All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 5.10 00/40] 5.10.3-rc1 review
@ 2020-12-23 15:33 Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 01/40] net: ipconfig: Avoid spurious blank lines in boot log Greg Kroah-Hartman
                   ` (43 more replies)
  0 siblings, 44 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
	lkft-triage, pavel, stable

This is the start of the stable review cycle for the 5.10.3 release.
There are 40 patches in this series, all will be posted as a response
to this one.  If anyone has any issues with these being applied, please
let me know.

Responses should be made by Fri, 25 Dec 2020 15:05:02 +0000.
Anything received after that time might be too late.

The whole patch series can be found in one patch at:
	https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.3-rc1.gz
or in the git tree and branch at:
	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
and the diffstat can be found below.

thanks,

greg k-h

-------------
Pseudo-Shortlog of commits:

Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Linux 5.10.3-rc1

Dae R. Jeong <dae.r.jeong@kaist.ac.kr>
    md: fix a warning caused by a race between concurrent md_ioctl()s

Anant Thazhemadam <anant.thazhemadam@gmail.com>
    nl80211: validate key indexes for cfg80211_registered_device

Eric Biggers <ebiggers@google.com>
    crypto: af_alg - avoid undefined behavior accessing salg_name

Antti Palosaari <crope@iki.fi>
    media: msi2500: assign SPI bus number dynamically

Anant Thazhemadam <anant.thazhemadam@gmail.com>
    fs: quota: fix array-index-out-of-bounds bug by passing correct argument to vfs_cleanup_quota_inode()

Jan Kara <jack@suse.cz>
    quota: Sanity-check quota file headers on load

Peilin Ye <yepeilin.cs@gmail.com>
    Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()

Eric Biggers <ebiggers@google.com>
    f2fs: prevent creating duplicate encrypted filenames

Eric Biggers <ebiggers@google.com>
    ext4: prevent creating duplicate encrypted filenames

Eric Biggers <ebiggers@google.com>
    ubifs: prevent creating duplicate encrypted filenames

Eric Biggers <ebiggers@google.com>
    fscrypt: add fscrypt_is_nokey_name()

Eric Biggers <ebiggers@google.com>
    fscrypt: remove kernel-internal constants from UAPI header

Alexey Kardashevskiy <aik@ozlabs.ru>
    serial_core: Check for port state when tty is in error state

Julian Sax <jsbc@gmx.de>
    HID: i2c-hid: add Vero K147 to descriptor override

Arnd Bergmann <arnd@arndb.de>
    scsi: megaraid_sas: Check user-provided offsets

Jack Qiu <jack.qiu@huawei.com>
    f2fs: init dirty_secmap incorrectly

Chao Yu <chao@kernel.org>
    f2fs: fix to seek incorrect data offset in inline data file

Suzuki K Poulose <suzuki.poulose@arm.com>
    coresight: etm4x: Handle TRCVIPCSSCTLR accesses

Suzuki K Poulose <suzuki.poulose@arm.com>
    coresight: etm4x: Fix accesses to TRCPROCSELR

Suzuki K Poulose <suzuki.poulose@arm.com>
    coresight: etm4x: Fix accesses to TRCCIDCTLR1

Suzuki K Poulose <suzuki.poulose@arm.com>
    coresight: etm4x: Fix accesses to TRCVMIDCTLR1

Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>
    coresight: etm4x: Skip setting LPOVERRIDE bit for qcom, skip-power-up

Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>
    coresight: etb10: Fix possible NULL ptr dereference in etb_enable_perf()

Suzuki K Poulose <suzuki.poulose@arm.com>
    coresight: tmc-etr: Fix barrier packet insertion for perf buffer

Mao Jinlong <jinlmao@codeaurora.org>
    coresight: tmc-etr: Check if page is valid before dma_map_page()

Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>
    coresight: tmc-etf: Fix NULL ptr dereference in tmc_enable_etf_sink_perf()

Krzysztof Kozlowski <krzk@kernel.org>
    ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid XU

Krzysztof Kozlowski <krzk@kernel.org>
    ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on Exynos5410

Krzysztof Kozlowski <krzk@kernel.org>
    ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU

Fabio Estevam <festevam@gmail.com>
    usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul

Will McVicker <willmcvicker@google.com>
    USB: gadget: f_rndis: fix bitrate for SuperSpeed and above

Jack Pham <jackp@codeaurora.org>
    usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus

Will McVicker <willmcvicker@google.com>
    USB: gadget: f_midi: setup SuperSpeed Plus descriptors

taehyun.cho <taehyun.cho@samsung.com>
    USB: gadget: f_acm: add support for SuperSpeed Plus

Johan Hovold <johan@kernel.org>
    USB: serial: option: add interface-number sanity check to flag handling

Dan Carpenter <dan.carpenter@oracle.com>
    usb: mtu3: fix memory corruption in mtu3_debugfs_regset()

Nicolin Chen <nicoleotsuka@gmail.com>
    soc/tegra: fuse: Fix index bug in get_process_id

Artem Labazov <123321artyom@gmail.com>
    exfat: Avoid allocating upcase table using kcalloc()

Andi Kleen <ak@linux.intel.com>
    x86/split-lock: Avoid returning with interrupts enabled

Thierry Reding <treding@nvidia.com>
    net: ipconfig: Avoid spurious blank lines in boot log


-------------

Diffstat:

 Makefile                                           |  4 +-
 arch/arm/boot/dts/exynos5410-odroidxu.dts          |  6 ++-
 arch/arm/boot/dts/exynos5410-pinctrl.dtsi          | 28 ++++++++++++
 arch/arm/boot/dts/exynos5410.dtsi                  |  4 ++
 arch/x86/kernel/traps.c                            |  3 +-
 crypto/af_alg.c                                    | 10 +++--
 drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c           |  8 ++++
 drivers/hwtracing/coresight/coresight-etb10.c      |  4 +-
 drivers/hwtracing/coresight/coresight-etm4x-core.c | 41 ++++++++++-------
 drivers/hwtracing/coresight/coresight-priv.h       |  2 +
 drivers/hwtracing/coresight/coresight-tmc-etf.c    |  4 +-
 drivers/hwtracing/coresight/coresight-tmc-etr.c    |  4 +-
 drivers/md/md.c                                    |  7 ++-
 drivers/media/usb/msi2500/msi2500.c                |  2 +-
 drivers/scsi/megaraid/megaraid_sas_base.c          | 16 ++++---
 drivers/soc/tegra/fuse/speedo-tegra210.c           |  2 +-
 drivers/tty/serial/serial_core.c                   |  4 ++
 drivers/usb/chipidea/ci_hdrc_imx.c                 |  3 +-
 drivers/usb/gadget/function/f_acm.c                |  2 +-
 drivers/usb/gadget/function/f_fs.c                 |  5 ++-
 drivers/usb/gadget/function/f_midi.c               |  6 +++
 drivers/usb/gadget/function/f_rndis.c              |  4 +-
 drivers/usb/mtu3/mtu3_debugfs.c                    |  2 +-
 drivers/usb/serial/option.c                        | 23 +++++++++-
 fs/crypto/fscrypt_private.h                        |  9 ++--
 fs/crypto/hooks.c                                  |  5 ++-
 fs/crypto/keyring.c                                |  2 +-
 fs/crypto/keysetup.c                               |  4 +-
 fs/crypto/policy.c                                 |  5 ++-
 fs/exfat/nls.c                                     |  6 +--
 fs/ext4/namei.c                                    |  3 ++
 fs/f2fs/f2fs.h                                     |  2 +
 fs/f2fs/file.c                                     | 11 +++--
 fs/f2fs/segment.c                                  |  2 +-
 fs/quota/dquot.c                                   |  2 +-
 fs/quota/quota_v2.c                                | 19 ++++++++
 fs/ubifs/dir.c                                     | 17 ++++++--
 include/linux/fscrypt.h                            | 34 +++++++++++++++
 include/uapi/linux/fscrypt.h                       |  5 +--
 include/uapi/linux/if_alg.h                        | 16 +++++++
 net/bluetooth/hci_event.c                          | 12 +++--
 net/ipv4/ipconfig.c                                | 14 +++---
 net/wireless/core.h                                |  2 +
 net/wireless/nl80211.c                             |  7 +--
 net/wireless/util.c                                | 51 ++++++++++++++++++----
 45 files changed, 334 insertions(+), 88 deletions(-)



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 01/40] net: ipconfig: Avoid spurious blank lines in boot log
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 02/40] x86/split-lock: Avoid returning with interrupts enabled Greg Kroah-Hartman
                   ` (42 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jon Hunter, Thierry Reding, Jakub Kicinski

From: Thierry Reding <treding@nvidia.com>

commit c9f64d1fc101c64ea2be1b2e562b4395127befc9 upstream.

When dumping the name and NTP servers advertised by DHCP, a blank line
is emitted if either of the lists is empty. This can lead to confusing
issues such as the blank line getting flagged as warning. This happens
because the blank line is the result of pr_cont("\n") and that may see
its level corrupted by some other driver concurrently writing to the
console.

Fix this by making sure that the terminating newline is only emitted
if at least one entry in the lists was printed before.

Reported-by: Jon Hunter <jonathanh@nvidia.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Link: https://lore.kernel.org/r/20201110073757.1284594-1-thierry.reding@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/ipv4/ipconfig.c |   14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

--- a/net/ipv4/ipconfig.c
+++ b/net/ipv4/ipconfig.c
@@ -1441,7 +1441,7 @@ static int __init ip_auto_config(void)
 	int retries = CONF_OPEN_RETRIES;
 #endif
 	int err;
-	unsigned int i;
+	unsigned int i, count;
 
 	/* Initialise all name servers and NTP servers to NONE (but only if the
 	 * "ip=" or "nfsaddrs=" kernel command line parameters weren't decoded,
@@ -1575,7 +1575,7 @@ static int __init ip_auto_config(void)
 	if (ic_dev_mtu)
 		pr_cont(", mtu=%d", ic_dev_mtu);
 	/* Name servers (if any): */
-	for (i = 0; i < CONF_NAMESERVERS_MAX; i++) {
+	for (i = 0, count = 0; i < CONF_NAMESERVERS_MAX; i++) {
 		if (ic_nameservers[i] != NONE) {
 			if (i == 0)
 				pr_info("     nameserver%u=%pI4",
@@ -1583,12 +1583,14 @@ static int __init ip_auto_config(void)
 			else
 				pr_cont(", nameserver%u=%pI4",
 					i, &ic_nameservers[i]);
+
+			count++;
 		}
-		if (i + 1 == CONF_NAMESERVERS_MAX)
+		if ((i + 1 == CONF_NAMESERVERS_MAX) && count > 0)
 			pr_cont("\n");
 	}
 	/* NTP servers (if any): */
-	for (i = 0; i < CONF_NTP_SERVERS_MAX; i++) {
+	for (i = 0, count = 0; i < CONF_NTP_SERVERS_MAX; i++) {
 		if (ic_ntp_servers[i] != NONE) {
 			if (i == 0)
 				pr_info("     ntpserver%u=%pI4",
@@ -1596,8 +1598,10 @@ static int __init ip_auto_config(void)
 			else
 				pr_cont(", ntpserver%u=%pI4",
 					i, &ic_ntp_servers[i]);
+
+			count++;
 		}
-		if (i + 1 == CONF_NTP_SERVERS_MAX)
+		if ((i + 1 == CONF_NTP_SERVERS_MAX) && count > 0)
 			pr_cont("\n");
 	}
 #endif /* !SILENT */



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 02/40] x86/split-lock: Avoid returning with interrupts enabled
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 01/40] net: ipconfig: Avoid spurious blank lines in boot log Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 03/40] exfat: Avoid allocating upcase table using kcalloc() Greg Kroah-Hartman
                   ` (41 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Andi Kleen, Peter Zijlstra,
	Fenghua Yu, Tony Luck, Thomas Gleixner, Linus Torvalds

From: Andi Kleen <ak@linux.intel.com>

commit e14fd4ba8fb47fcf5f244366ec01ae94490cd86a upstream.

When a split lock is detected always make sure to disable interrupts
before returning from the trap handler.

The kernel exit code assumes that all exits run with interrupts
disabled, otherwise the SWAPGS sequence can race against interrupts and
cause recursing page faults and later panics.

The problem will only happen on CPUs with split lock disable
functionality, so Icelake Server, Tiger Lake, Snow Ridge, Jacobsville.

Fixes: ca4c6a9858c2 ("x86/traps: Make interrupt enable/disable symmetric in C code")
Fixes: bce9b042ec73 ("x86/traps: Disable interrupts in exc_aligment_check()") # v5.8+
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: Tony Luck <tony.luck@intel.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/kernel/traps.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -299,11 +299,12 @@ DEFINE_IDTENTRY_ERRORCODE(exc_alignment_
 	local_irq_enable();
 
 	if (handle_user_split_lock(regs, error_code))
-		return;
+		goto out;
 
 	do_trap(X86_TRAP_AC, SIGBUS, "alignment check", regs,
 		error_code, BUS_ADRALN, NULL);
 
+out:
 	local_irq_disable();
 }
 



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 03/40] exfat: Avoid allocating upcase table using kcalloc()
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 01/40] net: ipconfig: Avoid spurious blank lines in boot log Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 02/40] x86/split-lock: Avoid returning with interrupts enabled Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 04/40] soc/tegra: fuse: Fix index bug in get_process_id Greg Kroah-Hartman
                   ` (40 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Artem Labazov, Namjae Jeon

From: Artem Labazov <123321artyom@gmail.com>

commit 9eb78c25327548b905598975aa3ded4ef244b94a upstream.

The table for Unicode upcase conversion requires an order-5 allocation,
which may fail on a highly-fragmented system:

 pool-udisksd: page allocation failure: order:5,
 mode:0x40dc0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), nodemask=(null),
 cpuset=/,mems_allowed=0
 CPU: 4 PID: 3756880 Comm: pool-udisksd Tainted: G U
 5.8.10-200.fc32.x86_64 #1
 Hardware name: Dell Inc. XPS 13 9360/0PVG6D, BIOS 2.13.0 11/14/2019
 Call Trace:
  dump_stack+0x6b/0x88
  warn_alloc.cold+0x75/0xd9
  ? _cond_resched+0x16/0x40
  ? __alloc_pages_direct_compact+0x144/0x150
  __alloc_pages_slowpath.constprop.0+0xcfa/0xd30
  ? __schedule+0x28a/0x840
  ? __wait_on_bit_lock+0x92/0xa0
  __alloc_pages_nodemask+0x2df/0x320
  kmalloc_order+0x1b/0x80
  kmalloc_order_trace+0x1d/0xa0
  exfat_create_upcase_table+0x115/0x390 [exfat]
  exfat_fill_super+0x3ef/0x7f0 [exfat]
  ? sget_fc+0x1d0/0x240
  ? exfat_init_fs_context+0x120/0x120 [exfat]
  get_tree_bdev+0x15c/0x250
  vfs_get_tree+0x25/0xb0
  do_mount+0x7c3/0xaf0
  ? copy_mount_options+0xab/0x180
  __x64_sys_mount+0x8e/0xd0
  do_syscall_64+0x4d/0x90
  entry_SYSCALL_64_after_hwframe+0x44/0xa9

Make the driver use kvcalloc() to eliminate the issue.

Fixes: 370e812b3ec1 ("exfat: add nls operations")
Cc: stable@vger.kernel.org #v5.7+
Signed-off-by: Artem Labazov <123321artyom@gmail.com>
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/exfat/nls.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/fs/exfat/nls.c
+++ b/fs/exfat/nls.c
@@ -659,7 +659,7 @@ static int exfat_load_upcase_table(struc
 	unsigned char skip = false;
 	unsigned short *upcase_table;
 
-	upcase_table = kcalloc(UTBL_COUNT, sizeof(unsigned short), GFP_KERNEL);
+	upcase_table = kvcalloc(UTBL_COUNT, sizeof(unsigned short), GFP_KERNEL);
 	if (!upcase_table)
 		return -ENOMEM;
 
@@ -715,7 +715,7 @@ static int exfat_load_default_upcase_tab
 	unsigned short uni = 0, *upcase_table;
 	unsigned int index = 0;
 
-	upcase_table = kcalloc(UTBL_COUNT, sizeof(unsigned short), GFP_KERNEL);
+	upcase_table = kvcalloc(UTBL_COUNT, sizeof(unsigned short), GFP_KERNEL);
 	if (!upcase_table)
 		return -ENOMEM;
 
@@ -803,5 +803,5 @@ load_default:
 
 void exfat_free_upcase_table(struct exfat_sb_info *sbi)
 {
-	kfree(sbi->vol_utbl);
+	kvfree(sbi->vol_utbl);
 }



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 04/40] soc/tegra: fuse: Fix index bug in get_process_id
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (2 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 03/40] exfat: Avoid allocating upcase table using kcalloc() Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 05/40] usb: mtu3: fix memory corruption in mtu3_debugfs_regset() Greg Kroah-Hartman
                   ` (39 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Nicolin Chen, Thierry Reding

From: Nicolin Chen <nicoleotsuka@gmail.com>

commit b9ce9b0f83b536a4ac7de7567a265d28d13e5bea upstream.

This patch simply fixes a bug of referencing speedos[num] in every
for-loop iteration in get_process_id function.

Fixes: 0dc5a0d83675 ("soc/tegra: fuse: Add Tegra210 support")
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicolin Chen <nicoleotsuka@gmail.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/soc/tegra/fuse/speedo-tegra210.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/soc/tegra/fuse/speedo-tegra210.c
+++ b/drivers/soc/tegra/fuse/speedo-tegra210.c
@@ -94,7 +94,7 @@ static int get_process_id(int value, con
 	unsigned int i;
 
 	for (i = 0; i < num; i++)
-		if (value < speedos[num])
+		if (value < speedos[i])
 			return i;
 
 	return -EINVAL;



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 05/40] usb: mtu3: fix memory corruption in mtu3_debugfs_regset()
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (3 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 04/40] soc/tegra: fuse: Fix index bug in get_process_id Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 06/40] USB: serial: option: add interface-number sanity check to flag handling Greg Kroah-Hartman
                   ` (38 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dan Carpenter

From: Dan Carpenter <dan.carpenter@oracle.com>

commit 3f6f6343a29d9ea7429306b83b18e66dc1331d5c upstream.

This code is using the wrong sizeof() so it does not allocate enough
memory.  It allocates 32 bytes but 72 are required.  That will lead to
memory corruption.

Fixes: ae07809255d3 ("usb: mtu3: add debugfs interface files")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/X8ikqc4Mo2/0G72j@mwanda
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/usb/mtu3/mtu3_debugfs.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/usb/mtu3/mtu3_debugfs.c
+++ b/drivers/usb/mtu3/mtu3_debugfs.c
@@ -127,7 +127,7 @@ static void mtu3_debugfs_regset(struct m
 	struct debugfs_regset32 *regset;
 	struct mtu3_regset *mregs;
 
-	mregs = devm_kzalloc(mtu->dev, sizeof(*regset), GFP_KERNEL);
+	mregs = devm_kzalloc(mtu->dev, sizeof(*mregs), GFP_KERNEL);
 	if (!mregs)
 		return;
 



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 06/40] USB: serial: option: add interface-number sanity check to flag handling
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (4 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 05/40] usb: mtu3: fix memory corruption in mtu3_debugfs_regset() Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 07/40] USB: gadget: f_acm: add support for SuperSpeed Plus Greg Kroah-Hartman
                   ` (37 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, syzbot+8881b478dad0a7971f79, Johan Hovold

From: Johan Hovold <johan@kernel.org>

commit a251963f76fa0226d0fdf0c4f989496f18d9ae7f upstream.

Add an interface-number sanity check before testing the device flags to
avoid relying on undefined behaviour when left shifting in case a device
uses an interface number greater than or equal to BITS_PER_LONG (i.e. 64
or 32).

Reported-by: syzbot+8881b478dad0a7971f79@syzkaller.appspotmail.com
Fixes: c3a65808f04a ("USB: serial: option: reimplement interface masking")
Cc: stable@vger.kernel.org
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/serial/option.c |   23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -563,6 +563,9 @@ static void option_instat_callback(struc
 
 /* Device flags */
 
+/* Highest interface number which can be used with NCTRL() and RSVD() */
+#define FLAG_IFNUM_MAX	7
+
 /* Interface does not support modem-control requests */
 #define NCTRL(ifnum)	((BIT(ifnum) & 0xff) << 8)
 
@@ -2101,6 +2104,14 @@ static struct usb_serial_driver * const
 
 module_usb_serial_driver(serial_drivers, option_ids);
 
+static bool iface_is_reserved(unsigned long device_flags, u8 ifnum)
+{
+	if (ifnum > FLAG_IFNUM_MAX)
+		return false;
+
+	return device_flags & RSVD(ifnum);
+}
+
 static int option_probe(struct usb_serial *serial,
 			const struct usb_device_id *id)
 {
@@ -2117,7 +2128,7 @@ static int option_probe(struct usb_seria
 	 * the same class/subclass/protocol as the serial interfaces.  Look at
 	 * the Windows driver .INF files for reserved interface numbers.
 	 */
-	if (device_flags & RSVD(iface_desc->bInterfaceNumber))
+	if (iface_is_reserved(device_flags, iface_desc->bInterfaceNumber))
 		return -ENODEV;
 
 	/*
@@ -2133,6 +2144,14 @@ static int option_probe(struct usb_seria
 	return 0;
 }
 
+static bool iface_no_modem_control(unsigned long device_flags, u8 ifnum)
+{
+	if (ifnum > FLAG_IFNUM_MAX)
+		return false;
+
+	return device_flags & NCTRL(ifnum);
+}
+
 static int option_attach(struct usb_serial *serial)
 {
 	struct usb_interface_descriptor *iface_desc;
@@ -2148,7 +2167,7 @@ static int option_attach(struct usb_seri
 
 	iface_desc = &serial->interface->cur_altsetting->desc;
 
-	if (!(device_flags & NCTRL(iface_desc->bInterfaceNumber)))
+	if (!iface_no_modem_control(device_flags, iface_desc->bInterfaceNumber))
 		data->use_send_setup = 1;
 
 	if (device_flags & ZLP)



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 07/40] USB: gadget: f_acm: add support for SuperSpeed Plus
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (5 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 06/40] USB: serial: option: add interface-number sanity check to flag handling Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 08/40] USB: gadget: f_midi: setup SuperSpeed Plus descriptors Greg Kroah-Hartman
                   ` (36 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Felipe Balbi, taehyun.cho,
	Will McVicker, Peter Chen

From: taehyun.cho <taehyun.cho@samsung.com>

commit 3ee05c20656782387aa9eb010fdb9bb16982ac3f upstream.

Setup the SuperSpeed Plus descriptors for f_acm.  This allows the gadget
to work properly without crashing at SuperSpeed rates.

Cc: Felipe Balbi <balbi@kernel.org>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: taehyun.cho <taehyun.cho@samsung.com>
Signed-off-by: Will McVicker <willmcvicker@google.com>
Reviewed-by: Peter Chen <peter.chen@nxp.com>
Link: https://lore.kernel.org/r/20201127140559.381351-3-gregkh@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/gadget/function/f_acm.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/usb/gadget/function/f_acm.c
+++ b/drivers/usb/gadget/function/f_acm.c
@@ -686,7 +686,7 @@ acm_bind(struct usb_configuration *c, st
 	acm_ss_out_desc.bEndpointAddress = acm_fs_out_desc.bEndpointAddress;
 
 	status = usb_assign_descriptors(f, acm_fs_function, acm_hs_function,
-			acm_ss_function, NULL);
+			acm_ss_function, acm_ss_function);
 	if (status)
 		goto fail;
 



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 08/40] USB: gadget: f_midi: setup SuperSpeed Plus descriptors
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (6 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 07/40] USB: gadget: f_acm: add support for SuperSpeed Plus Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 09/40] usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus Greg Kroah-Hartman
                   ` (35 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Felipe Balbi, Will McVicker, Peter Chen

From: Will McVicker <willmcvicker@google.com>

commit 457a902ba1a73b7720666b21ca038cd19764db18 upstream.

Needed for SuperSpeed Plus support for f_midi.  This allows the
gadget to work properly without crashing at SuperSpeed rates.

Cc: Felipe Balbi <balbi@kernel.org>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Will McVicker <willmcvicker@google.com>
Reviewed-by: Peter Chen <peter.chen@nxp.com>
Link: https://lore.kernel.org/r/20201127140559.381351-4-gregkh@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/gadget/function/f_midi.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/drivers/usb/gadget/function/f_midi.c
+++ b/drivers/usb/gadget/function/f_midi.c
@@ -1048,6 +1048,12 @@ static int f_midi_bind(struct usb_config
 		f->ss_descriptors = usb_copy_descriptors(midi_function);
 		if (!f->ss_descriptors)
 			goto fail_f_midi;
+
+		if (gadget_is_superspeed_plus(c->cdev->gadget)) {
+			f->ssp_descriptors = usb_copy_descriptors(midi_function);
+			if (!f->ssp_descriptors)
+				goto fail_f_midi;
+		}
 	}
 
 	kfree(midi_function);



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 09/40] usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (7 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 08/40] USB: gadget: f_midi: setup SuperSpeed Plus descriptors Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 10/40] USB: gadget: f_rndis: fix bitrate for SuperSpeed and above Greg Kroah-Hartman
                   ` (34 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jack Pham

From: Jack Pham <jackp@codeaurora.org>

commit a353397b0d5dfa3c99b372505db3378fc919c6c6 upstream.

In many cases a function that supports SuperSpeed can very well
operate in SuperSpeedPlus, if a gadget controller supports it,
as the endpoint descriptors (and companion descriptors) are
generally identical and can be re-used. This is true for two
commonly used functions: Android's ADB and MTP. So we can simply
assign the usb_function's ssp_descriptors array to point to its
ss_descriptors, if available. Similarly, we need to allow an
epfile's ioctl for FUNCTIONFS_ENDPOINT_DESC to correctly
return the corresponding SuperSpeed endpoint descriptor in case
the connected speed is SuperSpeedPlus as well.

The only exception is if a function wants to implement an
Isochronous endpoint capable of transferring more than 48KB per
service interval when operating at greater than USB 3.1 Gen1
speed, in which case it would require an additional SuperSpeedPlus
Isochronous Endpoint Companion descriptor to be returned as part
of the Configuration Descriptor. Support for that would need
to be separately added to the userspace-facing FunctionFS API
which may not be a trivial task--likely a new descriptor format
(v3?) may need to be devised to allow for separate SS and SSP
descriptors to be supplied.

Signed-off-by: Jack Pham <jackp@codeaurora.org>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20201027230731.9073-1-jackp@codeaurora.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/gadget/function/f_fs.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -1328,6 +1328,7 @@ static long ffs_epfile_ioctl(struct file
 
 		switch (epfile->ffs->gadget->speed) {
 		case USB_SPEED_SUPER:
+		case USB_SPEED_SUPER_PLUS:
 			desc_idx = 2;
 			break;
 		case USB_SPEED_HIGH:
@@ -3174,7 +3175,8 @@ static int _ffs_func_bind(struct usb_con
 	}
 
 	if (likely(super)) {
-		func->function.ss_descriptors = vla_ptr(vlabuf, d, ss_descs);
+		func->function.ss_descriptors = func->function.ssp_descriptors =
+			vla_ptr(vlabuf, d, ss_descs);
 		ss_len = ffs_do_descs(ffs->ss_descs_count,
 				vla_ptr(vlabuf, d, raw_descs) + fs_len + hs_len,
 				d_raw_descs__sz - fs_len - hs_len,
@@ -3584,6 +3586,7 @@ static void ffs_func_unbind(struct usb_c
 	func->function.fs_descriptors = NULL;
 	func->function.hs_descriptors = NULL;
 	func->function.ss_descriptors = NULL;
+	func->function.ssp_descriptors = NULL;
 	func->interfaces_nums = NULL;
 
 	ffs_event_add(ffs, FUNCTIONFS_UNBIND);



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 10/40] USB: gadget: f_rndis: fix bitrate for SuperSpeed and above
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (8 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 09/40] usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 11/40] usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul Greg Kroah-Hartman
                   ` (33 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Felipe Balbi, EJ Hsu, Peter Chen,
	Will McVicker

From: Will McVicker <willmcvicker@google.com>

commit b00f444f9add39b64d1943fa75538a1ebd54a290 upstream.

Align the SuperSpeed Plus bitrate for f_rndis to match f_ncm's ncm_bitrate
defined by commit 1650113888fe ("usb: gadget: f_ncm: add SuperSpeed descriptors
for CDC NCM").

Cc: Felipe Balbi <balbi@kernel.org>
Cc: EJ Hsu <ejh@nvidia.com>
Cc: Peter Chen <peter.chen@nxp.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Will McVicker <willmcvicker@google.com>
Reviewed-by: Peter Chen <peter.chen@nxp.com>
Link: https://lore.kernel.org/r/20201127140559.381351-2-gregkh@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/gadget/function/f_rndis.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/drivers/usb/gadget/function/f_rndis.c
+++ b/drivers/usb/gadget/function/f_rndis.c
@@ -87,8 +87,10 @@ static inline struct f_rndis *func_to_rn
 /* peak (theoretical) bulk transfer rate in bits-per-second */
 static unsigned int bitrate(struct usb_gadget *g)
 {
+	if (gadget_is_superspeed(g) && g->speed >= USB_SPEED_SUPER_PLUS)
+		return 4250000000U;
 	if (gadget_is_superspeed(g) && g->speed == USB_SPEED_SUPER)
-		return 13 * 1024 * 8 * 1000 * 8;
+		return 3750000000U;
 	else if (gadget_is_dualspeed(g) && g->speed == USB_SPEED_HIGH)
 		return 13 * 512 * 8 * 1000 * 8;
 	else



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 11/40] usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (9 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 10/40] USB: gadget: f_rndis: fix bitrate for SuperSpeed and above Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 12/40] ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU Greg Kroah-Hartman
                   ` (32 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Fabio Estevam, Peter Chen

From: Fabio Estevam <festevam@gmail.com>

commit c7721e15f434920145c376e8fe77e1c079fc3726 upstream.

According to the i.MX6UL Errata document:
https://www.nxp.com/docs/en/errata/IMX6ULCE.pdf

ERR007881 also affects i.MX6UL, so pass the
CI_HDRC_DISABLE_DEVICE_STREAMING flag to workaround the issue.

Fixes: 52fe568e5d71 ("usb: chipidea: imx: add imx6ul usb support")
Cc: <stable@vger.kernel.org>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Peter Chen <peter.chen@nxp.com>
Link: https://lore.kernel.org/r/20201207020909.22483-2-peter.chen@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/chipidea/ci_hdrc_imx.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/usb/chipidea/ci_hdrc_imx.c
+++ b/drivers/usb/chipidea/ci_hdrc_imx.c
@@ -57,7 +57,8 @@ static const struct ci_hdrc_imx_platform
 
 static const struct ci_hdrc_imx_platform_flag imx6ul_usb_data = {
 	.flags = CI_HDRC_SUPPORTS_RUNTIME_PM |
-		CI_HDRC_TURN_VBUS_EARLY_ON,
+		CI_HDRC_TURN_VBUS_EARLY_ON |
+		CI_HDRC_DISABLE_DEVICE_STREAMING,
 };
 
 static const struct ci_hdrc_imx_platform_flag imx7d_usb_data = {



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 12/40] ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (10 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 11/40] usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 13/40] ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on Exynos5410 Greg Kroah-Hartman
                   ` (31 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Gabriel Ribba Esteva

From: Krzysztof Kozlowski <krzk@kernel.org>

commit ecc1ff532b499d20304a4f682247137025814c34 upstream.

On Odroid XU board the USB3-0 port is a microUSB and USB3-1 port is USB
type A (host).  The roles were copied from Odroid XU3 (Exynos5422)
design which has it reversed.

Fixes: 8149afe4dbf9 ("ARM: dts: exynos: Add initial support for Odroid XU board")
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20201015182044.480562-1-krzk@kernel.org
Tested-by: Gabriel Ribba Esteva <gabriel.ribbae@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm/boot/dts/exynos5410-odroidxu.dts |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/arch/arm/boot/dts/exynos5410-odroidxu.dts
+++ b/arch/arm/boot/dts/exynos5410-odroidxu.dts
@@ -637,11 +637,11 @@
 };
 
 &usbdrd_dwc3_0 {
-	dr_mode = "host";
+	dr_mode = "peripheral";
 };
 
 &usbdrd_dwc3_1 {
-	dr_mode = "peripheral";
+	dr_mode = "host";
 };
 
 &usbdrd3_0 {



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 13/40] ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on Exynos5410
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (11 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 12/40] ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 14/40] ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid XU Greg Kroah-Hartman
                   ` (30 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Gabriel Ribba Esteva

From: Krzysztof Kozlowski <krzk@kernel.org>

commit 3d992fd8f4e0f09c980726308d2f2725587b32d6 upstream.

The VBUS control (PWREN) and over-current pins of USB 3.0 DWC3
controllers are on Exynos5410 regular GPIOs.  This is different than for
example on Exynos5422 where these are special ETC pins with proper reset
values (pulls, functions).

Therefore these pins should be configured to enable proper USB 3.0
peripheral and host modes.  This also fixes over-current warning:

    [    6.024658] usb usb4-port1: over-current condition
    [    6.028271] usb usb3-port1: over-current condition

Fixes: cb0896562228 ("ARM: dts: exynos: Add USB to Exynos5410")
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20201015182044.480562-2-krzk@kernel.org
Tested-by: Gabriel Ribba Esteva <gabriel.ribbae@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm/boot/dts/exynos5410-pinctrl.dtsi |   28 ++++++++++++++++++++++++++++
 arch/arm/boot/dts/exynos5410.dtsi         |    4 ++++
 2 files changed, 32 insertions(+)

--- a/arch/arm/boot/dts/exynos5410-pinctrl.dtsi
+++ b/arch/arm/boot/dts/exynos5410-pinctrl.dtsi
@@ -560,6 +560,34 @@
 		interrupt-controller;
 		#interrupt-cells = <2>;
 	};
+
+	usb3_1_oc: usb3-1-oc {
+		samsung,pins = "gpk2-4", "gpk2-5";
+		samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
+		samsung,pin-pud = <EXYNOS_PIN_PULL_UP>;
+		samsung,pin-drv = <EXYNOS5420_PIN_DRV_LV1>;
+	};
+
+	usb3_1_vbusctrl: usb3-1-vbusctrl {
+		samsung,pins = "gpk2-6", "gpk2-7";
+		samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
+		samsung,pin-pud = <EXYNOS_PIN_PULL_DOWN>;
+		samsung,pin-drv = <EXYNOS5420_PIN_DRV_LV1>;
+	};
+
+	usb3_0_oc: usb3-0-oc {
+		samsung,pins = "gpk3-0", "gpk3-1";
+		samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
+		samsung,pin-pud = <EXYNOS_PIN_PULL_UP>;
+		samsung,pin-drv = <EXYNOS5420_PIN_DRV_LV1>;
+	};
+
+	usb3_0_vbusctrl: usb3-0-vbusctrl {
+		samsung,pins = "gpk3-2", "gpk3-3";
+		samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
+		samsung,pin-pud = <EXYNOS_PIN_PULL_DOWN>;
+		samsung,pin-drv = <EXYNOS5420_PIN_DRV_LV1>;
+	};
 };
 
 &pinctrl_2 {
--- a/arch/arm/boot/dts/exynos5410.dtsi
+++ b/arch/arm/boot/dts/exynos5410.dtsi
@@ -390,6 +390,8 @@
 &usbdrd3_0 {
 	clocks = <&clock CLK_USBD300>;
 	clock-names = "usbdrd30";
+	pinctrl-names = "default";
+	pinctrl-0 = <&usb3_0_oc>, <&usb3_0_vbusctrl>;
 };
 
 &usbdrd_phy0 {
@@ -401,6 +403,8 @@
 &usbdrd3_1 {
 	clocks = <&clock CLK_USBD301>;
 	clock-names = "usbdrd30";
+	pinctrl-names = "default";
+	pinctrl-0 = <&usb3_1_oc>, <&usb3_1_vbusctrl>;
 };
 
 &usbdrd_dwc3_1 {



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 14/40] ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid XU
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (12 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 13/40] ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on Exynos5410 Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 15/40] coresight: tmc-etf: Fix NULL ptr dereference in tmc_enable_etf_sink_perf() Greg Kroah-Hartman
                   ` (29 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Gabriel Ribba Esteva

From: Krzysztof Kozlowski <krzk@kernel.org>

commit bd7e7ff56feea7810df900fb09c9741d259861d9 upstream.

On Odroid XU LDO12 and LDO15 supplies the power to USB 3.0 blocks but
the GPK GPIO pins are supplied by LDO7 (VDDQ_LCD).  LDO7 also supplies
GPJ GPIO pins.

The Exynos pinctrl driver does not take any supplies, so to have entire
GPIO block always available, make the regulator always on.

Fixes: 88644b4c750b ("ARM: dts: exynos: Configure PWM, usb3503, PMIC and thermal on Odroid XU board")
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20201015182044.480562-3-krzk@kernel.org
Tested-by: Gabriel Ribba Esteva <gabriel.ribbae@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm/boot/dts/exynos5410-odroidxu.dts |    2 ++
 1 file changed, 2 insertions(+)

--- a/arch/arm/boot/dts/exynos5410-odroidxu.dts
+++ b/arch/arm/boot/dts/exynos5410-odroidxu.dts
@@ -327,6 +327,8 @@
 				regulator-name = "vddq_lcd";
 				regulator-min-microvolt = <1800000>;
 				regulator-max-microvolt = <1800000>;
+				/* Supplies also GPK and GPJ */
+				regulator-always-on;
 			};
 
 			ldo8_reg: LDO8 {



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 15/40] coresight: tmc-etf: Fix NULL ptr dereference in tmc_enable_etf_sink_perf()
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (13 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 14/40] ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid XU Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 16/40] coresight: tmc-etr: Check if page is valid before dma_map_page() Greg Kroah-Hartman
                   ` (28 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sai Prakash Ranjan, Mathieu Poirier

From: Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>

commit 868663dd5d69fef05bfb004f91da5c30e9b93461 upstream.

There was a report of NULL pointer dereference in ETF enable
path for perf CS mode with PID monitoring. It is almost 100%
reproducible when the process to monitor is something very
active such as chrome and with ETF as the sink and not ETR.
Currently in a bid to find the pid, the owner is dereferenced
via task_pid_nr() call in tmc_enable_etf_sink_perf() and with
owner being NULL, we get a NULL pointer dereference.

Looking at the ETR and other places in the kernel, ETF and the
ETB are the only places trying to dereference the task(owner)
in tmc_enable_etf_sink_perf() which is also called from the
sched_in path as in the call trace. Owner(task) is NULL even
in the case of ETR in tmc_enable_etr_sink_perf(), but since we
cache the PID in alloc_buffer() callback and it is done as part
of etm_setup_aux() when allocating buffer for ETR sink, we never
dereference this NULL pointer and we are safe. So lets do the
same thing with ETF and cache the PID to which the cs_buffer
belongs in tmc_alloc_etf_buffer() as done for ETR. This will
also remove the unnecessary function calls(task_pid_nr()) since
we are caching the PID.

Easily reproducible running below:

 perf record -e cs_etm/@tmc_etf0/ -N -p <pid>

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000548
Mem abort info:
  ESR = 0x96000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
<snip>...
Call trace:
 tmc_enable_etf_sink+0xe4/0x280
 coresight_enable_path+0x168/0x1fc
 etm_event_start+0x8c/0xf8
 etm_event_add+0x38/0x54
 event_sched_in+0x194/0x2ac
 group_sched_in+0x54/0x12c
 flexible_sched_in+0xd8/0x120
 visit_groups_merge+0x100/0x16c
 ctx_flexible_sched_in+0x50/0x74
 ctx_sched_in+0xa4/0xa8
 perf_event_sched_in+0x60/0x6c
 perf_event_context_sched_in+0x98/0xe0
 __perf_event_task_sched_in+0x5c/0xd8
 finish_task_switch+0x184/0x1cc
 schedule_tail+0x20/0xec
 ret_from_fork+0x4/0x18

Fixes: 880af782c6e8 ("coresight: tmc-etf: Add support for CPU-wide trace scenarios")
Cc: stable@vger.kernel.org
Signed-off-by: Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Link: https://lore.kernel.org/r/20201127175256.1092685-10-mathieu.poirier@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/hwtracing/coresight/coresight-priv.h    |    2 ++
 drivers/hwtracing/coresight/coresight-tmc-etf.c |    4 +++-
 2 files changed, 5 insertions(+), 1 deletion(-)

--- a/drivers/hwtracing/coresight/coresight-priv.h
+++ b/drivers/hwtracing/coresight/coresight-priv.h
@@ -87,6 +87,7 @@ enum cs_mode {
  * struct cs_buffer - keep track of a recording session' specifics
  * @cur:	index of the current buffer
  * @nr_pages:	max number of pages granted to us
+ * @pid:	PID this cs_buffer belongs to
  * @offset:	offset within the current buffer
  * @data_size:	how much we collected in this run
  * @snapshot:	is this run in snapshot mode
@@ -95,6 +96,7 @@ enum cs_mode {
 struct cs_buffers {
 	unsigned int		cur;
 	unsigned int		nr_pages;
+	pid_t			pid;
 	unsigned long		offset;
 	local_t			data_size;
 	bool			snapshot;
--- a/drivers/hwtracing/coresight/coresight-tmc-etf.c
+++ b/drivers/hwtracing/coresight/coresight-tmc-etf.c
@@ -227,6 +227,7 @@ static int tmc_enable_etf_sink_perf(stru
 	unsigned long flags;
 	struct tmc_drvdata *drvdata = dev_get_drvdata(csdev->dev.parent);
 	struct perf_output_handle *handle = data;
+	struct cs_buffers *buf = etm_perf_sink_config(handle);
 
 	spin_lock_irqsave(&drvdata->spinlock, flags);
 	do {
@@ -243,7 +244,7 @@ static int tmc_enable_etf_sink_perf(stru
 		}
 
 		/* Get a handle on the pid of the process to monitor */
-		pid = task_pid_nr(handle->event->owner);
+		pid = buf->pid;
 
 		if (drvdata->pid != -1 && drvdata->pid != pid) {
 			ret = -EBUSY;
@@ -399,6 +400,7 @@ static void *tmc_alloc_etf_buffer(struct
 	if (!buf)
 		return NULL;
 
+	buf->pid = task_pid_nr(event->owner);
 	buf->snapshot = overwrite;
 	buf->nr_pages = nr_pages;
 	buf->data_pages = pages;



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 16/40] coresight: tmc-etr: Check if page is valid before dma_map_page()
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (14 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 15/40] coresight: tmc-etf: Fix NULL ptr dereference in tmc_enable_etf_sink_perf() Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 17/40] coresight: tmc-etr: Fix barrier packet insertion for perf buffer Greg Kroah-Hartman
                   ` (27 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Suzuki K Poulose, Mao Jinlong,
	Sai Prakash Ranjan, Mathieu Poirier

From: Mao Jinlong <jinlmao@codeaurora.org>

commit 1cc573d5754e92372a7e30e35468644f8811e1a4 upstream.

alloc_pages_node() return should be checked before calling
dma_map_page() to make sure that valid page is mapped or
else it can lead to aborts as below:

 Unable to handle kernel paging request at virtual address ffffffc008000000
 Mem abort info:
 <snip>...
 pc : __dma_inv_area+0x40/0x58
 lr : dma_direct_map_page+0xd8/0x1c8

 Call trace:
  __dma_inv_area
  tmc_pages_alloc
  tmc_alloc_data_pages
  tmc_alloc_sg_table
  tmc_init_etr_sg_table
  tmc_alloc_etr_buf
  tmc_enable_etr_sink_sysfs
  tmc_enable_etr_sink
  coresight_enable_path
  coresight_enable
  enable_source_store
  dev_attr_store
  sysfs_kf_write

Fixes: 99443ea19e8b ("coresight: Add generic TMC sg table framework")
Cc: stable@vger.kernel.org
Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Mao Jinlong <jinlmao@codeaurora.org>
Signed-off-by: Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Link: https://lore.kernel.org/r/20201127175256.1092685-13-mathieu.poirier@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/hwtracing/coresight/coresight-tmc-etr.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/hwtracing/coresight/coresight-tmc-etr.c
+++ b/drivers/hwtracing/coresight/coresight-tmc-etr.c
@@ -217,6 +217,8 @@ static int tmc_pages_alloc(struct tmc_pa
 		} else {
 			page = alloc_pages_node(node,
 						GFP_KERNEL | __GFP_ZERO, 0);
+			if (!page)
+				goto err;
 		}
 		paddr = dma_map_page(real_dev, page, 0, PAGE_SIZE, dir);
 		if (dma_mapping_error(real_dev, paddr))



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 17/40] coresight: tmc-etr: Fix barrier packet insertion for perf buffer
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (15 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 16/40] coresight: tmc-etr: Check if page is valid before dma_map_page() Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 18/40] coresight: etb10: Fix possible NULL ptr dereference in etb_enable_perf() Greg Kroah-Hartman
                   ` (26 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Mathieu Poirier, Al Grant,
	Mike Leach, Suzuki K Poulose

From: Suzuki K Poulose <suzuki.poulose@arm.com>

commit 83be0b84fe846edf0c722fefe225482d5f0d7395 upstream.

When the ETR is used in perf mode with a larger buffer (configured
via sysfs or the default size of 1M) than the perf aux buffer size,
we end up inserting the barrier packet at the wrong offset, while
moving the offset forward. i.e, instead of the "new moved offset",
we insert it at the current hardware buffer offset. These packets
will not be visible as they are never copied and could lead to
corruption in the trace decoding side, as the decoder is not aware
that it needs to reset the decoding.

Fixes: ec13c78d7b45 ("coresight: tmc-etr: Add barrier packets when moving offset forward")
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: stable@vger.kernel.org
Reported-by: Al Grant <al.grant@arm.com>
Tested-by: Mike Leach <mike.leach@arm.com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Link: https://lore.kernel.org/r/20201208182651.1597945-2-mathieu.poirier@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/hwtracing/coresight/coresight-tmc-etr.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/hwtracing/coresight/coresight-tmc-etr.c
+++ b/drivers/hwtracing/coresight/coresight-tmc-etr.c
@@ -1552,7 +1552,7 @@ tmc_update_etr_buffer(struct coresight_d
 
 	/* Insert barrier packets at the beginning, if there was an overflow */
 	if (lost)
-		tmc_etr_buf_insert_barrier_packet(etr_buf, etr_buf->offset);
+		tmc_etr_buf_insert_barrier_packet(etr_buf, offset);
 	tmc_etr_sync_perf_buffer(etr_perf, offset, size);
 
 	/*



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 18/40] coresight: etb10: Fix possible NULL ptr dereference in etb_enable_perf()
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (16 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 17/40] coresight: tmc-etr: Fix barrier packet insertion for perf buffer Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 19/40] coresight: etm4x: Skip setting LPOVERRIDE bit for qcom, skip-power-up Greg Kroah-Hartman
                   ` (25 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sai Prakash Ranjan, Mathieu Poirier

From: Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>

commit 22b2beaa7f166f550424cbb3b988aeaa7ef0425a upstream.

There was a report of NULL pointer dereference in ETF enable
path for perf CS mode with PID monitoring. It is almost 100%
reproducible when the process to monitor is something very
active such as chrome and with ETF as the sink, not ETR.

But code path shows that ETB has a similar path as ETF, so
there could be possible NULL pointer dereference crash in
ETB as well. Currently in a bid to find the pid, the owner
is dereferenced via task_pid_nr() call in etb_enable_perf()
and with owner being NULL, we can get a NULL pointer
dereference, so have a similar fix as ETF where we cache PID
in alloc_buffer() callback which is called as the part of
etm_setup_aux().

Fixes: 75d7dbd38824 ("coresight: etb10: Add support for CPU-wide trace scenarios")
Cc: stable@vger.kernel.org
Signed-off-by: Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Link: https://lore.kernel.org/r/20201127175256.1092685-11-mathieu.poirier@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/hwtracing/coresight/coresight-etb10.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/drivers/hwtracing/coresight/coresight-etb10.c
+++ b/drivers/hwtracing/coresight/coresight-etb10.c
@@ -176,6 +176,7 @@ static int etb_enable_perf(struct coresi
 	unsigned long flags;
 	struct etb_drvdata *drvdata = dev_get_drvdata(csdev->dev.parent);
 	struct perf_output_handle *handle = data;
+	struct cs_buffers *buf = etm_perf_sink_config(handle);
 
 	spin_lock_irqsave(&drvdata->spinlock, flags);
 
@@ -186,7 +187,7 @@ static int etb_enable_perf(struct coresi
 	}
 
 	/* Get a handle on the pid of the process to monitor */
-	pid = task_pid_nr(handle->event->owner);
+	pid = buf->pid;
 
 	if (drvdata->pid != -1 && drvdata->pid != pid) {
 		ret = -EBUSY;
@@ -383,6 +384,7 @@ static void *etb_alloc_buffer(struct cor
 	if (!buf)
 		return NULL;
 
+	buf->pid = task_pid_nr(event->owner);
 	buf->snapshot = overwrite;
 	buf->nr_pages = nr_pages;
 	buf->data_pages = pages;



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 19/40] coresight: etm4x: Skip setting LPOVERRIDE bit for qcom, skip-power-up
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (17 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 18/40] coresight: etb10: Fix possible NULL ptr dereference in etb_enable_perf() Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 20/40] coresight: etm4x: Fix accesses to TRCVMIDCTLR1 Greg Kroah-Hartman
                   ` (24 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Suzuki K Poulose, Sai Prakash Ranjan,
	Mathieu Poirier

From: Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>

commit ac0f82b1b4956e348a6b2de8104308144ffb6ef7 upstream.

There is a bug on the systems supporting to skip power up
(qcom,skip-power-up) where setting LPOVERRIDE bit(low-power
state override behaviour) will result in CPU hangs/lockups
even on the implementations which supports it. So skip
setting the LPOVERRIDE bit for such platforms.

Fixes: 02510a5aa78d ("coresight: etm4x: Add support to skip trace unit power up")
Cc: stable@vger.kernel.org
Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Link: https://lore.kernel.org/r/20201127175256.1092685-2-mathieu.poirier@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/hwtracing/coresight/coresight-etm4x-core.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/hwtracing/coresight/coresight-etm4x-core.c
+++ b/drivers/hwtracing/coresight/coresight-etm4x-core.c
@@ -779,7 +779,7 @@ static void etm4_init_arch_data(void *in
 	 * LPOVERRIDE, bit[23] implementation supports
 	 * low-power state override
 	 */
-	if (BMVAL(etmidr5, 23, 23))
+	if (BMVAL(etmidr5, 23, 23) && (!drvdata->skip_power_up))
 		drvdata->lpoverride = true;
 	else
 		drvdata->lpoverride = false;



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 20/40] coresight: etm4x: Fix accesses to TRCVMIDCTLR1
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (18 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 19/40] coresight: etm4x: Skip setting LPOVERRIDE bit for qcom, skip-power-up Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 21/40] coresight: etm4x: Fix accesses to TRCCIDCTLR1 Greg Kroah-Hartman
                   ` (23 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Mathieu Poirier, Mike Leach,
	Suzuki K Poulose

From: Suzuki K Poulose <suzuki.poulose@arm.com>

commit 93dd64404cbe63b0afba371acd8db36e84b286c7 upstream.

TRCVMIDCTRL1 is only implemented only if the TRCIDR4.NUMVMIDC > 4.
We must not touch the register otherwise.

Cc: stable@vger.kernel.org
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Mike Leach <mike.leach@linaro.org>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Link: https://lore.kernel.org/r/20201127175256.1092685-4-mathieu.poirier@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/hwtracing/coresight/coresight-etm4x-core.c |    9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

--- a/drivers/hwtracing/coresight/coresight-etm4x-core.c
+++ b/drivers/hwtracing/coresight/coresight-etm4x-core.c
@@ -193,7 +193,8 @@ static int etm4_enable_hw(struct etmv4_d
 		writeq_relaxed(config->vmid_val[i],
 			       drvdata->base + TRCVMIDCVRn(i));
 	writel_relaxed(config->vmid_mask0, drvdata->base + TRCVMIDCCTLR0);
-	writel_relaxed(config->vmid_mask1, drvdata->base + TRCVMIDCCTLR1);
+	if (drvdata->numvmidc > 4)
+		writel_relaxed(config->vmid_mask1, drvdata->base + TRCVMIDCCTLR1);
 
 	if (!drvdata->skip_power_up) {
 		/*
@@ -1243,7 +1244,8 @@ static int etm4_cpu_save(struct etmv4_dr
 	state->trccidcctlr1 = readl(drvdata->base + TRCCIDCCTLR1);
 
 	state->trcvmidcctlr0 = readl(drvdata->base + TRCVMIDCCTLR0);
-	state->trcvmidcctlr1 = readl(drvdata->base + TRCVMIDCCTLR1);
+	if (drvdata->numvmidc > 4)
+		state->trcvmidcctlr1 = readl(drvdata->base + TRCVMIDCCTLR1);
 
 	state->trcclaimset = readl(drvdata->base + TRCCLAIMCLR);
 
@@ -1353,7 +1355,8 @@ static void etm4_cpu_restore(struct etmv
 	writel_relaxed(state->trccidcctlr1, drvdata->base + TRCCIDCCTLR1);
 
 	writel_relaxed(state->trcvmidcctlr0, drvdata->base + TRCVMIDCCTLR0);
-	writel_relaxed(state->trcvmidcctlr1, drvdata->base + TRCVMIDCCTLR1);
+	if (drvdata->numvmidc > 4)
+		writel_relaxed(state->trcvmidcctlr1, drvdata->base + TRCVMIDCCTLR1);
 
 	writel_relaxed(state->trcclaimset, drvdata->base + TRCCLAIMSET);
 



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 21/40] coresight: etm4x: Fix accesses to TRCCIDCTLR1
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (19 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 20/40] coresight: etm4x: Fix accesses to TRCVMIDCTLR1 Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 22/40] coresight: etm4x: Fix accesses to TRCPROCSELR Greg Kroah-Hartman
                   ` (22 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Mathieu Poirier, Mike Leach,
	Suzuki K Poulose

From: Suzuki K Poulose <suzuki.poulose@arm.com>

commit f2603b22e3d2dcffd8b0736e5c68df497af6bc84 upstream.

The TRCCIDCTLR1 is only implemented if TRCIDR4.NUMCIDC > 4.
Don't touch the register if it is not implemented.

Cc: stable@vger.kernel.org
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Mike Leach <mike.leach@linaro.org>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Link: https://lore.kernel.org/r/20201127175256.1092685-5-mathieu.poirier@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/hwtracing/coresight/coresight-etm4x-core.c |    9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

--- a/drivers/hwtracing/coresight/coresight-etm4x-core.c
+++ b/drivers/hwtracing/coresight/coresight-etm4x-core.c
@@ -187,7 +187,8 @@ static int etm4_enable_hw(struct etmv4_d
 		writeq_relaxed(config->ctxid_pid[i],
 			       drvdata->base + TRCCIDCVRn(i));
 	writel_relaxed(config->ctxid_mask0, drvdata->base + TRCCIDCCTLR0);
-	writel_relaxed(config->ctxid_mask1, drvdata->base + TRCCIDCCTLR1);
+	if (drvdata->numcidc > 4)
+		writel_relaxed(config->ctxid_mask1, drvdata->base + TRCCIDCCTLR1);
 
 	for (i = 0; i < drvdata->numvmidc; i++)
 		writeq_relaxed(config->vmid_val[i],
@@ -1241,7 +1242,8 @@ static int etm4_cpu_save(struct etmv4_dr
 		state->trcvmidcvr[i] = readq(drvdata->base + TRCVMIDCVRn(i));
 
 	state->trccidcctlr0 = readl(drvdata->base + TRCCIDCCTLR0);
-	state->trccidcctlr1 = readl(drvdata->base + TRCCIDCCTLR1);
+	if (drvdata->numcidc > 4)
+		state->trccidcctlr1 = readl(drvdata->base + TRCCIDCCTLR1);
 
 	state->trcvmidcctlr0 = readl(drvdata->base + TRCVMIDCCTLR0);
 	if (drvdata->numvmidc > 4)
@@ -1352,7 +1354,8 @@ static void etm4_cpu_restore(struct etmv
 			       drvdata->base + TRCVMIDCVRn(i));
 
 	writel_relaxed(state->trccidcctlr0, drvdata->base + TRCCIDCCTLR0);
-	writel_relaxed(state->trccidcctlr1, drvdata->base + TRCCIDCCTLR1);
+	if (drvdata->numcidc > 4)
+		writel_relaxed(state->trccidcctlr1, drvdata->base + TRCCIDCCTLR1);
 
 	writel_relaxed(state->trcvmidcctlr0, drvdata->base + TRCVMIDCCTLR0);
 	if (drvdata->numvmidc > 4)



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 22/40] coresight: etm4x: Fix accesses to TRCPROCSELR
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (20 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 21/40] coresight: etm4x: Fix accesses to TRCCIDCTLR1 Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 23/40] coresight: etm4x: Handle TRCVIPCSSCTLR accesses Greg Kroah-Hartman
                   ` (21 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Mathieu Poirier, Mike Leach,
	Suzuki K Poulose

From: Suzuki K Poulose <suzuki.poulose@arm.com>

commit 6288b4ceca868eac4bf729532f8d845e3ecbed98 upstream.

TRCPROCSELR is not implemented if the TRCIDR3.NUMPROC == 0. Skip
accessing the register in such cases.

Cc: stable@vger.kernel.org
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Mike Leach <mike.leach@linaro.org>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Link: https://lore.kernel.org/r/20201127175256.1092685-7-mathieu.poirier@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/hwtracing/coresight/coresight-etm4x-core.c |   10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

--- a/drivers/hwtracing/coresight/coresight-etm4x-core.c
+++ b/drivers/hwtracing/coresight/coresight-etm4x-core.c
@@ -124,8 +124,8 @@ static int etm4_enable_hw(struct etmv4_d
 	if (coresight_timeout(drvdata->base, TRCSTATR, TRCSTATR_IDLE_BIT, 1))
 		dev_err(etm_dev,
 			"timeout while waiting for Idle Trace Status\n");
-
-	writel_relaxed(config->pe_sel, drvdata->base + TRCPROCSELR);
+	if (drvdata->nr_pe)
+		writel_relaxed(config->pe_sel, drvdata->base + TRCPROCSELR);
 	writel_relaxed(config->cfg, drvdata->base + TRCCONFIGR);
 	/* nothing specific implemented */
 	writel_relaxed(0x0, drvdata->base + TRCAUXCTLR);
@@ -1180,7 +1180,8 @@ static int etm4_cpu_save(struct etmv4_dr
 	state = drvdata->save_state;
 
 	state->trcprgctlr = readl(drvdata->base + TRCPRGCTLR);
-	state->trcprocselr = readl(drvdata->base + TRCPROCSELR);
+	if (drvdata->nr_pe)
+		state->trcprocselr = readl(drvdata->base + TRCPROCSELR);
 	state->trcconfigr = readl(drvdata->base + TRCCONFIGR);
 	state->trcauxctlr = readl(drvdata->base + TRCAUXCTLR);
 	state->trceventctl0r = readl(drvdata->base + TRCEVENTCTL0R);
@@ -1287,7 +1288,8 @@ static void etm4_cpu_restore(struct etmv
 	writel_relaxed(state->trcclaimset, drvdata->base + TRCCLAIMSET);
 
 	writel_relaxed(state->trcprgctlr, drvdata->base + TRCPRGCTLR);
-	writel_relaxed(state->trcprocselr, drvdata->base + TRCPROCSELR);
+	if (drvdata->nr_pe)
+		writel_relaxed(state->trcprocselr, drvdata->base + TRCPROCSELR);
 	writel_relaxed(state->trcconfigr, drvdata->base + TRCCONFIGR);
 	writel_relaxed(state->trcauxctlr, drvdata->base + TRCAUXCTLR);
 	writel_relaxed(state->trceventctl0r, drvdata->base + TRCEVENTCTL0R);



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 23/40] coresight: etm4x: Handle TRCVIPCSSCTLR accesses
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (21 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 22/40] coresight: etm4x: Fix accesses to TRCPROCSELR Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 24/40] f2fs: fix to seek incorrect data offset in inline data file Greg Kroah-Hartman
                   ` (20 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Suzuki K Poulose, Mathieu Poirier

From: Suzuki K Poulose <suzuki.poulose@arm.com>

commit 60c519c5d3629c21ba356782434d5b612d312de4 upstream.

TRCVIPCSSCTLR is not present if the TRCIDR4.NUMPC > 0. Thus we
should only access the register if it is present, preventing
any undesired behavior.

Cc: stable@vger.kernel.org
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Link: https://lore.kernel.org/r/20201127175256.1092685-8-mathieu.poirier@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/hwtracing/coresight/coresight-etm4x-core.c |   11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

--- a/drivers/hwtracing/coresight/coresight-etm4x-core.c
+++ b/drivers/hwtracing/coresight/coresight-etm4x-core.c
@@ -141,8 +141,9 @@ static int etm4_enable_hw(struct etmv4_d
 	writel_relaxed(config->viiectlr, drvdata->base + TRCVIIECTLR);
 	writel_relaxed(config->vissctlr,
 		       drvdata->base + TRCVISSCTLR);
-	writel_relaxed(config->vipcssctlr,
-		       drvdata->base + TRCVIPCSSCTLR);
+	if (drvdata->nr_pe_cmp)
+		writel_relaxed(config->vipcssctlr,
+			       drvdata->base + TRCVIPCSSCTLR);
 	for (i = 0; i < drvdata->nrseqstate - 1; i++)
 		writel_relaxed(config->seq_ctrl[i],
 			       drvdata->base + TRCSEQEVRn(i));
@@ -1197,7 +1198,8 @@ static int etm4_cpu_save(struct etmv4_dr
 	state->trcvictlr = readl(drvdata->base + TRCVICTLR);
 	state->trcviiectlr = readl(drvdata->base + TRCVIIECTLR);
 	state->trcvissctlr = readl(drvdata->base + TRCVISSCTLR);
-	state->trcvipcssctlr = readl(drvdata->base + TRCVIPCSSCTLR);
+	if (drvdata->nr_pe_cmp)
+		state->trcvipcssctlr = readl(drvdata->base + TRCVIPCSSCTLR);
 	state->trcvdctlr = readl(drvdata->base + TRCVDCTLR);
 	state->trcvdsacctlr = readl(drvdata->base + TRCVDSACCTLR);
 	state->trcvdarcctlr = readl(drvdata->base + TRCVDARCCTLR);
@@ -1305,7 +1307,8 @@ static void etm4_cpu_restore(struct etmv
 	writel_relaxed(state->trcvictlr, drvdata->base + TRCVICTLR);
 	writel_relaxed(state->trcviiectlr, drvdata->base + TRCVIIECTLR);
 	writel_relaxed(state->trcvissctlr, drvdata->base + TRCVISSCTLR);
-	writel_relaxed(state->trcvipcssctlr, drvdata->base + TRCVIPCSSCTLR);
+	if (drvdata->nr_pe_cmp)
+		writel_relaxed(state->trcvipcssctlr, drvdata->base + TRCVIPCSSCTLR);
 	writel_relaxed(state->trcvdctlr, drvdata->base + TRCVDCTLR);
 	writel_relaxed(state->trcvdsacctlr, drvdata->base + TRCVDSACCTLR);
 	writel_relaxed(state->trcvdarcctlr, drvdata->base + TRCVDARCCTLR);



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 24/40] f2fs: fix to seek incorrect data offset in inline data file
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (22 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 23/40] coresight: etm4x: Handle TRCVIPCSSCTLR accesses Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-24  1:11   ` Chao Yu
  2020-12-23 15:33 ` [PATCH 5.10 25/40] f2fs: init dirty_secmap incorrectly Greg Kroah-Hartman
                   ` (19 subsequent siblings)
  43 siblings, 1 reply; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, kitestramuort, Chao Yu, Jaegeuk Kim

From: Chao Yu <yuchao0@huawei.com>

commit 7a6e59d719ef0ec9b3d765cba3ba98ee585cbde3 upstream.

As kitestramuort reported:

F2FS-fs (nvme0n1p4): access invalid blkaddr:1598541474
[   25.725898] ------------[ cut here ]------------
[   25.725903] WARNING: CPU: 6 PID: 2018 at f2fs_is_valid_blkaddr+0x23a/0x250
[   25.725923] Call Trace:
[   25.725927]  ? f2fs_llseek+0x204/0x620
[   25.725929]  ? ovl_copy_up_data+0x14f/0x200
[   25.725931]  ? ovl_copy_up_inode+0x174/0x1e0
[   25.725933]  ? ovl_copy_up_one+0xa22/0xdf0
[   25.725936]  ? ovl_copy_up_flags+0xa6/0xf0
[   25.725938]  ? ovl_aio_cleanup_handler+0xd0/0xd0
[   25.725939]  ? ovl_maybe_copy_up+0x86/0xa0
[   25.725941]  ? ovl_open+0x22/0x80
[   25.725943]  ? do_dentry_open+0x136/0x350
[   25.725945]  ? path_openat+0xb7e/0xf40
[   25.725947]  ? __check_sticky+0x40/0x40
[   25.725948]  ? do_filp_open+0x70/0x100
[   25.725950]  ? __check_sticky+0x40/0x40
[   25.725951]  ? __check_sticky+0x40/0x40
[   25.725953]  ? __x64_sys_openat+0x1db/0x2c0
[   25.725955]  ? do_syscall_64+0x2d/0x40
[   25.725957]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9

llseek() reports invalid block address access, the root cause is if
file has inline data, f2fs_seek_block() will access inline data regard
as block address index in inode block, which should be wrong, fix it.

Reported-by: kitestramuort <kitestramuort@autistici.org>
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/f2fs/file.c |   11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -412,9 +412,14 @@ static loff_t f2fs_seek_block(struct fil
 		goto fail;
 
 	/* handle inline data case */
-	if (f2fs_has_inline_data(inode) && whence == SEEK_HOLE) {
-		data_ofs = isize;
-		goto found;
+	if (f2fs_has_inline_data(inode)) {
+		if (whence == SEEK_HOLE) {
+			data_ofs = isize;
+			goto found;
+		} else if (whence == SEEK_DATA) {
+			data_ofs = offset;
+			goto found;
+		}
 	}
 
 	pgofs = (pgoff_t)(offset >> PAGE_SHIFT);



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 25/40] f2fs: init dirty_secmap incorrectly
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (23 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 24/40] f2fs: fix to seek incorrect data offset in inline data file Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 26/40] scsi: megaraid_sas: Check user-provided offsets Greg Kroah-Hartman
                   ` (18 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jia Yang, Jack Qiu, Chao Yu, Jaegeuk Kim

From: Jack Qiu <jack.qiu@huawei.com>

commit 5335bfc6eb688344bfcd4b4133c002c0ae0d0719 upstream.

section is dirty, but dirty_secmap may not set

Reported-by: Jia Yang <jiayang5@huawei.com>
Fixes: da52f8ade40b ("f2fs: get the right gc victim section when section has several segments")
Cc: <stable@vger.kernel.org>
Signed-off-by: Jack Qiu <jack.qiu@huawei.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/f2fs/segment.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -4544,7 +4544,7 @@ static void init_dirty_segmap(struct f2f
 		return;
 
 	mutex_lock(&dirty_i->seglist_lock);
-	for (segno = 0; segno < MAIN_SECS(sbi); segno += blks_per_sec) {
+	for (segno = 0; segno < MAIN_SEGS(sbi); segno += sbi->segs_per_sec) {
 		valid_blocks = get_valid_blocks(sbi, segno, true);
 		secno = GET_SEC_FROM_SEG(sbi, segno);
 



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 26/40] scsi: megaraid_sas: Check user-provided offsets
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (24 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 25/40] f2fs: init dirty_secmap incorrectly Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 27/40] HID: i2c-hid: add Vero K147 to descriptor override Greg Kroah-Hartman
                   ` (17 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Arnd Bergmann,
	Martin K. Petersen

From: Arnd Bergmann <arnd@arndb.de>

commit 381d34e376e3d9d27730fda8a0e870600e6c8196 upstream.

It sounds unwise to let user space pass an unchecked 32-bit offset into a
kernel structure in an ioctl. This is an unsigned variable, so checking the
upper bound for the size of the structure it points into is sufficient to
avoid data corruption, but as the pointer might also be unaligned, it has
to be written carefully as well.

While I stumbled over this problem by reading the code, I did not continue
checking the function for further problems like it.

Link: https://lore.kernel.org/r/20201030164450.1253641-2-arnd@kernel.org
Fixes: c4a3e0a529ab ("[SCSI] MegaRAID SAS RAID: new driver")
Cc: <stable@vger.kernel.org> # v2.6.15+
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/scsi/megaraid/megaraid_sas_base.c |   16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

--- a/drivers/scsi/megaraid/megaraid_sas_base.c
+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
@@ -8095,7 +8095,7 @@ megasas_mgmt_fw_ioctl(struct megasas_ins
 	int error = 0, i;
 	void *sense = NULL;
 	dma_addr_t sense_handle;
-	unsigned long *sense_ptr;
+	void *sense_ptr;
 	u32 opcode = 0;
 	int ret = DCMD_SUCCESS;
 
@@ -8218,6 +8218,13 @@ megasas_mgmt_fw_ioctl(struct megasas_ins
 	}
 
 	if (ioc->sense_len) {
+		/* make sure the pointer is part of the frame */
+		if (ioc->sense_off >
+		    (sizeof(union megasas_frame) - sizeof(__le64))) {
+			error = -EINVAL;
+			goto out;
+		}
+
 		sense = dma_alloc_coherent(&instance->pdev->dev, ioc->sense_len,
 					     &sense_handle, GFP_KERNEL);
 		if (!sense) {
@@ -8225,12 +8232,11 @@ megasas_mgmt_fw_ioctl(struct megasas_ins
 			goto out;
 		}
 
-		sense_ptr =
-		(unsigned long *) ((unsigned long)cmd->frame + ioc->sense_off);
+		sense_ptr = (void *)cmd->frame + ioc->sense_off;
 		if (instance->consistent_mask_64bit)
-			*sense_ptr = cpu_to_le64(sense_handle);
+			put_unaligned_le64(sense_handle, sense_ptr);
 		else
-			*sense_ptr = cpu_to_le32(sense_handle);
+			put_unaligned_le32(sense_handle, sense_ptr);
 	}
 
 	/*



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 27/40] HID: i2c-hid: add Vero K147 to descriptor override
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (25 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 26/40] scsi: megaraid_sas: Check user-provided offsets Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 28/40] serial_core: Check for port state when tty is in error state Greg Kroah-Hartman
                   ` (16 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Julian Sax, Hans de Goede, Jiri Kosina

From: Julian Sax <jsbc@gmx.de>

commit c870d50ce387d84b6438211a7044c60afbd5d60a upstream.

This device uses the SIPODEV SP1064 touchpad, which does not
supply descriptors, so it has to be added to the override list.

Cc: stable@vger.kernel.org
Signed-off-by: Julian Sax <jsbc@gmx.de>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c |    8 ++++++++
 1 file changed, 8 insertions(+)

--- a/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c
+++ b/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c
@@ -405,6 +405,14 @@ static const struct dmi_system_id i2c_hi
 		},
 		.driver_data = (void *)&sipodev_desc
 	},
+	{
+		.ident = "Vero K147",
+		.matches = {
+			DMI_EXACT_MATCH(DMI_SYS_VENDOR, "VERO"),
+			DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "K147"),
+		},
+		.driver_data = (void *)&sipodev_desc
+	},
 	{ }	/* Terminate list */
 };
 



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 28/40] serial_core: Check for port state when tty is in error state
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (26 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 27/40] HID: i2c-hid: add Vero K147 to descriptor override Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 29/40] fscrypt: remove kernel-internal constants from UAPI header Greg Kroah-Hartman
                   ` (15 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexey Kardashevskiy

From: Alexey Kardashevskiy <aik@ozlabs.ru>

commit 2f70e49ed860020f5abae4f7015018ebc10e1f0e upstream.

At the moment opening a serial device node (such as /dev/ttyS3)
succeeds even if there is no actual serial device behind it.
Reading/writing/ioctls fail as expected because the uart port is not
initialized (the type is PORT_UNKNOWN) and the TTY_IO_ERROR error state
bit is set fot the tty.

However setting line discipline does not have these checks
8250_port.c (8250 is the default choice made by univ8250_console_init()).
As the result of PORT_UNKNOWN, uart_port::iobase is NULL which
a platform translates onto some address accessing which produces a crash
like below.

This adds tty_port_initialized() to uart_set_ldisc() to prevent the crash.

Found by syzkaller.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Link: https://lore.kernel.org/r/20201203055834.45838-1-aik@ozlabs.ru
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/tty/serial/serial_core.c |    4 ++++
 1 file changed, 4 insertions(+)

--- a/drivers/tty/serial/serial_core.c
+++ b/drivers/tty/serial/serial_core.c
@@ -1467,6 +1467,10 @@ static void uart_set_ldisc(struct tty_st
 {
 	struct uart_state *state = tty->driver_data;
 	struct uart_port *uport;
+	struct tty_port *port = &state->port;
+
+	if (!tty_port_initialized(port))
+		return;
 
 	mutex_lock(&state->port.mutex);
 	uport = uart_port_check(state);



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 29/40] fscrypt: remove kernel-internal constants from UAPI header
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (27 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 28/40] serial_core: Check for port state when tty is in error state Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 30/40] fscrypt: add fscrypt_is_nokey_name() Greg Kroah-Hartman
                   ` (14 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Eric Biggers

From: Eric Biggers <ebiggers@google.com>

commit 3ceb6543e9cf6ed87cc1fbc6f23ca2db903564cd upstream.

There isn't really any valid reason to use __FSCRYPT_MODE_MAX or
FSCRYPT_POLICY_FLAGS_VALID in a userspace program.  These constants are
only meant to be used by the kernel internally, and they are defined in
the UAPI header next to the mode numbers and flags only so that kernel
developers don't forget to update them when adding new modes or flags.

In https://lkml.kernel.org/r/20201005074133.1958633-2-satyat@google.com
there was an example of someone wanting to use __FSCRYPT_MODE_MAX in a
user program, and it was wrong because the program would have broken if
__FSCRYPT_MODE_MAX were ever increased.  So having this definition
available is harmful.  FSCRYPT_POLICY_FLAGS_VALID has the same problem.

So, remove these definitions from the UAPI header.  Replace
FSCRYPT_POLICY_FLAGS_VALID with just listing the valid flags explicitly
in the one kernel function that needs it.  Move __FSCRYPT_MODE_MAX to
fscrypt_private.h, remove the double underscores (which were only
present to discourage use by userspace), and add a BUILD_BUG_ON() and
comments to (hopefully) ensure it is kept in sync.

Keep the old name FS_POLICY_FLAGS_VALID, since it's been around for
longer and there's a greater chance that removing it would break source
compatibility with some program.  Indeed, mtd-utils is using it in
an #ifdef, and removing it would introduce compiler warnings (about
FS_POLICY_FLAGS_PAD_* being redefined) into the mtd-utils build.
However, reduce its value to 0x07 so that it only includes the flags
with old names (the ones present before Linux 5.4), and try to make it
clear that it's now "frozen" and no new flags should be added to it.

Fixes: 2336d0deb2d4 ("fscrypt: use FSCRYPT_ prefix for uapi constants")
Cc: <stable@vger.kernel.org> # v5.4+
Link: https://lore.kernel.org/r/20201024005132.495952-1-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/crypto/fscrypt_private.h  |    9 ++++++---
 fs/crypto/keyring.c          |    2 +-
 fs/crypto/keysetup.c         |    4 +++-
 fs/crypto/policy.c           |    5 ++++-
 include/uapi/linux/fscrypt.h |    5 ++---
 5 files changed, 16 insertions(+), 9 deletions(-)

--- a/fs/crypto/fscrypt_private.h
+++ b/fs/crypto/fscrypt_private.h
@@ -25,6 +25,9 @@
 #define FSCRYPT_CONTEXT_V1	1
 #define FSCRYPT_CONTEXT_V2	2
 
+/* Keep this in sync with include/uapi/linux/fscrypt.h */
+#define FSCRYPT_MODE_MAX	FSCRYPT_MODE_ADIANTUM
+
 struct fscrypt_context_v1 {
 	u8 version; /* FSCRYPT_CONTEXT_V1 */
 	u8 contents_encryption_mode;
@@ -491,9 +494,9 @@ struct fscrypt_master_key {
 	 * Per-mode encryption keys for the various types of encryption policies
 	 * that use them.  Allocated and derived on-demand.
 	 */
-	struct fscrypt_prepared_key mk_direct_keys[__FSCRYPT_MODE_MAX + 1];
-	struct fscrypt_prepared_key mk_iv_ino_lblk_64_keys[__FSCRYPT_MODE_MAX + 1];
-	struct fscrypt_prepared_key mk_iv_ino_lblk_32_keys[__FSCRYPT_MODE_MAX + 1];
+	struct fscrypt_prepared_key mk_direct_keys[FSCRYPT_MODE_MAX + 1];
+	struct fscrypt_prepared_key mk_iv_ino_lblk_64_keys[FSCRYPT_MODE_MAX + 1];
+	struct fscrypt_prepared_key mk_iv_ino_lblk_32_keys[FSCRYPT_MODE_MAX + 1];
 
 	/* Hash key for inode numbers.  Initialized only when needed. */
 	siphash_key_t		mk_ino_hash_key;
--- a/fs/crypto/keyring.c
+++ b/fs/crypto/keyring.c
@@ -44,7 +44,7 @@ static void free_master_key(struct fscry
 
 	wipe_master_key_secret(&mk->mk_secret);
 
-	for (i = 0; i <= __FSCRYPT_MODE_MAX; i++) {
+	for (i = 0; i <= FSCRYPT_MODE_MAX; i++) {
 		fscrypt_destroy_prepared_key(&mk->mk_direct_keys[i]);
 		fscrypt_destroy_prepared_key(&mk->mk_iv_ino_lblk_64_keys[i]);
 		fscrypt_destroy_prepared_key(&mk->mk_iv_ino_lblk_32_keys[i]);
--- a/fs/crypto/keysetup.c
+++ b/fs/crypto/keysetup.c
@@ -56,6 +56,8 @@ static struct fscrypt_mode *
 select_encryption_mode(const union fscrypt_policy *policy,
 		       const struct inode *inode)
 {
+	BUILD_BUG_ON(ARRAY_SIZE(fscrypt_modes) != FSCRYPT_MODE_MAX + 1);
+
 	if (S_ISREG(inode->i_mode))
 		return &fscrypt_modes[fscrypt_policy_contents_mode(policy)];
 
@@ -168,7 +170,7 @@ static int setup_per_mode_enc_key(struct
 	unsigned int hkdf_infolen = 0;
 	int err;
 
-	if (WARN_ON(mode_num > __FSCRYPT_MODE_MAX))
+	if (WARN_ON(mode_num > FSCRYPT_MODE_MAX))
 		return -EINVAL;
 
 	prep_key = &keys[mode_num];
--- a/fs/crypto/policy.c
+++ b/fs/crypto/policy.c
@@ -175,7 +175,10 @@ static bool fscrypt_supported_v2_policy(
 		return false;
 	}
 
-	if (policy->flags & ~FSCRYPT_POLICY_FLAGS_VALID) {
+	if (policy->flags & ~(FSCRYPT_POLICY_FLAGS_PAD_MASK |
+			      FSCRYPT_POLICY_FLAG_DIRECT_KEY |
+			      FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 |
+			      FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32)) {
 		fscrypt_warn(inode, "Unsupported encryption flags (0x%02x)",
 			     policy->flags);
 		return false;
--- a/include/uapi/linux/fscrypt.h
+++ b/include/uapi/linux/fscrypt.h
@@ -20,7 +20,6 @@
 #define FSCRYPT_POLICY_FLAG_DIRECT_KEY		0x04
 #define FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64	0x08
 #define FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32	0x10
-#define FSCRYPT_POLICY_FLAGS_VALID		0x1F
 
 /* Encryption algorithms */
 #define FSCRYPT_MODE_AES_256_XTS		1
@@ -28,7 +27,7 @@
 #define FSCRYPT_MODE_AES_128_CBC		5
 #define FSCRYPT_MODE_AES_128_CTS		6
 #define FSCRYPT_MODE_ADIANTUM			9
-#define __FSCRYPT_MODE_MAX			9
+/* If adding a mode number > 9, update FSCRYPT_MODE_MAX in fscrypt_private.h */
 
 /*
  * Legacy policy version; ad-hoc KDF and no key verification.
@@ -177,7 +176,7 @@ struct fscrypt_get_key_status_arg {
 #define FS_POLICY_FLAGS_PAD_32		FSCRYPT_POLICY_FLAGS_PAD_32
 #define FS_POLICY_FLAGS_PAD_MASK	FSCRYPT_POLICY_FLAGS_PAD_MASK
 #define FS_POLICY_FLAG_DIRECT_KEY	FSCRYPT_POLICY_FLAG_DIRECT_KEY
-#define FS_POLICY_FLAGS_VALID		FSCRYPT_POLICY_FLAGS_VALID
+#define FS_POLICY_FLAGS_VALID		0x07	/* contains old flags only */
 #define FS_ENCRYPTION_MODE_INVALID	0	/* never used */
 #define FS_ENCRYPTION_MODE_AES_256_XTS	FSCRYPT_MODE_AES_256_XTS
 #define FS_ENCRYPTION_MODE_AES_256_GCM	2	/* never used */



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 30/40] fscrypt: add fscrypt_is_nokey_name()
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (28 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 29/40] fscrypt: remove kernel-internal constants from UAPI header Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 31/40] ubifs: prevent creating duplicate encrypted filenames Greg Kroah-Hartman
                   ` (13 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Eric Biggers

From: Eric Biggers <ebiggers@google.com>

commit 159e1de201b6fca10bfec50405a3b53a561096a8 upstream.

It's possible to create a duplicate filename in an encrypted directory
by creating a file concurrently with adding the encryption key.

Specifically, sys_open(O_CREAT) (or sys_mkdir(), sys_mknod(), or
sys_symlink()) can lookup the target filename while the directory's
encryption key hasn't been added yet, resulting in a negative no-key
dentry.  The VFS then calls ->create() (or ->mkdir(), ->mknod(), or
->symlink()) because the dentry is negative.  Normally, ->create() would
return -ENOKEY due to the directory's key being unavailable.  However,
if the key was added between the dentry lookup and ->create(), then the
filesystem will go ahead and try to create the file.

If the target filename happens to already exist as a normal name (not a
no-key name), a duplicate filename may be added to the directory.

In order to fix this, we need to fix the filesystems to prevent
->create(), ->mkdir(), ->mknod(), and ->symlink() on no-key names.
(->rename() and ->link() need it too, but those are already handled
correctly by fscrypt_prepare_rename() and fscrypt_prepare_link().)

In preparation for this, add a helper function fscrypt_is_nokey_name()
that filesystems can use to do this check.  Use this helper function for
the existing checks that fs/crypto/ does for rename and link.

Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20201118075609.120337-2-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/crypto/hooks.c       |    5 +++--
 include/linux/fscrypt.h |   34 ++++++++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+), 2 deletions(-)

--- a/fs/crypto/hooks.c
+++ b/fs/crypto/hooks.c
@@ -61,7 +61,7 @@ int __fscrypt_prepare_link(struct inode
 		return err;
 
 	/* ... in case we looked up no-key name before key was added */
-	if (dentry->d_flags & DCACHE_NOKEY_NAME)
+	if (fscrypt_is_nokey_name(dentry))
 		return -ENOKEY;
 
 	if (!fscrypt_has_permitted_context(dir, inode))
@@ -86,7 +86,8 @@ int __fscrypt_prepare_rename(struct inod
 		return err;
 
 	/* ... in case we looked up no-key name(s) before key was added */
-	if ((old_dentry->d_flags | new_dentry->d_flags) & DCACHE_NOKEY_NAME)
+	if (fscrypt_is_nokey_name(old_dentry) ||
+	    fscrypt_is_nokey_name(new_dentry))
 		return -ENOKEY;
 
 	if (old_dir != new_dir) {
--- a/include/linux/fscrypt.h
+++ b/include/linux/fscrypt.h
@@ -111,6 +111,35 @@ static inline void fscrypt_handle_d_move
 	dentry->d_flags &= ~DCACHE_NOKEY_NAME;
 }
 
+/**
+ * fscrypt_is_nokey_name() - test whether a dentry is a no-key name
+ * @dentry: the dentry to check
+ *
+ * This returns true if the dentry is a no-key dentry.  A no-key dentry is a
+ * dentry that was created in an encrypted directory that hasn't had its
+ * encryption key added yet.  Such dentries may be either positive or negative.
+ *
+ * When a filesystem is asked to create a new filename in an encrypted directory
+ * and the new filename's dentry is a no-key dentry, it must fail the operation
+ * with ENOKEY.  This includes ->create(), ->mkdir(), ->mknod(), ->symlink(),
+ * ->rename(), and ->link().  (However, ->rename() and ->link() are already
+ * handled by fscrypt_prepare_rename() and fscrypt_prepare_link().)
+ *
+ * This is necessary because creating a filename requires the directory's
+ * encryption key, but just checking for the key on the directory inode during
+ * the final filesystem operation doesn't guarantee that the key was available
+ * during the preceding dentry lookup.  And the key must have already been
+ * available during the dentry lookup in order for it to have been checked
+ * whether the filename already exists in the directory and for the new file's
+ * dentry not to be invalidated due to it incorrectly having the no-key flag.
+ *
+ * Return: %true if the dentry is a no-key name
+ */
+static inline bool fscrypt_is_nokey_name(const struct dentry *dentry)
+{
+	return dentry->d_flags & DCACHE_NOKEY_NAME;
+}
+
 /* crypto.c */
 void fscrypt_enqueue_decrypt_work(struct work_struct *);
 
@@ -244,6 +273,11 @@ static inline void fscrypt_handle_d_move
 {
 }
 
+static inline bool fscrypt_is_nokey_name(const struct dentry *dentry)
+{
+	return false;
+}
+
 /* crypto.c */
 static inline void fscrypt_enqueue_decrypt_work(struct work_struct *work)
 {



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 31/40] ubifs: prevent creating duplicate encrypted filenames
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (29 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 30/40] fscrypt: add fscrypt_is_nokey_name() Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 32/40] ext4: " Greg Kroah-Hartman
                   ` (12 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Eric Biggers

From: Eric Biggers <ebiggers@google.com>

commit 76786a0f083473de31678bdb259a3d4167cf756d upstream.

As described in "fscrypt: add fscrypt_is_nokey_name()", it's possible to
create a duplicate filename in an encrypted directory by creating a file
concurrently with adding the directory's encryption key.

Fix this bug on ubifs by rejecting no-key dentries in ubifs_create(),
ubifs_mkdir(), ubifs_mknod(), and ubifs_symlink().

Note that ubifs doesn't actually report the duplicate filenames from
readdir, but rather it seems to replace the original dentry with a new
one (which is still wrong, just a different effect from ext4).

On ubifs, this fixes xfstest generic/595 as well as the new xfstest I
wrote specifically for this bug.

Fixes: f4f61d2cc6d8 ("ubifs: Implement encrypted filenames")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20201118075609.120337-5-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/ubifs/dir.c |   17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

--- a/fs/ubifs/dir.c
+++ b/fs/ubifs/dir.c
@@ -270,6 +270,15 @@ done:
 	return d_splice_alias(inode, dentry);
 }
 
+static int ubifs_prepare_create(struct inode *dir, struct dentry *dentry,
+				struct fscrypt_name *nm)
+{
+	if (fscrypt_is_nokey_name(dentry))
+		return -ENOKEY;
+
+	return fscrypt_setup_filename(dir, &dentry->d_name, 0, nm);
+}
+
 static int ubifs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
 			bool excl)
 {
@@ -293,7 +302,7 @@ static int ubifs_create(struct inode *di
 	if (err)
 		return err;
 
-	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
+	err = ubifs_prepare_create(dir, dentry, &nm);
 	if (err)
 		goto out_budg;
 
@@ -953,7 +962,7 @@ static int ubifs_mkdir(struct inode *dir
 	if (err)
 		return err;
 
-	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
+	err = ubifs_prepare_create(dir, dentry, &nm);
 	if (err)
 		goto out_budg;
 
@@ -1038,7 +1047,7 @@ static int ubifs_mknod(struct inode *dir
 		return err;
 	}
 
-	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
+	err = ubifs_prepare_create(dir, dentry, &nm);
 	if (err) {
 		kfree(dev);
 		goto out_budg;
@@ -1122,7 +1131,7 @@ static int ubifs_symlink(struct inode *d
 	if (err)
 		return err;
 
-	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
+	err = ubifs_prepare_create(dir, dentry, &nm);
 	if (err)
 		goto out_budg;
 



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 32/40] ext4: prevent creating duplicate encrypted filenames
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (30 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 31/40] ubifs: prevent creating duplicate encrypted filenames Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 33/40] f2fs: " Greg Kroah-Hartman
                   ` (11 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Eric Biggers

From: Eric Biggers <ebiggers@google.com>

commit 75d18cd1868c2aee43553723872c35d7908f240f upstream.

As described in "fscrypt: add fscrypt_is_nokey_name()", it's possible to
create a duplicate filename in an encrypted directory by creating a file
concurrently with adding the directory's encryption key.

Fix this bug on ext4 by rejecting no-key dentries in ext4_add_entry().

Note that the duplicate check in ext4_find_dest_de() sometimes prevented
this bug.  However in many cases it didn't, since ext4_find_dest_de()
doesn't examine every dentry.

Fixes: 4461471107b7 ("ext4 crypto: enable filename encryption")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20201118075609.120337-3-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/ext4/namei.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -2195,6 +2195,9 @@ static int ext4_add_entry(handle_t *hand
 	if (!dentry->d_name.len)
 		return -EINVAL;
 
+	if (fscrypt_is_nokey_name(dentry))
+		return -ENOKEY;
+
 #ifdef CONFIG_UNICODE
 	if (sb_has_strict_encoding(sb) && IS_CASEFOLDED(dir) &&
 	    sb->s_encoding && utf8_validate(sb->s_encoding, &dentry->d_name))



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 33/40] f2fs: prevent creating duplicate encrypted filenames
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (31 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 32/40] ext4: " Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 34/40] Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() Greg Kroah-Hartman
                   ` (10 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Eric Biggers

From: Eric Biggers <ebiggers@google.com>

commit bfc2b7e8518999003a61f91c1deb5e88ed77b07d upstream.

As described in "fscrypt: add fscrypt_is_nokey_name()", it's possible to
create a duplicate filename in an encrypted directory by creating a file
concurrently with adding the directory's encryption key.

Fix this bug on f2fs by rejecting no-key dentries in f2fs_add_link().

Note that the weird check for the current task in f2fs_do_add_link()
seems to make this bug difficult to reproduce on f2fs.

Fixes: 9ea97163c6da ("f2fs crypto: add filename encryption for f2fs_add_link")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20201118075609.120337-4-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/f2fs/f2fs.h |    2 ++
 1 file changed, 2 insertions(+)

--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -3251,6 +3251,8 @@ bool f2fs_empty_dir(struct inode *dir);
 
 static inline int f2fs_add_link(struct dentry *dentry, struct inode *inode)
 {
+	if (fscrypt_is_nokey_name(dentry))
+		return -ENOKEY;
 	return f2fs_do_add_link(d_inode(dentry->d_parent), &dentry->d_name,
 				inode, inode->i_ino, inode->i_mode);
 }



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 34/40] Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (32 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 33/40] f2fs: " Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 35/40] quota: Sanity-check quota file headers on load Greg Kroah-Hartman
                   ` (9 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Peilin Ye, Marcel Holtmann,
	syzbot+24ebd650e20bd263ca01

From: Peilin Ye <yepeilin.cs@gmail.com>

commit f7e0e8b2f1b0a09b527885babda3e912ba820798 upstream.

`num_reports` is not being properly checked. A malformed event packet with
a large `num_reports` number makes hci_le_direct_adv_report_evt() read out
of bounds. Fix it.

Cc: stable@vger.kernel.org
Fixes: 2f010b55884e ("Bluetooth: Add support for handling LE Direct Advertising Report events")
Reported-and-tested-by: syzbot+24ebd650e20bd263ca01@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?extid=24ebd650e20bd263ca01
Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/bluetooth/hci_event.c |   12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -5868,21 +5868,19 @@ static void hci_le_direct_adv_report_evt
 					 struct sk_buff *skb)
 {
 	u8 num_reports = skb->data[0];
-	void *ptr = &skb->data[1];
+	struct hci_ev_le_direct_adv_info *ev = (void *)&skb->data[1];
 
-	hci_dev_lock(hdev);
+	if (!num_reports || skb->len < num_reports * sizeof(*ev) + 1)
+		return;
 
-	while (num_reports--) {
-		struct hci_ev_le_direct_adv_info *ev = ptr;
+	hci_dev_lock(hdev);
 
+	for (; num_reports; num_reports--, ev++)
 		process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
 				   ev->bdaddr_type, &ev->direct_addr,
 				   ev->direct_addr_type, ev->rssi, NULL, 0,
 				   false);
 
-		ptr += sizeof(*ev);
-	}
-
 	hci_dev_unlock(hdev);
 }
 



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 35/40] quota: Sanity-check quota file headers on load
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (33 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 34/40] Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 36/40] fs: quota: fix array-index-out-of-bounds bug by passing correct argument to vfs_cleanup_quota_inode() Greg Kroah-Hartman
                   ` (8 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, syzbot+f816042a7ae2225f25ba,
	Andreas Dilger, Jan Kara

From: Jan Kara <jack@suse.cz>

commit 11c514a99bb960941535134f0587102855e8ddee upstream.

Perform basic sanity checks of quota headers to avoid kernel crashes on
corrupted quota files.

CC: stable@vger.kernel.org
Reported-by: syzbot+f816042a7ae2225f25ba@syzkaller.appspotmail.com
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/quota/quota_v2.c |   19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

--- a/fs/quota/quota_v2.c
+++ b/fs/quota/quota_v2.c
@@ -157,6 +157,25 @@ static int v2_read_file_info(struct supe
 		qinfo->dqi_entry_size = sizeof(struct v2r1_disk_dqblk);
 		qinfo->dqi_ops = &v2r1_qtree_ops;
 	}
+	ret = -EUCLEAN;
+	/* Some sanity checks of the read headers... */
+	if ((loff_t)qinfo->dqi_blocks << qinfo->dqi_blocksize_bits >
+	    i_size_read(sb_dqopt(sb)->files[type])) {
+		quota_error(sb, "Number of blocks too big for quota file size (%llu > %llu).",
+		    (loff_t)qinfo->dqi_blocks << qinfo->dqi_blocksize_bits,
+		    i_size_read(sb_dqopt(sb)->files[type]));
+		goto out;
+	}
+	if (qinfo->dqi_free_blk >= qinfo->dqi_blocks) {
+		quota_error(sb, "Free block number too big (%u >= %u).",
+			    qinfo->dqi_free_blk, qinfo->dqi_blocks);
+		goto out;
+	}
+	if (qinfo->dqi_free_entry >= qinfo->dqi_blocks) {
+		quota_error(sb, "Block with free entry too big (%u >= %u).",
+			    qinfo->dqi_free_entry, qinfo->dqi_blocks);
+		goto out;
+	}
 	ret = 0;
 out:
 	up_read(&dqopt->dqio_sem);



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 36/40] fs: quota: fix array-index-out-of-bounds bug by passing correct argument to vfs_cleanup_quota_inode()
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (34 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 35/40] quota: Sanity-check quota file headers on load Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 37/40] media: msi2500: assign SPI bus number dynamically Greg Kroah-Hartman
                   ` (7 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, syzbot+2643e825238d7aabb37f,
	Anant Thazhemadam, Jan Kara

From: Anant Thazhemadam <anant.thazhemadam@gmail.com>

commit e51d68e76d604c6d5d1eb13ae1d6da7f6c8c0dfc upstream.

When dquot_resume() was last updated, the argument that got passed
to vfs_cleanup_quota_inode was incorrectly set.

If type = -1 and dquot_load_quota_sb() returns a negative value,
then vfs_cleanup_quota_inode() gets called with -1 passed as an
argument, and this leads to an array-index-out-of-bounds bug.

Fix this issue by correctly passing the arguments.

Fixes: ae45f07d47cc ("quota: Simplify dquot_resume()")
Link: https://lore.kernel.org/r/20201208194338.7064-1-anant.thazhemadam@gmail.com
Reported-by: syzbot+2643e825238d7aabb37f@syzkaller.appspotmail.com
Tested-by: syzbot+2643e825238d7aabb37f@syzkaller.appspotmail.com
CC: stable@vger.kernel.org
Signed-off-by: Anant Thazhemadam <anant.thazhemadam@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/quota/dquot.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/quota/dquot.c
+++ b/fs/quota/dquot.c
@@ -2455,7 +2455,7 @@ int dquot_resume(struct super_block *sb,
 		ret = dquot_load_quota_sb(sb, cnt, dqopt->info[cnt].dqi_fmt_id,
 					  flags);
 		if (ret < 0)
-			vfs_cleanup_quota_inode(sb, type);
+			vfs_cleanup_quota_inode(sb, cnt);
 	}
 
 	return ret;



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 37/40] media: msi2500: assign SPI bus number dynamically
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (35 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 36/40] fs: quota: fix array-index-out-of-bounds bug by passing correct argument to vfs_cleanup_quota_inode() Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 38/40] crypto: af_alg - avoid undefined behavior accessing salg_name Greg Kroah-Hartman
                   ` (6 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Antti Palosaari,
	Mauro Carvalho Chehab, syzbot+c60ddb60b685777d9d59

From: Antti Palosaari <crope@iki.fi>

commit 9c60cc797cf72e95bb39f32316e9f0e5f85435f9 upstream.

SPI bus number must be assigned dynamically for each device, otherwise it
will crash when multiple devices are plugged to system.

Reported-and-tested-by: syzbot+c60ddb60b685777d9d59@syzkaller.appspotmail.com

Cc: stable@vger.kernel.org
Signed-off-by: Antti Palosaari <crope@iki.fi>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/media/usb/msi2500/msi2500.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/media/usb/msi2500/msi2500.c
+++ b/drivers/media/usb/msi2500/msi2500.c
@@ -1230,7 +1230,7 @@ static int msi2500_probe(struct usb_inte
 	}
 
 	dev->master = master;
-	master->bus_num = 0;
+	master->bus_num = -1;
 	master->num_chipselect = 1;
 	master->transfer_one_message = msi2500_transfer_one_message;
 	spi_master_set_devdata(master, dev);



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 38/40] crypto: af_alg - avoid undefined behavior accessing salg_name
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (36 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 37/40] media: msi2500: assign SPI bus number dynamically Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 39/40] nl80211: validate key indexes for cfg80211_registered_device Greg Kroah-Hartman
                   ` (5 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, syzbot+92ead4eb8e26a26d465e,
	Eric Biggers, Herbert Xu

From: Eric Biggers <ebiggers@google.com>

commit 92eb6c3060ebe3adf381fd9899451c5b047bb14d upstream.

Commit 3f69cc60768b ("crypto: af_alg - Allow arbitrarily long algorithm
names") made the kernel start accepting arbitrarily long algorithm names
in sockaddr_alg.  However, the actual length of the salg_name field
stayed at the original 64 bytes.

This is broken because the kernel can access indices >= 64 in salg_name,
which is undefined behavior -- even though the memory that is accessed
is still located within the sockaddr structure.  It would only be
defined behavior if the array were properly marked as arbitrary-length
(either by making it a flexible array, which is the recommended way
these days, or by making it an array of length 0 or 1).

We can't simply change salg_name into a flexible array, since that would
break source compatibility with userspace programs that embed
sockaddr_alg into another struct, or (more commonly) declare a
sockaddr_alg like 'struct sockaddr_alg sa = { .salg_name = "foo" };'.

One solution would be to change salg_name into a flexible array only
when '#ifdef __KERNEL__'.  However, that would keep userspace without an
easy way to actually use the longer algorithm names.

Instead, add a new structure 'sockaddr_alg_new' that has the flexible
array field, and expose it to both userspace and the kernel.
Make the kernel use it correctly in alg_bind().

This addresses the syzbot report
"UBSAN: array-index-out-of-bounds in alg_bind"
(https://syzkaller.appspot.com/bug?extid=92ead4eb8e26a26d465e).

Reported-by: syzbot+92ead4eb8e26a26d465e@syzkaller.appspotmail.com
Fixes: 3f69cc60768b ("crypto: af_alg - Allow arbitrarily long algorithm names")
Cc: <stable@vger.kernel.org> # v4.12+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 crypto/af_alg.c             |   10 +++++++---
 include/uapi/linux/if_alg.h |   16 ++++++++++++++++
 2 files changed, 23 insertions(+), 3 deletions(-)

--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -147,7 +147,7 @@ static int alg_bind(struct socket *sock,
 	const u32 allowed = CRYPTO_ALG_KERN_DRIVER_ONLY;
 	struct sock *sk = sock->sk;
 	struct alg_sock *ask = alg_sk(sk);
-	struct sockaddr_alg *sa = (void *)uaddr;
+	struct sockaddr_alg_new *sa = (void *)uaddr;
 	const struct af_alg_type *type;
 	void *private;
 	int err;
@@ -155,7 +155,11 @@ static int alg_bind(struct socket *sock,
 	if (sock->state == SS_CONNECTED)
 		return -EINVAL;
 
-	if (addr_len < sizeof(*sa))
+	BUILD_BUG_ON(offsetof(struct sockaddr_alg_new, salg_name) !=
+		     offsetof(struct sockaddr_alg, salg_name));
+	BUILD_BUG_ON(offsetof(struct sockaddr_alg, salg_name) != sizeof(*sa));
+
+	if (addr_len < sizeof(*sa) + 1)
 		return -EINVAL;
 
 	/* If caller uses non-allowed flag, return error. */
@@ -163,7 +167,7 @@ static int alg_bind(struct socket *sock,
 		return -EINVAL;
 
 	sa->salg_type[sizeof(sa->salg_type) - 1] = 0;
-	sa->salg_name[sizeof(sa->salg_name) + addr_len - sizeof(*sa) - 1] = 0;
+	sa->salg_name[addr_len - sizeof(*sa) - 1] = 0;
 
 	type = alg_get_type(sa->salg_type);
 	if (PTR_ERR(type) == -ENOENT) {
--- a/include/uapi/linux/if_alg.h
+++ b/include/uapi/linux/if_alg.h
@@ -24,6 +24,22 @@ struct sockaddr_alg {
 	__u8	salg_name[64];
 };
 
+/*
+ * Linux v4.12 and later removed the 64-byte limit on salg_name[]; it's now an
+ * arbitrary-length field.  We had to keep the original struct above for source
+ * compatibility with existing userspace programs, though.  Use the new struct
+ * below if support for very long algorithm names is needed.  To do this,
+ * allocate 'sizeof(struct sockaddr_alg_new) + strlen(algname) + 1' bytes, and
+ * copy algname (including the null terminator) into salg_name.
+ */
+struct sockaddr_alg_new {
+	__u16	salg_family;
+	__u8	salg_type[14];
+	__u32	salg_feat;
+	__u32	salg_mask;
+	__u8	salg_name[];
+};
+
 struct af_alg_iv {
 	__u32	ivlen;
 	__u8	iv[0];



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 39/40] nl80211: validate key indexes for cfg80211_registered_device
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (37 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 38/40] crypto: af_alg - avoid undefined behavior accessing salg_name Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 15:33 ` [PATCH 5.10 40/40] md: fix a warning caused by a race between concurrent md_ioctl()s Greg Kroah-Hartman
                   ` (4 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, syzbot+49d4cab497c2142ee170,
	Johannes Berg, Anant Thazhemadam, Johannes Berg

From: Anant Thazhemadam <anant.thazhemadam@gmail.com>

commit 2d9463083ce92636a1bdd3e30d1236e3e95d859e upstream.

syzbot discovered a bug in which an OOB access was being made because
an unsuitable key_idx value was wrongly considered to be acceptable
while deleting a key in nl80211_del_key().

Since we don't know the cipher at the time of deletion, if
cfg80211_validate_key_settings() were to be called directly in
nl80211_del_key(), even valid keys would be wrongly determined invalid,
and deletion wouldn't occur correctly.
For this reason, a new function - cfg80211_valid_key_idx(), has been
created, to determine if the key_idx value provided is valid or not.
cfg80211_valid_key_idx() is directly called in 2 places -
nl80211_del_key(), and cfg80211_validate_key_settings().

Reported-by: syzbot+49d4cab497c2142ee170@syzkaller.appspotmail.com
Tested-by: syzbot+49d4cab497c2142ee170@syzkaller.appspotmail.com
Suggested-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Anant Thazhemadam <anant.thazhemadam@gmail.com>
Link: https://lore.kernel.org/r/20201204215825.129879-1-anant.thazhemadam@gmail.com
Cc: stable@vger.kernel.org
[also disallow IGTK key IDs if no IGTK cipher is supported]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/wireless/core.h    |    2 +
 net/wireless/nl80211.c |    7 +++---
 net/wireless/util.c    |   51 +++++++++++++++++++++++++++++++++++++++++--------
 3 files changed, 49 insertions(+), 11 deletions(-)

--- a/net/wireless/core.h
+++ b/net/wireless/core.h
@@ -433,6 +433,8 @@ void cfg80211_sme_abandon_assoc(struct w
 
 /* internal helpers */
 bool cfg80211_supported_cipher_suite(struct wiphy *wiphy, u32 cipher);
+bool cfg80211_valid_key_idx(struct cfg80211_registered_device *rdev,
+			    int key_idx, bool pairwise);
 int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev,
 				   struct key_params *params, int key_idx,
 				   bool pairwise, const u8 *mac_addr);
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -4260,9 +4260,6 @@ static int nl80211_del_key(struct sk_buf
 	if (err)
 		return err;
 
-	if (key.idx < 0)
-		return -EINVAL;
-
 	if (info->attrs[NL80211_ATTR_MAC])
 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
 
@@ -4278,6 +4275,10 @@ static int nl80211_del_key(struct sk_buf
 	    key.type != NL80211_KEYTYPE_GROUP)
 		return -EINVAL;
 
+	if (!cfg80211_valid_key_idx(rdev, key.idx,
+				    key.type == NL80211_KEYTYPE_PAIRWISE))
+		return -EINVAL;
+
 	if (!rdev->ops->del_key)
 		return -EOPNOTSUPP;
 
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -272,18 +272,53 @@ bool cfg80211_supported_cipher_suite(str
 	return false;
 }
 
-int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev,
-				   struct key_params *params, int key_idx,
-				   bool pairwise, const u8 *mac_addr)
+static bool
+cfg80211_igtk_cipher_supported(struct cfg80211_registered_device *rdev)
+{
+	struct wiphy *wiphy = &rdev->wiphy;
+	int i;
+
+	for (i = 0; i < wiphy->n_cipher_suites; i++) {
+		switch (wiphy->cipher_suites[i]) {
+		case WLAN_CIPHER_SUITE_AES_CMAC:
+		case WLAN_CIPHER_SUITE_BIP_CMAC_256:
+		case WLAN_CIPHER_SUITE_BIP_GMAC_128:
+		case WLAN_CIPHER_SUITE_BIP_GMAC_256:
+			return true;
+		}
+	}
+
+	return false;
+}
+
+bool cfg80211_valid_key_idx(struct cfg80211_registered_device *rdev,
+			    int key_idx, bool pairwise)
 {
-	int max_key_idx = 5;
+	int max_key_idx;
 
-	if (wiphy_ext_feature_isset(&rdev->wiphy,
-				    NL80211_EXT_FEATURE_BEACON_PROTECTION) ||
-	    wiphy_ext_feature_isset(&rdev->wiphy,
-				    NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT))
+	if (pairwise)
+		max_key_idx = 3;
+	else if (wiphy_ext_feature_isset(&rdev->wiphy,
+					 NL80211_EXT_FEATURE_BEACON_PROTECTION) ||
+		 wiphy_ext_feature_isset(&rdev->wiphy,
+					 NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT))
 		max_key_idx = 7;
+	else if (cfg80211_igtk_cipher_supported(rdev))
+		max_key_idx = 5;
+	else
+		max_key_idx = 3;
+
 	if (key_idx < 0 || key_idx > max_key_idx)
+		return false;
+
+	return true;
+}
+
+int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev,
+				   struct key_params *params, int key_idx,
+				   bool pairwise, const u8 *mac_addr)
+{
+	if (!cfg80211_valid_key_idx(rdev, key_idx, pairwise))
 		return -EINVAL;
 
 	if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))



^ permalink raw reply	[flat|nested] 62+ messages in thread

* [PATCH 5.10 40/40] md: fix a warning caused by a race between concurrent md_ioctl()s
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (38 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 39/40] nl80211: validate key indexes for cfg80211_registered_device Greg Kroah-Hartman
@ 2020-12-23 15:33 ` Greg Kroah-Hartman
  2020-12-23 19:26 ` [PATCH 5.10 00/40] 5.10.3-rc1 review Jon Hunter
                   ` (3 subsequent siblings)
  43 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-23 15:33 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, syzbot+1e46a0864c1a6e9bd3d8,
	Dae R. Jeong, Song Liu

From: Dae R. Jeong <dae.r.jeong@kaist.ac.kr>

commit c731b84b51bf7fe83448bea8f56a6d55006b0615 upstream.

Syzkaller reports a warning as belows.
WARNING: CPU: 0 PID: 9647 at drivers/md/md.c:7169
...
Call Trace:
...
RIP: 0010:md_ioctl+0x4017/0x5980 drivers/md/md.c:7169
RSP: 0018:ffff888096027950 EFLAGS: 00010293
RAX: ffff88809322c380 RBX: 0000000000000932 RCX: ffffffff84e266f2
RDX: 0000000000000000 RSI: ffffffff84e299f7 RDI: 0000000000000007
RBP: ffff888096027bc0 R08: ffff88809322c380 R09: ffffed101341a482
R10: ffff888096027940 R11: ffff88809a0d240f R12: 0000000000000932
R13: ffff8880a2c14100 R14: ffff88809a0d2268 R15: ffff88809a0d2408
 __blkdev_driver_ioctl block/ioctl.c:304 [inline]
 blkdev_ioctl+0xece/0x1c10 block/ioctl.c:606
 block_ioctl+0xee/0x130 fs/block_dev.c:1930
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:509 [inline]
 do_vfs_ioctl+0xd5f/0x1380 fs/ioctl.c:696
 ksys_ioctl+0xab/0xd0 fs/ioctl.c:713
 __do_sys_ioctl fs/ioctl.c:720 [inline]
 __se_sys_ioctl fs/ioctl.c:718 [inline]
 __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:718
 do_syscall_64+0xfd/0x680 arch/x86/entry/common.c:301
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

This is caused by a race between two concurrenct md_ioctl()s closing
the array.
CPU1 (md_ioctl())                   CPU2 (md_ioctl())
------                              ------
set_bit(MD_CLOSING, &mddev->flags);
did_set_md_closing = true;
                                    WARN_ON_ONCE(test_bit(MD_CLOSING,
                                            &mddev->flags));
if(did_set_md_closing)
    clear_bit(MD_CLOSING, &mddev->flags);

Fix the warning by returning immediately if the MD_CLOSING bit is set
in &mddev->flags which indicates that the array is being closed.

Fixes: 065e519e71b2 ("md: MD_CLOSING needs to be cleared after called md_set_readonly or do_md_stop")
Reported-by: syzbot+1e46a0864c1a6e9bd3d8@syzkaller.appspotmail.com
Cc: stable@vger.kernel.org
Signed-off-by: Dae R. Jeong <dae.r.jeong@kaist.ac.kr>
Signed-off-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/md/md.c |    7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -7590,8 +7590,11 @@ static int md_ioctl(struct block_device
 			err = -EBUSY;
 			goto out;
 		}
-		WARN_ON_ONCE(test_bit(MD_CLOSING, &mddev->flags));
-		set_bit(MD_CLOSING, &mddev->flags);
+		if (test_and_set_bit(MD_CLOSING, &mddev->flags)) {
+			mutex_unlock(&mddev->open_mutex);
+			err = -EBUSY;
+			goto out;
+		}
 		did_set_md_closing = true;
 		mutex_unlock(&mddev->open_mutex);
 		sync_blockdev(bdev);



^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH 5.10 00/40] 5.10.3-rc1 review
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (39 preceding siblings ...)
  2020-12-23 15:33 ` [PATCH 5.10 40/40] md: fix a warning caused by a race between concurrent md_ioctl()s Greg Kroah-Hartman
@ 2020-12-23 19:26 ` Jon Hunter
  2020-12-26 15:07   ` Greg Kroah-Hartman
  2020-12-24  0:56 ` Daniel Díaz
                   ` (2 subsequent siblings)
  43 siblings, 1 reply; 62+ messages in thread
From: Jon Hunter @ 2020-12-23 19:26 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
	lkft-triage, pavel, stable, linux-tegra

On Wed, 23 Dec 2020 16:33:01 +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.10.3 release.
> There are 40 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Fri, 25 Dec 2020 15:05:02 +0000.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.3-rc1.gz
> or in the git tree and branch at:
> 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h

All tests passing for Tegra ...

Test results for stable-v5.10:
    12 builds:	12 pass, 0 fail
    26 boots:	26 pass, 0 fail
    64 tests:	64 pass, 0 fail

Linux version:	5.10.3-rc1-ga5ba578b5228
Boards tested:	tegra124-jetson-tk1, tegra186-p2771-0000,
                tegra194-p2972-0000, tegra20-ventana,
                tegra210-p2371-2180, tegra210-p3450-0000,
                tegra30-cardhu-a04

Tested-by: Jon Hunter <jonathanh@nvidia.com>

Jon

^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH 5.10 00/40] 5.10.3-rc1 review
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (40 preceding siblings ...)
  2020-12-23 19:26 ` [PATCH 5.10 00/40] 5.10.3-rc1 review Jon Hunter
@ 2020-12-24  0:56 ` Daniel Díaz
  2020-12-26 15:07   ` Greg Kroah-Hartman
  2020-12-24  9:43 ` Jeffrin Jose T
  2020-12-24 15:26 ` Guenter Roeck
  43 siblings, 1 reply; 62+ messages in thread
From: Daniel Díaz @ 2020-12-24  0:56 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: shuah, patches, lkft-triage, stable, pavel, akpm, torvalds, linux

Hello!

On 12/23/20 9:33 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.10.3 release.
> There are 40 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Fri, 25 Dec 2020 15:05:02 +0000.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.3-rc1.gz
> or in the git tree and branch at:
> 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h

Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.

Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>

Summary
------------------------------------------------------------------------

kernel: 5.10.3-rc1
git repo: ['https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git', 'https://gitlab.com/Linaro/lkft/mirrors/stable/linux-stable-rc']
git branch: linux-5.10.y
git commit: a5ba578b52286e2a855f6b172c851d7afbf68e60
git describe: v5.10.2-41-ga5ba578b5228
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-5.10.y/build/v5.10.2-41-ga5ba578b5228

No regressions (compared to build v5.10.2)

No fixes (compared to build v5.10.2)

Ran 50032 total tests in the following environments and test suites.

Environments
--------------
- arc
- arm
- arm64
- dragonboard-410c
- hi6220-hikey
- i386
- juno-r2
- juno-r2-compat
- juno-r2-kasan
- mips
- parisc
- powerpc
- qemu-arm-clang
- qemu-arm64-clang
- qemu-arm64-kasan
- qemu-i386-clang
- qemu-x86_64-clang
- qemu-x86_64-kasan
- qemu-x86_64-kcsan
- qemu_arm
- qemu_arm64
- qemu_arm64-compat
- qemu_i386
- qemu_x86_64
- qemu_x86_64-compat
- riscv
- s390
- sh
- sparc
- x15
- x86
- x86-kasan

Test Suites
-----------
* build
* fwts
* install-android-platform-tools-r2600
* kselftest
* kselftest-vsyscall-mode-native
* kselftest-vsyscall-mode-none
* kunit
* kvm-unit-tests
* libhugetlbfs
* linux-log-parser
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-containers-tests
* ltp-controllers-tests
* ltp-cpuhotplug-tests
* ltp-crypto-tests
* ltp-cve-tests
* ltp-dio-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fs-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* ltp-nptl-tests
* ltp-open-posix-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-syscalls-tests
* ltp-tracing-tests
* network-basic-tests
* perf
* rcutorture
* v4l2-compliance

Happy holidays, greetings!

Daniel Díaz
daniel.diaz@linaro.org

-- 
Linaro LKFT
https://lkft.linaro.org

^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH 5.10 24/40] f2fs: fix to seek incorrect data offset in inline data file
  2020-12-23 15:33 ` [PATCH 5.10 24/40] f2fs: fix to seek incorrect data offset in inline data file Greg Kroah-Hartman
@ 2020-12-24  1:11   ` Chao Yu
  2020-12-24  7:52     ` Greg Kroah-Hartman
  0 siblings, 1 reply; 62+ messages in thread
From: Chao Yu @ 2020-12-24  1:11 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: linux-kernel, stable, kitestramuort, Jaegeuk Kim

Hi Greg,

Thanks a lot for helping to resend and merge the patch. :)

Thanks,

On 2020/12/23 23:33, Greg Kroah-Hartman wrote:
> From: Chao Yu <yuchao0@huawei.com>
> 
> commit 7a6e59d719ef0ec9b3d765cba3ba98ee585cbde3 upstream.
> 
> As kitestramuort reported:
> 
> F2FS-fs (nvme0n1p4): access invalid blkaddr:1598541474
> [   25.725898] ------------[ cut here ]------------
> [   25.725903] WARNING: CPU: 6 PID: 2018 at f2fs_is_valid_blkaddr+0x23a/0x250
> [   25.725923] Call Trace:
> [   25.725927]  ? f2fs_llseek+0x204/0x620
> [   25.725929]  ? ovl_copy_up_data+0x14f/0x200
> [   25.725931]  ? ovl_copy_up_inode+0x174/0x1e0
> [   25.725933]  ? ovl_copy_up_one+0xa22/0xdf0
> [   25.725936]  ? ovl_copy_up_flags+0xa6/0xf0
> [   25.725938]  ? ovl_aio_cleanup_handler+0xd0/0xd0
> [   25.725939]  ? ovl_maybe_copy_up+0x86/0xa0
> [   25.725941]  ? ovl_open+0x22/0x80
> [   25.725943]  ? do_dentry_open+0x136/0x350
> [   25.725945]  ? path_openat+0xb7e/0xf40
> [   25.725947]  ? __check_sticky+0x40/0x40
> [   25.725948]  ? do_filp_open+0x70/0x100
> [   25.725950]  ? __check_sticky+0x40/0x40
> [   25.725951]  ? __check_sticky+0x40/0x40
> [   25.725953]  ? __x64_sys_openat+0x1db/0x2c0
> [   25.725955]  ? do_syscall_64+0x2d/0x40
> [   25.725957]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
> 
> llseek() reports invalid block address access, the root cause is if
> file has inline data, f2fs_seek_block() will access inline data regard
> as block address index in inode block, which should be wrong, fix it.
> 
> Reported-by: kitestramuort <kitestramuort@autistici.org>
> Signed-off-by: Chao Yu <yuchao0@huawei.com>
> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> 
> ---
>   fs/f2fs/file.c |   11 ++++++++---
>   1 file changed, 8 insertions(+), 3 deletions(-)
> 
> --- a/fs/f2fs/file.c
> +++ b/fs/f2fs/file.c
> @@ -412,9 +412,14 @@ static loff_t f2fs_seek_block(struct fil
>   		goto fail;
>   
>   	/* handle inline data case */
> -	if (f2fs_has_inline_data(inode) && whence == SEEK_HOLE) {
> -		data_ofs = isize;
> -		goto found;
> +	if (f2fs_has_inline_data(inode)) {
> +		if (whence == SEEK_HOLE) {
> +			data_ofs = isize;
> +			goto found;
> +		} else if (whence == SEEK_DATA) {
> +			data_ofs = offset;
> +			goto found;
> +		}
>   	}
>   
>   	pgofs = (pgoff_t)(offset >> PAGE_SHIFT);
> 
> 
> .
> 

^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH 5.10 24/40] f2fs: fix to seek incorrect data offset in inline data file
  2020-12-24  1:11   ` Chao Yu
@ 2020-12-24  7:52     ` Greg Kroah-Hartman
  2020-12-24  9:38       ` Chao Yu
  0 siblings, 1 reply; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-24  7:52 UTC (permalink / raw)
  To: Chao Yu; +Cc: linux-kernel, stable, kitestramuort, Jaegeuk Kim

On Thu, Dec 24, 2020 at 09:11:53AM +0800, Chao Yu wrote:
> Hi Greg,
> 
> Thanks a lot for helping to resend and merge the patch. :)

Not a problem, glad to help out.  In the future, all you need to do is
give us the git commit id that needs to be backported if it applies
cleanly, no need to send the whole patch!

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH 5.10 24/40] f2fs: fix to seek incorrect data offset in inline data file
  2020-12-24  7:52     ` Greg Kroah-Hartman
@ 2020-12-24  9:38       ` Chao Yu
  0 siblings, 0 replies; 62+ messages in thread
From: Chao Yu @ 2020-12-24  9:38 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: linux-kernel, stable, kitestramuort, Jaegeuk Kim

On 2020/12/24 15:52, Greg Kroah-Hartman wrote:
> On Thu, Dec 24, 2020 at 09:11:53AM +0800, Chao Yu wrote:
>> Hi Greg,
>>
>> Thanks a lot for helping to resend and merge the patch. :)
> 
> Not a problem, glad to help out.  In the future, all you need to do is
> give us the git commit id that needs to be backported if it applies
> cleanly, no need to send the whole patch!

I will keep this in mind, thanks for your reminder.

Thanks,

> 
> thanks,
> 
> greg k-h
> .
> 

^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH 5.10 00/40] 5.10.3-rc1 review
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (41 preceding siblings ...)
  2020-12-24  0:56 ` Daniel Díaz
@ 2020-12-24  9:43 ` Jeffrin Jose T
  2020-12-26 15:06   ` Greg Kroah-Hartman
  2020-12-24 15:26 ` Guenter Roeck
  43 siblings, 1 reply; 62+ messages in thread
From: Jeffrin Jose T @ 2020-12-24  9:43 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: torvalds, akpm, linux, shuah, patches, lkft-triage, pavel, stable

On Wed, 2020-12-23 at 16:33 +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.10.3 release.
> There are 40 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied,
> please
> let me know.
> 
> Responses should be made by Fri, 25 Dec 2020 15:05:02 +0000.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
>         https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.3-rc1.gz
> or in the git tree and branch at:
>         git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-
> stable-rc.git linux-5.10.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h

hello ,
Compiled and booted 5.10.3-rc1+.

dmesg -l err gives...
--------------x-------------x------------------->
   43.190922] Bluetooth: hci0: don't support firmware rome 0x31010100
--------------x---------------x----------------->

My Bluetooth is Off.


Tested-by: Jeffrin Jose T <jeffrin@rajagiritech.edu.in>
-- 
software engineer
rajagiri school of engineering and technology - autonomous



^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH 5.10 00/40] 5.10.3-rc1 review
  2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
                   ` (42 preceding siblings ...)
  2020-12-24  9:43 ` Jeffrin Jose T
@ 2020-12-24 15:26 ` Guenter Roeck
  2020-12-26 15:06   ` Greg Kroah-Hartman
  43 siblings, 1 reply; 62+ messages in thread
From: Guenter Roeck @ 2020-12-24 15:26 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: torvalds, akpm, shuah, patches, lkft-triage, pavel, stable

On 12/23/20 7:33 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.10.3 release.
> There are 40 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Fri, 25 Dec 2020 15:05:02 +0000.
> Anything received after that time might be too late.
> 

Build results:
	total: 154 pass: 154 fail: 0
Qemu test results:
	total: 427 pass: 427 fail: 0

Tested-by: Guenter Roeck <linux@roeck-us.net>

Guenter

^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH 5.10 00/40] 5.10.3-rc1 review
  2020-12-24 15:26 ` Guenter Roeck
@ 2020-12-26 15:06   ` Greg Kroah-Hartman
  0 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-26 15:06 UTC (permalink / raw)
  To: Guenter Roeck
  Cc: linux-kernel, torvalds, akpm, shuah, patches, lkft-triage, pavel, stable

On Thu, Dec 24, 2020 at 07:26:45AM -0800, Guenter Roeck wrote:
> On 12/23/20 7:33 AM, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.10.3 release.
> > There are 40 patches in this series, all will be posted as a response
> > to this one.  If anyone has any issues with these being applied, please
> > let me know.
> > 
> > Responses should be made by Fri, 25 Dec 2020 15:05:02 +0000.
> > Anything received after that time might be too late.
> > 
> 
> Build results:
> 	total: 154 pass: 154 fail: 0
> Qemu test results:
> 	total: 427 pass: 427 fail: 0
> 
> Tested-by: Guenter Roeck <linux@roeck-us.net>

Thanks for testing!

greg k-h

^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH 5.10 00/40] 5.10.3-rc1 review
  2020-12-24  9:43 ` Jeffrin Jose T
@ 2020-12-26 15:06   ` Greg Kroah-Hartman
  2020-12-27 15:50     ` Jeffrin Jose T
  0 siblings, 1 reply; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-26 15:06 UTC (permalink / raw)
  To: Jeffrin Jose T
  Cc: linux-kernel, torvalds, akpm, linux, shuah, patches, lkft-triage,
	pavel, stable

On Thu, Dec 24, 2020 at 03:13:38PM +0530, Jeffrin Jose T wrote:
> On Wed, 2020-12-23 at 16:33 +0100, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.10.3 release.
> > There are 40 patches in this series, all will be posted as a response
> > to this one.  If anyone has any issues with these being applied,
> > please
> > let me know.
> > 
> > Responses should be made by Fri, 25 Dec 2020 15:05:02 +0000.
> > Anything received after that time might be too late.
> > 
> > The whole patch series can be found in one patch at:
> >         https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.3-rc1.gz
> > or in the git tree and branch at:
> >         git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-
> > stable-rc.git linux-5.10.y
> > and the diffstat can be found below.
> > 
> > thanks,
> > 
> > greg k-h
> 
> hello ,
> Compiled and booted 5.10.3-rc1+.
> 
> dmesg -l err gives...
> --------------x-------------x------------------->
>    43.190922] Bluetooth: hci0: don't support firmware rome 0x31010100
> --------------x---------------x----------------->
> 
> My Bluetooth is Off.

Is this a new warning?  Does it show up on 5.10.2?

> Tested-by: Jeffrin Jose T <jeffrin@rajagiritech.edu.in>

thanks for testing?

greg k-h

^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH 5.10 00/40] 5.10.3-rc1 review
  2020-12-24  0:56 ` Daniel Díaz
@ 2020-12-26 15:07   ` Greg Kroah-Hartman
  0 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-26 15:07 UTC (permalink / raw)
  To: Daniel Díaz
  Cc: linux-kernel, shuah, patches, lkft-triage, stable, pavel, akpm,
	torvalds, linux

On Wed, Dec 23, 2020 at 06:56:56PM -0600, Daniel Díaz wrote:
> Hello!
> 
> On 12/23/20 9:33 AM, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.10.3 release.
> > There are 40 patches in this series, all will be posted as a response
> > to this one.  If anyone has any issues with these being applied, please
> > let me know.
> > 
> > Responses should be made by Fri, 25 Dec 2020 15:05:02 +0000.
> > Anything received after that time might be too late.
> > 
> > The whole patch series can be found in one patch at:
> > 	https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.3-rc1.gz
> > or in the git tree and branch at:
> > 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
> > and the diffstat can be found below.
> > 
> > thanks,
> > 
> > greg k-h
> 
> Results from Linaro’s test farm.
> No regressions on arm64, arm, x86_64, and i386.
> 
> Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>

Thanks for testing!

greg k-h

^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH 5.10 00/40] 5.10.3-rc1 review
  2020-12-23 19:26 ` [PATCH 5.10 00/40] 5.10.3-rc1 review Jon Hunter
@ 2020-12-26 15:07   ` Greg Kroah-Hartman
  0 siblings, 0 replies; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-26 15:07 UTC (permalink / raw)
  To: Jon Hunter
  Cc: torvalds, akpm, linux, shuah, patches, lkft-triage, pavel,
	stable, linux-tegra

On Wed, Dec 23, 2020 at 07:26:38PM +0000, Jon Hunter wrote:
> On Wed, 23 Dec 2020 16:33:01 +0100, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.10.3 release.
> > There are 40 patches in this series, all will be posted as a response
> > to this one.  If anyone has any issues with these being applied, please
> > let me know.
> > 
> > Responses should be made by Fri, 25 Dec 2020 15:05:02 +0000.
> > Anything received after that time might be too late.
> > 
> > The whole patch series can be found in one patch at:
> > 	https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.3-rc1.gz
> > or in the git tree and branch at:
> > 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
> > and the diffstat can be found below.
> > 
> > thanks,
> > 
> > greg k-h
> 
> All tests passing for Tegra ...
> 
> Test results for stable-v5.10:
>     12 builds:	12 pass, 0 fail
>     26 boots:	26 pass, 0 fail
>     64 tests:	64 pass, 0 fail
> 
> Linux version:	5.10.3-rc1-ga5ba578b5228
> Boards tested:	tegra124-jetson-tk1, tegra186-p2771-0000,
>                 tegra194-p2972-0000, tegra20-ventana,
>                 tegra210-p2371-2180, tegra210-p3450-0000,
>                 tegra30-cardhu-a04
> 
> Tested-by: Jon Hunter <jonathanh@nvidia.com>

Thanks for testing and letting me know.

greg k-h

^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH 5.10 00/40] 5.10.3-rc1 review
  2020-12-26 15:06   ` Greg Kroah-Hartman
@ 2020-12-27 15:50     ` Jeffrin Jose T
  2020-12-27 16:05       ` Greg Kroah-Hartman
  0 siblings, 1 reply; 62+ messages in thread
From: Jeffrin Jose T @ 2020-12-27 15:50 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, torvalds, akpm, linux, shuah, patches, lkft-triage,
	pavel, stable

On Sat, 2020-12-26 at 16:06 +0100, Greg Kroah-Hartman wrote:
> On Thu, Dec 24, 2020 at 03:13:38PM +0530, Jeffrin Jose T wrote:
> > On Wed, 2020-12-23 at 16:33 +0100, Greg Kroah-Hartman wrote:
> > > This is the start of the stable review cycle for the 5.10.3
> > > release.
> > > There are 40 patches in this series, all will be posted as a
> > > response
> > > to this one.  If anyone has any issues with these being applied,
> > > please
> > > let me know.
> > > 
> > > Responses should be made by Fri, 25 Dec 2020 15:05:02 +0000.
> > > Anything received after that time might be too late.
> > > 
> > > The whole patch series can be found in one patch at:
> > >         
> > > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.3-rc1.gz
> > > or in the git tree and branch at:
> > >         git://git.kernel.org/pub/scm/linux/kernel/git/stable/linu
> > > x-
> > > stable-rc.git linux-5.10.y
> > > and the diffstat can be found below.
> > > 
> > > thanks,
> > > 
> > > greg k-h
> > 
> > hello ,
> > Compiled and booted 5.10.3-rc1+.
> > 
> > dmesg -l err gives...
> > --------------x-------------x------------------->
> >    43.190922] Bluetooth: hci0: don't support firmware rome
> > 0x31010100
> > --------------x---------------x----------------->
> > 
> > My Bluetooth is Off.
> 
> Is this a new warning?  Does it show up on 5.10.2?
> 
> > Tested-by: Jeffrin Jose T <jeffrin@rajagiritech.edu.in>
> 
> thanks for testing?
> 
> greg k-h

this does not show up in 5.10.2-rc1+

-- 
software engineer
rajagiri school of engineering and technology - autonomous


^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH 5.10 00/40] 5.10.3-rc1 review
  2020-12-27 15:50     ` Jeffrin Jose T
@ 2020-12-27 16:05       ` Greg Kroah-Hartman
  2020-12-27 21:33         ` Jeffrin Jose T
  0 siblings, 1 reply; 62+ messages in thread
From: Greg Kroah-Hartman @ 2020-12-27 16:05 UTC (permalink / raw)
  To: Jeffrin Jose T
  Cc: linux-kernel, torvalds, akpm, linux, shuah, patches, lkft-triage,
	pavel, stable

On Sun, Dec 27, 2020 at 09:20:07PM +0530, Jeffrin Jose T wrote:
> On Sat, 2020-12-26 at 16:06 +0100, Greg Kroah-Hartman wrote:
> > On Thu, Dec 24, 2020 at 03:13:38PM +0530, Jeffrin Jose T wrote:
> > > On Wed, 2020-12-23 at 16:33 +0100, Greg Kroah-Hartman wrote:
> > > > This is the start of the stable review cycle for the 5.10.3
> > > > release.
> > > > There are 40 patches in this series, all will be posted as a
> > > > response
> > > > to this one.  If anyone has any issues with these being applied,
> > > > please
> > > > let me know.
> > > > 
> > > > Responses should be made by Fri, 25 Dec 2020 15:05:02 +0000.
> > > > Anything received after that time might be too late.
> > > > 
> > > > The whole patch series can be found in one patch at:
> > > >         
> > > > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.3-rc1.gz
> > > > or in the git tree and branch at:
> > > >         git://git.kernel.org/pub/scm/linux/kernel/git/stable/linu
> > > > x-
> > > > stable-rc.git linux-5.10.y
> > > > and the diffstat can be found below.
> > > > 
> > > > thanks,
> > > > 
> > > > greg k-h
> > > 
> > > hello ,
> > > Compiled and booted 5.10.3-rc1+.
> > > 
> > > dmesg -l err gives...
> > > --------------x-------------x------------------->
> > >    43.190922] Bluetooth: hci0: don't support firmware rome
> > > 0x31010100
> > > --------------x---------------x----------------->
> > > 
> > > My Bluetooth is Off.
> > 
> > Is this a new warning?  Does it show up on 5.10.2?
> > 
> > > Tested-by: Jeffrin Jose T <jeffrin@rajagiritech.edu.in>
> > 
> > thanks for testing?
> > 
> > greg k-h
> 
> this does not show up in 5.10.2-rc1+

Odd.  Can you run 'git bisect' to find the offending commit?

Does this same error message show up in Linus's git tree?

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH 5.10 00/40] 5.10.3-rc1 review
  2020-12-27 16:05       ` Greg Kroah-Hartman
@ 2020-12-27 21:33         ` Jeffrin Jose T
  2020-12-28  9:50           ` Pavel Machek
  0 siblings, 1 reply; 62+ messages in thread
From: Jeffrin Jose T @ 2020-12-27 21:33 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, torvalds, akpm, linux, shuah, patches, lkft-triage,
	pavel, stable

On Sun, 2020-12-27 at 17:05 +0100, Greg Kroah-Hartman wrote:
> On Sun, Dec 27, 2020 at 09:20:07PM +0530, Jeffrin Jose T wrote:
> > On Sat, 2020-12-26 at 16:06 +0100, Greg Kroah-Hartman wrote:
> > > On Thu, Dec 24, 2020 at 03:13:38PM +0530, Jeffrin Jose T wrote:
> > > > On Wed, 2020-12-23 at 16:33 +0100, Greg Kroah-Hartman wrote:
> > > > > This is the start of the stable review cycle for the 5.10.3
> > > > > release.
> > > > > There are 40 patches in this series, all will be posted as a
> > > > > response
> > > > > to this one.  If anyone has any issues with these being
> > > > > applied,
> > > > > please
> > > > > let me know.
> > > > > 
> > > > > Responses should be made by Fri, 25 Dec 2020 15:05:02 +0000.
> > > > > Anything received after that time might be too late.
> > > > > 
> > > > > The whole patch series can be found in one patch at:
> > > > >         
> > > > > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.3-rc1.gz
> > > > > or in the git tree and branch at:
> > > > >         git://git.kernel.org/pub/scm/linux/kernel/git/stable/
> > > > > linu
> > > > > x-
> > > > > stable-rc.git linux-5.10.y
> > > > > and the diffstat can be found below.
> > > > > 
> > > > > thanks,
> > > > > 
> > > > > greg k-h
> > > > 
> > > > hello ,
> > > > Compiled and booted 5.10.3-rc1+.
> > > > 
> > > > dmesg -l err gives...
> > > > --------------x-------------x------------------->
> > > >    43.190922] Bluetooth: hci0: don't support firmware rome
> > > > 0x31010100
> > > > --------------x---------------x----------------->
> > > > 
> > > > My Bluetooth is Off.
> > > 
> > > Is this a new warning?  Does it show up on 5.10.2?
> > > 
> > > > Tested-by: Jeffrin Jose T <jeffrin@rajagiritech.edu.in>
> > > 
> > > thanks for testing?
> > > 
> > > greg k-h
> > 
> > this does not show up in 5.10.2-rc1+
> 
> Odd.  Can you run 'git bisect' to find the offending commit?
> 
> Does this same error message show up in Linus's git tree?
> 
> thanks,
> 
> greg k-h

i will try to do "git bisect" .  i saw this error in linus's  tree.

-- 
software engineer
rajagiri school of engineering and technology - autonomous


^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH 5.10 00/40] 5.10.3-rc1 review
  2020-12-27 21:33         ` Jeffrin Jose T
@ 2020-12-28  9:50           ` Pavel Machek
  2020-12-28 20:41             ` Guenter Roeck
  0 siblings, 1 reply; 62+ messages in thread
From: Pavel Machek @ 2020-12-28  9:50 UTC (permalink / raw)
  To: Jeffrin Jose T
  Cc: Greg Kroah-Hartman, linux-kernel, torvalds, akpm, linux, shuah,
	patches, lkft-triage, pavel, stable

[-- Attachment #1: Type: text/plain, Size: 1677 bytes --]

Hi!

> > > > > > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.3-rc1.gz
> > > > > > or in the git tree and branch at:
> > > > > >         git://git.kernel.org/pub/scm/linux/kernel/git/stable/
> > > > > > linu
> > > > > > x-
> > > > > > stable-rc.git linux-5.10.y
> > > > > > and the diffstat can be found below.
> > > > > > 
> > > > > > thanks,
> > > > > > 
> > > > > > greg k-h
> > > > > 
> > > > > hello ,
> > > > > Compiled and booted 5.10.3-rc1+.
> > > > > 
> > > > > dmesg -l err gives...
> > > > > --------------x-------------x------------------->
> > > > >    43.190922] Bluetooth: hci0: don't support firmware rome
> > > > > 0x31010100
> > > > > --------------x---------------x----------------->
> > > > > 
> > > > > My Bluetooth is Off.
> > > > 
> > > > Is this a new warning?  Does it show up on 5.10.2?
> > > > 
> > > > > Tested-by: Jeffrin Jose T <jeffrin@rajagiritech.edu.in>
> > > > 
> > > > thanks for testing?
> > > > 
> > > > greg k-h
> > > 
> > > this does not show up in 5.10.2-rc1+
> > 
> > Odd.  Can you run 'git bisect' to find the offending commit?
> > 
> > Does this same error message show up in Linus's git tree?

> i will try to do "git bisect" .  i saw this error in linus's  tree.

The bug is in -stable, too, so it is probably easiest to do bisect on
-stable tree. IIRC there's less then few hundred commits, so it should
be feasible to do bisection by hand if you are not familiar with git
bisect.

Best regards,
								Pavel
-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH 5.10 00/40] 5.10.3-rc1 review
  2020-12-28  9:50           ` Pavel Machek
@ 2020-12-28 20:41             ` Guenter Roeck
  2021-01-03 13:07               ` Jeffrin Jose T
  0 siblings, 1 reply; 62+ messages in thread
From: Guenter Roeck @ 2020-12-28 20:41 UTC (permalink / raw)
  To: Pavel Machek, Jeffrin Jose T
  Cc: Greg Kroah-Hartman, linux-kernel, torvalds, akpm, shuah, patches,
	lkft-triage, stable


[-- Attachment #1.1: Type: text/plain, Size: 1733 bytes --]

On 12/28/20 1:50 AM, Pavel Machek wrote:
> Hi!
> 
>>>>>>> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.3-rc1.gz
>>>>>>> or in the git tree and branch at:
>>>>>>>         git://git.kernel.org/pub/scm/linux/kernel/git/stable/
>>>>>>> linu
>>>>>>> x-
>>>>>>> stable-rc.git linux-5.10.y
>>>>>>> and the diffstat can be found below.
>>>>>>>
>>>>>>> thanks,
>>>>>>>
>>>>>>> greg k-h
>>>>>>
>>>>>> hello ,
>>>>>> Compiled and booted 5.10.3-rc1+.
>>>>>>
>>>>>> dmesg -l err gives...
>>>>>> --------------x-------------x------------------->
>>>>>>    43.190922] Bluetooth: hci0: don't support firmware rome
>>>>>> 0x31010100
>>>>>> --------------x---------------x----------------->
>>>>>>
>>>>>> My Bluetooth is Off.
>>>>>
>>>>> Is this a new warning?  Does it show up on 5.10.2?
>>>>>
>>>>>> Tested-by: Jeffrin Jose T <jeffrin@rajagiritech.edu.in>
>>>>>
>>>>> thanks for testing?
>>>>>
>>>>> greg k-h
>>>>
>>>> this does not show up in 5.10.2-rc1+
>>>
>>> Odd.  Can you run 'git bisect' to find the offending commit?
>>>
>>> Does this same error message show up in Linus's git tree?
> 
>> i will try to do "git bisect" .  i saw this error in linus's  tree.
> 
> The bug is in -stable, too, so it is probably easiest to do bisect on
> -stable tree. IIRC there's less then few hundred commits, so it should
> be feasible to do bisection by hand if you are not familiar with git
> bisect.
> 

My wild guess would be commit b260e4a68853 ("Bluetooth: Fix slab-out-of-bounds
read in hci_le_direct_adv_report_evt()"), but I don't see what might be wrong
with it unless some BT device sends a bad report which used to be accepted
but is now silently ignored.

Guenter


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH 5.10 00/40] 5.10.3-rc1 review
  2020-12-28 20:41             ` Guenter Roeck
@ 2021-01-03 13:07               ` Jeffrin Jose T
  2021-01-04  6:21                 ` Greg Kroah-Hartman
  0 siblings, 1 reply; 62+ messages in thread
From: Jeffrin Jose T @ 2021-01-03 13:07 UTC (permalink / raw)
  To: Greg Kroah-Hartman, Guenter Roeck, Pavel Machek
  Cc: linux-kernel, torvalds, akpm, shuah, patches, lkft-triage, stable

[-- Attachment #1: Type: text/plain, Size: 2377 bytes --]

On Mon, 2020-12-28 at 12:41 -0800, Guenter Roeck wrote:
> On 12/28/20 1:50 AM, Pavel Machek wrote:
> > Hi!
> > 
> > > > > > > > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.3-rc1.gz
> > > > > > > > or in the git tree and branch at:
> > > > > > > >         git://git.kernel.org/pub/scm/linux/kernel/git/s
> > > > > > > > table/
> > > > > > > > linu
> > > > > > > > x-
> > > > > > > > stable-rc.git linux-5.10.y
> > > > > > > > and the diffstat can be found below.
> > > > > > > > 
> > > > > > > > thanks,
> > > > > > > > 
> > > > > > > > greg k-h
> > > > > > > 
> > > > > > > hello ,
> > > > > > > Compiled and booted 5.10.3-rc1+.
> > > > > > > 
> > > > > > > dmesg -l err gives...
> > > > > > > --------------x-------------x------------------->
> > > > > > >    43.190922] Bluetooth: hci0: don't support firmware
> > > > > > > rome
> > > > > > > 0x31010100
> > > > > > > --------------x---------------x----------------->
> > > > > > > 
> > > > > > > My Bluetooth is Off.
> > > > > > 
> > > > > > Is this a new warning?  Does it show up on 5.10.2?
> > > > > > 
> > > > > > > Tested-by: Jeffrin Jose T <jeffrin@rajagiritech.edu.in>
> > > > > > 
> > > > > > thanks for testing?
> > > > > > 
> > > > > > greg k-h
> > > > > 
> > > > > this does not show up in 5.10.2-rc1+
> > > > 
> > > > Odd.  Can you run 'git bisect' to find the offending commit?
> > > > 
> > > > Does this same error message show up in Linus's git tree?
> > 
> > > i will try to do "git bisect" .  i saw this error in linus's 
> > > tree.
> > 
> > The bug is in -stable, too, so it is probably easiest to do bisect
> > on
> > -stable tree. IIRC there's less then few hundred commits, so it
> > should
> > be feasible to do bisection by hand if you are not familiar with
> > git
> > bisect.
> > 
> 
> My wild guess would be commit b260e4a68853 ("Bluetooth: Fix slab-out-
> of-bounds
> read in hci_le_direct_adv_report_evt()"), but I don't see what might
> be wrong
> with it unless some BT device sends a bad report which used to be
> accepted
> but is now silently ignored.
> 
> Guenter
> 
hello,

Did  "git bisect" in  a typically ok fashion and found that 5.9.0 is
working for bluetooth related. But 5.10.0-rc1  related is not working.

some related information in bisect.txt  attached.

-- 
software engineer
rajagiri school of engineering and technology - autonomous


[-- Attachment #2: bisect.txt --]
[-- Type: text/plain, Size: 330 bytes --]

$sudo git bisect bad
Bisecting: 0 revisions left to test after this (roughly 1 step)
[194810f78402128fe07676646cf9027fd3ed431c] dt-bindings: leds: Update devicetree documents for ID_RGB

$sudo git bisect bad
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[3650b228f83adda7e5ee532e2b90429c03f7b9ec] Linux 5.10-rc1

^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH 5.10 00/40] 5.10.3-rc1 review
  2021-01-03 13:07               ` Jeffrin Jose T
@ 2021-01-04  6:21                 ` Greg Kroah-Hartman
  2021-01-06 19:38                   ` Jeffrin Jose T
  0 siblings, 1 reply; 62+ messages in thread
From: Greg Kroah-Hartman @ 2021-01-04  6:21 UTC (permalink / raw)
  To: Jeffrin Jose T
  Cc: Guenter Roeck, Pavel Machek, linux-kernel, torvalds, akpm, shuah,
	patches, lkft-triage, stable

On Sun, Jan 03, 2021 at 06:37:51PM +0530, Jeffrin Jose T wrote:
> On Mon, 2020-12-28 at 12:41 -0800, Guenter Roeck wrote:
> > On 12/28/20 1:50 AM, Pavel Machek wrote:
> > > Hi!
> > > 
> > > > > > > > > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.3-rc1.gz
> > > > > > > > > or in the git tree and branch at:
> > > > > > > > >         git://git.kernel.org/pub/scm/linux/kernel/git/s
> > > > > > > > > table/
> > > > > > > > > linu
> > > > > > > > > x-
> > > > > > > > > stable-rc.git linux-5.10.y
> > > > > > > > > and the diffstat can be found below.
> > > > > > > > > 
> > > > > > > > > thanks,
> > > > > > > > > 
> > > > > > > > > greg k-h
> > > > > > > > 
> > > > > > > > hello ,
> > > > > > > > Compiled and booted 5.10.3-rc1+.
> > > > > > > > 
> > > > > > > > dmesg -l err gives...
> > > > > > > > --------------x-------------x------------------->
> > > > > > > >    43.190922] Bluetooth: hci0: don't support firmware
> > > > > > > > rome
> > > > > > > > 0x31010100
> > > > > > > > --------------x---------------x----------------->
> > > > > > > > 
> > > > > > > > My Bluetooth is Off.
> > > > > > > 
> > > > > > > Is this a new warning?  Does it show up on 5.10.2?
> > > > > > > 
> > > > > > > > Tested-by: Jeffrin Jose T <jeffrin@rajagiritech.edu.in>
> > > > > > > 
> > > > > > > thanks for testing?
> > > > > > > 
> > > > > > > greg k-h
> > > > > > 
> > > > > > this does not show up in 5.10.2-rc1+
> > > > > 
> > > > > Odd.  Can you run 'git bisect' to find the offending commit?
> > > > > 
> > > > > Does this same error message show up in Linus's git tree?
> > > 
> > > > i will try to do "git bisect" .  i saw this error in linus's 
> > > > tree.
> > > 
> > > The bug is in -stable, too, so it is probably easiest to do bisect
> > > on
> > > -stable tree. IIRC there's less then few hundred commits, so it
> > > should
> > > be feasible to do bisection by hand if you are not familiar with
> > > git
> > > bisect.
> > > 
> > 
> > My wild guess would be commit b260e4a68853 ("Bluetooth: Fix slab-out-
> > of-bounds
> > read in hci_le_direct_adv_report_evt()"), but I don't see what might
> > be wrong
> > with it unless some BT device sends a bad report which used to be
> > accepted
> > but is now silently ignored.
> > 
> > Guenter
> > 
> hello,
> 
> Did  "git bisect" in  a typically ok fashion and found that 5.9.0 is
> working for bluetooth related. But 5.10.0-rc1  related is not working.
> 
> some related information in bisect.txt  attached.
> 
> -- 
> software engineer
> rajagiri school of engineering and technology - autonomous
> 

> $sudo git bisect bad
> Bisecting: 0 revisions left to test after this (roughly 1 step)
> [194810f78402128fe07676646cf9027fd3ed431c] dt-bindings: leds: Update devicetree documents for ID_RGB
> 
> $sudo git bisect bad
> Bisecting: 0 revisions left to test after this (roughly 0 steps)
> [3650b228f83adda7e5ee532e2b90429c03f7b9ec] Linux 5.10-rc1

That's really odd, as that commit only has a Makefile change.

Also, why run this as root?

greg k-h

^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH 5.10 00/40] 5.10.3-rc1 review
  2021-01-04  6:21                 ` Greg Kroah-Hartman
@ 2021-01-06 19:38                   ` Jeffrin Jose T
  2021-01-06 19:49                     ` Greg Kroah-Hartman
  0 siblings, 1 reply; 62+ messages in thread
From: Jeffrin Jose T @ 2021-01-06 19:38 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: Guenter Roeck, Pavel Machek, linux-kernel, torvalds, akpm, shuah,
	patches, lkft-triage, stable

On Mon, 2021-01-04 at 07:21 +0100, Greg Kroah-Hartman wrote:
> On Sun, Jan 03, 2021 at 06:37:51PM +0530, Jeffrin Jose T wrote:
> > On Mon, 2020-12-28 at 12:41 -0800, Guenter Roeck wrote:
> > > On 12/28/20 1:50 AM, Pavel Machek wrote:
> > > > Hi!
> > > > 
> > > > > > > > > > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.3-rc1.gz
> > > > > > > > > > or in the git tree and branch at:
> > > > > > > > > >         git://git.kernel.org/pub/scm/linux/kernel/g
> > > > > > > > > > it/s
> > > > > > > > > > table/
> > > > > > > > > > linu
> > > > > > > > > > x-
> > > > > > > > > > stable-rc.git linux-5.10.y
> > > > > > > > > > and the diffstat can be found below.
> > > > > > > > > > 
> > > > > > > > > > thanks,
> > > > > > > > > > 
> > > > > > > > > > greg k-h
> > > > > > > > > 
> > > > > > > > > hello ,
> > > > > > > > > Compiled and booted 5.10.3-rc1+.
> > > > > > > > > 
> > > > > > > > > dmesg -l err gives...
> > > > > > > > > --------------x-------------x------------------->
> > > > > > > > >    43.190922] Bluetooth: hci0: don't support firmware
> > > > > > > > > rome
> > > > > > > > > 0x31010100
> > > > > > > > > --------------x---------------x----------------->
> > > > > > > > > 
> > > > > > > > > My Bluetooth is Off.
> > > > > > > > 
> > > > > > > > Is this a new warning?  Does it show up on 5.10.2?
> > > > > > > > 
> > > > > > > > > Tested-by: Jeffrin Jose T <
> > > > > > > > > jeffrin@rajagiritech.edu.in>
> > > > > > > > 
> > > > > > > > thanks for testing?
> > > > > > > > 
> > > > > > > > greg k-h
> > > > > > > 
> > > > > > > this does not show up in 5.10.2-rc1+
> > > > > > 
> > > > > > Odd.  Can you run 'git bisect' to find the offending
> > > > > > commit?
> > > > > > 
> > > > > > Does this same error message show up in Linus's git tree?
> > > > 
> > > > > i will try to do "git bisect" .  i saw this error in linus's 
> > > > > tree.
> > > > 
> > > > The bug is in -stable, too, so it is probably easiest to do
> > > > bisect
> > > > on
> > > > -stable tree. IIRC there's less then few hundred commits, so it
> > > > should
> > > > be feasible to do bisection by hand if you are not familiar
> > > > with
> > > > git
> > > > bisect.
> > > > 
> > > 
> > > My wild guess would be commit b260e4a68853 ("Bluetooth: Fix slab-
> > > out-
> > > of-bounds
> > > read in hci_le_direct_adv_report_evt()"), but I don't see what
> > > might
> > > be wrong
> > > with it unless some BT device sends a bad report which used to be
> > > accepted
> > > but is now silently ignored.
> > > 
> > > Guenter
> > > 
> > hello,
> > 
> > Did  "git bisect" in  a typically ok fashion and found that 5.9.0
> > is
> > working for bluetooth related. But 5.10.0-rc1  related is not
> > working.
> > 
> > some related information in bisect.txt  attached.
> > 
> > -- 
> > software engineer
> > rajagiri school of engineering and technology - autonomous
> > 
> 
> > $sudo git bisect bad
> > Bisecting: 0 revisions left to test after this (roughly 1 step)
> > [194810f78402128fe07676646cf9027fd3ed431c] dt-bindings: leds:
> > Update devicetree documents for ID_RGB
> > 
> > $sudo git bisect bad
> > Bisecting: 0 revisions left to test after this (roughly 0 steps)
> > [3650b228f83adda7e5ee532e2b90429c03f7b9ec] Linux 5.10-rc1
> 
> That's really odd, as that commit only has a Makefile change.

i will try to work on it again

> Also, why run this as root?
> 
there may be some problem in my sudo configurtion or the way in run
sudo.\
when i run "make modules_install" and "make install" using sudo typical
files 
ownership changes to root.

-- 
software engineer
rajagiri school of engineering and technology - autonomous


^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH 5.10 00/40] 5.10.3-rc1 review
  2021-01-06 19:38                   ` Jeffrin Jose T
@ 2021-01-06 19:49                     ` Greg Kroah-Hartman
  2021-01-06 23:56                       ` Jeffrin Jose T
  0 siblings, 1 reply; 62+ messages in thread
From: Greg Kroah-Hartman @ 2021-01-06 19:49 UTC (permalink / raw)
  To: Jeffrin Jose T
  Cc: Guenter Roeck, Pavel Machek, linux-kernel, torvalds, akpm, shuah,
	patches, lkft-triage, stable

On Thu, Jan 07, 2021 at 01:08:01AM +0530, Jeffrin Jose T wrote:
> On Mon, 2021-01-04 at 07:21 +0100, Greg Kroah-Hartman wrote:
> > On Sun, Jan 03, 2021 at 06:37:51PM +0530, Jeffrin Jose T wrote:
> > > On Mon, 2020-12-28 at 12:41 -0800, Guenter Roeck wrote:
> > > > On 12/28/20 1:50 AM, Pavel Machek wrote:
> > > > > Hi!
> > > > > 
> > > > > > > > > > > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.3-rc1.gz
> > > > > > > > > > > or in the git tree and branch at:
> > > > > > > > > > >         git://git.kernel.org/pub/scm/linux/kernel/g
> > > > > > > > > > > it/s
> > > > > > > > > > > table/
> > > > > > > > > > > linu
> > > > > > > > > > > x-
> > > > > > > > > > > stable-rc.git linux-5.10.y
> > > > > > > > > > > and the diffstat can be found below.
> > > > > > > > > > > 
> > > > > > > > > > > thanks,
> > > > > > > > > > > 
> > > > > > > > > > > greg k-h
> > > > > > > > > > 
> > > > > > > > > > hello ,
> > > > > > > > > > Compiled and booted 5.10.3-rc1+.
> > > > > > > > > > 
> > > > > > > > > > dmesg -l err gives...
> > > > > > > > > > --------------x-------------x------------------->
> > > > > > > > > >    43.190922] Bluetooth: hci0: don't support firmware
> > > > > > > > > > rome
> > > > > > > > > > 0x31010100
> > > > > > > > > > --------------x---------------x----------------->
> > > > > > > > > > 
> > > > > > > > > > My Bluetooth is Off.
> > > > > > > > > 
> > > > > > > > > Is this a new warning?  Does it show up on 5.10.2?
> > > > > > > > > 
> > > > > > > > > > Tested-by: Jeffrin Jose T <
> > > > > > > > > > jeffrin@rajagiritech.edu.in>
> > > > > > > > > 
> > > > > > > > > thanks for testing?
> > > > > > > > > 
> > > > > > > > > greg k-h
> > > > > > > > 
> > > > > > > > this does not show up in 5.10.2-rc1+
> > > > > > > 
> > > > > > > Odd.  Can you run 'git bisect' to find the offending
> > > > > > > commit?
> > > > > > > 
> > > > > > > Does this same error message show up in Linus's git tree?
> > > > > 
> > > > > > i will try to do "git bisect" .  i saw this error in linus's 
> > > > > > tree.
> > > > > 
> > > > > The bug is in -stable, too, so it is probably easiest to do
> > > > > bisect
> > > > > on
> > > > > -stable tree. IIRC there's less then few hundred commits, so it
> > > > > should
> > > > > be feasible to do bisection by hand if you are not familiar
> > > > > with
> > > > > git
> > > > > bisect.
> > > > > 
> > > > 
> > > > My wild guess would be commit b260e4a68853 ("Bluetooth: Fix slab-
> > > > out-
> > > > of-bounds
> > > > read in hci_le_direct_adv_report_evt()"), but I don't see what
> > > > might
> > > > be wrong
> > > > with it unless some BT device sends a bad report which used to be
> > > > accepted
> > > > but is now silently ignored.
> > > > 
> > > > Guenter
> > > > 
> > > hello,
> > > 
> > > Did  "git bisect" in  a typically ok fashion and found that 5.9.0
> > > is
> > > working for bluetooth related. But 5.10.0-rc1  related is not
> > > working.
> > > 
> > > some related information in bisect.txt  attached.
> > > 
> > > -- 
> > > software engineer
> > > rajagiri school of engineering and technology - autonomous
> > > 
> > 
> > > $sudo git bisect bad
> > > Bisecting: 0 revisions left to test after this (roughly 1 step)
> > > [194810f78402128fe07676646cf9027fd3ed431c] dt-bindings: leds:
> > > Update devicetree documents for ID_RGB
> > > 
> > > $sudo git bisect bad
> > > Bisecting: 0 revisions left to test after this (roughly 0 steps)
> > > [3650b228f83adda7e5ee532e2b90429c03f7b9ec] Linux 5.10-rc1
> > 
> > That's really odd, as that commit only has a Makefile change.
> 
> i will try to work on it again
> 
> > Also, why run this as root?
> > 
> there may be some problem in my sudo configurtion or the way in run
> sudo.\
> when i run "make modules_install" and "make install" using sudo typical
> files 
> ownership changes to root.

That's fine when installing the kernel, but not when building or running
git, please don't do that.

^ permalink raw reply	[flat|nested] 62+ messages in thread

* Re: [PATCH 5.10 00/40] 5.10.3-rc1 review
  2021-01-06 19:49                     ` Greg Kroah-Hartman
@ 2021-01-06 23:56                       ` Jeffrin Jose T
  0 siblings, 0 replies; 62+ messages in thread
From: Jeffrin Jose T @ 2021-01-06 23:56 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: Guenter Roeck, Pavel Machek, linux-kernel, torvalds, akpm, shuah,
	patches, lkft-triage, stable

On Wed, 2021-01-06 at 20:49 +0100, Greg Kroah-Hartman wrote:
> On Thu, Jan 07, 2021 at 01:08:01AM +0530, Jeffrin Jose T wrote:
> > On Mon, 2021-01-04 at 07:21 +0100, Greg Kroah-Hartman wrote:
> > > On Sun, Jan 03, 2021 at 06:37:51PM +0530, Jeffrin Jose T wrote:
> > > > On Mon, 2020-12-28 at 12:41 -0800, Guenter Roeck wrote:
> > > > > On 12/28/20 1:50 AM, Pavel Machek wrote:
> > > > > > Hi!
> > > > > > 
> > > > > > > > > > > > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.3-rc1.gz
> > > > > > > > > > > > or in the git tree and branch at:
> > > > > > > > > > > >         git://git.kernel.org/pub/scm/linux/kern
> > > > > > > > > > > > el/g
> > > > > > > > > > > > it/s
> > > > > > > > > > > > table/
> > > > > > > > > > > > linu
> > > > > > > > > > > > x-
> > > > > > > > > > > > stable-rc.git linux-5.10.y
> > > > > > > > > > > > and the diffstat can be found below.
> > > > > > > > > > > > 
> > > > > > > > > > > > thanks,
> > > > > > > > > > > > 
> > > > > > > > > > > > greg k-h
> > > > > > > > > > > 
> > > > > > > > > > > hello ,
> > > > > > > > > > > Compiled and booted 5.10.3-rc1+.
> > > > > > > > > > > 
> > > > > > > > > > > dmesg -l err gives...
> > > > > > > > > > > --------------x-------------x------------------->
> > > > > > > > > > >    43.190922] Bluetooth: hci0: don't support
> > > > > > > > > > > firmware
> > > > > > > > > > > rome
> > > > > > > > > > > 0x31010100
> > > > > > > > > > > --------------x---------------x----------------->
> > > > > > > > > > > 
> > > > > > > > > > > My Bluetooth is Off.
> > > > > > > > > > 
> > > > > > > > > > Is this a new warning?  Does it show up on 5.10.2?
> > > > > > > > > > 
> > > > > > > > > > > Tested-by: Jeffrin Jose T <
> > > > > > > > > > > jeffrin@rajagiritech.edu.in>
> > > > > > > > > > 
> > > > > > > > > > thanks for testing?
> > > > > > > > > > 
> > > > > > > > > > greg k-h
> > > > > > > > > 
> > > > > > > > > this does not show up in 5.10.2-rc1+
> > > > > > > > 
> > > > > > > > Odd.  Can you run 'git bisect' to find the offending
> > > > > > > > commit?
> > > > > > > > 
> > > > > > > > Does this same error message show up in Linus's git
> > > > > > > > tree?
> > > > > > 
> > > > > > > i will try to do "git bisect" .  i saw this error in
> > > > > > > linus's 
> > > > > > > tree.
> > > > > > 
> > > > > > The bug is in -stable, too, so it is probably easiest to do
> > > > > > bisect
> > > > > > on
> > > > > > -stable tree. IIRC there's less then few hundred commits,
> > > > > > so it
> > > > > > should
> > > > > > be feasible to do bisection by hand if you are not familiar
> > > > > > with
> > > > > > git
> > > > > > bisect.
> > > > > > 
> > > > > 
> > > > > My wild guess would be commit b260e4a68853 ("Bluetooth: Fix
> > > > > slab-
> > > > > out-
> > > > > of-bounds
> > > > > read in hci_le_direct_adv_report_evt()"), but I don't see
> > > > > what
> > > > > might
> > > > > be wrong
> > > > > with it unless some BT device sends a bad report which used
> > > > > to be
> > > > > accepted
> > > > > but is now silently ignored.
> > > > > 
> > > > > Guenter
> > > > > 
> > > > hello,
> > > > 
> > > > Did  "git bisect" in  a typically ok fashion and found that
> > > > 5.9.0
> > > > is
> > > > working for bluetooth related. But 5.10.0-rc1  related is not
> > > > working.
> > > > 
> > > > some related information in bisect.txt  attached.
> > > > 
> > > > -- 
> > > > software engineer
> > > > rajagiri school of engineering and technology - autonomous
> > > > 
> > > 
> > > > $sudo git bisect bad
> > > > Bisecting: 0 revisions left to test after this (roughly 1 step)
> > > > [194810f78402128fe07676646cf9027fd3ed431c] dt-bindings: leds:
> > > > Update devicetree documents for ID_RGB
> > > > 
> > > > $sudo git bisect bad
> > > > Bisecting: 0 revisions left to test after this (roughly 0
> > > > steps)
> > > > [3650b228f83adda7e5ee532e2b90429c03f7b9ec] Linux 5.10-rc1
> > > 
> > > That's really odd, as that commit only has a Makefile change.
> > 
> > i will try to work on it again
> > 
> > > Also, why run this as root?
> > > 
> > there may be some problem in my sudo configurtion or the way in run
> > sudo.\
> > when i run "make modules_install" and "make install" using sudo
> > typical
> > files 
> > ownership changes to root.
> 
> That's fine when installing the kernel, but not when building or
> running
> git, please don't do that.

ok related .


^ permalink raw reply	[flat|nested] 62+ messages in thread

end of thread, other threads:[~2021-01-06 23:57 UTC | newest]

Thread overview: 62+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-23 15:33 [PATCH 5.10 00/40] 5.10.3-rc1 review Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 01/40] net: ipconfig: Avoid spurious blank lines in boot log Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 02/40] x86/split-lock: Avoid returning with interrupts enabled Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 03/40] exfat: Avoid allocating upcase table using kcalloc() Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 04/40] soc/tegra: fuse: Fix index bug in get_process_id Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 05/40] usb: mtu3: fix memory corruption in mtu3_debugfs_regset() Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 06/40] USB: serial: option: add interface-number sanity check to flag handling Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 07/40] USB: gadget: f_acm: add support for SuperSpeed Plus Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 08/40] USB: gadget: f_midi: setup SuperSpeed Plus descriptors Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 09/40] usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 10/40] USB: gadget: f_rndis: fix bitrate for SuperSpeed and above Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 11/40] usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 12/40] ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 13/40] ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on Exynos5410 Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 14/40] ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid XU Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 15/40] coresight: tmc-etf: Fix NULL ptr dereference in tmc_enable_etf_sink_perf() Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 16/40] coresight: tmc-etr: Check if page is valid before dma_map_page() Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 17/40] coresight: tmc-etr: Fix barrier packet insertion for perf buffer Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 18/40] coresight: etb10: Fix possible NULL ptr dereference in etb_enable_perf() Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 19/40] coresight: etm4x: Skip setting LPOVERRIDE bit for qcom, skip-power-up Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 20/40] coresight: etm4x: Fix accesses to TRCVMIDCTLR1 Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 21/40] coresight: etm4x: Fix accesses to TRCCIDCTLR1 Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 22/40] coresight: etm4x: Fix accesses to TRCPROCSELR Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 23/40] coresight: etm4x: Handle TRCVIPCSSCTLR accesses Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 24/40] f2fs: fix to seek incorrect data offset in inline data file Greg Kroah-Hartman
2020-12-24  1:11   ` Chao Yu
2020-12-24  7:52     ` Greg Kroah-Hartman
2020-12-24  9:38       ` Chao Yu
2020-12-23 15:33 ` [PATCH 5.10 25/40] f2fs: init dirty_secmap incorrectly Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 26/40] scsi: megaraid_sas: Check user-provided offsets Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 27/40] HID: i2c-hid: add Vero K147 to descriptor override Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 28/40] serial_core: Check for port state when tty is in error state Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 29/40] fscrypt: remove kernel-internal constants from UAPI header Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 30/40] fscrypt: add fscrypt_is_nokey_name() Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 31/40] ubifs: prevent creating duplicate encrypted filenames Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 32/40] ext4: " Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 33/40] f2fs: " Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 34/40] Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 35/40] quota: Sanity-check quota file headers on load Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 36/40] fs: quota: fix array-index-out-of-bounds bug by passing correct argument to vfs_cleanup_quota_inode() Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 37/40] media: msi2500: assign SPI bus number dynamically Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 38/40] crypto: af_alg - avoid undefined behavior accessing salg_name Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 39/40] nl80211: validate key indexes for cfg80211_registered_device Greg Kroah-Hartman
2020-12-23 15:33 ` [PATCH 5.10 40/40] md: fix a warning caused by a race between concurrent md_ioctl()s Greg Kroah-Hartman
2020-12-23 19:26 ` [PATCH 5.10 00/40] 5.10.3-rc1 review Jon Hunter
2020-12-26 15:07   ` Greg Kroah-Hartman
2020-12-24  0:56 ` Daniel Díaz
2020-12-26 15:07   ` Greg Kroah-Hartman
2020-12-24  9:43 ` Jeffrin Jose T
2020-12-26 15:06   ` Greg Kroah-Hartman
2020-12-27 15:50     ` Jeffrin Jose T
2020-12-27 16:05       ` Greg Kroah-Hartman
2020-12-27 21:33         ` Jeffrin Jose T
2020-12-28  9:50           ` Pavel Machek
2020-12-28 20:41             ` Guenter Roeck
2021-01-03 13:07               ` Jeffrin Jose T
2021-01-04  6:21                 ` Greg Kroah-Hartman
2021-01-06 19:38                   ` Jeffrin Jose T
2021-01-06 19:49                     ` Greg Kroah-Hartman
2021-01-06 23:56                       ` Jeffrin Jose T
2020-12-24 15:26 ` Guenter Roeck
2020-12-26 15:06   ` Greg Kroah-Hartman

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.