3-robimarko@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/apss-ipq6018.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/clk/qcom/apss-ipq6018.c
+++ b/drivers/clk/qcom/apss-ipq6018.c
@@ -57,7 +57,7 @@ static struct clk_branch apcs_alias0_cor
.parent_hws = (const struct clk_hw *[]){
&apcs_alias0_clk_src.clkr.hw },
.num_parents = 1,
- .flags = CLK_SET_RATE_PARENT,
+ .flags = CLK_SET_RATE_PARENT | CLK_IS_CRITICAL,
.ops = &clk_branch2_ops,
},
},
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 246/390] fsi: core: Check error number after calling ida_simple_get
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (244 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 245/390] clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 247/390] mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() Greg Kroah-Hartman
` (149 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Eddie James,
Joel Stanley, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 35af9fb49bc5c6d61ef70b501c3a56fe161cce3e ]
If allocation fails, the ida_simple_get() will return error number.
So master->idx could be error number and be used in dev_set_name().
Therefore, it should be better to check it and return error if fails,
like the ida_simple_get() in __fsi_get_new_minor().
Fixes: 09aecfab93b8 ("drivers/fsi: Add fsi master definition")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Eddie James <eajames@linux.ibm.com>
Link: https://lore.kernel.org/r/20220111073411.614138-1-jiasheng@iscas.ac.cn
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/fsi/fsi-core.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/fsi/fsi-core.c b/drivers/fsi/fsi-core.c
index 59ddc9fd5bca..92e6eebd1851 100644
--- a/drivers/fsi/fsi-core.c
+++ b/drivers/fsi/fsi-core.c
@@ -1309,6 +1309,9 @@ int fsi_master_register(struct fsi_master *master)
mutex_init(&master->scan_lock);
master->idx = ida_simple_get(&master_ida, 0, INT_MAX, GFP_KERNEL);
+ if (master->idx < 0)
+ return master->idx;
+
dev_set_name(&master->dev, "fsi%d", master->idx);
master->dev.class = &fsi_master_class;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 247/390] mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (245 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 246/390] fsi: core: Check error number after calling ida_simple_get Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 248/390] mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() Greg Kroah-Hartman
` (148 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Andy Shevchenko,
Hans de Goede, Lee Jones, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 48749cabba109397b4e7dd556e85718ec0ec114d ]
The commit in Fixes: has added a pwm_add_table() call in the probe() and
a pwm_remove_table() call in the remove(), but forget to update the error
handling path of the probe.
Add the missing pwm_remove_table() call.
Fixes: a3aa9a93df9f ("mfd: intel_soc_pmic_core: ADD PWM lookup table for CRC PMIC based PWM")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Lee Jones <lee@kernel.org>
Link: https://lore.kernel.org/r/20220801114211.36267-1-andriy.shevchenko@linux.intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/intel_soc_pmic_core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/mfd/intel_soc_pmic_core.c b/drivers/mfd/intel_soc_pmic_core.c
index ddd64f9e3341..926653e1f603 100644
--- a/drivers/mfd/intel_soc_pmic_core.c
+++ b/drivers/mfd/intel_soc_pmic_core.c
@@ -95,6 +95,7 @@ static int intel_soc_pmic_i2c_probe(struct i2c_client *i2c,
return 0;
err_del_irq_chip:
+ pwm_remove_table(crc_pwm_lookup, ARRAY_SIZE(crc_pwm_lookup));
regmap_del_irq_chip(pmic->irq, pmic->irq_chip_data);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 248/390] mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (246 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 247/390] mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 249/390] mfd: lp8788: Fix an error handling path in lp8788_probe() Greg Kroah-Hartman
` (147 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Lee Jones, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 3fa9e4cfb55da512ebfd57336fde468830719298 ]
If devm_of_platform_populate() fails, some resources need to be
released.
Introduce a mx25_tsadc_unset_irq() function that undoes
mx25_tsadc_setup_irq() and call it both from the new error handling path
of the probe and in the remove function.
Fixes: a55196eff6d6 ("mfd: fsl-imx25: Use devm_of_platform_populate()")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Lee Jones <lee@kernel.org>
Link: https://lore.kernel.org/r/d404e04828fc06bcfddf81f9f3e9b4babbe35415.1659269156.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/fsl-imx25-tsadc.c | 32 ++++++++++++++++++++++++--------
1 file changed, 24 insertions(+), 8 deletions(-)
diff --git a/drivers/mfd/fsl-imx25-tsadc.c b/drivers/mfd/fsl-imx25-tsadc.c
index a016b39fe9b0..95103b2cc471 100644
--- a/drivers/mfd/fsl-imx25-tsadc.c
+++ b/drivers/mfd/fsl-imx25-tsadc.c
@@ -84,6 +84,19 @@ static int mx25_tsadc_setup_irq(struct platform_device *pdev,
return 0;
}
+static int mx25_tsadc_unset_irq(struct platform_device *pdev)
+{
+ struct mx25_tsadc *tsadc = platform_get_drvdata(pdev);
+ int irq = platform_get_irq(pdev, 0);
+
+ if (irq) {
+ irq_set_chained_handler_and_data(irq, NULL, NULL);
+ irq_domain_remove(tsadc->domain);
+ }
+
+ return 0;
+}
+
static void mx25_tsadc_setup_clk(struct platform_device *pdev,
struct mx25_tsadc *tsadc)
{
@@ -171,18 +184,21 @@ static int mx25_tsadc_probe(struct platform_device *pdev)
platform_set_drvdata(pdev, tsadc);
- return devm_of_platform_populate(dev);
+ ret = devm_of_platform_populate(dev);
+ if (ret)
+ goto err_irq;
+
+ return 0;
+
+err_irq:
+ mx25_tsadc_unset_irq(pdev);
+
+ return ret;
}
static int mx25_tsadc_remove(struct platform_device *pdev)
{
- struct mx25_tsadc *tsadc = platform_get_drvdata(pdev);
- int irq = platform_get_irq(pdev, 0);
-
- if (irq) {
- irq_set_chained_handler_and_data(irq, NULL, NULL);
- irq_domain_remove(tsadc->domain);
- }
+ mx25_tsadc_unset_irq(pdev);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 249/390] mfd: lp8788: Fix an error handling path in lp8788_probe()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (247 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 248/390] mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 250/390] mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() Greg Kroah-Hartman
` (146 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Lee Jones, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit becfdcd75126b20b8ec10066c5e85b34f8994ad5 ]
Should an error occurs in mfd_add_devices(), some resources need to be
released, as already done in the .remove() function.
Add an error handling path and a lp8788_irq_exit() call to undo a previous
lp8788_irq_init().
Fixes: eea6b7cc53aa ("mfd: Add lp8788 mfd driver")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Lee Jones <lee@kernel.org>
Link: https://lore.kernel.org/r/18398722da9df9490722d853e4797350189ae79b.1659261275.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/lp8788.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/mfd/lp8788.c b/drivers/mfd/lp8788.c
index 768d556b3fe9..5c3d642c8e3a 100644
--- a/drivers/mfd/lp8788.c
+++ b/drivers/mfd/lp8788.c
@@ -195,8 +195,16 @@ static int lp8788_probe(struct i2c_client *cl, const struct i2c_device_id *id)
if (ret)
return ret;
- return mfd_add_devices(lp->dev, -1, lp8788_devs,
- ARRAY_SIZE(lp8788_devs), NULL, 0, NULL);
+ ret = mfd_add_devices(lp->dev, -1, lp8788_devs,
+ ARRAY_SIZE(lp8788_devs), NULL, 0, NULL);
+ if (ret)
+ goto err_exit_irq;
+
+ return 0;
+
+err_exit_irq:
+ lp8788_irq_exit(lp);
+ return ret;
}
static int lp8788_remove(struct i2c_client *cl)
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 250/390] mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (248 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 249/390] mfd: lp8788: Fix an error handling path in lp8788_probe() Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 251/390] mfd: fsl-imx25: Fix check for platform_get_irq() errors Greg Kroah-Hartman
` (145 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Lee Jones, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 557244f6284f30613f2d61f14b579303165876c3 ]
In lp8788_irq_init(), if an error occurs after a successful
irq_domain_add_linear() call, it must be undone by a corresponding
irq_domain_remove() call.
irq_domain_remove() should also be called in lp8788_irq_exit() for the same
reason.
Fixes: eea6b7cc53aa ("mfd: Add lp8788 mfd driver")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Lee Jones <lee@kernel.org>
Link: https://lore.kernel.org/r/bcd5a72c9c1c383dd6324680116426e32737655a.1659261275.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/lp8788-irq.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/mfd/lp8788-irq.c b/drivers/mfd/lp8788-irq.c
index 348439a3fbbd..39006297f3d2 100644
--- a/drivers/mfd/lp8788-irq.c
+++ b/drivers/mfd/lp8788-irq.c
@@ -175,6 +175,7 @@ int lp8788_irq_init(struct lp8788 *lp, int irq)
IRQF_TRIGGER_FALLING | IRQF_ONESHOT,
"lp8788-irq", irqd);
if (ret) {
+ irq_domain_remove(lp->irqdm);
dev_err(lp->dev, "failed to create a thread for IRQ_N\n");
return ret;
}
@@ -188,4 +189,6 @@ void lp8788_irq_exit(struct lp8788 *lp)
{
if (lp->irq)
free_irq(lp->irq, lp->irqdm);
+ if (lp->irqdm)
+ irq_domain_remove(lp->irqdm);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 251/390] mfd: fsl-imx25: Fix check for platform_get_irq() errors
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (249 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 250/390] mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 252/390] mfd: sm501: Add check for platform_driver_register() Greg Kroah-Hartman
` (144 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Martin Kaiser,
Lee Jones, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 75db7907355ca5e2ff606e9dd3e86b6c3a455fe2 ]
The mx25_tsadc_remove() function assumes all non-zero returns are success
but the platform_get_irq() function returns negative on error and
positive non-zero values on success. It never returns zero, but if it
did then treat that as a success.
Fixes: 18f773937968 ("mfd: fsl-imx25: Clean up irq settings during removal")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Lee Jones <lee@kernel.org>
Link: https://lore.kernel.org/r/YvTfkbVQWYKMKS/t@kili
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/fsl-imx25-tsadc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/mfd/fsl-imx25-tsadc.c b/drivers/mfd/fsl-imx25-tsadc.c
index 95103b2cc471..5f1f6f3a0696 100644
--- a/drivers/mfd/fsl-imx25-tsadc.c
+++ b/drivers/mfd/fsl-imx25-tsadc.c
@@ -69,7 +69,7 @@ static int mx25_tsadc_setup_irq(struct platform_device *pdev,
int irq;
irq = platform_get_irq(pdev, 0);
- if (irq <= 0)
+ if (irq < 0)
return irq;
tsadc->domain = irq_domain_add_simple(np, 2, 0, &mx25_tsadc_domain_ops,
@@ -89,7 +89,7 @@ static int mx25_tsadc_unset_irq(struct platform_device *pdev)
struct mx25_tsadc *tsadc = platform_get_drvdata(pdev);
int irq = platform_get_irq(pdev, 0);
- if (irq) {
+ if (irq >= 0) {
irq_set_chained_handler_and_data(irq, NULL, NULL);
irq_domain_remove(tsadc->domain);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 252/390] mfd: sm501: Add check for platform_driver_register()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (250 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 251/390] mfd: fsl-imx25: Fix check for platform_get_irq() errors Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 253/390] clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent Greg Kroah-Hartman
` (143 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Lee Jones, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 8325a6c24ad78b8c1acc3c42b098ee24105d68e5 ]
As platform_driver_register() can return error numbers,
it should be better to check platform_driver_register()
and deal with the exception.
Fixes: b6d6454fdb66 ("[PATCH] mfd: SM501 core driver")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Signed-off-by: Lee Jones <lee@kernel.org>
Link: https://lore.kernel.org/r/20220913091112.1739138-1-jiasheng@iscas.ac.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/sm501.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/mfd/sm501.c b/drivers/mfd/sm501.c
index 6d2f4a0a901d..37ad72d8cde2 100644
--- a/drivers/mfd/sm501.c
+++ b/drivers/mfd/sm501.c
@@ -1720,7 +1720,12 @@ static struct platform_driver sm501_plat_driver = {
static int __init sm501_base_init(void)
{
- platform_driver_register(&sm501_plat_driver);
+ int ret;
+
+ ret = platform_driver_register(&sm501_plat_driver);
+ if (ret < 0)
+ return ret;
+
return pci_register_driver(&sm501_pci_driver);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 253/390] clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (251 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 252/390] mfd: sm501: Add check for platform_driver_register() Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 254/390] dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() Greg Kroah-Hartman
` (142 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chen-Yu Tsai,
AngeloGioacchino Del Regno, Sasha Levin
From: Chen-Yu Tsai <wenst@chromium.org>
[ Upstream commit 9f94f545f258b15bfa6357eb62e1e307b712851e ]
The only clock in the MT8183 MFGCFG block feeds the GPU. Propagate its
rate change requests to its parent, so that DVFS for the GPU can work
properly.
Fixes: acddfc2c261b ("clk: mediatek: Add MT8183 clock support")
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20220927101128.44758-3-angelogioacchino.delregno@collabora.com
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/mediatek/clk-mt8183-mfgcfg.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/clk/mediatek/clk-mt8183-mfgcfg.c b/drivers/clk/mediatek/clk-mt8183-mfgcfg.c
index 37b4162c5882..3a33014eee7f 100644
--- a/drivers/clk/mediatek/clk-mt8183-mfgcfg.c
+++ b/drivers/clk/mediatek/clk-mt8183-mfgcfg.c
@@ -18,9 +18,9 @@ static const struct mtk_gate_regs mfg_cg_regs = {
.sta_ofs = 0x0,
};
-#define GATE_MFG(_id, _name, _parent, _shift) \
- GATE_MTK(_id, _name, _parent, &mfg_cg_regs, _shift, \
- &mtk_clk_gate_ops_setclr)
+#define GATE_MFG(_id, _name, _parent, _shift) \
+ GATE_MTK_FLAGS(_id, _name, _parent, &mfg_cg_regs, _shift, \
+ &mtk_clk_gate_ops_setclr, CLK_SET_RATE_PARENT)
static const struct mtk_gate mfg_clks[] = {
GATE_MFG(CLK_MFG_BG3D, "mfg_bg3d", "mfg_sel", 0)
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 254/390] dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (252 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 253/390] clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 255/390] spmi: pmic-arb: correct duplicate APID to PPID mapping logic Greg Kroah-Hartman
` (141 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dave Jiang, Vinod Koul, Sasha Levin
From: Dave Jiang <dave.jiang@intel.com>
[ Upstream commit 898ec89dbb55b8294695ad71694a0684e62b2a73 ]
User reports observing timer event report channel halted but no error
observed in CHANERR register. The driver finished self-test and released
channel resources. Debug shows that __cleanup() can call
mod_timer() after the timer has been deleted and thus resurrect the
timer. While harmless, it causes suprious error message to be emitted.
Use mod_timer_pending() call to prevent deleted timer from being
resurrected.
Fixes: 3372de5813e4 ("dmaengine: ioatdma: removal of dma_v3.c and relevant ioat3 references")
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Link: https://lore.kernel.org/r/166360672197.3851724.17040290563764838369.stgit@djiang5-desk3.ch.intel.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/ioat/dma.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/dma/ioat/dma.c b/drivers/dma/ioat/dma.c
index 37ff4ec7db76..e2070df6cad2 100644
--- a/drivers/dma/ioat/dma.c
+++ b/drivers/dma/ioat/dma.c
@@ -656,7 +656,7 @@ static void __cleanup(struct ioatdma_chan *ioat_chan, dma_addr_t phys_complete)
if (active - i == 0) {
dev_dbg(to_dev(ioat_chan), "%s: cancel completion timeout\n",
__func__);
- mod_timer(&ioat_chan->timer, jiffies + IDLE_TIMEOUT);
+ mod_timer_pending(&ioat_chan->timer, jiffies + IDLE_TIMEOUT);
}
/* microsecond delay by sysfs variable per pending descriptor */
@@ -682,7 +682,7 @@ static void ioat_cleanup(struct ioatdma_chan *ioat_chan)
if (chanerr &
(IOAT_CHANERR_HANDLE_MASK | IOAT_CHANERR_RECOVER_MASK)) {
- mod_timer(&ioat_chan->timer, jiffies + IDLE_TIMEOUT);
+ mod_timer_pending(&ioat_chan->timer, jiffies + IDLE_TIMEOUT);
ioat_eh(ioat_chan);
}
}
@@ -879,7 +879,7 @@ static void check_active(struct ioatdma_chan *ioat_chan)
}
if (test_and_clear_bit(IOAT_CHAN_ACTIVE, &ioat_chan->state))
- mod_timer(&ioat_chan->timer, jiffies + IDLE_TIMEOUT);
+ mod_timer_pending(&ioat_chan->timer, jiffies + IDLE_TIMEOUT);
}
static void ioat_reboot_chan(struct ioatdma_chan *ioat_chan)
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 255/390] spmi: pmic-arb: correct duplicate APID to PPID mapping logic
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (253 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 254/390] dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 256/390] clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD Greg Kroah-Hartman
` (140 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Collins, Fenglin Wu,
Stephen Boyd, Sasha Levin
From: David Collins <collinsd@codeaurora.org>
[ Upstream commit 1f1693118c2476cb1666ad357edcf3cf48bf9b16 ]
Correct the way that duplicate PPID mappings are handled for PMIC
arbiter v5. The final APID mapped to a given PPID should be the
one which has write owner = APPS EE, if it exists, or if not
that, then the first APID mapped to the PPID, if it exists.
Fixes: 40f318f0ed67 ("spmi: pmic-arb: add support for HW version 5")
Signed-off-by: David Collins <collinsd@codeaurora.org>
Signed-off-by: Fenglin Wu <quic_fenglinw@quicinc.com>
Link: https://lore.kernel.org/r/1655004286-11493-7-git-send-email-quic_fenglinw@quicinc.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Link: https://lore.kernel.org/r/20220930005019.2663064-8-sboyd@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spmi/spmi-pmic-arb.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/drivers/spmi/spmi-pmic-arb.c b/drivers/spmi/spmi-pmic-arb.c
index bbbd311eda03..e6de2aeece8d 100644
--- a/drivers/spmi/spmi-pmic-arb.c
+++ b/drivers/spmi/spmi-pmic-arb.c
@@ -887,7 +887,8 @@ static int pmic_arb_read_apid_map_v5(struct spmi_pmic_arb *pmic_arb)
* version 5, there is more than one APID mapped to each PPID.
* The owner field for each of these mappings specifies the EE which is
* allowed to write to the APID. The owner of the last (highest) APID
- * for a given PPID will receive interrupts from the PPID.
+ * which has the IRQ owner bit set for a given PPID will receive
+ * interrupts from the PPID.
*/
for (i = 0; ; i++, apidd++) {
offset = pmic_arb->ver_ops->apid_map_offset(i);
@@ -910,16 +911,16 @@ static int pmic_arb_read_apid_map_v5(struct spmi_pmic_arb *pmic_arb)
apid = pmic_arb->ppid_to_apid[ppid] & ~PMIC_ARB_APID_VALID;
prev_apidd = &pmic_arb->apid_data[apid];
- if (valid && is_irq_ee &&
- prev_apidd->write_ee == pmic_arb->ee) {
+ if (!valid || apidd->write_ee == pmic_arb->ee) {
+ /* First PPID mapping or one for this EE */
+ pmic_arb->ppid_to_apid[ppid] = i | PMIC_ARB_APID_VALID;
+ } else if (valid && is_irq_ee &&
+ prev_apidd->write_ee == pmic_arb->ee) {
/*
* Duplicate PPID mapping after the one for this EE;
* override the irq owner
*/
prev_apidd->irq_ee = apidd->irq_ee;
- } else if (!valid || is_irq_ee) {
- /* First PPID mapping or duplicate for another EE */
- pmic_arb->ppid_to_apid[ppid] = i | PMIC_ARB_APID_VALID;
}
apidd->ppid = ppid;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 256/390] clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (254 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 255/390] spmi: pmic-arb: correct duplicate APID to PPID mapping logic Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 257/390] clk: baikal-t1: Fix invalid xGMAC PTP clock divider Greg Kroah-Hartman
` (139 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Semin, Luca Ceresoli,
Stephen Boyd, Sasha Levin
From: Serge Semin <Sergey.Semin@baikalelectronics.ru>
[ Upstream commit c388cc804016cf0f65afdc2362b120aa594ff3e6 ]
We have discovered random glitches during the system boot up procedure.
The problem investigation led us to the weird outcomes: when none of the
Renesas 5P49V6901 ports are explicitly enabled by the kernel driver, the
glitches disappeared. It was a mystery since the SoC external clock
domains were fed with different 5P49V6901 outputs. The driver code didn't
seem like bogus either. We almost despaired to find out a root cause when
the solution has been found for a more modern revision of the chip. It
turned out the 5P49V6901 clock generator stopped its output for a short
period of time during the VC5_OUT_DIV_CONTROL register writing. The same
problem was found for the 5P49V6965 revision of the chip and was
successfully fixed in commit fc336ae622df ("clk: vc5: fix output disabling
when enabling a FOD") by enabling the "bypass_sync" flag hidden inside
"Unused Factory Reserved Register". Even though the 5P49V6901 registers
description and programming guide doesn't provide any intel regarding that
flag, setting it up anyway in the officially unused register completely
eliminated the denoted glitches. Thus let's activate the functionality
submitted in commit fc336ae622df ("clk: vc5: fix output disabling when
enabling a FOD") for the Renesas 5P49V6901 chip too in order to remove the
ports implicit inter-dependency.
Fixes: dbf6b16f5683 ("clk: vc5: Add support for IDT VersaClock 5P49V6901")
Signed-off-by: Serge Semin <Sergey.Semin@baikalelectronics.ru>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Link: https://lore.kernel.org/r/20220929225402.9696-2-Sergey.Semin@baikalelectronics.ru
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/clk-versaclock5.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/clk-versaclock5.c b/drivers/clk/clk-versaclock5.c
index 4e741f94baf0..eb597ea7bb87 100644
--- a/drivers/clk/clk-versaclock5.c
+++ b/drivers/clk/clk-versaclock5.c
@@ -1116,7 +1116,7 @@ static const struct vc5_chip_info idt_5p49v6901_info = {
.model = IDT_VC6_5P49V6901,
.clk_fod_cnt = 4,
.clk_out_cnt = 5,
- .flags = VC5_HAS_PFD_FREQ_DBL,
+ .flags = VC5_HAS_PFD_FREQ_DBL | VC5_HAS_BYPASS_SYNC_BIT,
};
static const struct vc5_chip_info idt_5p49v6965_info = {
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 257/390] clk: baikal-t1: Fix invalid xGMAC PTP clock divider
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (255 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 256/390] clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 258/390] clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent Greg Kroah-Hartman
` (138 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Semin, Stephen Boyd, Sasha Levin
From: Serge Semin <Sergey.Semin@baikalelectronics.ru>
[ Upstream commit 3c742088686ce922704aec5b11d09bcc5a396589 ]
Most likely due to copy-paste mistake the divider has been set to 10 while
according to the SoC reference manual it's supposed to be 8 thus having
PTP clock frequency of 156.25 MHz.
Fixes: 353afa3a8d2e ("clk: Add Baikal-T1 CCU Dividers driver")
Signed-off-by: Serge Semin <Sergey.Semin@baikalelectronics.ru>
Link: https://lore.kernel.org/r/20220929225402.9696-3-Sergey.Semin@baikalelectronics.ru
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/baikal-t1/clk-ccu-div.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/baikal-t1/clk-ccu-div.c b/drivers/clk/baikal-t1/clk-ccu-div.c
index f141fda12b09..ea77eec40ddd 100644
--- a/drivers/clk/baikal-t1/clk-ccu-div.c
+++ b/drivers/clk/baikal-t1/clk-ccu-div.c
@@ -207,7 +207,7 @@ static const struct ccu_div_info sys_info[] = {
CCU_DIV_GATE_INFO(CCU_SYS_XGMAC_REF_CLK, "sys_xgmac_ref_clk",
"eth_clk", CCU_SYS_XGMAC_BASE, 8),
CCU_DIV_FIXED_INFO(CCU_SYS_XGMAC_PTP_CLK, "sys_xgmac_ptp_clk",
- "eth_clk", 10),
+ "eth_clk", 8),
CCU_DIV_GATE_INFO(CCU_SYS_USB_CLK, "sys_usb_clk",
"eth_clk", CCU_SYS_USB_BASE, 10),
CCU_DIV_VAR_INFO(CCU_SYS_PVT_CLK, "sys_pvt_clk",
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 258/390] clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (256 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 257/390] clk: baikal-t1: Fix invalid xGMAC PTP clock divider Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 259/390] clk: baikal-t1: Add SATA internal ref clock buffer Greg Kroah-Hartman
` (137 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Semin, Stephen Boyd, Sasha Levin
From: Serge Semin <Sergey.Semin@baikalelectronics.ru>
[ Upstream commit e2eef312762e0b5a5a70d29fe59a245c0a3cffa0 ]
Baikal-T1 CCU reference manual says that both xGMAC reference and xGMAC
PTP clocks are generated by two different wrappers with the same constant
divider thus each producing a 156.25 MHz signal. But for some reason both
of these clock sources are gated by a single switch-flag in the CCU
registers space - CCU_SYS_XGMAC_BASE.BIT(0). In order to make the clocks
handled independently we need to define a shared parental gate so the base
clock signal would be switched off only if both of the child-clocks are
disabled.
Note the ID is intentionally set to -2 since we are going to add a one
more internal clock identifier in the next commit.
Fixes: 353afa3a8d2e ("clk: Add Baikal-T1 CCU Dividers driver")
Signed-off-by: Serge Semin <Sergey.Semin@baikalelectronics.ru>
Link: https://lore.kernel.org/r/20220929225402.9696-4-Sergey.Semin@baikalelectronics.ru
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/baikal-t1/ccu-div.c | 1 +
drivers/clk/baikal-t1/ccu-div.h | 6 ++++++
drivers/clk/baikal-t1/clk-ccu-div.c | 8 +++++---
3 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/drivers/clk/baikal-t1/ccu-div.c b/drivers/clk/baikal-t1/ccu-div.c
index 4062092d67f9..bbfa3526ee10 100644
--- a/drivers/clk/baikal-t1/ccu-div.c
+++ b/drivers/clk/baikal-t1/ccu-div.c
@@ -579,6 +579,7 @@ struct ccu_div *ccu_div_hw_register(const struct ccu_div_init_data *div_init)
goto err_free_div;
}
parent_data.fw_name = div_init->parent_name;
+ parent_data.name = div_init->parent_name;
hw_init.parent_data = &parent_data;
hw_init.num_parents = 1;
diff --git a/drivers/clk/baikal-t1/ccu-div.h b/drivers/clk/baikal-t1/ccu-div.h
index 795665caefbd..b6a9c8e45318 100644
--- a/drivers/clk/baikal-t1/ccu-div.h
+++ b/drivers/clk/baikal-t1/ccu-div.h
@@ -13,6 +13,12 @@
#include <linux/bits.h>
#include <linux/of.h>
+/*
+ * CCU Divider private clock IDs
+ * @CCU_SYS_XGMAC_CLK: CCU XGMAC internal clock
+ */
+#define CCU_SYS_XGMAC_CLK -2
+
/*
* CCU Divider private flags
* @CCU_DIV_SKIP_ONE: Due to some reason divider can't be set to 1.
diff --git a/drivers/clk/baikal-t1/clk-ccu-div.c b/drivers/clk/baikal-t1/clk-ccu-div.c
index ea77eec40ddd..3953ae5664be 100644
--- a/drivers/clk/baikal-t1/clk-ccu-div.c
+++ b/drivers/clk/baikal-t1/clk-ccu-div.c
@@ -204,10 +204,12 @@ static const struct ccu_div_info sys_info[] = {
"eth_clk", CCU_SYS_GMAC1_BASE, 5),
CCU_DIV_FIXED_INFO(CCU_SYS_GMAC1_PTP_CLK, "sys_gmac1_ptp_clk",
"eth_clk", 10),
- CCU_DIV_GATE_INFO(CCU_SYS_XGMAC_REF_CLK, "sys_xgmac_ref_clk",
- "eth_clk", CCU_SYS_XGMAC_BASE, 8),
+ CCU_DIV_GATE_INFO(CCU_SYS_XGMAC_CLK, "sys_xgmac_clk",
+ "eth_clk", CCU_SYS_XGMAC_BASE, 1),
+ CCU_DIV_FIXED_INFO(CCU_SYS_XGMAC_REF_CLK, "sys_xgmac_ref_clk",
+ "sys_xgmac_clk", 8),
CCU_DIV_FIXED_INFO(CCU_SYS_XGMAC_PTP_CLK, "sys_xgmac_ptp_clk",
- "eth_clk", 8),
+ "sys_xgmac_clk", 8),
CCU_DIV_GATE_INFO(CCU_SYS_USB_CLK, "sys_usb_clk",
"eth_clk", CCU_SYS_USB_BASE, 10),
CCU_DIV_VAR_INFO(CCU_SYS_PVT_CLK, "sys_pvt_clk",
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 259/390] clk: baikal-t1: Add SATA internal ref clock buffer
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (257 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 258/390] clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 260/390] clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration Greg Kroah-Hartman
` (136 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Semin, Stephen Boyd, Sasha Levin
From: Serge Semin <Sergey.Semin@baikalelectronics.ru>
[ Upstream commit 081a9b7c74eae4e12b2cb1b86720f836a8f29247 ]
It turns out the internal SATA reference clock signal will stay
unavailable for the SATA interface consumer until the buffer on it's way
is ungated. So aside with having the actual clock divider enabled we need
to ungate a buffer placed on the signal way to the SATA controller (most
likely some rudiment from the initial SoC release). Seeing the switch flag
is placed in the same register as the SATA-ref clock divider at a
non-standard ffset, let's implement it as a separate clock controller with
the set-rate propagation to the parental clock divider wrapper. As such
we'll be able to disable/enable and still change the original clock source
rate.
Fixes: 353afa3a8d2e ("clk: Add Baikal-T1 CCU Dividers driver")
Signed-off-by: Serge Semin <Sergey.Semin@baikalelectronics.ru>
Link: https://lore.kernel.org/r/20220929225402.9696-5-Sergey.Semin@baikalelectronics.ru
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/baikal-t1/ccu-div.c | 64 +++++++++++++++++++++++++++++
drivers/clk/baikal-t1/ccu-div.h | 4 ++
drivers/clk/baikal-t1/clk-ccu-div.c | 18 +++++++-
3 files changed, 85 insertions(+), 1 deletion(-)
diff --git a/drivers/clk/baikal-t1/ccu-div.c b/drivers/clk/baikal-t1/ccu-div.c
index bbfa3526ee10..a6642f3d33d4 100644
--- a/drivers/clk/baikal-t1/ccu-div.c
+++ b/drivers/clk/baikal-t1/ccu-div.c
@@ -34,6 +34,7 @@
#define CCU_DIV_CTL_CLKDIV_MASK(_width) \
GENMASK((_width) + CCU_DIV_CTL_CLKDIV_FLD - 1, CCU_DIV_CTL_CLKDIV_FLD)
#define CCU_DIV_CTL_LOCK_SHIFTED BIT(27)
+#define CCU_DIV_CTL_GATE_REF_BUF BIT(28)
#define CCU_DIV_CTL_LOCK_NORMAL BIT(31)
#define CCU_DIV_RST_DELAY_US 1
@@ -170,6 +171,40 @@ static int ccu_div_gate_is_enabled(struct clk_hw *hw)
return !!(val & CCU_DIV_CTL_EN);
}
+static int ccu_div_buf_enable(struct clk_hw *hw)
+{
+ struct ccu_div *div = to_ccu_div(hw);
+ unsigned long flags;
+
+ spin_lock_irqsave(&div->lock, flags);
+ regmap_update_bits(div->sys_regs, div->reg_ctl,
+ CCU_DIV_CTL_GATE_REF_BUF, 0);
+ spin_unlock_irqrestore(&div->lock, flags);
+
+ return 0;
+}
+
+static void ccu_div_buf_disable(struct clk_hw *hw)
+{
+ struct ccu_div *div = to_ccu_div(hw);
+ unsigned long flags;
+
+ spin_lock_irqsave(&div->lock, flags);
+ regmap_update_bits(div->sys_regs, div->reg_ctl,
+ CCU_DIV_CTL_GATE_REF_BUF, CCU_DIV_CTL_GATE_REF_BUF);
+ spin_unlock_irqrestore(&div->lock, flags);
+}
+
+static int ccu_div_buf_is_enabled(struct clk_hw *hw)
+{
+ struct ccu_div *div = to_ccu_div(hw);
+ u32 val = 0;
+
+ regmap_read(div->sys_regs, div->reg_ctl, &val);
+
+ return !(val & CCU_DIV_CTL_GATE_REF_BUF);
+}
+
static unsigned long ccu_div_var_recalc_rate(struct clk_hw *hw,
unsigned long parent_rate)
{
@@ -323,6 +358,7 @@ static const struct ccu_div_dbgfs_bit ccu_div_bits[] = {
CCU_DIV_DBGFS_BIT_ATTR("div_en", CCU_DIV_CTL_EN),
CCU_DIV_DBGFS_BIT_ATTR("div_rst", CCU_DIV_CTL_RST),
CCU_DIV_DBGFS_BIT_ATTR("div_bypass", CCU_DIV_CTL_SET_CLKDIV),
+ CCU_DIV_DBGFS_BIT_ATTR("div_buf", CCU_DIV_CTL_GATE_REF_BUF),
CCU_DIV_DBGFS_BIT_ATTR("div_lock", CCU_DIV_CTL_LOCK_NORMAL)
};
@@ -441,6 +477,9 @@ static void ccu_div_var_debug_init(struct clk_hw *hw, struct dentry *dentry)
continue;
}
+ if (!strcmp("div_buf", name))
+ continue;
+
bits[didx] = ccu_div_bits[bidx];
bits[didx].div = div;
@@ -477,6 +516,21 @@ static void ccu_div_gate_debug_init(struct clk_hw *hw, struct dentry *dentry)
&ccu_div_dbgfs_fixed_clkdiv_fops);
}
+static void ccu_div_buf_debug_init(struct clk_hw *hw, struct dentry *dentry)
+{
+ struct ccu_div *div = to_ccu_div(hw);
+ struct ccu_div_dbgfs_bit *bit;
+
+ bit = kmalloc(sizeof(*bit), GFP_KERNEL);
+ if (!bit)
+ return;
+
+ *bit = ccu_div_bits[3];
+ bit->div = div;
+ debugfs_create_file_unsafe(bit->name, ccu_div_dbgfs_mode, dentry, bit,
+ &ccu_div_dbgfs_bit_fops);
+}
+
static void ccu_div_fixed_debug_init(struct clk_hw *hw, struct dentry *dentry)
{
struct ccu_div *div = to_ccu_div(hw);
@@ -489,6 +543,7 @@ static void ccu_div_fixed_debug_init(struct clk_hw *hw, struct dentry *dentry)
#define ccu_div_var_debug_init NULL
#define ccu_div_gate_debug_init NULL
+#define ccu_div_buf_debug_init NULL
#define ccu_div_fixed_debug_init NULL
#endif /* !CONFIG_DEBUG_FS */
@@ -520,6 +575,13 @@ static const struct clk_ops ccu_div_gate_ops = {
.debug_init = ccu_div_gate_debug_init
};
+static const struct clk_ops ccu_div_buf_ops = {
+ .enable = ccu_div_buf_enable,
+ .disable = ccu_div_buf_disable,
+ .is_enabled = ccu_div_buf_is_enabled,
+ .debug_init = ccu_div_buf_debug_init
+};
+
static const struct clk_ops ccu_div_fixed_ops = {
.recalc_rate = ccu_div_fixed_recalc_rate,
.round_rate = ccu_div_fixed_round_rate,
@@ -566,6 +628,8 @@ struct ccu_div *ccu_div_hw_register(const struct ccu_div_init_data *div_init)
} else if (div_init->type == CCU_DIV_GATE) {
hw_init.ops = &ccu_div_gate_ops;
div->divider = div_init->divider;
+ } else if (div_init->type == CCU_DIV_BUF) {
+ hw_init.ops = &ccu_div_buf_ops;
} else if (div_init->type == CCU_DIV_FIXED) {
hw_init.ops = &ccu_div_fixed_ops;
div->divider = div_init->divider;
diff --git a/drivers/clk/baikal-t1/ccu-div.h b/drivers/clk/baikal-t1/ccu-div.h
index b6a9c8e45318..4eb49ff4803c 100644
--- a/drivers/clk/baikal-t1/ccu-div.h
+++ b/drivers/clk/baikal-t1/ccu-div.h
@@ -15,8 +15,10 @@
/*
* CCU Divider private clock IDs
+ * @CCU_SYS_SATA_CLK: CCU SATA internal clock
* @CCU_SYS_XGMAC_CLK: CCU XGMAC internal clock
*/
+#define CCU_SYS_SATA_CLK -1
#define CCU_SYS_XGMAC_CLK -2
/*
@@ -37,11 +39,13 @@
* enum ccu_div_type - CCU Divider types
* @CCU_DIV_VAR: Clocks gate with variable divider.
* @CCU_DIV_GATE: Clocks gate with fixed divider.
+ * @CCU_DIV_BUF: Clock gate with no divider.
* @CCU_DIV_FIXED: Ungateable clock with fixed divider.
*/
enum ccu_div_type {
CCU_DIV_VAR,
CCU_DIV_GATE,
+ CCU_DIV_BUF,
CCU_DIV_FIXED
};
diff --git a/drivers/clk/baikal-t1/clk-ccu-div.c b/drivers/clk/baikal-t1/clk-ccu-div.c
index 3953ae5664be..90f4fda406ee 100644
--- a/drivers/clk/baikal-t1/clk-ccu-div.c
+++ b/drivers/clk/baikal-t1/clk-ccu-div.c
@@ -76,6 +76,16 @@
.divider = _divider \
}
+#define CCU_DIV_BUF_INFO(_id, _name, _pname, _base, _flags) \
+ { \
+ .id = _id, \
+ .name = _name, \
+ .parent_name = _pname, \
+ .base = _base, \
+ .type = CCU_DIV_BUF, \
+ .flags = _flags \
+ }
+
#define CCU_DIV_FIXED_INFO(_id, _name, _pname, _divider) \
{ \
.id = _id, \
@@ -188,11 +198,14 @@ static const struct ccu_div_rst_map axi_rst_map[] = {
* for the SoC devices registers IO-operations.
*/
static const struct ccu_div_info sys_info[] = {
- CCU_DIV_VAR_INFO(CCU_SYS_SATA_REF_CLK, "sys_sata_ref_clk",
+ CCU_DIV_VAR_INFO(CCU_SYS_SATA_CLK, "sys_sata_clk",
"sata_clk", CCU_SYS_SATA_REF_BASE, 4,
CLK_SET_RATE_GATE,
CCU_DIV_SKIP_ONE | CCU_DIV_LOCK_SHIFTED |
CCU_DIV_RESET_DOMAIN),
+ CCU_DIV_BUF_INFO(CCU_SYS_SATA_REF_CLK, "sys_sata_ref_clk",
+ "sys_sata_clk", CCU_SYS_SATA_REF_BASE,
+ CLK_SET_RATE_PARENT),
CCU_DIV_VAR_INFO(CCU_SYS_APB_CLK, "sys_apb_clk",
"pcie_clk", CCU_SYS_APB_BASE, 5,
CLK_IS_CRITICAL, CCU_DIV_RESET_DOMAIN),
@@ -398,6 +411,9 @@ static int ccu_div_clk_register(struct ccu_div_data *data)
init.base = info->base;
init.sys_regs = data->sys_regs;
init.divider = info->divider;
+ } else if (init.type == CCU_DIV_BUF) {
+ init.base = info->base;
+ init.sys_regs = data->sys_regs;
} else {
init.divider = info->divider;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 260/390] clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (258 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 259/390] clk: baikal-t1: Add SATA internal ref clock buffer Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 261/390] clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe Greg Kroah-Hartman
` (135 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefan Wahren, Ivan T. Ivanov,
Florian Fainelli, Stephen Boyd, Sasha Levin
From: Stefan Wahren <stefan.wahren@i2se.com>
[ Upstream commit 0b919a3728691c172312dee99ba654055ccd8c84 ]
The return value of bcm2835_clock_rate_from_divisor is always unsigned
and also all caller expect this. So fix the declaration accordingly.
Fixes: 41691b8862e2 ("clk: bcm2835: Add support for programming the audio domain clocks")
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Link: https://lore.kernel.org/r/20220904141037.38816-1-stefan.wahren@i2se.com
Reviewed-by: Ivan T. Ivanov <iivanov@suse.de>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/bcm/clk-bcm2835.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/clk/bcm/clk-bcm2835.c b/drivers/clk/bcm/clk-bcm2835.c
index 178886823b90..f306b959297d 100644
--- a/drivers/clk/bcm/clk-bcm2835.c
+++ b/drivers/clk/bcm/clk-bcm2835.c
@@ -968,9 +968,9 @@ static u32 bcm2835_clock_choose_div(struct clk_hw *hw,
return div;
}
-static long bcm2835_clock_rate_from_divisor(struct bcm2835_clock *clock,
- unsigned long parent_rate,
- u32 div)
+static unsigned long bcm2835_clock_rate_from_divisor(struct bcm2835_clock *clock,
+ unsigned long parent_rate,
+ u32 div)
{
const struct bcm2835_clock_data *data = clock->data;
u64 temp;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 261/390] clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (259 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 260/390] clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 262/390] clk: ast2600: BCLK comes from EPLL Greg Kroah-Hartman
` (134 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Tony Lindgren,
Stephen Boyd, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 9c59a01caba26ec06fefd6ca1f22d5fd1de57d63 ]
pm_runtime_get_sync() will increment pm usage counter.
Forgetting to putting operation will result in reference leak.
Add missing pm_runtime_put_sync in some error paths.
Fixes: 9ac33b0ce81f ("CLK: TI: Driver for DRA7 ATL (Audio Tracking Logic)")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220602030838.52057-1-linmq006@gmail.com
Reviewed-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/ti/clk-dra7-atl.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/clk/ti/clk-dra7-atl.c b/drivers/clk/ti/clk-dra7-atl.c
index 8d4c08b034bd..e2e59d78c173 100644
--- a/drivers/clk/ti/clk-dra7-atl.c
+++ b/drivers/clk/ti/clk-dra7-atl.c
@@ -251,14 +251,16 @@ static int of_dra7_atl_clk_probe(struct platform_device *pdev)
if (rc) {
pr_err("%s: failed to lookup atl clock %d\n", __func__,
i);
- return -EINVAL;
+ ret = -EINVAL;
+ goto pm_put;
}
clk = of_clk_get_from_provider(&clkspec);
if (IS_ERR(clk)) {
pr_err("%s: failed to get atl clock %d from provider\n",
__func__, i);
- return PTR_ERR(clk);
+ ret = PTR_ERR(clk);
+ goto pm_put;
}
cdesc = to_atl_desc(__clk_get_hw(clk));
@@ -291,8 +293,9 @@ static int of_dra7_atl_clk_probe(struct platform_device *pdev)
if (cdesc->enabled)
atl_clk_enable(__clk_get_hw(clk));
}
- pm_runtime_put_sync(cinfo->dev);
+pm_put:
+ pm_runtime_put_sync(cinfo->dev);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 262/390] clk: ast2600: BCLK comes from EPLL
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (260 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 261/390] clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe Greg Kroah-Hartman
@ 2022-10-24 11:30 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 263/390] mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg Greg Kroah-Hartman
` (133 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joel Stanley, Stephen Boyd, Sasha Levin
From: Joel Stanley <joel@jms.id.au>
[ Upstream commit b8c1dc9c00b252b3be853720a71b05ed451ddd9f ]
This correction was made in the u-boot SDK recently. There are no
in-tree users of this clock so the impact is minimal.
Fixes: d3d04f6c330a ("clk: Add support for AST2600 SoC")
Link: https://github.com/AspeedTech-BMC/u-boot/commit/8ad54a5ae15f27fea5e894cc2539a20d90019717
Signed-off-by: Joel Stanley <joel@jms.id.au>
Link: https://lore.kernel.org/r/20220421040426.171256-1-joel@jms.id.au
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/clk-ast2600.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/clk-ast2600.c b/drivers/clk/clk-ast2600.c
index 24dab2312bc6..9c3305bcb27a 100644
--- a/drivers/clk/clk-ast2600.c
+++ b/drivers/clk/clk-ast2600.c
@@ -622,7 +622,7 @@ static int aspeed_g6_clk_probe(struct platform_device *pdev)
regmap_write(map, 0x308, 0x12000); /* 3x3 = 9 */
/* P-Bus (BCLK) clock divider */
- hw = clk_hw_register_divider_table(dev, "bclk", "hpll", 0,
+ hw = clk_hw_register_divider_table(dev, "bclk", "epll", 0,
scu_g6_base + ASPEED_G6_CLK_SELECTION1, 20, 3, 0,
ast2600_div_table,
&aspeed_g6_clk_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 263/390] mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (261 preceding siblings ...)
2022-10-24 11:30 ` [PATCH 5.10 262/390] clk: ast2600: BCLK comes from EPLL Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 264/390] powerpc/math_emu/efp: Include module.h Greg Kroah-Hartman
` (132 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jack Wang, Jassi Brar, Sasha Levin
From: Jack Wang <jinpu.wang@ionos.com>
[ Upstream commit 6b207ce8a96a71e966831e3a13c38143ba9a73c1 ]
dma_map_sg return 0 on error, fix the error check, and return -EIO
to caller.
Fixes: dbc049eee730 ("mailbox: Add driver for Broadcom FlexRM ring manager")
Signed-off-by: Jack Wang <jinpu.wang@ionos.com>
Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mailbox/bcm-flexrm-mailbox.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/mailbox/bcm-flexrm-mailbox.c b/drivers/mailbox/bcm-flexrm-mailbox.c
index bee33abb5308..e913ed1e34c6 100644
--- a/drivers/mailbox/bcm-flexrm-mailbox.c
+++ b/drivers/mailbox/bcm-flexrm-mailbox.c
@@ -632,15 +632,15 @@ static int flexrm_spu_dma_map(struct device *dev, struct brcm_message *msg)
rc = dma_map_sg(dev, msg->spu.src, sg_nents(msg->spu.src),
DMA_TO_DEVICE);
- if (rc < 0)
- return rc;
+ if (!rc)
+ return -EIO;
rc = dma_map_sg(dev, msg->spu.dst, sg_nents(msg->spu.dst),
DMA_FROM_DEVICE);
- if (rc < 0) {
+ if (!rc) {
dma_unmap_sg(dev, msg->spu.src, sg_nents(msg->spu.src),
DMA_TO_DEVICE);
- return rc;
+ return -EIO;
}
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 264/390] powerpc/math_emu/efp: Include module.h
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (262 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 263/390] mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 265/390] powerpc/sysdev/fsl_msi: Add missing of_node_put() Greg Kroah-Hartman
` (131 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Nathan Chancellor,
Christophe Leroy, Michael Ellerman, Sasha Levin
From: Nathan Chancellor <nathan@kernel.org>
[ Upstream commit cfe0d370e0788625ce0df3239aad07a2506c1796 ]
When building with a recent version of clang, there are a couple of
errors around the call to module_init():
arch/powerpc/math-emu/math_efp.c:927:1: error: type specifier missing, defaults to 'int'; ISO C99 and later do not support implicit int [-Wimplicit-int]
module_init(spe_mathemu_init);
^
int
arch/powerpc/math-emu/math_efp.c:927:13: error: a parameter list without types is only allowed in a function definition
module_init(spe_mathemu_init);
^
2 errors generated.
module_init() is a macro, which is not getting expanded because module.h
is not included in this file. Add the include so that the macro can
expand properly, clearing up the build failure.
Fixes: ac6f120369ff ("powerpc/85xx: Workaroudn e500 CPU erratum A005")
[chleroy: added fixes tag]
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Link: https://lore.kernel.org/r/8403854a4c187459b2f4da3537f51227b70b9223.1662134272.git.christophe.leroy@csgroup.eu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/math-emu/math_efp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/math-emu/math_efp.c b/arch/powerpc/math-emu/math_efp.c
index 0a05e51964c1..90111c9e7521 100644
--- a/arch/powerpc/math-emu/math_efp.c
+++ b/arch/powerpc/math-emu/math_efp.c
@@ -17,6 +17,7 @@
#include <linux/types.h>
#include <linux/prctl.h>
+#include <linux/module.h>
#include <linux/uaccess.h>
#include <asm/reg.h>
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 265/390] powerpc/sysdev/fsl_msi: Add missing of_node_put()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (263 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 264/390] powerpc/math_emu/efp: Include module.h Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 266/390] powerpc/pci_dn: " Greg Kroah-Hartman
` (130 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Michael Ellerman,
Sasha Levin, Miaoqian Lin
From: Liang He <windhl@126.com>
[ Upstream commit def435c04ee984a5f9ed2711b2bfe946936c6a21 ]
In fsl_setup_msi_irqs(), use of_node_put() to drop the reference
returned by of_parse_phandle().
Fixes: 895d603f945ba ("powerpc/fsl_msi: add support for the fsl, msi property in PCI nodes")
Co-authored-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220704145233.278539-1-windhl@126.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/sysdev/fsl_msi.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/powerpc/sysdev/fsl_msi.c b/arch/powerpc/sysdev/fsl_msi.c
index 808e7118abfc..d276c5e96445 100644
--- a/arch/powerpc/sysdev/fsl_msi.c
+++ b/arch/powerpc/sysdev/fsl_msi.c
@@ -211,8 +211,10 @@ static int fsl_setup_msi_irqs(struct pci_dev *pdev, int nvec, int type)
dev_err(&pdev->dev,
"node %pOF has an invalid fsl,msi phandle %u\n",
hose->dn, np->phandle);
+ of_node_put(np);
return -EINVAL;
}
+ of_node_put(np);
}
for_each_pci_msi_entry(entry, pdev) {
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 266/390] powerpc/pci_dn: Add missing of_node_put()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (264 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 265/390] powerpc/sysdev/fsl_msi: Add missing of_node_put() Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 267/390] powerpc/powernv: add missing of_node_put() in opal_export_attrs() Greg Kroah-Hartman
` (129 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Michael Ellerman,
Tyrel Datwyler, Sasha Levin, Miaoqian Lin
From: Liang He <windhl@126.com>
[ Upstream commit 110a1fcb6c4d55144d8179983a475f17a1d6f832 ]
In pci_add_device_node_info(), use of_node_put() to drop the reference
to 'parent' returned by of_get_parent() to keep refcount balance.
Fixes: cca87d303c85 ("powerpc/pci: Refactor pci_dn")
Co-authored-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Reviewed-by: Tyrel Datwyler <tyreld@linux.ibm.com>
Link: https://lore.kernel.org/r/20220701131750.240170-1-windhl@126.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/pci_dn.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/kernel/pci_dn.c b/arch/powerpc/kernel/pci_dn.c
index e99b7c547d7e..b173ba342645 100644
--- a/arch/powerpc/kernel/pci_dn.c
+++ b/arch/powerpc/kernel/pci_dn.c
@@ -330,6 +330,7 @@ struct pci_dn *pci_add_device_node_info(struct pci_controller *hose,
INIT_LIST_HEAD(&pdn->list);
parent = of_get_parent(dn);
pdn->parent = parent ? PCI_DN(parent) : NULL;
+ of_node_put(parent);
if (pdn->parent)
list_add_tail(&pdn->list, &pdn->parent->child_list);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 267/390] powerpc/powernv: add missing of_node_put() in opal_export_attrs()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (265 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 266/390] powerpc/pci_dn: " Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 268/390] x86/hyperv: Fix struct hv_enlightened_vmcs definition Greg Kroah-Hartman
` (128 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheng Yongjun, Michael Ellerman, Sasha Levin
From: Zheng Yongjun <zhengyongjun3@huawei.com>
[ Upstream commit 71a92e99c47900cc164620948b3863382cec4f1a ]
After using 'np' returned by of_find_node_by_path(), of_node_put()
need be called to decrease the refcount.
Fixes: 11fe909d2362 ("powerpc/powernv: Add OPAL exports attributes to sysfs")
Signed-off-by: Zheng Yongjun <zhengyongjun3@huawei.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220906141703.118192-1-zhengyongjun3@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/powernv/opal.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/platforms/powernv/opal.c b/arch/powerpc/platforms/powernv/opal.c
index c61c3b62c8c6..1d05c168c8fb 100644
--- a/arch/powerpc/platforms/powernv/opal.c
+++ b/arch/powerpc/platforms/powernv/opal.c
@@ -892,6 +892,7 @@ static void opal_export_attrs(void)
kobj = kobject_create_and_add("exports", opal_kobj);
if (!kobj) {
pr_warn("kobject_create_and_add() of exports failed\n");
+ of_node_put(np);
return;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 268/390] x86/hyperv: Fix struct hv_enlightened_vmcs definition
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (266 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 267/390] powerpc/powernv: add missing of_node_put() in opal_export_attrs() Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 269/390] powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5 Greg Kroah-Hartman
` (127 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxim Levitsky, Michael Kelley,
Vitaly Kuznetsov, Sean Christopherson, Paolo Bonzini,
Sasha Levin
From: Vitaly Kuznetsov <vkuznets@redhat.com>
[ Upstream commit ea9da788a61e47e7ab9cbad397453e51cd82ac0d ]
Section 1.9 of TLFS v6.0b says:
"All structures are padded in such a way that fields are aligned
naturally (that is, an 8-byte field is aligned to an offset of 8 bytes
and so on)".
'struct enlightened_vmcs' has a glitch:
...
struct {
u32 nested_flush_hypercall:1; /* 836: 0 4 */
u32 msr_bitmap:1; /* 836: 1 4 */
u32 reserved:30; /* 836: 2 4 */
} hv_enlightenments_control; /* 836 4 */
u32 hv_vp_id; /* 840 4 */
u64 hv_vm_id; /* 844 8 */
u64 partition_assist_page; /* 852 8 */
...
And the observed values in 'partition_assist_page' make no sense at
all. Fix the layout by padding the structure properly.
Fixes: 68d1eb72ee99 ("x86/hyper-v: define struct hv_enlightened_vmcs and clean field bits")
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Link: https://lore.kernel.org/r/20220830133737.1539624-2-vkuznets@redhat.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/hyperv-tlfs.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/include/asm/hyperv-tlfs.h b/arch/x86/include/asm/hyperv-tlfs.h
index 0ed20e8bba9e..ae7192b75136 100644
--- a/arch/x86/include/asm/hyperv-tlfs.h
+++ b/arch/x86/include/asm/hyperv-tlfs.h
@@ -474,7 +474,7 @@ struct hv_enlightened_vmcs {
u64 guest_rip;
u32 hv_clean_fields;
- u32 hv_padding_32;
+ u32 padding32_1;
u32 hv_synthetic_controls;
struct {
u32 nested_flush_hypercall:1;
@@ -482,7 +482,7 @@ struct hv_enlightened_vmcs {
u32 reserved:30;
} __packed hv_enlightenments_control;
u32 hv_vp_id;
-
+ u32 padding32_2;
u64 hv_vm_id;
u64 partition_assist_page;
u64 padding64_4[4];
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 269/390] powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (267 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 268/390] x86/hyperv: Fix struct hv_enlightened_vmcs definition Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 270/390] powerpc: Fix SPE Power ISA properties for e500v1 platforms Greg Kroah-Hartman
` (126 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicholas Piggin, Segher Boessenkool,
Michael Ellerman, Sasha Levin
From: Nicholas Piggin <npiggin@gmail.com>
[ Upstream commit 58ec7f06b74e0d6e76c4110afce367c8b5f0837d ]
Big-endian GENERIC_CPU supports 970, but builds with -mcpu=power5.
POWER5 is ISA v2.02 whereas 970 is v2.01 plus Altivec. 2.02 added
the popcntb instruction which a compiler might use.
Use -mcpu=power4.
Fixes: 471d7ff8b51b ("powerpc/64s: Remove POWER4 support")
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Segher Boessenkool <segher@kernel.crashing.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220921014103.587954-1-npiggin@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/Makefile b/arch/powerpc/Makefile
index 59175651f0b9..612254141296 100644
--- a/arch/powerpc/Makefile
+++ b/arch/powerpc/Makefile
@@ -153,7 +153,7 @@ CFLAGS-$(CONFIG_GENERIC_CPU) += -mcpu=power8
CFLAGS-$(CONFIG_GENERIC_CPU) += $(call cc-option,-mtune=power9,-mtune=power8)
else
CFLAGS-$(CONFIG_GENERIC_CPU) += $(call cc-option,-mtune=power7,$(call cc-option,-mtune=power5))
-CFLAGS-$(CONFIG_GENERIC_CPU) += $(call cc-option,-mcpu=power5,-mcpu=power4)
+CFLAGS-$(CONFIG_GENERIC_CPU) += -mcpu=power4
endif
else ifdef CONFIG_PPC_BOOK3E_64
CFLAGS-$(CONFIG_GENERIC_CPU) += -mcpu=powerpc64
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 270/390] powerpc: Fix SPE Power ISA properties for e500v1 platforms
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (268 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 269/390] powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5 Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 271/390] crypto: sahara - dont sleep when in softirq Greg Kroah-Hartman
` (125 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Michael Ellerman,
Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit 37b9345ce7f4ab17538ea62def6f6d430f091355 ]
Commit 2eb28006431c ("powerpc/e500v2: Add Power ISA properties to comply
with ePAPR 1.1") introduced new include file e500v2_power_isa.dtsi and
should have used it for all e500v2 platforms. But apparently it was used
also for e500v1 platforms mpc8540, mpc8541, mpc8555 and mpc8560.
e500v1 cores compared to e500v2 do not support double precision floating
point SPE instructions. Hence power-isa-sp.fd should not be set on e500v1
platforms, which is in e500v2_power_isa.dtsi include file.
Fix this issue by introducing a new e500v1_power_isa.dtsi include file and
use it in all e500v1 device tree files.
Fixes: 2eb28006431c ("powerpc/e500v2: Add Power ISA properties to comply with ePAPR 1.1")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220902212103.22534-1-pali@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../boot/dts/fsl/e500v1_power_isa.dtsi | 51 +++++++++++++++++++
arch/powerpc/boot/dts/fsl/mpc8540ads.dts | 2 +-
arch/powerpc/boot/dts/fsl/mpc8541cds.dts | 2 +-
arch/powerpc/boot/dts/fsl/mpc8555cds.dts | 2 +-
arch/powerpc/boot/dts/fsl/mpc8560ads.dts | 2 +-
5 files changed, 55 insertions(+), 4 deletions(-)
create mode 100644 arch/powerpc/boot/dts/fsl/e500v1_power_isa.dtsi
diff --git a/arch/powerpc/boot/dts/fsl/e500v1_power_isa.dtsi b/arch/powerpc/boot/dts/fsl/e500v1_power_isa.dtsi
new file mode 100644
index 000000000000..7e2a90cde72e
--- /dev/null
+++ b/arch/powerpc/boot/dts/fsl/e500v1_power_isa.dtsi
@@ -0,0 +1,51 @@
+/*
+ * e500v1 Power ISA Device Tree Source (include)
+ *
+ * Copyright 2012 Freescale Semiconductor Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of Freescale Semiconductor nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ *
+ * ALTERNATIVELY, this software may be distributed under the terms of the
+ * GNU General Public License ("GPL") as published by the Free Software
+ * Foundation, either version 2 of that License or (at your option) any
+ * later version.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Freescale Semiconductor "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL Freescale Semiconductor BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/ {
+ cpus {
+ power-isa-version = "2.03";
+ power-isa-b; // Base
+ power-isa-e; // Embedded
+ power-isa-atb; // Alternate Time Base
+ power-isa-cs; // Cache Specification
+ power-isa-e.le; // Embedded.Little-Endian
+ power-isa-e.pm; // Embedded.Performance Monitor
+ power-isa-ecl; // Embedded Cache Locking
+ power-isa-mmc; // Memory Coherence
+ power-isa-sp; // Signal Processing Engine
+ power-isa-sp.fs; // SPE.Embedded Float Scalar Single
+ power-isa-sp.fv; // SPE.Embedded Float Vector
+ mmu-type = "power-embedded";
+ };
+};
diff --git a/arch/powerpc/boot/dts/fsl/mpc8540ads.dts b/arch/powerpc/boot/dts/fsl/mpc8540ads.dts
index 18a885130538..e03ae130162b 100644
--- a/arch/powerpc/boot/dts/fsl/mpc8540ads.dts
+++ b/arch/powerpc/boot/dts/fsl/mpc8540ads.dts
@@ -7,7 +7,7 @@
/dts-v1/;
-/include/ "e500v2_power_isa.dtsi"
+/include/ "e500v1_power_isa.dtsi"
/ {
model = "MPC8540ADS";
diff --git a/arch/powerpc/boot/dts/fsl/mpc8541cds.dts b/arch/powerpc/boot/dts/fsl/mpc8541cds.dts
index ac381e7b1c60..a2a6c5cf852e 100644
--- a/arch/powerpc/boot/dts/fsl/mpc8541cds.dts
+++ b/arch/powerpc/boot/dts/fsl/mpc8541cds.dts
@@ -7,7 +7,7 @@
/dts-v1/;
-/include/ "e500v2_power_isa.dtsi"
+/include/ "e500v1_power_isa.dtsi"
/ {
model = "MPC8541CDS";
diff --git a/arch/powerpc/boot/dts/fsl/mpc8555cds.dts b/arch/powerpc/boot/dts/fsl/mpc8555cds.dts
index 9f58db2a7e66..901b6ff06dfb 100644
--- a/arch/powerpc/boot/dts/fsl/mpc8555cds.dts
+++ b/arch/powerpc/boot/dts/fsl/mpc8555cds.dts
@@ -7,7 +7,7 @@
/dts-v1/;
-/include/ "e500v2_power_isa.dtsi"
+/include/ "e500v1_power_isa.dtsi"
/ {
model = "MPC8555CDS";
diff --git a/arch/powerpc/boot/dts/fsl/mpc8560ads.dts b/arch/powerpc/boot/dts/fsl/mpc8560ads.dts
index a24722ccaebf..c2f9aea78b29 100644
--- a/arch/powerpc/boot/dts/fsl/mpc8560ads.dts
+++ b/arch/powerpc/boot/dts/fsl/mpc8560ads.dts
@@ -7,7 +7,7 @@
/dts-v1/;
-/include/ "e500v2_power_isa.dtsi"
+/include/ "e500v1_power_isa.dtsi"
/ {
model = "MPC8560ADS";
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 271/390] crypto: sahara - dont sleep when in softirq
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (269 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 270/390] powerpc: Fix SPE Power ISA properties for e500v1 platforms Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 272/390] crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr Greg Kroah-Hartman
` (124 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhengchao Shao, Herbert Xu, Sasha Levin
From: Zhengchao Shao <shaozhengchao@huawei.com>
[ Upstream commit 108586eba094b318e6a831f977f4ddcc403a15da ]
Function of sahara_aes_crypt maybe could be called by function
of crypto_skcipher_encrypt during the rx softirq, so it is not
allowed to use mutex lock.
Fixes: c0c3c89ae347 ("crypto: sahara - replace tasklets with...")
Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/sahara.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/drivers/crypto/sahara.c b/drivers/crypto/sahara.c
index d60679c79822..2043dd061121 100644
--- a/drivers/crypto/sahara.c
+++ b/drivers/crypto/sahara.c
@@ -25,10 +25,10 @@
#include <linux/kernel.h>
#include <linux/kthread.h>
#include <linux/module.h>
-#include <linux/mutex.h>
#include <linux/of.h>
#include <linux/of_device.h>
#include <linux/platform_device.h>
+#include <linux/spinlock.h>
#define SHA_BUFFER_LEN PAGE_SIZE
#define SAHARA_MAX_SHA_BLOCK_SIZE SHA256_BLOCK_SIZE
@@ -195,7 +195,7 @@ struct sahara_dev {
void __iomem *regs_base;
struct clk *clk_ipg;
struct clk *clk_ahb;
- struct mutex queue_mutex;
+ spinlock_t queue_spinlock;
struct task_struct *kthread;
struct completion dma_completion;
@@ -641,9 +641,9 @@ static int sahara_aes_crypt(struct skcipher_request *req, unsigned long mode)
rctx->mode = mode;
- mutex_lock(&dev->queue_mutex);
+ spin_lock_bh(&dev->queue_spinlock);
err = crypto_enqueue_request(&dev->queue, &req->base);
- mutex_unlock(&dev->queue_mutex);
+ spin_unlock_bh(&dev->queue_spinlock);
wake_up_process(dev->kthread);
@@ -1042,10 +1042,10 @@ static int sahara_queue_manage(void *data)
do {
__set_current_state(TASK_INTERRUPTIBLE);
- mutex_lock(&dev->queue_mutex);
+ spin_lock_bh(&dev->queue_spinlock);
backlog = crypto_get_backlog(&dev->queue);
async_req = crypto_dequeue_request(&dev->queue);
- mutex_unlock(&dev->queue_mutex);
+ spin_unlock_bh(&dev->queue_spinlock);
if (backlog)
backlog->complete(backlog, -EINPROGRESS);
@@ -1091,9 +1091,9 @@ static int sahara_sha_enqueue(struct ahash_request *req, int last)
rctx->first = 1;
}
- mutex_lock(&dev->queue_mutex);
+ spin_lock_bh(&dev->queue_spinlock);
ret = crypto_enqueue_request(&dev->queue, &req->base);
- mutex_unlock(&dev->queue_mutex);
+ spin_unlock_bh(&dev->queue_spinlock);
wake_up_process(dev->kthread);
@@ -1454,7 +1454,7 @@ static int sahara_probe(struct platform_device *pdev)
crypto_init_queue(&dev->queue, SAHARA_QUEUE_LENGTH);
- mutex_init(&dev->queue_mutex);
+ spin_lock_init(&dev->queue_spinlock);
dev_ptr = dev;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 272/390] crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (270 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 271/390] crypto: sahara - dont sleep when in softirq Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 273/390] hwrng: imx-rngc - Moving IRQ handler registering after imx_rngc_irq_mask_clear() Greg Kroah-Hartman
` (123 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ye Weihua, Herbert Xu, Sasha Levin
From: Ye Weihua <yeweihua4@huawei.com>
[ Upstream commit d74f9340097a881869c4c22ca376654cc2516ecc ]
KASAN reported this Bug:
[17619.659757] BUG: KASAN: global-out-of-bounds in param_get_int+0x34/0x60
[17619.673193] Read of size 4 at addr fffff01332d7ed00 by task read_all/1507958
...
[17619.698934] The buggy address belongs to the variable:
[17619.708371] sgl_sge_nr+0x0/0xffffffffffffa300 [hisi_zip]
There is a mismatch in hisi_zip when get/set the variable sgl_sge_nr.
The type of sgl_sge_nr is u16, and get/set sgl_sge_nr by
param_get/set_int.
Replacing param_get/set_int to param_get/set_ushort can fix this bug.
Fixes: f081fda293ffb ("crypto: hisilicon - add sgl_sge_nr module param for zip")
Signed-off-by: Ye Weihua <yeweihua4@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/hisilicon/zip/zip_crypto.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/hisilicon/zip/zip_crypto.c b/drivers/crypto/hisilicon/zip/zip_crypto.c
index 08b4660b014c..5db7cdea994a 100644
--- a/drivers/crypto/hisilicon/zip/zip_crypto.c
+++ b/drivers/crypto/hisilicon/zip/zip_crypto.c
@@ -107,12 +107,12 @@ static int sgl_sge_nr_set(const char *val, const struct kernel_param *kp)
if (ret || n == 0 || n > HISI_ACC_SGL_SGE_NR_MAX)
return -EINVAL;
- return param_set_int(val, kp);
+ return param_set_ushort(val, kp);
}
static const struct kernel_param_ops sgl_sge_nr_ops = {
.set = sgl_sge_nr_set,
- .get = param_get_int,
+ .get = param_get_ushort,
};
static u16 sgl_sge_nr = HZIP_SGL_SGE_NR;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 273/390] hwrng: imx-rngc - Moving IRQ handler registering after imx_rngc_irq_mask_clear()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (271 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 272/390] crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 274/390] cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset Greg Kroah-Hartman
` (122 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kshitiz Varshney, Herbert Xu, Sasha Levin
From: Kshitiz Varshney <kshitiz.varshney@nxp.com>
[ Upstream commit 10a2199caf437e893d9027d97700b3c6010048b7 ]
Issue:
While servicing interrupt, if the IRQ happens to be because of a SEED_DONE
due to a previous boot stage, you end up completing the completion
prematurely, hence causing kernel to crash while booting.
Fix:
Moving IRQ handler registering after imx_rngc_irq_mask_clear()
Fixes: 1d5449445bd0 (hwrng: mx-rngc - add a driver for Freescale RNGC)
Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/hw_random/imx-rngc.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
--- a/drivers/char/hw_random/imx-rngc.c
+++ b/drivers/char/hw_random/imx-rngc.c
@@ -272,13 +272,6 @@ static int imx_rngc_probe(struct platfor
goto err;
}
- ret = devm_request_irq(&pdev->dev,
- irq, imx_rngc_irq, 0, pdev->name, (void *)rngc);
- if (ret) {
- dev_err(rngc->dev, "Can't get interrupt working.\n");
- goto err;
- }
-
init_completion(&rngc->rng_op_done);
rngc->rng.name = pdev->name;
@@ -292,6 +285,13 @@ static int imx_rngc_probe(struct platfor
imx_rngc_irq_mask_clear(rngc);
+ ret = devm_request_irq(&pdev->dev,
+ irq, imx_rngc_irq, 0, pdev->name, (void *)rngc);
+ if (ret) {
+ dev_err(rngc->dev, "Can't get interrupt working.\n");
+ return ret;
+ }
+
if (self_test) {
ret = imx_rngc_self_test(rngc);
if (ret) {
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 274/390] cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (272 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 273/390] hwrng: imx-rngc - Moving IRQ handler registering after imx_rngc_irq_mask_clear() Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 275/390] iommu/omap: Fix buffer overflow in debugfs Greg Kroah-Hartman
` (121 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Waiman Long, Tejun Heo, Sasha Levin
From: Waiman Long <longman@redhat.com>
[ Upstream commit ec5fbdfb99d18482619ac42605cb80fbb56068ee ]
Previously, update_tasks_cpumask() is not supposed to be called with
top cpuset. With cpuset partition that takes CPUs away from the top
cpuset, adjusting the cpus_mask of the tasks in the top cpuset is
necessary. Percpu kthreads, however, are ignored.
Fixes: ee8dde0cd2ce ("cpuset: Add new v2 cpuset.sched.partition flag")
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/cgroup/cpuset.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c
index b7830f1f1f3a..43270b07b2e0 100644
--- a/kernel/cgroup/cpuset.c
+++ b/kernel/cgroup/cpuset.c
@@ -33,6 +33,7 @@
#include <linux/interrupt.h>
#include <linux/kernel.h>
#include <linux/kmod.h>
+#include <linux/kthread.h>
#include <linux/list.h>
#include <linux/mempolicy.h>
#include <linux/mm.h>
@@ -1059,10 +1060,18 @@ static void update_tasks_cpumask(struct cpuset *cs)
{
struct css_task_iter it;
struct task_struct *task;
+ bool top_cs = cs == &top_cpuset;
css_task_iter_start(&cs->css, 0, &it);
- while ((task = css_task_iter_next(&it)))
+ while ((task = css_task_iter_next(&it))) {
+ /*
+ * Percpu kthreads in top_cpuset are ignored
+ */
+ if (top_cs && (task->flags & PF_KTHREAD) &&
+ kthread_is_per_cpu(task))
+ continue;
set_cpus_allowed_ptr(task, cs->effective_cpus);
+ }
css_task_iter_end(&it);
}
@@ -2016,12 +2025,7 @@ static int update_prstate(struct cpuset *cs, int new_prs)
update_flag(CS_CPU_EXCLUSIVE, cs, 0);
}
- /*
- * Update cpumask of parent's tasks except when it is the top
- * cpuset as some system daemons cannot be mapped to other CPUs.
- */
- if (parent != &top_cpuset)
- update_tasks_cpumask(parent);
+ update_tasks_cpumask(parent);
if (parent->child_ecpus_count)
update_sibling_cpumasks(parent, cs, &tmpmask);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 275/390] iommu/omap: Fix buffer overflow in debugfs
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (273 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 274/390] cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 276/390] crypto: akcipher - default implementation for setting a private key Greg Kroah-Hartman
` (120 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Robin Murphy,
Laurent Pinchart, Joerg Roedel, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 184233a5202786b20220acd2d04ddf909ef18f29 ]
There are two issues here:
1) The "len" variable needs to be checked before the very first write.
Otherwise if omap2_iommu_dump_ctx() with "bytes" less than 32 it is a
buffer overflow.
2) The snprintf() function returns the number of bytes that *would* have
been copied if there were enough space. But we want to know the
number of bytes which were *actually* copied so use scnprintf()
instead.
Fixes: bd4396f09a4a ("iommu/omap: Consolidate OMAP IOMMU modules")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Robin Murphy <robin.murphy@arm.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Link: https://lore.kernel.org/r/YuvYh1JbE3v+abd5@kili
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/omap-iommu-debug.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/iommu/omap-iommu-debug.c b/drivers/iommu/omap-iommu-debug.c
index a99afb5d9011..259f65291d90 100644
--- a/drivers/iommu/omap-iommu-debug.c
+++ b/drivers/iommu/omap-iommu-debug.c
@@ -32,12 +32,12 @@ static inline bool is_omap_iommu_detached(struct omap_iommu *obj)
ssize_t bytes; \
const char *str = "%20s: %08x\n"; \
const int maxcol = 32; \
- bytes = snprintf(p, maxcol, str, __stringify(name), \
+ if (len < maxcol) \
+ goto out; \
+ bytes = scnprintf(p, maxcol, str, __stringify(name), \
iommu_read_reg(obj, MMU_##name)); \
p += bytes; \
len -= bytes; \
- if (len < maxcol) \
- goto out; \
} while (0)
static ssize_t
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 276/390] crypto: akcipher - default implementation for setting a private key
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (274 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 275/390] iommu/omap: Fix buffer overflow in debugfs Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 277/390] crypto: ccp - Release dma channels before dmaengine unrgister Greg Kroah-Hartman
` (119 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ignat Korchagin, Herbert Xu, Sasha Levin
From: Ignat Korchagin <ignat@cloudflare.com>
[ Upstream commit bc155c6c188c2f0c5749993b1405673d25a80389 ]
Changes from v1:
* removed the default implementation from set_pub_key: it is assumed that
an implementation must always have this callback defined as there are
no use case for an algorithm, which doesn't need a public key
Many akcipher implementations (like ECDSA) support only signature
verifications, so they don't have all callbacks defined.
Commit 78a0324f4a53 ("crypto: akcipher - default implementations for
request callbacks") introduced default callbacks for sign/verify
operations, which just return an error code.
However, these are not enough, because before calling sign the caller would
likely call set_priv_key first on the instantiated transform (as the
in-kernel testmgr does). This function does not have a default stub, so the
kernel crashes, when trying to set a private key on an akcipher, which
doesn't support signature generation.
I've noticed this, when trying to add a KAT vector for ECDSA signature to
the testmgr.
With this patch the testmgr returns an error in dmesg (as it should)
instead of crashing the kernel NULL ptr dereference.
Fixes: 78a0324f4a53 ("crypto: akcipher - default implementations for request callbacks")
Signed-off-by: Ignat Korchagin <ignat@cloudflare.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
crypto/akcipher.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/crypto/akcipher.c b/crypto/akcipher.c
index f866085c8a4a..ab975a420e1e 100644
--- a/crypto/akcipher.c
+++ b/crypto/akcipher.c
@@ -120,6 +120,12 @@ static int akcipher_default_op(struct akcipher_request *req)
return -ENOSYS;
}
+static int akcipher_default_set_key(struct crypto_akcipher *tfm,
+ const void *key, unsigned int keylen)
+{
+ return -ENOSYS;
+}
+
int crypto_register_akcipher(struct akcipher_alg *alg)
{
struct crypto_alg *base = &alg->base;
@@ -132,6 +138,8 @@ int crypto_register_akcipher(struct akcipher_alg *alg)
alg->encrypt = akcipher_default_op;
if (!alg->decrypt)
alg->decrypt = akcipher_default_op;
+ if (!alg->set_priv_key)
+ alg->set_priv_key = akcipher_default_set_key;
akcipher_prepare_alg(alg);
return crypto_register_alg(base);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 277/390] crypto: ccp - Release dma channels before dmaengine unrgister
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (275 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 276/390] crypto: akcipher - default implementation for setting a private key Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 278/390] crypto: inside-secure - Change swab to swab32 Greg Kroah-Hartman
` (118 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Koba Ko,
Tom Lendacky, Herbert Xu, Sasha Levin
From: Koba Ko <koba.ko@canonical.com>
[ Upstream commit 68dbe80f5b510c66c800b9e8055235c5b07e37d1 ]
A warning is shown during shutdown,
__dma_async_device_channel_unregister called while 2 clients hold a reference
WARNING: CPU: 15 PID: 1 at drivers/dma/dmaengine.c:1110 __dma_async_device_channel_unregister+0xb7/0xc0
Call dma_release_channel for occupied channles before dma_async_device_unregister.
Fixes: 54cce8ecb925 ("crypto: ccp - ccp_dmaengine_unregister release dma channels")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Koba Ko <koba.ko@canonical.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/ccp/ccp-dmaengine.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/ccp/ccp-dmaengine.c b/drivers/crypto/ccp/ccp-dmaengine.c
index b3eea329f840..b9299defb431 100644
--- a/drivers/crypto/ccp/ccp-dmaengine.c
+++ b/drivers/crypto/ccp/ccp-dmaengine.c
@@ -642,6 +642,10 @@ static void ccp_dma_release(struct ccp_device *ccp)
for (i = 0; i < ccp->cmd_q_count; i++) {
chan = ccp->ccp_dma_chan + i;
dma_chan = &chan->dma_chan;
+
+ if (dma_chan->client_count)
+ dma_release_channel(dma_chan);
+
tasklet_kill(&chan->cleanup_tasklet);
list_del_rcu(&dma_chan->device_node);
}
@@ -767,8 +771,8 @@ void ccp_dmaengine_unregister(struct ccp_device *ccp)
if (!dmaengine)
return;
- dma_async_device_unregister(dma_dev);
ccp_dma_release(ccp);
+ dma_async_device_unregister(dma_dev);
kmem_cache_destroy(ccp->dma_desc_cache);
kmem_cache_destroy(ccp->dma_cmd_cache);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 278/390] crypto: inside-secure - Change swab to swab32
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (276 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 277/390] crypto: ccp - Release dma channels before dmaengine unrgister Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 279/390] crypto: qat - fix use of dma_map_single Greg Kroah-Hartman
` (117 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Harliman Liem, Antoine Tenart,
Herbert Xu, Sasha Levin
From: Peter Harliman Liem <pliem@maxlinear.com>
[ Upstream commit 664593407e936b6438fbfaaf98876910fd31cf9a ]
The use of swab() is causing failures in 64-bit arch, as it
translates to __swab64() instead of the intended __swab32().
It eventually causes wrong results in xcbcmac & cmac algo.
Fixes: 78cf1c8bfcb8 ("crypto: inside-secure - Move ipad/opad into safexcel_context")
Signed-off-by: Peter Harliman Liem <pliem@maxlinear.com>
Acked-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/inside-secure/safexcel_hash.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/crypto/inside-secure/safexcel_hash.c b/drivers/crypto/inside-secure/safexcel_hash.c
index 56d5ccb5cc00..1c9af02eb63b 100644
--- a/drivers/crypto/inside-secure/safexcel_hash.c
+++ b/drivers/crypto/inside-secure/safexcel_hash.c
@@ -381,7 +381,7 @@ static int safexcel_ahash_send_req(struct crypto_async_request *async, int ring,
u32 x;
x = ipad[i] ^ ipad[i + 4];
- cache[i] ^= swab(x);
+ cache[i] ^= swab32(x);
}
}
cache_len = AES_BLOCK_SIZE;
@@ -819,7 +819,7 @@ static int safexcel_ahash_final(struct ahash_request *areq)
u32 *result = (void *)areq->result;
/* K3 */
- result[i] = swab(ctx->base.ipad.word[i + 4]);
+ result[i] = swab32(ctx->base.ipad.word[i + 4]);
}
areq->result[0] ^= 0x80; // 10- padding
crypto_cipher_encrypt_one(ctx->kaes, areq->result, areq->result);
@@ -2104,7 +2104,7 @@ static int safexcel_xcbcmac_setkey(struct crypto_ahash *tfm, const u8 *key,
crypto_cipher_encrypt_one(ctx->kaes, (u8 *)key_tmp + AES_BLOCK_SIZE,
"\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3");
for (i = 0; i < 3 * AES_BLOCK_SIZE / sizeof(u32); i++)
- ctx->base.ipad.word[i] = swab(key_tmp[i]);
+ ctx->base.ipad.word[i] = swab32(key_tmp[i]);
crypto_cipher_clear_flags(ctx->kaes, CRYPTO_TFM_REQ_MASK);
crypto_cipher_set_flags(ctx->kaes, crypto_ahash_get_flags(tfm) &
@@ -2187,7 +2187,7 @@ static int safexcel_cmac_setkey(struct crypto_ahash *tfm, const u8 *key,
return ret;
for (i = 0; i < len / sizeof(u32); i++)
- ctx->base.ipad.word[i + 8] = swab(aes.key_enc[i]);
+ ctx->base.ipad.word[i + 8] = swab32(aes.key_enc[i]);
/* precompute the CMAC key material */
crypto_cipher_clear_flags(ctx->kaes, CRYPTO_TFM_REQ_MASK);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 279/390] crypto: qat - fix use of dma_map_single
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (277 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 278/390] crypto: inside-secure - Change swab to swab32 Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 280/390] crypto: qat - use pre-allocated buffers in datapath Greg Kroah-Hartman
` (116 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hui Tang, kernel test robot,
Dan Carpenter, Herbert Xu, Sasha Levin
From: Hui Tang <tanghui20@huawei.com>
[ Upstream commit 7cc05071f930a631040fea16a41f9d78771edc49 ]
DMA_TO_DEVICE synchronisation must be done after the last modification
of the memory region by the software and before it is handed off to
the device.
Signed-off-by: Hui Tang <tanghui20@huawei.com>
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stable-dep-of: cf5bb835b7c8 ("crypto: qat - fix DMA transfer direction")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/qat/qat_common/qat_algs.c | 27 ++++++++++++------------
1 file changed, 14 insertions(+), 13 deletions(-)
diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
index 06abe1e2074e..8625e299d445 100644
--- a/drivers/crypto/qat/qat_common/qat_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_algs.c
@@ -669,8 +669,8 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
int n = sg_nents(sgl);
struct qat_alg_buf_list *bufl;
struct qat_alg_buf_list *buflout = NULL;
- dma_addr_t blp;
- dma_addr_t bloutp;
+ dma_addr_t blp = DMA_MAPPING_ERROR;
+ dma_addr_t bloutp = DMA_MAPPING_ERROR;
struct scatterlist *sg;
size_t sz_out, sz = struct_size(bufl, bufers, n + 1);
@@ -685,10 +685,6 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
for_each_sg(sgl, sg, n, i)
bufl->bufers[i].addr = DMA_MAPPING_ERROR;
- blp = dma_map_single(dev, bufl, sz, DMA_TO_DEVICE);
- if (unlikely(dma_mapping_error(dev, blp)))
- goto err_in;
-
for_each_sg(sgl, sg, n, i) {
int y = sg_nctr;
@@ -704,6 +700,9 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
sg_nctr++;
}
bufl->num_bufs = sg_nctr;
+ blp = dma_map_single(dev, bufl, sz, DMA_TO_DEVICE);
+ if (unlikely(dma_mapping_error(dev, blp)))
+ goto err_in;
qat_req->buf.bl = bufl;
qat_req->buf.blp = blp;
qat_req->buf.sz = sz;
@@ -723,9 +722,6 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
for_each_sg(sglout, sg, n, i)
bufers[i].addr = DMA_MAPPING_ERROR;
- bloutp = dma_map_single(dev, buflout, sz_out, DMA_TO_DEVICE);
- if (unlikely(dma_mapping_error(dev, bloutp)))
- goto err_out;
for_each_sg(sglout, sg, n, i) {
int y = sg_nctr;
@@ -742,6 +738,9 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
}
buflout->num_bufs = sg_nctr;
buflout->num_mapped_bufs = sg_nctr;
+ bloutp = dma_map_single(dev, buflout, sz_out, DMA_TO_DEVICE);
+ if (unlikely(dma_mapping_error(dev, bloutp)))
+ goto err_out;
qat_req->buf.blout = buflout;
qat_req->buf.bloutp = bloutp;
qat_req->buf.sz_out = sz_out;
@@ -753,17 +752,21 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
return 0;
err_out:
+ if (!dma_mapping_error(dev, bloutp))
+ dma_unmap_single(dev, bloutp, sz_out, DMA_TO_DEVICE);
+
n = sg_nents(sglout);
for (i = 0; i < n; i++)
if (!dma_mapping_error(dev, buflout->bufers[i].addr))
dma_unmap_single(dev, buflout->bufers[i].addr,
buflout->bufers[i].len,
DMA_BIDIRECTIONAL);
- if (!dma_mapping_error(dev, bloutp))
- dma_unmap_single(dev, bloutp, sz_out, DMA_TO_DEVICE);
kfree(buflout);
err_in:
+ if (!dma_mapping_error(dev, blp))
+ dma_unmap_single(dev, blp, sz, DMA_TO_DEVICE);
+
n = sg_nents(sgl);
for (i = 0; i < n; i++)
if (!dma_mapping_error(dev, bufl->bufers[i].addr))
@@ -771,8 +774,6 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
bufl->bufers[i].len,
DMA_BIDIRECTIONAL);
- if (!dma_mapping_error(dev, blp))
- dma_unmap_single(dev, blp, sz, DMA_TO_DEVICE);
kfree(bufl);
dev_err(dev, "Failed to map buf for dma\n");
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 280/390] crypto: qat - use pre-allocated buffers in datapath
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (278 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 279/390] crypto: qat - fix use of dma_map_single Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 281/390] crypto: qat - fix DMA transfer direction Greg Kroah-Hartman
` (115 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mikulas Patocka, Giovanni Cabiddu,
Marco Chiappero, Wojciech Ziemba, Herbert Xu, Sasha Levin
From: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
[ Upstream commit e0831e7af4e03f2715de102e18e9179ec0a81562 ]
In order to do DMAs, the QAT device requires that the scatterlist
structures are mapped and translated into a format that the firmware can
understand. This is defined as the composition of a scatter gather list
(SGL) descriptor header, the struct qat_alg_buf_list, plus a variable
number of flat buffer descriptors, the struct qat_alg_buf.
The allocation and mapping of these data structures is done each time a
request is received from the skcipher and aead APIs.
In an OOM situation, this behaviour might lead to a dead-lock if an
allocation fails.
Based on the conversation in [1], increase the size of the aead and
skcipher request contexts to include an SGL descriptor that can handle
a maximum of 4 flat buffers.
If requests exceed 4 entries buffers, memory is allocated dynamically.
[1] https://lore.kernel.org/linux-crypto/20200722072932.GA27544@gondor.apana.org.au/
Cc: stable@vger.kernel.org
Fixes: d370cec32194 ("crypto: qat - Intel(R) QAT crypto interface")
Reported-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stable-dep-of: cf5bb835b7c8 ("crypto: qat - fix DMA transfer direction")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/qat/qat_common/qat_algs.c | 64 +++++++++++++---------
drivers/crypto/qat/qat_common/qat_crypto.h | 24 ++++++++
2 files changed, 61 insertions(+), 27 deletions(-)
diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
index 8625e299d445..2e2c2ac53609 100644
--- a/drivers/crypto/qat/qat_common/qat_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_algs.c
@@ -34,19 +34,6 @@
static DEFINE_MUTEX(algs_lock);
static unsigned int active_devs;
-struct qat_alg_buf {
- u32 len;
- u32 resrvd;
- u64 addr;
-} __packed;
-
-struct qat_alg_buf_list {
- u64 resrvd;
- u32 num_bufs;
- u32 num_mapped_bufs;
- struct qat_alg_buf bufers[];
-} __packed __aligned(64);
-
/* Common content descriptor */
struct qat_alg_cd {
union {
@@ -644,7 +631,10 @@ static void qat_alg_free_bufl(struct qat_crypto_instance *inst,
bl->bufers[i].len, DMA_BIDIRECTIONAL);
dma_unmap_single(dev, blp, sz, DMA_TO_DEVICE);
- kfree(bl);
+
+ if (!qat_req->buf.sgl_src_valid)
+ kfree(bl);
+
if (blp != blpout) {
/* If out of place operation dma unmap only data */
int bufless = blout->num_bufs - blout->num_mapped_bufs;
@@ -655,7 +645,9 @@ static void qat_alg_free_bufl(struct qat_crypto_instance *inst,
DMA_BIDIRECTIONAL);
}
dma_unmap_single(dev, blpout, sz_out, DMA_TO_DEVICE);
- kfree(blout);
+
+ if (!qat_req->buf.sgl_dst_valid)
+ kfree(blout);
}
}
@@ -672,15 +664,24 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
dma_addr_t blp = DMA_MAPPING_ERROR;
dma_addr_t bloutp = DMA_MAPPING_ERROR;
struct scatterlist *sg;
- size_t sz_out, sz = struct_size(bufl, bufers, n + 1);
+ size_t sz_out, sz = struct_size(bufl, bufers, n);
+ int node = dev_to_node(&GET_DEV(inst->accel_dev));
if (unlikely(!n))
return -EINVAL;
- bufl = kzalloc_node(sz, GFP_ATOMIC,
- dev_to_node(&GET_DEV(inst->accel_dev)));
- if (unlikely(!bufl))
- return -ENOMEM;
+ qat_req->buf.sgl_src_valid = false;
+ qat_req->buf.sgl_dst_valid = false;
+
+ if (n > QAT_MAX_BUFF_DESC) {
+ bufl = kzalloc_node(sz, GFP_ATOMIC, node);
+ if (unlikely(!bufl))
+ return -ENOMEM;
+ } else {
+ bufl = &qat_req->buf.sgl_src.sgl_hdr;
+ memset(bufl, 0, sizeof(struct qat_alg_buf_list));
+ qat_req->buf.sgl_src_valid = true;
+ }
for_each_sg(sgl, sg, n, i)
bufl->bufers[i].addr = DMA_MAPPING_ERROR;
@@ -711,12 +712,18 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
struct qat_alg_buf *bufers;
n = sg_nents(sglout);
- sz_out = struct_size(buflout, bufers, n + 1);
+ sz_out = struct_size(buflout, bufers, n);
sg_nctr = 0;
- buflout = kzalloc_node(sz_out, GFP_ATOMIC,
- dev_to_node(&GET_DEV(inst->accel_dev)));
- if (unlikely(!buflout))
- goto err_in;
+
+ if (n > QAT_MAX_BUFF_DESC) {
+ buflout = kzalloc_node(sz_out, GFP_ATOMIC, node);
+ if (unlikely(!buflout))
+ goto err_in;
+ } else {
+ buflout = &qat_req->buf.sgl_dst.sgl_hdr;
+ memset(buflout, 0, sizeof(struct qat_alg_buf_list));
+ qat_req->buf.sgl_dst_valid = true;
+ }
bufers = buflout->bufers;
for_each_sg(sglout, sg, n, i)
@@ -761,7 +768,9 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
dma_unmap_single(dev, buflout->bufers[i].addr,
buflout->bufers[i].len,
DMA_BIDIRECTIONAL);
- kfree(buflout);
+
+ if (!qat_req->buf.sgl_dst_valid)
+ kfree(buflout);
err_in:
if (!dma_mapping_error(dev, blp))
@@ -774,7 +783,8 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
bufl->bufers[i].len,
DMA_BIDIRECTIONAL);
- kfree(bufl);
+ if (!qat_req->buf.sgl_src_valid)
+ kfree(bufl);
dev_err(dev, "Failed to map buf for dma\n");
return -ENOMEM;
diff --git a/drivers/crypto/qat/qat_common/qat_crypto.h b/drivers/crypto/qat/qat_common/qat_crypto.h
index 12682d1e9f5f..5f9328201ba4 100644
--- a/drivers/crypto/qat/qat_common/qat_crypto.h
+++ b/drivers/crypto/qat/qat_common/qat_crypto.h
@@ -20,6 +20,26 @@ struct qat_crypto_instance {
atomic_t refctr;
};
+#define QAT_MAX_BUFF_DESC 4
+
+struct qat_alg_buf {
+ u32 len;
+ u32 resrvd;
+ u64 addr;
+} __packed;
+
+struct qat_alg_buf_list {
+ u64 resrvd;
+ u32 num_bufs;
+ u32 num_mapped_bufs;
+ struct qat_alg_buf bufers[];
+} __packed;
+
+struct qat_alg_fixed_buf_list {
+ struct qat_alg_buf_list sgl_hdr;
+ struct qat_alg_buf descriptors[QAT_MAX_BUFF_DESC];
+} __packed __aligned(64);
+
struct qat_crypto_request_buffs {
struct qat_alg_buf_list *bl;
dma_addr_t blp;
@@ -27,6 +47,10 @@ struct qat_crypto_request_buffs {
dma_addr_t bloutp;
size_t sz;
size_t sz_out;
+ bool sgl_src_valid;
+ bool sgl_dst_valid;
+ struct qat_alg_fixed_buf_list sgl_src;
+ struct qat_alg_fixed_buf_list sgl_dst;
};
struct qat_crypto_request;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 281/390] crypto: qat - fix DMA transfer direction
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (279 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 280/390] crypto: qat - use pre-allocated buffers in datapath Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 282/390] iommu/iova: Fix module config properly Greg Kroah-Hartman
` (114 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Damian Muszynski, Giovanni Cabiddu,
Herbert Xu, Sasha Levin
From: Damian Muszynski <damian.muszynski@intel.com>
[ Upstream commit cf5bb835b7c8a5fee7f26455099cca7feb57f5e9 ]
When CONFIG_DMA_API_DEBUG is selected, while running the crypto self
test on the QAT crypto algorithms, the function add_dma_entry() reports
a warning similar to the one below, saying that overlapping mappings
are not supported. This occurs in tests where the input and the output
scatter list point to the same buffers (i.e. two different scatter lists
which point to the same chunks of memory).
The logic that implements the mapping uses the flag DMA_BIDIRECTIONAL
for both the input and the output scatter lists which leads to
overlapped write mappings. These are not supported by the DMA layer.
Fix by specifying the correct DMA transfer directions when mapping
buffers. For in-place operations where the input scatter list
matches the output scatter list, buffers are mapped once with
DMA_BIDIRECTIONAL, otherwise input buffers are mapped using the flag
DMA_TO_DEVICE and output buffers are mapped with DMA_FROM_DEVICE.
Overlapping a read mapping with a write mapping is a valid case in
dma-coherent devices like QAT.
The function that frees and unmaps the buffers, qat_alg_free_bufl()
has been changed accordingly to the changes to the mapping function.
DMA-API: 4xxx 0000:06:00.0: cacheline tracking EEXIST, overlapping mappings aren't supported
WARNING: CPU: 53 PID: 4362 at kernel/dma/debug.c:570 add_dma_entry+0x1e9/0x270
...
Call Trace:
dma_map_page_attrs+0x82/0x2d0
? preempt_count_add+0x6a/0xa0
qat_alg_sgl_to_bufl+0x45b/0x990 [intel_qat]
qat_alg_aead_dec+0x71/0x250 [intel_qat]
crypto_aead_decrypt+0x3d/0x70
test_aead_vec_cfg+0x649/0x810
? number+0x310/0x3a0
? vsnprintf+0x2a3/0x550
? scnprintf+0x42/0x70
? valid_sg_divisions.constprop.0+0x86/0xa0
? test_aead_vec+0xdf/0x120
test_aead_vec+0xdf/0x120
alg_test_aead+0x185/0x400
alg_test+0x3d8/0x500
? crypto_acomp_scomp_free_ctx+0x30/0x30
? __schedule+0x32a/0x12a0
? ttwu_queue_wakelist+0xbf/0x110
? _raw_spin_unlock_irqrestore+0x23/0x40
? try_to_wake_up+0x83/0x570
? _raw_spin_unlock_irqrestore+0x23/0x40
? __set_cpus_allowed_ptr_locked+0xea/0x1b0
? crypto_acomp_scomp_free_ctx+0x30/0x30
cryptomgr_test+0x27/0x50
kthread+0xe6/0x110
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x1f/0x30
Fixes: d370cec ("crypto: qat - Intel(R) QAT crypto interface")
Link: https://lore.kernel.org/linux-crypto/20220223080400.139367-1-gilad@benyossef.com/
Signed-off-by: Damian Muszynski <damian.muszynski@intel.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/qat/qat_common/qat_algs.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
index 2e2c2ac53609..5b71768fc0c7 100644
--- a/drivers/crypto/qat/qat_common/qat_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_algs.c
@@ -624,11 +624,14 @@ static void qat_alg_free_bufl(struct qat_crypto_instance *inst,
dma_addr_t blpout = qat_req->buf.bloutp;
size_t sz = qat_req->buf.sz;
size_t sz_out = qat_req->buf.sz_out;
+ int bl_dma_dir;
int i;
+ bl_dma_dir = blp != blpout ? DMA_TO_DEVICE : DMA_BIDIRECTIONAL;
+
for (i = 0; i < bl->num_bufs; i++)
dma_unmap_single(dev, bl->bufers[i].addr,
- bl->bufers[i].len, DMA_BIDIRECTIONAL);
+ bl->bufers[i].len, bl_dma_dir);
dma_unmap_single(dev, blp, sz, DMA_TO_DEVICE);
@@ -642,7 +645,7 @@ static void qat_alg_free_bufl(struct qat_crypto_instance *inst,
for (i = bufless; i < blout->num_bufs; i++) {
dma_unmap_single(dev, blout->bufers[i].addr,
blout->bufers[i].len,
- DMA_BIDIRECTIONAL);
+ DMA_FROM_DEVICE);
}
dma_unmap_single(dev, blpout, sz_out, DMA_TO_DEVICE);
@@ -666,6 +669,7 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
struct scatterlist *sg;
size_t sz_out, sz = struct_size(bufl, bufers, n);
int node = dev_to_node(&GET_DEV(inst->accel_dev));
+ int bufl_dma_dir;
if (unlikely(!n))
return -EINVAL;
@@ -683,6 +687,8 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
qat_req->buf.sgl_src_valid = true;
}
+ bufl_dma_dir = sgl != sglout ? DMA_TO_DEVICE : DMA_BIDIRECTIONAL;
+
for_each_sg(sgl, sg, n, i)
bufl->bufers[i].addr = DMA_MAPPING_ERROR;
@@ -694,7 +700,7 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
bufl->bufers[y].addr = dma_map_single(dev, sg_virt(sg),
sg->length,
- DMA_BIDIRECTIONAL);
+ bufl_dma_dir);
bufl->bufers[y].len = sg->length;
if (unlikely(dma_mapping_error(dev, bufl->bufers[y].addr)))
goto err_in;
@@ -737,7 +743,7 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
bufers[y].addr = dma_map_single(dev, sg_virt(sg),
sg->length,
- DMA_BIDIRECTIONAL);
+ DMA_FROM_DEVICE);
if (unlikely(dma_mapping_error(dev, bufers[y].addr)))
goto err_out;
bufers[y].len = sg->length;
@@ -767,7 +773,7 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
if (!dma_mapping_error(dev, buflout->bufers[i].addr))
dma_unmap_single(dev, buflout->bufers[i].addr,
buflout->bufers[i].len,
- DMA_BIDIRECTIONAL);
+ DMA_FROM_DEVICE);
if (!qat_req->buf.sgl_dst_valid)
kfree(buflout);
@@ -781,7 +787,7 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
if (!dma_mapping_error(dev, bufl->bufers[i].addr))
dma_unmap_single(dev, bufl->bufers[i].addr,
bufl->bufers[i].len,
- DMA_BIDIRECTIONAL);
+ bufl_dma_dir);
if (!qat_req->buf.sgl_src_valid)
kfree(bufl);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 282/390] iommu/iova: Fix module config properly
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (280 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 281/390] crypto: qat - fix DMA transfer direction Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` Greg Kroah-Hartman
` (113 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thierry Reding, John Garry,
Robin Murphy, Thierry Reding, Joerg Roedel, Sasha Levin
From: Robin Murphy <robin.murphy@arm.com>
[ Upstream commit 4f58330fcc8482aa90674e1f40f601e82f18ed4a ]
IOMMU_IOVA is intended to be an optional library for users to select as
and when they desire. Since it can be a module now, this means that
built-in code which has chosen not to select it should not fail to link
if it happens to have selected as a module by someone else. Replace
IS_ENABLED() with IS_REACHABLE() to do the right thing.
CC: Thierry Reding <thierry.reding@gmail.com>
Reported-by: John Garry <john.garry@huawei.com>
Fixes: 15bbdec3931e ("iommu: Make the iova library a module")
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Reviewed-by: Thierry Reding <treding@nvidia.com>
Link: https://lore.kernel.org/r/548c2f683ca379aface59639a8f0cccc3a1ac050.1663069227.git.robin.murphy@arm.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/iova.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/iova.h b/include/linux/iova.h
index a0637abffee8..6c19b09e9663 100644
--- a/include/linux/iova.h
+++ b/include/linux/iova.h
@@ -132,7 +132,7 @@ static inline unsigned long iova_pfn(struct iova_domain *iovad, dma_addr_t iova)
return iova >> iova_shift(iovad);
}
-#if IS_ENABLED(CONFIG_IOMMU_IOVA)
+#if IS_REACHABLE(CONFIG_IOMMU_IOVA)
int iova_cache_get(void);
void iova_cache_put(void);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 283/390] tracing: kprobe: Fix kprobe event gen test module on exit
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 002/390] ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() Greg Kroah-Hartman
` (394 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, linux-riscv, mingo, paul.walmsley,
palmer, aou, zanussi, liaochang1, chris.zjh, Yipeng Zou,
Masami Hiramatsu (Google), Steven Rostedt (Google),
Sasha Levin
From: Yipeng Zou <zouyipeng@huawei.com>
[ Upstream commit ac48e189527fae87253ef2bf58892e782fb36874 ]
Correct gen_kretprobe_test clr event para on module exit.
This will make it can't to delete.
Link: https://lkml.kernel.org/r/20220919125629.238242-2-zouyipeng@huawei.com
Cc: <linux-riscv@lists.infradead.org>
Cc: <mingo@redhat.com>
Cc: <paul.walmsley@sifive.com>
Cc: <palmer@dabbelt.com>
Cc: <aou@eecs.berkeley.edu>
Cc: <zanussi@kernel.org>
Cc: <liaochang1@huawei.com>
Cc: <chris.zjh@huawei.com>
Fixes: 64836248dda2 ("tracing: Add kprobe event command generation test module")
Signed-off-by: Yipeng Zou <zouyipeng@huawei.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/kprobe_event_gen_test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/trace/kprobe_event_gen_test.c b/kernel/trace/kprobe_event_gen_test.c
index 18b0f1cbb947..e023154be0f8 100644
--- a/kernel/trace/kprobe_event_gen_test.c
+++ b/kernel/trace/kprobe_event_gen_test.c
@@ -206,7 +206,7 @@ static void __exit kprobe_event_gen_test_exit(void)
WARN_ON(kprobe_event_delete("gen_kprobe_test"));
/* Disable the event or you can't remove it */
- WARN_ON(trace_array_set_clr_event(gen_kprobe_test->tr,
+ WARN_ON(trace_array_set_clr_event(gen_kretprobe_test->tr,
"kprobes",
"gen_kretprobe_test", false));
--
2.35.1
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 283/390] tracing: kprobe: Fix kprobe event gen test module on exit
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
0 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, linux-riscv, mingo, paul.walmsley,
palmer, aou, zanussi, liaochang1, chris.zjh, Yipeng Zou,
Masami Hiramatsu (Google), Steven Rostedt (Google),
Sasha Levin
From: Yipeng Zou <zouyipeng@huawei.com>
[ Upstream commit ac48e189527fae87253ef2bf58892e782fb36874 ]
Correct gen_kretprobe_test clr event para on module exit.
This will make it can't to delete.
Link: https://lkml.kernel.org/r/20220919125629.238242-2-zouyipeng@huawei.com
Cc: <linux-riscv@lists.infradead.org>
Cc: <mingo@redhat.com>
Cc: <paul.walmsley@sifive.com>
Cc: <palmer@dabbelt.com>
Cc: <aou@eecs.berkeley.edu>
Cc: <zanussi@kernel.org>
Cc: <liaochang1@huawei.com>
Cc: <chris.zjh@huawei.com>
Fixes: 64836248dda2 ("tracing: Add kprobe event command generation test module")
Signed-off-by: Yipeng Zou <zouyipeng@huawei.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/kprobe_event_gen_test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/trace/kprobe_event_gen_test.c b/kernel/trace/kprobe_event_gen_test.c
index 18b0f1cbb947..e023154be0f8 100644
--- a/kernel/trace/kprobe_event_gen_test.c
+++ b/kernel/trace/kprobe_event_gen_test.c
@@ -206,7 +206,7 @@ static void __exit kprobe_event_gen_test_exit(void)
WARN_ON(kprobe_event_delete("gen_kprobe_test"));
/* Disable the event or you can't remove it */
- WARN_ON(trace_array_set_clr_event(gen_kprobe_test->tr,
+ WARN_ON(trace_array_set_clr_event(gen_kretprobe_test->tr,
"kprobes",
"gen_kretprobe_test", false));
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 284/390] tracing: kprobe: Make gen test module work in arm and riscv
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 002/390] ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() Greg Kroah-Hartman
` (394 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, linux-riscv, mingo, paul.walmsley,
palmer, aou, zanussi, liaochang1, chris.zjh, Yipeng Zou,
Masami Hiramatsu (Google), Steven Rostedt (Google),
Sasha Levin
From: Yipeng Zou <zouyipeng@huawei.com>
[ Upstream commit d8ef45d66c01425ff748e13ef7dd1da7a91cc93c ]
For now, this selftest module can only work in x86 because of the
kprobe cmd was fixed use of x86 registers.
This patch adapted to register names under arm and riscv, So that
this module can be worked on those platform.
Link: https://lkml.kernel.org/r/20220919125629.238242-3-zouyipeng@huawei.com
Cc: <linux-riscv@lists.infradead.org>
Cc: <mingo@redhat.com>
Cc: <paul.walmsley@sifive.com>
Cc: <palmer@dabbelt.com>
Cc: <aou@eecs.berkeley.edu>
Cc: <zanussi@kernel.org>
Cc: <liaochang1@huawei.com>
Cc: <chris.zjh@huawei.com>
Fixes: 64836248dda2 ("tracing: Add kprobe event command generation test module")
Signed-off-by: Yipeng Zou <zouyipeng@huawei.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/kprobe_event_gen_test.c | 47 +++++++++++++++++++++++++---
1 file changed, 43 insertions(+), 4 deletions(-)
diff --git a/kernel/trace/kprobe_event_gen_test.c b/kernel/trace/kprobe_event_gen_test.c
index e023154be0f8..80e04a1e1977 100644
--- a/kernel/trace/kprobe_event_gen_test.c
+++ b/kernel/trace/kprobe_event_gen_test.c
@@ -35,6 +35,45 @@
static struct trace_event_file *gen_kprobe_test;
static struct trace_event_file *gen_kretprobe_test;
+#define KPROBE_GEN_TEST_FUNC "do_sys_open"
+
+/* X86 */
+#if defined(CONFIG_X86_64) || defined(CONFIG_X86_32)
+#define KPROBE_GEN_TEST_ARG0 "dfd=%ax"
+#define KPROBE_GEN_TEST_ARG1 "filename=%dx"
+#define KPROBE_GEN_TEST_ARG2 "flags=%cx"
+#define KPROBE_GEN_TEST_ARG3 "mode=+4($stack)"
+
+/* ARM64 */
+#elif defined(CONFIG_ARM64)
+#define KPROBE_GEN_TEST_ARG0 "dfd=%x0"
+#define KPROBE_GEN_TEST_ARG1 "filename=%x1"
+#define KPROBE_GEN_TEST_ARG2 "flags=%x2"
+#define KPROBE_GEN_TEST_ARG3 "mode=%x3"
+
+/* ARM */
+#elif defined(CONFIG_ARM)
+#define KPROBE_GEN_TEST_ARG0 "dfd=%r0"
+#define KPROBE_GEN_TEST_ARG1 "filename=%r1"
+#define KPROBE_GEN_TEST_ARG2 "flags=%r2"
+#define KPROBE_GEN_TEST_ARG3 "mode=%r3"
+
+/* RISCV */
+#elif defined(CONFIG_RISCV)
+#define KPROBE_GEN_TEST_ARG0 "dfd=%a0"
+#define KPROBE_GEN_TEST_ARG1 "filename=%a1"
+#define KPROBE_GEN_TEST_ARG2 "flags=%a2"
+#define KPROBE_GEN_TEST_ARG3 "mode=%a3"
+
+/* others */
+#else
+#define KPROBE_GEN_TEST_ARG0 NULL
+#define KPROBE_GEN_TEST_ARG1 NULL
+#define KPROBE_GEN_TEST_ARG2 NULL
+#define KPROBE_GEN_TEST_ARG3 NULL
+#endif
+
+
/*
* Test to make sure we can create a kprobe event, then add more
* fields.
@@ -58,14 +97,14 @@ static int __init test_gen_kprobe_cmd(void)
* fields.
*/
ret = kprobe_event_gen_cmd_start(&cmd, "gen_kprobe_test",
- "do_sys_open",
- "dfd=%ax", "filename=%dx");
+ KPROBE_GEN_TEST_FUNC,
+ KPROBE_GEN_TEST_ARG0, KPROBE_GEN_TEST_ARG1);
if (ret)
goto free;
/* Use kprobe_event_add_fields to add the rest of the fields */
- ret = kprobe_event_add_fields(&cmd, "flags=%cx", "mode=+4($stack)");
+ ret = kprobe_event_add_fields(&cmd, KPROBE_GEN_TEST_ARG2, KPROBE_GEN_TEST_ARG3);
if (ret)
goto free;
@@ -128,7 +167,7 @@ static int __init test_gen_kretprobe_cmd(void)
* Define the kretprobe event.
*/
ret = kretprobe_event_gen_cmd_start(&cmd, "gen_kretprobe_test",
- "do_sys_open",
+ KPROBE_GEN_TEST_FUNC,
"$retval");
if (ret)
goto free;
--
2.35.1
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 284/390] tracing: kprobe: Make gen test module work in arm and riscv
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
0 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, linux-riscv, mingo, paul.walmsley,
palmer, aou, zanussi, liaochang1, chris.zjh, Yipeng Zou,
Masami Hiramatsu (Google), Steven Rostedt (Google),
Sasha Levin
From: Yipeng Zou <zouyipeng@huawei.com>
[ Upstream commit d8ef45d66c01425ff748e13ef7dd1da7a91cc93c ]
For now, this selftest module can only work in x86 because of the
kprobe cmd was fixed use of x86 registers.
This patch adapted to register names under arm and riscv, So that
this module can be worked on those platform.
Link: https://lkml.kernel.org/r/20220919125629.238242-3-zouyipeng@huawei.com
Cc: <linux-riscv@lists.infradead.org>
Cc: <mingo@redhat.com>
Cc: <paul.walmsley@sifive.com>
Cc: <palmer@dabbelt.com>
Cc: <aou@eecs.berkeley.edu>
Cc: <zanussi@kernel.org>
Cc: <liaochang1@huawei.com>
Cc: <chris.zjh@huawei.com>
Fixes: 64836248dda2 ("tracing: Add kprobe event command generation test module")
Signed-off-by: Yipeng Zou <zouyipeng@huawei.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/kprobe_event_gen_test.c | 47 +++++++++++++++++++++++++---
1 file changed, 43 insertions(+), 4 deletions(-)
diff --git a/kernel/trace/kprobe_event_gen_test.c b/kernel/trace/kprobe_event_gen_test.c
index e023154be0f8..80e04a1e1977 100644
--- a/kernel/trace/kprobe_event_gen_test.c
+++ b/kernel/trace/kprobe_event_gen_test.c
@@ -35,6 +35,45 @@
static struct trace_event_file *gen_kprobe_test;
static struct trace_event_file *gen_kretprobe_test;
+#define KPROBE_GEN_TEST_FUNC "do_sys_open"
+
+/* X86 */
+#if defined(CONFIG_X86_64) || defined(CONFIG_X86_32)
+#define KPROBE_GEN_TEST_ARG0 "dfd=%ax"
+#define KPROBE_GEN_TEST_ARG1 "filename=%dx"
+#define KPROBE_GEN_TEST_ARG2 "flags=%cx"
+#define KPROBE_GEN_TEST_ARG3 "mode=+4($stack)"
+
+/* ARM64 */
+#elif defined(CONFIG_ARM64)
+#define KPROBE_GEN_TEST_ARG0 "dfd=%x0"
+#define KPROBE_GEN_TEST_ARG1 "filename=%x1"
+#define KPROBE_GEN_TEST_ARG2 "flags=%x2"
+#define KPROBE_GEN_TEST_ARG3 "mode=%x3"
+
+/* ARM */
+#elif defined(CONFIG_ARM)
+#define KPROBE_GEN_TEST_ARG0 "dfd=%r0"
+#define KPROBE_GEN_TEST_ARG1 "filename=%r1"
+#define KPROBE_GEN_TEST_ARG2 "flags=%r2"
+#define KPROBE_GEN_TEST_ARG3 "mode=%r3"
+
+/* RISCV */
+#elif defined(CONFIG_RISCV)
+#define KPROBE_GEN_TEST_ARG0 "dfd=%a0"
+#define KPROBE_GEN_TEST_ARG1 "filename=%a1"
+#define KPROBE_GEN_TEST_ARG2 "flags=%a2"
+#define KPROBE_GEN_TEST_ARG3 "mode=%a3"
+
+/* others */
+#else
+#define KPROBE_GEN_TEST_ARG0 NULL
+#define KPROBE_GEN_TEST_ARG1 NULL
+#define KPROBE_GEN_TEST_ARG2 NULL
+#define KPROBE_GEN_TEST_ARG3 NULL
+#endif
+
+
/*
* Test to make sure we can create a kprobe event, then add more
* fields.
@@ -58,14 +97,14 @@ static int __init test_gen_kprobe_cmd(void)
* fields.
*/
ret = kprobe_event_gen_cmd_start(&cmd, "gen_kprobe_test",
- "do_sys_open",
- "dfd=%ax", "filename=%dx");
+ KPROBE_GEN_TEST_FUNC,
+ KPROBE_GEN_TEST_ARG0, KPROBE_GEN_TEST_ARG1);
if (ret)
goto free;
/* Use kprobe_event_add_fields to add the rest of the fields */
- ret = kprobe_event_add_fields(&cmd, "flags=%cx", "mode=+4($stack)");
+ ret = kprobe_event_add_fields(&cmd, KPROBE_GEN_TEST_ARG2, KPROBE_GEN_TEST_ARG3);
if (ret)
goto free;
@@ -128,7 +167,7 @@ static int __init test_gen_kretprobe_cmd(void)
* Define the kretprobe event.
*/
ret = kretprobe_event_gen_cmd_start(&cmd, "gen_kretprobe_test",
- "do_sys_open",
+ KPROBE_GEN_TEST_FUNC,
"$retval");
if (ret)
goto free;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 285/390] kbuild: remove the target in signal traps when interrupted
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (283 preceding siblings ...)
2022-10-24 11:31 ` Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 286/390] kbuild: rpm-pkg: fix breakage when V=1 is used Greg Kroah-Hartman
` (110 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ingo Molnar, Rob Herring,
Masahiro Yamada, Nicolas Schier, Sasha Levin
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit a7f3257da8a86b96fb9bf1bba40ae0bbd7f1885a ]
When receiving some signal, GNU Make automatically deletes the target if
it has already been changed by the interrupted recipe.
If the target is possibly incomplete due to interruption, it must be
deleted so that it will be remade from scratch on the next run of make.
Otherwise, the target would remain corrupted permanently because its
timestamp had already been updated.
Thanks to this behavior of Make, you can stop the build any time by
pressing Ctrl-C, and just run 'make' to resume it.
Kbuild also relies on this feature, but it is equivalently important
for any build systems that make decisions based on timestamps (if you
want to support Ctrl-C reliably).
However, this does not always work as claimed; Make immediately dies
with Ctrl-C if its stderr goes into a pipe.
[Test Makefile]
foo:
echo hello > $@
sleep 3
echo world >> $@
[Test Result]
$ make # hit Ctrl-C
echo hello > foo
sleep 3
^Cmake: *** Deleting file 'foo'
make: *** [Makefile:3: foo] Interrupt
$ make 2>&1 | cat # hit Ctrl-C
echo hello > foo
sleep 3
^C$ # 'foo' is often left-over
The reason is because SIGINT is sent to the entire process group.
In this example, SIGINT kills 'cat', and 'make' writes the message to
the closed pipe, then dies with SIGPIPE before cleaning the target.
A typical bad scenario (as reported by [1], [2]) is to save build log
by using the 'tee' command:
$ make 2>&1 | tee log
This can be problematic for any build systems based on Make, so I hope
it will be fixed in GNU Make. The maintainer of GNU Make stated this is
a long-standing issue and difficult to fix [3]. It has not been fixed
yet as of writing.
So, we cannot rely on Make cleaning the target. We can do it by
ourselves, in signal traps.
As far as I understand, Make takes care of SIGHUP, SIGINT, SIGQUIT, and
SITERM for the target removal. I added the traps for them, and also for
SIGPIPE just in case cmd_* rule prints something to stdout or stderr
(but I did not observe an actual case where SIGPIPE was triggered).
[Note 1]
The trap handler might be worth explaining.
rm -f $@; trap - $(sig); kill -s $(sig) $$
This lets the shell kill itself by the signal it caught, so the parent
process can tell the child has exited on the signal. Generally, this is
a proper manner for handling signals, in case the calling program (like
Bash) may monitor WIFSIGNALED() and WTERMSIG() for WCE although this may
not be a big deal here because GNU Make handles SIGHUP, SIGINT, SIGQUIT
in WUE and SIGTERM in IUE.
IUE - Immediate Unconditional Exit
WUE - Wait and Unconditional Exit
WCE - Wait and Cooperative Exit
For details, see "Proper handling of SIGINT/SIGQUIT" [4].
[Note 2]
Reverting 392885ee82d3 ("kbuild: let fixdep directly write to .*.cmd
files") would directly address [1], but it only saves if_changed_dep.
As reported in [2], all commands that use redirection can potentially
leave an empty (i.e. broken) target.
[Note 3]
Another (even safer) approach might be to always write to a temporary
file, and rename it to $@ at the end of the recipe.
<command> > $(tmp-target)
mv $(tmp-target) $@
It would require a lot of Makefile changes, and result in ugly code,
so I did not take it.
[Note 4]
A little more thoughts about a pattern rule with multiple targets (or
a grouped target).
%.x %.y: %.z
<recipe>
When interrupted, GNU Make deletes both %.x and %.y, while this solution
only deletes $@. Probably, this is not a big deal. The next run of make
will execute the rule again to create $@ along with the other files.
[1]: https://lore.kernel.org/all/YLeot94yAaM4xbMY@gmail.com/
[2]: https://lore.kernel.org/all/20220510221333.2770571-1-robh@kernel.org/
[3]: https://lists.gnu.org/archive/html/help-make/2021-06/msg00001.html
[4]: https://www.cons.org/cracauer/sigint.html
Fixes: 392885ee82d3 ("kbuild: let fixdep directly write to .*.cmd files")
Reported-by: Ingo Molnar <mingo@kernel.org>
Reported-by: Rob Herring <robh@kernel.org>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Tested-by: Ingo Molnar <mingo@kernel.org>
Reviewed-by: Nicolas Schier <nicolas@fjasle.eu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/Kbuild.include | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/scripts/Kbuild.include b/scripts/Kbuild.include
index 0d6e11820791..25696de8114a 100644
--- a/scripts/Kbuild.include
+++ b/scripts/Kbuild.include
@@ -179,8 +179,29 @@ echo-cmd = $(if $($(quiet)cmd_$(1)),\
quiet_redirect :=
silent_redirect := exec >/dev/null;
+# Delete the target on interruption
+#
+# GNU Make automatically deletes the target if it has already been changed by
+# the interrupted recipe. So, you can safely stop the build by Ctrl-C (Make
+# will delete incomplete targets), and resume it later.
+#
+# However, this does not work when the stderr is piped to another program, like
+# $ make >&2 | tee log
+# Make dies with SIGPIPE before cleaning the targets.
+#
+# To address it, we clean the target in signal traps.
+#
+# Make deletes the target when it catches SIGHUP, SIGINT, SIGQUIT, SIGTERM.
+# So, we cover them, and also SIGPIPE just in case.
+#
+# Of course, this is unneeded for phony targets.
+delete-on-interrupt = \
+ $(if $(filter-out $(PHONY), $@), \
+ $(foreach sig, HUP INT QUIT TERM PIPE, \
+ trap 'rm -f $@; trap - $(sig); kill -s $(sig) $$$$' $(sig);))
+
# printing commands
-cmd = @set -e; $(echo-cmd) $($(quiet)redirect) $(cmd_$(1))
+cmd = @set -e; $(echo-cmd) $($(quiet)redirect) $(delete-on-interrupt) $(cmd_$(1))
###
# if_changed - execute command if any prerequisite is newer than
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 286/390] kbuild: rpm-pkg: fix breakage when V=1 is used
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (284 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 285/390] kbuild: remove the target in signal traps when interrupted Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 287/390] crypto: marvell/octeontx - prevent integer overflows Greg Kroah-Hartman
` (109 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Janis Schoetterl-Glausch,
Masahiro Yamada, Sasha Levin
From: Janis Schoetterl-Glausch <scgl@linux.ibm.com>
[ Upstream commit 2e07005f4813a9ff6e895787e0c2d1fea859b033 ]
Doing make V=1 binrpm-pkg results in:
Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.EgV6qJ
+ umask 022
+ cd .
+ /bin/rm -rf /home/scgl/rpmbuild/BUILDROOT/kernel-6.0.0_rc5+-1.s390x
+ /bin/mkdir -p /home/scgl/rpmbuild/BUILDROOT
+ /bin/mkdir /home/scgl/rpmbuild/BUILDROOT/kernel-6.0.0_rc5+-1.s390x
+ mkdir -p /home/scgl/rpmbuild/BUILDROOT/kernel-6.0.0_rc5+-1.s390x/boot
+ make -f ./Makefile image_name
+ cp test -e include/generated/autoconf.h -a -e include/config/auto.conf || ( \ echo >&2; \ echo >&2 " ERROR: Kernel configuration is invalid."; \ echo >&2 " include/generated/autoconf.h or include/config/auto.conf are missing.";\ echo >&2 " Run 'make oldconfig && make prepare' on kernel src to fix it."; \ echo >&2 ; \ /bin/false) arch/s390/boot/bzImage /home/scgl/rpmbuild/BUILDROOT/kernel-6.0.0_rc5+-1.s390x/boot/vmlinuz-6.0.0-rc5+
cp: invalid option -- 'e'
Try 'cp --help' for more information.
error: Bad exit status from /var/tmp/rpm-tmp.EgV6qJ (%install)
Because the make call to get the image name is verbose and prints
additional information.
Fixes: 993bdde94547 ("kbuild: add image_name to no-sync-config-targets")
Signed-off-by: Janis Schoetterl-Glausch <scgl@linux.ibm.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/package/mkspec | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/scripts/package/mkspec b/scripts/package/mkspec
index 7c477ca7dc98..951cc60e5a90 100755
--- a/scripts/package/mkspec
+++ b/scripts/package/mkspec
@@ -85,10 +85,10 @@ $S
mkdir -p %{buildroot}/boot
%ifarch ia64
mkdir -p %{buildroot}/boot/efi
- cp \$($MAKE image_name) %{buildroot}/boot/efi/vmlinuz-$KERNELRELEASE
+ cp \$($MAKE -s image_name) %{buildroot}/boot/efi/vmlinuz-$KERNELRELEASE
ln -s efi/vmlinuz-$KERNELRELEASE %{buildroot}/boot/
%else
- cp \$($MAKE image_name) %{buildroot}/boot/vmlinuz-$KERNELRELEASE
+ cp \$($MAKE -s image_name) %{buildroot}/boot/vmlinuz-$KERNELRELEASE
%endif
$M $MAKE %{?_smp_mflags} INSTALL_MOD_PATH=%{buildroot} modules_install
$MAKE %{?_smp_mflags} INSTALL_HDR_PATH=%{buildroot}/usr headers_install
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 287/390] crypto: marvell/octeontx - prevent integer overflows
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (285 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 286/390] kbuild: rpm-pkg: fix breakage when V=1 is used Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 288/390] crypto: cavium - prevent integer overflow loading firmware Greg Kroah-Hartman
` (108 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Herbert Xu, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit caca37cf6c749ff0303f68418cfe7b757a4e0697 ]
The "code_length" value comes from the firmware file. If your firmware
is untrusted realistically there is probably very little you can do to
protect yourself. Still we try to limit the damage as much as possible.
Also Smatch marks any data read from the filesystem as untrusted and
prints warnings if it not capped correctly.
The "code_length * 2" can overflow. The round_up(ucode_size, 16) +
sizeof() expression can overflow too. Prevent these overflows.
Fixes: d9110b0b01ff ("crypto: marvell - add support for OCTEON TX CPT engine")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../crypto/marvell/octeontx/otx_cptpf_ucode.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c b/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c
index 40b482198ebc..a765eefb18c2 100644
--- a/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c
+++ b/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c
@@ -286,6 +286,7 @@ static int process_tar_file(struct device *dev,
struct tar_ucode_info_t *tar_info;
struct otx_cpt_ucode_hdr *ucode_hdr;
int ucode_type, ucode_size;
+ unsigned int code_length;
/*
* If size is less than microcode header size then don't report
@@ -303,7 +304,13 @@ static int process_tar_file(struct device *dev,
if (get_ucode_type(ucode_hdr, &ucode_type))
return 0;
- ucode_size = ntohl(ucode_hdr->code_length) * 2;
+ code_length = ntohl(ucode_hdr->code_length);
+ if (code_length >= INT_MAX / 2) {
+ dev_err(dev, "Invalid code_length %u\n", code_length);
+ return -EINVAL;
+ }
+
+ ucode_size = code_length * 2;
if (!ucode_size || (size < round_up(ucode_size, 16) +
sizeof(struct otx_cpt_ucode_hdr) + OTX_CPT_UCODE_SIGN_LEN)) {
dev_err(dev, "Ucode %s invalid size\n", filename);
@@ -886,6 +893,7 @@ static int ucode_load(struct device *dev, struct otx_cpt_ucode *ucode,
{
struct otx_cpt_ucode_hdr *ucode_hdr;
const struct firmware *fw;
+ unsigned int code_length;
int ret;
set_ucode_filename(ucode, ucode_filename);
@@ -896,7 +904,13 @@ static int ucode_load(struct device *dev, struct otx_cpt_ucode *ucode,
ucode_hdr = (struct otx_cpt_ucode_hdr *) fw->data;
memcpy(ucode->ver_str, ucode_hdr->ver_str, OTX_CPT_UCODE_VER_STR_SZ);
ucode->ver_num = ucode_hdr->ver_num;
- ucode->size = ntohl(ucode_hdr->code_length) * 2;
+ code_length = ntohl(ucode_hdr->code_length);
+ if (code_length >= INT_MAX / 2) {
+ dev_err(dev, "Ucode invalid code_length %u\n", code_length);
+ ret = -EINVAL;
+ goto release_fw;
+ }
+ ucode->size = code_length * 2;
if (!ucode->size || (fw->size < round_up(ucode->size, 16)
+ sizeof(struct otx_cpt_ucode_hdr) + OTX_CPT_UCODE_SIGN_LEN)) {
dev_err(dev, "Ucode %s invalid size\n", ucode_filename);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 288/390] crypto: cavium - prevent integer overflow loading firmware
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (286 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 287/390] crypto: marvell/octeontx - prevent integer overflows Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 289/390] thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id Greg Kroah-Hartman
` (107 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Herbert Xu, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 2526d6bf27d15054bb0778b2f7bc6625fd934905 ]
The "code_length" value comes from the firmware file. If your firmware
is untrusted realistically there is probably very little you can do to
protect yourself. Still we try to limit the damage as much as possible.
Also Smatch marks any data read from the filesystem as untrusted and
prints warnings if it not capped correctly.
The "ntohl(ucode->code_length) * 2" multiplication can have an
integer overflow.
Fixes: 9e2c7d99941d ("crypto: cavium - Add Support for Octeon-tx CPT Engine")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/cavium/cpt/cptpf_main.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/cavium/cpt/cptpf_main.c b/drivers/crypto/cavium/cpt/cptpf_main.c
index 781949027451..d9362199423f 100644
--- a/drivers/crypto/cavium/cpt/cptpf_main.c
+++ b/drivers/crypto/cavium/cpt/cptpf_main.c
@@ -254,6 +254,7 @@ static int cpt_ucode_load_fw(struct cpt_device *cpt, const u8 *fw, bool is_ae)
const struct firmware *fw_entry;
struct device *dev = &cpt->pdev->dev;
struct ucode_header *ucode;
+ unsigned int code_length;
struct microcode *mcode;
int j, ret = 0;
@@ -264,11 +265,12 @@ static int cpt_ucode_load_fw(struct cpt_device *cpt, const u8 *fw, bool is_ae)
ucode = (struct ucode_header *)fw_entry->data;
mcode = &cpt->mcode[cpt->next_mc_idx];
memcpy(mcode->version, (u8 *)fw_entry->data, CPT_UCODE_VERSION_SZ);
- mcode->code_size = ntohl(ucode->code_length) * 2;
- if (!mcode->code_size) {
+ code_length = ntohl(ucode->code_length);
+ if (code_length == 0 || code_length >= INT_MAX / 2) {
ret = -EINVAL;
goto fw_release;
}
+ mcode->code_size = code_length * 2;
mcode->is_ae = is_ae;
mcode->core_mask = 0ULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 289/390] thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (287 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 288/390] crypto: cavium - prevent integer overflow loading firmware Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 290/390] ACPI: APEI: do not add task_work to kernel thread to avoid memory leak Greg Kroah-Hartman
` (106 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vincent Knecht, Dmitry Baryshkov,
Bjorn Andersson, Bryan ODonoghue, Daniel Lezcano, Sasha Levin
From: Vincent Knecht <vincent.knecht@mailoo.org>
[ Upstream commit b0c883e900702f408d62cf92b0ef01303ed69be9 ]
Reading temperature from this sensor fails with 'Invalid argument'.
Looking at old vendor dts [1], its hw_id should be 3 instead of 4.
Change this hw_id accordingly.
[1] https://github.com/msm8916-mainline/android_kernel_qcom_msm8916/blob/master/arch/arm/boot/dts/qcom/msm8939-common.dtsi#L511
Fixes: 332bc8ebab2c ("thermal: qcom: tsens-v0_1: Add support for MSM8939")
Signed-off-by: Vincent Knecht <vincent.knecht@mailoo.org>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Bjorn Andersson <andersson@kernel.org>
Reviewed-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Link: https://lore.kernel.org/r/20220811105014.7194-1-vincent.knecht@mailoo.org
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thermal/qcom/tsens-v0_1.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/thermal/qcom/tsens-v0_1.c b/drivers/thermal/qcom/tsens-v0_1.c
index 4ffa2e2c0145..9b8ba429a304 100644
--- a/drivers/thermal/qcom/tsens-v0_1.c
+++ b/drivers/thermal/qcom/tsens-v0_1.c
@@ -522,7 +522,7 @@ static const struct tsens_ops ops_8939 = {
struct tsens_plat_data data_8939 = {
.num_sensors = 10,
.ops = &ops_8939,
- .hw_ids = (unsigned int []){ 0, 1, 2, 4, 5, 6, 7, 8, 9, 10 },
+ .hw_ids = (unsigned int []){ 0, 1, 2, 3, 5, 6, 7, 8, 9, 10 },
.feat = &tsens_v0_1_feat,
.fields = tsens_v0_1_regfields,
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 290/390] ACPI: APEI: do not add task_work to kernel thread to avoid memory leak
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (288 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 289/390] thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 291/390] f2fs: fix race condition on setting FI_NO_EXTENT flag Greg Kroah-Hartman
` (105 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shuai Xue, Tony Luck,
Rafael J. Wysocki, Sasha Levin
From: Shuai Xue <xueshuai@linux.alibaba.com>
[ Upstream commit 415fed694fe11395df56e05022d6e7cee1d39dd3 ]
If an error is detected as a result of user-space process accessing a
corrupt memory location, the CPU may take an abort. Then the platform
firmware reports kernel via NMI like notifications, e.g. NOTIFY_SEA,
NOTIFY_SOFTWARE_DELEGATED, etc.
For NMI like notifications, commit 7f17b4a121d0 ("ACPI: APEI: Kick the
memory_failure() queue for synchronous errors") keep track of whether
memory_failure() work was queued, and make task_work pending to flush out
the queue so that the work is processed before return to user-space.
The code use init_mm to check whether the error occurs in user space:
if (current->mm != &init_mm)
The condition is always true, becase _nobody_ ever has "init_mm" as a real
VM any more.
In addition to abort, errors can also be signaled as asynchronous
exceptions, such as interrupt and SError. In such case, the interrupted
current process could be any kind of thread. When a kernel thread is
interrupted, the work ghes_kick_task_work deferred to task_work will never
be processed because entry_handler returns to call ret_to_kernel() instead
of ret_to_user(). Consequently, the estatus_node alloced from
ghes_estatus_pool in ghes_in_nmi_queue_one_entry() will not be freed.
After around 200 allocations in our platform, the ghes_estatus_pool will
run of memory and ghes_in_nmi_queue_one_entry() returns ENOMEM. As a
result, the event failed to be processed.
sdei: event 805 on CPU 113 failed with error: -2
Finally, a lot of unhandled events may cause platform firmware to exceed
some threshold and reboot.
The condition should generally just do
if (current->mm)
as described in active_mm.rst documentation.
Then if an asynchronous error is detected when a kernel thread is running,
(e.g. when detected by a background scrubber), do not add task_work to it
as the original patch intends to do.
Fixes: 7f17b4a121d0 ("ACPI: APEI: Kick the memory_failure() queue for synchronous errors")
Signed-off-by: Shuai Xue <xueshuai@linux.alibaba.com>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/apei/ghes.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/acpi/apei/ghes.c b/drivers/acpi/apei/ghes.c
index 0c8330ed1ffd..5206fd3b7867 100644
--- a/drivers/acpi/apei/ghes.c
+++ b/drivers/acpi/apei/ghes.c
@@ -985,7 +985,7 @@ static void ghes_proc_in_irq(struct irq_work *irq_work)
ghes_estatus_cache_add(generic, estatus);
}
- if (task_work_pending && current->mm != &init_mm) {
+ if (task_work_pending && current->mm) {
estatus_node->task_work.func = ghes_kick_task_work;
estatus_node->task_work_cpu = smp_processor_id();
ret = task_work_add(current, &estatus_node->task_work,
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 291/390] f2fs: fix race condition on setting FI_NO_EXTENT flag
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (289 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 290/390] ACPI: APEI: do not add task_work to kernel thread to avoid memory leak Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 292/390] f2fs: fix to avoid REQ_TIME and CP_TIME collision Greg Kroah-Hartman
` (104 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Qilong, Chao Yu, Jaegeuk Kim,
Sasha Levin
From: Zhang Qilong <zhangqilong3@huawei.com>
[ Upstream commit 07725adc55c0a414c10acb5c8c86cea34b95ddef ]
The following scenarios exist.
process A: process B:
->f2fs_drop_extent_tree ->f2fs_update_extent_cache_range
->f2fs_update_extent_tree_range
->write_lock
->set_inode_flag
->is_inode_flag_set
->__free_extent_tree // Shouldn't
// have been
// cleaned up
// here
->write_lock
In this case, the "FI_NO_EXTENT" flag is set between
f2fs_update_extent_tree_range and is_inode_flag_set
by other process. it leads to clearing the whole exten
tree which should not have happened. And we fix it by
move the setting it to the range of write_lock.
Fixes:5f281fab9b9a3 ("f2fs: disable extent_cache for fcollapse/finsert inodes")
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/extent_cache.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/fs/f2fs/extent_cache.c b/fs/f2fs/extent_cache.c
index 3ebf976a682d..bd16c78b5bf2 100644
--- a/fs/f2fs/extent_cache.c
+++ b/fs/f2fs/extent_cache.c
@@ -762,9 +762,8 @@ void f2fs_drop_extent_tree(struct inode *inode)
if (!f2fs_may_extent_tree(inode))
return;
- set_inode_flag(inode, FI_NO_EXTENT);
-
write_lock(&et->lock);
+ set_inode_flag(inode, FI_NO_EXTENT);
__free_extent_tree(sbi, et);
if (et->largest.len) {
et->largest.len = 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 292/390] f2fs: fix to avoid REQ_TIME and CP_TIME collision
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (290 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 291/390] f2fs: fix race condition on setting FI_NO_EXTENT flag Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 293/390] f2fs: fix to account FS_CP_DATA_IO correctly Greg Kroah-Hartman
` (103 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lei Li, Chao Yu, Jaegeuk Kim, Sasha Levin
From: Chao Yu <yuchao0@huawei.com>
[ Upstream commit 493720a4854343b7c3fe100cda6a3a2c3f8d4b5d ]
Lei Li reported a issue: if foreground operations are frequent, background
checkpoint may be always skipped due to below check, result in losing more
data after sudden power-cut.
f2fs_balance_fs_bg()
...
if (!is_idle(sbi, REQ_TIME) &&
(!excess_dirty_nats(sbi) && !excess_dirty_nodes(sbi)))
return;
E.g:
cp_interval = 5 second
idle_interval = 2 second
foreground operation interval = 1 second (append 1 byte per second into file)
In such case, no matter when it calls f2fs_balance_fs_bg(), is_idle(, REQ_TIME)
returns false, result in skipping background checkpoint.
This patch changes as below to make trigger condition being more reasonable:
- trigger sync_fs() if dirty_{nats,nodes} and prefree segs exceeds threshold;
- skip triggering sync_fs() if there is any background inflight IO or there is
foreground operation recently and meanwhile cp_rwsem is being held by someone;
Reported-by: Lei Li <noctis.akm@gmail.com>
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Stable-dep-of: d80afefb17e0 ("f2fs: fix to account FS_CP_DATA_IO correctly")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/f2fs.h | 19 +++++++++++++------
fs/f2fs/segment.c | 47 +++++++++++++++++++++++++++--------------------
2 files changed, 40 insertions(+), 26 deletions(-)
diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index dbe9fcef07e3..70fec13d35b7 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -2426,24 +2426,31 @@ static inline void *f2fs_kmem_cache_alloc(struct kmem_cache *cachep,
return entry;
}
-static inline bool is_idle(struct f2fs_sb_info *sbi, int type)
+static inline bool is_inflight_io(struct f2fs_sb_info *sbi, int type)
{
- if (sbi->gc_mode == GC_URGENT_HIGH)
- return true;
-
if (get_pages(sbi, F2FS_RD_DATA) || get_pages(sbi, F2FS_RD_NODE) ||
get_pages(sbi, F2FS_RD_META) || get_pages(sbi, F2FS_WB_DATA) ||
get_pages(sbi, F2FS_WB_CP_DATA) ||
get_pages(sbi, F2FS_DIO_READ) ||
get_pages(sbi, F2FS_DIO_WRITE))
- return false;
+ return true;
if (type != DISCARD_TIME && SM_I(sbi) && SM_I(sbi)->dcc_info &&
atomic_read(&SM_I(sbi)->dcc_info->queued_discard))
- return false;
+ return true;
if (SM_I(sbi) && SM_I(sbi)->fcc_info &&
atomic_read(&SM_I(sbi)->fcc_info->queued_flush))
+ return true;
+ return false;
+}
+
+static inline bool is_idle(struct f2fs_sb_info *sbi, int type)
+{
+ if (sbi->gc_mode == GC_URGENT_HIGH)
+ return true;
+
+ if (is_inflight_io(sbi, type))
return false;
if (sbi->gc_mode == GC_URGENT_LOW &&
diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
index 19224e7d2ad0..173161f1ced0 100644
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -536,31 +536,38 @@ void f2fs_balance_fs_bg(struct f2fs_sb_info *sbi, bool from_bg)
else
f2fs_build_free_nids(sbi, false, false);
- if (!is_idle(sbi, REQ_TIME) &&
- (!excess_dirty_nats(sbi) && !excess_dirty_nodes(sbi)))
+ if (excess_dirty_nats(sbi) || excess_dirty_nodes(sbi) ||
+ excess_prefree_segs(sbi))
+ goto do_sync;
+
+ /* there is background inflight IO or foreground operation recently */
+ if (is_inflight_io(sbi, REQ_TIME) ||
+ (!f2fs_time_over(sbi, REQ_TIME) && rwsem_is_locked(&sbi->cp_rwsem)))
return;
+ /* exceed periodical checkpoint timeout threshold */
+ if (f2fs_time_over(sbi, CP_TIME))
+ goto do_sync;
+
/* checkpoint is the only way to shrink partial cached entries */
- if (!f2fs_available_free_memory(sbi, NAT_ENTRIES) ||
- !f2fs_available_free_memory(sbi, INO_ENTRIES) ||
- excess_prefree_segs(sbi) ||
- excess_dirty_nats(sbi) ||
- excess_dirty_nodes(sbi) ||
- f2fs_time_over(sbi, CP_TIME)) {
- if (test_opt(sbi, DATA_FLUSH) && from_bg) {
- struct blk_plug plug;
-
- mutex_lock(&sbi->flush_lock);
-
- blk_start_plug(&plug);
- f2fs_sync_dirty_inodes(sbi, FILE_INODE);
- blk_finish_plug(&plug);
+ if (f2fs_available_free_memory(sbi, NAT_ENTRIES) ||
+ f2fs_available_free_memory(sbi, INO_ENTRIES))
+ return;
- mutex_unlock(&sbi->flush_lock);
- }
- f2fs_sync_fs(sbi->sb, true);
- stat_inc_bg_cp_count(sbi->stat_info);
+do_sync:
+ if (test_opt(sbi, DATA_FLUSH) && from_bg) {
+ struct blk_plug plug;
+
+ mutex_lock(&sbi->flush_lock);
+
+ blk_start_plug(&plug);
+ f2fs_sync_dirty_inodes(sbi, FILE_INODE);
+ blk_finish_plug(&plug);
+
+ mutex_unlock(&sbi->flush_lock);
}
+ f2fs_sync_fs(sbi->sb, true);
+ stat_inc_bg_cp_count(sbi->stat_info);
}
static int __submit_flush_wait(struct f2fs_sb_info *sbi,
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 293/390] f2fs: fix to account FS_CP_DATA_IO correctly
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (291 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 292/390] f2fs: fix to avoid REQ_TIME and CP_TIME collision Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 294/390] selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle Greg Kroah-Hartman
` (102 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim, Sasha Levin
From: Chao Yu <chao@kernel.org>
[ Upstream commit d80afefb17e01aa0c46a8eebc01882e0ebd8b0f6 ]
f2fs_inode_info.cp_task was introduced for FS_CP_DATA_IO accounting
since commit b0af6d491a6b ("f2fs: add app/fs io stat").
However, cp_task usage coverage has been increased due to below
commits:
commit 040d2bb318d1 ("f2fs: fix to avoid deadloop if data_flush is on")
commit 186857c5a14a ("f2fs: fix potential recursive call when enabling data_flush")
So that, if data_flush mountoption is on, when data flush was
triggered from background, the IO from data flush will be accounted
as checkpoint IO type incorrectly.
In order to fix this issue, this patch splits cp_task into two:
a) cp_task: used for IO accounting
b) wb_task: used to avoid deadlock
Fixes: 040d2bb318d1 ("f2fs: fix to avoid deadloop if data_flush is on")
Fixes: 186857c5a14a ("f2fs: fix potential recursive call when enabling data_flush")
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/checkpoint.c | 13 +++++++++----
fs/f2fs/data.c | 4 ++--
fs/f2fs/f2fs.h | 4 +++-
fs/f2fs/segment.c | 2 +-
4 files changed, 15 insertions(+), 8 deletions(-)
diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c
index 0653c54873b5..cd46a64ace1b 100644
--- a/fs/f2fs/checkpoint.c
+++ b/fs/f2fs/checkpoint.c
@@ -1047,7 +1047,8 @@ void f2fs_remove_dirty_inode(struct inode *inode)
spin_unlock(&sbi->inode_lock[type]);
}
-int f2fs_sync_dirty_inodes(struct f2fs_sb_info *sbi, enum inode_type type)
+int f2fs_sync_dirty_inodes(struct f2fs_sb_info *sbi, enum inode_type type,
+ bool from_cp)
{
struct list_head *head;
struct inode *inode;
@@ -1082,11 +1083,15 @@ int f2fs_sync_dirty_inodes(struct f2fs_sb_info *sbi, enum inode_type type)
if (inode) {
unsigned long cur_ino = inode->i_ino;
- F2FS_I(inode)->cp_task = current;
+ if (from_cp)
+ F2FS_I(inode)->cp_task = current;
+ F2FS_I(inode)->wb_task = current;
filemap_fdatawrite(inode->i_mapping);
- F2FS_I(inode)->cp_task = NULL;
+ F2FS_I(inode)->wb_task = NULL;
+ if (from_cp)
+ F2FS_I(inode)->cp_task = NULL;
iput(inode);
/* We need to give cpu to another writers. */
@@ -1215,7 +1220,7 @@ static int block_operations(struct f2fs_sb_info *sbi)
/* write all the dirty dentry pages */
if (get_pages(sbi, F2FS_DIRTY_DENTS)) {
f2fs_unlock_all(sbi);
- err = f2fs_sync_dirty_inodes(sbi, DIR_INODE);
+ err = f2fs_sync_dirty_inodes(sbi, DIR_INODE, true);
if (err)
return err;
cond_resched();
diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c
index b2016fd3a7ca..9270330ec5ce 100644
--- a/fs/f2fs/data.c
+++ b/fs/f2fs/data.c
@@ -2912,7 +2912,7 @@ int f2fs_write_single_data_page(struct page *page, int *submitted,
}
unlock_page(page);
if (!S_ISDIR(inode->i_mode) && !IS_NOQUOTA(inode) &&
- !F2FS_I(inode)->cp_task && allow_balance)
+ !F2FS_I(inode)->wb_task && allow_balance)
f2fs_balance_fs(sbi, need_balance_fs);
if (unlikely(f2fs_cp_error(sbi))) {
@@ -3210,7 +3210,7 @@ static inline bool __should_serialize_io(struct inode *inode,
struct writeback_control *wbc)
{
/* to avoid deadlock in path of data flush */
- if (F2FS_I(inode)->cp_task)
+ if (F2FS_I(inode)->wb_task)
return false;
if (!S_ISREG(inode->i_mode))
diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index 70fec13d35b7..c03fdda1bddf 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -701,6 +701,7 @@ struct f2fs_inode_info {
unsigned int clevel; /* maximum level of given file name */
struct task_struct *task; /* lookup and create consistency */
struct task_struct *cp_task; /* separate cp/wb IO stats*/
+ struct task_struct *wb_task; /* indicate inode is in context of writeback */
nid_t i_xattr_nid; /* node id that contains xattrs */
loff_t last_disk_size; /* lastly written file size */
spinlock_t i_size_lock; /* protect last_disk_size */
@@ -3400,7 +3401,8 @@ int f2fs_recover_orphan_inodes(struct f2fs_sb_info *sbi);
int f2fs_get_valid_checkpoint(struct f2fs_sb_info *sbi);
void f2fs_update_dirty_page(struct inode *inode, struct page *page);
void f2fs_remove_dirty_inode(struct inode *inode);
-int f2fs_sync_dirty_inodes(struct f2fs_sb_info *sbi, enum inode_type type);
+int f2fs_sync_dirty_inodes(struct f2fs_sb_info *sbi, enum inode_type type,
+ bool from_cp);
void f2fs_wait_on_all_pages(struct f2fs_sb_info *sbi, int type);
int f2fs_write_checkpoint(struct f2fs_sb_info *sbi, struct cp_control *cpc);
void f2fs_init_ino_entry_info(struct f2fs_sb_info *sbi);
diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
index 173161f1ced0..3123fd49c8ce 100644
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -561,7 +561,7 @@ void f2fs_balance_fs_bg(struct f2fs_sb_info *sbi, bool from_bg)
mutex_lock(&sbi->flush_lock);
blk_start_plug(&plug);
- f2fs_sync_dirty_inodes(sbi, FILE_INODE);
+ f2fs_sync_dirty_inodes(sbi, FILE_INODE, false);
blk_finish_plug(&plug);
mutex_unlock(&sbi->flush_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 294/390] selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (292 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 293/390] f2fs: fix to account FS_CP_DATA_IO correctly Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 295/390] rcu: Back off upon fill_page_cache_func() allocation failure Greg Kroah-Hartman
` (101 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shuah Khan, linux-kselftest,
Jarkko Sakkinen, Stefan Berger, Sasha Levin
From: Stefan Berger <stefanb@linux.ibm.com>
[ Upstream commit 2d869f0b458547386fbcd8cf3004b271b7347b7f ]
The following output can bee seen when the test is executed:
test_flush_context (tpm2_tests.SpaceTest) ... \
/usr/lib64/python3.6/unittest/case.py:605: ResourceWarning: \
unclosed file <_io.FileIO name='/dev/tpmrm0' mode='rb+' closefd=True>
An instance of Client does not implicitly close /dev/tpm* handle, once it
gets destroyed. Close the file handle in the class destructor
Client.__del__().
Fixes: 6ea3dfe1e0732 ("selftests: add TPM 2.0 tests")
Cc: Shuah Khan <shuah@kernel.org>
Cc: linux-kselftest@vger.kernel.org
Cc: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/tpm2/tpm2.py | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/testing/selftests/tpm2/tpm2.py b/tools/testing/selftests/tpm2/tpm2.py
index f34486cd7342..3e67fdb518ec 100644
--- a/tools/testing/selftests/tpm2/tpm2.py
+++ b/tools/testing/selftests/tpm2/tpm2.py
@@ -370,6 +370,10 @@ class Client:
fcntl.fcntl(self.tpm, fcntl.F_SETFL, flags)
self.tpm_poll = select.poll()
+ def __del__(self):
+ if self.tpm:
+ self.tpm.close()
+
def close(self):
self.tpm.close()
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 295/390] rcu: Back off upon fill_page_cache_func() allocation failure
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (293 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 294/390] selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 296/390] rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE() Greg Kroah-Hartman
` (100 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Uladzislau Rezki (Sony),
Paul E. McKenney, Frederic Weisbecker, Neeraj Upadhyay,
Josh Triplett, Steven Rostedt, Mathieu Desnoyers, Lai Jiangshan,
Joel Fernandes, Michal Hocko, Sasha Levin
From: Michal Hocko <mhocko@suse.com>
[ Upstream commit 093590c16b447f53e66771c8579ae66c96f6ef61 ]
The fill_page_cache_func() function allocates couple of pages to store
kvfree_rcu_bulk_data structures. This is a lightweight (GFP_NORETRY)
allocation which can fail under memory pressure. The function will,
however keep retrying even when the previous attempt has failed.
This retrying is in theory correct, but in practice the allocation is
invoked from workqueue context, which means that if the memory reclaim
gets stuck, these retries can hog the worker for quite some time.
Although the workqueues subsystem automatically adjusts concurrency, such
adjustment is not guaranteed to happen until the worker context sleeps.
And the fill_page_cache_func() function's retry loop is not guaranteed
to sleep (see the should_reclaim_retry() function).
And we have seen this function cause workqueue lockups:
kernel: BUG: workqueue lockup - pool cpus=93 node=1 flags=0x1 nice=0 stuck for 32s!
[...]
kernel: pool 74: cpus=37 node=0 flags=0x1 nice=0 hung=32s workers=2 manager: 2146
kernel: pwq 498: cpus=249 node=1 flags=0x1 nice=0 active=4/256 refcnt=5
kernel: in-flight: 1917:fill_page_cache_func
kernel: pending: dbs_work_handler, free_work, kfree_rcu_monitor
Originally, we thought that the root cause of this lockup was several
retries with direct reclaim, but this is not yet confirmed. Furthermore,
we have seen similar lockups without any heavy memory pressure. This
suggests that there are other factors contributing to these lockups.
However, it is not really clear that endless retries are desireable.
So let's make the fill_page_cache_func() function back off after
allocation failure.
Cc: Uladzislau Rezki (Sony) <urezki@gmail.com>
Cc: "Paul E. McKenney" <paulmck@kernel.org>
Cc: Frederic Weisbecker <frederic@kernel.org>
Cc: Neeraj Upadhyay <quic_neeraju@quicinc.com>
Cc: Josh Triplett <josh@joshtriplett.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Lai Jiangshan <jiangshanlai@gmail.com>
Cc: Joel Fernandes <joel@joelfernandes.org>
Signed-off-by: Michal Hocko <mhocko@suse.com>
Reviewed-by: Uladzislau Rezki (Sony) <urezki@gmail.com>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/rcu/tree.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c
index b41009a283ca..b10d6bcea77d 100644
--- a/kernel/rcu/tree.c
+++ b/kernel/rcu/tree.c
@@ -3393,15 +3393,16 @@ static void fill_page_cache_func(struct work_struct *work)
bnode = (struct kvfree_rcu_bulk_data *)
__get_free_page(GFP_KERNEL | __GFP_NORETRY | __GFP_NOMEMALLOC | __GFP_NOWARN);
- if (bnode) {
- raw_spin_lock_irqsave(&krcp->lock, flags);
- pushed = put_cached_bnode(krcp, bnode);
- raw_spin_unlock_irqrestore(&krcp->lock, flags);
+ if (!bnode)
+ break;
- if (!pushed) {
- free_page((unsigned long) bnode);
- break;
- }
+ raw_spin_lock_irqsave(&krcp->lock, flags);
+ pushed = put_cached_bnode(krcp, bnode);
+ raw_spin_unlock_irqrestore(&krcp->lock, flags);
+
+ if (!pushed) {
+ free_page((unsigned long) bnode);
+ break;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 296/390] rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (294 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 295/390] rcu: Back off upon fill_page_cache_func() allocation failure Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 297/390] ACPI: video: Add Toshiba Satellite/Portege Z830 quirk Greg Kroah-Hartman
` (99 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zqiang, Paul E. McKenney, Sasha Levin
From: Zqiang <qiang1.zhang@intel.com>
[ Upstream commit fcd53c8a4dfa38bafb89efdd0b0f718f3a03f884 ]
Kernels built with CONFIG_PROVE_RCU=y and CONFIG_DEBUG_LOCK_ALLOC=y
attempt to emit a warning when the synchronize_rcu_tasks_generic()
function is called during early boot while the rcu_scheduler_active
variable is RCU_SCHEDULER_INACTIVE. However the warnings is not
actually be printed because the debug_lockdep_rcu_enabled() returns
false, exactly because the rcu_scheduler_active variable is still equal
to RCU_SCHEDULER_INACTIVE.
This commit therefore replaces RCU_LOCKDEP_WARN() with WARN_ONCE()
to force these warnings to actually be printed.
Signed-off-by: Zqiang <qiang1.zhang@intel.com>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/rcu/tasks.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/rcu/tasks.h b/kernel/rcu/tasks.h
index 14af29fe1377..8b51e6a5b386 100644
--- a/kernel/rcu/tasks.h
+++ b/kernel/rcu/tasks.h
@@ -171,7 +171,7 @@ static void call_rcu_tasks_generic(struct rcu_head *rhp, rcu_callback_t func,
static void synchronize_rcu_tasks_generic(struct rcu_tasks *rtp)
{
/* Complain if the scheduler has not started. */
- RCU_LOCKDEP_WARN(rcu_scheduler_active == RCU_SCHEDULER_INACTIVE,
+ WARN_ONCE(rcu_scheduler_active == RCU_SCHEDULER_INACTIVE,
"synchronize_rcu_tasks called too soon");
/* Wait for the grace period. */
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 297/390] ACPI: video: Add Toshiba Satellite/Portege Z830 quirk
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (295 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 296/390] rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE() Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 298/390] MIPS: BCM47XX: Cast memcmp() of function to (void *) Greg Kroah-Hartman
` (98 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Arvid Norlander,
Rafael J. Wysocki, Sasha Levin
From: Arvid Norlander <lkml@vorpal.se>
[ Upstream commit 574160b8548deff8b80b174f03201e94ab8431e2 ]
Toshiba Satellite Z830 needs the quirk video_disable_backlight_sysfs_if
for proper backlight control after suspend/resume cycles.
Toshiba Portege Z830 is simply the same laptop rebranded for certain
markets (I looked through the manual to other language sections to confirm
this) and thus also needs this quirk.
Thanks to Hans de Goede for suggesting this fix.
Link: https://www.spinics.net/lists/platform-driver-x86/msg34394.html
Suggested-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Arvid Norlander <lkml@vorpal.se>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Tested-by: Arvid Norlander <lkml@vorpal.se>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/acpi_video.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/drivers/acpi/acpi_video.c b/drivers/acpi/acpi_video.c
index eb04b2f828ee..cf6c9ffe04a2 100644
--- a/drivers/acpi/acpi_video.c
+++ b/drivers/acpi/acpi_video.c
@@ -498,6 +498,22 @@ static const struct dmi_system_id video_dmi_table[] = {
DMI_MATCH(DMI_PRODUCT_NAME, "SATELLITE R830"),
},
},
+ {
+ .callback = video_disable_backlight_sysfs_if,
+ .ident = "Toshiba Satellite Z830",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "TOSHIBA"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "SATELLITE Z830"),
+ },
+ },
+ {
+ .callback = video_disable_backlight_sysfs_if,
+ .ident = "Toshiba Portege Z830",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "TOSHIBA"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "PORTEGE Z830"),
+ },
+ },
/*
* Some machine's _DOD IDs don't have bit 31(Device ID Scheme) set
* but the IDs actually follow the Device ID Scheme.
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 298/390] MIPS: BCM47XX: Cast memcmp() of function to (void *)
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (296 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 297/390] ACPI: video: Add Toshiba Satellite/Portege Z830 quirk Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 299/390] powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue Greg Kroah-Hartman
` (97 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hauke Mehrtens,
Rafał Miłecki, Thomas Bogendoerfer, linux-mips,
Nathan Chancellor, Nick Desaulniers, llvm, kernel test robot,
Kees Cook, Sasha Levin
From: Kees Cook <keescook@chromium.org>
[ Upstream commit 0dedcf6e3301836eb70cfa649052e7ce4fcd13ba ]
Clang is especially sensitive about argument type matching when using
__overloaded functions (like memcmp(), etc). Help it see that function
pointers are just "void *". Avoids this error:
arch/mips/bcm47xx/prom.c:89:8: error: no matching function for call to 'memcmp'
if (!memcmp(prom_init, prom_init + mem, 32))
^~~~~~
include/linux/string.h:156:12: note: candidate function not viable: no known conversion from 'void (void)' to 'const void *' for 1st argument extern int memcmp(const void *,const void *,__kernel_size_t);
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Cc: "Rafał Miłecki" <zajec5@gmail.com>
Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Cc: linux-mips@vger.kernel.org
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: llvm@lists.linux.dev
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/lkml/202209080652.sz2d68e5-lkp@intel.com
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/bcm47xx/prom.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/mips/bcm47xx/prom.c b/arch/mips/bcm47xx/prom.c
index 3e2a8166377f..22509b5fab74 100644
--- a/arch/mips/bcm47xx/prom.c
+++ b/arch/mips/bcm47xx/prom.c
@@ -86,7 +86,7 @@ static __init void prom_init_mem(void)
pr_debug("Assume 128MB RAM\n");
break;
}
- if (!memcmp(prom_init, prom_init + mem, 32))
+ if (!memcmp((void *)prom_init, (void *)prom_init + mem, 32))
break;
}
lowmem = mem;
@@ -163,7 +163,7 @@ void __init bcm47xx_prom_highmem_init(void)
off = EXTVBASE + __pa(off);
for (extmem = 128 << 20; extmem < 512 << 20; extmem <<= 1) {
- if (!memcmp(prom_init, (void *)(off + extmem), 16))
+ if (!memcmp((void *)prom_init, (void *)(off + extmem), 16))
break;
}
extmem -= lowmem;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 299/390] powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (297 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 298/390] MIPS: BCM47XX: Cast memcmp() of function to (void *) Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 300/390] thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash Greg Kroah-Hartman
` (96 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chao Qin, Zhang Rui,
Rafael J. Wysocki, Sasha Levin
From: Chao Qin <chao.qin@intel.com>
[ Upstream commit 2d93540014387d1c73b9ccc4d7895320df66d01b ]
When value < time_unit, the parameter of ilog2() will be zero and
the return value is -1. u64(-1) is too large for shift exponent
and then will trigger shift-out-of-bounds:
shift exponent 18446744073709551615 is too large for 32-bit type 'int'
Call Trace:
rapl_compute_time_window_core
rapl_write_data_raw
set_time_window
store_constraint_time_window_us
Signed-off-by: Chao Qin <chao.qin@intel.com>
Acked-by: Zhang Rui <rui.zhang@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/powercap/intel_rapl_common.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/powercap/intel_rapl_common.c b/drivers/powercap/intel_rapl_common.c
index a13a07f475d2..285420c1eb7c 100644
--- a/drivers/powercap/intel_rapl_common.c
+++ b/drivers/powercap/intel_rapl_common.c
@@ -938,6 +938,9 @@ static u64 rapl_compute_time_window_core(struct rapl_package *rp, u64 value,
y = value & 0x1f;
value = (1 << y) * (4 + f) * rp->time_unit / 4;
} else {
+ if (value < rp->time_unit)
+ return 0;
+
do_div(value, rp->time_unit);
y = ilog2(value);
f = div64_u64(4 * (value - (1 << y)), 1 << y);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 300/390] thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (298 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 299/390] powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` Greg Kroah-Hartman
` (95 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chen Yu, Srinivas Pandruvada,
Rafael J. Wysocki, Sasha Levin
From: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
[ Upstream commit 68b99e94a4a2db6ba9b31fe0485e057b9354a640 ]
When CPU 0 is offline and intel_powerclamp is used to inject
idle, it generates kernel BUG:
BUG: using smp_processor_id() in preemptible [00000000] code: bash/15687
caller is debug_smp_processor_id+0x17/0x20
CPU: 4 PID: 15687 Comm: bash Not tainted 5.19.0-rc7+ #57
Call Trace:
<TASK>
dump_stack_lvl+0x49/0x63
dump_stack+0x10/0x16
check_preemption_disabled+0xdd/0xe0
debug_smp_processor_id+0x17/0x20
powerclamp_set_cur_state+0x7f/0xf9 [intel_powerclamp]
...
...
Here CPU 0 is the control CPU by default and changed to the current CPU,
if CPU 0 offlined. This check has to be performed under cpus_read_lock(),
hence the above warning.
Use get_cpu() instead of smp_processor_id() to avoid this BUG.
Suggested-by: Chen Yu <yu.c.chen@intel.com>
Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
[ rjw: Subject edits ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thermal/intel/intel_powerclamp.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/thermal/intel/intel_powerclamp.c b/drivers/thermal/intel/intel_powerclamp.c
index b0eb5ece9243..14381f7587ff 100644
--- a/drivers/thermal/intel/intel_powerclamp.c
+++ b/drivers/thermal/intel/intel_powerclamp.c
@@ -532,8 +532,10 @@ static int start_power_clamp(void)
/* prefer BSP */
control_cpu = 0;
- if (!cpu_online(control_cpu))
- control_cpu = smp_processor_id();
+ if (!cpu_online(control_cpu)) {
+ control_cpu = get_cpu();
+ put_cpu();
+ }
clamping = true;
schedule_delayed_work(&poll_pkg_cstate_work, 0);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 301/390] ARM: decompressor: Include .data.rel.ro.local
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 002/390] ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() Greg Kroah-Hartman
` (394 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Russell King,
linux-arm-kernel, Kees Cook, Sasha Levin
From: Kees Cook <keescook@chromium.org>
[ Upstream commit 1b64daf413acd86c2c13f5443f6b4ef3690c8061 ]
The .data.rel.ro.local section has the same semantics as .data.rel.ro
here, so include it in the .rodata section of the decompressor.
Additionally since the .printk_index section isn't usable outside of
the core kernel, discard it in the decompressor. Avoids these warnings:
arm-linux-gnueabi-ld: warning: orphan section `.data.rel.ro.local' from `arch/arm/boot/compressed/fdt_rw.o' being placed in section `.data.rel.ro.local'
arm-linux-gnueabi-ld: warning: orphan section `.printk_index' from `arch/arm/boot/compressed/fdt_rw.o' being placed in section `.printk_index'
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/linux-mm/202209080545.qMIVj7YM-lkp@intel.com
Cc: Russell King <linux@armlinux.org.uk>
Cc: linux-arm-kernel@lists.infradead.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/compressed/vmlinux.lds.S | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/arm/boot/compressed/vmlinux.lds.S b/arch/arm/boot/compressed/vmlinux.lds.S
index 1bcb68ac4b01..3fcb3e62dc56 100644
--- a/arch/arm/boot/compressed/vmlinux.lds.S
+++ b/arch/arm/boot/compressed/vmlinux.lds.S
@@ -23,6 +23,7 @@ SECTIONS
*(.ARM.extab*)
*(.note.*)
*(.rel.*)
+ *(.printk_index)
/*
* Discard any r/w data - this produces a link error if we have any,
* which is required for PIC decompression. Local data generates
@@ -57,6 +58,7 @@ SECTIONS
*(.rodata)
*(.rodata.*)
*(.data.rel.ro)
+ *(.data.rel.ro.*)
}
.piggydata : {
*(.piggydata)
--
2.35.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 301/390] ARM: decompressor: Include .data.rel.ro.local
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
0 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Russell King,
linux-arm-kernel, Kees Cook, Sasha Levin
From: Kees Cook <keescook@chromium.org>
[ Upstream commit 1b64daf413acd86c2c13f5443f6b4ef3690c8061 ]
The .data.rel.ro.local section has the same semantics as .data.rel.ro
here, so include it in the .rodata section of the decompressor.
Additionally since the .printk_index section isn't usable outside of
the core kernel, discard it in the decompressor. Avoids these warnings:
arm-linux-gnueabi-ld: warning: orphan section `.data.rel.ro.local' from `arch/arm/boot/compressed/fdt_rw.o' being placed in section `.data.rel.ro.local'
arm-linux-gnueabi-ld: warning: orphan section `.printk_index' from `arch/arm/boot/compressed/fdt_rw.o' being placed in section `.printk_index'
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/linux-mm/202209080545.qMIVj7YM-lkp@intel.com
Cc: Russell King <linux@armlinux.org.uk>
Cc: linux-arm-kernel@lists.infradead.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/compressed/vmlinux.lds.S | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/arm/boot/compressed/vmlinux.lds.S b/arch/arm/boot/compressed/vmlinux.lds.S
index 1bcb68ac4b01..3fcb3e62dc56 100644
--- a/arch/arm/boot/compressed/vmlinux.lds.S
+++ b/arch/arm/boot/compressed/vmlinux.lds.S
@@ -23,6 +23,7 @@ SECTIONS
*(.ARM.extab*)
*(.note.*)
*(.rel.*)
+ *(.printk_index)
/*
* Discard any r/w data - this produces a link error if we have any,
* which is required for PIC decompression. Local data generates
@@ -57,6 +58,7 @@ SECTIONS
*(.rodata)
*(.rodata.*)
*(.data.rel.ro)
+ *(.data.rel.ro.*)
}
.piggydata : {
*(.piggydata)
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 302/390] x86/entry: Work around Clang __bdos() bug
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (300 preceding siblings ...)
2022-10-24 11:31 ` Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 303/390] NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data Greg Kroah-Hartman
` (93 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Juergen Gross, Boris Ostrovsky,
Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86,
H. Peter Anvin, xen-devel, Kees Cook, Sasha Levin
From: Kees Cook <keescook@chromium.org>
[ Upstream commit 3e1730842f142add55dc658929221521a9ea62b6 ]
Clang produces a false positive when building with CONFIG_FORTIFY_SOURCE=y
and CONFIG_UBSAN_BOUNDS=y when operating on an array with a dynamic
offset. Work around this by using a direct assignment of an empty
instance. Avoids this warning:
../include/linux/fortify-string.h:309:4: warning: call to __write_overflow_field declared with 'warn
ing' attribute: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Wat
tribute-warning]
__write_overflow_field(p_size_field, size);
^
which was isolated to the memset() call in xen_load_idt().
Note that this looks very much like another bug that was worked around:
https://github.com/ClangBuiltLinux/linux/issues/1592
Cc: Juergen Gross <jgross@suse.com>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: x86@kernel.org
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: xen-devel@lists.xenproject.org
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Link: https://lore.kernel.org/lkml/41527d69-e8ab-3f86-ff37-6b298c01d5bc@oracle.com
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/xen/enlighten_pv.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c
index 804c65d2b95f..815030b7f6fa 100644
--- a/arch/x86/xen/enlighten_pv.c
+++ b/arch/x86/xen/enlighten_pv.c
@@ -768,6 +768,7 @@ static void xen_load_idt(const struct desc_ptr *desc)
{
static DEFINE_SPINLOCK(lock);
static struct trap_info traps[257];
+ static const struct trap_info zero = { };
unsigned out;
trace_xen_cpu_load_idt(desc);
@@ -777,7 +778,7 @@ static void xen_load_idt(const struct desc_ptr *desc)
memcpy(this_cpu_ptr(&idt_desc), desc, sizeof(idt_desc));
out = xen_convert_trap_info(desc, traps, false);
- memset(&traps[out], 0, sizeof(traps[0]));
+ traps[out] = zero;
xen_mc_flush();
if (HYPERVISOR_set_trap_table(traps))
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 303/390] NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (301 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 302/390] x86/entry: Work around Clang __bdos() bug Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 304/390] NFSD: fix use-after-free on source server when doing inter-server copy Greg Kroah-Hartman
` (92 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anna Schumaker, Chuck Lever, Sasha Levin
From: Anna Schumaker <Anna.Schumaker@Netapp.com>
[ Upstream commit 06981d560606ac48d61e5f4fff6738b925c93173 ]
This was discussed with Chuck as part of this patch set. Returning
nfserr_resource was decided to not be the best error message here, and
he suggested changing to nfserr_serverfault instead.
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Link: https://lore.kernel.org/linux-nfs/20220907195259.926736-1-anna@kernel.org/T/#t
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfsd/nfs4xdr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index 46f825cf53f4..cc605ee0b2fa 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -3871,7 +3871,7 @@ nfsd4_encode_read(struct nfsd4_compoundres *resp, __be32 nfserr,
if (resp->xdr.buf->page_len &&
test_bit(RQ_SPLICE_OK, &resp->rqstp->rq_flags)) {
WARN_ON_ONCE(1);
- return nfserr_resource;
+ return nfserr_serverfault;
}
xdr_commit_encode(xdr);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 304/390] NFSD: fix use-after-free on source server when doing inter-server copy
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (302 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 303/390] NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 305/390] wifi: brcmfmac: fix invalid address access when enabling SCAN log level Greg Kroah-Hartman
` (91 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dai Ngo, Chuck Lever, Sasha Levin
From: Dai Ngo <dai.ngo@oracle.com>
[ Upstream commit 019805fea91599b22dfa62ffb29c022f35abeb06 ]
Use-after-free occurred when the laundromat tried to free expired
cpntf_state entry on the s2s_cp_stateids list after inter-server
copy completed. The sc_cp_list that the expired copy state was
inserted on was already freed.
When COPY completes, the Linux client normally sends LOCKU(lock_state x),
FREE_STATEID(lock_state x) and CLOSE(open_state y) to the source server.
The nfs4_put_stid call from nfsd4_free_stateid cleans up the copy state
from the s2s_cp_stateids list before freeing the lock state's stid.
However, sometimes the CLOSE was sent before the FREE_STATEID request.
When this happens, the nfsd4_close_open_stateid call from nfsd4_close
frees all lock states on its st_locks list without cleaning up the copy
state on the sc_cp_list list. When the time the FREE_STATEID arrives the
server returns BAD_STATEID since the lock state was freed. This causes
the use-after-free error to occur when the laundromat tries to free
the expired cpntf_state.
This patch adds a call to nfs4_free_cpntf_statelist in
nfsd4_close_open_stateid to clean up the copy state before calling
free_ol_stateid_reaplist to free the lock state's stid on the reaplist.
Signed-off-by: Dai Ngo <dai.ngo@oracle.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfsd/nfs4state.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index f1b503bec222..665d0eaeb8db 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -843,6 +843,7 @@ static struct nfs4_ol_stateid * nfs4_alloc_open_stateid(struct nfs4_client *clp)
static void nfs4_free_deleg(struct nfs4_stid *stid)
{
+ WARN_ON(!list_empty(&stid->sc_cp_list));
kmem_cache_free(deleg_slab, stid);
atomic_long_dec(&num_delegations);
}
@@ -1358,6 +1359,7 @@ static void nfs4_free_ol_stateid(struct nfs4_stid *stid)
release_all_access(stp);
if (stp->st_stateowner)
nfs4_put_stateowner(stp->st_stateowner);
+ WARN_ON(!list_empty(&stid->sc_cp_list));
kmem_cache_free(stateid_slab, stid);
}
@@ -6207,6 +6209,7 @@ static void nfsd4_close_open_stateid(struct nfs4_ol_stateid *s)
struct nfs4_client *clp = s->st_stid.sc_client;
bool unhashed;
LIST_HEAD(reaplist);
+ struct nfs4_ol_stateid *stp;
spin_lock(&clp->cl_lock);
unhashed = unhash_open_stateid(s, &reaplist);
@@ -6215,6 +6218,8 @@ static void nfsd4_close_open_stateid(struct nfs4_ol_stateid *s)
if (unhashed)
put_ol_stateid_locked(s, &reaplist);
spin_unlock(&clp->cl_lock);
+ list_for_each_entry(stp, &reaplist, st_locks)
+ nfs4_free_cpntf_statelist(clp->net, &stp->st_stid);
free_ol_stateid_reaplist(&reaplist);
} else {
spin_unlock(&clp->cl_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 305/390] wifi: brcmfmac: fix invalid address access when enabling SCAN log level
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (303 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 304/390] NFSD: fix use-after-free on source server when doing inter-server copy Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 306/390] bpftool: Clear errno after libcaps checks Greg Kroah-Hartman
` (90 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wright Feng, Chi-hsien Lin,
Ahmad Fatoum, Alvin Šipraga, Kalle Valo, Sasha Levin
From: Wright Feng <wright.feng@cypress.com>
[ Upstream commit aa666b68e73fc06d83c070d96180b9010cf5a960 ]
The variable i is changed when setting random MAC address and causes
invalid address access when printing the value of pi->reqs[i]->reqid.
We replace reqs index with ri to fix the issue.
[ 136.726473] Unable to handle kernel access to user memory outside uaccess routines at virtual address 0000000000000000
[ 136.737365] Mem abort info:
[ 136.740172] ESR = 0x96000004
[ 136.743359] Exception class = DABT (current EL), IL = 32 bits
[ 136.749294] SET = 0, FnV = 0
[ 136.752481] EA = 0, S1PTW = 0
[ 136.755635] Data abort info:
[ 136.758514] ISV = 0, ISS = 0x00000004
[ 136.762487] CM = 0, WnR = 0
[ 136.765522] user pgtable: 4k pages, 48-bit VAs, pgdp = 000000005c4e2577
[ 136.772265] [0000000000000000] pgd=0000000000000000
[ 136.777160] Internal error: Oops: 96000004 [#1] PREEMPT SMP
[ 136.782732] Modules linked in: brcmfmac(O) brcmutil(O) cfg80211(O) compat(O)
[ 136.789788] Process wificond (pid: 3175, stack limit = 0x00000000053048fb)
[ 136.796664] CPU: 3 PID: 3175 Comm: wificond Tainted: G O 4.19.42-00001-g531a5f5 #1
[ 136.805532] Hardware name: Freescale i.MX8MQ EVK (DT)
[ 136.810584] pstate: 60400005 (nZCv daif +PAN -UAO)
[ 136.815429] pc : brcmf_pno_config_sched_scans+0x6cc/0xa80 [brcmfmac]
[ 136.821811] lr : brcmf_pno_config_sched_scans+0x67c/0xa80 [brcmfmac]
[ 136.828162] sp : ffff00000e9a3880
[ 136.831475] x29: ffff00000e9a3890 x28: ffff800020543400
[ 136.836786] x27: ffff8000b1008880 x26: ffff0000012bf6a0
[ 136.842098] x25: ffff80002054345c x24: ffff800088d22400
[ 136.847409] x23: ffff0000012bf638 x22: ffff0000012bf6d8
[ 136.852721] x21: ffff8000aced8fc0 x20: ffff8000ac164400
[ 136.858032] x19: ffff00000e9a3946 x18: 0000000000000000
[ 136.863343] x17: 0000000000000000 x16: 0000000000000000
[ 136.868655] x15: ffff0000093f3b37 x14: 0000000000000050
[ 136.873966] x13: 0000000000003135 x12: 0000000000000000
[ 136.879277] x11: 0000000000000000 x10: ffff000009a61888
[ 136.884589] x9 : 000000000000000f x8 : 0000000000000008
[ 136.889900] x7 : 303a32303d726464 x6 : ffff00000a1f957d
[ 136.895211] x5 : 0000000000000000 x4 : ffff00000e9a3942
[ 136.900523] x3 : 0000000000000000 x2 : ffff0000012cead8
[ 136.905834] x1 : ffff0000012bf6d8 x0 : 0000000000000000
[ 136.911146] Call trace:
[ 136.913623] brcmf_pno_config_sched_scans+0x6cc/0xa80 [brcmfmac]
[ 136.919658] brcmf_pno_start_sched_scan+0xa4/0x118 [brcmfmac]
[ 136.925430] brcmf_cfg80211_sched_scan_start+0x80/0xe0 [brcmfmac]
[ 136.931636] nl80211_start_sched_scan+0x140/0x308 [cfg80211]
[ 136.937298] genl_rcv_msg+0x358/0x3f4
[ 136.940960] netlink_rcv_skb+0xb4/0x118
[ 136.944795] genl_rcv+0x34/0x48
[ 136.947935] netlink_unicast+0x264/0x300
[ 136.951856] netlink_sendmsg+0x2e4/0x33c
[ 136.955781] __sys_sendto+0x120/0x19c
Signed-off-by: Wright Feng <wright.feng@cypress.com>
Signed-off-by: Chi-hsien Lin <chi-hsien.lin@cypress.com>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Alvin Šipraga <alsi@bang-olufsen.dk>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220722115632.620681-4-alvin@pqrs.dk
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/wireless/broadcom/brcm80211/brcmfmac/pno.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pno.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pno.c
index fabfbb0b40b0..d0a7465be586 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pno.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pno.c
@@ -158,12 +158,12 @@ static int brcmf_pno_set_random(struct brcmf_if *ifp, struct brcmf_pno_info *pi)
struct brcmf_pno_macaddr_le pfn_mac;
u8 *mac_addr = NULL;
u8 *mac_mask = NULL;
- int err, i;
+ int err, i, ri;
- for (i = 0; i < pi->n_reqs; i++)
- if (pi->reqs[i]->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
- mac_addr = pi->reqs[i]->mac_addr;
- mac_mask = pi->reqs[i]->mac_addr_mask;
+ for (ri = 0; ri < pi->n_reqs; ri++)
+ if (pi->reqs[ri]->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
+ mac_addr = pi->reqs[ri]->mac_addr;
+ mac_mask = pi->reqs[ri]->mac_addr_mask;
break;
}
@@ -185,7 +185,7 @@ static int brcmf_pno_set_random(struct brcmf_if *ifp, struct brcmf_pno_info *pi)
pfn_mac.mac[0] |= 0x02;
brcmf_dbg(SCAN, "enabling random mac: reqid=%llu mac=%pM\n",
- pi->reqs[i]->reqid, pfn_mac.mac);
+ pi->reqs[ri]->reqid, pfn_mac.mac);
err = brcmf_fil_iovar_data_set(ifp, "pfn_macaddr", &pfn_mac,
sizeof(pfn_mac));
if (err)
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 306/390] bpftool: Clear errno after libcaps checks
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (304 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 305/390] wifi: brcmfmac: fix invalid address access when enabling SCAN log level Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 307/390] openvswitch: Fix double reporting of drops in dropwatch Greg Kroah-Hartman
` (89 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Quentin Monnet, Daniel Borkmann, Sasha Levin
From: Quentin Monnet <quentin@isovalent.com>
[ Upstream commit cea558855c39b7f1f02ff50dcf701ca6596bc964 ]
When bpftool is linked against libcap, the library runs a "constructor"
function to compute the number of capabilities of the running kernel
[0], at the beginning of the execution of the program. As part of this,
it performs multiple calls to prctl(). Some of these may fail, and set
errno to a non-zero value:
# strace -e prctl ./bpftool version
prctl(PR_CAPBSET_READ, CAP_MAC_OVERRIDE) = 1
prctl(PR_CAPBSET_READ, 0x30 /* CAP_??? */) = -1 EINVAL (Invalid argument)
prctl(PR_CAPBSET_READ, CAP_CHECKPOINT_RESTORE) = 1
prctl(PR_CAPBSET_READ, 0x2c /* CAP_??? */) = -1 EINVAL (Invalid argument)
prctl(PR_CAPBSET_READ, 0x2a /* CAP_??? */) = -1 EINVAL (Invalid argument)
prctl(PR_CAPBSET_READ, 0x29 /* CAP_??? */) = -1 EINVAL (Invalid argument)
** fprintf added at the top of main(): we have errno == 1
./bpftool v7.0.0
using libbpf v1.0
features: libbfd, libbpf_strict, skeletons
+++ exited with 0 +++
This has been addressed in libcap 2.63 [1], but until this version is
available everywhere, we can fix it on bpftool side.
Let's clean errno at the beginning of the main() function, to make sure
that these checks do not interfere with the batch mode, where we error
out if errno is set after a bpftool command.
[0] https://git.kernel.org/pub/scm/libs/libcap/libcap.git/tree/libcap/cap_alloc.c?h=libcap-2.65#n20
[1] https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=f25a1b7e69f7b33e6afb58b3e38f3450b7d2d9a0
Signed-off-by: Quentin Monnet <quentin@isovalent.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20220815162205.45043-1-quentin@isovalent.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/bpf/bpftool/main.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/tools/bpf/bpftool/main.c b/tools/bpf/bpftool/main.c
index 1854d6b97860..4fd4e3462ebc 100644
--- a/tools/bpf/bpftool/main.c
+++ b/tools/bpf/bpftool/main.c
@@ -398,6 +398,16 @@ int main(int argc, char **argv)
setlinebuf(stdout);
+#ifdef USE_LIBCAP
+ /* Libcap < 2.63 hooks before main() to compute the number of
+ * capabilities of the running kernel, and doing so it calls prctl()
+ * which may fail and set errno to non-zero.
+ * Let's reset errno to make sure this does not interfere with the
+ * batch mode.
+ */
+ errno = 0;
+#endif
+
last_do_help = do_help;
pretty_output = false;
json_output = false;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 307/390] openvswitch: Fix double reporting of drops in dropwatch
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (305 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 306/390] bpftool: Clear errno after libcaps checks Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 308/390] openvswitch: Fix overreporting " Greg Kroah-Hartman
` (88 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Pattrick, David S. Miller, Sasha Levin
From: Mike Pattrick <mkp@redhat.com>
[ Upstream commit 1100248a5c5ccd57059eb8d02ec077e839a23826 ]
Frames sent to userspace can be reported as dropped in
ovs_dp_process_packet, however, if they are dropped in the netlink code
then netlink_attachskb will report the same frame as dropped.
This patch checks for error codes which indicate that the frame has
already been freed.
Signed-off-by: Mike Pattrick <mkp@redhat.com>
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2109946
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/openvswitch/datapath.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
index 9d6ef6cb9b26..4d2d91d6f990 100644
--- a/net/openvswitch/datapath.c
+++ b/net/openvswitch/datapath.c
@@ -241,10 +241,17 @@ void ovs_dp_process_packet(struct sk_buff *skb, struct sw_flow_key *key)
upcall.portid = ovs_vport_find_upcall_portid(p, skb);
upcall.mru = OVS_CB(skb)->mru;
error = ovs_dp_upcall(dp, skb, key, &upcall, 0);
- if (unlikely(error))
- kfree_skb(skb);
- else
+ switch (error) {
+ case 0:
+ case -EAGAIN:
+ case -ERESTARTSYS:
+ case -EINTR:
consume_skb(skb);
+ break;
+ default:
+ kfree_skb(skb);
+ break;
+ }
stats_counter = &stats->n_missed;
goto out;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 308/390] openvswitch: Fix overreporting of drops in dropwatch
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (306 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 307/390] openvswitch: Fix double reporting of drops in dropwatch Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 309/390] tcp: annotate data-race around tcp_md5sig_pool_populated Greg Kroah-Hartman
` (87 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Pattrick, David S. Miller, Sasha Levin
From: Mike Pattrick <mkp@redhat.com>
[ Upstream commit c21ab2afa2c64896a7f0e3cbc6845ec63dcfad2e ]
Currently queue_userspace_packet will call kfree_skb for all frames,
whether or not an error occurred. This can result in a single dropped
frame being reported as multiple drops in dropwatch. This functions
caller may also call kfree_skb in case of an error. This patch will
consume the skbs instead and allow caller's to use kfree_skb.
Signed-off-by: Mike Pattrick <mkp@redhat.com>
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2109957
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/openvswitch/datapath.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
index 4d2d91d6f990..6b5c0abf7f1b 100644
--- a/net/openvswitch/datapath.c
+++ b/net/openvswitch/datapath.c
@@ -544,8 +544,9 @@ static int queue_userspace_packet(struct datapath *dp, struct sk_buff *skb,
out:
if (err)
skb_tx_error(skb);
- kfree_skb(user_skb);
- kfree_skb(nskb);
+ consume_skb(user_skb);
+ consume_skb(nskb);
+
return err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 309/390] tcp: annotate data-race around tcp_md5sig_pool_populated
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (307 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 308/390] openvswitch: Fix overreporting " Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 310/390] wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() Greg Kroah-Hartman
` (86 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Abhishek Shah, Eric Dumazet,
David S. Miller, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit aacd467c0a576e5e44d2de4205855dc0fe43f6fb ]
tcp_md5sig_pool_populated can be read while another thread
changes its value.
The race has no consequence because allocations
are protected with tcp_md5sig_mutex.
This patch adds READ_ONCE() and WRITE_ONCE() to document
the race and silence KCSAN.
Reported-by: Abhishek Shah <abhishek.shah@columbia.edu>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/tcp.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 24328ad00278..b0aa7cc69d51 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -4043,12 +4043,16 @@ static void __tcp_alloc_md5sig_pool(void)
* to memory. See smp_rmb() in tcp_get_md5sig_pool()
*/
smp_wmb();
- tcp_md5sig_pool_populated = true;
+ /* Paired with READ_ONCE() from tcp_alloc_md5sig_pool()
+ * and tcp_get_md5sig_pool().
+ */
+ WRITE_ONCE(tcp_md5sig_pool_populated, true);
}
bool tcp_alloc_md5sig_pool(void)
{
- if (unlikely(!tcp_md5sig_pool_populated)) {
+ /* Paired with WRITE_ONCE() from __tcp_alloc_md5sig_pool() */
+ if (unlikely(!READ_ONCE(tcp_md5sig_pool_populated))) {
mutex_lock(&tcp_md5sig_mutex);
if (!tcp_md5sig_pool_populated) {
@@ -4059,7 +4063,8 @@ bool tcp_alloc_md5sig_pool(void)
mutex_unlock(&tcp_md5sig_mutex);
}
- return tcp_md5sig_pool_populated;
+ /* Paired with WRITE_ONCE() from __tcp_alloc_md5sig_pool() */
+ return READ_ONCE(tcp_md5sig_pool_populated);
}
EXPORT_SYMBOL(tcp_alloc_md5sig_pool);
@@ -4075,7 +4080,8 @@ struct tcp_md5sig_pool *tcp_get_md5sig_pool(void)
{
local_bh_disable();
- if (tcp_md5sig_pool_populated) {
+ /* Paired with WRITE_ONCE() from __tcp_alloc_md5sig_pool() */
+ if (READ_ONCE(tcp_md5sig_pool_populated)) {
/* coupled with smp_wmb() in __tcp_alloc_md5sig_pool() */
smp_rmb();
return this_cpu_ptr(&tcp_md5sig_pool);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 310/390] wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (308 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 309/390] tcp: annotate data-race around tcp_md5sig_pool_populated Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 311/390] xfrm: Update ipcomp_scratches with NULL when freed Greg Kroah-Hartman
` (85 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot, Tetsuo Handa,
Toke Høiland-Jørgensen, Kalle Valo, Sasha Levin
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
[ Upstream commit b383e8abed41cc6ff1a3b34de75df9397fa4878c ]
syzbot is reporting uninit value at ath9k_htc_rx_msg() [1], for
ioctl(USB_RAW_IOCTL_EP_WRITE) can call ath9k_hif_usb_rx_stream() with
pkt_len = 0 but ath9k_hif_usb_rx_stream() uses
__dev_alloc_skb(pkt_len + 32, GFP_ATOMIC) based on an assumption that
pkt_len is valid. As a result, ath9k_hif_usb_rx_stream() allocates skb
with uninitialized memory and ath9k_htc_rx_msg() is reading from
uninitialized memory.
Since bytes accessed by ath9k_htc_rx_msg() is not known until
ath9k_htc_rx_msg() is called, it would be difficult to check minimal valid
pkt_len at "if (pkt_len > 2 * MAX_RX_BUF_SIZE) {" line in
ath9k_hif_usb_rx_stream().
We have two choices. One is to workaround by adding __GFP_ZERO so that
ath9k_htc_rx_msg() sees 0 if pkt_len is invalid. The other is to let
ath9k_htc_rx_msg() validate pkt_len before accessing. This patch chose
the latter.
Note that I'm not sure threshold condition is correct, for I can't find
details on possible packet length used by this protocol.
Link: https://syzkaller.appspot.com/bug?extid=2ca247c2d60c7023de7f [1]
Reported-by: syzbot <syzbot+2ca247c2d60c7023de7f@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/7acfa1be-4b5c-b2ce-de43-95b0593fb3e5@I-love.SAKURA.ne.jp
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/htc_hst.c | 43 +++++++++++++++---------
1 file changed, 28 insertions(+), 15 deletions(-)
diff --git a/drivers/net/wireless/ath/ath9k/htc_hst.c b/drivers/net/wireless/ath/ath9k/htc_hst.c
index 994ec48b2f66..ca05b07a45e6 100644
--- a/drivers/net/wireless/ath/ath9k/htc_hst.c
+++ b/drivers/net/wireless/ath/ath9k/htc_hst.c
@@ -364,33 +364,27 @@ void ath9k_htc_txcompletion_cb(struct htc_target *htc_handle,
}
static void ath9k_htc_fw_panic_report(struct htc_target *htc_handle,
- struct sk_buff *skb)
+ struct sk_buff *skb, u32 len)
{
uint32_t *pattern = (uint32_t *)skb->data;
- switch (*pattern) {
- case 0x33221199:
- {
+ if (*pattern == 0x33221199 && len >= sizeof(struct htc_panic_bad_vaddr)) {
struct htc_panic_bad_vaddr *htc_panic;
htc_panic = (struct htc_panic_bad_vaddr *) skb->data;
dev_err(htc_handle->dev, "ath: firmware panic! "
"exccause: 0x%08x; pc: 0x%08x; badvaddr: 0x%08x.\n",
htc_panic->exccause, htc_panic->pc,
htc_panic->badvaddr);
- break;
- }
- case 0x33221299:
- {
+ return;
+ }
+ if (*pattern == 0x33221299) {
struct htc_panic_bad_epid *htc_panic;
htc_panic = (struct htc_panic_bad_epid *) skb->data;
dev_err(htc_handle->dev, "ath: firmware panic! "
"bad epid: 0x%08x\n", htc_panic->epid);
- break;
- }
- default:
- dev_err(htc_handle->dev, "ath: unknown panic pattern!\n");
- break;
+ return;
}
+ dev_err(htc_handle->dev, "ath: unknown panic pattern!\n");
}
/*
@@ -411,16 +405,26 @@ void ath9k_htc_rx_msg(struct htc_target *htc_handle,
if (!htc_handle || !skb)
return;
+ /* A valid message requires len >= 8.
+ *
+ * sizeof(struct htc_frame_hdr) == 8
+ * sizeof(struct htc_ready_msg) == 8
+ * sizeof(struct htc_panic_bad_vaddr) == 16
+ * sizeof(struct htc_panic_bad_epid) == 8
+ */
+ if (unlikely(len < sizeof(struct htc_frame_hdr)))
+ goto invalid;
htc_hdr = (struct htc_frame_hdr *) skb->data;
epid = htc_hdr->endpoint_id;
if (epid == 0x99) {
- ath9k_htc_fw_panic_report(htc_handle, skb);
+ ath9k_htc_fw_panic_report(htc_handle, skb, len);
kfree_skb(skb);
return;
}
if (epid < 0 || epid >= ENDPOINT_MAX) {
+invalid:
if (pipe_id != USB_REG_IN_PIPE)
dev_kfree_skb_any(skb);
else
@@ -432,21 +436,30 @@ void ath9k_htc_rx_msg(struct htc_target *htc_handle,
/* Handle trailer */
if (htc_hdr->flags & HTC_FLAGS_RECV_TRAILER) {
- if (be32_to_cpu(*(__be32 *) skb->data) == 0x00C60000)
+ if (be32_to_cpu(*(__be32 *) skb->data) == 0x00C60000) {
/* Move past the Watchdog pattern */
htc_hdr = (struct htc_frame_hdr *)(skb->data + 4);
+ len -= 4;
+ }
}
/* Get the message ID */
+ if (unlikely(len < sizeof(struct htc_frame_hdr) + sizeof(__be16)))
+ goto invalid;
msg_id = (__be16 *) ((void *) htc_hdr +
sizeof(struct htc_frame_hdr));
/* Now process HTC messages */
switch (be16_to_cpu(*msg_id)) {
case HTC_MSG_READY_ID:
+ if (unlikely(len < sizeof(struct htc_ready_msg)))
+ goto invalid;
htc_process_target_rdy(htc_handle, htc_hdr);
break;
case HTC_MSG_CONNECT_SERVICE_RESPONSE_ID:
+ if (unlikely(len < sizeof(struct htc_frame_hdr) +
+ sizeof(struct htc_conn_svc_rspmsg)))
+ goto invalid;
htc_process_conn_rsp(htc_handle, htc_hdr);
break;
default:
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 311/390] xfrm: Update ipcomp_scratches with NULL when freed
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (309 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 310/390] wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 312/390] wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() Greg Kroah-Hartman
` (84 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Herbert Xu,
syzbot+5ec9bb042ddfe9644773, Khalid Masum, Steffen Klassert,
Sasha Levin
From: Khalid Masum <khalid.masum.92@gmail.com>
[ Upstream commit 8a04d2fc700f717104bfb95b0f6694e448a4537f ]
Currently if ipcomp_alloc_scratches() fails to allocate memory
ipcomp_scratches holds obsolete address. So when we try to free the
percpu scratches using ipcomp_free_scratches() it tries to vfree non
existent vm area. Described below:
static void * __percpu *ipcomp_alloc_scratches(void)
{
...
scratches = alloc_percpu(void *);
if (!scratches)
return NULL;
ipcomp_scratches does not know about this allocation failure.
Therefore holding the old obsolete address.
...
}
So when we free,
static void ipcomp_free_scratches(void)
{
...
scratches = ipcomp_scratches;
Assigning obsolete address from ipcomp_scratches
if (!scratches)
return;
for_each_possible_cpu(i)
vfree(*per_cpu_ptr(scratches, i));
Trying to free non existent page, causing warning: trying to vfree
existent vm area.
...
}
Fix this breakage by updating ipcomp_scrtches with NULL when scratches
is freed
Suggested-by: Herbert Xu <herbert@gondor.apana.org.au>
Reported-by: syzbot+5ec9bb042ddfe9644773@syzkaller.appspotmail.com
Tested-by: syzbot+5ec9bb042ddfe9644773@syzkaller.appspotmail.com
Signed-off-by: Khalid Masum <khalid.masum.92@gmail.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/xfrm/xfrm_ipcomp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/xfrm/xfrm_ipcomp.c b/net/xfrm/xfrm_ipcomp.c
index 0814320472f1..24ac6805275e 100644
--- a/net/xfrm/xfrm_ipcomp.c
+++ b/net/xfrm/xfrm_ipcomp.c
@@ -212,6 +212,7 @@ static void ipcomp_free_scratches(void)
vfree(*per_cpu_ptr(scratches, i));
free_percpu(scratches);
+ ipcomp_scratches = NULL;
}
static void * __percpu *ipcomp_alloc_scratches(void)
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 312/390] wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (310 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 311/390] xfrm: Update ipcomp_scratches with NULL when freed Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 313/390] regulator: core: Prevent integer underflow Greg Kroah-Hartman
` (83 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Coffin, Kalle Valo, Sasha Levin
From: Alexander Coffin <alex.coffin@matician.com>
[ Upstream commit 3f42faf6db431e04bf942d2ebe3ae88975723478 ]
> ret = brcmf_proto_tx_queue_data(drvr, ifp->ifidx, skb);
may be schedule, and then complete before the line
> ndev->stats.tx_bytes += skb->len;
[ 46.912801] ==================================================================
[ 46.920552] BUG: KASAN: use-after-free in brcmf_netdev_start_xmit+0x718/0x8c8 [brcmfmac]
[ 46.928673] Read of size 4 at addr ffffff803f5882e8 by task systemd-resolve/328
[ 46.935991]
[ 46.937514] CPU: 1 PID: 328 Comm: systemd-resolve Tainted: G O 5.4.199-[REDACTED] #1
[ 46.947255] Hardware name: [REDACTED]
[ 46.954568] Call trace:
[ 46.957037] dump_backtrace+0x0/0x2b8
[ 46.960719] show_stack+0x24/0x30
[ 46.964052] dump_stack+0x128/0x194
[ 46.967557] print_address_description.isra.0+0x64/0x380
[ 46.972877] __kasan_report+0x1d4/0x240
[ 46.976723] kasan_report+0xc/0x18
[ 46.980138] __asan_report_load4_noabort+0x18/0x20
[ 46.985027] brcmf_netdev_start_xmit+0x718/0x8c8 [brcmfmac]
[ 46.990613] dev_hard_start_xmit+0x1bc/0xda0
[ 46.994894] sch_direct_xmit+0x198/0xd08
[ 46.998827] __qdisc_run+0x37c/0x1dc0
[ 47.002500] __dev_queue_xmit+0x1528/0x21f8
[ 47.006692] dev_queue_xmit+0x24/0x30
[ 47.010366] neigh_resolve_output+0x37c/0x678
[ 47.014734] ip_finish_output2+0x598/0x2458
[ 47.018927] __ip_finish_output+0x300/0x730
[ 47.023118] ip_output+0x2e0/0x430
[ 47.026530] ip_local_out+0x90/0x140
[ 47.030117] igmpv3_sendpack+0x14c/0x228
[ 47.034049] igmpv3_send_cr+0x384/0x6b8
[ 47.037895] igmp_ifc_timer_expire+0x4c/0x118
[ 47.042262] call_timer_fn+0x1cc/0xbe8
[ 47.046021] __run_timers+0x4d8/0xb28
[ 47.049693] run_timer_softirq+0x24/0x40
[ 47.053626] __do_softirq+0x2c0/0x117c
[ 47.057387] irq_exit+0x2dc/0x388
[ 47.060715] __handle_domain_irq+0xb4/0x158
[ 47.064908] gic_handle_irq+0x58/0xb0
[ 47.068581] el0_irq_naked+0x50/0x5c
[ 47.072162]
[ 47.073665] Allocated by task 328:
[ 47.077083] save_stack+0x24/0xb0
[ 47.080410] __kasan_kmalloc.isra.0+0xc0/0xe0
[ 47.084776] kasan_slab_alloc+0x14/0x20
[ 47.088622] kmem_cache_alloc+0x15c/0x468
[ 47.092643] __alloc_skb+0xa4/0x498
[ 47.096142] igmpv3_newpack+0x158/0xd78
[ 47.099987] add_grhead+0x210/0x288
[ 47.103485] add_grec+0x6b0/0xb70
[ 47.106811] igmpv3_send_cr+0x2e0/0x6b8
[ 47.110657] igmp_ifc_timer_expire+0x4c/0x118
[ 47.115027] call_timer_fn+0x1cc/0xbe8
[ 47.118785] __run_timers+0x4d8/0xb28
[ 47.122457] run_timer_softirq+0x24/0x40
[ 47.126389] __do_softirq+0x2c0/0x117c
[ 47.130142]
[ 47.131643] Freed by task 180:
[ 47.134712] save_stack+0x24/0xb0
[ 47.138041] __kasan_slab_free+0x108/0x180
[ 47.142146] kasan_slab_free+0x10/0x18
[ 47.145904] slab_free_freelist_hook+0xa4/0x1b0
[ 47.150444] kmem_cache_free+0x8c/0x528
[ 47.154292] kfree_skbmem+0x94/0x108
[ 47.157880] consume_skb+0x10c/0x5a8
[ 47.161466] __dev_kfree_skb_any+0x88/0xa0
[ 47.165598] brcmu_pkt_buf_free_skb+0x44/0x68 [brcmutil]
[ 47.171023] brcmf_txfinalize+0xec/0x190 [brcmfmac]
[ 47.176016] brcmf_proto_bcdc_txcomplete+0x1c0/0x210 [brcmfmac]
[ 47.182056] brcmf_sdio_sendfromq+0x8dc/0x1e80 [brcmfmac]
[ 47.187568] brcmf_sdio_dpc+0xb48/0x2108 [brcmfmac]
[ 47.192529] brcmf_sdio_dataworker+0xc8/0x238 [brcmfmac]
[ 47.197859] process_one_work+0x7fc/0x1a80
[ 47.201965] worker_thread+0x31c/0xc40
[ 47.205726] kthread+0x2d8/0x370
[ 47.208967] ret_from_fork+0x10/0x18
[ 47.212546]
[ 47.214051] The buggy address belongs to the object at ffffff803f588280
[ 47.214051] which belongs to the cache skbuff_head_cache of size 208
[ 47.227086] The buggy address is located 104 bytes inside of
[ 47.227086] 208-byte region [ffffff803f588280, ffffff803f588350)
[ 47.238814] The buggy address belongs to the page:
[ 47.243618] page:ffffffff00dd6200 refcount:1 mapcount:0 mapping:ffffff804b6bf800 index:0xffffff803f589900 compound_mapcount: 0
[ 47.255007] flags: 0x10200(slab|head)
[ 47.258689] raw: 0000000000010200 ffffffff00dfa980 0000000200000002 ffffff804b6bf800
[ 47.266439] raw: ffffff803f589900 0000000080190018 00000001ffffffff 0000000000000000
[ 47.274180] page dumped because: kasan: bad access detected
[ 47.279752]
[ 47.281251] Memory state around the buggy address:
[ 47.286051] ffffff803f588180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.293277] ffffff803f588200: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 47.300502] >ffffff803f588280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.307723] ^
[ 47.314343] ffffff803f588300: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc
[ 47.321569] ffffff803f588380: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 47.328789] ==================================================================
Signed-off-by: Alexander Coffin <alex.coffin@matician.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220808174925.3922558-1-alex.coffin@matician.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
index 61039538a15b..c8e1d505f7b5 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
@@ -290,6 +290,7 @@ static netdev_tx_t brcmf_netdev_start_xmit(struct sk_buff *skb,
struct brcmf_pub *drvr = ifp->drvr;
struct ethhdr *eh;
int head_delta;
+ unsigned int tx_bytes = skb->len;
brcmf_dbg(DATA, "Enter, bsscfgidx=%d\n", ifp->bsscfgidx);
@@ -364,7 +365,7 @@ static netdev_tx_t brcmf_netdev_start_xmit(struct sk_buff *skb,
ndev->stats.tx_dropped++;
} else {
ndev->stats.tx_packets++;
- ndev->stats.tx_bytes += skb->len;
+ ndev->stats.tx_bytes += tx_bytes;
}
/* Return ok: we always eat the packet */
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 313/390] regulator: core: Prevent integer underflow
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (311 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 312/390] wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 314/390] Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() Greg Kroah-Hartman
` (82 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Patrick Rudolph, Mark Brown, Sasha Levin
From: Patrick Rudolph <patrick.rudolph@9elements.com>
[ Upstream commit 8d8e16592022c9650df8aedfe6552ed478d7135b ]
By using a ratio of delay to poll_enabled_time that is not integer
time_remaining underflows and does not exit the loop as expected.
As delay could be derived from DT and poll_enabled_time is defined
in the driver this can easily happen.
Use a signed iterator to make sure that the loop exits once
the remaining time is negative.
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Link: https://lore.kernel.org/r/20220909125954.577669-1-patrick.rudolph@9elements.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index 317d701487ec..bf8ba73d6c7c 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -2544,7 +2544,7 @@ static int _regulator_do_enable(struct regulator_dev *rdev)
* expired, return -ETIMEDOUT.
*/
if (rdev->desc->poll_enabled_time) {
- unsigned int time_remaining = delay;
+ int time_remaining = delay;
while (time_remaining > 0) {
_regulator_enable_delay(rdev->desc->poll_enabled_time);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 314/390] Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (312 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 313/390] regulator: core: Prevent integer underflow Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 315/390] Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times Greg Kroah-Hartman
` (81 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot, Tetsuo Handa,
Luiz Augusto von Dentz, Sasha Levin
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
[ Upstream commit 2d2cb3066f2c90cd8ca540b36ba7a55e7f2406e0 ]
syzbot is reporting cancel_delayed_work() without INIT_DELAYED_WORK() at
l2cap_chan_del() [1], for CONF_NOT_COMPLETE flag (which meant to prevent
l2cap_chan_del() from calling cancel_delayed_work()) is cleared by timer
which fires before l2cap_chan_del() is called by closing file descriptor
created by socket(AF_BLUETOOTH, SOCK_STREAM, BTPROTO_L2CAP).
l2cap_bredr_sig_cmd(L2CAP_CONF_REQ) and l2cap_bredr_sig_cmd(L2CAP_CONF_RSP)
are calling l2cap_ertm_init(chan), and they call l2cap_chan_ready() (which
clears CONF_NOT_COMPLETE flag) only when l2cap_ertm_init(chan) succeeded.
l2cap_sock_init() does not call l2cap_ertm_init(chan), and it instead sets
CONF_NOT_COMPLETE flag by calling l2cap_chan_set_defaults(). However, when
connect() is requested, "command 0x0409 tx timeout" happens after 2 seconds
from connect() request, and CONF_NOT_COMPLETE flag is cleared after 4
seconds from connect() request, for l2cap_conn_start() from
l2cap_info_timeout() callback scheduled by
schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
in l2cap_connect() is calling l2cap_chan_ready().
Fix this problem by initializing delayed works used by L2CAP_MODE_ERTM
mode as soon as l2cap_chan_create() allocates a channel, like I did in
commit be8597239379f0f5 ("Bluetooth: initialize skb_queue_head at
l2cap_chan_create()").
Link: https://syzkaller.appspot.com/bug?extid=83672956c7aa6af698b3 [1]
Reported-by: syzbot <syzbot+83672956c7aa6af698b3@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/l2cap_core.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 0c38af2ff209..8d5029c81ee7 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -61,6 +61,9 @@ static void l2cap_send_disconn_req(struct l2cap_chan *chan, int err);
static void l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
struct sk_buff_head *skbs, u8 event);
+static void l2cap_retrans_timeout(struct work_struct *work);
+static void l2cap_monitor_timeout(struct work_struct *work);
+static void l2cap_ack_timeout(struct work_struct *work);
static inline u8 bdaddr_type(u8 link_type, u8 bdaddr_type)
{
@@ -476,6 +479,9 @@ struct l2cap_chan *l2cap_chan_create(void)
write_unlock(&chan_list_lock);
INIT_DELAYED_WORK(&chan->chan_timer, l2cap_chan_timeout);
+ INIT_DELAYED_WORK(&chan->retrans_timer, l2cap_retrans_timeout);
+ INIT_DELAYED_WORK(&chan->monitor_timer, l2cap_monitor_timeout);
+ INIT_DELAYED_WORK(&chan->ack_timer, l2cap_ack_timeout);
chan->state = BT_OPEN;
@@ -3316,10 +3322,6 @@ int l2cap_ertm_init(struct l2cap_chan *chan)
chan->rx_state = L2CAP_RX_STATE_RECV;
chan->tx_state = L2CAP_TX_STATE_XMIT;
- INIT_DELAYED_WORK(&chan->retrans_timer, l2cap_retrans_timeout);
- INIT_DELAYED_WORK(&chan->monitor_timer, l2cap_monitor_timeout);
- INIT_DELAYED_WORK(&chan->ack_timer, l2cap_ack_timeout);
-
skb_queue_head_init(&chan->srej_q);
err = l2cap_seq_list_init(&chan->srej_list, chan->tx_win);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 315/390] Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (313 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 314/390] Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 316/390] can: bcm: check the result of can_send() in bcm_can_tx() Greg Kroah-Hartman
` (80 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Luiz Augusto von Dentz,
Hawkins Jiawei, Sasha Levin
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
[ Upstream commit 448a496f760664d3e2e79466aa1787e6abc922b5 ]
device_add shall not be called multiple times as stated in its
documentation:
'Do not call this routine or device_register() more than once for
any device structure'
Syzkaller reports a bug as follows [1]:
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:33!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[...]
Call Trace:
<TASK>
__list_add include/linux/list.h:69 [inline]
list_add_tail include/linux/list.h:102 [inline]
kobj_kset_join lib/kobject.c:164 [inline]
kobject_add_internal+0x18f/0x8f0 lib/kobject.c:214
kobject_add_varg lib/kobject.c:358 [inline]
kobject_add+0x150/0x1c0 lib/kobject.c:410
device_add+0x368/0x1e90 drivers/base/core.c:3452
hci_conn_add_sysfs+0x9b/0x1b0 net/bluetooth/hci_sysfs.c:53
hci_le_cis_estabilished_evt+0x57c/0xae0 net/bluetooth/hci_event.c:6799
hci_le_meta_evt+0x2b8/0x510 net/bluetooth/hci_event.c:7110
hci_event_func net/bluetooth/hci_event.c:7440 [inline]
hci_event_packet+0x63d/0xfd0 net/bluetooth/hci_event.c:7495
hci_rx_work+0xae7/0x1230 net/bluetooth/hci_core.c:4007
process_one_work+0x991/0x1610 kernel/workqueue.c:2289
worker_thread+0x665/0x1080 kernel/workqueue.c:2436
kthread+0x2e4/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
</TASK>
Link: https://syzkaller.appspot.com/bug?id=da3246e2d33afdb92d66bc166a0934c5b146404a
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Tested-by: Hawkins Jiawei <yin31149@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/hci_sysfs.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c
index b69d88b88d2e..ccd2c377bf83 100644
--- a/net/bluetooth/hci_sysfs.c
+++ b/net/bluetooth/hci_sysfs.c
@@ -48,6 +48,9 @@ void hci_conn_add_sysfs(struct hci_conn *conn)
BT_DBG("conn %p", conn);
+ if (device_is_registered(&conn->dev))
+ return;
+
dev_set_name(&conn->dev, "%s:%d", hdev->name, conn->handle);
if (device_add(&conn->dev) < 0) {
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 316/390] can: bcm: check the result of can_send() in bcm_can_tx()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (314 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 315/390] Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 317/390] wifi: rt2x00: dont run Rt5592 IQ calibration on MT7620 Greg Kroah-Hartman
` (79 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marc Kleine-Budde, Oliver Hartkopp,
Ziyang Xuan, Sasha Levin
From: Ziyang Xuan <william.xuanziyang@huawei.com>
[ Upstream commit 3fd7bfd28cfd68ae80a2fe92ea1615722cc2ee6e ]
If can_send() fail, it should not update frames_abs counter
in bcm_can_tx(). Add the result check for can_send() in bcm_can_tx().
Suggested-by: Marc Kleine-Budde <mkl@pengutronix.de>
Suggested-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Link: https://lore.kernel.org/all/9851878e74d6d37aee2f1ee76d68361a46f89458.1663206163.git.william.xuanziyang@huawei.com
Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/can/bcm.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/net/can/bcm.c b/net/can/bcm.c
index e918a0f3cda2..afa82adaf6cd 100644
--- a/net/can/bcm.c
+++ b/net/can/bcm.c
@@ -274,6 +274,7 @@ static void bcm_can_tx(struct bcm_op *op)
struct sk_buff *skb;
struct net_device *dev;
struct canfd_frame *cf = op->frames + op->cfsiz * op->currframe;
+ int err;
/* no target device? => exit */
if (!op->ifindex)
@@ -298,11 +299,11 @@ static void bcm_can_tx(struct bcm_op *op)
/* send with loopback */
skb->dev = dev;
can_skb_set_owner(skb, op->sk);
- can_send(skb, 1);
+ err = can_send(skb, 1);
+ if (!err)
+ op->frames_abs++;
- /* update statistics */
op->currframe++;
- op->frames_abs++;
/* reached last frame? */
if (op->currframe >= op->nframes)
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 317/390] wifi: rt2x00: dont run Rt5592 IQ calibration on MT7620
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (315 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 316/390] can: bcm: check the result of can_send() in bcm_can_tx() Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 318/390] wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 Greg Kroah-Hartman
` (78 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Vasilugin, Daniel Golle,
Kalle Valo, Sasha Levin
From: Daniel Golle <daniel@makrotopia.org>
[ Upstream commit d3aad83d05aec0cfd7670cf0028f2ad4b81de92e ]
The function rt2800_iq_calibrate is intended for Rt5592 only.
Don't call it for MT7620 which has it's own calibration functions.
Reported-by: Serge Vasilugin <vasilugin@yandex.ru>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/31a1c34ddbd296b82f38c18c9ae7339059215fdc.1663445157.git.daniel@makrotopia.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
index fed6d21cd6ce..3f2c10c2aaf8 100644
--- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
@@ -4352,7 +4352,8 @@ static void rt2800_config_channel(struct rt2x00_dev *rt2x00dev,
reg = (rf->channel <= 14 ? 0x1c : 0x24) + 2*rt2x00dev->lna_gain;
rt2800_bbp_write_with_rx_chain(rt2x00dev, 66, reg);
- rt2800_iq_calibrate(rt2x00dev, rf->channel);
+ if (rt2x00_rt(rt2x00dev, RT5592))
+ rt2800_iq_calibrate(rt2x00dev, rf->channel);
}
bbp = rt2800_bbp_read(rt2x00dev, 4);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 318/390] wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (316 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 317/390] wifi: rt2x00: dont run Rt5592 IQ calibration on MT7620 Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 319/390] wifi: rt2x00: set VGC gain for both chains of MT7620 Greg Kroah-Hartman
` (77 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Vasilugin, Daniel Golle,
Stanislaw Gruszka, Kalle Valo, Sasha Levin
From: Daniel Golle <daniel@makrotopia.org>
[ Upstream commit eeb50acf15762b61921f9df18663f839f387c054 ]
Set correct TX_SW_CFG1 MAC register as it is done also in v3 of the
vendor driver[1].
[1]: https://gitlab.com/dm38/padavan-ng/-/blob/master/trunk/proprietary/rt_wifi/rtpci/3.0.X.X/mt76x2/chips/rt6352.c#L531
Reported-by: Serge Vasilugin <vasilugin@yandex.ru>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Acked-by: Stanislaw Gruszka <stf_xl@wp.pl>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/4be38975ce600a34249e12d09a3cb758c6e71071.1663445157.git.daniel@makrotopia.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
index 3f2c10c2aaf8..327f19cae4d7 100644
--- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
@@ -5849,7 +5849,7 @@ static int rt2800_init_registers(struct rt2x00_dev *rt2x00dev)
rt2800_register_write(rt2x00dev, TX_SW_CFG0, 0x00000404);
} else if (rt2x00_rt(rt2x00dev, RT6352)) {
rt2800_register_write(rt2x00dev, TX_SW_CFG0, 0x00000401);
- rt2800_register_write(rt2x00dev, TX_SW_CFG1, 0x000C0000);
+ rt2800_register_write(rt2x00dev, TX_SW_CFG1, 0x000C0001);
rt2800_register_write(rt2x00dev, TX_SW_CFG2, 0x00000000);
rt2800_register_write(rt2x00dev, TX_ALC_VGA3, 0x00000000);
rt2800_register_write(rt2x00dev, TX0_BB_GAIN_ATTEN, 0x0);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 319/390] wifi: rt2x00: set VGC gain for both chains of MT7620
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (317 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 318/390] wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 320/390] wifi: rt2x00: set SoC wmac clock register Greg Kroah-Hartman
` (76 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Vasilugin, Daniel Golle,
Stanislaw Gruszka, Kalle Valo, Sasha Levin
From: Daniel Golle <daniel@makrotopia.org>
[ Upstream commit 0e09768c085709e10ece3b68f6ac921d3f6a9caa ]
Set bbp66 for all chains of the MT7620.
Reported-by: Serge Vasilugin <vasilugin@yandex.ru>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Acked-by: Stanislaw Gruszka <stf_xl@wp.pl>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/29e161397e5c9d9399da0fe87d44458aa2b90a78.1663445157.git.daniel@makrotopia.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
index 327f19cae4d7..94e5c3c373ba 100644
--- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
@@ -5626,7 +5626,8 @@ static inline void rt2800_set_vgc(struct rt2x00_dev *rt2x00dev,
if (qual->vgc_level != vgc_level) {
if (rt2x00_rt(rt2x00dev, RT3572) ||
rt2x00_rt(rt2x00dev, RT3593) ||
- rt2x00_rt(rt2x00dev, RT3883)) {
+ rt2x00_rt(rt2x00dev, RT3883) ||
+ rt2x00_rt(rt2x00dev, RT6352)) {
rt2800_bbp_write_with_rx_chain(rt2x00dev, 66,
vgc_level);
} else if (rt2x00_rt(rt2x00dev, RT5592)) {
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 320/390] wifi: rt2x00: set SoC wmac clock register
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (318 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 319/390] wifi: rt2x00: set VGC gain for both chains of MT7620 Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 321/390] wifi: rt2x00: correctly set BBP register 86 for MT7620 Greg Kroah-Hartman
` (75 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Vasilugin, Daniel Golle,
Stanislaw Gruszka, Kalle Valo, Sasha Levin
From: Daniel Golle <daniel@makrotopia.org>
[ Upstream commit cbde6ed406a51092d9e8a2df058f5f8490f27443 ]
Instead of using the default value 33 (pci), set US_CYC_CNT init based
on Programming guide:
If available, set chipset bus clock with fallback to cpu clock/3.
Reported-by: Serge Vasilugin <vasilugin@yandex.ru>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Acked-by: Stanislaw Gruszka <stf_xl@wp.pl>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/3e275d259f476f597dab91a9c395015ef3fe3284.1663445157.git.daniel@makrotopia.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/wireless/ralink/rt2x00/rt2800lib.c | 21 +++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
index 94e5c3c373ba..f237fc17dedc 100644
--- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
@@ -6112,6 +6112,27 @@ static int rt2800_init_registers(struct rt2x00_dev *rt2x00dev)
reg = rt2800_register_read(rt2x00dev, US_CYC_CNT);
rt2x00_set_field32(®, US_CYC_CNT_CLOCK_CYCLE, 125);
rt2800_register_write(rt2x00dev, US_CYC_CNT, reg);
+ } else if (rt2x00_is_soc(rt2x00dev)) {
+ struct clk *clk = clk_get_sys("bus", NULL);
+ int rate;
+
+ if (IS_ERR(clk)) {
+ clk = clk_get_sys("cpu", NULL);
+
+ if (IS_ERR(clk)) {
+ rate = 125;
+ } else {
+ rate = clk_get_rate(clk) / 3000000;
+ clk_put(clk);
+ }
+ } else {
+ rate = clk_get_rate(clk) / 1000000;
+ clk_put(clk);
+ }
+
+ reg = rt2800_register_read(rt2x00dev, US_CYC_CNT);
+ rt2x00_set_field32(®, US_CYC_CNT_CLOCK_CYCLE, rate);
+ rt2800_register_write(rt2x00dev, US_CYC_CNT, reg);
}
reg = rt2800_register_read(rt2x00dev, HT_FBK_CFG0);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 321/390] wifi: rt2x00: correctly set BBP register 86 for MT7620
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (319 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 320/390] wifi: rt2x00: set SoC wmac clock register Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 322/390] net: If sock is dead dont access socks sk_wq in sk_stream_wait_memory Greg Kroah-Hartman
` (74 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Vasilugin, Daniel Golle,
Stanislaw Gruszka, Kalle Valo, Sasha Levin
From: Daniel Golle <daniel@makrotopia.org>
[ Upstream commit c9aada64fe6493461127f1522d7e2f01792d2424 ]
Instead of 0 set the correct value for BBP register 86 for MT7620.
Reported-by: Serge Vasilugin <vasilugin@yandex.ru>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Acked-by: Stanislaw Gruszka <stf_xl@wp.pl>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/257267247ee4fa7ebc6a5d0c4948b3f8119c0d77.1663445157.git.daniel@makrotopia.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
index f237fc17dedc..4bdd3a95f2d2 100644
--- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
@@ -4151,7 +4151,10 @@ static void rt2800_config_channel(struct rt2x00_dev *rt2x00dev,
rt2800_bbp_write(rt2x00dev, 62, 0x37 - rt2x00dev->lna_gain);
rt2800_bbp_write(rt2x00dev, 63, 0x37 - rt2x00dev->lna_gain);
rt2800_bbp_write(rt2x00dev, 64, 0x37 - rt2x00dev->lna_gain);
- rt2800_bbp_write(rt2x00dev, 86, 0);
+ if (rt2x00_rt(rt2x00dev, RT6352))
+ rt2800_bbp_write(rt2x00dev, 86, 0x38);
+ else
+ rt2800_bbp_write(rt2x00dev, 86, 0);
}
if (rf->channel <= 14) {
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 322/390] net: If sock is dead dont access socks sk_wq in sk_stream_wait_memory
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (320 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 321/390] wifi: rt2x00: correctly set BBP register 86 for MT7620 Greg Kroah-Hartman
@ 2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 323/390] Bluetooth: L2CAP: Fix user-after-free Greg Kroah-Hartman
` (73 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jakub Sitnicki, Liu Jian,
Daniel Borkmann, John Fastabend, Eric Dumazet, Sasha Levin
From: Liu Jian <liujian56@huawei.com>
[ Upstream commit 3f8ef65af927db247418d4e1db49164d7a158fc5 ]
Fixes the below NULL pointer dereference:
[...]
[ 14.471200] Call Trace:
[ 14.471562] <TASK>
[ 14.471882] lock_acquire+0x245/0x2e0
[ 14.472416] ? remove_wait_queue+0x12/0x50
[ 14.473014] ? _raw_spin_lock_irqsave+0x17/0x50
[ 14.473681] _raw_spin_lock_irqsave+0x3d/0x50
[ 14.474318] ? remove_wait_queue+0x12/0x50
[ 14.474907] remove_wait_queue+0x12/0x50
[ 14.475480] sk_stream_wait_memory+0x20d/0x340
[ 14.476127] ? do_wait_intr_irq+0x80/0x80
[ 14.476704] do_tcp_sendpages+0x287/0x600
[ 14.477283] tcp_bpf_push+0xab/0x260
[ 14.477817] tcp_bpf_sendmsg_redir+0x297/0x500
[ 14.478461] ? __local_bh_enable_ip+0x77/0xe0
[ 14.479096] tcp_bpf_send_verdict+0x105/0x470
[ 14.479729] tcp_bpf_sendmsg+0x318/0x4f0
[ 14.480311] sock_sendmsg+0x2d/0x40
[ 14.480822] ____sys_sendmsg+0x1b4/0x1c0
[ 14.481390] ? copy_msghdr_from_user+0x62/0x80
[ 14.482048] ___sys_sendmsg+0x78/0xb0
[ 14.482580] ? vmf_insert_pfn_prot+0x91/0x150
[ 14.483215] ? __do_fault+0x2a/0x1a0
[ 14.483738] ? do_fault+0x15e/0x5d0
[ 14.484246] ? __handle_mm_fault+0x56b/0x1040
[ 14.484874] ? lock_is_held_type+0xdf/0x130
[ 14.485474] ? find_held_lock+0x2d/0x90
[ 14.486046] ? __sys_sendmsg+0x41/0x70
[ 14.486587] __sys_sendmsg+0x41/0x70
[ 14.487105] ? intel_pmu_drain_pebs_core+0x350/0x350
[ 14.487822] do_syscall_64+0x34/0x80
[ 14.488345] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[...]
The test scenario has the following flow:
thread1 thread2
----------- ---------------
tcp_bpf_sendmsg
tcp_bpf_send_verdict
tcp_bpf_sendmsg_redir sock_close
tcp_bpf_push_locked __sock_release
tcp_bpf_push //inet_release
do_tcp_sendpages sock->ops->release
sk_stream_wait_memory // tcp_close
sk_wait_event sk->sk_prot->close
release_sock(__sk);
***
lock_sock(sk);
__tcp_close
sock_orphan(sk)
sk->sk_wq = NULL
release_sock
****
lock_sock(__sk);
remove_wait_queue(sk_sleep(sk), &wait);
sk_sleep(sk)
//NULL pointer dereference
&rcu_dereference_raw(sk->sk_wq)->wait
While waiting for memory in thread1, the socket is released with its wait
queue because thread2 has closed it. This caused by tcp_bpf_send_verdict
didn't increase the f_count of psock->sk_redir->sk_socket->file in thread1.
We should check if SOCK_DEAD flag is set on wakeup in sk_stream_wait_memory
before accessing the wait queue.
Suggested-by: Jakub Sitnicki <jakub@cloudflare.com>
Signed-off-by: Liu Jian <liujian56@huawei.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Cc: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/bpf/20220823133755.314697-2-liujian56@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/stream.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/core/stream.c b/net/core/stream.c
index a166a32b411f..a61130504827 100644
--- a/net/core/stream.c
+++ b/net/core/stream.c
@@ -159,7 +159,8 @@ int sk_stream_wait_memory(struct sock *sk, long *timeo_p)
*timeo_p = current_timeo;
}
out:
- remove_wait_queue(sk_sleep(sk), &wait);
+ if (!sock_flag(sk, SOCK_DEAD))
+ remove_wait_queue(sk_sleep(sk), &wait);
return err;
do_error:
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 323/390] Bluetooth: L2CAP: Fix user-after-free
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (321 preceding siblings ...)
2022-10-24 11:31 ` [PATCH 5.10 322/390] net: If sock is dead dont access socks sk_wq in sk_stream_wait_memory Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 324/390] r8152: Rate limit overflow messages Greg Kroah-Hartman
` (72 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Luiz Augusto von Dentz, Sungwoo Kim,
Sasha Levin
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
[ Upstream commit 35fcbc4243aad7e7d020b7c1dfb14bb888b20a4f ]
This uses l2cap_chan_hold_unless_zero() after calling
__l2cap_get_chan_blah() to prevent the following trace:
Bluetooth: l2cap_core.c:static void l2cap_chan_destroy(struct kref
*kref)
Bluetooth: chan 0000000023c4974d
Bluetooth: parent 00000000ae861c08
==================================================================
BUG: KASAN: use-after-free in __mutex_waiter_is_first
kernel/locking/mutex.c:191 [inline]
BUG: KASAN: use-after-free in __mutex_lock_common
kernel/locking/mutex.c:671 [inline]
BUG: KASAN: use-after-free in __mutex_lock+0x278/0x400
kernel/locking/mutex.c:729
Read of size 8 at addr ffff888006a49b08 by task kworker/u3:2/389
Link: https://lore.kernel.org/lkml/20220622082716.478486-1-lee.jones@linaro.org
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sungwoo Kim <iam@sung-woo.kim>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/l2cap_core.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 8d5029c81ee7..83dd76e9196f 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -4305,6 +4305,12 @@ static int l2cap_connect_create_rsp(struct l2cap_conn *conn,
}
}
+ chan = l2cap_chan_hold_unless_zero(chan);
+ if (!chan) {
+ err = -EBADSLT;
+ goto unlock;
+ }
+
err = 0;
l2cap_chan_lock(chan);
@@ -4334,6 +4340,7 @@ static int l2cap_connect_create_rsp(struct l2cap_conn *conn,
}
l2cap_chan_unlock(chan);
+ l2cap_chan_put(chan);
unlock:
mutex_unlock(&conn->chan_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 324/390] r8152: Rate limit overflow messages
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (322 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 323/390] Bluetooth: L2CAP: Fix user-after-free Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 325/390] drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() Greg Kroah-Hartman
` (71 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrew Gaul, Jakub Kicinski, Sasha Levin
From: Andrew Gaul <gaul@gaul.org>
[ Upstream commit 93e2be344a7db169b7119de21ac1bf253b8c6907 ]
My system shows almost 10 million of these messages over a 24-hour
period which pollutes my logs.
Signed-off-by: Andrew Gaul <gaul@google.com>
Link: https://lore.kernel.org/r/20221002034128.2026653-1-gaul@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/usb/r8152.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c
index 0bb5b1c78654..a526242a3e36 100644
--- a/drivers/net/usb/r8152.c
+++ b/drivers/net/usb/r8152.c
@@ -1689,7 +1689,9 @@ static void intr_callback(struct urb *urb)
"Stop submitting intr, status %d\n", status);
return;
case -EOVERFLOW:
- netif_info(tp, intr, tp->netdev, "intr status -EOVERFLOW\n");
+ if (net_ratelimit())
+ netif_info(tp, intr, tp->netdev,
+ "intr status -EOVERFLOW\n");
goto resubmit;
/* -EPIPE: should clear the halt */
default:
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 325/390] drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (323 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 324/390] r8152: Rate limit overflow messages Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 326/390] drm: Use size_t type for len variable in drm_copy_field() Greg Kroah-Hartman
` (70 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jianglei Nie, Lyude Paul, Sasha Levin
From: Jianglei Nie <niejianglei2021@163.com>
[ Upstream commit 6dc548745d5b5102e3c53dc5097296ac270b6c69 ]
nouveau_bo_alloc() allocates a memory chunk for "nvbo" with kzalloc().
When some error occurs, "nvbo" should be released. But when
WARN_ON(pi < 0)) equals true, the function return ERR_PTR without
releasing the "nvbo", which will lead to a memory leak.
We should release the "nvbo" with kfree() if WARN_ON(pi < 0)) equals true.
Signed-off-by: Jianglei Nie <niejianglei2021@163.com>
Signed-off-by: Lyude Paul <lyude@redhat.com>
Reviewed-by: Lyude Paul <lyude@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220705094306.2244103-1-niejianglei2021@163.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/nouveau/nouveau_bo.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/nouveau/nouveau_bo.c b/drivers/gpu/drm/nouveau/nouveau_bo.c
index b4946b595d86..b57dcad8865f 100644
--- a/drivers/gpu/drm/nouveau/nouveau_bo.c
+++ b/drivers/gpu/drm/nouveau/nouveau_bo.c
@@ -279,8 +279,10 @@ nouveau_bo_alloc(struct nouveau_cli *cli, u64 *size, int *align, u32 domain,
break;
}
- if (WARN_ON(pi < 0))
+ if (WARN_ON(pi < 0)) {
+ kfree(nvbo);
return ERR_PTR(-EINVAL);
+ }
/* Disable compression if suitable settings couldn't be found. */
if (nvbo->comp && !vmm->page[pi].comp) {
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 326/390] drm: Use size_t type for len variable in drm_copy_field()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (324 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 325/390] drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 327/390] drm: Prevent drm_copy_field() to attempt copying a NULL pointer Greg Kroah-Hartman
` (69 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Javier Martinez Canillas,
Peter Robinson, Thomas Zimmermann, Sasha Levin
From: Javier Martinez Canillas <javierm@redhat.com>
[ Upstream commit 94dc3471d1b2b58b3728558d0e3f264e9ce6ff59 ]
The strlen() function returns a size_t which is an unsigned int on 32-bit
arches and an unsigned long on 64-bit arches. But in the drm_copy_field()
function, the strlen() return value is assigned to an 'int len' variable.
Later, the len variable is passed as copy_from_user() third argument that
is an unsigned long parameter as well.
In theory, this can lead to an integer overflow via type conversion. Since
the assignment happens to a signed int lvalue instead of a size_t lvalue.
In practice though, that's unlikely since the values copied are set by DRM
drivers and not controlled by userspace. But using a size_t for len is the
correct thing to do anyways.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Tested-by: Peter Robinson <pbrobinson@gmail.com>
Reviewed-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20220705100215.572498-2-javierm@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_ioctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c
index 4606cc938b36..a15d55d06510 100644
--- a/drivers/gpu/drm/drm_ioctl.c
+++ b/drivers/gpu/drm/drm_ioctl.c
@@ -473,7 +473,7 @@ EXPORT_SYMBOL(drm_invalid_op);
*/
static int drm_copy_field(char __user *buf, size_t *buf_len, const char *value)
{
- int len;
+ size_t len;
/* don't overflow userbuf */
len = strlen(value);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 327/390] drm: Prevent drm_copy_field() to attempt copying a NULL pointer
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (325 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 326/390] drm: Use size_t type for len variable in drm_copy_field() Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 328/390] gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() Greg Kroah-Hartman
` (68 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Robinson,
Javier Martinez Canillas, Thomas Zimmermann, Sasha Levin
From: Javier Martinez Canillas <javierm@redhat.com>
[ Upstream commit f6ee30407e883042482ad4ad30da5eaba47872ee ]
There are some struct drm_driver fields that are required by drivers since
drm_copy_field() attempts to copy them to user-space via DRM_IOCTL_VERSION.
But it can be possible that a driver has a bug and did not set some of the
fields, which leads to drm_copy_field() attempting to copy a NULL pointer:
[ +10.395966] Unable to handle kernel access to user memory outside uaccess routines at virtual address 0000000000000000
[ +0.010955] Mem abort info:
[ +0.002835] ESR = 0x0000000096000004
[ +0.003872] EC = 0x25: DABT (current EL), IL = 32 bits
[ +0.005395] SET = 0, FnV = 0
[ +0.003113] EA = 0, S1PTW = 0
[ +0.003182] FSC = 0x04: level 0 translation fault
[ +0.004964] Data abort info:
[ +0.002919] ISV = 0, ISS = 0x00000004
[ +0.003886] CM = 0, WnR = 0
[ +0.003040] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000115dad000
[ +0.006536] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000
[ +0.006925] Internal error: Oops: 96000004 [#1] SMP
...
[ +0.011113] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ +0.007061] pc : __pi_strlen+0x14/0x150
[ +0.003895] lr : drm_copy_field+0x30/0x1a4
[ +0.004156] sp : ffff8000094b3a50
[ +0.003355] x29: ffff8000094b3a50 x28: ffff8000094b3b70 x27: 0000000000000040
[ +0.007242] x26: ffff443743c2ba00 x25: 0000000000000000 x24: 0000000000000040
[ +0.007243] x23: ffff443743c2ba00 x22: ffff8000094b3b70 x21: 0000000000000000
[ +0.007241] x20: 0000000000000000 x19: ffff8000094b3b90 x18: 0000000000000000
[ +0.007241] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaab14b9af40
[ +0.007241] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
[ +0.007239] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffa524ad67d4d8
[ +0.007242] x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : 6c6e6263606e7141
[ +0.007239] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000
[ +0.007241] x2 : 0000000000000000 x1 : ffff8000094b3b90 x0 : 0000000000000000
[ +0.007240] Call trace:
[ +0.002475] __pi_strlen+0x14/0x150
[ +0.003537] drm_version+0x84/0xac
[ +0.003448] drm_ioctl_kernel+0xa8/0x16c
[ +0.003975] drm_ioctl+0x270/0x580
[ +0.003448] __arm64_sys_ioctl+0xb8/0xfc
[ +0.003978] invoke_syscall+0x78/0x100
[ +0.003799] el0_svc_common.constprop.0+0x4c/0xf4
[ +0.004767] do_el0_svc+0x38/0x4c
[ +0.003357] el0_svc+0x34/0x100
[ +0.003185] el0t_64_sync_handler+0x11c/0x150
[ +0.004418] el0t_64_sync+0x190/0x194
[ +0.003716] Code: 92402c04 b200c3e8 f13fc09f 5400088c (a9400c02)
[ +0.006180] ---[ end trace 0000000000000000 ]---
Reported-by: Peter Robinson <pbrobinson@gmail.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Acked-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20220705100215.572498-3-javierm@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_ioctl.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c
index a15d55d06510..c160a45a4274 100644
--- a/drivers/gpu/drm/drm_ioctl.c
+++ b/drivers/gpu/drm/drm_ioctl.c
@@ -475,6 +475,12 @@ static int drm_copy_field(char __user *buf, size_t *buf_len, const char *value)
{
size_t len;
+ /* don't attempt to copy a NULL pointer */
+ if (WARN_ONCE(!value, "BUG: the value to copy was not set!")) {
+ *buf_len = 0;
+ return 0;
+ }
+
/* don't overflow userbuf */
len = strlen(value);
if (len > *buf_len)
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 328/390] gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (326 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 327/390] drm: Prevent drm_copy_field() to attempt copying a NULL pointer Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 329/390] drm/amd/display: fix overflow on MIN_I64 definition Greg Kroah-Hartman
` (67 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeng Jingxiang, Robert Foss, Sasha Levin
From: Zeng Jingxiang <linuszeng@tencent.com>
[ Upstream commit ef8886f321c5dab8124b9153d25afa2a71d05323 ]
A NULL check for bridge->encoder shows that it may be NULL, but it
already been dereferenced on all paths leading to the check.
812 if (!bridge->encoder) {
Dereference the pointer bridge->encoder.
810 drm_connector_attach_encoder(<9611->connector, bridge->encoder);
Signed-off-by: Zeng Jingxiang <linuszeng@tencent.com>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220727073119.1578972-1-zengjx95@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/lontium-lt9611.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/bridge/lontium-lt9611.c b/drivers/gpu/drm/bridge/lontium-lt9611.c
index 29b1ce2140ab..1dcc28a4d853 100644
--- a/drivers/gpu/drm/bridge/lontium-lt9611.c
+++ b/drivers/gpu/drm/bridge/lontium-lt9611.c
@@ -816,13 +816,14 @@ static int lt9611_connector_init(struct drm_bridge *bridge, struct lt9611 *lt961
drm_connector_helper_add(<9611->connector,
<9611_bridge_connector_helper_funcs);
- drm_connector_attach_encoder(<9611->connector, bridge->encoder);
if (!bridge->encoder) {
DRM_ERROR("Parent encoder object not found");
return -ENODEV;
}
+ drm_connector_attach_encoder(<9611->connector, bridge->encoder);
+
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 329/390] drm/amd/display: fix overflow on MIN_I64 definition
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (327 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 328/390] gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 330/390] udmabuf: Set ubuf->sg = NULL if the creation of sg table fails Greg Kroah-Hartman
` (66 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Gow, Tales Aparecida,
Alex Deucher, Sasha Levin
From: David Gow <davidgow@google.com>
[ Upstream commit 6ae0632d17759852c07e2d1e0a31c728eb6ba246 ]
The definition of MIN_I64 in bw_fixed.c can cause gcc to whinge about
integer overflow, because it is treated as a positive value, which is
then negated. The temporary positive value is not necessarily
representable.
This causes the following warning:
../drivers/gpu/drm/amd/amdgpu/../display/dc/dml/calcs/bw_fixed.c:30:19:
warning: integer overflow in expression ‘-9223372036854775808’ of type
‘long long int’ results in ‘-9223372036854775808’ [-Woverflow]
30 | (int64_t)(-(1LL << 63))
| ^
Writing out (-MAX_I64 - 1) works instead.
Signed-off-by: David Gow <davidgow@google.com>
Signed-off-by: Tales Aparecida <tales.aparecida@gmail.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/calcs/bw_fixed.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/calcs/bw_fixed.c b/drivers/gpu/drm/amd/display/dc/calcs/bw_fixed.c
index 6ca288fb5fb9..2d46bc527b21 100644
--- a/drivers/gpu/drm/amd/display/dc/calcs/bw_fixed.c
+++ b/drivers/gpu/drm/amd/display/dc/calcs/bw_fixed.c
@@ -26,12 +26,12 @@
#include "bw_fixed.h"
-#define MIN_I64 \
- (int64_t)(-(1LL << 63))
-
#define MAX_I64 \
(int64_t)((1ULL << 63) - 1)
+#define MIN_I64 \
+ (-MAX_I64 - 1)
+
#define FRACTIONAL_PART_MASK \
((1ULL << BW_FIXED_BITS_PER_FRACTIONAL_PART) - 1)
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 330/390] udmabuf: Set ubuf->sg = NULL if the creation of sg table fails
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (328 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 329/390] drm/amd/display: fix overflow on MIN_I64 definition Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 331/390] drm: bridge: dw_hdmi: only trigger hotplug event on link change Greg Kroah-Hartman
` (65 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+c80e9ef5d8bb45894db0,
Gerd Hoffmann, Vivek Kasireddy, Sasha Levin
From: Vivek Kasireddy <vivek.kasireddy@intel.com>
[ Upstream commit d9c04a1b7a15b5e74b2977461d9511e497f05d8f ]
When userspace tries to map the dmabuf and if for some reason
(e.g. OOM) the creation of the sg table fails, ubuf->sg needs to be
set to NULL. Otherwise, when the userspace subsequently closes the
dmabuf fd, we'd try to erroneously free the invalid sg table from
release_udmabuf resulting in the following crash reported by syzbot:
general protection fault, probably for non-canonical address
0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 0 PID: 3609 Comm: syz-executor487 Not tainted
5.19.0-syzkaller-13930-g7ebfc85e2cd7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 07/22/2022
RIP: 0010:dma_unmap_sgtable include/linux/dma-mapping.h:378 [inline]
RIP: 0010:put_sg_table drivers/dma-buf/udmabuf.c:89 [inline]
RIP: 0010:release_udmabuf+0xcb/0x4f0 drivers/dma-buf/udmabuf.c:114
Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 2b 04 00 00 48 8d 7d 0c 4c
8b 63 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14
02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 e2
RSP: 0018:ffffc900037efd30 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffffffff8cb67800 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff84ad27e0 RDI: 0000000000000000
RBP: fffffffffffffff4 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 000000000008c07c R12: ffff88801fa05000
R13: ffff888073db07e8 R14: ffff888025c25440 R15: 0000000000000000
FS: 0000555555fc4300(0000) GS:ffff8880b9a00000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc1c0ce06e4 CR3: 00000000715e6000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
dma_buf_release+0x157/0x2d0 drivers/dma-buf/dma-buf.c:78
__dentry_kill+0x42b/0x640 fs/dcache.c:612
dentry_kill fs/dcache.c:733 [inline]
dput+0x806/0xdb0 fs/dcache.c:913
__fput+0x39c/0x9d0 fs/file_table.c:333
task_work_run+0xdd/0x1a0 kernel/task_work.c:177
ptrace_notify+0x114/0x140 kernel/signal.c:2353
ptrace_report_syscall include/linux/ptrace.h:420 [inline]
ptrace_report_syscall_exit include/linux/ptrace.h:482 [inline]
syscall_exit_work kernel/entry/common.c:249 [inline]
syscall_exit_to_user_mode_prepare+0x129/0x280 kernel/entry/common.c:276
__syscall_exit_to_user_mode_work kernel/entry/common.c:281 [inline]
syscall_exit_to_user_mode+0x9/0x50 kernel/entry/common.c:294
do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fc1c0c35b6b
Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24
0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00
f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44
RSP: 002b:00007ffd78a06090 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00007fc1c0c35b6b
RDX: 0000000020000280 RSI: 0000000040086200 RDI: 0000000000000006
RBP: 0000000000000007 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000000c
R13: 0000000000000003 R14: 00007fc1c0cfe4a0 R15: 00007ffd78a06140
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:dma_unmap_sgtable include/linux/dma-mapping.h:378 [inline]
RIP: 0010:put_sg_table drivers/dma-buf/udmabuf.c:89 [inline]
RIP: 0010:release_udmabuf+0xcb/0x4f0 drivers/dma-buf/udmabuf.c:114
Reported-by: syzbot+c80e9ef5d8bb45894db0@syzkaller.appspotmail.com
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20220825063522.801264-1-vivek.kasireddy@intel.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma-buf/udmabuf.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/dma-buf/udmabuf.c b/drivers/dma-buf/udmabuf.c
index b624f3d8f0e6..e359c5c6c4df 100644
--- a/drivers/dma-buf/udmabuf.c
+++ b/drivers/dma-buf/udmabuf.c
@@ -118,17 +118,20 @@ static int begin_cpu_udmabuf(struct dma_buf *buf,
{
struct udmabuf *ubuf = buf->priv;
struct device *dev = ubuf->device->this_device;
+ int ret = 0;
if (!ubuf->sg) {
ubuf->sg = get_sg_table(dev, buf, direction);
- if (IS_ERR(ubuf->sg))
- return PTR_ERR(ubuf->sg);
+ if (IS_ERR(ubuf->sg)) {
+ ret = PTR_ERR(ubuf->sg);
+ ubuf->sg = NULL;
+ }
} else {
dma_sync_sg_for_cpu(dev, ubuf->sg->sgl, ubuf->sg->nents,
direction);
}
- return 0;
+ return ret;
}
static int end_cpu_udmabuf(struct dma_buf *buf,
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 331/390] drm: bridge: dw_hdmi: only trigger hotplug event on link change
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (329 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 330/390] udmabuf: Set ubuf->sg = NULL if the creation of sg table fails Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 332/390] drm/vc4: vec: Fix timings for VEC modes Greg Kroah-Hartman
` (64 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lucas Stach, Robert Foss,
Sasha Levin, Neil Armstrong
From: Lucas Stach <l.stach@pengutronix.de>
[ Upstream commit da09daf881082266e4075657fac53c7966de8e4d ]
There are two events that signal a real change of the link state: HPD going
high means the sink is newly connected or wants the source to re-read the
EDID, RX sense going low is a indication that the link has been disconnected.
Ignore the other two events that also trigger interrupts, but don't need
immediate attention: HPD going low does not necessarily mean the link has
been lost and should not trigger a immediate read of the status. RX sense
going high also does not require a detect cycle, as HPD going high is the
right point in time to read the EDID.
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Reviewed-by: Neil Armstrong <narmstrong@baylibre.com> (v1)
Reviewed-by: Robert Foss <robert.foss@linaro.org>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220826185733.3213248-1-l.stach@pengutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/synopsys/dw-hdmi.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/bridge/synopsys/dw-hdmi.c b/drivers/gpu/drm/bridge/synopsys/dw-hdmi.c
index b10228b9e3a9..356c7d0bd035 100644
--- a/drivers/gpu/drm/bridge/synopsys/dw-hdmi.c
+++ b/drivers/gpu/drm/bridge/synopsys/dw-hdmi.c
@@ -2984,6 +2984,7 @@ static irqreturn_t dw_hdmi_irq(int irq, void *dev_id)
{
struct dw_hdmi *hdmi = dev_id;
u8 intr_stat, phy_int_pol, phy_pol_mask, phy_stat;
+ enum drm_connector_status status = connector_status_unknown;
intr_stat = hdmi_readb(hdmi, HDMI_IH_PHY_STAT0);
phy_int_pol = hdmi_readb(hdmi, HDMI_PHY_POL0);
@@ -3022,13 +3023,15 @@ static irqreturn_t dw_hdmi_irq(int irq, void *dev_id)
cec_notifier_phys_addr_invalidate(hdmi->cec_notifier);
mutex_unlock(&hdmi->cec_notifier_mutex);
}
- }
- if (intr_stat & HDMI_IH_PHY_STAT0_HPD) {
- enum drm_connector_status status = phy_int_pol & HDMI_PHY_HPD
- ? connector_status_connected
- : connector_status_disconnected;
+ if (phy_stat & HDMI_PHY_HPD)
+ status = connector_status_connected;
+
+ if (!(phy_stat & (HDMI_PHY_HPD | HDMI_PHY_RX_SENSE)))
+ status = connector_status_disconnected;
+ }
+ if (status != connector_status_unknown) {
dev_dbg(hdmi->dev, "EVENT=%s\n",
status == connector_status_connected ?
"plugin" : "plugout");
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 332/390] drm/vc4: vec: Fix timings for VEC modes
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (330 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 331/390] drm: bridge: dw_hdmi: only trigger hotplug event on link change Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 333/390] drm: panel-orientation-quirks: Add quirk for Anbernic Win600 Greg Kroah-Hartman
` (63 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mateusz Kwiatkowski,
Noralf Trønnes, Maxime Ripard, Sasha Levin
From: Mateusz Kwiatkowski <kfyatek+publicgit@gmail.com>
[ Upstream commit 30d7565be96b3946c18a1ce3fd538f7946839092 ]
This commit fixes vertical timings of the VEC (composite output) modes
to accurately represent the 525-line ("NTSC") and 625-line ("PAL") ITU-R
standards.
Previous timings were actually defined as 502 and 601 lines, resulting
in non-standard 62.69 Hz and 52 Hz signals being generated,
respectively.
Signed-off-by: Mateusz Kwiatkowski <kfyatek+publicgit@gmail.com>
Acked-by: Noralf Trønnes <noralf@tronnes.org>
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Link: https://patchwork.freedesktop.org/patch/msgid/20220728-rpi-analog-tv-properties-v2-28-459522d653a7@cerno.tech
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vc4/vc4_vec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/vc4/vc4_vec.c b/drivers/gpu/drm/vc4/vc4_vec.c
index bd5b8eb58b18..c6bd168a5898 100644
--- a/drivers/gpu/drm/vc4/vc4_vec.c
+++ b/drivers/gpu/drm/vc4/vc4_vec.c
@@ -257,7 +257,7 @@ static void vc4_vec_ntsc_j_mode_set(struct vc4_vec *vec)
static const struct drm_display_mode ntsc_mode = {
DRM_MODE("720x480", DRM_MODE_TYPE_DRIVER, 13500,
720, 720 + 14, 720 + 14 + 64, 720 + 14 + 64 + 60, 0,
- 480, 480 + 3, 480 + 3 + 3, 480 + 3 + 3 + 16, 0,
+ 480, 480 + 7, 480 + 7 + 6, 525, 0,
DRM_MODE_FLAG_INTERLACE)
};
@@ -279,7 +279,7 @@ static void vc4_vec_pal_m_mode_set(struct vc4_vec *vec)
static const struct drm_display_mode pal_mode = {
DRM_MODE("720x576", DRM_MODE_TYPE_DRIVER, 13500,
720, 720 + 20, 720 + 20 + 64, 720 + 20 + 64 + 60, 0,
- 576, 576 + 2, 576 + 2 + 3, 576 + 2 + 3 + 20, 0,
+ 576, 576 + 4, 576 + 4 + 6, 625, 0,
DRM_MODE_FLAG_INTERLACE)
};
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 333/390] drm: panel-orientation-quirks: Add quirk for Anbernic Win600
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (331 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 332/390] drm/vc4: vec: Fix timings for VEC modes Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 334/390] platform/chrome: cros_ec: Notify the PM of wake events during resume Greg Kroah-Hartman
` (62 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maya Matuszczyk, Hans de Goede, Sasha Levin
From: Maya Matuszczyk <maccraft123mc@gmail.com>
[ Upstream commit 770e19076065e079a32f33eb11be2057c87f1cde ]
This device is another x86 gaming handheld, and as (hopefully) there is
only one set of DMI IDs it's using DMI_EXACT_MATCH
Signed-off-by: Maya Matuszczyk <maccraft123mc@gmail.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220803182402.1217293-1-maccraft123mc@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/gpu/drm/drm_panel_orientation_quirks.c b/drivers/gpu/drm/drm_panel_orientation_quirks.c
index f5ab891731d0..083273736c83 100644
--- a/drivers/gpu/drm/drm_panel_orientation_quirks.c
+++ b/drivers/gpu/drm/drm_panel_orientation_quirks.c
@@ -128,6 +128,12 @@ static const struct dmi_system_id orientation_data[] = {
DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "One S1003"),
},
.driver_data = (void *)&lcd800x1280_rightside_up,
+ }, { /* Anbernic Win600 */
+ .matches = {
+ DMI_EXACT_MATCH(DMI_BOARD_VENDOR, "Anbernic"),
+ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "Win600"),
+ },
+ .driver_data = (void *)&lcd720x1280_rightside_up,
}, { /* Asus T100HA */
.matches = {
DMI_EXACT_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 334/390] platform/chrome: cros_ec: Notify the PM of wake events during resume
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (332 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 333/390] drm: panel-orientation-quirks: Add quirk for Anbernic Win600 Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 335/390] platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading Greg Kroah-Hartman
` (61 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jameson Thies, Prashant Malani,
Benson Leung, Tzung-Bi Shih, Sasha Levin
From: Jameson Thies <jthies@google.com>
[ Upstream commit 8edd2752b0aa498b3a61f3caee8f79f7e0567fad ]
cros_ec_handle_event in the cros_ec driver can notify the PM of wake
events. When a device is suspended, cros_ec_handle_event will not check
MKBP events. Instead, received MKBP events are checked during resume by
cros_ec_report_events_during_suspend. But
cros_ec_report_events_during_suspend cannot notify the PM if received
events are wake events, causing wake events to not be reported if
received while the device is suspended.
Update cros_ec_report_events_during_suspend to notify the PM of wake
events during resume by calling pm_wakeup_event.
Signed-off-by: Jameson Thies <jthies@google.com>
Reviewed-by: Prashant Malani <pmalani@chromium.org>
Reviewed-by: Benson Leung <bleung@chromium.org>
Signed-off-by: Tzung-Bi Shih <tzungbi@kernel.org>
Link: https://lore.kernel.org/r/20220913204954.2931042-1-jthies@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/chrome/cros_ec.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/platform/chrome/cros_ec.c b/drivers/platform/chrome/cros_ec.c
index c4de8c4db193..5a622666a075 100644
--- a/drivers/platform/chrome/cros_ec.c
+++ b/drivers/platform/chrome/cros_ec.c
@@ -332,10 +332,16 @@ EXPORT_SYMBOL(cros_ec_suspend);
static void cros_ec_report_events_during_suspend(struct cros_ec_device *ec_dev)
{
+ bool wake_event;
+
while (ec_dev->mkbp_event_supported &&
- cros_ec_get_next_event(ec_dev, NULL, NULL) > 0)
+ cros_ec_get_next_event(ec_dev, &wake_event, NULL) > 0) {
blocking_notifier_call_chain(&ec_dev->event_notifier,
1, ec_dev);
+
+ if (wake_event && device_may_wakeup(ec_dev->dev))
+ pm_wakeup_event(ec_dev->dev, 0);
+ }
}
/**
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 335/390] platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (333 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 334/390] platform/chrome: cros_ec: Notify the PM of wake events during resume Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 336/390] ASoC: SOF: pci: Change DMI match info to support all Chrome platforms Greg Kroah-Hartman
` (60 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hans de Goede, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 2a2565272a3628e45d61625e36ef17af7af4e3de ]
On a MSI S270 with Fedora 37 x86_64 / systemd-251.4 the module does not
properly autoload.
This is likely caused by issues with how systemd-udevd handles the single
quote char (') which is part of the sys_vendor / chassis_vendor strings
on this laptop. As a workaround remove the single quote char + everything
behind it from the sys_vendor + chassis_vendor matches. This fixes
the module not autoloading.
Link: https://github.com/systemd/systemd/issues/24715
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20220917210407.647432-1-hdegoede@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/msi-laptop.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/drivers/platform/x86/msi-laptop.c b/drivers/platform/x86/msi-laptop.c
index 3e935303b143..0e804b6c2d24 100644
--- a/drivers/platform/x86/msi-laptop.c
+++ b/drivers/platform/x86/msi-laptop.c
@@ -596,11 +596,10 @@ static const struct dmi_system_id msi_dmi_table[] __initconst = {
{
.ident = "MSI S270",
.matches = {
- DMI_MATCH(DMI_SYS_VENDOR, "MICRO-STAR INT'L CO.,LTD"),
+ DMI_MATCH(DMI_SYS_VENDOR, "MICRO-STAR INT"),
DMI_MATCH(DMI_PRODUCT_NAME, "MS-1013"),
DMI_MATCH(DMI_PRODUCT_VERSION, "0131"),
- DMI_MATCH(DMI_CHASSIS_VENDOR,
- "MICRO-STAR INT'L CO.,LTD")
+ DMI_MATCH(DMI_CHASSIS_VENDOR, "MICRO-STAR INT")
},
.driver_data = &quirk_old_ec_model,
.callback = dmi_check_cb
@@ -633,8 +632,7 @@ static const struct dmi_system_id msi_dmi_table[] __initconst = {
DMI_MATCH(DMI_SYS_VENDOR, "NOTEBOOK"),
DMI_MATCH(DMI_PRODUCT_NAME, "SAM2000"),
DMI_MATCH(DMI_PRODUCT_VERSION, "0131"),
- DMI_MATCH(DMI_CHASSIS_VENDOR,
- "MICRO-STAR INT'L CO.,LTD")
+ DMI_MATCH(DMI_CHASSIS_VENDOR, "MICRO-STAR INT")
},
.driver_data = &quirk_old_ec_model,
.callback = dmi_check_cb
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 336/390] ASoC: SOF: pci: Change DMI match info to support all Chrome platforms
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (334 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 335/390] platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 337/390] drm/amdgpu: fix initial connector audio value Greg Kroah-Hartman
` (59 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ranjani Sridharan, Chao Song,
Curtis Malainey, Jairaj Arava, Curtis Malainey,
Sathyanarayana Nujella, Pierre-Louis Bossart, Mark Brown,
Sasha Levin
From: Jairaj Arava <jairaj.arava@intel.com>
[ Upstream commit c1c1fc8103f794a10c5c15e3c17879caf4f42c8f ]
In some Chrome platforms if OEM's use their own string as SYS_VENDOR than
"Google", it leads to firmware load failure from intel/sof/community path.
Hence, changing SYS_VENDOR to PRODUCT_FAMILY in which "Google" is used
as common prefix and is supported in all Chrome platforms.
Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Reviewed-by: Chao Song <chao.song@intel.com>
Reviewed-by: Curtis Malainey <curtis@malainey.com>
Signed-off-by: Jairaj Arava <jairaj.arava@intel.com>
Signed-off-by: Curtis Malainey <cujomalainey@chromium.org>
Signed-off-by: Sathyanarayana Nujella <sathyanarayana.nujella@intel.com>
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20220919114429.42700-1-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/sof/sof-pci-dev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/sof/sof-pci-dev.c b/sound/soc/sof/sof-pci-dev.c
index 75657a25dbc0..fe9feaab6a0a 100644
--- a/sound/soc/sof/sof-pci-dev.c
+++ b/sound/soc/sof/sof-pci-dev.c
@@ -75,7 +75,7 @@ static const struct dmi_system_id community_key_platforms[] = {
{
.ident = "Google Chromebooks",
.matches = {
- DMI_MATCH(DMI_SYS_VENDOR, "Google"),
+ DMI_MATCH(DMI_PRODUCT_FAMILY, "Google"),
}
},
{},
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 337/390] drm/amdgpu: fix initial connector audio value
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (335 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 336/390] ASoC: SOF: pci: Change DMI match info to support all Chrome platforms Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 338/390] drm/meson: explicitly remove aggregate driver at module unload time Greg Kroah-Hartman
` (58 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, hongao, Alex Deucher, Sasha Levin
From: hongao <hongao@uniontech.com>
[ Upstream commit 4bb71fce58f30df3f251118291d6b0187ce531e6 ]
This got lost somewhere along the way, This fixes
audio not working until set_property was called.
Signed-off-by: hongao <hongao@uniontech.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
index df1f9b88a53f..98d3661336a4 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
@@ -1671,10 +1671,12 @@ amdgpu_connector_add(struct amdgpu_device *adev,
adev->mode_info.dither_property,
AMDGPU_FMT_DITHER_DISABLE);
- if (amdgpu_audio != 0)
+ if (amdgpu_audio != 0) {
drm_object_attach_property(&amdgpu_connector->base.base,
adev->mode_info.audio_property,
AMDGPU_AUDIO_AUTO);
+ amdgpu_connector->audio = AMDGPU_AUDIO_AUTO;
+ }
subpixel_order = SubPixelHorizontalRGB;
connector->interlace_allowed = true;
@@ -1796,6 +1798,7 @@ amdgpu_connector_add(struct amdgpu_device *adev,
drm_object_attach_property(&amdgpu_connector->base.base,
adev->mode_info.audio_property,
AMDGPU_AUDIO_AUTO);
+ amdgpu_connector->audio = AMDGPU_AUDIO_AUTO;
}
drm_object_attach_property(&amdgpu_connector->base.base,
adev->mode_info.dither_property,
@@ -1849,6 +1852,7 @@ amdgpu_connector_add(struct amdgpu_device *adev,
drm_object_attach_property(&amdgpu_connector->base.base,
adev->mode_info.audio_property,
AMDGPU_AUDIO_AUTO);
+ amdgpu_connector->audio = AMDGPU_AUDIO_AUTO;
}
drm_object_attach_property(&amdgpu_connector->base.base,
adev->mode_info.dither_property,
@@ -1899,6 +1903,7 @@ amdgpu_connector_add(struct amdgpu_device *adev,
drm_object_attach_property(&amdgpu_connector->base.base,
adev->mode_info.audio_property,
AMDGPU_AUDIO_AUTO);
+ amdgpu_connector->audio = AMDGPU_AUDIO_AUTO;
}
drm_object_attach_property(&amdgpu_connector->base.base,
adev->mode_info.dither_property,
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 338/390] drm/meson: explicitly remove aggregate driver at module unload time
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (336 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 337/390] drm/amdgpu: fix initial connector audio value Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 339/390] mmc: sdhci-msm: add compatible string check for sdm670 Greg Kroah-Hartman
` (57 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adrián Larumbe, Neil Armstrong,
Sasha Levin
From: Adrián Larumbe <adrian.larumbe@collabora.com>
[ Upstream commit 8616f2a0589a80e08434212324250eb22f6a66ce ]
Because component_master_del wasn't being called when unloading the
meson_drm module, the aggregate device would linger forever in the global
aggregate_devices list. That means when unloading and reloading the
meson_dw_hdmi module, component_add would call into
try_to_bring_up_aggregate_device and find the unbound meson_drm aggregate
device.
This would in turn dereference some of the aggregate_device's struct
entries which point to memory automatically freed by the devres API when
unbinding the aggregate device from meson_drv_unbind, and trigger an
use-after-free bug:
[ +0.000014] =============================================================
[ +0.000007] BUG: KASAN: use-after-free in find_components+0x468/0x500
[ +0.000017] Read of size 8 at addr ffff000006731688 by task modprobe/2536
[ +0.000018] CPU: 4 PID: 2536 Comm: modprobe Tainted: G C O 5.19.0-rc6-lrmbkasan+ #1
[ +0.000010] Hardware name: Hardkernel ODROID-N2Plus (DT)
[ +0.000008] Call trace:
[ +0.000005] dump_backtrace+0x1ec/0x280
[ +0.000011] show_stack+0x24/0x80
[ +0.000007] dump_stack_lvl+0x98/0xd4
[ +0.000010] print_address_description.constprop.0+0x80/0x520
[ +0.000011] print_report+0x128/0x260
[ +0.000007] kasan_report+0xb8/0xfc
[ +0.000007] __asan_report_load8_noabort+0x3c/0x50
[ +0.000009] find_components+0x468/0x500
[ +0.000008] try_to_bring_up_aggregate_device+0x64/0x390
[ +0.000009] __component_add+0x1dc/0x49c
[ +0.000009] component_add+0x20/0x30
[ +0.000008] meson_dw_hdmi_probe+0x28/0x34 [meson_dw_hdmi]
[ +0.000013] platform_probe+0xd0/0x220
[ +0.000008] really_probe+0x3ac/0xa80
[ +0.000008] __driver_probe_device+0x1f8/0x400
[ +0.000008] driver_probe_device+0x68/0x1b0
[ +0.000008] __driver_attach+0x20c/0x480
[ +0.000009] bus_for_each_dev+0x114/0x1b0
[ +0.000007] driver_attach+0x48/0x64
[ +0.000009] bus_add_driver+0x390/0x564
[ +0.000007] driver_register+0x1a8/0x3e4
[ +0.000009] __platform_driver_register+0x6c/0x94
[ +0.000007] meson_dw_hdmi_platform_driver_init+0x30/0x1000 [meson_dw_hdmi]
[ +0.000014] do_one_initcall+0xc4/0x2b0
[ +0.000008] do_init_module+0x154/0x570
[ +0.000010] load_module+0x1a78/0x1ea4
[ +0.000008] __do_sys_init_module+0x184/0x1cc
[ +0.000008] __arm64_sys_init_module+0x78/0xb0
[ +0.000008] invoke_syscall+0x74/0x260
[ +0.000008] el0_svc_common.constprop.0+0xcc/0x260
[ +0.000009] do_el0_svc+0x50/0x70
[ +0.000008] el0_svc+0x68/0x1a0
[ +0.000009] el0t_64_sync_handler+0x11c/0x150
[ +0.000009] el0t_64_sync+0x18c/0x190
[ +0.000014] Allocated by task 902:
[ +0.000007] kasan_save_stack+0x2c/0x5c
[ +0.000009] __kasan_kmalloc+0x90/0xd0
[ +0.000007] __kmalloc_node+0x240/0x580
[ +0.000010] memcg_alloc_slab_cgroups+0xa4/0x1ac
[ +0.000010] memcg_slab_post_alloc_hook+0xbc/0x4c0
[ +0.000008] kmem_cache_alloc_node+0x1d0/0x490
[ +0.000009] __alloc_skb+0x1d4/0x310
[ +0.000010] alloc_skb_with_frags+0x8c/0x620
[ +0.000008] sock_alloc_send_pskb+0x5ac/0x6d0
[ +0.000010] unix_dgram_sendmsg+0x2e0/0x12f0
[ +0.000010] sock_sendmsg+0xcc/0x110
[ +0.000007] sock_write_iter+0x1d0/0x304
[ +0.000008] new_sync_write+0x364/0x460
[ +0.000007] vfs_write+0x420/0x5ac
[ +0.000008] ksys_write+0x19c/0x1f0
[ +0.000008] __arm64_sys_write+0x78/0xb0
[ +0.000007] invoke_syscall+0x74/0x260
[ +0.000008] el0_svc_common.constprop.0+0x1a8/0x260
[ +0.000009] do_el0_svc+0x50/0x70
[ +0.000007] el0_svc+0x68/0x1a0
[ +0.000008] el0t_64_sync_handler+0x11c/0x150
[ +0.000008] el0t_64_sync+0x18c/0x190
[ +0.000013] Freed by task 2509:
[ +0.000008] kasan_save_stack+0x2c/0x5c
[ +0.000007] kasan_set_track+0x2c/0x40
[ +0.000008] kasan_set_free_info+0x28/0x50
[ +0.000008] ____kasan_slab_free+0x128/0x1d4
[ +0.000008] __kasan_slab_free+0x18/0x24
[ +0.000007] slab_free_freelist_hook+0x108/0x230
[ +0.000010] kfree+0x110/0x35c
[ +0.000008] release_nodes+0xf0/0x16c
[ +0.000008] devres_release_all+0xfc/0x180
[ +0.000008] device_unbind_cleanup+0x24/0x164
[ +0.000008] device_release_driver_internal+0x3e8/0x5b0
[ +0.000010] driver_detach+0xac/0x1b0
[ +0.000008] bus_remove_driver+0x158/0x29c
[ +0.000008] driver_unregister+0x70/0xb0
[ +0.000009] platform_driver_unregister+0x20/0x2c
[ +0.000007] 0xffff800003722d98
[ +0.000012] __do_sys_delete_module+0x288/0x400
[ +0.000009] __arm64_sys_delete_module+0x5c/0x80
[ +0.000008] invoke_syscall+0x74/0x260
[ +0.000008] el0_svc_common.constprop.0+0xcc/0x260
[ +0.000008] do_el0_svc+0x50/0x70
[ +0.000007] el0_svc+0x68/0x1a0
[ +0.000008] el0t_64_sync_handler+0x11c/0x150
[ +0.000009] el0t_64_sync+0x18c/0x190
[ +0.000013] Last potentially related work creation:
[ +0.000007] kasan_save_stack+0x2c/0x5c
[ +0.000007] __kasan_record_aux_stack+0xb8/0xf0
[ +0.000009] kasan_record_aux_stack_noalloc+0x14/0x20
[ +0.000008] insert_work+0x54/0x290
[ +0.000009] __queue_work+0x48c/0xd24
[ +0.000008] queue_work_on+0x90/0x11c
[ +0.000008] call_usermodehelper_exec+0x188/0x404
[ +0.000010] kobject_uevent_env+0x5a8/0x794
[ +0.000010] kobject_uevent+0x14/0x20
[ +0.000008] driver_register+0x230/0x3e4
[ +0.000009] __platform_driver_register+0x6c/0x94
[ +0.000007] gxbb_driver_init+0x28/0x34
[ +0.000010] do_one_initcall+0xc4/0x2b0
[ +0.000008] do_initcalls+0x20c/0x24c
[ +0.000010] kernel_init_freeable+0x22c/0x278
[ +0.000009] kernel_init+0x3c/0x170
[ +0.000008] ret_from_fork+0x10/0x20
[ +0.000013] The buggy address belongs to the object at ffff000006731600
which belongs to the cache kmalloc-256 of size 256
[ +0.000009] The buggy address is located 136 bytes inside of
256-byte region [ffff000006731600, ffff000006731700)
[ +0.000015] The buggy address belongs to the physical page:
[ +0.000008] page:fffffc000019cc00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff000006730a00 pfn:0x6730
[ +0.000011] head:fffffc000019cc00 order:2 compound_mapcount:0 compound_pincount:0
[ +0.000008] flags: 0xffff00000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
[ +0.000016] raw: 0ffff00000010200 fffffc00000c3d08 fffffc0000ef2b08 ffff000000002680
[ +0.000009] raw: ffff000006730a00 0000000000150014 00000001ffffffff 0000000000000000
[ +0.000006] page dumped because: kasan: bad access detected
[ +0.000011] Memory state around the buggy address:
[ +0.000007] ffff000006731580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ +0.000007] ffff000006731600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ +0.000007] >ffff000006731680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ +0.000007] ^
[ +0.000006] ffff000006731700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ +0.000007] ffff000006731780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ +0.000006] ==================================================================
Fix by adding 'remove' driver callback for meson-drm, and explicitly deleting the
aggregate device.
Signed-off-by: Adrián Larumbe <adrian.larumbe@collabora.com>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220919010940.419893-3-adrian.larumbe@collabora.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/meson/meson_drv.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/gpu/drm/meson/meson_drv.c b/drivers/gpu/drm/meson/meson_drv.c
index 2d022f3fb437..b0bfe85f5f6a 100644
--- a/drivers/gpu/drm/meson/meson_drv.c
+++ b/drivers/gpu/drm/meson/meson_drv.c
@@ -528,6 +528,13 @@ static int meson_drv_probe(struct platform_device *pdev)
return 0;
};
+static int meson_drv_remove(struct platform_device *pdev)
+{
+ component_master_del(&pdev->dev, &meson_drv_master_ops);
+
+ return 0;
+}
+
static struct meson_drm_match_data meson_drm_gxbb_data = {
.compat = VPU_COMPATIBLE_GXBB,
};
@@ -565,6 +572,7 @@ static const struct dev_pm_ops meson_drv_pm_ops = {
static struct platform_driver meson_drm_platform_driver = {
.probe = meson_drv_probe,
+ .remove = meson_drv_remove,
.shutdown = meson_drv_shutdown,
.driver = {
.name = "meson-drm",
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 339/390] mmc: sdhci-msm: add compatible string check for sdm670
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (337 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 338/390] drm/meson: explicitly remove aggregate driver at module unload time Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 340/390] drm/dp: Dont rewrite link config when setting phy test pattern Greg Kroah-Hartman
` (56 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Richard Acayan, Bhupesh Sharma,
Krzysztof Kozlowski, Ulf Hansson, Sasha Levin
From: Richard Acayan <mailingradian@gmail.com>
[ Upstream commit 4de95950d970c71a9e82a24573bb7a44fd95baa1 ]
The Snapdragon 670 has the same quirk as Snapdragon 845 (needing to
restore the dll config). Add a compatible string check to detect the need
for this.
Signed-off-by: Richard Acayan <mailingradian@gmail.com>
Reviewed-by: Bhupesh Sharma <bhupesh.sharma@linaro.org>
Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220923014322.33620-3-mailingradian@gmail.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/sdhci-msm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c
index 192cb8b20b47..ad2e73f9a58f 100644
--- a/drivers/mmc/host/sdhci-msm.c
+++ b/drivers/mmc/host/sdhci-msm.c
@@ -2182,6 +2182,7 @@ static const struct sdhci_msm_variant_info sm8250_sdhci_var = {
static const struct of_device_id sdhci_msm_dt_match[] = {
{.compatible = "qcom,sdhci-msm-v4", .data = &sdhci_msm_mci_var},
{.compatible = "qcom,sdhci-msm-v5", .data = &sdhci_msm_v5_var},
+ {.compatible = "qcom,sdm670-sdhci", .data = &sdm845_sdhci_var},
{.compatible = "qcom,sdm845-sdhci", .data = &sdm845_sdhci_var},
{.compatible = "qcom,sm8250-sdhci", .data = &sm8250_sdhci_var},
{.compatible = "qcom,sc7180-sdhci", .data = &sdm845_sdhci_var},
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 340/390] drm/dp: Dont rewrite link config when setting phy test pattern
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (338 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 339/390] mmc: sdhci-msm: add compatible string check for sdm670 Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 341/390] drm/amd/display: Remove interface for periodic interrupt 1 Greg Kroah-Hartman
` (55 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Imre Deak, Jani Nikula, Or Cochvi,
Khaled Almahallawy, Sasha Levin
From: Khaled Almahallawy <khaled.almahallawy@intel.com>
[ Upstream commit 7b4d8db657192066bc6f1f6635d348413dac1e18 ]
The sequence for Source DP PHY CTS automation is [2][1]:
1- Emulate successful Link Training(LT)
2- Short HPD and change link rates and number of lanes by LT.
(This is same flow for Link Layer CTS)
3- Short HPD and change PHY test pattern and swing/pre-emphasis
levels (This step should not trigger LT)
The problem is with DP PHY compliance setup as follow:
[DPTX + on board LTTPR]------Main Link--->[Scope]
^ |
| |
| |
----------Aux Ch------>[Aux Emulator]
At step 3, before writing TRAINING_LANEx_SET/LINK_QUAL_PATTERN_SET
to declare the pattern/swing requested by scope, we write link
config in LINK_BW_SET/LANE_COUNT_SET on a port that has LTTPR.
As LTTPR snoops aux transaction, LINK_BW_SET/LANE_COUNT_SET writes
indicate a LT will start [Check DP 2.0 E11 -Sec 3.6.8.2 & 3.6.8.6.3],
and LTTPR will reset the link and stop sending DP signals to
DPTX/Scope causing the measurements to fail. Note that step 3 will
not trigger LT and DP link will never recovered by the
Aux Emulator/Scope.
The reset of link can be tested with a monitor connected to LTTPR
port simply by writing to LINK_BW_SET or LANE_COUNT_SET as follow
igt/tools/dpcd_reg write --offset=0x100 --value 0x14 --device=2
OR
printf '\x14' | sudo dd of=/dev/drm_dp_aux2 bs=1 count=1 conv=notrunc
seek=$((0x100))
This single aux write causes the screen to blank, sending short HPD to
DPTX, setting LINK_STATUS_UPDATE = 1 in DPCD 0x204, and triggering LT.
As stated in [1]:
"Before any TX electrical testing can be performed, the link between a
DPTX and DPRX (in this case, a piece of test equipment), including all
LTTPRs within the path, shall be trained as defined in this Standard."
In addition, changing Phy pattern/Swing/Pre-emphasis (Step 3) uses the
same link rate and lane count applied on step 2, so no need to redo LT.
The fix is to not rewrite link config in step 3, and just writes
TRAINING_LANEx_SET and LINK_QUAL_PATTERN_SET
[1]: DP 2.0 E11 - 3.6.11.1 LTTPR DPTX_PHY Electrical Compliance
[2]: Configuring UnigrafDPTC Controller - Automation Test Sequence
https://www.keysight.com/us/en/assets/9922-01244/help-files/
D9040DPPC-DisplayPort-Test-Software-Online-Help-latest.chm
Cc: Imre Deak <imre.deak@intel.com>
Cc: Jani Nikula <jani.nikula@intel.com>
Cc: Or Cochvi <or.cochvi@intel.com>
Signed-off-by: Khaled Almahallawy <khaled.almahallawy@intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220916054900.415804-1-khaled.almahallawy@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_dp_helper.c | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/drivers/gpu/drm/drm_dp_helper.c b/drivers/gpu/drm/drm_dp_helper.c
index 3c55753bab16..6ba16db77500 100644
--- a/drivers/gpu/drm/drm_dp_helper.c
+++ b/drivers/gpu/drm/drm_dp_helper.c
@@ -2172,17 +2172,8 @@ int drm_dp_set_phy_test_pattern(struct drm_dp_aux *aux,
struct drm_dp_phy_test_params *data, u8 dp_rev)
{
int err, i;
- u8 link_config[2];
u8 test_pattern;
- link_config[0] = drm_dp_link_rate_to_bw_code(data->link_rate);
- link_config[1] = data->num_lanes;
- if (data->enhanced_frame_cap)
- link_config[1] |= DP_LANE_COUNT_ENHANCED_FRAME_EN;
- err = drm_dp_dpcd_write(aux, DP_LINK_BW_SET, link_config, 2);
- if (err < 0)
- return err;
-
test_pattern = data->phy_pattern;
if (dp_rev < 0x12) {
test_pattern = (test_pattern << 2) &
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 341/390] drm/amd/display: Remove interface for periodic interrupt 1
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (339 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 340/390] drm/dp: Dont rewrite link config when setting phy test pattern Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 342/390] ARM: dts: imx7d-sdb: config the max pressure for tsc2046 Greg Kroah-Hartman
` (54 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jaehyun Chung, Jasdeep Dhillon,
Aric Cyr, Daniel Wheeler, Alex Deucher, Sasha Levin
From: Aric Cyr <aric.cyr@amd.com>
[ Upstream commit 97d8d6f075bd8f988589be02b91f6fa644d0b0b8 ]
[why]
Only a single VLINE interrupt is available so interface should not
expose the second one which is used by DMU firmware.
[how]
Remove references to periodic_interrupt1 and VLINE1 from DC interfaces.
Reviewed-by: Jaehyun Chung <jaehyun.chung@amd.com>
Acked-by: Jasdeep Dhillon <jdhillon@amd.com>
Signed-off-by: Aric Cyr <aric.cyr@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/core/dc.c | 16 +++------
drivers/gpu/drm/amd/display/dc/dc_stream.h | 6 ++--
.../amd/display/dc/dcn10/dcn10_hw_sequencer.c | 35 ++++++-------------
.../amd/display/dc/dcn10/dcn10_hw_sequencer.h | 3 +-
.../gpu/drm/amd/display/dc/inc/hw_sequencer.h | 8 +----
5 files changed, 18 insertions(+), 50 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c
index 93f5229c303e..99887bcfada0 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc.c
@@ -2202,11 +2202,8 @@ static void copy_stream_update_to_stream(struct dc *dc,
if (update->abm_level)
stream->abm_level = *update->abm_level;
- if (update->periodic_interrupt0)
- stream->periodic_interrupt0 = *update->periodic_interrupt0;
-
- if (update->periodic_interrupt1)
- stream->periodic_interrupt1 = *update->periodic_interrupt1;
+ if (update->periodic_interrupt)
+ stream->periodic_interrupt = *update->periodic_interrupt;
if (update->gamut_remap)
stream->gamut_remap_matrix = *update->gamut_remap;
@@ -2288,13 +2285,8 @@ static void commit_planes_do_stream_update(struct dc *dc,
if (!pipe_ctx->top_pipe && !pipe_ctx->prev_odm_pipe && pipe_ctx->stream == stream) {
- if (stream_update->periodic_interrupt0 &&
- dc->hwss.setup_periodic_interrupt)
- dc->hwss.setup_periodic_interrupt(dc, pipe_ctx, VLINE0);
-
- if (stream_update->periodic_interrupt1 &&
- dc->hwss.setup_periodic_interrupt)
- dc->hwss.setup_periodic_interrupt(dc, pipe_ctx, VLINE1);
+ if (stream_update->periodic_interrupt && dc->hwss.setup_periodic_interrupt)
+ dc->hwss.setup_periodic_interrupt(dc, pipe_ctx);
if ((stream_update->hdr_static_metadata && !stream->use_dynamic_meta) ||
stream_update->vrr_infopacket ||
diff --git a/drivers/gpu/drm/amd/display/dc/dc_stream.h b/drivers/gpu/drm/amd/display/dc/dc_stream.h
index 205bedd1b196..0487c1b8957c 100644
--- a/drivers/gpu/drm/amd/display/dc/dc_stream.h
+++ b/drivers/gpu/drm/amd/display/dc/dc_stream.h
@@ -179,8 +179,7 @@ struct dc_stream_state {
/* DMCU info */
unsigned int abm_level;
- struct periodic_interrupt_config periodic_interrupt0;
- struct periodic_interrupt_config periodic_interrupt1;
+ struct periodic_interrupt_config periodic_interrupt;
/* from core_stream struct */
struct dc_context *ctx;
@@ -244,8 +243,7 @@ struct dc_stream_update {
struct dc_info_packet *hdr_static_metadata;
unsigned int *abm_level;
- struct periodic_interrupt_config *periodic_interrupt0;
- struct periodic_interrupt_config *periodic_interrupt1;
+ struct periodic_interrupt_config *periodic_interrupt;
struct dc_info_packet *vrr_infopacket;
struct dc_info_packet *vsc_infopacket;
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
index 31a13daf4289..71a85c5306ed 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
@@ -3611,7 +3611,7 @@ void dcn10_calc_vupdate_position(
{
const struct dc_crtc_timing *dc_crtc_timing = &pipe_ctx->stream->timing;
int vline_int_offset_from_vupdate =
- pipe_ctx->stream->periodic_interrupt0.lines_offset;
+ pipe_ctx->stream->periodic_interrupt.lines_offset;
int vupdate_offset_from_vsync = dc->hwss.get_vupdate_offset_from_vsync(pipe_ctx);
int start_position;
@@ -3636,18 +3636,10 @@ void dcn10_calc_vupdate_position(
static void dcn10_cal_vline_position(
struct dc *dc,
struct pipe_ctx *pipe_ctx,
- enum vline_select vline,
uint32_t *start_line,
uint32_t *end_line)
{
- enum vertical_interrupt_ref_point ref_point = INVALID_POINT;
-
- if (vline == VLINE0)
- ref_point = pipe_ctx->stream->periodic_interrupt0.ref_point;
- else if (vline == VLINE1)
- ref_point = pipe_ctx->stream->periodic_interrupt1.ref_point;
-
- switch (ref_point) {
+ switch (pipe_ctx->stream->periodic_interrupt.ref_point) {
case START_V_UPDATE:
dcn10_calc_vupdate_position(
dc,
@@ -3656,7 +3648,9 @@ static void dcn10_cal_vline_position(
end_line);
break;
case START_V_SYNC:
- // Suppose to do nothing because vsync is 0;
+ // vsync is line 0 so start_line is just the requested line offset
+ *start_line = pipe_ctx->stream->periodic_interrupt.lines_offset;
+ *end_line = *start_line + 2;
break;
default:
ASSERT(0);
@@ -3666,24 +3660,15 @@ static void dcn10_cal_vline_position(
void dcn10_setup_periodic_interrupt(
struct dc *dc,
- struct pipe_ctx *pipe_ctx,
- enum vline_select vline)
+ struct pipe_ctx *pipe_ctx)
{
struct timing_generator *tg = pipe_ctx->stream_res.tg;
+ uint32_t start_line = 0;
+ uint32_t end_line = 0;
- if (vline == VLINE0) {
- uint32_t start_line = 0;
- uint32_t end_line = 0;
+ dcn10_cal_vline_position(dc, pipe_ctx, &start_line, &end_line);
- dcn10_cal_vline_position(dc, pipe_ctx, vline, &start_line, &end_line);
-
- tg->funcs->setup_vertical_interrupt0(tg, start_line, end_line);
-
- } else if (vline == VLINE1) {
- pipe_ctx->stream_res.tg->funcs->setup_vertical_interrupt1(
- tg,
- pipe_ctx->stream->periodic_interrupt1.lines_offset);
- }
+ tg->funcs->setup_vertical_interrupt0(tg, start_line, end_line);
}
void dcn10_setup_vupdate_interrupt(struct dc *dc, struct pipe_ctx *pipe_ctx)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h
index e5691e499023..81b5057d5ff1 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h
@@ -174,8 +174,7 @@ void dcn10_set_cursor_attribute(struct pipe_ctx *pipe_ctx);
void dcn10_set_cursor_sdr_white_level(struct pipe_ctx *pipe_ctx);
void dcn10_setup_periodic_interrupt(
struct dc *dc,
- struct pipe_ctx *pipe_ctx,
- enum vline_select vline);
+ struct pipe_ctx *pipe_ctx);
enum dc_status dcn10_set_clock(struct dc *dc,
enum dc_clock_type clock_type,
uint32_t clk_khz,
diff --git a/drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h b/drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h
index 64c1be818b0e..3165a66c5362 100644
--- a/drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h
+++ b/drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h
@@ -32,11 +32,6 @@
#include "inc/hw/link_encoder.h"
#include "core_status.h"
-enum vline_select {
- VLINE0,
- VLINE1
-};
-
struct pipe_ctx;
struct dc_state;
struct dc_stream_status;
@@ -112,8 +107,7 @@ struct hw_sequencer_funcs {
int group_index, int group_size,
struct pipe_ctx *grouped_pipes[]);
void (*setup_periodic_interrupt)(struct dc *dc,
- struct pipe_ctx *pipe_ctx,
- enum vline_select vline);
+ struct pipe_ctx *pipe_ctx);
void (*set_drr)(struct pipe_ctx **pipe_ctx, int num_pipes,
unsigned int vmin, unsigned int vmax,
unsigned int vmid, unsigned int vmid_frame_number);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 342/390] ARM: dts: imx7d-sdb: config the max pressure for tsc2046
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (340 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 341/390] drm/amd/display: Remove interface for periodic interrupt 1 Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 343/390] ARM: dts: imx6q: add missing properties for sram Greg Kroah-Hartman
` (53 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Haibo Chen, Shawn Guo, Sasha Levin
From: Haibo Chen <haibo.chen@nxp.com>
[ Upstream commit e7c4ebe2f9cd68588eb24ba4ed122e696e2d5272 ]
Use the general touchscreen method to config the max pressure for
touch tsc2046(data sheet suggest 8 bit pressure), otherwise, for
ABS_PRESSURE, when config the same max and min value, weston will
meet the following issue,
[17:19:39.183] event1 - ADS7846 Touchscreen: is tagged by udev as: Touchscreen
[17:19:39.183] event1 - ADS7846 Touchscreen: kernel bug: device has min == max on ABS_PRESSURE
[17:19:39.183] event1 - ADS7846 Touchscreen: was rejected
[17:19:39.183] event1 - not using input device '/dev/input/event1'
This will then cause the APP weston-touch-calibrator can't list touch devices.
root@imx6ul7d:~# weston-touch-calibrator
could not load cursor 'dnd-move'
could not load cursor 'dnd-copy'
could not load cursor 'dnd-none'
No devices listed.
And accroding to binding Doc, "ti,x-max", "ti,y-max", "ti,pressure-max"
belong to the deprecated properties, so remove them. Also for "ti,x-min",
"ti,y-min", "ti,x-plate-ohms", the value set in dts equal to the default
value in driver, so are redundant, also remove here.
Signed-off-by: Haibo Chen <haibo.chen@nxp.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx7d-sdb.dts | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/arch/arm/boot/dts/imx7d-sdb.dts b/arch/arm/boot/dts/imx7d-sdb.dts
index 6823b9f1a2a3..6d562ebe9029 100644
--- a/arch/arm/boot/dts/imx7d-sdb.dts
+++ b/arch/arm/boot/dts/imx7d-sdb.dts
@@ -199,12 +199,7 @@
interrupt-parent = <&gpio2>;
interrupts = <29 0>;
pendown-gpio = <&gpio2 29 GPIO_ACTIVE_HIGH>;
- ti,x-min = /bits/ 16 <0>;
- ti,x-max = /bits/ 16 <0>;
- ti,y-min = /bits/ 16 <0>;
- ti,y-max = /bits/ 16 <0>;
- ti,pressure-max = /bits/ 16 <0>;
- ti,x-plate-ohms = /bits/ 16 <400>;
+ touchscreen-max-pressure = <255>;
wakeup-source;
};
};
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 343/390] ARM: dts: imx6q: add missing properties for sram
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (341 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 342/390] ARM: dts: imx7d-sdb: config the max pressure for tsc2046 Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 344/390] ARM: dts: imx6dl: " Greg Kroah-Hartman
` (52 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Stein, Shawn Guo, Sasha Levin
From: Alexander Stein <alexander.stein@ew.tq-group.com>
[ Upstream commit b11d083c5dcec7c42fe982c854706d404ddd3a5f ]
All 3 properties are required by sram.yaml. Fixes the dtbs_check warning:
sram@900000: '#address-cells' is a required property
sram@900000: '#size-cells' is a required property
sram@900000: 'ranges' is a required property
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6q.dtsi | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm/boot/dts/imx6q.dtsi b/arch/arm/boot/dts/imx6q.dtsi
index 5277e3903291..afec1677e6ba 100644
--- a/arch/arm/boot/dts/imx6q.dtsi
+++ b/arch/arm/boot/dts/imx6q.dtsi
@@ -163,6 +163,9 @@
ocram: sram@900000 {
compatible = "mmio-sram";
reg = <0x00900000 0x40000>;
+ ranges = <0 0x00900000 0x40000>;
+ #address-cells = <1>;
+ #size-cells = <1>;
clocks = <&clks IMX6QDL_CLK_OCRAM>;
};
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 344/390] ARM: dts: imx6dl: add missing properties for sram
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (342 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 343/390] ARM: dts: imx6q: add missing properties for sram Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 345/390] ARM: dts: imx6qp: " Greg Kroah-Hartman
` (51 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Stein, Shawn Guo, Sasha Levin
From: Alexander Stein <alexander.stein@ew.tq-group.com>
[ Upstream commit f5848b95633d598bacf0500e0108dc5961af88c0 ]
All 3 properties are required by sram.yaml. Fixes the dtbs_check warning:
sram@900000: '#address-cells' is a required property
sram@900000: '#size-cells' is a required property
sram@900000: 'ranges' is a required property
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6dl.dtsi | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm/boot/dts/imx6dl.dtsi b/arch/arm/boot/dts/imx6dl.dtsi
index fdd81fdc3f35..cd3183c36488 100644
--- a/arch/arm/boot/dts/imx6dl.dtsi
+++ b/arch/arm/boot/dts/imx6dl.dtsi
@@ -84,6 +84,9 @@
ocram: sram@900000 {
compatible = "mmio-sram";
reg = <0x00900000 0x20000>;
+ ranges = <0 0x00900000 0x20000>;
+ #address-cells = <1>;
+ #size-cells = <1>;
clocks = <&clks IMX6QDL_CLK_OCRAM>;
};
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 345/390] ARM: dts: imx6qp: add missing properties for sram
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (343 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 344/390] ARM: dts: imx6dl: " Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 346/390] ARM: dts: imx6sl: " Greg Kroah-Hartman
` (50 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Stein, Shawn Guo, Sasha Levin
From: Alexander Stein <alexander.stein@ew.tq-group.com>
[ Upstream commit 088fe5237435ee2f7ed4450519b2ef58b94c832f ]
All 3 properties are required by sram.yaml. Fixes the dtbs_check warning:
sram@940000: '#address-cells' is a required property
sram@940000: '#size-cells' is a required property
sram@940000: 'ranges' is a required property
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6qp.dtsi | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/arch/arm/boot/dts/imx6qp.dtsi b/arch/arm/boot/dts/imx6qp.dtsi
index b310f13a53f2..4d23c92aa8a6 100644
--- a/arch/arm/boot/dts/imx6qp.dtsi
+++ b/arch/arm/boot/dts/imx6qp.dtsi
@@ -9,12 +9,18 @@
ocram2: sram@940000 {
compatible = "mmio-sram";
reg = <0x00940000 0x20000>;
+ ranges = <0 0x00940000 0x20000>;
+ #address-cells = <1>;
+ #size-cells = <1>;
clocks = <&clks IMX6QDL_CLK_OCRAM>;
};
ocram3: sram@960000 {
compatible = "mmio-sram";
reg = <0x00960000 0x20000>;
+ ranges = <0 0x00960000 0x20000>;
+ #address-cells = <1>;
+ #size-cells = <1>;
clocks = <&clks IMX6QDL_CLK_OCRAM>;
};
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 346/390] ARM: dts: imx6sl: add missing properties for sram
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (344 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 345/390] ARM: dts: imx6qp: " Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 347/390] ARM: dts: imx6sll: " Greg Kroah-Hartman
` (49 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Stein, Shawn Guo, Sasha Levin
From: Alexander Stein <alexander.stein@ew.tq-group.com>
[ Upstream commit 60c9213a1d9941a8b33db570796c3f9be8984974 ]
All 3 properties are required by sram.yaml. Fixes the dtbs_check warning:
sram@900000: '#address-cells' is a required property
sram@900000: '#size-cells' is a required property
sram@900000: 'ranges' is a required property
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6sl.dtsi | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm/boot/dts/imx6sl.dtsi b/arch/arm/boot/dts/imx6sl.dtsi
index 91a8c54d5e11..c184a6d5bc42 100644
--- a/arch/arm/boot/dts/imx6sl.dtsi
+++ b/arch/arm/boot/dts/imx6sl.dtsi
@@ -114,6 +114,9 @@
ocram: sram@900000 {
compatible = "mmio-sram";
reg = <0x00900000 0x20000>;
+ ranges = <0 0x00900000 0x20000>;
+ #address-cells = <1>;
+ #size-cells = <1>;
clocks = <&clks IMX6SL_CLK_OCRAM>;
};
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 347/390] ARM: dts: imx6sll: add missing properties for sram
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (345 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 346/390] ARM: dts: imx6sl: " Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 348/390] ARM: dts: imx6sx: " Greg Kroah-Hartman
` (48 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Stein, Shawn Guo, Sasha Levin
From: Alexander Stein <alexander.stein@ew.tq-group.com>
[ Upstream commit 7492a83ed9b7a151e2dd11d64b06da7a7f0fa7f9 ]
All 3 properties are required by sram.yaml. Fixes the dtbs_check warning:
sram@900000: '#address-cells' is a required property
sram@900000: '#size-cells' is a required property
sram@900000: 'ranges' is a required property
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6sll.dtsi | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm/boot/dts/imx6sll.dtsi b/arch/arm/boot/dts/imx6sll.dtsi
index 0b622201a1f3..bf5b262b91f9 100644
--- a/arch/arm/boot/dts/imx6sll.dtsi
+++ b/arch/arm/boot/dts/imx6sll.dtsi
@@ -115,6 +115,9 @@
ocram: sram@900000 {
compatible = "mmio-sram";
reg = <0x00900000 0x20000>;
+ ranges = <0 0x00900000 0x20000>;
+ #address-cells = <1>;
+ #size-cells = <1>;
};
intc: interrupt-controller@a01000 {
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 348/390] ARM: dts: imx6sx: add missing properties for sram
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (346 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 347/390] ARM: dts: imx6sll: " Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 349/390] kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT Greg Kroah-Hartman
` (47 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Stein, Shawn Guo, Sasha Levin
From: Alexander Stein <alexander.stein@ew.tq-group.com>
[ Upstream commit 415432c008b2bce8138841356ba444631cabaa50 ]
All 3 properties are required by sram.yaml. Fixes the dtbs_check warning:
sram@900000: '#address-cells' is a required property
sram@900000: '#size-cells' is a required property
sram@900000: 'ranges' is a required property
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6sx.dtsi | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/arch/arm/boot/dts/imx6sx.dtsi b/arch/arm/boot/dts/imx6sx.dtsi
index dfdca1804f9f..c399919943c3 100644
--- a/arch/arm/boot/dts/imx6sx.dtsi
+++ b/arch/arm/boot/dts/imx6sx.dtsi
@@ -161,12 +161,18 @@
ocram_s: sram@8f8000 {
compatible = "mmio-sram";
reg = <0x008f8000 0x4000>;
+ ranges = <0 0x008f8000 0x4000>;
+ #address-cells = <1>;
+ #size-cells = <1>;
clocks = <&clks IMX6SX_CLK_OCRAM_S>;
};
ocram: sram@900000 {
compatible = "mmio-sram";
reg = <0x00900000 0x20000>;
+ ranges = <0 0x00900000 0x20000>;
+ #address-cells = <1>;
+ #size-cells = <1>;
clocks = <&clks IMX6SX_CLK_OCRAM>;
};
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 349/390] kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (347 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 348/390] ARM: dts: imx6sx: " Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 350/390] arm64: dts: imx8mq-librem5: Add bq25895 as max17055s power supply Greg Kroah-Hartman
` (46 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Brown, Catalin Marinas, Sasha Levin
From: Mark Brown <broonie@kernel.org>
[ Upstream commit 5c152c2f66f9368394b89ac90dc7483476ef7b88 ]
When arm64 signal context data overflows the base struct sigcontext it gets
placed in an extra buffer pointed to by a record of type EXTRA_CONTEXT in
the base struct sigcontext which is required to be the last record in the
base struct sigframe. The current validation code attempts to check this
by using GET_RESV_NEXT_HEAD() to step forward from the current record to
the next but that is a macro which assumes it is being provided with a
struct _aarch64_ctx and uses the size there to skip forward to the next
record. Instead validate_extra_context() passes it a struct extra_context
which has a separate size field. This compiles but results in us trying
to validate a termination record in completely the wrong place, at best
failing validation and at worst just segfaulting. Fix this by passing
the struct _aarch64_ctx we meant to into the macro.
Signed-off-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20220829160703.874492-4-broonie@kernel.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/arm64/signal/testcases/testcases.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/arm64/signal/testcases/testcases.c b/tools/testing/selftests/arm64/signal/testcases/testcases.c
index 61ebcdf63831..a3ac5c2d8aac 100644
--- a/tools/testing/selftests/arm64/signal/testcases/testcases.c
+++ b/tools/testing/selftests/arm64/signal/testcases/testcases.c
@@ -33,7 +33,7 @@ bool validate_extra_context(struct extra_context *extra, char **err)
return false;
fprintf(stderr, "Validating EXTRA...\n");
- term = GET_RESV_NEXT_HEAD(extra);
+ term = GET_RESV_NEXT_HEAD(&extra->head);
if (!term || term->magic || term->size) {
*err = "Missing terminator after EXTRA context";
return false;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 350/390] arm64: dts: imx8mq-librem5: Add bq25895 as max17055s power supply
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (348 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 349/390] kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 351/390] btrfs: scrub: try to fix super block errors Greg Kroah-Hartman
` (45 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sebastian Krzyszkowiak,
Martin Kepplinger, Shawn Guo, Sasha Levin
From: Sebastian Krzyszkowiak <sebastian.krzyszkowiak@puri.sm>
[ Upstream commit 6effe295e1a87408033c29dbcea9d5a5c8b937d5 ]
This allows the userspace to notice that there's not enough
current provided to charge the battery, and also fixes issues
with 0% SOC values being considered invalid.
Signed-off-by: Sebastian Krzyszkowiak <sebastian.krzyszkowiak@puri.sm>
Signed-off-by: Martin Kepplinger <martin.kepplinger@puri.sm>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/freescale/imx8mq-librem5.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/boot/dts/freescale/imx8mq-librem5.dtsi b/arch/arm64/boot/dts/freescale/imx8mq-librem5.dtsi
index e3c6d1272198..325ea100969a 100644
--- a/arch/arm64/boot/dts/freescale/imx8mq-librem5.dtsi
+++ b/arch/arm64/boot/dts/freescale/imx8mq-librem5.dtsi
@@ -899,6 +899,7 @@
interrupts = <20 IRQ_TYPE_LEVEL_LOW>;
pinctrl-names = "default";
pinctrl-0 = <&pinctrl_gauge>;
+ power-supplies = <&bq25895>;
maxim,over-heat-temp = <700>;
maxim,over-volt = <4500>;
maxim,rsns-microohm = <5000>;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 351/390] btrfs: scrub: try to fix super block errors
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (349 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 350/390] arm64: dts: imx8mq-librem5: Add bq25895 as max17055s power supply Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 352/390] clk: zynqmp: Fix stack-out-of-bounds in strncpy` Greg Kroah-Hartman
` (44 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qu Wenruo, David Sterba, Sasha Levin
From: Qu Wenruo <wqu@suse.com>
[ Upstream commit f9eab5f0bba76742af654f33d517bf62a0db8f12 ]
[BUG]
The following script shows that, although scrub can detect super block
errors, it never tries to fix it:
mkfs.btrfs -f -d raid1 -m raid1 $dev1 $dev2
xfs_io -c "pwrite 67108864 4k" $dev2
mount $dev1 $mnt
btrfs scrub start -B $dev2
btrfs scrub start -Br $dev2
umount $mnt
The first scrub reports the super error correctly:
scrub done for f3289218-abd3-41ac-a630-202f766c0859
Scrub started: Tue Aug 2 14:44:11 2022
Status: finished
Duration: 0:00:00
Total to scrub: 1.26GiB
Rate: 0.00B/s
Error summary: super=1
Corrected: 0
Uncorrectable: 0
Unverified: 0
But the second read-only scrub still reports the same super error:
Scrub started: Tue Aug 2 14:44:11 2022
Status: finished
Duration: 0:00:00
Total to scrub: 1.26GiB
Rate: 0.00B/s
Error summary: super=1
Corrected: 0
Uncorrectable: 0
Unverified: 0
[CAUSE]
The comments already shows that super block can be easily fixed by
committing a transaction:
/*
* If we find an error in a super block, we just report it.
* They will get written with the next transaction commit
* anyway
*/
But the truth is, such assumption is not always true, and since scrub
should try to repair every error it found (except for read-only scrub),
we should really actively commit a transaction to fix this.
[FIX]
Just commit a transaction if we found any super block errors, after
everything else is done.
We cannot do this just after scrub_supers(), as
btrfs_commit_transaction() will try to pause and wait for the running
scrub, thus we can not call it with scrub_lock hold.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/scrub.c | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c
index 0392c556af60..88b9a5394561 100644
--- a/fs/btrfs/scrub.c
+++ b/fs/btrfs/scrub.c
@@ -3811,6 +3811,7 @@ int btrfs_scrub_dev(struct btrfs_fs_info *fs_info, u64 devid, u64 start,
int ret;
struct btrfs_device *dev;
unsigned int nofs_flag;
+ bool need_commit = false;
if (btrfs_fs_closing(fs_info))
return -EAGAIN;
@@ -3924,6 +3925,12 @@ int btrfs_scrub_dev(struct btrfs_fs_info *fs_info, u64 devid, u64 start,
*/
nofs_flag = memalloc_nofs_save();
if (!is_dev_replace) {
+ u64 old_super_errors;
+
+ spin_lock(&sctx->stat_lock);
+ old_super_errors = sctx->stat.super_errors;
+ spin_unlock(&sctx->stat_lock);
+
btrfs_info(fs_info, "scrub: started on devid %llu", devid);
/*
* by holding device list mutex, we can
@@ -3932,6 +3939,16 @@ int btrfs_scrub_dev(struct btrfs_fs_info *fs_info, u64 devid, u64 start,
mutex_lock(&fs_info->fs_devices->device_list_mutex);
ret = scrub_supers(sctx, dev);
mutex_unlock(&fs_info->fs_devices->device_list_mutex);
+
+ spin_lock(&sctx->stat_lock);
+ /*
+ * Super block errors found, but we can not commit transaction
+ * at current context, since btrfs_commit_transaction() needs
+ * to pause the current running scrub (hold by ourselves).
+ */
+ if (sctx->stat.super_errors > old_super_errors && !sctx->readonly)
+ need_commit = true;
+ spin_unlock(&sctx->stat_lock);
}
if (!ret)
@@ -3958,6 +3975,25 @@ int btrfs_scrub_dev(struct btrfs_fs_info *fs_info, u64 devid, u64 start,
scrub_workers_put(fs_info);
scrub_put_ctx(sctx);
+ /*
+ * We found some super block errors before, now try to force a
+ * transaction commit, as scrub has finished.
+ */
+ if (need_commit) {
+ struct btrfs_trans_handle *trans;
+
+ trans = btrfs_start_transaction(fs_info->tree_root, 0);
+ if (IS_ERR(trans)) {
+ ret = PTR_ERR(trans);
+ btrfs_err(fs_info,
+ "scrub: failed to start transaction to fix super block errors: %d", ret);
+ return ret;
+ }
+ ret = btrfs_commit_transaction(trans);
+ if (ret < 0)
+ btrfs_err(fs_info,
+ "scrub: failed to commit transaction to fix super block errors: %d", ret);
+ }
return ret;
out:
scrub_workers_put(fs_info);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 352/390] clk: zynqmp: Fix stack-out-of-bounds in strncpy`
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (350 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 351/390] btrfs: scrub: try to fix super block errors Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 353/390] media: cx88: Fix a null-ptr-deref bug in buffer_prepare() Greg Kroah-Hartman
` (43 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ian Nam, Shubhrajyoti Datta,
Michal Simek, Stephen Boyd, Sasha Levin
From: Ian Nam <young.kwan.nam@xilinx.com>
[ Upstream commit dd80fb2dbf1cd8751efbe4e53e54056f56a9b115 ]
"BUG: KASAN: stack-out-of-bounds in strncpy+0x30/0x68"
Linux-ATF interface is using 16 bytes of SMC payload. In case clock name is
longer than 15 bytes, string terminated NULL character will not be received
by Linux. Add explicit NULL character at last byte to fix issues when clock
name is longer.
This fixes below bug reported by KASAN:
==================================================================
BUG: KASAN: stack-out-of-bounds in strncpy+0x30/0x68
Read of size 1 at addr ffff0008c89a7410 by task swapper/0/1
CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.4.0-00396-g81ef9e7-dirty #3
Hardware name: Xilinx Versal vck190 Eval board revA (QSPI) (DT)
Call trace:
dump_backtrace+0x0/0x1e8
show_stack+0x14/0x20
dump_stack+0xd4/0x108
print_address_description.isra.0+0xbc/0x37c
__kasan_report+0x144/0x198
kasan_report+0xc/0x18
__asan_load1+0x5c/0x68
strncpy+0x30/0x68
zynqmp_clock_probe+0x238/0x7b8
platform_drv_probe+0x6c/0xc8
really_probe+0x14c/0x418
driver_probe_device+0x74/0x130
__device_attach_driver+0xc4/0xe8
bus_for_each_drv+0xec/0x150
__device_attach+0x160/0x1d8
device_initial_probe+0x10/0x18
bus_probe_device+0xe0/0xf0
device_add+0x528/0x950
of_device_add+0x5c/0x80
of_platform_device_create_pdata+0x120/0x168
of_platform_bus_create+0x244/0x4e0
of_platform_populate+0x50/0xe8
zynqmp_firmware_probe+0x370/0x3a8
platform_drv_probe+0x6c/0xc8
really_probe+0x14c/0x418
driver_probe_device+0x74/0x130
device_driver_attach+0x94/0xa0
__driver_attach+0x70/0x108
bus_for_each_dev+0xe4/0x158
driver_attach+0x30/0x40
bus_add_driver+0x21c/0x2b8
driver_register+0xbc/0x1d0
__platform_driver_register+0x7c/0x88
zynqmp_firmware_driver_init+0x1c/0x24
do_one_initcall+0xa4/0x234
kernel_init_freeable+0x1b0/0x24c
kernel_init+0x10/0x110
ret_from_fork+0x10/0x18
The buggy address belongs to the page:
page:ffff0008f9be1c88 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
raw: 0008d00000000000 ffff0008f9be1c90 ffff0008f9be1c90 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff
page dumped because: kasan: bad access detected
addr ffff0008c89a7410 is located in stack of task swapper/0/1 at offset 112 in frame:
zynqmp_clock_probe+0x0/0x7b8
this frame has 3 objects:
[32, 44) 'response'
[64, 80) 'ret_payload'
[96, 112) 'name'
Memory state around the buggy address:
ffff0008c89a7300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff0008c89a7380: 00 00 00 00 f1 f1 f1 f1 00 04 f2 f2 00 00 f2 f2
>ffff0008c89a7400: 00 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
^
ffff0008c89a7480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff0008c89a7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
Signed-off-by: Ian Nam <young.kwan.nam@xilinx.com>
Signed-off-by: Shubhrajyoti Datta <shubhrajyoti.datta@xilinx.com>
Link: https://lore.kernel.org/r/20220510070154.29528-3-shubhrajyoti.datta@xilinx.com
Acked-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/zynqmp/clkc.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/clk/zynqmp/clkc.c b/drivers/clk/zynqmp/clkc.c
index db8d0d7161ce..9c82ae240c40 100644
--- a/drivers/clk/zynqmp/clkc.c
+++ b/drivers/clk/zynqmp/clkc.c
@@ -687,6 +687,13 @@ static void zynqmp_get_clock_info(void)
FIELD_PREP(CLK_ATTR_NODE_INDEX, i);
zynqmp_pm_clock_get_name(clock[i].clk_id, &name);
+
+ /*
+ * Terminate with NULL character in case name provided by firmware
+ * is longer and truncated due to size limit.
+ */
+ name.name[sizeof(name.name) - 1] = '\0';
+
if (!strcmp(name.name, RESERVED_CLK_NAME))
continue;
strncpy(clock[i].clk_name, name.name, MAX_NAME_LEN);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 353/390] media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (351 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 352/390] clk: zynqmp: Fix stack-out-of-bounds in strncpy` Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 354/390] clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate Greg Kroah-Hartman
` (42 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit 2b064d91440b33fba5b452f2d1b31f13ae911d71 ]
When the driver calls cx88_risc_buffer() to prepare the buffer, the
function call may fail, resulting in a empty buffer and null-ptr-deref
later in buffer_queue().
The following log can reveal it:
[ 41.822762] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI
[ 41.824488] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[ 41.828027] RIP: 0010:buffer_queue+0xc2/0x500
[ 41.836311] Call Trace:
[ 41.836945] __enqueue_in_driver+0x141/0x360
[ 41.837262] vb2_start_streaming+0x62/0x4a0
[ 41.838216] vb2_core_streamon+0x1da/0x2c0
[ 41.838516] __vb2_init_fileio+0x981/0xbc0
[ 41.839141] __vb2_perform_fileio+0xbf9/0x1120
[ 41.840072] vb2_fop_read+0x20e/0x400
[ 41.840346] v4l2_read+0x215/0x290
[ 41.840603] vfs_read+0x162/0x4c0
Fix this by checking the return value of cx88_risc_buffer()
[hverkuil: fix coding style issues]
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/cx88/cx88-vbi.c | 9 +++---
drivers/media/pci/cx88/cx88-video.c | 43 +++++++++++++++--------------
2 files changed, 26 insertions(+), 26 deletions(-)
diff --git a/drivers/media/pci/cx88/cx88-vbi.c b/drivers/media/pci/cx88/cx88-vbi.c
index 58489ea0c1da..7cf2271866d0 100644
--- a/drivers/media/pci/cx88/cx88-vbi.c
+++ b/drivers/media/pci/cx88/cx88-vbi.c
@@ -144,11 +144,10 @@ static int buffer_prepare(struct vb2_buffer *vb)
return -EINVAL;
vb2_set_plane_payload(vb, 0, size);
- cx88_risc_buffer(dev->pci, &buf->risc, sgt->sgl,
- 0, VBI_LINE_LENGTH * lines,
- VBI_LINE_LENGTH, 0,
- lines);
- return 0;
+ return cx88_risc_buffer(dev->pci, &buf->risc, sgt->sgl,
+ 0, VBI_LINE_LENGTH * lines,
+ VBI_LINE_LENGTH, 0,
+ lines);
}
static void buffer_finish(struct vb2_buffer *vb)
diff --git a/drivers/media/pci/cx88/cx88-video.c b/drivers/media/pci/cx88/cx88-video.c
index 8cffdacf6007..e5adffa3a99a 100644
--- a/drivers/media/pci/cx88/cx88-video.c
+++ b/drivers/media/pci/cx88/cx88-video.c
@@ -431,6 +431,7 @@ static int queue_setup(struct vb2_queue *q,
static int buffer_prepare(struct vb2_buffer *vb)
{
+ int ret;
struct vb2_v4l2_buffer *vbuf = to_vb2_v4l2_buffer(vb);
struct cx8800_dev *dev = vb->vb2_queue->drv_priv;
struct cx88_core *core = dev->core;
@@ -445,35 +446,35 @@ static int buffer_prepare(struct vb2_buffer *vb)
switch (core->field) {
case V4L2_FIELD_TOP:
- cx88_risc_buffer(dev->pci, &buf->risc,
- sgt->sgl, 0, UNSET,
- buf->bpl, 0, core->height);
+ ret = cx88_risc_buffer(dev->pci, &buf->risc,
+ sgt->sgl, 0, UNSET,
+ buf->bpl, 0, core->height);
break;
case V4L2_FIELD_BOTTOM:
- cx88_risc_buffer(dev->pci, &buf->risc,
- sgt->sgl, UNSET, 0,
- buf->bpl, 0, core->height);
+ ret = cx88_risc_buffer(dev->pci, &buf->risc,
+ sgt->sgl, UNSET, 0,
+ buf->bpl, 0, core->height);
break;
case V4L2_FIELD_SEQ_TB:
- cx88_risc_buffer(dev->pci, &buf->risc,
- sgt->sgl,
- 0, buf->bpl * (core->height >> 1),
- buf->bpl, 0,
- core->height >> 1);
+ ret = cx88_risc_buffer(dev->pci, &buf->risc,
+ sgt->sgl,
+ 0, buf->bpl * (core->height >> 1),
+ buf->bpl, 0,
+ core->height >> 1);
break;
case V4L2_FIELD_SEQ_BT:
- cx88_risc_buffer(dev->pci, &buf->risc,
- sgt->sgl,
- buf->bpl * (core->height >> 1), 0,
- buf->bpl, 0,
- core->height >> 1);
+ ret = cx88_risc_buffer(dev->pci, &buf->risc,
+ sgt->sgl,
+ buf->bpl * (core->height >> 1), 0,
+ buf->bpl, 0,
+ core->height >> 1);
break;
case V4L2_FIELD_INTERLACED:
default:
- cx88_risc_buffer(dev->pci, &buf->risc,
- sgt->sgl, 0, buf->bpl,
- buf->bpl, buf->bpl,
- core->height >> 1);
+ ret = cx88_risc_buffer(dev->pci, &buf->risc,
+ sgt->sgl, 0, buf->bpl,
+ buf->bpl, buf->bpl,
+ core->height >> 1);
break;
}
dprintk(2,
@@ -481,7 +482,7 @@ static int buffer_prepare(struct vb2_buffer *vb)
buf, buf->vb.vb2_buf.index, __func__,
core->width, core->height, dev->fmt->depth, dev->fmt->fourcc,
(unsigned long)buf->risc.dma);
- return 0;
+ return ret;
}
static void buffer_finish(struct vb2_buffer *vb)
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 354/390] clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (352 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 353/390] media: cx88: Fix a null-ptr-deref bug in buffer_prepare() Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 355/390] usb: host: xhci-plat: suspend and resume clocks Greg Kroah-Hartman
` (41 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Quanyang Wang, Shubhrajyoti Datta,
Stephen Boyd, Sasha Levin
From: Quanyang Wang <quanyang.wang@windriver.com>
[ Upstream commit 30eaf02149ecc3c5815e45d27187bf09e925071d ]
The function zynqmp_pll_round_rate is used to find a most appropriate
PLL frequency which the hardware can generate according to the desired
frequency. For example, if the desired frequency is 297MHz, considering
the limited range from PS_PLL_VCO_MIN (1.5GHz) to PS_PLL_VCO_MAX (3.0GHz)
of PLL, zynqmp_pll_round_rate should return 1.872GHz (297MHz * 5).
There are two problems with the current code of zynqmp_pll_round_rate:
1) When the rate is below PS_PLL_VCO_MIN, it can't find a correct rate
when the parameter "rate" is an integer multiple of *prate, in other words,
if "f" is zero, zynqmp_pll_round_rate won't return a valid frequency which
is from PS_PLL_VCO_MIN to PS_PLL_VCO_MAX. For example, *prate is 33MHz
and the rate is 660MHz, zynqmp_pll_round_rate will not boost up rate and
just return 660MHz, and this will cause clk_calc_new_rates failure since
zynqmp_pll_round_rate returns an invalid rate out of its boundaries.
2) Even if the rate is higher than PS_PLL_VCO_MIN, there is still a risk
that zynqmp_pll_round_rate returns an invalid rate because the function
DIV_ROUND_CLOSEST makes some loss in the fractional part. If the parent
clock *prate is 33333333Hz and we want to set the PLL rate to 1.5GHz,
this function will return 1499999985Hz by using the formula below:
value = *prate * DIV_ROUND_CLOSEST(rate, *prate)).
This value is also invalid since it's slightly smaller than PS_PLL_VCO_MIN.
because DIV_ROUND_CLOSEST makes some loss in the fractional part.
Signed-off-by: Quanyang Wang <quanyang.wang@windriver.com>
Link: https://lore.kernel.org/r/20220826142030.213805-1-quanyang.wang@windriver.com
Reviewed-by: Shubhrajyoti Datta <shubhrajyoti.datta@amd.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/zynqmp/pll.c | 31 +++++++++++++++----------------
1 file changed, 15 insertions(+), 16 deletions(-)
diff --git a/drivers/clk/zynqmp/pll.c b/drivers/clk/zynqmp/pll.c
index abe6afbf3407..2ae7f9129b07 100644
--- a/drivers/clk/zynqmp/pll.c
+++ b/drivers/clk/zynqmp/pll.c
@@ -99,26 +99,25 @@ static long zynqmp_pll_round_rate(struct clk_hw *hw, unsigned long rate,
unsigned long *prate)
{
u32 fbdiv;
- long rate_div, f;
+ u32 mult, div;
- /* Enable the fractional mode if needed */
- rate_div = (rate * FRAC_DIV) / *prate;
- f = rate_div % FRAC_DIV;
- if (f) {
- if (rate > PS_PLL_VCO_MAX) {
- fbdiv = rate / PS_PLL_VCO_MAX;
- rate = rate / (fbdiv + 1);
- }
- if (rate < PS_PLL_VCO_MIN) {
- fbdiv = DIV_ROUND_UP(PS_PLL_VCO_MIN, rate);
- rate = rate * fbdiv;
- }
- return rate;
+ /* Let rate fall inside the range PS_PLL_VCO_MIN ~ PS_PLL_VCO_MAX */
+ if (rate > PS_PLL_VCO_MAX) {
+ div = DIV_ROUND_UP(rate, PS_PLL_VCO_MAX);
+ rate = rate / div;
+ }
+ if (rate < PS_PLL_VCO_MIN) {
+ mult = DIV_ROUND_UP(PS_PLL_VCO_MIN, rate);
+ rate = rate * mult;
}
fbdiv = DIV_ROUND_CLOSEST(rate, *prate);
- fbdiv = clamp_t(u32, fbdiv, PLL_FBDIV_MIN, PLL_FBDIV_MAX);
- return *prate * fbdiv;
+ if (fbdiv < PLL_FBDIV_MIN || fbdiv > PLL_FBDIV_MAX) {
+ fbdiv = clamp_t(u32, fbdiv, PLL_FBDIV_MIN, PLL_FBDIV_MAX);
+ rate = *prate * fbdiv;
+ }
+
+ return rate;
}
/**
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 355/390] usb: host: xhci-plat: suspend and resume clocks
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (353 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 354/390] clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 356/390] usb: host: xhci-plat: suspend/resume clks for brcm Greg Kroah-Hartman
` (40 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Florian Fainelli, Justin Chen, Sasha Levin
From: Justin Chen <justinpopo6@gmail.com>
[ Upstream commit 8bd954c56197caf5e3a804d989094bc3fe6329aa ]
Introduce XHCI_SUSPEND_RESUME_CLKS quirk as a means to suspend and resume
clocks if the hardware is capable of doing so. We assume that clocks will
be needed if the device may wake.
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Justin Chen <justinpopo6@gmail.com>
Link: https://lore.kernel.org/r/1660170455-15781-2-git-send-email-justinpopo6@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/xhci-plat.c | 16 +++++++++++++++-
drivers/usb/host/xhci.h | 1 +
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/host/xhci-plat.c b/drivers/usb/host/xhci-plat.c
index dc570ce4e831..2687662f26b6 100644
--- a/drivers/usb/host/xhci-plat.c
+++ b/drivers/usb/host/xhci-plat.c
@@ -447,7 +447,16 @@ static int __maybe_unused xhci_plat_suspend(struct device *dev)
* xhci_suspend() needs `do_wakeup` to know whether host is allowed
* to do wakeup during suspend.
*/
- return xhci_suspend(xhci, device_may_wakeup(dev));
+ ret = xhci_suspend(xhci, device_may_wakeup(dev));
+ if (ret)
+ return ret;
+
+ if (!device_may_wakeup(dev) && (xhci->quirks & XHCI_SUSPEND_RESUME_CLKS)) {
+ clk_disable_unprepare(xhci->clk);
+ clk_disable_unprepare(xhci->reg_clk);
+ }
+
+ return 0;
}
static int __maybe_unused xhci_plat_resume(struct device *dev)
@@ -456,6 +465,11 @@ static int __maybe_unused xhci_plat_resume(struct device *dev)
struct xhci_hcd *xhci = hcd_to_xhci(hcd);
int ret;
+ if (!device_may_wakeup(dev) && (xhci->quirks & XHCI_SUSPEND_RESUME_CLKS)) {
+ clk_prepare_enable(xhci->clk);
+ clk_prepare_enable(xhci->reg_clk);
+ }
+
ret = xhci_priv_resume_quirk(hcd);
if (ret)
return ret;
diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h
index 6f16a05b1958..e668740000b2 100644
--- a/drivers/usb/host/xhci.h
+++ b/drivers/usb/host/xhci.h
@@ -1888,6 +1888,7 @@ struct xhci_hcd {
#define XHCI_SG_TRB_CACHE_SIZE_QUIRK BIT_ULL(39)
#define XHCI_NO_SOFT_RETRY BIT_ULL(40)
#define XHCI_EP_CTX_BROKEN_DCS BIT_ULL(42)
+#define XHCI_SUSPEND_RESUME_CLKS BIT_ULL(43)
unsigned int num_active_eps;
unsigned int limit_active_eps;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 356/390] usb: host: xhci-plat: suspend/resume clks for brcm
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (354 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 355/390] usb: host: xhci-plat: suspend and resume clocks Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 357/390] scsi: 3w-9xxx: Avoid disabling device if failing to enable it Greg Kroah-Hartman
` (39 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Florian Fainelli, Justin Chen, Sasha Levin
From: Justin Chen <justinpopo6@gmail.com>
[ Upstream commit c69400b09e471a3f1167adead55a808f0da6534a ]
The xhci_plat_brcm xhci block can enter suspend with clock disabled to save
power and re-enable them on resume. Make use of the XHCI_SUSPEND_RESUME_CLKS
quirk to do so.
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Justin Chen <justinpopo6@gmail.com>
Link: https://lore.kernel.org/r/1660170455-15781-3-git-send-email-justinpopo6@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/xhci-plat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/host/xhci-plat.c b/drivers/usb/host/xhci-plat.c
index 2687662f26b6..972a44b2a7f1 100644
--- a/drivers/usb/host/xhci-plat.c
+++ b/drivers/usb/host/xhci-plat.c
@@ -134,7 +134,7 @@ static const struct xhci_plat_priv xhci_plat_renesas_rcar_gen3 = {
};
static const struct xhci_plat_priv xhci_plat_brcm = {
- .quirks = XHCI_RESET_ON_RESUME,
+ .quirks = XHCI_RESET_ON_RESUME | XHCI_SUSPEND_RESUME_CLKS,
};
static const struct of_device_id usb_xhci_of_match[] = {
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 357/390] scsi: 3w-9xxx: Avoid disabling device if failing to enable it
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (355 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 356/390] usb: host: xhci-plat: suspend/resume clks for brcm Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 358/390] nbd: Fix hung when signal interrupts nbd_start_device_ioctl() Greg Kroah-Hartman
` (38 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Letu Ren,
Martin K. Petersen, Sasha Levin
From: Letu Ren <fantasquex@gmail.com>
[ Upstream commit 7eff437b5ee1309b34667844361c6bbb5c97df05 ]
The original code will "goto out_disable_device" and call
pci_disable_device() if pci_enable_device() fails. The kernel will generate
a warning message like "3w-9xxx 0000:00:05.0: disabling already-disabled
device".
We shouldn't disable a device that failed to be enabled. A simple return is
fine.
Link: https://lore.kernel.org/r/20220829110115.38789-1-fantasquex@gmail.com
Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Letu Ren <fantasquex@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/3w-9xxx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/3w-9xxx.c b/drivers/scsi/3w-9xxx.c
index 3337b1e80412..f6f92033132a 100644
--- a/drivers/scsi/3w-9xxx.c
+++ b/drivers/scsi/3w-9xxx.c
@@ -2014,7 +2014,7 @@ static int twa_probe(struct pci_dev *pdev, const struct pci_device_id *dev_id)
retval = pci_enable_device(pdev);
if (retval) {
TW_PRINTK(host, TW_DRIVER, 0x34, "Failed to enable pci device");
- goto out_disable_device;
+ return -ENODEV;
}
pci_set_master(pdev);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 358/390] nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (356 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 357/390] scsi: 3w-9xxx: Avoid disabling device if failing to enable it Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 359/390] power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() Greg Kroah-Hartman
` (37 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+38e6c55d4969a14c1534,
Shigeru Yoshida, Josef Bacik, Jens Axboe, Sasha Levin
From: Shigeru Yoshida <syoshida@redhat.com>
[ Upstream commit 1de7c3cf48fc41cd95adb12bd1ea9033a917798a ]
syzbot reported hung task [1]. The following program is a simplified
version of the reproducer:
int main(void)
{
int sv[2], fd;
if (socketpair(AF_UNIX, SOCK_STREAM, 0, sv) < 0)
return 1;
if ((fd = open("/dev/nbd0", 0)) < 0)
return 1;
if (ioctl(fd, NBD_SET_SIZE_BLOCKS, 0x81) < 0)
return 1;
if (ioctl(fd, NBD_SET_SOCK, sv[0]) < 0)
return 1;
if (ioctl(fd, NBD_DO_IT) < 0)
return 1;
return 0;
}
When signal interrupt nbd_start_device_ioctl() waiting the condition
atomic_read(&config->recv_threads) == 0, the task can hung because it
waits the completion of the inflight IOs.
This patch fixes the issue by clearing queue, not just shutdown, when
signal interrupt nbd_start_device_ioctl().
Link: https://syzkaller.appspot.com/bug?id=7d89a3ffacd2b83fdd39549bc4d8e0a89ef21239 [1]
Reported-by: syzbot+38e6c55d4969a14c1534@syzkaller.appspotmail.com
Signed-off-by: Shigeru Yoshida <syoshida@redhat.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20220907163502.577561-1-syoshida@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/nbd.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index 4a6b82d434ee..b0d3dadeb964 100644
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -1342,10 +1342,12 @@ static int nbd_start_device_ioctl(struct nbd_device *nbd, struct block_device *b
mutex_unlock(&nbd->config_lock);
ret = wait_event_interruptible(config->recv_wq,
atomic_read(&config->recv_threads) == 0);
- if (ret)
+ if (ret) {
sock_shutdown(nbd);
- flush_workqueue(nbd->recv_workq);
+ nbd_clear_que(nbd);
+ }
+ flush_workqueue(nbd->recv_workq);
mutex_lock(&nbd->config_lock);
nbd_bdev_reset(bdev);
/* user requested, ignore socket errors */
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 359/390] power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (357 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 358/390] nbd: Fix hung when signal interrupts nbd_start_device_ioctl() Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 360/390] staging: vt6655: fix potential memory leak Greg Kroah-Hartman
` (36 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wei Yongjun, Michael Hennerich,
Sebastian Reichel, Sasha Levin
From: Wei Yongjun <weiyongjun1@huawei.com>
[ Upstream commit 9d47e01b9d807808224347935562f7043a358054 ]
ADP5061_CHG_STATUS_1_CHG_STATUS is masked with 0x07, which means a length
of 8, but adp5061_chg_type array size is 4, may end up reading 4 elements
beyond the end of the adp5061_chg_type[] array.
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Acked-by: Michael Hennerich <michael.hennerich@analog.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/adp5061.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/power/supply/adp5061.c b/drivers/power/supply/adp5061.c
index 003557043ab3..daee1161c305 100644
--- a/drivers/power/supply/adp5061.c
+++ b/drivers/power/supply/adp5061.c
@@ -427,11 +427,11 @@ static int adp5061_get_chg_type(struct adp5061_state *st,
if (ret < 0)
return ret;
- chg_type = adp5061_chg_type[ADP5061_CHG_STATUS_1_CHG_STATUS(status1)];
- if (chg_type > ADP5061_CHG_FAST_CV)
+ chg_type = ADP5061_CHG_STATUS_1_CHG_STATUS(status1);
+ if (chg_type >= ARRAY_SIZE(adp5061_chg_type))
val->intval = POWER_SUPPLY_STATUS_UNKNOWN;
else
- val->intval = chg_type;
+ val->intval = adp5061_chg_type[chg_type];
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 360/390] staging: vt6655: fix potential memory leak
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (358 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 359/390] power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 361/390] blk-throttle: prevent overflow while calculating wait time Greg Kroah-Hartman
` (35 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Philipp Hortmann, Nam Cao, Sasha Levin
From: Nam Cao <namcaov@gmail.com>
[ Upstream commit c8ff91535880d41b49699b3829fb6151942de29e ]
In function device_init_td0_ring, memory is allocated for member
td_info of priv->apTD0Rings[i], with i increasing from 0. In case of
allocation failure, the memory is freed in reversed order, with i
decreasing to 0. However, the case i=0 is left out and thus memory is
leaked.
Modify the memory freeing loop to include the case i=0.
Tested-by: Philipp Hortmann <philipp.g.hortmann@gmail.com>
Signed-off-by: Nam Cao <namcaov@gmail.com>
Link: https://lore.kernel.org/r/20220909141338.19343-1-namcaov@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/vt6655/device_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/vt6655/device_main.c b/drivers/staging/vt6655/device_main.c
index 0dd70173a754..343f0de03154 100644
--- a/drivers/staging/vt6655/device_main.c
+++ b/drivers/staging/vt6655/device_main.c
@@ -675,7 +675,7 @@ static int device_init_td0_ring(struct vnt_private *priv)
return 0;
err_free_desc:
- while (--i) {
+ while (i--) {
desc = &priv->apTD0Rings[i];
kfree(desc->td_info);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 361/390] blk-throttle: prevent overflow while calculating wait time
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (359 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 360/390] staging: vt6655: fix potential memory leak Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 362/390] ata: libahci_platform: Sanity check the DT child nodes number Greg Kroah-Hartman
` (34 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yu Kuai, Tejun Heo, Jens Axboe, Sasha Levin
From: Yu Kuai <yukuai3@huawei.com>
[ Upstream commit 8d6bbaada2e0a65f9012ac4c2506460160e7237a ]
There is a problem found by code review in tg_with_in_bps_limit() that
'bps_limit * jiffy_elapsed_rnd' might overflow. Fix the problem by
calling mul_u64_u64_div_u64() instead.
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Acked-by: Tejun Heo <tj@kernel.org>
Link: https://lore.kernel.org/r/20220829022240.3348319-3-yukuai1@huaweicloud.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-throttle.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/block/blk-throttle.c b/block/blk-throttle.c
index c53a254171a2..c526fdd0a7b9 100644
--- a/block/blk-throttle.c
+++ b/block/blk-throttle.c
@@ -944,7 +944,7 @@ static bool tg_with_in_bps_limit(struct throtl_grp *tg, struct bio *bio,
u64 bps_limit, unsigned long *wait)
{
bool rw = bio_data_dir(bio);
- u64 bytes_allowed, extra_bytes, tmp;
+ u64 bytes_allowed, extra_bytes;
unsigned long jiffy_elapsed, jiffy_wait, jiffy_elapsed_rnd;
unsigned int bio_size = throtl_bio_data_size(bio);
@@ -961,10 +961,8 @@ static bool tg_with_in_bps_limit(struct throtl_grp *tg, struct bio *bio,
jiffy_elapsed_rnd = tg->td->throtl_slice;
jiffy_elapsed_rnd = roundup(jiffy_elapsed_rnd, tg->td->throtl_slice);
-
- tmp = bps_limit * jiffy_elapsed_rnd;
- do_div(tmp, HZ);
- bytes_allowed = tmp;
+ bytes_allowed = mul_u64_u64_div_u64(bps_limit, (u64)jiffy_elapsed_rnd,
+ (u64)HZ);
if (tg->bytes_disp[rw] + bio_size <= bytes_allowed) {
if (wait)
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 362/390] ata: libahci_platform: Sanity check the DT child nodes number
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (360 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 361/390] blk-throttle: prevent overflow while calculating wait time Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 363/390] bcache: fix set_at_max_writeback_rate() for multiple attached devices Greg Kroah-Hartman
` (33 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Semin, Hannes Reinecke,
Damien Le Moal, Sasha Levin
From: Serge Semin <Sergey.Semin@baikalelectronics.ru>
[ Upstream commit 3c132ea6508b34956e5ed88d04936983ec230601 ]
Having greater than AHCI_MAX_PORTS (32) ports detected isn't that critical
from the further AHCI-platform initialization point of view since
exceeding the ports upper limit will cause allocating more resources than
will be used afterwards. But detecting too many child DT-nodes doesn't
seem right since it's very unlikely to have it on an ordinary platform. In
accordance with the AHCI specification there can't be more than 32 ports
implemented at least due to having the CAP.NP field of 5 bits wide and the
PI register of dword size. Thus if such situation is found the DTB must
have been corrupted and the data read from it shouldn't be reliable. Let's
consider that as an erroneous situation and halt further resources
allocation.
Note it's logically more correct to have the nports set only after the
initialization value is checked for being sane. So while at it let's make
sure nports is assigned with a correct value.
Signed-off-by: Serge Semin <Sergey.Semin@baikalelectronics.ru>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ata/libahci_platform.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/drivers/ata/libahci_platform.c b/drivers/ata/libahci_platform.c
index 0910441321f7..64d6da0a5303 100644
--- a/drivers/ata/libahci_platform.c
+++ b/drivers/ata/libahci_platform.c
@@ -451,14 +451,24 @@ struct ahci_host_priv *ahci_platform_get_resources(struct platform_device *pdev,
}
}
- hpriv->nports = child_nodes = of_get_child_count(dev->of_node);
+ /*
+ * Too many sub-nodes most likely means having something wrong with
+ * the firmware.
+ */
+ child_nodes = of_get_child_count(dev->of_node);
+ if (child_nodes > AHCI_MAX_PORTS) {
+ rc = -EINVAL;
+ goto err_out;
+ }
/*
* If no sub-node was found, we still need to set nports to
* one in order to be able to use the
* ahci_platform_[en|dis]able_[phys|regulators] functions.
*/
- if (!child_nodes)
+ if (child_nodes)
+ hpriv->nports = child_nodes;
+ else
hpriv->nports = 1;
hpriv->phys = devm_kcalloc(dev, hpriv->nports, sizeof(*hpriv->phys), GFP_KERNEL);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 363/390] bcache: fix set_at_max_writeback_rate() for multiple attached devices
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (361 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 362/390] ata: libahci_platform: Sanity check the DT child nodes number Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 364/390] soundwire: cadence: Dont overwrite msg->buf during write commands Greg Kroah-Hartman
` (32 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mingzhe Zou, Coly Li, Jens Axboe,
Sasha Levin
From: Coly Li <colyli@suse.de>
[ Upstream commit d2d05b88035d2d51a5bb6c5afec88a0880c73df4 ]
Inside set_at_max_writeback_rate() the calculation in following if()
check is wrong,
if (atomic_inc_return(&c->idle_counter) <
atomic_read(&c->attached_dev_nr) * 6)
Because each attached backing device has its own writeback thread
running and increasing c->idle_counter, the counter increates much
faster than expected. The correct calculation should be,
(counter / dev_nr) < dev_nr * 6
which equals to,
counter < dev_nr * dev_nr * 6
This patch fixes the above mistake with correct calculation, and helper
routine idle_counter_exceeded() is added to make code be more clear.
Reported-by: Mingzhe Zou <mingzhe.zou@easystack.cn>
Signed-off-by: Coly Li <colyli@suse.de>
Acked-by: Mingzhe Zou <mingzhe.zou@easystack.cn>
Link: https://lore.kernel.org/r/20220919161647.81238-6-colyli@suse.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/bcache/writeback.c | 73 +++++++++++++++++++++++++----------
1 file changed, 52 insertions(+), 21 deletions(-)
diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c
index a878b959fbcd..3aa73da2c67b 100644
--- a/drivers/md/bcache/writeback.c
+++ b/drivers/md/bcache/writeback.c
@@ -119,6 +119,53 @@ static void __update_writeback_rate(struct cached_dev *dc)
dc->writeback_rate_target = target;
}
+static bool idle_counter_exceeded(struct cache_set *c)
+{
+ int counter, dev_nr;
+
+ /*
+ * If c->idle_counter is overflow (idel for really long time),
+ * reset as 0 and not set maximum rate this time for code
+ * simplicity.
+ */
+ counter = atomic_inc_return(&c->idle_counter);
+ if (counter <= 0) {
+ atomic_set(&c->idle_counter, 0);
+ return false;
+ }
+
+ dev_nr = atomic_read(&c->attached_dev_nr);
+ if (dev_nr == 0)
+ return false;
+
+ /*
+ * c->idle_counter is increased by writeback thread of all
+ * attached backing devices, in order to represent a rough
+ * time period, counter should be divided by dev_nr.
+ * Otherwise the idle time cannot be larger with more backing
+ * device attached.
+ * The following calculation equals to checking
+ * (counter / dev_nr) < (dev_nr * 6)
+ */
+ if (counter < (dev_nr * dev_nr * 6))
+ return false;
+
+ return true;
+}
+
+/*
+ * Idle_counter is increased every time when update_writeback_rate() is
+ * called. If all backing devices attached to the same cache set have
+ * identical dc->writeback_rate_update_seconds values, it is about 6
+ * rounds of update_writeback_rate() on each backing device before
+ * c->at_max_writeback_rate is set to 1, and then max wrteback rate set
+ * to each dc->writeback_rate.rate.
+ * In order to avoid extra locking cost for counting exact dirty cached
+ * devices number, c->attached_dev_nr is used to calculate the idle
+ * throushold. It might be bigger if not all cached device are in write-
+ * back mode, but it still works well with limited extra rounds of
+ * update_writeback_rate().
+ */
static bool set_at_max_writeback_rate(struct cache_set *c,
struct cached_dev *dc)
{
@@ -129,21 +176,8 @@ static bool set_at_max_writeback_rate(struct cache_set *c,
/* Don't set max writeback rate if gc is running */
if (!c->gc_mark_valid)
return false;
- /*
- * Idle_counter is increased everytime when update_writeback_rate() is
- * called. If all backing devices attached to the same cache set have
- * identical dc->writeback_rate_update_seconds values, it is about 6
- * rounds of update_writeback_rate() on each backing device before
- * c->at_max_writeback_rate is set to 1, and then max wrteback rate set
- * to each dc->writeback_rate.rate.
- * In order to avoid extra locking cost for counting exact dirty cached
- * devices number, c->attached_dev_nr is used to calculate the idle
- * throushold. It might be bigger if not all cached device are in write-
- * back mode, but it still works well with limited extra rounds of
- * update_writeback_rate().
- */
- if (atomic_inc_return(&c->idle_counter) <
- atomic_read(&c->attached_dev_nr) * 6)
+
+ if (!idle_counter_exceeded(c))
return false;
if (atomic_read(&c->at_max_writeback_rate) != 1)
@@ -157,13 +191,10 @@ static bool set_at_max_writeback_rate(struct cache_set *c,
dc->writeback_rate_change = 0;
/*
- * Check c->idle_counter and c->at_max_writeback_rate agagain in case
- * new I/O arrives during before set_at_max_writeback_rate() returns.
- * Then the writeback rate is set to 1, and its new value should be
- * decided via __update_writeback_rate().
+ * In case new I/O arrives during before
+ * set_at_max_writeback_rate() returns.
*/
- if ((atomic_read(&c->idle_counter) <
- atomic_read(&c->attached_dev_nr) * 6) ||
+ if (!idle_counter_exceeded(c) ||
!atomic_read(&c->at_max_writeback_rate))
return false;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 364/390] soundwire: cadence: Dont overwrite msg->buf during write commands
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (362 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 363/390] bcache: fix set_at_max_writeback_rate() for multiple attached devices Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 365/390] soundwire: intel: fix error handling on dai registration issues Greg Kroah-Hartman
` (31 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Richard Fitzgerald,
Pierre-Louis Bossart, Vinod Koul, Sasha Levin
From: Richard Fitzgerald <rf@opensource.cirrus.com>
[ Upstream commit ba05b39d265bdd16913f7684600d9d41e2796745 ]
The buf passed in struct sdw_msg must only be written for a READ,
in that case the RDATA part of the response is the data value of the
register.
For a write command there is no RDATA, and buf should be assumed to
be const and unmodifable. The original caller should not expect its data
buffer to be corrupted by an sdw_nwrite().
Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20220916103505.1562210-1-rf@opensource.cirrus.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soundwire/cadence_master.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/soundwire/cadence_master.c b/drivers/soundwire/cadence_master.c
index c6d421a4b91b..a3247692ddc0 100644
--- a/drivers/soundwire/cadence_master.c
+++ b/drivers/soundwire/cadence_master.c
@@ -501,9 +501,12 @@ cdns_fill_msg_resp(struct sdw_cdns *cdns,
return SDW_CMD_IGNORED;
}
- /* fill response */
- for (i = 0; i < count; i++)
- msg->buf[i + offset] = FIELD_GET(CDNS_MCP_RESP_RDATA, cdns->response_buf[i]);
+ if (msg->flags == SDW_MSG_FLAG_READ) {
+ /* fill response */
+ for (i = 0; i < count; i++)
+ msg->buf[i + offset] = FIELD_GET(CDNS_MCP_RESP_RDATA,
+ cdns->response_buf[i]);
+ }
return SDW_CMD_OK;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 365/390] soundwire: intel: fix error handling on dai registration issues
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (363 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 364/390] soundwire: cadence: Dont overwrite msg->buf during write commands Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 366/390] HID: roccat: Fix use-after-free in roccat_read() Greg Kroah-Hartman
` (30 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pierre-Louis Bossart, Rander Wang,
Bard Liao, Vinod Koul, Sasha Levin
From: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
[ Upstream commit c6867cda906aadbce5e71efde9c78a26108b2bad ]
The call to intel_register_dai() may fail because of memory allocation
issues or problems reported by the ASoC core. In all cases, when a
error is thrown the component is not registered, it's invalid to
unregister it.
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Reviewed-by: Rander Wang <rander.wang@intel.com>
Signed-off-by: Bard Liao <yung-chuan.liao@linux.intel.com>
Link: https://lore.kernel.org/r/20220919175721.354679-2-yung-chuan.liao@linux.intel.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soundwire/intel.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/soundwire/intel.c b/drivers/soundwire/intel.c
index 824d9f900aca..942d2fe13218 100644
--- a/drivers/soundwire/intel.c
+++ b/drivers/soundwire/intel.c
@@ -1470,7 +1470,6 @@ int intel_master_startup(struct platform_device *pdev)
ret = intel_register_dai(sdw);
if (ret) {
dev_err(dev, "DAI registration failed: %d\n", ret);
- snd_soc_unregister_component(dev);
goto err_interrupt;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 366/390] HID: roccat: Fix use-after-free in roccat_read()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (364 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 365/390] soundwire: intel: fix error handling on dai registration issues Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 367/390] md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d Greg Kroah-Hartman
` (29 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hyunwoo Kim, Jiri Kosina, Sasha Levin
From: Hyunwoo Kim <imv4bel@gmail.com>
[ Upstream commit cacdb14b1c8d3804a3a7d31773bc7569837b71a4 ]
roccat_report_event() is responsible for registering
roccat-related reports in struct roccat_device.
int roccat_report_event(int minor, u8 const *data)
{
struct roccat_device *device;
struct roccat_reader *reader;
struct roccat_report *report;
uint8_t *new_value;
device = devices[minor];
new_value = kmemdup(data, device->report_size, GFP_ATOMIC);
if (!new_value)
return -ENOMEM;
report = &device->cbuf[device->cbuf_end];
/* passing NULL is safe */
kfree(report->value);
...
The registered report is stored in the struct roccat_device member
"struct roccat_report cbuf[ROCCAT_CBUF_SIZE];".
If more reports are received than the "ROCCAT_CBUF_SIZE" value,
kfree() the saved report from cbuf[0] and allocates a new reprot.
Since there is no lock when this kfree() is performed,
kfree() can be performed even while reading the saved report.
static ssize_t roccat_read(struct file *file, char __user *buffer,
size_t count, loff_t *ppos)
{
struct roccat_reader *reader = file->private_data;
struct roccat_device *device = reader->device;
struct roccat_report *report;
ssize_t retval = 0, len;
DECLARE_WAITQUEUE(wait, current);
mutex_lock(&device->cbuf_lock);
...
report = &device->cbuf[reader->cbuf_start];
/*
* If report is larger than requested amount of data, rest of report
* is lost!
*/
len = device->report_size > count ? count : device->report_size;
if (copy_to_user(buffer, report->value, len)) {
retval = -EFAULT;
goto exit_unlock;
}
...
The roccat_read() function receives the device->cbuf report and
delivers it to the user through copy_to_user().
If the N+ROCCAT_CBUF_SIZE th report is received while copying of
the Nth report->value is in progress, the pointer that copy_to_user()
is working on is kfree()ed and UAF read may occur. (race condition)
Since the device node of this driver does not set separate permissions,
this is not a security vulnerability, but because it is used for
requesting screen display of profile or dpi settings,
a user using the roccat device can apply udev to this device node or
There is a possibility to use it by giving.
Signed-off-by: Hyunwoo Kim <imv4bel@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-roccat.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/hid/hid-roccat.c b/drivers/hid/hid-roccat.c
index 26373b82fe81..6da80e442fdd 100644
--- a/drivers/hid/hid-roccat.c
+++ b/drivers/hid/hid-roccat.c
@@ -257,6 +257,8 @@ int roccat_report_event(int minor, u8 const *data)
if (!new_value)
return -ENOMEM;
+ mutex_lock(&device->cbuf_lock);
+
report = &device->cbuf[device->cbuf_end];
/* passing NULL is safe */
@@ -276,6 +278,8 @@ int roccat_report_event(int minor, u8 const *data)
reader->cbuf_start = (reader->cbuf_start + 1) % ROCCAT_CBUF_SIZE;
}
+ mutex_unlock(&device->cbuf_lock);
+
wake_up_interruptible(&device->wait);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 367/390] md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (365 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 366/390] HID: roccat: Fix use-after-free in roccat_read() Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 368/390] usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() Greg Kroah-Hartman
` (28 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Logan Gunthorpe, Song Liu, Sasha Levin
From: Logan Gunthorpe <logang@deltatee.com>
[ Upstream commit 5e2cf333b7bd5d3e62595a44d598a254c697cd74 ]
A complicated deadlock exists when using the journal and an elevated
group_thrtead_cnt. It was found with loop devices, but its not clear
whether it can be seen with real disks. The deadlock can occur simply
by writing data with an fio script.
When the deadlock occurs, multiple threads will hang in different ways:
1) The group threads will hang in the blk-wbt code with bios waiting to
be submitted to the block layer:
io_schedule+0x70/0xb0
rq_qos_wait+0x153/0x210
wbt_wait+0x115/0x1b0
io_schedule+0x70/0xb0
rq_qos_wait+0x153/0x210
wbt_wait+0x115/0x1b0
__rq_qos_throttle+0x38/0x60
blk_mq_submit_bio+0x589/0xcd0
wbt_wait+0x115/0x1b0
__rq_qos_throttle+0x38/0x60
blk_mq_submit_bio+0x589/0xcd0
__submit_bio+0xe6/0x100
submit_bio_noacct_nocheck+0x42e/0x470
submit_bio_noacct+0x4c2/0xbb0
ops_run_io+0x46b/0x1a30
handle_stripe+0xcd3/0x36b0
handle_active_stripes.constprop.0+0x6f6/0xa60
raid5_do_work+0x177/0x330
Or:
io_schedule+0x70/0xb0
rq_qos_wait+0x153/0x210
wbt_wait+0x115/0x1b0
__rq_qos_throttle+0x38/0x60
blk_mq_submit_bio+0x589/0xcd0
__submit_bio+0xe6/0x100
submit_bio_noacct_nocheck+0x42e/0x470
submit_bio_noacct+0x4c2/0xbb0
flush_deferred_bios+0x136/0x170
raid5_do_work+0x262/0x330
2) The r5l_reclaim thread will hang in the same way, submitting a
bio to the block layer:
io_schedule+0x70/0xb0
rq_qos_wait+0x153/0x210
wbt_wait+0x115/0x1b0
__rq_qos_throttle+0x38/0x60
blk_mq_submit_bio+0x589/0xcd0
__submit_bio+0xe6/0x100
submit_bio_noacct_nocheck+0x42e/0x470
submit_bio_noacct+0x4c2/0xbb0
submit_bio+0x3f/0xf0
md_super_write+0x12f/0x1b0
md_update_sb.part.0+0x7c6/0xff0
md_update_sb+0x30/0x60
r5l_do_reclaim+0x4f9/0x5e0
r5l_reclaim_thread+0x69/0x30b
However, before hanging, the MD_SB_CHANGE_PENDING flag will be
set for sb_flags in r5l_write_super_and_discard_space(). This
flag will never be cleared because the submit_bio() call never
returns.
3) Due to the MD_SB_CHANGE_PENDING flag being set, handle_stripe()
will do no processing on any pending stripes and re-set
STRIPE_HANDLE. This will cause the raid5d thread to enter an
infinite loop, constantly trying to handle the same stripes
stuck in the queue.
The raid5d thread has a blk_plug that holds a number of bios
that are also stuck waiting seeing the thread is in a loop
that never schedules. These bios have been accounted for by
blk-wbt thus preventing the other threads above from
continuing when they try to submit bios. --Deadlock.
To fix this, add the same wait_event() that is used in raid5_do_work()
to raid5d() such that if MD_SB_CHANGE_PENDING is set, the thread will
schedule and wait until the flag is cleared. The schedule action will
flush the plug which will allow the r5l_reclaim thread to continue,
thus preventing the deadlock.
However, md_check_recovery() calls can also clear MD_SB_CHANGE_PENDING
from the same thread and can thus deadlock if the thread is put to
sleep. So avoid waiting if md_check_recovery() is being called in the
loop.
It's not clear when the deadlock was introduced, but the similar
wait_event() call in raid5_do_work() was added in 2017 by this
commit:
16d997b78b15 ("md/raid5: simplfy delaying of writes while metadata
is updated.")
Link: https://lore.kernel.org/r/7f3b87b6-b52a-f737-51d7-a4eec5c44112@deltatee.com
Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid5.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -36,6 +36,7 @@
*/
#include <linux/blkdev.h>
+#include <linux/delay.h>
#include <linux/kthread.h>
#include <linux/raid/pq.h>
#include <linux/async_tx.h>
@@ -6519,7 +6520,18 @@ static void raid5d(struct md_thread *thr
spin_unlock_irq(&conf->device_lock);
md_check_recovery(mddev);
spin_lock_irq(&conf->device_lock);
+
+ /*
+ * Waiting on MD_SB_CHANGE_PENDING below may deadlock
+ * seeing md_check_recovery() is needed to clear
+ * the flag when using mdmon.
+ */
+ continue;
}
+
+ wait_event_lock_irq(mddev->sb_wait,
+ !test_bit(MD_SB_CHANGE_PENDING, &mddev->sb_flags),
+ conf->device_lock);
}
pr_debug("%d stripes handled\n", handled);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 368/390] usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (366 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 367/390] md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 369/390] usb: musb: Fix musb_gadget.c rxstate overflow bug Greg Kroah-Hartman
` (27 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jianglei Nie, Mathias Nyman, Sasha Levin
From: Jianglei Nie <niejianglei2021@163.com>
[ Upstream commit 7e271f42a5cc3768cd2622b929ba66859ae21f97 ]
xhci_alloc_stream_info() allocates stream context array for stream_info
->stream_ctx_array with xhci_alloc_stream_ctx(). When some error occurs,
stream_info->stream_ctx_array is not released, which will lead to a
memory leak.
We can fix it by releasing the stream_info->stream_ctx_array with
xhci_free_stream_ctx() on the error path to avoid the potential memory
leak.
Signed-off-by: Jianglei Nie <niejianglei2021@163.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20220921123450.671459-2-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/xhci-mem.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c
index 024e8911df34..1fba5605a88e 100644
--- a/drivers/usb/host/xhci-mem.c
+++ b/drivers/usb/host/xhci-mem.c
@@ -659,7 +659,7 @@ struct xhci_stream_info *xhci_alloc_stream_info(struct xhci_hcd *xhci,
num_stream_ctxs, &stream_info->ctx_array_dma,
mem_flags);
if (!stream_info->stream_ctx_array)
- goto cleanup_ctx;
+ goto cleanup_ring_array;
memset(stream_info->stream_ctx_array, 0,
sizeof(struct xhci_stream_ctx)*num_stream_ctxs);
@@ -720,6 +720,11 @@ struct xhci_stream_info *xhci_alloc_stream_info(struct xhci_hcd *xhci,
}
xhci_free_command(xhci, stream_info->free_streams_command);
cleanup_ctx:
+ xhci_free_stream_ctx(xhci,
+ stream_info->num_stream_ctxs,
+ stream_info->stream_ctx_array,
+ stream_info->ctx_array_dma);
+cleanup_ring_array:
kfree(stream_info->stream_rings);
cleanup_info:
kfree(stream_info);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 369/390] usb: musb: Fix musb_gadget.c rxstate overflow bug
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (367 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 368/390] usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 370/390] Revert "usb: storage: Add quirk for Samsung Fit flash" Greg Kroah-Hartman
` (26 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Robin Guo, Sasha Levin
From: Robin Guo <guoweibin@inspur.com>
[ Upstream commit eea4c860c3b366369eff0489d94ee4f0571d467d ]
The usb function device call musb_gadget_queue() adds the passed
request to musb_ep::req_list,If the (request->length > musb_ep->packet_sz)
and (is_buffer_mapped(req) return false),the rxstate() will copy all data
in fifo to request->buf which may cause request->buf out of bounds.
Fix it by add the length check :
fifocnt = min_t(unsigned, request->length - request->actual, fifocnt);
Signed-off-by: Robin Guo <guoweibin@inspur.com>
Link: https://lore.kernel.org/r/20220906102119.1b071d07a8391ff115e6d1ef@inspur.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/musb/musb_gadget.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/usb/musb/musb_gadget.c b/drivers/usb/musb/musb_gadget.c
index fb806b33178a..c273eee35aaa 100644
--- a/drivers/usb/musb/musb_gadget.c
+++ b/drivers/usb/musb/musb_gadget.c
@@ -760,6 +760,9 @@ static void rxstate(struct musb *musb, struct musb_request *req)
musb_writew(epio, MUSB_RXCSR, csr);
buffer_aint_mapped:
+ fifo_count = min_t(unsigned int,
+ request->length - request->actual,
+ (unsigned int)fifo_count);
musb_read_fifo(musb_ep->hw_ep, fifo_count, (u8 *)
(request->buf + request->actual));
request->actual += fifo_count;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 370/390] Revert "usb: storage: Add quirk for Samsung Fit flash"
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (368 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 369/390] usb: musb: Fix musb_gadget.c rxstate overflow bug Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 371/390] staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() Greg Kroah-Hartman
` (25 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, sunghwan jung, Sasha Levin
From: sunghwan jung <onenowy@gmail.com>
[ Upstream commit ad5dbfc123e6ffbbde194e2a4603323e09f741ee ]
This reverts commit 86d92f5465958752481269348d474414dccb1552,
which fix the timeout issue for "Samsung Fit Flash".
But the commit affects not only "Samsung Fit Flash" but also other usb
storages that use the same controller and causes severe performance
regression.
# hdparm -t /dev/sda (without the quirk)
Timing buffered disk reads: 622 MB in 3.01 seconds = 206.66 MB/sec
# hdparm -t /dev/sda (with the quirk)
Timing buffered disk reads: 220 MB in 3.00 seconds = 73.32 MB/sec
The commit author mentioned that "Issue was reproduced after device has
bad block", so this quirk should be applied when we have the timeout
issue with a device that has bad blocks.
We revert the commit so that we apply this quirk by adding kernel
paramters using a bootloader or other ways when we really need it,
without the performance regression with devices that don't have the
issue.
Signed-off-by: sunghwan jung <onenowy@gmail.com>
Link: https://lore.kernel.org/r/20220913114913.3073-1-onenowy@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/storage/unusual_devs.h | 6 ------
1 file changed, 6 deletions(-)
diff --git a/drivers/usb/storage/unusual_devs.h b/drivers/usb/storage/unusual_devs.h
index 4993227ab293..20dcbccb290b 100644
--- a/drivers/usb/storage/unusual_devs.h
+++ b/drivers/usb/storage/unusual_devs.h
@@ -1275,12 +1275,6 @@ UNUSUAL_DEV( 0x090a, 0x1200, 0x0000, 0x9999,
USB_SC_RBC, USB_PR_BULK, NULL,
0 ),
-UNUSUAL_DEV(0x090c, 0x1000, 0x1100, 0x1100,
- "Samsung",
- "Flash Drive FIT",
- USB_SC_DEVICE, USB_PR_DEVICE, NULL,
- US_FL_MAX_SECTORS_64),
-
/* aeb */
UNUSUAL_DEV( 0x090c, 0x1132, 0x0000, 0xffff,
"Feiya",
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 371/390] staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (369 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 370/390] Revert "usb: storage: Add quirk for Samsung Fit flash" Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 372/390] nvme: copy firmware_rev on each init Greg Kroah-Hartman
` (24 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xiaoke Wang, Sasha Levin
From: Xiaoke Wang <xkernel.wang@foxmail.com>
[ Upstream commit 708056fba733a73d926772ea4ce9a42d240345da ]
In rtw_init_cmd_priv(), if `pcmdpriv->rsp_allocated_buf` is allocated
in failure, then `pcmdpriv->cmd_allocated_buf` will be not properly
released. Besides, considering there are only two error paths and the
first one can directly return, so we do not need implicitly jump to the
`exit` tag to execute the error handler.
So this patch added `kfree(pcmdpriv->cmd_allocated_buf);` on the error
path to release the resource and simplified the return logic of
rtw_init_cmd_priv(). As there is no proper device to test with, no runtime
testing was performed.
Signed-off-by: Xiaoke Wang <xkernel.wang@foxmail.com>
Link: https://lore.kernel.org/r/tencent_2B7931B79BA38E22205C5A09EFDF11E48805@qq.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8723bs/core/rtw_cmd.c | 16 ++++++----------
1 file changed, 6 insertions(+), 10 deletions(-)
diff --git a/drivers/staging/rtl8723bs/core/rtw_cmd.c b/drivers/staging/rtl8723bs/core/rtw_cmd.c
index 2abe205e3453..cee05385f872 100644
--- a/drivers/staging/rtl8723bs/core/rtw_cmd.c
+++ b/drivers/staging/rtl8723bs/core/rtw_cmd.c
@@ -165,8 +165,6 @@ No irqsave is necessary.
int rtw_init_cmd_priv(struct cmd_priv *pcmdpriv)
{
- int res = 0;
-
init_completion(&pcmdpriv->cmd_queue_comp);
init_completion(&pcmdpriv->terminate_cmdthread_comp);
@@ -178,18 +176,16 @@ int rtw_init_cmd_priv(struct cmd_priv *pcmdpriv)
pcmdpriv->cmd_allocated_buf = rtw_zmalloc(MAX_CMDSZ + CMDBUFF_ALIGN_SZ);
- if (!pcmdpriv->cmd_allocated_buf) {
- res = -ENOMEM;
- goto exit;
- }
+ if (!pcmdpriv->cmd_allocated_buf)
+ return -ENOMEM;
pcmdpriv->cmd_buf = pcmdpriv->cmd_allocated_buf + CMDBUFF_ALIGN_SZ - ((SIZE_PTR)(pcmdpriv->cmd_allocated_buf) & (CMDBUFF_ALIGN_SZ-1));
pcmdpriv->rsp_allocated_buf = rtw_zmalloc(MAX_RSPSZ + 4);
if (!pcmdpriv->rsp_allocated_buf) {
- res = -ENOMEM;
- goto exit;
+ kfree(pcmdpriv->cmd_allocated_buf);
+ return -ENOMEM;
}
pcmdpriv->rsp_buf = pcmdpriv->rsp_allocated_buf + 4 - ((SIZE_PTR)(pcmdpriv->rsp_allocated_buf) & 3);
@@ -199,8 +195,8 @@ int rtw_init_cmd_priv(struct cmd_priv *pcmdpriv)
pcmdpriv->rsp_cnt = 0;
mutex_init(&pcmdpriv->sctx_mutex);
-exit:
- return res;
+
+ return 0;
}
static void c2h_wk_callback(_workitem * work);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 372/390] nvme: copy firmware_rev on each init
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (370 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 371/390] staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 373/390] nvmet-tcp: add bounds check on Transfer Tag Greg Kroah-Hartman
` (23 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jeff Lien, Keith Busch,
Sagi Grimberg, Chaitanya Kulkarni, Chao Leng, Christoph Hellwig,
Sasha Levin
From: Keith Busch <kbusch@kernel.org>
[ Upstream commit a8eb6c1ba48bddea82e8d74cbe6e119f006be97d ]
The firmware revision can change on after a reset so copy the most
recent info each time instead of just the first time, otherwise the
sysfs firmware_rev entry may contain stale data.
Reported-by: Jeff Lien <jeff.lien@wdc.com>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Reviewed-by: Chao Leng <lengchao@huawei.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index 265d9199b657..e9c13804760e 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -2949,7 +2949,6 @@ static int nvme_init_subsystem(struct nvme_ctrl *ctrl, struct nvme_id_ctrl *id)
nvme_init_subnqn(subsys, ctrl, id);
memcpy(subsys->serial, id->sn, sizeof(subsys->serial));
memcpy(subsys->model, id->mn, sizeof(subsys->model));
- memcpy(subsys->firmware_rev, id->fr, sizeof(subsys->firmware_rev));
subsys->vendor_id = le16_to_cpu(id->vid);
subsys->cmic = id->cmic;
subsys->awupf = le16_to_cpu(id->awupf);
@@ -3110,6 +3109,8 @@ int nvme_init_identify(struct nvme_ctrl *ctrl)
ctrl->quirks |= core_quirks[i].quirks;
}
}
+ memcpy(ctrl->subsys->firmware_rev, id->fr,
+ sizeof(ctrl->subsys->firmware_rev));
if (force_apst && (ctrl->quirks & NVME_QUIRK_NO_DEEPEST_PS)) {
dev_warn(ctrl->device, "forcibly allowing all power states due to nvme_core.force_apst -- use at your own risk\n");
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 373/390] nvmet-tcp: add bounds check on Transfer Tag
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (371 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 372/390] nvme: copy firmware_rev on each init Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 374/390] usb: idmouse: fix an uninit-value in idmouse_open Greg Kroah-Hartman
` (22 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Varun Prakash, Sagi Grimberg,
Christoph Hellwig, Sasha Levin
From: Varun Prakash <varun@chelsio.com>
[ Upstream commit b6a545ffa2c192b1e6da4a7924edac5ba9f4ea2b ]
ttag is used as an index to get cmd in nvmet_tcp_handle_h2c_data_pdu(),
add a bounds check to avoid out-of-bounds access.
Signed-off-by: Varun Prakash <varun@chelsio.com>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/target/tcp.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/nvme/target/tcp.c b/drivers/nvme/target/tcp.c
index e3e35b9bd684..2ddbd4f4f628 100644
--- a/drivers/nvme/target/tcp.c
+++ b/drivers/nvme/target/tcp.c
@@ -922,10 +922,17 @@ static int nvmet_tcp_handle_h2c_data_pdu(struct nvmet_tcp_queue *queue)
struct nvme_tcp_data_pdu *data = &queue->pdu.data;
struct nvmet_tcp_cmd *cmd;
- if (likely(queue->nr_cmds))
+ if (likely(queue->nr_cmds)) {
+ if (unlikely(data->ttag >= queue->nr_cmds)) {
+ pr_err("queue %d: received out of bound ttag %u, nr_cmds %u\n",
+ queue->idx, data->ttag, queue->nr_cmds);
+ nvmet_tcp_fatal_error(queue);
+ return -EPROTO;
+ }
cmd = &queue->cmds[data->ttag];
- else
+ } else {
cmd = &queue->connect;
+ }
if (le32_to_cpu(data->data_offset) != cmd->rbytes_done) {
pr_err("ttag %u unexpected data offset %u (expected %u)\n",
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 374/390] usb: idmouse: fix an uninit-value in idmouse_open
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (372 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 373/390] nvmet-tcp: add bounds check on Transfer Tag Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 375/390] clk: bcm2835: Make peripheral PLLC critical Greg Kroah-Hartman
` (21 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+79832d33eb89fb3cd092,
Dongliang Mu, Sasha Levin
From: Dongliang Mu <mudongliangabcd@gmail.com>
[ Upstream commit bce2b0539933e485d22d6f6f076c0fcd6f185c4c ]
In idmouse_create_image, if any ftip_command fails, it will
go to the reset label. However, this leads to the data in
bulk_in_buffer[HEADER..IMGSIZE] uninitialized. And the check
for valid image incurs an uninitialized dereference.
Fix this by moving the check before reset label since this
check only be valid if the data after bulk_in_buffer[HEADER]
has concrete data.
Note that this is found by KMSAN, so only kernel compilation
is tested.
Reported-by: syzbot+79832d33eb89fb3cd092@syzkaller.appspotmail.com
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Link: https://lore.kernel.org/r/20220922134847.1101921-1-dzm91@hust.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/misc/idmouse.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/usb/misc/idmouse.c b/drivers/usb/misc/idmouse.c
index e9437a176518..ea39243efee3 100644
--- a/drivers/usb/misc/idmouse.c
+++ b/drivers/usb/misc/idmouse.c
@@ -177,10 +177,6 @@ static int idmouse_create_image(struct usb_idmouse *dev)
bytes_read += bulk_read;
}
- /* reset the device */
-reset:
- ftip_command(dev, FTIP_RELEASE, 0, 0);
-
/* check for valid image */
/* right border should be black (0x00) */
for (bytes_read = sizeof(HEADER)-1 + WIDTH-1; bytes_read < IMGSIZE; bytes_read += WIDTH)
@@ -192,6 +188,10 @@ static int idmouse_create_image(struct usb_idmouse *dev)
if (dev->bulk_in_buffer[bytes_read] != 0xFF)
return -EAGAIN;
+ /* reset the device */
+reset:
+ ftip_command(dev, FTIP_RELEASE, 0, 0);
+
/* should be IMGSIZE == 65040 */
dev_dbg(&dev->interface->dev, "read %d bytes fingerprint data\n",
bytes_read);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 375/390] clk: bcm2835: Make peripheral PLLC critical
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (373 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 374/390] usb: idmouse: fix an uninit-value in idmouse_open Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 376/390] perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc Greg Kroah-Hartman
` (20 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Noralf Trønnes, Maxime Ripard,
Stefan Wahren, Stephen Boyd, Sasha Levin
From: Maxime Ripard <maxime@cerno.tech>
[ Upstream commit 6c5422851d8be8c7451e968fd2e6da41b6109e17 ]
When testing for a series affecting the VEC, it was discovered that
turning off and on the VEC clock is crashing the system.
It turns out that, when disabling the VEC clock, it's the only child of
the PLLC-per clock which will also get disabled. The source of the crash
is PLLC-per being disabled.
It's likely that some other device might not take a clock reference that
it actually needs, but it's unclear which at this point. Let's make
PLLC-per critical so that we don't have that crash.
Reported-by: Noralf Trønnes <noralf@tronnes.org>
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Link: https://lore.kernel.org/r/20220926084509.12233-1-maxime@cerno.tech
Reviewed-by: Stefan Wahren <stefan.wahren@i2se.com>
Acked-by: Noralf Trønnes <noralf@tronnes.org>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/bcm/clk-bcm2835.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/bcm/clk-bcm2835.c b/drivers/clk/bcm/clk-bcm2835.c
index f306b959297d..b7f89873fcf5 100644
--- a/drivers/clk/bcm/clk-bcm2835.c
+++ b/drivers/clk/bcm/clk-bcm2835.c
@@ -1786,7 +1786,7 @@ static const struct bcm2835_clk_desc clk_desc_array[] = {
.load_mask = CM_PLLC_LOADPER,
.hold_mask = CM_PLLC_HOLDPER,
.fixed_divider = 1,
- .flags = CLK_SET_RATE_PARENT),
+ .flags = CLK_IS_CRITICAL | CLK_SET_RATE_PARENT),
/*
* PLLD is the display PLL, used to drive DSI display panels.
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 376/390] perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (374 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 375/390] clk: bcm2835: Make peripheral PLLC critical Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 377/390] arm64: topology: fix possible overflow in amu_fie_setup() Greg Kroah-Hartman
` (19 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adrian Hunter, Namhyung Kim,
Ian Rogers, Jiri Olsa, Arnaldo Carvalho de Melo
From: Adrian Hunter <adrian.hunter@intel.com>
commit 5a3d47071f0ced0431ef82a5fb6bd077ed9493db upstream.
uClibc segfaulted because NULL was passed as the format to fprintf().
That happened because one of the format strings was missing and
intel_pt_print_info() didn't check that before calling fprintf().
Add the missing format string, and check format is not NULL before calling
fprintf().
Fixes: 11fa7cb86b56d361 ("perf tools: Pass Intel PT information for decoding MTC and CYC")
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Acked-by: Namhyung Kim <namhyung@kernel.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20221012082259.22394-2-adrian.hunter@intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/util/intel-pt.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/tools/perf/util/intel-pt.c
+++ b/tools/perf/util/intel-pt.c
@@ -3279,6 +3279,7 @@ static const char * const intel_pt_info_
[INTEL_PT_SNAPSHOT_MODE] = " Snapshot mode %"PRId64"\n",
[INTEL_PT_PER_CPU_MMAPS] = " Per-cpu maps %"PRId64"\n",
[INTEL_PT_MTC_BIT] = " MTC bit %#"PRIx64"\n",
+ [INTEL_PT_MTC_FREQ_BITS] = " MTC freq bits %#"PRIx64"\n",
[INTEL_PT_TSC_CTC_N] = " TSC:CTC numerator %"PRIu64"\n",
[INTEL_PT_TSC_CTC_D] = " TSC:CTC denominator %"PRIu64"\n",
[INTEL_PT_CYC_BIT] = " CYC bit %#"PRIx64"\n",
@@ -3293,8 +3294,12 @@ static void intel_pt_print_info(__u64 *a
if (!dump_trace)
return;
- for (i = start; i <= finish; i++)
- fprintf(stdout, intel_pt_info_fmts[i], arr[i]);
+ for (i = start; i <= finish; i++) {
+ const char *fmt = intel_pt_info_fmts[i];
+
+ if (fmt)
+ fprintf(stdout, fmt, arr[i]);
+ }
}
static void intel_pt_print_info_str(const char *name, const char *str)
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 377/390] arm64: topology: fix possible overflow in amu_fie_setup()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (375 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 376/390] perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 378/390] io_uring: correct pinned_vm accounting Greg Kroah-Hartman
` (18 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Sergey Shtylyov, Will Deacon
From: Sergey Shtylyov <s.shtylyov@omp.ru>
commit d4955c0ad77dbc684fc716387070ac24801b8bca upstream.
cpufreq_get_hw_max_freq() returns max frequency in kHz as *unsigned int*,
while freq_inv_set_max_ratio() gets passed this frequency in Hz as 'u64'.
Multiplying max frequency by 1000 can potentially result in overflow --
multiplying by 1000ULL instead should avoid that...
Found by Linux Verification Center (linuxtesting.org) with the SVACE static
analysis tool.
Fixes: cd0ed03a8903 ("arm64: use activity monitors for frequency invariance")
Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Link: https://lore.kernel.org/r/01493d64-2bce-d968-86dc-11a122a9c07d@omp.ru
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/topology.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm64/kernel/topology.c
+++ b/arch/arm64/kernel/topology.c
@@ -158,7 +158,7 @@ static int validate_cpu_freq_invariance_
}
/* Convert maximum frequency from KHz to Hz and validate */
- max_freq_hz = cpufreq_get_hw_max_freq(cpu) * 1000;
+ max_freq_hz = cpufreq_get_hw_max_freq(cpu) * 1000ULL;
if (unlikely(!max_freq_hz)) {
pr_debug("CPU%d: invalid maximum frequency.\n", cpu);
return -EINVAL;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 378/390] io_uring: correct pinned_vm accounting
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (376 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 377/390] arm64: topology: fix possible overflow in amu_fie_setup() Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 379/390] io_uring/af_unix: defer registered files gc to io_uring release Greg Kroah-Hartman
` (17 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Greg Kroah-Hartman, Stable, Pavel Begunkov, Jens Axboe
From: Pavel Begunkov <asml.silence@gmail.com>
[ upstream commit 42b6419d0aba47c5d8644cdc0b68502254671de5 ]
->mm_account should be released only after we free all registered
buffers, otherwise __io_sqe_buffers_unregister() will see a NULL
->mm_account and skip locked_vm accounting.
Cc: <Stable@vger.kernel.org>
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/6d798f65ed4ab8db3664c4d3397d4af16ca98846.1664849932.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/io_uring.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -8436,8 +8436,6 @@ static void io_ring_ctx_free(struct io_r
if (ctx->sqo_task) {
put_task_struct(ctx->sqo_task);
ctx->sqo_task = NULL;
- mmdrop(ctx->mm_account);
- ctx->mm_account = NULL;
}
#ifdef CONFIG_BLK_CGROUP
@@ -8456,6 +8454,11 @@ static void io_ring_ctx_free(struct io_r
}
#endif
+ if (ctx->mm_account) {
+ mmdrop(ctx->mm_account);
+ ctx->mm_account = NULL;
+ }
+
io_mem_free(ctx->rings);
io_mem_free(ctx->sq_sqes);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 379/390] io_uring/af_unix: defer registered files gc to io_uring release
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (377 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 378/390] io_uring: correct pinned_vm accounting Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 380/390] mm: hugetlb: fix UAF in hugetlb_handle_userfault Greg Kroah-Hartman
` (16 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Greg Kroah-Hartman, Pavel Begunkov,
Thadeu Lima de Souza Cascardo, Jens Axboe, David Bouman
From: Pavel Begunkov <asml.silence@gmail.com>
[ upstream commit 0091bfc81741b8d3aeb3b7ab8636f911b2de6e80 ]
Instead of putting io_uring's registered files in unix_gc() we want it
to be done by io_uring itself. The trick here is to consider io_uring
registered files for cycle detection but not actually putting them down.
Because io_uring can't register other ring instances, this will remove
all refs to the ring file triggering the ->release path and clean up
with io_ring_ctx_free().
Cc: stable@vger.kernel.org
Fixes: 6b06314c47e1 ("io_uring: add file set registration")
Reported-and-tested-by: David Bouman <dbouman03@gmail.com>
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
[axboe: add kerneldoc comment to skb, fold in skb leak fix]
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/io_uring.c | 1 +
include/linux/skbuff.h | 2 ++
net/unix/garbage.c | 20 ++++++++++++++++++++
3 files changed, 23 insertions(+)
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -7301,6 +7301,7 @@ static int __io_sqe_files_scm(struct io_
}
skb->sk = sk;
+ skb->scm_io_uring = 1;
nr_files = 0;
fpl->user = get_uid(ctx->user);
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -681,6 +681,7 @@ typedef unsigned char *sk_buff_data_t;
* @csum_level: indicates the number of consecutive checksums found in
* the packet minus one that have been verified as
* CHECKSUM_UNNECESSARY (max 3)
+ * @scm_io_uring: SKB holds io_uring registered files
* @dst_pending_confirm: need to confirm neighbour
* @decrypted: Decrypted SKB
* @napi_id: id of the NAPI struct this skb came from
@@ -858,6 +859,7 @@ struct sk_buff {
#ifdef CONFIG_TLS_DEVICE
__u8 decrypted:1;
#endif
+ __u8 scm_io_uring:1;
#ifdef CONFIG_NET_SCHED
__u16 tc_index; /* traffic control index */
--- a/net/unix/garbage.c
+++ b/net/unix/garbage.c
@@ -204,6 +204,7 @@ void wait_for_unix_gc(void)
/* The external entry point: unix_gc() */
void unix_gc(void)
{
+ struct sk_buff *next_skb, *skb;
struct unix_sock *u;
struct unix_sock *next;
struct sk_buff_head hitlist;
@@ -297,11 +298,30 @@ void unix_gc(void)
spin_unlock(&unix_gc_lock);
+ /* We need io_uring to clean its registered files, ignore all io_uring
+ * originated skbs. It's fine as io_uring doesn't keep references to
+ * other io_uring instances and so killing all other files in the cycle
+ * will put all io_uring references forcing it to go through normal
+ * release.path eventually putting registered files.
+ */
+ skb_queue_walk_safe(&hitlist, skb, next_skb) {
+ if (skb->scm_io_uring) {
+ __skb_unlink(skb, &hitlist);
+ skb_queue_tail(&skb->sk->sk_receive_queue, skb);
+ }
+ }
+
/* Here we are. Hitlist is filled. Die. */
__skb_queue_purge(&hitlist);
spin_lock(&unix_gc_lock);
+ /* There could be io_uring registered files, just push them back to
+ * the inflight list
+ */
+ list_for_each_entry_safe(u, next, &gc_candidates, link)
+ list_move_tail(&u->link, &gc_inflight_list);
+
/* All candidates should have been detached by now. */
BUG_ON(!list_empty(&gc_candidates));
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 380/390] mm: hugetlb: fix UAF in hugetlb_handle_userfault
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (378 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 379/390] io_uring/af_unix: defer registered files gc to io_uring release Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 381/390] net: ieee802154: return -EINVAL for unknown addr type Greg Kroah-Hartman
` (15 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liu Shixin, Kefeng Wang,
syzbot+193f9cee8638750b23cf, Liu Zixian, Mike Kravetz,
David Hildenbrand, John Hubbard, Muchun Song, Sidhartha Kumar,
Andrew Morton
From: Liu Shixin <liushixin2@huawei.com>
commit 958f32ce832ba781ac20e11bb2d12a9352ea28fc upstream.
The vma_lock and hugetlb_fault_mutex are dropped before handling userfault
and reacquire them again after handle_userfault(), but reacquire the
vma_lock could lead to UAF[1,2] due to the following race,
hugetlb_fault
hugetlb_no_page
/*unlock vma_lock */
hugetlb_handle_userfault
handle_userfault
/* unlock mm->mmap_lock*/
vm_mmap_pgoff
do_mmap
mmap_region
munmap_vma_range
/* clean old vma */
/* lock vma_lock again <--- UAF */
/* unlock vma_lock */
Since the vma_lock will unlock immediately after
hugetlb_handle_userfault(), let's drop the unneeded lock and unlock in
hugetlb_handle_userfault() to fix the issue.
[1] https://lore.kernel.org/linux-mm/000000000000d5e00a05e834962e@google.com/
[2] https://lore.kernel.org/linux-mm/20220921014457.1668-1-liuzixian4@huawei.com/
Link: https://lkml.kernel.org/r/20220923042113.137273-1-liushixin2@huawei.com
Fixes: 1a1aad8a9b7b ("userfaultfd: hugetlbfs: add userfaultfd hugetlb hook")
Signed-off-by: Liu Shixin <liushixin2@huawei.com>
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Reported-by: syzbot+193f9cee8638750b23cf@syzkaller.appspotmail.com
Reported-by: Liu Zixian <liuzixian4@huawei.com>
Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: John Hubbard <jhubbard@nvidia.com>
Cc: Muchun Song <songmuchun@bytedance.com>
Cc: Sidhartha Kumar <sidhartha.kumar@oracle.com>
Cc: <stable@vger.kernel.org> [4.14+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/hugetlb.c | 29 +++++++++++++++--------------
1 file changed, 15 insertions(+), 14 deletions(-)
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -4337,6 +4337,7 @@ static vm_fault_t hugetlb_no_page(struct
spinlock_t *ptl;
unsigned long haddr = address & huge_page_mask(h);
bool new_page = false;
+ u32 hash = hugetlb_fault_mutex_hash(mapping, idx);
/*
* Currently, we are forced to kill the process in the event the
@@ -4346,7 +4347,7 @@ static vm_fault_t hugetlb_no_page(struct
if (is_vma_resv_set(vma, HPAGE_RESV_UNMAPPED)) {
pr_warn_ratelimited("PID %d killed due to inadequate hugepage pool\n",
current->pid);
- return ret;
+ goto out;
}
/*
@@ -4365,7 +4366,6 @@ retry:
* Check for page in userfault range
*/
if (userfaultfd_missing(vma)) {
- u32 hash;
struct vm_fault vmf = {
.vma = vma,
.address = haddr,
@@ -4380,17 +4380,14 @@ retry:
};
/*
- * hugetlb_fault_mutex and i_mmap_rwsem must be
- * dropped before handling userfault. Reacquire
- * after handling fault to make calling code simpler.
+ * vma_lock and hugetlb_fault_mutex must be dropped
+ * before handling userfault. Also mmap_lock will
+ * be dropped during handling userfault, any vma
+ * operation should be careful from here.
*/
- hash = hugetlb_fault_mutex_hash(mapping, idx);
mutex_unlock(&hugetlb_fault_mutex_table[hash]);
i_mmap_unlock_read(mapping);
- ret = handle_userfault(&vmf, VM_UFFD_MISSING);
- i_mmap_lock_read(mapping);
- mutex_lock(&hugetlb_fault_mutex_table[hash]);
- goto out;
+ return handle_userfault(&vmf, VM_UFFD_MISSING);
}
page = alloc_huge_page(vma, haddr, 0);
@@ -4497,6 +4494,8 @@ retry:
unlock_page(page);
out:
+ mutex_unlock(&hugetlb_fault_mutex_table[hash]);
+ i_mmap_unlock_read(mapping);
return ret;
backout:
@@ -4592,10 +4591,12 @@ vm_fault_t hugetlb_fault(struct mm_struc
mutex_lock(&hugetlb_fault_mutex_table[hash]);
entry = huge_ptep_get(ptep);
- if (huge_pte_none(entry)) {
- ret = hugetlb_no_page(mm, vma, mapping, idx, address, ptep, flags);
- goto out_mutex;
- }
+ if (huge_pte_none(entry))
+ /*
+ * hugetlb_no_page will drop vma lock and hugetlb fault
+ * mutex internally, which make us return immediately.
+ */
+ return hugetlb_no_page(mm, vma, mapping, idx, address, ptep, flags);
ret = 0;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 381/390] net: ieee802154: return -EINVAL for unknown addr type
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (379 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 380/390] mm: hugetlb: fix UAF in hugetlb_handle_userfault Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 382/390] Revert "net/ieee802154: reject zero-sized raw_sendmsg()" Greg Kroah-Hartman
` (14 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexander Aring, David S. Miller
From: Alexander Aring <aahringo@redhat.com>
commit 30393181fdbc1608cc683b4ee99dcce05ffcc8c7 upstream.
This patch adds handling to return -EINVAL for an unknown addr type. The
current behaviour is to return 0 as successful but the size of an
unknown addr type is not defined and should return an error like -EINVAL.
Fixes: 94160108a70c ("net/ieee802154: fix uninit value bug in dgram_sendmsg")
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/ieee802154_netdev.h | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
--- a/include/net/ieee802154_netdev.h
+++ b/include/net/ieee802154_netdev.h
@@ -185,21 +185,27 @@ static inline int
ieee802154_sockaddr_check_size(struct sockaddr_ieee802154 *daddr, int len)
{
struct ieee802154_addr_sa *sa;
+ int ret = 0;
sa = &daddr->addr;
if (len < IEEE802154_MIN_NAMELEN)
return -EINVAL;
switch (sa->addr_type) {
+ case IEEE802154_ADDR_NONE:
+ break;
case IEEE802154_ADDR_SHORT:
if (len < IEEE802154_NAMELEN_SHORT)
- return -EINVAL;
+ ret = -EINVAL;
break;
case IEEE802154_ADDR_LONG:
if (len < IEEE802154_NAMELEN_LONG)
- return -EINVAL;
+ ret = -EINVAL;
+ break;
+ default:
+ ret = -EINVAL;
break;
}
- return 0;
+ return ret;
}
static inline void ieee802154_addr_from_sa(struct ieee802154_addr *a,
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 382/390] Revert "net/ieee802154: reject zero-sized raw_sendmsg()"
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (380 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 381/390] net: ieee802154: return -EINVAL for unknown addr type Greg Kroah-Hartman
@ 2022-10-24 11:32 ` Greg Kroah-Hartman
2022-10-24 11:33 ` [PATCH 5.10 383/390] net/ieee802154: dont warn zero-sized raw_sendmsg() Greg Kroah-Hartman
` (13 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Aring, Stefan Schmidt, Sasha Levin
From: Alexander Aring <aahringo@redhat.com>
[ Upstream commit 2eb2756f6c9e9621e022d78321ce40a62c4520b5 ]
This reverts commit 3a4d061c699bd3eedc80dc97a4b2a2e1af83c6f5.
There is a v2 which does return zero if zero length is given.
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20221005014750.3685555-1-aahringo@redhat.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ieee802154/socket.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/net/ieee802154/socket.c b/net/ieee802154/socket.c
index d4c162d63634..7edec210780a 100644
--- a/net/ieee802154/socket.c
+++ b/net/ieee802154/socket.c
@@ -252,9 +252,6 @@ static int raw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
return -EOPNOTSUPP;
}
- if (!size)
- return -EINVAL;
-
lock_sock(sk);
if (!sk->sk_bound_dev_if)
dev = dev_getfirstbyhwtype(sock_net(sk), ARPHRD_IEEE802154);
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 383/390] net/ieee802154: dont warn zero-sized raw_sendmsg()
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (381 preceding siblings ...)
2022-10-24 11:32 ` [PATCH 5.10 382/390] Revert "net/ieee802154: reject zero-sized raw_sendmsg()" Greg Kroah-Hartman
@ 2022-10-24 11:33 ` Greg Kroah-Hartman
2022-10-24 11:33 ` [PATCH 5.10 384/390] Revert "drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega" Greg Kroah-Hartman
` (12 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot, Tetsuo Handa,
Alexander Aring, Stefan Schmidt, Sasha Levin
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
[ Upstream commit b12e924a2f5b960373459c8f8a514f887adf5cac ]
syzbot is hitting skb_assert_len() warning at __dev_queue_xmit() [1],
for PF_IEEE802154 socket's zero-sized raw_sendmsg() request is hitting
__dev_queue_xmit() with skb->len == 0.
Since PF_IEEE802154 socket's zero-sized raw_sendmsg() request was
able to return 0, don't call __dev_queue_xmit() if packet length is 0.
----------
#include <sys/socket.h>
#include <netinet/in.h>
int main(int argc, char *argv[])
{
struct sockaddr_in addr = { .sin_family = AF_INET, .sin_addr.s_addr = htonl(INADDR_LOOPBACK) };
struct iovec iov = { };
struct msghdr hdr = { .msg_name = &addr, .msg_namelen = sizeof(addr), .msg_iov = &iov, .msg_iovlen = 1 };
sendmsg(socket(PF_IEEE802154, SOCK_RAW, 0), &hdr, 0);
return 0;
}
----------
Note that this might be a sign that commit fd1894224407c484 ("bpf: Don't
redirect packets with invalid pkt_len") should be reverted, for
skb->len == 0 was acceptable for at least PF_IEEE802154 socket.
Link: https://syzkaller.appspot.com/bug?extid=5ea725c25d06fb9114c4 [1]
Reported-by: syzbot <syzbot+5ea725c25d06fb9114c4@syzkaller.appspotmail.com>
Fixes: fd1894224407c484 ("bpf: Don't redirect packets with invalid pkt_len")
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20221005014750.3685555-2-aahringo@redhat.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ieee802154/socket.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/ieee802154/socket.c b/net/ieee802154/socket.c
index 7edec210780a..ecc0d5fbde04 100644
--- a/net/ieee802154/socket.c
+++ b/net/ieee802154/socket.c
@@ -273,6 +273,10 @@ static int raw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
err = -EMSGSIZE;
goto out_dev;
}
+ if (!size) {
+ err = 0;
+ goto out_dev;
+ }
hlen = LL_RESERVED_SPACE(dev);
tlen = dev->needed_tailroom;
--
2.35.1
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 5.10 384/390] Revert "drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega"
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (382 preceding siblings ...)
2022-10-24 11:33 ` [PATCH 5.10 383/390] net/ieee802154: dont warn zero-sized raw_sendmsg() Greg Kroah-Hartman
@ 2022-10-24 11:33 ` Greg Kroah-Hartman
2022-10-25 9:02 ` Salvatore Bonaccorso
2022-10-24 11:33 ` [PATCH 5.10 385/390] Revert "drm/amdgpu: use dirty framebuffer helper" Greg Kroah-Hartman
` (11 subsequent siblings)
395 siblings, 1 reply; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:33 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Shuah Khan
From: Shuah Khan <skhan@linuxfoundation.org>
This reverts commit 9f55f36f749a7608eeef57d7d72991a9bd557341 which is
commit e3163bc8ffdfdb405e10530b140135b2ee487f89 upstream.
This commit causes repeated WARN_ONs from
drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amd
gpu_dm.c:7391 amdgpu_dm_atomic_commit_tail+0x23b9/0x2430 [amdgpu]
dmesg fills up with the following messages and drm initialization takes
a very long time.
Cc: <stable@vger.kernel.org> # 5.10
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 5 -----
drivers/gpu/drm/amd/amdgpu/soc15.c | 25 +++++++++++++++++++++++++
2 files changed, 25 insertions(+), 5 deletions(-)
--- a/drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c
@@ -1475,11 +1475,6 @@ static int sdma_v4_0_start(struct amdgpu
WREG32_SDMA(i, mmSDMA0_CNTL, temp);
if (!amdgpu_sriov_vf(adev)) {
- ring = &adev->sdma.instance[i].ring;
- adev->nbio.funcs->sdma_doorbell_range(adev, i,
- ring->use_doorbell, ring->doorbell_index,
- adev->doorbell_index.sdma_doorbell_range);
-
/* unhalt engine */
temp = RREG32_SDMA(i, mmSDMA0_F32_CNTL);
temp = REG_SET_FIELD(temp, SDMA0_F32_CNTL, HALT, 0);
--- a/drivers/gpu/drm/amd/amdgpu/soc15.c
+++ b/drivers/gpu/drm/amd/amdgpu/soc15.c
@@ -1332,6 +1332,25 @@ static int soc15_common_sw_fini(void *ha
return 0;
}
+static void soc15_doorbell_range_init(struct amdgpu_device *adev)
+{
+ int i;
+ struct amdgpu_ring *ring;
+
+ /* sdma/ih doorbell range are programed by hypervisor */
+ if (!amdgpu_sriov_vf(adev)) {
+ for (i = 0; i < adev->sdma.num_instances; i++) {
+ ring = &adev->sdma.instance[i].ring;
+ adev->nbio.funcs->sdma_doorbell_range(adev, i,
+ ring->use_doorbell, ring->doorbell_index,
+ adev->doorbell_index.sdma_doorbell_range);
+ }
+
+ adev->nbio.funcs->ih_doorbell_range(adev, adev->irq.ih.use_doorbell,
+ adev->irq.ih.doorbell_index);
+ }
+}
+
static int soc15_common_hw_init(void *handle)
{
struct amdgpu_device *adev = (struct amdgpu_device *)handle;
@@ -1351,6 +1370,12 @@ static int soc15_common_hw_init(void *ha
/* enable the doorbell aperture */
soc15_enable_doorbell_aperture(adev, true);
+ /* HW doorbell routing policy: doorbell writing not
+ * in SDMA/IH/MM/ACV range will be routed to CP. So
+ * we need to init SDMA/IH/MM/ACV doorbell range prior
+ * to CP ip block init and ring test.
+ */
+ soc15_doorbell_range_init(adev);
return 0;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 385/390] Revert "drm/amdgpu: use dirty framebuffer helper"
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (383 preceding siblings ...)
2022-10-24 11:33 ` [PATCH 5.10 384/390] Revert "drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega" Greg Kroah-Hartman
@ 2022-10-24 11:33 ` Greg Kroah-Hartman
2022-10-24 11:33 ` [PATCH 5.10 386/390] ext4: continue to expand file system when the target size doesnt reach Greg Kroah-Hartman
` (10 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:33 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Shuah Khan
From: Shuah Khan <skhan@linuxfoundation.org>
This reverts commit 867b2b2b6802fb3995a0065fc39e0e7e20d8004d which is
commit 66f99628eb24409cb8feb5061f78283c8b65f820 upstream.
With this commit, dmesg fills up with the following messages and drm
initialization takes a very long time. This commit has bee reverted
from 5.4
[drm] Fence fallback timer expired on ring sdma0
[drm] Fence fallback timer expired on ring gfx
[drm] Fence fallback timer expired on ring sdma0
[drm] Fence fallback timer expired on ring gfx
[drm] Fence fallback timer expired on ring sdma0
[drm] Fence fallback timer expired on ring sdma0
[drm] Fence fallback timer expired on ring sdma0
[drm] Fence fallback timer expired on ring gfx
Cc: <stable@vger.kernel.org> # 5.10
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 2 --
1 file changed, 2 deletions(-)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_display.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_display.c
@@ -35,7 +35,6 @@
#include <linux/pci.h>
#include <linux/pm_runtime.h>
#include <drm/drm_crtc_helper.h>
-#include <drm/drm_damage_helper.h>
#include <drm/drm_edid.h>
#include <drm/drm_gem_framebuffer_helper.h>
#include <drm/drm_fb_helper.h>
@@ -499,7 +498,6 @@ bool amdgpu_display_ddc_probe(struct amd
static const struct drm_framebuffer_funcs amdgpu_fb_funcs = {
.destroy = drm_gem_fb_destroy,
.create_handle = drm_gem_fb_create_handle,
- .dirty = drm_atomic_helper_dirtyfb,
};
uint32_t amdgpu_display_supported_domains(struct amdgpu_device *adev,
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 386/390] ext4: continue to expand file system when the target size doesnt reach
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (384 preceding siblings ...)
2022-10-24 11:33 ` [PATCH 5.10 385/390] Revert "drm/amdgpu: use dirty framebuffer helper" Greg Kroah-Hartman
@ 2022-10-24 11:33 ` Greg Kroah-Hartman
2022-10-24 11:33 ` [PATCH 5.10 387/390] inet: fully convert sk->sk_rx_dst to RCU rules Greg Kroah-Hartman
` (9 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:33 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jerry Lee, Theodore Tso
From: Jerry Lee 李修賢 <jerrylee@qnap.com>
commit df3cb754d13d2cd5490db9b8d536311f8413a92e upstream.
When expanding a file system from (16TiB-2MiB) to 18TiB, the operation
exits early which leads to result inconsistency between resize2fs and
Ext4 kernel driver.
=== before ===
○ → resize2fs /dev/mapper/thin
resize2fs 1.45.5 (07-Jan-2020)
Filesystem at /dev/mapper/thin is mounted on /mnt/test; on-line resizing required
old_desc_blocks = 2048, new_desc_blocks = 2304
The filesystem on /dev/mapper/thin is now 4831837696 (4k) blocks long.
[ 865.186308] EXT4-fs (dm-5): mounted filesystem with ordered data mode. Opts: (null). Quota mode: none.
[ 912.091502] dm-4: detected capacity change from 34359738368 to 38654705664
[ 970.030550] dm-5: detected capacity change from 34359734272 to 38654701568
[ 1000.012751] EXT4-fs (dm-5): resizing filesystem from 4294966784 to 4831837696 blocks
[ 1000.012878] EXT4-fs (dm-5): resized filesystem to 4294967296
=== after ===
[ 129.104898] EXT4-fs (dm-5): mounted filesystem with ordered data mode. Opts: (null). Quota mode: none.
[ 143.773630] dm-4: detected capacity change from 34359738368 to 38654705664
[ 198.203246] dm-5: detected capacity change from 34359734272 to 38654701568
[ 207.918603] EXT4-fs (dm-5): resizing filesystem from 4294966784 to 4831837696 blocks
[ 207.918754] EXT4-fs (dm-5): resizing filesystem from 4294967296 to 4831837696 blocks
[ 207.918758] EXT4-fs (dm-5): Converting file system to meta_bg
[ 207.918790] EXT4-fs (dm-5): resizing filesystem from 4294967296 to 4831837696 blocks
[ 221.454050] EXT4-fs (dm-5): resized to 4658298880 blocks
[ 227.634613] EXT4-fs (dm-5): resized filesystem to 4831837696
Signed-off-by: Jerry Lee <jerrylee@qnap.com>
Link: https://lore.kernel.org/r/PU1PR04MB22635E739BD21150DC182AC6A18C9@PU1PR04MB2263.apcprd04.prod.outlook.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/resize.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/ext4/resize.c
+++ b/fs/ext4/resize.c
@@ -2068,7 +2068,7 @@ retry:
goto out;
}
- if (ext4_blocks_count(es) == n_blocks_count)
+ if (ext4_blocks_count(es) == n_blocks_count && n_blocks_count_retry == 0)
goto out;
err = ext4_alloc_flex_bg_array(sb, n_group + 1);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 387/390] inet: fully convert sk->sk_rx_dst to RCU rules
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (385 preceding siblings ...)
2022-10-24 11:33 ` [PATCH 5.10 386/390] ext4: continue to expand file system when the target size doesnt reach Greg Kroah-Hartman
@ 2022-10-24 11:33 ` Greg Kroah-Hartman
2022-10-24 11:33 ` [PATCH 5.10 388/390] thermal: intel_powerclamp: Use first online CPU as control_cpu Greg Kroah-Hartman
` (8 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Jakub Kicinski, Carlos Llamas
From: Eric Dumazet <edumazet@google.com>
commit 8f905c0e7354ef261360fb7535ea079b1082c105 upstream.
syzbot reported various issues around early demux,
one being included in this changelog [1]
sk->sk_rx_dst is using RCU protection without clearly
documenting it.
And following sequences in tcp_v4_do_rcv()/tcp_v6_do_rcv()
are not following standard RCU rules.
[a] dst_release(dst);
[b] sk->sk_rx_dst = NULL;
They look wrong because a delete operation of RCU protected
pointer is supposed to clear the pointer before
the call_rcu()/synchronize_rcu() guarding actual memory freeing.
In some cases indeed, dst could be freed before [b] is done.
We could cheat by clearing sk_rx_dst before calling
dst_release(), but this seems the right time to stick
to standard RCU annotations and debugging facilities.
[1]
BUG: KASAN: use-after-free in dst_check include/net/dst.h:470 [inline]
BUG: KASAN: use-after-free in tcp_v4_early_demux+0x95b/0x960 net/ipv4/tcp_ipv4.c:1792
Read of size 2 at addr ffff88807f1cb73a by task syz-executor.5/9204
CPU: 0 PID: 9204 Comm: syz-executor.5 Not tainted 5.16.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_address_description.constprop.0.cold+0x8d/0x320 mm/kasan/report.c:247
__kasan_report mm/kasan/report.c:433 [inline]
kasan_report.cold+0x83/0xdf mm/kasan/report.c:450
dst_check include/net/dst.h:470 [inline]
tcp_v4_early_demux+0x95b/0x960 net/ipv4/tcp_ipv4.c:1792
ip_rcv_finish_core.constprop.0+0x15de/0x1e80 net/ipv4/ip_input.c:340
ip_list_rcv_finish.constprop.0+0x1b2/0x6e0 net/ipv4/ip_input.c:583
ip_sublist_rcv net/ipv4/ip_input.c:609 [inline]
ip_list_rcv+0x34e/0x490 net/ipv4/ip_input.c:644
__netif_receive_skb_list_ptype net/core/dev.c:5508 [inline]
__netif_receive_skb_list_core+0x549/0x8e0 net/core/dev.c:5556
__netif_receive_skb_list net/core/dev.c:5608 [inline]
netif_receive_skb_list_internal+0x75e/0xd80 net/core/dev.c:5699
gro_normal_list net/core/dev.c:5853 [inline]
gro_normal_list net/core/dev.c:5849 [inline]
napi_complete_done+0x1f1/0x880 net/core/dev.c:6590
virtqueue_napi_complete drivers/net/virtio_net.c:339 [inline]
virtnet_poll+0xca2/0x11b0 drivers/net/virtio_net.c:1557
__napi_poll+0xaf/0x440 net/core/dev.c:7023
napi_poll net/core/dev.c:7090 [inline]
net_rx_action+0x801/0xb40 net/core/dev.c:7177
__do_softirq+0x29b/0x9c2 kernel/softirq.c:558
invoke_softirq kernel/softirq.c:432 [inline]
__irq_exit_rcu+0x123/0x180 kernel/softirq.c:637
irq_exit_rcu+0x5/0x20 kernel/softirq.c:649
common_interrupt+0x52/0xc0 arch/x86/kernel/irq.c:240
asm_common_interrupt+0x1e/0x40 arch/x86/include/asm/idtentry.h:629
RIP: 0033:0x7f5e972bfd57
Code: 39 d1 73 14 0f 1f 80 00 00 00 00 48 8b 50 f8 48 83 e8 08 48 39 ca 77 f3 48 39 c3 73 3e 48 89 13 48 8b 50 f8 48 89 38 49 8b 0e <48> 8b 3e 48 83 c3 08 48 83 c6 08 eb bc 48 39 d1 72 9e 48 39 d0 73
RSP: 002b:00007fff8a413210 EFLAGS: 00000283
RAX: 00007f5e97108990 RBX: 00007f5e97108338 RCX: ffffffff81d3aa45
RDX: ffffffff81d3aa45 RSI: 00007f5e97108340 RDI: ffffffff81d3aa45
RBP: 00007f5e97107eb8 R08: 00007f5e97108d88 R09: 0000000093c2e8d9
R10: 0000000000000000 R11: 0000000000000000 R12: 00007f5e97107eb0
R13: 00007f5e97108338 R14: 00007f5e97107ea8 R15: 0000000000000019
</TASK>
Allocated by task 13:
kasan_save_stack+0x1e/0x50 mm/kasan/common.c:38
kasan_set_track mm/kasan/common.c:46 [inline]
set_alloc_info mm/kasan/common.c:434 [inline]
__kasan_slab_alloc+0x90/0xc0 mm/kasan/common.c:467
kasan_slab_alloc include/linux/kasan.h:259 [inline]
slab_post_alloc_hook mm/slab.h:519 [inline]
slab_alloc_node mm/slub.c:3234 [inline]
slab_alloc mm/slub.c:3242 [inline]
kmem_cache_alloc+0x202/0x3a0 mm/slub.c:3247
dst_alloc+0x146/0x1f0 net/core/dst.c:92
rt_dst_alloc+0x73/0x430 net/ipv4/route.c:1613
ip_route_input_slow+0x1817/0x3a20 net/ipv4/route.c:2340
ip_route_input_rcu net/ipv4/route.c:2470 [inline]
ip_route_input_noref+0x116/0x2a0 net/ipv4/route.c:2415
ip_rcv_finish_core.constprop.0+0x288/0x1e80 net/ipv4/ip_input.c:354
ip_list_rcv_finish.constprop.0+0x1b2/0x6e0 net/ipv4/ip_input.c:583
ip_sublist_rcv net/ipv4/ip_input.c:609 [inline]
ip_list_rcv+0x34e/0x490 net/ipv4/ip_input.c:644
__netif_receive_skb_list_ptype net/core/dev.c:5508 [inline]
__netif_receive_skb_list_core+0x549/0x8e0 net/core/dev.c:5556
__netif_receive_skb_list net/core/dev.c:5608 [inline]
netif_receive_skb_list_internal+0x75e/0xd80 net/core/dev.c:5699
gro_normal_list net/core/dev.c:5853 [inline]
gro_normal_list net/core/dev.c:5849 [inline]
napi_complete_done+0x1f1/0x880 net/core/dev.c:6590
virtqueue_napi_complete drivers/net/virtio_net.c:339 [inline]
virtnet_poll+0xca2/0x11b0 drivers/net/virtio_net.c:1557
__napi_poll+0xaf/0x440 net/core/dev.c:7023
napi_poll net/core/dev.c:7090 [inline]
net_rx_action+0x801/0xb40 net/core/dev.c:7177
__do_softirq+0x29b/0x9c2 kernel/softirq.c:558
Freed by task 13:
kasan_save_stack+0x1e/0x50 mm/kasan/common.c:38
kasan_set_track+0x21/0x30 mm/kasan/common.c:46
kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370
____kasan_slab_free mm/kasan/common.c:366 [inline]
____kasan_slab_free mm/kasan/common.c:328 [inline]
__kasan_slab_free+0xff/0x130 mm/kasan/common.c:374
kasan_slab_free include/linux/kasan.h:235 [inline]
slab_free_hook mm/slub.c:1723 [inline]
slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1749
slab_free mm/slub.c:3513 [inline]
kmem_cache_free+0xbd/0x5d0 mm/slub.c:3530
dst_destroy+0x2d6/0x3f0 net/core/dst.c:127
rcu_do_batch kernel/rcu/tree.c:2506 [inline]
rcu_core+0x7ab/0x1470 kernel/rcu/tree.c:2741
__do_softirq+0x29b/0x9c2 kernel/softirq.c:558
Last potentially related work creation:
kasan_save_stack+0x1e/0x50 mm/kasan/common.c:38
__kasan_record_aux_stack+0xf5/0x120 mm/kasan/generic.c:348
__call_rcu kernel/rcu/tree.c:2985 [inline]
call_rcu+0xb1/0x740 kernel/rcu/tree.c:3065
dst_release net/core/dst.c:177 [inline]
dst_release+0x79/0xe0 net/core/dst.c:167
tcp_v4_do_rcv+0x612/0x8d0 net/ipv4/tcp_ipv4.c:1712
sk_backlog_rcv include/net/sock.h:1030 [inline]
__release_sock+0x134/0x3b0 net/core/sock.c:2768
release_sock+0x54/0x1b0 net/core/sock.c:3300
tcp_sendmsg+0x36/0x40 net/ipv4/tcp.c:1441
inet_sendmsg+0x99/0xe0 net/ipv4/af_inet.c:819
sock_sendmsg_nosec net/socket.c:704 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:724
sock_write_iter+0x289/0x3c0 net/socket.c:1057
call_write_iter include/linux/fs.h:2162 [inline]
new_sync_write+0x429/0x660 fs/read_write.c:503
vfs_write+0x7cd/0xae0 fs/read_write.c:590
ksys_write+0x1ee/0x250 fs/read_write.c:643
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
The buggy address belongs to the object at ffff88807f1cb700
which belongs to the cache ip_dst_cache of size 176
The buggy address is located 58 bytes inside of
176-byte region [ffff88807f1cb700, ffff88807f1cb7b0)
The buggy address belongs to the page:
page:ffffea0001fc72c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7f1cb
flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000200 dead000000000100 dead000000000122 ffff8881413bb780
raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 5, ts 108466983062, free_ts 108048976062
prep_new_page mm/page_alloc.c:2418 [inline]
get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
__alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
alloc_pages+0x1a7/0x300 mm/mempolicy.c:2191
alloc_slab_page mm/slub.c:1793 [inline]
allocate_slab mm/slub.c:1930 [inline]
new_slab+0x32d/0x4a0 mm/slub.c:1993
___slab_alloc+0x918/0xfe0 mm/slub.c:3022
__slab_alloc.constprop.0+0x4d/0xa0 mm/slub.c:3109
slab_alloc_node mm/slub.c:3200 [inline]
slab_alloc mm/slub.c:3242 [inline]
kmem_cache_alloc+0x35c/0x3a0 mm/slub.c:3247
dst_alloc+0x146/0x1f0 net/core/dst.c:92
rt_dst_alloc+0x73/0x430 net/ipv4/route.c:1613
__mkroute_output net/ipv4/route.c:2564 [inline]
ip_route_output_key_hash_rcu+0x921/0x2d00 net/ipv4/route.c:2791
ip_route_output_key_hash+0x18b/0x300 net/ipv4/route.c:2619
__ip_route_output_key include/net/route.h:126 [inline]
ip_route_output_flow+0x23/0x150 net/ipv4/route.c:2850
ip_route_output_key include/net/route.h:142 [inline]
geneve_get_v4_rt+0x3a6/0x830 drivers/net/geneve.c:809
geneve_xmit_skb drivers/net/geneve.c:899 [inline]
geneve_xmit+0xc4a/0x3540 drivers/net/geneve.c:1082
__netdev_start_xmit include/linux/netdevice.h:4994 [inline]
netdev_start_xmit include/linux/netdevice.h:5008 [inline]
xmit_one net/core/dev.c:3590 [inline]
dev_hard_start_xmit+0x1eb/0x920 net/core/dev.c:3606
__dev_queue_xmit+0x299a/0x3650 net/core/dev.c:4229
page last free stack trace:
reset_page_owner include/linux/page_owner.h:24 [inline]
free_pages_prepare mm/page_alloc.c:1338 [inline]
free_pcp_prepare+0x374/0x870 mm/page_alloc.c:1389
free_unref_page_prepare mm/page_alloc.c:3309 [inline]
free_unref_page+0x19/0x690 mm/page_alloc.c:3388
qlink_free mm/kasan/quarantine.c:146 [inline]
qlist_free_all+0x5a/0xc0 mm/kasan/quarantine.c:165
kasan_quarantine_reduce+0x180/0x200 mm/kasan/quarantine.c:272
__kasan_slab_alloc+0xa2/0xc0 mm/kasan/common.c:444
kasan_slab_alloc include/linux/kasan.h:259 [inline]
slab_post_alloc_hook mm/slab.h:519 [inline]
slab_alloc_node mm/slub.c:3234 [inline]
kmem_cache_alloc_node+0x255/0x3f0 mm/slub.c:3270
__alloc_skb+0x215/0x340 net/core/skbuff.c:414
alloc_skb include/linux/skbuff.h:1126 [inline]
alloc_skb_with_frags+0x93/0x620 net/core/skbuff.c:6078
sock_alloc_send_pskb+0x783/0x910 net/core/sock.c:2575
mld_newpack+0x1df/0x770 net/ipv6/mcast.c:1754
add_grhead+0x265/0x330 net/ipv6/mcast.c:1857
add_grec+0x1053/0x14e0 net/ipv6/mcast.c:1995
mld_send_initial_cr.part.0+0xf6/0x230 net/ipv6/mcast.c:2242
mld_send_initial_cr net/ipv6/mcast.c:1232 [inline]
mld_dad_work+0x1d3/0x690 net/ipv6/mcast.c:2268
process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
Memory state around the buggy address:
ffff88807f1cb600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff88807f1cb680: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
>ffff88807f1cb700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff88807f1cb780: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
ffff88807f1cb800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
Fixes: 41063e9dd119 ("ipv4: Early TCP socket demux.")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20211220143330.680945-1-eric.dumazet@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
[cmllamas: fixed trivial merge conflict]
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/sock.h | 2 +-
net/ipv4/af_inet.c | 2 +-
net/ipv4/tcp.c | 3 +--
net/ipv4/tcp_input.c | 2 +-
net/ipv4/tcp_ipv4.c | 11 +++++++----
net/ipv4/udp.c | 6 +++---
net/ipv6/tcp_ipv6.c | 11 +++++++----
net/ipv6/udp.c | 4 ++--
8 files changed, 23 insertions(+), 18 deletions(-)
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -421,7 +421,7 @@ struct sock {
#ifdef CONFIG_XFRM
struct xfrm_policy __rcu *sk_policy[2];
#endif
- struct dst_entry *sk_rx_dst;
+ struct dst_entry __rcu *sk_rx_dst;
struct dst_entry __rcu *sk_dst_cache;
atomic_t sk_omem_alloc;
int sk_sndbuf;
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -158,7 +158,7 @@ void inet_sock_destruct(struct sock *sk)
kfree(rcu_dereference_protected(inet->inet_opt, 1));
dst_release(rcu_dereference_protected(sk->sk_dst_cache, 1));
- dst_release(sk->sk_rx_dst);
+ dst_release(rcu_dereference_protected(sk->sk_rx_dst, 1));
sk_refcnt_debug_dec(sk);
}
EXPORT_SYMBOL(inet_sock_destruct);
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -2816,8 +2816,7 @@ int tcp_disconnect(struct sock *sk, int
icsk->icsk_ack.rcv_mss = TCP_MIN_MSS;
memset(&tp->rx_opt, 0, sizeof(tp->rx_opt));
__sk_dst_reset(sk);
- dst_release(sk->sk_rx_dst);
- sk->sk_rx_dst = NULL;
+ dst_release(xchg((__force struct dst_entry **)&sk->sk_rx_dst, NULL));
tcp_saved_syn_free(tp);
tp->compressed_ack = 0;
tp->segs_in = 0;
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -5777,7 +5777,7 @@ void tcp_rcv_established(struct sock *sk
trace_tcp_probe(sk, skb);
tcp_mstamp_refresh(tp);
- if (unlikely(!sk->sk_rx_dst))
+ if (unlikely(!rcu_access_pointer(sk->sk_rx_dst)))
inet_csk(sk)->icsk_af_ops->sk_rx_dst_set(sk, skb);
/*
* Header prediction.
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1670,15 +1670,18 @@ int tcp_v4_do_rcv(struct sock *sk, struc
struct sock *rsk;
if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
- struct dst_entry *dst = sk->sk_rx_dst;
+ struct dst_entry *dst;
+
+ dst = rcu_dereference_protected(sk->sk_rx_dst,
+ lockdep_sock_is_held(sk));
sock_rps_save_rxhash(sk, skb);
sk_mark_napi_id(sk, skb);
if (dst) {
if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
!dst->ops->check(dst, 0)) {
+ RCU_INIT_POINTER(sk->sk_rx_dst, NULL);
dst_release(dst);
- sk->sk_rx_dst = NULL;
}
}
tcp_rcv_established(sk, skb);
@@ -1753,7 +1756,7 @@ int tcp_v4_early_demux(struct sk_buff *s
skb->sk = sk;
skb->destructor = sock_edemux;
if (sk_fullsock(sk)) {
- struct dst_entry *dst = READ_ONCE(sk->sk_rx_dst);
+ struct dst_entry *dst = rcu_dereference(sk->sk_rx_dst);
if (dst)
dst = dst_check(dst, 0);
@@ -2162,7 +2165,7 @@ void inet_sk_rx_dst_set(struct sock *sk,
struct dst_entry *dst = skb_dst(skb);
if (dst && dst_hold_safe(dst)) {
- sk->sk_rx_dst = dst;
+ rcu_assign_pointer(sk->sk_rx_dst, dst);
inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
}
}
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -2193,7 +2193,7 @@ bool udp_sk_rx_dst_set(struct sock *sk,
struct dst_entry *old;
if (dst_hold_safe(dst)) {
- old = xchg(&sk->sk_rx_dst, dst);
+ old = xchg((__force struct dst_entry **)&sk->sk_rx_dst, dst);
dst_release(old);
return old != dst;
}
@@ -2383,7 +2383,7 @@ int __udp4_lib_rcv(struct sk_buff *skb,
struct dst_entry *dst = skb_dst(skb);
int ret;
- if (unlikely(sk->sk_rx_dst != dst))
+ if (unlikely(rcu_dereference(sk->sk_rx_dst) != dst))
udp_sk_rx_dst_set(sk, dst);
ret = udp_unicast_rcv_skb(sk, skb, uh);
@@ -2541,7 +2541,7 @@ int udp_v4_early_demux(struct sk_buff *s
skb->sk = sk;
skb->destructor = sock_efree;
- dst = READ_ONCE(sk->sk_rx_dst);
+ dst = rcu_dereference(sk->sk_rx_dst);
if (dst)
dst = dst_check(dst, 0);
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -107,7 +107,7 @@ static void inet6_sk_rx_dst_set(struct s
if (dst && dst_hold_safe(dst)) {
const struct rt6_info *rt = (const struct rt6_info *)dst;
- sk->sk_rx_dst = dst;
+ rcu_assign_pointer(sk->sk_rx_dst, dst);
inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
tcp_inet6_sk(sk)->rx_dst_cookie = rt6_get_cookie(rt);
}
@@ -1482,15 +1482,18 @@ static int tcp_v6_do_rcv(struct sock *sk
opt_skb = skb_clone(skb, sk_gfp_mask(sk, GFP_ATOMIC));
if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
- struct dst_entry *dst = sk->sk_rx_dst;
+ struct dst_entry *dst;
+
+ dst = rcu_dereference_protected(sk->sk_rx_dst,
+ lockdep_sock_is_held(sk));
sock_rps_save_rxhash(sk, skb);
sk_mark_napi_id(sk, skb);
if (dst) {
if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
dst->ops->check(dst, np->rx_dst_cookie) == NULL) {
+ RCU_INIT_POINTER(sk->sk_rx_dst, NULL);
dst_release(dst);
- sk->sk_rx_dst = NULL;
}
}
@@ -1842,7 +1845,7 @@ INDIRECT_CALLABLE_SCOPE void tcp_v6_earl
skb->sk = sk;
skb->destructor = sock_edemux;
if (sk_fullsock(sk)) {
- struct dst_entry *dst = READ_ONCE(sk->sk_rx_dst);
+ struct dst_entry *dst = rcu_dereference(sk->sk_rx_dst);
if (dst)
dst = dst_check(dst, tcp_inet6_sk(sk)->rx_dst_cookie);
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -941,7 +941,7 @@ int __udp6_lib_rcv(struct sk_buff *skb,
struct dst_entry *dst = skb_dst(skb);
int ret;
- if (unlikely(sk->sk_rx_dst != dst))
+ if (unlikely(rcu_dereference(sk->sk_rx_dst) != dst))
udp6_sk_rx_dst_set(sk, dst);
if (!uh->check && !udp_sk(sk)->no_check6_rx) {
@@ -1055,7 +1055,7 @@ INDIRECT_CALLABLE_SCOPE void udp_v6_earl
skb->sk = sk;
skb->destructor = sock_efree;
- dst = READ_ONCE(sk->sk_rx_dst);
+ dst = rcu_dereference(sk->sk_rx_dst);
if (dst)
dst = dst_check(dst, inet6_sk(sk)->rx_dst_cookie);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 388/390] thermal: intel_powerclamp: Use first online CPU as control_cpu
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (386 preceding siblings ...)
2022-10-24 11:33 ` [PATCH 5.10 387/390] inet: fully convert sk->sk_rx_dst to RCU rules Greg Kroah-Hartman
@ 2022-10-24 11:33 ` Greg Kroah-Hartman
2022-10-24 11:33 ` [PATCH 5.10 389/390] f2fs: fix wrong condition to trigger background checkpoint correctly Greg Kroah-Hartman
` (7 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:33 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Rafael J. Wysocki, Chen Yu
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
commit 4bb7f6c2781e46fc5bd00475a66df2ea30ef330d upstream.
Commit 68b99e94a4a2 ("thermal: intel_powerclamp: Use get_cpu() instead
of smp_processor_id() to avoid crash") fixed an issue related to using
smp_processor_id() in preemptible context by replacing it with a pair
of get_cpu()/put_cpu(), but what is needed there really is any online
CPU and not necessarily the one currently running the code. Arguably,
getting the one that's running the code in there is confusing.
For this reason, simply give the control CPU role to the first online
one which automatically will be CPU0 if it is online, so one check
can be dropped from the code for an added benefit.
Link: https://lore.kernel.org/linux-pm/20221011113646.GA12080@duo.ucw.cz/
Fixes: 68b99e94a4a2 ("thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash")
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Reviewed-by: Chen Yu <yu.c.chen@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/thermal/intel/intel_powerclamp.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
--- a/drivers/thermal/intel/intel_powerclamp.c
+++ b/drivers/thermal/intel/intel_powerclamp.c
@@ -531,11 +531,7 @@ static int start_power_clamp(void)
get_online_cpus();
/* prefer BSP */
- control_cpu = 0;
- if (!cpu_online(control_cpu)) {
- control_cpu = get_cpu();
- put_cpu();
- }
+ control_cpu = cpumask_first(cpu_online_mask);
clamping = true;
schedule_delayed_work(&poll_pkg_cstate_work, 0);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 389/390] f2fs: fix wrong condition to trigger background checkpoint correctly
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (387 preceding siblings ...)
2022-10-24 11:33 ` [PATCH 5.10 388/390] thermal: intel_powerclamp: Use first online CPU as control_cpu Greg Kroah-Hartman
@ 2022-10-24 11:33 ` Greg Kroah-Hartman
2022-10-24 11:33 ` [PATCH 5.10 390/390] gcov: support GCC 12.1 and newer compilers Greg Kroah-Hartman
` (6 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:33 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim
From: Chao Yu <chao@kernel.org>
commit cd6d697a6e2013a0a85f8b261b16c8cfd50c1f5f upstream.
In f2fs_balance_fs_bg(), it needs to check both NAT_ENTRIES and INO_ENTRIES
memory usage to decide whether we should skip background checkpoint, otherwise
we may always skip checking INO_ENTRIES memory usage, so that INO_ENTRIES may
potentially cause high memory footprint.
Fixes: 493720a48543 ("f2fs: fix to avoid REQ_TIME and CP_TIME collision")
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/segment.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -550,7 +550,7 @@ void f2fs_balance_fs_bg(struct f2fs_sb_i
goto do_sync;
/* checkpoint is the only way to shrink partial cached entries */
- if (f2fs_available_free_memory(sbi, NAT_ENTRIES) ||
+ if (f2fs_available_free_memory(sbi, NAT_ENTRIES) &&
f2fs_available_free_memory(sbi, INO_ENTRIES))
return;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 5.10 390/390] gcov: support GCC 12.1 and newer compilers
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (388 preceding siblings ...)
2022-10-24 11:33 ` [PATCH 5.10 389/390] f2fs: fix wrong condition to trigger background checkpoint correctly Greg Kroah-Hartman
@ 2022-10-24 11:33 ` Greg Kroah-Hartman
2022-10-24 13:49 ` [PATCH 5.10 000/390] 5.10.150-rc1 review Pavel Machek
` (5 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-24 11:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Liska, Peter Oberparleiter,
Andrew Morton
From: Martin Liska <mliska@suse.cz>
commit 977ef30a7d888eeb52fb6908f99080f33e5309a8 upstream.
Starting with GCC 12.1, the created .gcda format can't be read by gcov
tool. There are 2 significant changes to the .gcda file format that
need to be supported:
a) [gcov: Use system IO buffering]
(23eb66d1d46a34cb28c4acbdf8a1deb80a7c5a05) changed that all sizes in
the format are in bytes and not in words (4B)
b) [gcov: make profile merging smarter]
(72e0c742bd01f8e7e6dcca64042b9ad7e75979de) add a new checksum to the
file header.
Tested with GCC 7.5, 10.4, 12.2 and the current master.
Link: https://lkml.kernel.org/r/624bda92-f307-30e9-9aaa-8cc678b2dfb2@suse.cz
Signed-off-by: Martin Liska <mliska@suse.cz>
Tested-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Reviewed-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/gcov/gcc_4_7.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
--- a/kernel/gcov/gcc_4_7.c
+++ b/kernel/gcov/gcc_4_7.c
@@ -33,6 +33,13 @@
#define GCOV_TAG_FUNCTION_LENGTH 3
+/* Since GCC 12.1 sizes are in BYTES and not in WORDS (4B). */
+#if (__GNUC__ >= 12)
+#define GCOV_UNIT_SIZE 4
+#else
+#define GCOV_UNIT_SIZE 1
+#endif
+
static struct gcov_info *gcov_info_head;
/**
@@ -451,12 +458,18 @@ static size_t convert_to_gcda(char *buff
pos += store_gcov_u32(buffer, pos, info->version);
pos += store_gcov_u32(buffer, pos, info->stamp);
+#if (__GNUC__ >= 12)
+ /* Use zero as checksum of the compilation unit. */
+ pos += store_gcov_u32(buffer, pos, 0);
+#endif
+
for (fi_idx = 0; fi_idx < info->n_functions; fi_idx++) {
fi_ptr = info->functions[fi_idx];
/* Function record. */
pos += store_gcov_u32(buffer, pos, GCOV_TAG_FUNCTION);
- pos += store_gcov_u32(buffer, pos, GCOV_TAG_FUNCTION_LENGTH);
+ pos += store_gcov_u32(buffer, pos,
+ GCOV_TAG_FUNCTION_LENGTH * GCOV_UNIT_SIZE);
pos += store_gcov_u32(buffer, pos, fi_ptr->ident);
pos += store_gcov_u32(buffer, pos, fi_ptr->lineno_checksum);
pos += store_gcov_u32(buffer, pos, fi_ptr->cfg_checksum);
@@ -470,7 +483,8 @@ static size_t convert_to_gcda(char *buff
/* Counter record. */
pos += store_gcov_u32(buffer, pos,
GCOV_TAG_FOR_COUNTER(ct_idx));
- pos += store_gcov_u32(buffer, pos, ci_ptr->num * 2);
+ pos += store_gcov_u32(buffer, pos,
+ ci_ptr->num * 2 * GCOV_UNIT_SIZE);
for (cv_idx = 0; cv_idx < ci_ptr->num; cv_idx++) {
pos += store_gcov_u64(buffer, pos,
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 5.10 000/390] 5.10.150-rc1 review
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (389 preceding siblings ...)
2022-10-24 11:33 ` [PATCH 5.10 390/390] gcov: support GCC 12.1 and newer compilers Greg Kroah-Hartman
@ 2022-10-24 13:49 ` Pavel Machek
2022-10-24 16:47 ` Jon Hunter
` (4 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Pavel Machek @ 2022-10-24 13:49 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw
[-- Attachment #1: Type: text/plain, Size: 662 bytes --]
Hi!
> This is the start of the stable review cycle for the 5.10.150 release.
> There are 390 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
CIP testing did not find any problems here:
https://gitlab.com/cip-project/cip-testing/linux-stable-rc-ci/-/tree/linux-5.10.y
Tested-by: Pavel Machek (CIP) <pavel@denx.de>
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 5.10 000/390] 5.10.150-rc1 review
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (390 preceding siblings ...)
2022-10-24 13:49 ` [PATCH 5.10 000/390] 5.10.150-rc1 review Pavel Machek
@ 2022-10-24 16:47 ` Jon Hunter
2022-10-24 18:01 ` Florian Fainelli
` (3 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Jon Hunter @ 2022-10-24 16:47 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: stable, torvalds, akpm, linux, shuah, patches, lkft-triage,
pavel, f.fainelli, sudipm.mukherjee, srw, linux-tegra
On 24/10/2022 12:26, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.10.150 release.
> There are 390 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 26 Oct 2022 11:29:24 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.150-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
All tests passing for Tegra ...
Test results for stable-v5.10:
10 builds: 10 pass, 0 fail
28 boots: 28 pass, 0 fail
75 tests: 75 pass, 0 fail
Linux version: 5.10.150-rc1-gb4f4370de958
Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
tegra194-p2972-0000, tegra194-p3509-0000+p3668-0000,
tegra20-ventana, tegra210-p2371-2180,
tegra210-p3450-0000, tegra30-cardhu-a04
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Jon
--
nvpublic
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 5.10 044/390] serial: 8250: Let drivers request full 16550A feature probing
2022-10-24 11:27 ` [PATCH 5.10 044/390] serial: 8250: Let drivers request full 16550A feature probing Greg Kroah-Hartman
@ 2022-10-24 17:27 ` Pavel Machek
2022-10-25 13:16 ` Greg Kroah-Hartman
0 siblings, 1 reply; 414+ messages in thread
From: Pavel Machek @ 2022-10-24 17:27 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Anders Blomdell, Maciej W. Rozycki
[-- Attachment #1: Type: text/plain, Size: 1951 bytes --]
Hi!
> From: Maciej W. Rozycki <macro@orcam.me.uk>
>
> commit 9906890c89e4dbd900ed87ad3040080339a7f411 upstream.
>
> A SERIAL_8250_16550A_VARIANTS configuration option has been recently
> defined that lets one request the 8250 driver not to probe for 16550A
> device features so as to reduce the driver's device startup time in
> virtual machines.
>
> Some actual hardware devices require these features to have been fully
> determined however for their driver to work correctly, so define a flag
> to let drivers request full 16550A feature probing on a device-by-device
> basis if required regardless of the SERIAL_8250_16550A_VARIANTS option
> setting chosen.
As far as I can see, the UPF_FULL_PROBE is never set in 5.10.150 tree,
so we should not need it there.
Best regards,
Pavel
> +++ b/drivers/tty/serial/8250/8250_port.c
> @@ -1021,7 +1021,8 @@ static void autoconfig_16550a(struct uar
> up->port.type = PORT_16550A;
> up->capabilities |= UART_CAP_FIFO;
>
> - if (!IS_ENABLED(CONFIG_SERIAL_8250_16550A_VARIANTS))
> + if (!IS_ENABLED(CONFIG_SERIAL_8250_16550A_VARIANTS) &&
> + !(up->port.flags & UPF_FULL_PROBE))
> return;
>
> /*
> --- a/include/linux/serial_core.h
> +++ b/include/linux/serial_core.h
> @@ -100,7 +100,7 @@ struct uart_icount {
> __u32 buf_overrun;
> };
>
> -typedef unsigned int __bitwise upf_t;
> +typedef u64 __bitwise upf_t;
> typedef unsigned int __bitwise upstat_t;
>
> struct uart_port {
> @@ -207,6 +207,7 @@ struct uart_port {
> #define UPF_FIXED_PORT ((__force upf_t) (1 << 29))
> #define UPF_DEAD ((__force upf_t) (1 << 30))
> #define UPF_IOREMAP ((__force upf_t) (1 << 31))
> +#define UPF_FULL_PROBE ((__force upf_t) (1ULL << 32))
>
> #define __UPF_CHANGE_MASK 0x17fff
> #define UPF_CHANGE_MASK ((__force upf_t) __UPF_CHANGE_MASK)
>
--
People of Russia, stop Putin before his war on Ukraine escalates.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 5.10 052/390] f2fs: fix to do sanity check on summary info
2022-10-24 11:27 ` [PATCH 5.10 052/390] f2fs: fix to do sanity check on summary info Greg Kroah-Hartman
@ 2022-10-24 17:30 ` Pavel Machek
2022-10-24 18:08 ` Jaegeuk Kim
2022-10-25 2:53 ` Chao Yu
0 siblings, 2 replies; 414+ messages in thread
From: Pavel Machek @ 2022-10-24 17:30 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Wenqing Liu, Chao Yu, Jaegeuk Kim
[-- Attachment #1: Type: text/plain, Size: 1705 bytes --]
Hi!
> From: Chao Yu <chao@kernel.org>
>
> commit c6ad7fd16657ebd34a87a97d9588195aae87597d upstream.
>
> As Wenqing Liu reported in bugzilla:
>
> https://bugzilla.kernel.org/show_bug.cgi?id=216456
>
> BUG: KASAN: use-after-free in recover_data+0x63ae/0x6ae0 [f2fs]
> Read of size 4 at addr ffff8881464dcd80 by task mount/1013
I believe this is missing put_page on the error path:
> +++ b/fs/f2fs/gc.c
> @@ -1003,6 +1003,14 @@ static bool is_alive(struct f2fs_sb_info
> return false;
> }
>
> + max_addrs = IS_INODE(node_page) ? DEF_ADDRS_PER_INODE :
> + DEF_ADDRS_PER_BLOCK;
> + if (ofs_in_node >= max_addrs) {
> + f2fs_err(sbi, "Inconsistent ofs_in_node:%u in summary, ino:%u, nid:%u, max:%u",
> + ofs_in_node, dni->ino, dni->nid, max_addrs);
> + return false;
> + }
> +
> *nofs = ofs_of_node(node_page);
> source_blkaddr = data_blkaddr(NULL, node_page, ofs_in_node);
> f2fs_put_page(node_page, 1);
So something like this is needed. (Feel free to test/adapt/apply).
Signed-off-by: Pavel Machek <pavel@denx.de>
Best regards,
Pavel
diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c
index 4546e01b2ee0..dab794225cce 100644
--- a/fs/f2fs/gc.c
+++ b/fs/f2fs/gc.c
@@ -1110,6 +1110,7 @@ static bool is_alive(struct f2fs_sb_info *sbi, struct f2fs_summary *sum,
if (ofs_in_node >= max_addrs) {
f2fs_err(sbi, "Inconsistent ofs_in_node:%u in summary, ino:%u, nid:%u, max:%u",
ofs_in_node, dni->ino, dni->nid, max_addrs);
+ f2fs_put_page(node_page, 1);
return false;
}
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply related [flat|nested] 414+ messages in thread
* Re: [PATCH 5.10 080/390] efi: libstub: drop pointless get_memory_map() call
2022-10-24 11:27 ` [PATCH 5.10 080/390] efi: libstub: drop pointless get_memory_map() call Greg Kroah-Hartman
@ 2022-10-24 17:35 ` Pavel Machek
0 siblings, 0 replies; 414+ messages in thread
From: Pavel Machek @ 2022-10-24 17:35 UTC (permalink / raw)
To: Greg Kroah-Hartman; +Cc: linux-kernel, stable, Ard Biesheuvel
[-- Attachment #1: Type: text/plain, Size: 1250 bytes --]
Hi!
> From: Ard Biesheuvel <ardb@kernel.org>
>
> commit d80ca810f096ff66f451e7a3ed2f0cd9ef1ff519 upstream.
>
> Currently, the non-x86 stub code calls get_memory_map() redundantly,
> given that the data it returns is never used anywhere. So drop the
> call.
In mainline, map is not used after this point.
But in 5.10, map is passed to
status = efi_exit_boot_services(handle, &map, &priv, exit_boot_func);
few lines below. Can someone verify this reasoning still holds?
Thanks and best regards,
Pavel
> +++ b/drivers/firmware/efi/libstub/fdt.c
> @@ -281,14 +281,6 @@ efi_status_t allocate_new_fdt_and_exit_b
> goto fail;
> }
>
> - /*
> - * Now that we have done our final memory allocation (and free)
> - * we can get the memory map key needed for exit_boot_services().
> - */
> - status = efi_get_memory_map(&map);
> - if (status != EFI_SUCCESS)
> - goto fail_free_new_fdt;
> -
> status = update_fdt((void *)fdt_addr, fdt_size,
> (void *)*new_fdt_addr, MAX_FDT_SIZE, cmdline_ptr,
> initrd_addr, initrd_size);
>
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 5.10 000/390] 5.10.150-rc1 review
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (391 preceding siblings ...)
2022-10-24 16:47 ` Jon Hunter
@ 2022-10-24 18:01 ` Florian Fainelli
2022-10-25 4:15 ` Slade Watkins
` (2 subsequent siblings)
395 siblings, 0 replies; 414+ messages in thread
From: Florian Fainelli @ 2022-10-24 18:01 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: stable, torvalds, akpm, linux, shuah, patches, lkft-triage,
pavel, jonathanh, sudipm.mukherjee, srw
On 10/24/22 04:26, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.10.150 release.
> There are 390 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 26 Oct 2022 11:29:24 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.150-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
On ARCH_BRCMSTB using 32-bit and 64-bit ARM kernels, build tested on
BMIPS_GENERIC:
Tested-by: Florian Fainelli <f.fainelli@gmail.com>
--
Florian
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 5.10 052/390] f2fs: fix to do sanity check on summary info
2022-10-24 17:30 ` Pavel Machek
@ 2022-10-24 18:08 ` Jaegeuk Kim
2022-10-25 2:53 ` Chao Yu
1 sibling, 0 replies; 414+ messages in thread
From: Jaegeuk Kim @ 2022-10-24 18:08 UTC (permalink / raw)
To: Pavel Machek
Cc: Greg Kroah-Hartman, linux-kernel, stable, Wenqing Liu, Chao Yu
On 10/24, Pavel Machek wrote:
> Hi!
>
> > From: Chao Yu <chao@kernel.org>
> >
> > commit c6ad7fd16657ebd34a87a97d9588195aae87597d upstream.
> >
> > As Wenqing Liu reported in bugzilla:
> >
> > https://bugzilla.kernel.org/show_bug.cgi?id=216456
> >
> > BUG: KASAN: use-after-free in recover_data+0x63ae/0x6ae0 [f2fs]
> > Read of size 4 at addr ffff8881464dcd80 by task mount/1013
>
> I believe this is missing put_page on the error path:
>
> > +++ b/fs/f2fs/gc.c
> > @@ -1003,6 +1003,14 @@ static bool is_alive(struct f2fs_sb_info
> > return false;
> > }
> >
> > + max_addrs = IS_INODE(node_page) ? DEF_ADDRS_PER_INODE :
> > + DEF_ADDRS_PER_BLOCK;
> > + if (ofs_in_node >= max_addrs) {
> > + f2fs_err(sbi, "Inconsistent ofs_in_node:%u in summary, ino:%u, nid:%u, max:%u",
> > + ofs_in_node, dni->ino, dni->nid, max_addrs);
> > + return false;
> > + }
> > +
> > *nofs = ofs_of_node(node_page);
> > source_blkaddr = data_blkaddr(NULL, node_page, ofs_in_node);
> > f2fs_put_page(node_page, 1);
>
> So something like this is needed. (Feel free to test/adapt/apply).
Urg.. thank you so much for pointing this out. Applied the change to the tree.
https://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git/commit/?h=dev&id=a22aeafb3d3569aecf811dca1aceff656695cdb4
>
> Signed-off-by: Pavel Machek <pavel@denx.de>
>
> Best regards,
> Pavel
>
> diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c
> index 4546e01b2ee0..dab794225cce 100644
> --- a/fs/f2fs/gc.c
> +++ b/fs/f2fs/gc.c
> @@ -1110,6 +1110,7 @@ static bool is_alive(struct f2fs_sb_info *sbi, struct f2fs_summary *sum,
> if (ofs_in_node >= max_addrs) {
> f2fs_err(sbi, "Inconsistent ofs_in_node:%u in summary, ino:%u, nid:%u, max:%u",
> ofs_in_node, dni->ino, dni->nid, max_addrs);
> + f2fs_put_page(node_page, 1);
> return false;
> }
>
>
> --
> DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 5.10 301/390] ARM: decompressor: Include .data.rel.ro.local
2022-10-24 11:31 ` Greg Kroah-Hartman
@ 2022-10-24 18:41 ` Pavel Machek
-1 siblings, 0 replies; 414+ messages in thread
From: Pavel Machek @ 2022-10-24 18:41 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, kernel test robot, Russell King,
linux-arm-kernel, Kees Cook, Sasha Levin
[-- Attachment #1.1: Type: text/plain, Size: 1324 bytes --]
Hi!
> From: Kees Cook <keescook@chromium.org>
>
> [ Upstream commit 1b64daf413acd86c2c13f5443f6b4ef3690c8061 ]
>
> The .data.rel.ro.local section has the same semantics as .data.rel.ro
> here, so include it in the .rodata section of the decompressor.
> Additionally since the .printk_index section isn't usable outside of
> the core kernel, discard it in the decompressor. Avoids these warnings:
>
> arm-linux-gnueabi-ld: warning: orphan section `.data.rel.ro.local' from `arch/arm/boot/compressed/fdt_rw.o' being placed in section `.data.rel.ro.local'
> arm-linux-gnueabi-ld: warning: orphan section `.printk_index' from
> `arch/arm/boot/compressed/fdt_rw.o' being placed in section
> `.printk_index'
There's no printk_index in 5.10., so I'm not sure we should be
applying it here.
Best regards,
Pavel
> +++ b/arch/arm/boot/compressed/vmlinux.lds.S
> @@ -23,6 +23,7 @@ SECTIONS
> *(.ARM.extab*)
> *(.note.*)
> *(.rel.*)
> + *(.printk_index)
> /*
> * Discard any r/w data - this produces a link error if we have any,
> * which is required for PIC decompression. Local data generates
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 176 bytes --]
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 5.10 301/390] ARM: decompressor: Include .data.rel.ro.local
@ 2022-10-24 18:41 ` Pavel Machek
0 siblings, 0 replies; 414+ messages in thread
From: Pavel Machek @ 2022-10-24 18:41 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, kernel test robot, Russell King,
linux-arm-kernel, Kees Cook, Sasha Levin
[-- Attachment #1: Type: text/plain, Size: 1324 bytes --]
Hi!
> From: Kees Cook <keescook@chromium.org>
>
> [ Upstream commit 1b64daf413acd86c2c13f5443f6b4ef3690c8061 ]
>
> The .data.rel.ro.local section has the same semantics as .data.rel.ro
> here, so include it in the .rodata section of the decompressor.
> Additionally since the .printk_index section isn't usable outside of
> the core kernel, discard it in the decompressor. Avoids these warnings:
>
> arm-linux-gnueabi-ld: warning: orphan section `.data.rel.ro.local' from `arch/arm/boot/compressed/fdt_rw.o' being placed in section `.data.rel.ro.local'
> arm-linux-gnueabi-ld: warning: orphan section `.printk_index' from
> `arch/arm/boot/compressed/fdt_rw.o' being placed in section
> `.printk_index'
There's no printk_index in 5.10., so I'm not sure we should be
applying it here.
Best regards,
Pavel
> +++ b/arch/arm/boot/compressed/vmlinux.lds.S
> @@ -23,6 +23,7 @@ SECTIONS
> *(.ARM.extab*)
> *(.note.*)
> *(.rel.*)
> + *(.printk_index)
> /*
> * Discard any r/w data - this produces a link error if we have any,
> * which is required for PIC decompression. Local data generates
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 5.10 052/390] f2fs: fix to do sanity check on summary info
2022-10-24 17:30 ` Pavel Machek
2022-10-24 18:08 ` Jaegeuk Kim
@ 2022-10-25 2:53 ` Chao Yu
1 sibling, 0 replies; 414+ messages in thread
From: Chao Yu @ 2022-10-25 2:53 UTC (permalink / raw)
To: Pavel Machek, Greg Kroah-Hartman
Cc: linux-kernel, stable, Wenqing Liu, Jaegeuk Kim
On 2022/10/25 1:30, Pavel Machek wrote:
> Hi!
>
>> From: Chao Yu <chao@kernel.org>
>>
>> commit c6ad7fd16657ebd34a87a97d9588195aae87597d upstream.
>>
>> As Wenqing Liu reported in bugzilla:
>>
>> https://bugzilla.kernel.org/show_bug.cgi?id=216456
>>
>> BUG: KASAN: use-after-free in recover_data+0x63ae/0x6ae0 [f2fs]
>> Read of size 4 at addr ffff8881464dcd80 by task mount/1013
>
> I believe this is missing put_page on the error path:
>
>> +++ b/fs/f2fs/gc.c
>> @@ -1003,6 +1003,14 @@ static bool is_alive(struct f2fs_sb_info
>> return false;
>> }
>>
>> + max_addrs = IS_INODE(node_page) ? DEF_ADDRS_PER_INODE :
>> + DEF_ADDRS_PER_BLOCK;
>> + if (ofs_in_node >= max_addrs) {
>> + f2fs_err(sbi, "Inconsistent ofs_in_node:%u in summary, ino:%u, nid:%u, max:%u",
>> + ofs_in_node, dni->ino, dni->nid, max_addrs);
>> + return false;
>> + }
>> +
>> *nofs = ofs_of_node(node_page);
>> source_blkaddr = data_blkaddr(NULL, node_page, ofs_in_node);
>> f2fs_put_page(node_page, 1);
>
> So something like this is needed. (Feel free to test/adapt/apply).
>
> Signed-off-by: Pavel Machek <pavel@denx.de>
>
> Best regards,
> Pavel
>
> diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c
> index 4546e01b2ee0..dab794225cce 100644
> --- a/fs/f2fs/gc.c
> +++ b/fs/f2fs/gc.c
> @@ -1110,6 +1110,7 @@ static bool is_alive(struct f2fs_sb_info *sbi, struct f2fs_summary *sum,
> if (ofs_in_node >= max_addrs) {
> f2fs_err(sbi, "Inconsistent ofs_in_node:%u in summary, ino:%u, nid:%u, max:%u",
> ofs_in_node, dni->ino, dni->nid, max_addrs);
> + f2fs_put_page(node_page, 1);
> return false;
> }
My bad, thanks for fixing this.
Reviewed-by: Chao Yu <chao@kernel.org>
Thanks,
>
>
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 5.10 000/390] 5.10.150-rc1 review
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (392 preceding siblings ...)
2022-10-24 18:01 ` Florian Fainelli
@ 2022-10-25 4:15 ` Slade Watkins
2022-10-25 4:31 ` Guenter Roeck
2022-10-25 15:12 ` Naresh Kamboju
395 siblings, 0 replies; 414+ messages in thread
From: Slade Watkins @ 2022-10-25 4:15 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: stable, torvalds, akpm, linux, shuah, patches, lkft-triage,
pavel, jonathanh, f.fainelli, sudipm.mukherjee
On 10/24/22 7:26 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.10.150 release.
> There are 390 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 26 Oct 2022 11:29:24 +0000.
> Anything received after that time might be too late.
5.10.150-rc1 compiled and booted on my x86_64 test system. No errors or
regressions.
Tested-by: Slade Watkins <srw@sladewatkins.net>
All the best,
-srw
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 5.10 000/390] 5.10.150-rc1 review
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (393 preceding siblings ...)
2022-10-25 4:15 ` Slade Watkins
@ 2022-10-25 4:31 ` Guenter Roeck
2022-10-25 15:12 ` Naresh Kamboju
395 siblings, 0 replies; 414+ messages in thread
From: Guenter Roeck @ 2022-10-25 4:31 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw
On Mon, Oct 24, 2022 at 01:26:37PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.10.150 release.
> There are 390 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 26 Oct 2022 11:29:24 +0000.
> Anything received after that time might be too late.
>
Build results:
total: 163 pass: 163 fail: 0
Qemu test results:
total: 475 pass: 475 fail: 0
Tested-by: Guenter Roeck <linux@roeck-us.net>
Guenter
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 5.10 384/390] Revert "drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega"
2022-10-24 11:33 ` [PATCH 5.10 384/390] Revert "drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega" Greg Kroah-Hartman
@ 2022-10-25 9:02 ` Salvatore Bonaccorso
2022-10-25 14:20 ` Greg Kroah-Hartman
0 siblings, 1 reply; 414+ messages in thread
From: Salvatore Bonaccorso @ 2022-10-25 9:02 UTC (permalink / raw)
To: Greg Kroah-Hartman; +Cc: linux-kernel, stable, Shuah Khan, Deucher, Alexander
Hi Greg,
On Mon, Oct 24, 2022 at 01:33:01PM +0200, Greg Kroah-Hartman wrote:
> From: Shuah Khan <skhan@linuxfoundation.org>
>
> This reverts commit 9f55f36f749a7608eeef57d7d72991a9bd557341 which is
> commit e3163bc8ffdfdb405e10530b140135b2ee487f89 upstream.
>
> This commit causes repeated WARN_ONs from
>
> drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amd
> gpu_dm.c:7391 amdgpu_dm_atomic_commit_tail+0x23b9/0x2430 [amdgpu]
>
> dmesg fills up with the following messages and drm initialization takes
> a very long time.
>
> Cc: <stable@vger.kernel.org> # 5.10
> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
> drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 5 -----
> drivers/gpu/drm/amd/amdgpu/soc15.c | 25 +++++++++++++++++++++++++
> 2 files changed, 25 insertions(+), 5 deletions(-)
>
> --- a/drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c
> +++ b/drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c
> @@ -1475,11 +1475,6 @@ static int sdma_v4_0_start(struct amdgpu
> WREG32_SDMA(i, mmSDMA0_CNTL, temp);
>
> if (!amdgpu_sriov_vf(adev)) {
> - ring = &adev->sdma.instance[i].ring;
> - adev->nbio.funcs->sdma_doorbell_range(adev, i,
> - ring->use_doorbell, ring->doorbell_index,
> - adev->doorbell_index.sdma_doorbell_range);
> -
> /* unhalt engine */
> temp = RREG32_SDMA(i, mmSDMA0_F32_CNTL);
> temp = REG_SET_FIELD(temp, SDMA0_F32_CNTL, HALT, 0);
> --- a/drivers/gpu/drm/amd/amdgpu/soc15.c
> +++ b/drivers/gpu/drm/amd/amdgpu/soc15.c
> @@ -1332,6 +1332,25 @@ static int soc15_common_sw_fini(void *ha
> return 0;
> }
>
> +static void soc15_doorbell_range_init(struct amdgpu_device *adev)
> +{
> + int i;
> + struct amdgpu_ring *ring;
> +
> + /* sdma/ih doorbell range are programed by hypervisor */
> + if (!amdgpu_sriov_vf(adev)) {
> + for (i = 0; i < adev->sdma.num_instances; i++) {
> + ring = &adev->sdma.instance[i].ring;
> + adev->nbio.funcs->sdma_doorbell_range(adev, i,
> + ring->use_doorbell, ring->doorbell_index,
> + adev->doorbell_index.sdma_doorbell_range);
> + }
> +
> + adev->nbio.funcs->ih_doorbell_range(adev, adev->irq.ih.use_doorbell,
> + adev->irq.ih.doorbell_index);
> + }
> +}
> +
> static int soc15_common_hw_init(void *handle)
> {
> struct amdgpu_device *adev = (struct amdgpu_device *)handle;
> @@ -1351,6 +1370,12 @@ static int soc15_common_hw_init(void *ha
>
> /* enable the doorbell aperture */
> soc15_enable_doorbell_aperture(adev, true);
> + /* HW doorbell routing policy: doorbell writing not
> + * in SDMA/IH/MM/ACV range will be routed to CP. So
> + * we need to init SDMA/IH/MM/ACV doorbell range prior
> + * to CP ip block init and ring test.
> + */
> + soc15_doorbell_range_init(adev);
>
> return 0;
> }
Can you please as well revert 7b0db849ea030a70b8fb9c9afec67c81f955482e
on top?
See https://lore.kernel.org/stable/BL1PR12MB5144F3CC640A18DF0C36E414F72E9@BL1PR12MB5144.namprd12.prod.outlook.com/
Both of these reverts need to be applied to fix regressions which were
reported in https://gitlab.freedesktop.org/drm/amd/-/issues/2216 and
downstream in Debian (https://bugs.debian.org/1022025).
If it is now not anymore possible for 5.10.150 can you pick the revert
for 5.10.151?
Regards,
Salvatore
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 5.10 301/390] ARM: decompressor: Include .data.rel.ro.local
2022-10-24 18:41 ` Pavel Machek
@ 2022-10-25 13:05 ` Greg Kroah-Hartman
-1 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-25 13:05 UTC (permalink / raw)
To: Pavel Machek
Cc: linux-kernel, stable, kernel test robot, Russell King,
linux-arm-kernel, Kees Cook, Sasha Levin
On Mon, Oct 24, 2022 at 08:41:03PM +0200, Pavel Machek wrote:
> Hi!
>
> > From: Kees Cook <keescook@chromium.org>
> >
> > [ Upstream commit 1b64daf413acd86c2c13f5443f6b4ef3690c8061 ]
> >
> > The .data.rel.ro.local section has the same semantics as .data.rel.ro
> > here, so include it in the .rodata section of the decompressor.
> > Additionally since the .printk_index section isn't usable outside of
> > the core kernel, discard it in the decompressor. Avoids these warnings:
> >
> > arm-linux-gnueabi-ld: warning: orphan section `.data.rel.ro.local' from `arch/arm/boot/compressed/fdt_rw.o' being placed in section `.data.rel.ro.local'
> > arm-linux-gnueabi-ld: warning: orphan section `.printk_index' from
> > `arch/arm/boot/compressed/fdt_rw.o' being placed in section
> > `.printk_index'
>
> There's no printk_index in 5.10., so I'm not sure we should be
> applying it here.
Good point, now dropped.
greg k-h
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 5.10 301/390] ARM: decompressor: Include .data.rel.ro.local
@ 2022-10-25 13:05 ` Greg Kroah-Hartman
0 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-25 13:05 UTC (permalink / raw)
To: Pavel Machek
Cc: linux-kernel, stable, kernel test robot, Russell King,
linux-arm-kernel, Kees Cook, Sasha Levin
On Mon, Oct 24, 2022 at 08:41:03PM +0200, Pavel Machek wrote:
> Hi!
>
> > From: Kees Cook <keescook@chromium.org>
> >
> > [ Upstream commit 1b64daf413acd86c2c13f5443f6b4ef3690c8061 ]
> >
> > The .data.rel.ro.local section has the same semantics as .data.rel.ro
> > here, so include it in the .rodata section of the decompressor.
> > Additionally since the .printk_index section isn't usable outside of
> > the core kernel, discard it in the decompressor. Avoids these warnings:
> >
> > arm-linux-gnueabi-ld: warning: orphan section `.data.rel.ro.local' from `arch/arm/boot/compressed/fdt_rw.o' being placed in section `.data.rel.ro.local'
> > arm-linux-gnueabi-ld: warning: orphan section `.printk_index' from
> > `arch/arm/boot/compressed/fdt_rw.o' being placed in section
> > `.printk_index'
>
> There's no printk_index in 5.10., so I'm not sure we should be
> applying it here.
Good point, now dropped.
greg k-h
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 5.10 044/390] serial: 8250: Let drivers request full 16550A feature probing
2022-10-24 17:27 ` Pavel Machek
@ 2022-10-25 13:16 ` Greg Kroah-Hartman
0 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-25 13:16 UTC (permalink / raw)
To: Pavel Machek; +Cc: linux-kernel, stable, Anders Blomdell, Maciej W. Rozycki
On Mon, Oct 24, 2022 at 07:27:10PM +0200, Pavel Machek wrote:
> Hi!
>
> > From: Maciej W. Rozycki <macro@orcam.me.uk>
> >
> > commit 9906890c89e4dbd900ed87ad3040080339a7f411 upstream.
> >
> > A SERIAL_8250_16550A_VARIANTS configuration option has been recently
> > defined that lets one request the 8250 driver not to probe for 16550A
> > device features so as to reduce the driver's device startup time in
> > virtual machines.
> >
> > Some actual hardware devices require these features to have been fully
> > determined however for their driver to work correctly, so define a flag
> > to let drivers request full 16550A feature probing on a device-by-device
> > basis if required regardless of the SERIAL_8250_16550A_VARIANTS option
> > setting chosen.
>
> As far as I can see, the UPF_FULL_PROBE is never set in 5.10.150 tree,
> so we should not need it there.
Ah, yes, it was tagged wrong. I'll go drop this now, it's only needed
in 5.15.y
thanks,
greg k-h
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 5.10 384/390] Revert "drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega"
2022-10-25 9:02 ` Salvatore Bonaccorso
@ 2022-10-25 14:20 ` Greg Kroah-Hartman
0 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-25 14:20 UTC (permalink / raw)
To: Salvatore Bonaccorso; +Cc: linux-kernel, stable, Shuah Khan, Deucher, Alexander
On Tue, Oct 25, 2022 at 11:02:33AM +0200, Salvatore Bonaccorso wrote:
> Hi Greg,
>
> On Mon, Oct 24, 2022 at 01:33:01PM +0200, Greg Kroah-Hartman wrote:
> > From: Shuah Khan <skhan@linuxfoundation.org>
> >
> > This reverts commit 9f55f36f749a7608eeef57d7d72991a9bd557341 which is
> > commit e3163bc8ffdfdb405e10530b140135b2ee487f89 upstream.
> >
> > This commit causes repeated WARN_ONs from
> >
> > drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amd
> > gpu_dm.c:7391 amdgpu_dm_atomic_commit_tail+0x23b9/0x2430 [amdgpu]
> >
> > dmesg fills up with the following messages and drm initialization takes
> > a very long time.
> >
> > Cc: <stable@vger.kernel.org> # 5.10
> > Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > ---
> > drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 5 -----
> > drivers/gpu/drm/amd/amdgpu/soc15.c | 25 +++++++++++++++++++++++++
> > 2 files changed, 25 insertions(+), 5 deletions(-)
> >
> > --- a/drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c
> > +++ b/drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c
> > @@ -1475,11 +1475,6 @@ static int sdma_v4_0_start(struct amdgpu
> > WREG32_SDMA(i, mmSDMA0_CNTL, temp);
> >
> > if (!amdgpu_sriov_vf(adev)) {
> > - ring = &adev->sdma.instance[i].ring;
> > - adev->nbio.funcs->sdma_doorbell_range(adev, i,
> > - ring->use_doorbell, ring->doorbell_index,
> > - adev->doorbell_index.sdma_doorbell_range);
> > -
> > /* unhalt engine */
> > temp = RREG32_SDMA(i, mmSDMA0_F32_CNTL);
> > temp = REG_SET_FIELD(temp, SDMA0_F32_CNTL, HALT, 0);
> > --- a/drivers/gpu/drm/amd/amdgpu/soc15.c
> > +++ b/drivers/gpu/drm/amd/amdgpu/soc15.c
> > @@ -1332,6 +1332,25 @@ static int soc15_common_sw_fini(void *ha
> > return 0;
> > }
> >
> > +static void soc15_doorbell_range_init(struct amdgpu_device *adev)
> > +{
> > + int i;
> > + struct amdgpu_ring *ring;
> > +
> > + /* sdma/ih doorbell range are programed by hypervisor */
> > + if (!amdgpu_sriov_vf(adev)) {
> > + for (i = 0; i < adev->sdma.num_instances; i++) {
> > + ring = &adev->sdma.instance[i].ring;
> > + adev->nbio.funcs->sdma_doorbell_range(adev, i,
> > + ring->use_doorbell, ring->doorbell_index,
> > + adev->doorbell_index.sdma_doorbell_range);
> > + }
> > +
> > + adev->nbio.funcs->ih_doorbell_range(adev, adev->irq.ih.use_doorbell,
> > + adev->irq.ih.doorbell_index);
> > + }
> > +}
> > +
> > static int soc15_common_hw_init(void *handle)
> > {
> > struct amdgpu_device *adev = (struct amdgpu_device *)handle;
> > @@ -1351,6 +1370,12 @@ static int soc15_common_hw_init(void *ha
> >
> > /* enable the doorbell aperture */
> > soc15_enable_doorbell_aperture(adev, true);
> > + /* HW doorbell routing policy: doorbell writing not
> > + * in SDMA/IH/MM/ACV range will be routed to CP. So
> > + * we need to init SDMA/IH/MM/ACV doorbell range prior
> > + * to CP ip block init and ring test.
> > + */
> > + soc15_doorbell_range_init(adev);
> >
> > return 0;
> > }
>
> Can you please as well revert 7b0db849ea030a70b8fb9c9afec67c81f955482e
> on top?
>
> See https://lore.kernel.org/stable/BL1PR12MB5144F3CC640A18DF0C36E414F72E9@BL1PR12MB5144.namprd12.prod.outlook.com/
>
> Both of these reverts need to be applied to fix regressions which were
> reported in https://gitlab.freedesktop.org/drm/amd/-/issues/2216 and
> downstream in Debian (https://bugs.debian.org/1022025).
>
> If it is now not anymore possible for 5.10.150 can you pick the revert
> for 5.10.151?
Now queued up.
greg k-h
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 5.10 000/390] 5.10.150-rc1 review
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
` (394 preceding siblings ...)
2022-10-25 4:31 ` Guenter Roeck
@ 2022-10-25 15:12 ` Naresh Kamboju
395 siblings, 0 replies; 414+ messages in thread
From: Naresh Kamboju @ 2022-10-25 15:12 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw
On Mon, 24 Oct 2022 at 17:46, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 5.10.150 release.
> There are 390 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 26 Oct 2022 11:29:24 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.150-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro's test farm.
No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
## Build
* kernel: 5.10.150-rc1
* git: https://gitlab.com/Linaro/lkft/mirrors/stable/linux-stable-rc
* git branch: linux-5.10.y
* git commit: b4f4370de958b2655d6a93d4fc386eed8fe36cd6
* git describe: v5.10.149-391-gb4f4370de958
* test details:
https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-5.10.y/build/v5.10.149-391-gb4f4370de958
## No Test Regressions (compared to v5.10.149)
## No Metric Regressions (compared to v5.10.149)
## No Test Fixes (compared to v5.10.149)
## No Metric Fixes (compared to v5.10.149)
## Test result summary
total: 127551, pass: 110248, fail: 1637, skip: 15380, xfail: 286
## Build Summary
* arc: 10 total, 10 passed, 0 failed
* arm: 333 total, 333 passed, 0 failed
* arm64: 65 total, 63 passed, 2 failed
* i386: 55 total, 53 passed, 2 failed
* mips: 56 total, 56 passed, 0 failed
* parisc: 12 total, 12 passed, 0 failed
* powerpc: 60 total, 55 passed, 5 failed
* riscv: 27 total, 27 passed, 0 failed
* s390: 24 total, 24 passed, 0 failed
* sh: 24 total, 24 passed, 0 failed
* sparc: 12 total, 12 passed, 0 failed
* x86_64: 58 total, 56 passed, 2 failed
## Test suites summary
* fwts
* igt-gpu-tools
* kselftest-android
* kselftest-arm64
* kselftest-arm64/arm64.btitest.bti_c_func
* kselftest-arm64/arm64.btitest.bti_j_func
* kselftest-arm64/arm64.btitest.bti_jc_func
* kselftest-arm64/arm64.btitest.bti_none_func
* kselftest-arm64/arm64.btitest.nohint_func
* kselftest-arm64/arm64.btitest.paciasp_func
* kselftest-arm64/arm64.nobtitest.bti_c_func
* kselftest-arm64/arm64.nobtitest.bti_j_func
* kselftest-arm64/arm64.nobtitest.bti_jc_func
* kselftest-arm64/arm64.nobtitest.bti_none_func
* kselftest-arm64/arm64.nobtitest.nohint_func
* kselftest-arm64/arm64.nobtitest.paciasp_func
* kselftest-breakpoints
* kselftest-capabilities
* kselftest-drivers-dma-buf
* kselftest-efivarfs
* kselftest-filesystems
* kselftest-filesystems-binderfs
* kselftest-firmware
* kselftest-fpu
* kselftest-futex
* kselftest-gpio
* kselftest-intel_pstate
* kselftest-ipc
* kselftest-ir
* kselftest-kcmp
* kselftest-kexec
* kselftest-kvm
* kselftest-lib
* kselftest-livepatch
* kselftest-membarrier
* kselftest-memfd
* kselftest-memory-hotplug
* kselftest-mincore
* kselftest-mount
* kselftest-mqueue
* kselftest-net
* kselftest-net-forwarding
* kselftest-netfilter
* kselftest-nsfs
* kselftest-openat2
* kselftest-pid_namespace
* kselftest-pidfd
* kselftest-proc
* kselftest-pstore
* kselftest-ptrace
* kselftest-rseq
* kselftest-rtc
* kselftest-tc-testing
* kselftest-timens
* kselftest-timers
* kselftest-tmpfs
* kselftest-tpm2
* kselftest-user
* kselftest-vm
* kselftest-x86
* kselftest-zram
* kunit
* kvm-unit-tests
* libgpiod
* libhugetlbfs
* log-parser-boot
* log-parser-test
* ltp-cap_bounds
* ltp-commands
* ltp-containers
* ltp-controllers
* ltp-cpuhotplug
* ltp-crypto
* ltp-cve
* ltp-dio
* ltp-fcntl-locktests
* ltp-filecaps
* ltp-fs
* ltp-fs_bind
* ltp-fs_perms_simple
* ltp-fsx
* ltp-hugetlb
* ltp-io
* ltp-ipc
* ltp-math
* ltp-mm
* ltp-nptl
* ltp-open-posix-tests
* ltp-pty
* ltp-sched
* ltp-securebits
* ltp-smoke
* ltp-syscalls
* ltp-tracing
* network-basic-tests
* perf
* perf/Zstd-perf.data-compression
* rcutorture
* v4l2-compliance
* vdso
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 414+ messages in thread
end of thread, other threads:[~2022-10-25 15:12 UTC | newest]
Thread overview: 414+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-24 11:26 [PATCH 5.10 000/390] 5.10.150-rc1 review Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 001/390] ALSA: oss: Fix potential deadlock at unregistration Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 002/390] ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 003/390] ALSA: usb-audio: Fix potential memory leaks Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 004/390] ALSA: usb-audio: Fix NULL dererence at error path Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 005/390] ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 006/390] ALSA: hda/realtek: Correct pin configs for ASUS G533Z Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 007/390] ALSA: hda/realtek: Add quirk for ASUS GV601R laptop Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 008/390] ALSA: hda/realtek: Add Intel Reference SSID to support headset keys Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 009/390] mtd: rawnand: atmel: Unmap streaming DMA mappings Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 010/390] cifs: destage dirty pages before re-reading them for cache=none Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 011/390] cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 012/390] iio: dac: ad5593r: Fix i2c read protocol requirements Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 013/390] iio: ltc2497: Fix reading conversion results Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 014/390] iio: adc: ad7923: fix channel readings for some variants Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 015/390] iio: pressure: dps310: Refactor startup procedure Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 016/390] iio: pressure: dps310: Reset chip after timeout Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 017/390] usb: add quirks for Lenovo OneLink+ Dock Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 018/390] can: kvaser_usb: Fix use of uninitialized completion Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 019/390] can: kvaser_usb_leaf: Fix overread with an invalid command Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 020/390] can: kvaser_usb_leaf: Fix TX queue out of sync after restart Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 021/390] can: kvaser_usb_leaf: Fix CAN state " Greg Kroah-Hartman
2022-10-24 11:26 ` [PATCH 5.10 022/390] mmc: sdhci-sprd: Fix minimum clock limit Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 023/390] fs: dlm: fix race between test_bit() and queue_work() Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 024/390] fs: dlm: handle -EBUSY first in lock arg validation Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 025/390] HID: multitouch: Add memory barriers Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 026/390] quota: Check next/prev free block number after reading from quota file Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 027/390] platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 028/390] ASoC: wcd9335: fix order of Slimbus unprepare/disable Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 029/390] ASoC: wcd934x: " Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 030/390] hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 031/390] regulator: qcom_rpm: Fix circular deferral regression Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 032/390] RISC-V: Make port I/O string accessors actually work Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 033/390] parisc: fbdev/stifb: Align graphics memory size to 4MB Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 034/390] riscv: Allow PROT_WRITE-only mmap() Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 035/390] riscv: Make VM_WRITE imply VM_READ Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 036/390] riscv: Pass -mno-relax only on lld < 15.0.0 Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 037/390] UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 038/390] nvme-pci: set min_align_mask before calculating max_hw_sectors Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 039/390] drm/virtio: Check whether transferred 2D BO is shmem Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 040/390] drm/udl: Restore display mode on resume Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 041/390] block: fix inflight statistics of part0 Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 042/390] mm/mmap: undo ->mmap() when arch_validate_flags() fails Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 043/390] PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 044/390] serial: 8250: Let drivers request full 16550A feature probing Greg Kroah-Hartman
2022-10-24 17:27 ` Pavel Machek
2022-10-25 13:16 ` Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 045/390] powercap: intel_rapl: Use standard Energy Unit for SPR Dram RAPL domain Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 046/390] powerpc/boot: Explicitly disable usage of SPE instructions Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 047/390] scsi: qedf: Populate sysfs attributes for vport Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 048/390] fbdev: smscufx: Fix use-after-free in ufx_ops_open() Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 049/390] btrfs: fix race between quota enable and quota rescan ioctl Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 050/390] f2fs: increase the limit for reserve_root Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 051/390] f2fs: fix to do sanity check on destination blkaddr during recovery Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 052/390] f2fs: fix to do sanity check on summary info Greg Kroah-Hartman
2022-10-24 17:30 ` Pavel Machek
2022-10-24 18:08 ` Jaegeuk Kim
2022-10-25 2:53 ` Chao Yu
2022-10-24 11:27 ` [PATCH 5.10 053/390] hardening: Clarify Kconfig text for auto-var-init Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 054/390] hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 055/390] hardening: Remove Clangs enable flag for -ftrivial-auto-var-init=zero Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 056/390] jbd2: wake up journal waiters in FIFO order, not LIFO Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 057/390] jbd2: fix potential buffer head reference count leak Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 058/390] jbd2: fix potential use-after-free in jbd2_fc_wait_bufs Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 059/390] jbd2: add miss release buffer head in fc_do_one_pass() Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 060/390] ext4: avoid crash when inline data creation follows DIO write Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 061/390] ext4: fix null-ptr-deref in ext4_write_info Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 062/390] ext4: make ext4_lazyinit_thread freezable Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 063/390] ext4: fix check for block being out of directory size Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 064/390] ext4: dont increase iversion counter for ea_inodes Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 065/390] ext4: ext4_read_bh_lock() should submit IO if the buffer isnt uptodate Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 066/390] ext4: place buffer head allocation before handle start Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 067/390] ext4: fix miss release buffer head in ext4_fc_write_inode Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 068/390] ext4: fix potential memory leak in ext4_fc_record_modified_inode() Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 069/390] ext4: fix potential memory leak in ext4_fc_record_regions() Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 070/390] ext4: update state->fc_regions_size after successful memory allocation Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 071/390] livepatch: fix race between fork and KLP transition Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 072/390] ftrace: Properly unset FTRACE_HASH_FL_MOD Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 073/390] ring-buffer: Allow splice to read previous partially read pages Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 074/390] ring-buffer: Have the shortest_full queue be the shortest not longest Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 075/390] ring-buffer: Check pending waiters when doing wake ups as well Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 076/390] ring-buffer: Add ring_buffer_wake_waiters() Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 077/390] ring-buffer: Fix race between reset page and reading page Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 078/390] tracing: Disable interrupt or preemption before acquiring arch_spinlock_t Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 079/390] thunderbolt: Explicitly enable lane adapter hotplug events at startup Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 080/390] efi: libstub: drop pointless get_memory_map() call Greg Kroah-Hartman
2022-10-24 17:35 ` Pavel Machek
2022-10-24 11:27 ` [PATCH 5.10 081/390] media: cedrus: Set the platform driver data earlier Greg Kroah-Hartman
2022-10-24 11:27 ` [PATCH 5.10 082/390] KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 083/390] KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 084/390] KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 085/390] staging: greybus: audio_helper: remove unused and wrong debugfs usage Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 086/390] drm/nouveau/kms/nv140-: Disable interlacing Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 087/390] drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 088/390] drm/i915: Fix watermark calculations for gen12+ RC CCS modifier Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 089/390] drm/i915: Fix watermark calculations for gen12+ MC " Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 090/390] smb3: must initialize two ACL struct fields to zero Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 091/390] selinux: use "grep -E" instead of "egrep" Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 092/390] userfaultfd: open userfaultfds with O_RDONLY Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 093/390] sh: machvec: Use char[] for section boundaries Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 094/390] MIPS: SGI-IP27: Free some unused memory Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 095/390] MIPS: SGI-IP27: Fix platform-device leak in bridge_platform_create() Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 096/390] ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd() Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 097/390] ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 098/390] objtool: Preserve special st_shndx indexes in elf_update_symbol Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 099/390] nfsd: Fix a memory leak in an error handling path Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 100/390] wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 101/390] leds: lm3601x: Dont use mutex after it was destroyed Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 102/390] wifi: mac80211: allow bw change during channel switch in mesh Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 103/390] bpftool: Fix a wrong type cast in btf_dumper_int Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 104/390] spi: mt7621: Fix an error message in mt7621_spi_probe() Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 105/390] x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 106/390] Bluetooth: btusb: Fine-tune mt7663 mechanism Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 107/390] Bluetooth: btusb: fix excessive stack usage Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 108/390] Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 109/390] wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 110/390] selftests/xsk: Avoid use-after-free on ctx Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 111/390] spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 112/390] spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 113/390] wifi: rtl8xxxu: Fix skb misuse in TX queue selection Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 114/390] spi: meson-spicc: do not rely on busy flag in pow2 clk ops Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 115/390] bpf: btf: fix truncated last_member_type_id in btf_struct_resolve Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 116/390] wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 117/390] wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 118/390] net: fs_enet: Fix wrong check in do_pd_setup Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 119/390] bpf: Ensure correct locking around vulnerable function find_vpid() Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 120/390] Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 121/390] wifi: ath11k: fix number of VHT beamformee spatial streams Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 122/390] x86/microcode/AMD: Track patch allocation size explicitly Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 123/390] x86/cpu: Include the header of init_ia32_feat_ctl()s prototype Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 124/390] spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 125/390] spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 126/390] i2c: mlxbf: support lock mechanism Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 127/390] Bluetooth: hci_core: Fix not handling link timeouts propertly Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 128/390] netfilter: nft_fib: Fix for rpath check with VRF devices Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 129/390] spi: s3c64xx: Fix large transfers with DMA Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 130/390] wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 131/390] vhost/vsock: Use kvmalloc/kvfree for larger packets Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 132/390] mISDN: fix use-after-free bugs in l1oip timer handlers Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 133/390] sctp: handle the error returned from sctp_auth_asoc_init_active_key Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 134/390] tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 135/390] spi: Ensure that sg_table wont be used after being freed Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 136/390] net: rds: dont hold sock lock when cancelling work from rds_tcp_reset_callbacks() Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 137/390] bnx2x: fix potential memory leak in bnx2x_tpa_stop() Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 138/390] net/ieee802154: reject zero-sized raw_sendmsg() Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 139/390] once: add DO_ONCE_SLOW() for sleepable contexts Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 140/390] net: mvpp2: fix mvpp2 debugfs leak Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 141/390] drm: bridge: adv7511: fix CEC power down control register offset Greg Kroah-Hartman
2022-10-24 11:28 ` [PATCH 5.10 142/390] drm/bridge: Avoid uninitialized variable warning Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 143/390] drm/mipi-dsi: Detach devices when removing the host Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 144/390] drm/bridge: parade-ps8640: Fix regulator supply order Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 145/390] drm/dp_mst: fix drm_dp_dpcd_read return value checks Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 146/390] drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 147/390] platform/chrome: fix double-free in chromeos_laptop_prepare() Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 148/390] platform/chrome: fix memory corruption in ioctl Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 149/390] ASoC: tas2764: Allow mono streams Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 150/390] ASoC: tas2764: Drop conflicting set_bias_level power setting Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 151/390] ASoC: tas2764: Fix mute/unmute Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 152/390] platform/x86: msi-laptop: Fix old-ec check for backlight registering Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 153/390] platform/x86: msi-laptop: Fix resource cleanup Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 154/390] drm: fix drm_mipi_dbi build errors Greg Kroah-Hartman
2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 155/390] drm/bridge: megachips: Fix a null pointer dereference bug Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 156/390] ASoC: rsnd: Add check for rsnd_mod_power_on Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 157/390] ALSA: hda: beep: Simplify keep-power-at-enable behavior Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 158/390] drm/omap: dss: Fix refcount leak bugs Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 159/390] mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 160/390] ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 161/390] drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 162/390] drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 163/390] ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 164/390] ALSA: dmaengine: increment buffer pointer atomically Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 165/390] mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 166/390] ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 167/390] ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 168/390] ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 169/390] ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 170/390] ALSA: hda/hdmi: Dont skip notification handling during PM operation Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 171/390] memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 172/390] memory: of: Fix refcount leak bug in of_get_ddr_timings() Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 173/390] memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 174/390] soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 175/390] soc: qcom: smem_state: Add refcounting for the state->of_node Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 176/390] ARM: dts: turris-omnia: Fix mpp26 pin name and comment Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 177/390] ARM: dts: kirkwood: lsxl: fix serial line Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 178/390] ARM: dts: kirkwood: lsxl: remove first ethernet port Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 179/390] ia64: export memory_add_physaddr_to_nid to fix cxl build error Greg Kroah-Hartman
2022-10-24 11:29 ` Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 180/390] soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 181/390] ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 182/390] ARM: Drop CMDLINE_* dependency on ATAGS Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 183/390] arm64: ftrace: fix module PLTs with mcount Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 184/390] ARM: dts: exynos: fix polarity of VBUS GPIO of Origen Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 185/390] iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 186/390] iio: adc: at91-sama5d2_adc: check return status for pressure and touch Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 187/390] iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 188/390] iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 189/390] iio: inkern: only release the device node when done with it Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 190/390] iio: ABI: Fix wrong format of differential capacitance channel ABI Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 191/390] usb: ch9: Add USB 3.2 SSP attributes Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 192/390] usb: common: Parse for USB SSP genXxY Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 193/390] usb: common: add function to get interval expressed in us unit Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 194/390] usb: common: move functions kerneldoc next to its definition Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 195/390] usb: common: debug: Check non-standard control requests Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 196/390] clk: meson: Hold reference returned by of_get_parent() Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 197/390] clk: oxnas: " Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 198/390] clk: qoriq: " Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 199/390] clk: berlin: Add of_node_put() for of_get_parent() Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 200/390] clk: sprd: Hold reference returned by of_get_parent() Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 201/390] clk: tegra: Fix refcount leak in tegra210_clock_init Greg Kroah-Hartman
2022-10-24 11:29 ` [PATCH 5.10 202/390] clk: tegra: Fix refcount leak in tegra114_clock_init Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 203/390] clk: tegra20: Fix refcount leak in tegra20_clock_init Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 204/390] HSI: omap_ssi: Fix refcount leak in ssi_probe Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 205/390] HSI: omap_ssi_port: Fix dma_map_sg error check Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 206/390] media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 207/390] tty: xilinx_uartps: Fix the ignore_status Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 208/390] media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 209/390] media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 210/390] RDMA/rxe: Fix "kernel NULL pointer dereference" error Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 211/390] RDMA/rxe: Fix the error caused by qp->sk Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 212/390] misc: ocxl: fix possible refcount leak in afu_ioctl() Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 213/390] fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 214/390] dmaengine: hisilicon: Disable channels when unregister hisi_dma Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 215/390] dmaengine: hisilicon: Fix CQ head update Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 216/390] dmaengine: hisilicon: Add multi-thread support for a DMA channel Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 217/390] dyndbg: fix static_branch manipulation Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 218/390] dyndbg: fix module.dyndbg handling Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 219/390] dyndbg: let query-modname override actual module name Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 220/390] dyndbg: drop EXPORTed dynamic_debug_exec_queries Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 221/390] mtd: devices: docg3: check the return value of devm_ioremap() in the probe Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 222/390] mtd: rawnand: fsl_elbc: Fix none ECC mode Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 223/390] RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 224/390] ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 225/390] ata: fix ata_id_has_devslp() Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 226/390] ata: fix ata_id_has_ncq_autosense() Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 227/390] ata: fix ata_id_has_dipm() Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 228/390] mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 229/390] md: Replace snprintf with scnprintf Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 230/390] md/raid5: Ensure stripe_fill happens on non-read IO with journal Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 231/390] RDMA/cm: Use SLID in the work completion as the DLID in responder side Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 232/390] IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 233/390] xhci: Dont show warning for reinit on known broken suspend Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 234/390] usb: gadget: function: fix dangling pnp_string in f_printer.c Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 235/390] drivers: serial: jsm: fix some leaks in probe Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 236/390] serial: 8250: Add an empty line and remove some useless {} Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 237/390] serial: 8250: Toggle IER bits on only after irq has been set up Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 238/390] tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 239/390] phy: qualcomm: call clk_disable_unprepare in the error handling Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 240/390] staging: vt6655: fix some erroneous memory clean-up loops Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 241/390] firmware: google: Test spinlock on panic path to avoid lockups Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 242/390] serial: 8250: Fix restoring termios speed after suspend Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 243/390] scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 244/390] scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 245/390] clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 246/390] fsi: core: Check error number after calling ida_simple_get Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 247/390] mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 248/390] mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 249/390] mfd: lp8788: Fix an error handling path in lp8788_probe() Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 250/390] mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 251/390] mfd: fsl-imx25: Fix check for platform_get_irq() errors Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 252/390] mfd: sm501: Add check for platform_driver_register() Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 253/390] clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 254/390] dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 255/390] spmi: pmic-arb: correct duplicate APID to PPID mapping logic Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 256/390] clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 257/390] clk: baikal-t1: Fix invalid xGMAC PTP clock divider Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 258/390] clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 259/390] clk: baikal-t1: Add SATA internal ref clock buffer Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 260/390] clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 261/390] clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe Greg Kroah-Hartman
2022-10-24 11:30 ` [PATCH 5.10 262/390] clk: ast2600: BCLK comes from EPLL Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 263/390] mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 264/390] powerpc/math_emu/efp: Include module.h Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 265/390] powerpc/sysdev/fsl_msi: Add missing of_node_put() Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 266/390] powerpc/pci_dn: " Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 267/390] powerpc/powernv: add missing of_node_put() in opal_export_attrs() Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 268/390] x86/hyperv: Fix struct hv_enlightened_vmcs definition Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 269/390] powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5 Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 270/390] powerpc: Fix SPE Power ISA properties for e500v1 platforms Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 271/390] crypto: sahara - dont sleep when in softirq Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 272/390] crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 273/390] hwrng: imx-rngc - Moving IRQ handler registering after imx_rngc_irq_mask_clear() Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 274/390] cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 275/390] iommu/omap: Fix buffer overflow in debugfs Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 276/390] crypto: akcipher - default implementation for setting a private key Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 277/390] crypto: ccp - Release dma channels before dmaengine unrgister Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 278/390] crypto: inside-secure - Change swab to swab32 Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 279/390] crypto: qat - fix use of dma_map_single Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 280/390] crypto: qat - use pre-allocated buffers in datapath Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 281/390] crypto: qat - fix DMA transfer direction Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 282/390] iommu/iova: Fix module config properly Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 283/390] tracing: kprobe: Fix kprobe event gen test module on exit Greg Kroah-Hartman
2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 284/390] tracing: kprobe: Make gen test module work in arm and riscv Greg Kroah-Hartman
2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 285/390] kbuild: remove the target in signal traps when interrupted Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 286/390] kbuild: rpm-pkg: fix breakage when V=1 is used Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 287/390] crypto: marvell/octeontx - prevent integer overflows Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 288/390] crypto: cavium - prevent integer overflow loading firmware Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 289/390] thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 290/390] ACPI: APEI: do not add task_work to kernel thread to avoid memory leak Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 291/390] f2fs: fix race condition on setting FI_NO_EXTENT flag Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 292/390] f2fs: fix to avoid REQ_TIME and CP_TIME collision Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 293/390] f2fs: fix to account FS_CP_DATA_IO correctly Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 294/390] selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 295/390] rcu: Back off upon fill_page_cache_func() allocation failure Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 296/390] rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE() Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 297/390] ACPI: video: Add Toshiba Satellite/Portege Z830 quirk Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 298/390] MIPS: BCM47XX: Cast memcmp() of function to (void *) Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 299/390] powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 300/390] thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 301/390] ARM: decompressor: Include .data.rel.ro.local Greg Kroah-Hartman
2022-10-24 11:31 ` Greg Kroah-Hartman
2022-10-24 18:41 ` Pavel Machek
2022-10-24 18:41 ` Pavel Machek
2022-10-25 13:05 ` Greg Kroah-Hartman
2022-10-25 13:05 ` Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 302/390] x86/entry: Work around Clang __bdos() bug Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 303/390] NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 304/390] NFSD: fix use-after-free on source server when doing inter-server copy Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 305/390] wifi: brcmfmac: fix invalid address access when enabling SCAN log level Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 306/390] bpftool: Clear errno after libcaps checks Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 307/390] openvswitch: Fix double reporting of drops in dropwatch Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 308/390] openvswitch: Fix overreporting " Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 309/390] tcp: annotate data-race around tcp_md5sig_pool_populated Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 310/390] wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 311/390] xfrm: Update ipcomp_scratches with NULL when freed Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 312/390] wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 313/390] regulator: core: Prevent integer underflow Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 314/390] Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 315/390] Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 316/390] can: bcm: check the result of can_send() in bcm_can_tx() Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 317/390] wifi: rt2x00: dont run Rt5592 IQ calibration on MT7620 Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 318/390] wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 319/390] wifi: rt2x00: set VGC gain for both chains of MT7620 Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 320/390] wifi: rt2x00: set SoC wmac clock register Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 321/390] wifi: rt2x00: correctly set BBP register 86 for MT7620 Greg Kroah-Hartman
2022-10-24 11:31 ` [PATCH 5.10 322/390] net: If sock is dead dont access socks sk_wq in sk_stream_wait_memory Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 323/390] Bluetooth: L2CAP: Fix user-after-free Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 324/390] r8152: Rate limit overflow messages Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 325/390] drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 326/390] drm: Use size_t type for len variable in drm_copy_field() Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 327/390] drm: Prevent drm_copy_field() to attempt copying a NULL pointer Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 328/390] gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 329/390] drm/amd/display: fix overflow on MIN_I64 definition Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 330/390] udmabuf: Set ubuf->sg = NULL if the creation of sg table fails Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 331/390] drm: bridge: dw_hdmi: only trigger hotplug event on link change Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 332/390] drm/vc4: vec: Fix timings for VEC modes Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 333/390] drm: panel-orientation-quirks: Add quirk for Anbernic Win600 Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 334/390] platform/chrome: cros_ec: Notify the PM of wake events during resume Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 335/390] platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 336/390] ASoC: SOF: pci: Change DMI match info to support all Chrome platforms Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 337/390] drm/amdgpu: fix initial connector audio value Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 338/390] drm/meson: explicitly remove aggregate driver at module unload time Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 339/390] mmc: sdhci-msm: add compatible string check for sdm670 Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 340/390] drm/dp: Dont rewrite link config when setting phy test pattern Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 341/390] drm/amd/display: Remove interface for periodic interrupt 1 Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 342/390] ARM: dts: imx7d-sdb: config the max pressure for tsc2046 Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 343/390] ARM: dts: imx6q: add missing properties for sram Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 344/390] ARM: dts: imx6dl: " Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 345/390] ARM: dts: imx6qp: " Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 346/390] ARM: dts: imx6sl: " Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 347/390] ARM: dts: imx6sll: " Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 348/390] ARM: dts: imx6sx: " Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 349/390] kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 350/390] arm64: dts: imx8mq-librem5: Add bq25895 as max17055s power supply Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 351/390] btrfs: scrub: try to fix super block errors Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 352/390] clk: zynqmp: Fix stack-out-of-bounds in strncpy` Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 353/390] media: cx88: Fix a null-ptr-deref bug in buffer_prepare() Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 354/390] clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 355/390] usb: host: xhci-plat: suspend and resume clocks Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 356/390] usb: host: xhci-plat: suspend/resume clks for brcm Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 357/390] scsi: 3w-9xxx: Avoid disabling device if failing to enable it Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 358/390] nbd: Fix hung when signal interrupts nbd_start_device_ioctl() Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 359/390] power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 360/390] staging: vt6655: fix potential memory leak Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 361/390] blk-throttle: prevent overflow while calculating wait time Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 362/390] ata: libahci_platform: Sanity check the DT child nodes number Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 363/390] bcache: fix set_at_max_writeback_rate() for multiple attached devices Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 364/390] soundwire: cadence: Dont overwrite msg->buf during write commands Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 365/390] soundwire: intel: fix error handling on dai registration issues Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 366/390] HID: roccat: Fix use-after-free in roccat_read() Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 367/390] md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 368/390] usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 369/390] usb: musb: Fix musb_gadget.c rxstate overflow bug Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 370/390] Revert "usb: storage: Add quirk for Samsung Fit flash" Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 371/390] staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 372/390] nvme: copy firmware_rev on each init Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 373/390] nvmet-tcp: add bounds check on Transfer Tag Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 374/390] usb: idmouse: fix an uninit-value in idmouse_open Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 375/390] clk: bcm2835: Make peripheral PLLC critical Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 376/390] perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 377/390] arm64: topology: fix possible overflow in amu_fie_setup() Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 378/390] io_uring: correct pinned_vm accounting Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 379/390] io_uring/af_unix: defer registered files gc to io_uring release Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 380/390] mm: hugetlb: fix UAF in hugetlb_handle_userfault Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 381/390] net: ieee802154: return -EINVAL for unknown addr type Greg Kroah-Hartman
2022-10-24 11:32 ` [PATCH 5.10 382/390] Revert "net/ieee802154: reject zero-sized raw_sendmsg()" Greg Kroah-Hartman
2022-10-24 11:33 ` [PATCH 5.10 383/390] net/ieee802154: dont warn zero-sized raw_sendmsg() Greg Kroah-Hartman
2022-10-24 11:33 ` [PATCH 5.10 384/390] Revert "drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega" Greg Kroah-Hartman
2022-10-25 9:02 ` Salvatore Bonaccorso
2022-10-25 14:20 ` Greg Kroah-Hartman
2022-10-24 11:33 ` [PATCH 5.10 385/390] Revert "drm/amdgpu: use dirty framebuffer helper" Greg Kroah-Hartman
2022-10-24 11:33 ` [PATCH 5.10 386/390] ext4: continue to expand file system when the target size doesnt reach Greg Kroah-Hartman
2022-10-24 11:33 ` [PATCH 5.10 387/390] inet: fully convert sk->sk_rx_dst to RCU rules Greg Kroah-Hartman
2022-10-24 11:33 ` [PATCH 5.10 388/390] thermal: intel_powerclamp: Use first online CPU as control_cpu Greg Kroah-Hartman
2022-10-24 11:33 ` [PATCH 5.10 389/390] f2fs: fix wrong condition to trigger background checkpoint correctly Greg Kroah-Hartman
2022-10-24 11:33 ` [PATCH 5.10 390/390] gcov: support GCC 12.1 and newer compilers Greg Kroah-Hartman
2022-10-24 13:49 ` [PATCH 5.10 000/390] 5.10.150-rc1 review Pavel Machek
2022-10-24 16:47 ` Jon Hunter
2022-10-24 18:01 ` Florian Fainelli
2022-10-25 4:15 ` Slade Watkins
2022-10-25 4:31 ` Guenter Roeck
2022-10-25 15:12 ` Naresh Kamboju
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.